diff --git a/docusaurus.config.ts b/docusaurus.config.ts index fdca98646..eef9dab4b 100644 --- a/docusaurus.config.ts +++ b/docusaurus.config.ts @@ -1054,8 +1054,8 @@ const config = { specPath: "openapi-specs/compute", outputDir: "products/compute/api", sidebarOptions: { groupPathsBy: "tag", categoryLinkSource: "tag" }, - version: "33.02", - label: "v33.02", + version: "33.03", + label: "v33.03", showExtensions: true, hideSendButton: true, baseUrl: "/compute/api/", @@ -1109,6 +1109,13 @@ const config = { sidebarOptions: { groupPathsBy: "tag", categoryLinkSource: "tag" }, baseUrl: "/compute/api/33-01/", }, + compute_3302: { + specPath: "openapi-specs/compute/33-02", + outputDir: "products/compute/api/33-02", + showExtensions: true, + sidebarOptions: { groupPathsBy: "tag", categoryLinkSource: "tag" }, + baseUrl: "/compute/api/33-02/", + }, }, }, ], diff --git a/openapi-specs/compute/33-02/desc/SCAP/get.md b/openapi-specs/compute/33-02/desc/SCAP/get.md new file mode 100644 index 000000000..a25abe94e --- /dev/null +++ b/openapi-specs/compute/33-02/desc/SCAP/get.md @@ -0,0 +1,11 @@ +This endpoint will return any SCAP datastreams uploaded to the console. This endpoint will return a 404 error if you have not configured your console to consume SCAP datastreams. + +The following is an example curl command that uses basic auth to retrieve any uploaded datastreams configured for SCAP scanning: + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X GET \ + https://:8083/api/v1/scap +``` diff --git a/openapi-specs/compute/33-02/desc/SCAP/id_delete.md b/openapi-specs/compute/33-02/desc/SCAP/id_delete.md new file mode 100644 index 000000000..39f1b0132 --- /dev/null +++ b/openapi-specs/compute/33-02/desc/SCAP/id_delete.md @@ -0,0 +1,11 @@ +This endpoint will delete any SCAP datastreams uploaded to the console. You can find `xml_name` from the `GET /api/v1/scap` endpoint. + +The following is an example curl command that uses basic auth to delete an uploaded datastreams configured for SCAP scanning: + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X DELETE \ + https://:8083/api/v1/scap/{xml_name} +``` diff --git a/openapi-specs/compute/33-02/desc/SCAP/post.md b/openapi-specs/compute/33-02/desc/SCAP/post.md new file mode 100644 index 000000000..d459a0e97 --- /dev/null +++ b/openapi-specs/compute/33-02/desc/SCAP/post.md @@ -0,0 +1,12 @@ +This endpoint will allow you to add a SCAP datastream to the console. + +The following is an example curl command that uses basic auth to add an uploaded datastreams configured for SCAP scanning: + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X POST \ + -d '{"XMLName":{"Space":"","Local":""}}' \ + https://:8083/api/v1/scap +``` diff --git a/openapi-specs/compute/33-02/desc/SCAP/scap.md b/openapi-specs/compute/33-02/desc/SCAP/scap.md new file mode 100644 index 000000000..7fb3222a8 --- /dev/null +++ b/openapi-specs/compute/33-02/desc/SCAP/scap.md @@ -0,0 +1,2 @@ +Import custom security checklists and evaluate them against your container images. +Custom checklists complement the predefined compliance checks provided in the default Prisma Cloud Compute installation. diff --git a/openapi-specs/compute/33-02/desc/_ping/_ping.md b/openapi-specs/compute/33-02/desc/_ping/_ping.md new file mode 100644 index 000000000..3df18386f --- /dev/null +++ b/openapi-specs/compute/33-02/desc/_ping/_ping.md @@ -0,0 +1 @@ +Checks if the Console is alive, responsive, and reachable from your network host. \ No newline at end of file diff --git a/openapi-specs/compute/33-02/desc/_ping/get.md b/openapi-specs/compute/33-02/desc/_ping/get.md new file mode 100644 index 000000000..8e143ef67 --- /dev/null +++ b/openapi-specs/compute/33-02/desc/_ping/get.md @@ -0,0 +1,14 @@ +Checks if Console is reachable from your network host. + +### cURL Request + +Refer to the following cURL example command that pings Console and prints the HTTP response code: + +```bash +$ curl -k \ + -s \ + -o /dev/null \ + -w "%{http_code}\n" \ + -X GET \ + https:///api/v/_ping +``` \ No newline at end of file diff --git a/openapi-specs/compute/33-02/desc/agentless/agentless.md b/openapi-specs/compute/33-02/desc/agentless/agentless.md new file mode 100644 index 000000000..e827c642d --- /dev/null +++ b/openapi-specs/compute/33-02/desc/agentless/agentless.md @@ -0,0 +1,6 @@ +The agentless security scan monitors hosts and containers for vulnerabilities and compliance risks by scanning the root volumes of snapshots without the need to install an agent. +Supported cloud service provider platforms for agentless scanning: +* Hosts - Amazon AWS, Google Cloud Platform, Microsoft Azure, and Oracle Cloud Infrastructure. +* Containers- AWS, Azure, and GCP + +When you add a cloud account in the Prisma Cloud Compute (Manage > Cloud accounts), enable the agentless scan option and configure the scan scope. \ No newline at end of file diff --git a/openapi-specs/compute/33-02/desc/agentless/get_agentless_progress.md b/openapi-specs/compute/33-02/desc/agentless/get_agentless_progress.md new file mode 100644 index 000000000..b98ed9da5 --- /dev/null +++ b/openapi-specs/compute/33-02/desc/agentless/get_agentless_progress.md @@ -0,0 +1,31 @@ +Shows the progress of an ongoing scan on hosts or containers for vulnerabilities and compliance. + +### cURL Request + +Refer to the following example cURL command: + +``` +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X GET \ + “https:///api/v/agentless/progress” +``` + +### cURL Response + +Refer to the following example cURL response: + +``` +{ + "hostname": "", + "id": "", + "scanTime": "2022-11-09T11:10:51.649Z", + "type": "agentlessHost", + "discovery": true, + "total": 5, + "scanned": 2, + "title": "Agentless discovering" + } +] +``` \ No newline at end of file diff --git a/openapi-specs/compute/33-02/desc/agentless/post_agentless_scan.md b/openapi-specs/compute/33-02/desc/agentless/post_agentless_scan.md new file mode 100644 index 000000000..f1295cdc4 --- /dev/null +++ b/openapi-specs/compute/33-02/desc/agentless/post_agentless_scan.md @@ -0,0 +1,17 @@ +Scans the hosts or containers for vulnerabilities and compliance. + +**Before you begin** +Make sure that you download (use the agentless/templates API) and apply the permission templates in the supported cloud accounts: AWS, Azure, GCP, and OCI. + + +### cURL Request + +Refer to the following example cURL command: + +``` +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X POST \ + “https:///api/v/agentless/scan” +``` \ No newline at end of file diff --git a/openapi-specs/compute/33-02/desc/agentless/post_agentless_stop.md b/openapi-specs/compute/33-02/desc/agentless/post_agentless_stop.md new file mode 100644 index 000000000..ab83960cc --- /dev/null +++ b/openapi-specs/compute/33-02/desc/agentless/post_agentless_stop.md @@ -0,0 +1,13 @@ +Stops an ongoing scan on hosts or containers for vulnerabilities and compliance. + +### cURL Request + +Refer to the following example cURL command: + +``` +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X POST \ + “https:///api/v/agentless/stop” +``` \ No newline at end of file diff --git a/openapi-specs/compute/33-02/desc/agentless/post_agentless_templates.md b/openapi-specs/compute/33-02/desc/agentless/post_agentless_templates.md new file mode 100644 index 000000000..96be32555 --- /dev/null +++ b/openapi-specs/compute/33-02/desc/agentless/post_agentless_templates.md @@ -0,0 +1,41 @@ +Downloads a tarball file that contains the agentless resource permission templates for the cloud accounts. Apply these permission templates to complete the onboarding process for agentless scanning. + +* AWS: The tarball contains templates in JSON format ending with the following names: + * _aws_hub_target_user_permissions.json + * _aws_hub_user_permissions.json + * _aws_target_user_permissions.json + +For more information on how to apply the permission templates, refer to the "Configure agentless scanning" section in the Prisma Cloud Compute administration guide. + +* Azure: Use the following script, that comes bundled in the tarball file, to apply permission template to an Azure cloud account: + * apply_azure_permissions.sh: Run the script with a location (that specifies location of the resource) parameter. For more information on location parameters, see [resource location in ARM template](https://learn.microsoft.com/en-us/azure/azure-resource-manager/templates/resource-location?tabs=azure-cli). + +* OCI: Use the following script, that comes bundled in the tarball file, to apply permission template to an OCI cloud account: + * pcc-apply-permissions.sh: Run the script with a compartment name parameter. + +* GCP: The tarball contains Jinja templates in YAML format ending with the following names: + * _hub_target_access_permissions.yaml.jinja + * _hub_target_user_permissions.yaml.jinja + * _hub_user_permissions.yaml.jinja + * _target_user_permissions.yaml.jinja + +For more information on how to apply the permission templates, refer to the "Configure agentless scanning" section in the Prisma Cloud Compute administration guide. + +**Note**: The body parameter `credentialID` is required to download templates in tar.gz format. + +### Before you begin +Add the supported cloud accounts (AWS, Azure, GCP, and OCI) in Prisma Cloud Compute. + +### cURL Request + +Refer to the following example cURL command: + +``` +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X POST \ + -O \ + -d {"credentialID":"aws_docs"} \ + “https:///api/v/agentless/templates” +``` diff --git a/openapi-specs/compute/33-02/desc/alert-profiles/alert-profiles.md b/openapi-specs/compute/33-02/desc/alert-profiles/alert-profiles.md new file mode 100644 index 000000000..a8a915094 --- /dev/null +++ b/openapi-specs/compute/33-02/desc/alert-profiles/alert-profiles.md @@ -0,0 +1,8 @@ +Manage alert profiles, which let you surface critical policy breaches by sending alerts to channels, such as email, Slack, and JIRA. + +Alert profiles define which events should be sent to which channel. +Each profile declares: + +* One or more recipients. +* One or more triggers, that raise alerts by sending messages on the configured channel. + diff --git a/openapi-specs/compute/33-02/desc/alert-profiles/get.md b/openapi-specs/compute/33-02/desc/alert-profiles/get.md new file mode 100644 index 000000000..82647e248 --- /dev/null +++ b/openapi-specs/compute/33-02/desc/alert-profiles/get.md @@ -0,0 +1,11 @@ +Retrieve a list of all alert profiles created in the system. + +The following example curl command uses basic auth to retrieve all alert profiles: + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X GET \ + https://:8083/api/v1/alert-profiles +``` diff --git a/openapi-specs/compute/33-02/desc/alert-profiles/id_delete.md b/openapi-specs/compute/33-02/desc/alert-profiles/id_delete.md new file mode 100644 index 000000000..1a67fe20e --- /dev/null +++ b/openapi-specs/compute/33-02/desc/alert-profiles/id_delete.md @@ -0,0 +1,14 @@ +Deletes an alert profile entry by name. +In the request payload, specify the alert profile name. +This method has no response data. + +The following example curl command deletes an existing alert profile named `PROFILE-NAME`. + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X DELETE \ + https://:8083/api/v1/alert-profiles/ +``` + diff --git a/openapi-specs/compute/33-02/desc/alert-profiles/names_get.md b/openapi-specs/compute/33-02/desc/alert-profiles/names_get.md new file mode 100644 index 000000000..cac14437b --- /dev/null +++ b/openapi-specs/compute/33-02/desc/alert-profiles/names_get.md @@ -0,0 +1,20 @@ +Retrieve a list of only the names of all alert profiles created in the system. + +The following example curl command uses basic auth to retrieve all alert profiles' names: + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X GET \ + https://:8083/api/v1/alert-profiles/names +``` + +Example Response: + +``` +[ + "jira", + "aqsa vulns" +] +``` diff --git a/openapi-specs/compute/33-02/desc/alert-profiles/post.md b/openapi-specs/compute/33-02/desc/alert-profiles/post.md new file mode 100644 index 000000000..9fa643429 --- /dev/null +++ b/openapi-specs/compute/33-02/desc/alert-profiles/post.md @@ -0,0 +1,32 @@ +Update an existing alert profile created in the system. + +The following example curl command uses basic auth to add a Jira Alert profile: + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X POST \ + https://:8083/api/v1/alert-profiles \ + -d ' { + "name": "jira", + "_id": "jira", + "jira": { + "enabled": true, + "projectKey": "TWIS", + "issueType": "Task", + "priority": "High", + "labels": [], + "assignee": "" + } + "policy": { + "cve": { + "enabled": true, + "allRules": true, + "rules": [], + "clients": [ + "jira" + ] + } + } ' +``` diff --git a/openapi-specs/compute/33-02/desc/alert-profiles/test_post.md b/openapi-specs/compute/33-02/desc/alert-profiles/test_post.md new file mode 100644 index 000000000..1fc745efa --- /dev/null +++ b/openapi-specs/compute/33-02/desc/alert-profiles/test_post.md @@ -0,0 +1,14 @@ +Sends a test alert to verify successful configuration of the alert profile settings. + +The following example curl command uses basic auth to send test alert for an email alert profile: + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X POST \ + -d + https://:8083/api/v1/alert-profiles/test +``` + +In this case, the `REQUEST-PAYLOAD` would be the full JSON formatted alert profile from the base `GET` command diff --git a/openapi-specs/compute/33-02/desc/api_restrictions.md b/openapi-specs/compute/33-02/desc/api_restrictions.md new file mode 100644 index 000000000..1b7b00515 --- /dev/null +++ b/openapi-specs/compute/33-02/desc/api_restrictions.md @@ -0,0 +1,8 @@ +Paginated API requests are capped to a max of 50 returned objects because very large responses could DoS Console. + +If the response contains more than 50 objects, cycle through the collection with the `offset` query parameter to retrieve more objects. +For example: + +``` +https:///api/v1/images?limit=50&offset=X +``` diff --git a/openapi-specs/compute/33-02/desc/application-control/application-control.md b/openapi-specs/compute/33-02/desc/application-control/application-control.md new file mode 100644 index 000000000..11b8e0d9d --- /dev/null +++ b/openapi-specs/compute/33-02/desc/application-control/application-control.md @@ -0,0 +1 @@ +Prisma Cloud Compute creates and stores host application rules for your environment. \ No newline at end of file diff --git a/openapi-specs/compute/33-02/desc/application-control/get.md b/openapi-specs/compute/33-02/desc/application-control/get.md new file mode 100644 index 000000000..5bd600beb --- /dev/null +++ b/openapi-specs/compute/33-02/desc/application-control/get.md @@ -0,0 +1,11 @@ +Retrieves the host application control rules. + +The following example curl command uses basic auth to retrieve the control rules: + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X GET \ + “https:///api/v/application-control/host” +``` \ No newline at end of file diff --git a/openapi-specs/compute/33-02/desc/application-control/id_delete.md b/openapi-specs/compute/33-02/desc/application-control/id_delete.md new file mode 100644 index 000000000..9b636266d --- /dev/null +++ b/openapi-specs/compute/33-02/desc/application-control/id_delete.md @@ -0,0 +1 @@ +Removes the given rule from the list of host application control rules. \ No newline at end of file diff --git a/openapi-specs/compute/33-02/desc/application-control/put.md b/openapi-specs/compute/33-02/desc/application-control/put.md new file mode 100644 index 000000000..adf1a8a4c --- /dev/null +++ b/openapi-specs/compute/33-02/desc/application-control/put.md @@ -0,0 +1 @@ + Update and inserts the host application control rule to the database and returns the upserted rule. \ No newline at end of file diff --git a/openapi-specs/compute/33-02/desc/audits/access_delete.md b/openapi-specs/compute/33-02/desc/audits/access_delete.md new file mode 100644 index 000000000..37f33ca64 --- /dev/null +++ b/openapi-specs/compute/33-02/desc/audits/access_delete.md @@ -0,0 +1,10 @@ +Deletes **all** access audits. This deletion cannot be undone. + + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X DELETE \ + https://console:8083/api/v1/audits/access +``` diff --git a/openapi-specs/compute/33-02/desc/audits/access_download_get.md b/openapi-specs/compute/33-02/desc/audits/access_download_get.md new file mode 100644 index 000000000..1700deb8d --- /dev/null +++ b/openapi-specs/compute/33-02/desc/audits/access_download_get.md @@ -0,0 +1,12 @@ +Returns the docker access audit events data in CSV format that are logged and aggregated for any container resource protected by a Defender in Prisma Cloud Compute. + +**Note**: You can download the access events from Console under **Monitor > Events > Docker audits > Download CSV**. + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: text/csv' \ + -X GET \ + -O \ + "https:///api/v/audits/access/download?type=docker" +``` diff --git a/openapi-specs/compute/33-02/desc/audits/access_filters_get.md b/openapi-specs/compute/33-02/desc/audits/access_filters_get.md new file mode 100644 index 000000000..00ac061c1 --- /dev/null +++ b/openapi-specs/compute/33-02/desc/audits/access_filters_get.md @@ -0,0 +1,37 @@ +Retrieves all access audits by specific host filters. +There are three types of host filters based on host history, sudo events on host and SSHD events on hosts. + +The following example uses basic auth to list history of commands that are run on hosts protected by Prisma Cloud Compute. + + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X GET \ + https://console:8083/api/v1/history/host +``` + +The following command gives list of sudo events on hosts. + + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X GET \ + https://console:8083/api/v1/audits/access/filters?type=sudo + +``` + +The following command gives list of SSHD events on hosts. + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X GET \ + https://console:8083/api/v1/audits/access/filters?type=sshd + +``` + diff --git a/openapi-specs/compute/33-02/desc/audits/access_get.md b/openapi-specs/compute/33-02/desc/audits/access_get.md new file mode 100644 index 000000000..2401391c7 --- /dev/null +++ b/openapi-specs/compute/33-02/desc/audits/access_get.md @@ -0,0 +1,43 @@ +Retrieves all docker access audit events that are logged and aggregated for any container resource protected by a Defender in Prisma Cloud Compute. + +You can configure Prisma Cloud Compute to log and aggregate events such as sudo and SSH access on hosts protected by Defender. These events create an audit trail that tracks system components accessed by individual users. + +**Note**: Access events can also be viewed in Console under **Monitor > Events > Docker audits**. + +### cURL Request +Refer to the following example cURL command that gives a list of all access audit events: + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X GET \ + "https:///api/v/audits/access" +``` + +### cURL response +``` +[ + { + "containerName": "/compliance_block_container_photon_fua", + "imageName": "alpine:latest", + "user": "", + "time": "2022-11-08T18:24:09.249Z", + "hostname": "jen-photon-v3-0811t165215-cont-def-pre-lngcon230", + "fqdn": "", + "sourceIP": "", + "allow": false, + "ruleName": "compliance_block_container_rule_svn", + "api": "create", + "msg": "[Twistlock] Container operation blocked by policy: compliance_block_container_rule_svn, has 1 compliance issues ", + "collections": [ + "All", + "compliance_block_container_yue" + ], + "accountID": "twistlock-test-123456", + "cluster": "", + "namespace": "" + } +... +] +``` diff --git a/openapi-specs/compute/33-02/desc/audits/admission_download_get.md b/openapi-specs/compute/33-02/desc/audits/admission_download_get.md new file mode 100644 index 000000000..9571c483f --- /dev/null +++ b/openapi-specs/compute/33-02/desc/audits/admission_download_get.md @@ -0,0 +1,14 @@ +Returns the access admission events data in CSV format that were alerted or blocked by Defender functioning as Open Policy Agent admission controller. + +### cURL Request +Refer to the following example cURL command that downloads the admission audit events: + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: text/csv' \ + -X GET \ + -o \ + "https:///api/v/audits/admission/download" + +``` \ No newline at end of file diff --git a/openapi-specs/compute/33-02/desc/audits/admission_get.md b/openapi-specs/compute/33-02/desc/audits/admission_get.md new file mode 100644 index 000000000..84414496c --- /dev/null +++ b/openapi-specs/compute/33-02/desc/audits/admission_get.md @@ -0,0 +1,44 @@ +Returns all activities that were alerted or blocked by Defender functioning as Open Policy Agent admission controller. + +### cURL Request +Refer to the following example cURL command that gives a list of all admission audit events: + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X GET \ + "https:///api/v/audits/admission" + +``` +### cURL response + +``` +{ + "time": "2022-11-24T13:46:37.057Z", + "ruleName": "Twistlock Labs - CIS - Pod created in host process ID namespace", + "message": "Pod created in host process ID namespace", + "operation": "CREATE", + "kind": "Pod", + "resource": "pods", + "username": "kubernetes-admin", + "userUid": "aws-iam-authenticator:496947949261:AIDAXHNDH53GRQMZMIOQT", + "userGroups": "system:masters, system:authenticated", + "namespace": "default", + "effect": "alert", + "rawRequest": "{\"uid\":\"78d11e35-14ab-4b19-b3d3-a97b4252b56f\",\"kind\":{\"group\":\"\",\"version\":\"v1\",\"kind\":\"Pod\"},\"resource\":{\"group\":\"\",\"version\":\"v1\",\"resource\":\"pods\"},\"requestKind\":{\"group\":\"\",\"version\":\"v1\",\"kind\":\"Pod\"},\"requestResource\":{\"group\":\"\",\"version\":\"v1\",\"resource\":\"pods\"},\"name\":\"nginx2\",\"namespace\":\"default\",\"operation\":\"CREATE\",\"userInfo\":{\"username\":\"kubernetes-admin\",\"uid\":... + ... + ... + ... +}”, + "accountID": "496947949261", + "collections": [ + "All" + ], + "cluster": "johndoe-eks-123", + "attackTechniques": [ + "privilegedContainer" + ] +} + +``` \ No newline at end of file diff --git a/openapi-specs/compute/33-02/desc/audits/audits.md b/openapi-specs/compute/33-02/desc/audits/audits.md new file mode 100644 index 000000000..6747921a1 --- /dev/null +++ b/openapi-specs/compute/33-02/desc/audits/audits.md @@ -0,0 +1,3 @@ +Retrieve audits from the Prisma Cloud Compute database. +Prisma Cloud Compute creates and stores audit events for the components that are associated with a policy (rule) and shows deviation from that policy. +Endpoints support a wide range of filtering options. \ No newline at end of file diff --git a/openapi-specs/compute/33-02/desc/audits/firewall_network_container_download_get.md b/openapi-specs/compute/33-02/desc/audits/firewall_network_container_download_get.md new file mode 100644 index 000000000..29029ac6d --- /dev/null +++ b/openapi-specs/compute/33-02/desc/audits/firewall_network_container_download_get.md @@ -0,0 +1,21 @@ +Returns the Cloud Native Network Segmentation (CNNS) container audit events data in CSV format. + +For more information, see the [Cloud Native Network Segmentation (CNNS)](https://docs.paloaltonetworks.com/prisma/prisma-cloud/prisma-cloud-admin-compute/firewalls/cnns_saas) + +For containers, rules are defined between: +* Image to image. +* Image to Image to an external network not protected by Prisma Cloud. +* Image to DNS domain. + +### cURL Request + +Refer to the following example cURL command: + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: text/csv' \ + -X GET \ + -o \ + "https:///api/v/audits/firewall/network/container/download" +``` diff --git a/openapi-specs/compute/33-02/desc/audits/firewall_network_container_get.md b/openapi-specs/compute/33-02/desc/audits/firewall_network_container_get.md new file mode 100644 index 000000000..454558a44 --- /dev/null +++ b/openapi-specs/compute/33-02/desc/audits/firewall_network_container_get.md @@ -0,0 +1,64 @@ +Retrieves all Cloud Native Network Segmentation (CNNS) container audit events. + +For more information, see the [Cloud Native Network Segmentation (CNNS)](https://docs.paloaltonetworks.com/prisma/prisma-cloud/prisma-cloud-admin-compute/firewalls/cnns_saas) + +For containers, rules are defined between: +* Image to image. +* Image to an external network not protected by Prisma Cloud. +* Image to DNS domain. + +### cURL Request + +Refer to the following example cURL command: + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X GET \ + "https:///api/v/audits/firewall/network/container" +``` + +### cURL Response + +``` +{ + "_id": "localhost", + "time": "2022-11-14T11:02:43.151Z", + "total": 1, + "resource": { + "images": [ + "" + ] + }, + "collections": [ + "All", + "user123" + ], + "audits": { + "unexpectedConnection": { + "count": 1, + "audits": [ + { + "ruleID": 4, + "time": "2022-11-14T11:02:43.151Z", + "type": "unexpectedConnection", + "srcProfileID": "sha256:8d5df41c547bd107c14368ad302efc46760940ae188df451cabc23e10f7f161b_user_tkgi-users", + "dstProfileID": "20", + "srcProfileHash": 228, + "srcContainerName": "users-ubuntu", + "dstContainerName": "", + "dstSubnet": "localhost", + "srcImageName": "docker.io/library/ubuntu:18.04", + "dstImageName": "", + "dstPort": 8000, + "block": false, + "count": 1, + "msg": "Unexpected connection to ip 127.0.0.1" + } + ] + } + } + } + +``` diff --git a/openapi-specs/compute/33-02/desc/audits/firewall_network_host_download_get.md b/openapi-specs/compute/33-02/desc/audits/firewall_network_host_download_get.md new file mode 100644 index 000000000..768dd00d7 --- /dev/null +++ b/openapi-specs/compute/33-02/desc/audits/firewall_network_host_download_get.md @@ -0,0 +1,19 @@ +Returns the Cloud Native Network Segmentation (CNNS) host audit events data in CSV format. + +For hosts, rules are defined between: +* Host to host. +* Host to an external network not protected by Prisma Cloud. + +### cURL Request + +Refer to the following example cURL command: + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: text/csv' \ + -X GET \ + -o \ + "https:///api/v/audits/firewall/network/host/download" +``` + diff --git a/openapi-specs/compute/33-02/desc/audits/firewall_network_host_get.md b/openapi-specs/compute/33-02/desc/audits/firewall_network_host_get.md new file mode 100644 index 000000000..e5dc4c399 --- /dev/null +++ b/openapi-specs/compute/33-02/desc/audits/firewall_network_host_get.md @@ -0,0 +1,96 @@ +Retrieves all Cloud Native Network Segmentation (CNNS) host audits. + +For hosts, rules are defined between: +* Host to host. +* Host to an external network not protected by Prisma Cloud + +### cURL Request + +Refer to the following example cURL command: + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X GET \ + "https:///api/v/audits/firewall/network/host" +``` + +### cURL Response + +``` +{ + "_id": "john-photon-v3-0811t165011-host-def-pre-lngcon230", + "time": "2022-11-08T20:22:52.207Z", + "total": 4, + "resource": { + "hosts": [ + "john-cen8-cons-dock-0811t160649-cons-ssugandh-lngcon230.c.twistlock-test-247119.internal", + "john-photon-v3-0811t165011-host-def-pre-lngcon230" + ], + "accountIDs": [ + "twistlock-test-247119" + ] + }, + "collections": [ + "All", + "registry_scan_container_cen8-container_22_11_384_piu", + "photon-v3-host_crn", + "compliance_photon_etz", + "cnnf_cen8_client_itu", + "cnnf_photon_server_fsr" + ], + "audits": { + "unexpectedConnection": { + "count": 4, + "audits": [ + { + "ruleID": 15, + "time": "2022-11-08T20:22:52.207Z", + "type": "unexpectedConnection", + "srcHostname": "john-cen8-cons-dock-0811t160649-cons-ssugandh-lngcon230.c.twistlock-test-247119.internal", + "dstHostname": "john-photon-v3-0811t165011-host-def-pre-lngcon230", + "dstPort": 80, + "block": false, + "count": 1, + "accountID": "twistlock-test-247119" + }, + { + "ruleID": 15, + "time": "2022-11-08T20:22:48.175Z", + "type": "unexpectedConnection", + "srcHostname": "john-cen8-cons-dock-0811t160649-cons-ssugandh-lngcon230.c.twistlock-test-247119.internal", + "dstHostname": "john-photon-v3-0811t165011-host-def-pre-lngcon230", + "dstPort": 80, + "block": false, + "count": 1, + "accountID": "twistlock-test-247119" + }, + { + "ruleID": 15, + "time": "2022-11-08T20:22:46.127Z", + "type": "unexpectedConnection", + "srcHostname": "john-cen8-cons-dock-0811t160649-cons-ssugandh-lngcon230.c.twistlock-test-247119.internal", + "dstHostname": "john-photon-v3-0811t165011-host-def-pre-lngcon230", + "dstPort": 80, + "block": false, + "count": 1, + "accountID": "twistlock-test-247119" + }, + { + "ruleID": 15, + "time": "2022-11-08T20:22:45.122Z", + "type": "unexpectedConnection", + "srcHostname": "john-cen8-cons-dock-0811t160649-cons-ssugandh-lngcon230.c.twistlock-test-247119.internal", + "dstHostname": "john-photon-v3-0811t165011-host-def-pre-lngcon230", + "dstPort": 80, + "block": false, + "count": 1, + "accountID": "twistlock-test-247119" + } + ] + } + } + } + +``` \ No newline at end of file diff --git a/openapi-specs/compute/33-02/desc/audits/incidents_archive_patch.md b/openapi-specs/compute/33-02/desc/audits/incidents_archive_patch.md new file mode 100644 index 000000000..a1127a001 --- /dev/null +++ b/openapi-specs/compute/33-02/desc/audits/incidents_archive_patch.md @@ -0,0 +1,18 @@ +Acknowledges an incident and moves it to an archived state. +Requires a path parameter: id, an Incident ID + +You can get an incident ID from the list of incidents using the endpoint GET /api/vVERSION/audits/incidents. + +### cURL Request +Refer to the following example cURL command: + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X PATCH \ + -d {"acknowledged":true} \ + "https:///api/v/audits/incidents/acknowledge/637627beb2a8e98a1c36a9db" + +``` +To undo this action (unarchive an incident), set the body parameter "acknowledged": false \ No newline at end of file diff --git a/openapi-specs/compute/33-02/desc/audits/incidents_download_get.md b/openapi-specs/compute/33-02/desc/audits/incidents_download_get.md new file mode 100644 index 000000000..2266c3471 --- /dev/null +++ b/openapi-specs/compute/33-02/desc/audits/incidents_download_get.md @@ -0,0 +1,20 @@ +Downloads a list of incidents which are not acknowledged (i.e., not in archived state) in CSV format. +Prisma Cloud Compute analyzes individual audits and correlates them together to surface unfolding attacks. +These chains of related audits are called incidents. + +This endpoint maps to the **CSV** hyperlink in **Monitor > Runtime > Incident explorer** in the Console UI. + +### cURL Request + +The following cURL command downloads all incidents and saves the result in a CSV file called `incidents.csv`: + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: text/csv' \ + -X GET \ + -o incidents.csv \ + https:///api/v/audits/incidents/download +``` + +A successful response displays the status of the download. diff --git a/openapi-specs/compute/33-02/desc/audits/incidents_filters_get.md b/openapi-specs/compute/33-02/desc/audits/incidents_filters_get.md new file mode 100644 index 000000000..7d1c6f303 --- /dev/null +++ b/openapi-specs/compute/33-02/desc/audits/incidents_filters_get.md @@ -0,0 +1,15 @@ +This endpoint lists the incident categories found in your environment. + +The following example lists incident filters. + +```bash +$ curl -k \ + -u \ + https://console:8083/api/v1/audits/incidents/filters +``` + +Response: + +``` +{"hostname":["aqsa-lab.internal"],"category":["hijackedProcess","dataExfiltration"]} +``` diff --git a/openapi-specs/compute/33-02/desc/audits/incidents_get.md b/openapi-specs/compute/33-02/desc/audits/incidents_get.md new file mode 100644 index 000000000..7724a08c1 --- /dev/null +++ b/openapi-specs/compute/33-02/desc/audits/incidents_get.md @@ -0,0 +1,19 @@ +Retrieves a list of incidents that are not acknowledged (i.e., not in archived state). +Prisma Cloud Compute analyzes individual audits and correlates them together to surface unfolding attacks. +These chains of related audits are called incidents. + +This endpoint maps to the table in **Monitor > Runtime > Incident explorer** in the Console UI. + +### cURL Request + +Refer to the following example cURL command that retrieves a list of unacknowledged incidents (not in the archived state): + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X GET \ + "https:///api/v/audits/incidents?acknowledged=false" +``` + +A successful response returns the incidents. diff --git a/openapi-specs/compute/33-02/desc/audits/kubernetes_download_get.md b/openapi-specs/compute/33-02/desc/audits/kubernetes_download_get.md new file mode 100644 index 000000000..6008bd92a --- /dev/null +++ b/openapi-specs/compute/33-02/desc/audits/kubernetes_download_get.md @@ -0,0 +1,17 @@ +Returns the audit events data that occur in an integrated Kubernetes cluster that you configured for Prisma Cloud Compute under **Defend > Access > Kubernetes** in CSV format. + +**Note:** This endpoint relates to the **Monitor > Events > Kubernetes** audits in Prisma Cloud Compute. + +### cURL Request + +Refer to the following example cURL command: + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: text/csv' \ + -X GET \ + -o \ + "https:///api/v/audits/kubernetes/download" +``` + diff --git a/openapi-specs/compute/33-02/desc/audits/kubernetes_get.md b/openapi-specs/compute/33-02/desc/audits/kubernetes_get.md new file mode 100644 index 000000000..e1ecb8a88 --- /dev/null +++ b/openapi-specs/compute/33-02/desc/audits/kubernetes_get.md @@ -0,0 +1,55 @@ +Retrieves events that occur in an integrated Kubernetes cluster that you configured for Prisma Cloud Compute under **Defend > Access > Kubernetes**. + +**Note:** This endpoint relates to the **Monitor > Events > Kubernetes** audits in Prisma Cloud Compute. + +### cURL Request + +Refer to the following example cURL command: + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X GET \ + "https:///api/v/audits/kubernetes" +``` + +### cURL Response + +``` +{ + "time": "2022-11-23T16:20:20.383Z", + "verb": "io.k8s.core.v1.pods.exec.create", + "user": { + "username": "johndoe@paloaltonetworks.com" + }, + "authorizationInfo": { + "authorization.k8s.io/decision": "allow", + "authorization.k8s.io/reason": "access granted by IAM permissions.", + "failed-open.validating.webhook.admission.k8s.io/round_0_index_0": "validating-webhook.twistlock.com" + }, + "message": "Exec or attach to a pod detected on GKE", + "sourceIPs": [ + "private" + ], + "resources": "core/v1/namespaces/default/pods/test-pd/exec", + ... + ... + ..., + "attackTechniques": [ + "execIntoContainer" + ], + "cluster": "johndoe-gke-9916911d51921853", + "accountID": "twistlock-test-247119", + "provider": "gcp", + "collections": [ + "All", + "user1", + "tv test", + "tv test2" + ] + } + + +``` + diff --git a/openapi-specs/compute/33-02/desc/audits/mgmt_download_get.md b/openapi-specs/compute/33-02/desc/audits/mgmt_download_get.md new file mode 100644 index 000000000..ae3ef45b6 --- /dev/null +++ b/openapi-specs/compute/33-02/desc/audits/mgmt_download_get.md @@ -0,0 +1,19 @@ +Returns the management audit events data in CSV format. + +Management audits are: +* Changes to any settings (including previous and new values) +* Changes to any rules (create, modify, or delete) +* Logon activities (success and failure) + +### cURL Request + +Refer to the following example cURL command: + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: text/csv' \ + -X GET \ + -o \ + "https:///api/v/audits/mgmt/download" +``` diff --git a/openapi-specs/compute/33-02/desc/audits/mgmt_filters_get.md b/openapi-specs/compute/33-02/desc/audits/mgmt_filters_get.md new file mode 100644 index 000000000..854977b99 --- /dev/null +++ b/openapi-specs/compute/33-02/desc/audits/mgmt_filters_get.md @@ -0,0 +1,36 @@ +Retrieves a list of management audit types from your environment. +Use these filters to query management audit events. + +### cURL Request + +Refer to the following example cURL command: + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X GET \ + "https:///api/v/audits/mgmt/filters" +``` +### cURL Response + +``` +{ + "type": [ + "group", + "login", + "role", + "rule", + "settings", + "user" + ], + "username": [ + "admin2", + "ReadOnly", + "admin", + "ci", + "development-user" + ] +} + +``` \ No newline at end of file diff --git a/openapi-specs/compute/33-02/desc/audits/mgmt_get.md b/openapi-specs/compute/33-02/desc/audits/mgmt_get.md new file mode 100644 index 000000000..5b586cb5e --- /dev/null +++ b/openapi-specs/compute/33-02/desc/audits/mgmt_get.md @@ -0,0 +1,35 @@ +Retrieves a list of all management audit events. + +Management audit events are: +* Changes to any settings (including previous and new values) +* Changes to any rules (create, modify, or delete) +* Logon activities (success and failure) + +### cURL Request + +Refer to the following example cURL command: + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X GET \ + "https:///api/v/audits/mgmt" +``` + +### cURL Response + +``` +{ + "username": "user", + "sourceIP": "10.47.99.218", + "time": "2022-11-22T03:11:15.39Z", + "type": "login", + "diff": "", + "status": "successful login attempt", + "failure": false, + "api": "/api/v1/authenticate" + } + + +``` diff --git a/openapi-specs/compute/33-02/desc/audits/runtime_app_embedded_download_get.md b/openapi-specs/compute/33-02/desc/audits/runtime_app_embedded_download_get.md new file mode 100644 index 000000000..f3d844ead --- /dev/null +++ b/openapi-specs/compute/33-02/desc/audits/runtime_app_embedded_download_get.md @@ -0,0 +1,14 @@ +Returns the app-embedded runtime audit events data in CSV format. + +### cURL Request + +Refer to the following example cURL command: + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: text/csv' \ + -X GET \ + -o \ + "https:///api/v/audits/runtime/app-embedded/download" +``` diff --git a/openapi-specs/compute/33-02/desc/audits/runtime_app_embedded_get.md b/openapi-specs/compute/33-02/desc/audits/runtime_app_embedded_get.md new file mode 100644 index 000000000..c1d72acfa --- /dev/null +++ b/openapi-specs/compute/33-02/desc/audits/runtime_app_embedded_get.md @@ -0,0 +1,48 @@ +Retrieves all app-embedded runtime audit events. + +### cURL Request + +Refer to the following example cURL command: + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X GET \ + "https:///api/v/audits/runtime/app-embedded" +``` + +### cURL Response + +``` +{ + "_id": "636be11d2408ed63b48ebd44", + "time": "2022-11-09T17:19:25.12Z", + "hostname": "automation_azure_presetup-prevent-tvzwx:aa9f944f-0456-004d-7c69-fd444591fefd", + "fqdn": "", + "user": "root", + "type": "network", + "imageName": "automation_azure_presetup-prevent-tvzwx", + "imageId": "b446aac9-6ee0-f254-ff75-cb21755cebdb", + "effect": "prevent", + "ruleName": "automation_azure_presetup-prevent-tvzwx_wul", + "msg": "DNS resolution of domain name SandboxHost-638036111205626034 triggered by /usr/local/bin/python3.9 explicitly denied by a runtime rule", + "profileId": "automation_azure_presetup-prevent-tvzwx:aa9f944f-0456-004d-7c69-fd444591fefd_", + "pid": 28, + "processPath": "/usr/local/bin/python3.9", + "collections": [ + "All", + "automation_azure_presetup-prevent-tvzwx_dde" + ], + "attackType": "explicitlyDeniedDNS", + "count": 1, + "severity": "high", + "appID": "automation_azure_presetup-prevent-tvzwx:aa9f944f-0456-004d-7c69-fd444591fefd", + "version": "22.11.384", + "accountID": "Non-onboarded cloud accounts" +} +... +... +... + +``` diff --git a/openapi-specs/compute/33-02/desc/audits/runtime_container_delete.md b/openapi-specs/compute/33-02/desc/audits/runtime_container_delete.md new file mode 100644 index 000000000..ddc8e82d6 --- /dev/null +++ b/openapi-specs/compute/33-02/desc/audits/runtime_container_delete.md @@ -0,0 +1,11 @@ +Deletes all container runtime audits. + +The following example curl command uses basic auth to delete all the audits: + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X DELETE \ + https://:8083/api/v1/audits/runtime/container +``` diff --git a/openapi-specs/compute/33-02/desc/audits/runtime_container_download_get.md b/openapi-specs/compute/33-02/desc/audits/runtime_container_download_get.md new file mode 100644 index 000000000..20e673b5e --- /dev/null +++ b/openapi-specs/compute/33-02/desc/audits/runtime_container_download_get.md @@ -0,0 +1,15 @@ +Returns the container audit events data in CSV format when a runtime sensor such as process, network, file system, or system call detects an activity that deviates from the predictive model. + +**Note**: In Console, you can view the same under **Monitor > Events > Container Audits**. + +### cURL Request +Refer to the following example cURL command: + +```bash +$ curl -k \ + -u \ + -X GET \ + -o \ + "https:///api/v/audits/runtime/container/download" + +``` \ No newline at end of file diff --git a/openapi-specs/compute/33-02/desc/audits/runtime_container_get.md b/openapi-specs/compute/33-02/desc/audits/runtime_container_get.md new file mode 100644 index 000000000..11beffb24 --- /dev/null +++ b/openapi-specs/compute/33-02/desc/audits/runtime_container_get.md @@ -0,0 +1,60 @@ +Retrieves all container audit events when a runtime sensor such as process, network, file system, or system call detects an activity that deviates from the predictive model. + +**Note**: In Console, you can view the same under **Monitor > Events > Container Audits**. + +### cURL Request + +Refer to the following example cURL command: + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X GET \ + "https:///api/v/audits/runtime/container" +``` +### cURL Response + +``` +{ + "os": "Ubuntu 20.04.4 LTS", + "_id": "636a952a5a293a6ea06cbb87", + "time": "2022-11-08T17:43:06.68Z", + "hostname": "jen-sle15-dock-0811t165158-cont-def-pre-lngcon230.c.twistlock-test-247119.internal", + "fqdn": "", + "user": "root", + "type": "processes", + "containerId": "6d5b5401b0e406ad064e7020b663236d0df177fa7f4a060c2f21262c27a4a6b2", + "containerName": "/runtime-wf-base-alert", + "imageName": "usertwistlock/ubuntu:wf-base", + "imageId": "sha256:76913b92c0cbacbec7440a62d751c0a38aba1dde6aefe9e832d2a3aa0a3c3f9f", + "effect": "alert", + "ruleName": "sle15-container_alert_usertwistlock/ubuntu:wf-base_mqu", + "msg": "/usr/bin/dash launched but is not found in the runtime model. Full command: /bin/sh -c sleep 3; curl http://169.254.169.254:80", + "profileId": "sha256:76913b92c0cbacbec7440a62d751c0a38aba1dde6aefe9e832d2a3aa0a3c3f9f__", + "interactive": true, + "pid": 1955, + "processPath": "/usr/bin/dash", + "collections": [ + "All", + "Prisma Cloud resources", + "registry_scan_container_sle15-container_22_11_384_ghf", + "sle15-container_alert_cnd" + ], + "attackType": "unexpectedProcess", + "count": 1, + "container": true, + "severity": "high", + "region": "us-central1-a", + "accountID": "twistlock-test-247119", + "attackTechniques": [ + "nativeBinaryExecution" + ], + "command": "/bin/sh -c sleep 3; curl http://169.254.169.253:80", + "provider": "gcp" + } +... +... +... + +``` \ No newline at end of file diff --git a/openapi-specs/compute/33-02/desc/audits/runtime_container_timeslice_get.md b/openapi-specs/compute/33-02/desc/audits/runtime_container_timeslice_get.md new file mode 100644 index 000000000..f65d477af --- /dev/null +++ b/openapi-specs/compute/33-02/desc/audits/runtime_container_timeslice_get.md @@ -0,0 +1,35 @@ +Retrieves the container audit events when a runtime sensor such as process, network, file system, or system call detects an activity that deviates from the predictive model for a specific time frame. + +**Note**: In Console, you can view the same under **Monitor > Events > Container Audits**. + +Use the following mandatory query parameters to fetch results: +* **from**: Specifies the start time in UTC standard of the time period for which the audit events are returned. +* **to**: Specifies the end time in UTC standard of the time period for which the audit events are returned. +* **buckets**: Specifies the number of buckets (buckets of audits based on aggregation logic) to return. Query within the range of 1-100. + +### cURL Request + +Refer to the following example cURL command: + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X GET \ + "https:///api/v/audits/runtime/container/timeslice?from=2022-11-15T15:23:57Z&to=2022-11-16T15:23:57Z&buckets=5" +``` +### cURL Response + +``` +{ + "start": "2022-11-16T10:35:57Z", + "end": "2022-11-16T15:23:57Z", + "count": 87 +} + +``` + +**Response Parameters**: +* **start**: Specifies the start time of the bucket in date-time UTC format. +* **end**: Specifies the end time of the bucket in date-time UTC format. +* **count**: Specifies the number of audit occurrences. \ No newline at end of file diff --git a/openapi-specs/compute/33-02/desc/audits/runtime_file-integrity_download_get.md b/openapi-specs/compute/33-02/desc/audits/runtime_file-integrity_download_get.md new file mode 100644 index 000000000..99ec70c52 --- /dev/null +++ b/openapi-specs/compute/33-02/desc/audits/runtime_file-integrity_download_get.md @@ -0,0 +1,14 @@ +Returns the audit events data in CSV format for file-integrity checks that are configured under host runtime rules. + +### cURL Request + +Refer to the following example cURL command: + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X GET \ + -o \ + "https:///api/v/audits/runtime/file-integrity/download" +``` \ No newline at end of file diff --git a/openapi-specs/compute/33-02/desc/audits/runtime_file-integrity_get.md b/openapi-specs/compute/33-02/desc/audits/runtime_file-integrity_get.md new file mode 100644 index 000000000..53fec9f9f --- /dev/null +++ b/openapi-specs/compute/33-02/desc/audits/runtime_file-integrity_get.md @@ -0,0 +1,41 @@ +Retrieves all audit events for file-integrity checks that are configured under host runtime rules. + +### cURL Request + +Refer to the following example cURL command: + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X GET \ + "https:///api/v/audits/runtime/file-integrity" +``` +### cURL Response + +``` +{ + "_id": "63762bc3b2a8e98a1c36a9e6", + "eventType": "read", + "path": "/etc/user/user", + "fileType": 2, + "processName": "cat", + "user": "ubuntu", + "time": "2022-11-17T12:40:35.046Z", + "description": "Process cat read from path (user: ubuntu)", + "hostname": "ip-172-31-9-109.ec2.internal", + "fqdn": "", + "ruleName": "user-host-arm", + "accountID": "496947949261", + "collections": [ + "All", + "waas_oob_collection", + "user123" + ], + "cluster": "" +} +... +... +... + +``` diff --git a/openapi-specs/compute/33-02/desc/audits/runtime_host_delete.md b/openapi-specs/compute/33-02/desc/audits/runtime_host_delete.md new file mode 100644 index 000000000..0ab1c877e --- /dev/null +++ b/openapi-specs/compute/33-02/desc/audits/runtime_host_delete.md @@ -0,0 +1,10 @@ +Deletes all host audits from the database. + +The following example curl command uses basic auth to delete all host audits: + +```bash +$ curl -k \ + -u \ + -X DELETE \ + https://:8083/api/v1/audits/runtime/host +``` diff --git a/openapi-specs/compute/33-02/desc/audits/runtime_host_download_get.md b/openapi-specs/compute/33-02/desc/audits/runtime_host_download_get.md new file mode 100644 index 000000000..4d0454f56 --- /dev/null +++ b/openapi-specs/compute/33-02/desc/audits/runtime_host_download_get.md @@ -0,0 +1,15 @@ +Returns the runtime host audit events data in CSV format. + +### cURL Request + +Refer to the following example cURL command: + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: text/csv' \ + -X GET \ + -o \ + "https:///api/v/audits/runtime/host/download" +``` + diff --git a/openapi-specs/compute/33-02/desc/audits/runtime_host_get.md b/openapi-specs/compute/33-02/desc/audits/runtime_host_get.md new file mode 100644 index 000000000..044b8b42d --- /dev/null +++ b/openapi-specs/compute/33-02/desc/audits/runtime_host_get.md @@ -0,0 +1,45 @@ +Retrieves the runtime host audit events. + +### cURL Request + +Refer to the following example cURL command: + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X GET \ + "https:///api/v/audits/runtime/host" +``` +### cURL Response + +``` +{ + "_id": "637628beb2a8e98a1c36a9e1", + "time": "2022-11-17T12:27:42.003Z", + "hostname": "ip-172-31-9-109.ec2.internal", + "fqdn": "", + "type": "network", + "effect": "alert", + "ruleName": "user-host-arm", + "msg": "DNS resolution of name www.yahoo.com, type AAAA explicitly denied by a runtime rule", + "profileId": "ip-172-31-9-109.ec2.internal", + "collections": [ + "All", + "waas_oob_collection", + "user123" + ], + "attackType": "explicitlyDeniedDNS", + "count": 1, + "severity": "high", + "region": "us-east-1", + "accountID": "496947949261", + "domain": "www.yahoo.com", + "provider": "aws", + "resourceID": "i-0bc31d26963bd2933" +} +... +... +... + +``` \ No newline at end of file diff --git a/openapi-specs/compute/33-02/desc/audits/runtime_host_timeslice_get.md b/openapi-specs/compute/33-02/desc/audits/runtime_host_timeslice_get.md new file mode 100644 index 000000000..8933efa74 --- /dev/null +++ b/openapi-specs/compute/33-02/desc/audits/runtime_host_timeslice_get.md @@ -0,0 +1,40 @@ +Retrieves the runtime host audit events for a specific time frame. + +**Note**: In Console, you can view the same under **Monitor > Events > Container Audits**. + +Use the following mandatory query parameters to fetch results: +* **from**: Specifies the start time in UTC standard of the time period for which the audit events are returned. +* **to**: Specifies the end time in UTC standard of the time period for which the audit events are returned. +* **buckets**: Specifies the number of buckets (buckets of audits based on aggregation logic) to return. Query within the range of 1-100. + +### cURL Request + +Refer to the following example cURL command: + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X GET \ + "https:///api/v/audits/runtime/host/timeslice?from=2022-11-15T15:23:57Z&to=2022-11-16T15:23:57Z&buckets=5" +``` +### cURL Response + +``` +{ + "start": "2022-11-12T15:23:57Z", + "end": "2022-11-13T15:23:57Z", + "count": 2 +}, +{ + "start": "2022-11-13T15:23:57Z", + "end": "2022-11-14T15:23:57Z", + "count": 1 +} + +``` + +**Response Parameters**: +* **start**: Specifies the start time of the bucket in date-time UTC format. +* **end**: Specifies the end time of the bucket in date-time UTC format. +* **count**: Specifies the number of audit occurrences. \ No newline at end of file diff --git a/openapi-specs/compute/33-02/desc/audits/runtime_log-inspection_download_get.md b/openapi-specs/compute/33-02/desc/audits/runtime_log-inspection_download_get.md new file mode 100644 index 000000000..f047ed96f --- /dev/null +++ b/openapi-specs/compute/33-02/desc/audits/runtime_log-inspection_download_get.md @@ -0,0 +1,15 @@ +Returns the audit events data in CSV format for log inspection checks that are configured under host runtime rules. + +### cURL Request + +Refer to the following example cURL command: + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: text/csv' \ + -X GET \ + -o \ + "https:///api/v/audits/incidents/runtime/log-inspection/download" +``` + diff --git a/openapi-specs/compute/33-02/desc/audits/runtime_log-inspection_get.md b/openapi-specs/compute/33-02/desc/audits/runtime_log-inspection_get.md new file mode 100644 index 000000000..49f0d7be4 --- /dev/null +++ b/openapi-specs/compute/33-02/desc/audits/runtime_log-inspection_get.md @@ -0,0 +1,34 @@ +Retrieves all audit events for log inspection checks that are configured under host runtime rules. + +### cURL Request + +Refer to the following example cURL command: + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X GET \ + "https:///api/v/audits/runtime/log-inspection" +``` + +### cURL Response + +``` +{ + "_id": "637639e2b962a7ae744851bf", + "logfile": "/var/lib/twistlock/log/console.log", + "line": "DEBU 2022-11-17T13:40:50.066 route_handler_middleware.go:507 GET /api/v1/audits/runtime/log-inspection?limit=20&offset=0&project=Central+Console&reverse=false&search=panic ssugandh admin 0.10s", + "time": "2022-11-17T13:40:50.067Z", + "hostname": "jen-cen8-cons-dock-0811t160649-cons-ssugandh-lngcon230.c.twistlock-test-247119.internal", + "ruleName": "panic_error_log", + "accountID": "twistlock-test-247119", + "collections": [ + "All", + "registry_scan_container_cen8-container_22_11_384_piu", + "cnnf_cen8_client_itu" + ], + "cluster": "" +} + +``` \ No newline at end of file diff --git a/openapi-specs/compute/33-02/desc/audits/runtime_rasp_delete.md b/openapi-specs/compute/33-02/desc/audits/runtime_rasp_delete.md new file mode 100644 index 000000000..688e04038 --- /dev/null +++ b/openapi-specs/compute/33-02/desc/audits/runtime_rasp_delete.md @@ -0,0 +1,9 @@ +Deletes all RASP Defender runtime audits. + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X DELETE \ + https://:8083/api/v1/audits/runtime/rasp +``` diff --git a/openapi-specs/compute/33-02/desc/audits/runtime_rasp_download_get.md b/openapi-specs/compute/33-02/desc/audits/runtime_rasp_download_get.md new file mode 100644 index 000000000..303c75858 --- /dev/null +++ b/openapi-specs/compute/33-02/desc/audits/runtime_rasp_download_get.md @@ -0,0 +1,10 @@ +Returns CSV data describing all RASP Defender runtime events. + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: text/csv' \ + -X GET \ + -o rasp-audits.csv + https://:8083/api/v1/audits/runtime/rasp/download +``` diff --git a/openapi-specs/compute/33-02/desc/audits/runtime_rasp_get.md b/openapi-specs/compute/33-02/desc/audits/runtime_rasp_get.md new file mode 100644 index 000000000..229d908b1 --- /dev/null +++ b/openapi-specs/compute/33-02/desc/audits/runtime_rasp_get.md @@ -0,0 +1,9 @@ +Returns JSON data describing all RASP Defender runtime events. + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X GET \ + https://:8083/api/v1/audits/runtime/rasp/download +``` diff --git a/openapi-specs/compute/33-02/desc/audits/runtime_serverless_delete.md b/openapi-specs/compute/33-02/desc/audits/runtime_serverless_delete.md new file mode 100644 index 000000000..99ada0515 --- /dev/null +++ b/openapi-specs/compute/33-02/desc/audits/runtime_serverless_delete.md @@ -0,0 +1,13 @@ +This endpoint will delete all serverless runtime audits. + +The following example curl command uses basic auth to delete the current audits: + + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X DELETE \ + https://:8083/api/v1/audits/runtime/serverless +``` + diff --git a/openapi-specs/compute/33-02/desc/audits/runtime_serverless_download_get.md b/openapi-specs/compute/33-02/desc/audits/runtime_serverless_download_get.md new file mode 100644 index 000000000..f829d2342 --- /dev/null +++ b/openapi-specs/compute/33-02/desc/audits/runtime_serverless_download_get.md @@ -0,0 +1,14 @@ +Returns the scan audit events data in CSV format for any configured serverless functions in Prisma Cloud Compute. + +### cURL Request + +Refer to the following example cURL command: + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: text/csv' \ + -X GET \ + -o \ + "https:///api/v/audits/runtime/serverless/download" +``` diff --git a/openapi-specs/compute/33-02/desc/audits/runtime_serverless_filters_get.md b/openapi-specs/compute/33-02/desc/audits/runtime_serverless_filters_get.md new file mode 100644 index 000000000..b9bf38610 --- /dev/null +++ b/openapi-specs/compute/33-02/desc/audits/runtime_serverless_filters_get.md @@ -0,0 +1,11 @@ +Returns all serverless filters in JSON format. +These filters can be used in the base `GET` request as query parameters. + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X GET \ + https://CONSOLE_ADDRESS:PORT/api/v1/audits/runtime/serverless/filters +``` + diff --git a/openapi-specs/compute/33-02/desc/audits/runtime_serverless_get.md b/openapi-specs/compute/33-02/desc/audits/runtime_serverless_get.md new file mode 100644 index 000000000..045946886 --- /dev/null +++ b/openapi-specs/compute/33-02/desc/audits/runtime_serverless_get.md @@ -0,0 +1,31 @@ +Retrieves all scan events for any configured serverless functions in Prisma Cloud Compute. + +### cURL Request + +Refer to the following example cURL command: + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X GET \ + "https:///api/v/audits/runtime/serverless" +``` +### cURL Response + +``` +{ + "time": "2022-11-22T12:27:19.329Z", + "fqdn": "", + "type": "", + "effect": "", + "ruleName": "", + "msg": "C:\\home\\xmrig launched by C:\\Windows\\system32\\inetsrv\\w3wp.exe and is identified as a crypto miner. Full command: \"C:\\home\\xmrig\" /I windows C:\\Windows\\*", + "count": 1, + "function": "Test44", + "region": "Central US", + "runtime": "dotnet", + "provider": "azure" +} + +``` \ No newline at end of file diff --git a/openapi-specs/compute/33-02/desc/audits/runtime_serverless_timeslice_get.md b/openapi-specs/compute/33-02/desc/audits/runtime_serverless_timeslice_get.md new file mode 100644 index 000000000..863890174 --- /dev/null +++ b/openapi-specs/compute/33-02/desc/audits/runtime_serverless_timeslice_get.md @@ -0,0 +1,35 @@ +Retrieves all scan events for any configured serverless functions in Prisma Cloud Compute for a specific time frame. + +**Note**: In Console, you can view the same under **Monitor > Events > Container Audits**. + +Use the following mandatory query parameters to fetch results: +* **from**: Specifies the start time in UTC standard of the time period for which the audit events are returned. +* **to**: Specifies the end time in UTC standard of the time period for which the audit events are returned. +* **buckets**: Specifies the number of buckets (buckets of audits based on aggregation logic) to return. Query within the range of 1-100. + +### cURL Request + +Refer to the following example cURL command: + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X GET \ + "https:///api/v/audits/runtime/serverless/timeslice?from=2022-11-15T15:23:57Z&to=2022-11-16T15:23:57Z&buckets=5" +``` +### cURL Response + +``` +{ + "start": "2022-10-23T06:35:50.254Z", + "end": "2022-10-24T04:58:47.103Z", + "count": 4 +} + +``` + +**Response Parameters**: +* **start**: Specifies the start time of the bucket in date-time UTC format. +* **end**: Specifies the end time of the bucket in date-time UTC format. +* **count**: Specifies the number of audit occurrences. \ No newline at end of file diff --git a/openapi-specs/compute/33-02/desc/audits/trust_delete.md b/openapi-specs/compute/33-02/desc/audits/trust_delete.md new file mode 100644 index 000000000..0bfb2bd81 --- /dev/null +++ b/openapi-specs/compute/33-02/desc/audits/trust_delete.md @@ -0,0 +1,9 @@ +Deletes all the trust audits from the events page in Console. + +``` +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X DELETE \ + https://:8083/api/v1/audits/trust +``` diff --git a/openapi-specs/compute/33-02/desc/audits/trust_download_get.md b/openapi-specs/compute/33-02/desc/audits/trust_download_get.md new file mode 100644 index 000000000..21c0e55a2 --- /dev/null +++ b/openapi-specs/compute/33-02/desc/audits/trust_download_get.md @@ -0,0 +1,14 @@ +Returns the trust audit events data in CSV format. + + +### cURL Request +Refer to the following example cURL command: + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: text/csv' \ + -X GET \ + -o \ + "https:///api/v/audits/trust/download" +``` diff --git a/openapi-specs/compute/33-02/desc/audits/trust_get.md b/openapi-specs/compute/33-02/desc/audits/trust_get.md new file mode 100644 index 000000000..8fb3a341d --- /dev/null +++ b/openapi-specs/compute/33-02/desc/audits/trust_get.md @@ -0,0 +1,103 @@ +Retrieves all the trust audit events. + +### cURL Request +Refer to the following example cURL command: + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X GET \ + "https:///api/v/audits/trust" +``` +### cURL Response + +``` +{ + "_id": "quay.io/openshift-release-dev/ocp-v4.0-art-dev", + "time": "2022-11-22T18:15:06.793Z", + "total": 7, + "resource": { + "images": [ + "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:9dd1b7719d2a52910d7860f22d038ab57e1d3aa5274a3d0850112394fdf4aec0" + ], + "accountIDs": [ + "twistlock-test-247119" + ], + "clusters": [ + "openshift-v1-22-89e95cb9-cri-o-1-22-5-14-rhaos4-9-git80a8e67-el8-u-openshift-370392" + ] + }, + "collections": [ + "All" + ], + "cluster": "openshift-v1-22-89e95cb9-cri-o-1-22-5-14-rhaos4-9-git80a8e67-el8-u-openshift-370392", + "audits": { + "untrusted": { + "count": 7, + "audits": [ + { + "_id": "quay.io/openshift-release-dev/ocp-v4.0-art-dev", + "time": "2022-11-22T18:15:06.793Z", + "imageName": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:c3f8fe342716c0d9ba925a65f6f234e5c4d9670e7ea84bd227cf2af454dd4f0d", + "imageID": "0fad6b33183ae7dbd050b095bdd1d004911ba8f49d08104d513f4e0e1ee460b1", + "effect": "alert", + "ruleName": "TV 1", + "msg": "Untrusted by rule TV 1", + "count": 1, + "accountID": "twistlock-test-247119", + "cluster": "openshift-v1-22-89e95cb9-cri-o-1-22-5-14-rhaos4-9-git80a8e67-el8-u-openshift-370392" + }, + { + "_id": "quay.io/openshift-release-dev/ocp-v4.0-art-dev", + "time": "2022-11-22T18:15:04.922Z", + "imageName": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:9dd1b7719d2a52910d7860f22d038ab57e1d3aa5274a3d0850112394fdf4aec0", + "imageID": "90e290196294063f8638cbc4e4c8f1db669a0b2ff67ac2c3d6612e6f783ffbd3", + "effect": "alert", + "ruleName": "TV 1", + "msg": "Untrusted by rule TV 1", + "count": 1, + "accountID": "twistlock-test-247119", + "cluster": "openshift-v1-22-89e95cb9-cri-o-1-22-5-14-rhaos4-9-git80a8e67-el8-u-openshift-370392" + }, + { + "_id": "quay.io/openshift-release-dev/ocp-v4.0-art-dev", + "time": "2022-11-22T18:00:02.682Z", + "imageName": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:c3f8fe342716c0d9ba925a65f6f234e5c4d9670e7ea84bd227cf2af454dd4f0d", + "imageID": "0fad6b33183ae7dbd050b095bdd1d004911ba8f49d08104d513f4e0e1ee460b1", + "effect": "alert", + "ruleName": "TV 1", + "msg": "Untrusted by rule TV 1", + "count": 1, + "accountID": "twistlock-test-247119", + "cluster": "openshift-v1-22-89e95cb9-cri-o-1-22-5-14-rhaos4-9-git80a8e67-el8-u-openshift-370392" + }, + { + "_id": "quay.io/openshift-release-dev/ocp-v4.0-art-dev", + "time": "2022-11-22T18:00:00.733Z", + "imageName": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:9dd1b7719d2a52910d7860f22d038ab57e1d3aa5274a3d0850112394fdf4aec0", + "imageID": "90e290196294063f8638cbc4e4c8f1db669a0b2ff67ac2c3d6612e6f783ffbd3", + "effect": "alert", + "ruleName": "TV 1", + "msg": "Untrusted by rule TV 1", + "count": 1, + "accountID": "twistlock-test-247119", + "cluster": "openshift-v1-22-89e95cb9-cri-o-1-22-5-14-rhaos4-9-git80a8e67-el8-u-openshift-370392" + }, + { + "_id": "quay.io/openshift-release-dev/ocp-v4.0-art-dev", + "time": "2022-11-22T17:45:14.196Z", + "imageName": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:c3f8fe342716c0d9ba925a65f6f234e5c4d9670e7ea84bd227cf2af454dd4f0d", + "imageID": "0fad6b33183ae7dbd050b095bdd1d004911ba8f49d08104d513f4e0e1ee460b1", + "effect": "alert", + "ruleName": "TV 1", + "msg": "Untrusted by rule TV 1", + "count": 1, + "accountID": "twistlock-test-247119", + "cluster": "openshift-v1-22-89e95cb9-cri-o-1-22-5-14-rhaos4-9-git80a8e67-el8-u-openshift-370392" + } + ] + } + } + } +``` \ No newline at end of file diff --git a/openapi-specs/compute/33-02/desc/audits/waas_agentless_download_get.md b/openapi-specs/compute/33-02/desc/audits/waas_agentless_download_get.md new file mode 100644 index 000000000..bbfcd12f5 --- /dev/null +++ b/openapi-specs/compute/33-02/desc/audits/waas_agentless_download_get.md @@ -0,0 +1,16 @@ +Returns the agentless Web-Application and API Security (WAAS) audit events data in CSV format. + +**Note:** These are based on violations of WAAS policies defined under **Defend > WAAS > Agentless > Agentless WAAS Policy**. + +### cURL Request + +Refer to the following example cURL command that retrieves all agentless WAAS audit events: + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: text/csv' \ + -X GET \ + -o \ + "https:///api/v/audits/firewall/app/agentless/download" +``` \ No newline at end of file diff --git a/openapi-specs/compute/33-02/desc/audits/waas_agentless_get.md b/openapi-specs/compute/33-02/desc/audits/waas_agentless_get.md new file mode 100644 index 000000000..ad40ae497 --- /dev/null +++ b/openapi-specs/compute/33-02/desc/audits/waas_agentless_get.md @@ -0,0 +1,44 @@ +Retrieves all agentless Web-Application and API Security (WAAS) audit events. + +**Note:** These are based on violations of WAAS policies defined under **Defend > WAAS > Agentless > Agentless WAAS Policy**. + +### cURL Request + +Refer to the following example cURL command that retrieves all agentless WAAS audit events: + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X GET \ + "https:///api/v/audits/firewall/app/agentless" +``` + +### cURL Response + +``` +{ + "_id": "", + "time": "0001-01-01T00:00:00Z", + "hostname": "", + "fqdn": "", + "effect": "", + "ruleName": "", + "ruleAppID": "", + "msg": "", + "host": false, + "containerName": "", + "containerId": "", + "imageName": "", + "appID": "", + "type": "customRule", + "count": 60, + "url": "", + "subnet": "", + "requestHeaders": "", + "attackField": {}, + "eventID": "" +} + +``` + diff --git a/openapi-specs/compute/33-02/desc/audits/waas_agentless_timeslice_get.md b/openapi-specs/compute/33-02/desc/audits/waas_agentless_timeslice_get.md new file mode 100644 index 000000000..007c6dba3 --- /dev/null +++ b/openapi-specs/compute/33-02/desc/audits/waas_agentless_timeslice_get.md @@ -0,0 +1,36 @@ +Retrieves all agentless Web-Application and API Security (WAAS) audit buckets based on a specified query time frame. + +**Note:** These are based on violations of WAAS policies defined under Defend > WAAS > Agentless > Agentless WAAS Policy. + +Use the following mandatory query parameters to fetch results: +* **from**: Specifies the start time in UTC standard of the time period for which the audit events are returned. +* **to**: Specifies the end time in UTC standard of the time period for which the audit events are returned. +* **buckets**: Specifies the number of buckets (buckets of audits based on aggregation logic) to return. Values in the range 1-100 are accepted. + +### cURL Request + +Refer to the following example cURL command that retrieves all host WAAS audit events: + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X GET \ + "https:///api/v/audits/firewall/app/agentless/timeslice?from=2022-11-15T15:23:57Z&to=2022-11-16T15:23:57Z&buckets=5" +``` + +### cURL Response + +``` +{ + "start": "2022-11-22T02:49:23.827Z", + "end": "2022-11-23T01:12:35.884Z", + "count": 69 +} + +``` + +**Response Parameters**: +* **start**: Specifies the start time of the bucket in date-time UTC format. +* **end**: Specifies the end time of the bucket in date-time UTC format. +* **count**: Specifies the number of audit occurrences. \ No newline at end of file diff --git a/openapi-specs/compute/33-02/desc/audits/waas_app_embedded_download_get.md b/openapi-specs/compute/33-02/desc/audits/waas_app_embedded_download_get.md new file mode 100644 index 000000000..149c10376 --- /dev/null +++ b/openapi-specs/compute/33-02/desc/audits/waas_app_embedded_download_get.md @@ -0,0 +1,15 @@ +Returns the app-embedded WAAS audit events data in CSV format for the specified query parameters. + +**Note:** These audit events relate to violations of WAAS policies defined under **Defend > WAAS > App-Embedded > App-Embedded WAAS Policy**. + +### cURL Request +Refer to the following example cURL command: + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: text/csv' \ + -X GET \ + -o \ + "https:///api/v/audits/firewall/app/app-embedded/download" +``` diff --git a/openapi-specs/compute/33-02/desc/audits/waas_app_embedded_get.md b/openapi-specs/compute/33-02/desc/audits/waas_app_embedded_get.md new file mode 100644 index 000000000..400fa447d --- /dev/null +++ b/openapi-specs/compute/33-02/desc/audits/waas_app_embedded_get.md @@ -0,0 +1,84 @@ +Returns all app-embedded WAAS audit events for the specified query parameters. + +**Note:** These audit events relate to violations of WAAS policies defined under **Defend > WAAS > App-Embedded > App-Embedded WAAS Policy**. + +### cURL Request +Refer to the following example cURL command: + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X GET \ + "https:///api/v/audits/firewall/app/app-embedded" +``` +### cURL Response + +``` +{ + "_id": "636ab72055e55c25de4702c3", + "time": "2022-11-08T20:08:00Z", + "hostname": "waas-mock-service-testing:24edfabfc76140ae97485844b0d7579c", + "fqdn": "", + "effect": "alert", + "ruleName": "waas-mock-service-testing_22_11_384_fargate", + "ruleAppID": "hxrbsrky", + "msg": "Detected Local File Inclusion attack in request body, match ../, value ../../", + "host": true, + "containerName": "", + "containerId": "", + "imageName": "", + "appID": "waas-mock-service-testing:24edfabfc76140ae97485844b0d7579c", + "type": "lfi", + "count": 1, + "region": "us-east-1", + "version": "22.11.384", + "accountID": "496947949261", + "url": "34.239.179.111:2001/", + "userAgentHeader": "python-requests/2.27.1", + "method": "POST", + "urlPath": "/", + "subnet": "34.72.93.22", + "requestHeaders": "POST / HTTP/1.1\r\nHost: 34.239.179.111:2001\r\nAccept: */*\r\nAccept-Encoding: gzip, deflate\r\nConnection: keep-alive\r\nContent-Length: 6\r\nUser-Agent: python-requests/2.27.1\r\n", + "requestHost": "34.239.179.111:2001", + "requestHeaderNames": [ + "Accept", + "Accept-Encoding", + "Connection", + "Content-Length", + "User-Agent" + ], + "responseHeaderNames": [ + "Content-Length", + "Content-Type", + "Date", + "Server" + ], + "statusCode": 404, + "collections": [ + "All", + "waas_collection_fargate_waas-mock-service-testing_22_11_384_zxo" + ], + "resource": { + "appIDs": [ + "waas-mock-service-testing:24edfabfc76140ae97485844b0d7579c" + ], + "accountIDs": [ + "496947949261" + ] + }, + "cluster": "automation-fargate-test", + "attackTechniques": [ + "exploitPublicFacingApplication", + "applicationExploitRCE" + ], + "protection": "firewall", + "attackField": { + "value": "../../", + "type": "rawBody" + }, + "eventID": "8513bd5f-3091-06cf-b856-4d007f11443d", + "provider": "aws" + } + +``` diff --git a/openapi-specs/compute/33-02/desc/audits/waas_app_embedded_timeslice_get.md b/openapi-specs/compute/33-02/desc/audits/waas_app_embedded_timeslice_get.md new file mode 100644 index 000000000..79a60038e --- /dev/null +++ b/openapi-specs/compute/33-02/desc/audits/waas_app_embedded_timeslice_get.md @@ -0,0 +1,34 @@ +Returns the app-embedded WAAS audit buckets based on the query time frame. +Use the UTC time of an audit event to query for a time frame. + +**Note:** These audit events relate to violations of WAAS policies defined under **Defend > WAAS > App-Embedded > App-Embedded WAAS Policy**. + +Use the following mandatory query parameters to fetch results: +* **from**: Specifies the start time in UTC standard of the time period for which the audit events are returned. +* **to**: Specifies the end time in UTC standard of the time period for which the audit events are returned. +* **buckets**: Specifies the number of buckets (buckets of audits based on aggregation logic) to return. Values in the range 1-100 are accepted. + +### cURL Request +Refer to the following example cURL command that retrieves the app-embedded WAAS audit buckets of five between 15 Nov. 2022 (15h:23m:57s) and 16 Nov. 2022 (15h:23m:57s): + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X GET \ + "https:///api/v/audits/firewall/app/app-embedded/timeslice?from=2022-11-15T15:23:57Z&to=2022-11-16T15:23:57Z&buckets=5" +``` +### cURL Response + +``` +{ + "start":"2022-11-12T20:11:57Z", + "end":"2022-11-13T10:35:57Z", + "count":44 +} + +``` +**Response Parameters**: +* **start**: Specifies the start time of the bucket in date-time UTC format. +* **end**: Specifies the end time of the bucket in date-time UTC format. +* **count**: Specifies the number of audit occurrences. \ No newline at end of file diff --git a/openapi-specs/compute/33-02/desc/audits/waas_container_download_get.md b/openapi-specs/compute/33-02/desc/audits/waas_container_download_get.md new file mode 100644 index 000000000..9a5e04fad --- /dev/null +++ b/openapi-specs/compute/33-02/desc/audits/waas_container_download_get.md @@ -0,0 +1,15 @@ +Returns the container Web-Application and API Security (WAAS) audit events data in CSV format. + +**Note:** These audit events relate to violations of WAAS policies defined under **Defend > WAAS > Container > Container WAAS Policy**. + +### cURL Request +Refer to the following example cURL command that downloads the WAAS container audit events: + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: text/csv' \ + -X GET \ + -o \ + "https:///api/v/audits/firewall/app/container/download" +``` diff --git a/openapi-specs/compute/33-02/desc/audits/waas_container_get.md b/openapi-specs/compute/33-02/desc/audits/waas_container_get.md new file mode 100644 index 000000000..ac0df80fd --- /dev/null +++ b/openapi-specs/compute/33-02/desc/audits/waas_container_get.md @@ -0,0 +1,98 @@ +Retrieves all container Web-Application and API Security (WAAS) audits. + +**Note:** These audit events relate to violations of WAAS policies defined under **Defend > WAAS > Container > Container WAAS Policy**. + +### cURL Request +Refer to the following example cURL command that retrieves all container WAAS audit events: + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X GET \ + "https:///api/v/audits/firewall/app/container" + +``` + +### cURL Response +``` +{ + "_id": "636aa20ca5eab1d485abc519", + "profileId": "sha256:a9301dac5a66b3f54a324b9ee737c64a1cc68d2186d8082df82755fb6d551a06_waas_k8s-v1-23-13-docker-20-10-21-kube-ssugandh-2b19f07bd1e31534", + "time": "2022-11-08T18:38:04Z", + "hostname": "kube-ssugandh-2b19f07bd1e31534-k8s-worker-1", + "fqdn": "", + "effect": "alert", + "ruleName": "k8s-7878_384_kubernetes", + "ruleAppID": "zhdmrlnr", + "msg": "Detected Local File Inclusion attack in request body, match ../, value ../../", + "host": false, + "containerName": "/k8s_mock-web-service-36666_mock-web-service-32001_waas_52d3dccd-44b4-48fa-b149-60835b47c614_0", + "containerId": "22c03ede91779978eb664c03189e3b69432e754b984dd9be203e7567fc6461ba", + "imageName": "doctwistlock/waas-mock-service:latest", + "appID": "", + "type": "lfi", + "count": 1, + "region": "us-central1-a", + "version": "22.11.384", + "accountID": "twistlock-test-247119", + "url": "10.180.31.40:32001/", + "userAgentHeader": "python-requests/2.27.1", + "method": "POST", + "urlPath": "/", + "subnet": "10.180.31.40", + "requestHeaders": "POST / HTTP/1.1\r\nHost: 10.180.31.40:32001\r\nAccept: */*\r\nAccept-Encoding: gzip, deflate\r\nConnection: keep-alive\r\nContent-Length: 6\r\nUser-Agent: python-requests/2.27.1\r\n", + "requestHost": "10.180.31.40:32001", + "requestHeaderNames": [ + "Accept", + "Accept-Encoding", + "Connection", + "Content-Length", + "User-Agent" + ], + "responseHeaderNames": [ + "Content-Length", + "Content-Type", + "Date", + "Server" + ], + "statusCode": 404, + "collections": [ + "All", + "Prisma Cloud resources" + ], + "os": "Ubuntu 20.04.5 LTS", + "ns": [ + "waas" + ], + "resource": { + "images": [ + "doctwistlock/waas-mock-service:latest" + ], + "namespaces": [ + "waas" + ], + "accountIDs": [ + "twistlock-test-247119" + ] + }, + "cluster": "k8s-v1-23-13-docker-20-10-21-kube-ssugandh-2b19f07bd1e31534", + "attackTechniques": [ + "exploitPublicFacingApplication", + "applicationExploitRCE" + ], + "protection": "firewall", + "attackField": { + "value": "../../", + "type": "rawBody" + }, + "eventID": "dc2fb804-27b1-40f4-6b73-ae54783c548a", + "provider": "gcp" + }, + ... + ... + ... + +} + +``` diff --git a/openapi-specs/compute/33-02/desc/audits/waas_container_timeslice_get.md b/openapi-specs/compute/33-02/desc/audits/waas_container_timeslice_get.md new file mode 100644 index 000000000..a56b4c48f --- /dev/null +++ b/openapi-specs/compute/33-02/desc/audits/waas_container_timeslice_get.md @@ -0,0 +1,34 @@ +Retrieves all container Web-Application and API Security (WAAS) audit events for a specific time frame. + +**Note:** These audit events relate to violations of WAAS policies defined under **Defend > WAAS > Container > Container WAAS Policy**. + +Use the following mandatory query parameters to fetch results: +* **from**: Specifies the start time in UTC standard of the time period for which the audit events are returned. +* **to**: Specifies the end time in UTC standard of the time period for which the audit events are returned. +* **buckets**: Specifies the number of buckets (buckets of audits based on aggregation logic) to return. Values in the range 1-100 are accepted. + +### cURL Request +Refer to the following example cURL command that retrieves the container WAAS audit buckets of five between 15 Nov. 2022 (15h:23m:57s) and 16 Nov. 2022 (15h:23m:57s):: + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X GET \ + "https:///api/v/audits/firewall/app/container/timeslice?from=2022-11-15T15:23:57Z&to=2022-11-16T15:23:57Z&buckets=5" + +``` + +### cURL Response +``` +{ + "start": "2022-11-16T10:35:57Z", + "end": "2022-11-16T15:23:57Z", + "count": 46 +} + +``` +Response Parameters: +* **start**: Specifies the start time of the bucket in date-time UTC format. +* **end**: Specifies the end time of the bucket in date-time UTC format. +* **count**: Specifies the number of audit occurrences. \ No newline at end of file diff --git a/openapi-specs/compute/33-02/desc/audits/waas_host_download_get.md b/openapi-specs/compute/33-02/desc/audits/waas_host_download_get.md new file mode 100644 index 000000000..4bc66202b --- /dev/null +++ b/openapi-specs/compute/33-02/desc/audits/waas_host_download_get.md @@ -0,0 +1,16 @@ +Returns the host Web-Application and API Security (WAAS) audit events data in CSV format. + +**Note:** These audit events relate to violations of WAAS policies defined under **Defend > WAAS > Host > Host WAAS Policy**. + +### cURL Request + +Refer to the following example cURL command that downloads the host WAAS audit events: + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: text/csv' \ + -X GET \ + -o \ + "https://console:8083/api/v/audits/firewall/app/host/download" +``` \ No newline at end of file diff --git a/openapi-specs/compute/33-02/desc/audits/waas_host_get.md b/openapi-specs/compute/33-02/desc/audits/waas_host_get.md new file mode 100644 index 000000000..14c967594 --- /dev/null +++ b/openapi-specs/compute/33-02/desc/audits/waas_host_get.md @@ -0,0 +1,89 @@ +Retrieves all host Web-Application and API Security (WAAS) audit events. + +**Note:** These are based on violations of WAAS policies defined under **Defend > WAAS > Host > Host WAAS Policy**. + +### cURL Request + +Refer to the following example cURL command that retrieves all host WAAS audit events: + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X GET \ + "https:///api/v/audits/firewall/app/host" +``` + +### cURL Response + +``` +{ + "_id": "636ab7190487e34d5461a141", + "profileId": "jen-rhe7-0811t164940-host-def-pre-lngcon230.c.twistlock-test-247119.internal", + "time": "2022-11-08T20:07:53Z", + "hostname": "jen-rhe7-0811t164940-host-def-pre-lngcon230.c.twistlock-test-247119.internal", + "fqdn": "", + "effect": "alert", + "ruleName": "rhe7-host_22_11_384_host", + "ruleAppID": "cggseacq", + "msg": "Detected Local File Inclusion attack in request body, match ../, value ../../", + "host": true, + "containerName": "", + "containerId": "", + "imageName": "", + "appID": "", + "type": "lfi", + "count": 1, + "region": "us-central1-a", + "version": "22.11.384", + "accountID": "twistlock-test-247119", + "url": "10.181.239.16:2001/", + "userAgentHeader": "python-requests/2.27.1", + "method": "POST", + "urlPath": "/", + "subnet": "10.180.30.249", + "requestHeaders": "POST / HTTP/1.1\r\nHost: 10.181.239.16:2001\r\nAccept: */*\r\nAccept-Encoding: gzip, deflate\r\nConnection: keep-alive\r\nContent-Length: 6\r\nUser-Agent: python-requests/2.27.1\r\n", + "requestHost": "10.181.239.16:2001", + "requestHeaderNames": [ + "Accept", + "Accept-Encoding", + "Connection", + "Content-Length", + "User-Agent" + ], + "responseHeaderNames": [ + "Content-Length", + "Content-Type", + "Date", + "Server" + ], + "statusCode": 404, + "collections": [ + "All", + "rhe7-host_mhm", + "compliance_rhe7_hhk", + "waas_collection_host_rhe7-host_22_11_384_hpx" + ], + "resource": { + "hosts": [ + "jen-rhe7-0811t164940-host-def-pre-lngcon230.c.twistlock-test-247119.internal" + ], + "accountIDs": [ + "twistlock-test-247119" + ] + }, + "attackTechniques": [ + "exploitPublicFacingApplication", + "applicationExploitRCE" + ], + "protection": "firewall", + "attackField": { + "value": "../../", + "type": "rawBody" + }, + "eventID": "306032c4-2175-6d95-7a2c-c9abacfc9cb6", + "provider": "gcp" + } + +``` + diff --git a/openapi-specs/compute/33-02/desc/audits/waas_host_timeslice_get.md b/openapi-specs/compute/33-02/desc/audits/waas_host_timeslice_get.md new file mode 100644 index 000000000..e28ed7b7a --- /dev/null +++ b/openapi-specs/compute/33-02/desc/audits/waas_host_timeslice_get.md @@ -0,0 +1,35 @@ +Retrieves all host Web-Application and API Security (WAAS) audit events. + +**Note:** These are based on violations of WAAS policies defined under **Defend > WAAS > Host > Host WAAS Policy**. + +Use the following mandatory query parameters to fetch results: +* **from**: Specifies the start time in UTC standard of the time period for which the audit events are returned. +* **to**: Specifies the end time in UTC standard of the time period for which the audit events are returned. +* **buckets**: Specifies the number of buckets (buckets of audits based on aggregation logic) to return. Values in the range 1-100 are accepted. + +### cURL Request + +Refer to the following example cURL command that retrieves host WAAS audit events for a specific time frame: + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X GET \ + "https:///api/v/audits/firewall/app/hosttimeslice?from=2022-11-15T15:23:57Z&to=2022-11-16T15:23:57Z&buckets=5" +``` + +### cURL Response + +``` +{ + "start": "2022-11-16T10:35:57Z", + "end": "2022-11-16T15:23:57Z", + "count": 46 +} + +``` +**Response Parameters**: +* **start**: Specifies the start time of the bucket in date-time UTC format. +* **end**: Specifies the end time of the bucket in date-time UTC format. +* **count**: Specifies the number of audit occurrences. diff --git a/openapi-specs/compute/33-02/desc/audits/waas_serverless_download_get.md b/openapi-specs/compute/33-02/desc/audits/waas_serverless_download_get.md new file mode 100644 index 000000000..da05504df --- /dev/null +++ b/openapi-specs/compute/33-02/desc/audits/waas_serverless_download_get.md @@ -0,0 +1,18 @@ +Returns the serverless function Web-Application and API Security (WAAS) audit events data in CSV format. + +**Note:** These are based on violations of WAAS policies defined under **Defend > WAAS > Serverless > Serverless WAAS Policy**. + +### cURL Request + +Refer to the following example cURL command that downloads the serverless WAAS audit events: + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: text/csv' \ + -X GET \ + -o \ + "https:///api/v/audits/firewall/app/serverless/download" + +``` + diff --git a/openapi-specs/compute/33-02/desc/audits/waas_serverless_get.md b/openapi-specs/compute/33-02/desc/audits/waas_serverless_get.md new file mode 100644 index 000000000..fe482a3f3 --- /dev/null +++ b/openapi-specs/compute/33-02/desc/audits/waas_serverless_get.md @@ -0,0 +1,44 @@ +Retrieves all serverless function Web-Application and API Security (WAAS) audit events. + +**Note:** These are based on violations of WAAS policies defined under **Defend > WAAS > Serverless > Serverless WAAS Policy**. + +### cURL Request + +Refer to the following example cURL command that retrieves all serverless WAAS audit events: + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X GET \ + "https:///api/v/audits/firewall/app/serverless" +``` + +### cURL Response + +``` +{ + "_id": "", + "time": "0001-01-01T00:00:00Z", + "hostname": "", + "fqdn": "", + "effect": "", + "ruleName": "", + "ruleAppID": "", + "msg": "", + "host": false, + "containerName": "", + "containerId": "", + "imageName": "", + "appID": "", + "type": "cmdi", + "count": 1, + "url": "", + "subnet": "", + "requestHeaders": "", + "attackField": {}, + "eventID": "" +} + +``` + diff --git a/openapi-specs/compute/33-02/desc/audits/waas_serverless_timeslice_get.md b/openapi-specs/compute/33-02/desc/audits/waas_serverless_timeslice_get.md new file mode 100644 index 000000000..ec9ff3df1 --- /dev/null +++ b/openapi-specs/compute/33-02/desc/audits/waas_serverless_timeslice_get.md @@ -0,0 +1,35 @@ +Retrieves all serverless Web-Application and API Security (WAAS) audit buckets based on a specified query time frame in UTC. + +**Note:** These are based on violations of WAAS policies defined under **Defend > WAAS > Serverless > Serverless WAAS Policy**. + +Use the following mandatory query parameters to fetch results: +* **from**: Specifies the start time in UTC standard of the time period for which the audit events are returned. +* **to**: Specifies the end time in UTC standard of the time period for which the audit events are returned. +* **buckets**: Specifies the number of buckets (buckets of audits based on aggregation logic) to return. Values in the range 1-100 are accepted. + +### cURL Request + +Refer to the following example cURL command that retrieves the serverless WAAS audit events for a : + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X GET \ + "https:///api/v/audits/firewall/app/serverless/timeslice?from=2022-11-15T15:23:57Z&to=2022-11-16T15:23:57Z&buckets=5" +``` + +### cURL Response + +``` +{ + "start": "2022-11-21T04:26:58.066Z", + "end": "2022-11-22T02:49:58.549Z", + "count": 1 +} + +``` +**Response Parameters**: +* **start**: Specifies the start time of the bucket in date-time UTC format. +* **end**: Specifies the start time of the bucket in date-time UTC format. +* **count**: Specifies the number of audit occurrences. diff --git a/openapi-specs/compute/33-02/desc/authenticate-client/authenticate-client.md b/openapi-specs/compute/33-02/desc/authenticate-client/authenticate-client.md new file mode 100644 index 000000000..cee2db629 --- /dev/null +++ b/openapi-specs/compute/33-02/desc/authenticate-client/authenticate-client.md @@ -0,0 +1,8 @@ +Retrieves an access token using a client certificate. +Valid tokens are required to access the rest of the Prisma Cloud Compute API. +Use this endpoint if your organization has rolled out multi-factor authentication built on X.509 certificates. + +The API can also be accessed using basic auth. + +* For Prisma Cloud Enterprise Edition (SaaS), see [here](https://prisma.pan.dev/docs/cloud/cwpp/access-api-self-hosted). +* For Prisma Cloud Compute Edition (self-hosted), see [here](https://prisma.pan.dev/docs/cloud/cwpp/access-api-saas). diff --git a/openapi-specs/compute/33-02/desc/authenticate-client/post.md b/openapi-specs/compute/33-02/desc/authenticate-client/post.md new file mode 100644 index 000000000..bc493d04e --- /dev/null +++ b/openapi-specs/compute/33-02/desc/authenticate-client/post.md @@ -0,0 +1,26 @@ +Retrieves an access token using a client certificate. +This endpoint checks the supplied client certificate and authorizes the user based on the username in the certificate's CN or UPN field. + +**Note:** The certificate must be in PEM format, and the certificate file must consist of a client certificate concatenated together with a private key. + +### cURL Request + +Refer to the following example cURL command: + +```bash +$ curl -k \ + -X POST \ + --cert \ + https:///api/v/authenticate-client +``` + +### Response + +Refer to the following example cURL response that returns the user's role and an access token that you can use for subsequent API calls: + +```bash +{ + "admin", + "" +} +``` diff --git a/openapi-specs/compute/33-02/desc/authenticate/authenticate.md b/openapi-specs/compute/33-02/desc/authenticate/authenticate.md new file mode 100644 index 000000000..42b5d3e34 --- /dev/null +++ b/openapi-specs/compute/33-02/desc/authenticate/authenticate.md @@ -0,0 +1,4 @@ +Retrieves an access token using your credentials. +Valid tokens are required to access the rest of the Prisma Cloud Compute API. + +**Note:** The Prisma Cloud Compute API can also be accessed using [basic auth](https://docs.twistlock.com/docs/latest/api/access_api.html). diff --git a/openapi-specs/compute/33-02/desc/authenticate/post.md b/openapi-specs/compute/33-02/desc/authenticate/post.md new file mode 100644 index 000000000..cb018de64 --- /dev/null +++ b/openapi-specs/compute/33-02/desc/authenticate/post.md @@ -0,0 +1,29 @@ +Retrieves an access token using your username and password. +By default, access tokens are valid for 30 minutes. +You can set the validity period in Console under **Manage > Authentication > Logon**. + +**Note:** The username and password values are case-sensitive. + +### cURL Request + +Refer to the following example cURL command: + +```bash +$ curl -k \ + -H "Content-Type: application/json" \ + -X POST \ + -d \ +'{ + "username":"admin", + "password":"password" +}' \ + https:///api/v/authenticate +``` + +### Response + +Refer to the following successful example response that returns the access token for use in other API endpoints: + +```bash +{"token", "ACCESS_TOKEN_VALUE"} +``` diff --git a/openapi-specs/compute/33-02/desc/authenticate/renew_get.md b/openapi-specs/compute/33-02/desc/authenticate/renew_get.md new file mode 100644 index 000000000..6040d58e1 --- /dev/null +++ b/openapi-specs/compute/33-02/desc/authenticate/renew_get.md @@ -0,0 +1,20 @@ +Renews an old (unexpired) access token and returns a new token. + +### cURL Request + +The following cURL command retrieves a new access token using an old access token. + +```bash +$ curl -k \ + -H "Authorization: Bearer " \ + https:///api/v1/authenticate/renew +``` + +### Response + +A successful response will return the following response containing the new access token. +This access token replaces the old access token. + +```bash +{"token", "ACCESS_TOKEN_VALUE"} +``` \ No newline at end of file diff --git a/openapi-specs/compute/33-02/desc/backups/backups.md b/openapi-specs/compute/33-02/desc/backups/backups.md new file mode 100644 index 000000000..fbeae23cb --- /dev/null +++ b/openapi-specs/compute/33-02/desc/backups/backups.md @@ -0,0 +1 @@ +Manage backup files. diff --git a/openapi-specs/compute/33-02/desc/backups/id_patch.md b/openapi-specs/compute/33-02/desc/backups/id_patch.md new file mode 100644 index 000000000..13f4c416e --- /dev/null +++ b/openapi-specs/compute/33-02/desc/backups/id_patch.md @@ -0,0 +1 @@ +Renames the specified backup file. diff --git a/openapi-specs/compute/33-02/desc/certs/capem_get.md b/openapi-specs/compute/33-02/desc/certs/capem_get.md new file mode 100644 index 000000000..f0f0f1bf3 --- /dev/null +++ b/openapi-specs/compute/33-02/desc/certs/capem_get.md @@ -0,0 +1,25 @@ +Retrieves the Base64-encoded SSL root certificate self-signed by primary certificate authority (CA) in PEM format. + +### cURL Request + +Refer to the following example cURL command: + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X GET \ + "https:///api/v1/certs/ca.pem" +``` + +### cURL Response + +``` +-----BEGIN CERTIFICATE----- +MIIDHDCCAgSgAwIBAgIQDBOoX575awe…iQ6j6Icf8NDANBgkqhkiG9w0BAQsFADAo +MRIwEAYDVQQKEwlUd2lzdGxvY2sxEjAQBgNVBAMTCVR3aXN0bG9jazAeFw0yMjEx +MDgxNjA1MDBaFw0yNTExMDrbXDQLhFyPXcFfNgNdEaH +EbVjIec/Frhk0TWIhDDphuwaIz2Qkuj/hIF1rtHhkMFXsYKsUGDcyGKJnEUxz9zR +S4hdrn5QhEh+m+CLzuv+WRV925WJ5rCKYeT9DIhXgEM= +-----END CERTIFICATE----- +``` \ No newline at end of file diff --git a/openapi-specs/compute/33-02/desc/certs/certs.md b/openapi-specs/compute/33-02/desc/certs/certs.md new file mode 100644 index 000000000..807edd91d --- /dev/null +++ b/openapi-specs/compute/33-02/desc/certs/certs.md @@ -0,0 +1 @@ +Retrieve and manage the client and server certificates from the Prisma Cloud Compute. \ No newline at end of file diff --git a/openapi-specs/compute/33-02/desc/certs/client-certs_get.md b/openapi-specs/compute/33-02/desc/certs/client-certs_get.md new file mode 100644 index 000000000..d099b3e3d --- /dev/null +++ b/openapi-specs/compute/33-02/desc/certs/client-certs_get.md @@ -0,0 +1,10 @@ +Downloads a script that installs a client certificate, client private key, and certificate authority certificate for the authenticated user. + +The following example curl command uses basic auth to download and run the install script for your client certs: + +```bash +$ curl -k \ + -u \ + -X GET \ + https://:8083/api/v1/certs/client-certs.sh | sh +``` diff --git a/openapi-specs/compute/33-02/desc/certs/server-certs_get.md b/openapi-specs/compute/33-02/desc/certs/server-certs_get.md new file mode 100644 index 000000000..0bb13f51d --- /dev/null +++ b/openapi-specs/compute/33-02/desc/certs/server-certs_get.md @@ -0,0 +1,62 @@ +Retrieves the server certificate bundle from Prisma Cloud Compute that contains a chain of certificates. + +* Certificate Authority (CA) certificate in PEM +* RSA Private Key for server in PEM +* Server certificate in PEM +* Defender CA certificate in PEM +* Defender RSA Private Key for client in PEM +* Defender client certificate in PEM + +### cURL Request + +Refer to the following example cURL command: + +```bash +$ curl -k \ + -H 'Content-Type: application/json' \ + -u \ + -X GET \ + "https:///api/v1/certs/server-certs.sh" +``` +### cURL Response + +``` +#!/bin/sh +# Copy Certificate Authority +echo -n "-----BEGIN CERTIFICATE----- +MIIDHDCCAgSgAwIBAgIQDBOoX575aweiQ6j6I…hXgEM= +-----END CERTIFICATE----- +" > ca.pem +# Copy Server key +echo -n "-----BEGIN RSA PRIVATE KEY----- +Proc-Type: 4,ENCRYPTED +DEK-Info: AES-256-CBC,a7a8cbceec7e97d51c04ce03f1b4c4dc +HwlxgvmGJw068VUEletmSSBjE54Q+8BGcWuYc…3PjIj2nuD4PTtOULiuLnAoONb0 +-----END RSA PRIVATE KEY----- +" > server-key.pem +# Copy Server Cert +echo -n "-----BEGIN CERTIFICATE----- +MIIDOjCCAiKgAwIBAgIRAOCRfG1Sot…5SY03wZf20LvAzrLTRLsIAbsivp0Ljmvt +drBPViPXgryvwhpnaxU= +-----END CERTIFICATE----- +" > server-cert.pem +# Copy the defender certificate authority +echo -n "-----BEGIN CERTIFICATE----- +MIIDHTCCAgWgAwIBAgIRAMAqTE7/cvmwb…xLx9lzxemN +-----END CERTIFICATE----- +" > defender-ca.pem +# Copy the defender client key +echo -n "-----BEGIN RSA PRIVATE KEY----- +Proc-Type: 4,ENCRYPTED +DEK-Info: AES-256-CBC,ab1bca8bc354c0866cfc26fd946c70b5 + +x1nwAJw5sbjoSL7aUpO3rP8IkMz63X1dD…3k1SVZSph63rRvv6d5O +-----END RSA PRIVATE KEY----- +" > defender-client-key.pem +# Copy the defender client cert +echo -n "-----BEGIN CERTIFICATE----- +MIIDJzCCAg+gAwIBAgIQcb6VdD45Jbla…6kXfxAvSiLTs4mhC1wg68ZSDUQ== +-----END CERTIFICATE----- +" > defender-client-cert.pem + +``` \ No newline at end of file diff --git a/openapi-specs/compute/33-02/desc/cloud/cloud.md b/openapi-specs/compute/33-02/desc/cloud/cloud.md new file mode 100644 index 000000000..4dfd5f087 --- /dev/null +++ b/openapi-specs/compute/33-02/desc/cloud/cloud.md @@ -0,0 +1,2 @@ +Find all the cloud-native services being used in your AWS, Azure, and Google Cloud accounts. +Prisma Cloud Compute continuously monitors these accounts, detects when new services are added, and reports which services are unprotected. diff --git a/openapi-specs/compute/33-02/desc/cloud/compliance_download_get.md b/openapi-specs/compute/33-02/desc/cloud/compliance_download_get.md new file mode 100644 index 000000000..7b1ec9fea --- /dev/null +++ b/openapi-specs/compute/33-02/desc/cloud/compliance_download_get.md @@ -0,0 +1,11 @@ +Download all cloud scan data in CSV format. + + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: text/csv' \ + -X GET \ + -o cloud-compliance.csv \ + https://:8083/api/v1/cloud/compliance/download +``` diff --git a/openapi-specs/compute/33-02/desc/cloud/compliance_get.md b/openapi-specs/compute/33-02/desc/cloud/compliance_get.md new file mode 100644 index 000000000..48c2fe5bb --- /dev/null +++ b/openapi-specs/compute/33-02/desc/cloud/compliance_get.md @@ -0,0 +1,10 @@ +Returns a list of all cloud compliance scan results. + + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X GET \ + https://:8083/api/v1/cloud/compliance +``` diff --git a/openapi-specs/compute/33-02/desc/cloud/compliance_scan_post.md b/openapi-specs/compute/33-02/desc/cloud/compliance_scan_post.md new file mode 100644 index 000000000..7f87bf1f4 --- /dev/null +++ b/openapi-specs/compute/33-02/desc/cloud/compliance_scan_post.md @@ -0,0 +1,10 @@ +Initiates a new cloud compliance scan. + + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X POST \ + https://:8083/api/v1/cloud/compliance/scan +``` diff --git a/openapi-specs/compute/33-02/desc/cloud/compliance_stop_post.md b/openapi-specs/compute/33-02/desc/cloud/compliance_stop_post.md new file mode 100644 index 000000000..df0febb56 --- /dev/null +++ b/openapi-specs/compute/33-02/desc/cloud/compliance_stop_post.md @@ -0,0 +1,10 @@ +Terminates a cloud compliance scan that's in progress.. + + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X POST \ + https://:8083/api/v1/cloud/compliance/stop +``` diff --git a/openapi-specs/compute/33-02/desc/cloud/discovery_download_get.md b/openapi-specs/compute/33-02/desc/cloud/discovery_download_get.md new file mode 100644 index 000000000..44d60a113 --- /dev/null +++ b/openapi-specs/compute/33-02/desc/cloud/discovery_download_get.md @@ -0,0 +1,14 @@ +Downloads all cloud scan data in a CSV file. + +### cURL Request + +Refer to the following cURL example command: + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: text/csv' \ + -X GET \ + -o cloud-discovery.csv \ + https://:8083/api/v/cloud/discovery/download +``` diff --git a/openapi-specs/compute/33-02/desc/cloud/discovery_entities_get.md b/openapi-specs/compute/33-02/desc/cloud/discovery_entities_get.md new file mode 100644 index 000000000..a7abbdfb6 --- /dev/null +++ b/openapi-specs/compute/33-02/desc/cloud/discovery_entities_get.md @@ -0,0 +1,15 @@ +Returns a list of discovered cloud entities. + +Use this API endpoint along with the `GET, api/vVERSION/cloud/discovery` to get full information about the discovered cloud scan result. + +### cURL Request + +Refer to the following cURL example request: + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X GET \ + "https:///api/v/cloud/discovery/entities" +``` \ No newline at end of file diff --git a/openapi-specs/compute/33-02/desc/cloud/discovery_get.md b/openapi-specs/compute/33-02/desc/cloud/discovery_get.md new file mode 100644 index 000000000..28025f140 --- /dev/null +++ b/openapi-specs/compute/33-02/desc/cloud/discovery_get.md @@ -0,0 +1,16 @@ +Returns a list of all cloud discovery scan results in a paginated response. + +The `entities` object and the associated parameters in the response schema is now part of a new API endpoint `/api/v1/cloud/discovery/entities`. + +### cURL Request + +Refer to the following cURL example request: + + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X GET \ + "https:///api/v/cloud/discovery" +``` diff --git a/openapi-specs/compute/33-02/desc/cloud/discovery_scan_post.md b/openapi-specs/compute/33-02/desc/cloud/discovery_scan_post.md new file mode 100644 index 000000000..51799ebdb --- /dev/null +++ b/openapi-specs/compute/33-02/desc/cloud/discovery_scan_post.md @@ -0,0 +1,13 @@ +Initiates a new cloud discovery scan. + +### cURL Request + +Refer to the following example cURL command: + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X POST \ + https://:8083/api/v/cloud/discovery/scan +``` diff --git a/openapi-specs/compute/33-02/desc/cloud/discovery_stop_post.md b/openapi-specs/compute/33-02/desc/cloud/discovery_stop_post.md new file mode 100644 index 000000000..6a6c7a5a5 --- /dev/null +++ b/openapi-specs/compute/33-02/desc/cloud/discovery_stop_post.md @@ -0,0 +1,13 @@ +Terminates a cloud discovery scan that's in progress. + +### cURL Request + +Refer to the following example cURL command: + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X POST \ + https://:8083/api/v/cloud/discovery/stop +``` diff --git a/openapi-specs/compute/33-02/desc/cloud/discovery_vms_get.md b/openapi-specs/compute/33-02/desc/cloud/discovery_vms_get.md new file mode 100644 index 000000000..6766f4e5a --- /dev/null +++ b/openapi-specs/compute/33-02/desc/cloud/discovery_vms_get.md @@ -0,0 +1,13 @@ +Returns the discovered cloud VM instances. + +### cURL Request + +Refer to the following example cURL command that retrieves all the discovered cloud VM instances: + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X GET \ + 'https:///api/v/cloud/discovery/vms' +``` \ No newline at end of file diff --git a/openapi-specs/compute/33-02/desc/coderepos-ci/post.md b/openapi-specs/compute/33-02/desc/coderepos-ci/post.md new file mode 100644 index 000000000..df608d743 --- /dev/null +++ b/openapi-specs/compute/33-02/desc/coderepos-ci/post.md @@ -0,0 +1,4 @@ +Adds a CI code repository scan result. + +> _**Note:**_ The API rate limit for this endpoint is 30 requests per 30 seconds. +You get an HTTP error response 429 if the limit exceeds. diff --git a/openapi-specs/compute/33-02/desc/coderepos-ci/post_resolve.md b/openapi-specs/compute/33-02/desc/coderepos-ci/post_resolve.md new file mode 100644 index 000000000..493d25834 --- /dev/null +++ b/openapi-specs/compute/33-02/desc/coderepos-ci/post_resolve.md @@ -0,0 +1 @@ +Adds vulnerability data for the given code repository scan result. diff --git a/openapi-specs/compute/33-02/desc/coderepos/coderepos.md b/openapi-specs/compute/33-02/desc/coderepos/coderepos.md new file mode 100644 index 000000000..edd573525 --- /dev/null +++ b/openapi-specs/compute/33-02/desc/coderepos/coderepos.md @@ -0,0 +1 @@ +Scan reports for GitHub code repositories. diff --git a/openapi-specs/compute/33-02/desc/coderepos/download_get.md b/openapi-specs/compute/33-02/desc/coderepos/download_get.md new file mode 100644 index 000000000..4ec0197bb --- /dev/null +++ b/openapi-specs/compute/33-02/desc/coderepos/download_get.md @@ -0,0 +1,18 @@ +Downloads code repository scan reports in CSV format. + +This endpoint maps to the CSV hyperlink in **Monitor > Vulnerabilities > Code repositories** in the Console UI. + +### cURL Request + +The following cURL command generates a CSV file containing the reports: + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X GET \ + "https:///api/v1/coderepos/download" \ + > coderepos.csv +``` + +A successful response displays the status of the download. diff --git a/openapi-specs/compute/33-02/desc/coderepos/get.md b/openapi-specs/compute/33-02/desc/coderepos/get.md new file mode 100644 index 000000000..54c4e99bf --- /dev/null +++ b/openapi-specs/compute/33-02/desc/coderepos/get.md @@ -0,0 +1,20 @@ +Retrieves all code repository scan reports. + +> _**Note:**_ The API rate limit for this endpoint is 30 requests per 30 seconds. +You get an HTTP error response 429 if the limit exceeds. + +This endpoint maps to the **Code repositories** table in **Monitor > Vulnerabilities > Code repositories** in the Console UI. + +### cURL Request + +The following cURL command retrieves all code repository scan reports. + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X GET \ + https:///api/v1/coderepos \ +``` + +A successful response returns all code repository scan reports. diff --git a/openapi-specs/compute/33-02/desc/collections/collections.md b/openapi-specs/compute/33-02/desc/collections/collections.md new file mode 100644 index 000000000..ccc5d42d4 --- /dev/null +++ b/openapi-specs/compute/33-02/desc/collections/collections.md @@ -0,0 +1,15 @@ +Collections are predefined filters that let you group related resources together. +Resources include things like containers, images, hosts, functions, and clusters. + +Use collections to scope policy rules and segment data/views in the Console UI and the Prisma Cloud API. + + +### Endpoints with a `{id}` URL Parameter + +Some `/collections` endpoints take a URL parameter called `{id}`. +The value for `{id}` should be a collection name. +You can retrieve collection names from the `GET /api/v1/collections` endpoint. +Each collection object in the response has a key called `name`, which can be used for `{id}`. + +**Note:** Spaces are considered [unsafe characters in a URL](https://www.ietf.org/rfc/rfc1738.txt). +If your collection name has a space, encode the space with the value `%20` before passing it as a URL parameter. diff --git a/openapi-specs/compute/33-02/desc/collections/get.md b/openapi-specs/compute/33-02/desc/collections/get.md new file mode 100755 index 000000000..99120d17d --- /dev/null +++ b/openapi-specs/compute/33-02/desc/collections/get.md @@ -0,0 +1,15 @@ +Retrieves a list of all collections. + +This endpoint maps to the table in **Manage > Collections and Tags > Collections** in the Console UI. + +### cURL Request + +Refer to the following example cURL command that returns a list of collections: + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X GET \ + 'https:///api/v/collections' +``` diff --git a/openapi-specs/compute/33-02/desc/collections/name_delete.md b/openapi-specs/compute/33-02/desc/collections/name_delete.md new file mode 100755 index 000000000..3e2debd01 --- /dev/null +++ b/openapi-specs/compute/33-02/desc/collections/name_delete.md @@ -0,0 +1,22 @@ +Deletes a collection. + +To invoke this endpoint in the Console UI: + +1. Navigate to **Manage > Collections and Tags > Collections**. +2. Click the dotted icon under the **Actions** column to open up the menu options. **Note:** The default collections do not have a dotted icon in the **Actions** column. +3. Click the **Delete** button to initiate the deletion. +4. Click the **Delete Collection** button to confirm the deletion. + +### cURL Request + +Refer to the following example cURL command that deletes a collection with the name `my-collection`: + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X DELETE \ + 'https:///api/v/collections/my-collection' +``` + +**Note:** No response will be returned upon successful execution. diff --git a/openapi-specs/compute/33-02/desc/collections/name_put.md b/openapi-specs/compute/33-02/desc/collections/name_put.md new file mode 100644 index 000000000..b843a4b59 --- /dev/null +++ b/openapi-specs/compute/33-02/desc/collections/name_put.md @@ -0,0 +1,64 @@ +Updates the parameters for a specific collection. + +To invoke this endpoint in the Console UI: + +1. Navigate to **Manage > Collections and Tags > Collections**. +2. Click the dotted icon under the **Actions** column to open up the menu options. **Note:** The default collections do not have a dotted icon in the **Actions** column. Use the **Manage** cog icon to open the update window. +3. Click the **Manage** button and update the collection's parameters. +4. Click the **Save** button to save the changes. + +### cURL Request + +The PUT cURL command updates a collection. + +**To submit a cURL request:** + +* The `name` value is required. +* If `description` is not included in the request, the value will be defaulted to an empty string. +* If `color` is not included in the request, the system will set the color to a random value. +* If one of the following resources is left unspecified, the resource value will be set to a wildcard `[*]`: `hosts`, `images`, `labels`, `containers`, `functions`, `namespaces`, `appIDs`, `accountIDs`, `codeRepos`, `clusters` + +#### Example cURL Request + +This existing collection `my-collection` captures all container images named `ubuntu:18.04`. + +```json +{ + "hosts":["*"], + "images":["ubuntu:18.04"], + "labels":["*"], + "containers":["*"], + "functions":["*"], + "namespaces":["*"], + "appIDs":["*"], + "accountIDs":["*"], + "codeRepos":["*"], + "clusters":["*"], + "name":"my-collection", + "owner":"", + "modified":"2021-01-01T21:04:30.417Z", + "color":"#AD3C21", + "system":"false" +} +``` + +The following cURL command updates `my-collection` to captures all container images named `ubuntu:20.04`. + +**Note:** You can retrieve collection names from the `GET /api/v/collections` endpoint using the `name` key. + +Refer to the following example cURL command: + +```bash +$ curl 'https:///api/v/collections/my-collection' \ + -k \ + -X PUT \ + -u \ + -H 'Content-Type: application/json' \ + -d \ +'{ + "name":"my-collection", + "images":["ubuntu:20.04"] +}' +``` + +**Note:** No response will be returned upon successful execution. diff --git a/openapi-specs/compute/33-02/desc/collections/name_usages_get.md b/openapi-specs/compute/33-02/desc/collections/name_usages_get.md new file mode 100755 index 000000000..5c9c40424 --- /dev/null +++ b/openapi-specs/compute/33-02/desc/collections/name_usages_get.md @@ -0,0 +1,20 @@ +Retrieves all policies that uses a specified collection. + +To invoke this endpoint in the Console UI: + +1. Navigate to **Manage > Collections and Tags > Collections**. +2. Click the dotted icon under the **Actions** column to open up the menu options. **Note:** The default collections do not have a dotted icon in the **Actions** column. Use the **Manage** cog icon to open the update window. +3. Click the **Manage** button. +4. The **Usages** table displays the collection's usages. + +### cURL Request + +Refer to the following example cURL command that retrieves all policies with name `my-collection`: + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X GET \ + 'https:///api/v/collections/my-collection/usages' +``` diff --git a/openapi-specs/compute/33-02/desc/collections/post.md b/openapi-specs/compute/33-02/desc/collections/post.md new file mode 100755 index 000000000..168c73970 --- /dev/null +++ b/openapi-specs/compute/33-02/desc/collections/post.md @@ -0,0 +1,39 @@ +Creates a new collection. Only the `name` field is required; the other fields are optional. The `name` field can contain the characters: 'A-Z', 'a-z', '0-9', '_', '-', and ':'. Optional fields for which you do not specify a value are set to the '*' wildcard. + +If you don't provide a value for the `name` field and try to use the collection, you'll get an empty resource error. + +To invoke this endpoint in the Console UI: + +1. Navigate to **Manage > Collections and Tags > Collections**. +2. Add a collection using **+ Add collection**. +3. Click the **Save** button. + +### cURL Request + +Refer to the following example cURL command that creates a new collection named `my-collection`, specifies a HEX color value of #AD3C21, and captures all container images named `ubuntu:18.04`: + +```bash +$ curl 'https://:8083/api/v/collections' \ + -k \ + -X POST \ + -u \ + -H 'Content-Type: application/json' \ + -d \ +'{ + "name":"my-collection", + "images":["ubuntu:18.04"], + "hosts":["*"], + "labels":["*"], + "containers":["*"], + "functions":["*"], + "namespaces":["*"], + "appIDs":["*"], + "accountIDs":["*"], + "codeRepos":["*"], + "clusters":["*"], + "color":"#AD3C21" +}' +``` +**Note:** No response is returned upon successful execution. You must verify the collection in the Console UI. + + diff --git a/openapi-specs/compute/33-02/desc/console_saas.png b/openapi-specs/compute/33-02/desc/console_saas.png new file mode 100644 index 000000000..8e6ba2d91 Binary files /dev/null and b/openapi-specs/compute/33-02/desc/console_saas.png differ diff --git a/openapi-specs/compute/33-02/desc/containers/containers.md b/openapi-specs/compute/33-02/desc/containers/containers.md new file mode 100644 index 000000000..cf38c9a54 --- /dev/null +++ b/openapi-specs/compute/33-02/desc/containers/containers.md @@ -0,0 +1 @@ +Container scan reports. diff --git a/openapi-specs/compute/33-02/desc/containers/count_get.md b/openapi-specs/compute/33-02/desc/containers/count_get.md new file mode 100644 index 000000000..4c6ecdcb4 --- /dev/null +++ b/openapi-specs/compute/33-02/desc/containers/count_get.md @@ -0,0 +1,13 @@ +Returns an integer representing the number of containers in your environment. + +### cURL Request + +Refer to the following example cURL command that returns the number of containers. + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X GET \ + https:///api/v/containers/count +``` diff --git a/openapi-specs/compute/33-02/desc/containers/download_get.md b/openapi-specs/compute/33-02/desc/containers/download_get.md new file mode 100644 index 000000000..5c0811d7c --- /dev/null +++ b/openapi-specs/compute/33-02/desc/containers/download_get.md @@ -0,0 +1,20 @@ +Downloads container scan reports in CSV format. + +You can download the container scan reports in CSV format in Console under **Monitor > Compliance > Containers**. + +**Note**: The query parameter `fields` is not supported for this endpoint and `offset` and `limit` query parameters are ignored as this API endpoint downloads all the results. + +### cURL Request + +Refer to the following example cURL command that generates a CSV file containing the scan reports: + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X GET \ + "https:///api/v/containers/download?id={id}&layers=true" \ + > container_report.csv +``` + +A successful response displays the status of the download. diff --git a/openapi-specs/compute/33-02/desc/containers/filters_get.md b/openapi-specs/compute/33-02/desc/containers/filters_get.md new file mode 100644 index 000000000..c8a1dfca4 --- /dev/null +++ b/openapi-specs/compute/33-02/desc/containers/filters_get.md @@ -0,0 +1,9 @@ +Returns all container filters in JSON format. These filters can be used in the base `GET` request as query parameters. + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X GET \ + https://:8083/api/v1/containers/filters +``` diff --git a/openapi-specs/compute/33-02/desc/containers/get.md b/openapi-specs/compute/33-02/desc/containers/get.md new file mode 100644 index 000000000..4cacdde60 --- /dev/null +++ b/openapi-specs/compute/33-02/desc/containers/get.md @@ -0,0 +1,37 @@ +Retrieves container scan reports. + +You can view the container scan reports in Console under **Monitor > Compliance > Containers**. + +> _**Note:**_ The API rate limit for this endpoint is 30 requests per 30 seconds. +You get an HTTP error response 429 if the limit exceeds. + +Refer to the following available options for the `fields` query parameters: +* labels +* externalLabels +* cluster +* hostname +* image +### cURL Request + +Refer to the following example cURL command that retrieves a scan report for all containers: + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X GET \ + "https:///api/v/containers" +``` + +Refer to the following example cURL command that retrieves a scan report for a container with the collection ``: + +``` +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X GET \ + "https:///api/v/containers?collections=" +``` +The name query is synonymous with the filter containers text field in the Console UI. + +A successful response returns the container scan reports. diff --git a/openapi-specs/compute/33-02/desc/containers/labels_get.md b/openapi-specs/compute/33-02/desc/containers/labels_get.md new file mode 100644 index 000000000..eb40a748d --- /dev/null +++ b/openapi-specs/compute/33-02/desc/containers/labels_get.md @@ -0,0 +1,9 @@ +Returns an array of strings containing all of the labels. + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X GET \ + https://:8083/api/v1/containers/labels +``` diff --git a/openapi-specs/compute/33-02/desc/containers/names_get.md b/openapi-specs/compute/33-02/desc/containers/names_get.md new file mode 100644 index 000000000..8b32465d5 --- /dev/null +++ b/openapi-specs/compute/33-02/desc/containers/names_get.md @@ -0,0 +1,13 @@ +Returns an array of strings containing all container names. + +### cURL Request + +Refer to the following example cURL command: + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X GET \ + https:///api/v/containers/names +``` diff --git a/openapi-specs/compute/33-02/desc/containers/scan_post.md b/openapi-specs/compute/33-02/desc/containers/scan_post.md new file mode 100644 index 000000000..6b2bdaaba --- /dev/null +++ b/openapi-specs/compute/33-02/desc/containers/scan_post.md @@ -0,0 +1,12 @@ +Re-scan all containers immediately. +This endpoint returns the time that the scans were initiated. + +The following example command uses curl and basic auth to force Prisma Cloud Compute to re-scan all containers: + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X POST \ + https:///api/v/containers/scan +``` diff --git a/openapi-specs/compute/33-02/desc/credentials/credentials.md b/openapi-specs/compute/33-02/desc/credentials/credentials.md new file mode 100644 index 000000000..47eb1f342 --- /dev/null +++ b/openapi-specs/compute/33-02/desc/credentials/credentials.md @@ -0,0 +1 @@ +Management of Centrally Managed Credentials \ No newline at end of file diff --git a/openapi-specs/compute/33-02/desc/credentials/get.md b/openapi-specs/compute/33-02/desc/credentials/get.md new file mode 100644 index 000000000..ee4309dee --- /dev/null +++ b/openapi-specs/compute/33-02/desc/credentials/get.md @@ -0,0 +1,16 @@ +Retrieves a list of all credentials from the credentials store. +This endpoint maps to **Manage > Authentication > Credentials store** in the Console UI. + +### cURL Request + +Refer to the following example cURL command that retrieves all credentials: + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X GET \ + https:///api/v/credentials +``` + +A successful response returns a list of all credentials. diff --git a/openapi-specs/compute/33-02/desc/credentials/id_delete.md b/openapi-specs/compute/33-02/desc/credentials/id_delete.md new file mode 100644 index 000000000..e5c70259e --- /dev/null +++ b/openapi-specs/compute/33-02/desc/credentials/id_delete.md @@ -0,0 +1,24 @@ +Deletes a credential from the credential store. + +**Note:** Use only Prisma Cloud Compute user interface **Manage** > **Cloud accounts** to delete cloud credentials for `Amazon AWS`, `Microsoft Azure`, and `Google Cloud Platform`. + +To invoke this endpoint in the Prisma Cloud Compute user interface: + +1. Navigate to **Manage > Authentication > Credentials Store**. +2. From the table, find the row of the credential you want to delete and click the dotted icon under the **Actions** column. +3. Click the **Delete** button to open the delete confirmation window. +4. Click the **Delete Credential** button to delete the credential. + +### cURL Request + +Refer to the following example cURL command that deletes an existing credential: + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X DELETE \ + https:///api/v/credentials/{id} +``` + +**Note:** No response will be returned upon successful execution. diff --git a/openapi-specs/compute/33-02/desc/credentials/id_usages_get.md b/openapi-specs/compute/33-02/desc/credentials/id_usages_get.md new file mode 100644 index 000000000..76c1099aa --- /dev/null +++ b/openapi-specs/compute/33-02/desc/credentials/id_usages_get.md @@ -0,0 +1,22 @@ +Retrieves all usages for a specific credential in the credential store. + +To invoke this endpoint in the Console UI: + +1. Navigate to **Manage > Authentication > Credential Store**. +2. From the table, find the row of the credential you want to update and click the dotted icon under the **Actions** column. +3. Click the **Manage** button. +4. The **Usage** table displays the data from this endpoint. + +### cURL Request + +Refer to the following cURL command that retrieves all usages for a credential: + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X GET \ + https:///api/v/credentials/{id}/usages +``` + +A successful response returns a list of all usages for the credential. diff --git a/openapi-specs/compute/33-02/desc/credentials/post.md b/openapi-specs/compute/33-02/desc/credentials/post.md new file mode 100644 index 000000000..ed8a2a690 --- /dev/null +++ b/openapi-specs/compute/33-02/desc/credentials/post.md @@ -0,0 +1,35 @@ +Updates a credential in the credentials store. + +**Note:** Use only Prisma Cloud Compute user interface **Manage** > **Cloud accounts** > **Add account** to add cloud credentials for `Amazon AWS`, `Microsoft Azure`, and `Google Cloud Platform`. + +To invoke this endpoint in the Prisma Cloud Compute user interface: + +1. Navigate to **Manage > Authentication > Credentials Store**. +2. From the table, find the row of the credential you want to update and click the dotted icon under the **Actions** column. +3. Click the **Manage** button and update the credential's parameters. +4. Click the **Save** button to save the updated credential. + +### cURL Request + +Refer to the following example cURL command: + +```bash +$ curl 'https:///api/v/credentials' \ + -k \ + -X POST \ + -u \ + -H 'Content-Type: application/json' \ + -d \ +'{ + "serviceAccount":{ + }, + "apiToken":{ + "encrypted":"ENCRYPTED_TOKEN" + }, + "type":"TYPE", + "_id":"{id}" +}' +``` + +**Note:** There's no response upon successful execution. + diff --git a/openapi-specs/compute/33-02/desc/curl_examples.md b/openapi-specs/compute/33-02/desc/curl_examples.md new file mode 100644 index 000000000..3d4fcd468 --- /dev/null +++ b/openapi-specs/compute/33-02/desc/curl_examples.md @@ -0,0 +1,38 @@ +The cURL example for each endpoint is called with a username (`-u `) only. +The cURL can be modified to use any of the following: + +* **Authentication Token:** Use the `-H` option to pass the authentication token from the `/api/v1/authenticate` endpoint into the request header. + +For example, replace `` with the token from the `/api/v1/authenticate` endpoint. + +```bash +$ curl -k \ +-H 'Authorization: Bearer ' \ +-X POST \ +https:///api/v1/ +``` + +* **Username and Password:** Use the `-u` and `-p` options to include the username and password, eliminating the need to enter a password in a secondary step. + +For example, replace `` with the username string and `` with the password string. + +```bash +$ curl -k \ +-u \ +-p \ +-X POST \ +https:///api/v1/ +``` + +* **Username Only:** This will require the user's password to be entered as a secondary step. + +For example, replace `` with the username string. + +```bash +$ curl -k \ +-u \ +-X POST \ +https:///api/v1/ +``` + +**Note:** This is a more secure method than including the `-p` option since your terminal history won't contain the password. diff --git a/openapi-specs/compute/33-02/desc/current/collections_get.md b/openapi-specs/compute/33-02/desc/current/collections_get.md new file mode 100644 index 000000000..f334288cc --- /dev/null +++ b/openapi-specs/compute/33-02/desc/current/collections_get.md @@ -0,0 +1 @@ +Returns collections in the current project that the user has permission to access. \ No newline at end of file diff --git a/openapi-specs/compute/33-02/desc/current/projects_get.md b/openapi-specs/compute/33-02/desc/current/projects_get.md new file mode 100644 index 000000000..1da5a26be --- /dev/null +++ b/openapi-specs/compute/33-02/desc/current/projects_get.md @@ -0,0 +1 @@ +Get the current user projects. \ No newline at end of file diff --git a/openapi-specs/compute/33-02/desc/custom-compliance/custom-compliance.md b/openapi-specs/compute/33-02/desc/custom-compliance/custom-compliance.md new file mode 100644 index 000000000..00e14acde --- /dev/null +++ b/openapi-specs/compute/33-02/desc/custom-compliance/custom-compliance.md @@ -0,0 +1,9 @@ +Custom image checks give you a way to write and run your own compliance checks to assess, measure, and enforce security baselines in your environment. +Although Prisma Cloud Compute supports OpenSCAP and XCCDF, these frameworks are complicated, and they can be overkill when all you want to do is run a simple check. +Prisma Cloud Compute lets you implement your own custom image checks with simple scripts. + +A custom image check consists of a single script. +The script’s exit code determines the result of the check, where 0 is pass and 1 is fail. +Scripts are executed in the container’s default shell. +For many Linux container images, the default shell is bash, but that’s not always the case. +For Windows container images, the default shell is `cmd.exe`. diff --git a/openapi-specs/compute/33-02/desc/custom-compliance/get.md b/openapi-specs/compute/33-02/desc/custom-compliance/get.md new file mode 100644 index 000000000..9022a87b7 --- /dev/null +++ b/openapi-specs/compute/33-02/desc/custom-compliance/get.md @@ -0,0 +1,32 @@ +Returns a list of all custom compliance checks. + +This endpoint maps to **Defend > Compliance > Custom** in the Console UI. + +### cURL Request + +Refer to the following example curl command that gets the list of custom compliance checks: + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X GET \ + https:///api/v/custom-compliance +``` + +### Response + +``` +[ + { + "modified": "2019-03-07T17:01:12.355Z", + "owner": "pierre", + "name": "apitest", + "previousName": "", + "_id": 9000, + "title": "apitest", + "script": "if [ $(stat -c %a /bin/busybox) -eq 755 ]; then\n echo 'test permission failure' && exit 1;\nfi", + "severity": "high" + } +] +``` diff --git a/openapi-specs/compute/33-02/desc/custom-compliance/id_delete.md b/openapi-specs/compute/33-02/desc/custom-compliance/id_delete.md new file mode 100644 index 000000000..72c7183ee --- /dev/null +++ b/openapi-specs/compute/33-02/desc/custom-compliance/id_delete.md @@ -0,0 +1,15 @@ +Deletes a specific custom compliance check. + +This endpoint maps to **Defend > Compliance > Custom** in the Console UI. + +### cURL Request + +Refer to the following example cURL command that uses basic auth to delete the compliance check with id 9000: + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X DELETE \ + https:///api/v/custom-compliance/9000 +``` diff --git a/openapi-specs/compute/33-02/desc/custom-compliance/put.md b/openapi-specs/compute/33-02/desc/custom-compliance/put.md new file mode 100644 index 000000000..480e41b54 --- /dev/null +++ b/openapi-specs/compute/33-02/desc/custom-compliance/put.md @@ -0,0 +1,30 @@ +This endpoint will allow for update of the custom compliance checks. + +This endpoint maps to **Defend > Compliance > Custom** in the Console UI. + +### cURL Request + +Create `custom_check.json` file (example): + +```bash + { + "modified": "2019-03-07T17:01:12.355Z", + "owner": "pierre", + "name": "apitest", + "previousName": "", + "_id": 9000, + "title": "apitest", + "script": "if [ $(stat -c %a /bin/busybox) -eq 755 ]; then\n echo 'test permission failure' && exit 1;\nfi", + "severity": "high" + } +``` +Refer to the following example curl command that uses basic auth to update the checks: + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X PUT \ + -d @custom_check.json \ + https:///api/v/custom-compliance +``` diff --git a/openapi-specs/compute/33-02/desc/custom-rules/custom-rules.md b/openapi-specs/compute/33-02/desc/custom-rules/custom-rules.md new file mode 100644 index 000000000..cf5c6d091 --- /dev/null +++ b/openapi-specs/compute/33-02/desc/custom-rules/custom-rules.md @@ -0,0 +1 @@ +Defines a precise defense action for containers, hosts, Kubernetes audits, WAAS requests, and WAAS responses. \ No newline at end of file diff --git a/openapi-specs/compute/33-02/desc/custom-rules/get.md b/openapi-specs/compute/33-02/desc/custom-rules/get.md new file mode 100644 index 000000000..f0385f81a --- /dev/null +++ b/openapi-specs/compute/33-02/desc/custom-rules/get.md @@ -0,0 +1,17 @@ +Retrieves a list of all custom rules. + +This endpoint maps to the policy table in **Defend > Custom rules** in the Console UI. + +### cURL Request + +Refer to the following example cURL command that retrieves all rules in the policy. + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X GET \ + 'https:///api/v/custom-rules' +``` + +A successful response returns a list of custom rules in the policy. diff --git a/openapi-specs/compute/33-02/desc/custom-rules/id_delete.md b/openapi-specs/compute/33-02/desc/custom-rules/id_delete.md new file mode 100644 index 000000000..c0d6dc8b0 --- /dev/null +++ b/openapi-specs/compute/33-02/desc/custom-rules/id_delete.md @@ -0,0 +1,15 @@ +Deletes a custom rule. + +### cURL Request + +Refer to the following example cURL command that deletes a custom rule: + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X DELETE \ + 'https:///api/v/custom-rules/{id}' +``` + +​**Note:** No response will be returned upon successful execution. diff --git a/openapi-specs/compute/33-02/desc/custom-rules/id_put.md b/openapi-specs/compute/33-02/desc/custom-rules/id_put.md new file mode 100644 index 000000000..59108ea0d --- /dev/null +++ b/openapi-specs/compute/33-02/desc/custom-rules/id_put.md @@ -0,0 +1,30 @@ +Creates or updates a custom rule. + +To invoke this endpoint in the Console UI: + +1. Navigate to **Defend > Custom rules**. +2. Click **+ Add rule** or the dotted icon under the **Actions** column and choose to the **Manage** cog icon to open the update window. +3. Configure the custom rule's parameters. +4. Click the **Add** or **Update** button to save the changes. + +### cURL Request + +Refer to the following example cURL command that updates a custom rule. + +```bash +$ curl 'https:///api/v/custom-rules/{id}' \ + -k \ + -X PUT \ + -u \ + -H 'Content-Type: application/json' \ + -d \ +'{ + "_id":{id}, + "type":"processes", + "message":"unexpected %proc.name was spawned", + "name":"", + "script":"proc.interactive" +}' +``` + +**Note:** No response will be returned upon successful execution. diff --git a/openapi-specs/compute/33-02/desc/cves/cves.md b/openapi-specs/compute/33-02/desc/cves/cves.md new file mode 100644 index 000000000..bc03c8eba --- /dev/null +++ b/openapi-specs/compute/33-02/desc/cves/cves.md @@ -0,0 +1 @@ +Browse Prisma Cloud Compute's vulnerability database. diff --git a/openapi-specs/compute/33-02/desc/cves/distribution_get.md b/openapi-specs/compute/33-02/desc/cves/distribution_get.md new file mode 100644 index 000000000..aecddce23 --- /dev/null +++ b/openapi-specs/compute/33-02/desc/cves/distribution_get.md @@ -0,0 +1,11 @@ +Retrieves CVEs from the vulnerability database grouped into distribution where you will see a count for vulnerabilities per distribution. + +The following example curl command uses basic auth to retrieve this data: + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X GET \ + https://:8083/api/v1/cves/distribution +``` diff --git a/openapi-specs/compute/33-02/desc/cves/get.md b/openapi-specs/compute/33-02/desc/cves/get.md new file mode 100644 index 000000000..469ea4b28 --- /dev/null +++ b/openapi-specs/compute/33-02/desc/cves/get.md @@ -0,0 +1,14 @@ +Retrieves CVEs from Prisma Cloud Compute's vulnerability database. +Query the database by CVE ID. +Partial matches are supported. +A null response indicates that the CVE is not in our database. + +The following example curl command queries the Prisma Cloud Compute database for `CVE-2018-1102`. + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X GET \ + https://:8083/api/v1/cves?id=CVE-2018-1102 +``` diff --git a/openapi-specs/compute/33-02/desc/defenders/app_embedded_post.md b/openapi-specs/compute/33-02/desc/defenders/app_embedded_post.md new file mode 100644 index 000000000..9167469d0 --- /dev/null +++ b/openapi-specs/compute/33-02/desc/defenders/app_embedded_post.md @@ -0,0 +1,20 @@ +Creates an augmented Dockerfile with Defender and dependencies included as a ZIP file. + +### cURL Request + +Refer to the following example cURL command: + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X POST \ + -d \ + '{ + "appID": "my-app", + "consoleAddr": "https://localhost:8083", + "dataFolder": "/var/lib/docker/containers/twistlock/tmp", + "dockerfile": "/var/lib/docker/overlay2/183e9e3ec933ba2363bcf6066b7605d99bfcf4dce84f72eeeba0f616c679cf48" + }' \ + "https:///api/v/defenders/app-embedded" +``` \ No newline at end of file diff --git a/openapi-specs/compute/33-02/desc/defenders/daemonset_yaml_get.md b/openapi-specs/compute/33-02/desc/defenders/daemonset_yaml_get.md new file mode 100644 index 000000000..678901a8a --- /dev/null +++ b/openapi-specs/compute/33-02/desc/defenders/daemonset_yaml_get.md @@ -0,0 +1,17 @@ +Creates a DaemonSet deployment file in YAML format that can be used to deploy Defender to your cluster. + +For more information about how to use this endpoint, see +[Deploy a Defender DaemonSet using the API](https://docs.twistlock.com/docs/latest/api/automate_defender_install.html). + +The following example curl command returns a Defender DaemonSet deployment file. +The `` query parameter specifies the address that Defender uses to communicate with Console. +It can be a DNS name or IP address. + +`` is a single list item from the `/api/v1/defenders/names` endpoint. + +```bash +$ curl -k \ + -u \ + -X GET \ + 'https://:8083/api/v1/defenders/daemonset.yaml?consoleaddr=&listener=none&namespace=twistlock&orchestration=kubernetes' +``` diff --git a/openapi-specs/compute/33-02/desc/defenders/daemonset_yaml_post.md b/openapi-specs/compute/33-02/desc/defenders/daemonset_yaml_post.md new file mode 100644 index 000000000..268e3ba81 --- /dev/null +++ b/openapi-specs/compute/33-02/desc/defenders/daemonset_yaml_post.md @@ -0,0 +1,20 @@ +Creates a DaemonSet deployment file in YAML format that you can use to deploy Defender to your cluster. + +### cURL Request + +Refer to the following example cURL command: + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X POST \ + -d \ + '{ + "orchestration": "container", + "consoleAddr": "servo-vmware71", + "namespace": "twistlock", + "containerRuntime": "docker" + }' \ + "https:///api/v/defenders/daemonset.yaml" +``` \ No newline at end of file diff --git a/openapi-specs/compute/33-02/desc/defenders/defenders.md b/openapi-specs/compute/33-02/desc/defenders/defenders.md new file mode 100644 index 000000000..dd41f380b --- /dev/null +++ b/openapi-specs/compute/33-02/desc/defenders/defenders.md @@ -0,0 +1,3 @@ +Manage Defender. +Defender is Prisma Cloud Compute's security agent. +In general, one Defender is deployed per node. diff --git a/openapi-specs/compute/33-02/desc/defenders/download_get.md b/openapi-specs/compute/33-02/desc/defenders/download_get.md new file mode 100644 index 000000000..2d9435506 --- /dev/null +++ b/openapi-specs/compute/33-02/desc/defenders/download_get.md @@ -0,0 +1,16 @@ +Downloads information about deployed Defenders in CSV format. +Use the query parameters to filter what data is returned. + +**Note:** The results contain "hostname" even if you don't specify a "hostname" in the "fields" query parameter. + +### cURL Request + +Refer to the following example cURL command: + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: text/csv' \ + -X GET -o \ + https:///api/v/defenders/download +``` diff --git a/openapi-specs/compute/33-02/desc/defenders/fargate_json_post.md b/openapi-specs/compute/33-02/desc/defenders/fargate_json_post.md new file mode 100644 index 000000000..5128e90a1 --- /dev/null +++ b/openapi-specs/compute/33-02/desc/defenders/fargate_json_post.md @@ -0,0 +1,36 @@ +Returns a protected Fargate task definition given an unprotected task definition. + +### cURL Request +Refer to the following example cURL command: + +`` is a single list item from the `/api/v/defenders/names` endpoint. + +Unprotected task definition in `unprotected.json` + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X POST \ + --data-binary "@unprotected.json" + --output protected.json \ + "https:///api/v/defenders/fargate.json?consoleaddr=&defenderType=appEmbedded" +``` +Refer to the following example cURL command that accepts the task definition in JSON format for a CloudFormation template: + +`` is a single list item from the `/api/v/defenders/names` endpoint. + +Unprotected task definition in `unprotected.json` + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X POST \ + --data-binary "@unprotected.json" + --output protected.json \ + "https:///api/v/defenders/fargate.json?cloudFormation=true&consoleaddr=&filestemMonitoring=false&interpreter=&project=Central+Console" +``` + +### cURL Response +New Protected task will be in `protected.json` \ No newline at end of file diff --git a/openapi-specs/compute/33-02/desc/defenders/fargate_yaml_post.md b/openapi-specs/compute/33-02/desc/defenders/fargate_yaml_post.md new file mode 100644 index 000000000..9a8306a1b --- /dev/null +++ b/openapi-specs/compute/33-02/desc/defenders/fargate_yaml_post.md @@ -0,0 +1,20 @@ +Returns a protected Fargate task definition for a CloudFormation YAML template given an unprotected task definition. + +### cURL Request +Refer to the following example cURL command that accepts the task definition in YAML format for a CloudFormation template: + +`` is a single list item from the `/api/v/defenders/names` endpoint. + +Unprotected task definition in `unprotected.yaml` + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/yaml' \ + -X POST \ + --data-binary "@unprotected.yaml" + --output protected.yaml \ + "https:///api/v/defenders/fargate.yaml?cloudFormation=true&consoleaddr=&filestemMonitoring=false&interpreter=&project=Central+Console" +``` + +New Protected task will be in `protected.yaml` \ No newline at end of file diff --git a/openapi-specs/compute/33-02/desc/defenders/get.md b/openapi-specs/compute/33-02/desc/defenders/get.md new file mode 100644 index 000000000..471e7ef9d --- /dev/null +++ b/openapi-specs/compute/33-02/desc/defenders/get.md @@ -0,0 +1,17 @@ +Retrieves all deployed Defenders. + +This endpoint maps to the UI Console page in **Manage > Defenders > Defenders**. + +### cURL Request + +Refer to the following example cURL command that retrieves all deployed Defenders. + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X GET \ + https:///api/v/defenders +``` + +A successful response returns all deployed Defenders. diff --git a/openapi-specs/compute/33-02/desc/defenders/helm_get.md b/openapi-specs/compute/33-02/desc/defenders/helm_get.md new file mode 100644 index 000000000..b11f9c4b9 --- /dev/null +++ b/openapi-specs/compute/33-02/desc/defenders/helm_get.md @@ -0,0 +1,21 @@ +Creates a Helm deployment file that can be used to deploy Defenders to your cluster. + +For more information about how to use this endpoint, see +[Deploy a Defender Helm using the API](https://docs.twistlock.com/docs/19.07/install/install_kubernetes.html#install-twistlock-with-helm-charts). + +### cURL Request + +Refer to the following example curl command that returns a Defender Helm deployment file: + +The `` query parameter specifies the address that Defender uses to communicate with Console. +It can be a DNS name or IP address. + +`` is a single list item from the `/api/v/defenders/names` endpoint. + +```bash +$ curl -k \ + -u \ + -X GET \ + -o twistlock-defender-helm.tar.gz \ + 'https:///api/v/defenders/helm/twistlock-defender-helm.tar.gz?consoleaddr=&namespace=twistlock&orchestration=kubernetes' +``` diff --git a/openapi-specs/compute/33-02/desc/defenders/helm_post.md b/openapi-specs/compute/33-02/desc/defenders/helm_post.md new file mode 100644 index 000000000..2046e63eb --- /dev/null +++ b/openapi-specs/compute/33-02/desc/defenders/helm_post.md @@ -0,0 +1,20 @@ +Creates a Helm deployment file that you can use to deploy Defenders to your cluster. + +### cURL Request + +Refer to the following example cURL command: + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X POST \ + -o twistlock-defender-helm.tar.gz \ + -d \ + '{ + "orchestration": "container", + "consoleAddr": "servo-vmware71", + "namespace": "twistlock" + }' \ + "https:///api/v/defenders/helm/twistlock-defender-helm.tar.gz" +``` \ No newline at end of file diff --git a/openapi-specs/compute/33-02/desc/defenders/id_delete.md b/openapi-specs/compute/33-02/desc/defenders/id_delete.md new file mode 100644 index 000000000..f637ef850 --- /dev/null +++ b/openapi-specs/compute/33-02/desc/defenders/id_delete.md @@ -0,0 +1,24 @@ +Deletes an existing Defender on a given host. + +To invoke this endpoint in the Console UI: + +1. Navigate to **Manage > Defenders > Defenders**. +2. In a table row, click the dotted **Actions** button for the Defender you want to delete. +3. Click the **Decommission** button to open the delete confirmation window. +4. Click the **Delete Defender** button to delete the Defender. + +### cURL Request + +The following cURL command deletes an existing Defender on a host. + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X DELETE \ + https:///api/v/defenders/ +``` + +`` is populated with a value returned from the `/api/v/defenders/names` endpoint. + +**Note:** No response will be returned upon successful execution. diff --git a/openapi-specs/compute/33-02/desc/defenders/id_features_post.md b/openapi-specs/compute/33-02/desc/defenders/id_features_post.md new file mode 100644 index 000000000..ec8e4c5f3 --- /dev/null +++ b/openapi-specs/compute/33-02/desc/defenders/id_features_post.md @@ -0,0 +1,13 @@ +Updates a deployed Defender's configuration. + +`` is a single list item from the `/api/v1/defenders/names` endpoint. + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X POST \ + -d '{"proxyListenerType": "tcp", "registryScanner":"", "serverlessScanner":""}' \ + https:///api/v/defenders//features +``` + diff --git a/openapi-specs/compute/33-02/desc/defenders/id_restart_post.md b/openapi-specs/compute/33-02/desc/defenders/id_restart_post.md new file mode 100644 index 000000000..da0cc7811 --- /dev/null +++ b/openapi-specs/compute/33-02/desc/defenders/id_restart_post.md @@ -0,0 +1,11 @@ +Restarts Defender on a given host. + +`` is a single list item from the `/api/v1/defenders/names` endpoint. + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X POST \ + https:///api/v/defenders//restart +``` diff --git a/openapi-specs/compute/33-02/desc/defenders/id_upgrade_post.md b/openapi-specs/compute/33-02/desc/defenders/id_upgrade_post.md new file mode 100644 index 000000000..f0d30d1e9 --- /dev/null +++ b/openapi-specs/compute/33-02/desc/defenders/id_upgrade_post.md @@ -0,0 +1,15 @@ +Upgrades Defender on ``. + +`` is a single list item from the `/api/v/defenders/names` endpoint. + +### cURL Request + +Refer to the following example cURL command: + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X POST \ + https:///api/v/defenders//upgrade +``` diff --git a/openapi-specs/compute/33-02/desc/defenders/image-name_get.md b/openapi-specs/compute/33-02/desc/defenders/image-name_get.md new file mode 100644 index 000000000..e81ba3e19 --- /dev/null +++ b/openapi-specs/compute/33-02/desc/defenders/image-name_get.md @@ -0,0 +1,19 @@ +Returns the full Docker image name for Defender. + +### cURL Request + +Refer to the following example cURL command: + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X GET \ + https:///api/v/defenders/image-name +``` + +### Response + +Refer to the following example cURL response: + +`registry-auth.twistlock.com/tw_mcxweebesog0apjuhtmatv7saf9xdnwd/twistlock/defender:defender_21_11_812` diff --git a/openapi-specs/compute/33-02/desc/defenders/install-bundle_get.md b/openapi-specs/compute/33-02/desc/defenders/install-bundle_get.md new file mode 100644 index 000000000..882d0cd53 --- /dev/null +++ b/openapi-specs/compute/33-02/desc/defenders/install-bundle_get.md @@ -0,0 +1,15 @@ +Returns the certificate bundle that Defender needs to securely connect to Console. + +### cURL Request + +Refer to the following example cURL command: + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X GET \ + "https:///api/v/defenders/install-bundle?consoleaddr=" +``` + + is the hostname of the Console. diff --git a/openapi-specs/compute/33-02/desc/defenders/names_get.md b/openapi-specs/compute/33-02/desc/defenders/names_get.md new file mode 100644 index 000000000..728eb6364 --- /dev/null +++ b/openapi-specs/compute/33-02/desc/defenders/names_get.md @@ -0,0 +1,45 @@ +Retrieves a list of Defender hostnames that can be used as the `{id}` query parameter in other `/api/v1/defenders` endpoints. + +### cURL Request + +Refer to the following example cURL command that retrieves a list of all Defenders: + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X GET \ + https:///api/v/defenders/names +``` + +Refer to the following example cURL command that retrieves a list of connected Defenders using a query parameter and a specified boolean value in lower case: + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X GET \ + "https:///api/v/defenders/names?connected=true" +``` + +Refer to the following example cURL command that retrieves a list of disconnected Defenders using a query parameter and a specified boolean value in lower case: + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X GET \ + "https:///api/v/defenders/names?connected=false" +``` +**Note**: The query parameter `connected` expects and accepts a boolean value in lower case. +The endpoint enlists all the connected and disconnected Defenders if do not specify a boolean value. + +Refer to the following example cURL command that retrieves a list of Defenders by type: + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X GET \ + "https:///api/v/defenders/names?type=" +``` diff --git a/openapi-specs/compute/33-02/desc/defenders/rasp_post.md b/openapi-specs/compute/33-02/desc/defenders/rasp_post.md new file mode 100644 index 000000000..526a9e112 --- /dev/null +++ b/openapi-specs/compute/33-02/desc/defenders/rasp_post.md @@ -0,0 +1,15 @@ +Creates an augmented Dockerfile with RASP Defender and dependencies included as a ZIP file. + +The following example curl command returns a RASP Defender zip file. +The `` query parameter specifies the address that Defender uses to communicate with Console. +It can be a DNS name or IP address. + +`` is a single list item from the `/api/v1/defenders/names` endpoint. + +```bash +$ curl -k \ + -u \ + -X GET \ + -o rasp-defender.zip + 'https://:8083/api/v1/defenders/rasp?appId=&consoleaddr=&dataFolder=&dockerfile=' +``` diff --git a/openapi-specs/compute/33-02/desc/defenders/serverless-bundle_post.md b/openapi-specs/compute/33-02/desc/defenders/serverless-bundle_post.md new file mode 100644 index 000000000..df4f13e6a --- /dev/null +++ b/openapi-specs/compute/33-02/desc/defenders/serverless-bundle_post.md @@ -0,0 +1,15 @@ +Downloads a ZIP file with serverless Defender bundle. + +### cURL Request + +Refer to the following example cURL command: + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/octet-stream' \ + -o serverless_bundle.zip \ + -X POST \ + -d '{"provider": ["aws"], "runtime": ["nodejs14.x"]}' \ + "https:///api/v/defenders/serverless/bundle" + ``` diff --git a/openapi-specs/compute/33-02/desc/defenders/summary_get.md b/openapi-specs/compute/33-02/desc/defenders/summary_get.md new file mode 100644 index 000000000..08be4ebc4 --- /dev/null +++ b/openapi-specs/compute/33-02/desc/defenders/summary_get.md @@ -0,0 +1,15 @@ +Lists the number of Defenders in each defender category. + + +### cURL Request + +Refer to the following example cURL command that retrieves a summary of Defenders: + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X GET \ + https:///api/v/defenders/summary +``` + diff --git a/openapi-specs/compute/33-02/desc/defenders/tas-cloud-controller-address_get.md b/openapi-specs/compute/33-02/desc/defenders/tas-cloud-controller-address_get.md new file mode 100644 index 000000000..afd34dbf8 --- /dev/null +++ b/openapi-specs/compute/33-02/desc/defenders/tas-cloud-controller-address_get.md @@ -0,0 +1 @@ +Returns the cloud controller addresses for Tas defenders. \ No newline at end of file diff --git a/openapi-specs/compute/33-02/desc/defenders/upgrade_post.md b/openapi-specs/compute/33-02/desc/defenders/upgrade_post.md new file mode 100644 index 000000000..2f0b4d39e --- /dev/null +++ b/openapi-specs/compute/33-02/desc/defenders/upgrade_post.md @@ -0,0 +1,17 @@ +Upgrades all connected single Linux Container Defenders. + +This does not update cluster Container Defenders (such as Defender DaemonSets), Serverless Defenders, or Fargate Defenders. +To upgrade cluster Container Defenders, redeploy them. +To upgrade Serverless and Fargate Defenders, re-embed them. + +### cURL Request + +Refer to the following example cURL command: + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X POST \ + https:///api/v/defenders/upgrade +``` diff --git a/openapi-specs/compute/33-02/desc/deployment/daemonsets_deploy_post.md b/openapi-specs/compute/33-02/desc/deployment/daemonsets_deploy_post.md new file mode 100644 index 000000000..94ec9386b --- /dev/null +++ b/openapi-specs/compute/33-02/desc/deployment/daemonsets_deploy_post.md @@ -0,0 +1,20 @@ +Deploys a Defender DaemonSet to the cluster identified by `credentialID`. +The `credentialID`, of type `kubeconfig`, must exist before calling this endpoint. +It identifies the cluster's API server, user, and credentials. + +Use the various request parameters to control the properties of the deployed DaemonSet. + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X POST \ + -d '{ + "credentialID": "", + "consoleAddr": "", + "namespace": "", + "orchestration": "", + "...":"..." + }' \ + https://:8083/api/v1/deployment/daemonsets/deploy +``` diff --git a/openapi-specs/compute/33-02/desc/deployment/daemonsets_get.md b/openapi-specs/compute/33-02/desc/deployment/daemonsets_get.md new file mode 100644 index 000000000..a0b7f3798 --- /dev/null +++ b/openapi-specs/compute/33-02/desc/deployment/daemonsets_get.md @@ -0,0 +1,11 @@ +Retrieves a list of deployed Defender DaemonSets. +You must specify a `credentialID`, of type `kubeconfig`, which identifies your cluster and user. +Credentials are managed in Console's credentials store (`/api/v1/credentials`). + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X GET \ + https://:8083/api/v1/deployment/daemonsets?credentialID= +``` diff --git a/openapi-specs/compute/33-02/desc/deployment/deployment.md b/openapi-specs/compute/33-02/desc/deployment/deployment.md new file mode 100644 index 000000000..760ae1bdb --- /dev/null +++ b/openapi-specs/compute/33-02/desc/deployment/deployment.md @@ -0,0 +1 @@ +Manage Defender DaemonSet deployments. diff --git a/openapi-specs/compute/33-02/desc/feeds/custom-vulnerabilities_get.md b/openapi-specs/compute/33-02/desc/feeds/custom-vulnerabilities_get.md new file mode 100644 index 000000000..71834f19d --- /dev/null +++ b/openapi-specs/compute/33-02/desc/feeds/custom-vulnerabilities_get.md @@ -0,0 +1,41 @@ +Returns the list of custom vulnerabilities and associated rules for handling internally created or packaged apps. + +This list is used by the Prisma Cloud Compute scanner to detect vulnerable custom components (apps, libraries, etc) that were developed and packaged internally. + +> **Note:** When a vulnerable custom component is detected in an image, you must have a rule to tell Prisma Cloud Compute how to handle it. + +Vulnerability rules can be created using the Prisma Cloud Compute. + +### cURL Request + +Refer to the following cURL command that retrieves a list of all the custom vulnerabilities and associated rules. + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X GET \ + "https:///api/v/feeds/custom/custom-vulnerabilities" +``` + +### Response + +A successful response will return a list of custom vulnerability rules and the associated digest: + +```json +{ + "_id":"customVulnerabilities", + "rules": [ + { + "_id": "", + "package": "internal-lib", + "type": "package", + "minVersionInclusive": "1.1", + "name": "internal-lib", + "maxVersionInclusive": "1.8", + "md5": "" + } + ], + "digest":"" +} +``` diff --git a/openapi-specs/compute/33-02/desc/feeds/custom-vulnerabilities_put.md b/openapi-specs/compute/33-02/desc/feeds/custom-vulnerabilities_put.md new file mode 100644 index 000000000..4fe1c1898 --- /dev/null +++ b/openapi-specs/compute/33-02/desc/feeds/custom-vulnerabilities_put.md @@ -0,0 +1,85 @@ +Updates all the custom vulnerabilities and associated rules simultaneously for handling internally created or packaged apps. + +### cURL Request + +Refer to the following cURL command that updates a vulnerability for a library named `internal-lib`, and specifies that its versions `1.1` to `1.8` are known to be vulnerable. + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X PUT \ + -d ' +{ + "rules": [ + { + "_id": "", + "package": "internal-lib", + "type": "package", + "minVersionInclusive": "1.1", + "name": "internal-lib", + "maxVersionInclusive": "1.8", + "md5": "" + } + ] +}' \ +"https:///api/v/feeds/custom/custom-vulnerabilities" +``` + +**Note:** No response will be returned upon successful execution. + +### Maintain your Custom Vulnerabilities + +We suggest you maintain your custom vulnerabilities using the following steps: + +1. Get all the custom vulnerability rules from the `GET` endpoint and save the results to a file. + + **Note:** You will need `jq` to execute this command. + + ``` + $ curl -k \ + -u \ + https:///api/v/feeds/custom/custom-vulnerabilities \ + | jq '.' > custom_vulnerability_rules.json + ``` + +2. Open the JSON file and add, modify, and/or delete the rules by directly editing the JSON output. For example: + + ```json + { + "id": "customVulnerabilities", + "rules": [ + { + "_id": "", + "package": "internal-lib", + "type": "package", + "minVersionInclusive": "1.1", + "name": "internal-lib", + "maxVersionInclusive": "1.8", + "md5": "" + } + ], + "digest": "97de7f27XXXXXXXXXX" + } + ``` + +3. Update the rules by pushing the new JSON payload. **Note:** Do not forget to specify the `@` symbol. + + ``` + $ curl -k \ + -u \ + -X PUT \ + -H "Content-Type:application/json" \ + -d @custom_vulnerability_rules.json \ + https:///api/v/feeds/custom/custom-vulnerabilities + ``` + +4. Run the cURL command for the `GET /api/vVERSION/feeds/custom/custom-vulnerabilities` endpoint and you can see that the previously installed rules are now overwritten with your new rules. + + ```bash + $ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X GET \ + https:///api/v/feeds/custom/custom-vulnerabilities +``` diff --git a/openapi-specs/compute/33-02/desc/feeds/custom_vulnerabilities_digest_get.md b/openapi-specs/compute/33-02/desc/feeds/custom_vulnerabilities_digest_get.md new file mode 100644 index 000000000..0eb501d9b --- /dev/null +++ b/openapi-specs/compute/33-02/desc/feeds/custom_vulnerabilities_digest_get.md @@ -0,0 +1,17 @@ +Returns the unique digest for the custom vulnerabilities and associated rules for handling internally created or packaged apps. + +### cURL Request + +The following cURL command retrieves the digest for the configured custom vulnerabilities. + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X GET \ + https:///api/v1/feeds/custom/custom-vulnerabilities/digest +``` + +A successful response will return the digest string. +This is the same value as the `digest` property in the response of the `GET api/v1/feeds/custom/custom-vulnerabilities` endpoint. + diff --git a/openapi-specs/compute/33-02/desc/feeds/cve_allow_list_digest_get.md b/openapi-specs/compute/33-02/desc/feeds/cve_allow_list_digest_get.md new file mode 100644 index 000000000..e27f21251 --- /dev/null +++ b/openapi-specs/compute/33-02/desc/feeds/cve_allow_list_digest_get.md @@ -0,0 +1,16 @@ +Retrieves the digest string for the Common Vulnerabilities and Exposures (CVE) allow list configured in Console. + +### cURL Request + +The following cURL command retrieves the digest for the configured CVE allow list. + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X GET \ + https:///api/v1/feeds/custom/cve-allow-list/digest +``` + +A successful response will return the digest string. This is the same value as the `digest` property in the response of the `GET api/v1/feeds/custom/cve-allow-list` endpoint. + diff --git a/openapi-specs/compute/33-02/desc/feeds/cve_allow_list_get.md b/openapi-specs/compute/33-02/desc/feeds/cve_allow_list_get.md new file mode 100644 index 000000000..34fb2c7f8 --- /dev/null +++ b/openapi-specs/compute/33-02/desc/feeds/cve_allow_list_get.md @@ -0,0 +1,30 @@ +Retrieves the globally allow-listed Common Vulnerabilities and Exposures (CVE). + +### cURL Request + +The following cURL command retrieves the globally allow-listed CVEs. + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X GET \ + https:///api/v1/feeds/custom/cve-allow-list +``` + +### Response + +A successful response returns all CVEs globally allow-listed. + +```json +{ + "_id":"cveAllowList", + "rules": [ + { + "cve": "CVE-2018-2222", + "expiration": "2020-06-18T00:00:00Z" + } + ], + "digest":"" +} +``` diff --git a/openapi-specs/compute/33-02/desc/feeds/cve_allow_list_put.md b/openapi-specs/compute/33-02/desc/feeds/cve_allow_list_put.md new file mode 100644 index 000000000..850016965 --- /dev/null +++ b/openapi-specs/compute/33-02/desc/feeds/cve_allow_list_put.md @@ -0,0 +1,29 @@ +Globally allow-lists a set of Common Vulnerabilities and Exposures (CVE). + +**Note:** Any previously installed lists are overwritten. + +### cURL Request + +The following cURL command installs a global CVE allow-list. + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X PUT \ + -d \ +'{ + "rules": [ + { + "cve": "CVE-2018-2222", + "expiration": "2020-06-18T00:00:00Z" + } + ] +}' \ + https:///api/v1/feeds/custom/cve-allow-list +``` + +**Note:** No response will be returned upon successful execution. + +To confirm the CVE list has been added to the global allow-list, call the `GET /api/v1/feeds/custom/cve-allow-list` endpoint. + diff --git a/openapi-specs/compute/33-02/desc/feeds/feeds.md b/openapi-specs/compute/33-02/desc/feeds/feeds.md new file mode 100644 index 000000000..748e0af74 --- /dev/null +++ b/openapi-specs/compute/33-02/desc/feeds/feeds.md @@ -0,0 +1,2 @@ +Augments the Prisma Cloud Compute Intelligence Stream with custom threat data. +Enables you expand the scope of threats and vulnerabilities that Prisma Cloud Compute can detect and report. \ No newline at end of file diff --git a/openapi-specs/compute/33-02/desc/feeds/ips_digest_get.md b/openapi-specs/compute/33-02/desc/feeds/ips_digest_get.md new file mode 100644 index 000000000..d059271ea --- /dev/null +++ b/openapi-specs/compute/33-02/desc/feeds/ips_digest_get.md @@ -0,0 +1,16 @@ +Retrieves the digest string for the list of suspicious or high risk IP endpoints configured in Console. + +### cURL Request + +The following cURL command retrieves the digest for the banned suspicious or high-risk IP addresses. + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X GET \ + https:///api/v1/feeds/custom/ips/digest +``` + +A successful response will return the digest string. This is the same value as the `digest` property in the response of the `GET api/v1/feeds/custom/ips` endpoint. + diff --git a/openapi-specs/compute/33-02/desc/feeds/ips_get.md b/openapi-specs/compute/33-02/desc/feeds/ips_get.md new file mode 100644 index 000000000..381257d47 --- /dev/null +++ b/openapi-specs/compute/33-02/desc/feeds/ips_get.md @@ -0,0 +1,26 @@ +Retrieves the customized list of block-listed suspicious or high-risk IP addresses. + +### cURL Request + +The following cURL command retrieves the list of globally block-listed suspicious or high-risk IP addresses. + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X GET \ + https:///api/v1/feeds/custom/ips +``` + +### Response + +A successful response will return a list of suspicious or high-risk IP addresses that will be banned. + +```json +{ + "_id":"", + "modified":"2020-11:00:00T00:00:01.62Z", + "feed":["193.171.1.1","193.171.1.2"]}, + "digest":"" +} +``` diff --git a/openapi-specs/compute/33-02/desc/feeds/ips_put.md b/openapi-specs/compute/33-02/desc/feeds/ips_put.md new file mode 100644 index 000000000..6f8fc2419 --- /dev/null +++ b/openapi-specs/compute/33-02/desc/feeds/ips_put.md @@ -0,0 +1,21 @@ +Bans a custom list of suspicious or high-risk IP addresses. + +**Note:** Any previously installed lists are overwritten. + +### cURL Request + +The following cURL command installs a custom list of banned suspicious or high-risk IP addresses. + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X PUT \ + -d '{"name":"banned-ips", "feed":["193.171.1.1","193.171.1.2"]}' \ + https:///api/v1/feeds/custom/ips +``` + +**Note:** No response will be returned upon successful execution. + +To confirm the IPs have been added to the ban list, invoke the `GET /api/v1/feeds/custom/ips` endpoint. + diff --git a/openapi-specs/compute/33-02/desc/feeds/malware_digest_get.md b/openapi-specs/compute/33-02/desc/feeds/malware_digest_get.md new file mode 100644 index 000000000..005c476a2 --- /dev/null +++ b/openapi-specs/compute/33-02/desc/feeds/malware_digest_get.md @@ -0,0 +1,16 @@ +Retrieves the digest string for all the MD5 signatures of malicious executables configured in Console. + +### cURL Request + +The following cURL command retrieves the digest for the configured list for the MD5 signatures of malicious executables. + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X GET \ + https:///api/v1/feeds/custom/malware/digest +``` + +A successful response will return the digest string. This is the same value as the `digest` property in the response of the `GET api/v1/feeds/custom/malware` endpoint. + diff --git a/openapi-specs/compute/33-02/desc/feeds/malware_get.md b/openapi-specs/compute/33-02/desc/feeds/malware_get.md new file mode 100644 index 000000000..2a7aa128b --- /dev/null +++ b/openapi-specs/compute/33-02/desc/feeds/malware_get.md @@ -0,0 +1,35 @@ +Returns the customized list of MD5 signatures of malicious executables. + +### cURL Request + +Refer to the following cURL command that retrieves the list of MD5 signatures of malicious executables: + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X GET \ + "https:///api/v/feeds/custom/malware" +``` + +### Response + +A successful response will return a list of MD5 signatures of malicious executables. + +```json +{ + "_id":"", + "modified":"2020-11:00:00T00:00:01.62Z", + "feed": [ + { + "name": "dimaaa", + "md5": "d4ba1008e7d97458fdd65deca2ba801b" + }, + { + "name": "emacs", + "md5": "5ce9d1116755f827f5d1e06246dd30b9" + } + ] + "digest":"" +} +``` diff --git a/openapi-specs/compute/33-02/desc/feeds/malware_put.md b/openapi-specs/compute/33-02/desc/feeds/malware_put.md new file mode 100644 index 000000000..7e6ec5da0 --- /dev/null +++ b/openapi-specs/compute/33-02/desc/feeds/malware_put.md @@ -0,0 +1,34 @@ +Creates a custom list of malware MD5 signatures of malicious executables. + +> **Note:** Any previously installed lists are overwritten. + +### cURL Request + +Refer to the following cURL command that installs a custom list of malware MD5 signatures of malicious executables: + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X PUT \ + -d ' +{ + "name": "malware-sigs", + "feed": [ + { + "name": "dimaaa", + "md5": "d4ba1008e7d57458fdd65deca2ba801b" + }, + { + "name": "emacs", + "md5": "5ce9d1116755f827f5d1e06246dd30b9" + } + ] +}' \ + "https:///api/v/feeds/custom/malware" +``` + +**Note:** No response will be returned upon successful execution. + +To confirm the malware list has been added / overwritten to the ban list, invoke the `GET /api/vVERSION/feeds/custom/malware` endpoint. + diff --git a/openapi-specs/compute/33-02/desc/feeds/refresh_post.md b/openapi-specs/compute/33-02/desc/feeds/refresh_post.md new file mode 100644 index 000000000..a83c40d10 --- /dev/null +++ b/openapi-specs/compute/33-02/desc/feeds/refresh_post.md @@ -0,0 +1,9 @@ +Triggers Console to refresh its data from the **Intelligence Stream** + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X POST \ + https://:8083/api/v1/feeds/offline/refresh +``` diff --git a/openapi-specs/compute/33-02/desc/forensic/activities_download_get.md b/openapi-specs/compute/33-02/desc/forensic/activities_download_get.md new file mode 100644 index 000000000..8a2dbd926 --- /dev/null +++ b/openapi-specs/compute/33-02/desc/forensic/activities_download_get.md @@ -0,0 +1,12 @@ +Downloads all host activities that can be found on *Monitor > Events > Host Activities* + +Use the query parameters to filter what data is returned. + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: text/csv' \ + -X GET \ + -o host_activities.csv + https://:8083/api/v1/forensic/activities/download +``` diff --git a/openapi-specs/compute/33-02/desc/forensic/activities_get.md b/openapi-specs/compute/33-02/desc/forensic/activities_get.md new file mode 100644 index 000000000..c8fb1d0cd --- /dev/null +++ b/openapi-specs/compute/33-02/desc/forensic/activities_get.md @@ -0,0 +1,11 @@ +Retrieves all host activities that can be found on *Monitor > Events > Host Activities*. + +Use the query parameters to filter what data is returned. + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X GET \ + https://:8083/api/v1/forensic/activities +``` diff --git a/openapi-specs/compute/33-02/desc/forensic/forensic.md b/openapi-specs/compute/33-02/desc/forensic/forensic.md new file mode 100644 index 000000000..210cbbe96 --- /dev/null +++ b/openapi-specs/compute/33-02/desc/forensic/forensic.md @@ -0,0 +1 @@ +The forensic endpoint will return data for host activities. \ No newline at end of file diff --git a/openapi-specs/compute/33-02/desc/groups/get.md b/openapi-specs/compute/33-02/desc/groups/get.md new file mode 100644 index 000000000..6a0daa2eb --- /dev/null +++ b/openapi-specs/compute/33-02/desc/groups/get.md @@ -0,0 +1,15 @@ +Retrieves the list of all groups. + +This endpoint maps to the table data on the **Manage > Authentication > Groups** Console UI page. + +### cURL Request + +Refer to the following example cURL command that retrieves all the system groups. + +```bash +$ curl -k \ + -X GET \ + -u \ + -H 'Content-Type: application/json' \ + https:///api/v/groups +``` diff --git a/openapi-specs/compute/33-02/desc/groups/groups.md b/openapi-specs/compute/33-02/desc/groups/groups.md new file mode 100644 index 000000000..a1e5e93a0 --- /dev/null +++ b/openapi-specs/compute/33-02/desc/groups/groups.md @@ -0,0 +1,3 @@ +Manage (create, modify, delete) groups in the system. +If you integrated OpenLDAP, AD, or SAML, you can re-use groups from there, and assign roles to them as appropriate. +Otherwise, create Prisma Cloud Compute local groups to manage privileges for groups of users. diff --git a/openapi-specs/compute/33-02/desc/groups/id_delete.md b/openapi-specs/compute/33-02/desc/groups/id_delete.md new file mode 100644 index 000000000..5962a1135 --- /dev/null +++ b/openapi-specs/compute/33-02/desc/groups/id_delete.md @@ -0,0 +1,23 @@ +Deletes a group. +The `id` can be retrieved from the `GET /api/v1/groups` endpoint. + +To invoke this endpoint in the Console UI: + +1. Navigate to **Manage > Authentication > Groups**. +2. Click the dotted icon under the **Actions** column to open the menu options. +3. Click the **Delete** button to initiate the deletion. +4. Click the **Delete Group** button to confirm the deletion. + +### cURL Request + +The following cURL command deletes a collection with the name `{id}`. + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X DELETE \ + 'https:///api/v1/groups/{id}' +``` + +**Note:** No response will be returned upon successful execution. diff --git a/openapi-specs/compute/33-02/desc/groups/id_put.md b/openapi-specs/compute/33-02/desc/groups/id_put.md new file mode 100644 index 000000000..5bc1a81a8 --- /dev/null +++ b/openapi-specs/compute/33-02/desc/groups/id_put.md @@ -0,0 +1,43 @@ +Creates or modifies a group. +The `id` can be retrieved with from the `GET /api/v1/groups` endpoint. + +To invoke this endpoint in the Console UI: + +1. Navigate to **Manage > Authentication > Groups**. +2. Click the row of the group you want to update or click dotted icon under the **Actions** column to open the menu options and click the **Manage** button. +3. Update the group's parameters. +4. Click the **Save** button to save the changes. + +### cURL Request + +The PUT cURL command updates a group. + +**To submit a cURL request:** + +* The `name` value is required. +* If one of the following resources is left unspecified, the resource value will be set to a wildcard `[*]`: `hosts`, `images`, `labels`, `containers`, `functions`, `namespaces`, `appIDs`, `accountIDs`, `codeRepos`, `clusters` + +The following cURL command updates `my-group` with the users associated with the usernames `john` and `jane`. + +**Note:** You can retrieve the group `id` names from the `GET /api/v1/groups`. + +```bash +$ curl 'https:///api/v1/groups/{id}' \ + -k \ + -X PUT \ + -u \ + -H 'Content-Type: application/json' \ + -d \ +'{ + "groupName": "my-group", + "user": [ + {"username": "john"}, + {"username": "jane"} + ], + "lastModified":"2021-03-11T23:32:51.336Z" +}' +``` + +You must include a `lastModified` timestamp even though it will be overwritten by the system + +**Note:** No response will be returned upon successful execution. diff --git a/openapi-specs/compute/33-02/desc/groups/names.md b/openapi-specs/compute/33-02/desc/groups/names.md new file mode 100644 index 000000000..80f34f536 --- /dev/null +++ b/openapi-specs/compute/33-02/desc/groups/names.md @@ -0,0 +1,26 @@ +Retrieves a list of all group names as an array of strings. + +This endpoint maps to the table data on the **Manage > Authentication > Groups** Console UI page. + +### cURL Request + +Refer to the following example cURL command that retrieves all the system groups: + +```bash +$ curl -k \ + -X GET \ + -u \ + -H 'Content-Type: application/json' \ + https:///api/v/groups/names +``` + +A sample output would look similar to this: + +```json +[ + "admins", + "secops", + "devops", + "" +] +``` diff --git a/openapi-specs/compute/33-02/desc/groups/post.md b/openapi-specs/compute/33-02/desc/groups/post.md new file mode 100644 index 000000000..d0fc23a6d --- /dev/null +++ b/openapi-specs/compute/33-02/desc/groups/post.md @@ -0,0 +1,33 @@ +Creates a group with users. + +To invoke this endpoint in the Console UI: + +1. Navigate to **Manage > Authentication > Groups**. +2. Add a collection using **+ Add group**. +3. Enter a group name and add at least one user. +3. Click the **Save** button. + +### cURL Request + +Refer to the following example cURL command that creates a new group named `my-group`: + +```bash +$ curl -k \ + -X POST \ + -u \ + -H 'Content-Type: application/json' \ + -d \ +'{ + "groupName": "my-group", + "user": [ + {"username": "john"}, + {"username": "jane"} + ] +}' \ +'https:///api/v/groups' +``` +This group includes the users associated with the usernames `john` and `jane`. + +**Note:** You must use usernames that already exist in the system. + +No response will be returned upon successful execution. diff --git a/openapi-specs/compute/33-02/desc/high-availability/get.md b/openapi-specs/compute/33-02/desc/high-availability/get.md new file mode 100644 index 000000000..a988d47ef --- /dev/null +++ b/openapi-specs/compute/33-02/desc/high-availability/get.md @@ -0,0 +1,11 @@ +Returns the status of high high availability. + +A curl command to access this endpoint may resemble the following code snippet: + +```bash +$ curl -k \ + -X GET \ + -u \ + -H 'Content-Type: application/json' \ + https://:8083/api/v1/high-availability \ +``` diff --git a/openapi-specs/compute/33-02/desc/hosts/download_get.md b/openapi-specs/compute/33-02/desc/hosts/download_get.md new file mode 100644 index 000000000..ab691fb49 --- /dev/null +++ b/openapi-specs/compute/33-02/desc/hosts/download_get.md @@ -0,0 +1,19 @@ +Downloads all host scan reports in CSV format. + +This endpoint maps to the CSV hyperlink in **Monitor > Vulnerabilities > Hosts > Running hosts** in the Console UI. + +**Note**: The query parameters `fields`, `complianceID` and `normalizedSeverity` are not supported for this API endpoint. + +### cURL Request + +Refer to the following example cURL command that downloads all host scan reports to a CSV file called `hosts_report.csv`: + +```bash +curl -k \ + -u \ + -H 'Content-Type: text/csv' \ + -X GET -o hosts_report.csv \ + https:///api/v/hosts/download +``` + +A successful response displays the status of the download. diff --git a/openapi-specs/compute/33-02/desc/hosts/evaluate_get.md b/openapi-specs/compute/33-02/desc/hosts/evaluate_get.md new file mode 100644 index 000000000..8f866d89a --- /dev/null +++ b/openapi-specs/compute/33-02/desc/hosts/evaluate_get.md @@ -0,0 +1 @@ +Adds vulnerability data for the given host. \ No newline at end of file diff --git a/openapi-specs/compute/33-02/desc/hosts/filters_get.md b/openapi-specs/compute/33-02/desc/hosts/filters_get.md new file mode 100644 index 000000000..4bf6df5e6 --- /dev/null +++ b/openapi-specs/compute/33-02/desc/hosts/filters_get.md @@ -0,0 +1,11 @@ +Returns host filters such as distribution and host name. + +A curl command to access this endpoint may resemble the following code snippet: + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X GET \ + https://:8083/api/v1/hosts/filters \ +``` diff --git a/openapi-specs/compute/33-02/desc/hosts/get.md b/openapi-specs/compute/33-02/desc/hosts/get.md new file mode 100644 index 000000000..43020558a --- /dev/null +++ b/openapi-specs/compute/33-02/desc/hosts/get.md @@ -0,0 +1,47 @@ +Retrieves all host scan reports. + +> _**Note:**_ The API rate limit for this endpoint is 30 requests per 30 seconds. +You get an HTTP error response 429 if the limit exceeds. + +This endpoint maps to the **Running hosts** table in **Monitor > Vulnerabilities > Hosts > Running hosts** in the Console UI. + +Refer to the following available options for the `fields` query parameters: +* type +* hostname +* collections +* firewallProtection +* agentless +* stopped +* scanID +* err +* labels +* externalLabels +* clusters +* cloudMetadata +* ecsClusterName +* k8sClusterAddr +* vulnerabilityRiskScore +* complianceIssuesCount +* complianceRiskScore +* complianceDistribution +* vulnerabilityDistribution +* vulnerabilitiesCount +* osDistro +* distro +* osDistroRelease + +_**Note:**_ The query parameters `issueType` is not supported for this API endpoint. + +### cURL Request + +Refer to the following cURL command that retrieves all host scan reports: + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X GET \ + https:///api/v/hosts +``` + +A successful response returns all host scan reports. diff --git a/openapi-specs/compute/33-02/desc/hosts/hosts.md b/openapi-specs/compute/33-02/desc/hosts/hosts.md new file mode 100644 index 000000000..c50ea307b --- /dev/null +++ b/openapi-specs/compute/33-02/desc/hosts/hosts.md @@ -0,0 +1,4 @@ +Host scan reports. + +Prisma Cloud Compute scans the host machines in your container environment for CVEs and compliance issues. +Scan reports are generated for any host running Defender. diff --git a/openapi-specs/compute/33-02/desc/hosts/info_get.md b/openapi-specs/compute/33-02/desc/hosts/info_get.md new file mode 100644 index 000000000..5b3903b7e --- /dev/null +++ b/openapi-specs/compute/33-02/desc/hosts/info_get.md @@ -0,0 +1,13 @@ +Returns minimal information that includes hostname, distro, distro-release, collections, clusters, and agentless about all deployed hosts. + +_**Note:**_ The query parameters `issueType` is not supported for this API endpoint. + +A curl command to access this endpoint may resemble the following code snippet: + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X GET \ + https:///api/v/hosts/info +``` diff --git a/openapi-specs/compute/33-02/desc/hosts/scan_post.md b/openapi-specs/compute/33-02/desc/hosts/scan_post.md new file mode 100644 index 000000000..6b72cbfa3 --- /dev/null +++ b/openapi-specs/compute/33-02/desc/hosts/scan_post.md @@ -0,0 +1,10 @@ +Re-scan all hosts immediately. + +Refer to the following example command that forces Prisma Cloud Compute to re-scan all hosts: + +```bash +$ curl -k \ + -u \ + -X POST \ + https:///api/v/hosts/scan +``` diff --git a/openapi-specs/compute/33-02/desc/how_to_eval_console.md b/openapi-specs/compute/33-02/desc/how_to_eval_console.md new file mode 100644 index 000000000..33f19ce65 --- /dev/null +++ b/openapi-specs/compute/33-02/desc/how_to_eval_console.md @@ -0,0 +1,35 @@ +All the example API commands in these documents specify a `` variable, which represents the address for Console. +The Console address will depend on how Console was installed. + +#### For SaaS Installations + +To find your `` path for a SaaS environment: + +1. Log into Console. +2. Navigate to **Compute** > **Manage** > **System** > **Downloads**. +3. You can find your `` path listed under **Path to Console**. Click **Copy** to quickly copy the path to your clipboard. + +console + + + +#### For Self-hosted Installations + +For self-hosted environments, the Prisma Cloud Compute API is exposed on port `8083` (HTTPS). +This port is specified at install time in `twistlock.cfg`. + +* **(Default) Kubernetes installations:** Console service is exposed by a LoadBalancer. + + The value for `` is the LoadBalancer followed by port `8083`: + + ``` + https://:8083 + ``` + +* **Onebox installations:** Console installed on a stand-alone host. + + The value for `` is the IP address or DNS name of the host followed by port `8083`: + + ``` + https://:8083 + ``` diff --git a/openapi-specs/compute/33-02/desc/images/defender_layer_get.md b/openapi-specs/compute/33-02/desc/images/defender_layer_get.md new file mode 100644 index 000000000..1dfe3633d --- /dev/null +++ b/openapi-specs/compute/33-02/desc/images/defender_layer_get.md @@ -0,0 +1,14 @@ +Returns the the Prisma Cloud Compute Defender in as a layer that can be used in an AWS Lambda implementation. + +## cURL Request + +Refer to the following example cURL command: + +```bash +$ curl -k \ + -X GET \ + -u \ + -H "Content-Type: application/octet-stream" \ + -o twistlock_defender_layer.zip \ + https:///api/v1/images/twistlock_defender_layer.zip +``` diff --git a/openapi-specs/compute/33-02/desc/images/defender_rasp_get.md b/openapi-specs/compute/33-02/desc/images/defender_rasp_get.md new file mode 100644 index 000000000..a8e145ff7 --- /dev/null +++ b/openapi-specs/compute/33-02/desc/images/defender_rasp_get.md @@ -0,0 +1,12 @@ +Returns the the Prisma Cloud Compute Defender as the RASP Defender + +A curl command to access this endpoint may resemble the following code snippet: + +```bash +$ curl -k \ + -X GET \ + -u \ + -H "Content-Type: application/octet-stream" \ + -o twistlock_defender_rasp.tar.gz \ + https://:8083/api/v1/images/twistlock_defender_rasp.tar.gz +``` diff --git a/openapi-specs/compute/33-02/desc/images/download_get.md b/openapi-specs/compute/33-02/desc/images/download_get.md new file mode 100644 index 000000000..d0eaceb19 --- /dev/null +++ b/openapi-specs/compute/33-02/desc/images/download_get.md @@ -0,0 +1,41 @@ +Downloads image scan reports in CSV format. + +This endpoint maps to **Monitor > Compliance > Images > Deployed** in the Console UI. + +Consider the following available options to retrieve when you use the `fields` query parameter: +- labels +- repoTag.repo +- repoTag.registry +- clusters +- hosts +- repoTag.tag + + +### cURL Request + +Refer to the following cURL command that generates a CSV file containing the scan reports: + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X GET \ + "https:///api/v/images/download" \ + > images.csv +``` + +Refer to the following example cURL command that might be useful for developers: + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X GET \ + "https:///api/v/images/download?id={id}&layers=true" \ + > images.csv +``` +where an example `{id}` is `sha256:abd4f451ddb707c8e68a36d695456a515cdd6f9581b7a8348a380030a6fd7689`. + +It takes an image ID as the input parameter, and generates a CSV file that lists all vulnerable packages in a given image, organized by layer, with both the affected and fixed versions. + +A successful response displays the status of the download. diff --git a/openapi-specs/compute/33-02/desc/images/evaluate_get.md b/openapi-specs/compute/33-02/desc/images/evaluate_get.md new file mode 100644 index 000000000..a0df77215 --- /dev/null +++ b/openapi-specs/compute/33-02/desc/images/evaluate_get.md @@ -0,0 +1 @@ +Adds vulnerability data for the given images. \ No newline at end of file diff --git a/openapi-specs/compute/33-02/desc/images/get.md b/openapi-specs/compute/33-02/desc/images/get.md new file mode 100644 index 000000000..3f594c6c8 --- /dev/null +++ b/openapi-specs/compute/33-02/desc/images/get.md @@ -0,0 +1,57 @@ +Retrieves image scan reports. + +> _**Note:**_ The API rate limit for this endpoint is 30 requests per 30 seconds. +You get an HTTP error response 429 if the limit exceeds. + +This endpoint maps to the image table in **Monitor > Compliance > Images > Deployed** in the Console UI. + +> _**Note:**_ The `image` object of the response was created for internal use of Prisma Cloud Compute for image scanning and analysis. Therefore, its inner fields are not saved in the database and will return empty in the endpoint response. You can get some of its values, such as `labels` and `history`, from the main structure of the response. + +You can use the wildcard (*) character as input to filter the retrieved images. + +If no entry is present in the database, the search returns an empty list. + +Consider the following available options to retrieve when you use the `fields` query parameter: +- labels +- repoTag.repo +- repoTag.registry +- clusters +- hosts +- repoTag.tag + +_**Note:**_ The query parameters `issueType` is not supported for this API endpoint. + +### cURL Request + +Refer to the following cURL command that retrieves a compact scan report for all images: + +``` +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X GET \ + "https:///api/v/images" +``` + +Refer to the following cURL command that retrieves a compact scan report for an Ubuntu image: + +``` +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X GET \ + "https:///api/v/images?name=https:///ubuntu:latest&compact=true" +``` +The name query is synonymous with the filter images text field in the Console UI. + +Refer to the following cURL command that retrieves the scan report for an image with the matching SHA-256 hash: + +``` +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X GET \ + "https:///api/v/images?id=sha256:d461f1845c43105d7d686a9cfca9d73b0272b1dcd0381bf105276c978cb02832" +``` + +A successful response returns the image scan reports. diff --git a/openapi-specs/compute/33-02/desc/images/images.md b/openapi-specs/compute/33-02/desc/images/images.md new file mode 100644 index 000000000..49b429bab --- /dev/null +++ b/openapi-specs/compute/33-02/desc/images/images.md @@ -0,0 +1,3 @@ +Image scan reports. + +Note that the compliance issues in an image might be different (fewer) than those in a running instance of the image (a container). diff --git a/openapi-specs/compute/33-02/desc/images/names_get.md b/openapi-specs/compute/33-02/desc/images/names_get.md new file mode 100644 index 000000000..3a234df98 --- /dev/null +++ b/openapi-specs/compute/33-02/desc/images/names_get.md @@ -0,0 +1,15 @@ +Returns an array of strings containing image names. + +_**Note:**_ The query parameters `issueType` is not supported for this API endpoint. + +### cURL Request + +Refer to the following example cURL command: + +```bash +$ curl -k \ + -X GET \ + -u \ + -H 'Content-Type: application/json' \ + https:///api/v/images/names +``` diff --git a/openapi-specs/compute/33-02/desc/images/scan_post.md b/openapi-specs/compute/33-02/desc/images/scan_post.md new file mode 100644 index 000000000..8d802727a --- /dev/null +++ b/openapi-specs/compute/33-02/desc/images/scan_post.md @@ -0,0 +1,12 @@ +Re-scan all images immediately. This endpoint returns the time that the scans were initiated. + +### cURL Request + +Refer to the following example cURL command that forces Prisma Cloud Compute to re-scan all images: + +```bash +$ curl -k \ + -u \ + -X POST \ + https:///api/v/images/scan +``` diff --git a/openapi-specs/compute/33-02/desc/images/twistlock_defender_app_embedded_tar_gz_get.md b/openapi-specs/compute/33-02/desc/images/twistlock_defender_app_embedded_tar_gz_get.md new file mode 100644 index 000000000..618d35c93 --- /dev/null +++ b/openapi-specs/compute/33-02/desc/images/twistlock_defender_app_embedded_tar_gz_get.md @@ -0,0 +1 @@ +Generates the embedded defender bundle and serves it to the user. \ No newline at end of file diff --git a/openapi-specs/compute/33-02/desc/images/twistlock_defender_layer_zip_post.md b/openapi-specs/compute/33-02/desc/images/twistlock_defender_layer_zip_post.md new file mode 100644 index 000000000..64c3cccc2 --- /dev/null +++ b/openapi-specs/compute/33-02/desc/images/twistlock_defender_layer_zip_post.md @@ -0,0 +1 @@ +Returns a ZIP file with a Lambda layer containing the Defender runtime. \ No newline at end of file diff --git a/openapi-specs/compute/33-02/desc/images/twistlock_defender_tar_gz_get.md b/openapi-specs/compute/33-02/desc/images/twistlock_defender_tar_gz_get.md new file mode 100644 index 000000000..7852e12ba --- /dev/null +++ b/openapi-specs/compute/33-02/desc/images/twistlock_defender_tar_gz_get.md @@ -0,0 +1,9 @@ +Download the Container Defender image for Linux platforms. + +```bash +$ curl -k \ + -u \ + -H "Content-Type: application/octet-stream" \ + -o twistlock_defender.tar.gz \ + https://:8083/api/v1/images/twistlock_defender.tar.gz +``` diff --git a/openapi-specs/compute/33-02/desc/intro.md b/openapi-specs/compute/33-02/desc/intro.md new file mode 100644 index 000000000..9038a3734 --- /dev/null +++ b/openapi-specs/compute/33-02/desc/intro.md @@ -0,0 +1,92 @@ +# How to evaluate + +All the example API commands in these documents specify a `` variable, which represents the address for Console. +The Console address will depend on how Console was installed. + +## For SaaS Installations + +To find your `` path for a SaaS environment: + +1. Log into Console. +2. Navigate to **Compute** > **Manage** > **System** > **Downloads**. +3. You can find your `` path listed under **Path to Console**. Click **Copy** to quickly copy the path to your clipboard. + +console + + + +## For Self-hosted Installations + +For self-hosted environments, the Prisma Cloud Compute API is exposed on port `8083` (HTTPS). +This port is specified at install time in `twistlock.cfg`. + +* **(Default) Kubernetes installations:** Console service is exposed by a LoadBalancer. + + The value for `` is the LoadBalancer followed by port `8083`: + + ``` + https://:8083 + ``` + +* **Onebox installations:** Console installed on a stand-alone host. + + The value for `` is the IP address or DNS name of the host followed by port `8083`: + + ``` + https://:8083 + ``` + +# Using the curl example commands + + +The cURL example for each endpoint is called with a username (`-u `) only. +The cURL can be modified to use any of the following: + +* **Authentication Token:** Use the `-H` option to pass the authentication token from the `/api/v1/authenticate` endpoint into the request header. + +For example, replace `` with the token from the `/api/v1/authenticate` endpoint. + +```bash +$ curl -k \ +-H 'Authorization: Bearer ' \ +-X POST \ +https:///api/v1/ +``` + +* **Username and Password:** Use the `-u` and `-p` options to include the username and password, eliminating the need to enter a password in a secondary step. + +For example, replace `` with the username string and `` with the password string. + +```bash +$ curl -k \ +-u \ +-p \ +-X POST \ +https:///api/v1/ +``` + +* **Username Only:** This will require the user's password to be entered as a secondary step. + +For example, replace `` with the username string. + +```bash +$ curl -k \ +-u \ +-X POST \ +https:///api/v1/ +``` + +**Note:** This is a more secure method than including the `-p` option since your terminal history won't contain the password. + + +# API restrictions + + +Paginated API requests are capped to a max of 50 returned objects because very large responses could DoS Console. + +If the response contains more than 50 objects, cycle through the collection with the `offset` query parameter to retrieve more objects. +For example: + +``` +https:///api/v1/images?limit=50&offset=X +``` diff --git a/openapi-specs/compute/33-02/desc/kubernetes/kubernetes.md b/openapi-specs/compute/33-02/desc/kubernetes/kubernetes.md new file mode 100644 index 000000000..cbc430983 --- /dev/null +++ b/openapi-specs/compute/33-02/desc/kubernetes/kubernetes.md @@ -0,0 +1 @@ +Kubernetes diff --git a/openapi-specs/compute/33-02/desc/kubernetes/scan_post.md b/openapi-specs/compute/33-02/desc/kubernetes/scan_post.md new file mode 100644 index 000000000..15d614c1a --- /dev/null +++ b/openapi-specs/compute/33-02/desc/kubernetes/scan_post.md @@ -0,0 +1,11 @@ +This endpoint will trigger a Kubernetes scan. + +The following example curl command uses basic auth to initiate this scan: + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X POST \ + https://:8083/api/v1/kubernetes/scan +``` diff --git a/openapi-specs/compute/33-02/desc/logs/console_get.md b/openapi-specs/compute/33-02/desc/logs/console_get.md new file mode 100644 index 000000000..80ece6611 --- /dev/null +++ b/openapi-specs/compute/33-02/desc/logs/console_get.md @@ -0,0 +1,11 @@ +Retrieves the latest Console log messages. + +The following example curl command retrieves the 10 latest Console log messages: + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X GET \ + https://:8083/api/v1/logs/console?lines=10 +``` diff --git a/openapi-specs/compute/33-02/desc/logs/defender_download_get.md b/openapi-specs/compute/33-02/desc/logs/defender_download_get.md new file mode 100644 index 000000000..5d6718db0 --- /dev/null +++ b/openapi-specs/compute/33-02/desc/logs/defender_download_get.md @@ -0,0 +1,14 @@ +This endpoint will return the defender logs with `tar.gz` file extension given the hostname of the defender. + +The hostname can be returned from the endpoint `/defenders/names` + +The following example curl command uses basic auth to download the logs: + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X GET \ + -o defender_logs.tar.gz + https://:8083/api/v1/logs/defender/download?hostname={hostname} +``` diff --git a/openapi-specs/compute/33-02/desc/logs/defender_get.md b/openapi-specs/compute/33-02/desc/logs/defender_get.md new file mode 100644 index 000000000..1e733a746 --- /dev/null +++ b/openapi-specs/compute/33-02/desc/logs/defender_get.md @@ -0,0 +1,15 @@ +Retrieves the latest log messages for a given Defender. +The Defender is specified by the host where it runs. +You can retrieve the hostname for each Defender from the `GET /api/v1/defenders` endpoint. + +The following example curl command retrieves the 10 log messages for the Defender that runs on `worker.sandbox.internal`. +Note that you must quote the URL when running the following command. +Otherwise the shell misinterprets the ampersand (`&`) as the end of the command, and puts the curl command in the background. + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X GET \ + "https://:8083/api/v1/logs/defender?lines=10&hostname=worker.sandbox.internal" +``` diff --git a/openapi-specs/compute/33-02/desc/logs/logs.md b/openapi-specs/compute/33-02/desc/logs/logs.md new file mode 100644 index 000000000..62129734e --- /dev/null +++ b/openapi-specs/compute/33-02/desc/logs/logs.md @@ -0,0 +1 @@ +Retrieve log messages from Console and Defender. diff --git a/openapi-specs/compute/33-02/desc/logs/system_download_get.md b/openapi-specs/compute/33-02/desc/logs/system_download_get.md new file mode 100644 index 000000000..1e5b5b873 --- /dev/null +++ b/openapi-specs/compute/33-02/desc/logs/system_download_get.md @@ -0,0 +1,13 @@ +This endpoint will return the system debug logs with `tar.gz` file extension. + + +The following example curl command uses basic auth to download the logs: + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X GET \ + -o {file_name}.tar.gz + https://:8083/api/v1/logs/system/download +``` diff --git a/openapi-specs/compute/33-02/desc/pcf-droplets/addresses_get.md b/openapi-specs/compute/33-02/desc/pcf-droplets/addresses_get.md new file mode 100644 index 000000000..257a47455 --- /dev/null +++ b/openapi-specs/compute/33-02/desc/pcf-droplets/addresses_get.md @@ -0,0 +1,13 @@ +This endpoint will return the cloud controller addresses configured for PCF Blobstore scanning. + +You can also add optional query parameters to this API call, in this example `cloudControllerAddresses` and/or `id` + +The following example curl command retrieves the list of addresses: + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X GET \ + "https://:8083/api/v1/pcf-droplets/addresses?cloudControllerAddresses={cloudControllerAddresses}&id={id}" +``` diff --git a/openapi-specs/compute/33-02/desc/pcf-droplets/download_get.md b/openapi-specs/compute/33-02/desc/pcf-droplets/download_get.md new file mode 100644 index 000000000..ad761e744 --- /dev/null +++ b/openapi-specs/compute/33-02/desc/pcf-droplets/download_get.md @@ -0,0 +1,13 @@ +This endpoint will download the list of configured cloud controller addresses configured for PCF Blobstore scanning. + +The following example curl command retrieves the list of addresses and outputs it to a file call `PCF_blobstores.csv`: + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X GET \ + -o PCF_blobstores.csv + "https://:8083/api/v1/pcf-droplets/download?cloudControllerAddresses={cloudControllerAddresses}&id={id}" +``` + diff --git a/openapi-specs/compute/33-02/desc/pcf-droplets/get.md b/openapi-specs/compute/33-02/desc/pcf-droplets/get.md new file mode 100644 index 000000000..930d16948 --- /dev/null +++ b/openapi-specs/compute/33-02/desc/pcf-droplets/get.md @@ -0,0 +1,11 @@ +This endpoint will return the full metadata of PCF blobstore from page **Monitor > Vulnerabilities > PCF** within the Console. + +The following example curl command will retrieve this: + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X GET \ + "https://:8083/api/v1/pcf-droplets?cloudControllerAddresses={cloudControllerAddresses}&id={id}" +``` diff --git a/openapi-specs/compute/33-02/desc/pcf-droplets/pcf-droplets.md b/openapi-specs/compute/33-02/desc/pcf-droplets/pcf-droplets.md new file mode 100644 index 000000000..0719fcaf5 --- /dev/null +++ b/openapi-specs/compute/33-02/desc/pcf-droplets/pcf-droplets.md @@ -0,0 +1,3 @@ +Scan reports for the VMWare Tanzu Application Service (TAS) droplets in your blobstore(s). +Droplets are archives that contain ready to run applications. +They contain an OS stack, a buildpack (which contains the languages, libraries, and services used by the app), and custom app code. diff --git a/openapi-specs/compute/33-02/desc/pcf-droplets/scan_post.md b/openapi-specs/compute/33-02/desc/pcf-droplets/scan_post.md new file mode 100644 index 000000000..34e75b26c --- /dev/null +++ b/openapi-specs/compute/33-02/desc/pcf-droplets/scan_post.md @@ -0,0 +1,11 @@ +This endpoint will kick off a scan of the any PCF Blobstores you have configured. + +Example curl command: + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X POST \ + https://:8083/api/v1/pcf-droplets/scan +``` diff --git a/openapi-specs/compute/33-02/desc/pcf-droplets/stop_post.md b/openapi-specs/compute/33-02/desc/pcf-droplets/stop_post.md new file mode 100644 index 000000000..94c376972 --- /dev/null +++ b/openapi-specs/compute/33-02/desc/pcf-droplets/stop_post.md @@ -0,0 +1,11 @@ +This endpoint will instruct the PFC Defenders to stop scanning. + +Example curl command: + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X POST \ + https://:8083/api/v1/pcf-droplets/stop +``` diff --git a/openapi-specs/compute/33-02/desc/policies/compliance_ci_images_get.md b/openapi-specs/compute/33-02/desc/policies/compliance_ci_images_get.md new file mode 100644 index 000000000..f97130a97 --- /dev/null +++ b/openapi-specs/compute/33-02/desc/policies/compliance_ci_images_get.md @@ -0,0 +1,18 @@ +Retrieves the compliance policy for images scanned in your continuous integration (CI) pipeline. +A policy consists of ordered rules. + +This endpoint maps to **Defend > Compliance > Containers and images > CI** in the Console UI. + +### cURL Request + +Refer to the following example cURL command: + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X GET \ + 'https:///api/v/policies/compliance/ci/images' +``` + +A successful response returns a list of compliance rules in the policy. diff --git a/openapi-specs/compute/33-02/desc/policies/compliance_ci_images_put.md b/openapi-specs/compute/33-02/desc/policies/compliance_ci_images_put.md new file mode 100644 index 000000000..294add6f6 --- /dev/null +++ b/openapi-specs/compute/33-02/desc/policies/compliance_ci_images_put.md @@ -0,0 +1,58 @@ +Updates the compliance policy for images scanned in your continuous integration (CI) pipeline. +All rules in the policy are updated in a single shot. + +The policy set in this endpoint is enforced by the scanners in the Jenkins plugin and the `twistcli` command line tool. + +This endpoint maps to the policy table in **Defend > Compliance > Containers and images > CI** in the Console UI. + + +### cURL Request + +The following cURL command overwrites all rules in your current policy with a new policy that has a single rule. + +To construct an effective rule for this policy, specify at least one "check" and the `effect`. +See [How to Construct a Compliance Policy](#how-to-construct-a-compliance-policy) for more info. + +For a full list of checks, go to **Defend > Compliance > Containers and images > CI** in the Console UI and create a new rule. +All prebuilt checks and their IDs are shown under **Compliance actions**. + +### cURL Request + +Refer to the following example cURL command: + +```bash +$ curl 'https:///api/v/policies/compliance/ci/images' \ + -k \ + -X PUT \ + -u \ + -H 'Content-Type: application/json' \ + -d \ +'{ + "rules": [ + { + "name": "my-rule", + "effect": "alert", + "collections":[ + { + "name":"All" + } + ], + "condition": { + "vulnerabilities": [ + { + "id": 41, + "block": false, + "minSeverity": 1 + } + ] + } + } + ], + "policyType": "ciImagesCompliance" +}' +``` + +**Note:** No response will be returned upon successful execution. + + + diff --git a/openapi-specs/compute/33-02/desc/policies/compliance_ci_serverless_get.md b/openapi-specs/compute/33-02/desc/policies/compliance_ci_serverless_get.md new file mode 100644 index 000000000..59195f070 --- /dev/null +++ b/openapi-specs/compute/33-02/desc/policies/compliance_ci_serverless_get.md @@ -0,0 +1,19 @@ +Retrieves the compliance policy for serverless functions built in your Continuous Integration (CI) pipeline. +A policy consists of ordered rules. + +This endpoint maps to the policy table in **Defend > Compliance > Functions > CI** in the Console UI. + +### cURL Request + +Refer to the following example cURL command: + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X GET \ + https:///api/v/policies/compliance/ci/serverless +``` + +A successful response contains a list of compliance rules in the policy. + diff --git a/openapi-specs/compute/33-02/desc/policies/compliance_ci_serverless_put.md b/openapi-specs/compute/33-02/desc/policies/compliance_ci_serverless_put.md new file mode 100644 index 000000000..b25c34aae --- /dev/null +++ b/openapi-specs/compute/33-02/desc/policies/compliance_ci_serverless_put.md @@ -0,0 +1,50 @@ +Updates the compliance policy for serverless functions built in your Continuous Integration (CI) pipeline. +All rules in the policy are updated in a single shot. + +The policy set in this endpoint is enforced by the scanners in the Jenkins plugin and the `twistcli` command line tool. + +This endpoint maps to the policy table in **Defend > Compliance > Functions > CI** in the Console UI. + +To construct an effective rule for this policy, specify at least one "check" and one `effect` value. +See [How to Construct a Compliance Policy](#how-to-construct-a-compliance-policy) for more info. + +For a full list of checks, go to **Defend > Compliance > Functions > CI** in the Console UI and create a new rule. +All prebuilt checks and their IDs are shown under **Compliance actions**. + +### cURL Request + +Refer to the following example cURL command that overwrites all rules in your current policy with a new policy that has a single rule: + +```bash +$ curl 'https:///api/v/policies/compliance/ci/serverless' \ + -k \ + -X PUT \ + -u \ + -H 'Content-Type: application/json' \ + -d \ +'{ + "rules": [ + { + "name": "my-rule", + "effect": "alert", + "collections":[ + { + "name":"All" + } + ], + "condition": { + "vulnerabilities": [ + { + "id": 436, + "block": false, + "minSeverity": 1 + } + ] + } + } + ], + "policyType": "ciServerlessCompliance" +}' +``` + +**Note:** No response will be returned upon successful execution. diff --git a/openapi-specs/compute/33-02/desc/policies/compliance_container_get.md b/openapi-specs/compute/33-02/desc/policies/compliance_container_get.md new file mode 100644 index 000000000..7f10245ea --- /dev/null +++ b/openapi-specs/compute/33-02/desc/policies/compliance_container_get.md @@ -0,0 +1,18 @@ +Retrieves the compliance policy for running containers. +A policy consists of ordered rules. + +This endpoint maps to **Defend > Compliance > Containers and images > Deployed** in the Console UI. + +### cURL Request + +Refer to the following example cURL command: + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X GET \ + 'https:///api/v/policies/compliance/container' +``` + +A successful response returns a list of compliance rules in the policy. diff --git a/openapi-specs/compute/33-02/desc/policies/compliance_container_impacted_get.md b/openapi-specs/compute/33-02/desc/policies/compliance_container_impacted_get.md new file mode 100644 index 000000000..607bfa3c8 --- /dev/null +++ b/openapi-specs/compute/33-02/desc/policies/compliance_container_impacted_get.md @@ -0,0 +1,21 @@ +Lists the containers caught by your compliance policy on a per-rule basis. +These rule names can be found from the `name` variable in the response from a `GET` on the basic policies/compliance endpoint. + +To see where Console invokes this endpoint: + +* In Console, go to **Defend > Compliance > Containers and images > Deployed**. +* In the **Compliance rules** section, click **Show** under the **Entities in scope** column for a rule. +* The endpoint is invoked when the pop-up is displayed. + +### cURL Request + +The following cURL command returns a list of containers captured by ``. + +```bash +$ curl -k \ + -u \ + -X GET \ + 'https:///api/v/policies/compliance/container/impacted?ruleName=' +``` + +A successful response contains a list of impacted containers by a rule within the context of the policy. diff --git a/openapi-specs/compute/33-02/desc/policies/compliance_container_put.md b/openapi-specs/compute/33-02/desc/policies/compliance_container_put.md new file mode 100644 index 000000000..2e9616ea0 --- /dev/null +++ b/openapi-specs/compute/33-02/desc/policies/compliance_container_put.md @@ -0,0 +1,49 @@ +Updates the compliance policy for running containers. +All rules in the policy are updated in a single shot. + +This endpoint maps to the policy table in **Defend > Compliance > Containers and images > Deployed** in the Console UI. + +To construct an effective rule for this policy, specify at least one "check" and one `effect` value. +See [How to Construct a Compliance Policy](#how-to-construct-a-compliance-policy) for more info. + +For a full list of checks, go to **Defend > Compliance > Containers and images > Deployed** in the Console UI and create a new rule. +All prebuilt checks and their IDs are shown under **Compliance actions**. + +### cURL Request + +Refer to the following example cURL command that overwrites all rules in your current policy with a new policy that has a single rule: + +```bash +$ curl 'https:///api/v/policies/compliance/container' \ + -k \ + -X PUT \ + -u \ + -H 'Content-Type: application/json' \ + -d \ +'{ + "rules":[ + { + "name": "my-rule", + "effect": "alert", + "collections":[ + { + "name":"All" + } + ], + "condition": { + "vulnerabilities": [ + { + "id": 531, + "block": false, + "minSeverity": 1 + } + ] + } + } + ], + "policyType":"containerCompliance" +}' +``` + +**Note:** No response will be returned upon successful execution. + diff --git a/openapi-specs/compute/33-02/desc/policies/compliance_host_get.md b/openapi-specs/compute/33-02/desc/policies/compliance_host_get.md new file mode 100755 index 000000000..c029ecf7f --- /dev/null +++ b/openapi-specs/compute/33-02/desc/policies/compliance_host_get.md @@ -0,0 +1,18 @@ +Retrieves the compliance policy for hosts protected by Defender. +A policy consists of ordered rules. + +This endpoint maps to **Defend > Compliance > Hosts > Running hosts** in the Console UI. + +### cURL Request + +Refer to the following example cURL command: + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X GET \ + 'https:///api/v/policies/compliance/host' +``` + +A successful response returns a list of compliance rules in the policy. diff --git a/openapi-specs/compute/33-02/desc/policies/compliance_host_put.md b/openapi-specs/compute/33-02/desc/policies/compliance_host_put.md new file mode 100755 index 000000000..9b1e4ce75 --- /dev/null +++ b/openapi-specs/compute/33-02/desc/policies/compliance_host_put.md @@ -0,0 +1,48 @@ +Updates the compliance policy for hosts protected by Defender. +All rules in the policy are updated in a single shot. + +This endpoint maps to the policy table in **Defend > Compliance > Hosts > Running hosts** in the Console UI. + +To construct an effective rule for this policy, specify at least one "check" and one `effect` value. +See [How to Construct a Compliance Policy](#how-to-construct-a-compliance-policy) for more info. + +For a full list of checks, go to **Defend > Compliance > Hosts > Running Hosts** in the Console UI and create a new rule. +All prebuilt checks and their IDs are shown under **Compliance actions**. + +### cURL Request + +Refer tp the following example cURL command that overwrites all rules in your current policy with a new policy that has a single rule: + +```bash +$ curl 'https:///api/v/policies/compliance/host' \ + -k \ + -X PUT \ + -u \ + -H 'Content-Type: application/json' \ + -d \ +'{ + "rules":[ + { + "name":"my-rule", + "effect":"alert", + "collections":[ + { + "name":"All" + } + ], + "condition":{ + "vulnerabilities":[ + { + "id":6151, + "block":false + } + ] + } + } + ], + "policyType":"hostCompliance" +}' +``` + +**Note:** No response will be returned upon successful execution. + diff --git a/openapi-specs/compute/33-02/desc/policies/compliance_serverless_get.md b/openapi-specs/compute/33-02/desc/policies/compliance_serverless_get.md new file mode 100755 index 000000000..c7de886c1 --- /dev/null +++ b/openapi-specs/compute/33-02/desc/policies/compliance_serverless_get.md @@ -0,0 +1,18 @@ +Retrieves the compliance policy for serverless functions situated in your cloud provider's infrastructure. +A policy consists of ordered rules. + +This endpoint maps to **Defend > Compliance > Functions > Functions** in the Console UI. + +### cURL Request + +Refer to the following example cURL command: + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X GET \ + 'https:///api/v/policies/compliance/serverless' +``` + +A successful response returns a list of compliance rules in the policy. diff --git a/openapi-specs/compute/33-02/desc/policies/compliance_serverless_put.md b/openapi-specs/compute/33-02/desc/policies/compliance_serverless_put.md new file mode 100755 index 000000000..ea44d297e --- /dev/null +++ b/openapi-specs/compute/33-02/desc/policies/compliance_serverless_put.md @@ -0,0 +1,48 @@ +Updates the compliance policy for serverless functions situated in your cloud provider's infrastructure. +All rules in the policy are updated in a single shot. + +This endpoint maps to the policy table in **Defend > Compliance > Functions > Functions** in the Console UI. + +### cURL Request + +The following cURL command overwrites all rules in your current policy with a new policy that has a single rule. + +To construct an effective rule for this policy, specify at least one "check" and one `effect` value. +See [How to Construct a Compliance Policy](#how-to-construct-a-compliance-policy) for more info. + +For a full list of checks, go to **Defend > Compliance > Functions > Functions** in the Console UI and create a new rule. +All prebuilt checks and their IDs are shown under **Compliance actions**. + +```bash +$ curl 'https:///api/v/policies/compliance/serverless' \ + -k \ + -X PUT \ + -u \ + -H 'Content-Type: application/json' \ + -d \ +'{ + "rules":[ + { + "name":"my-rule", + "effect":"alert", + "collections":[ + { + "name":"All" + } + ], + "condition":{ + "vulnerabilities":[ + { + "id":434, + "block":false + } + ] + } + } + ], + "policyType":"serverlessCompliance" +}' +``` + +**Note:** No response will be returned upon successful execution. + diff --git a/openapi-specs/compute/33-02/desc/policies/compliance_vms_get.md b/openapi-specs/compute/33-02/desc/policies/compliance_vms_get.md new file mode 100755 index 000000000..f7d7e1a49 --- /dev/null +++ b/openapi-specs/compute/33-02/desc/policies/compliance_vms_get.md @@ -0,0 +1,18 @@ +Retrieves the compliance policy for VM images scanned in your cloud accounts. +A policy consists of ordered rules. + +This endpoint maps to the policy table in **Defend > Compliance > Hosts > VM images** in the Console UI. + +### cURL Request + +The following cURL command retrieves all rules in the policy. + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X GET \ + 'https:///api/v/policies/compliance/vms' +``` + +A successful response returns a list of compliance rules in the policy. \ No newline at end of file diff --git a/openapi-specs/compute/33-02/desc/policies/compliance_vms_impacted_get.md b/openapi-specs/compute/33-02/desc/policies/compliance_vms_impacted_get.md new file mode 100644 index 000000000..9cf5b9d03 --- /dev/null +++ b/openapi-specs/compute/33-02/desc/policies/compliance_vms_impacted_get.md @@ -0,0 +1,16 @@ +Retrieves a list of all resources a compliance rule impacts. +These rule names can be found from the `name` variable in the response from a `GET` on the basic policies/compliance endpoint. + +Use query parameters to retrieve the list of impacted resources by *account ID*, *rule name*, or *collection*. + +### cURL Request + +Refer to the following example cURL command, which retrieves a list of impacted resources: + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X GET \ + "https:///api/v/policies/compliance/vms/impacted" +``` diff --git a/openapi-specs/compute/33-02/desc/policies/compliance_vms_put.md b/openapi-specs/compute/33-02/desc/policies/compliance_vms_put.md new file mode 100755 index 000000000..f38b1c61f --- /dev/null +++ b/openapi-specs/compute/33-02/desc/policies/compliance_vms_put.md @@ -0,0 +1,48 @@ +Updates the compliance policy for VM images scanned in your cloud accounts. +All rules in the policy are updated in a single shot. + +This endpoint maps to the policy table in **Defend > Compliance > Hosts > VM images** in the Console UI. + + +### cURL Request + +The following cURL command overwrites all rules in your current policy with a new policy that has a single rule. + +To construct an effective rule for this policy, specify at least one "check" and one `effect` value. +See [How to Construct a Compliance Policy](#how-to-construct-a-compliance-policy) for more info. + +For a full list of checks, go to **Defend > Compliance > Hosts > VM images** in the Console UI and create a new rule. +All prebuilt checks and their IDs are shown under **Compliance actions**. + +```bash +$ curl 'https:///api/v/policies/compliance/vms' \ + -k \ + -X PUT \ + -u \ + -H 'Content-Type: application/json' \ + -d \ +'{ + "rules":[ + { + "name":"my-rule", + "effect":"alert", + "collections":[ + { + "name":"All" + } + ], + "condition":{ + "vulnerabilities":[ + { + "id":6151, + "block":false + } + ] + } + } + ], + "policyType":"vmCompliance" +}' +``` + +**Note:** No response will be returned upon successful execution. diff --git a/openapi-specs/compute/33-02/desc/policies/docker_get.md b/openapi-specs/compute/33-02/desc/policies/docker_get.md new file mode 100644 index 000000000..f56872c67 --- /dev/null +++ b/openapi-specs/compute/33-02/desc/policies/docker_get.md @@ -0,0 +1,11 @@ +Retrieves a list of all access control rules for Docker Engine commands. + +Example curl command: + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X GET \ + https://:8083/api/v1/policies/docker +``` diff --git a/openapi-specs/compute/33-02/desc/policies/docker_put.md b/openapi-specs/compute/33-02/desc/policies/docker_put.md new file mode 100644 index 000000000..860e2bb1e --- /dev/null +++ b/openapi-specs/compute/33-02/desc/policies/docker_put.md @@ -0,0 +1,33 @@ +Updates all Docker Engine access control rules in a single shot. +Updating all rules at the same time makes it possible to maintain strict ordering between rules. + +The procedure to add, edit, or remove Docker access control rules is: + +1. Get all Docker access control rules using the GET endpoint. + + The following curl command uses basic auth to retrieve a list of all rules, pretty-print the JSON response, and save the results to a file. + + ``` + $ curl -k \ + -u \ + https://:8083/api/v1/policies/docker \ + | jq '.' > docker_access_control_rules.json + ``` + +2. Modify the JSON output according to your needs. + +3. Update rules by pushing the new JSON payload. + + The following curl command installs the rules defined in your `docker_access_control_rules.json` file. + Do not forget to specify the `@` symbol. + + ``` + $ curl -k \ + -u \ + -X PUT \ + -H "Content-Type:application/json" \ + https://:8083/api/v1/policies/docker \ + --data-binary "@docker_access_control_rules.json" + ``` + +Any previously installed rules are overwritten. diff --git a/openapi-specs/compute/33-02/desc/policies/firewall_app-embedded_get.md b/openapi-specs/compute/33-02/desc/policies/firewall_app-embedded_get.md new file mode 100644 index 000000000..3da2a7cd6 --- /dev/null +++ b/openapi-specs/compute/33-02/desc/policies/firewall_app-embedded_get.md @@ -0,0 +1,18 @@ +Retrieves the WAAS policy for web apps protected by App-Embedded Defender. +A policy consists of ordered rules. + +This endpoint maps to **Defend > WAAS > App-Embedded** in the Console UI. + +### cURL Request + +Refer to the following example cURL command: + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X GET \ + 'https:///api/v/policies/firewall/app/app-embedded' +``` + +A successful response returns a list of rules in the policy. diff --git a/openapi-specs/compute/33-02/desc/policies/firewall_app-embedded_put.md b/openapi-specs/compute/33-02/desc/policies/firewall_app-embedded_put.md new file mode 100644 index 000000000..a74e1169e --- /dev/null +++ b/openapi-specs/compute/33-02/desc/policies/firewall_app-embedded_put.md @@ -0,0 +1,200 @@ +Updates the WAAS policy for web apps protected by App-Embedded Defender. +All rules in the policy are updated in a single shot. + +To invoke this endpoint in the Console UI: + +1. Navigate to **Defend > WAAS > App-Embedded**. +2. Click **+ Add rule** and enter the new rule information. +3. Click the **Add new app** button to move to the configuration window. +4. Configure the application with at least one endpoint, and click the **Save** button. + +Adding and maintaining rules for a WAAS app involves populating a large and complex JSON request body. +We recommend the following process: + +1. Manually define your app's policy via the Console UI as described [here](https://docs.twistlock.com/docs/compute_edition/waas/deploy_waas.html). +2. Use the **Export** button on **Defend** > **WAAS** to export the app's policy rules to a JSON file. +3. Use the exported file as a template to modify, then either import the file back in using the **Import** button, or use it as the basis for defining the rules to include in this endpoint's payload. + +### cURL Request + +The following cURL command overwrites all rules in your current policy with a new policy that has a single rule. + +```bash +$ curl 'https:///api/v/policies/firewall/app/app-embedded' \ + -k \ + -X PUT \ + -u \ + -H 'Content-Type: application/json' \ + -d \ +' +{ + "_id":"appEmbeddedAppFirewall", + "rules":[ + { + "name":"my-rule", + "collections":[ + { + "name":"All" + } + ], + "applicationsSpec":[ + { + "banDurationMinutes":5, + "certificate":{ + + }, + "dosConfig":{ + "effect":"disable", + "matchConditions":[ + + ] + }, + "apiSpec":{ + "endpoints":[ + { + "host":"*", + "basePath":"*", + "exposedPort":1, + "internalPort":1, + "tls":false, + "http2":false + } + ], + "paths":[ + { + "path":"/api/v1/logs/system/upload", + "methods":[ + { + "method":"POST" + } + ] + } + ], + "effect":"disable", + "fallbackEffect":"disable" + }, + "botProtectionSpec":{ + "userDefinedBots":[ + + ], + "knownBotProtectionsSpec":{ + "searchEngineCrawlers":"disable", + "businessAnalytics":"disable", + "educational":"disable", + "news":"disable", + "financial":"disable", + "contentFeedClients":"disable", + "archiving":"disable", + "careerSearch":"disable", + "mediaSearch":"disable" + }, + "unknownBotProtectionSpec":{ + "generic":"disable", + "webAutomationTools":"disable", + "webScrapers":"disable", + "apiLibraries":"disable", + "httpLibraries":"disable", + "botImpersonation":"disable", + "browserImpersonation":"disable", + "requestAnomalies":{ + "threshold":9, + "effect":"disable" + } + }, + "sessionValidation":"disable", + "interstitialPage":false, + "jsInjectionSpec":{ + "enabled":false, + "timeoutEffect":"disable" + } + }, + "networkControls":{ + "advancedProtectionEffect":"alert", + "deniedSubnetsEffect":"alert", + "deniedCountriesEffect":"alert", + "allowedCountriesEffect":"alert" + }, + "body":{ + "inspectionSizeBytes":131072 + }, + "intelGathering":{ + "infoLeakageEffect":"disable", + "removeFingerprintsEnabled":true + }, + "maliciousUpload":{ + "effect":"disable", + "allowedFileTypes":[ + + ], + "allowedExtensions":[ + + ] + }, + "csrfEnabled":true, + "clickjackingEnabled":true, + "sqli":{ + "effect":"prevent", + "exceptionFields":[ + + ] + }, + "xss":{ + "effect":"alert", + "exceptionFields":[ + + ] + }, + "attackTools":{ + "effect":"alert", + "exceptionFields":[ + + ] + }, + "shellshock":{ + "effect":"alert", + "exceptionFields":[ + + ] + }, + "malformedReq":{ + "effect":"alert", + "exceptionFields":[ + + ] + }, + "cmdi":{ + "effect":"alert", + "exceptionFields":[ + + ] + }, + "lfi":{ + "effect":"alert", + "exceptionFields":[ + + ] + }, + "codeInjection":{ + "effect":"alert", + "exceptionFields":[ + + ] + }, + "remoteHostForwarding":{ + + }, + "selected":true, + "headerSpecs":[ + + ] + } + ], + "expandDetails":true + } + ], + "minPort":30000, + "maxPort":31000 +}' +``` + +**Note:** No response will be returned upon successful execution. diff --git a/openapi-specs/compute/33-02/desc/policies/firewall_app_agentless_get.md b/openapi-specs/compute/33-02/desc/policies/firewall_app_agentless_get.md new file mode 100644 index 000000000..887614486 --- /dev/null +++ b/openapi-specs/compute/33-02/desc/policies/firewall_app_agentless_get.md @@ -0,0 +1 @@ + Returns the Agentless application firewall policy \ No newline at end of file diff --git a/openapi-specs/compute/33-02/desc/policies/firewall_app_agentless_impacted_get.md b/openapi-specs/compute/33-02/desc/policies/firewall_app_agentless_impacted_get.md new file mode 100644 index 000000000..382221d77 --- /dev/null +++ b/openapi-specs/compute/33-02/desc/policies/firewall_app_agentless_impacted_get.md @@ -0,0 +1 @@ +Returns a list of mirrored VMs for which the firewall policy rule applies to. \ No newline at end of file diff --git a/openapi-specs/compute/33-02/desc/policies/firewall_app_agentless_put.md b/openapi-specs/compute/33-02/desc/policies/firewall_app_agentless_put.md new file mode 100644 index 000000000..6fc8a0a16 --- /dev/null +++ b/openapi-specs/compute/33-02/desc/policies/firewall_app_agentless_put.md @@ -0,0 +1 @@ +Sets the Agentless WAAS policy. \ No newline at end of file diff --git a/openapi-specs/compute/33-02/desc/policies/firewall_app_agentless_resources_get.md b/openapi-specs/compute/33-02/desc/policies/firewall_app_agentless_resources_get.md new file mode 100644 index 000000000..e8165f2b9 --- /dev/null +++ b/openapi-specs/compute/33-02/desc/policies/firewall_app_agentless_resources_get.md @@ -0,0 +1 @@ + Returns the WAAS VPC configuration resources. \ No newline at end of file diff --git a/openapi-specs/compute/33-02/desc/policies/firewall_app_agentless_state_get.md b/openapi-specs/compute/33-02/desc/policies/firewall_app_agentless_state_get.md new file mode 100644 index 000000000..968086a90 --- /dev/null +++ b/openapi-specs/compute/33-02/desc/policies/firewall_app_agentless_state_get.md @@ -0,0 +1 @@ +Returns the state for the Agentless app firewall policy. \ No newline at end of file diff --git a/openapi-specs/compute/33-02/desc/policies/firewall_app_apispec_post.md b/openapi-specs/compute/33-02/desc/policies/firewall_app_apispec_post.md new file mode 100644 index 000000000..e4648a6c8 --- /dev/null +++ b/openapi-specs/compute/33-02/desc/policies/firewall_app_apispec_post.md @@ -0,0 +1,112 @@ +Resolves the endpoints defined in an OpenAPI/Swagger specification and returns a `waas.APISpec` object. + +The `waas.APISpec` object can be included in the body of a subsequent call to the `PUT api/v1/policies/firewall/app/app-embedded` endpoint to define an app that WAAS monitors and protects. + +To invoke this endpoint in the Console UI: + +1. Navigate to the **Defend > WAAS > App-Embedded** page. +2. Click **Add rule**. +3. Enter the details for the new rule and click **Add new app**. +4. On the **App definition** tab, click the **Import** button and select an OpenAPI/Swagger specification file. + +**Note:** You can use a YAML or JSON format for the OpenAPI/Swagger specification. + +### cURL Request + +Refer to the following example cURL command that imports an API from an OpenAPI/Swagger specification: + +```bash +$ curl 'https:///api/v/policies/firewall/app/apispec' \ + -k \ + -X POST \ + -u \ + -H 'Content-Type: application/json' \ + -d \ +'{ + "swagger": "2.0", + "info": { + "version": "2021.7.28", + "title": "Book API", + "description": "A simple API for books.", + "contact": { + "name": "John Smith", + "email": "test.email@email.com", + "url": "http://mywebsite.com" + }, + "license": { + "name": "Apache 2.0", + "url": "https://www.apache.org/licenses/LICENSE-2.0.html" + } + }, + "host": "api.mywebsite.com", + "basePath": "/api", + "schemes": [ + "http" + ], + "consumes": [ + "application/json" + ], + "produces": [ + "application/json" + ], + "paths": { + "/books": { + "get": { + "description": "Returns a list of books.", + "operationId": "findBooks", + "responses": { + "200": { + "description": "Success response", + "schema": { + "type": "array", + "items": { + "$ref": "#/definitions/Book" + } + } + }, + "default": { + "description": "unexpected error", + "schema": { + "$ref": "#/definitions/Error" + } + } + } + } + } + }, + "definitions": { + "Book": { + "allOf": [ + { + "required": [ + "id" + ], + "properties": { + "id": { + "type": "integer", + "format": "int64" + } + } + } + ] + }, + "Error": { + "required": [ + "code", + "message" + ], + "properties": { + "code": { + "type": "integer", + "format": "int32" + }, + "message": { + "type": "string" + } + } + } + } +}' +``` + +A successful response returns a `waas.APISpec` object containing the API specification that was imported. diff --git a/openapi-specs/compute/33-02/desc/policies/firewall_app_container_get.md b/openapi-specs/compute/33-02/desc/policies/firewall_app_container_get.md new file mode 100644 index 000000000..3b8c157fa --- /dev/null +++ b/openapi-specs/compute/33-02/desc/policies/firewall_app_container_get.md @@ -0,0 +1,17 @@ +Retrieves the WAAS policy for containers. +A policy consists of ordered rules. + +This endpoint maps to **Defend > WAAS > Container** in the Console UI. + +### cURL Request + +Refer to the following example cURL command: + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + 'https:///api/v/policies/firewall/app/container' +``` + +A successful response returns a list of rules in the policy. diff --git a/openapi-specs/compute/33-02/desc/policies/firewall_app_container_impacted_get.md b/openapi-specs/compute/33-02/desc/policies/firewall_app_container_impacted_get.md new file mode 100644 index 000000000..cce179f4f --- /dev/null +++ b/openapi-specs/compute/33-02/desc/policies/firewall_app_container_impacted_get.md @@ -0,0 +1 @@ +Returns a list of containers for which the firewall policy rule applies to. \ No newline at end of file diff --git a/openapi-specs/compute/33-02/desc/policies/firewall_app_container_put.md b/openapi-specs/compute/33-02/desc/policies/firewall_app_container_put.md new file mode 100644 index 000000000..56a794cc7 --- /dev/null +++ b/openapi-specs/compute/33-02/desc/policies/firewall_app_container_put.md @@ -0,0 +1,202 @@ +Updates the WAAS policy for containers. +All rules are updated in a single shot. + +Updating all rules at the same time makes it possible to maintain strict ordering between rules. + +To invoke this endpoint in the Console UI: + +1. Navigate to **Defend > WAAS > Container**. +2. Click **+ Add rule** and enter the new rule information. +3. Click the **Add new app** button to move to the configuration window. +4. Configure the application with at least one endpoint, and click the **Save** button. + +Adding and maintaining rules for a WAAS app involves populating a large and complex JSON request body. +We recommend the following process: + +1. Manually define your app's policy via the Console UI as described [here](https://docs.twistlock.com/docs/compute_edition/waas/deploy_waas.html). +2. Use the **Export** button on **Defend** > **WAAS** to export the app's policy rules to a JSON file. +3. Use the exported file as a template to modify, then either import the file back in using the **Import** button, or use it as the basis for defining the rules to include in this endpoint's payload. + +### cURL Request + +Refer to the following example cURL command that overwrites all applications rules with a single rule. + +``` +$ curl 'https:///api/v/policies/firewall/app/container' \ + -k \ + -X PUT \ + -u \ + -H 'Content-Type: application/json' \ + -d \ +' +{ + "_id":"appEmbeddedAppFirewall", + "rules":[ + { + "name":"my-rule", + "collections":[ + { + "name":"All" + } + ], + "applicationsSpec":[ + { + "banDurationMinutes":5, + "certificate":{ + + }, + "dosConfig":{ + "effect":"disable", + "matchConditions":[ + + ] + }, + "apiSpec":{ + "endpoints":[ + { + "host":"*", + "basePath":"*", + "exposedPort":1, + "internalPort":1, + "tls":false, + "http2":false + } + ], + "paths":[ + { + "path":"/api/v1/logs/system/upload", + "methods":[ + { + "method":"POST" + } + ] + } + ], + "effect":"disable", + "fallbackEffect":"disable" + }, + "botProtectionSpec":{ + "userDefinedBots":[ + + ], + "knownBotProtectionsSpec":{ + "searchEngineCrawlers":"disable", + "businessAnalytics":"disable", + "educational":"disable", + "news":"disable", + "financial":"disable", + "contentFeedClients":"disable", + "archiving":"disable", + "careerSearch":"disable", + "mediaSearch":"disable" + }, + "unknownBotProtectionSpec":{ + "generic":"disable", + "webAutomationTools":"disable", + "webScrapers":"disable", + "apiLibraries":"disable", + "httpLibraries":"disable", + "botImpersonation":"disable", + "browserImpersonation":"disable", + "requestAnomalies":{ + "threshold":9, + "effect":"disable" + } + }, + "sessionValidation":"disable", + "interstitialPage":false, + "jsInjectionSpec":{ + "enabled":false, + "timeoutEffect":"disable" + } + }, + "networkControls":{ + "advancedProtectionEffect":"alert", + "deniedSubnetsEffect":"alert", + "deniedCountriesEffect":"alert", + "allowedCountriesEffect":"alert" + }, + "body":{ + "inspectionSizeBytes":131072 + }, + "intelGathering":{ + "infoLeakageEffect":"disable", + "removeFingerprintsEnabled":true + }, + "maliciousUpload":{ + "effect":"disable", + "allowedFileTypes":[ + + ], + "allowedExtensions":[ + + ] + }, + "csrfEnabled":true, + "clickjackingEnabled":true, + "sqli":{ + "effect":"prevent", + "exceptionFields":[ + + ] + }, + "xss":{ + "effect":"alert", + "exceptionFields":[ + + ] + }, + "attackTools":{ + "effect":"alert", + "exceptionFields":[ + + ] + }, + "shellshock":{ + "effect":"alert", + "exceptionFields":[ + + ] + }, + "malformedReq":{ + "effect":"alert", + "exceptionFields":[ + + ] + }, + "cmdi":{ + "effect":"alert", + "exceptionFields":[ + + ] + }, + "lfi":{ + "effect":"alert", + "exceptionFields":[ + + ] + }, + "codeInjection":{ + "effect":"alert", + "exceptionFields":[ + + ] + }, + "remoteHostForwarding":{ + + }, + "selected":true, + "headerSpecs":[ + + ] + } + ], + "expandDetails":true + } + ], + "minPort":30000, + "maxPort":31000 +}' +``` + +​**Note:** No response will be returned upon successful execution. diff --git a/openapi-specs/compute/33-02/desc/policies/firewall_app_host_get.md b/openapi-specs/compute/33-02/desc/policies/firewall_app_host_get.md new file mode 100644 index 000000000..adb90128a --- /dev/null +++ b/openapi-specs/compute/33-02/desc/policies/firewall_app_host_get.md @@ -0,0 +1,18 @@ +Retrieves the WAAS policy for hosts. +A policy consists of ordered rules. + +This endpoint maps to **Defend > WAAS > Host** in the Console UI. + +### cURL Request + +Refer to the following example cURL command: + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X GET \ + 'https:///api/v/policies/firewall/app/host' +``` + +A successful response returns a list of rules in the policy. diff --git a/openapi-specs/compute/33-02/desc/policies/firewall_app_host_impacted_get.md b/openapi-specs/compute/33-02/desc/policies/firewall_app_host_impacted_get.md new file mode 100644 index 000000000..494518511 --- /dev/null +++ b/openapi-specs/compute/33-02/desc/policies/firewall_app_host_impacted_get.md @@ -0,0 +1 @@ +Returns a list of hosts for which the firewall policy rule applies to. \ No newline at end of file diff --git a/openapi-specs/compute/33-02/desc/policies/firewall_app_host_put.md b/openapi-specs/compute/33-02/desc/policies/firewall_app_host_put.md new file mode 100644 index 000000000..bb3aa36fa --- /dev/null +++ b/openapi-specs/compute/33-02/desc/policies/firewall_app_host_put.md @@ -0,0 +1,173 @@ +Updates the WAAS policy for hosts. +All rules in the policy are updated in a single shot. + +To invoke this endpoint in the Console UI: + +1. Navigate to **Defend > WAAS > Host**. +2. Click **+ Add rule** and enter the new rule information. +3. Click the **Add new app** button to move to the configuration window. +4. Configure the application with at least one endpoint, and click the **Save** button. + +Adding and maintaining rules for a WAAS app involves populating a large and complex JSON request body. +We recommend the following process: + +1. Manually define your app's policy via the Console UI as described [here](https://docs.twistlock.com/docs/compute_edition/waas/deploy_waas.html). +2. Use the **Export** button on **Defend** > **WAAS** to export the app's policy rules to a JSON file. +3. Use the exported file as a template to modify, then either import the file back in using the **Import** button, or use it as the basis for defining the rules to include in this endpoint's payload. + +### cURL Request + +Refer to the following example cURL command that overwrites all rules in your current policy with a new policy that has a single rule: + +```bash +$ curl 'https:///api/v/policies/firewall/app/host' \ + -k \ + -X PUT \ + -u \ + -H 'Content-Type: application/json' \ + -d \ +'{ + "_id":"hostAppFirewall", + "rules":[ + { + "name":"My Rule", + "notes":"My Notes 4", + "collections":[ + { + "name":"All" + } + ], + "applicationsSpec":[ + { + "banDurationMinutes":5, + "certificate":{ + "encrypted":"" + }, + "dosConfig":{ + "effect":"disable" + }, + "apiSpec":{ + "description":"test", + "endpoints":[ + { + "host":"*", + "basePath":"*", + "exposedPort":0, + "internalPort":1, + "tls":false, + "http2":false + } + ], + "effect":"disable", + "fallbackEffect":"disable" + }, + "botProtectionSpec":{ + "userDefinedBots":[ + + ], + "knownBotProtectionsSpec":{ + "searchEngineCrawlers":"disable", + "businessAnalytics":"disable", + "educational":"disable", + "news":"disable", + "financial":"disable", + "contentFeedClients":"disable", + "archiving":"disable", + "careerSearch":"disable", + "mediaSearch":"disable" + }, + "unknownBotProtectionSpec":{ + "generic":"disable", + "webAutomationTools":"disable", + "webScrapers":"disable", + "apiLibraries":"disable", + "httpLibraries":"disable", + "botImpersonation":"disable", + "browserImpersonation":"disable", + "requestAnomalies":{ + "threshold":9, + "effect":"disable" + } + }, + "sessionValidation":"disable", + "interstitialPage":false, + "jsInjectionSpec":{ + "enabled":false, + "timeoutEffect":"disable" + } + }, + "networkControls":{ + "advancedProtectionEffect":"alert", + "deniedSubnetsEffect":"alert", + "deniedCountriesEffect":"alert", + "allowedCountriesEffect":"alert" + }, + "body":{ + "inspectionSizeBytes":131072 + }, + "intelGathering":{ + "infoLeakageEffect":"disable", + "removeFingerprintsEnabled":true + }, + "maliciousUpload":{ + "effect":"disable", + "allowedFileTypes":[ + ], + "allowedExtensions":[ + ] + }, + "csrfEnabled":true, + "clickjackingEnabled":true, + "sqli":{ + "effect":"alert", + "exceptionFields":[ + ] + }, + "xss":{ + "effect":"alert", + "exceptionFields":[ + ] + }, + "attackTools":{ + "effect":"alert", + "exceptionFields":[ + ] + }, + "shellshock":{ + "effect":"alert", + "exceptionFields":[ + ] + }, + "malformedReq":{ + "effect":"alert", + "exceptionFields":[ + ] + }, + "cmdi":{ + "effect":"alert", + "exceptionFields":[ + ] + }, + "lfi":{ + "effect":"alert", + "exceptionFields":[ + ] + }, + "codeInjection":{ + "effect":"alert", + "exceptionFields":[ + ] + }, + "remoteHostForwarding":{ + } + } + ], + "expandDetails":true + } + ], + "minPort":30000, + "maxPort":31000 +}' +``` + +**Note:** No response will be returned upon successful execution. diff --git a/openapi-specs/compute/33-02/desc/policies/firewall_app_network_list_get.md b/openapi-specs/compute/33-02/desc/policies/firewall_app_network_list_get.md new file mode 100644 index 000000000..13f7fb450 --- /dev/null +++ b/openapi-specs/compute/33-02/desc/policies/firewall_app_network_list_get.md @@ -0,0 +1,20 @@ +Retrieves a list of all WAAS network lists. +Network lists are groups or related IPv4 addresses and CIDR blocks used in WAAS policy rules. + +This endpoint is typically called as part of a process to programmatically update network lists based on new threat intelligence. +For example: add, update, or delete IP addresses. + +This endpoint maps to **Defend > WAAS > Network lists** in the Console UI. + +### cURL Request + +Refer to the following example cURL command: + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + 'https:///api/v/policies/firewall/app/network-list' +``` + +A successful response returns the lists of IPv4 addresses/IP CIDR blocks for networks in WAAS. diff --git a/openapi-specs/compute/33-02/desc/policies/firewall_app_network_list_id_delete.md b/openapi-specs/compute/33-02/desc/policies/firewall_app_network_list_id_delete.md new file mode 100644 index 000000000..4aba76dd8 --- /dev/null +++ b/openapi-specs/compute/33-02/desc/policies/firewall_app_network_list_id_delete.md @@ -0,0 +1,23 @@ +Deletes an existing WAAS network list. + +This endpoint is typically called to programmatically delete a network list, based on new threat intelligence. + +To invoke this endpoint in the Console UI: + +1. Navigate to the **Defend > WAAS > Network lists** page. +2. Locate an existing list in the table to delete and click the trash icon under the **Actions** columns. +3. Click **Delete Network List** to confirm the deletion. + +### cURL Request + +Refer to the following example cURL command that deletes a new network list. + +```bash +$ curl 'https:///api/v/policies/firewall/app/network-list/{id}' \ + -k \ + -X DELETE \ + -u \ + -H 'Content-Type: application/json' +``` + +​**Note:** No response will be returned upon successful execution. diff --git a/openapi-specs/compute/33-02/desc/policies/firewall_app_network_list_post.md b/openapi-specs/compute/33-02/desc/policies/firewall_app_network_list_post.md new file mode 100644 index 000000000..0ebd39dcf --- /dev/null +++ b/openapi-specs/compute/33-02/desc/policies/firewall_app_network_list_post.md @@ -0,0 +1,31 @@ +Creates a new WAAS network list. + +This endpoint is typically called to programmatically create a list, based on new threat intelligence. + +To invoke this endpoint in the Console UI: + +1. Navigate to the **Defend > WAAS > Network lists** page. +2. Click **+ Add new network list**. +3. Enter the details for the new network list and click **Save Network List** + +### cURL Request + +Refer to the following example cURL command that adds a new network list. + +```bash +$ curl 'https:///api/v/policies/firewall/app/network-list' \ + -k \ + -X POST \ + -u \ + -H 'Content-Type: application/json' \ + -d \ +'{ + "_id":"{id}", + "subnets":[ + "192.145.2.3", + "192.167.2.2" + ] +}' +``` + +​**Note:** No response will be returned upon successful execution. diff --git a/openapi-specs/compute/33-02/desc/policies/firewall_app_network_list_put.md b/openapi-specs/compute/33-02/desc/policies/firewall_app_network_list_put.md new file mode 100644 index 000000000..68fdc558b --- /dev/null +++ b/openapi-specs/compute/33-02/desc/policies/firewall_app_network_list_put.md @@ -0,0 +1,31 @@ +Updates an existing WAAS network list. + +This endpoint is typically called to programmatically update a network list, based on new threat intelligence. + +To invoke this endpoint in the Console UI: + +1. Navigate to the **Defend > WAAS > Network lists** page. +2. Click on an existing list in the table and update the list as required. +3. Click **Update Network List** to save the changes. + +### cURL Request + +Refer to the following example cURL command that updates a network list. + +```bash +$ curl 'https:///api/v/policies/firewall/app/network-list' \ + -k \ + -X PUT \ + -u \ + -H 'Content-Type: application/json' \ + -d \ +'{ + "_id":"{id}", + "subnets":[ + "192.145.3.3", + "192.167.3.2" + ] +}' +``` + +​**Note:** No response will be returned upon successful execution. diff --git a/openapi-specs/compute/33-02/desc/policies/firewall_app_out-of-band_get.md b/openapi-specs/compute/33-02/desc/policies/firewall_app_out-of-band_get.md new file mode 100644 index 000000000..d4f72d041 --- /dev/null +++ b/openapi-specs/compute/33-02/desc/policies/firewall_app_out-of-band_get.md @@ -0,0 +1,18 @@ +Discovers and detects the HTTP traffic for an existing WAAS out of band custom rule. +A policy consists of ordered rules. + +This endpoint maps to **Defend > WAAS > Out of band** in the Console UI. + +### cURL Request + +Refer to the following example cURL command: + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X GET \ + 'https:///api/v/policies/firewall/app/out-of-band' +``` + +A successful response returns a list of rules in the policy. \ No newline at end of file diff --git a/openapi-specs/compute/33-02/desc/policies/firewall_app_out-of-band_impacted_get.md b/openapi-specs/compute/33-02/desc/policies/firewall_app_out-of-band_impacted_get.md new file mode 100644 index 000000000..25d2c6691 --- /dev/null +++ b/openapi-specs/compute/33-02/desc/policies/firewall_app_out-of-band_impacted_get.md @@ -0,0 +1,17 @@ +Discovers and detects the impacted resources for the HTTP traffic in an existing WAAS out of band custom rule. + +This endpoint maps to **Defend > WAAS > Out of band** in the Console UI. + +### cURL Request + +Refer to the following example cURL command: + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X GET \ + 'https:///api/v/policies/firewall/app/out-of-band/impacted' +``` + +A successful response returns a list of impacted resources in the policy. \ No newline at end of file diff --git a/openapi-specs/compute/33-02/desc/policies/firewall_app_out-of-band_put.md b/openapi-specs/compute/33-02/desc/policies/firewall_app_out-of-band_put.md new file mode 100644 index 000000000..4e8445660 --- /dev/null +++ b/openapi-specs/compute/33-02/desc/policies/firewall_app_out-of-band_put.md @@ -0,0 +1,30 @@ +Updates or edits a WAAS custom rule for out of band traffic. +A policy consists of ordered rules. + +This endpoint maps to **Defend > WAAS > Out of band** in the Console UI. + +### cURL Request + +Refer to the following example cURL command: + +```bash +$ curl 'https:///api/v/policies/firewall/app/out-of-band' \ + -k \ + -X PUT \ + -u \ + -H 'Content-Type: application/json' \ + -d \ +'{ + "rules":[ + { + "name":"my-rule", + "effect":"disable", + "collections":[ + { + "name":"All" + } + ], + } + ], +}' +``` \ No newline at end of file diff --git a/openapi-specs/compute/33-02/desc/policies/firewall_app_rasp_get.md b/openapi-specs/compute/33-02/desc/policies/firewall_app_rasp_get.md new file mode 100644 index 000000000..15d481cf3 --- /dev/null +++ b/openapi-specs/compute/33-02/desc/policies/firewall_app_rasp_get.md @@ -0,0 +1,7 @@ +Retrieves a list of all application firewall (CNAF) rules for RASP. + +``` +$ curl -k \ + -u \ + https://:8083/api/v1/policies/firewall/app/rasp +``` diff --git a/openapi-specs/compute/33-02/desc/policies/firewall_app_rasp_put.md b/openapi-specs/compute/33-02/desc/policies/firewall_app_rasp_put.md new file mode 100644 index 000000000..04ba86483 --- /dev/null +++ b/openapi-specs/compute/33-02/desc/policies/firewall_app_rasp_put.md @@ -0,0 +1,33 @@ +Updates all application firewall (CNAF for RASP) rules in a single shot. +Updating all rules at the same time makes it possible to maintain strict ordering between rules. + +The procedure to add, edit, or remove rules is: + +1. Get all rules using the GET endpoint. + + The following curl command uses basic auth to retrieve a list of all rules, pretty-print the JSON response, and save the results to a file. + + ``` + $ curl -k \ + -u \ + https://:8083/api/v1/policies/firewall/app/rasp \ + | jq '.' > app_firewall_rules.json + ``` + +2. Modify the JSON output according to your needs. + +3. Update rules by pushing the new JSON payload. + + The following curl command installs the rules defined in your `app_firewall_rules.json` file. + Do not forget to specify the `@` symbol. + + ``` + $ curl -k \ + -u \ + -X PUT \ + -H "Content-Type:application/json" \ + https://:8083/api/v1/policies/firewall/app/rasp \ + --data-binary "@app_firewall_rules.json" + ``` + +Any previously installed rules are overwritten. diff --git a/openapi-specs/compute/33-02/desc/policies/firewall_app_serverless_get.md b/openapi-specs/compute/33-02/desc/policies/firewall_app_serverless_get.md new file mode 100644 index 000000000..d19e909f3 --- /dev/null +++ b/openapi-specs/compute/33-02/desc/policies/firewall_app_serverless_get.md @@ -0,0 +1,16 @@ +Retrieves a list of all WAAS policy rules for serverless functions. + +This endpoint maps to **Defend > WAAS > Serverless** in the Console UI. + +### cURL Request + +Refer to the following example cURL command: + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + 'https:///api/v/policies/firewall/app/serverless' +``` + +A successful response returns a list of firewall rules in the policy. diff --git a/openapi-specs/compute/33-02/desc/policies/firewall_app_serverless_put.md b/openapi-specs/compute/33-02/desc/policies/firewall_app_serverless_put.md new file mode 100644 index 000000000..16ae54210 --- /dev/null +++ b/openapi-specs/compute/33-02/desc/policies/firewall_app_serverless_put.md @@ -0,0 +1,82 @@ +Updates the WAAS policy for serverless functions. + +To invoke this endpoint in the Console UI: + +1. Navigate to the **Defend > WAAS > Serverless** page. +2. Click **+ Add rule**. +3. Enter the details for the new serverless function and click **Save** + +Adding and maintaining rules for a WAAS app involves populating a large and complex JSON request body. +We recommend the process: + +1. Manually define your app's policy via the Console UI as described [here](https://docs.twistlock.com/docs/compute_edition/waas/deploy_waas.html). +2. Use the **Export** button on **Defend** > **WAAS** to export the app's policy rules to a JSON file. +3. Use the exported file as a template to modify, then either import the file back in using the **Import** button, or use it as the basis for defining the rules to include in this endpoint's payload. + +### cURL Request + +Refer to the following example cURL command: + +```bash +$ curl 'https:///api/v/policies/firewall/app/serverless' \ + -k \ + -X PUT \ + -u \ + -H 'Content-Type: application/json' \ + -d \ +'{ + "_id": "serverlessAppFirewall", + "rules": [ + { + "name": "{id}", + "previousName": "", + "collections": [ + { + "hosts": ["*"], + "images": ["*"], + "labels": ["*"], + "containers": ["*"], + "functions": ["*"], + "namespaces": ["*"], + "appIDs": ["*"], + "accountIDs": ["*"], + "codeRepos": ["*"], + "clusters": ["*"], + "name": "All" + } + ], + "applicationsSpec": [ + { + "xss": { + "effect": "alert", + "exceptionFields": [] + }, + "codeInjection": { + "effect": "alert", + "exceptionFields": [] + }, + "sqli": { + "effect": "alert", + "exceptionFields": [] + }, + "lfi": { + "effect": "alert", + "exceptionFields": [] + }, + "cmdi": { + "effect": "alert", + "exceptionFields": [] + }, + "body": { + "inspectionSizeBytes": 131072 + } + } + ] + } + ], + "minPort": 0, + "maxPort": 0 +}' +``` + +​**Note:** No response will be returned upon successful execution. diff --git a/openapi-specs/compute/33-02/desc/policies/firewall_network_container_get.md b/openapi-specs/compute/33-02/desc/policies/firewall_network_container_get.md new file mode 100644 index 000000000..3f1343b53 --- /dev/null +++ b/openapi-specs/compute/33-02/desc/policies/firewall_network_container_get.md @@ -0,0 +1,12 @@ +Retrieves a list of all CNNS container and host rules. + +### cURL Request +Refer to the following example cURL command: + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X GET \ + "https:///api/v/policies/firewall/network" +``` diff --git a/openapi-specs/compute/33-02/desc/policies/firewall_network_container_put.md b/openapi-specs/compute/33-02/desc/policies/firewall_network_container_put.md new file mode 100644 index 000000000..fd9263430 --- /dev/null +++ b/openapi-specs/compute/33-02/desc/policies/firewall_network_container_put.md @@ -0,0 +1,37 @@ +Updates all container and host CNNS rules in a single shot. +Updating all rules at the same time makes it possible to maintain strict ordering between rules. + +The procedure to add, edit, or remove rules is: + +1. Get all rules using the GET endpoint. + + ### cURL Request + Refer to the following example cURL command that retrieves a list of all rules, pretty-print the JSON response, and save the results to a file: + + ```bash + $ curl -k \ + -u \ + -X PUT \ + -H "Content-Type:application/json" \ + -o \ + "https:///api/v/policies/firewall/network/container" + ``` + +2. Modify the JSON output according to your needs. + +3. Update rules by pushing the new JSON payload. + + ### cURL Request + Refer to the following example cURL command that installs the rules defined in your `network_firewall_rules.json` file. + Do not forget to specify the `@` symbol. + + ```bash + $ curl -k \ + -u \ + -X PUT \ + -H "Content-Type:application/json" \ + --data-binary "@network_firewall_rules.json" \ + "https:///api/v/policies/firewall/network/container" + ``` + +Any previously installed rules are overwritten. diff --git a/openapi-specs/compute/33-02/desc/policies/firewall_network_entities_get.md b/openapi-specs/compute/33-02/desc/policies/firewall_network_entities_get.md new file mode 100644 index 000000000..757121f70 --- /dev/null +++ b/openapi-specs/compute/33-02/desc/policies/firewall_network_entities_get.md @@ -0,0 +1,9 @@ +Retrieves a list of all CNNF network objects. + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X GET \ + https:///api/v/policies/firewall/network/entities +``` diff --git a/openapi-specs/compute/33-02/desc/policies/firewall_network_entities_put.md b/openapi-specs/compute/33-02/desc/policies/firewall_network_entities_put.md new file mode 100644 index 000000000..83c023286 --- /dev/null +++ b/openapi-specs/compute/33-02/desc/policies/firewall_network_entities_put.md @@ -0,0 +1,17 @@ +Updates the list of CNNF network objects. + +The following example curl command updates the network objects. There is an example of all three types (images,subnets, and applications ): + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X PUT \ + -d \ +'[ + {"_id":"Ubuntu","type":"container","resource":{"images":["ubuntu:latest"],"labels":["*"]}}, + {"_id":"Google DNS","type":"subnet","resource":{"labels":["*"]},"subnets":[{"name":"8.8.8.8/24","cidr":"8.8.8.8/24"}]}, + {"_id":"SSH","type":"appID","resource":{"appIDs":["ssh"]},"subnets":[]} +]' \ + https://:8083/api/v1/policies/firewall/network/entities +``` diff --git a/openapi-specs/compute/33-02/desc/policies/policies.md b/openapi-specs/compute/33-02/desc/policies/policies.md new file mode 100644 index 000000000..69768c03d --- /dev/null +++ b/openapi-specs/compute/33-02/desc/policies/policies.md @@ -0,0 +1,186 @@ +Policies are sets of ordered rules. +[Rule order](https://docs.twistlock.com/docs/latest/configure/rule_ordering_pattern_matching.html) determines how a policy is evaluated. + +You can manage your rules and policies programmatically using the policy API endpoints. + +For more information about policy endpoints, see: + +* [How to Add / Update Policy Rules](#how-to-add--update-policy-rules) +* [How to Delete Policy Rules](#how-to-delete-policy-rules) +* [How to Construct a Compliance Policy](#how-to-construct-a-compliance-policy) + + +### How to Add / Update Policy Rules + +All of the `PUT /api/vVERSION/policies/*` endpoints work similarly. + +To add, edit, or remove vulnerability rules from a policy: + +1. Retrieve the entire policy, which includes all the vulnerability rules using the `GET` endpoint. + + For example, the following cURL command uses basic auth to retrieve a list of all image vulnerability rules, pretty-prints the JSON response, and saves the results to a `vulnerability_rules.json` file. + + ```bash + $ curl -k \ + -u \ + https:///api/v1/policies/runtime/host \ + | jq '.' > vulnerability_rules.json + ``` + +2. Modify the saved JSON with the updates, including any new rule insertions. **Note:** Rule order is important. + +3. Update the rules by pushing the new JSON payload into the `PUT` endpoint. + + For example, the following cURL command installs the rules defined in your `vulnerability_rules.json` file. + + **Note:** Remember to specify the `@` symbol. + + ```bash + $ curl -k \ + -u \ + -X PUT \ + -H "Content-Type:application/json" \ + 'https:///api/v/policies/runtime/host \ + --data-binary "@vulnerability_rules.json"' + ``` + +Any previously installed rules are overwritten. + +#### Minimum Rule Parameters + +To create or update a rule, specify the following: + +* Rule name +* At least 1 collection specifying a collection name (at minimum) +* A block threshold (optional, but recommended) +* An alert threshold (optional, but recommended) + +For example, to replace all the vulnerability rules for CI image deployments: + +```bash +$ curl 'https:///api/v/policies/vulnerability/ci/images?project=' \ + -X PUT \ + -u \ + -H 'Content-Type: application/json' \ + -d \ +'{ + "rules": [ + { + "name": "", + "collections":[ + { + "name":"", + } + ], + "alertThreshold":{ + "disabled":false, + "value":4 + }, + "blockThreshold":{ + "enabled":false, + "value":0 + }, + } + ], + "policyType": "ciImagesVulnerability" +}' +``` + +**Note:** The default alert threshold of `Low` is typically too broad and not actionable. Usually you'll want to specify a threshold of `Critical` or `High`. + +##### Referencing Collections by Name + +You can reference a collection by its name when creating / updating a rule. +If the collection name exists in Console, the remaining resource fields for the collection will automatically be filled in. + +**Note:** The referenced collections *must* exist prior to creating / updating rules, or the API will not add / update your rules. + +In Console, the default collection is `All`. +`All` is a collection created by the system when the software is installed / upgraded. +When using the API, you can specify `All` as the `` to apply the default collection. + +### How to Delete Policy Rules + +In general, the policy endpoints don't have `DELETE` methods. +Use the `PUT` method to delete all rules by submitting an empty JSON object. + +For example, to delete all host runtime rules: + +``` +curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X PUT \ + -d '{}' \ + https:///api/v1/policies/runtime/host +``` + +### How to Construct a Compliance Policy + +To construct an effective rule for a compliance policy: + +1. Specify at least one "check" in the `condition.vulnerabilities` object. +A check is a security best practice or baseline setting which will be validated by the scanner. + +2. Specify an action for each check. +Prisma Cloud needs to know what to do when a check fails (for example, alert or block). + +3. In the `effect` parameter, specify the range of possible actions configured in the rule. +The value in `effect` a comma-separated list. + + For example, in a one-check rule, the effect could be `alert` or in a two-check rule, the effect could be `alert, fail`. + + See [Actions for failed checks](#actions-for-failed-checks) for more info. + +The following curl command creates a single rule compliance policy for container images scanned in the CI pipeline: + +```bash +$ curl 'https:///api/v/policies/compliance/ci/images' \ + -k \ + -X PUT \ + -u \ + -H 'Content-Type: application/json' \ + -d \ +'{ + "rules": [ + { + "name": "my-rule", + "effect": "alert", + "collections":[ + { + "name":"All" + } + ], + "condition": { + "vulnerabilities": [ + { + "id": 41, + "block": false, + "minSeverity": 1 + } + ] + } + } + ], + "policyType": "ciImagesCompliance" +}' +``` + +#### Actions for failed checks + +To configure Prisma Cloud to run a check, add the check to your rule in the `condition.vulnerabilities` object. +For each check, specify the action to take if the check fails. +Actions are set on a per-check basis in `condition.vulnerabilities[X].block`, where: + +Effect |`condition.vulnerabilities[X].block` +---|--- +`alert`|`false` +`fail`|`true` + +The `ignore` effect is set implicitly for any check *not* explicitly included in the `condition.vulnerabilities[X]` array. + +The `effect` parameter is a helper for the Console UI and has no impact on the policy itself. +However, we recommend you specify an `effect` parameter for each rule, to ensure the policy table in the Console UI renders properly. + +In the UI, these are convenience strings which enable you to quickly review the policy table and see the effect of each rule. +For example, you may want to quickly find the rule that's failing/blocking your build in the CI pipeline. diff --git a/openapi-specs/compute/33-02/desc/policies/runtime_app-embedded_get.md b/openapi-specs/compute/33-02/desc/policies/runtime_app-embedded_get.md new file mode 100755 index 000000000..fcf0ba8b9 --- /dev/null +++ b/openapi-specs/compute/33-02/desc/policies/runtime_app-embedded_get.md @@ -0,0 +1,18 @@ +Retrieves the runtime policy for apps protected by App-Embedded Defenders. +A policy consists of ordered rules. + +This endpoint maps to **Defend > Runtime > App-Embedded policy** in the Console UI. + +### cURL Request + +Refer to the following example cURL command: + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X GET \ + 'https:///api/v/policies/runtime/app-embedded' +``` + +A successful response returns a list of runtime rules in the policy. diff --git a/openapi-specs/compute/33-02/desc/policies/runtime_app-embedded_post.md b/openapi-specs/compute/33-02/desc/policies/runtime_app-embedded_post.md new file mode 100644 index 000000000..7b4b50ab7 --- /dev/null +++ b/openapi-specs/compute/33-02/desc/policies/runtime_app-embedded_post.md @@ -0,0 +1,56 @@ +Adds a runtime policy for app-embedded deployments. + +This endpoint maps to the **Add rule** button in **Defend > Runtime > App-Embedded policy** in the Console UI. + +### cURL Request + +The following cURL command adds a single rule to your policy. + +```bash +$ curl 'https:///api/v/policies/runtime/app-embedded' \ + -k \ + -X POST \ + -u \ + -H 'Content-Type: application/json' \ + -d \ +'{ + "name":"my-rule", + "collections":[ + { + "name":"All" + } + ], + "processes":{ + "effect":"alert" + }, + "network":{ + "effect":"alert", + "blacklistIPs":[ + ], + "blacklistListeningPorts":[ + ], + "whitelistListeningPorts":[ + ], + "blacklistOutboundPorts":[ + ], + "whitelistOutboundPorts":[ + { + "start":4312, + "end":4555, + "deny":false + } + ], + "whitelistIPs":[ + ] + }, + "dns":{ + "effect":"prevent", + "whitelist":[ + ], + "blacklist":[ + ] + } +}' +``` + +**Note:** No response will be returned upon successful execution. diff --git a/openapi-specs/compute/33-02/desc/policies/runtime_app-embedded_put.md b/openapi-specs/compute/33-02/desc/policies/runtime_app-embedded_put.md new file mode 100644 index 000000000..e0ba70599 --- /dev/null +++ b/openapi-specs/compute/33-02/desc/policies/runtime_app-embedded_put.md @@ -0,0 +1,40 @@ +Updates the runtime policy for app-embedded deployments. +All rules in the policy are updated in a single shot. + +This endpoint maps to the **Add rule** button in **Defend > Runtime > App-Embedded policy** in the Console UI. + +### cURL Request + +The following cURL command overwrites all rules in your current policy with a new policy that has a single rule. + +```bash +$ curl 'https:///api/v/policies/runtime/app-embedded' \ + -k \ + -X PUT \ + -u \ + -H 'Content-Type: application/json' \ + -d \ +'{ + "rules":[ + { + "name":"my-rule", + "collections":[ + { + "name":"All" + } + ], + "processes":{ + "effect":"alert" + }, + "network":{ + "effect":"alert" + }, + "dns":{ + "effect":"alert" + } + } + ] +}' +``` + +**Note:** No response will be returned upon successful execution. diff --git a/openapi-specs/compute/33-02/desc/policies/runtime_container_get.md b/openapi-specs/compute/33-02/desc/policies/runtime_container_get.md new file mode 100644 index 000000000..f1b50b727 --- /dev/null +++ b/openapi-specs/compute/33-02/desc/policies/runtime_container_get.md @@ -0,0 +1,18 @@ +Retrieves the runtime policy for containers protected by Defender. +A policy consists of ordered rules. + +This endpoint maps to **Defend > Runtime > Container policy** in the Console UI. + +### cURL Request + +Refer to the following example cURL command: + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X GET \ + 'https:///api/v/policies/runtime/container' +``` + +A successful response returns a list of runtime rules in the policy. diff --git a/openapi-specs/compute/33-02/desc/policies/runtime_container_impacted_get.md b/openapi-specs/compute/33-02/desc/policies/runtime_container_impacted_get.md new file mode 100644 index 000000000..195f75547 --- /dev/null +++ b/openapi-specs/compute/33-02/desc/policies/runtime_container_impacted_get.md @@ -0,0 +1,25 @@ +Returns the impacted images based on a given rule +In the Console UI, you can see how it works by going to the **Defend > Runtime > Container policy** page and clicking the **Show** link. + +### cURL Request + +Refer to the following example cURL command: + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X GET \ + 'https:///api/v/policies/runtime/container/impacted?ruleName={ruleName}' +``` + +For additional help with your `ruleName`: + +```bash +$ curl -k -G \ + -u \ + -H 'Content-Type: application/json' \ + -X GET \ + --data-urlencode 'ruleName=Default - alert on suspicious runtime behavior' \ + 'https:///api/v/policies/runtime/container/impacted' +``` diff --git a/openapi-specs/compute/33-02/desc/policies/runtime_container_post.md b/openapi-specs/compute/33-02/desc/policies/runtime_container_post.md new file mode 100644 index 000000000..aee338386 --- /dev/null +++ b/openapi-specs/compute/33-02/desc/policies/runtime_container_post.md @@ -0,0 +1,49 @@ +Updates the runtime policy for containers. +All rules in the policy are updated in a single shot. + +Prisma Cloud automatically builds allow-list security models for each container image in your environment. +Use runtime container rules to augment the rules in those models. +Manually defined rules augment learned models as follows: + +Policy (allowed) = Manual rules (explicitly allowed) + Model (all learned behavior) - Manual rules (explicitly denied) + +This endpoint maps to the **Add rule** button in **Defend > Runtime > Container policy** in the Console UI. + +### cURL Request + +Refer to the following example cURL command that overwrites all rules in your current policy with a new policy that has a single rule: + +```bash +$ curl 'https:///api/v/policies/runtime/container' \ + -k \ + -X PUT \ + -u \ + -H 'Content-Type: application/json' \ + -d \ +'{ + "rules":[ + { + "name":"my-rule", + "collections":[ + { + "name":"All" + } + ], + "processes":{ + "effect":"alert" + }, + "network":{ + "effect":"alert" + }, + "dns":{ + "effect":"alert" + }, + "filesystem":{ + "effect":"alert" + } + } + ] +}' +``` + +**Note:** No response will be returned upon successful execution. diff --git a/openapi-specs/compute/33-02/desc/policies/runtime_container_put.md b/openapi-specs/compute/33-02/desc/policies/runtime_container_put.md new file mode 100644 index 000000000..7d5cfc6db --- /dev/null +++ b/openapi-specs/compute/33-02/desc/policies/runtime_container_put.md @@ -0,0 +1 @@ +Sets the given runtime policy. \ No newline at end of file diff --git a/openapi-specs/compute/33-02/desc/policies/runtime_host_get.md b/openapi-specs/compute/33-02/desc/policies/runtime_host_get.md new file mode 100644 index 000000000..38800596c --- /dev/null +++ b/openapi-specs/compute/33-02/desc/policies/runtime_host_get.md @@ -0,0 +1,18 @@ +Retrieves the runtime policy for hosts protected by Defender. +A policy consists of ordered rules. + +This endpoint maps to **Defend > Runtime > Host policy** in the Console UI. + +### cURL Request + +Refer to the following example cURL command: + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X GET \ + 'https:///api/v/policies/runtime/host' +``` + +A successful response returns a list of runtime rules in the policy. diff --git a/openapi-specs/compute/33-02/desc/policies/runtime_host_post.md b/openapi-specs/compute/33-02/desc/policies/runtime_host_post.md new file mode 100644 index 000000000..fb3c78dcf --- /dev/null +++ b/openapi-specs/compute/33-02/desc/policies/runtime_host_post.md @@ -0,0 +1,41 @@ +Updates the runtime policy for hosts protected by Defender. +All rules in the policy are updated in a single shot. + +This endpoint maps to the **Add rule** button in **Defend > Runtime > Host policy** in the Console UI. + +### cURL Request + +Refer to the following example cURL command that overwrites all rules in your current policy with a new policy that has a single rule: + +```bash +$ curl 'https:///api/v/policies/runtime/host' \ + -k \ + -X PUT \ + -u \ + -H 'Content-Type: application/json' \ + -d \ +'{ + "rules":[ + { + "name":"my-rule", + "collections":[ + { + "name":"All" + } + ], + "advancedProtection":"alert", + "processes":{ + "effect":"alert" + }, + "network":{ + "effect":"disable" + }, + "dns":{ + "effect":"disable" + } + } + ] +}' +``` + +**Note:** No response will be returned upon successful execution. diff --git a/openapi-specs/compute/33-02/desc/policies/runtime_host_put.md b/openapi-specs/compute/33-02/desc/policies/runtime_host_put.md new file mode 100644 index 000000000..7bcbae945 --- /dev/null +++ b/openapi-specs/compute/33-02/desc/policies/runtime_host_put.md @@ -0,0 +1 @@ +Sets the given host policy. \ No newline at end of file diff --git a/openapi-specs/compute/33-02/desc/policies/runtime_rasp_get.md b/openapi-specs/compute/33-02/desc/policies/runtime_rasp_get.md new file mode 100644 index 000000000..5b7a76457 --- /dev/null +++ b/openapi-specs/compute/33-02/desc/policies/runtime_rasp_get.md @@ -0,0 +1,9 @@ +Retrieves the list of rules that make up your RASP runtime policy. + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X GET \ + https://:8083/api/v1/policies/runtime/rasp +``` diff --git a/openapi-specs/compute/33-02/desc/policies/runtime_rasp_put.md b/openapi-specs/compute/33-02/desc/policies/runtime_rasp_put.md new file mode 100644 index 000000000..bba60ba81 --- /dev/null +++ b/openapi-specs/compute/33-02/desc/policies/runtime_rasp_put.md @@ -0,0 +1,35 @@ +Updates all RASP runtime rules in a single shot. +Updating all rules at the same time makes it possible to maintain strict ordering between rules. + +The procedure to add, edit, or remove rules is: + +1. Get all runtime rules using the GET endpoint. + + The following curl command uses basic auth to retrieve the rules, pretty-print the JSON response, and save the results to a file. + + ``` + $ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X GET + https://:8083/api/v1/policies/runtime/rasp \ + | jq '.' > rasp_runtime_rules.json + ``` + +2. Modify the JSON output according to your needs. + +3. Update rules by pushing the new JSON payload. + + The following curl command installs the rules defined in your `rasp_runtime_rules.json` file. + Do not forget to specify the `@` symbol. + + ``` + $ curl -k \ + -u \ + -H "Content-Type:application/json" \ + -X PUT \ + https://:8083/api/v1/policies/runtime/rasp \ + --data-binary "@rasp_runtime_rules.json" + ``` + +Any previously installed rules are overwritten. diff --git a/openapi-specs/compute/33-02/desc/policies/runtime_serverless_get.md b/openapi-specs/compute/33-02/desc/policies/runtime_serverless_get.md new file mode 100644 index 000000000..44326bbf6 --- /dev/null +++ b/openapi-specs/compute/33-02/desc/policies/runtime_serverless_get.md @@ -0,0 +1,18 @@ +Retrieves the runtime policy for your serverless functions. +A policy consists of ordered rules. + +This endpoint maps to **Defend > Runtime > Serverless policy** in the Console UI. + +### cURL Request + +Refer to the following example cURL command: + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X GET \ + 'https:///api/v/policies/runtime/serverless' +``` + +A successful response returns a list of runtime rules in the policy. diff --git a/openapi-specs/compute/33-02/desc/policies/runtime_serverless_post.md b/openapi-specs/compute/33-02/desc/policies/runtime_serverless_post.md new file mode 100644 index 000000000..7367d0018 --- /dev/null +++ b/openapi-specs/compute/33-02/desc/policies/runtime_serverless_post.md @@ -0,0 +1,43 @@ +Updates the runtime policy for your serverless functions. +All rules in the policy are updated in a single shot. + +This endpoint maps to the **Add rule** button in **Defend > Runtime > Serverless policy** in the Console UI. + +### cURL Request + +Refer to the following example cURL command that overwrites all rules in your current policy with a new policy that has a single rule: + +```bash +$ curl 'https:///api/v/policies/runtime/serverless' \ + -k \ + -X PUT \ + -u \ + -H 'Content-Type: application/json' \ + -d \ +'{ + "rules":[ + { + "name":"my-rule", + "collections":[ + { + "name":"All" + } + ], + "processes":{ + "effect":"alert" + }, + "network":{ + "effect":"disable" + }, + "dns":{ + "effect":"disable" + }, + "filesystem":{ + "effect":"disable" + } + } + ] +}' +``` + +**Note:** No response will be returned upon successful execution. diff --git a/openapi-specs/compute/33-02/desc/policies/runtime_serverless_put.md b/openapi-specs/compute/33-02/desc/policies/runtime_serverless_put.md new file mode 100644 index 000000000..7bcbae945 --- /dev/null +++ b/openapi-specs/compute/33-02/desc/policies/runtime_serverless_put.md @@ -0,0 +1 @@ +Sets the given host policy. \ No newline at end of file diff --git a/openapi-specs/compute/33-02/desc/policies/secrets_get.md b/openapi-specs/compute/33-02/desc/policies/secrets_get.md new file mode 100644 index 000000000..89e6b9c0e --- /dev/null +++ b/openapi-specs/compute/33-02/desc/policies/secrets_get.md @@ -0,0 +1,10 @@ +Retrieves a list of all secrets rules. + +The following curl command uses basic auth to retrieve a list of all rules, pretty-print the JSON response, and save the results to a file. + +``` +$ curl -k \ + -u \ + -X GET \ + https://:8083/api/v1/policies/secrets +``` diff --git a/openapi-specs/compute/33-02/desc/policies/secrets_put.md b/openapi-specs/compute/33-02/desc/policies/secrets_put.md new file mode 100644 index 000000000..1e8877ca1 --- /dev/null +++ b/openapi-specs/compute/33-02/desc/policies/secrets_put.md @@ -0,0 +1,35 @@ +Updates all secrets rules in a single shot. +Updating all rules at the same time makes it possible to maintain strict ordering between rules. + +Each rule specifies how and where specified secrets from a given store are injected into running containers. + +The procedure to add, edit, or remove secrets rules is: + +1. Get all secrets rules using the GET endpoint. + + The following curl command uses basic auth to retrieve a list of all rules, pretty-print the JSON response, and save the results to a file. + + ``` + $ curl -k \ + -u \ + https://:8083/api/v1/policies/secrets \ + | jq '.' > secrets_rules.json + ``` + +2. Modify the JSON output according to your needs. + +3. Update rules by pushing the new JSON payload. + + The following curl command installs the rules defined in your `secrets_rules.json` file. + Do not forget to specify the `@` symbol. + + ``` + $ curl -k \ + -u \ + -X PUT \ + -H "Content-Type:application/json" \ + https://:8083/api/v1/policies/secrets \ + --data-binary "@secrets_rules.json" + ``` + +Any previously installed rules are overwritten. diff --git a/openapi-specs/compute/33-02/desc/policies/trust_get.md b/openapi-specs/compute/33-02/desc/policies/trust_get.md new file mode 100644 index 000000000..8de1ba409 --- /dev/null +++ b/openapi-specs/compute/33-02/desc/policies/trust_get.md @@ -0,0 +1,9 @@ +Retrieves the list of rules that make up your trusted images policy. + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X GET \ + https://:8083/api/v1/policies/trust +``` diff --git a/openapi-specs/compute/33-02/desc/policies/trust_put.md b/openapi-specs/compute/33-02/desc/policies/trust_put.md new file mode 100644 index 000000000..fccd4b91e --- /dev/null +++ b/openapi-specs/compute/33-02/desc/policies/trust_put.md @@ -0,0 +1,18 @@ +Updates the list of rules that make up your trusted images policy. + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X PUT \ + -d \ +'{ + "_id":"imageTrust", + "rules":[{"allowedGroups":[],"deniedGroups":[], + "effect":"alert","action":["*"], + "blockMsg":"", + "resources":{"images":["*"],"hosts":["*"],"labels":["*"]}, + "name":"My rule"}] +}' \ + https://:8083/api/v1/policies/trust +``` diff --git a/openapi-specs/compute/33-02/desc/policies/vulnerability_base_images_download.md b/openapi-specs/compute/33-02/desc/policies/vulnerability_base_images_download.md new file mode 100644 index 000000000..8de602e73 --- /dev/null +++ b/openapi-specs/compute/33-02/desc/policies/vulnerability_base_images_download.md @@ -0,0 +1 @@ +Downloads the base images rules data to CSV. \ No newline at end of file diff --git a/openapi-specs/compute/33-02/desc/policies/vulnerability_base_images_get.md b/openapi-specs/compute/33-02/desc/policies/vulnerability_base_images_get.md new file mode 100644 index 000000000..c5b249f6b --- /dev/null +++ b/openapi-specs/compute/33-02/desc/policies/vulnerability_base_images_get.md @@ -0,0 +1 @@ +Returns all the base image scopes and the list of base images digests for each of them. \ No newline at end of file diff --git a/openapi-specs/compute/33-02/desc/policies/vulnerability_base_images_id_delete.md b/openapi-specs/compute/33-02/desc/policies/vulnerability_base_images_id_delete.md new file mode 100644 index 000000000..53d71c386 --- /dev/null +++ b/openapi-specs/compute/33-02/desc/policies/vulnerability_base_images_id_delete.md @@ -0,0 +1,4 @@ +Removes all base images under a given scope. + +For the `id` path parameter to be passed correctly in the URL, it needs to be percent-encoded. Further, the percent ("%") character itself must be percent-encoded as "%25". Therefore, each forward slash ("/") character needs to be encoded as "%252F". + diff --git a/openapi-specs/compute/33-02/desc/policies/vulnerability_base_images_post.md b/openapi-specs/compute/33-02/desc/policies/vulnerability_base_images_post.md new file mode 100644 index 000000000..ca0e7cb88 --- /dev/null +++ b/openapi-specs/compute/33-02/desc/policies/vulnerability_base_images_post.md @@ -0,0 +1 @@ +Adds the base images which match the given scope configuration. \ No newline at end of file diff --git a/openapi-specs/compute/33-02/desc/policies/vulnerability_ci_images_get.md b/openapi-specs/compute/33-02/desc/policies/vulnerability_ci_images_get.md new file mode 100644 index 000000000..abc3da8fa --- /dev/null +++ b/openapi-specs/compute/33-02/desc/policies/vulnerability_ci_images_get.md @@ -0,0 +1,18 @@ +Retrieves the vulnerability policy for images scanned in your continuous integration (CI) pipeline. +A policy consists of ordered rules. + +This endpoint maps to **Defend > Vulnerabilities > Images > CI** in the Console UI. + +### cURL Request + +Refer to the following example cURL command: + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X GET \ + 'https:///api/v/policies/vulnerability/ci/images' +``` + +A successful response returns a list of vulnerability rules in the policy. diff --git a/openapi-specs/compute/33-02/desc/policies/vulnerability_ci_images_put.md b/openapi-specs/compute/33-02/desc/policies/vulnerability_ci_images_put.md new file mode 100644 index 000000000..f6f505d37 --- /dev/null +++ b/openapi-specs/compute/33-02/desc/policies/vulnerability_ci_images_put.md @@ -0,0 +1,49 @@ +Updates the policy for images scanned in your continuous integration (CI) pipeline. +All rules in the policy are updated in a single shot. + +The policy set in this endpoint is enforced by the scanners in the Jenkins plugin and the `twistcli` command line tool. + +This endpoint maps to the policy table in **Defend > Vulnerabilities > Images > CI** in the Console UI. + + +### cURL Request + +Refer to the following example cURL command that overwrites all rules in your current policy with a new policy that has a single rule: + +```bash +$ curl 'https:///api/v/policies/vulnerability/ci/images' \ + -X PUT \ + -u \ + -H 'Content-Type: application/json' \ + -d \ +'{ + "rules": [ + { + "name": "", + "collections":[ + { + "name":"", + } + ], + "alertThreshold":{ + "disabled":false, + "value":4 + }, + "blockThreshold":{ + "enabled":false, + "value":0 + }, + + ... + + } + ], + "policyType": "ciImagesVulnerability" + + ... + +}' +``` + +**Note:** No response will be returned upon successful execution. + diff --git a/openapi-specs/compute/33-02/desc/policies/vulnerability_ci_serverless_get.md b/openapi-specs/compute/33-02/desc/policies/vulnerability_ci_serverless_get.md new file mode 100644 index 000000000..958c86495 --- /dev/null +++ b/openapi-specs/compute/33-02/desc/policies/vulnerability_ci_serverless_get.md @@ -0,0 +1,20 @@ +Retrieves the vulnerability policy for serverless functions scanned in your continuous integration (CI) pipeline. +A policy consists of ordered rules. + +This endpoint maps to the policy table in **Defend > Vulnerabilities > Functions > CI** in the Console UI. + + +### cURL Request + +Refer to the following example cURL command: + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X GET \ + 'https:///api/v/policies/vulnerability/ci/serverless' +``` + +A successful response contains a list of vulnerability rules in the policy. + diff --git a/openapi-specs/compute/33-02/desc/policies/vulnerability_ci_serverless_put.md b/openapi-specs/compute/33-02/desc/policies/vulnerability_ci_serverless_put.md new file mode 100644 index 000000000..6e73d50d2 --- /dev/null +++ b/openapi-specs/compute/33-02/desc/policies/vulnerability_ci_serverless_put.md @@ -0,0 +1,48 @@ +Updates the vulnerability policy for serverless functions scanned in your continuous integration (CI) pipeline. +All rules in the policy are updated in a single shot. + +The policy set in this endpoint is enforced by the scanners in the Jenkins plugin and the `twistcli` command line tool. + +This endpoint maps to the policy table in **Defend > Vulnerabilities > Functions > CI** in the Console UI. + + +### cURL Request + +Refer to the following example cURL command that overwrites all rules in your current policy with a new policy that has a single rule: + +```bash +$ curl 'https:///api/v/policies/vulnerability/ci/serverless' \ + -X PUT \ + -u \ + -H 'Content-Type: application/json' \ + -d \ +'{ + "rules": [ + { + "name": "", + "collections": [ + { + "name":"", + } + ], + "alertThreshold": { + "value": 1, + "disabled": false + }, + "blockThreshold": { + "value": 0, + "enabled": false + }, + + ... + + } + ], + "policyType": "ciServerlessVulnerability", + + ... + +}' +``` + +**Note:** No response will be returned upon successful execution. diff --git a/openapi-specs/compute/33-02/desc/policies/vulnerability_coderepos_get.md b/openapi-specs/compute/33-02/desc/policies/vulnerability_coderepos_get.md new file mode 100644 index 000000000..08dfed8e1 --- /dev/null +++ b/openapi-specs/compute/33-02/desc/policies/vulnerability_coderepos_get.md @@ -0,0 +1,18 @@ +Retrieves the vulnerability policy for code repositories. +A policy consists of ordered rules. + +This endpoint maps to **Defend > Vulnerabilities > Code repositories** in the Console UI. + + +### cURL Request + +Refer to the following example cURL command: + +```bash +$ curl -k \ + -u \ + -X GET \ + 'https:///api/v/policies/vulnerability/coderepos' +``` + +A successful response returns a list of vulnerability rules in the policy. diff --git a/openapi-specs/compute/33-02/desc/policies/vulnerability_coderepos_impacted_get.md b/openapi-specs/compute/33-02/desc/policies/vulnerability_coderepos_impacted_get.md new file mode 100644 index 000000000..a401a12c4 --- /dev/null +++ b/openapi-specs/compute/33-02/desc/policies/vulnerability_coderepos_impacted_get.md @@ -0,0 +1,19 @@ +Lists the code repositories caught by your policy on a per-rule basis. + +To see where Console invokes this endpoint: + +* In Console, go to **Defend > Vulnerabilities**. +* In the **Vulnerability rules** section, click **Show** under the **Entities in scope** column for a rule. +* The endpoint is invoked when the pop-up is displayed. + +### cURL Request + +The following cURL command returns a list of code repositories captured by ``. + +```bash +$ curl -k \ + -u \ + -X GET 'https:///api/v/policies/vulnerability/coderepos/impacted?project=&ruleName=' +``` + +A successful response contains a list of impacted repositories by a rule within the context of the policy. diff --git a/openapi-specs/compute/33-02/desc/policies/vulnerability_coderepos_put.md b/openapi-specs/compute/33-02/desc/policies/vulnerability_coderepos_put.md new file mode 100644 index 000000000..514eec136 --- /dev/null +++ b/openapi-specs/compute/33-02/desc/policies/vulnerability_coderepos_put.md @@ -0,0 +1,47 @@ +Updates the vulnerability policy for your code repositories. +All rules in the policy are updated in a single shot. + +This endpoint maps to the policy table in **Defend > Vulnerabilities > Code repositories** in the Console UI. + + +### cURL Request + +Refer to the following example cURL command that overwrites all rules in your current policy with a new policy that has a single rule: + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X PUT 'https:///api/v/policies/vulnerability/coderepos' \ + --data ' +{ + "rules":[ + { + "name":"", + "collections":[ + { + "name":"", + } + ], + "alertThreshold":{ + "disabled":false, + "value":0 + }, + "blockThreshold":{ + "enabled":false, + "value":0 + }, + + ... + + } + ], + "policyType": "codeRepoVulnerability" + + ... + +}' +``` + +**Note:** No response will be returned upon successful execution. + diff --git a/openapi-specs/compute/33-02/desc/policies/vulnerability_host_get.md b/openapi-specs/compute/33-02/desc/policies/vulnerability_host_get.md new file mode 100644 index 000000000..3b9b14b9c --- /dev/null +++ b/openapi-specs/compute/33-02/desc/policies/vulnerability_host_get.md @@ -0,0 +1,18 @@ +Retrieves the vulnerability policy for your hosts protected by Defender. +A policy consists of ordered rules. + +This endpoint maps to **Defend > Vulnerabilities > Hosts > Running hosts** in the Console UI. + +### cURL Request + +Refer to the following example cURL command: + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X GET \ + 'https:///api/v/policies/vulnerability/host' +``` + +A successful response returns a list of vulnerability rules in the policy. diff --git a/openapi-specs/compute/33-02/desc/policies/vulnerability_host_impacted_get.md b/openapi-specs/compute/33-02/desc/policies/vulnerability_host_impacted_get.md new file mode 100644 index 000000000..346368518 --- /dev/null +++ b/openapi-specs/compute/33-02/desc/policies/vulnerability_host_impacted_get.md @@ -0,0 +1,20 @@ +Lists the hosts ensnared by your policy on a per-rule basis. + +To see where Console invokes this endpoint: + +* In Console, go to **Defend > Vulnerabilities**. +* Select the **Hosts** tab. +* In the **Vulnerability rules** section, click **Show** under the **Entities in scope** column for a rule. +* The endpoint is invoked when the pop-up is displayed. + +### cURL Request + +The following cURL command returns a list of code repositories captured by `RULE_NAME`. + +```bash +$ curl -k \ + -u \ + -X GET 'https:///api/v/policies/vulnerability/host/impacted?project={PROJECT_NAME}&ruleName={RULE_NAME}' +``` + +A successful response contains a list of impacted hosts by a rule within the context of the policy. diff --git a/openapi-specs/compute/33-02/desc/policies/vulnerability_host_put.md b/openapi-specs/compute/33-02/desc/policies/vulnerability_host_put.md new file mode 100644 index 000000000..2311cfae4 --- /dev/null +++ b/openapi-specs/compute/33-02/desc/policies/vulnerability_host_put.md @@ -0,0 +1,38 @@ +Updates the vulnerability policy for your hosts protected by Defender. +All rules in the policy are updated in a single shot. + +This endpoint maps to the policy table in **Defend > Vulnerabilities > Hosts > Running hosts** in the Console UI. + + +### cURL Request + +Refer to the following example cURL command that overwrites all rules in your current policy with a new policy that has a single rule: + +```bash +$ curl 'https:///api/v/policies/vulnerability/host' \ + -X PUT \ + -u \ + -H 'Content-Type: application/json' \ + -d \ +'{ + "rules":[ + { + "name":"", + "collections":[ + { + "name":"" + } + ], + "alertThreshold":{ + "disabled":false, + "value":1 + } + } + ], + "policyType":"hostVulnerability", + "_id":"hostVulnerability" +}' +``` + +**Note:** No response will be returned upon successful execution. + diff --git a/openapi-specs/compute/33-02/desc/policies/vulnerability_images_get.md b/openapi-specs/compute/33-02/desc/policies/vulnerability_images_get.md new file mode 100644 index 000000000..33581be37 --- /dev/null +++ b/openapi-specs/compute/33-02/desc/policies/vulnerability_images_get.md @@ -0,0 +1,18 @@ +Retrieves the vulnerability policy for deployed container images. +A policy consists of ordered rules. + +This endpoint maps to the policy table in **Defend > Vulnerabilities > Images > Deployed** in the Console UI. + + +### cURL Request + +The following cURL command retrieves all rules in the policy. + +```bash +$ curl -k \ + -u \ + -X GET \ + "https:///api/v/policies/vulnerability/images?project=" +``` + +A successful response contains a list of vulnerability rules in the policy. diff --git a/openapi-specs/compute/33-02/desc/policies/vulnerability_images_impacted_get.md b/openapi-specs/compute/33-02/desc/policies/vulnerability_images_impacted_get.md new file mode 100644 index 000000000..ae1d5e396 --- /dev/null +++ b/openapi-specs/compute/33-02/desc/policies/vulnerability_images_impacted_get.md @@ -0,0 +1,20 @@ +Lists the images caught by your policy on a per-rule basis. + +To see where Console invokes this endpoint: + +* In Console, go to **Defend > Vulnerabilities > Images > Deployed**. +* In the policy table, click **Show** under the **Entities in scope** column for a rule. +* The endpoint is invoked when the pop-up is displayed. + +### cURL Request + +The following cURL command returns a list of images caught by ``. + +```bash +$ curl -k \ + -u \ + -X GET \ + "https:///api/v/policies/vulnerability/images/impacted?project=&ruleName=" +``` + +A successful response contains a list of entities caught by a rule within the context of the policy. diff --git a/openapi-specs/compute/33-02/desc/policies/vulnerability_images_put.md b/openapi-specs/compute/33-02/desc/policies/vulnerability_images_put.md new file mode 100644 index 000000000..b3330dab7 --- /dev/null +++ b/openapi-specs/compute/33-02/desc/policies/vulnerability_images_put.md @@ -0,0 +1,45 @@ +Updates the vulnerability policy for deployed container images. +All rules in the policy are updated in a single shot. + +This endpoint maps to the policy table in **Defend > Vulnerabilities > Images > Deployed** in the Console UI. + + +### cURL Request + +Refer to the following example cURL command that overwrites all rules in your current policy with a new policy that has a single rule: + +```bash +$ curl -k \ + -u \ + -X PUT 'https:///api/v/policies/vulnerability/images' \ + --data '{ + "rules":[ + { + "name":"", + "collections":[ + { + "name":"", + } + ], + "alertThreshold":{ + "disabled":false, + "value":4 + }, + "blockThreshold":{ + "enabled":false, + "value":0 + }, + + ... + + } + ], + "policyType": "containerVulnerability" + + ... + +}' +``` + +**Note:** No response will be returned upon successful execution. + diff --git a/openapi-specs/compute/33-02/desc/policies/vulnerability_serverless_get.md b/openapi-specs/compute/33-02/desc/policies/vulnerability_serverless_get.md new file mode 100644 index 000000000..c7a8e2ef5 --- /dev/null +++ b/openapi-specs/compute/33-02/desc/policies/vulnerability_serverless_get.md @@ -0,0 +1,20 @@ +Retrieves the vulnerability policy for serverless functions situated in your cloud provider's infrastructure. +A policy consists of ordered rules. + +This endpoint maps to **Defend > Vulnerabilities > Functions** in the Console UI. + + +### cURL Request + +Refer to the following example cURL command: + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X GET \ + 'https:///api/v/policies/vulnerability/serverless' +``` + +A successful response contains a list of vulnerability rules in the policy. + diff --git a/openapi-specs/compute/33-02/desc/policies/vulnerability_serverless_put.md b/openapi-specs/compute/33-02/desc/policies/vulnerability_serverless_put.md new file mode 100644 index 000000000..2b567b5b1 --- /dev/null +++ b/openapi-specs/compute/33-02/desc/policies/vulnerability_serverless_put.md @@ -0,0 +1,36 @@ +Updates the vulnerability policy for serverless functions situated in your cloud provider's infrastructure. +All rules in the policy are updated in a single shot. + +This endpoint maps to the policy table in **Defend > Vulnerabilities > Functions** in the Console UI. + + +### cURL Request + +Refer to the following example cURL command that overwrites all rules in your current policy with a new policy that has a single rule: + +```bash +$ curl -k 'https:///api/v/policies/vulnerability/serverless' \ + -X PUT \ + -u \ + -H 'Content-Type: application/json' \ + -d \ +'{ + "rules": [ + { + "name": "", + "collections": [ + { + "name":"" + } + ], + "alertThreshold": { + "value": 1, + "disabled": false + } + } + ], + "policyType": "serverlessVulnerability" +}' +``` + +**Note:** No response will be returned upon successful execution. diff --git a/openapi-specs/compute/33-02/desc/policies/vulnerability_vms_get.md b/openapi-specs/compute/33-02/desc/policies/vulnerability_vms_get.md new file mode 100644 index 000000000..117d2cc4a --- /dev/null +++ b/openapi-specs/compute/33-02/desc/policies/vulnerability_vms_get.md @@ -0,0 +1,18 @@ +Retrieves the vulnerability policy for VM images scanned in your cloud accounts. +A policy consists of ordered rules. + +This endpoint maps to the policy table in **Defend > Vulnerabilities > Hosts > VM images** in the Console UI. + +### cURL Request + +The following cURL command retrieves all rules in the policy. + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X GET \ + 'https:///api/v/policies/vulnerability/vms?project=' +``` + +A successful response returns a list of vulnerability rules in the policy. diff --git a/openapi-specs/compute/33-02/desc/policies/vulnerability_vms_impacted_get.md b/openapi-specs/compute/33-02/desc/policies/vulnerability_vms_impacted_get.md new file mode 100644 index 000000000..29d9621ea --- /dev/null +++ b/openapi-specs/compute/33-02/desc/policies/vulnerability_vms_impacted_get.md @@ -0,0 +1,20 @@ +Lists the VM images caught by your policy on a per-rule basis. + +To see where Console invokes this endpoint: + +* In Console, go to **Defend > Vulnerabilities > Hosts**. +* Select the **VM images** tab. +* In the **Vulnerability rules** section, click **Show** under the **Entities in scope** column for a rule. +* The endpoint is invoked when the pop-up is displayed. + +### cURL Request + +The following cURL command returns a list of code repositories captured by ``. + +```bash +$ curl -k \ + -u \ + -X GET 'https:///api/v/policies/vulnerability/vms?project=&ruleName=' +``` + +A successful response contains a list of impacted repositories by a rule within the context of the policy. diff --git a/openapi-specs/compute/33-02/desc/policies/vulnerability_vms_put.md b/openapi-specs/compute/33-02/desc/policies/vulnerability_vms_put.md new file mode 100644 index 000000000..42df90fca --- /dev/null +++ b/openapi-specs/compute/33-02/desc/policies/vulnerability_vms_put.md @@ -0,0 +1,43 @@ +Updates the policy for VM images scanned in your cloud accounts. +All rules in the policy are updated in a single shot. + +This endpoint maps to the policy table in **Defend > Vulnerabilities > Hosts > VM images** in the Console UI. + + +### cURL Request + +The following cURL command overwrites all rules in your current policy with a new policy that has a single rule. + +```bash +$ curl 'https:///api/v/policies/vulnerability/vms?project=' \ + -X PUT \ + -u \ + -H 'Content-Type: application/json' \ + -d \ +'{ + "rules": [ + { + "name": "", + "collections":[ + { + "name":"", + } + ], + "alertThreshold":{ + "disabled":false, + "value":4 + }, + + ... + + } + ], + "policyType": "vmVulnerability" + + ... + +}' +``` + +**Note:** No response will be returned upon successful execution. + diff --git a/openapi-specs/compute/33-02/desc/profiles/app-embedded_download_get.md b/openapi-specs/compute/33-02/desc/profiles/app-embedded_download_get.md new file mode 100644 index 000000000..4b3f7ff8a --- /dev/null +++ b/openapi-specs/compute/33-02/desc/profiles/app-embedded_download_get.md @@ -0,0 +1,14 @@ +Downloads the app-embedded observations in a CSV format. + +## cURL Request + +Refer to the following example cURL command that downloads all the app-embedded runtime profiles: + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X GET \ + -o \ + 'https:///api/v/profiles/app-embedded/download' +``` \ No newline at end of file diff --git a/openapi-specs/compute/33-02/desc/profiles/app-embedded_get.md b/openapi-specs/compute/33-02/desc/profiles/app-embedded_get.md new file mode 100644 index 000000000..f3ddb3125 --- /dev/null +++ b/openapi-specs/compute/33-02/desc/profiles/app-embedded_get.md @@ -0,0 +1,13 @@ +Retrieves the app-embedded observations. + +## cURL Request + +Refer to the following example cURL command that lists all the app-embedded runtime: + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X GET \ + 'https:///api/v/profiles/app-embedded' +``` \ No newline at end of file diff --git a/openapi-specs/compute/33-02/desc/profiles/container_download_get.md b/openapi-specs/compute/33-02/desc/profiles/container_download_get.md new file mode 100644 index 000000000..ad7a86101 --- /dev/null +++ b/openapi-specs/compute/33-02/desc/profiles/container_download_get.md @@ -0,0 +1,15 @@ +Retrieves the details and state of all runtime models in CSV format. + + +## cURL Request + +Refer to the following example cURL command that downloads a complete list in CSV format: + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X GET \ + -o \ + https:///api/v/profiles/container/download +``` diff --git a/openapi-specs/compute/33-02/desc/profiles/container_filters_get.md b/openapi-specs/compute/33-02/desc/profiles/container_filters_get.md new file mode 100644 index 000000000..8b6122b80 --- /dev/null +++ b/openapi-specs/compute/33-02/desc/profiles/container_filters_get.md @@ -0,0 +1,13 @@ +Returns a list of os and images from page monitor/runtime/container-models in Console. + + +Example curl command: + +```bash +$ curl -k -G \ + -u \ + -H 'Content-Type: application/json' \ + -X GET \ + --data-urlencode 'image=istio/examples-bookinfo-reviews-v2:1.8.0' + https://:8083/api/v1/profiles/container/filters +``` diff --git a/openapi-specs/compute/33-02/desc/profiles/container_get.md b/openapi-specs/compute/33-02/desc/profiles/container_get.md new file mode 100644 index 000000000..cdbc24c3e --- /dev/null +++ b/openapi-specs/compute/33-02/desc/profiles/container_get.md @@ -0,0 +1,13 @@ +Retrieves the details and state of all runtime models. + +## cURL Request + +Refer to the following example cURL command that lists all runtime models in a system: + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X GET \ + https:///api/v/profiles/container +``` diff --git a/openapi-specs/compute/33-02/desc/profiles/container_learn_post.md b/openapi-specs/compute/33-02/desc/profiles/container_learn_post.md new file mode 100644 index 000000000..5fef2e31e --- /dev/null +++ b/openapi-specs/compute/33-02/desc/profiles/container_learn_post.md @@ -0,0 +1,15 @@ +Puts all containers into learning mode. + +For more information, refer to [Learning mode](https://docs.prismacloud.io/en/classic/compute-admin-guide/runtime-defense/runtime-defense-containers#undefined) in Runtime Defense for Containers. + +## cURL Request + +Refer to the following example cURL command: + +```bash +$ curl -k -G \ + -u \ + -H 'Content-Type: application/json' \ + -X POST \ + https:///api/v/profiles/container/learn +``` diff --git a/openapi-specs/compute/33-02/desc/profiles/host_download_get.md b/openapi-specs/compute/33-02/desc/profiles/host_download_get.md new file mode 100644 index 000000000..ace270a32 --- /dev/null +++ b/openapi-specs/compute/33-02/desc/profiles/host_download_get.md @@ -0,0 +1,14 @@ +Retrieves the details and state of each host service runtime model in CSV format. + +## cURL Request + +Refer to the following example cURL command: + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X GET \ + -o \ + https:///api/v/profiles/host/download +``` diff --git a/openapi-specs/compute/33-02/desc/profiles/host_get.md b/openapi-specs/compute/33-02/desc/profiles/host_get.md new file mode 100644 index 000000000..208a24de3 --- /dev/null +++ b/openapi-specs/compute/33-02/desc/profiles/host_get.md @@ -0,0 +1,23 @@ +Retrieves the details and state of each host service runtime model on a host-by-host basis. +The returned JSON object has the following structure: + +``` +* host1: + * service1: model + * service2: model +* host2: + * service1: model + * service3: model +``` + +## cURL Request + +Refer to the following example cURL command: + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X GET \ + https:///api/v/profiles/host +``` diff --git a/openapi-specs/compute/33-02/desc/profiles/host_id_rule_get.md b/openapi-specs/compute/33-02/desc/profiles/host_id_rule_get.md new file mode 100644 index 000000000..672cb4c62 --- /dev/null +++ b/openapi-specs/compute/33-02/desc/profiles/host_id_rule_get.md @@ -0,0 +1,18 @@ +Return the runtime rule/policy that is associated with this host. + +To get the `PROFILE_ID` for a profile: + +1. Retrieve a list of profiles using the GET method on the `/api/v1/profiles/host` endpoint. + +2. For the profile of interest, copy the value in `_id`. +This is the `PROFILE_ID`. + +The following example command uses curl and basic auth to specify the learning mode for a profile. + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X GET \ + https://:8083/api/v1/host/container//rule +``` diff --git a/openapi-specs/compute/33-02/desc/profiles/profiles.md b/openapi-specs/compute/33-02/desc/profiles/profiles.md new file mode 100644 index 000000000..89b8f634c --- /dev/null +++ b/openapi-specs/compute/33-02/desc/profiles/profiles.md @@ -0,0 +1,3 @@ +Manage the runtime models (profiles) created for each image in your environment. +For more information about how models are used to secure you running containers, see +[Runtime defense](https://docs.twistlock.com/docs/latest/runtime_defense/runtime_defense.html). diff --git a/openapi-specs/compute/33-02/desc/profiles/service_download_get.md b/openapi-specs/compute/33-02/desc/profiles/service_download_get.md new file mode 100644 index 000000000..63dff3354 --- /dev/null +++ b/openapi-specs/compute/33-02/desc/profiles/service_download_get.md @@ -0,0 +1,10 @@ +Retrieves the details and state of all host service runtime models in CSV format + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: text/csv' \ + -X GET \ + -o profiles-service.csv \ + https://:8083/api/v1/profiles/service/download +``` diff --git a/openapi-specs/compute/33-02/desc/profiles/service_get.md b/openapi-specs/compute/33-02/desc/profiles/service_get.md new file mode 100644 index 000000000..a4f8c348d --- /dev/null +++ b/openapi-specs/compute/33-02/desc/profiles/service_get.md @@ -0,0 +1,18 @@ +Retrieves the details and state of all host service runtime models. +The returned JSON object has the following structure: + +``` +* service1: model +* service2: model +* service3: model +``` + +Example curl command: + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X GET \ + https://:8083/api/v1/profiles/service +``` diff --git a/openapi-specs/compute/33-02/desc/profiles/service_id_learn_post.md b/openapi-specs/compute/33-02/desc/profiles/service_id_learn_post.md new file mode 100644 index 000000000..fb338b80d --- /dev/null +++ b/openapi-specs/compute/33-02/desc/profiles/service_id_learn_post.md @@ -0,0 +1,20 @@ +Specify the learning mode for a host service profile. + +To get the `PROFILE_ID` for a profile: + +1. Retrieve a list of profiles using the GET method on the `/api/v1/profiles/service` endpoint. + +2. For the profile of interest, copy the value in `_id`. +This is the `PROFILE_ID`. +The `PROFILE_ID` is typically the service's name, such as `sshd` or `ntpd`. + +The following example command uses curl and basic auth to specify the learning mode for a host service profile. + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X POST \ + -d '{"state":"manualLearning"}' \ + https://:8083/api/v1/profiles/container//learn +``` diff --git a/openapi-specs/compute/33-02/desc/profiles/service_learn_post.md b/openapi-specs/compute/33-02/desc/profiles/service_learn_post.md new file mode 100644 index 000000000..02a1f299e --- /dev/null +++ b/openapi-specs/compute/33-02/desc/profiles/service_learn_post.md @@ -0,0 +1,11 @@ +Specify the learning mode for all host service profiles. + +The following example command uses curl and basic auth to specify the learning mode for all host service profiles. + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X POST \ + https://:8083/api/v1/profiles/service/learn +``` diff --git a/openapi-specs/compute/33-02/desc/profiles/service_names_get.md b/openapi-specs/compute/33-02/desc/profiles/service_names_get.md new file mode 100644 index 000000000..7da863545 --- /dev/null +++ b/openapi-specs/compute/33-02/desc/profiles/service_names_get.md @@ -0,0 +1,11 @@ +Retrieves the name of all host service runtime models from within the app at **Monitor > Runtime > Host-models**. + +The following example curl command uses basic auth to retrieve this data: + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X GET \ + https://:8083/api/v1/profiles/service/names +``` diff --git a/openapi-specs/compute/33-02/desc/projects/get.md b/openapi-specs/compute/33-02/desc/projects/get.md new file mode 100644 index 000000000..05485c24c --- /dev/null +++ b/openapi-specs/compute/33-02/desc/projects/get.md @@ -0,0 +1,11 @@ +Lists all projects visible to the given user. + +Assuming the given user is an admin, the following example curl command would list all projects: + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X GET \ + https://:8083/api/v1/projects +``` diff --git a/openapi-specs/compute/33-02/desc/projects/name_delete.md b/openapi-specs/compute/33-02/desc/projects/name_delete.md new file mode 100644 index 000000000..fba889f7e --- /dev/null +++ b/openapi-specs/compute/33-02/desc/projects/name_delete.md @@ -0,0 +1,13 @@ +Deletes a project from the system. + +The following example curl command deletes a project named ``. +The value for `` can be retrieved from the `_id` field in the response object from `GET /api/v1/projects`. + +The DELETE method returns the decommissioned supervisor's admin username and password. + +```bash +$ curl -k \ + -u \ + -X DELETE \ + https://:8083/api/v1/projects/ +``` diff --git a/openapi-specs/compute/33-02/desc/projects/name_put.md b/openapi-specs/compute/33-02/desc/projects/name_put.md new file mode 100644 index 000000000..b5a83a67d --- /dev/null +++ b/openapi-specs/compute/33-02/desc/projects/name_put.md @@ -0,0 +1,11 @@ +Updates a project. + +The following example curl command updates a project named ``. +The value for `` can be retrieved from the `_id` field in the response object from `GET /api/v1/projects`. + +```bash +$ curl -k \ + -u \ + -X PUT \ + https://:8083/api/v1/projects/ +``` diff --git a/openapi-specs/compute/33-02/desc/projects/post.md b/openapi-specs/compute/33-02/desc/projects/post.md new file mode 100644 index 000000000..8862c0fd4 --- /dev/null +++ b/openapi-specs/compute/33-02/desc/projects/post.md @@ -0,0 +1,35 @@ +Provisions a new project. + +The following example curl command provisions a new project named `my-project`. + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X POST \ + -d \ +'{ + "_id":"my-project", + "type":"tenant", + "address":"https://:8083" +}' \ + https://:8083/api/v1/projects +``` + +If you have installed a new instance of Console, and you have already created an initial admin user for it, then you can specify the admin username name and password when you provision the project. + +``` +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X POST \ + -d \ +'{ + "_id":"my-project", + "type":"tenant", + "address":"https://:8083", + "username":"henry", + "password":{"plain":"testing123"} +}' \ + https://:8083/api/v1/projects +``` diff --git a/openapi-specs/compute/33-02/desc/projects/projects.md b/openapi-specs/compute/33-02/desc/projects/projects.md new file mode 100644 index 000000000..7e7dcff66 --- /dev/null +++ b/openapi-specs/compute/33-02/desc/projects/projects.md @@ -0,0 +1,59 @@ +Manage [Projects](https://docs.twistlock.com/docs/latest/deployment_patterns/projects.html). + +Before you can provision a project using this endpoint, you must designate one instance of Console as master using the `POST /api/v1/settings/projects` endpoint. + +#### Accessing the REST API of a supervisor Console + +[comment]: # (See twistlock/pkg/console/route_handler_middleware.go: function NewRouteOpt, for the list of endpoints that are proxied.) + +After enabling projects and provisioning a new project, access to the supervisor Console is proxied through Central Console. +You cannot access a supervisor's REST API directly. +All API requests to a supervisor must be made through Central Console. + +To retrieve data from a project, add the the following query parameter to your request: + +`project=` + +Where the default value for `project` is `Central+Console`. +If `project` is not specified, it is set to `Central+Console`. + +For example, to retrieve the compliance policies for a tenant project named `mobile_payments_division`, use the following curl command: + +``` +curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X GET \ + https://:8083/api/v1/policies/compliance?project=mobile_payments_division +``` + +Not all REST endpoints are proxied to the supervisor. +It largely depends on the project type (tenant or supervisor). +In some cases, requests cannot be proxied because management of that system is delegated to Central Console only. +Proxying a request to the right project is mostly a concern for tenant projects, which operate with their own policies and settings. + +The following user management endpoints can be accessed from Central Console only. +An administrator centrally manages all users, and specifies who has access to which projects. +These calls are handled by Central Console only. + +* `/api/v1/users` +* `/api/v1/groups` +* `/api/v1/projects` + +The following endpoints are proxied to the relevant supervisor for tenant projects only. + +* `/api/v1/policies` +* `/api/v1/trust` +* `/api/v1/settings` +* `/api/v1/collections` +* `/api/v1/feeds` + +The following endpoints are proxied to the relevant supervisor for both tenant and scale projects: + +* `/api/v1/settings/alerts` +* `/api/v1/alert-profiles` +* `/api/v1/settings/regisry` +* `/api/v1/settings/certs` +* `/api/v1/settings/secrets` +* `/api/v1/policies/secrets` + diff --git a/openapi-specs/compute/33-02/desc/radar/container_clean_post.md b/openapi-specs/compute/33-02/desc/radar/container_clean_post.md new file mode 100644 index 000000000..662b6d53f --- /dev/null +++ b/openapi-specs/compute/33-02/desc/radar/container_clean_post.md @@ -0,0 +1,9 @@ +Cleans the container runtime profiles and Radar entities. + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X POST \ + https://:8083/api/v1/radar/container/clean +``` diff --git a/openapi-specs/compute/33-02/desc/radar/container_delete.md b/openapi-specs/compute/33-02/desc/radar/container_delete.md new file mode 100644 index 000000000..4eabe337f --- /dev/null +++ b/openapi-specs/compute/33-02/desc/radar/container_delete.md @@ -0,0 +1,9 @@ +Deletes a learned connection between two containers. + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X DELETE \ + https://:8083/api/v1/radar/container?dstProfileID=sha256:&srcProfileID=sha256: +``` diff --git a/openapi-specs/compute/33-02/desc/radar/container_export_get.md b/openapi-specs/compute/33-02/desc/radar/container_export_get.md new file mode 100644 index 000000000..7f577568f --- /dev/null +++ b/openapi-specs/compute/33-02/desc/radar/container_export_get.md @@ -0,0 +1,10 @@ +Returns the current learned connections from CNNF (for containers) in JSON format. + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X GET \ + -o cnnf_containers_export.json \ + https://:8083/api/v1/radar/container/export +``` diff --git a/openapi-specs/compute/33-02/desc/radar/container_filters_get.md b/openapi-specs/compute/33-02/desc/radar/container_filters_get.md new file mode 100644 index 000000000..f66463da1 --- /dev/null +++ b/openapi-specs/compute/33-02/desc/radar/container_filters_get.md @@ -0,0 +1,9 @@ +Returns the namespaces from the container view on the Radar page. + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X GET \ + https://:8083/api/v1/radar/container/filters +``` diff --git a/openapi-specs/compute/33-02/desc/radar/container_get.md b/openapi-specs/compute/33-02/desc/radar/container_get.md new file mode 100644 index 000000000..280d683d9 --- /dev/null +++ b/openapi-specs/compute/33-02/desc/radar/container_get.md @@ -0,0 +1,9 @@ +Returns data from Console's Radar page (container view). + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X GET \ + https://:8083/api/v1/radar/container +``` diff --git a/openapi-specs/compute/33-02/desc/radar/host_delete.md b/openapi-specs/compute/33-02/desc/radar/host_delete.md new file mode 100644 index 000000000..738fa7a7c --- /dev/null +++ b/openapi-specs/compute/33-02/desc/radar/host_delete.md @@ -0,0 +1,9 @@ +Deletes a learned connection between two apps in CNNF for hosts. + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X DELETE \ + https://:8083/api/v1/radar/host?dstProfileID=&srcProfileID= +``` diff --git a/openapi-specs/compute/33-02/desc/radar/host_export_get.md b/openapi-specs/compute/33-02/desc/radar/host_export_get.md new file mode 100644 index 000000000..dd91b5335 --- /dev/null +++ b/openapi-specs/compute/33-02/desc/radar/host_export_get.md @@ -0,0 +1,10 @@ +Returns the current learned connections from CNNF (for hosts) in JSON format. + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X GET \ + -o \ + https://:8083/api/v1/radar/host/export +``` diff --git a/openapi-specs/compute/33-02/desc/radar/host_get.md b/openapi-specs/compute/33-02/desc/radar/host_get.md new file mode 100644 index 000000000..a12025856 --- /dev/null +++ b/openapi-specs/compute/33-02/desc/radar/host_get.md @@ -0,0 +1,9 @@ +Returns data from Console's Radar page (host view). + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X GET \ + https://:8083/api/v1/radar/host +``` diff --git a/openapi-specs/compute/33-02/desc/radar/radar.md b/openapi-specs/compute/33-02/desc/radar/radar.md new file mode 100644 index 000000000..516a55fca --- /dev/null +++ b/openapi-specs/compute/33-02/desc/radar/radar.md @@ -0,0 +1,2 @@ +Radar is the primary interface for visualizing your environment. +It is designed to let you navigate through all the data Prisma Cloud Compute has collected about your environment. diff --git a/openapi-specs/compute/33-02/desc/radar/serverless_get.md b/openapi-specs/compute/33-02/desc/radar/serverless_get.md new file mode 100644 index 000000000..b2f329149 --- /dev/null +++ b/openapi-specs/compute/33-02/desc/radar/serverless_get.md @@ -0,0 +1,9 @@ +Returns data from Console's Radar page (serverless view). + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X GET \ + https://:8083/api/v1/radar/serverless +``` diff --git a/openapi-specs/compute/33-02/desc/radar/serverless_progress_get.md b/openapi-specs/compute/33-02/desc/radar/serverless_progress_get.md new file mode 100644 index 000000000..a11c1ae20 --- /dev/null +++ b/openapi-specs/compute/33-02/desc/radar/serverless_progress_get.md @@ -0,0 +1,25 @@ +Returns the scan progress from Console's Radar page (serverless view). + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X GET \ + https://:8083/api/v1/radar/serverless/progress +``` + +Example of the return data: + +```json +[ + { + "hostname": "", + "id": "", + "type": "serverlessRadar", + "discovery": false, + "total": 1, + "scanned": 1, + "title": "" + } +] +``` diff --git a/openapi-specs/compute/33-02/desc/radar/serverless_scan_post.md b/openapi-specs/compute/33-02/desc/radar/serverless_scan_post.md new file mode 100644 index 000000000..0d519ba88 --- /dev/null +++ b/openapi-specs/compute/33-02/desc/radar/serverless_scan_post.md @@ -0,0 +1,10 @@ +Initiates a serverless scan of your environments. + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X POST \ + https://:8083/api/v1/radar/serverless/scan +``` + diff --git a/openapi-specs/compute/33-02/desc/radar/serverless_stop_post.md b/openapi-specs/compute/33-02/desc/radar/serverless_stop_post.md new file mode 100644 index 000000000..5c0bdf186 --- /dev/null +++ b/openapi-specs/compute/33-02/desc/radar/serverless_stop_post.md @@ -0,0 +1,9 @@ +Stops an in-progress serverless scan. + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X POST \ + https://:8083/api/v1/radar/serverless/stop +``` diff --git a/openapi-specs/compute/33-02/desc/rbac/rbac.md b/openapi-specs/compute/33-02/desc/rbac/rbac.md new file mode 100644 index 000000000..576735876 --- /dev/null +++ b/openapi-specs/compute/33-02/desc/rbac/rbac.md @@ -0,0 +1,3 @@ +Administrative endpoint to create and manage roles for RBAC. + +Roles management with these endpoints is supported for Compute Edition (self-hosted) only. diff --git a/openapi-specs/compute/33-02/desc/rbac/role_delete.md b/openapi-specs/compute/33-02/desc/rbac/role_delete.md new file mode 100644 index 000000000..87015b6e8 --- /dev/null +++ b/openapi-specs/compute/33-02/desc/rbac/role_delete.md @@ -0,0 +1,12 @@ +This endpoint will delete a specific role by its name from page **Manage > Authentication > Roles** +System roles and roles assigned to users/groups cannot be deleted. + +The following example curl command uses basic auth to delete role: + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X DELETE \ + https://:8083/api/v1/roles/ +``` diff --git a/openapi-specs/compute/33-02/desc/rbac/roles_get.md b/openapi-specs/compute/33-02/desc/rbac/roles_get.md new file mode 100644 index 000000000..4cd1d9bc7 --- /dev/null +++ b/openapi-specs/compute/33-02/desc/rbac/roles_get.md @@ -0,0 +1,11 @@ +This endpoint will return a list in JSON format of the roles can be found under Manage > Authentication > Roles + +The following example curl command uses basic auth to return: + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X GET \ + https://:8083/api/v1/rbac/roles +``` diff --git a/openapi-specs/compute/33-02/desc/rbac/roles_post.md b/openapi-specs/compute/33-02/desc/rbac/roles_post.md new file mode 100644 index 000000000..1f20772ce --- /dev/null +++ b/openapi-specs/compute/33-02/desc/rbac/roles_post.md @@ -0,0 +1,46 @@ +Adds a new custom role to the system. This endpoint accepts one role at a time. + +Create role.json file (example) +The added role must contain the "user" permission with read-write access. This permission contains basic API routes required for every authenticated user. + +``` +[ + { + "perms": [ + { + "name": "monitorCI", + "readWrite": true + }, + { + "name": "downloads", + "readWrite": false + }, + { + "name": "accessUI", + "readWrite": false + }, + { + "name": "uIEventSubscriber", + "readWrite": false + }, + { + "name": "user", + "readWrite": true + } + ], + "name": "runtime manager", + "description": "runtime manager" + } +] +``` + +The following example curl command uses basic auth to create the role: + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X POST \ + --binary-data @role.json \ + https://:8083/api/v1/roles +``` diff --git a/openapi-specs/compute/33-02/desc/rbac/roles_put.md b/openapi-specs/compute/33-02/desc/rbac/roles_put.md new file mode 100644 index 000000000..34d7b41a7 --- /dev/null +++ b/openapi-specs/compute/33-02/desc/rbac/roles_put.md @@ -0,0 +1,47 @@ +Updates a single role by its name. This endpoint accepts one role at a time, and overrides its entire permissions set. +System role cannot be updated. + +Create role.json file (example) +The updated role must contain the "user" permission with read-write access. This permission contains basic API routes required for every authenticated user. + +``` +[ + { + "perms": [ + { + "name": "monitorCI", + "readWrite": true + }, + { + "name": "downloads", + "readWrite": false + }, + { + "name": "accessUI", + "readWrite": false + }, + { + "name": "uIEventSubscriber", + "readWrite": false + }, + { + "name": "user", + "readWrite": true + } + ], + "name": "runtime manager", + "description": "runtime manager" + } +] +``` + +The following example curl command uses basic auth to update the role: + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X PUT \ + --binary-data @role.json \ + https://:8083/api/v1/roles +``` diff --git a/openapi-specs/compute/33-02/desc/recovery/backup_get.md b/openapi-specs/compute/33-02/desc/recovery/backup_get.md new file mode 100644 index 000000000..4da46f356 --- /dev/null +++ b/openapi-specs/compute/33-02/desc/recovery/backup_get.md @@ -0,0 +1,11 @@ +Returns a list of available backups. + +Example curl command: + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X GET \ + https://:8083/api/v1/recovery/backup +``` diff --git a/openapi-specs/compute/33-02/desc/recovery/backup_id_delete.md b/openapi-specs/compute/33-02/desc/recovery/backup_id_delete.md new file mode 100644 index 000000000..ae9c33e90 --- /dev/null +++ b/openapi-specs/compute/33-02/desc/recovery/backup_id_delete.md @@ -0,0 +1,13 @@ +Deletes a given backup by name. + +`{file_name_of_backup} = {backup_name}-18.11.128-1551386737.tar.gz` + +Example curl command: + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X DELETE \ + https://:8083/api/v1/recovery/backup/{file_name_of_backup} +``` diff --git a/openapi-specs/compute/33-02/desc/recovery/backup_id_patch.md b/openapi-specs/compute/33-02/desc/recovery/backup_id_patch.md new file mode 100644 index 000000000..4a78cd67d --- /dev/null +++ b/openapi-specs/compute/33-02/desc/recovery/backup_id_patch.md @@ -0,0 +1,14 @@ +Deletes a given backup by name. + +`{file_name_of_backup} = {backup_name}-18.11.128-1551386737.tar.gz` + +Example curl command: + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X PATCH \ + -d '"{new_name}"' + https://:8083/api/v1/recovery/backup/{file_name_of_backup} +``` diff --git a/openapi-specs/compute/33-02/desc/recovery/backup_post.md b/openapi-specs/compute/33-02/desc/recovery/backup_post.md new file mode 100644 index 000000000..f45161712 --- /dev/null +++ b/openapi-specs/compute/33-02/desc/recovery/backup_post.md @@ -0,0 +1,12 @@ +Creates a backup named `backup_name` by invoking the MongoDB dump process. + +Example curl command: + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X POST \ + -d "{backup_name}" \ + https://:8083/api/v1/recovery/backup +``` diff --git a/openapi-specs/compute/33-02/desc/recovery/recovery.md b/openapi-specs/compute/33-02/desc/recovery/recovery.md new file mode 100644 index 000000000..69c3a521c --- /dev/null +++ b/openapi-specs/compute/33-02/desc/recovery/recovery.md @@ -0,0 +1,4 @@ +Back up and restore Prisma Cloud Compute data. +Prisma Cloud Compute automatically backs up all data and configuration files periodically. +You can view all backups, make new backups, and restore specific backups from the Console UI or API. +You can also restore specific backups using the twistcli command line utility. diff --git a/openapi-specs/compute/33-02/desc/recovery/restore_id_post.md b/openapi-specs/compute/33-02/desc/recovery/restore_id_post.md new file mode 100644 index 000000000..850fceeaa --- /dev/null +++ b/openapi-specs/compute/33-02/desc/recovery/restore_id_post.md @@ -0,0 +1,13 @@ +Restores Prisma Cloud Compute from the given backup. + +`{file_name_of_backup} = {backup_name}-18.11.128-1551386737.tar.gz` + +Example curl command: + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X POST \ + https://:8083/api/v1/recovery/restore/{file_name_of_backup} +``` diff --git a/openapi-specs/compute/33-02/desc/registry/download_get.md b/openapi-specs/compute/33-02/desc/registry/download_get.md new file mode 100644 index 000000000..5a3eb0141 --- /dev/null +++ b/openapi-specs/compute/33-02/desc/registry/download_get.md @@ -0,0 +1,18 @@ +Downloads registry image scan reports in CSV format. + +This endpoint maps to the CSV hyperlink in **Monitor > Compliance > Images > Registries** in the Console UI. + +### cURL Request + +Refer to the following cURL command that generates a CSV file containing the scan reports: + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X GET \ + "https:///api/v/registry/download" \ + > registry_report.csv +``` + +A successful response displays the status of the download. diff --git a/openapi-specs/compute/33-02/desc/registry/get.md b/openapi-specs/compute/33-02/desc/registry/get.md new file mode 100644 index 000000000..e8b87080e --- /dev/null +++ b/openapi-specs/compute/33-02/desc/registry/get.md @@ -0,0 +1,64 @@ +Retrieves registry image scan reports. + +This endpoint maps to **Monitor > Compliance > Images > Registries** in the Console UI. + +Consider the following available options to retrieve when you use the `fields` query parameter: +- labels +- repoTag.repo +- repoTag.registry +- clusters +- hosts +- repoTag.tag + +> **Note:** + * In the Console UI, the images can be found in **Monitor > Vulnerabilities > Images > Registries**. + * The API rate limit for this endpoint is 30 requests per 30 seconds. You get an HTTP error response 429 if the limit exceeds. + * The query parameters `issueType` is not supported for this API endpoint. + + +### cURL Request + +Refer to the following cURL command that retrieves a scan report for all images in the registry: + +``` +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X GET \ + "https:///api/v/registry" +``` + +The compact query can be used to get a general overview of the number of Vulnerabilities and Compliance issue counts rather than listing all the CVEs and compliance violations. + +Refer to the following cURL command that retrieves a compact scan report for the Ubuntu image in the registry: + +``` +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X GET \ + "https:///api/v/registry?name=https:///ubuntu:latest&compact=true" +``` +The name query is synonymous with the filter registry text field in the Console UI. + +Refer to the following cURL that retrieves the scan report for the image in the registry with the matching **sha256** hash: + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X GET \ + "https:///api/v/registry?imageID=sha256:d461f1845c43105d7d686a9cfca9d73b0272b1dcd0381bf105276c978cb02832" +``` + +Refer to the following cURL command that retrieves the images in the first 10 registries: + +``` +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X GET \ + "https:///api/v/registry?limit=10&offset=0&reverse=false" +``` + +A successful response returns the registry scan reports in alphabetical order. diff --git a/openapi-specs/compute/33-02/desc/registry/get_registry_progress.md b/openapi-specs/compute/33-02/desc/registry/get_registry_progress.md new file mode 100644 index 000000000..ddc319c1b --- /dev/null +++ b/openapi-specs/compute/33-02/desc/registry/get_registry_progress.md @@ -0,0 +1,101 @@ +Shows the progress of an ongoing regular or on-demand registry scan. +By default, the API endpoint displays the progress of a regular scan. + +## View regular registry scan progress +For a regular scan, use the API path only without any query parameters. + +> **Note:** The `hostname` and `scanTime` fields will not be populated for `discovery` and `imageScan` parameters in the API response. + +### cURL Request + +Refer to the following example cURL request that retrieves the ongoing scan details for a regular registry scan: + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X GET \ + "https:///api/v/registry/progress" +``` +### cURL Response + +Refer to the following example cURL response: + +```bash +[ + { + "discovery": { + "id": "", + "type": "", + "discovery": false, + "total": 4, + "scanned": 2, + "title": "Step 1/2 discovering tags in registry us-west2-docker.pkg.dev: Discovered tags in 2/4 repositories with 1 Defenders" + }, + "imageScan": { + "id": "", + "type": "", + "discovery": false, + "total": 2, + "scanned": 0, + "title": "Step 2/2 scanning images in registry us-west2-docker.pkg.dev: Scanned 0/2 images with 1 Defender" + }, + "isScanOngoing": true + "specScanStartTime": "0001-01-01T00:00:00Z" + } +] +``` +## View on-demand registry scan progress + +For an on-demand scan that is started using the `/registry/scan` endpoint with the following fields: + +- onDemand: (Mandatory) Set the parameter to `true`. +- repo: (Mandatory) Specify the repository name. +- tag: Specify the image tag (alias of image ID). +- digest: Specify the image digest identifier. + +> **Note:** You must specify either `tag` or `digest` along with the mandatory parameters `onDemand` and `repo` to view the progress. + +### cURL Request + +Refer to the following example cURL request that retrieves the ongoing scan details for an on-demand registry scan that is started using the `/registry/scan` endpoint for the repository `alpine` with tag `3.16`: + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X GET \ + "https:///api/v/registry/progress?onDemand=true&repo=library/alpine&tag=3.16" +``` +### cURL Response + +Refer to the following example cURL response: + +```bash +[ + { + "discovery": { + "id": "", + "type": "", + "discovery": false, + "total": 1, + "scanned": 1, + "title": "Step 1/2 discovering tags in repository: library/alpine, tag: 3.16" + }, + "imageScan": { + "id": "", + "type": "", + "discovery": false, + "total": 1, + "scanned": 1, + "title": "Step 2/2 scanning images in repository: library/alpine, tag: 3.16" + }, + "isScanOngoing": false + "specScanStartTime": "0001-01-01T00:00:00Z" + } +] +``` + +> **Important:** +- If you use on-demand scan related parameters such as `registry`, `repo`, or `tag` but set the query parameter `onDemand` to `false`, you'll get a bad request error (400). +- If an on-demand scan was completed and you get the progress response for that scan (i.e. "isScanOngoing": false), the next progress response for that image will be an empty list: `[]`, until you initiate another on-demand scan for that image. \ No newline at end of file diff --git a/openapi-specs/compute/33-02/desc/registry/names_get.md b/openapi-specs/compute/33-02/desc/registry/names_get.md new file mode 100644 index 000000000..6933a570c --- /dev/null +++ b/openapi-specs/compute/33-02/desc/registry/names_get.md @@ -0,0 +1,15 @@ +Retrieves a list of image names from current scanned registry images. The base `/api/v1/registry` endpoint takes repositories listed in this response as the `names` query. + +_**Note:**_ The query parameters `issueType` is not supported for this API endpoint. + +## cURL Request + +Refer to the following example cURL command that retrieves a list of image names from your scanned registry images: + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X GET \ + https:///api/v/registry/names +``` diff --git a/openapi-specs/compute/33-02/desc/registry/registry.md b/openapi-specs/compute/33-02/desc/registry/registry.md new file mode 100644 index 000000000..41184e2ef --- /dev/null +++ b/openapi-specs/compute/33-02/desc/registry/registry.md @@ -0,0 +1 @@ +Scan reports for images in your registry. diff --git a/openapi-specs/compute/33-02/desc/registry/scan_post.md b/openapi-specs/compute/33-02/desc/registry/scan_post.md new file mode 100644 index 000000000..ce7e19533 --- /dev/null +++ b/openapi-specs/compute/33-02/desc/registry/scan_post.md @@ -0,0 +1,61 @@ +Triggers a new scan for all images when a new image is added to the registry or a new scan for an individual image. + +You can use the scanning feature in the following ways: + +## Regular scan +This feature allows you to trigger a new scan immediately for all the images when a new image is added to the registry or trigger a scan for an individual image. + +Consider the following points for a regular scan: + +* You cannot make multiple parallel scan requests with a regular scan. +* You either need to stop the on-going scan using the `api/vVERSION/registry/stop` or wait for the on-going scan to finish. +For information on stopping a regular scan, see [Stop Registry Scan](https://prisma.pan.dev/api/cloud/cwpp/registry#operation/post-registry-stop) +* You can view the scan result or response for all the images by using the `api/vVERSION/registry` API endpoint. +For information on scan result, see [Get Registry Scan Report](https://prisma.pan.dev/api/cloud/cwpp/registry#operation/get-registry) + +### cURL Request +Refer to the following example cURL command that forces Prisma Cloud Compute to rescan all registry images: + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X POST \ + https:///api/v/registry/scan +``` + +Refer to the following example cURL command that forces Prisma Cloud Compute to re-scan a specific image: + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X POST \ + -d '{"tag":{"registry":"","repo":"","tag":"","digest":""}}'\ + https:///api/v/registry/scan +``` + +## On-demand scan +This feature allows you to trigger a new scan immediately for an individual image and not wait for the next periodic scan. + +**Note**: For an on-demand scan, you must pre-define the image registry scope in the registry scanning configuration. + +Consider the following points for an on-demand scan: + +* You can trigger multiple on-demand image scans without interrupting the main registry scanning process. +* You cannot stop a running on-demand scan, you can only initiate a new parallel scan. +* You can view the on-demand scan result or response by using query parameter `name` that specifies the full image name in the `api/vVERSION/registry` API endpoint. +For information on scan result, see [Get Registry Scan Report](https://pan.dev/prisma-cloud/api/cwpp/get-registry/) + + +### cURL Request +Refer to the following example cURL command to trigger an on-demand scan for an image: + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X POST \ + -d '{“onDemandScan”:true,“tag”:{“registry” :“”,“repo”:“”,“digest”:“”}}' \ + "https:///api/v/registry/scan" +``` diff --git a/openapi-specs/compute/33-02/desc/registry/scan_select_post.md b/openapi-specs/compute/33-02/desc/registry/scan_select_post.md new file mode 100644 index 000000000..c88b28df6 --- /dev/null +++ b/openapi-specs/compute/33-02/desc/registry/scan_select_post.md @@ -0,0 +1 @@ +Sends a registry scan request to all registry scanner defenders \ No newline at end of file diff --git a/openapi-specs/compute/33-02/desc/registry/stop_id_post.md b/openapi-specs/compute/33-02/desc/registry/stop_id_post.md new file mode 100644 index 000000000..72d4cf6e9 --- /dev/null +++ b/openapi-specs/compute/33-02/desc/registry/stop_id_post.md @@ -0,0 +1 @@ +Stops the specific spec's scan or removes it from the queue \ No newline at end of file diff --git a/openapi-specs/compute/33-02/desc/registry/stop_post.md b/openapi-specs/compute/33-02/desc/registry/stop_post.md new file mode 100644 index 000000000..29e103ac1 --- /dev/null +++ b/openapi-specs/compute/33-02/desc/registry/stop_post.md @@ -0,0 +1,13 @@ +Stops current registry scan immediately. + +## cURL Request + +Refer to the following example cURL command that forces Prisma Cloud Compute to stop scanning all registry images: + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X POST \ + https:///api/v/registry/stop +``` diff --git a/openapi-specs/compute/33-02/desc/registry/webhook_webhook_delete.md b/openapi-specs/compute/33-02/desc/registry/webhook_webhook_delete.md new file mode 100644 index 000000000..438e124ed --- /dev/null +++ b/openapi-specs/compute/33-02/desc/registry/webhook_webhook_delete.md @@ -0,0 +1,3 @@ +Listens for registry updates. + +Although this endpoint is supported, no backwards compatibility is offered for it. diff --git a/openapi-specs/compute/33-02/desc/registry/webhook_webhook_post.md b/openapi-specs/compute/33-02/desc/registry/webhook_webhook_post.md new file mode 100644 index 000000000..438e124ed --- /dev/null +++ b/openapi-specs/compute/33-02/desc/registry/webhook_webhook_post.md @@ -0,0 +1,3 @@ +Listens for registry updates. + +Although this endpoint is supported, no backwards compatibility is offered for it. diff --git a/openapi-specs/compute/33-02/desc/sandbox/post.md b/openapi-specs/compute/33-02/desc/sandbox/post.md new file mode 100644 index 000000000..2edd7eef3 --- /dev/null +++ b/openapi-specs/compute/33-02/desc/sandbox/post.md @@ -0,0 +1 @@ +Adds a sandbox scan result, the scan is augmented with geolocation data and returned to the client \ No newline at end of file diff --git a/openapi-specs/compute/33-02/desc/sandbox/sandbox.md b/openapi-specs/compute/33-02/desc/sandbox/sandbox.md new file mode 100644 index 000000000..e69de29bb diff --git a/openapi-specs/compute/33-02/desc/sbom/download_ci_images_get.md b/openapi-specs/compute/33-02/desc/sbom/download_ci_images_get.md new file mode 100644 index 000000000..333675335 --- /dev/null +++ b/openapi-specs/compute/33-02/desc/sbom/download_ci_images_get.md @@ -0,0 +1 @@ +Downloads SBOM file for CI images according to the given options. \ No newline at end of file diff --git a/openapi-specs/compute/33-02/desc/sbom/download_cli_serverless_get.md b/openapi-specs/compute/33-02/desc/sbom/download_cli_serverless_get.md new file mode 100644 index 000000000..78c64ed30 --- /dev/null +++ b/openapi-specs/compute/33-02/desc/sbom/download_cli_serverless_get.md @@ -0,0 +1 @@ +Downloads SBOM file for CLI serverless according to the given options. diff --git a/openapi-specs/compute/33-02/desc/sbom/download_hosts_get.md b/openapi-specs/compute/33-02/desc/sbom/download_hosts_get.md new file mode 100644 index 000000000..248852739 --- /dev/null +++ b/openapi-specs/compute/33-02/desc/sbom/download_hosts_get.md @@ -0,0 +1 @@ +Downloads SBOM file for hosts according to the given options. \ No newline at end of file diff --git a/openapi-specs/compute/33-02/desc/sbom/download_images_get.md b/openapi-specs/compute/33-02/desc/sbom/download_images_get.md new file mode 100644 index 000000000..9b1f588de --- /dev/null +++ b/openapi-specs/compute/33-02/desc/sbom/download_images_get.md @@ -0,0 +1 @@ +Downloads SBOM file for images according to the given options. diff --git a/openapi-specs/compute/33-02/desc/sbom/download_registry_get.md b/openapi-specs/compute/33-02/desc/sbom/download_registry_get.md new file mode 100644 index 000000000..2b50c4e50 --- /dev/null +++ b/openapi-specs/compute/33-02/desc/sbom/download_registry_get.md @@ -0,0 +1 @@ +Downloads SBOM file for registries according to the given options. \ No newline at end of file diff --git a/openapi-specs/compute/33-02/desc/sbom/download_serverless_get.md b/openapi-specs/compute/33-02/desc/sbom/download_serverless_get.md new file mode 100644 index 000000000..53d4014f1 --- /dev/null +++ b/openapi-specs/compute/33-02/desc/sbom/download_serverless_get.md @@ -0,0 +1 @@ +Downloads SBOM file for serverless according to the given options. \ No newline at end of file diff --git a/openapi-specs/compute/33-02/desc/sbom/download_vms_get.md b/openapi-specs/compute/33-02/desc/sbom/download_vms_get.md new file mode 100644 index 000000000..d9488e475 --- /dev/null +++ b/openapi-specs/compute/33-02/desc/sbom/download_vms_get.md @@ -0,0 +1 @@ +Downloads SBOM file for vms according to the given options. \ No newline at end of file diff --git a/openapi-specs/compute/33-02/desc/sbom/sbom_intro.md b/openapi-specs/compute/33-02/desc/sbom/sbom_intro.md new file mode 100644 index 000000000..f67b0b685 --- /dev/null +++ b/openapi-specs/compute/33-02/desc/sbom/sbom_intro.md @@ -0,0 +1 @@ +These endpoints enable you to download the Software Bill of Materials (SBOM) \ No newline at end of file diff --git a/openapi-specs/compute/33-02/desc/scans/download_get.md b/openapi-specs/compute/33-02/desc/scans/download_get.md new file mode 100644 index 000000000..61a0ccc2d --- /dev/null +++ b/openapi-specs/compute/33-02/desc/scans/download_get.md @@ -0,0 +1,18 @@ +Downloads all scan reports from the Jenkins plugin and twistcli in CSV format. + +This endpoint maps to the CSV hyperlink in **Monitor > Vulnerabilities > Images > CI** in the Console UI. + +### cURL Request + +The following cURL command retrieves and saves your Jenkins and twistcli scan reports to a CSV file called `scans_report.csv`: + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X GET \ + https:///api/v/scans/download \ + > scans_report.csv +``` + +A successful response displays the status of the download. diff --git a/openapi-specs/compute/33-02/desc/scans/filter_get.md b/openapi-specs/compute/33-02/desc/scans/filter_get.md new file mode 100644 index 000000000..58550ad35 --- /dev/null +++ b/openapi-specs/compute/33-02/desc/scans/filter_get.md @@ -0,0 +1,11 @@ +Retrieves the list of Jenkins projects that have been scanned by the Jenkins plugin. Each project in the `jobName` array can be used to query the base `api/v1/scans` endpoint to retrieve only scan reports in that Jenkins project. + +The following example curl command uses basic auth to retrieve the list of Jenkins project names: + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X GET \ + https://:8083/api/v1/scans/filters +``` diff --git a/openapi-specs/compute/33-02/desc/scans/get.md b/openapi-specs/compute/33-02/desc/scans/get.md new file mode 100644 index 000000000..e28506972 --- /dev/null +++ b/openapi-specs/compute/33-02/desc/scans/get.md @@ -0,0 +1,33 @@ +Retrieves all scan reports for images scanned by the Jenkins plugin or twistcli. + +This endpoint maps to **Monitor > Vulnerabilities > Images > CI** in the Console UI. + +> _**Note:**_ + * The query parameters `issueType` is not supported for this API endpoint. + * The API rate limit for this endpoint is 30 requests per 30 seconds.You get an HTTP error response 429 if the limit exceeds. + +### cURL Request + +Refer to the following example cURL command that retrieves the scan reports for all images scanned using the Jenkins CI plugin or the twistcli tool: + +``` +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X GET \ + https:///api/v/scans +``` + +To get the report of a specific scan, add query parameters to narrow the scope of the request. + +The following cURL command retrieves the scan report for an image with a SHA256 ID of `sha256:f756e84300d8e53006090573dd33abe5b8cfac3e42d104fc4be37f435fe512f3`. + +``` +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X GET \ + 'https:///api/v/scans?imageID=sha256:f756e84300d8e53006090573dd33abe5b8cfac3e42d104fc4be37f435fe512f3' +``` + +A successful response returns the scan reports. diff --git a/openapi-specs/compute/33-02/desc/scans/id_get.md b/openapi-specs/compute/33-02/desc/scans/id_get.md new file mode 100644 index 000000000..7a342ef60 --- /dev/null +++ b/openapi-specs/compute/33-02/desc/scans/id_get.md @@ -0,0 +1,11 @@ +Retrieves all scan reports for images scanned by the Jenkins plugin or twistcli tool for a specific image with an given `id`. The `id` is `_id` value returned in the base `/api/v1/scans` request. + +The following example curl command uses basic auth to retrieve the scan report for just an image with a SHA256 ID of `5c3385fd2e76c5c16124c077`. + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X GET \ + "https:///api/v/scans/5c3385fd2e76c5c16124c077" +``` \ No newline at end of file diff --git a/openapi-specs/compute/33-02/desc/scans/post.md b/openapi-specs/compute/33-02/desc/scans/post.md new file mode 100644 index 000000000..12fbe6a93 --- /dev/null +++ b/openapi-specs/compute/33-02/desc/scans/post.md @@ -0,0 +1 @@ +Adds a CLI scan result \ No newline at end of file diff --git a/openapi-specs/compute/33-02/desc/scans/scans.md b/openapi-specs/compute/33-02/desc/scans/scans.md new file mode 100644 index 000000000..ff3285bba --- /dev/null +++ b/openapi-specs/compute/33-02/desc/scans/scans.md @@ -0,0 +1 @@ +Retrieve Jenkins and twistcli scan reports. diff --git a/openapi-specs/compute/33-02/desc/scans/sonatype_post.md b/openapi-specs/compute/33-02/desc/scans/sonatype_post.md new file mode 100644 index 000000000..e69de29bb diff --git a/openapi-specs/compute/33-02/desc/scans/vms_post.md b/openapi-specs/compute/33-02/desc/scans/vms_post.md new file mode 100644 index 000000000..291393b44 --- /dev/null +++ b/openapi-specs/compute/33-02/desc/scans/vms_post.md @@ -0,0 +1 @@ +Saves a single VM image scan result. diff --git a/openapi-specs/compute/33-02/desc/scripts/console_sh_get.md b/openapi-specs/compute/33-02/desc/scripts/console_sh_get.md new file mode 100644 index 000000000..d8f02038f --- /dev/null +++ b/openapi-specs/compute/33-02/desc/scripts/console_sh_get.md @@ -0,0 +1,20 @@ +Download the Console set up script for Linux hosts. + +Only users that have a user role of Defender Manager or higher (Operator and Administrator) are permitted to download this file. +For more information about each supported role, see +[User roles](https://docs.twistlock.com/docs/latest/access_control/user_roles.html). + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X GET \ + -o console.sh \ + https://:8083/api/v1/scripts/console.sh +``` + +The script must be made executable before it can run: + +```bash +$ chmod +x console.sh +``` diff --git a/openapi-specs/compute/33-02/desc/scripts/defender_ps1_get.md b/openapi-specs/compute/33-02/desc/scripts/defender_ps1_get.md new file mode 100644 index 000000000..a47616983 --- /dev/null +++ b/openapi-specs/compute/33-02/desc/scripts/defender_ps1_get.md @@ -0,0 +1,17 @@ +Download the Defender set up script for Windows hosts. + +Only users that have a user role of Defender Manager or higher (Operator and Administrator) are permitted to download this file. +For more information about each supported role, see +[User roles](https://docs.twistlock.com/docs/latest/access_control/user_roles.html). + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X GET \ + -o defender.ps1 \ + https://:8083/api/v1/scripts/defender.ps1 +``` + +NOTE: The downloaded script takes a number of parameters to control how Defender is installed. +To see the default parameters, open Console, go to **Manage > Defenders > Deploy**, and examine how the script is configured based on the options you select. diff --git a/openapi-specs/compute/33-02/desc/scripts/defender_sh_get.md b/openapi-specs/compute/33-02/desc/scripts/defender_sh_get.md new file mode 100644 index 000000000..98ad6cf62 --- /dev/null +++ b/openapi-specs/compute/33-02/desc/scripts/defender_sh_get.md @@ -0,0 +1,23 @@ +Download the Defender set up script for Linux hosts. + +Only users that have a user role of Defender Manager or higher (Operator and Administrator) are permitted to download this file. +For more information about each supported role, see +[User roles](https://docs.twistlock.com/docs/latest/access_control/user_roles.html). + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X GET \ + -o defender.sh \ + https://:8083/api/v1/scripts/defender.sh +``` + +The script must be made executable before it can run: + +```bash +$ chmod +x defender.sh +``` + +NOTE: The downloaded script takes a number of parameters to control how Defender is installed. +To see the default parameters, open Console, go to **Manage > Defenders > Deploy**, and examine how the script is configured based on the options you select. diff --git a/openapi-specs/compute/33-02/desc/scripts/scripts.md b/openapi-specs/compute/33-02/desc/scripts/scripts.md new file mode 100644 index 000000000..95aca2460 --- /dev/null +++ b/openapi-specs/compute/33-02/desc/scripts/scripts.md @@ -0,0 +1 @@ +Download the scripts used in the Prisma Cloud Compute environment. diff --git a/openapi-specs/compute/33-02/desc/serverless/download_get.md b/openapi-specs/compute/33-02/desc/serverless/download_get.md new file mode 100644 index 000000000..a8e49ff25 --- /dev/null +++ b/openapi-specs/compute/33-02/desc/serverless/download_get.md @@ -0,0 +1,17 @@ +Downloads all serverless scan reports in CSV format. + +This endpoint maps to the CSV hyperlink in **Monitor > Vulnerabilities > Functions > Scanned functions** in the Console UI. + +### cURL Request + +The following cURL command retrieves a list of all serverless resources monitored by Prisma Cloud Compute and saves the results in a CSV file called `serverless.csv`: + +```bash +$ curl -k \ + -u \ + -X GET \ + 'https:///api/v/serverless/download' \ + > serverless.csv +``` + +A successful response displays the status of the download. diff --git a/openapi-specs/compute/33-02/desc/serverless/embed_post.md b/openapi-specs/compute/33-02/desc/serverless/embed_post.md new file mode 100644 index 000000000..6cce784b8 --- /dev/null +++ b/openapi-specs/compute/33-02/desc/serverless/embed_post.md @@ -0,0 +1,11 @@ +The following curl command uses basic auth to retrieve a list of all Serverless resources that monitored by Prisma Cloud Compute, and save the results to a CSV file: + +```bash +$ curl -k \ + -X POST \ + -H "Content-Type: application/octet-stream" \ + -u \ + --data-binary @ \ + 'http://:8083/api/v1/serverless/embed?runtime=&handler=&function=' \ + -o twistlock_lambda.zip +``` diff --git a/openapi-specs/compute/33-02/desc/serverless/evaluate_post.md b/openapi-specs/compute/33-02/desc/serverless/evaluate_post.md new file mode 100644 index 000000000..f24bf10f4 --- /dev/null +++ b/openapi-specs/compute/33-02/desc/serverless/evaluate_post.md @@ -0,0 +1 @@ +Adds vulnerability data for the given functions. \ No newline at end of file diff --git a/openapi-specs/compute/33-02/desc/serverless/get.md b/openapi-specs/compute/33-02/desc/serverless/get.md new file mode 100644 index 000000000..aee50492f --- /dev/null +++ b/openapi-specs/compute/33-02/desc/serverless/get.md @@ -0,0 +1,21 @@ +Retrieves all scan reports for the serverless functions which Prisma Cloud has been configured to scan. + +> _**Note:**_ + * The API rate limit for this endpoint is 30 requests per 30 seconds. You get an HTTP error response 429 if the limit exceeds. + * The query parameters `issueType` is not supported for this API endpoint. + +This endpoint maps to **Monitor > Vulnerabilities > Functions > Scanned functions** in the Console UI. + +### cURL Request + +Refer to the following example cURL command that retrieves the scan reports for serverless functions: + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X GET \ + https:///api/v/serverless +``` + +A successful response returns the scan reports. diff --git a/openapi-specs/compute/33-02/desc/serverless/names_get.md b/openapi-specs/compute/33-02/desc/serverless/names_get.md new file mode 100644 index 000000000..3cab17092 --- /dev/null +++ b/openapi-specs/compute/33-02/desc/serverless/names_get.md @@ -0,0 +1,13 @@ +Retrieves a list of names of all Serverless resources monitored by Prisma Cloud Compute. + +_**Note:**_ The query parameters `issueType` is not supported for this API endpoint. + +The following curl command uses basic auth to retrieve a list of names of all Serverless resources monitored by Prisma Cloud Compute: + +```bash +$ curl -k \ + -X GET \ + -H "Content-Type: application/json" \ + -u \ + http:///api/v/serverless/names \ +``` diff --git a/openapi-specs/compute/33-02/desc/serverless/scan_post.md b/openapi-specs/compute/33-02/desc/serverless/scan_post.md new file mode 100644 index 000000000..159285349 --- /dev/null +++ b/openapi-specs/compute/33-02/desc/serverless/scan_post.md @@ -0,0 +1,12 @@ +Re-scan all serverless functions immediately. + +### cURL Request + +Refer to the following example cURL command that forces Prisma Cloud Compute to re-scan all serverless functions: + +```bash +$ curl -k \ + -u \ + -X POST \ + https:///api/v/serverless/scan +``` diff --git a/openapi-specs/compute/33-02/desc/serverless/serverless.md b/openapi-specs/compute/33-02/desc/serverless/serverless.md new file mode 100644 index 000000000..5c6846b6c --- /dev/null +++ b/openapi-specs/compute/33-02/desc/serverless/serverless.md @@ -0,0 +1 @@ +Scan reports for your serverless functions. diff --git a/openapi-specs/compute/33-02/desc/serverless/stop_post.md b/openapi-specs/compute/33-02/desc/serverless/stop_post.md new file mode 100644 index 000000000..763710842 --- /dev/null +++ b/openapi-specs/compute/33-02/desc/serverless/stop_post.md @@ -0,0 +1,12 @@ +Stops the ongoing serverless scan. + +### cURL Request + +Refer to the following example cURL command: + +```bash +$ curl -k \ + -u \ + -X POST \ + https:///api/v/serverless/stop +``` diff --git a/openapi-specs/compute/33-02/desc/settings/alerts_get.md b/openapi-specs/compute/33-02/desc/settings/alerts_get.md new file mode 100644 index 000000000..060114c39 --- /dev/null +++ b/openapi-specs/compute/33-02/desc/settings/alerts_get.md @@ -0,0 +1,9 @@ +Retrieves a list of your alert settings. + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X GET \ + https://:8083/api/v1/settings/alerts +``` diff --git a/openapi-specs/compute/33-02/desc/settings/alerts_options_get.md b/openapi-specs/compute/33-02/desc/settings/alerts_options_get.md new file mode 100644 index 000000000..095c1f1b7 --- /dev/null +++ b/openapi-specs/compute/33-02/desc/settings/alerts_options_get.md @@ -0,0 +1,11 @@ +This endpoint will return the alert profile configuration options that can be found in the console under the alert type selection when setting up a new alert profile. + +The following example curl command uses basic auth to retrieve all alert profile configuration options: + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X GET \ + https://:8083/api/v1/settings/alerts/options +``` diff --git a/openapi-specs/compute/33-02/desc/settings/alerts_post.md b/openapi-specs/compute/33-02/desc/settings/alerts_post.md new file mode 100644 index 000000000..3acb8d543 --- /dev/null +++ b/openapi-specs/compute/33-02/desc/settings/alerts_post.md @@ -0,0 +1,17 @@ +Configure alerts. + +The following example curl command sets the aggregation period for alerts to one hour. + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X POST \ + -d \ +'{ + "aggregationPeriodMs": 3600000, + "consoleAddress": "https://:8083", + "securityAdvisorWebhook": "" +}' \ + https://:8083/api/v1/settings/alerts +``` diff --git a/openapi-specs/compute/33-02/desc/settings/certificates_post.md b/openapi-specs/compute/33-02/desc/settings/certificates_post.md new file mode 100644 index 000000000..fbdc8a5a9 --- /dev/null +++ b/openapi-specs/compute/33-02/desc/settings/certificates_post.md @@ -0,0 +1,19 @@ +Sets a certificate authority (CA) to trust and the validity period for client certificates. + +Use client certificates to authenticate commands sent from the Docker client through Prisma Cloud Compute. + +For more information, see [Certificates](https://docs.paloaltonetworks.com/prisma/prisma-cloud/prisma-cloud-admin-compute/configure/certificates). + +## cURL Request + +Refer to the following example cURL request that uses basic auth to set the validity period for client certificates to seven days: + +```bash +curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -w "\nResponse code: %{http_code}\n" \ + -X POST \ + -d '{"certificatePeriodDays": 7} ' \ + "https:///api/v/settings/certificates" +``` diff --git a/openapi-specs/compute/33-02/desc/settings/certs_get.md b/openapi-specs/compute/33-02/desc/settings/certs_get.md new file mode 100644 index 000000000..ba6674a3c --- /dev/null +++ b/openapi-specs/compute/33-02/desc/settings/certs_get.md @@ -0,0 +1,14 @@ +Returns the Subject Alternative Name(s) (SANs) in Console's certificate. +Defenders use these names to connect to Console. + +## cURL Request + +Refer to the following example cURL request that uses basic auth to retrieve the SANs in Console's cert: + +```bash +curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X GET \ + "https:///api/v/settings/certs" +``` diff --git a/openapi-specs/compute/33-02/desc/settings/certs_post.md b/openapi-specs/compute/33-02/desc/settings/certs_post.md new file mode 100644 index 000000000..a6e429006 --- /dev/null +++ b/openapi-specs/compute/33-02/desc/settings/certs_post.md @@ -0,0 +1,31 @@ +Adds or deletes Subject Alternative Name(s) (SANs) in Prisma Cloud Compute's certificate. +Defenders use these names to connect to Prisma Cloud Compute. + +SANs are set in a single shot. +You should first retrieve the list of SANs with the GET method. +Then add or remove entries from the `consoleSAN` array, and post the updated JSON object. + +For more information, see [Certificates](https://docs.paloaltonetworks.com/prisma/prisma-cloud/prisma-cloud-admin-compute/configure/certificates). + +## cURL Request + +Refer to the following example cURL request that uses basic auth to add `node-01.example.com` to the `subjectAltName` field in the certificate: + +```bash +curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -w "\nResponse code: %{http_code}\n" \ + -X POST \ + -d ' + { + "consoleSAN": [ + "10.240.0.34", + "172.17.0.1", + "ian-23.c.cto-sandbox.internal", + "127.0.0.1", + "node-01.example.com" + ] + }' \ + "https:///api/v/settings/certs" +``` diff --git a/openapi-specs/compute/33-02/desc/settings/coderepos_get.md b/openapi-specs/compute/33-02/desc/settings/coderepos_get.md new file mode 100644 index 000000000..6cbfb78cb --- /dev/null +++ b/openapi-specs/compute/33-02/desc/settings/coderepos_get.md @@ -0,0 +1,28 @@ +Retrieves the list of code repositories Prisma Cloud is configured to scan. +It also retrieves a partial webhook URL. + +> _**Note:**_ The API rate limit for this endpoint is 30 requests per 30 seconds. +You get an HTTP error response 429 if the limit exceeds. + +This endpoint maps to **Defend > Vulnerabilities > Code repositories** in the Console UI page. + +* **GitHub repositories scan scope** table data +* URL suffix in **Webhook settings** + +### Webhook + +You can optionally configure your code repositories with a webhook to trigger Prisma Cloud to scan repositories when there are pertinent events (e.g., new code commits). + +Construct the full webhook using Console's publicly accessible DNS name or IP address, plus the webhook URL suffix. + +### cURL Request + +Refer to the following example cURL command that retrieves all code repositories to scan, as well as the webhook URL suffix: + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X GET \ + 'https:///api/v/settings/coderepos' +``` diff --git a/openapi-specs/compute/33-02/desc/settings/coderepos_put.md b/openapi-specs/compute/33-02/desc/settings/coderepos_put.md new file mode 100644 index 000000000..28a679762 --- /dev/null +++ b/openapi-specs/compute/33-02/desc/settings/coderepos_put.md @@ -0,0 +1,68 @@ +Updates the code repositories to scan. +The list of code repositories to scan is updated in a single shot. + +To invoke this endpoint in the Console UI: + +1. Navigate to **Defend > Vulnerabilities > Code repositories**. +2. Under the **GitHub repositories scan scope** table, add a scope item using **+ Add scope** + + **Note:** If your table is not present add an item to the table by clicking **Add the first item**. + +3. Click the **Save** button. + +### General Set up and Scan Process + +This endpoint works hand-in-hand with the `/policies` endpoints. + +**To set up Prisma Cloud to scan your code repositories:** + +1. Add a scan scope with this endpoint (`/settings/coderepos`), where the principle component is the account information for the service that hosts your code repositories. + + For example, specify the the credentials of your GitHub account. + You can further refine the scope by specifying which repos to scan using explicit strings or pattern matching. + Scan all repos by specifying a wildcard. + +2. Prisma Cloud auto-discovers all code repositories in each scan scope. + + The system invokes the GET `/coderepos/discover` endpoint to discover the available repositories using the credential ID provided. + +3. The list of auto-discovered code repositories is passed to the scanner for evaluation. + + The scanner uses the corresponding `/policies/vulnerability/coderepos` endpoint to assess each code repository. + +### cURL Request + +Each scan scope is specified as an element in the endpoint's payload array. +Itemize the repositories to scan in the `repositories` array. +A wildcard tells Prisma Cloud to scan all repos in the account. + +The critical fields for this endpoint are: + +* `type` - Hosting service, such as GitHub (`github`) +* `credentialID` - Credential, from the credentials store, that Prisma Cloud uses to authenticate with the hosting service. +* `repositories` - List of repository names. +The format is `/`. + +Refer to the following example cURL command that overwrites all code repository scan scopes with a single new scan scope: + +```bash +$ curl 'https:///api/v/settings/coderepos' \ + -k \ + -X PUT \ + -u \ + -H 'Content-Type: application/json' \ + -d \ +'[ + { + "type":"github", + "publicOnly":false, + "credentialID":"", + "repositories":[ + "*" + ] + } +]' +``` +This scan scope includes all repositories in the GitHub account that can be accessed with `CREDENTIAL_ID`. + +**Note:** No response will be returned upon successful execution. diff --git a/openapi-specs/compute/33-02/desc/settings/console-certificates_post.md b/openapi-specs/compute/33-02/desc/settings/console-certificates_post.md new file mode 100644 index 000000000..5673af840 --- /dev/null +++ b/openapi-specs/compute/33-02/desc/settings/console-certificates_post.md @@ -0,0 +1,18 @@ +Configures the custom certificate for securing browser access to the Console. + +These settings can be seen in the console under **Manage > Authentication > System Certificates**. + +For the custom TLS certificate for securing browser access, this file must be in the concatenated public cert and private key in PEM format. For more information about this configuration, see [Custom certs for Console access](https://docs.paloaltonetworks.com/prisma/prisma-cloud/30/prisma-cloud-compute-edition-admin/configure/custom_certs_predefined_dir) + +## cURL Request + +Refer to the following example cURL request that uses basic auth and configures the custom certificate to use for securing browser access to the console: + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X POST \ + -d '{"consoleCustomCert":"....."}' \ + "https:///api/v/settings/console-certificate" +``` diff --git a/openapi-specs/compute/33-02/desc/settings/custom-labels_get.md b/openapi-specs/compute/33-02/desc/settings/custom-labels_get.md new file mode 100644 index 000000000..a849dd8a8 --- /dev/null +++ b/openapi-specs/compute/33-02/desc/settings/custom-labels_get.md @@ -0,0 +1,13 @@ +Returns the list of alert labels configured in Prisma Cloud Compute. + +### cURL Request + +Refer to the following example cURL command: + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X GET \ + https:///api/v/settings/custom-labels +``` diff --git a/openapi-specs/compute/33-02/desc/settings/custom-labels_post.md b/openapi-specs/compute/33-02/desc/settings/custom-labels_post.md new file mode 100644 index 000000000..6bb66e706 --- /dev/null +++ b/openapi-specs/compute/33-02/desc/settings/custom-labels_post.md @@ -0,0 +1,14 @@ +Creates a custom alert label to augment audit events. + +### cURL Request + +Refer to the following example cURL command: + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X POST \ + -d "{labels:"new_label"}" \ + "https:///api/v/settings/custom-labels" +``` diff --git a/openapi-specs/compute/33-02/desc/settings/defender_get.md b/openapi-specs/compute/33-02/desc/settings/defender_get.md new file mode 100644 index 000000000..ecb8b6989 --- /dev/null +++ b/openapi-specs/compute/33-02/desc/settings/defender_get.md @@ -0,0 +1,15 @@ +Returns the advanced settings for Defenders. + +### cURL Request + +Refer to the following example cURL command that gets all advanced settings for Defenders: + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X GET \ + 'https:///api/v/settings/defender' +``` + +A successful response returns all advanced settings for Defenders. diff --git a/openapi-specs/compute/33-02/desc/settings/forensic_get.md b/openapi-specs/compute/33-02/desc/settings/forensic_get.md new file mode 100644 index 000000000..9c16b70b9 --- /dev/null +++ b/openapi-specs/compute/33-02/desc/settings/forensic_get.md @@ -0,0 +1,9 @@ +Retrieves the settings for the forensics system. + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X GET \ + https://:8083/api/v1/settings/forensic +``` diff --git a/openapi-specs/compute/33-02/desc/settings/forensic_post.md b/openapi-specs/compute/33-02/desc/settings/forensic_post.md new file mode 100644 index 000000000..31f809d39 --- /dev/null +++ b/openapi-specs/compute/33-02/desc/settings/forensic_post.md @@ -0,0 +1,17 @@ +Configures the forensics system. + +The following example curl command allocates 100 MB of local disk space for container forensic data and 10 MB for host forensics data. + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X POST \ + -d \ +'{ + "enabled": true, + "containerDiskUsageMb": 100, + "hostDiskUsageMb": 10 +}' \ + https://:8083/api/v1/settings/forensic +``` diff --git a/openapi-specs/compute/33-02/desc/settings/initialized_get.md b/openapi-specs/compute/33-02/desc/settings/initialized_get.md new file mode 100644 index 000000000..3134912d1 --- /dev/null +++ b/openapi-specs/compute/33-02/desc/settings/initialized_get.md @@ -0,0 +1,12 @@ +Checks whether Console has been configured with an initial admin account. +After first installing Console, the first thing you must do is create an admin account. + +Example curl command: + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X GET \ + https://:8083/api/v1/settings/initialized +``` diff --git a/openapi-specs/compute/33-02/desc/settings/intelligence-windows_post.md b/openapi-specs/compute/33-02/desc/settings/intelligence-windows_post.md new file mode 100644 index 000000000..c39e256d2 --- /dev/null +++ b/openapi-specs/compute/33-02/desc/settings/intelligence-windows_post.md @@ -0,0 +1,12 @@ +This endpoint will enable or disable the Windows Intelligence Service from **Manage > System > Intelligence** page in the console. + +The following example curl command uses basic auth to enable online updates of Windows vulnerabilities from the intelligence stream: + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X POST \ + -d '{"windowsFeedEnabled":true}' \ + https://:8083/api/v1/settings/intelligence-windows +``` diff --git a/openapi-specs/compute/33-02/desc/settings/intelligence_get.md b/openapi-specs/compute/33-02/desc/settings/intelligence_get.md new file mode 100644 index 000000000..26c694246 --- /dev/null +++ b/openapi-specs/compute/33-02/desc/settings/intelligence_get.md @@ -0,0 +1,13 @@ +Returns the details about the Intelligence Stream configuration. + +### cURL Request + +Refer to the following example cURL command that uses basic auth to retrieve your Intelligence Stream configuration settings. + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X GET \ + "https:///api/v/settings/intelligence" +``` diff --git a/openapi-specs/compute/33-02/desc/settings/intelligence_post.md b/openapi-specs/compute/33-02/desc/settings/intelligence_post.md new file mode 100644 index 000000000..74b06a3a0 --- /dev/null +++ b/openapi-specs/compute/33-02/desc/settings/intelligence_post.md @@ -0,0 +1,21 @@ +Configures the Intelligence Stream. + +For more information, see [Intelligence Stream](https://docs.paloaltonetworks.com/prisma/prisma-cloud/prisma-cloud-admin-compute/technology_overviews/intel_stream) + +### cURL Request + +Refer to the following example cURL command that uses basic auth to configure settings of your Intelligence Stream. + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X POST \ + -d ' { + "windowsFeedEnabled": true, + "enabled": true, + "address": "https://intelligence.example.com", + "token": "", +}' \ + "https:///api/v/settings/intelligence" +``` diff --git a/openapi-specs/compute/33-02/desc/settings/latest-version_get.md b/openapi-specs/compute/33-02/desc/settings/latest-version_get.md new file mode 100644 index 000000000..c443fa7b5 --- /dev/null +++ b/openapi-specs/compute/33-02/desc/settings/latest-version_get.md @@ -0,0 +1,11 @@ +Retrieves the version number of the latest available Prisma Cloud Compute release. + +Example curl command: + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X GET \ + 'https://:8083/api/v1/settings/latest-version' +``` diff --git a/openapi-specs/compute/33-02/desc/settings/latest_version_get.md b/openapi-specs/compute/33-02/desc/settings/latest_version_get.md new file mode 100644 index 000000000..18e436668 --- /dev/null +++ b/openapi-specs/compute/33-02/desc/settings/latest_version_get.md @@ -0,0 +1,9 @@ +This endpoint will return the latest version of the product. + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X GET \ + https://:8083/api/v1/settings/latest-version +``` diff --git a/openapi-specs/compute/33-02/desc/settings/ldap_get.md b/openapi-specs/compute/33-02/desc/settings/ldap_get.md new file mode 100644 index 000000000..4ad0ad0c9 --- /dev/null +++ b/openapi-specs/compute/33-02/desc/settings/ldap_get.md @@ -0,0 +1,34 @@ +Returns the LDAP integration settings. + +## cURL Request + +Refer to the following example cURL request: + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X GET \ + "https:///api/v/settings/ldap" +``` + +## cURL Response + +Refer to the following example cURL response: + +```bash +$ { + "enabled": true, + "url": "ldap://10.176.135.212:379", + "caCert": "", + "searchBase": "", + "groupSearchBase": "ou=Groups,dc=example,dc=org", + "userSearchBase": "ou=Users,dc=example,dc=org", + "accountUpn": "cn=admin,dc=example,dc=org", + "accountPassword": { + "encrypted": "nkMtVY4NN9RccvbVIfLvJw==" + }, + "type": "openldap", + "userSearchIdentifier": "cn" +} +``` diff --git a/openapi-specs/compute/33-02/desc/settings/ldap_post.md b/openapi-specs/compute/33-02/desc/settings/ldap_post.md new file mode 100644 index 000000000..c152c7dc5 --- /dev/null +++ b/openapi-specs/compute/33-02/desc/settings/ldap_post.md @@ -0,0 +1,27 @@ +Configures the LDAP integration. + +For more information, see [Active Directory](https://docs.paloaltonetworks.com/prisma/prisma-cloud/30/prisma-cloud-compute-edition-admin/authentication/active_directory) and [OpenLDAP](https://docs.paloaltonetworks.com/prisma/prisma-cloud/30/prisma-cloud-compute-edition-admin/authentication/openldap) + +## cURL Request + +Refer to the following example cURL command that enables the LDAP integration and specifies the parameters required to integrate with an Active Directory service. + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X POST \ + -d \ +'{ + "enabled": true, + "url": "ldap://ldapserver.example.com:3268", + "searchBase": "dc=example,dc=com", + "accountUpn": "example_service@example.com", + "accountPassword": { + "plain": "pass!-W0RD" + }, + "type": "activedirectory", + "userSearchIdentifier": "userprincipalname" +}' \ + "https:///api/v/settings/ldap" +``` diff --git a/openapi-specs/compute/33-02/desc/settings/license_get.md b/openapi-specs/compute/33-02/desc/settings/license_get.md new file mode 100644 index 000000000..5c792cae8 --- /dev/null +++ b/openapi-specs/compute/33-02/desc/settings/license_get.md @@ -0,0 +1,13 @@ +Returns the details about the installed license. + +## cURL Request + +Refer to the following example cURL request that retrieves the license details. + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X GET \ + "https:///api/v/settings/license" +``` diff --git a/openapi-specs/compute/33-02/desc/settings/license_post.md b/openapi-specs/compute/33-02/desc/settings/license_post.md new file mode 100644 index 000000000..b77800a5f --- /dev/null +++ b/openapi-specs/compute/33-02/desc/settings/license_post.md @@ -0,0 +1,17 @@ +Configures the Prisma Cloud Compute license. +Use this endpoint, along with `/api/v1/signup`, as part of the initial set up flow after Prisma Cloud Compute is first installed. + +For more information, see [Licensing](https://docs.paloaltonetworks.com/prisma/prisma-cloud/prisma-cloud-admin-compute/welcome/licensing). + +## cURL Request + +Refer to the following example cURL request that uses basic auth to set your license: + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X POST \ + -d '{"key": ""}' \ + https:///api/v/settings/license +``` diff --git a/openapi-specs/compute/33-02/desc/settings/logging_get.md b/openapi-specs/compute/33-02/desc/settings/logging_get.md new file mode 100644 index 000000000..6eda3e484 --- /dev/null +++ b/openapi-specs/compute/33-02/desc/settings/logging_get.md @@ -0,0 +1,13 @@ +Returns the logging settings. + +## cURL Request + +Refer to the following example cURL request that uses basic auth to retrieve your logging details. + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X GET \ + "https:///api/v/settings/logging" +``` diff --git a/openapi-specs/compute/33-02/desc/settings/logging_post.md b/openapi-specs/compute/33-02/desc/settings/logging_post.md new file mode 100644 index 000000000..3619d9c0f --- /dev/null +++ b/openapi-specs/compute/33-02/desc/settings/logging_post.md @@ -0,0 +1,30 @@ +Configures the logging settings. +This includes Syslog, Stdout, and Prometheus instrumentation. + +For more information, see [Logging](https://docs.paloaltonetworks.com/prisma/prisma-cloud/30/prisma-cloud-compute-edition-admin/audit/logging). + +## cURL Request + +Refer to the following example cURL request that enables verbose scan output for syslog and stdout: + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X POST \ + -d \ +'{ + "syslog": { + "enabled": true, + "verboseScan": true, + "allProcEvents": false, + "addr": "" + }, + "stdout": { + "enabled": true, + "verboseScan": true, + "allProcEvents": false, + } +}' \ + "https:///api/v/settings/logging" +``` diff --git a/openapi-specs/compute/33-02/desc/settings/logon_get.md b/openapi-specs/compute/33-02/desc/settings/logon_get.md new file mode 100644 index 000000000..1559f2405 --- /dev/null +++ b/openapi-specs/compute/33-02/desc/settings/logon_get.md @@ -0,0 +1,13 @@ +Configures the logon settings. + +## cURL Request + +Refer to the following example cURL request that uses basic auth to retrieve all current logon settings. + +```bash +curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X GET \ + "https:///api/v/settings/logon" +``` diff --git a/openapi-specs/compute/33-02/desc/settings/logon_post.md b/openapi-specs/compute/33-02/desc/settings/logon_post.md new file mode 100644 index 000000000..5c2b60c9f --- /dev/null +++ b/openapi-specs/compute/33-02/desc/settings/logon_post.md @@ -0,0 +1,17 @@ +Configures the timeout for Prisma Cloud Compute sessions. + +For more information, see [Logon Settings](https://docs.paloaltonetworks.com/prisma/prisma-cloud/30/prisma-cloud-compute-edition-admin/configure/logon_settings). + +## cURL Request + +Refer to the following example cURL request that uses basic auth to set the timeout to 900 seconds (15 minutes): + +```bash +curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -w "\nResponse code: %{http_code}\n" \ + -X POST \ + -d '{"sessionTimeoutSec": 900}' \ + "https:///api/v/settings/logon" +``` diff --git a/openapi-specs/compute/33-02/desc/settings/oauth_get.md b/openapi-specs/compute/33-02/desc/settings/oauth_get.md new file mode 100644 index 000000000..6dcf70fb5 --- /dev/null +++ b/openapi-specs/compute/33-02/desc/settings/oauth_get.md @@ -0,0 +1,37 @@ +Returns the OAuth configuration settings. + +## cURL Request + +Refer to the following example cURL request: + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X GET \ + "https:///api/v/settings/oauth" +``` + +## cURL Response + +Refer to the following example cURL response: + +```bash +{ + "enabled": true, + "clientID": "ef3a806a249a31b7d15e", + "clientSecret": { + "encrypted": "O27GsQ7PDX4LrVx6q+A7sMLUAKTbKU3DAYTZyaOhqTqdNwI7raKFCA3/RrmRPUgk" + }, + "providerName": "github", + "authURL": "https://github.com/login/oauth/authorize", + "tokenURL": "https://github.com/login/oauth/access_token", + "groupScope": "", + "groupClaim": "", + "userClaim": "", + "cert": "", + "openshiftBaseURL": "", + "openIDIssuesURL": "", + "providerAlias": "github_ss" +} +``` \ No newline at end of file diff --git a/openapi-specs/compute/33-02/desc/settings/oauth_post.md b/openapi-specs/compute/33-02/desc/settings/oauth_post.md new file mode 100644 index 000000000..c593b9237 --- /dev/null +++ b/openapi-specs/compute/33-02/desc/settings/oauth_post.md @@ -0,0 +1,16 @@ +Configures the OAuth settings. + +For more information, see [GitHub OAuth](https://docs.paloaltonetworks.com/prisma/prisma-cloud/30/prisma-cloud-compute-edition-admin/authentication/oauth2_github) and [OpenShift](https://docs.paloaltonetworks.com/prisma/prisma-cloud/30/prisma-cloud-compute-edition-admin/authentication/oauth2_openshift) + +## cURL Request + +Refer to the following example cURL response: + +```bash +curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X POST \ + -d '{"clientID":"ef3a806a249a31b7d15e","clientSecret":{"encrypted":"O27GsQ7PDX4LrVx6q+A7sMLUAKTbKU3DAYTZyaOhqTqdNwI7raKFCA3/RrmRPUgk"},"providerName":"github","authURL":"https://github.com/login/oauth/authorize","tokenURL":"https://github.com/login/oauth/access_token","providerAlias":"github_ss"}' \ + "https:///api/v/settings/oauth" +``` diff --git a/openapi-specs/compute/33-02/desc/settings/oidc_get.md b/openapi-specs/compute/33-02/desc/settings/oidc_get.md new file mode 100644 index 000000000..ee439622b --- /dev/null +++ b/openapi-specs/compute/33-02/desc/settings/oidc_get.md @@ -0,0 +1,37 @@ +Returns the OpenID Connect configuration settings. + +## cURL Request + +Refer to the following example cURL request: + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X GET \ + "https:///api/v/settings/oidc" +``` + +## cURL Response + +Refer to the following example cURL response: + +```bash +$ { + "enabled": true, + "clientID": "0oajdm6atavfYyJfr4x6", + "clientSecret": { + "encrypted": "rnEk+1be20FLv+BYnDX4s5/T0NOb49hkNkaZQtgiF7K2s65" + }, + "providerName": "", + "authURL": "", + "tokenURL": "", + "groupScope": "groups", + "groupClaim": "groups", + "userClaim": "", + "cert": "", + "openshiftBaseURL": "", + "openIDIssuesURL": "https://ss-123456.okta.com", + "providerAlias": "oidc_okta_ss" +} +``` diff --git a/openapi-specs/compute/33-02/desc/settings/oidc_post.md b/openapi-specs/compute/33-02/desc/settings/oidc_post.md new file mode 100644 index 000000000..e0270247e --- /dev/null +++ b/openapi-specs/compute/33-02/desc/settings/oidc_post.md @@ -0,0 +1,16 @@ +Configures the OpenID Connect settings. + +For more information, see [OIDC](https://docs.paloaltonetworks.com/prisma/prisma-cloud/30/prisma-cloud-compute-edition-admin/authentication/oidc). + +## cURL Request + +Refer to the following example cURL request: + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X GET \ + -d '{"enabled": true,"clientID":"0oajdm6atavfYyJfr4x6","clientSecret":{"encrypted":"rnEk+1be20FLv+BYnDX4s5/T0NOb49hkNkaZQtgiF7K2s65"},"groupScope":"groups","groupClaim":"groups","openIDIssuesURL":"https://ss-123456.okta.com","providerAlias":"oidc_okta_ss"}' \ + "https:///api/v/settings/oidc" +``` \ No newline at end of file diff --git a/openapi-specs/compute/33-02/desc/settings/pcf_get.md b/openapi-specs/compute/33-02/desc/settings/pcf_get.md new file mode 100644 index 000000000..5dc21eb17 --- /dev/null +++ b/openapi-specs/compute/33-02/desc/settings/pcf_get.md @@ -0,0 +1,11 @@ +This endpoint will return settings for PCF (Pivotal Cloud Foundry)Blobstore scanning, which can be found in the console under **Defend > Vulnerabilities > PCF Blobstore**. This requires that you have a defender configured for PCF Blobstore scanning. For more information, see [PCF blobstore scanning](https://docs.twistlock.com/docs/latest/vulnerability_management/pcf_blobstore.html). + +The following example curl command uses basic auth to retrieve the current PCF Blobstore scanning settings: + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X GET \ + https://:8083/api/v1/settings/pcf +``` diff --git a/openapi-specs/compute/33-02/desc/settings/pcf_post.md b/openapi-specs/compute/33-02/desc/settings/pcf_post.md new file mode 100644 index 000000000..139e947cb --- /dev/null +++ b/openapi-specs/compute/33-02/desc/settings/pcf_post.md @@ -0,0 +1,13 @@ +This endpoint will allow for updating settings for PCF (Pivotal Cloud Foundry) Blobstore scanning. + +The following example curl command uses basic auth to set up a PCF Blobstore scanner that scans the last `5` droplets for every droplet in the PCF Blobstore: + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X POST \ + -d '{"cap":"5","cloudControllerAddress":"https://my-cloud-controller.twistlock.com","pattern":"*"}' \ + https://:8083/api/v1/settings/pcf +``` + diff --git a/openapi-specs/compute/33-02/desc/settings/projects_get.md b/openapi-specs/compute/33-02/desc/settings/projects_get.md new file mode 100644 index 000000000..f5dd20395 --- /dev/null +++ b/openapi-specs/compute/33-02/desc/settings/projects_get.md @@ -0,0 +1,24 @@ +Tells you whether the [Projects](https://docs.twistlock.com/docs/latest/deployment_patterns/projects.html) feature is enabled. +Projects are enabled when an instance of Console is designated as master. + +The following example curl command retrieves the state of the Projects feature from Console. + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X GET \ + https://:8083/api/v1/settings/projects +``` + +If you direct the request to a supervisor Console, the response object tells you the URL Central Console (master) uses to communicate with the supervisor Console. +All API calls must be proxied through Central Console, where the request is automatically rerouted to the appropriate supervisor Console. +To retrieve the Projects settings from a supervisor Console, append the `project` query parameter to your request. + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X GET \ + https://:8083/api/v1/settings/projects?project= +``` diff --git a/openapi-specs/compute/33-02/desc/settings/projects_post.md b/openapi-specs/compute/33-02/desc/settings/projects_post.md new file mode 100644 index 000000000..d29f8e9d5 --- /dev/null +++ b/openapi-specs/compute/33-02/desc/settings/projects_post.md @@ -0,0 +1,16 @@ +Enables or disables the [Projects](https://docs.twistlock.com/docs/latest/deployment_patterns/projects.html) feature. +Projects are enabled when an instance of Console is designated as master. + +The following example curl command designates `` as master. + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X POST \ + -d \ +'{ + "master":true + }' \ + https://:8083/api/v1/settings/projects +``` diff --git a/openapi-specs/compute/33-02/desc/settings/proxy_get.md b/openapi-specs/compute/33-02/desc/settings/proxy_get.md new file mode 100644 index 000000000..9a4922d59 --- /dev/null +++ b/openapi-specs/compute/33-02/desc/settings/proxy_get.md @@ -0,0 +1,13 @@ +Returns the proxy settings for Prisma Cloud Compute containers to access the Internet. + +## cURL Request + +Refer to the following example cURL request: + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X GET \ + "https:///api/v/settings/proxy" +``` diff --git a/openapi-specs/compute/33-02/desc/settings/proxy_post.md b/openapi-specs/compute/33-02/desc/settings/proxy_post.md new file mode 100644 index 000000000..a1bdc07ed --- /dev/null +++ b/openapi-specs/compute/33-02/desc/settings/proxy_post.md @@ -0,0 +1,19 @@ +Configures the proxy settings. + +For more information, see [Proxy Settings](https://docs.paloaltonetworks.com/prisma/prisma-cloud/prisma-cloud-admin-compute/configure/proxy). + +## cURL Request + +Refer to the following example cURL request that specifies the proxy to use to access the Internet: + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X POST \ + -d \ +'{ + "httpProxy":"http://proxyserver.example.com:8282" +}' \ + https:///api/v/settings/proxy +``` diff --git a/openapi-specs/compute/33-02/desc/settings/registry_get.md b/openapi-specs/compute/33-02/desc/settings/registry_get.md new file mode 100644 index 000000000..12745005d --- /dev/null +++ b/openapi-specs/compute/33-02/desc/settings/registry_get.md @@ -0,0 +1,25 @@ +Retrieves the list of registries Prisma Cloud is configured to scan. +It also retrieves a partial webhook URL. + +This endpoint maps to the following information on the **Defend > Vulnerabilities > Images > Registry settings** Console UI page: + +* **Registries** table data +* The URL suffix under **Webhooks** + +### Webhook + +You can optionally configure your registry with a webook to trigger Prisma Cloud to scan repositories when there is a pertinent event (e.g. a new image is pushed to the registry). + +Construct the full webhook using the publicly accessible DNS name or IP address, plus the webhook URL suffix. + +### cURL Request + +The following cURL command retrieves all the registries to scan and the URL suffix for the registry's webhook URL suffix. + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X GET \ + 'https:///api/v/settings/registry' +``` diff --git a/openapi-specs/compute/33-02/desc/settings/registry_post.md b/openapi-specs/compute/33-02/desc/settings/registry_post.md new file mode 100644 index 000000000..efabf4e67 --- /dev/null +++ b/openapi-specs/compute/33-02/desc/settings/registry_post.md @@ -0,0 +1,88 @@ +Specifies a single registry to scan. + +Each registry to scan is specified as an item in the `specifications` array. +The POST method appends an entry to the `specifications` array. +In contrast, the PUT method adds all registries in a single shot, completely overwriting any previous configuration by replacing the contents of the `specifications` array. +For more information about the `specifications` array, see the GET endpoint. + +The `version` string specifies the type of registry to scan. +It can be one of the following strings: + +* Amazon EC2 Container Registry: `aws` +* Azure Container Registry: `azure` +* CoreOS Quay: `coreos` +* Docker Registry v2: `2` +* Docker Trusted Registry: `dtr` +* Google Container Registry: `gcr` +* GitLab Container Registry: `gitlab` +* Harbor Registry: `harbor` +* IBM Cloud Container Registry: `bluemix` +* JFrog Artifactory: `jfrog` +* Red Hat OpenShift: `redhat` +* Sonatype Nexus: `sonatype` + +**Note**: From Lagrange 22.11 release or later, you can add a maximum of 19,999 registry entries in **Defend > Vulnerabilities > Images > Registry settings**. + +The API response returns an HTTP 400 error if the number of registry specifications exceeds the maximum allowable limit of 19,999 registry entries. + +**cURL Request** + +Refer to the following example cURL command that configures Prisma Cloud Compute to scan the Ubuntu 16.04 repository on Docker Hub: + +```bash +curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X POST \ + -d ' + { + "version": "2", + "registry": "", + "repository": "library/ubuntu", + "tag": "16.04", + "os": "linux", + "cap": 5, + "hostname": "", + "scanners": 2, + "collections": ["All"] + } ' \ + 'https:///api/v/settings/registry' +``` + +Starting with 30.03, you can directly add a GitLab Container Registry. +To add settings for a GitLab Container Registry, you must specify the following parameters: + +* **version**: Specify the value *gitlab* for GitLab Container Registry. +* **registry**: Specify the GitLab registry URL address. For example, for native registries, you can specify the address as "https://registry.gitlab.com" +* **credentialID**: Specify the GitLab credential that you added in the credential store in Prisma Cloud Compute. For example, an API token that has at least the *read_api* scope. +* **gitlabRegistrySpec**: Specify at least one of the following fields: + * **userID**: Specify your GitLab user ID to add all registries associated with it. + * **projectIDs**: Specify the project IDs to add all registries associated with a GitLab project. + * **groupIDs**: Specify the group ID to add all registries associated with a GitLab group. + * **excludedGroupIDs**: Specify the top-level group IDs that you don't want to add. + +Refer to the following example cURL command: + +```bash +curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X POST \ + -d ' + { + "version":"gitlab", + "registry":"https://registry.gitlab.com", + "namespace":"", + "repository":"", + "tag":"", + "credentialID":"", + "os":"linux", + "harborDeploymentSecurity":false, + "collections":["All"], + "cap":5, + "scanners":2, + "versionPattern":"", + "gitlabRegistrySpec":{"userID":"14631394"} + } ' \ + 'https:///api/v/settings/registry' +``` \ No newline at end of file diff --git a/openapi-specs/compute/33-02/desc/settings/registry_put.md b/openapi-specs/compute/33-02/desc/settings/registry_put.md new file mode 100644 index 000000000..3768914f6 --- /dev/null +++ b/openapi-specs/compute/33-02/desc/settings/registry_put.md @@ -0,0 +1,136 @@ +Updates the registries to scan. +The list of registries to scan is updated in a single shot. + +To invoke this endpoint in the Console UI: + +1. Navigate to **Defend > Vulnerabilities > Images > Registry settings**. +2. Under the **Registries** table, add a registry item using **+ Add registry** +3. Click the **Save** button. + +**Note**: From 22.11 (Lagrange) release or later, you can add a maximum of 19,999 registry entries in **Defend > Vulnerabilities > Images > Registry settings**. + +The API response returns an HTTP 400 error, if the number of registry specifications exceeds the maximum allowable limit of 19,999 registry entries. + +### General Set up and Scan Process + +This endpoint works hand-in-hand with the `/policies` endpoints. + +**To set up a registry for scanning:** + +1. Add your registry account information using this endpoint. + + For example, specify the location and credentials of an ECR registry in your AWS account. + +2. Prisma Cloud auto-discovers the images in the registries specified with this endpoint. + +3. The list of auto-discovered images is passed to the scanner for evaluation. + + The scanner uses the corresponding `/policies/vulnerability/images` and `/policies/compliance/images` endpoints to assess each image. + + +### cURL Request + +Each registry to scan is specified as an item in the `specifications` array. + +**Note**: Submitting a PUT request with the `specifications` array will first erase all the existing Registry entries, and then insert the new `specifications` array from the PUT request. + +An empty body will also erase all the existing Registry entries. For more information, see [Remove a Registry](https://pan.dev/prisma-cloud/api/cwpp/put-settings-registry/#remove-a-registry). + +We recommend that you send a GET scan settings request via [Get Registry Settings](https://pan.dev/prisma-cloud/api/cwpp/get-settings-registry/) and save the JSON response before sending a PUT API request to update the Registry Settings. + +The critical fields for this endpoint are: + +* `registry` - String specifying the registry URL. +* `credentialID` - String specifying the registry credential. +* `version` - String specifying the type of registry to scan and may be one of the following strings: + +Version|Description + ---|--- + `aws`|Amazon EC2 Container Registry + `azure`|Azure Container Registry + `2`|Docker Registry v2 + `dtr`|Docker Trusted Registry + `gcr`|Google Container Registry + `jfrog`|JFrog Artifactory + `sonatype`|Sonatype Nexus + `coreos`|CoreOS Quay + `redhat`|Red Hat OpenShift + `bluemix`|IBM Cloud Container Registry + +The remaining fields in the `specifications` object (e.g., `repository`, `exclusions`, etc.) are optional. +They let you refine the scope of what Prisma Cloud auto-discovers. + +**Note:** An empty string in `registry` implicitly refers to Docker Hub. +In `repository`, use the `library/` namespace to specify a [Docker official image](https://docs.docker.com/docker-hub/official_images/). +To see the current list of Docker official images, see [here](https://github.com/docker-library/official-images/tree/master/library). + +#### Set up a Private Registry for Scanning + +Most registries you'll configure for scanning will be private. +Prisma Cloud needs credentials to access private registries. +To set this up: + +* Create the credentials with the `/credentials` endpoint. +* Retrieve the credential ID from the `/credentials` endpoint (`_id`). +* Create the registry setting with the recommended minimum required fields (`version`, `registry`, and `credentialID`). + +#### Example cURL Request + +The following cURL command overwrites the current list of registries to scan with two new registries: + +* The official Ubuntu 18.04 image in Docker Hub +* All repositories in a private AWS ECR registry + +```bash +$ curl 'https:///api/v/settings/registry' \ + -k \ + -X PUT \ + -u \ + -H 'Content-Type: application/json' \ + -d \ + '{ + "specifications": [ + { + "version": "2", + "registry": "", + "repository": "library/ubuntu", + "tag": "18.04", + "os": "linux", + "cap": 5, + "credentialID": "", + "scanners": 2, + "collections": ["All"] + }, + { + "version": "aws", + "registry": ".dkr.ecr..amazonaws.com", + "os": "linux", + "credentialID": "", + "scanners": 2, + "cap": 5, + "collections": ["All"] + } + ] + }' +``` + +**Note:** No response will be returned upon successful execution. + +### Remove a Registry + +To remove a registry from the list: + +1. Retrieve the current list using the GET method. +2. Remove the entry from the `specifications` JSON array in the response. +3. Use the PUT method to submit the updated JSON object. + +To delete all entries, submit an empty `specifications` array. For example: + +```bash +curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X PUT \ + -d '{"specifications":[]}' \ + https:///api/v/settings/registry +``` diff --git a/openapi-specs/compute/33-02/desc/settings/saml_get.md b/openapi-specs/compute/33-02/desc/settings/saml_get.md new file mode 100644 index 000000000..f2228a440 --- /dev/null +++ b/openapi-specs/compute/33-02/desc/settings/saml_get.md @@ -0,0 +1,13 @@ +Returns the configured SAML settings that is used to authenticate to the Prisma Cloud Compute console. + +## cURL Request + +Refer to the following example cURL request: + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X GET \ + https:///api/v/settings/saml +``` diff --git a/openapi-specs/compute/33-02/desc/settings/saml_post.md b/openapi-specs/compute/33-02/desc/settings/saml_post.md new file mode 100644 index 000000000..0bd9c4a25 --- /dev/null +++ b/openapi-specs/compute/33-02/desc/settings/saml_post.md @@ -0,0 +1,28 @@ +Configures the SAML settings that is used to authenticate to the Prisma Cloud Compute. + +For more information, see [Okta via SAML 2.0](https://docs.paloaltonetworks.com/prisma/prisma-cloud/30/prisma-cloud-compute-edition-admin/authentication/saml), [G Suite via SAML](https://docs.paloaltonetworks.com/prisma/prisma-cloud/30/prisma-cloud-compute-edition-admin/authentication/saml_google_g_suite), [Azure AD via SAML](https://docs.paloaltonetworks.com/prisma/prisma-cloud/30/prisma-cloud-compute-edition-admin/authentication/saml_azure_active_directory), [PingFederate via SAML](https://docs.paloaltonetworks.com/prisma/prisma-cloud/30/prisma-cloud-compute-edition-admin/authentication/saml_ping_federate), and [ADFS via SAML](https://docs.paloaltonetworks.com/prisma/prisma-cloud/30/prisma-cloud-compute-edition-admin/authentication/saml_active_directory_federation_services). + +## cURL Request + +Refer to the following example cURL request that uses the basic auth to set up and enable the SAML integration with Prisma Cloud Compute: + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X POST \ + -d '{ + "enabled": true, + "url": "https://my-adfs-server.twistlock.com/adfs/SSO", + "cert": "", + "issuer": "https://my-adfs-server.twistlock.com/adfs/services/trust", + "type": "adfs", + "audience": "twistlock", + "appId": "", + "tenantId": "", + "appSecret": { + "encrypted": "" + } + }' \ + "https:///api/v/settings/saml" +``` diff --git a/openapi-specs/compute/33-02/desc/settings/scan_get.md b/openapi-specs/compute/33-02/desc/settings/scan_get.md new file mode 100644 index 000000000..5c1df30a2 --- /dev/null +++ b/openapi-specs/compute/33-02/desc/settings/scan_get.md @@ -0,0 +1,13 @@ +Returns the global settings for image, host, container, and registry scanning. + +## cURL Request + +Refer to the following example cURL request: + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X GET \ + "https:///api/v/settings/scan" +``` diff --git a/openapi-specs/compute/33-02/desc/settings/scan_post.md b/openapi-specs/compute/33-02/desc/settings/scan_post.md new file mode 100644 index 000000000..f043d1c9f --- /dev/null +++ b/openapi-specs/compute/33-02/desc/settings/scan_post.md @@ -0,0 +1,25 @@ +Configures the Prisma Cloud Compute scanner settings. + +For more information, see [Configure Scanning](https://docs.paloaltonetworks.com/prisma/prisma-cloud/prisma-cloud-admin-compute/configure/configure_scan_intervals). +## cURL Request + +Refer to the following example cURL request that configures the following scan intervals: + +* Scan registries and serverless functions once per week. +* Scan images, containers, and hosts once per day. + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X POST \ + -d \ +'{ + "imagesScanPeriodMs":86400000, + "containersScanPeriodMs": 86400000, + "systemScanPeriodMs": 86400000, + "serverlessScanPeriodMs": 604800000, + "registryScanPeriodMs":604800000 +}' \ + "https:///api/v/settings/scan" +``` diff --git a/openapi-specs/compute/33-02/desc/settings/secrets_get.md b/openapi-specs/compute/33-02/desc/settings/secrets_get.md new file mode 100644 index 000000000..75e2b32c7 --- /dev/null +++ b/openapi-specs/compute/33-02/desc/settings/secrets_get.md @@ -0,0 +1,11 @@ +This endpoint will return configured secret store already configured in the console. This can be found in the console under **Manage > Authentication > Secrets**. + +The following example curl command retrieves any configured secret stores, as well as the refresh period in hours: + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X GET \ + https://:8083/api/v1/settings/secrets +``` diff --git a/openapi-specs/compute/33-02/desc/settings/secrets_post.md b/openapi-specs/compute/33-02/desc/settings/secrets_post.md new file mode 100644 index 000000000..d302ecdf8 --- /dev/null +++ b/openapi-specs/compute/33-02/desc/settings/secrets_post.md @@ -0,0 +1,32 @@ +Updates the secret store settings found in the console under **Manage > Authentication > Secrets**. + +Please note the data structure returned from endpoint /settings/secrets GET to set in POST + +Refer to the following example curl command that adds a CyberArk secret store to the console with the appID set to `Prisma_Cloud_Compute_Console` and set the URL to `https://services-myca.twistlock.com:10882`: + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X POST \ + -d '{ + "secretsStores": [ + { + "name": "Cyberark", + "type": "cyberark", + "appID": "Prisma_Cloud_Compute_Console", + "url": "https://services-myca.twistlock.com:10882", + "caCert": { + "encrypted": "" + }, + "clientCert": { + "encrypted": "" + }, + "useAWSRole": false, + "region": "", + "credentialId": "", + "roleArn": "" + } + ]}' \ + https://:8083/api/v/settings/secrets +``` diff --git a/openapi-specs/compute/33-02/desc/settings/serverless-scan_get.md b/openapi-specs/compute/33-02/desc/settings/serverless-scan_get.md new file mode 100644 index 000000000..bb8ce06ba --- /dev/null +++ b/openapi-specs/compute/33-02/desc/settings/serverless-scan_get.md @@ -0,0 +1,18 @@ +Retrieves the list of serverless function scan scopes. +Serverless scan scopes specify a region and a credential. + +This endpoint maps to the **Function scope** table data in the **Defend > Vulnerabilities > Functions > Functions** Console UI. + +### cURL Request + +Refer to the following example cURL command that retrieves a list of serverless scan scopes: + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X GET \ + 'https:///api/v/settings/serverless-scan' +``` + +A successful response returns a list of scan scopes. diff --git a/openapi-specs/compute/33-02/desc/settings/serverless-scan_post.md b/openapi-specs/compute/33-02/desc/settings/serverless-scan_post.md new file mode 100644 index 000000000..0be8ba648 --- /dev/null +++ b/openapi-specs/compute/33-02/desc/settings/serverless-scan_post.md @@ -0,0 +1,56 @@ +Adds serverless function providers to scan for vulnerabilities. + +To invoke this endpoint in the Console UI: + +1. Navigate to **Defend > Vulnerabilities > Functions > Functions**. +2. Under the **Function scope** table, add a registry item using **+ Add scope** + + **Note:** If the table is not present, use the **Add the first item** link. + +3. Click the **Save** button. + + +### General Set up and Scan Process + +This endpoint works hand-in-hand with the `/policies` endpoints. + +**To set up a scope for serverless scanning:** + +1. Add your scope information using this endpoint. + + For example, specify a region and credentials for accessing the AWS account. + +2. Prisma Cloud auto-discovers the serverless functions in scope. + +3. The list of auto-discovered serverless functions is passed to the scanner for evaluation. + + The scanner uses the corresponding `/policies/vulnerability/serverless` endpoint to assess each serverless function. + +### cURL Request + +Each scan scope is specified as an element in array. + +The critical fields for this endpoint are: + +* `provider` - Host provider name. For example, `aws` refers to Amazon Web Services. +* `credentialID` - ID of the credentials in the credentials store to authenticate against the service provider. + +Refer to the following example cURL command that adds serverless scan scopes to scan with a new single serverless scan scope. + +```bash +$ curl 'https:///api/v/settings/serverless-scan' \ + -k \ + -X POST \ + -u \ + -H 'Content-Type: application/json' \ + -d \ + '[ + { + "provider": "aws", + "credential":{}, + "credentialID":"IAM Role" + } + ]' +``` + +**Note:** No response will be returned upon successful execution. diff --git a/openapi-specs/compute/33-02/desc/settings/serverless_get.md b/openapi-specs/compute/33-02/desc/settings/serverless_get.md new file mode 100644 index 000000000..b6122c460 --- /dev/null +++ b/openapi-specs/compute/33-02/desc/settings/serverless_get.md @@ -0,0 +1,11 @@ +This endpoint will return any configured serverless function scanners found in **Defend > Vulnerabilities > Functions**. + +The following example curl command uses basic auth to retrieve serverless settings in an array, sorted by Cloud Provider: + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X GET \ + https://:8083/api/v1/settings/serverless +``` diff --git a/openapi-specs/compute/33-02/desc/settings/serverless_post.md b/openapi-specs/compute/33-02/desc/settings/serverless_post.md new file mode 100644 index 000000000..6e26ea1d3 --- /dev/null +++ b/openapi-specs/compute/33-02/desc/settings/serverless_post.md @@ -0,0 +1,23 @@ +This endpoint will add serverless function providers to scan for vulnerabilities. + +The following example curl command uses basic auth to add a serverless account to scan for serverless functions. This is assuming that you already have the [credential](https://docs.twistlock.com/docs/latest/configure/credentials_store.html) added to the console that is needed to scan that provider: + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X POST \ + -d '[ + { + "provider": "aws", + "region": "us-east-1", + "pattern": "*", + "cap": 5, + "useAWSRole": false, + "credential": { + "_id": "AWS" + } + } +]' \ + https://:8083/api/v1/settings/serverless +``` \ No newline at end of file diff --git a/openapi-specs/compute/33-02/desc/settings/serverless_scan_put.md b/openapi-specs/compute/33-02/desc/settings/serverless_scan_put.md new file mode 100644 index 000000000..1b4999575 --- /dev/null +++ b/openapi-specs/compute/33-02/desc/settings/serverless_scan_put.md @@ -0,0 +1,31 @@ +Updates the serverless scan scopes. +All scan scopes are updated in a single shot. + +### cURL Request + +Each scan scope is specified as an element in array. + +The critical fields for this endpoint are: + +* `provider` - Host provider name. For example, `aws` refers to Amazon Web Services. +* `credentialID` - ID of the credentials in the credentials store to authenticate against the service provider. + +Refer to the following example cURL command that overwrites all serverless scan scopes to scan with a new single serverless scan scope: + +```bash +$ curl 'https:///api/v/settings/serverless-scan' \ + -k \ + -X PUT \ + -u \ + -H 'Content-Type: application/json' \ + -d \ + '[ + { + "provider": "aws", + "credential":{}, + "credentialID":"IAM Role" + } + ]' +``` + +**Note:** No response will be returned upon successful execution. \ No newline at end of file diff --git a/openapi-specs/compute/33-02/desc/settings/settings.md b/openapi-specs/compute/33-02/desc/settings/settings.md new file mode 100644 index 000000000..050b83d4a --- /dev/null +++ b/openapi-specs/compute/33-02/desc/settings/settings.md @@ -0,0 +1 @@ +Configure your Prisma Cloud Compute installation. \ No newline at end of file diff --git a/openapi-specs/compute/33-02/desc/settings/system_get.md b/openapi-specs/compute/33-02/desc/settings/system_get.md new file mode 100644 index 000000000..6f893abf0 --- /dev/null +++ b/openapi-specs/compute/33-02/desc/settings/system_get.md @@ -0,0 +1,11 @@ +This endpoint will return all system settings in JSON format. + +The following example curl command does exactly that: + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X GET \ + https://:8083/api/v1/settings/system +``` diff --git a/openapi-specs/compute/33-02/desc/settings/tas_get.md b/openapi-specs/compute/33-02/desc/settings/tas_get.md new file mode 100644 index 000000000..52f392433 --- /dev/null +++ b/openapi-specs/compute/33-02/desc/settings/tas_get.md @@ -0,0 +1,13 @@ +Retrieves Tanzu Application Service (TAS) settings. + +### cURL Request + +Refer to the following example cURL command that retrieves all TAS settings: + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X GET \ + "https:///api/v/settings/tas" +``` \ No newline at end of file diff --git a/openapi-specs/compute/33-02/desc/settings/tas_post.md b/openapi-specs/compute/33-02/desc/settings/tas_post.md new file mode 100644 index 000000000..cd783e3f4 --- /dev/null +++ b/openapi-specs/compute/33-02/desc/settings/tas_post.md @@ -0,0 +1,22 @@ +Sets the Tanzu Application Service (TAS) settings. + +### cURL Request + +Refer to the following example cURL command that configures the TAS settings: + +```bash +$ curl 'https:///api/v/settings/tas' + -k \ + -X POST \ + -u \ + -H 'Content-Type: application/json' \ + -d \ + '[ + { + "cap": 5, + "cloudControllerAddress": "https://example.com", + "hostname": "vm-host", + "pattern": "droplet-name" + } + ]' +``` \ No newline at end of file diff --git a/openapi-specs/compute/33-02/desc/settings/telemetry_get.md b/openapi-specs/compute/33-02/desc/settings/telemetry_get.md new file mode 100644 index 000000000..6460c3fc3 --- /dev/null +++ b/openapi-specs/compute/33-02/desc/settings/telemetry_get.md @@ -0,0 +1,15 @@ +Returns the telemetry settings that anonymously reports the threats and vulnerabilities to Prisma Cloud Compute. + +For more information, see [telemetry](https://docs.paloaltonetworks.com/prisma/prisma-cloud/prisma-cloud-admin-compute/technology_overviews/telemetry) article. + +## cURL Request + +Refer to the following example cURL request that retrieves the settings if telemetry is enabled or not: + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X GET \ + "https:///api/v/settings/telemetry" +``` diff --git a/openapi-specs/compute/33-02/desc/settings/telemetry_post.md b/openapi-specs/compute/33-02/desc/settings/telemetry_post.md new file mode 100644 index 000000000..bc97a6d0f --- /dev/null +++ b/openapi-specs/compute/33-02/desc/settings/telemetry_post.md @@ -0,0 +1,16 @@ +Enables or disables the telemetry feature. + +For more information, see [telemetry](https://docs.paloaltonetworks.com/prisma/prisma-cloud/prisma-cloud-admin-compute/technology_overviews/telemetry) article. + +## cURL Request + +Refer to the following example cURL request that uses basic auth to turn off telemetry: + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X POST \ + -d '{"enabled":false}' \ + "https:///api/v/settings/telemetry" +``` diff --git a/openapi-specs/compute/33-02/desc/settings/trusted_certificate_post.md b/openapi-specs/compute/33-02/desc/settings/trusted_certificate_post.md new file mode 100644 index 000000000..5a2a30bda --- /dev/null +++ b/openapi-specs/compute/33-02/desc/settings/trusted_certificate_post.md @@ -0,0 +1,21 @@ +Adds a certificate to the list of explicitly trusted certificates. + +Use this endpoint to control how users authenticate to Prisma Cloud Compute. +Users employ client certificates to authenticate commands sent from a Docker client through Prisma Cloud Compute. + +> **_NOTE:_** You can only add a custom certificate if the trusted certificates mode is enabled. +For more information, see the `/settings/trusted-certificates` endpoint. + +## cURL Request + +Refer to the following example cURL request that uses basic auth to add a certificate to the list: + +```bash +curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -w "\nResponse code: %{http_code}\n" \ + -X POST \ + -d '{"certificate": "-----BEGIN CERTIFICATE-----\nMIIDUTCCAjmgAwIBAgI......XMKXJA==\n-----END CERTIFICATE-----" }' + "https:///api/v/settings/trusted-certificate" +``` diff --git a/openapi-specs/compute/33-02/desc/settings/trusted_certificates_post.md b/openapi-specs/compute/33-02/desc/settings/trusted_certificates_post.md new file mode 100644 index 000000000..78c07982b --- /dev/null +++ b/openapi-specs/compute/33-02/desc/settings/trusted_certificates_post.md @@ -0,0 +1,21 @@ +Enables authentication for just an explicit list of trusted certificates. + +Use this endpoint to control how users authenticate to Prisma Cloud Compute. +Users employ client certificates to authenticate commands sent from a Docker client through Prisma Cloud Compute. + +> **_NOTE:_** This feature can only be enabled if a custom certificate authority has been configured. +For more information, see the `/settings/certificates` endpoint. + +## cURL Request + +Refer to the following example cURL request that uses basic auth to enable this feature: + +```bash +curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -w "\nResponse code: %{http_code}\n" \ + -X POST \ + -d '{"enabled" : true }' + "https:///api/v/settings/trusted-certificates" +``` diff --git a/openapi-specs/compute/33-02/desc/settings/vm_get.md b/openapi-specs/compute/33-02/desc/settings/vm_get.md new file mode 100644 index 000000000..8043742f5 --- /dev/null +++ b/openapi-specs/compute/33-02/desc/settings/vm_get.md @@ -0,0 +1,15 @@ +Retrieves the list of VM image scan scopes. + +This endpoint maps to the **VM images scope** table data in the **Defend > Vulnerabilities > Hosts > VM images** Console UI. + +### cURL Request + +Refer to the following example cURL command that retrieves all the scopes used for pattern matching on VM functions: + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X GET \ + 'https:///api/v/settings/vm' +``` diff --git a/openapi-specs/compute/33-02/desc/settings/vm_put.md b/openapi-specs/compute/33-02/desc/settings/vm_put.md new file mode 100644 index 000000000..9eda02855 --- /dev/null +++ b/openapi-specs/compute/33-02/desc/settings/vm_put.md @@ -0,0 +1,56 @@ +Updates the list of VM image scan scopes. +The list of scopes are updated in a single shot. + +To invoke this endpoint in the Console UI: + +1. Navigate to **Defend > Vulnerabilities > Hosts > VM images**. +2. Under the **VM images scope** table, add a registry item using **+ Add scope**. + + **Note:** If the **+ Add scope** button is not present, use the **Add the first item** link. + +3. Click the **Save** button. + +### General Set up and Scan Process + +This endpoint works hand-in-hand with the `/policies` endpoints. +Prisma Cloud auto-discovers the VM images in your cloud account according to the scan scopes specified in `/settings/vm`. +The list of auto-discovered VM images is passed to the scanner for evaluation. +The scanner uses the corresponding `/policies/vulnerability/vms` endpoint to assess each VM image. + +### cURL Request + +Each VM image scan scope is specified as an element in the endpoint's payload array. + +The critical fields for this endpoint are: + +* `version` - Cloud provider. +Currently, only Amazon AWS is supported. +* `region` - Region to scan. +* `credentialID` - Credential ID from the credentials store so Prisma Cloud can authenticate with the cloud provider to access the VM images. +* `collections` - Filter for refining the scope of VM images to scan. +You can scope by VM image name and AWS tag. +* `consoleAddr` - Address for Console that Defender (the scanner) can reach over the network to publish scan results. + +Refer to the following example cURL command that overwrites all current scan scopes with single scan scope: + +```bash +$ curl 'https:///api/v/settings/vm' \ + -k \ + -X PUT \ + -u \ + -H 'Content-Type: application/json' \ + -d \ + '[ + { + "version":"aws", + "region":"us-east-1", + "credentialID":"IAM Role", + "collections":[{"name":"All"}], + "cap": 5, + "scanners": 1, + "consoleAddr":"127.0.0.1" + } + ]' +``` + +**Note:** No response will be returned upon successful execution. diff --git a/openapi-specs/compute/33-02/desc/settings/wildfire_get.md b/openapi-specs/compute/33-02/desc/settings/wildfire_get.md new file mode 100644 index 000000000..494d94018 --- /dev/null +++ b/openapi-specs/compute/33-02/desc/settings/wildfire_get.md @@ -0,0 +1 @@ +Returns the wildfire settings. \ No newline at end of file diff --git a/openapi-specs/compute/33-02/desc/signup/post.md b/openapi-specs/compute/33-02/desc/signup/post.md new file mode 100644 index 000000000..1db21df29 --- /dev/null +++ b/openapi-specs/compute/33-02/desc/signup/post.md @@ -0,0 +1,31 @@ +Creates the initial admin user after Console is first installed. + +Although this endpoint is supported, no backwards compatibility is offered for it. + +### cURL Request + +The following cURL command creates the initial admin user with the username `admin` and password `password`. + +```bash +$ curl -k \ + -H 'Content-Type: application/json' \ + -X POST \ + -d '{"username": "admin", "password": "password"}' \ + https:///api/v1/signup +``` + +**Note:** The username and password values are case-sensitive. + +### Responses + +**Success Response:** No response will return if the user creation is successful. + +```bash +{"token", "ACCESS_TOKEN_VALUE"} +``` + +**Error Response:** An error response will return the following response if the initial sign up process was previously completed. + +```bash +{"err":"system already initialized"} +``` diff --git a/openapi-specs/compute/33-02/desc/signup/signup.md b/openapi-specs/compute/33-02/desc/signup/signup.md new file mode 100644 index 000000000..05534013f --- /dev/null +++ b/openapi-specs/compute/33-02/desc/signup/signup.md @@ -0,0 +1,8 @@ +Creates the initial admin user after Console is first installed, to help automation of Console setup. +Invoke this endpoint after Prisma Cloud Compute is first installed. + +You can use this endpoint along with other endpoints to automate the Prisma Cloud Compute installation and setup. +For example, see `POST /api/v1/settings/license` to automate the submission of your license key. + +**Note:** This sign up endpoint can only be executed once from Console *or* the API. +Invoking this endpoint after completion of the initial sign up will result in a `400` error response. diff --git a/openapi-specs/compute/33-02/desc/static/capabilities_get.md b/openapi-specs/compute/33-02/desc/static/capabilities_get.md new file mode 100644 index 000000000..ea119d2a9 --- /dev/null +++ b/openapi-specs/compute/33-02/desc/static/capabilities_get.md @@ -0,0 +1,9 @@ +Returns a list of capabilities used in host models. + +```bash + $ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X GET \ + https://:8083/api/v1/static/capabilities +``` diff --git a/openapi-specs/compute/33-02/desc/static/regions_get.md b/openapi-specs/compute/33-02/desc/static/regions_get.md new file mode 100644 index 000000000..4a07097ee --- /dev/null +++ b/openapi-specs/compute/33-02/desc/static/regions_get.md @@ -0,0 +1,9 @@ +Returns a list of regions used in cloud radar. + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X GET \ + https://:8083/api/v1/static/regions +``` diff --git a/openapi-specs/compute/33-02/desc/static/static.md b/openapi-specs/compute/33-02/desc/static/static.md new file mode 100644 index 000000000..f4a53ca75 --- /dev/null +++ b/openapi-specs/compute/33-02/desc/static/static.md @@ -0,0 +1 @@ +Return lists of constants used throughout the product. diff --git a/openapi-specs/compute/33-02/desc/static/syscalls_get.md b/openapi-specs/compute/33-02/desc/static/syscalls_get.md new file mode 100644 index 000000000..9e2ddcde7 --- /dev/null +++ b/openapi-specs/compute/33-02/desc/static/syscalls_get.md @@ -0,0 +1,10 @@ +Returns a list of the Linux kernel system calls. +Runtime rules for containers can allow-list and deny-list specific system calls. + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X GET \ + https://:8083/api/v1/static/syscalls +``` diff --git a/openapi-specs/compute/33-02/desc/static/vulnerabilities_get.md b/openapi-specs/compute/33-02/desc/static/vulnerabilities_get.md new file mode 100644 index 000000000..cb6acab28 --- /dev/null +++ b/openapi-specs/compute/33-02/desc/static/vulnerabilities_get.md @@ -0,0 +1,12 @@ +Returns a list of static compliance and vulnerability data. +This data can be used for building out reports with the API. +This data can be correlated with the `/api/v1/images` endpoint, specifically the the `complianceVulnerabilities` and `cveVulnerabilities` objects, to generate more thorough reports. + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X GET \ + https://:8083/api/v1/static/vulnerabilities +``` + diff --git a/openapi-specs/compute/33-02/desc/stats/app_firewall_count_get.md b/openapi-specs/compute/33-02/desc/stats/app_firewall_count_get.md new file mode 100644 index 000000000..06641d791 --- /dev/null +++ b/openapi-specs/compute/33-02/desc/stats/app_firewall_count_get.md @@ -0,0 +1 @@ +Returns the number of application firewalls in use. \ No newline at end of file diff --git a/openapi-specs/compute/33-02/desc/stats/compliance.md b/openapi-specs/compute/33-02/desc/stats/compliance.md new file mode 100644 index 000000000..5c5be3991 --- /dev/null +++ b/openapi-specs/compute/33-02/desc/stats/compliance.md @@ -0,0 +1,13 @@ +Returns statistics on the number of compliance issues found on hosts/images/serverless/containers in your environment, organized by day (`_id`). This will also return a list of all of the compliance issues affecting the resources in your environment for each day. + +For the current day, the response will also include detailed compliance stats for each running container and host at the time of the last scan. + +The following example command that uses curl and basic auth to retrieve compliance statistics: + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X GET \ + https://:8083/api/v1/stats/compliance +``` diff --git a/openapi-specs/compute/33-02/desc/stats/compliance_download_get.md b/openapi-specs/compute/33-02/desc/stats/compliance_download_get.md new file mode 100644 index 000000000..63fddf971 --- /dev/null +++ b/openapi-specs/compute/33-02/desc/stats/compliance_download_get.md @@ -0,0 +1 @@ +Downloads the compliance stats \ No newline at end of file diff --git a/openapi-specs/compute/33-02/desc/stats/compliance_get.md b/openapi-specs/compute/33-02/desc/stats/compliance_get.md new file mode 100644 index 000000000..314f6a179 --- /dev/null +++ b/openapi-specs/compute/33-02/desc/stats/compliance_get.md @@ -0,0 +1,22 @@ +Returns compliance statistics, including: + +* Compliance rate by regulation, CIS benchmark, and policy rule. +* Trend of failed compliance checks over time. +* List of all compliance checks with their corresponding compliance rate. + +This endpoint maps to the table in **Monitor > Compliance > Compliance explorer** in the Console UI. + +### cURL Request + +Refer to the following example cURL command that retrieves compliance statistics: + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X GET \ + 'https:///api/v/stats/compliance' +``` + +A successful response returns a summary count of compliance issues. +The response also shows a detailed list of compliance issues for each running container and host. diff --git a/openapi-specs/compute/33-02/desc/stats/compliance_refresh.md b/openapi-specs/compute/33-02/desc/stats/compliance_refresh.md new file mode 100644 index 000000000..b75491a69 --- /dev/null +++ b/openapi-specs/compute/33-02/desc/stats/compliance_refresh.md @@ -0,0 +1,13 @@ +Refreshes the current day's compliance violations counts and list, as well as the affected running resources. + +The response will return exactly what the /statistics/compliance endpoint returns, only with updated statistics for the current day. + +The following example command that uses curl and basic auth to refresh compliance statistics: + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X POST \ + https://:8083/api/v1/stats/compliance +``` diff --git a/openapi-specs/compute/33-02/desc/stats/compliance_refresh_post.md b/openapi-specs/compute/33-02/desc/stats/compliance_refresh_post.md new file mode 100644 index 000000000..541a54d16 --- /dev/null +++ b/openapi-specs/compute/33-02/desc/stats/compliance_refresh_post.md @@ -0,0 +1,16 @@ +Refreshes the current day's list and counts of compliance issues, as well as the list of affected running resources. + +This endpoint returns the same response as `/api/v/stats/compliance`, but with updated data for the current day. + +### cURL Request + +Refer to the following example cURL command that refreshes compliance statistics for the current day: + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X POST \ + 'https:///api/v/stats/compliance/refresh' +``` +A successful response returns a summary count of compliance issues for the current day. The response also shows a detailed list of compliance issues for each running container and host for the current day. diff --git a/openapi-specs/compute/33-02/desc/stats/daily.md b/openapi-specs/compute/33-02/desc/stats/daily.md new file mode 100644 index 000000000..082f58a27 --- /dev/null +++ b/openapi-specs/compute/33-02/desc/stats/daily.md @@ -0,0 +1,11 @@ +Returns daily statistics about the resources protected by Prisma Cloud Compute, including the total number of generated runtime audits, number of image vulnerabilities and compliance violations, etc. + +The following example command that uses curl and basic auth to retrieve daily stats: + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X GET \ + https://:8083/api/v1/stats/daily +``` diff --git a/openapi-specs/compute/33-02/desc/stats/daily_get.md b/openapi-specs/compute/33-02/desc/stats/daily_get.md new file mode 100644 index 000000000..0db89bdc3 --- /dev/null +++ b/openapi-specs/compute/33-02/desc/stats/daily_get.md @@ -0,0 +1,11 @@ +Returns a historical list of per-day statistics for the resources protected by Prisma Cloud Compute, including the total number of runtime audits, image vulnerabilities, and compliance violations. + +The following example command uses curl and basic auth to retrieve the daily stats: + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X GET \ + https:///api/v/stats/daily +``` diff --git a/openapi-specs/compute/33-02/desc/stats/dashboard.md b/openapi-specs/compute/33-02/desc/stats/dashboard.md new file mode 100644 index 000000000..be90a2d32 --- /dev/null +++ b/openapi-specs/compute/33-02/desc/stats/dashboard.md @@ -0,0 +1,11 @@ +Returns daily statistics about the resources protected by Prisma Cloud Compute, including the total number of generated runtime audits, number of image vulnerabilities and compliance violations, etc. + +The following example command that uses curl and basic auth to retrieve dashboard stats: + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X GET \ + https://:8083/api/v1/stats/dashboard +``` diff --git a/openapi-specs/compute/33-02/desc/stats/dashboard_get.md b/openapi-specs/compute/33-02/desc/stats/dashboard_get.md new file mode 100644 index 000000000..601769645 --- /dev/null +++ b/openapi-specs/compute/33-02/desc/stats/dashboard_get.md @@ -0,0 +1,13 @@ +Returns statistics about the resources protected by Prisma Cloud Compute, including the total number of runtime audits, image vulnerabilities, and compliance violations. + +### cURL Request + +Refer to the following example cURL command that retrieves dashboard stats: + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X GET \ + https:///api/v/stats/dashboard +``` diff --git a/openapi-specs/compute/33-02/desc/stats/events_get.md b/openapi-specs/compute/33-02/desc/stats/events_get.md new file mode 100644 index 000000000..3be5eb4e7 --- /dev/null +++ b/openapi-specs/compute/33-02/desc/stats/events_get.md @@ -0,0 +1,37 @@ +Returns events statistics for your environment. + +### cURL Request + +Refer to the following example cURL command retrieves event stats: + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X GET \ + https:///api/v/stats/events +``` + +### Response + + +```json +{ + "containerAppFirewall": 0, + "hostAppFirewall": 0, + "containerRuntime": 0, + "containerNetworkFirewall": 0, + "hostRuntime": 0, + "hostNetworkFirewall": 0, + "hostActivities": 0, + "raspAppFirewall": 0, + "raspRuntime": 0, + "serverlessRuntime": 0, + "logInspection": 0, + "fileIntegrity": 0, + "dockerAccess": 0, + "kubernetesAudits": 0, + "trustAudits": 0 +} +``` + diff --git a/openapi-specs/compute/33-02/desc/stats/license_get.md b/openapi-specs/compute/33-02/desc/stats/license_get.md new file mode 100644 index 000000000..1e7f713ca --- /dev/null +++ b/openapi-specs/compute/33-02/desc/stats/license_get.md @@ -0,0 +1 @@ +Returns the license stats including the credit per defender. \ No newline at end of file diff --git a/openapi-specs/compute/33-02/desc/stats/stats.md b/openapi-specs/compute/33-02/desc/stats/stats.md new file mode 100644 index 000000000..772f66287 --- /dev/null +++ b/openapi-specs/compute/33-02/desc/stats/stats.md @@ -0,0 +1 @@ +Return vulnerability and compliance stats for your environment. diff --git a/openapi-specs/compute/33-02/desc/stats/vulnerabilities.md b/openapi-specs/compute/33-02/desc/stats/vulnerabilities.md new file mode 100644 index 000000000..40c4dd1f1 --- /dev/null +++ b/openapi-specs/compute/33-02/desc/stats/vulnerabilities.md @@ -0,0 +1,13 @@ +Returns statistics on the number of CVEs found on hosts/images/serverless/containers in your environment, organized by day (`_id`). This will also return a list of all of the CVEs affecting the resources in your environment for each day. + +For the current day, the response will also include descriptions of the CVEs currently affecting the resources in your environment. + +The following example command that uses curl and basic auth to retrieve vulnerability statistics: + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X GET \ + https://:8083/api/v1/stats/vulnerabilities +``` diff --git a/openapi-specs/compute/33-02/desc/stats/vulnerabilities_download_get.md b/openapi-specs/compute/33-02/desc/stats/vulnerabilities_download_get.md new file mode 100644 index 000000000..753af8c7f --- /dev/null +++ b/openapi-specs/compute/33-02/desc/stats/vulnerabilities_download_get.md @@ -0,0 +1,26 @@ +Downloads a list of vulnerabilities (CVEs) in the deployed images, registry images, hosts, and serverless functions affecting your environment in a CSV format. + +The response also includes detailed descriptions for each CVE. The data for each CVE, such as impacted packages, highest severity, and so on, is based on the entire environment irrespective of the collections filter, assigned collections, or assigned accounts. + +You can use filters such as `cvssThreshold`, `severityThreshold`, or `collections` as query parameters to get desired results. + +Consider the following observations: +- You cannot use new filters such as **severityThreshold** and **cvssThreshold** with the **collections** filter or when you're assigned with specific collections or accounts. +- The impacted resources and distribution counts are not retrieved when you apply filters or you are assigned with specific collections or accounts. For example, when you apply these filters, the counts in the API `/stats/vulnerabilities` are returned as zero and empty in the API `/stats/vulnerabilites/download`. + +* **cvssThresold**: Retrieves a list of vulnerabilities (CVEs) that matches the specified value of CVSS score or higher. +* **severityThreshold**: Retrieves a list of vulnerabilities (CVEs) that matches the specified value of the severity threshold or higher. +* **collections**: Retrieves a list of vulnerabilities (CVEs) that matches the specified collection name. + +### cURL Request + +Refer to the following example cURL command that downloads a summary count of the CVEs and detailed descriptions for each CVE in a CSV format: + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X GET \ + - o \ + 'https:///api/v/stats/vulnerabilities/download' +``` \ No newline at end of file diff --git a/openapi-specs/compute/33-02/desc/stats/vulnerabilities_get.md b/openapi-specs/compute/33-02/desc/stats/vulnerabilities_get.md new file mode 100644 index 000000000..2fe5d4e18 --- /dev/null +++ b/openapi-specs/compute/33-02/desc/stats/vulnerabilities_get.md @@ -0,0 +1,32 @@ +Returns a list of vulnerabilities (CVEs) in the deployed images, registry images, hosts, and serverless functions affecting your environment. + +The response also includes detailed descriptions for each CVE. The data for each CVE, such as impacted packages, highest severity, and so on, is based on the entire environment irrespective of the collections filter, assigned collections, or assigned accounts. + +This endpoint maps to the table in **Monitor > Vulnerabilities > Vulnerability explorer** in the Console UI. + +You can use filters such as `cvssThreshold`, `severityThreshold`, or `collections` as query parameters to get desired results. + +Consider the following observations: +- You cannot use new filters such as **severityThreshold** and **cvssThreshold** with the **collections** filter or when you're assigned with specific collections or accounts. +- The impacted resources and distribution counts are not retrieved when you apply filters or you are assigned with specific collections or accounts. For example, when you apply these filters, the counts in the API `/stats/vulnerabilities` are returned as zero and empty in the API `/stats/vulnerabilities/download`. +**Note**: This is supported only for the System Admin role. + +* **cvssThreshold**: Retrieves a list of vulnerabilities (CVEs) that matches the specified value of CVSS score or higher. +* **severityThreshold**: Retrieves a list of vulnerabilities (CVEs) that matches the specified value of the severity threshold or higher. +* **collections**: Retrieves a list of vulnerabilities (CVEs) that matches the specified collection name. + +### cURL Request + +Refer to the following example cURL command that retrieves a summary count of the CVEs and detailed descriptions for each CVE: + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X GET \ + 'https:///api/v/stats/vulnerabilities' +``` + +### cURL Response + +A successful response returns a summary count of the CVEs and detailed descriptions for each CVE. diff --git a/openapi-specs/compute/33-02/desc/stats/vulnerabilities_impacted_resources_download_get.md b/openapi-specs/compute/33-02/desc/stats/vulnerabilities_impacted_resources_download_get.md new file mode 100644 index 000000000..0821d6a9f --- /dev/null +++ b/openapi-specs/compute/33-02/desc/stats/vulnerabilities_impacted_resources_download_get.md @@ -0,0 +1,24 @@ +Downloads a list of impacted resources for a specific vulnerability in a CSV format. +This endpoint returns a list of all deployed images, registry images, hosts, and serverless functions affected by a given CVE. + +You can use filters such as `cvssThreshold`, `severityThreshold`, or `collections` as query parameters to get desired results. + +Consider the following observations: +- You cannot use new filters such as **severityThreshold** and **cvssThreshold** with the **collections** filter or when you're assigned with specific collections or accounts. + +* **cvssThresold**: Retrieves a list of vulnerabilities (CVEs) that matches the specified value of CVSS score or higher. +* **severityThreshold**: Retrieves a list of vulnerabilities (CVEs) that matches the specified value of the severity threshold or higher. +* **collections**: Retrieves a list of vulnerabilities (CVEs) that matches the specified collection name. + +### cURL Request + +Refer to the following example cURL command that downloads a list of impacted resources for `CVE-2015-0313` in a CSV format: + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X GET \ + -o \ + "https:///api/v/stats/vulnerabilities/impacted-resources/download?cve=CVE-2015-0313" +``` \ No newline at end of file diff --git a/openapi-specs/compute/33-02/desc/stats/vulnerabilities_impacted_resources_get.md b/openapi-specs/compute/33-02/desc/stats/vulnerabilities_impacted_resources_get.md new file mode 100644 index 000000000..c1e6d0ba2 --- /dev/null +++ b/openapi-specs/compute/33-02/desc/stats/vulnerabilities_impacted_resources_get.md @@ -0,0 +1,116 @@ +Generates a list of impacted resources for a specific vulnerability. +This endpoint returns a list of all deployed images, registry images, hosts, and serverless functions affected by a given CVE. + +Prisma Cloud Compute recalculates the stats for your environment every 24 hours. +Alternatively, you can manually update the stats by clicking the Refresh button in Vulnerability Explorer. + +You can use filters such as `cvssThreshold`, `severityThreshold`, or `collections` as query parameters to get desired results. + +Consider the following observations: +- You cannot use new filters such as **severityThreshold** and **cvssThreshold** with the **collections** filter or when you're assigned with specific collections or accounts. + +* **cvssThresold**: Retrieves a list of vulnerabilities (CVEs) that matches the specified value of CVSS score or higher. +* **severityThreshold**: Retrieves a list of vulnerabilities (CVEs) that matches the specified value of the severity threshold or higher. +* **collections**: Retrieves a list of vulnerabilities (CVEs) that matches the specified collection name. + +### cURL Request + +Refer to the following example cURL command that retrieves a list of impacted resources for `CVE-2022-28391`: + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X GET \ + 'https:///api/v/stats/vulnerabilities/impacted-resources?cve=CVE-2022-28391' +``` +### cURL Response + +Refer to the following example JSON response that shows the risk tree for the impacted resources: + +```bash +{ + "_id": "CVE-2022-28391", + "images": [ + { + "resourceID": "sha256:a787cb9865032e5b5a407ecdf34b57a23a4a076aaa043d71742ddb6726ec9229", + "containers": [ + { + "image": "alpine:3.11", + "container": "mystifying_banzai", + "host": "jen-sle12-dock-0911t162051-cont-def-pre-lngcon231.c.twistlock-test-247119.internal", + "factors": { + "rootPrivilege": true + } + }, + { + "image": "alpine:3.11", + "container": "compassionate_austin", + "host": "jen-sle15-dock-0911t162051-cont-def-pre-lngcon231.c.twistlock-test-247119.internal", + "factors": { + "rootPrivilege": true + } + }, + ... + }, + { + "resourceID": "sha256:fcd5d51fc526ef1ff7cf2e94aa91be39d052874057ff603b66b9b461386fae93", + "containers": [ + { + "image": "infoslack/dvwa:latest", + "factors": {} + } + ] + }, + { + "resourceID": "sha256:bc6b65772f298854ea0dca7d562684cb835f2f677e0e2ea1863b4566f29dcac1", + "containers": [ + { + "image": "ghcr.io/christophetd/log4shell-vulnerable-app:latest", + "factors": {} + } + ] + }, + ... + ], + "hosts": [ + { + "resourceID": "jen-ubu2204-dock-0911t162051-cont-def-pre-lngcon231.c.twistlock-test-247119.internal" + }, + { + "resourceID": "jen-ubu2004-dock-0911t162051-cont-def-pre-lngcon231.c.twistlock-test-247119.internal" + }, + ... + ], + "imagesCount": 5, + "hostsCount": 21, + "functionsCount": 0, + "codeReposCount": 0, + "registryImagesCount": 0 +} +``` + +### cURL Request + +Refer to the following example cURL command that retrieves a the impacted registry images `CVE-2015-0313` by using an optional query parameter `resourceType`: + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X GET \ + 'https:///api/v/stats/vulnerabilities/impacted-resources?cve=CVE-2015-0313&resourceType=registryImage' +``` +**Note**: The API returns the impacted registry images only when you use the optional `resourceType` parameter with value `registryImage`. + +### cURL Request + +Refer to the following example cURL command that retrieves a paginated list of impacted resources for `CVE-2015-0313` by using optional query parameters `limit` and `offset`: + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X GET \ + 'https:///api/v/stats/vulnerabilities/impacted-resources?cve=CVE-2015-0313&offset=10&limit=100' +``` \ No newline at end of file diff --git a/openapi-specs/compute/33-02/desc/stats/vulnerabilities_refresh.md b/openapi-specs/compute/33-02/desc/stats/vulnerabilities_refresh.md new file mode 100644 index 000000000..505a99d98 --- /dev/null +++ b/openapi-specs/compute/33-02/desc/stats/vulnerabilities_refresh.md @@ -0,0 +1,13 @@ +Refreshes the current day's CVE counts and CVE list, as well as their descriptions. + +The response will return exactly what the /statistics/vulnerabilities endpoint returns, only with updated statistics for the current day. + +The following example command that uses curl and basic auth to refresh vulnerability statistics: + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X POST \ + https://:8083/api/v1/stats/vulnerabilities/refresh +``` diff --git a/openapi-specs/compute/33-02/desc/stats/vulnerabilities_refresh_post.md b/openapi-specs/compute/33-02/desc/stats/vulnerabilities_refresh_post.md new file mode 100644 index 000000000..1e3210e18 --- /dev/null +++ b/openapi-specs/compute/33-02/desc/stats/vulnerabilities_refresh_post.md @@ -0,0 +1,16 @@ +Refreshes the current day's CVE counts and CVE list, as well as their descriptions. + +This endpoint returns the same response as `/api/v/stats/vulnerabilities`, but with updated data for the current day. + +### cURL Request + +Refer to the following example cURL command that refreshes the vulnerability statistics for current day: + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X POST \ + 'https:///api/v/stats/vulnerabilities/refresh' +``` +A successful response returns a summary count of the CVEs and detailed descriptions for each CVE for the current day. diff --git a/openapi-specs/compute/33-02/desc/stats/workload_get.md b/openapi-specs/compute/33-02/desc/stats/workload_get.md new file mode 100644 index 000000000..a25deed5c --- /dev/null +++ b/openapi-specs/compute/33-02/desc/stats/workload_get.md @@ -0,0 +1,23 @@ +Returns the workload statistics from Console. + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X GET \ + https://:8083/api/v1/stats/workload +``` + +Here is an example of when would be returned: + +```json +{ + "Timestamp": "0001-01-01T00:00:00Z", + "HourSamples": 0, + "HourAvg": 0, + "DailySamples": null, + "exceeded": false, + "avg": 0, + "msg": "" +} +``` diff --git a/openapi-specs/compute/33-02/desc/statuses/buildah_get.md b/openapi-specs/compute/33-02/desc/statuses/buildah_get.md new file mode 100644 index 000000000..764b5413e --- /dev/null +++ b/openapi-specs/compute/33-02/desc/statuses/buildah_get.md @@ -0,0 +1 @@ +Returns the buildah status. \ No newline at end of file diff --git a/openapi-specs/compute/33-02/desc/statuses/intelligence.md b/openapi-specs/compute/33-02/desc/statuses/intelligence.md new file mode 100644 index 000000000..74da8c7ff --- /dev/null +++ b/openapi-specs/compute/33-02/desc/statuses/intelligence.md @@ -0,0 +1,11 @@ +Returns the connection status of the intelligence stream and the last intelligence stream update. + +The following is an example curl using basic auth to find the intelligence stream status: + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X GET \ + https://:8083/api/v1/statuses/intelligence +``` diff --git a/openapi-specs/compute/33-02/desc/statuses/intelligence_get.md b/openapi-specs/compute/33-02/desc/statuses/intelligence_get.md new file mode 100644 index 000000000..c18dd9611 --- /dev/null +++ b/openapi-specs/compute/33-02/desc/statuses/intelligence_get.md @@ -0,0 +1,11 @@ +Returns the connection status for the Intelligence Stream, along with the time of the last update. + +The following is an example curl using basic auth to find the intelligence stream status: + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X GET \ + https://:8083/api/v1/statuses/intelligence +``` diff --git a/openapi-specs/compute/33-02/desc/statuses/registry_get.md b/openapi-specs/compute/33-02/desc/statuses/registry_get.md new file mode 100644 index 000000000..427c4915c --- /dev/null +++ b/openapi-specs/compute/33-02/desc/statuses/registry_get.md @@ -0,0 +1,29 @@ +Returns the status of a regular registry scan that might include the following information: +- Scan is completed: `"completed": true` +- Scan is ongoing. +- Errors: 10 most recent aggregated errors that occured during the scan with error messages such as: + - "Failed to retrieve repositories info..." + - "Failed to query image details..." + - "No available Defender was found" + +To view the more details about the progress of a regular or on-demand registry scan, use the `/registry/progress` API endpoint. + +### cURL Request + +Refer to the following example cURL command: + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X GET \ + https:///api/v/statuses/registry +``` +### Response + +```json +{ + "scanTime": "2019-07-31T19:42:49.036311567Z", + "completed": true +} +``` \ No newline at end of file diff --git a/openapi-specs/compute/33-02/desc/statuses/secrets_get.md b/openapi-specs/compute/33-02/desc/statuses/secrets_get.md new file mode 100644 index 000000000..510f15161 --- /dev/null +++ b/openapi-specs/compute/33-02/desc/statuses/secrets_get.md @@ -0,0 +1,11 @@ +Returns the connection status of any secret stores you have configured, as well as the last update to the secret store. + +The following is an example curl using basic auth to find the secret store status: + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X GET \ + https://:8083/api/v1/statuses/secrets +``` diff --git a/openapi-specs/compute/33-02/desc/statuses/serverless-radar_get.md b/openapi-specs/compute/33-02/desc/statuses/serverless-radar_get.md new file mode 100644 index 000000000..3bfdbb5bf --- /dev/null +++ b/openapi-specs/compute/33-02/desc/statuses/serverless-radar_get.md @@ -0,0 +1,9 @@ +Returns the status of the serverless scans. + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X GET \ + https://:8083/api/v1/statuses/serverless-radar +``` diff --git a/openapi-specs/compute/33-02/desc/statuses/statuses.md b/openapi-specs/compute/33-02/desc/statuses/statuses.md new file mode 100644 index 000000000..c5f68b29e --- /dev/null +++ b/openapi-specs/compute/33-02/desc/statuses/statuses.md @@ -0,0 +1 @@ +Return connection and scan statuses for the various Prisma Cloud Compute subsystems. diff --git a/openapi-specs/compute/33-02/desc/tags/get.md b/openapi-specs/compute/33-02/desc/tags/get.md new file mode 100644 index 000000000..6da7ad135 --- /dev/null +++ b/openapi-specs/compute/33-02/desc/tags/get.md @@ -0,0 +1,14 @@ +Retrieves a list of tags. + +### cURL Request + +Refer to the following example cURL command that retrieves a list of tags: + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X GET \ + "https:///api/v/tags" +``` +A successful response returns a list of defined tags. \ No newline at end of file diff --git a/openapi-specs/compute/33-02/desc/tags/img/CentOS-Vuln-Bin-Package-CVE-tagged-Ignored-Vuln.png b/openapi-specs/compute/33-02/desc/tags/img/CentOS-Vuln-Bin-Package-CVE-tagged-Ignored-Vuln.png new file mode 100644 index 000000000..ae8deb86f Binary files /dev/null and b/openapi-specs/compute/33-02/desc/tags/img/CentOS-Vuln-Bin-Package-CVE-tagged-Ignored-Vuln.png differ diff --git a/openapi-specs/compute/33-02/desc/tags/img/CentOS-Vuln-Bin-Package-Info.png b/openapi-specs/compute/33-02/desc/tags/img/CentOS-Vuln-Bin-Package-Info.png new file mode 100644 index 000000000..0fb452cde Binary files /dev/null and b/openapi-specs/compute/33-02/desc/tags/img/CentOS-Vuln-Bin-Package-Info.png differ diff --git a/openapi-specs/compute/33-02/desc/tags/img/Tagged-Vulnerability.png b/openapi-specs/compute/33-02/desc/tags/img/Tagged-Vulnerability.png new file mode 100644 index 000000000..f289b080c Binary files /dev/null and b/openapi-specs/compute/33-02/desc/tags/img/Tagged-Vulnerability.png differ diff --git a/openapi-specs/compute/33-02/desc/tags/img/Tagging-only-Vulnerability.png b/openapi-specs/compute/33-02/desc/tags/img/Tagging-only-Vulnerability.png new file mode 100644 index 000000000..b7425204d Binary files /dev/null and b/openapi-specs/compute/33-02/desc/tags/img/Tagging-only-Vulnerability.png differ diff --git a/openapi-specs/compute/33-02/desc/tags/img/Ubuntu-Vuln-Bin-Package-CVE-tagged-Ignored-Vuln.png b/openapi-specs/compute/33-02/desc/tags/img/Ubuntu-Vuln-Bin-Package-CVE-tagged-Ignored-Vuln.png new file mode 100644 index 000000000..067d1bd30 Binary files /dev/null and b/openapi-specs/compute/33-02/desc/tags/img/Ubuntu-Vuln-Bin-Package-CVE-tagged-Ignored-Vuln.png differ diff --git a/openapi-specs/compute/33-02/desc/tags/img/Ubuntu-Vuln-Bin-Package-Info.png b/openapi-specs/compute/33-02/desc/tags/img/Ubuntu-Vuln-Bin-Package-Info.png new file mode 100644 index 000000000..67e9a2001 Binary files /dev/null and b/openapi-specs/compute/33-02/desc/tags/img/Ubuntu-Vuln-Bin-Package-Info.png differ diff --git a/openapi-specs/compute/33-02/desc/tags/name_delete.md b/openapi-specs/compute/33-02/desc/tags/name_delete.md new file mode 100644 index 000000000..2ed010e57 --- /dev/null +++ b/openapi-specs/compute/33-02/desc/tags/name_delete.md @@ -0,0 +1,14 @@ +Deletes a tag from the system. + +### cURL Request + +Refer to the following example cURL command that deletes a tag named *my tag*: + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X DELETE \ + "https:///api/v/tags/my%20tag" +``` +A space must be encoded with the value `%20` as specified here in [unsafe characters in a URL](https://www.ietf.org/rfc/rfc1738.txt). \ No newline at end of file diff --git a/openapi-specs/compute/33-02/desc/tags/name_put.md b/openapi-specs/compute/33-02/desc/tags/name_put.md new file mode 100644 index 000000000..cbaea40d3 --- /dev/null +++ b/openapi-specs/compute/33-02/desc/tags/name_put.md @@ -0,0 +1,23 @@ +Updates the parameters in a given tag. + +You must define all parameters in your PUT request. + +**Note:** `""` (an empty string) is automatically assigned for any unspecified field. + +### cURL Request + +Refer to the following example cURL command that updates the parameters in a tag named `my_tag`: + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X PUT \ + -d \ +'{ + "name": "my_tag2", + "color": "#ff0000", + "description": "A super cool tag" + }' \ + "https:///api/v/tags/my_tag" +``` diff --git a/openapi-specs/compute/33-02/desc/tags/post.md b/openapi-specs/compute/33-02/desc/tags/post.md new file mode 100644 index 000000000..d55ae8b96 --- /dev/null +++ b/openapi-specs/compute/33-02/desc/tags/post.md @@ -0,0 +1,22 @@ +Creates a tag that helps you manage the vulnerabilities in your environment. +You can use tags as policy exceptions or assign them to vulnerabilities for action. + +**Note:** `""` (an empty string) is automatically assigned for any unspecified field. + +### cURL Request + +Refer to the following example cURL command that creates a tag named "my-tag": + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X POST \ + -d \ +'{ + "name": "my-tag", + "color": "#ff0000", + "description": "A test collection" + }' \ + "https:///api/v/tags" +``` diff --git a/openapi-specs/compute/33-02/desc/tags/tag_cve_delete.md b/openapi-specs/compute/33-02/desc/tags/tag_cve_delete.md new file mode 100644 index 000000000..8caed79cf --- /dev/null +++ b/openapi-specs/compute/33-02/desc/tags/tag_cve_delete.md @@ -0,0 +1,20 @@ +Removes a tag from a vulnerability. +When you delete a tag, the tag is deleted from a wider scope. All the packages and resources that were in scope will be untagged. + +### cURL Request + +Refer to the following example cURL command that removes the tag named `ignored` from the CVE `CVE-2017-15088`: + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X DELETE \ + -d \ +'{ + "id": "CVE-2017-15088", + "packageName": "krb5" + }' \ + "https:///api/v/tags/ignored/vuln" +``` + diff --git a/openapi-specs/compute/33-02/desc/tags/tag_cve_post.md b/openapi-specs/compute/33-02/desc/tags/tag_cve_post.md new file mode 100644 index 000000000..966a80bd8 --- /dev/null +++ b/openapi-specs/compute/33-02/desc/tags/tag_cve_post.md @@ -0,0 +1,169 @@ +Sets a tag to a vulnerability based on Common Vulnerability and Exposures (CVE) ID, package, and resource. + +**Consider the following scenarios**: + - When you apply a tag to a vulnerability only on a package, the tag applies to the vulnerability in all the resources related to it. + - When you apply a tag only to a vulnerability, the tag applies to the vulnerability in all the packages and resources related to it. + - When you apply a tag to a vulnerability on a resource type, specify the scope of the resources using either a wildcard "*" or resource names. + +A vulnerability can be found in a source package or a binary package. +The vulnerability feed reports CVE data either on source packages or binary packages. +For example, Debian and Ubuntu report CVEs on the source package, while RHEL reports on binary packages. + +**Source package:** Provides all the necessary files to compile or build the desired piece of software. For more information, see [Source Package](https://wiki.debian.org/Packaging/SourcePackage). + +**Binary package:** Built from a source package. There could be multile binary packages that are built from a source package. +For example, `perl` is a source package, and you can build different binary packages such as `libperl-dev`, `perl`, or `perl-base`. For more information, see [Perl](https://packages.ubuntu.com/source/focal/perl). + +Prisma Cloud ingests all the various distro vulnerability feeds, and normalizes them so that they can be used uniformly across the product. + +The **package info** tab shows both source and binary package fields in a vulnerability report. + +Refer to the following parameter descriptions: +- **id**: `Required` Specifies the Common Vulnerability and Exposures (CVE) ID. +- **packageName**: `Required` Specifies the source or the binary package name where the vulnerability is found. +Specify the source package name for tagging when the vulnerability is found in the source package. +Use the wildcard `*` to apply the tag to all the packages where the vulnerability is found. +- **resourceType**: Specifies the resource type for tagging where the vulnerability is found. +Use the wildcard `*` to apply the tag to all the resource types where the vulnerability is found. +The available values are: `image`, `host`, `function`, `codeRepo`, and `""`. +- **resources**: `Required when you define the resource type.` Specifies the resource for tagging where the vulnerability is found. +Either specify the resource names separated by a comma or use the wildcard `*` to apply the tag to all the resources where the vulnerability is found. +- **checkBaseLayer**: `Applies only to the resource type image.` Checks for the base image in the resources and whether to tag those resources. +- **comment**: Adds a comment. + +Consider the following scenarios for source and binary packages: + +- Debian or Ubuntu lists the binary packages and source packages. + A CVE-2020-16156 is found in a binary package `perl-base` and source package `perl` in Ubuntu 20.04.3 LTS distro. + + ![Package information](https://cdn.twistlock.com/docs/api/Ubuntu-Vuln-Bin-Package-Info.png) + + The parameter *packageName* in the endpoint accepts only the source package name for tagging if a source package is available. + + ### cURL Request + + Refer to the following example cURL command that tags `Ignored` to the CVE `CVE-2020-16156` on the source package `perl`: + + ```bash + $ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X POST \ + -d \ + '{ + "id": "CVE-2020-16156", + "packageName": "perl" + }' \ + "https:///api/v/tags/Ignored/vuln" + ``` + Refer to the following image that displays the tagged vulnerability: + + ![Tagged vulnerability in Ubuntu](https://cdn.twistlock.com/docs/api/Ubuntu-Vuln-Bin-Package-CVE-tagged-Ignored-Vuln.png) + +- The RPM package lists CVEs on the available binary packages and not the source packages. + A CVE `CVE-2021-20305` found in only `gnutls` binary package in CentOS Linux Release 8.4.2105. + + ![Package information](https://cdn.twistlock.com/docs/api/CentOS-Vuln-Bin-Package-Info.png) + + Use the binary package name for tagging only when the source package is not available or NULL. + + ### cURL Request + + Refer to the following example cURL command that tags `Ignored` to the CVE `CVE-2021-20305` on the binary package `gnutls`: + + ```bash + $ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X POST \ + -d \ + '{ + "id": "CVE-2021-20305", + "packageName": "gnutls" + }' \ + "https:///api/v/tags/Ignored/vuln" + ``` + Refer to the following image that displays the tagged vulnerability: + + ![Tagged vulnerability in CentOS](https://cdn.twistlock.com/docs/api/CentOS-Vuln-Bin-Package-CVE-tagged-Ignored-Vuln.png) + +Consider the following scenarios when you want to tag a vulnerability to all packages and resources related to it: + +- A CVE `CVE-2020-16156` is found in several packages such as `perl`, `perl-open`, `perl-macros`, `perl-libs`, and so on. You want to apply a tag `Ignored` to all the packages and resources. + + ![CVE information](https://cdn.twistlock.com/docs/api/Tagging-Only-Vulnerability.png) + + ### cURL Request + + Refer to the following example cURL command that tags `Ignored` to the CVE `CVE-2020-16156`: + + ```bash + $ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X POST \ + -d \ + '{ + "id": "CVE-2020-16156", + "packageName": "*" + }' \ + "https:///api/v/tags/Ignored/vuln" + ``` + Refer to the following image that displays the tagged vulnerability: + + ![Tagged vulnerability](https://cdn.twistlock.com/docs/api/Tagged-Vulnerability.png) + +- A CVE `CVE-2020-16156` is found in several packages such as `perl`, `perl-open`, `perl-macros`, `perl-libs`, and so on. You want to apply a tag `Ignored` to the resource type `image` but to all the packages and resources. + +### cURL Request + + Refer to the following example cURL command that tags `Ignored` to the CVE `CVE-2020-16156` on the resource type `image` and to all the packages and resources. + + ```bash + $ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X POST \ + -d \ + '{ + "id": "CVE-2020-16156", + "packageName": "*", + "resourceType": "image", + "resources": ["*"] + }' \ + "https:///api/v/tags/Ignored/vuln" + ``` +- A CVE `CVE-2020-16156` is found in several packages such as `perl`, `perl-open`, `perl-macros`, `perl-libs`, and so on. You want to apply a tag `Ignored` to the resource type `host`and resource `servo-vmware71` but to all the packages. + +### cURL Request + + Refer to the following example cURL command that tags `Ignored` to the CVE `CVE-2020-16156` on the resource type `host`, resource `servo-vmware71`, and to all the packages. + + ```bash + $ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X POST \ + -d \ + '{ + "id": "CVE-2020-16156", + "packageName": "*", + "resourceType": "host", + "resources": ["servo-vmware71"] + }' \ + "https:///api/v/tags/Ignored/vuln" + ``` + +*Note:* A tag assignment is identified by the combination of the `id`, `packageName`, `resourceType`, and `tag` fields. Invoking the endpoint again for an existing tag assignment overrides the existing tag assignment for the resource. For example, invoking the endpoint consecutively with the following values: +1. `{"id":"CVE-1","packageName":"pkg","resourceType":"image","resources":["library/python:latest"],"tag":"In progress"}` +2. `{"id":"CVE-1","packageName":"pkg","resourceType":"image","resources":["library/python:latest"],"tag":"New Tag"}` +3. `{"id":"CVE-1","packageName":"pkg","resourceType":"host","resources":["devbox"],"tag":"New Tag"}` +4. `{"id":"CVE-1","packageName":"pkg","resourceType":"image","resources":["node:latest"],"tag":"New Tag"}` + + +Will result in the following tag assignments: +1. The first invocation creates the entry: "In progress", "CVE-1", "pkg", "image", "library/python:latest" +2. The second invocation creates a second (new) entry: "New Tag", "CVE-1", "pkg","image", "library/python:latest" +3. The third invocation creates a third (new) entry: "New Tag", "CVE-1", "pkg","host", "devbox" +4. The fourth invocation overrides the second entry with the following values: "New Tag", "CVE-1", "pkg", "image", "node:latest" + diff --git a/openapi-specs/compute/33-02/desc/tags/tags.md b/openapi-specs/compute/33-02/desc/tags/tags.md new file mode 100644 index 000000000..5da0bf726 --- /dev/null +++ b/openapi-specs/compute/33-02/desc/tags/tags.md @@ -0,0 +1 @@ +Tags are predefined labels that help you manage your vulnerabilities via the Console UI and Prisma Cloud Compute API. diff --git a/openapi-specs/compute/33-02/desc/tas-droplets/download_get.md b/openapi-specs/compute/33-02/desc/tas-droplets/download_get.md new file mode 100644 index 000000000..db92ec66a --- /dev/null +++ b/openapi-specs/compute/33-02/desc/tas-droplets/download_get.md @@ -0,0 +1,20 @@ +Downloads scan reports for Tanzu Application Service (TAS) droplets in CSV format. + +This endpoint maps to the CSV hyperlink in **Monitor > Vulnerabilities > VMware Tanzu blobstore** in the Console UI. + +_**Note:**_ The query parameters `issueType` is not supported for this API endpoint. + +### cURL Request + +The following cURL command downloads all TAS droplets to a CSV file called `tas_droplets.csv`: + +```bash +curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X GET \ + https:///api/v/tas-droplets/download \ + > tas_droplets.csv +``` + +A successful response displays the status of the download. diff --git a/openapi-specs/compute/33-02/desc/tas-droplets/get.md b/openapi-specs/compute/33-02/desc/tas-droplets/get.md new file mode 100644 index 000000000..d820517c2 --- /dev/null +++ b/openapi-specs/compute/33-02/desc/tas-droplets/get.md @@ -0,0 +1,21 @@ +Retrieves scan reports for Tanzu Application Service (TAS) droplets. + +> _**Note:**_ + * The API rate limit for this endpoint is 30 requests per 30 seconds. You get an HTTP error response 429 if the limit exceeds. + * The query parameters `issueType` is not supported for this API endpoint. + +This endpoint maps to the table in **Monitor > Vulnerabilities > VMware Tanzu blobstore** in the Console UI. + +### cURL Request + +The following cURL command retrieves all TAS droplets. + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X GET \ + https:///api/v/tas-droplets \ +``` + +A successful response returns all TAS droplets. diff --git a/openapi-specs/compute/33-02/desc/tas-droplets/get_tas_addresses.md b/openapi-specs/compute/33-02/desc/tas-droplets/get_tas_addresses.md new file mode 100644 index 000000000..528281613 --- /dev/null +++ b/openapi-specs/compute/33-02/desc/tas-droplets/get_tas_addresses.md @@ -0,0 +1,17 @@ +Gets the Cloud Controller Addresses of scanned Tanzu Application Service (TAS) droplets.\n + +> _**Note:**_ + * The API rate limit for this endpoint is 30 requests per 30 seconds. You get an HTTP error response 429 if the limit exceeds. + * The query parameters `issueType` is not supported for this API endpoint. + +### cURL Request + +The following cURL command retrieves the Cloud Controller Addresses of scanned TAS droplets. + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X GET \ + https:///api/v/tas-droplets/addresses \ +``` \ No newline at end of file diff --git a/openapi-specs/compute/33-02/desc/tas-droplets/progress_get.md b/openapi-specs/compute/33-02/desc/tas-droplets/progress_get.md new file mode 100644 index 000000000..504a21e84 --- /dev/null +++ b/openapi-specs/compute/33-02/desc/tas-droplets/progress_get.md @@ -0,0 +1,13 @@ +Returns the details of the TAS Droplets ongoing scan. + +### cURL Request + +Refer to the following cURL command: + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X GET \ + "https:///api/v/tas-droplets/progress" +``` \ No newline at end of file diff --git a/openapi-specs/compute/33-02/desc/tas-droplets/scan_post.md b/openapi-specs/compute/33-02/desc/tas-droplets/scan_post.md new file mode 100644 index 000000000..aad2174af --- /dev/null +++ b/openapi-specs/compute/33-02/desc/tas-droplets/scan_post.md @@ -0,0 +1,13 @@ +Scans the TAS Droplets. + +### cURL Request + +Refer to the following cURL command: + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X GET \ + "https:///api/v/tas-droplets/scan" +``` \ No newline at end of file diff --git a/openapi-specs/compute/33-02/desc/tas-droplets/stop_post.md b/openapi-specs/compute/33-02/desc/tas-droplets/stop_post.md new file mode 100644 index 000000000..5f5a019b1 --- /dev/null +++ b/openapi-specs/compute/33-02/desc/tas-droplets/stop_post.md @@ -0,0 +1,13 @@ +Stops the ongoing scan of TAS Droplets. + +### cURL Request + +Refer to the following cURL command: + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X GET \ + "https:///api/v/tas-droplets/stop" +``` \ No newline at end of file diff --git a/openapi-specs/compute/33-02/desc/trust/data_get.md b/openapi-specs/compute/33-02/desc/trust/data_get.md new file mode 100644 index 000000000..dd55d47a3 --- /dev/null +++ b/openapi-specs/compute/33-02/desc/trust/data_get.md @@ -0,0 +1,277 @@ +Returns the trusted registries, repositories, and images. + +## cURL Request + +Refer to the following example cURL command: + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X GET \ + https:///api/v/trust/data +``` + +## cURL Response + +Refer to the following example response: + +```bash +$ { + "policy": { + "_id": "trust", + "enabled": false, + "rules": [ + { + "modified": "2023-05-11T09:24:33.936Z", + "owner": "ss", + "name": "Copy of combined", + "previousName": "", + "disabled": true, + "allowedGroups": [ + "by_cluster" + ], + "deniedGroups": [ + "by_host" + ], + "collections": [ + { + "hosts": [ + "ss-ubu2204-dock-0905t072802-cont-def-pre-lngcon443.c.example-247119.internal" + ], + "images": [ + "*" + ], + "labels": [ + "*" + ], + "containers": [ + "*" + ], + "functions": [ + "*" + ], + "namespaces": [ + "*" + ], + "appIDs": [ + "*" + ], + "accountIDs": [ + "*" + ], + "codeRepos": [ + "*" + ], + "clusters": [ + "*" + ], + "name": "trust_by_host", + "owner": "ss", + "modified": "2023-05-11T09:17:17.556Z", + "color": "#D64CA8", + "system": false, + "prisma": false + } + ], + "effect": "alert" + }, + { + "modified": "2023-05-11T09:24:13.952Z", + "owner": "ss", + "name": "combined", + "previousName": "", + "disabled": true, + "allowedGroups": [ + "by_cluster" + ], + "deniedGroups": [ + "by_host" + ], + "collections": [ + { + "hosts": [ + "jen-ubu2204-dock-0905t072802-cont-def-pre-lngcon443.c.twistlock-test-247119.internal" + ], + "images": [ + "*" + ], + "labels": [ + "*" + ], + "containers": [ + "*" + ], + "functions": [ + "*" + ], + "namespaces": [ + "*" + ], + "appIDs": [ + "*" + ], + "accountIDs": [ + "*" + ], + "codeRepos": [ + "*" + ], + "clusters": [ + "*" + ], + "name": "trust_by_host", + "owner": "ss", + "modified": "2023-05-11T09:17:17.556Z", + "color": "#D64CA8", + "system": false, + "prisma": false + } + ], + "effect": "alert" + }, + { + "modified": "2023-05-10T19:05:27.651Z", + "owner": "ss", + "name": "Default - alert all", + "previousName": "", + "collections": [ + { + "hosts": [ + "*" + ], + "images": [ + "*" + ], + "labels": [ + "*" + ], + "containers": [ + "*" + ], + "functions": [ + "*" + ], + "namespaces": [ + "*" + ], + "appIDs": [ + "*" + ], + "accountIDs": [ + "*" + ], + "codeRepos": [ + "*" + ], + "clusters": [ + "*" + ], + "name": "All", + "owner": "system", + "modified": "2023-05-09T07:00:08.761Z", + "color": "#3FA2F7", + "description": "System - all resources collection", + "system": true, + "prisma": false + } + ], + "effect": "alert" + } + ] + }, + "groups": [ + { + "modified": "2023-05-10T19:08:34.893Z", + "owner": "mbarash", + "name": "", + "previousName": "", + "_id": "by_host", + "images": [ + "alpine:*" + ] + }, + { + "modified": "2023-05-10T19:16:46.886Z", + "owner": "ss", + "name": "", + "previousName": "", + "_id": "by_cluster", + "images": [ + "registry.k8s.io/etcd:*" + ] + }, + { + "modified": "2023-05-11T09:11:54.683Z", + "owner": "ss", + "name": "", + "previousName": "", + "_id": "by_image", + "images": [ + "node:*" + ] + }, + { + "modified": "2023-05-11T09:21:23.54Z", + "owner": "ss", + "name": "", + "previousName": "", + "_id": "by_registry", + "images": [ + "mcr.azk8s.cn/*" + ] + }, + { + "modified": "2023-05-11T09:22:13.522Z", + "owner": "ss", + "name": "", + "previousName": "", + "_id": "by_repository", + "images": [ + "python:*" + ] + }, + { + "modified": "2023-05-11T09:22:47.854Z", + "owner": "ss", + "name": "", + "previousName": "", + "_id": "bu_layer_automated", + "layers": [ + "sha256:a0d44e5352dcb84bca48b6ee3d30a9ec91b5e6eb6793747e06d2454d360a9338", + "sha256:5ad177daa048ca8b354b9ad03deac863ff519a2860a35dc9fdc0011619aacc3c", + "sha256:543bb037d9827e706ea0ee9277e56ff916439a114fa56c520ac7dcaf6daae84a", + "sha256:efd3b1563a816d85c6414e0c139691df720c34d6f65abaa19819d37b11459b40", + "sha256:bc30bde5a6578b9643d05dd47105414777adadaf5df93b493eff1785e1e07328", + "sha256:77e7191206a99af5cf1718885fb45262c2e2da30ad650c5868dfa3c54739c24a", + "sha256:4fcf730353158873699670f97f2556942ff470c360539ff9283d80c72f275030", + "sha256:d1a8d814c41eab7ee00b94a9184f081bf4c36721d559c5b349b9653bd473d8a0" + ] + }, + { + "modified": "2023-05-11T09:23:21.338Z", + "owner": "ss", + "name": "", + "previousName": "", + "_id": "by_manual_manual", + "layers": [ + "sha256:05f4935ad90ae437375c64090af07a6232bfeffc9f311e3e315919627c542ac9", + "sha256:5aea01ea0a0f088b7844c169b9b8fd5ea034a21b4aa075ae3c54a1cb64138b93", + "sha256:d8183b2c9c73e92b3569c8c77f05a245d1d4a58c3d3f23e740ea4f69c5e8d8f4", + "sha256:ee50c22fdf6c99affec8690f7ef820f0e8cd19f4ece9a32503cdcf59a391514d" + ] + }, + { + "modified": "2023-05-11T12:41:27.885Z", + "owner": "ss", + "name": "", + "previousName": "", + "_id": "ss_test", + "images": [ + "kuku:*", + "example/cves:*" + ] + } + ] +} +``` \ No newline at end of file diff --git a/openapi-specs/compute/33-02/desc/trust/data_put.md b/openapi-specs/compute/33-02/desc/trust/data_put.md new file mode 100644 index 000000000..0e6a0ba49 --- /dev/null +++ b/openapi-specs/compute/33-02/desc/trust/data_put.md @@ -0,0 +1,32 @@ +Updates a trusted image to the system. +Specify trusted images using either the image name or layers properties. + +## cURL Request + +Refer to the following example cURL command that uses basic auth to specify that the Ubuntu 16.04 image on Docker Hub is a trusted image: + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X PUT \ + -d '{"image":"ubuntu/16.04", "_id":"docker-ubuntu-group"}' \ + https:///api/v/trust/data +``` + +To edit a trust group based on image base layers, use PUT to specify a list of SHA256 hashes for the layers that are trusted. + +Refer to the following example that specifies the Ubuntu 16.04 image is a trusted base OS. + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X PUT \ + -d '{"layers":"["sha256:a94e0d5a7c404d0e6fa15d8cd4010e69663bd8813b5117fbad71365a73656df9", + "sha256:88888b9b1b5b7bce5db41267e669e6da63ee95736cb904485f96f29be648bfda", + "sha256:52f389ea437ebf419d1c9754d0184b57edb45c951666ee86951d9f6afd26035e", + "sha256:52a7ea2bb533dc2a91614795760a67fb807561e8a588204c4858a300074c082b", + "sha256:db584c622b50c3b8f9b8b94c270cc5fe235e5f23ec4aacea8ce67a8c16e0fbad"]", "_id":"docker-ubuntu-group"}' \ + "https:///api/v/trust/data" +``` diff --git a/openapi-specs/compute/33-02/desc/trust/get.md b/openapi-specs/compute/33-02/desc/trust/get.md new file mode 100644 index 000000000..1226cd0a3 --- /dev/null +++ b/openapi-specs/compute/33-02/desc/trust/get.md @@ -0,0 +1,11 @@ +Retrieves a list of all trusted images. + +The following example curl command uses basic auth to retrieve all trusted images: + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X GET \ + https://:8083/api/v1/trust +``` diff --git a/openapi-specs/compute/33-02/desc/trust/id_delete.md b/openapi-specs/compute/33-02/desc/trust/id_delete.md new file mode 100644 index 000000000..b3114775f --- /dev/null +++ b/openapi-specs/compute/33-02/desc/trust/id_delete.md @@ -0,0 +1,12 @@ +Deletes an image trust group. Specify the image trust group to be deleted by the `_id`. + +The following example curl command uses basic auth to specify a image trust group for deletion with the handle `docker-ubuntu-group`. + + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X DELETE \ + https://:8083/api/v1/trust/docker-ubuntu-group +``` diff --git a/openapi-specs/compute/33-02/desc/trust/id_put.md b/openapi-specs/compute/33-02/desc/trust/id_put.md new file mode 100644 index 000000000..44d2c8b8b --- /dev/null +++ b/openapi-specs/compute/33-02/desc/trust/id_put.md @@ -0,0 +1,18 @@ +Updates the properties of an existing trusted image entry. + +In the request payload, specify either the `_id` or image name. +The trusted group ID needs to be specified in request payload. + +On success, this method returns the handle (unique ID) for the modified entry. +For more information about handles, see the `_id` in the response body for the GET method. + +The following example curl command uses basic auth to modify the image property for an existing trusted image entry, where the handle for the entry is `docker-ubuntu-group`. + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X PUT \ + -d '{"image":"ubuntu/18.04", "_id":"docker-ubuntu-group"}' \ + https://:8083/api/v1/trust/docker-ubuntu-group +``` diff --git a/openapi-specs/compute/33-02/desc/trust/learn_get.md b/openapi-specs/compute/33-02/desc/trust/learn_get.md new file mode 100644 index 000000000..d8a3414d0 --- /dev/null +++ b/openapi-specs/compute/33-02/desc/trust/learn_get.md @@ -0,0 +1,9 @@ +Returns the state of the trusted images model. + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X GET \ + https://:8083/api/v1/trust/learn +``` diff --git a/openapi-specs/compute/33-02/desc/trust/learn_post.md b/openapi-specs/compute/33-02/desc/trust/learn_post.md new file mode 100644 index 000000000..094817738 --- /dev/null +++ b/openapi-specs/compute/33-02/desc/trust/learn_post.md @@ -0,0 +1,10 @@ +Sets the state of trusted images model. + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X POST \ + -d '{"state":"learning"}' + https://:8083/api/v1/trust/learn +``` diff --git a/openapi-specs/compute/33-02/desc/trust/post.md b/openapi-specs/compute/33-02/desc/trust/post.md new file mode 100644 index 000000000..1072275a1 --- /dev/null +++ b/openapi-specs/compute/33-02/desc/trust/post.md @@ -0,0 +1,32 @@ +Adds a trusted image to the system. +Specify trusted images using either the image name or layers properties. + +On success, this method returns the `_id` for the image trust group. +For more information about handles, see the `_id` key in the response body for the GET method. + +The following example curl command uses basic auth to specify that the Ubuntu 16.04 image on Docker Hub is a trusted image. + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X POST \ + -d '{"image":"ubuntu/16.04", "_id":"docker-ubuntu-group"}' \ + https://:8083/api/v1/trust +``` + +To create a trust group based on image base layers, POST a list of SHA256 hashes for the layers that are trusted. +The following example specifies the Ubuntu 16.04 image is a trusted base OS. + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X POST \ + -d '{"layers":"["sha256:a94e0d5a7c404d0e6fa15d8cd4010e69663bd8813b5117fbad71365a73656df9", + "sha256:88888b9b1b5b7bce5db41267e669e6da63ee95736cb904485f96f29be648bfda", + "sha256:52f389ea437ebf419d1c9754d0184b57edb45c951666ee86951d9f6afd26035e", + "sha256:52a7ea2bb533dc2a91614795760a67fb807561e8a588204c4858a300074c082b", + "sha256:db584c622b50c3b8f9b8b94c270cc5fe235e5f23ec4aacea8ce67a8c16e0fbad"]", "_id":"docker-ubuntu-group"}' \ + https://:8083/api/v1/trust +``` diff --git a/openapi-specs/compute/33-02/desc/trust/trust.md b/openapi-specs/compute/33-02/desc/trust/trust.md new file mode 100644 index 000000000..b8c57bf98 --- /dev/null +++ b/openapi-specs/compute/33-02/desc/trust/trust.md @@ -0,0 +1,2 @@ +Manage the list of registries, repositories, and images that are considered trusted. +You can create a compliance policy that permits just the images in this list to execute in your environment. diff --git a/openapi-specs/compute/33-02/desc/users/get.md b/openapi-specs/compute/33-02/desc/users/get.md new file mode 100644 index 000000000..e4e6966ec --- /dev/null +++ b/openapi-specs/compute/33-02/desc/users/get.md @@ -0,0 +1,17 @@ +Retrieves a list of all users. + +This endpoint maps to **Manage > Authentication > Users** in the Console UI. + +### cURL Request + +The following cURL command retrieves all users. + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X GET \ + 'https:///api/v/users' +``` + +A successful response returns a list of all users. diff --git a/openapi-specs/compute/33-02/desc/users/id_delete.md b/openapi-specs/compute/33-02/desc/users/id_delete.md new file mode 100644 index 000000000..1cfa5642d --- /dev/null +++ b/openapi-specs/compute/33-02/desc/users/id_delete.md @@ -0,0 +1,27 @@ +Deletes a user from the system. + +The URL parameter `{id}` maps to `username`. +The `username` for each user can be retrieved from the `GET /api/v/users` endpoint. + +To invoke this endpoint in the Console UI: + +1. Navigate to **Manage > Authentication > Users**. +2. In a table row, click the **Actions** button for the user to update. +3. Click the **Delete** button to open the delete confirmation window. +4. Click the **Delete User** button to delete the user. + +**Note:** You can not delete the user for the current logged in account. + +### cURL Request + +The following cURL command deletes user `ID` from the system. + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X DELETE \ + https:///api/v/users/ +``` + +**Note:** No response will be returned upon successful execution. diff --git a/openapi-specs/compute/33-02/desc/users/password_put.md b/openapi-specs/compute/33-02/desc/users/password_put.md new file mode 100644 index 000000000..5a5fe356b --- /dev/null +++ b/openapi-specs/compute/33-02/desc/users/password_put.md @@ -0,0 +1,27 @@ +Changes the password of a user. + +To invoke this endpoint in the Console UI: + +1. Click on the user icon near the top-right corner of the Console UI. +2. Select **Change password**. +3. Enter the old and new passwords. +3. Click the **Save** button. + +### cURL Request + +The following cURL command replaces the password of `USER` (the user authenticating with Console to call this endpoint). + +```bash +$ curl 'https:///api/v/users/password' \ + -k \ + -X PUT \ + -u \ + -H 'Content-Type: application/json' \ + -d \ +'{ + "oldPassword": "", + "newPassword": "" +}' +``` + +**Note:** No response will be returned upon successful execution. diff --git a/openapi-specs/compute/33-02/desc/users/post.md b/openapi-specs/compute/33-02/desc/users/post.md new file mode 100644 index 000000000..e3ca2f09c --- /dev/null +++ b/openapi-specs/compute/33-02/desc/users/post.md @@ -0,0 +1,114 @@ +Adds a new user to the system. + +To invoke this endpoint in the Console UI: + +1. Navigate to **Manage > Authentication > Users**. +2. Click **+ Add user** and enter the user's information. +3. Click the **Save** button. + +Every Console has a project name, even if projects aren't enabled. +If you've deployed a single stand-alone Console, it's called `Central Console`. +If you've enabled projects, the master Console is called `Central Console`. +Each connected tenant project has a unique name, which is specified when the project is created. + +All users are created and managed in `Central Console`. + +### cURL Requests + +Refer to the following example cURL requests: + +#### Add a New User + +When `authType` is set to `basic`, the system creates a "local" user that's managed in Console's database. +If you integrated Prisma Cloud with an identity provider, set `authType` to a supported value, such as `saml`. + +The following example cURL command adds a new user to Central Console: + +```bash +$ curl 'https:///api/v/users' \ + -k \ + -X POST \ + -u \ + -H 'Content-Type: application/json' \ + -d \ +'{ + "username":"", + "password":"", + "role":"auditor", + "authType":"basic" +}' +``` + +**Note:** No response will be returned upon successful execution. + +#### Add a New User and Grant Access to a Project + +Use the `permissions` object to grant a user access to specific projects and specific collections in a project. + +When you define the `permissions` object, specify the following parameters: +`projects`: (Required.) Specifies a project name. +`collections`: (Requires initialization with a valid collection name.) Specifies a valid collection to assign to the user. +If left unspecified, users are granted access to the `All` collection by default. + +The following example cURL command adds a new user to Console and grants access to the tenant project `PROJECT_NAME`: + +Before you invoke this request: + +1. In the Console UI navigate to **Manage > Projects**. +2. Enable the **Use projects** setting. +3. If no project is provisioned, use the **+ Provision project** button to create a new project. +4. Retrieve a tenant project name from the table from the **Project** column. + +```bash +$ curl 'https:///api/v/users' \ + -k \ + -X POST \ + -u \ + -H 'Content-Type: application/json' \ + -d \ +'{ + "username":"", + "password":"", + "role":"auditor", + "authType":"basic", + "permissions":[ + { + "project":"" + } + ] +}' +``` + +**Note:** No response will be returned upon successful execution. + +#### Add a New User and Grant Access to a Collection + +When assigning collections, you must explicitly specify a project. +When you're working with a single stand-alone Console, the value for project is `Central Console`. + +The following example cURL command adds a new user to Console and grants access to the `finance-app` collection in `Central Console`: + +```bash +$ curl 'https:///api/v/users' \ + -k \ + -X POST \ + -u \ + -H 'Content-Type: application/json' \ + -d \ +'{ + "username":"", + "password":"", + "role":"auditor", + "authType":"basic", + "permissions":[ + { + "project":"Central Console", + "collections":[ + "finance-app" + ] + } + ] +}' +``` + +**Note:** No response will be returned upon successful execution. diff --git a/openapi-specs/compute/33-02/desc/users/put.md b/openapi-specs/compute/33-02/desc/users/put.md new file mode 100644 index 000000000..8f25a00a6 --- /dev/null +++ b/openapi-specs/compute/33-02/desc/users/put.md @@ -0,0 +1,43 @@ +Updates an existing user in the system. + +To invoke this endpoint in the Console UI: + +1. Navigate to **Manage > Authentication > Users**. +2. In a table row, click the **Actions** button for the user to update. +3. Click the **Manage** button and update the user's parameters. +4. Click the **Save** button to save the updated user. + +### cURL Request + +The following example command changes the role of a user to `auditor`. + +In general, you should get the user object from `GET /api/v/users` and resubmit all key-value pairs, changing just the values that need updating. +If key-values are left unspecified, their default values will override any current values (note the exception below). +For example, if `permissions.collections` specified a collection named `finance-app`, but the submitted request omitted `permissions.collections`, its value would be reset to `All`. + +For "local" users, where `authType` is set to `basic`: if a password isn't specified, it's left as-is. +For any other `authType`, passwords are managed by the identity provider (IdP), and aren't specified in the request body. + +```bash +$ curl 'https:///api/v/users' \ + -k \ + -X PUT \ + -u \ + -H 'Content-Type: application/json' \ + -d \ +'{ + "username":"", + "role":"auditor", + "authType":"basic", + "permissions":[ + { + "project":"", + "collections":[ + "All" + ] + } + ] +}' +``` + +**Note:** No response will be returned upon successful execution. diff --git a/openapi-specs/compute/33-02/desc/users/users.md b/openapi-specs/compute/33-02/desc/users/users.md new file mode 100644 index 000000000..976121da4 --- /dev/null +++ b/openapi-specs/compute/33-02/desc/users/users.md @@ -0,0 +1,7 @@ +Administrative endpoint to create and manage users. +Assign roles and specify who has access to which projects and which collections. + +User management with these endpoints is supported for Compute Edition (self-hosted) only. + +If you integrated Prisma Cloud Compute Edition with an identity provider, use these endpoints to assign roles to individual users. +Note that groups are a better way to assign roles when you have a large number of users. diff --git a/openapi-specs/compute/33-02/desc/util/osx_twistcli_arm64_get.md b/openapi-specs/compute/33-02/desc/util/osx_twistcli_arm64_get.md new file mode 100644 index 000000000..b385d0d3b --- /dev/null +++ b/openapi-specs/compute/33-02/desc/util/osx_twistcli_arm64_get.md @@ -0,0 +1,17 @@ +Downloads the twistcli binary executable for MacOS platforms based on ARM64 architecture. + +**Note:** This endpoint maps to the **MacOS platform** hyperlink in **Manage > System > Utilities** in the Console UI. + +### cURL Request + +Refer to the following example cURL command that downloads and saves the “twistcli” binary executable for ARM64 bit MacOS platforms to your HOME directory: + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X GET -o \ + 'https:///api/v/util/osx/arm64/twistcli' +``` + +A successful response displays the status of the download. \ No newline at end of file diff --git a/openapi-specs/compute/33-02/desc/util/osx_twistcli_get.md b/openapi-specs/compute/33-02/desc/util/osx_twistcli_get.md new file mode 100644 index 000000000..c49f96c41 --- /dev/null +++ b/openapi-specs/compute/33-02/desc/util/osx_twistcli_get.md @@ -0,0 +1,17 @@ +Downloads the twistcli binary executable for MacOS platforms. + +This endpoint maps to the **MacOS platform** hyperlink in **Manage > System > Utilities** in the Console UI. + +### cURL Request + +The following cURL command downloads the twistcli binary executable for MacOS platforms. + +```bash +$ curl -k \ + -u \ + -L \ + -o twistcli \ + https:///api/v1/util/osx/twistcli +``` + +A successful response displays the status of the download. diff --git a/openapi-specs/compute/33-02/desc/util/twistcli_arm64_get.md b/openapi-specs/compute/33-02/desc/util/twistcli_arm64_get.md new file mode 100644 index 000000000..7ec36d3f5 --- /dev/null +++ b/openapi-specs/compute/33-02/desc/util/twistcli_arm64_get.md @@ -0,0 +1,17 @@ +Downloads the twistcli binary executable for ARM64 bit Linux platforms. + +This endpoint maps to the **Linux platform** hyperlink in **Manage > System > Utilities** in the Console UI. + +### cURL Request + +Refer to the following example cURL command that downloads and saves the “twistcli” binary executable to your HOME directory: + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X GET -o \ + 'https:///api/v/util/arm64/twistcli' +``` + +A successful response displays the status of the download. \ No newline at end of file diff --git a/openapi-specs/compute/33-02/desc/util/twistcli_get.md b/openapi-specs/compute/33-02/desc/util/twistcli_get.md new file mode 100644 index 000000000..f9d2d295c --- /dev/null +++ b/openapi-specs/compute/33-02/desc/util/twistcli_get.md @@ -0,0 +1,16 @@ +Downloads the twistcli binary executable for Linux platforms. + +This endpoint maps to the **Linux platform** hyperlink in **Manage > System > Utilities** in the Console UI. + +### cURL Request + +Refer to the following example cURL command that downloads and saves the “twistcli” binary executable to your HOME directory: + +```bash +$ curl -k \ + -u \ + -X GET -o \ +'https:///api/v/util/twistcli' +``` + +A successful response displays the status of the download. diff --git a/openapi-specs/compute/33-02/desc/util/twistlock_jenkins_plugin_get.md b/openapi-specs/compute/33-02/desc/util/twistlock_jenkins_plugin_get.md new file mode 100644 index 000000000..9fb8d4a02 --- /dev/null +++ b/openapi-specs/compute/33-02/desc/util/twistlock_jenkins_plugin_get.md @@ -0,0 +1,17 @@ +Downloads the Prisma Cloud Compute Jenkins plugin. + +Although this endpoint is supported, no backwards compatibility is offered for it. + +### cURL Request + +Refer to the following example cURL command: + +```bash +$ curl -k \ + -u \ + -L \ + -o twistlock-jenkins-plugin.hpi \ + https:///api/v1/util/twistlock-jenkins-plugin.hpi +``` + +A successful response displays the status of the download. \ No newline at end of file diff --git a/openapi-specs/compute/33-02/desc/util/twistlock_tas_tile_get.md b/openapi-specs/compute/33-02/desc/util/twistlock_tas_tile_get.md new file mode 100644 index 000000000..fea28aaad --- /dev/null +++ b/openapi-specs/compute/33-02/desc/util/twistlock_tas_tile_get.md @@ -0,0 +1,17 @@ +Downloads the VMware Tanzu Application Service tile for Prisma Cloud Compute. + +Although this endpoint is supported, no backwards compatibility is offered for it. + +### cURL Request + +Refer to the following example cURL command: + +```bash +$ curl -k \ + -u \ + -L \ + -o twistlock-tile.pivotal \ + "https:///api/v1/util/tas-tile" +``` + +A successful response displays the status of the download. \ No newline at end of file diff --git a/openapi-specs/compute/33-02/desc/util/util.md b/openapi-specs/compute/33-02/desc/util/util.md new file mode 100644 index 000000000..2a0c26d8e --- /dev/null +++ b/openapi-specs/compute/33-02/desc/util/util.md @@ -0,0 +1 @@ +Download Prisma Cloud Compute utilities. diff --git a/openapi-specs/compute/33-02/desc/util/windows_twistcli_get.md b/openapi-specs/compute/33-02/desc/util/windows_twistcli_get.md new file mode 100644 index 000000000..1c545dbbb --- /dev/null +++ b/openapi-specs/compute/33-02/desc/util/windows_twistcli_get.md @@ -0,0 +1,17 @@ +Downloads the twistcli binary executable for Windows platforms. + +This endpoint maps to the **Windows platform** hyperlink in **Manage > System > Utilities** in the Console UI. + +### cURL Request + +The following cURL command downloads the twistcli binary executable for Windows platforms. + +```bash +$ curl -k \ + -u \ + -L \ + -o twistcli.exe \ + https:///api/v1/util/windows/twistcli.exe +``` + +A successful response displays the status of the download. diff --git a/openapi-specs/compute/33-02/desc/version/get.md b/openapi-specs/compute/33-02/desc/version/get.md new file mode 100644 index 000000000..28be315e0 --- /dev/null +++ b/openapi-specs/compute/33-02/desc/version/get.md @@ -0,0 +1,15 @@ +Retrieves the version number for Console. + +### cURL Request + +The following cURL command retrieves the version number for Console. + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X GET \ + https:///api/v/version +``` + +A successful response returns the version number for Console. diff --git a/openapi-specs/compute/33-02/desc/version/version.md b/openapi-specs/compute/33-02/desc/version/version.md new file mode 100644 index 000000000..41e9950da --- /dev/null +++ b/openapi-specs/compute/33-02/desc/version/version.md @@ -0,0 +1 @@ +Return Console's version number. diff --git a/openapi-specs/compute/33-02/desc/vms/download_get.md b/openapi-specs/compute/33-02/desc/vms/download_get.md new file mode 100644 index 000000000..e65e4efc9 --- /dev/null +++ b/openapi-specs/compute/33-02/desc/vms/download_get.md @@ -0,0 +1,18 @@ +Returns all VM image scan reports in CSV format. + +**Note**: This endpoint maps to the table in **Monitor > Vulnerabilities > Hosts > VM images > CSV** in the Prisma Cloud Compute. + +### cURL Request + +Refer to the following example cURL command that retrieves all VM image scan reports and saves the results in a CSV file called `vm_images_scan.csv`: + +```bash +curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X GET \ + -o vm_images_scan.csv \ + "https:///api/v/vms/download" +``` + +A successful response displays the status of the download. diff --git a/openapi-specs/compute/33-02/desc/vms/get.md b/openapi-specs/compute/33-02/desc/vms/get.md new file mode 100644 index 000000000..e78a28c76 --- /dev/null +++ b/openapi-specs/compute/33-02/desc/vms/get.md @@ -0,0 +1,63 @@ +Returns all VM image scan reports. + +> _**Note:**_ + * The API rate limit for this endpoint is 30 requests per 30 seconds. You get an HTTP error response 429 if the limit exceeds. + * The query parameters `issueType` is not supported for this API endpoint. + +This endpoint maps to the table in **Monitor > Vulnerabilities > Hosts > VM images** in the Prisma Cloud Compute. + +### cURL Request + +Refer to the following example cURL command that retrieves all VM image scan reports: + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X GET \ + "https:///api/v/vms" +``` + +### cURL Response + +Refer to the following example VM scan report: + +``` +{ + "_id": "2226875301309860442", + "type": "vm", + "hostname": "", + "scanTime": "2022-12-01T18:08:15.299Z", + "binaries": [], + "Secrets": [], + "startupBinaries": [], + "osDistro": "redhat", + "osDistroVersion": "7", + "osDistroRelease": "RHEL7", + "distro": "CentOS Linux release 7.9.2009 (Core)", + "packages": [ + { + "pkgsType": "package", + "pkgs": [ + { + "version": "0.100-7.el7", + "name": "dbus-glib", + "cveCount": 8, + "license": "AFL and GPLv2+", + "layerTime": 0 + }, + { + "version": "2.02-0.87.el7.centos.7", + "name": "grub2-common", + "cveCount": 184, + "license": "GPLv3+", + "layerTime": 0 + } + ... + ... + ... + ] + } + ] +} +``` diff --git a/openapi-specs/compute/33-02/desc/vms/labels_get.md b/openapi-specs/compute/33-02/desc/vms/labels_get.md new file mode 100644 index 000000000..0aed1a217 --- /dev/null +++ b/openapi-specs/compute/33-02/desc/vms/labels_get.md @@ -0,0 +1,29 @@ +Returns an array of strings containing all AWS tags of the scanned VM images. + +_**Note:**_ The query parameters `issueType` is not supported for this API endpoint. + +### cURL Request + +Refer to the following example cURL command: + +```bash +$ curl -k \ + -u \ + -H 'Content-Type: application/json' \ + -X GET \ + "https:///api/v/vms/labels" +``` +### cURL Response + +Refer to the following example response: + +``` +[ + "gcp:vmscan", + "with_pulled_images:true", + "test-linux-key-2:test-linux-value-2", + "test-linux-key-1:test-linux-value-1", + "Name:user-test-b" +] + +``` \ No newline at end of file diff --git a/openapi-specs/compute/33-02/desc/vms/names_get.md b/openapi-specs/compute/33-02/desc/vms/names_get.md new file mode 100644 index 000000000..1145cfa0d --- /dev/null +++ b/openapi-specs/compute/33-02/desc/vms/names_get.md @@ -0,0 +1,33 @@ +Returns an array of strings containing VM image names. + +_**Note:**_ The query parameters `issueType` is not supported for this API endpoint. + +### cURL Request + +Refer to the following example cURL command: + +```bash +$ curl -k \ + -X GET \ + -u \ + -H 'Content-Type: application/json' \ + "https:///api/v/vms/names" +``` + +### cURL Response + +Refer to the following example response: + +``` +[ + "new-auto-images-cen7-dock", + "ubuntu-pro-2004-focal-v20210720", + "user-encrypted2", + "ubuntu-20.04-lts:1.0.0", + "user-test-b", + "user-ubuntu-image-scan1", + "Canonical:0001-com-ubuntu-server-focal:20_04-lts:20.04.202110260", + "ubuntu-20.04-lts" +] + +``` \ No newline at end of file diff --git a/openapi-specs/compute/33-02/desc/vms/scan_post.md b/openapi-specs/compute/33-02/desc/vms/scan_post.md new file mode 100644 index 000000000..1caa2dcaf --- /dev/null +++ b/openapi-specs/compute/33-02/desc/vms/scan_post.md @@ -0,0 +1,13 @@ +Re-scans all VM images immediately. This endpoint returns the time that the scans were initiated. + +### cURL Request + +Refer to the following example cURL command that forces Prisma Cloud to re-scan all VM images: + +```bash +$ curl -k \ + -u \ + H 'Content-Type: application/json' \ + -X POST \ + "https:///api/v/vms/scan" +``` diff --git a/openapi-specs/compute/33-02/desc/vms/stop_post.md b/openapi-specs/compute/33-02/desc/vms/stop_post.md new file mode 100644 index 000000000..4a74743eb --- /dev/null +++ b/openapi-specs/compute/33-02/desc/vms/stop_post.md @@ -0,0 +1,15 @@ +Stops the current VM image scan. + +Note: It might take a few minutes for the scan to stop completely. + +### cURL Request + +Refer to the following example cURL command that forces Prisma Cloud to stop scanning all VM images: + +```bash +$ curl -k \ + -u \ + H 'Content-Type: application/json' \ + -X POST \ + "https:///api/v/vms/stop" +``` diff --git a/openapi-specs/compute/33-02/desc/vms/vms.md b/openapi-specs/compute/33-02/desc/vms/vms.md new file mode 100644 index 000000000..65409bb99 --- /dev/null +++ b/openapi-specs/compute/33-02/desc/vms/vms.md @@ -0,0 +1,8 @@ +Scan VM images in AWS, Azure, and GCP for vulnerabilities. + +Prisma Cloud can scan the following VM images: +* AWS: Linux Amazon Machine Images (AMIs) +* Azure: Managed, Gallery and Marketplace images +* GCP: Public and Custom images (including Premium images) + +For more information, see [Configure VM Image Scanning](https://docs.paloaltonetworks.com/prisma/prisma-cloud/prisma-cloud-admin-compute/vulnerability_management/vm_image_scanning) diff --git a/openapi-specs/compute/33-02/desc/waas/openapi-scans_post.md b/openapi-specs/compute/33-02/desc/waas/openapi-scans_post.md new file mode 100644 index 000000000..d78a42616 --- /dev/null +++ b/openapi-specs/compute/33-02/desc/waas/openapi-scans_post.md @@ -0,0 +1,14 @@ +Scans the OpenAPI specifications file of size not more than 100 KB and generates a report for any errors, or shortcomings such as structural issues, compromised security, best practices, and so on. API definition scan supports scanning OpenAPI 2.X and 3.X definition files in either YAML or JSON formats. + +### cURL Request + +Refer to the following example cURL command that generates a report for any errors or shortcomings in the OpenAPI specification: + +```bash +$ curl 'https:///api/v/waas/openapi-scans' \ +-k \ +-H 'Content-Type: multipart/form-data' \ +-u \ +-X POST \ +-v -F‘spec=@.json;type=application/json’-F‘data={“source”:“manual”};type=application/json’ +``` \ No newline at end of file diff --git a/openapi-specs/compute/openapi-33-02-130-sh.json b/openapi-specs/compute/33-02/openapi-33-02-130-sh.json similarity index 100% rename from openapi-specs/compute/openapi-33-02-130-sh.json rename to openapi-specs/compute/33-02/openapi-33-02-130-sh.json diff --git a/openapi-specs/compute/openapi-33-03-138-sh.json b/openapi-specs/compute/openapi-33-03-138-sh.json new file mode 100644 index 000000000..bad8fc9d3 --- /dev/null +++ b/openapi-specs/compute/openapi-33-03-138-sh.json @@ -0,0 +1,52394 @@ +{ + "components": { + "schemas": { + "-_admission.Audit": { + "items": { + "$ref": "#/components/schemas/admission.Audit" + }, + "type": "array" + }, + "-_ais.ScanInstancesRequest": { + "items": { + "$ref": "#/components/schemas/ais.ScanInstancesRequest" + }, + "type": "array" + }, + "-_ais.ScanInstancesResult": { + "items": { + "$ref": "#/components/schemas/ais.ScanInstancesResult" + }, + "type": "array" + }, + "-_api.AggregationPeriod": { + "items": { + "$ref": "#/components/schemas/api.AggregationPeriod" + }, + "type": "array" + }, + "-_api.AlertProfile": { + "items": { + "$ref": "#/components/schemas/api.AlertProfile" + }, + "type": "array" + }, + "-_applicationcontrol.Rule": { + "items": { + "$ref": "#/components/schemas/applicationcontrol.Rule" + }, + "type": "array" + }, + "-_ccs.ConsoleMessage": { + "items": { + "$ref": "#/components/schemas/ccs.ConsoleMessage" + }, + "type": "array" + }, + "-_collection.Collection": { + "items": { + "$ref": "#/components/schemas/collection.Collection" + }, + "type": "array" + }, + "-_collection.Usage": { + "items": { + "$ref": "#/components/schemas/collection.Usage" + }, + "type": "array" + }, + "-_cred.Credential": { + "items": { + "$ref": "#/components/schemas/cred.Credential" + }, + "type": "array" + }, + "-_customrules.Rule": { + "items": { + "$ref": "#/components/schemas/customrules.Rule" + }, + "type": "array" + }, + "-_defender.Defender": { + "items": { + "$ref": "#/components/schemas/defender.Defender" + }, + "type": "array" + }, + "-_deployment.DaemonSet": { + "items": { + "$ref": "#/components/schemas/deployment.DaemonSet" + }, + "type": "array" + }, + "-_forensic.ContainerEvent": { + "items": { + "$ref": "#/components/schemas/forensic.ContainerEvent" + }, + "type": "array" + }, + "-_forensic.HostEvent": { + "items": { + "$ref": "#/components/schemas/forensic.HostEvent" + }, + "type": "array" + }, + "-_kubeaudit.Audit": { + "items": { + "$ref": "#/components/schemas/kubeaudit.Audit" + }, + "type": "array" + }, + "-_kubeaudit.AuditSpecification": { + "items": { + "$ref": "#/components/schemas/kubeaudit.AuditSpecification" + }, + "type": "array" + }, + "-_log.LogEntry": { + "items": { + "$ref": "#/components/schemas/log.LogEntry" + }, + "type": "array" + }, + "-_prisma.AlertIntegration": { + "items": { + "$ref": "#/components/schemas/prisma.AlertIntegration" + }, + "type": "array" + }, + "-_rbac.Role": { + "items": { + "$ref": "#/components/schemas/rbac.Role" + }, + "type": "array" + }, + "-_runtime.ContainerProfileHost": { + "items": { + "$ref": "#/components/schemas/runtime.ContainerProfileHost" + }, + "type": "array" + }, + "-_runtime.HostProfile": { + "items": { + "$ref": "#/components/schemas/runtime.HostProfile" + }, + "type": "array" + }, + "-_sandbox.ScanResult": { + "items": { + "$ref": "#/components/schemas/sandbox.ScanResult" + }, + "type": "array" + }, + "-_serverless.FunctionInfo": { + "items": { + "$ref": "#/components/schemas/serverless.FunctionInfo" + }, + "type": "array" + }, + "-_serverless.RadarFilter": { + "items": { + "$ref": "#/components/schemas/serverless.RadarFilter" + }, + "type": "array" + }, + "-_shared.AppEmbeddedRuntimeProfile": { + "items": { + "$ref": "#/components/schemas/shared.AppEmbeddedRuntimeProfile" + }, + "type": "array" + }, + "-_shared.AppFirewallAudit": { + "items": { + "$ref": "#/components/schemas/shared.AppFirewallAudit" + }, + "type": "array" + }, + "-_shared.Audit": { + "items": { + "$ref": "#/components/schemas/shared.Audit" + }, + "type": "array" + }, + "-_shared.BackupSpec": { + "items": { + "$ref": "#/components/schemas/shared.BackupSpec" + }, + "type": "array" + }, + "-_shared.CLIScanResult": { + "items": { + "$ref": "#/components/schemas/shared.CLIScanResult" + }, + "type": "array" + }, + "-_shared.CloudDiscoveryAccount": { + "items": { + "$ref": "#/components/schemas/shared.CloudDiscoveryAccount" + }, + "type": "array" + }, + "-_shared.CloudDiscoveryEntity": { + "items": { + "$ref": "#/components/schemas/shared.CloudDiscoveryEntity" + }, + "type": "array" + }, + "-_shared.CloudDiscoveryRadar": { + "items": { + "$ref": "#/components/schemas/shared.CloudDiscoveryRadar" + }, + "type": "array" + }, + "-_shared.CloudDiscoveryResult": { + "items": { + "$ref": "#/components/schemas/shared.CloudDiscoveryResult" + }, + "type": "array" + }, + "-_shared.CloudScanRule": { + "items": { + "$ref": "#/components/schemas/shared.CloudScanRule" + }, + "type": "array" + }, + "-_shared.ContainerNetworkFirewallProfileAudits": { + "items": { + "$ref": "#/components/schemas/shared.ContainerNetworkFirewallProfileAudits" + }, + "type": "array" + }, + "-_shared.ContainerRuntimeProfile": { + "items": { + "$ref": "#/components/schemas/shared.ContainerRuntimeProfile" + }, + "type": "array" + }, + "-_shared.ContainerScanResult": { + "items": { + "$ref": "#/components/schemas/shared.ContainerScanResult" + }, + "type": "array" + }, + "-_shared.CustomComplianceCheck": { + "items": { + "$ref": "#/components/schemas/shared.CustomComplianceCheck" + }, + "type": "array" + }, + "-_shared.FileIntegrityEvent": { + "items": { + "$ref": "#/components/schemas/shared.FileIntegrityEvent" + }, + "type": "array" + }, + "-_shared.HostActivity": { + "items": { + "$ref": "#/components/schemas/shared.HostActivity" + }, + "type": "array" + }, + "-_shared.HostInfo": { + "items": { + "$ref": "#/components/schemas/shared.HostInfo" + }, + "type": "array" + }, + "-_shared.HostNetworkFirewallProfileAudits": { + "items": { + "$ref": "#/components/schemas/shared.HostNetworkFirewallProfileAudits" + }, + "type": "array" + }, + "-_shared.ImageScanResult": { + "items": { + "$ref": "#/components/schemas/shared.ImageScanResult" + }, + "type": "array" + }, + "-_shared.Incident": { + "items": { + "$ref": "#/components/schemas/shared.Incident" + }, + "type": "array" + }, + "-_shared.LambdaRuntimeType": { + "items": { + "$ref": "#/components/schemas/shared.LambdaRuntimeType" + }, + "type": "array" + }, + "-_shared.LogInspectionEvent": { + "items": { + "$ref": "#/components/schemas/shared.LogInspectionEvent" + }, + "type": "array" + }, + "-_shared.MgmtAudit": { + "items": { + "$ref": "#/components/schemas/shared.MgmtAudit" + }, + "type": "array" + }, + "-_shared.Progress": { + "items": { + "$ref": "#/components/schemas/shared.Progress" + }, + "type": "array" + }, + "-_shared.RegionData": { + "items": { + "$ref": "#/components/schemas/shared.RegionData" + }, + "type": "array" + }, + "-_shared.RegistryScanProgress": { + "items": { + "$ref": "#/components/schemas/shared.RegistryScanProgress" + }, + "type": "array" + }, + "-_shared.RegistryScanRequest": { + "items": { + "$ref": "#/components/schemas/shared.RegistryScanRequest" + }, + "type": "array" + }, + "-_shared.RuntimeAudit": { + "items": { + "$ref": "#/components/schemas/shared.RuntimeAudit" + }, + "type": "array" + }, + "-_shared.TASDropletSpecification": { + "items": { + "$ref": "#/components/schemas/shared.TASDropletSpecification" + }, + "type": "array" + }, + "-_shared.Tag": { + "items": { + "$ref": "#/components/schemas/shared.Tag" + }, + "type": "array" + }, + "-_shared.TrustAudits": { + "items": { + "$ref": "#/components/schemas/shared.TrustAudits" + }, + "type": "array" + }, + "-_shared.VMSpecification": { + "items": { + "$ref": "#/components/schemas/shared.VMSpecification" + }, + "type": "array" + }, + "-_string": { + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "-_types.AgentlessHostStatus": { + "items": { + "$ref": "#/components/schemas/types.AgentlessHostStatus" + }, + "type": "array" + }, + "-_types.AlertProfileOption": { + "items": { + "$ref": "#/components/schemas/types.AlertProfileOption" + }, + "type": "array" + }, + "-_types.AuditTimeslice": { + "items": { + "$ref": "#/components/schemas/types.AuditTimeslice" + }, + "type": "array" + }, + "-_types.BaseImagesRule": { + "items": { + "$ref": "#/components/schemas/types.BaseImagesRule" + }, + "type": "array" + }, + "-_types.CVEStats": { + "items": { + "$ref": "#/components/schemas/types.CVEStats" + }, + "type": "array" + }, + "-_types.CVEVulnerability": { + "items": { + "$ref": "#/components/schemas/types.CVEVulnerability" + }, + "type": "array" + }, + "-_types.ClusterRadarInfo": { + "items": { + "$ref": "#/components/schemas/types.ClusterRadarInfo" + }, + "type": "array" + }, + "-_types.CredentialUsage": { + "items": { + "$ref": "#/components/schemas/types.CredentialUsage" + }, + "type": "array" + }, + "-_types.DefenderSummary": { + "items": { + "$ref": "#/components/schemas/types.DefenderSummary" + }, + "type": "array" + }, + "-_types.DefendersVersionCount": { + "items": { + "$ref": "#/components/schemas/types.DefendersVersionCount" + }, + "type": "array" + }, + "-_types.DiscoveredVM": { + "items": { + "$ref": "#/components/schemas/types.DiscoveredVM" + }, + "type": "array" + }, + "-_types.Endpoint": { + "items": { + "$ref": "#/components/schemas/types.Endpoint" + }, + "type": "array" + }, + "-_types.ImpactedOutOfBandEntity": { + "items": { + "$ref": "#/components/schemas/types.ImpactedOutOfBandEntity" + }, + "type": "array" + }, + "-_types.Project": { + "items": { + "$ref": "#/components/schemas/types.Project" + }, + "type": "array" + }, + "-_types.Stats": { + "items": { + "$ref": "#/components/schemas/types.Stats" + }, + "type": "array" + }, + "-_types.UserCollection": { + "items": { + "$ref": "#/components/schemas/types.UserCollection" + }, + "type": "array" + }, + "-_types.UserProject": { + "items": { + "$ref": "#/components/schemas/types.UserProject" + }, + "type": "array" + }, + "-_types.VulnerabilityStats": { + "items": { + "$ref": "#/components/schemas/types.VulnerabilityStats" + }, + "type": "array" + }, + "-_uint8": { + "items": { + "$ref": "#/components/schemas/uint8" + }, + "type": "array" + }, + "-_vuln.WildFireMalware": { + "items": { + "$ref": "#/components/schemas/vuln.WildFireMalware" + }, + "type": "array" + }, + "-_waas.APIChangeDetails": { + "items": { + "$ref": "#/components/schemas/waas.APIChangeDetails" + }, + "type": "array" + }, + "-_waas.DiscoveredAPI": { + "items": { + "$ref": "#/components/schemas/waas.DiscoveredAPI" + }, + "type": "array" + }, + "-_waas.NetworkList": { + "items": { + "$ref": "#/components/schemas/waas.NetworkList" + }, + "type": "array" + }, + "-_waas.OpenAPIScan": { + "items": { + "$ref": "#/components/schemas/waas.OpenAPIScan" + }, + "type": "array" + }, + "-_waas.UnprotectedContainersWebApps": { + "items": { + "$ref": "#/components/schemas/waas.UnprotectedContainersWebApps" + }, + "type": "array" + }, + "-_waas.UnprotectedHostsWebApps": { + "items": { + "$ref": "#/components/schemas/waas.UnprotectedHostsWebApps" + }, + "type": "array" + }, + "-_waas.VPCConfigMirroredResource": { + "items": { + "$ref": "#/components/schemas/waas.VPCConfigMirroredResource" + }, + "type": "array" + }, + "-_waas.VPCConfigResource": { + "items": { + "$ref": "#/components/schemas/waas.VPCConfigResource" + }, + "type": "array" + }, + "admission.Audit": { + "description": "Audit represents an admission audit", + "properties": { + "accountID": { + "description": "AccountID is the cloud account ID.\n", + "type": "string" + }, + "attackTechniques": { + "description": "AttackTechniques are the MITRE attack techniques.\n", + "items": { + "$ref": "#/components/schemas/mitre.Technique" + }, + "type": "array" + }, + "cluster": { + "description": "Cluster is the cluster where the audit took place.\n", + "type": "string" + }, + "collections": { + "description": "Collections are collections to which this audit applies.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "effect": { + "description": "Effect is the rule effect which was applied to the review which led to this audit.\n", + "type": "string" + }, + "kind": { + "description": "Kind is the type of object being manipulated. For example: Pod.\n", + "type": "string" + }, + "message": { + "description": "Message is the rule user defined message which appears on audit.\n", + "type": "string" + }, + "namespace": { + "description": "Namespace is the namespace associated with the request (if any).\n", + "type": "string" + }, + "operation": { + "description": "Operation is the operation being performed.\n", + "type": "string" + }, + "rawRequest": { + "description": "RawRequest is the original review request that caused this audit.\n", + "type": "string" + }, + "resource": { + "description": "Resource is the name of the resource being requested. This is not the kind. For example: pods.\n", + "type": "string" + }, + "ruleName": { + "description": "RuleName is the name of the rule which issued this audit.\n", + "type": "string" + }, + "time": { + "description": "Time is the time at which the audit was generated.\n", + "format": "date-time", + "type": "string" + }, + "userGroups": { + "description": "UserGroups is the names of groups this user is a part of.\n", + "type": "string" + }, + "userUid": { + "description": "UserUID is a unique value that identifies this user across time. If this user is\ndeleted and another user by the same name is added, they will have\ndifferent UIDs.\n", + "type": "string" + }, + "username": { + "description": "Username is the name that uniquely identifies this user among all active users.\n", + "type": "string" + } + }, + "type": "object" + }, + "admission.Policy": { + "description": "Policy represents a policy enforced on Kubernetes admission reviews", + "properties": { + "_id": { + "description": "ID is the policy ID.\n", + "type": "string" + }, + "rules": { + "description": "Rules is a list of rules associated with the admission policy.\n", + "items": { + "$ref": "#/components/schemas/admission.Rule" + }, + "type": "array" + } + }, + "type": "object" + }, + "admission.Rule": { + "description": "Rule represents an admission rule", + "properties": { + "attackTechniques": { + "description": "AttackTechniques are the MITRE attack techniques.\n", + "items": { + "$ref": "#/components/schemas/mitre.Technique" + }, + "type": "array" + }, + "description": { + "description": "Description is the rule description.\n", + "type": "string" + }, + "disabled": { + "description": "Indicates whether the rule is currently disabled. Values: true (disabled) or false (enabled).\n", + "type": "boolean" + }, + "effect": { + "$ref": "#/components/schemas/common.PolicyEffect" + }, + "modified": { + "description": "Specifies the date and time when the rule was last modified.\n", + "format": "date-time", + "type": "string" + }, + "name": { + "description": "Name of the rule.\n", + "type": "string" + }, + "notes": { + "description": "Describes any noteworthy points for a rule. You can include any text.\n", + "type": "string" + }, + "owner": { + "description": "User who created or last modified the rule.\n", + "type": "string" + }, + "previousName": { + "description": "Previous name of the rule. Required for rule renaming.\n", + "type": "string" + }, + "script": { + "description": "Script is the Rego script.\n", + "type": "string" + }, + "skipRawReq": { + "description": "SkipRawReq signals to exclude raw review request in a resulting admission audit.\n", + "type": "boolean" + } + }, + "type": "object" + }, + "agentless.ImageScanResultErrCode": { + "description": "ImageScanResultErrCode represents the asset status error", + "type": "integer" + }, + "ais.ScanInstancesRequest": { + "properties": { + "cloudAccountID": { + "description": ".\n", + "type": "string" + }, + "cloudInstanceIds": { + "description": ".\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "cloudProvider": { + "$ref": "#/components/schemas/common.CloudProvider" + }, + "region": { + "description": ".\n", + "type": "string" + } + }, + "type": "object" + }, + "ais.ScanInstancesResult": { + "properties": { + "description": { + "description": ".\n", + "type": "string" + }, + "instances": { + "description": ".\n", + "items": { + "$ref": "#/components/schemas/ais.ScanInstancesRequest" + }, + "type": "array" + }, + "status": { + "description": ".\n", + "type": "integer" + } + }, + "type": "object" + }, + "api.AggregationPeriod": { + "description": "AggregationPeriod represents a period over which alerts are aggregated", + "properties": { + "displayName": { + "description": "The display name of the aggregation period.\n", + "type": "string" + }, + "periodMS": { + "description": "The aggregation period's duration in milliseconds.\n", + "type": "integer" + } + }, + "type": "object" + }, + "api.AlertClientType": { + "description": "AlertClientType represents the type of alert client (e.g., email, slack, ...)", + "type": "string" + }, + "api.AlertProfile": { + "description": "AlertProfile represents an alert profile (event type and recipients)", + "properties": { + "_id": { + "description": "ID is the alert profile ID.\n", + "type": "string" + }, + "consoleIdentifier": { + "description": "ConsoleIdentifier is the console identifier.\n", + "type": "string" + }, + "cortex": { + "$ref": "#/components/schemas/api.AlertProfileCortexSettings" + }, + "disabled": { + "description": "Indicates whether the rule is currently disabled. Values: true (disabled) or false (enabled).\n", + "type": "boolean" + }, + "email": { + "$ref": "#/components/schemas/api.AlertProfileEmailSettings" + }, + "external": { + "description": "External indicates that the profile is integrated through Prisma Cloud.\n", + "type": "boolean" + }, + "gcpPubsub": { + "$ref": "#/components/schemas/api.AlertProfileGcpPubsubSettings" + }, + "integrationID": { + "description": "IntegrationID is the ID identifying the provider configured in Prisma Cloud.\n", + "type": "string" + }, + "jira": { + "$ref": "#/components/schemas/api.AlertProfileJIRASettings" + }, + "lastError": { + "description": "LastError represents the last error when sending the profile.\n", + "type": "string" + }, + "modified": { + "description": "Specifies the date and time when the rule was last modified.\n", + "format": "date-time", + "type": "string" + }, + "name": { + "description": "Name of the rule.\n", + "type": "string" + }, + "notes": { + "description": "Describes any noteworthy points for a rule. You can include any text.\n", + "type": "string" + }, + "owner": { + "description": "User who created or last modified the rule.\n", + "type": "string" + }, + "pagerduty": { + "$ref": "#/components/schemas/api.AlertProfilePagerDutySettings" + }, + "policy": { + "additionalProperties": { + "$ref": "#/components/schemas/api.AlertRule" + }, + "description": "Policy contains the mapping between alert type to the applied alert rules.\n", + "type": "object" + }, + "previousName": { + "description": "Previous name of the rule. Required for rule renaming.\n", + "type": "string" + }, + "securityAdvisor": { + "$ref": "#/components/schemas/api.AlertProfileSecurityAdvisor" + }, + "securityCenter": { + "$ref": "#/components/schemas/api.AlertProfileSecurityCenterSettings" + }, + "securityHub": { + "$ref": "#/components/schemas/api.AlertProfileSecurityHubSettings" + }, + "serviceNow": { + "$ref": "#/components/schemas/api.AlertProfileServiceNowSettings" + }, + "slack": { + "$ref": "#/components/schemas/api.AlertProfileSlackSettings" + }, + "splunk": { + "$ref": "#/components/schemas/api.AlertProfileSplunkSettings" + }, + "sqs": { + "$ref": "#/components/schemas/api.AlertProfileSQSSettings" + }, + "vulnerabilityImmediateAlertsEnabled": { + "description": "VulnerabilityImmediateAlertsEnabled indicates whether an immediate vulnerability alert will be sent upon new image scan.\n", + "type": "boolean" + }, + "webhook": { + "$ref": "#/components/schemas/api.AlertProfileWebhookSettings" + } + }, + "type": "object" + }, + "api.AlertProfileCortexSettings": { + "description": "AlertProfileCortexSettings represents Cortex applications alert profile settings", + "properties": { + "application": { + "$ref": "#/components/schemas/api.CortexApp" + }, + "caCert": { + "description": "CACert is the certificate used to verify the server.\n", + "type": "string" + }, + "credentialId": { + "description": "CredentialID is the id of the basic authentication credential.\n", + "type": "string" + }, + "enabled": { + "description": "Enabled is Webhook provider enabled/disabled indicator.\n", + "type": "boolean" + }, + "json": { + "description": "JSON is the custom JSON we send to the URL.\n", + "type": "string" + }, + "url": { + "description": "URL is the Webhook address.\n", + "type": "string" + } + }, + "type": "object" + }, + "api.AlertProfileEmailSettings": { + "description": "AlertProfileEmailSettings represents the alert profile Email settings", + "properties": { + "credentialId": { + "description": "CredentialID is the Email authentication credentials id.\n", + "type": "string" + }, + "enabled": { + "description": ".\n", + "type": "boolean" + }, + "from": { + "description": "From is the from address of the mail.\n", + "type": "string" + }, + "labels": { + "description": "Labels are custom label names from which the mail recipients are extracted, allowing to dynamically extract the target of the alerts.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "port": { + "description": ".\n", + "type": "integer" + }, + "recipients": { + "description": ".\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "smtpAddress": { + "description": ".\n", + "type": "string" + }, + "ssl": { + "description": ".\n", + "type": "boolean" + } + }, + "type": "object" + }, + "api.AlertProfileGcpPubsubSettings": { + "description": "AlertProfileGcpPubsubSettings is the GCP Pub/Sub alert profile settings", + "properties": { + "credentialId": { + "description": "CredentialID is the GCP Pub/Sub authentication credentials id.\n", + "type": "string" + }, + "enabled": { + "description": "Enabled indicates whether the GCP Pub/Sub settings are enabled.\n", + "type": "boolean" + }, + "topic": { + "description": "Topic is the GCP Pub/Sub topic (used by subscribers to listen for messages).\n", + "type": "string" + } + }, + "type": "object" + }, + "api.AlertProfileJIRASettings": { + "description": "AlertProfileJIRASettings represents the alert profile JIRA settings", + "properties": { + "assignee": { + "$ref": "#/components/schemas/api.JIRADynamicField" + }, + "baseUrl": { + "description": "BaseURL is the JIRA address.\n", + "type": "string" + }, + "caCert": { + "description": "CACert is the certificate used to verify the server.\n", + "type": "string" + }, + "credentialId": { + "description": "CredentialID is the JIRA authentication credentials id.\n", + "type": "string" + }, + "enabled": { + "description": "Enabled controls whether the rule is enabled.\n", + "type": "boolean" + }, + "issueType": { + "description": "IssueType is the type of the JIRA issue.\n", + "type": "string" + }, + "labels": { + "$ref": "#/components/schemas/api.JIRADynamicLabels" + }, + "priority": { + "description": "Priority is the issue priority.\n", + "type": "string" + }, + "projectKey": { + "$ref": "#/components/schemas/api.JIRADynamicField" + } + }, + "type": "object" + }, + "api.AlertProfilePagerDutySettings": { + "description": "AlertProfilePagerDutySettings represents the alert profile PagerDuty settings", + "properties": { + "enabled": { + "description": "Enabled is PagerDuty provider enabled/disabled indicator.\n", + "type": "boolean" + }, + "routingKey": { + "$ref": "#/components/schemas/common.Secret" + }, + "severity": { + "$ref": "#/components/schemas/api.PagerDutyAlertSeverity" + }, + "summary": { + "description": "Summary is the PagerDuty's event summary.\n", + "type": "string" + } + }, + "type": "object" + }, + "api.AlertProfileSQSSettings": { + "description": "AlertProfileSQSSettings represents the alert profile SQS settings", + "properties": { + "enabled": { + "description": "Enabled is the SQS provider enabled/disabled indicator.\n", + "type": "boolean" + }, + "json": { + "description": "JSON is the custom json we send to SQS.\n", + "type": "string" + } + }, + "type": "object" + }, + "api.AlertProfileSecurityAdvisor": { + "description": "AlertProfileSecurityAdvisor is the IBM security advisor alert profile settings", + "properties": { + "auto": { + "description": "Automatic means the configuration was automatically provisioned by security advisor, and only notes should be created.\n", + "type": "boolean" + }, + "credentialID": { + "description": "CredentialID is the IBM security advisor credential.\n", + "type": "string" + }, + "enabled": { + "description": "Enabled indicates whether the security advisor settings are enabled.\n", + "type": "boolean" + }, + "findingsURL": { + "description": "FindingsURL is the URL to which findings should be sent.\n", + "type": "string" + }, + "providerId": { + "description": "ProviderID is the configured providerID (default twistlock).\n", + "type": "string" + }, + "tokenURL": { + "description": "TokenURL is the url from which security tokens should be fetched.\n", + "type": "string" + } + }, + "type": "object" + }, + "api.AlertProfileSecurityCenterSettings": { + "description": "AlertProfileSecurityCenterSettings is the google cloud security center alert profile settings", + "properties": { + "credentialId": { + "description": "CredentialID is the Security Center authentication credentials id.\n", + "type": "string" + }, + "enabled": { + "description": ".\n", + "type": "boolean" + }, + "sourceID": { + "description": "SourceID is the google cloud security center organization source ID (used to construct security advisor findings).\n", + "type": "string" + } + }, + "type": "object" + }, + "api.AlertProfileSecurityHubSettings": { + "description": "AlertProfileSecurityHubSettings is the AWS security hub alert profile settings", + "properties": { + "accountID": { + "description": "AccountID is the AWS account ID.\n", + "type": "string" + }, + "credentialId": { + "description": "CredentialID is the SecurityHub authentication credentials id.\n", + "type": "string" + }, + "enabled": { + "description": "Enabled indicates whether the security hub settings are enabled.\n", + "type": "boolean" + }, + "region": { + "description": "Region is the aws region.\n", + "type": "string" + } + }, + "type": "object" + }, + "api.AlertProfileServiceNowSettings": { + "description": "AlertProfileServiceNowSettings represents the ServiceNow provider alert profile settings", + "properties": { + "application": { + "$ref": "#/components/schemas/api.ServiceNowApp" + }, + "assignee": { + "description": "Assignee is the ServiceNow user to whom will assign ServiceNow incidents\\items.\n", + "type": "string" + }, + "assignmentGroup": { + "description": "AssignmentGroup is the ServiceNow group of users handling security incidents.\n", + "type": "string" + }, + "auditPriority": { + "description": "AuditPriority is the priority at which to set audit alerts in security incidents.\n", + "type": "string" + }, + "caCert": { + "description": "CA certificate for on-premise ssl (optional).\n", + "type": "string" + }, + "credentialID": { + "description": "CredentialID is the ServiceNow authentication credentials id.\n", + "type": "string" + }, + "enabled": { + "description": "Enabled is the ServiceNow provider enabled/disabled indicator.\n", + "type": "boolean" + }, + "project": { + "description": "Project is the name of the prisma compute project that was used to generate this configuration. It's required as secondary consoles do not store their project name.\n", + "type": "string" + }, + "securityIncidentBaseURL": { + "description": "SecurityIncidentBaseURL is the ServiceNow address, used to send security incidents.\n", + "type": "string" + }, + "vulnerabilityEndpointUrl": { + "description": "VulnerabilityEndpointURL to report ServiceNow vulnerabilities, customer defined scripted REST API, see: https://docs.servicenow.com/bundle/orlando-application-development/page/integrate/custom-web-services/concept/c_CustomWebServices.html.\n", + "type": "string" + } + }, + "type": "object" + }, + "api.AlertProfileSlackSettings": { + "description": "AlertProfileSlackSettings represents the alert profile Slack settings", + "properties": { + "enabled": { + "description": ".\n", + "type": "boolean" + }, + "users": { + "description": ".\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "webhookUrl": { + "description": ".\n", + "type": "string" + } + }, + "type": "object" + }, + "api.AlertProfileSplunkSettings": { + "description": "AlertProfileSplunkSettings represents the alert profile Splunk settings", + "properties": { + "authToken": { + "$ref": "#/components/schemas/common.Secret" + }, + "caCert": { + "description": "CACert is the certificate used to verify the server (optional).\n", + "type": "string" + }, + "enabled": { + "description": "Enabled is Splunk provider enabled/disabled indicator.\n", + "type": "boolean" + }, + "json": { + "description": "JSON is the custom json we send to Splunk.\n", + "type": "string" + }, + "sourceType": { + "description": "SourceType is the alert source type.\n", + "type": "string" + }, + "url": { + "description": "URL is the Splunk HTTP event collector URL.\n", + "type": "string" + } + }, + "type": "object" + }, + "api.AlertProfileWebhookSettings": { + "description": "AlertProfileWebhookSettings represents the alert profile Webhook settings", + "properties": { + "caCert": { + "description": "CACert is the certificate used to verify the server.\n", + "type": "string" + }, + "credentialId": { + "description": "CredentialID is the id of the basic authentication credential.\n", + "type": "string" + }, + "enabled": { + "description": "Enabled is Webhook provider enabled/disabled indicator.\n", + "type": "boolean" + }, + "json": { + "description": "JSON is the custom JSON we send to the URL.\n", + "type": "string" + }, + "url": { + "description": "URL is the Webhook address.\n", + "type": "string" + } + }, + "type": "object" + }, + "api.AlertRule": { + "description": "AlertRule represents the configuration of an alert type", + "properties": { + "allRules": { + "description": "AllRules controls whether an alert is sent out for audits on all policy rules.\n", + "type": "boolean" + }, + "enabled": { + "description": "Enabled controls whether the rule is enabled.\n", + "type": "boolean" + }, + "rules": { + "description": "AssociatedRules defines the specific rules whose audits will generate alerts (relevant only if AllRules is false).\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + "type": "object" + }, + "api.AlertSettings": { + "description": "AlertSettings are the global alert settings", + "properties": { + "aggregationPeriodMs": { + "description": "AggregationPeriodMs is the alert aggregation period in milliseconds.\n", + "type": "integer" + }, + "securityAdvisorWebhook": { + "description": "SecurityAdvisorWebhook is a webhook for IBM security advisor alert wizard, used to authenticate the wizard with the console and to pull data.\n", + "type": "string" + } + }, + "type": "object" + }, + "api.AlertType": { + "description": "AlertType represents an alert type", + "enum": [ + [ + "", + "defender", + "containerRuntime", + "appEmbeddedRuntime", + "containerAppFirewall", + "hostAppFirewall", + "appEmbeddedAppFirewall", + "serverlessAppFirewall", + "agentlessAppFirewall", + "networkFirewall", + "containerVulnerability", + "registryVulnerability", + "containerCompliance", + "hostVulnerability", + "hostCompliance", + "hostRuntime", + "incident", + "serverlessRuntime", + "kubernetesAudit", + "cloudDiscovery", + "admission", + "containerComplianceScan", + "hostComplianceScan", + "waasHealth", + "vmVulnerability", + "vmCompliance", + "containerSecurityEvents", + "hostSecurityEvents" + ] + ], + "type": "string" + }, + "api.AuthType": { + "description": "AuthType is the user authentication type", + "enum": [ + [ + "saml", + "ldap", + "basic", + "oauth", + "oidc" + ] + ], + "type": "string" + }, + "api.AuthenticationRequest": { + "description": "AuthenticationRequest is the required user input for authentication requests", + "properties": { + "password": { + "description": "Password is the password used for authentication.\n", + "type": "string" + }, + "token": { + "description": "Token is the Prisma JWT token used for authentication.\n", + "type": "string" + }, + "username": { + "description": "Username is the username used for authentication.\n", + "type": "string" + } + }, + "type": "object" + }, + "api.AuthenticationResponse": { + "description": "AuthenticationResponse returns the result of calling the authentication endpoint", + "properties": { + "token": { + "description": "Token is the new JWT token.\n", + "type": "string" + } + }, + "type": "object" + }, + "api.BuildahFeatureStatus": { + "description": "BuildahFeatureStatus holds the response for the buildah feature status", + "properties": { + "enabled": { + "description": "Enabled is the buildah feature enabled/disabled indicator.\n", + "type": "boolean" + } + }, + "type": "object" + }, + "api.ConsoleAuthResponse": { + "description": "ConsoleAuthResponse represents the console certificates authentication response", + "properties": { + "role": { + "description": "UserRole is the authenticated user role.\n", + "type": "string" + }, + "token": { + "description": "Token is the console authentication response token.\n", + "type": "string" + } + }, + "type": "object" + }, + "api.CortexApp": { + "description": "CortexApp identifies a Cortex application (there are several)", + "enum": [ + [ + "xsoar", + "xdr" + ] + ], + "type": "string" + }, + "api.DefenderInstallScriptOptions": { + "description": "DefenderInstallScriptOptions holds the parameters for defender install script download", + "properties": { + "port": { + "description": "Port is the communication port between the defender and the console.\n", + "type": "integer" + }, + "proxy": { + "$ref": "#/components/schemas/common.DefenderProxyOpt" + } + }, + "type": "object" + }, + "api.InitStatus": { + "description": "InitStatus returns whether the console is initialized (i.e., if initial user/password is set)", + "properties": { + "initialized": { + "description": "Initialized indicates whether the console is initialized.\n", + "type": "boolean" + } + }, + "type": "object" + }, + "api.JIRADynamicField": { + "description": "JIRADynamicField represents a value that can be given as a string or as a dynamic label\nSee more: https://developer.atlassian.com/cloud/jira/platform/rest/v2/api-group-issues/#api-rest-api-2-issue-post", + "properties": { + "id": { + "description": "ID is the field ID.\n", + "type": "string" + }, + "labels": { + "description": "Labels are the dynamic labels of which the value is based on.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "name": { + "description": "Name is the static string field.\n", + "type": "string" + } + }, + "type": "object" + }, + "api.JIRADynamicLabels": { + "description": "JIRADynamicLabels represents JIRA labels that can be given as strings or as a dynamic label", + "properties": { + "labels": { + "description": "Labels are the dynamic labels of which JIRA labels are based on.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "names": { + "description": "Names are the static strings field.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + "type": "object" + }, + "api.LicenseRequest": { + "description": "LicenseRequest is a request to setup a new license", + "properties": { + "key": { + "description": "Key is the license key.\n", + "type": "string" + } + }, + "type": "object" + }, + "api.PagerDutyAlertSeverity": { + "description": "PagerDutyAlertSeverity is the severity of an alert triggered in PagerDuty", + "enum": [ + [ + "critical", + "error", + "warning", + "info" + ] + ], + "type": "string" + }, + "api.Permission": { + "description": "Permission represents a user or group's permission to access a specific resource.\nCurrently supported resources are:\n- Project - Access to a specific project (if empty, the Master Project by default)\n- Collection - The set of collections in the project that may be accessed (all if empty)\nIf no permissions are assigned, all projects and collections may be accessed", + "properties": { + "collections": { + "description": "List of collections the user can access.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "project": { + "description": "Names of projects which the user can access.\n", + "type": "string" + } + }, + "type": "object" + }, + "api.Permissions": { + "description": "Permissions is a list of permissions", + "items": { + "$ref": "#/components/schemas/api.Permission" + }, + "type": "array" + }, + "api.ProjectSettings": { + "description": "ProjectSettings are settings for supporting federated console", + "properties": { + "master": { + "description": "Master indicates that project feature is enabled and that this console is the master console.\n", + "type": "boolean" + }, + "redirectURL": { + "description": "RedirectURL is the redirectURL for the given project.\n", + "type": "string" + } + }, + "type": "object" + }, + "api.ResolveFunctionsReq": { + "description": "ResolveFunctionsReq represents the parameters supported by the functions resolution API", + "properties": { + "functions": { + "description": "Functions is the list of functions to evaluate.\n", + "items": { + "$ref": "#/components/schemas/serverless.FunctionInfo" + }, + "type": "array" + } + }, + "type": "object" + }, + "api.ResolveFunctionsResp": { + "description": "ResolveFunctionsResp represents the functions resolution API output", + "properties": { + "functions": { + "description": "Functions is the list of functions that were resolved.\n", + "items": { + "$ref": "#/components/schemas/serverless.FunctionInfo" + }, + "type": "array" + } + }, + "type": "object" + }, + "api.ResolveImagesReq": { + "description": "ResolveImagesReq represents the parameters supported by the images resolution API", + "properties": { + "images": { + "description": "Images is the list of image to resolve.\n", + "items": { + "$ref": "#/components/schemas/shared.ImageScanResult" + }, + "type": "array" + } + }, + "type": "object" + }, + "api.ResolveImagesResp": { + "description": "ResolveImagesResp represents the images resolution API output", + "properties": { + "images": { + "description": "Images is the list of images that were resolved.\n", + "items": { + "$ref": "#/components/schemas/shared.ImageScanResult" + }, + "type": "array" + } + }, + "type": "object" + }, + "api.ServiceNowApp": { + "description": "ServiceNowApp identifies a ServiceNow application (there are several)\nfor more details, see:\nhttps://docs.servicenow.com/bundle/orlando-security-management/page/product/security-operations/concept/security-operations-intro.html", + "enum": [ + [ + "securityIncidentsResponse", + "vulnerabilityResponse" + ] + ], + "type": "string" + }, + "api.User": { + "description": "User represents a user in Twistlock", + "properties": { + "authType": { + "$ref": "#/components/schemas/api.AuthType" + }, + "lastModified": { + "description": "Datetime when the user was created or last modified.\n", + "format": "date-time", + "type": "string" + }, + "password": { + "description": "Password for authentication.\n", + "type": "string" + }, + "permissions": { + "$ref": "#/components/schemas/api.Permissions" + }, + "role": { + "description": "User role.\n", + "type": "string" + }, + "username": { + "description": "Username for authentication.\n", + "type": "string" + } + }, + "type": "object" + }, + "api.UserList": { + "description": "UserList represents a list of users", + "items": { + "$ref": "#/components/schemas/api.User" + }, + "type": "array" + }, + "appembedded.FargateTask": { + "additionalProperties": { + "$ref": "#/components/schemas/string" + }, + "description": "FargateTask represents the generic fargate task AWS template", + "type": "object" + }, + "applicationcontrol.Application": { + "description": "Application contains data about allowed installed versions for an application", + "properties": { + "allowedVersions": { + "$ref": "#/components/schemas/vulnerability.Conditions" + }, + "name": { + "description": "Name is the name of the application.\n", + "type": "string" + } + }, + "type": "object" + }, + "applicationcontrol.Rule": { + "description": "Rule represents an application control policy rule", + "properties": { + "_id": { + "description": "ID is the ID of the rule.\n", + "type": "integer" + }, + "applications": { + "description": "Applications are rules configuring the desired effect per application.\n", + "items": { + "$ref": "#/components/schemas/applicationcontrol.Application" + }, + "type": "array" + }, + "description": { + "description": "Description is the rule description.\n", + "type": "string" + }, + "disabled": { + "description": "Indicates whether the rule is currently disabled. Values: true (disabled) or false (enabled).\n", + "type": "boolean" + }, + "modified": { + "description": "Specifies the date and time when the rule was last modified.\n", + "format": "date-time", + "type": "string" + }, + "name": { + "description": "Name of the rule.\n", + "type": "string" + }, + "notes": { + "description": "Describes any noteworthy points for a rule. You can include any text.\n", + "type": "string" + }, + "owner": { + "description": "User who created or last modified the rule.\n", + "type": "string" + }, + "previousName": { + "description": "Previous name of the rule. Required for rule renaming.\n", + "type": "string" + }, + "severity": { + "description": "Severity is the rule's severity.\n", + "type": "string" + } + }, + "type": "object" + }, + "bool": { + "type": "boolean" + }, + "byte": { + "format": "byte", + "type": "string" + }, + "ccs.AccountMessage": { + "description": "AccountMessage is a cloud account message", + "properties": { + "accountID": { + "description": "AccountID is the account ID.\n", + "type": "string" + }, + "awsRegionType": { + "$ref": "#/components/schemas/shared.RegionType" + }, + "cloudType": { + "description": "CloudType is the account type.\n", + "type": "string" + }, + "deleted": { + "description": "Deleted is true if this account is marked deleted.\n", + "type": "boolean" + }, + "enrichedFeatures": { + "description": "Features is a list of enabled features and their mode.\n", + "items": { + "$ref": "#/components/schemas/ccs.Feature" + }, + "type": "array" + }, + "features": { + "description": "EnabledFeatures is a list of enabled feature names, kept for bc.\n", + "items": { + "$ref": "#/components/schemas/ccs.FeatureName" + }, + "type": "array" + }, + "lastModified": { + "description": "LastModified is the last time this account was modified.\n", + "format": "int64", + "type": "integer" + }, + "name": { + "description": "AccountName is the account name.\n", + "type": "string" + }, + "organizationName": { + "description": "OrganizationName is the organization the account belongs to (if any).\n", + "type": "string" + } + }, + "type": "object" + }, + "ccs.ConsoleMessage": { + "description": "ConsoleMessage is a generic console message which contains one type of message, e.g. account, alert rule, etc.", + "properties": { + "accountMessage": { + "$ref": "#/components/schemas/ccs.AccountMessage" + }, + "type": { + "$ref": "#/components/schemas/ccs.MsgType" + } + }, + "type": "object" + }, + "ccs.Feature": { + "properties": { + "mode": { + "$ref": "#/components/schemas/cloudaccount.FeatureMode" + }, + "name": { + "$ref": "#/components/schemas/ccs.FeatureName" + } + }, + "type": "object" + }, + "ccs.FeatureName": { + "description": "FeatureName is the account feature name", + "enum": [ + [ + "agentless", + "serverless", + "cloud-discovery", + "auto-protect" + ] + ], + "type": "string" + }, + "ccs.MsgType": { + "description": "MsgType is the message type, e.g. `account`, `alert-rule`, etc", + "enum": [ + [ + "account" + ] + ], + "type": "string" + }, + "cloudaccount.FeatureMode": { + "enum": [ + [ + "cloud-scan", + "target-scan", + "hub-scan", + "hub" + ] + ], + "type": "string" + }, + "clustereddb.AddMemberRequest": { + "description": "AddMemberRequest represents a request for adding a member to the clustered DB pool", + "properties": { + "address": { + "description": "Address is the member address to add.\n", + "type": "string" + } + }, + "type": "object" + }, + "clustereddb.ReplicaSetMemberStateStr": { + "description": "ReplicaSetMemberStateStr is a string representation of a member's state\nRef. https://docs.mongodb.com/v4.4/reference/replica-states/", + "enum": [ + [ + "STARTUP", + "PRIMARY", + "SECONDARY", + "RECOVERING", + "STARTUP2", + "UNKNOWN", + "ARBITER", + "DOWN", + "ROLLBACK", + "REMOVED" + ] + ], + "type": "string" + }, + "clustereddb.ReplicaSetMemberStatus": { + "description": "ReplicaSetMemberStatus represents replica set member's status\nRef. https://docs.mongodb.com/v4.4/reference/command/replSetGetStatus/#mongodb-data-replSetGetStatus.members", + "properties": { + "name": { + "description": "Name is the member's name (hostname address).\n", + "type": "string" + }, + "stateStr": { + "$ref": "#/components/schemas/clustereddb.ReplicaSetMemberStateStr" + } + }, + "type": "object" + }, + "clustereddb.Settings": { + "description": "Settings represents the clustered DB settings", + "properties": { + "loadBalancerAddress": { + "description": "LoadBalancerAddress is the address of the customer's load balancer in clustered DB mode. All clients (including Defenders) are reaching the Console through the load balancer.\n", + "type": "string" + }, + "seedConsoleAddress": { + "description": "SeedConsoleAddress allows editing the address of the seed Console (optional).\n", + "type": "string" + } + }, + "type": "object" + }, + "clustereddb.StatusResponse": { + "description": "StatusResponse represents the response to a clustered DB status request", + "properties": { + "date": { + "description": "Date indicates the current time according to the queried Mongo server.\n", + "format": "date-time", + "type": "string" + }, + "loadBalancerAddress": { + "description": "LoadBalancerAddress represents the address of the load balancer.\n", + "type": "string" + }, + "members": { + "description": "Members are the replica set members.\n", + "items": { + "$ref": "#/components/schemas/clustereddb.ReplicaSetMemberStatus" + }, + "type": "array" + } + }, + "type": "object" + }, + "cnnf.AllowAllConnections": { + "description": "AllowAllConnections indicates if connections are allowed to/from any entity of the specified types\ne.g. if inbound contains the type subnet, the entity is allowed to receive connections from any subnet", + "properties": { + "inbound": { + "description": "Inbound indicates if connections are allowed from any entity of the specified types.\n", + "items": { + "$ref": "#/components/schemas/cnnf.RuleEntityType" + }, + "type": "array" + }, + "outbound": { + "description": "Outbound indicates if connections are allowed to any entity of the specified types.\n", + "items": { + "$ref": "#/components/schemas/cnnf.RuleEntityType" + }, + "type": "array" + } + }, + "type": "object" + }, + "cnnf.ContainerAudit": { + "description": "ContainerAudit represents a network firewall audit event", + "properties": { + "block": { + "description": "Block indicates whether the connection was blocked.\n", + "type": "boolean" + }, + "count": { + "description": "Count is the event occurrences count.\n", + "type": "integer" + }, + "dstContainerName": { + "description": "DstContainerName is the destination container name.\n", + "type": "string" + }, + "dstDomain": { + "description": "DstDomain is the destination domain that was queried.\n", + "type": "string" + }, + "dstImageName": { + "description": "DstImage is the destination image name.\n", + "type": "string" + }, + "dstPort": { + "description": "DstPort is the connection destination port.\n", + "type": "integer" + }, + "dstProfileHash": { + "$ref": "#/components/schemas/common.ProfileHash" + }, + "dstProfileID": { + "description": "DstProfileID is the destination profile ID.\n", + "type": "string" + }, + "dstSubnet": { + "description": "DstSubnet is the destination subnet.\n", + "type": "string" + }, + "labels": { + "additionalProperties": { + "$ref": "#/components/schemas/string" + }, + "description": "Labels are the custom labels associated with the target container.\n", + "type": "object" + }, + "msg": { + "description": "Message is the event message.\n", + "type": "string" + }, + "ruleID": { + "$ref": "#/components/schemas/cnnf.RuleID" + }, + "srcContainerName": { + "description": "SrcContainerName is the source container name.\n", + "type": "string" + }, + "srcImageName": { + "description": "SrcImage is the source image name.\n", + "type": "string" + }, + "srcProfileHash": { + "$ref": "#/components/schemas/common.ProfileHash" + }, + "srcProfileID": { + "description": "SrcProfileID is the source profile ID.\n", + "type": "string" + }, + "time": { + "description": "Time is the UTC time of the audit event.\n", + "format": "date-time", + "type": "string" + }, + "type": { + "$ref": "#/components/schemas/cnnf.NetworkFirewallAttackType" + } + }, + "type": "object" + }, + "cnnf.EntityID": { + "description": "EntityID represents the ID of each network firewall entity.\n20 bits are used. Max legal value: 2^20-1", + "type": "integer" + }, + "cnnf.HostAudit": { + "description": "HostAudit represents a host network firewall audit event", + "properties": { + "accountID": { + "description": "AccountID is the host account ID.\n", + "type": "string" + }, + "block": { + "description": "Block indicates whether the connection was blocked.\n", + "type": "boolean" + }, + "cluster": { + "description": "Cluster is the cluster from which the audit originated.\n", + "type": "string" + }, + "count": { + "description": "Count is the event occurrences count.\n", + "type": "integer" + }, + "dstHostname": { + "description": "DstHostname is the destination hostname.\n", + "type": "string" + }, + "dstPort": { + "description": "DstPort is the connection destination port.\n", + "type": "integer" + }, + "dstSubnet": { + "description": "DstSubnet is the destination subnet.\n", + "type": "string" + }, + "msg": { + "description": "Message is the event message.\n", + "type": "string" + }, + "ruleID": { + "$ref": "#/components/schemas/cnnf.RuleID" + }, + "srcHash": { + "$ref": "#/components/schemas/common.ProfileHash" + }, + "srcHostname": { + "description": "SrcHostname is the source hostname.\n", + "type": "string" + }, + "srcSubnet": { + "description": "SrcSubnet is the source subnet.\n", + "type": "string" + }, + "time": { + "description": "Time is the UTC time of the audit event.\n", + "format": "date-time", + "type": "string" + }, + "type": { + "$ref": "#/components/schemas/cnnf.NetworkFirewallAttackType" + } + }, + "type": "object" + }, + "cnnf.NetworkEntities": { + "description": "NetworkEntities represents a list of network firewall entities", + "items": { + "$ref": "#/components/schemas/cnnf.NetworkEntity" + }, + "type": "array" + }, + "cnnf.NetworkEntity": { + "description": "NetworkEntity represents a network firewall entity", + "properties": { + "_id": { + "$ref": "#/components/schemas/cnnf.EntityID" + }, + "allowAll": { + "$ref": "#/components/schemas/cnnf.AllowAllConnections" + }, + "collections": { + "description": "Collections indicate the collection the entity is part of.\n", + "items": { + "$ref": "#/components/schemas/collection.Collection" + }, + "type": "array" + }, + "domains": { + "description": "Domains is a list of domains.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "name": { + "description": "Name is the entity name.\n", + "type": "string" + }, + "subnets": { + "description": "Subnets are the CIDR format network.\n", + "items": { + "$ref": "#/components/schemas/cnnf.Subnet" + }, + "type": "array" + }, + "type": { + "$ref": "#/components/schemas/cnnf.RuleEntityType" + } + }, + "type": "object" + }, + "cnnf.NetworkFirewallAttackType": { + "description": "NetworkFirewallAttackType is the network firewall type of attack", + "enum": [ + [ + "unexpectedConnection" + ] + ], + "type": "string" + }, + "cnnf.Policy": { + "description": "Policy holds the data for firewall policies (host and container)", + "properties": { + "_id": { + "description": ".\n", + "type": "string" + }, + "containerEnabled": { + "description": "ContainerEnabled indicates whether container network firewall feature is enabled.\n", + "type": "boolean" + }, + "containerRules": { + "description": "ContainerRules holds the container firewall rules.\n", + "items": { + "$ref": "#/components/schemas/cnnf.Rule" + }, + "type": "array" + }, + "hostEnabled": { + "description": "HostEnabled indicates whether host network firewall feature is enabled.\n", + "type": "boolean" + }, + "hostRules": { + "description": "HostRules holds the host firewall rules.\n", + "items": { + "$ref": "#/components/schemas/cnnf.Rule" + }, + "type": "array" + }, + "modified": { + "description": ".\n", + "format": "date-time", + "type": "string" + }, + "networkEntities": { + "$ref": "#/components/schemas/cnnf.NetworkEntities" + }, + "owner": { + "description": ".\n", + "type": "string" + } + }, + "type": "object" + }, + "cnnf.RadarConnectionInstance": { + "description": "RadarConnectionInstance is an instance of a connection between two radar endpoints", + "properties": { + "dst": { + "description": "Dst is the dst of the connection instance. Typically kept as an IP or a hostname.\n", + "type": "string" + }, + "policyRule": { + "$ref": "#/components/schemas/cnnf.RadarPolicyRule" + }, + "port": { + "$ref": "#/components/schemas/common.PortData" + }, + "src": { + "description": "Src is the src of the connection instance. Typically kept as an IP or a hostname.\n", + "type": "string" + }, + "time": { + "description": "Time is the time the connection instance was added.\n", + "format": "date-time", + "type": "string" + } + }, + "type": "object" + }, + "cnnf.RadarConnectionInstances": { + "description": "RadarConnectionInstances holds the recent connections history between 2 entities (hosts, subnet entities, etc)", + "properties": { + "instances": { + "description": "Instances are connection samples.\n", + "items": { + "$ref": "#/components/schemas/cnnf.RadarConnectionInstance" + }, + "type": "array" + } + }, + "type": "object" + }, + "cnnf.RadarPolicyRule": { + "description": "RadarPolicyRule holds the data of a single policy rule", + "properties": { + "effect": { + "$ref": "#/components/schemas/common.Effect" + }, + "portRanges": { + "description": "PortRanges specify the ranges of ports.\n", + "items": { + "$ref": "#/components/schemas/common.PortRange" + }, + "type": "array" + } + }, + "type": "object" + }, + "cnnf.Rule": { + "description": "Rule contains the properties common to both host and container network firewall", + "properties": { + "disabled": { + "description": "Indicates whether the rule is currently disabled. Values: true (disabled) or false (enabled).\n", + "type": "boolean" + }, + "dst": { + "$ref": "#/components/schemas/cnnf.EntityID" + }, + "effect": { + "$ref": "#/components/schemas/common.Effect" + }, + "id": { + "$ref": "#/components/schemas/cnnf.RuleID" + }, + "modified": { + "description": "Specifies the date and time when the rule was last modified.\n", + "format": "date-time", + "type": "string" + }, + "name": { + "description": "Name of the rule.\n", + "type": "string" + }, + "notes": { + "description": "Describes any noteworthy points for a rule. You can include any text.\n", + "type": "string" + }, + "owner": { + "description": "User who created or last modified the rule.\n", + "type": "string" + }, + "ports": { + "description": "Ports are the entity port range specifications.\n", + "items": { + "$ref": "#/components/schemas/common.PortRange" + }, + "type": "array" + }, + "previousName": { + "description": "Previous name of the rule. Required for rule renaming.\n", + "type": "string" + }, + "src": { + "$ref": "#/components/schemas/cnnf.EntityID" + } + }, + "type": "object" + }, + "cnnf.RuleEntityType": { + "description": "RuleEntityType is the network firewall rule entity type", + "enum": [ + [ + "container", + "host", + "subnet", + "dns" + ] + ], + "type": "string" + }, + "cnnf.RuleID": { + "description": "RuleID represents the ID of each container network firewall policy rule", + "type": "integer" + }, + "cnnf.Subnet": { + "description": "Subnet is a network firewall subnet", + "properties": { + "cidr": { + "description": "CIDR is the IP range of the defined entity.\n", + "type": "string" + }, + "name": { + "description": "Name is the given name to represent the range.\n", + "type": "string" + } + }, + "type": "object" + }, + "coderepos.ManifestFile": { + "description": "ManifestFile holds the data of a specific manifest file (can also be of a dependency manifest file)", + "properties": { + "dependencies": { + "description": "Packages listed in the manifest file.\n", + "items": { + "$ref": "#/components/schemas/coderepos.PkgDependency" + }, + "type": "array" + }, + "distribution": { + "$ref": "#/components/schemas/vuln.Distribution" + }, + "path": { + "description": "Path to the file.\n", + "type": "string" + }, + "type": { + "$ref": "#/components/schemas/packages.Type" + } + }, + "type": "object" + }, + "coderepos.PkgDependency": { + "description": "PkgDependency represents a required package", + "properties": { + "devDependency": { + "description": "Indicates if this dependency is used only for the development of the package (true) or not (false).\n", + "type": "boolean" + }, + "lastResolved": { + "description": "Date/time of the last version resolution. If the value is zero, it means the version is explicit and does not require resolving.\n", + "format": "date-time", + "type": "string" + }, + "licenseSeverity": { + "description": "Maximum severity of the detected licenses according to the compliance policy.\n", + "type": "string" + }, + "licenses": { + "description": "Detected licenses of the dependant package.\n", + "items": { + "$ref": "#/components/schemas/license.SPDXLicense" + }, + "type": "array" + }, + "name": { + "description": "Package name that the dependency refers to.\n", + "type": "string" + }, + "rawRequirement": { + "description": "Line in which the package is declared.\n", + "type": "string" + }, + "unsupported": { + "description": "Indicates if this package is unsupported by the remote package manager DB (e.g., due to a bad name or private package) (true) or not (false).\n", + "type": "boolean" + }, + "version": { + "description": "Package version, either explicitly specified in a manifest or resolved by the scanner.\n", + "type": "string" + }, + "vulnerabilities": { + "description": "Vulnerabilities in the package.\n", + "items": { + "$ref": "#/components/schemas/vuln.Vulnerability" + }, + "type": "array" + } + }, + "type": "object" + }, + "coderepos.Repository": { + "description": "Repository is the metadata for a code repository", + "properties": { + "build": { + "description": "CI build.\n", + "type": "string" + }, + "defaultBranch": { + "description": "Default branch in the repository, usually master.\n", + "type": "string" + }, + "digest": { + "description": "Repository content digest. Used to indicate if the content of the repository has changed.\n", + "type": "string" + }, + "fullName": { + "description": "Full name that represents the repository (/).\n", + "type": "string" + }, + "jobName": { + "description": "CI job name.\n", + "type": "string" + }, + "name": { + "description": "Repository name.\n", + "type": "string" + }, + "owner": { + "description": "GitHub username or organization name of the repository's owner.\n", + "type": "string" + }, + "private": { + "description": "Indicates if the repository is private (true) or not (false).\n", + "type": "boolean" + }, + "size": { + "description": "Size of the repository (in KB).\n", + "type": "integer" + }, + "url": { + "description": "URL is the repository address.\n", + "type": "string" + } + }, + "type": "object" + }, + "coderepos.ScanResult": { + "description": "ScanResult holds a specific repository data", + "properties": { + "_id": { + "description": "Scan report ID in the database.\n", + "type": "string" + }, + "collections": { + "description": "List of matching code repo collections.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "complianceRiskScore": { + "description": "Code repository's compliance risk score. Used for sorting.\n", + "format": "float", + "type": "number" + }, + "files": { + "description": "Scan result for each manifest file in the repository.\n", + "items": { + "$ref": "#/components/schemas/coderepos.ManifestFile" + }, + "type": "array" + }, + "pass": { + "description": "Indicates whether the scan passed or failed.\n", + "type": "boolean" + }, + "repository": { + "$ref": "#/components/schemas/coderepos.Repository" + }, + "scanTime": { + "description": "Date/time when this repository was last scanned. The results might be from the DB and not updated if the repository contents have not changed.\n", + "format": "date-time", + "type": "string" + }, + "type": { + "$ref": "#/components/schemas/shared.CodeRepoProviderType" + }, + "updateTime": { + "description": "Date/time when this repository was last updated.\n", + "format": "date-time", + "type": "string" + }, + "vulnInfo": { + "$ref": "#/components/schemas/shared.ImageInfo" + }, + "vulnerabilityRiskScore": { + "description": "Code repository's CVE risk score. Used for sorting.\n", + "format": "float", + "type": "number" + }, + "vulnerableFiles": { + "description": "Counts how many files have vulnerabilities. Vulnerability info is calculated on demand.\n", + "type": "integer" + } + }, + "type": "object" + }, + "collection.Collection": { + "description": "Collection is a collection of resources", + "properties": { + "accountIDs": { + "description": "List of account IDs.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "appIDs": { + "description": "List of application IDs.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "clusters": { + "description": "List of Kubernetes cluster names.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "color": { + "$ref": "#/components/schemas/common.Color" + }, + "containers": { + "description": "List of containers.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "description": { + "description": "Free-form text.\n", + "type": "string" + }, + "functions": { + "description": "List of functions.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "hosts": { + "description": "List of hosts.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "images": { + "description": "List of images.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "labels": { + "description": "List of labels.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "modified": { + "description": "Datetime when the collection was last modified.\n", + "format": "date-time", + "type": "string" + }, + "name": { + "description": "Collection name. Must be unique.\n", + "type": "string" + }, + "namespaces": { + "description": "List of Kubernetes namespaces.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "owner": { + "description": "User who created or last modified the collection.\n", + "type": "string" + }, + "prisma": { + "description": "Indicates whether this collection originates from Prisma Cloud.\n", + "type": "boolean" + }, + "system": { + "description": "Indicates whether this collection was created by the system (i.e., a non user) (true) or a real user (false).\n", + "type": "boolean" + } + }, + "type": "object" + }, + "collection.Usage": { + "description": "Usage represents details of a collection being used", + "properties": { + "name": { + "description": "Name of the consumer (e.g., container runtime, username, etc.).\n", + "type": "string" + }, + "type": { + "$ref": "#/components/schemas/collection.UsageType" + } + }, + "type": "object" + }, + "collection.UsageType": { + "description": "UsageType represents a collection usage type", + "enum": [ + [ + "policy", + "settings", + "user", + "group", + "registryScan" + ] + ], + "type": "string" + }, + "common.CloudMetadata": { + "description": "CloudMetadata is the metadata for a cloud provider managed asset (e.g., as part of AWS/GCP/Azure/OCI)", + "properties": { + "accountID": { + "description": "Cloud account ID.\n", + "type": "string" + }, + "awsExecutionEnv": { + "description": "AWS execution environment (e.g. EC2/Fargate).\n", + "type": "string" + }, + "image": { + "description": "The name of the image the cloud managed host or container is based on.\n", + "type": "string" + }, + "labels": { + "description": "Cloud provider metadata labels.\n", + "items": { + "$ref": "#/components/schemas/common.ExternalLabel" + }, + "type": "array" + }, + "name": { + "description": "Resource name.\n", + "type": "string" + }, + "provider": { + "$ref": "#/components/schemas/common.CloudProvider" + }, + "region": { + "description": "Resource's region.\n", + "type": "string" + }, + "resourceID": { + "description": "Unique ID of the resource.\n", + "type": "string" + }, + "resourceURL": { + "description": "Server-defined URL for the resource.\n", + "type": "string" + }, + "type": { + "description": "Instance type.\n", + "type": "string" + }, + "vmID": { + "description": "Azure unique vm ID.\n", + "type": "string" + }, + "vmImageID": { + "description": "VMImageID holds the VM instance's image ID.\n", + "type": "string" + } + }, + "type": "object" + }, + "common.CloudProvider": { + "description": "CloudProvider specifies the cloud provider name", + "enum": [ + [ + "aws", + "azure", + "gcp", + "alibaba", + "oci", + "others" + ] + ], + "type": "string" + }, + "common.ClusterType": { + "description": "ClusterType is the cluster type", + "enum": [ + [ + "AKS", + "ECS", + "EKS", + "GKE", + "Kubernetes" + ] + ], + "type": "string" + }, + "common.Color": { + "description": "Color is a hexadecimal representation of color code value", + "type": "string" + }, + "common.ContainerRuntime": { + "description": "ContainerRuntime represents the supported container runtime types", + "enum": [ + [ + "docker", + "containerd", + "crio" + ] + ], + "type": "string" + }, + "common.DaemonSetOptions": { + "description": "DaemonSetOptions are options for creating the daemonset install script for defenders", + "properties": { + "annotations": { + "additionalProperties": { + "$ref": "#/components/schemas/string" + }, + "description": "Annotations is mapping of key-value pairs of annotations metadata - optional.\n", + "type": "object" + }, + "bottlerocket": { + "description": "Bottlerocket indicates whether to be deployed on a Bottlerocket Linux OS.\n", + "type": "boolean" + }, + "cluster": { + "description": "Cluster is the kubernetes or ecs cluster name.\n", + "type": "string" + }, + "clusterNameResolvingMethod": { + "description": "ClusterNameResolvingMethod is the method used to resolve the cluster name, could be default, manual or api-server.\n", + "type": "string" + }, + "collectPodLabels": { + "description": "CollectPodLabels indicates whether to collect pod related labels resource labels.\n", + "type": "boolean" + }, + "consoleAddr": { + "description": "ConsoleAddr is the console address for defender communication.\n", + "type": "string" + }, + "containerRuntime": { + "$ref": "#/components/schemas/common.ContainerRuntime" + }, + "cpuLimit": { + "description": "CPULimit is the cpu limit for the defender deamonset - optional.\n", + "type": "integer" + }, + "credentialID": { + "description": "CredentialID is the name of the credential used.\n", + "type": "string" + }, + "dockerSocketPath": { + "description": "DockerSocketPath is the path of the docker socket file.\n", + "type": "string" + }, + "gkeAutopilot": { + "description": "GKEAutopilot indicates the deployment is requested for GKE Autopilot.\n", + "type": "boolean" + }, + "image": { + "description": "Image is the full daemonset image name.\n", + "type": "string" + }, + "istio": { + "description": "MonitorIstio indicates whether to monitor Istio.\n", + "type": "boolean" + }, + "memoryLimit": { + "description": "MemoryLimit is a memory limit for the defender deamonset - optional.\n", + "type": "integer" + }, + "namespace": { + "description": "Namespace is the target deamonset namespaces.\n", + "type": "string" + }, + "nodeSelector": { + "description": "NodeSelector is a key/value node selector.\n", + "type": "string" + }, + "orchestration": { + "description": "Orchestration is the orchestration type.\n", + "type": "string" + }, + "priorityClassName": { + "description": "PriorityClassName is the name of the priority class for the defender - optional.\n", + "type": "string" + }, + "privileged": { + "description": "Privileged indicates whether to run defenders as privileged.\n", + "type": "boolean" + }, + "projectID": { + "description": "ProjectID is the kubernetes cluster project ID.\n", + "type": "string" + }, + "proxy": { + "$ref": "#/components/schemas/common.DefenderProxyOpt" + }, + "region": { + "description": "Region is the kubernetes cluster location region.\n", + "type": "string" + }, + "roleARN": { + "description": "RoleARN is the role's ARN to associate with the created service account - optional.\n", + "type": "string" + }, + "secretsname": { + "description": "SecretsName is the name of the secret to pull.\n", + "type": "string" + }, + "selinux": { + "description": "SelinuxEnforced indicates whether selinux is enforced on the target host.\n", + "type": "boolean" + }, + "serviceaccounts": { + "description": "MonitorServiceAccounts indicates whether to monitor service accounts.\n", + "type": "boolean" + }, + "talos": { + "description": "Talos indicates if the daemonset is to be deployed on a Talos Linux k8s cluster.\n", + "type": "boolean" + }, + "tolerations": { + "description": "Tolerations is a list of tolerations for the defender deamonset - optional.\n", + "items": { + "$ref": "#/components/schemas/common.Toleration" + }, + "type": "array" + }, + "uniqueHostname": { + "description": "UniqueHostname indicates whether to assign unique hostnames.\n", + "type": "boolean" + } + }, + "type": "object" + }, + "common.DefenderProxyOpt": { + "description": "DefenderProxyOpt holds options for defender proxy configuration\nIt embeds ProxySettings but override it's Password field with a simple string\nThis is needed in order to avoid Secret's MarshalJSON method, which depends on existence of master key file", + "properties": { + "ca": { + "description": "Proxy's CA for Defender to trust. Required when using TLS intercept proxies.\n", + "type": "string" + }, + "httpProxy": { + "description": "Proxy address.\n", + "type": "string" + }, + "noProxy": { + "description": "List of addresses for which the proxy should not be used.\n", + "type": "string" + }, + "password": { + "description": ".\n", + "type": "string" + }, + "user": { + "description": "Username to authenticate with the proxy.\n", + "type": "string" + } + }, + "type": "object" + }, + "common.Effect": { + "description": "Effect is the effect that is used in the CNNF rule", + "enum": [ + [ + "allow", + "alert", + "prevent", + "monitor", + "" + ] + ], + "type": "string" + }, + "common.ExternalLabel": { + "description": "ExternalLabel holds an external label with a source and timestamp", + "properties": { + "key": { + "description": "Label key.\n", + "type": "string" + }, + "sourceName": { + "description": "Source name (e.g., for a namespace, the source name can be 'twistlock').\n", + "type": "string" + }, + "sourceType": { + "$ref": "#/components/schemas/common.ExternalLabelSourceType" + }, + "timestamp": { + "description": "Time when the label was fetched.\n", + "format": "date-time", + "type": "string" + }, + "value": { + "description": "Value of the label.\n", + "type": "string" + } + }, + "type": "object" + }, + "common.ExternalLabelSourceType": { + "description": "ExternalLabelSourceType indicates the source of the labels", + "enum": [ + [ + "namespace", + "deployment", + "aws", + "azure", + "gcp", + "oci" + ] + ], + "type": "string" + }, + "common.HostForensicSettings": { + "description": "HostForensicSettings indicates how to perform host forensic", + "properties": { + "activitiesDisabled": { + "description": "ActivitiesDisabled indicates if the host activity collection is enabled/disabled.\n", + "type": "boolean" + }, + "dockerEnabled": { + "description": "DockerEnabled indicates whether docker commands are collected.\n", + "type": "boolean" + }, + "readonlyDockerEnabled": { + "description": "ReadonlyDockerEnabled indicates whether docker readonly commands are collected.\n", + "type": "boolean" + }, + "serviceActivitiesEnabled": { + "description": "ServiceActivitiesEnabled indicates whether activities from services are collected.\n", + "type": "boolean" + }, + "sshdEnabled": { + "description": "SshdEnabled indicates whether ssh commands are collected.\n", + "type": "boolean" + }, + "sudoEnabled": { + "description": "SudoEnabled indicates whether sudo commands are collected.\n", + "type": "boolean" + } + }, + "type": "object" + }, + "common.ImageType": { + "description": "ImageType is the type of a VM image.\nFor example, in the case of Azure this is one of marketplace/managed/gallery.", + "type": "string" + }, + "common.NetworkDeviceIP": { + "description": "NetworkDeviceIP represents a network device name and address pair", + "properties": { + "ip": { + "description": "Network device IPv4 address.\n", + "type": "string" + }, + "name": { + "description": "Network device name.\n", + "type": "string" + } + }, + "type": "object" + }, + "common.OSDistroInfo": { + "description": "OSDistroInfo represents information regarding the OS distribution", + "properties": { + "distro": { + "description": "Distro is the OS distro name (e.g. ubuntu).\n", + "type": "string" + }, + "distroRelease": { + "description": "DistroRelease is the OS distro release (e.g. willy).\n", + "type": "string" + }, + "fullName": { + "description": "FullName is the full name of the distro (e.g. Ubuntu 19.10).\n", + "type": "string" + }, + "underlyingDistro": { + "description": "UnderlyingDistro is used in cases OS an OS is built on top of another, and we need to know both.\n", + "type": "string" + }, + "underlyingDistroRelease": { + "description": "UnderlyingDistroRelease is used in cases OS an OS is built on top of another, and we need to know both.\n", + "type": "string" + }, + "version": { + "description": "Version is the OS release numeric version (e.g. 19.10).\n", + "type": "string" + } + }, + "type": "object" + }, + "common.PolicyBlockMsg": { + "description": "PolicyBlockMsg represent the block message in a Policy", + "type": "string" + }, + "common.PolicyEffect": { + "description": "PolicyEffect state the effect of evaluating the given policy", + "enum": [ + [ + "allow", + "deny", + "block", + "alert" + ] + ], + "type": "string" + }, + "common.PolicyType": { + "description": "PolicyType represents the type of the policy", + "enum": [ + [ + "containerVulnerability", + "containerCompliance", + "ciImagesVulnerability", + "ciImagesCompliance", + "hostVulnerability", + "hostCompliance", + "vmVulnerability", + "vmCompliance", + "serverlessCompliance", + "ciServerlessCompliance", + "serverlessVulnerability", + "ciServerlessVulnerability", + "containerRuntime", + "appEmbeddedRuntime", + "containerAppFirewall", + "hostAppFirewall", + "outOfBandAppFirewall", + "agentlessAppFirewall", + "serverObserverAppFirewall", + "appEmbeddedAppFirewall", + "serverlessAppFirewall", + "networkFirewall", + "secrets", + "hostRuntime", + "serverlessRuntime", + "kubernetesAudit", + "trust", + "admission", + "codeRepoCompliance", + "ciCodeRepoCompliance", + "ciCodeRepoVulnerability", + "codeRepoVulnerability" + ] + ], + "type": "string" + }, + "common.PortData": { + "description": "PortData is a port of connections with his metadata", + "properties": { + "effect": { + "$ref": "#/components/schemas/common.Effect" + }, + "port": { + "description": "Port is the port number.\n", + "type": "integer" + }, + "protocol": { + "description": "Protocol is the protocol used in the port.\n", + "type": "string" + } + }, + "type": "object" + }, + "common.PortRange": { + "description": "PortRange represents a port range", + "properties": { + "deny": { + "description": "Deny indicates whether the connection is denied.\n", + "type": "boolean" + }, + "end": { + "description": ".\n", + "type": "integer" + }, + "start": { + "description": ".\n", + "type": "integer" + } + }, + "type": "object" + }, + "common.ProfileHash": { + "description": "ProfileHash represents the profile hash\nIt is allowed to contain up to uint32 numbers, and represented by int64 since mongodb does not support unsigned data types", + "format": "int64", + "type": "integer" + }, + "common.ProfilePort": { + "description": "ProfilePort represents a networking profile port", + "properties": { + "port": { + "description": "Port is the port number.\n", + "type": "integer" + }, + "time": { + "description": "Time is the learning timestamp of this port.\n", + "format": "date-time", + "type": "string" + } + }, + "type": "object" + }, + "common.ProfilePortData": { + "description": "ProfilePortData represents a runtime profile ports data", + "properties": { + "all": { + "description": "All indicates that this port data represents any arbitrary ports.\n", + "type": "boolean" + }, + "ports": { + "description": "Ports is the list of profile runtime ports.\n", + "items": { + "$ref": "#/components/schemas/common.ProfilePort" + }, + "type": "array" + } + }, + "type": "object" + }, + "common.ProxySettings": { + "description": "ProxySettings are the http proxy settings", + "properties": { + "ca": { + "description": "Proxy's CA for Defender to trust. Required when using TLS intercept proxies.\n", + "type": "string" + }, + "httpProxy": { + "description": "Proxy address.\n", + "type": "string" + }, + "noProxy": { + "description": "List of addresses for which the proxy should not be used.\n", + "type": "string" + }, + "password": { + "$ref": "#/components/schemas/common.Secret" + }, + "user": { + "description": "Username to authenticate with the proxy.\n", + "type": "string" + } + }, + "type": "object" + }, + "common.RuntimeResource": { + "description": "RuntimeResource represents on which resource in the system a rule applies (e.g., specific host or image)\nEmpty resource or wildcard (*) represents all resources of a given type", + "properties": { + "accountIDs": { + "description": "List of account IDs.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "appIDs": { + "description": "List of application IDs.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "clusters": { + "description": "List of Kubernetes cluster names.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "containers": { + "description": "List of containers.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "functions": { + "description": "List of functions.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "hosts": { + "description": "List of hosts.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "images": { + "description": "List of images.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "labels": { + "description": "List of labels.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "namespaces": { + "description": "List of Kubernetes namespaces.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + "type": "object" + }, + "common.Secret": { + "description": "Secret Stores the plain and encrypted version of a value. The plain version is not stored in a database", + "properties": { + "encrypted": { + "description": "Specifies an encrypted value of the secret.\n", + "type": "string" + }, + "plain": { + "description": "Specifies the plain text value of the secret.\n", + "type": "string" + } + }, + "type": "object" + }, + "common.Toleration": { + "description": "Toleration holds options for pod toleration\nref: https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/\ncode ref: k8s.io/api/core/v1/types.go", + "properties": { + "effect": { + "description": "Effect indicates the taint effect to match. Empty means match all taint effects.\nWhen specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute.\n+optional.\n", + "type": "string" + }, + "key": { + "description": "Key is the taint key that the toleration applies to. Empty means match all taint keys.\nIf the key is empty, operator must be Exists; this combination means to match all values and all keys.\n+optional.\n", + "type": "string" + }, + "operator": { + "description": "Operator represents a key's relationship to the value.\nValid operators are Exists and Equal. Defaults to Equal.\nExists is equivalent to wildcard for value, so that a pod can\ntolerate all taints of a particular category.\n+optional.\n", + "type": "string" + }, + "tolerationSeconds": { + "description": "TolerationSeconds represents the period of time the toleration (which must be\nof effect NoExecute, otherwise this field is ignored) tolerates the taint. By default,\nit is not set, which means tolerate the taint forever (do not evict). Zero and\nnegative values will be treated as 0 (evict immediately) by the system.\n+optional.\n", + "format": "int64", + "type": "integer" + }, + "value": { + "description": "Value is the taint value the toleration matches to.\nIf the operator is Exists, the value should be empty, otherwise just a regular string.\n+optional.\n", + "type": "string" + } + }, + "type": "object" + }, + "cred.AzureMIType": { + "enum": [ + [ + "user-assigned", + "system-assigned" + ] + ], + "type": "string" + }, + "cred.AzureSPInfo": { + "description": "AzureSPInfo contains the Azure credentials needed for certificate based authentications", + "properties": { + "clientId": { + "description": "ClientID is the client identifier.\n", + "type": "string" + }, + "miType": { + "$ref": "#/components/schemas/cred.AzureMIType" + }, + "subscriptionId": { + "description": "SubscriptionID is a GUID that uniquely identifies the subscription to use Azure services.\n", + "type": "string" + }, + "tenantId": { + "description": "TenantID is the ID of the AAD directory in which the application was created.\n", + "type": "string" + } + }, + "type": "object" + }, + "cred.Credential": { + "description": "Credential specifies the authentication data of an external provider", + "properties": { + "_id": { + "description": "Specifies the unique ID for credential.\n", + "type": "string" + }, + "accountGUID": { + "description": "Specifies the unique ID for an IBM Cloud account.\n", + "type": "string" + }, + "accountID": { + "description": "Specifies the account identifier. Example: a username, access key, account GUID, and so on.\n", + "type": "string" + }, + "accountName": { + "description": "Specifies the name of the cloud account.\n", + "type": "string" + }, + "apiToken": { + "$ref": "#/components/schemas/common.Secret" + }, + "azureSPInfo": { + "$ref": "#/components/schemas/cred.AzureSPInfo" + }, + "caCert": { + "description": "Specifies the CA certificate for a certificate-based authentication.\n", + "type": "string" + }, + "cloudProviderAccountID": { + "description": "Specifies the cloud provider account ID.\n", + "type": "string" + }, + "created": { + "description": "Specifies the time when the credential was created (or, when the account ID was changed for AWS).\n", + "format": "date-time", + "type": "string" + }, + "description": { + "description": "Specifies the description for a credential.\n", + "type": "string" + }, + "external": { + "description": "Indicates whether the credential was onboarded from the Prisma platform.\n", + "type": "boolean" + }, + "global": { + "description": "Indicates whether the credential scope is global.\nAvailable values are:\ntrue: Global\nfalse: Not Global\nNote: For GCP, the credential scope is the organization.\n", + "type": "boolean" + }, + "lastModified": { + "description": "Specifies the time when the credential was last modified.\n", + "format": "date-time", + "type": "string" + }, + "ociCred": { + "$ref": "#/components/schemas/cred.OCICred" + }, + "owner": { + "description": "Specifies the user who created or modified the credential.\n", + "type": "string" + }, + "prismaLastModified": { + "description": "Specifies the time when the account was last modified by Prisma Cloud Compute.\n", + "format": "int64", + "type": "integer" + }, + "roleArn": { + "description": "Specifies the Amazon Resource Name (ARN) of the role to be assumed.\n", + "type": "string" + }, + "secret": { + "$ref": "#/components/schemas/common.Secret" + }, + "skipVerify": { + "description": "Indicates whether to skip the certificate verification in TLS communication.\n", + "type": "boolean" + }, + "stsEndpoints": { + "description": "Specifies a list of specific endpoints for use in STS sessions in various regions.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "tokens": { + "$ref": "#/components/schemas/cred.TemporaryToken" + }, + "type": { + "$ref": "#/components/schemas/cred.Type" + }, + "url": { + "description": "Specifies the base server URL.\n", + "type": "string" + }, + "useAWSRole": { + "description": "Indicates whether to authenticate using the IAM Role attached to the instance.\nAvailable values are:\ntrue: Authenticate with the attached credentials\nfalse: Don\u2019t authenticate with the attached credentials.\n", + "type": "boolean" + }, + "useSTSRegionalEndpoint": { + "description": "Indicates whether to use the regional STS endpoint for an STS session.\nAvailable values are:\ntrue: Use the regional STS\nfalse: Don\u2019t use the regional STS.\n", + "type": "boolean" + } + }, + "type": "object" + }, + "cred.OCICred": { + "description": "OCICred are additional parameters required for OCI credentials", + "properties": { + "fingerprint": { + "description": "Fingerprint is the public key signature.\n", + "type": "string" + }, + "tenancyId": { + "description": "TenancyID is the OCID of the tenancy.\n", + "type": "string" + } + }, + "type": "object" + }, + "cred.TemporaryToken": { + "description": "TemporaryToken is a temporary session token for cloud provider APIs\nAWS - https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp.html\nGCP - https://cloud.google.com/iam/docs/creating-short-lived-service-account-credentials\nAzure - https://docs.microsoft.com/en-us/azure/active-directory/manage-apps/what-is-single-sign-on", + "properties": { + "awsAccessKeyId": { + "description": "Specifies a temporary access key.\n", + "type": "string" + }, + "awsSecretAccessKey": { + "$ref": "#/components/schemas/common.Secret" + }, + "duration": { + "description": "Specifies a duration for the token.\n", + "format": "int64", + "type": "integer" + }, + "expirationTime": { + "description": "Specifies an expiration time for the token.\n", + "format": "date-time", + "type": "string" + }, + "token": { + "$ref": "#/components/schemas/common.Secret" + } + }, + "type": "object" + }, + "cred.Type": { + "description": "Type specifies the credential type", + "enum": [ + [ + "aws", + "azure", + "gcp", + "ibmCloud", + "oci", + "apiToken", + "basic", + "dtr", + "kubeconfig", + "certificate", + "gitlabToken" + ] + ], + "type": "string" + }, + "cred.UsageType": { + "description": "UsageType represents the credential usage type", + "enum": [ + [ + "Alert settings", + "Alert profile", + "Registry Scan", + "Serverless Scan", + "Cloud Scan", + "Secret Store", + "Serverless Auto-Deploy", + "Host Auto-deploy", + "VM Scan", + "Agentless Scan Hub", + "Custom Intelligence Endpoint", + "VMware Tanzu blobstore Scan", + "Kubernetes Audit settings", + "Agentless app firewall" + ] + ], + "type": "string" + }, + "customrules.Action": { + "description": "Action is the action to perform if the custom rule applies", + "enum": [ + [ + "audit", + "incident" + ] + ], + "type": "string" + }, + "customrules.Effect": { + "description": "Effect is the effect that will be used for custom rule", + "enum": [ + [ + "block", + "prevent", + "alert", + "allow", + "ban", + "disable" + ] + ], + "type": "string" + }, + "customrules.Ref": { + "description": "Ref represents a custom rule that is referenced by a policy rule", + "properties": { + "_id": { + "description": "Custom rule ID.\n", + "type": "integer" + }, + "action": { + "$ref": "#/components/schemas/customrules.Action" + }, + "effect": { + "$ref": "#/components/schemas/customrules.Effect" + } + }, + "type": "object" + }, + "customrules.Rule": { + "description": "Rule represents a custom rule", + "properties": { + "_id": { + "description": "Rule ID. Must be unique.\n", + "type": "integer" + }, + "attackTechniques": { + "description": "List of attack techniques.\n", + "items": { + "$ref": "#/components/schemas/mitre.Technique" + }, + "type": "array" + }, + "description": { + "description": "Description of the rule.\n", + "type": "string" + }, + "message": { + "description": "Macro that is printed as part of the audit/incident message.\n", + "type": "string" + }, + "minVersion": { + "description": "Minimum version required to support the rule.\n", + "type": "string" + }, + "modified": { + "description": "Datetime when the rule was created or last modified.\n", + "format": "int64", + "type": "integer" + }, + "name": { + "description": "Name of the rule.\n", + "type": "string" + }, + "owner": { + "description": "User who created or modified the rule.\n", + "type": "string" + }, + "script": { + "description": "Custom script.\n", + "type": "string" + }, + "type": { + "$ref": "#/components/schemas/customrules.Type" + }, + "vulnIDs": { + "$ref": "#/components/schemas/customrules.VulnIDs" + } + }, + "type": "object" + }, + "customrules.Type": { + "description": "Type is the type of the custom rule", + "enum": [ + [ + "processes", + "filesystem", + "network-outgoing", + "kubernetes-audit", + "waas-request", + "waas-response" + ] + ], + "type": "string" + }, + "customrules.VulnIDs": { + "description": "VulnIDs is the list of vulnerability IDs", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "defender.Category": { + "description": "Category represents the defender target category", + "enum": [ + [ + "container", + "host", + "serverless", + "appEmbedded", + "hostAgentless", + "containerAgentless", + "cloudSecurityAgent" + ] + ], + "type": "string" + }, + "defender.Defender": { + "description": "Defender is an update about an agent starting", + "properties": { + "category": { + "$ref": "#/components/schemas/defender.Category" + }, + "certificateExpiration": { + "description": "Client certificate expiration time.\n", + "format": "date-time", + "type": "string" + }, + "cloudMetadata": { + "$ref": "#/components/schemas/common.CloudMetadata" + }, + "cluster": { + "description": "Cluster name (fallback is internal IP).\n", + "type": "string" + }, + "clusterID": { + "description": "Unique ID generated for each DaemonSet. Used to group Defenders by clusters. Note: Kubernetes does not provide a cluster name as part of its API.\n", + "type": "string" + }, + "clusterType": { + "$ref": "#/components/schemas/common.ClusterType" + }, + "collections": { + "description": "Collections to which this Defender belongs.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "compatibleVersion": { + "description": "Indicates if Defender has a compatible version for communication (e.g., request logs) (true) or not (false).\n", + "type": "boolean" + }, + "connected": { + "description": "Indicates whether Defender is connected (true) or not (false).\n", + "type": "boolean" + }, + "features": { + "$ref": "#/components/schemas/defender.Features" + }, + "firewallProtection": { + "$ref": "#/components/schemas/waas.ProtectionStatus" + }, + "fqdn": { + "description": "Full domain name of the host. Used in audit alerts to identify specific hosts.\n", + "type": "string" + }, + "hostname": { + "description": "Name of host where Defender is deployed.\n", + "type": "string" + }, + "isARM64": { + "description": "IsARM64 indicates whether the defender runs on aarch64 architecture.\n", + "type": "boolean" + }, + "lastModified": { + "description": "Datetime when the Defender's connectivity status last changed.\n", + "format": "date-time", + "type": "string" + }, + "port": { + "description": "Port that Defender uses to connect to Console.\n", + "type": "integer" + }, + "proxy": { + "$ref": "#/components/schemas/common.ProxySettings" + }, + "remoteLoggingSupported": { + "description": "Indicates if Defender logs can be retrieved remotely (true) or not (false).\n", + "type": "boolean" + }, + "remoteMgmtSupported": { + "description": "Indicates if Defender can be remotely managed (upgraded, restarted) (true) or not (false).\n", + "type": "boolean" + }, + "status": { + "$ref": "#/components/schemas/defender.Status" + }, + "systemInfo": { + "$ref": "#/components/schemas/defender.SystemInfo" + }, + "tasBlobstoreScanner": { + "description": "Indicates TAS blobstore scanning only Defender.\n", + "type": "boolean" + }, + "tasClusterID": { + "description": "TAS cluster ID where Defender runs. This is typically set to the Cloud controller's API address.\n", + "type": "string" + }, + "tasFoundation": { + "description": "TASFoundation is the foundation the Defender is running on.\n", + "type": "string" + }, + "type": { + "$ref": "#/components/schemas/defender.Type" + }, + "usingOldCA": { + "description": "UsingOldCA indicates whether the defender client is using an old certificate signed by an old CA for TLS handshake.\n", + "type": "boolean" + }, + "version": { + "description": "Defender version.\n", + "type": "string" + }, + "vpcObserver": { + "description": "VPCObserver indicates whether the defender runs in a VPC observer.\n", + "type": "boolean" + } + }, + "type": "object" + }, + "defender.FeatureStatus": { + "description": "FeatureStatus holds data about defender features", + "properties": { + "enabled": { + "description": "Indicates if the feature is enabled (true) or not (false).\n", + "type": "boolean" + }, + "err": { + "description": "Error string, if an error occurred.\n", + "type": "string" + }, + "hostname": { + "description": "Name of host where Defender runs.\n", + "type": "string" + } + }, + "type": "object" + }, + "defender.Features": { + "description": "Features is the defender features that can be updated", + "properties": { + "clusterMonitoring": { + "description": "Indicates whether any of the cluster monitoring features are enabled (monitor service accounts, monitor Istio, collect Kubernetes pod labels).\n", + "type": "boolean" + }, + "proxyListenerType": { + "$ref": "#/components/schemas/defender.ProxyListenerType" + } + }, + "type": "object" + }, + "defender.ProxyListenerType": { + "description": "ProxyListenerType is the proxy listener type of defenders", + "type": "string" + }, + "defender.ScanStatus": { + "description": "ScanStatus represents the status of current scan", + "properties": { + "completed": { + "description": "Indicates if scanning has successfully completed (true) or not (false).\n", + "type": "boolean" + }, + "errors": { + "description": "List of errors that occurred during the last scan.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "hostname": { + "description": "Name of the host where Defender runs.\n", + "type": "string" + }, + "scanTime": { + "description": "Datetime of the last completed scan.\n", + "format": "date-time", + "type": "string" + }, + "scanning": { + "description": "Indicates whether scanning is in progress (true) or not (false).\n", + "type": "boolean" + }, + "selective": { + "description": "Indicates if the scan is for a specific resource (true) or not (false).\n", + "type": "boolean" + } + }, + "type": "object" + }, + "defender.Settings": { + "description": "Settings is the Defender settings", + "properties": { + "admissionControlEnabled": { + "description": "Indicates if the admission controller is enabled (true) or not (false).\n", + "type": "boolean" + }, + "admissionControlWebhookSuffix": { + "description": "Relative path to the admission control webhook HTTP endpoint.\n", + "type": "string" + }, + "appEmbeddedFileSystemTracingEnabled": { + "description": "AppEmbeddedFileSystemTracingEnabled is the default deployment state for app embedded Defenders file system tracing.\n", + "type": "boolean" + }, + "automaticUpgrade": { + "description": "Deprecated: indicates if defenders should be automatically upgraded to the latest version.\n", + "type": "boolean" + }, + "disconnectPeriodDays": { + "description": "Number of consecutive days a Defender must remain disconnected for it to be considered decommissioned.\n", + "type": "integer" + }, + "hostCustomComplianceEnabled": { + "description": "Indicates if Defenders support host custom compliance checks (true) or not (false).\n", + "type": "boolean" + }, + "listeningPort": { + "description": "Port on which Defenders listen.\n", + "type": "integer" + } + }, + "type": "object" + }, + "defender.Status": { + "description": "Status is the generic status state per defender or global", + "properties": { + "appFirewall": { + "$ref": "#/components/schemas/defender.FeatureStatus" + }, + "container": { + "$ref": "#/components/schemas/defender.ScanStatus" + }, + "containerNetworkFirewall": { + "$ref": "#/components/schemas/defender.FeatureStatus" + }, + "features": { + "$ref": "#/components/schemas/defender.FeatureStatus" + }, + "filesystem": { + "$ref": "#/components/schemas/defender.FeatureStatus" + }, + "hostCustomCompliance": { + "$ref": "#/components/schemas/defender.FeatureStatus" + }, + "hostNetworkFirewall": { + "$ref": "#/components/schemas/defender.FeatureStatus" + }, + "image": { + "$ref": "#/components/schemas/defender.ScanStatus" + }, + "lastModified": { + "description": "Datetime the status was last modified.\n", + "format": "date-time", + "type": "string" + }, + "network": { + "$ref": "#/components/schemas/defender.FeatureStatus" + }, + "outOfBandAppFirewall": { + "$ref": "#/components/schemas/defender.FeatureStatus" + }, + "process": { + "$ref": "#/components/schemas/defender.FeatureStatus" + }, + "runc": { + "$ref": "#/components/schemas/defender.FeatureStatus" + }, + "runtime": { + "$ref": "#/components/schemas/defender.FeatureStatus" + }, + "tasDroplets": { + "$ref": "#/components/schemas/defender.ScanStatus" + }, + "upgrade": { + "$ref": "#/components/schemas/defender.UpgradeStatus" + } + }, + "type": "object" + }, + "defender.SystemInfo": { + "description": "SystemInfo is the OS information of the host", + "properties": { + "cpuCount": { + "description": "CPU count on the host where Defender runs.\n", + "type": "integer" + }, + "freeDiskSpaceGB": { + "description": "Free disk space (in GB) on the host where Defender runs.\n", + "type": "integer" + }, + "kernelVersion": { + "description": "Kernel version on the host where Defender runs.\n", + "type": "string" + }, + "memoryGB": { + "description": "Total memory (in GB) on the host where Defender runs.\n", + "format": "double", + "type": "number" + }, + "totalDiskSpaceGB": { + "description": "Total disk space (in GB) on the host where Defender runs.\n", + "type": "integer" + } + }, + "type": "object" + }, + "defender.Type": { + "description": "Type is the type to be given at startup", + "enum": [ + [ + "none", + "docker", + "dockerWindows", + "containerdWindows", + "swarm", + "daemonset", + "serverLinux", + "serverWindows", + "cri", + "fargate", + "appEmbedded", + "tas", + "tasWindows", + "serverless", + "ecs", + "podman" + ] + ], + "type": "string" + }, + "defender.UpgradeStatus": { + "description": "UpgradeStatus represents the status of current twistlock defender upgrade", + "properties": { + "err": { + "description": "Error string, if an error occurred.\n", + "type": "string" + }, + "hostname": { + "description": "Name of the host where Defender runs.\n", + "type": "string" + }, + "lastModified": { + "description": "Datetime of the last upgrade.\n", + "format": "date-time", + "type": "string" + }, + "progress": { + "description": "Upgrade progress.\n", + "type": "integer" + } + }, + "type": "object" + }, + "deployment.CommandError": { + "description": "CommandError is the command error on specific instance", + "properties": { + "error": { + "description": "Error is the error in case the command failed.\n", + "type": "string" + }, + "hostname": { + "description": "Hostname is the instance hostname.\n", + "type": "string" + }, + "instanceID": { + "description": "InstanceID is the instance id.\n", + "type": "string" + }, + "instanceName": { + "description": "InstanceName is the instance name.\n", + "type": "string" + }, + "projectID": { + "description": "ProjectID is instance GCP project id.\n", + "type": "string" + }, + "region": { + "description": "Region is the instance region for AWS or zone for GCP.\n", + "type": "string" + }, + "state": { + "description": "State is the error state in which the deployment failed (e.g. timed out/failed due to some other reason).\n", + "type": "string" + }, + "vmImage": { + "description": "VMImage is the instance image.\n", + "type": "string" + } + }, + "type": "object" + }, + "deployment.DaemonSet": { + "description": "DaemonSet holds information about deployed defender DaemonSet\nTODO #12377 - Implement Resource interface for collections filtering, after retrieving correct value to Cluster field", + "properties": { + "address": { + "description": "Address is the kubernetes cluster address.\n", + "type": "string" + }, + "cluster": { + "description": "Cluster is the kubernetes cluster name.\n", + "type": "string" + }, + "credentialID": { + "description": "CredentialID is the name of the credential used.\n", + "type": "string" + }, + "defendersVersion": { + "description": "DefendersVersion is the version of the defenders deployed.\n", + "type": "string" + }, + "desiredDefenders": { + "description": "DesiredDefenders is the number of desired defenders.\n", + "type": "integer" + }, + "error": { + "description": "Error indicates any related errors found.\n", + "type": "string" + }, + "hasDefender": { + "description": "HasDefender indicates if the cluster has at least one running defender.\n", + "type": "boolean" + }, + "projectID": { + "description": "ProjectID is the kubernetes cluster project ID.\n", + "type": "string" + }, + "region": { + "description": "Region is the kubernetes cluster location region.\n", + "type": "string" + }, + "runningDefenders": { + "description": "RunningDefenders is the number of defenders running.\n", + "type": "integer" + }, + "upgradable": { + "description": "Upgradable indicates if the cluster is upgradable.\n", + "type": "boolean" + } + }, + "type": "object" + }, + "float32": { + "format": "float", + "type": "number" + }, + "float64": { + "format": "double", + "type": "number" + }, + "forensic.ContainerEvent": { + "description": "ContainerEvent holds forensic event information (in flat structure)", + "properties": { + "allPorts": { + "description": "AllPorts indicates all listening ports are allowed.\n", + "type": "boolean" + }, + "attack": { + "$ref": "#/components/schemas/shared.RuntimeAttackType" + }, + "category": { + "$ref": "#/components/schemas/shared.IncidentCategory" + }, + "command": { + "description": "Command is the event command.\n", + "type": "string" + }, + "containerId": { + "description": "ContainerID is the event container id.\n", + "type": "string" + }, + "domainName": { + "description": "DomainName is the event queried domain name.\n", + "type": "string" + }, + "domainType": { + "description": "DomainType is the event queried domain type.\n", + "type": "string" + }, + "dstIP": { + "description": "DstIP is the destination IP of the connection.\n", + "type": "string" + }, + "dstPort": { + "description": "DstPort is the destination port.\n", + "type": "integer" + }, + "dstProfileID": { + "description": "DstProfileID is the profile ID of the connection destination.\n", + "type": "string" + }, + "effect": { + "description": "Effect is the runtime audit effect.\n", + "type": "string" + }, + "listeningStartTime": { + "description": "listeningStartTime is the port listening start time.\n", + "format": "date-time", + "type": "string" + }, + "message": { + "description": "Message is the runtime audit message.\n", + "type": "string" + }, + "networkCollectionType": { + "$ref": "#/components/schemas/forensic.NetworkCollection" + }, + "outbound": { + "description": "Outbound indicates if the port is outbound.\n", + "type": "boolean" + }, + "path": { + "description": "Path is the event path.\n", + "type": "string" + }, + "pid": { + "description": "Pid is the event process id.\n", + "type": "integer" + }, + "port": { + "description": "Port is the listening port.\n", + "type": "integer" + }, + "ppid": { + "description": "PPid is the event parent process id.\n", + "type": "integer" + }, + "process": { + "description": "Process is the event process.\n", + "type": "string" + }, + "srcIP": { + "description": "SrcIP is the source IP of the connection.\n", + "type": "string" + }, + "srcProfileID": { + "description": "SrcProfileID is the profile ID of the connection source.\n", + "type": "string" + }, + "static": { + "description": "Static indicates the event was added to the profile without behavioral indication.\n", + "type": "boolean" + }, + "timestamp": { + "description": "Timestamp is the event timestamp.\n", + "format": "date-time", + "type": "string" + }, + "type": { + "$ref": "#/components/schemas/forensic.ContainerEventType" + }, + "user": { + "description": "User is the event user.\n", + "type": "string" + } + }, + "type": "object" + }, + "forensic.ContainerEventType": { + "description": "ContainerEventType represents the kind of event", + "enum": [ + [ + "Process spawned", + "Binary created", + "Container started", + "Listening port", + "Connection established", + "Runtime audit", + "Runtime profile process", + "Runtime profile filesystem", + "Runtime profile networking", + "Incident", + "DNS query" + ] + ], + "type": "string" + }, + "forensic.HostEvent": { + "description": "HostEvent holds host forensic event information", + "properties": { + "app": { + "description": "App is the application associated with the event.\n", + "type": "string" + }, + "attack": { + "$ref": "#/components/schemas/shared.RuntimeAttackType" + }, + "category": { + "$ref": "#/components/schemas/shared.IncidentCategory" + }, + "command": { + "description": "Command is the event command.\n", + "type": "string" + }, + "country": { + "description": "Country is the country associated with the event.\n", + "type": "string" + }, + "domainName": { + "description": "DomainName is the event queried domain name.\n", + "type": "string" + }, + "domainType": { + "description": "DomainType is the event queried domain type.\n", + "type": "string" + }, + "effect": { + "description": "Effect is the runtime audit effect.\n", + "type": "string" + }, + "interactive": { + "description": "Interactive indicates if the event is interactive.\n", + "type": "boolean" + }, + "ip": { + "description": "IP is the IP address associated with the event.\n", + "type": "string" + }, + "listeningStartTime": { + "description": "ListeningStartTime is the listening port start time.\n", + "format": "date-time", + "type": "string" + }, + "message": { + "description": "Message is the runtime audit message.\n", + "type": "string" + }, + "path": { + "description": "Path is the event path.\n", + "type": "string" + }, + "pid": { + "description": "Pid is the event process id.\n", + "type": "integer" + }, + "port": { + "description": "Port is the listening port.\n", + "type": "integer" + }, + "ppath": { + "description": "Path is the event parent path.\n", + "type": "string" + }, + "ppid": { + "description": "PPid is the event parent process id.\n", + "type": "integer" + }, + "process": { + "description": "Process is the event process.\n", + "type": "string" + }, + "timestamp": { + "description": "Timestamp is the event timestamp.\n", + "format": "date-time", + "type": "string" + }, + "type": { + "$ref": "#/components/schemas/forensic.HostEventType" + }, + "user": { + "description": "User is the event user.\n", + "type": "string" + } + }, + "type": "object" + }, + "forensic.HostEventType": { + "description": "HostEventType represents the kind of host event", + "enum": [ + [ + "Process spawned", + "Listening port", + "Binary created", + "Runtime audit", + "SSH event", + "Incident", + "DNS query" + ] + ], + "type": "string" + }, + "forensic.NetworkCollection": { + "description": "NetworkCollection describe the different types of collection of network events", + "type": "string" + }, + "identity.LdapSettings": { + "description": "LdapSettings are the ldap connectivity settings", + "properties": { + "accountPassword": { + "$ref": "#/components/schemas/common.Secret" + }, + "accountUpn": { + "description": "AccountUpn is the user principle name used to connect to the active directory server.\n", + "type": "string" + }, + "caCert": { + "description": "CaCert is cert in PEM format (optional, if not specified, skip_verify flag will be used).\n", + "type": "string" + }, + "enabled": { + "description": "Enabled indicates whether LDAP is enabled.\n", + "type": "boolean" + }, + "groupSearchBase": { + "description": "GroupSearchBase is the LDAP search pattern for groups.\n", + "type": "string" + }, + "searchBase": { + "description": "SearchBase is the LDAP search pattern.\n", + "type": "string" + }, + "type": { + "description": "Type specifies the LDAP server type (AD or OpenLDAP).\n", + "type": "string" + }, + "url": { + "description": "URL is the ldap server url.\n", + "type": "string" + }, + "userSearchBase": { + "description": "UserSearchBase is the LDAP search pattern for users.\n", + "type": "string" + }, + "userSearchIdentifier": { + "description": "UserSearchIdentifier is the user identifier to use for querying open ldap (e.g., cn -> cn=user).\n", + "type": "string" + } + }, + "type": "object" + }, + "identity.ProviderName": { + "description": "ProviderName is the identity provider name", + "enum": [ + [ + "github", + "openshift" + ] + ], + "type": "string" + }, + "identity.ProviderSettings": { + "description": "ProviderSettings are the Oauth/ OpenID Connect connectivity settings", + "properties": { + "authURL": { + "description": "AuthURL specifies auth URL.\n", + "type": "string" + }, + "cert": { + "description": "Cert is idp certificate.\n", + "type": "string" + }, + "clientID": { + "description": "ClientID is the client identifier issued to the client during the registration process.\n", + "type": "string" + }, + "clientSecret": { + "$ref": "#/components/schemas/common.Secret" + }, + "enabled": { + "description": "Enabled indicates whether Auth settings are enabled.\n", + "type": "boolean" + }, + "groupClaim": { + "description": "GroupClaim is the name of the group claim property.\n", + "type": "string" + }, + "groupScope": { + "description": "GroupScope specifies name of group scope.\n", + "type": "string" + }, + "openIDIssuesURL": { + "description": "OpenIDIssuesURL is the base URL for OpenID connect providers.\n", + "type": "string" + }, + "openshiftBaseURL": { + "description": "OpenshiftBaseURL is openshift base URL.\n", + "type": "string" + }, + "providerAlias": { + "description": "ProviderAlias is the provider alias used for display.\n", + "type": "string" + }, + "providerName": { + "$ref": "#/components/schemas/identity.ProviderName" + }, + "tokenURL": { + "description": "TokenURL specifies token URL.\n", + "type": "string" + }, + "userClaim": { + "description": "UserClaim is the name of the user claim property.\n", + "type": "string" + } + }, + "type": "object" + }, + "identity.RedirectURLResponse": { + "description": "RedirectURLResponse is the response for identity redirect endpoint", + "properties": { + "enabled": { + "description": "Enabled identify if auth provider is enabled.\n", + "type": "boolean" + }, + "url": { + "description": "URL is the redirect URL.\n", + "type": "string" + } + }, + "type": "object" + }, + "identity.SamlSettings": { + "description": "SamlSettings are the saml connectivity settings", + "properties": { + "appId": { + "description": "AppID is the Azure application ID.\n", + "type": "string" + }, + "appSecret": { + "$ref": "#/components/schemas/common.Secret" + }, + "audience": { + "description": "Audience specifies the SAML audience used in the verification of the SAML response.\n", + "type": "string" + }, + "cert": { + "description": "Cert is idp certificate in PEM format.\n", + "type": "string" + }, + "consoleURL": { + "description": "ConsoleURL is the external Console URL that is used by the IDP for routing the browser after login.\n", + "type": "string" + }, + "enabled": { + "description": "Enabled indicates whether saml settings are enabled.\n", + "type": "boolean" + }, + "groupAttribute": { + "description": "GroupAttribute is the name of the group attribute.\n", + "type": "string" + }, + "issuer": { + "description": "Issuer is idp issuer id.\n", + "type": "string" + }, + "providerAlias": { + "description": "ProviderAlias is the provider alias used for display.\n", + "type": "string" + }, + "skipAuthnContext": { + "description": "SkipAuthnContext indicates whether request authentication contexts should be skipped.\n", + "type": "boolean" + }, + "tenantId": { + "description": "TenantID is the Azure Tenant ID.\n", + "type": "string" + }, + "type": { + "$ref": "#/components/schemas/identity.SamlType" + }, + "url": { + "description": "URL is idp sso url.\n", + "type": "string" + } + }, + "type": "object" + }, + "identity.SamlType": { + "description": "SamlType represents the type of a SAML configured settings", + "enum": [ + [ + "okta", + "gsuite", + "ping", + "shibboleth", + "azure", + "adfs" + ] + ], + "type": "string" + }, + "identity.Settings": { + "description": "Settings hold the identity settings for supported providers", + "properties": { + "ldap": { + "$ref": "#/components/schemas/identity.LdapSettings" + }, + "oauth": { + "$ref": "#/components/schemas/identity.ProviderSettings" + }, + "openid": { + "$ref": "#/components/schemas/identity.ProviderSettings" + }, + "saml": { + "$ref": "#/components/schemas/identity.SamlSettings" + } + }, + "type": "object" + }, + "int": { + "type": "integer" + }, + "int16": { + "type": "integer" + }, + "int64": { + "format": "int64", + "type": "integer" + }, + "intelligence.IntelligenceSettings": { + "description": "IntelligenceSettings are the intelligence service settings", + "properties": { + "address": { + "description": "Address is the intelligence service address.\n", + "type": "string" + }, + "customEndpoint": { + "description": "CustomEndpoint is the user defined custom endpoint.\n", + "type": "string" + }, + "customEndpointCACert": { + "description": "CustomEndpointCACert is the custom CA cert bundle for trusting the custom endpoint.\n", + "type": "string" + }, + "customEndpointCredentialID": { + "description": "CustomEndpointCredentialID is the custom endpoint credential ID.\n", + "type": "string" + }, + "customEndpointEnabled": { + "description": "CustomEndpointEnabled indicates that the user custom endpoint is enabled.\n", + "type": "boolean" + }, + "enabled": { + "description": "Enabled indicates whether intelligence service is enabled.\n", + "type": "boolean" + }, + "token": { + "description": "Token is the token used to access intelligence service.\n", + "type": "string" + }, + "uploadDisabled": { + "description": "UploadDisabled indicates whether logs uploading is disabled.\n", + "type": "boolean" + }, + "windowsFeedEnabled": { + "description": "WindowsFeedEnabled indicates whether windows feed is enabled.\n", + "type": "boolean" + } + }, + "type": "object" + }, + "istio.AuthorizationPolicy": { + "description": "AuthorizationPolicy is a compact version of Istio AuthorizationPolicy resource\nSee https://istio.io/docs/reference/config/security/authorization-policy/#AuthorizationPolicy", + "properties": { + "effect": { + "$ref": "#/components/schemas/common.Effect" + }, + "name": { + "description": "Name is the authorization policy name.\n", + "type": "string" + }, + "namespace": { + "description": "Namespace is the namespace of the authorization policy.\n", + "type": "string" + }, + "rules": { + "description": "Rules are the access rules this authorization policy defines.\n", + "items": { + "$ref": "#/components/schemas/istio.AuthorizationPolicyRule" + }, + "type": "array" + }, + "targetServices": { + "description": "TargetServices is the list of services the authorization policy applies on.\n", + "items": { + "$ref": "#/components/schemas/istio.AuthorizationPolicyService" + }, + "type": "array" + } + }, + "type": "object" + }, + "istio.AuthorizationPolicyDestination": { + "description": "AuthorizationPolicyDestination is a compact version of Istio Operation resource\nSee https://istio.io/docs/reference/config/security/authorization-policy/#Operation", + "properties": { + "methods": { + "description": "Methods are the destination endpoint HTTP methods, such as: \"GET\", \"POST\".\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "paths": { + "description": "Paths are the destination HTTP paths.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "ports": { + "description": "Ports are the destination endpoint ports.\n", + "items": { + "$ref": "#/components/schemas/int" + }, + "type": "array" + } + }, + "type": "object" + }, + "istio.AuthorizationPolicyRule": { + "description": "AuthorizationPolicyRule is a compact version of Istio Rule resource\nSee https://istio.io/docs/reference/config/security/authorization-policy/#Rule", + "properties": { + "destinations": { + "description": "Destinations are the endpoint definitions the rule grants access to.\n", + "items": { + "$ref": "#/components/schemas/istio.AuthorizationPolicyDestination" + }, + "type": "array" + }, + "sources": { + "description": "Sources are the metadatas of the services the rule grants access to.\n", + "items": { + "$ref": "#/components/schemas/istio.AuthorizationPolicySource" + }, + "type": "array" + } + }, + "type": "object" + }, + "istio.AuthorizationPolicyService": { + "description": "AuthorizationPolicyService represents a service an authorization policy applies on\nSee https://istio.io/docs/reference/config/security/authorization-policy/#Source", + "properties": { + "name": { + "description": "Name is the service name.\n", + "type": "string" + }, + "namespace": { + "description": "Namespace is the service namespace.\n", + "type": "string" + } + }, + "type": "object" + }, + "istio.AuthorizationPolicySource": { + "description": "AuthorizationPolicySource is a compact version of Istio Source resource\nSee https://istio.io/docs/reference/config/security/authorization-policy/#Source", + "properties": { + "namespaces": { + "description": "Namespaces are the source services namespaces.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "principals": { + "description": "Principals are the source services principals.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + "type": "object" + }, + "kubeaudit.Audit": { + "description": "Audit represents a Kubernetes audit - this is the data that is stored for matched audits", + "properties": { + "accountID": { + "description": "AccountID is the account ID the Kubernetes audit belongs to.\n", + "type": "string" + }, + "attackTechniques": { + "description": "AttackTechniques are the MITRE attack techniques.\n", + "items": { + "$ref": "#/components/schemas/mitre.Technique" + }, + "type": "array" + }, + "authorizationInfo": { + "additionalProperties": { + "$ref": "#/components/schemas/string" + }, + "description": "AuthorizationInfo holds the original event authorization info.\n", + "type": "object" + }, + "cluster": { + "description": "Cluster is the cluster the Kubernetes audit belongs to.\n", + "type": "string" + }, + "collections": { + "description": "Collections that apply to the Kubernetes audit.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "eventBlob": { + "description": "EventBlob is the original event that caused this audit.\n", + "type": "string" + }, + "message": { + "description": "Message is the user defined message which appears on audit.\n", + "type": "string" + }, + "provider": { + "$ref": "#/components/schemas/common.CloudProvider" + }, + "requestURI": { + "description": "RequestURI is the request URI as sent by the client to a server.\n", + "type": "string" + }, + "resources": { + "description": "Resource represents the resource that is impacted by this event.\n", + "type": "string" + }, + "sourceIPs": { + "description": "Source IPs, from where the request originated and intermediate proxies (optional).\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "time": { + "description": "Time is the time at which the request was generated.\n", + "format": "date-time", + "type": "string" + }, + "user": { + "$ref": "#/components/schemas/kubeaudit.EventUserInfo" + }, + "verb": { + "description": "Verb is the kubernetes verb associated with the request.\n", + "type": "string" + } + }, + "type": "object" + }, + "kubeaudit.AuditSettings": { + "description": "AuditSettings represents the kubernetes audits settings", + "properties": { + "lastPollingTime": { + "description": "LastPollingTime holds the last time the logs were polled.\n", + "format": "date-time", + "type": "string" + }, + "specifications": { + "description": "Specifications are the K8s audits fetching CSP specifications.\n", + "items": { + "$ref": "#/components/schemas/kubeaudit.AuditSpecification" + }, + "type": "array" + }, + "webhookUrlSuffix": { + "description": "WebhookSuffix is the relative path to the webhook http endpoint, used for auditing K8S events sent to the console from a cluster.\n", + "type": "string" + } + }, + "type": "object" + }, + "kubeaudit.AuditSpecification": { + "description": "AuditSpecification is the specification for fetching audits from a CSP", + "properties": { + "awsRegion": { + "description": "AWSRegion is the cloud region to fetch from.\n", + "type": "string" + }, + "azureResourceGroups": { + "description": "AzureResourceGroups holds the resource groups to filter by.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "azureWorkspaceName": { + "description": "AzureWorkspaceName holds the workspace name to fetch from.\n", + "type": "string" + }, + "clusters": { + "description": "Clusters are the clusters to fetch.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "credentialID": { + "description": "CredentialID is the credential to use for CSP authentication for this specification.\n", + "type": "string" + }, + "deploymentType": { + "$ref": "#/components/schemas/kubeaudit.DeploymentType" + }, + "filter": { + "description": "Filter is a provider specific query using the provider's query syntax for additional filtering.\n", + "type": "string" + }, + "gcpProjectIDs": { + "description": "GCPProjectIDs holds the IDs of projects to fetch from.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "name": { + "description": "Name is the specification unique identification as provided by the user.\n", + "type": "string" + } + }, + "type": "object" + }, + "kubeaudit.DeploymentType": { + "description": "DeploymentType specifies the type of Kubernetes deployment", + "enum": [ + [ + "gke", + "aks", + "eks" + ] + ], + "type": "string" + }, + "kubeaudit.EventUserInfo": { + "description": "EventUserInfo holds the information about the user that authenticated to Kubernentes", + "properties": { + "groups": { + "description": "The names of groups this user is a part of (optional).\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "uid": { + "description": "A unique value that identifies this user across time. If this user is\ndeleted and another user by the same name is added, they will have\ndifferent UIDs (optional).\n", + "type": "string" + }, + "username": { + "description": "The name that uniquely identifies this user among all active users (optional).\n", + "type": "string" + } + }, + "type": "object" + }, + "kubeaudit.Policy": { + "description": "Policy represents a Kubernetes audit policy enforced on Kubernetes audits", + "properties": { + "_id": { + "description": "ID is the Kubernetes audit policy ID.\n", + "type": "string" + }, + "customRulesIDs": { + "description": "CustomRulesIDs is a list of the custom runtime rules ids that apply to this policy.\n", + "items": { + "$ref": "#/components/schemas/int" + }, + "type": "array" + }, + "enabled": { + "description": "Enabled specifies if Kubernetes audits are enabled.\n", + "type": "boolean" + } + }, + "type": "object" + }, + "license.SPDXLicense": { + "description": "SPDXLicense represents a SPDX license ID", + "enum": [ + [ + "0BSD", + "AAL", + "ADSL", + "AFL-1.1", + "AFL-1.2", + "AFL-2.0", + "AFL-2.1", + "AFL-3.0", + "AGPL-1.0", + "AGPL-1.0-only", + "AGPL-1.0-or-later", + "AGPL-3.0", + "AGPL-3.0-only", + "AGPL-3.0-or-later", + "AMDPLPA", + "AML", + "AMPAS", + "ANTLR-PD", + "ANTLR-PD-fallback", + "APAFML", + "APL-1.0", + "APSL-1.0", + "APSL-1.1", + "APSL-1.2", + "APSL-2.0", + "Abstyles", + "Adobe-2006", + "Adobe-Glyph", + "Afmparse", + "Aladdin", + "Apache-1.0", + "Apache-1.1", + "Apache-2.0", + "Artistic-1.0", + "Artistic-1.0-Perl", + "Artistic-1.0-cl8", + "Artistic-2.0", + "BSD-1-Clause", + "BSD-2-Clause", + "BSD-2-Clause-FreeBSD", + "BSD-2-Clause-NetBSD", + "BSD-2-Clause-Patent", + "BSD-2-Clause-Views", + "BSD-3-Clause", + "BSD-3-Clause-Attribution", + "BSD-3-Clause-Clear", + "BSD-3-Clause-LBNL", + "BSD-3-Clause-No-Nuclear-License", + "BSD-3-Clause-No-Nuclear-License-2014", + "BSD-3-Clause-No-Nuclear-Warranty", + "BSD-3-Clause-Open-MPI", + "BSD-4-Clause", + "BSD-4-Clause-UC", + "BSD-Protection", + "BSD-Source-Code", + "BSL-1.0", + "BUSL-1.1", + "Bahyph", + "Barr", + "Beerware", + "BitTorrent-1.0", + "BitTorrent-1.1", + "BlueOak-1.0.0", + "Borceux", + "CAL-1.0", + "CAL-1.0-Combined-Work-Exception", + "CATOSL-1.1", + "CC-BY-1.0", + "CC-BY-2.0", + "CC-BY-2.5", + "CC-BY-3.0", + "CC-BY-3.0-AT", + "CC-BY-3.0-US", + "CC-BY-4.0", + "CC-BY-NC-1.0", + "CC-BY-NC-2.0", + "CC-BY-NC-2.5", + "CC-BY-NC-3.0", + "CC-BY-NC-4.0", + "CC-BY-NC-ND-1.0", + "CC-BY-NC-ND-2.0", + "CC-BY-NC-ND-2.5", + "CC-BY-NC-ND-3.0", + "CC-BY-NC-ND-3.0-IGO", + "CC-BY-NC-ND-4.0", + "CC-BY-NC-SA-1.0", + "CC-BY-NC-SA-2.0", + "CC-BY-NC-SA-2.5", + "CC-BY-NC-SA-3.0", + "CC-BY-NC-SA-4.0", + "CC-BY-ND-1.0", + "CC-BY-ND-2.0", + "CC-BY-ND-2.5", + "CC-BY-ND-3.0", + "CC-BY-ND-4.0", + "CC-BY-SA-1.0", + "CC-BY-SA-2.0", + "CC-BY-SA-2.0-UK", + "CC-BY-SA-2.5", + "CC-BY-SA-3.0", + "CC-BY-SA-3.0-AT", + "CC-BY-SA-4.0", + "CC-PDDC", + "CC0-1.0", + "CDDL-1.0", + "CDDL-1.1", + "CDLA-Permissive-1.0", + "CDLA-Sharing-1.0", + "CECILL-1.0", + "CECILL-1.1", + "CECILL-2.0", + "CECILL-2.1", + "CECILL-B", + "CECILL-C", + "CERN-OHL-1.1", + "CERN-OHL-1.2", + "CERN-OHL-P-2.0", + "CERN-OHL-S-2.0", + "CERN-OHL-W-2.0", + "CNRI-Jython", + "CNRI-Python", + "CNRI-Python-GPL-Compatible", + "CPAL-1.0", + "CPL-1.0", + "CPOL-1.02", + "CUA-OPL-1.0", + "Caldera", + "ClArtistic", + "Condor-1.1", + "Crossword", + "CrystalStacker", + "Cube", + "D-FSL-1.0", + "DOC", + "DSDP", + "Dotseqn", + "ECL-1.0", + "ECL-2.0", + "EFL-1.0", + "EFL-2.0", + "EPICS", + "EPL-1.0", + "EPL-2.0", + "EUDatagrid", + "EUPL-1.0", + "EUPL-1.1", + "EUPL-1.2", + "Entessa", + "ErlPL-1.1", + "Eurosym", + "FSFAP", + "FSFUL", + "FSFULLR", + "FTL", + "Fair", + "Frameworx-1.0", + "FreeImage", + "GFDL-1.1", + "GFDL-1.1-invariants-only", + "GFDL-1.1-invariants-or-later", + "GFDL-1.1-no-invariants-only", + "GFDL-1.1-no-invariants-or-later", + "GFDL-1.1-only", + "GFDL-1.1-or-later", + "GFDL-1.2", + "GFDL-1.2-invariants-only", + "GFDL-1.2-invariants-or-later", + "GFDL-1.2-no-invariants-only", + "GFDL-1.2-no-invariants-or-later", + "GFDL-1.2-only", + "GFDL-1.2-or-later", + "GFDL-1.3", + "GFDL-1.3-invariants-only", + "GFDL-1.3-invariants-or-later", + "GFDL-1.3-no-invariants-only", + "GFDL-1.3-no-invariants-or-later", + "GFDL-1.3-only", + "GFDL-1.3-or-later", + "GL2PS", + "GLWTPL", + "GPL-1.0", + "GPL-1.0+", + "GPL-1.0-only", + "GPL-1.0-or-later", + "GPL-2.0", + "GPL-2.0+", + "GPL-2.0-only", + "GPL-2.0-or-later", + "GPL-2.0-with-GCC-exception", + "GPL-2.0-with-autoconf-exception", + "GPL-2.0-with-bison-exception", + "GPL-2.0-with-classpath-exception", + "GPL-2.0-with-font-exception", + "GPL-3.0", + "GPL-3.0+", + "GPL-3.0-only", + "GPL-3.0-or-later", + "GPL-3.0-with-GCC-exception", + "GPL-3.0-with-autoconf-exception", + "Giftware", + "Glide", + "Glulxe", + "HPND", + "HPND-sell-variant", + "HTMLTIDY", + "HaskellReport", + "Hippocratic-2.1", + "IBM-pibs", + "ICU", + "IJG", + "IPA", + "IPL-1.0", + "ISC", + "ImageMagick", + "Imlib2", + "Info-ZIP", + "Intel", + "Intel-ACPI", + "Interbase-1.0", + "JPNIC", + "JSON", + "JasPer-2.0", + "LAL-1.2", + "LAL-1.3", + "LGPL-2.0", + "LGPL-2.0+", + "LGPL-2.0-only", + "LGPL-2.0-or-later", + "LGPL-2.1", + "LGPL-2.1+", + "LGPL-2.1-only", + "LGPL-2.1-or-later", + "LGPL-3.0", + "LGPL-3.0+", + "LGPL-3.0-only", + "LGPL-3.0-or-later", + "LGPLLR", + "LPL-1.0", + "LPL-1.02", + "LPPL-1.0", + "LPPL-1.1", + "LPPL-1.2", + "LPPL-1.3a", + "LPPL-1.3c", + "Latex2e", + "Leptonica", + "LiLiQ-P-1.1", + "LiLiQ-R-1.1", + "LiLiQ-Rplus-1.1", + "Libpng", + "Linux-OpenIB", + "MIT", + "MIT-0", + "MIT-CMU", + "MIT-advertising", + "MIT-enna", + "MIT-feh", + "MIT-open-group", + "MITNFA", + "MPL-1.0", + "MPL-1.1", + "MPL-2.0", + "MPL-2.0-no-copyleft-exception", + "MS-PL", + "MS-RL", + "MTLL", + "MakeIndex", + "MirOS", + "Motosoto", + "MulanPSL-1.0", + "MulanPSL-2.0", + "Multics", + "Mup", + "NASA-1.3", + "NBPL-1.0", + "NCGL-UK-2.0", + "NCSA", + "NGPL", + "NIST-PD", + "NIST-PD-fallback", + "NLOD-1.0", + "NLPL", + "NOSL", + "NPL-1.0", + "NPL-1.1", + "NPOSL-3.0", + "NRL", + "NTP", + "NTP-0", + "Naumen", + "Net-SNMP", + "NetCDF", + "Newsletr", + "Nokia", + "Noweb", + "Nunit", + "O-UDA-1.0", + "OCCT-PL", + "OCLC-2.0", + "ODC-By-1.0", + "ODbL-1.0", + "OFL-1.0", + "OFL-1.0-RFN", + "OFL-1.0-no-RFN", + "OFL-1.1", + "OFL-1.1-RFN", + "OFL-1.1-no-RFN", + "OGC-1.0", + "OGL-Canada-2.0", + "OGL-UK-1.0", + "OGL-UK-2.0", + "OGL-UK-3.0", + "OGTSL", + "OLDAP-1.1", + "OLDAP-1.2", + "OLDAP-1.3", + "OLDAP-1.4", + "OLDAP-2.0", + "OLDAP-2.0.1", + "OLDAP-2.1", + "OLDAP-2.2", + "OLDAP-2.2.1", + "OLDAP-2.2.2", + "OLDAP-2.3", + "OLDAP-2.4", + "OLDAP-2.5", + "OLDAP-2.6", + "OLDAP-2.7", + "OLDAP-2.8", + "OML", + "OPL-1.0", + "OSET-PL-2.1", + "OSL-1.0", + "OSL-1.1", + "OSL-2.0", + "OSL-2.1", + "OSL-3.0", + "OpenSSL", + "PDDL-1.0", + "PHP-3.0", + "PHP-3.01", + "PSF-2.0", + "Parity-6.0.0", + "Parity-7.0.0", + "Plexus", + "PolyForm-Noncommercial-1.0.0", + "PolyForm-Small-Business-1.0.0", + "PostgreSQL", + "Python-2.0", + "QPL-1.0", + "Qhull", + "RHeCos-1.1", + "RPL-1.1", + "RPL-1.5", + "RPSL-1.0", + "RSA-MD", + "RSCPL", + "Rdisc", + "Ruby", + "SAX-PD", + "SCEA", + "SGI-B-1.0", + "SGI-B-1.1", + "SGI-B-2.0", + "SHL-0.5", + "SHL-0.51", + "SISSL", + "SISSL-1.2", + "SMLNJ", + "SMPPL", + "SNIA", + "SPL-1.0", + "SSH-OpenSSH", + "SSH-short", + "SSPL-1.0", + "SWL", + "Saxpath", + "Sendmail", + "Sendmail-8.23", + "SimPL-2.0", + "Sleepycat", + "Spencer-86", + "Spencer-94", + "Spencer-99", + "StandardML-NJ", + "SugarCRM-1.1.3", + "TAPR-OHL-1.0", + "TCL", + "TCP-wrappers", + "TMate", + "TORQUE-1.1", + "TOSL", + "TU-Berlin-1.0", + "TU-Berlin-2.0", + "UCL-1.0", + "UPL-1.0", + "Unicode-DFS-2015", + "Unicode-DFS-2016", + "Unicode-TOU", + "Unlicense", + "VOSTROM", + "VSL-1.0", + "Vim", + "W3C", + "W3C-19980720", + "W3C-20150513", + "WTFPL", + "Watcom-1.0", + "Wsuipa", + "X11", + "XFree86-1.1", + "XSkat", + "Xerox", + "Xnet", + "YPL-1.0", + "YPL-1.1", + "ZPL-1.1", + "ZPL-2.0", + "ZPL-2.1", + "Zed", + "Zend-2.0", + "Zimbra-1.3", + "Zimbra-1.4", + "Zlib", + "blessing", + "bzip2-1.0.5", + "bzip2-1.0.6", + "copyleft-next-0.3.0", + "copyleft-next-0.3.1", + "curl", + "diffmark", + "dvipdfm", + "eCos-2.0", + "eGenix", + "etalab-2.0", + "gSOAP-1.3b", + "gnuplot", + "iMatix", + "libpng-2.0", + "libselinux-1.0", + "libtiff", + "mpich2", + "psfrag", + "psutils", + "wxWindows", + "xinetd", + "xpp", + "zlib-acknowledgement" + ] + ], + "type": "string" + }, + "log.LogEntry": { + "description": "LogEntry represents a single log line", + "properties": { + "level": { + "description": "Level is the log level.\n", + "type": "string" + }, + "log": { + "description": "Log is the log text.\n", + "type": "string" + }, + "time": { + "description": "Time is the log time.\n", + "format": "date-time", + "type": "string" + } + }, + "type": "object" + }, + "mitre.Technique": { + "description": "Technique is the MITRE framework attack technique", + "enum": [ + [ + "exploitationForPrivilegeEscalation", + "exploitPublicFacingApplication", + "applicationExploitRCE", + "networkServiceScanning", + "endpointDenialOfService", + "exfiltrationGeneral", + "systemNetworkConfigurationDiscovery", + "unsecuredCredentials", + "credentialDumping", + "systemInformationDiscovery", + "systemNetworkConnectionDiscovery", + "systemUserDiscovery", + "accountDiscovery", + "cloudInstanceMetadataAPI", + "accessKubeletMainAPI", + "queryKubeletReadonlyAPI", + "accessKubernetesAPIServer", + "softwareDeploymentTools", + "ingressToolTransfer", + "lateralToolTransfer", + "commandAndControlGeneral", + "resourceHijacking", + "manInTheMiddle", + "nativeBinaryExecution", + "foreignBinaryExecution", + "createAccount", + "accountManipulation", + "abuseElevationControlMechanisms", + "supplyChainCompromise", + "obfuscatedFiles", + "hijackExecutionFlow", + "impairDefences", + "scheduledTaskJob", + "exploitationOfRemoteServices", + "eventTriggeredExecution", + "accountAccessRemoval", + "privilegedContainer", + "writableVolumes", + "execIntoContainer", + "softwareDiscovery", + "createContainer", + "kubernetesSecrets", + "fileAndDirectoryDiscovery", + "masquerading", + "webShell", + "compileAfterDelivery" + ] + ], + "type": "string" + }, + "packages.Type": { + "description": "Type describes the package type", + "enum": [ + [ + "nodejs", + "gem", + "python", + "jar", + "package", + "windows", + "binary", + "nuget", + "go", + "app", + "unknown" + ] + ], + "type": "string" + }, + "prisma.AlertIntegration": { + "description": "AlertIntegration has the relevant fields for Prisma Cloud defined integrations\nhttps://prisma.pan.dev/api/cloud/cspm/integrations#operation/get-all-integrations", + "properties": { + "id": { + "description": "ID of the integration in Prisma Cloud.\n", + "type": "string" + }, + "integrationConfig": { + "$ref": "#/components/schemas/prisma.IntegrationConfig" + }, + "integrationType": { + "description": "IntegrationType is the provider type.\n", + "type": "string" + }, + "name": { + "description": "Name of the integration in Prisma Cloud.\n", + "type": "string" + } + }, + "type": "object" + }, + "prisma.AssetType": { + "description": "AssetType is the integral value that we need to pass to PC in the UAI and Unified Alerts integrations to identify the asset type\nMappings of the asset types agreed upon with PC can be found here - https://docs.google.com/spreadsheets/d/1M0Aj5U4vpFGEnpd0v_xK-CsxSH4lovE7p93hkzE4DTY\nAdditional asset types can be found here - https://redlock.atlassian.net/browse/RLP-57240\nThis value will be identical to resource api id in case of Unified Alerts", + "enum": [ + [ + "15", + "16", + "18", + "5109", + "39", + "45", + "65", + "5051", + "5070", + "7075", + "7077", + "10523", + "10524", + "10562", + "15000", + "20019", + "20028", + "20042", + "20051", + "20125", + "20126", + "20127", + "20155", + "25001", + "30012", + "30013", + "30014", + "30015", + "30016", + "30018", + "30020" + ] + ], + "type": "integer" + }, + "prisma.CloudType": { + "description": "CloudType is the prisma cloud type of the resource that is used for policy verdict creation\nCloud type values are documented here - https://docs.google.com/spreadsheets/d/1ZRlPl2IdEX22-7pSnqxeJGwwS0jyUbJJ16IkuPoiHMU", + "enum": [ + [ + "1", + "2", + "3", + "4", + "5", + "6" + ] + ], + "type": "integer" + }, + "prisma.IntegrationConfig": { + "description": "IntegrationConfig holds the additional configuration data for each integration", + "properties": { + "accountId": { + "description": "SecurityHubAccountID is the AWS account ID.\n", + "type": "string" + }, + "regions": { + "description": "SecurityHubIntegrationRegions holds AWS account available regions.\n", + "items": { + "$ref": "#/components/schemas/prisma.SecurityHubIntegrationRegions" + }, + "type": "array" + }, + "tables": { + "description": "ServiceNowIntegrationConfig holds ServiceNow tables info.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + "type": "object" + }, + "prisma.SecurityHubIntegrationRegions": { + "description": "SecurityHubIntegrationRegions holds AWS Security Hub regions info", + "properties": { + "apiIdentifier": { + "description": "APIIdentifier represents the AWS region.\n", + "type": "string" + }, + "name": { + "description": "Name is the region name.\n", + "type": "string" + } + }, + "type": "object" + }, + "prisma.ServiceProvider": { + "description": "ServiceProvider represents service provider id or \"other\" in case it is non cloud.", + "enum": [ + [ + "aws", + "azure", + "gcp", + "alibaba_cloud", + "oci", + "other" + ] + ], + "type": "string" + }, + "rbac.PermName": { + "description": "PermName is a name of permission to a single resource type", + "enum": [ + [ + "radarsContainers", + "radarsHosts", + "radarsServerless", + "radarsCloud", + "policyContainers", + "policyHosts", + "policyServerless", + "policyCloud", + "policyComplianceCustomRules", + "policyRuntimeContainer", + "policyRuntimeHosts", + "policyRuntimeServerless", + "policyCustomRules", + "policyWAAS", + "policyCNNF", + "policyAccessSecrets", + "policyAccessKubernetes", + "monitorVuln", + "monitorCompliance", + "monitorImages", + "monitorHosts", + "monitorServerless", + "monitorCloud", + "monitorCI", + "monitorRuntimeContainers", + "monitorRuntimeHosts", + "monitorRuntimeServerless", + "monitorRuntimeIncidents", + "sandbox", + "monitorWAAS", + "monitorCNNF", + "monitorAccessDocker", + "monitorAccessKubernetes", + "systemLogs", + "manageDefenders", + "manageAlerts", + "collections", + "manageCreds", + "authConfiguration", + "userManagement", + "systemOperations", + "privilegedOperations", + "downloads", + "accessUI", + "uIEventSubscriber", + "user", + "none" + ] + ], + "type": "string" + }, + "rbac.Permission": { + "description": "Permission is a named resource permission", + "properties": { + "name": { + "$ref": "#/components/schemas/rbac.PermName" + }, + "readWrite": { + "description": "ReadWrite indicates RW or RO permission.\n", + "type": "boolean" + } + }, + "type": "object" + }, + "rbac.Role": { + "description": "Role represents the role of a given user/group", + "properties": { + "description": { + "description": "Description is the role's description.\n", + "type": "string" + }, + "name": { + "description": "Name is the role name.\n", + "type": "string" + }, + "perms": { + "description": "Perms are the role resource permissions.\n", + "items": { + "$ref": "#/components/schemas/rbac.Permission" + }, + "type": "array" + }, + "system": { + "description": "System indicates predefined immutable system role.\n", + "type": "boolean" + } + }, + "type": "object" + }, + "runtime.AntiMalwareRule": { + "description": "AntiMalwareRule represents restrictions/suppression for suspected anti-malware", + "properties": { + "allowedProcesses": { + "description": "AllowedProcesses contains paths of files and processes for which we skip anti-malware checks.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "cryptoMiner": { + "$ref": "#/components/schemas/runtime.RuleEffect" + }, + "customFeed": { + "$ref": "#/components/schemas/runtime.RuleEffect" + }, + "deniedProcesses": { + "$ref": "#/components/schemas/runtime.DenyListRule" + }, + "detectCompilerGeneratedBinary": { + "description": "DetectCompilerGeneratedBinary represents what happens when a compiler service writes a binary.\n", + "type": "boolean" + }, + "encryptedBinaries": { + "$ref": "#/components/schemas/runtime.RuleEffect" + }, + "executionFlowHijack": { + "$ref": "#/components/schemas/runtime.RuleEffect" + }, + "intelligenceFeed": { + "$ref": "#/components/schemas/runtime.RuleEffect" + }, + "reverseShell": { + "$ref": "#/components/schemas/runtime.RuleEffect" + }, + "serviceUnknownOriginBinary": { + "$ref": "#/components/schemas/runtime.RuleEffect" + }, + "skipSSHTracking": { + "description": "SkipSSHTracking indicates whether host SSH tracking should be skipped.\n", + "type": "boolean" + }, + "suspiciousELFHeaders": { + "$ref": "#/components/schemas/runtime.RuleEffect" + }, + "tempFSProc": { + "$ref": "#/components/schemas/runtime.RuleEffect" + }, + "userUnknownOriginBinary": { + "$ref": "#/components/schemas/runtime.RuleEffect" + }, + "webShell": { + "$ref": "#/components/schemas/runtime.RuleEffect" + }, + "wildFireAnalysis": { + "$ref": "#/components/schemas/runtime.RuleEffect" + } + }, + "type": "object" + }, + "runtime.App": { + "description": "App represents the applications runtime data", + "properties": { + "listeningPorts": { + "description": "ListeningPorts represents the applications listening ports.\n", + "items": { + "$ref": "#/components/schemas/runtime.HostProfileListeningPort" + }, + "type": "array" + }, + "name": { + "description": "Name is the app name.\n", + "type": "string" + }, + "outgoingPorts": { + "description": "OutgoingPorts represents the applications outgoing ports.\n", + "items": { + "$ref": "#/components/schemas/runtime.HostProfileOutgoingPort" + }, + "type": "array" + }, + "processes": { + "description": "Processes is a list of the app's descendant processes.\n", + "items": { + "$ref": "#/components/schemas/runtime.ProfileProcess" + }, + "type": "array" + }, + "startupProcess": { + "$ref": "#/components/schemas/runtime.ProfileProcess" + } + }, + "type": "object" + }, + "runtime.AppEmbeddedPolicy": { + "description": "AppEmbeddedPolicy represents a runtime policy enforced for a given running resource", + "properties": { + "_id": { + "description": "Internal identifier.\n", + "type": "string" + }, + "rules": { + "description": "Rules in the policy.\n", + "items": { + "$ref": "#/components/schemas/runtime.AppEmbeddedPolicyRule" + }, + "type": "array" + } + }, + "type": "object" + }, + "runtime.AppEmbeddedPolicyRule": { + "description": "AppEmbeddedPolicyRule represents a single rule in the app embedded runtime policy", + "properties": { + "advancedProtection": { + "description": "Indicates whether advanced protection (e.g., custom or premium feeds for container, added whitelist rules for serverless) is enabled (true) or not (false).\n", + "type": "boolean" + }, + "collections": { + "description": "List of collections. Used to scope the rule.\n", + "items": { + "$ref": "#/components/schemas/collection.Collection" + }, + "type": "array" + }, + "customRules": { + "description": "List of custom runtime rules.\n", + "items": { + "$ref": "#/components/schemas/customrules.Ref" + }, + "type": "array" + }, + "disabled": { + "description": "Indicates whether the rule is currently disabled. Values: true (disabled) or false (enabled).\n", + "type": "boolean" + }, + "dns": { + "$ref": "#/components/schemas/runtime.DNSRule" + }, + "filesystem": { + "$ref": "#/components/schemas/runtime.FilesystemRule" + }, + "modified": { + "description": "Specifies the date and time when the rule was last modified.\n", + "format": "date-time", + "type": "string" + }, + "name": { + "description": "Name of the rule.\n", + "type": "string" + }, + "network": { + "$ref": "#/components/schemas/runtime.NetworkRule" + }, + "notes": { + "description": "Describes any noteworthy points for a rule. You can include any text.\n", + "type": "string" + }, + "owner": { + "description": "User who created or last modified the rule.\n", + "type": "string" + }, + "previousName": { + "description": "Previous name of the rule. Required for rule renaming.\n", + "type": "string" + }, + "processes": { + "$ref": "#/components/schemas/runtime.ProcessesRule" + }, + "wildFireAnalysis": { + "$ref": "#/components/schemas/runtime.RuleEffect" + } + }, + "type": "object" + }, + "runtime.AppListeningPorts": { + "description": "AppListeningPorts is an association of an app and list of listening ports", + "properties": { + "app": { + "description": "App is the name of the app.\n", + "type": "string" + }, + "portsData": { + "$ref": "#/components/schemas/common.ProfilePortData" + } + }, + "type": "object" + }, + "runtime.ContainerCapabilities": { + "description": "ContainerCapabilities are a set of static capabilities for a given container", + "properties": { + "ci": { + "description": "CI indicates the container allowed to write binaries to disk and run them.\n", + "type": "boolean" + }, + "cloudMetadata": { + "description": "CloudMetadata indicates the given container can query cloud metadata api.\n", + "type": "boolean" + }, + "dnsCache": { + "description": "DNSCache are DNS services that are used by all the pods in the cluster.\n", + "type": "boolean" + }, + "dynamicDNSQuery": { + "description": "DynamicDNSQuery indicates capped behavioral dns queries.\n", + "type": "boolean" + }, + "dynamicFileCreation": { + "description": "DynamicFileCreation indicates capped behavioral filesystem paths.\n", + "type": "boolean" + }, + "dynamicProcessCreation": { + "description": "DynamicProcessCreation indicates capped behavioral processes.\n", + "type": "boolean" + }, + "k8s": { + "description": "Kubernetes indicates the given container can perform k8s networking tasks (e.g., contact to api server).\n", + "type": "boolean" + }, + "proxy": { + "description": "Proxy indicates the container can listen on any port and perform multiple outbound connection.\n", + "type": "boolean" + }, + "pullImage": { + "description": "PullImage indicates that the container is allowed pull images (might include files with high entropy).\n", + "type": "boolean" + }, + "sshd": { + "description": "Sshd indicates whether the container can run sshd process.\n", + "type": "boolean" + }, + "unpacker": { + "description": "Unpacker indicates the container is allowed to write shared libraries to disk.\n", + "type": "boolean" + } + }, + "type": "object" + }, + "runtime.ContainerDNSRule": { + "description": "ContainerDNSRule is the DNS runtime rule for container", + "properties": { + "defaultEffect": { + "$ref": "#/components/schemas/runtime.RuleEffect" + }, + "disabled": { + "description": "Disabled a global disable for the DNS rule.\n", + "type": "boolean" + }, + "domainList": { + "$ref": "#/components/schemas/runtime.DNSListRule" + } + }, + "type": "object" + }, + "runtime.ContainerFilesystemRule": { + "description": "ContainerFilesystemRule represents restrictions/suppression for filesystem changes", + "properties": { + "allowedList": { + "description": "AllowedList is the list of allowed file system path.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "backdoorFilesEffect": { + "$ref": "#/components/schemas/runtime.RuleEffect" + }, + "defaultEffect": { + "$ref": "#/components/schemas/runtime.RuleEffect" + }, + "deniedList": { + "$ref": "#/components/schemas/runtime.DenyListRule" + }, + "disabled": { + "description": "Disabled a global disable for the filesystem rule.\n", + "type": "boolean" + }, + "encryptedBinariesEffect": { + "$ref": "#/components/schemas/runtime.RuleEffect" + }, + "newFilesEffect": { + "$ref": "#/components/schemas/runtime.RuleEffect" + }, + "suspiciousELFHeadersEffect": { + "$ref": "#/components/schemas/runtime.RuleEffect" + } + }, + "type": "object" + }, + "runtime.ContainerNetworkRule": { + "description": "ContainerNetworkRule represents the restrictions/suppression for networking", + "properties": { + "allowedIPs": { + "description": "AllowedIPs the allow-listed IP addresses.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "defaultEffect": { + "$ref": "#/components/schemas/runtime.RuleEffect" + }, + "deniedIPs": { + "description": "DeniedIPs the deny-listed IP addresses.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "deniedIPsEffect": { + "$ref": "#/components/schemas/runtime.RuleEffect" + }, + "disabled": { + "description": "Disabled a global disable for the network rule.\n", + "type": "boolean" + }, + "listeningPorts": { + "$ref": "#/components/schemas/runtime.PortListRule" + }, + "modifiedProcEffect": { + "$ref": "#/components/schemas/runtime.RuleEffect" + }, + "outboundPorts": { + "$ref": "#/components/schemas/runtime.PortListRule" + }, + "portScanEffect": { + "$ref": "#/components/schemas/runtime.RuleEffect" + }, + "rawSocketsEffect": { + "$ref": "#/components/schemas/runtime.RuleEffect" + } + }, + "type": "object" + }, + "runtime.ContainerPolicy": { + "description": "ContainerPolicy represents a runtime policy enforced for a given running resource", + "properties": { + "_id": { + "description": "Internal identifier.\n", + "type": "string" + }, + "learningDisabled": { + "description": "Indicates whether automatic behavioural learning is enabled (true) or not (false).\n", + "type": "boolean" + }, + "rules": { + "description": "Rules in the policy.\n", + "items": { + "$ref": "#/components/schemas/runtime.ContainerPolicyRule" + }, + "type": "array" + } + }, + "type": "object" + }, + "runtime.ContainerPolicyRule": { + "description": "ContainerPolicyRule represents a single rule in the runtime policy", + "properties": { + "advancedProtectionEffect": { + "$ref": "#/components/schemas/runtime.RuleEffect" + }, + "cloudMetadataEnforcementEffect": { + "$ref": "#/components/schemas/runtime.RuleEffect" + }, + "collections": { + "description": "List of collections. Used to scope the rule.\n", + "items": { + "$ref": "#/components/schemas/collection.Collection" + }, + "type": "array" + }, + "customRules": { + "description": "List of custom runtime rules.\n", + "items": { + "$ref": "#/components/schemas/customrules.Ref" + }, + "type": "array" + }, + "disabled": { + "description": "Indicates whether the rule is currently disabled. Values: true (disabled) or false (enabled).\n", + "type": "boolean" + }, + "dns": { + "$ref": "#/components/schemas/runtime.ContainerDNSRule" + }, + "filesystem": { + "$ref": "#/components/schemas/runtime.ContainerFilesystemRule" + }, + "kubernetesEnforcementEffect": { + "$ref": "#/components/schemas/runtime.RuleEffect" + }, + "modified": { + "description": "Specifies the date and time when the rule was last modified.\n", + "format": "date-time", + "type": "string" + }, + "name": { + "description": "Name of the rule.\n", + "type": "string" + }, + "network": { + "$ref": "#/components/schemas/runtime.ContainerNetworkRule" + }, + "notes": { + "description": "Describes any noteworthy points for a rule. You can include any text.\n", + "type": "string" + }, + "owner": { + "description": "User who created or last modified the rule.\n", + "type": "string" + }, + "previousName": { + "description": "Previous name of the rule. Required for rule renaming.\n", + "type": "string" + }, + "processes": { + "$ref": "#/components/schemas/runtime.ContainerProcessesRule" + }, + "skipExecSessions": { + "description": "Indicates whether to skip runtime validation for events triggered by docker/kubectl exec.\n", + "type": "boolean" + }, + "wildFireAnalysis": { + "$ref": "#/components/schemas/runtime.RuleEffect" + } + }, + "type": "object" + }, + "runtime.ContainerProcessesRule": { + "description": "ContainerProcessesRule represents restrictions/suppression for running processes", + "properties": { + "allowedList": { + "description": "AllowedList is the list of processes to allow.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "checkParentChild": { + "description": "Indicates whether checking for parent child relationship when comparing spawned processes in the model is enabled.\n", + "type": "boolean" + }, + "cryptoMinersEffect": { + "$ref": "#/components/schemas/runtime.RuleEffect" + }, + "defaultEffect": { + "$ref": "#/components/schemas/runtime.RuleEffect" + }, + "deniedList": { + "$ref": "#/components/schemas/runtime.DenyListRule" + }, + "disabled": { + "description": "Disabled a global disable for the processes rule.\n", + "type": "boolean" + }, + "lateralMovementEffect": { + "$ref": "#/components/schemas/runtime.RuleEffect" + }, + "modifiedProcessEffect": { + "$ref": "#/components/schemas/runtime.RuleEffect" + }, + "reverseShellEffect": { + "$ref": "#/components/schemas/runtime.RuleEffect" + }, + "suidBinariesEffect": { + "$ref": "#/components/schemas/runtime.RuleEffect" + } + }, + "type": "object" + }, + "runtime.ContainerProfileHost": { + "description": "ContainerProfileHost represents a host that runs a container with a specific profile ID", + "properties": { + "agentless": { + "description": "Agentless indicates if the host was scanned by agentless.\n", + "type": "boolean" + }, + "hostname": { + "description": "Hostname is the name of the host.\n", + "type": "string" + }, + "profileID": { + "description": "ProfileID is the profile ID that matches the container running in the host.\n", + "type": "string" + } + }, + "type": "object" + }, + "runtime.DNSListRule": { + "description": "DNSListRule represents an explicitly allowed/denied domains list rule", + "properties": { + "allowed": { + "description": "Allowed the allow-listed domain names.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "denied": { + "description": "Denied the deny-listed domain names.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "effect": { + "$ref": "#/components/schemas/runtime.RuleEffect" + } + }, + "type": "object" + }, + "runtime.DNSQuery": { + "description": "DNSQuery is the data of a DNS query", + "properties": { + "domainName": { + "description": "DomainName is the queried domain name.\n", + "type": "string" + }, + "domainType": { + "description": "DomainType is the queried domain type.\n", + "type": "string" + } + }, + "type": "object" + }, + "runtime.DNSRule": { + "description": "DNSRule is the DNS runtime rule", + "properties": { + "blacklist": { + "description": "List of deny-listed domain names (e.g., www.bad-url.com, *.bad-url.com).\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "effect": { + "$ref": "#/components/schemas/runtime.RuleEffect" + }, + "whitelist": { + "description": "List of allow-listed domain names (e.g., *.gmail.com, *.s3.*.amazon.com).\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + "type": "object" + }, + "runtime.DenyListRule": { + "description": "DenyListRule represents a rule containing paths of files and processes to alert/prevent and the required effect", + "properties": { + "effect": { + "$ref": "#/components/schemas/runtime.RuleEffect" + }, + "paths": { + "description": "Paths are the paths to alert/prevent when an event with one of the paths is triggered.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + "type": "object" + }, + "runtime.FSFileType": { + "description": "FSFileType represents the file type", + "type": "integer" + }, + "runtime.FileIntegrityRule": { + "description": "FileIntegrityRule represents a single file integrity monitoring rule", + "properties": { + "dir": { + "description": "Dir indicates that the path is a directory.\n", + "type": "boolean" + }, + "exclusions": { + "description": "Exclusions are filenames that should be ignored while generating audits\nThese filenames may contain a wildcard regex pattern, e.g. foo*.log, *.cache.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "metadata": { + "description": "Metadata indicates that metadata changes should be monitored (e.g. chmod, chown).\n", + "type": "boolean" + }, + "path": { + "description": "Path is the path to monitor.\n", + "type": "string" + }, + "procWhitelist": { + "description": "ProcWhitelist are the processes to ignore\nFilesystem events caused by these processes DO NOT generate file integrity events.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "read": { + "description": "Read indicates that reads operations should be monitored.\n", + "type": "boolean" + }, + "recursive": { + "description": "Recursive indicates that monitoring should be recursive.\n", + "type": "boolean" + }, + "write": { + "description": "Write indicates that write operations should be monitored.\n", + "type": "boolean" + } + }, + "type": "object" + }, + "runtime.FilesystemRule": { + "description": "FilesystemRule represents restrictions/suppression for filesystem changes", + "properties": { + "backdoorFiles": { + "description": "Monitors files that can create and/or persist backdoors (currently SSH and admin account config files) (true).\n", + "type": "boolean" + }, + "blacklist": { + "description": "List of denied file system path.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "checkNewFiles": { + "description": "Detects changes to binaries and certificates (true).\n", + "type": "boolean" + }, + "effect": { + "$ref": "#/components/schemas/runtime.RuleEffect" + }, + "skipEncryptedBinaries": { + "description": "Indicates that encrypted binaries check should be skipped.\n", + "type": "boolean" + }, + "suspiciousELFHeaders": { + "description": "Indicates whether malware detection based on suspicious ELF headers is enabled.\n", + "type": "boolean" + }, + "whitelist": { + "description": "List of allowed file system path.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + "type": "object" + }, + "runtime.GeoIP": { + "description": "GeoIP represents an ip address with it's origin country code", + "properties": { + "code": { + "description": "Code is the country iso code.\n", + "type": "string" + }, + "ip": { + "description": "IP is the ip address.\n", + "type": "string" + }, + "modified": { + "description": "Modified is the last modified time of this entry.\n", + "format": "date-time", + "type": "string" + } + }, + "type": "object" + }, + "runtime.HostDNSRule": { + "description": "HostDNSRule represents a host DNS runtime rule", + "properties": { + "allow": { + "description": "Allow is a list of user-defined domains to skip checks for.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "deny": { + "description": "Deny is a list of user-defined domains to deny.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "denyListEffect": { + "$ref": "#/components/schemas/runtime.RuleEffect" + }, + "intelligenceFeed": { + "$ref": "#/components/schemas/runtime.RuleEffect" + } + }, + "type": "object" + }, + "runtime.HostNetworkRule": { + "description": "HostNetworkRule represents the restrictions/suppression for host networking", + "properties": { + "allowedOutboundIPs": { + "description": "AllowedOutboundIPs is a list of IPs to skip checks for.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "customFeed": { + "$ref": "#/components/schemas/runtime.RuleEffect" + }, + "deniedListeningPorts": { + "description": "DeniedListeningPorts is a list of listening ports to deny.\n", + "items": { + "$ref": "#/components/schemas/common.PortRange" + }, + "type": "array" + }, + "deniedOutboundIPs": { + "description": "DeniedOutboundIPs is a list of outbound IPs to deny.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "deniedOutboundPorts": { + "description": "DeniedOutboundPorts is a list of outbound ports to deny.\n", + "items": { + "$ref": "#/components/schemas/common.PortRange" + }, + "type": "array" + }, + "denyListEffect": { + "$ref": "#/components/schemas/runtime.RuleEffect" + }, + "intelligenceFeed": { + "$ref": "#/components/schemas/runtime.RuleEffect" + } + }, + "type": "object" + }, + "runtime.HostPolicy": { + "description": "HostPolicy represents a host runtime policy enforced for a given running resource", + "properties": { + "_id": { + "description": "ID is the host runtime policy internal id.\n", + "type": "string" + }, + "owner": { + "description": "Owner is the host runtime policy owner.\n", + "type": "string" + }, + "rules": { + "description": "Rules is the list of host runtime rules.\n", + "items": { + "$ref": "#/components/schemas/runtime.HostPolicyRule" + }, + "type": "array" + } + }, + "type": "object" + }, + "runtime.HostPolicyRule": { + "description": "HostPolicyRule represents a single rule in the runtime policy", + "properties": { + "antiMalware": { + "$ref": "#/components/schemas/runtime.AntiMalwareRule" + }, + "collections": { + "description": "Collections is a list of collections the rule applies to.\n", + "items": { + "$ref": "#/components/schemas/collection.Collection" + }, + "type": "array" + }, + "customRules": { + "description": "CustomRules is a list of custom rules associated with the container runtime policy.\n", + "items": { + "$ref": "#/components/schemas/customrules.Ref" + }, + "type": "array" + }, + "disabled": { + "description": "Indicates whether the rule is currently disabled. Values: true (disabled) or false (enabled).\n", + "type": "boolean" + }, + "dns": { + "$ref": "#/components/schemas/runtime.HostDNSRule" + }, + "fileIntegrityRules": { + "description": "FileIntegrityRules are the file integrity monitoring rules.\n", + "items": { + "$ref": "#/components/schemas/runtime.FileIntegrityRule" + }, + "type": "array" + }, + "forensic": { + "$ref": "#/components/schemas/common.HostForensicSettings" + }, + "logInspectionRules": { + "description": "LogInspectionRules is a list of log inspection rules.\n", + "items": { + "$ref": "#/components/schemas/runtime.LogInspectionRule" + }, + "type": "array" + }, + "modified": { + "description": "Specifies the date and time when the rule was last modified.\n", + "format": "date-time", + "type": "string" + }, + "name": { + "description": "Name of the rule.\n", + "type": "string" + }, + "network": { + "$ref": "#/components/schemas/runtime.HostNetworkRule" + }, + "notes": { + "description": "Describes any noteworthy points for a rule. You can include any text.\n", + "type": "string" + }, + "owner": { + "description": "User who created or last modified the rule.\n", + "type": "string" + }, + "previousName": { + "description": "Previous name of the rule. Required for rule renaming.\n", + "type": "string" + } + }, + "type": "object" + }, + "runtime.HostProfile": { + "description": "HostProfile represents a host runtime profile", + "properties": { + "_id": { + "description": "ID is the profile ID (hostname).\n", + "type": "string" + }, + "accountID": { + "description": "AccountID is the cloud account ID associated with the profile.\n", + "type": "string" + }, + "apps": { + "description": "Apps are the host's apps metadata.\n", + "items": { + "$ref": "#/components/schemas/runtime.App" + }, + "type": "array" + }, + "collections": { + "description": "Collections is a list of collections to which this profile applies.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "created": { + "description": "Created is the profile creation time.\n", + "format": "date-time", + "type": "string" + }, + "geoip": { + "$ref": "#/components/schemas/runtime.ProfileNetworkGeoIP" + }, + "hash": { + "$ref": "#/components/schemas/common.ProfileHash" + }, + "labels": { + "description": "Labels are the labels associated with the profile.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "sshEvents": { + "description": "SSHEvents represents a list SSH events occurred on the host.\n", + "items": { + "$ref": "#/components/schemas/runtime.SSHEvent" + }, + "type": "array" + }, + "time": { + "description": "Time is the last time when this profile was modified.\n", + "format": "date-time", + "type": "string" + } + }, + "type": "object" + }, + "runtime.HostProfileListeningPort": { + "description": "HostProfileListeningPort holds a metadata on listening port stored in host runtime profile", + "properties": { + "command": { + "description": "Command represents the command that triggered the connection.\n", + "type": "string" + }, + "modified": { + "description": "Modified is a timestamp of when the event occurred.\n", + "format": "date-time", + "type": "string" + }, + "port": { + "description": "Port is the port number.\n", + "type": "integer" + }, + "processPath": { + "description": "ProcessPath represents the path to the process that uses the port.\n", + "type": "string" + } + }, + "type": "object" + }, + "runtime.HostProfileOutgoingPort": { + "description": "HostProfileOutgoingPort holds a metadata on outgoing port stored in host runtime profile", + "properties": { + "command": { + "description": "Command represents the command that triggered the connection.\n", + "type": "string" + }, + "country": { + "description": "Country is the country ISO code for the given IP address.\n", + "type": "string" + }, + "ip": { + "description": "IP is the IP address captured over this port.\n", + "type": "string" + }, + "modified": { + "description": "Modified is a timestamp of when the event occurred.\n", + "format": "date-time", + "type": "string" + }, + "port": { + "description": "Port is the port number.\n", + "type": "integer" + }, + "processPath": { + "description": "ProcessPath represents the path to the process that uses the port.\n", + "type": "string" + } + }, + "type": "object" + }, + "runtime.LogInspectionRule": { + "description": "LogInspectionRule represents a single log inspection rule", + "properties": { + "path": { + "description": "Path is the log path.\n", + "type": "string" + }, + "regex": { + "description": "Regex are the regular expressions associated with the rule if it is a custom one.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + "type": "object" + }, + "runtime.NetworkRule": { + "description": "NetworkRule represents the restrictions/suppression for networking", + "properties": { + "blacklistIPs": { + "description": "Deny-listed IP addresses.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "blacklistListeningPorts": { + "description": "Deny-listed listening ports.\n", + "items": { + "$ref": "#/components/schemas/common.PortRange" + }, + "type": "array" + }, + "blacklistOutboundPorts": { + "description": "Deny-listed outbound ports.\n", + "items": { + "$ref": "#/components/schemas/common.PortRange" + }, + "type": "array" + }, + "effect": { + "$ref": "#/components/schemas/runtime.RuleEffect" + }, + "whitelistIPs": { + "description": "Allow-listed IP addresses.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "whitelistListeningPorts": { + "description": "Allow-listed listening ports.\n", + "items": { + "$ref": "#/components/schemas/common.PortRange" + }, + "type": "array" + }, + "whitelistOutboundPorts": { + "description": "Allow-listed outbound ports.\n", + "items": { + "$ref": "#/components/schemas/common.PortRange" + }, + "type": "array" + } + }, + "type": "object" + }, + "runtime.PortListRule": { + "description": "PortListRule represents a rule containing ports to allowed/denied and the required effect", + "properties": { + "allowed": { + "description": "Allowed the allow-listed listening ports.\n", + "items": { + "$ref": "#/components/schemas/common.PortRange" + }, + "type": "array" + }, + "denied": { + "description": "Denied the deny-listed listening ports.\n", + "items": { + "$ref": "#/components/schemas/common.PortRange" + }, + "type": "array" + }, + "effect": { + "$ref": "#/components/schemas/runtime.RuleEffect" + } + }, + "type": "object" + }, + "runtime.ProcessesRule": { + "description": "ProcessesRule represents restrictions/suppression for running processes", + "properties": { + "blacklist": { + "description": "List of processes to deny.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "blockAllBinaries": { + "description": "Indicates that all processes are blocked except the main process.\n", + "type": "boolean" + }, + "checkCryptoMiners": { + "description": "Detect crypto miners.\n", + "type": "boolean" + }, + "checkLateralMovement": { + "description": "Indicates whether dectection of processes that can be used for lateral movement exploits is enabled.\n", + "type": "boolean" + }, + "checkNewBinaries": { + "description": "Indicates whether binaries which do not belong to the original image are allowed to run.\n", + "type": "boolean" + }, + "effect": { + "$ref": "#/components/schemas/runtime.RuleEffect" + }, + "skipModified": { + "description": "Indicates whether to trigger audits/incidents when a modified proc is spawned.\n", + "type": "boolean" + }, + "whitelist": { + "description": "List of processes to allow.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + "type": "object" + }, + "runtime.ProfileFilesystem": { + "description": "ProfileFilesystem defines the filesystem features profile", + "properties": { + "behavioral": { + "description": "Behavioral is filesystem data learned from behavioral analysis.\n", + "items": { + "$ref": "#/components/schemas/runtime.ProfileFilesystemPath" + }, + "type": "array" + }, + "static": { + "description": "Static is filesystem data learned from static analysis.\n", + "items": { + "$ref": "#/components/schemas/runtime.ProfileFilesystemPath" + }, + "type": "array" + } + }, + "type": "object" + }, + "runtime.ProfileFilesystemPath": { + "description": "ProfileFilesystemPath represents the filesystem static data", + "properties": { + "mount": { + "description": "Mount indicates whether the given folder is a mount.\n", + "type": "boolean" + }, + "path": { + "description": "Path is the file path.\n", + "type": "string" + }, + "process": { + "description": "Process is the process that accessed the file.\n", + "type": "string" + }, + "time": { + "description": "Time is the time in which the file was added.\n", + "format": "date-time", + "type": "string" + } + }, + "type": "object" + }, + "runtime.ProfileNetwork": { + "description": "ProfileNetwork represents networking data that is learned", + "properties": { + "behavioral": { + "$ref": "#/components/schemas/runtime.ProfileNetworkBehavioral" + }, + "geoip": { + "$ref": "#/components/schemas/runtime.ProfileNetworkGeoIP" + }, + "static": { + "$ref": "#/components/schemas/runtime.ProfileNetworkStatic" + } + }, + "type": "object" + }, + "runtime.ProfileNetworkBehavioral": { + "description": "ProfileNetworkBehavioral represents the behavioral data learned for networking", + "properties": { + "dnsQueries": { + "description": "DNSQueries is the learned DNS queries.\n", + "items": { + "$ref": "#/components/schemas/runtime.DNSQuery" + }, + "type": "array" + }, + "listeningPorts": { + "description": "Listening is the learned listening ports.\n", + "items": { + "$ref": "#/components/schemas/runtime.AppListeningPorts" + }, + "type": "array" + }, + "outboundPorts": { + "$ref": "#/components/schemas/common.ProfilePortData" + } + }, + "type": "object" + }, + "runtime.ProfileNetworkGeoIP": { + "description": "ProfileNetworkGeoIP represents a cache of last ip-country pairs attached to each profile", + "properties": { + "countries": { + "description": "Countries is a list of ip addresses with their corresponding country codes.\n", + "items": { + "$ref": "#/components/schemas/runtime.GeoIP" + }, + "type": "array" + }, + "modified": { + "description": "Modified is the last modified time of the cache.\n", + "format": "date-time", + "type": "string" + } + }, + "type": "object" + }, + "runtime.ProfileNetworkStatic": { + "description": "ProfileNetworkStatic represent the static section of the networking profile", + "properties": { + "listeningPorts": { + "description": "Listening are the listening ports learned by static analysis.\n", + "items": { + "$ref": "#/components/schemas/runtime.AppListeningPorts" + }, + "type": "array" + } + }, + "type": "object" + }, + "runtime.ProfileProcess": { + "description": "ProfileProcess represents a single process data", + "properties": { + "command": { + "description": "Command is the executed command.\n", + "type": "string" + }, + "interactive": { + "description": "Interactive indicates whether the process belongs to an interactive session.\n", + "type": "boolean" + }, + "md5": { + "description": "MD5 is the process binary MD5 sum.\n", + "type": "string" + }, + "modified": { + "description": "Modified indicates the process binary was modified after the container has started.\n", + "type": "boolean" + }, + "path": { + "description": "Path is the process binary path.\n", + "type": "string" + }, + "ppath": { + "description": "PPath is the parent process path.\n", + "type": "string" + }, + "time": { + "description": "Time is the time in which the process was added. If the process was modified, Time is the modification time.\n", + "format": "date-time", + "type": "string" + }, + "user": { + "description": "User represents the username that started the process.\n", + "type": "string" + } + }, + "type": "object" + }, + "runtime.ProfileProcesses": { + "description": "ProfileProcesses represents the process data that is learned for a specific image", + "properties": { + "behavioral": { + "description": "Behavioral are process details learned from behavioral analysis.\n", + "items": { + "$ref": "#/components/schemas/runtime.ProfileProcess" + }, + "type": "array" + }, + "static": { + "description": "Static are process details learned from static analysis.\n", + "items": { + "$ref": "#/components/schemas/runtime.ProfileProcess" + }, + "type": "array" + } + }, + "type": "object" + }, + "runtime.RuleEffect": { + "description": "RuleEffect is the effect that will be used in the runtime rule", + "enum": [ + [ + "block", + "prevent", + "alert", + "disable" + ] + ], + "type": "string" + }, + "runtime.SSHEvent": { + "description": "SSHEvent represents an SSH event data", + "properties": { + "command": { + "description": "Command is the executed command.\n", + "type": "string" + }, + "country": { + "description": "Country represents the SSH client's origin country.\n", + "type": "string" + }, + "interactive": { + "description": "Interactive indicates whether the process belongs to an interactive session.\n", + "type": "boolean" + }, + "ip": { + "description": "IP address represents the connection client IP address.\n", + "type": "integer" + }, + "loginTime": { + "description": "LoginTime represents the SSH login time.\n", + "format": "int64", + "type": "integer" + }, + "md5": { + "description": "MD5 is the process binary MD5 sum.\n", + "type": "string" + }, + "modified": { + "description": "Modified indicates the process binary was modified after the container has started.\n", + "type": "boolean" + }, + "path": { + "description": "Path is the process binary path.\n", + "type": "string" + }, + "ppath": { + "description": "PPath is the parent process path.\n", + "type": "string" + }, + "time": { + "description": "Time is the time in which the process was added. If the process was modified, Time is the modification time.\n", + "format": "date-time", + "type": "string" + }, + "user": { + "description": "User represents the username that started the process.\n", + "type": "string" + } + }, + "type": "object" + }, + "runtime.SecretScrubbingSpec": { + "description": "SecretScrubbingSpec defined a single runtime secret scrubbing specification", + "properties": { + "disabled": { + "description": "Indicates whether the rule is currently disabled. Values: true (disabled) or false (enabled).\n", + "type": "boolean" + }, + "modified": { + "description": "Specifies the date and time when the rule was last modified.\n", + "format": "date-time", + "type": "string" + }, + "name": { + "description": "Name of the rule.\n", + "type": "string" + }, + "notes": { + "description": "Describes any noteworthy points for a rule. You can include any text.\n", + "type": "string" + }, + "owner": { + "description": "User who created or last modified the rule.\n", + "type": "string" + }, + "pattern": { + "description": "Pattern is the regex pattern to mask sensitive data.\n", + "type": "string" + }, + "placeholder": { + "description": "Placeholder is the placeholder text to replace the matched field content.\n", + "type": "string" + }, + "previousName": { + "description": "Previous name of the rule. Required for rule renaming.\n", + "type": "string" + } + }, + "type": "object" + }, + "runtime.ServerlessPolicy": { + "description": "ServerlessPolicy represents a serverless runtime policy enforced for a given running resource", + "properties": { + "_id": { + "description": "Internal identifier.\n", + "type": "string" + }, + "learningDisabled": { + "description": "Indicates whether automatic behavioural learning is enabled (true) or not (false).\n", + "type": "boolean" + }, + "rules": { + "description": "Rules in the policy.\n", + "items": { + "$ref": "#/components/schemas/runtime.ServerlessPolicyRule" + }, + "type": "array" + } + }, + "type": "object" + }, + "runtime.ServerlessPolicyRule": { + "description": "ServerlessPolicyRule represents a single rule in the serverless runtime policy", + "properties": { + "advancedProtection": { + "description": "Indicates whether advanced protection (e.g., custom or premium feeds for container, added whitelist rules for serverless) is enabled (true) or not (false).\n", + "type": "boolean" + }, + "cloudMetadataEnforcement": { + "description": "Catches containers that access the cloud provider metadata API.\n", + "type": "boolean" + }, + "collections": { + "description": "List of collections. Used to scope the rule.\n", + "items": { + "$ref": "#/components/schemas/collection.Collection" + }, + "type": "array" + }, + "customRules": { + "description": "List of custom runtime rules.\n", + "items": { + "$ref": "#/components/schemas/customrules.Ref" + }, + "type": "array" + }, + "disabled": { + "description": "Indicates whether the rule is currently disabled. Values: true (disabled) or false (enabled).\n", + "type": "boolean" + }, + "dns": { + "$ref": "#/components/schemas/runtime.DNSRule" + }, + "filesystem": { + "$ref": "#/components/schemas/runtime.FilesystemRule" + }, + "kubernetesEnforcement": { + "description": "Detects containers that attempt to compromise the orchestrator.\n", + "type": "boolean" + }, + "modified": { + "description": "Specifies the date and time when the rule was last modified.\n", + "format": "date-time", + "type": "string" + }, + "name": { + "description": "Name of the rule.\n", + "type": "string" + }, + "network": { + "$ref": "#/components/schemas/runtime.NetworkRule" + }, + "notes": { + "description": "Describes any noteworthy points for a rule. You can include any text.\n", + "type": "string" + }, + "owner": { + "description": "User who created or last modified the rule.\n", + "type": "string" + }, + "previousName": { + "description": "Previous name of the rule. Required for rule renaming.\n", + "type": "string" + }, + "processes": { + "$ref": "#/components/schemas/runtime.ProcessesRule" + }, + "skipExecSessions": { + "description": "Indicates whether to skip runtime validation for events triggered by docker/kubectl exec.\n", + "type": "boolean" + }, + "wildFireAnalysis": { + "$ref": "#/components/schemas/runtime.RuleEffect" + } + }, + "type": "object" + }, + "sandbox.ConnectionEvent": { + "description": "ConnectionEvent represents a network connection event", + "properties": { + "countryCode": { + "description": "CountryCode is the country code for the network IP.\n", + "type": "string" + }, + "ip": { + "description": "IP is the network IP.\n", + "type": "string" + }, + "port": { + "description": "Port is the network port.\n", + "type": "integer" + }, + "process": { + "$ref": "#/components/schemas/sandbox.ProcessEvent" + }, + "protocol": { + "description": "Protocol is the transport layer protocol (UDP / TCP).\n", + "type": "string" + }, + "time": { + "description": "Time is the event time.\n", + "format": "date-time", + "type": "string" + } + }, + "type": "object" + }, + "sandbox.DNSQueryEvent": { + "description": "DNSQueryEvent represents a DNS query event with it's connection details", + "properties": { + "countryCode": { + "description": "CountryCode is the country code for the network IP.\n", + "type": "string" + }, + "domainName": { + "description": "DomainName is the domain name for a DNS query.\n", + "type": "string" + }, + "domainType": { + "description": "DomainType is the domain type for a DNS query.\n", + "type": "string" + }, + "ip": { + "description": "IP is the network IP.\n", + "type": "string" + }, + "process": { + "$ref": "#/components/schemas/sandbox.ProcessEvent" + }, + "time": { + "description": "Time is the event time.\n", + "format": "date-time", + "type": "string" + } + }, + "type": "object" + }, + "sandbox.Event": { + "description": "Event is a single event in a chain that lead to finding detection", + "properties": { + "description": { + "description": "Description describes what happened in the event.\n", + "type": "string" + }, + "time": { + "description": "Time is the time of event detection.\n", + "format": "date-time", + "type": "string" + } + }, + "type": "object" + }, + "sandbox.FilesystemAccessType": { + "description": "FilesystemAccessType represents a type of accessing a file", + "enum": [ + [ + "open", + "modify", + "create" + ] + ], + "type": "string" + }, + "sandbox.FilesystemEvent": { + "description": "FilesystemEvent represents a filesystem event during sandbox scan", + "properties": { + "accessType": { + "$ref": "#/components/schemas/sandbox.FilesystemAccessType" + }, + "path": { + "description": "Path is the file path.\n", + "type": "string" + }, + "process": { + "$ref": "#/components/schemas/sandbox.ProcessEvent" + }, + "time": { + "description": "Time is the event time.\n", + "format": "date-time", + "type": "string" + } + }, + "type": "object" + }, + "sandbox.Finding": { + "description": "Finding represents a finding detected during sandbox scan", + "properties": { + "description": { + "description": "Description is the finding description.\n", + "type": "string" + }, + "events": { + "description": "Events are the events that lead to the finding detection.\n", + "items": { + "$ref": "#/components/schemas/sandbox.Event" + }, + "type": "array" + }, + "severity": { + "$ref": "#/components/schemas/sandbox.FindingSeverity" + }, + "time": { + "description": "Time is the detection time (time of triggering event).\n", + "format": "date-time", + "type": "string" + }, + "type": { + "$ref": "#/components/schemas/sandbox.FindingType" + } + }, + "type": "object" + }, + "sandbox.FindingSeverity": { + "description": "FindingSeverity represents a finding severity level", + "enum": [ + [ + "critical", + "high", + "medium", + "low" + ] + ], + "type": "string" + }, + "sandbox.FindingType": { + "description": "FindingType represents a unique sandbox-detected finding type", + "enum": [ + [ + "dropper", + "modifiedBinary", + "executableCreation", + "filelessExecutableCreation", + "wildFireMalware", + "verticalPortScan", + "cryptoMiner", + "suspiciousELFHeader", + "kernelModule", + "modifiedBinaryExecution", + "filelessExecution" + ] + ], + "type": "string" + }, + "sandbox.ListeningEvent": { + "description": "ListeningEvent represents a network listening event", + "properties": { + "port": { + "description": "Port is the network port.\n", + "type": "integer" + }, + "process": { + "$ref": "#/components/schemas/sandbox.ProcessEvent" + }, + "time": { + "description": "Time is the event time.\n", + "format": "date-time", + "type": "string" + } + }, + "type": "object" + }, + "sandbox.ProcessEvent": { + "description": "ProcessEvent represents a process event during sandbox scan", + "properties": { + "command": { + "description": "Command is the command line.\n", + "type": "string" + }, + "md5": { + "description": "MD5 is the md5 hash for the process binary.\n", + "type": "string" + }, + "parent": { + "$ref": "#/components/schemas/sandbox.ProcessInfo" + }, + "path": { + "description": "Path is the binary path.\n", + "type": "string" + }, + "time": { + "description": "Time is the process start time.\n", + "format": "date-time", + "type": "string" + }, + "user": { + "description": "User is the username/id.\n", + "type": "string" + } + }, + "type": "object" + }, + "sandbox.ProcessInfo": { + "description": "ProcessInfo holds process information", + "properties": { + "command": { + "description": "Command is the command line.\n", + "type": "string" + }, + "md5": { + "description": "MD5 is the md5 hash for the process binary.\n", + "type": "string" + }, + "path": { + "description": "Path is the binary path.\n", + "type": "string" + }, + "time": { + "description": "Time is the process start time.\n", + "format": "date-time", + "type": "string" + }, + "user": { + "description": "User is the username/id.\n", + "type": "string" + } + }, + "type": "object" + }, + "sandbox.ScanResult": { + "description": "ScanResult represents sandbox scan results", + "properties": { + "_id": { + "description": "ID is a unique scan identifier.\n", + "type": "string" + }, + "collections": { + "description": "Collections to which this result applies.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "connection": { + "description": "Connection is a list of connection events detected during this scan.\n", + "items": { + "$ref": "#/components/schemas/sandbox.ConnectionEvent" + }, + "type": "array" + }, + "dns": { + "description": "DNS is a list of DNS queries detected during this scan.\n", + "items": { + "$ref": "#/components/schemas/sandbox.DNSQueryEvent" + }, + "type": "array" + }, + "entrypoint": { + "description": "Entrypoint is the command executed in the sandbox scan.\n", + "type": "string" + }, + "filesystem": { + "description": "Filesystem is a list of filesystem events detected during this scan.\n", + "items": { + "$ref": "#/components/schemas/sandbox.FilesystemEvent" + }, + "type": "array" + }, + "findings": { + "description": "Findings are the detected findings during scan.\n", + "items": { + "$ref": "#/components/schemas/sandbox.Finding" + }, + "type": "array" + }, + "image": { + "$ref": "#/components/schemas/shared.ImageInfo" + }, + "imageName": { + "description": "ImageName is the image name (e.g. registry/repo:tag).\n", + "type": "string" + }, + "listening": { + "description": "Listening is a list of listening events detected during this scan.\n", + "items": { + "$ref": "#/components/schemas/sandbox.ListeningEvent" + }, + "type": "array" + }, + "pass": { + "description": "Pass indicates if the scan passed or failed.\n", + "type": "boolean" + }, + "procs": { + "description": "Procs are the different detected process during this scan.\n", + "items": { + "$ref": "#/components/schemas/sandbox.ProcessEvent" + }, + "type": "array" + }, + "riskScore": { + "description": "RiskScore is the weighted total risk score.\n", + "format": "double", + "type": "number" + }, + "scanDuration": { + "description": "ScanDuration is the provided scan duration in nanoseconds.\n", + "format": "int64", + "type": "integer" + }, + "scanTime": { + "description": "Start is the scan start time.\n", + "format": "date-time", + "type": "string" + }, + "suspiciousFiles": { + "description": "SuspiciousFiles are suspicious files detected during scan.\n", + "items": { + "$ref": "#/components/schemas/sandbox.SuspiciousFile" + }, + "type": "array" + } + }, + "type": "object" + }, + "sandbox.SuspiciousFile": { + "description": "SuspiciousFile represents a suspicious file", + "properties": { + "containerPath": { + "description": "ContainerPath is the path of the file in the running container.\n", + "type": "string" + }, + "created": { + "description": "Created indicates if the file was created during runtime.\n", + "type": "boolean" + }, + "md5": { + "description": "MD5 is the file MD5 hash.\n", + "type": "string" + }, + "path": { + "description": "Path is the path to the copy of the file.\n", + "type": "string" + } + }, + "type": "object" + }, + "secrets.SecretScanMetrics": { + "description": "SecretScanMetrics represents metrics collected during secret scan", + "properties": { + "failedScans": { + "description": "FailedScans represents number of failed scans caused by scanner errors.\n", + "format": "int64", + "type": "integer" + }, + "foundSecrets": { + "description": "FoundSecrets represents number of detected secrets.\n", + "type": "integer" + }, + "scanTime": { + "description": "ScanTime represents cumulative secret scan time in microseconds.\n", + "format": "int64", + "type": "integer" + }, + "scanTimeouts": { + "description": "ScanTimeouts represents number of failed scans caused by timeout.\n", + "format": "int64", + "type": "integer" + }, + "scannedFileSize": { + "description": "ScannedFileSize represents accumulated size of scanned files.\n", + "format": "int64", + "type": "integer" + }, + "scannedFiles": { + "description": "ScannedFiles represents number of text files scanned for secrets.\n", + "format": "int64", + "type": "integer" + }, + "totalBytes": { + "description": "TotalBytes represents accumulated file size.\n", + "format": "int64", + "type": "integer" + }, + "totalFiles": { + "description": "TotalFiles represents number of files read for secrets.\n", + "format": "int64", + "type": "integer" + }, + "totalTime": { + "description": "TotalTime represents the total time in microseconds.\n", + "format": "int64", + "type": "integer" + }, + "typesCount": { + "additionalProperties": { + "$ref": "#/components/schemas/int" + }, + "description": "TypesCount represents distribution of secrets by its type.\n", + "type": "object" + } + }, + "type": "object" + }, + "serverless.ActionResources": { + "description": "ActionResources is a single action resources", + "properties": { + "resources": { + "description": "Resources are the resources granted to the action.\n", + "items": { + "$ref": "#/components/schemas/serverless.Resource" + }, + "type": "array" + }, + "serviceAPI": { + "$ref": "#/components/schemas/serverless.ServiceAPI" + } + }, + "type": "object" + }, + "serverless.AssociatedVersion": { + "description": "AssociatedVersion is a single function version associated with the alias", + "properties": { + "version": { + "description": "Version is the function version.\n", + "type": "string" + }, + "weight": { + "description": "Weight is the possibility that the function will be called when triggering the alias.\n", + "type": "string" + } + }, + "type": "object" + }, + "serverless.Condition": { + "description": "Condition contains limitations on resources, such as a specific prefix", + "properties": { + "conditions": { + "description": "Conditions contain the limitations.\n", + "items": { + "$ref": "#/components/schemas/shared.KeyValues" + }, + "type": "array" + }, + "name": { + "description": "Condition in AWS such as: StringLike, StringNotLike, StringEquals, StringNotEquals, StringEqualsIgnoreCase, StringNotEqualsIgnoreCase, ForAllValues:StringLike,...\n", + "type": "string" + } + }, + "type": "object" + }, + "serverless.FunctionInfo": { + "description": "FunctionInfo contains function information collected during function scan", + "properties": { + "Secrets": { + "description": "Secrets are paths to embedded secrets inside the image\nNote: capital letter JSON annotation is kept to avoid converting all images for backward-compatibility support.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "_id": { + "description": "ID of the function.\n", + "type": "string" + }, + "accountID": { + "description": "Cloud account ID.\n", + "type": "string" + }, + "allCompliance": { + "$ref": "#/components/schemas/vuln.AllCompliance" + }, + "applicationName": { + "description": "Name of the application with which the function is associated.\n", + "type": "string" + }, + "applications": { + "description": "Products in the image.\n", + "items": { + "$ref": "#/components/schemas/vuln.Application" + }, + "type": "array" + }, + "architecture": { + "description": "Architecture that the function supports.\n", + "type": "string" + }, + "baseImage": { + "description": "Image\u2019s base image name. Used when filtering the vulnerabilities by base images.\n", + "type": "string" + }, + "binaries": { + "description": "Binaries in the image.\n", + "items": { + "$ref": "#/components/schemas/shared.Binary" + }, + "type": "array" + }, + "cloudControllerAddress": { + "description": "Address of the TAS cloud controller API.\n", + "type": "string" + }, + "cloudMetadata": { + "$ref": "#/components/schemas/common.CloudMetadata" + }, + "clusterType": { + "$ref": "#/components/schemas/common.ClusterType" + }, + "clusters": { + "description": "Cluster names.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "collections": { + "description": "Matched function collections.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "complianceDistribution": { + "$ref": "#/components/schemas/vuln.Distribution" + }, + "complianceIssues": { + "description": "All the compliance issues.\n", + "items": { + "$ref": "#/components/schemas/vuln.Vulnerability" + }, + "type": "array" + }, + "complianceIssuesCount": { + "description": "Number of compliance issues.\n", + "type": "integer" + }, + "complianceRiskScore": { + "description": "Compliance risk score for the image.\n", + "format": "float", + "type": "number" + }, + "compressed": { + "description": "Compressed indicates if this image seems to be compressed - currently only relevant for buildah images.\n", + "type": "boolean" + }, + "compressedLayerTimes": { + "$ref": "#/components/schemas/shared.CompressedLayerTimes" + }, + "creationTime": { + "description": "Specifies the time of creation for the latest version of the image.\n", + "format": "date-time", + "type": "string" + }, + "defended": { + "description": "Indicates status of runtime defense. Covers both manually and automatically deployed function defense.\n", + "type": "boolean" + }, + "defenderLayerARN": { + "description": "Prisma Defender Layer ARN, if it exists.\n", + "type": "string" + }, + "description": { + "description": "User-provided description of the function.\n", + "type": "string" + }, + "distro": { + "description": "Full name of the distribution.\n", + "type": "string" + }, + "ecsClusterName": { + "description": "ECS cluster name.\n", + "type": "string" + }, + "envvars": { + "description": "Function environment variables.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "err": { + "description": "Description of an error that occurred during the scan.\n", + "type": "string" + }, + "externalLabels": { + "description": "Kubernetes external labels of all containers running this image.\n", + "items": { + "$ref": "#/components/schemas/common.ExternalLabel" + }, + "type": "array" + }, + "files": { + "description": "Files in the container.\n", + "items": { + "$ref": "#/components/schemas/shared.FileDetails" + }, + "type": "array" + }, + "firstScanTime": { + "description": "Specifies the time of the scan for the first version of the image. This time is preserved even after the version update.\n", + "format": "date-time", + "type": "string" + }, + "foundSecrets": { + "description": "FoundSecrets are secrets with metadata that were found in the secrets' scan. Requires json tag for reporting secrets from image scan.\n", + "items": { + "$ref": "#/components/schemas/vuln.Secret" + }, + "type": "array" + }, + "functionLayers": { + "description": "Layer ARNs used by this function.\n", + "items": { + "$ref": "#/components/schemas/serverless.LayerInfo" + }, + "type": "array" + }, + "functionTags": { + "description": "Cloud provider metadata tags.\n", + "items": { + "$ref": "#/components/schemas/common.ExternalLabel" + }, + "type": "array" + }, + "handler": { + "description": "Handler is the function handler.\n", + "type": "string" + }, + "hash": { + "description": "Hash of the function.\n", + "type": "string" + }, + "history": { + "description": "Docker image history.\n", + "items": { + "$ref": "#/components/schemas/shared.ImageHistory" + }, + "type": "array" + }, + "hostDevices": { + "description": "Map from host network device name to IP address.\n", + "items": { + "$ref": "#/components/schemas/common.NetworkDeviceIP" + }, + "type": "array" + }, + "hostname": { + "description": "Hostname of the scanner.\n", + "type": "string" + }, + "id": { + "description": "Image ID.\n", + "type": "string" + }, + "image": { + "$ref": "#/components/schemas/shared.Image" + }, + "installedProducts": { + "$ref": "#/components/schemas/shared.InstalledProducts" + }, + "invocations": { + "description": "Invocations is the function invocation count.\n", + "format": "double", + "type": "number" + }, + "isARM64": { + "description": "IsARM64 indicates if the architecture of the image is aarch64.\n", + "type": "boolean" + }, + "k8sClusterAddr": { + "description": "Endpoint of the Kubernetes API server.\n", + "type": "string" + }, + "labels": { + "description": "Image labels.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "lastModified": { + "description": "Date/time when the function was last modified.\n", + "format": "date-time", + "type": "string" + }, + "layers": { + "description": "Image's filesystem layers. Each layer is a SHA256 digest of the filesystem diff\nSee: https://windsock.io/explaining-docker-image-ids/.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "memory": { + "description": "Memory size, in MB, configured for the function.\n", + "format": "int64", + "type": "integer" + }, + "missingDistroVulnCoverage": { + "description": "Indicates if the image OS is covered in the IS (true) or not (false).\n", + "type": "boolean" + }, + "name": { + "description": "Name of the function.\n", + "type": "string" + }, + "namespaces": { + "description": "k8s namespaces of all the containers running this image.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "osDistro": { + "description": "Name of the OS distribution.\n", + "type": "string" + }, + "osDistroRelease": { + "description": "OS distribution release.\n", + "type": "string" + }, + "osDistroVersion": { + "description": "OS distribution version.\n", + "type": "string" + }, + "packageManager": { + "description": "Indicates if the package manager is installed for the OS.\n", + "type": "boolean" + }, + "packages": { + "description": "Packages which exist in the image.\n", + "items": { + "$ref": "#/components/schemas/shared.Packages" + }, + "type": "array" + }, + "platform": { + "description": "Platform is the function OS.\n", + "type": "string" + }, + "provider": { + "$ref": "#/components/schemas/common.CloudProvider" + }, + "pushTime": { + "description": "PushTime is the image push time to the registry.\n", + "format": "date-time", + "type": "string" + }, + "redHatNonRPMImage": { + "description": "RedHatNonRPMImage indicates whether the image is a Red Hat image with non-RPM content.\n", + "type": "boolean" + }, + "region": { + "description": "Function's region.\n", + "type": "string" + }, + "registryNamespace": { + "description": "IBM cloud namespace to which the image belongs.\n", + "type": "string" + }, + "registryTags": { + "description": "RegistryTags are the tags of the registry this image is stored.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "registryType": { + "description": "RegistryType indicates the registry type where the image is stored.\n", + "type": "string" + }, + "repoDigests": { + "description": "Digests of the image. Used for content trust (notary). Has one digest per tag.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "repoTag": { + "$ref": "#/components/schemas/shared.ImageTag" + }, + "resourceGroupName": { + "description": "Name of the resource group to which the resource belongs (only for Azure).\n", + "type": "string" + }, + "rhelRepos": { + "description": "RhelRepositories are the (RPM) repositories IDs from which the packages in this image were installed\nUsed for matching vulnerabilities by Red Hat CPEs.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "riskFactors": { + "$ref": "#/components/schemas/vulnerability.RiskFactors" + }, + "role": { + "description": "AWS execution role.\n", + "type": "string" + }, + "runtime": { + "description": "Runtime environment for the function (e.g., nodejs).\n", + "type": "string" + }, + "scanBuildDate": { + "description": "Scanner build date that published the image.\n", + "type": "string" + }, + "scanTime": { + "description": "Date/time when the scan of the function was performed.\n", + "format": "date-time", + "type": "string" + }, + "scanVersion": { + "description": "Scanner version that published the image.\n", + "type": "string" + }, + "scannerVersion": { + "description": "Scanner version.\n", + "type": "string" + }, + "secretScanMetrics": { + "$ref": "#/components/schemas/secrets.SecretScanMetrics" + }, + "startupBinaries": { + "description": "Binaries which are expected to run when the container is created from this image.\n", + "items": { + "$ref": "#/components/schemas/shared.Binary" + }, + "type": "array" + }, + "status": { + "description": "Status of the function (e.g., running).\n", + "type": "string" + }, + "tags": { + "description": "Tags associated with the given image.\n", + "items": { + "$ref": "#/components/schemas/shared.ImageTag" + }, + "type": "array" + }, + "timeout": { + "description": "Function execution time at which the function will be terminated.\n", + "format": "int64", + "type": "integer" + }, + "topLayer": { + "description": "SHA256 of the image's last layer that is the last element of the Layers field.\n", + "type": "string" + }, + "twistlockImage": { + "description": "Indicates if the image is a Twistlock image (true) or not (false).\n", + "type": "boolean" + }, + "type": { + "$ref": "#/components/schemas/shared.ScanType" + }, + "underlyingDistro": { + "description": "UnderlyingDistro is used in cases OS an OS is built on top of another, and we need to know both.\n", + "type": "string" + }, + "underlyingDistroRelease": { + "description": "UnderlyingDistroRelease is used in cases OS an OS is built on top of another, and we need to know both.\n", + "type": "string" + }, + "version": { + "description": "Version of the function.\n", + "type": "string" + }, + "vulnerabilities": { + "description": "CVE vulnerabilities of the image.\n", + "items": { + "$ref": "#/components/schemas/vuln.Vulnerability" + }, + "type": "array" + }, + "vulnerabilitiesCount": { + "description": "Total number of vulnerabilities.\n", + "type": "integer" + }, + "vulnerabilityDistribution": { + "$ref": "#/components/schemas/vuln.Distribution" + }, + "vulnerabilityRiskScore": { + "description": "Image's CVE risk score.\n", + "format": "float", + "type": "number" + } + }, + "type": "object" + }, + "serverless.LayerInfo": { + "description": "LayerInfo contains information about a lambda layer", + "properties": { + "id": { + "description": "ID of the layer.\n", + "type": "string" + }, + "name": { + "description": "Name of the layer.\n", + "type": "string" + }, + "version": { + "description": "Version of the layer.\n", + "type": "string" + } + }, + "type": "object" + }, + "serverless.Permissions": { + "description": "Permissions contain service function permissions", + "properties": { + "actions": { + "description": "Actions is API actions of the service that the function has access to.\n", + "items": { + "$ref": "#/components/schemas/serverless.ActionResources" + }, + "type": "array" + }, + "service": { + "description": "Service is the service name.\n", + "type": "string" + } + }, + "type": "object" + }, + "serverless.RadarData": { + "description": "RadarData represent all data relevant to the serverless radar", + "properties": { + "serverlessRadar": { + "description": "ServerlessRadar holds all radar entities.\n", + "items": { + "$ref": "#/components/schemas/serverless.RadarEntity" + }, + "type": "array" + } + }, + "type": "object" + }, + "serverless.RadarEntity": { + "description": "RadarEntity is the extended serverless radar entity", + "properties": { + "_id": { + "description": "ID is unique identifier of the function (for AWS - ARN).\n", + "type": "string" + }, + "accountID": { + "description": "AccountID is the cloud account ID.\n", + "type": "string" + }, + "alias": { + "description": "Alias states that the current entity is an alias of the function.\n", + "type": "boolean" + }, + "applicationName": { + "description": "ApplicationName is the name of the application the function is associated with.\n", + "type": "string" + }, + "associatedVersions": { + "description": "AssociatedVersions contain the alias associated versions, or empty if the entity isn't an alias.\n", + "items": { + "$ref": "#/components/schemas/serverless.AssociatedVersion" + }, + "type": "array" + }, + "collections": { + "description": "Collections are the matched function collections.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "complianceDistribution": { + "$ref": "#/components/schemas/vuln.Distribution" + }, + "credentialId": { + "description": "CredentialID is the id reference of the credential used.\n", + "type": "string" + }, + "defended": { + "description": "Defended denotes weather the function is defended by a serverless defender.\n", + "type": "boolean" + }, + "description": { + "description": "Description is the user provided description of the function.\n", + "type": "string" + }, + "incidentCount": { + "description": "IncidentCount is the number of incidents.\n", + "type": "integer" + }, + "invocations": { + "description": "Invocations is the function invocation count.\n", + "format": "double", + "type": "number" + }, + "lastModified": { + "description": "LastModified is the modification time of the function.\n", + "format": "date-time", + "type": "string" + }, + "name": { + "description": "Name is the name of the function.\n", + "type": "string" + }, + "networkCount": { + "description": "NetworkCount contain the runtime network events count.\n", + "type": "integer" + }, + "permissions": { + "description": "Permissions are the function permissions.\n", + "items": { + "$ref": "#/components/schemas/serverless.Permissions" + }, + "type": "array" + }, + "permissionsBoundary": { + "description": "PermissionsBoundary are limitations of the permissions, acting as AND.\n", + "items": { + "$ref": "#/components/schemas/serverless.Permissions" + }, + "type": "array" + }, + "processesCount": { + "description": "ProcessesCount contain the runtime processes events count.\n", + "type": "integer" + }, + "provider": { + "$ref": "#/components/schemas/common.CloudProvider" + }, + "region": { + "description": "Region is the region that was scanned, for example: GCP - \"us-east-1\", Azure - \"westus\".\n", + "type": "string" + }, + "runtime": { + "description": "Runtime is runtime environment for the function, i.e. nodejs.\n", + "type": "string" + }, + "scanned": { + "description": "Scanned indicates if the function was scanned for vulnerabilities and compliance.\n", + "type": "boolean" + }, + "tags": { + "description": "Tags are the cloud provider metadata tags.\n", + "items": { + "$ref": "#/components/schemas/common.ExternalLabel" + }, + "type": "array" + }, + "triggers": { + "description": "Triggers contain invocation paths for functions.\n", + "items": { + "$ref": "#/components/schemas/serverless.Triggers" + }, + "type": "array" + }, + "version": { + "description": "Version is the version of the function, or the alias name if it's an alias.\n", + "type": "string" + }, + "vulnerabilityDistribution": { + "$ref": "#/components/schemas/vuln.Distribution" + } + }, + "type": "object" + }, + "serverless.RadarFilter": { + "description": "RadarFilter contains filter options for serverless radar entities", + "properties": { + "accountIDs": { + "description": "AccountIDs are cloud provider account IDs with discovered entities.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "credentials": { + "description": "Credentials are cloud provider credential ID's with discovered entities.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "provider": { + "$ref": "#/components/schemas/common.CloudProvider" + }, + "regions": { + "description": "Regions are cloud provider regions with discovered entities.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + "type": "object" + }, + "serverless.Resource": { + "description": "Resource is a single action resources", + "properties": { + "allow": { + "description": "Allow states if the resource is allowed or denied.\n", + "type": "boolean" + }, + "condition": { + "description": "Conditions contain limitations on resources, such as a specific prefix.\n", + "items": { + "$ref": "#/components/schemas/serverless.Condition" + }, + "type": "array" + }, + "name": { + "description": "Name is the resource name.\n", + "type": "string" + }, + "negate": { + "description": "Negate indicates that the policy apply to all except the given resource.\n", + "type": "boolean" + } + }, + "type": "object" + }, + "serverless.ServiceAPI": { + "description": "ServiceAPI describes a service API", + "properties": { + "api": { + "description": "API is the service API.\n", + "type": "string" + }, + "negate": { + "description": "Negate indicates the policy apply to all APIs except the given API.\n", + "type": "boolean" + }, + "service": { + "description": "Service is the AWS service.\n", + "type": "string" + } + }, + "type": "object" + }, + "serverless.Trigger": { + "description": "Trigger contains function triggers", + "properties": { + "properties": { + "description": "Properties are the trigger properties. There may be multiple values per key, for example AWS S3 event types: ObjectCreatedByPost, ObjectCreatedByCopy, ObjectCreatedByPut.\n", + "items": { + "$ref": "#/components/schemas/shared.KeyValues" + }, + "type": "array" + }, + "sourceID": { + "description": "SourceID is the id of the service instance that caused the trigger. For example AWS S3 bucket ARN, AWS apigateway ARN, etc.\n", + "type": "string" + } + }, + "type": "object" + }, + "serverless.Triggers": { + "description": "Triggers contain a service function triggers", + "properties": { + "service": { + "description": "Service is the service name.\n", + "type": "string" + }, + "triggers": { + "description": "Triggers are the function invocation paths from the service.\n", + "items": { + "$ref": "#/components/schemas/serverless.Trigger" + }, + "type": "array" + } + }, + "type": "object" + }, + "shared.AISOperationType": { + "description": "AISOperationType represents a scan operation type", + "enum": [ + [ + "discovery", + "create-snapshot", + "deploy-scanner", + "cleanup" + ] + ], + "type": "string" + }, + "shared.ActivityType": { + "description": "ActivityType is the type of user activity", + "enum": [ + [ + "app restart", + "app install", + "app modified", + "cron modified", + "system update", + "system reboot", + "source modified", + "source added", + "iptables changed", + "secret modified", + "login", + "sudo", + "accounts modified", + "sensitive files modified", + "docker" + ] + ], + "type": "string" + }, + "shared.AgentlessAccountScanStatus": { + "description": "AgentlessAccountScanStatus represents agentless cloud account scan status", + "type": "integer" + }, + "shared.AgentlessAccountState": { + "description": "AgentlessAccountState holds the information about the agentless account state", + "properties": { + "lastScan": { + "description": "LastScan is a timestamp of the end of the last scan.\n", + "format": "date-time", + "type": "string" + }, + "regions": { + "description": "Regions is an array of regions scanned in account.\n", + "items": { + "$ref": "#/components/schemas/shared.AgentlessRegionState" + }, + "type": "array" + }, + "scanStatus": { + "$ref": "#/components/schemas/shared.AgentlessAccountScanStatus" + } + }, + "type": "object" + }, + "shared.AgentlessHostTag": { + "description": "AgentlessHostTag is the tag to be checked on a discovered host", + "properties": { + "key": { + "description": "Key is the tag key.\n", + "type": "string" + }, + "value": { + "description": "Value is the tag value.\n", + "type": "string" + } + }, + "type": "object" + }, + "shared.AgentlessRegionState": { + "description": "AgentlessRegionState holds information about the statuses scans in a region", + "properties": { + "availabilityDomain": { + "description": "AvailabilityDomain is the code name of OCI availabilityDomain.\n", + "type": "string" + }, + "errorsInfo": { + "description": "ErrorsInfo holds information about the errors that occured during in region scan.\n", + "items": { + "$ref": "#/components/schemas/shared.ScanErrorInfo" + }, + "type": "array" + }, + "lastScan": { + "description": "LastScan is a timestamp of the end of the last scan.\n", + "format": "date-time", + "type": "string" + }, + "region": { + "description": "Region is the code name of the region.\n", + "type": "string" + }, + "scanCoverage": { + "$ref": "#/components/schemas/shared.AgentlessScanHostCoverage" + }, + "scanID": { + "description": "ScanID is the id of scan cycle the region was last scanned in.\n", + "type": "integer" + }, + "score": { + "description": "Score is an aggregated score of the errors in the region.\n", + "type": "integer" + } + }, + "type": "object" + }, + "shared.AgentlessScanHostCoverage": { + "description": "AgentlessScanHostCoverage contains the scan coverage stats", + "properties": { + "excluded": { + "description": "Excluded is the number of hosts that were excluded from the scan.\n", + "type": "integer" + }, + "issued": { + "description": "Issued is the number of hosts that are failed to scanned.\n", + "type": "integer" + }, + "pending": { + "description": "Pending is the number of hosts that are pending ais scan.\n", + "type": "integer" + }, + "successful": { + "description": "Successful is the number of hosts that were successfully scanned.\n", + "type": "integer" + }, + "unsupported": { + "description": "Unsupported is the number of hosts that are unsupported.\n", + "type": "integer" + } + }, + "type": "object" + }, + "shared.AgentlessScanSpecification": { + "description": "AgentlessScanSpecification contains information for setting up an agentless scan for a group of accounts", + "properties": { + "autoScale": { + "description": "AutoScale indicates that the number of concurrent scanners should be selected automatically.\n", + "type": "boolean" + }, + "cloudScan": { + "description": "CloudScan indicates whether the account is being scanned with prisma.\n", + "type": "boolean" + }, + "consoleAddr": { + "description": "ConsoleAddr is a network-accessible address that scanners can use to publish scan results to Console.\n", + "type": "string" + }, + "customTags": { + "description": "CustomTags are optional tags that can be added to the resources created by the scan.\n", + "items": { + "$ref": "#/components/schemas/shared.AgentlessHostTag" + }, + "type": "array" + }, + "enabled": { + "description": "Enabled indicates whether agentless scanning is enabled.\n", + "type": "boolean" + }, + "excludedTags": { + "description": "ExcludedTags are the tags used to exclude instances from the scan.\n", + "items": { + "$ref": "#/components/schemas/shared.AgentlessHostTag" + }, + "type": "array" + }, + "hubAccount": { + "description": "HubAccount indicates whether the account is configured as a hub account.\n", + "type": "boolean" + }, + "hubCredentialID": { + "description": "HubCredentialID is the ID of the credentials in the credentials store to use for authenticating with the cloud provider on behalf of the scan hub account. Optional.\n", + "type": "string" + }, + "includedTags": { + "description": "IncludedTags are tags that are used to filter hosts to scan. If set, only hosts that have one or more of these tags are scanned.\n", + "items": { + "$ref": "#/components/schemas/shared.AgentlessHostTag" + }, + "type": "array" + }, + "ociCompartment": { + "description": "OCICompartment is the resource group that holds all scan related resources for OCI.\n", + "type": "string" + }, + "ociExcludedCompartments": { + "description": "OCIExcludedCompartments are the compartments excluded from scan (OCI).\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "ociVcn": { + "description": "OCIVcn is the Virtual Cloud Network to use for the instance launched for scanning. Default value is empty string, which represents the default VCN.\n", + "type": "string" + }, + "proxyAddress": { + "description": "ProxyAddress is the optional HTTP proxy address for a setup that includes a proxy server.\n", + "type": "string" + }, + "proxyCA": { + "description": "ProxyCA is the optional proxy CA certificate for a setup that includes a TLS proxy.\n", + "type": "string" + }, + "regions": { + "description": "Regions are the cloud provider regions applicable for the scan. Default is all.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "scanNonRunning": { + "description": "ScanNonRunning indicates whether to scan non running instances.\n", + "type": "boolean" + }, + "scanners": { + "description": "Scanners is the number of concurrent scanners to perform the scan (when auto-scale is off).\n", + "type": "integer" + }, + "securityGroup": { + "description": "SecurityGroup is the security group that scanners should use (for isolation and internet access). Default is empty value to use the cloud account default security group.\n", + "type": "string" + }, + "skipPermissionsCheck": { + "description": "SkipPermissionsCheck indicates whether permissions check should be skipped for the account. This allows users to attempt scanning when permissions check fails.\n", + "type": "boolean" + }, + "subnet": { + "description": "Subnet is the network subnet to use for the instance launched for scanning. Default value is empty string, which represents the default subnet in the default VPC.\n", + "type": "string" + } + }, + "type": "object" + }, + "shared.AlertThreshold": { + "description": "AlertThreshold is the vulnerability policy alert threshold\nThreshold values typically vary between 0 and 10 (noninclusive)", + "properties": { + "disabled": { + "description": "Suppresses alerts for all vulnerabilities (true).\n", + "type": "boolean" + }, + "value": { + "description": "Minimum severity to trigger alerts. Supported values range from 0 to 9, where 0=off, 1=low, 4=medium, 7=high, and 9=critical.\n", + "format": "float", + "type": "number" + } + }, + "type": "object" + }, + "shared.AllowedCVE": { + "description": "AllowedCVE is a CVE to ignore across the product", + "properties": { + "cve": { + "description": "CVE is the CVE to allow.\n", + "type": "string" + }, + "description": { + "description": "Description is the description of why this CVE is allowed.\n", + "type": "string" + }, + "expiration": { + "description": "Expiration is the expiration date for the allowed CVE.\n", + "format": "date-time", + "type": "string" + } + }, + "type": "object" + }, + "shared.AppEmbeddedEmbedRequest": { + "description": "AppEmbeddedEmbedRequest represents the arguments required for a AppEmbedded defender embed request", + "properties": { + "appID": { + "description": "AppID identifies the app that the embedded app defender defender is protecting.\n", + "type": "string" + }, + "consoleAddr": { + "description": "ConsoleAddr is the console address.\n", + "type": "string" + }, + "dataFolder": { + "description": "DataFolder is the path to the Twistlock data folder in the container.\n", + "type": "string" + }, + "dockerfile": { + "description": "Dockerfile is the Dockerfile to embed AppEmbedded defender into.\n", + "type": "string" + }, + "filesystemMonitoring": { + "description": "FilesystemMonitoring is the flag of filesystem monitoring for this Defender.\n", + "type": "boolean" + } + }, + "type": "object" + }, + "shared.AppEmbeddedRuntimeProfile": { + "description": "AppEmbeddedRuntimeProfile represents the app embedded runtime profile", + "properties": { + "_id": { + "description": "ID is the profile ID.\n", + "type": "string" + }, + "appID": { + "description": "AppID is the app embedded defender name.\n", + "type": "string" + }, + "cloudMetadata": { + "$ref": "#/components/schemas/common.CloudMetadata" + }, + "cluster": { + "description": "Cluster is the ECS Fargate cluster name.\n", + "type": "string" + }, + "clusterType": { + "$ref": "#/components/schemas/common.ClusterType" + }, + "collections": { + "description": "Collections are collections to which this profile applies.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "container": { + "description": "Container is the app embedded container name.\n", + "type": "string" + }, + "image": { + "description": "Image is the image name.\n", + "type": "string" + }, + "imageID": { + "description": "ImageID is the image ID.\n", + "type": "string" + }, + "startTime": { + "description": "StartTime is the time when the defender starts.\n", + "format": "date-time", + "type": "string" + } + }, + "type": "object" + }, + "shared.AppFirewallAudit": { + "description": "AppFirewallAudit represents a firewall audit event", + "properties": { + "_id": { + "description": "ID is internal id representation.\n", + "type": "string" + }, + "accountID": { + "description": "AccountID is the cloud account ID where the audit was generated.\n", + "type": "string" + }, + "additionalHash": { + "description": "AdditionalHash for internal use only. This parameter is used to add an additional level of uniqueness to the audit.\n", + "type": "string" + }, + "appID": { + "description": "AppID is the application ID.\n", + "type": "string" + }, + "attackField": { + "$ref": "#/components/schemas/waas.HTTPField" + }, + "attackTechniques": { + "description": "AttackTechniques are the MITRE attack techniques.\n", + "items": { + "$ref": "#/components/schemas/mitre.Technique" + }, + "type": "array" + }, + "cloudProviderName": { + "$ref": "#/components/schemas/prisma.ServiceProvider" + }, + "cluster": { + "description": "Cluster is the cluster on which the audit was originated.\n", + "type": "string" + }, + "collections": { + "description": "Collections are collections to which this audit applies.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "connectingIPs": { + "description": "ConnectingIPs are the requests connecting IPs such as proxy and load-balancer.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "containerId": { + "description": "ContainerID is the firewall container ID.\n", + "type": "string" + }, + "containerName": { + "description": "ContainerName is the firewall container name.\n", + "type": "string" + }, + "count": { + "description": "Count is the number of audit occurrences.\n", + "type": "integer" + }, + "country": { + "description": "Country is the source IP country.\n", + "type": "string" + }, + "effect": { + "$ref": "#/components/schemas/waas.Effect" + }, + "eventID": { + "description": "EventID is the event identifier of the audit relevant request.\n", + "type": "string" + }, + "firewallType": { + "$ref": "#/components/schemas/waas.FirewallType" + }, + "fqdn": { + "description": "FQDN is the current hostname's FQDN.\n", + "type": "string" + }, + "function": { + "description": "Function is the name of the serverless function that caused the audit.\n", + "type": "string" + }, + "functionID": { + "description": "FunctionID is the id of the function called.\n", + "type": "string" + }, + "host": { + "description": "Host indicates this audit is either for host firewall or out of band firewall or agentless firewall.\n", + "type": "boolean" + }, + "hostname": { + "description": "Hostname is the current hostname.\n", + "type": "string" + }, + "imageID": { + "description": "ImageID is the firewall image ID.\n", + "type": "string" + }, + "imageName": { + "description": "ImageName is the firewall image name.\n", + "type": "string" + }, + "labels": { + "additionalProperties": { + "$ref": "#/components/schemas/string" + }, + "description": "Labels are the custom labels associated with the container.\n", + "type": "object" + }, + "method": { + "description": "HTTPMethod is the request HTTP method.\n", + "type": "string" + }, + "modelPath": { + "description": "ModelPath for internal use only. This parameter is a correlated path for the mapped API Model.\n", + "type": "string" + }, + "msg": { + "description": "Message is the blocking message text.\n", + "type": "string" + }, + "ns": { + "description": "Namespaces are the k8s namespaces.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "os": { + "description": "OS is the operating system distribution.\n", + "type": "string" + }, + "owaspAPITop10": { + "$ref": "#/components/schemas/waas.OWASPAPITop10" + }, + "owaspTop10": { + "$ref": "#/components/schemas/waas.OWASPTop10" + }, + "prismaAccountID": { + "description": "PrismaAccountID is the Prisma format account ID.\n", + "type": "string" + }, + "prismaCloudProvider": { + "$ref": "#/components/schemas/prisma.CloudType" + }, + "prismaRegion": { + "description": "PrismaRegion is the Prisma format cloud region.\n", + "type": "string" + }, + "profileId": { + "description": "ProfileID is the profile of the audit.\n", + "type": "string" + }, + "protection": { + "$ref": "#/components/schemas/waas.Protection" + }, + "provider": { + "$ref": "#/components/schemas/common.CloudProvider" + }, + "rawEvent": { + "description": "RawEvent contains unparsed function handler event input.\n", + "type": "string" + }, + "region": { + "description": "Region is the name of the region in which the serverless function is located.\n", + "type": "string" + }, + "requestHeaderNames": { + "description": "RequestHeaderNames are the request header names.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "requestHeaders": { + "description": "RequestHeaders represent the request headers.\n", + "type": "string" + }, + "requestHost": { + "description": "RequestHost is the request host.\n", + "type": "string" + }, + "requestID": { + "description": "RequestID is lambda function invocation request id.\n", + "type": "string" + }, + "resource": { + "$ref": "#/components/schemas/common.RuntimeResource" + }, + "responseHeaderNames": { + "description": "ResponseHeaderNames are the response header names.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "ruleAppID": { + "description": "RuleAppID is the ID of the rule's app that was applied.\n", + "type": "string" + }, + "ruleName": { + "description": "RuleName is the name of the rule that was applied.\n", + "type": "string" + }, + "runtime": { + "$ref": "#/components/schemas/shared.LambdaRuntimeType" + }, + "statusCode": { + "description": "StatusCode is the response status code.\n", + "type": "integer" + }, + "subnet": { + "description": "Subnet is the source IP subnet.\n", + "type": "string" + }, + "time": { + "description": "Time is the UTC time of the audit event.\n", + "format": "date-time", + "type": "string" + }, + "type": { + "$ref": "#/components/schemas/waas.AttackType" + }, + "url": { + "description": "URL is the requests full URL (partial on server side - path and query only).\n", + "type": "string" + }, + "urlPath": { + "description": "URLPath is the requests url path.\n", + "type": "string" + }, + "urlQuery": { + "description": "URLQuery is the requests url query.\n", + "type": "string" + }, + "userAgentHeader": { + "description": "UserAgentHeader is the requests User-Agent header.\n", + "type": "string" + }, + "version": { + "description": "Version is the defender version.\n", + "type": "string" + }, + "workloadAssetType": { + "$ref": "#/components/schemas/prisma.AssetType" + }, + "workloadExternalResourceID": { + "description": "WorkloadExternalResourceID is the workload external resource ID (Asset External ID).\n", + "type": "string" + } + }, + "type": "object" + }, + "shared.Audit": { + "description": "Audit represents an event in the system", + "properties": { + "accountID": { + "description": "AccountID is the cloud account ID where the audit was created.\n", + "type": "string" + }, + "allow": { + "description": "Allow indicates whether the command was allowe or denied.\n", + "type": "boolean" + }, + "api": { + "description": "API is the api that is being audited.\n", + "type": "string" + }, + "cluster": { + "description": "Cluster is the cluster from which the audit originated.\n", + "type": "string" + }, + "collections": { + "description": "Collections are collections to which this audit applies.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "containerName": { + "description": "ContainerName is the name of the container.\n", + "type": "string" + }, + "fqdn": { + "description": "FQDN is the fully qualified domain name from which the audit originated.\n", + "type": "string" + }, + "hostname": { + "description": "Hostname is the hostname from which the audit originated.\n", + "type": "string" + }, + "imageName": { + "description": "ImageName is the name of the image.\n", + "type": "string" + }, + "labels": { + "additionalProperties": { + "$ref": "#/components/schemas/string" + }, + "description": "Labels are the labels associated with the target audit (for containers/images).\n", + "type": "object" + }, + "msg": { + "description": "Msg is the message explaining the audit.\n", + "type": "string" + }, + "namespace": { + "description": "Namespace is the container namespace.\n", + "type": "string" + }, + "ruleName": { + "description": "RulesName is contains the name of the rule that was applied, when blocked.\n", + "type": "string" + }, + "sourceIP": { + "description": "SourceIP is the remote agent's source IP.\n", + "type": "string" + }, + "time": { + "description": "Time is the UTC time of the audit event.\n", + "format": "date-time", + "type": "string" + }, + "type": { + "description": "Type is the audit type.\n", + "type": "string" + }, + "user": { + "description": "User is the user that run the command.\n", + "type": "string" + } + }, + "type": "object" + }, + "shared.BackupSpec": { + "description": "BackupSpec is the backup specification", + "properties": { + "id": { + "description": "ID is the full backup file name, used as the instance id in API calls.\n", + "type": "string" + }, + "name": { + "description": "Name is the backup name.\n", + "type": "string" + }, + "release": { + "description": "Release is the backup release.\n", + "type": "string" + }, + "time": { + "description": "Time is the backup creation time.\n", + "format": "date-time", + "type": "string" + } + }, + "type": "object" + }, + "shared.Binary": { + "description": "Binary represents a detected binary file (ELF)", + "properties": { + "altered": { + "description": "Indicates if the binary was installed from a package manager and modified/replaced (true) or not (false).\n", + "type": "boolean" + }, + "cveCount": { + "description": "Total number of CVEs for this specific binary.\n", + "type": "integer" + }, + "deps": { + "description": "Third-party package files which are used by the binary.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "fileMode": { + "description": "Represents the file's mode and permission bits.\n", + "type": "integer" + }, + "functionLayer": { + "description": "ID of the serverless layer in which the package was discovered.\n", + "type": "string" + }, + "md5": { + "description": "Md5 hashset of the binary.\n", + "type": "string" + }, + "missingPkg": { + "description": "Indicates if this binary is not related to any package (true) or not (false).\n", + "type": "boolean" + }, + "name": { + "description": "Name of the binary.\n", + "type": "string" + }, + "path": { + "description": "Path is the path of the binary.\n", + "type": "string" + }, + "pkgRootDir": { + "description": "Path for searching packages used by the binary.\n", + "type": "string" + }, + "services": { + "description": "Names of services which use the binary.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "version": { + "description": "Version of the binary.\n", + "type": "string" + } + }, + "type": "object" + }, + "shared.BlockThreshold": { + "description": "BlockThreshold is the vulnerability policy block threshold\nThreshold values typically vary between 0 and 10 (noninclusive)", + "properties": { + "enabled": { + "description": "Enables blocking (true).\n", + "type": "boolean" + }, + "value": { + "description": "Minimum severity to trigger blocking. Supported values range from 0 to 9, where 0=off, 1=low, 4=medium, 7=high, and 9=critical.\n", + "format": "float", + "type": "number" + } + }, + "type": "object" + }, + "shared.CLIScanResult": { + "description": "CLIScanResult describes a CLI scan result", + "properties": { + "_id": { + "description": "ID of the scan result.\n", + "type": "string" + }, + "build": { + "description": "CI build.\n", + "type": "string" + }, + "complianceFailureSummary": { + "description": "Scan compliance failure summary.\n", + "type": "string" + }, + "entityInfo": { + "$ref": "#/components/schemas/shared.ImageScanResult" + }, + "jobName": { + "description": "CI job name.\n", + "type": "string" + }, + "pass": { + "description": "Indicates if the scan passed (true) or failed (false).\n", + "type": "boolean" + }, + "time": { + "description": "Time of the scan.\n", + "format": "date-time", + "type": "string" + }, + "version": { + "description": "Scanner version.\n", + "type": "string" + }, + "vulnFailureSummary": { + "description": "Scan vulnerability failure summary.\n", + "type": "string" + } + }, + "type": "object" + }, + "shared.CVEAllowList": { + "description": "CVEAllowList is a collection of allowed CVE's", + "properties": { + "_id": { + "description": "ID is the id of the feed.\n", + "type": "string" + }, + "digest": { + "description": "Digest is the feed digest.\n", + "type": "string" + }, + "rules": { + "description": "Rules is the list of allowed CVEs.\n", + "items": { + "$ref": "#/components/schemas/shared.AllowedCVE" + }, + "type": "array" + } + }, + "type": "object" + }, + "shared.CVERule": { + "description": "CVERule is a vuln rule for specific vulnerability", + "properties": { + "description": { + "description": "Free-form text for documenting the exception.\n", + "type": "string" + }, + "effect": { + "$ref": "#/components/schemas/vuln.Effect" + }, + "expiration": { + "$ref": "#/components/schemas/vuln.ExpirationDate" + }, + "id": { + "description": "CVE ID.\n", + "type": "string" + } + }, + "type": "object" + }, + "shared.CloudDiscoveryAccount": { + "description": "CloudDiscoveryAccount holds data about a discovered account", + "properties": { + "accountName": { + "description": "AccountName is the cloud account name.\n", + "type": "string" + }, + "agentless": { + "description": "Agentless indicates whether the account is scan by agentless.\n", + "type": "boolean" + }, + "credentialId": { + "description": "CredentialID is the id reference of the credential used.\n", + "type": "string" + } + }, + "type": "object" + }, + "shared.CloudDiscoveryEntity": { + "description": "CloudDiscoveryEntity holds data about a discovered entity", + "properties": { + "accountID": { + "description": "AccountID is the cloud provider account ID.\n", + "type": "string" + }, + "activeServicesCount": { + "description": "ActiveServicesCount is the number of active services in ecs cluster.\n", + "format": "int64", + "type": "integer" + }, + "arn": { + "description": "The Amazon Resource Name (ARN) assigned to the entity.\n", + "type": "string" + }, + "collections": { + "description": "Collections are the matched result collections.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "containerGroup": { + "description": "ContainerGroup is the azure aci container group the container belongs to.\n", + "type": "string" + }, + "createdAt": { + "description": "CreatedAt is the time when the entity was created.\n", + "format": "date-time", + "type": "string" + }, + "defended": { + "description": "Defended indicates if the entity is defended.\n", + "type": "boolean" + }, + "endpoints": { + "description": "Endpoints are the cluster endpoints.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "image": { + "description": "Image is the image of an aci container.\n", + "type": "string" + }, + "lastModified": { + "description": "LastModified is the modification time of the function.\n", + "format": "date-time", + "type": "string" + }, + "name": { + "description": "Name is the name of the entity.\n", + "type": "string" + }, + "nodesCount": { + "description": "NodesCount is the number of nodes in the cluster (aks, gke).\n", + "type": "integer" + }, + "provider": { + "$ref": "#/components/schemas/common.CloudProvider" + }, + "region": { + "description": "Region is the region that was scanned, for example: GCP - \"us-east-1\", Azure - \"westus\".\n", + "type": "string" + }, + "registry": { + "description": "Registry is the Azure registry that was scanned, for example: testcloudscanregistry.azurecr.io.\n", + "type": "string" + }, + "resourceGroup": { + "description": "ResourceGroup is the the azure resource group containing the entity.\n", + "type": "string" + }, + "runningTasksCount": { + "description": "RunningTasksCount is the number of running tasks in ecs cluster.\n", + "format": "int64", + "type": "integer" + }, + "runtime": { + "description": "Runtime is runtime environment for the function, i.e. nodejs.\n", + "type": "string" + }, + "serviceType": { + "$ref": "#/components/schemas/shared.ScanResultType" + }, + "status": { + "description": "Status is the current status of entity.\n", + "type": "string" + }, + "timestamp": { + "description": "Timestamp is the time in which the instance info was fetched.\n", + "format": "date-time", + "type": "string" + }, + "version": { + "description": "Version is the version of the entity.\n", + "type": "string" + }, + "zone": { + "description": "Zone is the GCP zone that was scanned.\n", + "type": "string" + } + }, + "type": "object" + }, + "shared.CloudDiscoveryRadar": { + "description": "CloudDiscoveryRadar represents a cloud radar", + "properties": { + "accounts": { + "description": "Accounts is the number of accounts.\n", + "type": "integer" + }, + "agentlessDisabledAccounts": { + "description": "AgentlessDisabledAccounts is the number of accounts with agentless is disable.\n", + "type": "integer" + }, + "appEmbedded": { + "description": "AppEmbedded indicates whether the region includes app Embedded.\n", + "type": "boolean" + }, + "clusters": { + "description": "Clusters indicates whether the region includes clusters.\n", + "type": "boolean" + }, + "defended": { + "description": "Defended is the number of defended entities.\n", + "type": "integer" + }, + "errCount": { + "description": "ErrCount is the number of errors.\n", + "type": "integer" + }, + "functions": { + "description": "Functions indicates whether the region includes functions.\n", + "type": "boolean" + }, + "nodes": { + "description": "NodesCount is the number of nodes.\n", + "type": "integer" + }, + "provider": { + "$ref": "#/components/schemas/common.CloudProvider" + }, + "region": { + "description": "Region is the region that was scanned, for example: GCP - \"us-east-1\", Azure - \"westus\".\n", + "type": "string" + }, + "registries": { + "description": "Registries indicates whether the region includes registries.\n", + "type": "boolean" + }, + "total": { + "description": "Total is total number of entities found in cloud scan.\n", + "type": "integer" + }, + "vms": { + "description": "VMs indicates whether the region includes VMs.\n", + "type": "boolean" + } + }, + "type": "object" + }, + "shared.CloudDiscoveryResult": { + "description": "CloudDiscoveryResult represents a cloud scan result for a specific cloud provider, service and region", + "properties": { + "accountID": { + "description": "AccountID is the cloud account ID.\n", + "type": "string" + }, + "accountName": { + "description": "AccountName is the cloud account name.\n", + "type": "string" + }, + "agentless": { + "description": "Agentless indicates whether the account is scan by agentless.\n", + "type": "boolean" + }, + "collections": { + "description": "Collections are the matched result collections.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "credentialId": { + "description": "CredentialID is the id reference of the credential used.\n", + "type": "string" + }, + "defended": { + "description": "Defended is the number of defended entities (registries, functions, clusters).\n", + "type": "integer" + }, + "defenseCoverage": { + "description": "DefenseCoverage is the defense coverage percentage (0-100).\n", + "type": "integer" + }, + "err": { + "description": "Err holds any error found during a scan.\n", + "type": "string" + }, + "nodes": { + "description": "Nodes is the number of nodes.\n", + "type": "integer" + }, + "project": { + "description": "Project is the GCP project that was scanned.\n", + "type": "string" + }, + "provider": { + "$ref": "#/components/schemas/common.CloudProvider" + }, + "region": { + "description": "Region is the region that was scanned, for example: GCP - \"us-east-1\", Azure - \"westus\".\n", + "type": "string" + }, + "registry": { + "description": "Registry is the registry that was scanned, for example: testcloudscanregistry.azurecr.io.\n", + "type": "string" + }, + "registryTags": { + "additionalProperties": { + "$ref": "#/components/schemas/string" + }, + "description": "RegistryTags are the registry tags.\n", + "type": "object" + }, + "serviceType": { + "$ref": "#/components/schemas/shared.ScanResultType" + }, + "total": { + "description": "Total is total number of entities found in cloud scan.\n", + "type": "integer" + }, + "undefended": { + "description": "Undefended is the number of undefended entities (registries, functions, clusters).\n", + "type": "integer" + }, + "zone": { + "description": "Zone is the zone that was scanned, only relevant to GCP.\n", + "type": "string" + } + }, + "type": "object" + }, + "shared.CloudScanRule": { + "description": "CloudScanRule is a rule for discovery/compliance/serverless radar scanning", + "properties": { + "agentlessAccountState": { + "$ref": "#/components/schemas/shared.AgentlessAccountState" + }, + "agentlessScanSpec": { + "$ref": "#/components/schemas/shared.AgentlessScanSpecification" + }, + "awsRegionType": { + "$ref": "#/components/schemas/shared.RegionType" + }, + "complianceCheckIDs": { + "description": "ComplianceCheckIDs are the compliance checks IDs.\n", + "items": { + "$ref": "#/components/schemas/int" + }, + "type": "array" + }, + "credential": { + "$ref": "#/components/schemas/cred.Credential" + }, + "credentialId": { + "description": "CredentialID is the id reference of the credential.\n", + "type": "string" + }, + "deleted": { + "description": "Deleted reports whether the account is deleted.\n", + "type": "boolean" + }, + "discoverAllFunctionVersions": { + "description": "DiscoverAllFunctionVersions indicates whether serverless discovery and radar scans should scan all function versions or only latest.\n", + "type": "boolean" + }, + "discoveryEnabled": { + "description": "DiscoveryEnabled indicates whether discovery scan is enabled.\n", + "type": "boolean" + }, + "modified": { + "description": "Modified holds the last modified time (in Compute).\n", + "format": "int64", + "type": "integer" + }, + "organizationName": { + "description": "OrganizationName is the organization the account belongs to (if any).\n", + "type": "string" + }, + "prismaLastModified": { + "description": "PrismaLastModified reports the last time the account was modified by Prisma (unix milliseconds).\n", + "format": "int64", + "type": "integer" + }, + "serverlessRadarCap": { + "description": "ServerlessRadarCap is the maximum number of functions to scan in serverless radar.\n", + "type": "integer" + }, + "serverlessRadarEnabled": { + "description": "ServerlessRadarEnabled indicates whether serverless radar scan is enabled.\n", + "type": "boolean" + }, + "serverlessScanSpec": { + "$ref": "#/components/schemas/shared.ServerlessScanSpecification" + }, + "vmTagsEnabled": { + "description": "VMTagsEnabled indicates whether fetching VM instance tags is enabled.\n", + "type": "boolean" + } + }, + "type": "object" + }, + "shared.CodeRepoProviderType": { + "description": "CodeRepoProviderType is the type of provider for the code repository, e.g., GitHub, GitLab etc", + "enum": [ + [ + "github", + "CI" + ] + ], + "type": "string" + }, + "shared.CompressedLayerTimes": { + "description": "CompressedLayerTimes represent the compressed layer times of the image apps and pkgs", + "properties": { + "appTimes": { + "description": ".\n", + "items": { + "$ref": "#/components/schemas/int64" + }, + "type": "array" + }, + "pkgsTimes": { + "description": ".\n", + "items": { + "$ref": "#/components/schemas/shared.PkgsTimes" + }, + "type": "array" + } + }, + "type": "object" + }, + "shared.Conditions": { + "description": "Conditions contains rule conditions. Conditions apply only for their respective policy type", + "properties": { + "device": { + "description": "Allowed volume host device (wildcard). If a \"container create\" command specifies a non matching host device, th action is blocked. Only applies to rules in certain policy types.\n", + "type": "string" + }, + "readonly": { + "description": "Indicates if the condition applies only to read-only commands (i.e., HTTP GET requests) (true) or not (false).\n", + "type": "boolean" + }, + "vulnerabilities": { + "description": "Block and scan severity-based vulnerabilities conditions.\n", + "items": { + "$ref": "#/components/schemas/vuln.Condition" + }, + "type": "array" + } + }, + "type": "object" + }, + "shared.Connection": { + "description": "Connection is a radar internet connection", + "properties": { + "port": { + "description": ".\n", + "type": "integer" + }, + "protocol": { + "description": ".\n", + "type": "string" + } + }, + "type": "object" + }, + "shared.ContainerHistoryEvent": { + "description": "ContainerHistoryEvent is a container process event created by interactive user", + "properties": { + "_id": { + "description": "ID is the history event entity.\n", + "type": "string" + }, + "command": { + "description": "Command is the process that was executed.\n", + "type": "string" + }, + "hostname": { + "description": "Hostname is the hostname on which the command was invoked.\n", + "type": "string" + }, + "time": { + "description": "Time is the time of the event.\n", + "format": "date-time", + "type": "string" + } + }, + "type": "object" + }, + "shared.ContainerInfo": { + "description": "ContainerInfo contains all information gathered on a specific container", + "properties": { + "allCompliance": { + "$ref": "#/components/schemas/vuln.AllCompliance" + }, + "app": { + "description": "App is the app that is hosted in the container.\n", + "type": "string" + }, + "cloudMetadata": { + "$ref": "#/components/schemas/common.CloudMetadata" + }, + "cluster": { + "description": "Cluster is the provided cluster name.\n", + "type": "string" + }, + "clusterType": { + "$ref": "#/components/schemas/common.ClusterType" + }, + "complianceDistribution": { + "$ref": "#/components/schemas/vuln.Distribution" + }, + "complianceIssues": { + "description": "ComplianceIssues are all the container compliance issues.\n", + "items": { + "$ref": "#/components/schemas/vuln.Vulnerability" + }, + "type": "array" + }, + "complianceIssuesCount": { + "description": ".\n", + "type": "integer" + }, + "complianceRiskScore": { + "description": "ComplianceRiskScore is the container's compliance risk score.\n", + "format": "float", + "type": "number" + }, + "externalLabels": { + "description": "ExternalLabels is the external labels e.g., kubernetes namespace labels.\n", + "items": { + "$ref": "#/components/schemas/common.ExternalLabel" + }, + "type": "array" + }, + "id": { + "description": "ID is the container id.\n", + "type": "string" + }, + "image": { + "description": "Image is the canonical image name.\n", + "type": "string" + }, + "imageID": { + "description": "ImageID is the image id.\n", + "type": "string" + }, + "imageName": { + "description": "The image name as stated in the docker run command.\n", + "type": "string" + }, + "infra": { + "description": "Infra represents any container that belongs to the infrastructure.\n", + "type": "boolean" + }, + "installedProducts": { + "$ref": "#/components/schemas/shared.InstalledProducts" + }, + "labels": { + "description": "Labels are the container labels (https://docs.docker.com/engine/userguide/labels-custom-metadata/).\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "name": { + "description": "Name is the container name.\n", + "type": "string" + }, + "namespace": { + "description": "Namespace is the k8s deployment namespace.\n", + "type": "string" + }, + "network": { + "$ref": "#/components/schemas/shared.ContainerNetwork" + }, + "networkSettings": { + "$ref": "#/components/schemas/shared.DockerNetworkInfo" + }, + "processes": { + "description": "Processes are the processes that are running inside the container.\n", + "items": { + "$ref": "#/components/schemas/shared.ContainerProcess" + }, + "type": "array" + }, + "profileID": { + "description": "ProfileID is the container profile id.\n", + "type": "string" + }, + "sizeBytes": { + "description": ".\n", + "format": "int64", + "type": "integer" + }, + "startTime": { + "description": "StartTime is the starting time of the container.\n", + "format": "date-time", + "type": "string" + } + }, + "type": "object" + }, + "shared.ContainerNetwork": { + "description": "ContainerNetwork contains details about the container network (ports, IPs, type etc...)", + "properties": { + "ports": { + "description": "Ports are the ports details associated with the container.\n", + "items": { + "$ref": "#/components/schemas/shared.ContainerPort" + }, + "type": "array" + } + }, + "type": "object" + }, + "shared.ContainerNetworkFirewallProfileAudits": { + "description": "ContainerNetworkFirewallProfileAudits represents the container network firewall profile audits", + "properties": { + "_id": { + "description": "ProfileID is the runtime profile ID.\n", + "type": "string" + }, + "audits": { + "additionalProperties": { + "$ref": "#/components/schemas/shared.ContainerNetworkFirewallSubtypeAudits" + }, + "description": "Audits is a map from the audit sub-type to the audit events list.\n", + "type": "object" + }, + "cluster": { + "description": "Cluster is the cluster from which the audit originated.\n", + "type": "string" + }, + "collections": { + "description": "Collections are collections to which this audit applies.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "imageName": { + "description": "ImageName is the container image name.\n", + "type": "string" + }, + "label": { + "description": "Label represents the container deployment label.\n", + "type": "string" + }, + "os": { + "description": "OS is the operating system distribution.\n", + "type": "string" + }, + "resource": { + "$ref": "#/components/schemas/common.RuntimeResource" + }, + "time": { + "description": "Time is the UTC time of the last audit event.\n", + "format": "date-time", + "type": "string" + }, + "total": { + "description": "Total is the total count of audits per runtime profile.\n", + "type": "integer" + } + }, + "type": "object" + }, + "shared.ContainerNetworkFirewallSubtypeAudits": { + "description": "ContainerNetworkFirewallSubtypeAudits represents the container network firewall sub type audits per profile", + "properties": { + "audits": { + "description": "Audits are the container network firewall audits associated with the sub-type, limited to the determined capacity.\n", + "items": { + "$ref": "#/components/schemas/cnnf.ContainerAudit" + }, + "type": "array" + }, + "count": { + "description": "Count is the total count of the sub-type audits.\n", + "type": "integer" + } + }, + "type": "object" + }, + "shared.ContainerPort": { + "description": "ContainerPort represents the state of a port in a given container", + "properties": { + "container": { + "description": "Container is the mapped port inside the container.\n", + "type": "integer" + }, + "host": { + "description": "Host is the host port number.\n", + "type": "integer" + }, + "hostIP": { + "description": "HostIP is the host IP.\n", + "type": "string" + }, + "listening": { + "description": "Listening indicates whether the port is in listening mode.\n", + "type": "boolean" + }, + "nat": { + "description": "NAT indicates the port is exposed using NAT.\n", + "type": "boolean" + } + }, + "type": "object" + }, + "shared.ContainerProcess": { + "description": "ContainerProcess represents a process inside a container", + "properties": { + "name": { + "description": "Name is a process name.\n", + "type": "string" + } + }, + "type": "object" + }, + "shared.ContainerRadarIncomingConnection": { + "description": "ContainerRadarIncomingConnection is an incoming connection in the network radar", + "properties": { + "policyRules": { + "description": "PolicyRules are the policy rules that are applicable for source/dest. Used for radar display of connections deduced from policy rules.\n", + "items": { + "$ref": "#/components/schemas/cnnf.RadarPolicyRule" + }, + "type": "array" + }, + "ports": { + "description": "Ports are all the ports used by the sender.\n", + "items": { + "$ref": "#/components/schemas/common.PortData" + }, + "type": "array" + }, + "profileHash": { + "$ref": "#/components/schemas/common.ProfileHash" + }, + "profileID": { + "description": "ProfileID is the sender's profile ID.\n", + "type": "string" + } + }, + "type": "object" + }, + "shared.ContainerRuntimeProfile": { + "description": "ContainerRuntimeProfile represents the image runtime profile", + "properties": { + "_id": { + "description": "ID is the profile ID.\n", + "type": "string" + }, + "accountIDs": { + "description": "AccountIDs are the cloud account IDs associated with the container runtime profile.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "archived": { + "description": "Archive indicates whether this profile is archived.\n", + "type": "boolean" + }, + "capabilities": { + "$ref": "#/components/schemas/runtime.ContainerCapabilities" + }, + "cluster": { + "description": "Cluster is the provided cluster name.\n", + "type": "string" + }, + "collections": { + "description": "Collections are collections to which this profile applies.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "created": { + "description": "Created is the profile creation time.\n", + "format": "date-time", + "type": "string" + }, + "entrypoint": { + "description": "Entrypoint is the image entrypoint.\n", + "type": "string" + }, + "events": { + "description": "Events are the last historical interactive process events for this profile, they are updated in a designated flow.\n", + "items": { + "$ref": "#/components/schemas/shared.ContainerHistoryEvent" + }, + "type": "array" + }, + "filesystem": { + "$ref": "#/components/schemas/runtime.ProfileFilesystem" + }, + "hash": { + "$ref": "#/components/schemas/common.ProfileHash" + }, + "hostNetwork": { + "description": "HostNetwork whether the instance share the network namespace with the host.\n", + "type": "boolean" + }, + "hostPid": { + "description": "HostPid indicates whether the instance share the pid namespace with the host.\n", + "type": "boolean" + }, + "image": { + "description": "Image is the image name that represents the image.\n", + "type": "string" + }, + "imageID": { + "description": "ImageID is the profile's image ID.\n", + "type": "string" + }, + "infra": { + "description": "InfraContainer indicates this is an infrastructure container.\n", + "type": "boolean" + }, + "istio": { + "description": "Istio states whether it is an istio-monitored profile.\n", + "type": "boolean" + }, + "k8s": { + "$ref": "#/components/schemas/shared.ProfileKubernetesData" + }, + "label": { + "description": "Label is the profile's label.\n", + "type": "string" + }, + "lastUpdate": { + "description": "Modified is the last time when this profile was modified.\n", + "format": "date-time", + "type": "string" + }, + "learnedStartup": { + "description": "LearnedStartup indicates that startup events were learned.\n", + "type": "boolean" + }, + "namespace": { + "description": "Namespace is the k8s deployment namespace.\n", + "type": "string" + }, + "network": { + "$ref": "#/components/schemas/runtime.ProfileNetwork" + }, + "os": { + "description": "OS is the profile image OS.\n", + "type": "string" + }, + "processes": { + "$ref": "#/components/schemas/runtime.ProfileProcesses" + }, + "relearningCause": { + "description": "RelearningCause is a string that describes the reasoning for a profile to enter the learning mode after\nbeing activated.\n", + "type": "string" + }, + "remainingLearningDurationSec": { + "description": "RemainingLearningDurationSec represents the total time left that the system need to finish learning this image.\n", + "format": "double", + "type": "number" + }, + "state": { + "$ref": "#/components/schemas/shared.RuntimeProfileState" + } + }, + "type": "object" + }, + "shared.ContainerScanResult": { + "description": "ContainerScanResult contains the result of a scanning a container", + "properties": { + "_id": { + "description": "ID is the container ID.\n", + "type": "string" + }, + "agentless": { + "description": "Agentless indicates if the result was received by an agentless scanner.\n", + "type": "boolean" + }, + "agentlessScanID": { + "description": "AgentlessScanID is the ID of the agentless scan in which the result was received.\n", + "type": "integer" + }, + "ais": { + "description": "AIS indicates the scan was performed by AIS.\n", + "type": "boolean" + }, + "collections": { + "description": "Collections are collections to which this container applies.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "csa": { + "description": "CSA indicates the scan was performed by the CSA.\n", + "type": "boolean" + }, + "firewallProtection": { + "$ref": "#/components/schemas/waas.ProtectionStatus" + }, + "hostname": { + "description": "Hostname is the hostname on which the container is deployed.\n", + "type": "string" + }, + "info": { + "$ref": "#/components/schemas/shared.ContainerInfo" + }, + "runtimeEnabled": { + "description": "RuntimeEnabled indicates if any runtime rule applies to the container.\n", + "type": "boolean" + }, + "scanTime": { + "description": "ScanTime is the container scan time.\n", + "format": "date-time", + "type": "string" + } + }, + "type": "object" + }, + "shared.Coordinates": { + "description": "Coordinates represents a region coordinates type", + "properties": { + "latitude": { + "description": "Latitude coordinate.\n", + "format": "float", + "type": "number" + }, + "longitude": { + "description": "Longitude coordinate.\n", + "format": "float", + "type": "number" + } + }, + "type": "object" + }, + "shared.CustomComplianceCheck": { + "description": "CustomComplianceCheck represents a custom compliance check entry", + "properties": { + "_id": { + "description": "ID is the compliance check ID.\n", + "type": "integer" + }, + "disabled": { + "description": "Indicates whether the rule is currently disabled. Values: true (disabled) or false (enabled).\n", + "type": "boolean" + }, + "modified": { + "description": "Specifies the date and time when the rule was last modified.\n", + "format": "date-time", + "type": "string" + }, + "name": { + "description": "Name of the rule.\n", + "type": "string" + }, + "notes": { + "description": "Describes any noteworthy points for a rule. You can include any text.\n", + "type": "string" + }, + "owner": { + "description": "User who created or last modified the rule.\n", + "type": "string" + }, + "previousName": { + "description": "Previous name of the rule. Required for rule renaming.\n", + "type": "string" + }, + "script": { + "description": "Script is the custom check script.\n", + "type": "string" + }, + "severity": { + "description": "Severity is the custom check defined severity.\n", + "type": "string" + }, + "title": { + "description": "Title is the custom check title.\n", + "type": "string" + } + }, + "type": "object" + }, + "shared.CustomIPFeed": { + "description": "CustomIPFeed represent the custom IP feed", + "properties": { + "_id": { + "description": "ID is the custom feed id.\n", + "type": "string" + }, + "digest": { + "description": "Digest is an internal digest of the custom ip feed.\n", + "type": "string" + }, + "feed": { + "$ref": "#/components/schemas/shared.IPs" + }, + "modified": { + "description": "Modified is the last time the custom feed was modified.\n", + "format": "date-time", + "type": "string" + } + }, + "type": "object" + }, + "shared.CustomLabelsSettings": { + "description": "CustomLabelsSettings are customized label names that are used to augment audit events\nThey can either be docker labels (which appears in the container label specification)\nor k8s/openshift labels (which appears in the pause container that monitors the target container)", + "properties": { + "labels": { + "description": "Labels are the custom labels.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + "type": "object" + }, + "shared.CustomMalwareFeed": { + "description": "CustomMalwareFeed represent the custom malware", + "properties": { + "_id": { + "description": "ID is the custom feed id.\n", + "type": "string" + }, + "digest": { + "description": "Digest is an internal digest of the feed.\n", + "type": "string" + }, + "feed": { + "description": "Feed is the list of custom malware signatures.\n", + "items": { + "$ref": "#/components/schemas/shared.Malware" + }, + "type": "array" + }, + "modified": { + "description": "Modified is the last time the custom feed was modified.\n", + "format": "date-time", + "type": "string" + } + }, + "type": "object" + }, + "shared.DefenderInstallBundle": { + "description": "DefenderInstallBundle represents the install bundle for the defender", + "properties": { + "installBundle": { + "description": "InstallBundle is the base64 bundle of certificates used to communicate with the console.\n", + "type": "string" + }, + "wsAddress": { + "description": "WSAddress is the websocket address (console ) the TAS defender connects to.\n", + "type": "string" + } + }, + "type": "object" + }, + "shared.DefenderLicenseDetails": { + "description": "DefenderLicenseDetails represents a single defender license details", + "properties": { + "category": { + "$ref": "#/components/schemas/defender.Category" + }, + "count": { + "description": "Count is the amount of licensed defenders.\n", + "type": "integer" + } + }, + "type": "object" + }, + "shared.DockerNetworkInfo": { + "description": "DockerNetworkInfo contains network-related information about a container", + "properties": { + "ipAddress": { + "description": "IPAddress is the container IP.\n", + "type": "string" + }, + "macAddress": { + "description": "MacAddress is the container MAC.\n", + "type": "string" + }, + "networks": { + "description": "Networks are the networks the container is connected to.\n", + "items": { + "$ref": "#/components/schemas/shared.NetworkInfo" + }, + "type": "array" + }, + "ports": { + "description": "Ports are the container network binding that are externally mapped.\n", + "items": { + "$ref": "#/components/schemas/shared.Port" + }, + "type": "array" + } + }, + "type": "object" + }, + "shared.EncodeServerlessRuleOpts": { + "description": "EncodeServerlessRuleOpts represents the arguments to serverless rule encoding request", + "properties": { + "accountID": { + "description": "AccountID is the cloud account ID.\n", + "type": "string" + }, + "consoleAddr": { + "description": "ConsoleAddr is the remote console address.\n", + "type": "string" + }, + "function": { + "description": "Function is the name of the function.\n", + "type": "string" + }, + "provider": { + "$ref": "#/components/schemas/common.CloudProvider" + }, + "proxy": { + "$ref": "#/components/schemas/common.ProxySettings" + }, + "region": { + "description": "Region is the function's cloud provider region.\n", + "type": "string" + }, + "updateIntervalMs": { + "description": "UpdateIntervalMs is the interval between defender policy requests from the console in milliseconds.\n", + "type": "integer" + } + }, + "type": "object" + }, + "shared.EncodedServerlessRule": { + "description": "EncodedServerlessRule represents a base64-encoded serverless rule", + "properties": { + "data": { + "description": "Data is a base64-encoded serverless runtime rule.\n", + "type": "string" + } + }, + "type": "object" + }, + "shared.EntityType": { + "description": "EntityType represents the type of the resource identifier", + "enum": [ + [ + "", + "docker", + "kubernetes", + "tas", + "istio", + "internet", + "podman" + ] + ], + "type": "string" + }, + "shared.FileDetails": { + "description": "FileDetails contains file details as the file path, hash checksum", + "properties": { + "md5": { + "description": "Hash sum of the file using md5.\n", + "type": "string" + }, + "original_file_location": { + "description": "Path of the original file in a case of archive analysis.\n", + "type": "string" + }, + "path": { + "description": "Path of the file.\n", + "type": "string" + }, + "sha1": { + "description": "Hash sum of the file using SHA-1.\n", + "type": "string" + }, + "sha256": { + "description": "Hash sum of the file using SHA256.\n", + "type": "string" + } + }, + "type": "object" + }, + "shared.FileIntegrityEvent": { + "description": "FileIntegrityEvent represents a single file integrity event detected according to the file integrity monitoring rules", + "properties": { + "_id": { + "description": "ID is activity's unique identifier.\n", + "type": "string" + }, + "accountID": { + "description": "AccountID is the cloud account ID.\n", + "type": "string" + }, + "cluster": { + "description": "Cluster is the cluster on which the event was found.\n", + "type": "string" + }, + "collections": { + "description": "Collections are collections to which this event applies.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "description": { + "description": "Description is a human readable description of the action performed on the path.\n", + "type": "string" + }, + "eventType": { + "$ref": "#/components/schemas/shared.FileIntegrityEventType" + }, + "fileType": { + "$ref": "#/components/schemas/runtime.FSFileType" + }, + "fqdn": { + "description": "FQDN is the current fully qualified domain name used in audit alerts.\n", + "type": "string" + }, + "hostname": { + "description": "Hostname is the hostname on which the event was found.\n", + "type": "string" + }, + "metadata": { + "$ref": "#/components/schemas/shared.FileMetadata" + }, + "path": { + "description": "Path is the absolute path of the event.\n", + "type": "string" + }, + "processName": { + "description": "ProcessName is the name of the process initiated the event.\n", + "type": "string" + }, + "ruleName": { + "description": "RuleName is the name of the applied rule for auditing file integrity rules.\n", + "type": "string" + }, + "time": { + "description": "Time is the time of the event.\n", + "format": "date-time", + "type": "string" + }, + "user": { + "description": "User is the user initiated the event.\n", + "type": "string" + } + }, + "type": "object" + }, + "shared.FileIntegrityEventType": { + "description": "FileIntegrityEventType represents the type of the file integrity event", + "enum": [ + [ + "metadata", + "read", + "write" + ] + ], + "type": "string" + }, + "shared.FileMetadata": { + "description": "FileMetadata represents the metadata of a single file/directory", + "properties": { + "gid": { + "description": "GID is the ID of the group that owns the file/directory.\n", + "type": "integer" + }, + "permissions": { + "description": "Permissions are the file/directory permission bits.\n", + "type": "integer" + }, + "uid": { + "description": "UID is the ID of the user that owns the file/directory.\n", + "type": "integer" + } + }, + "type": "object" + }, + "shared.ForensicSettings": { + "description": "ForensicSettings are settings for the forensic data collection", + "properties": { + "appEmbeddedDiskUsageMb": { + "description": "AppEmbeddedDiskUsageMb is the maximum amount of disk space used to\nstore the app embedded historical forensic events.\n", + "type": "integer" + }, + "collectNetworkFirewall": { + "description": "CollectNetworkFirewall indicates whether network firewall collection is enabled.\n", + "type": "boolean" + }, + "collectNetworkSnapshot": { + "description": "CollectNetworkSnapshot indicates whether network snapshot collection is enabled.\n", + "type": "boolean" + }, + "containerDiskUsageMb": { + "description": "ContainerDiskUsageMb is the maximum amount of disk space used to\nstore the container historical forensic events.\n", + "type": "integer" + }, + "enabled": { + "description": "Enabled indicates whether host and container forensic data collection is enabled.\n", + "type": "boolean" + }, + "hostDiskUsageMb": { + "description": "HostDiskUsageMb is the maximum amount of disk space used to store\nthe host historical forensic events.\n", + "type": "integer" + }, + "incidentSnapshotsCap": { + "description": "IncidentSnapshotCap is the maximum amount of incident snapshots we store.\n", + "type": "integer" + } + }, + "type": "object" + }, + "shared.GitlabRegistrySpec": { + "description": "GitlabRegistrySpec represents a specification for registry scanning in GitLab", + "properties": { + "apiDomainName": { + "description": ".\n", + "type": "string" + }, + "excludedGroupIDs": { + "description": ".\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "groupIDs": { + "description": ".\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "projectIDs": { + "description": ".\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "userID": { + "description": ".\n", + "type": "string" + } + }, + "type": "object" + }, + "shared.GraceDaysPolicy": { + "description": "GraceDaysPolicy indicates the grace days policy by severity", + "properties": { + "critical": { + "description": ".\n", + "type": "integer" + }, + "enabled": { + "description": "Enabled is an indication whether the the grace days by severity is enabled.\n", + "type": "boolean" + }, + "high": { + "description": ".\n", + "type": "integer" + }, + "low": { + "description": ".\n", + "type": "integer" + }, + "medium": { + "description": ".\n", + "type": "integer" + } + }, + "type": "object" + }, + "shared.HostActivity": { + "description": "HostActivity holds information for a user activity", + "properties": { + "_id": { + "description": "ID is activity's unique identifier.\n", + "type": "string" + }, + "accountID": { + "description": "AccountID is the cloud account ID.\n", + "type": "string" + }, + "affectedServices": { + "description": "AffectedServices is the affected systemd service.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "cluster": { + "description": "Cluster is the cluster from which the audit originated.\n", + "type": "string" + }, + "collections": { + "description": "Collections are collections to which this host activity applies.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "command": { + "description": "Command is the original (with arguments) command the user invoked.\n", + "type": "string" + }, + "hostname": { + "description": "Hostname the activity originated from.\n", + "type": "string" + }, + "interactive": { + "description": "Interactive indicates that the target process was spawned in an interactive session.\n", + "type": "boolean" + }, + "modifiedFiles": { + "description": "ModifiedFiles is the related modified files.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "msg": { + "description": "Message contains additional non-structured information about the activity, e.g. throttling message.\n", + "type": "string" + }, + "ruleName": { + "description": "RuleName is the name of the rule applied to the host activity.\n", + "type": "string" + }, + "service": { + "description": "Service is the owning systemd service.\n", + "type": "string" + }, + "time": { + "description": "Time is time of the activity.\n", + "format": "date-time", + "type": "string" + }, + "type": { + "$ref": "#/components/schemas/shared.ActivityType" + }, + "user": { + "description": "Username of the user that triggered the activity.\n", + "type": "string" + } + }, + "type": "object" + }, + "shared.HostAutoDeploySpecification": { + "description": "HostAutoDeploySpecification contains the information for host defender auto-deploy", + "properties": { + "awsRegionType": { + "$ref": "#/components/schemas/shared.RegionType" + }, + "bucketRegion": { + "description": "BucketRegion is the bucket region for Cloud Storage on GCP.\n", + "type": "string" + }, + "collections": { + "description": "Collections is a list of collections the rule applies to.\n", + "items": { + "$ref": "#/components/schemas/collection.Collection" + }, + "type": "array" + }, + "consoleHostname": { + "description": "ConsoleHostname represents the hostname of the console to connect to.\n", + "type": "string" + }, + "credentialID": { + "description": "CredentialID is the service provider authentication data.\n", + "type": "string" + }, + "lastModified": { + "description": "LastModified is the last modified time of the specification.\n", + "format": "date-time", + "type": "string" + }, + "name": { + "description": "Name is the name of the spec.\n", + "type": "string" + } + }, + "type": "object" + }, + "shared.HostAutoDeploySpecifications": { + "description": "HostAutoDeploySpecifications is a list of host auto-deploy specifications", + "items": { + "$ref": "#/components/schemas/shared.HostAutoDeploySpecification" + }, + "type": "array" + }, + "shared.HostInfo": { + "description": "HostInfo is a collection of information about the host and it's runtime state", + "properties": { + "Secrets": { + "description": "Secrets are paths to embedded secrets inside the image\nNote: capital letter JSON annotation is kept to avoid converting all images for backward-compatibility support.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "_id": { + "description": "Image identifier (image ID or repo:tag).\n", + "type": "string" + }, + "agentless": { + "description": "Agentless indicates that the host was scanned with the agentless scanner.\n", + "type": "boolean" + }, + "aisUUID": { + "description": "AISUUID is the unique instance ID in the agentless instance scanning system.\n", + "type": "string" + }, + "allCompliance": { + "$ref": "#/components/schemas/vuln.AllCompliance" + }, + "appEmbedded": { + "description": "Indicates that this image was scanned by an App-Embedded Defender.\n", + "type": "boolean" + }, + "applications": { + "description": "Products in the image.\n", + "items": { + "$ref": "#/components/schemas/vuln.Application" + }, + "type": "array" + }, + "baseImage": { + "description": "Image\u2019s base image name. Used when filtering the vulnerabilities by base images.\n", + "type": "string" + }, + "binaries": { + "description": "Binaries in the image.\n", + "items": { + "$ref": "#/components/schemas/shared.Binary" + }, + "type": "array" + }, + "cloudMetadata": { + "$ref": "#/components/schemas/common.CloudMetadata" + }, + "clusterType": { + "$ref": "#/components/schemas/common.ClusterType" + }, + "clusters": { + "description": "Cluster names.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "collections": { + "description": "Collections to which this result applies.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "complianceDistribution": { + "$ref": "#/components/schemas/vuln.Distribution" + }, + "complianceIssues": { + "description": "All the compliance issues.\n", + "items": { + "$ref": "#/components/schemas/vuln.Vulnerability" + }, + "type": "array" + }, + "complianceIssuesCount": { + "description": "Number of compliance issues.\n", + "type": "integer" + }, + "complianceRiskScore": { + "description": "Compliance risk score for the image.\n", + "format": "float", + "type": "number" + }, + "compressed": { + "description": "Compressed indicates if this image seems to be compressed - currently only relevant for buildah images.\n", + "type": "boolean" + }, + "compressedLayerTimes": { + "$ref": "#/components/schemas/shared.CompressedLayerTimes" + }, + "creationTime": { + "description": "Specifies the time of creation for the latest version of the image.\n", + "format": "date-time", + "type": "string" + }, + "csa": { + "description": "CSA indicates the scan was performed by the CSA.\n", + "type": "boolean" + }, + "csaWindows": { + "description": "CSAWindows indicates the scan was performed by the Ivanti agent(CSA Windows - Cortex server).\n", + "type": "boolean" + }, + "distro": { + "description": "Full name of the distribution.\n", + "type": "string" + }, + "ecsClusterName": { + "description": "ECS cluster name.\n", + "type": "string" + }, + "err": { + "description": "Description of an error that occurred during image scan.\n", + "type": "string" + }, + "errCode": { + "$ref": "#/components/schemas/agentless.ImageScanResultErrCode" + }, + "externalLabels": { + "description": "Kubernetes external labels of all containers running this image.\n", + "items": { + "$ref": "#/components/schemas/common.ExternalLabel" + }, + "type": "array" + }, + "files": { + "description": "Files in the container.\n", + "items": { + "$ref": "#/components/schemas/shared.FileDetails" + }, + "type": "array" + }, + "firewallProtection": { + "$ref": "#/components/schemas/waas.ProtectionStatus" + }, + "firstScanTime": { + "description": "Specifies the time of the scan for the first version of the image. This time is preserved even after the version update.\n", + "format": "date-time", + "type": "string" + }, + "foundSecrets": { + "description": "FoundSecrets are secrets with metadata that were found in the secrets' scan. Requires json tag for reporting secrets from image scan.\n", + "items": { + "$ref": "#/components/schemas/vuln.Secret" + }, + "type": "array" + }, + "history": { + "description": "Docker image history.\n", + "items": { + "$ref": "#/components/schemas/shared.ImageHistory" + }, + "type": "array" + }, + "hostDevices": { + "description": "Map from host network device name to IP address.\n", + "items": { + "$ref": "#/components/schemas/common.NetworkDeviceIP" + }, + "type": "array" + }, + "hostRuntimeEnabled": { + "description": "HostRuntimeEnabled indicates if any runtime rule applies to the host.\n", + "type": "boolean" + }, + "hostname": { + "description": "Name of the host that was scanned.\n", + "type": "string" + }, + "hosts": { + "$ref": "#/components/schemas/shared.ImageHosts" + }, + "id": { + "description": "Image ID.\n", + "type": "string" + }, + "image": { + "$ref": "#/components/schemas/shared.Image" + }, + "installedProducts": { + "$ref": "#/components/schemas/shared.InstalledProducts" + }, + "instances": { + "description": "Details about each occurrence of the image (tag + host).\n", + "items": { + "$ref": "#/components/schemas/shared.ImageInstance" + }, + "type": "array" + }, + "isARM64": { + "description": "IsARM64 indicates if the architecture of the image is aarch64.\n", + "type": "boolean" + }, + "k8sClusterAddr": { + "description": "Endpoint of the Kubernetes API server.\n", + "type": "string" + }, + "labels": { + "description": "Image labels.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "layers": { + "description": "Image's filesystem layers. Each layer is a SHA256 digest of the filesystem diff\nSee: https://windsock.io/explaining-docker-image-ids/.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "malwareAnalyzedTime": { + "description": "MalwareAnalyzedTime is the WildFire evaluator analyzing time shown as progress in UI and cannot to be overwritten by a new scan result.\n", + "format": "date-time", + "type": "string" + }, + "missingDistroVulnCoverage": { + "description": "Indicates if the image OS is covered in the IS (true) or not (false).\n", + "type": "boolean" + }, + "namespaces": { + "description": "k8s namespaces of all the containers running this image.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "osDistro": { + "description": "Name of the OS distribution.\n", + "type": "string" + }, + "osDistroRelease": { + "description": "OS distribution release.\n", + "type": "string" + }, + "osDistroVersion": { + "description": "OS distribution version.\n", + "type": "string" + }, + "packageManager": { + "description": "Indicates if the package manager is installed for the OS.\n", + "type": "boolean" + }, + "packages": { + "description": "Packages which exist in the image.\n", + "items": { + "$ref": "#/components/schemas/shared.Packages" + }, + "type": "array" + }, + "pullDuration": { + "description": "PullDuration is the time it took to pull the image.\n", + "format": "int64", + "type": "integer" + }, + "pushTime": { + "description": "PushTime is the image push time to the registry.\n", + "format": "date-time", + "type": "string" + }, + "redHatNonRPMImage": { + "description": "RedHatNonRPMImage indicates whether the image is a Red Hat image with non-RPM content.\n", + "type": "boolean" + }, + "registryNamespace": { + "description": "IBM cloud namespace to which the image belongs.\n", + "type": "string" + }, + "registryTags": { + "description": "RegistryTags are the tags of the registry this image is stored.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "registryType": { + "description": "RegistryType indicates the registry type where the image is stored.\n", + "type": "string" + }, + "repoDigests": { + "description": "Digests of the image. Used for content trust (notary). Has one digest per tag.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "repoTag": { + "$ref": "#/components/schemas/shared.ImageTag" + }, + "rhelRepos": { + "description": "RhelRepositories are the (RPM) repositories IDs from which the packages in this image were installed\nUsed for matching vulnerabilities by Red Hat CPEs.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "riskFactors": { + "$ref": "#/components/schemas/vulnerability.RiskFactors" + }, + "scanBuildDate": { + "description": "Scanner build date that published the image.\n", + "type": "string" + }, + "scanDuration": { + "description": "ScanDuration is the total time it took to scan the image.\n", + "format": "int64", + "type": "integer" + }, + "scanID": { + "description": "ScanID is the ID of the scan.\n", + "type": "integer" + }, + "scanTime": { + "description": "Specifies the time of the last scan of the image.\n", + "format": "date-time", + "type": "string" + }, + "scanVersion": { + "description": "Scanner version that published the image.\n", + "type": "string" + }, + "secretScanMetrics": { + "$ref": "#/components/schemas/secrets.SecretScanMetrics" + }, + "startupBinaries": { + "description": "Binaries which are expected to run when the container is created from this image.\n", + "items": { + "$ref": "#/components/schemas/shared.Binary" + }, + "type": "array" + }, + "stopped": { + "description": "Stopped indicates whether the host was running during the agentless scan.\n", + "type": "boolean" + }, + "tags": { + "description": "Tags associated with the given image.\n", + "items": { + "$ref": "#/components/schemas/shared.ImageTag" + }, + "type": "array" + }, + "topLayer": { + "description": "SHA256 of the image's last layer that is the last element of the Layers field.\n", + "type": "string" + }, + "trustResult": { + "$ref": "#/components/schemas/trust.ImageResult" + }, + "trustStatus": { + "$ref": "#/components/schemas/trust.Status" + }, + "twistlockImage": { + "description": "Indicates if the image is a Twistlock image (true) or not (false).\n", + "type": "boolean" + }, + "type": { + "$ref": "#/components/schemas/shared.ScanType" + }, + "underlyingDistro": { + "description": "UnderlyingDistro is used in cases OS an OS is built on top of another, and we need to know both.\n", + "type": "string" + }, + "underlyingDistroRelease": { + "description": "UnderlyingDistroRelease is used in cases OS an OS is built on top of another, and we need to know both.\n", + "type": "string" + }, + "vulnerabilities": { + "description": "CVE vulnerabilities of the image.\n", + "items": { + "$ref": "#/components/schemas/vuln.Vulnerability" + }, + "type": "array" + }, + "vulnerabilitiesCount": { + "description": "Total number of vulnerabilities.\n", + "type": "integer" + }, + "vulnerabilityDistribution": { + "$ref": "#/components/schemas/vuln.Distribution" + }, + "vulnerabilityRiskScore": { + "description": "Image's CVE risk score.\n", + "format": "float", + "type": "number" + }, + "wildFireUsage": { + "$ref": "#/components/schemas/wildfire.Usage" + } + }, + "type": "object" + }, + "shared.HostNetworkFirewallProfileAudits": { + "description": "HostNetworkFirewallProfileAudits represents the host network firewall profile audits", + "properties": { + "_id": { + "description": "ProfileID is the runtime profile ID.\n", + "type": "string" + }, + "audits": { + "additionalProperties": { + "$ref": "#/components/schemas/shared.HostNetworkFirewallSubtypeAudits" + }, + "description": "Audits is a map from the audit sub-type to the audit events list.\n", + "type": "object" + }, + "cluster": { + "description": "Cluster is the cluster from which the audit originated.\n", + "type": "string" + }, + "collections": { + "description": "Collections are collections to which this audit applies.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "imageName": { + "description": "ImageName is the container image name.\n", + "type": "string" + }, + "label": { + "description": "Label represents the container deployment label.\n", + "type": "string" + }, + "os": { + "description": "OS is the operating system distribution.\n", + "type": "string" + }, + "resource": { + "$ref": "#/components/schemas/common.RuntimeResource" + }, + "time": { + "description": "Time is the UTC time of the last audit event.\n", + "format": "date-time", + "type": "string" + }, + "total": { + "description": "Total is the total count of audits per runtime profile.\n", + "type": "integer" + } + }, + "type": "object" + }, + "shared.HostNetworkFirewallSubtypeAudits": { + "description": "HostNetworkFirewallSubtypeAudits represents the host network firewall sub type audits per profile", + "properties": { + "audits": { + "description": "Audits are the host network firewall audits associated with the sub-type, limited to the determined capacity.\n", + "items": { + "$ref": "#/components/schemas/cnnf.HostAudit" + }, + "type": "array" + }, + "count": { + "description": "Count is the total count of the sub-type audits.\n", + "type": "integer" + } + }, + "type": "object" + }, + "shared.HostRadarIncomingConnection": { + "description": "HostRadarIncomingConnection is the incoming connection between two apps in two hosts", + "properties": { + "dstHost": { + "description": "DstHost is the src hostname.\n", + "type": "string" + }, + "policyRules": { + "description": "PolicyRules are the policy rules that are applicable for source/dest. Used for radar display of connections deduced from policy rules.\n", + "items": { + "$ref": "#/components/schemas/cnnf.RadarPolicyRule" + }, + "type": "array" + }, + "ports": { + "description": "Ports are the destination ports.\n", + "items": { + "$ref": "#/components/schemas/common.PortData" + }, + "type": "array" + }, + "srcHash": { + "$ref": "#/components/schemas/common.ProfileHash" + }, + "srcHost": { + "description": "SrcHost is the src hostname.\n", + "type": "string" + } + }, + "type": "object" + }, + "shared.IPs": { + "description": "IPs represents a list of IPs", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "shared.Image": { + "description": "Image represents a container image", + "properties": { + "created": { + "description": "Date/time when the image was created.\n", + "format": "date-time", + "type": "string" + }, + "entrypoint": { + "description": "Combined entrypoint of the image (entrypoint + CMD).\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "env": { + "description": "Image environment variables.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "healthcheck": { + "description": "Indicates if health checks are enabled (true) or not (false).\n", + "type": "boolean" + }, + "history": { + "description": "Holds the image history.\n", + "items": { + "$ref": "#/components/schemas/shared.ImageHistory" + }, + "type": "array" + }, + "id": { + "description": "ID of the image.\n", + "type": "string" + }, + "labels": { + "additionalProperties": { + "$ref": "#/components/schemas/string" + }, + "description": "Image labels.\n", + "type": "object" + }, + "layers": { + "description": "Image filesystem layers.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "os": { + "description": "Image os type.\n", + "type": "string" + }, + "repoDigest": { + "description": "Image repo digests.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "repoTags": { + "description": "Image repo tags.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "user": { + "description": "Image user.\n", + "type": "string" + }, + "workingDir": { + "description": "Base working directory of the image.\n", + "type": "string" + } + }, + "type": "object" + }, + "shared.ImageHistory": { + "description": "ImageHistory represent a layer in the image's history", + "properties": { + "baseLayer": { + "description": "Indicates if this layer originated from the base image (true) or not (false).\n", + "type": "boolean" + }, + "created": { + "description": "Date/time when the image layer was created.\n", + "format": "int64", + "type": "integer" + }, + "emptyLayer": { + "description": "Indicates if this instruction didn't create a separate layer (true) or not (false).\n", + "type": "boolean" + }, + "id": { + "description": "ID of the layer.\n", + "type": "string" + }, + "instruction": { + "description": "Docker file instruction and arguments used to create this layer.\n", + "type": "string" + }, + "sizeBytes": { + "description": "Size of the layer (in bytes).\n", + "format": "int64", + "type": "integer" + }, + "tags": { + "description": "Holds the image tags.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "vulnerabilities": { + "description": "Vulnerabilities which originated from this layer.\n", + "items": { + "$ref": "#/components/schemas/vuln.Vulnerability" + }, + "type": "array" + } + }, + "type": "object" + }, + "shared.ImageHost": { + "description": "ImageHost holds information about image scan result per host", + "properties": { + "accountID": { + "description": "AccountID is the cloud account ID the image is associated with.\n", + "type": "string" + }, + "agentless": { + "description": "Agentless indicates if the image was scanned as part of an agentless scan.\n", + "type": "boolean" + }, + "agentlessScanID": { + "description": "AgentlessScanID is the ID of the agentless scan in which the result was received.\n", + "type": "integer" + }, + "ais": { + "description": "AIS indicates the scan was performed by AIS.\n", + "type": "boolean" + }, + "appEmbedded": { + "description": "AppEmbedded indicates if the host is an app embedded host.\n", + "type": "boolean" + }, + "cluster": { + "description": "Cluster is the cluster on which the image is deployed.\n", + "type": "string" + }, + "csa": { + "description": "CSA indicates if the image was scanned by CSA.\n", + "type": "boolean" + }, + "modified": { + "description": "Modified is the last scan time.\n", + "format": "date-time", + "type": "string" + }, + "namespaces": { + "description": "Namespaces are the namespaces on which the image is deployed.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + "type": "object" + }, + "shared.ImageHosts": { + "additionalProperties": { + "$ref": "#/components/schemas/shared.ImageHost" + }, + "description": "ImageHosts is a fast index for image scan results metadata per host", + "type": "object" + }, + "shared.ImageInfo": { + "description": "ImageInfo contains image information collected during image scan", + "properties": { + "Secrets": { + "description": "Secrets are paths to embedded secrets inside the image\nNote: capital letter JSON annotation is kept to avoid converting all images for backward-compatibility support.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "allCompliance": { + "$ref": "#/components/schemas/vuln.AllCompliance" + }, + "applications": { + "description": "Products in the image.\n", + "items": { + "$ref": "#/components/schemas/vuln.Application" + }, + "type": "array" + }, + "baseImage": { + "description": "Image\u2019s base image name. Used when filtering the vulnerabilities by base images.\n", + "type": "string" + }, + "binaries": { + "description": "Binaries in the image.\n", + "items": { + "$ref": "#/components/schemas/shared.Binary" + }, + "type": "array" + }, + "cloudMetadata": { + "$ref": "#/components/schemas/common.CloudMetadata" + }, + "clusterType": { + "$ref": "#/components/schemas/common.ClusterType" + }, + "clusters": { + "description": "Cluster names.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "complianceDistribution": { + "$ref": "#/components/schemas/vuln.Distribution" + }, + "complianceIssues": { + "description": "All the compliance issues.\n", + "items": { + "$ref": "#/components/schemas/vuln.Vulnerability" + }, + "type": "array" + }, + "complianceIssuesCount": { + "description": "Number of compliance issues.\n", + "type": "integer" + }, + "complianceRiskScore": { + "description": "Compliance risk score for the image.\n", + "format": "float", + "type": "number" + }, + "compressed": { + "description": "Compressed indicates if this image seems to be compressed - currently only relevant for buildah images.\n", + "type": "boolean" + }, + "compressedLayerTimes": { + "$ref": "#/components/schemas/shared.CompressedLayerTimes" + }, + "creationTime": { + "description": "Specifies the time of creation for the latest version of the image.\n", + "format": "date-time", + "type": "string" + }, + "distro": { + "description": "Full name of the distribution.\n", + "type": "string" + }, + "ecsClusterName": { + "description": "ECS cluster name.\n", + "type": "string" + }, + "externalLabels": { + "description": "Kubernetes external labels of all containers running this image.\n", + "items": { + "$ref": "#/components/schemas/common.ExternalLabel" + }, + "type": "array" + }, + "files": { + "description": "Files in the container.\n", + "items": { + "$ref": "#/components/schemas/shared.FileDetails" + }, + "type": "array" + }, + "firstScanTime": { + "description": "Specifies the time of the scan for the first version of the image. This time is preserved even after the version update.\n", + "format": "date-time", + "type": "string" + }, + "foundSecrets": { + "description": "FoundSecrets are secrets with metadata that were found in the secrets' scan. Requires json tag for reporting secrets from image scan.\n", + "items": { + "$ref": "#/components/schemas/vuln.Secret" + }, + "type": "array" + }, + "history": { + "description": "Docker image history.\n", + "items": { + "$ref": "#/components/schemas/shared.ImageHistory" + }, + "type": "array" + }, + "hostDevices": { + "description": "Map from host network device name to IP address.\n", + "items": { + "$ref": "#/components/schemas/common.NetworkDeviceIP" + }, + "type": "array" + }, + "id": { + "description": "Image ID.\n", + "type": "string" + }, + "image": { + "$ref": "#/components/schemas/shared.Image" + }, + "installedProducts": { + "$ref": "#/components/schemas/shared.InstalledProducts" + }, + "isARM64": { + "description": "IsARM64 indicates if the architecture of the image is aarch64.\n", + "type": "boolean" + }, + "k8sClusterAddr": { + "description": "Endpoint of the Kubernetes API server.\n", + "type": "string" + }, + "labels": { + "description": "Image labels.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "layers": { + "description": "Image's filesystem layers. Each layer is a SHA256 digest of the filesystem diff\nSee: https://windsock.io/explaining-docker-image-ids/.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "missingDistroVulnCoverage": { + "description": "Indicates if the image OS is covered in the IS (true) or not (false).\n", + "type": "boolean" + }, + "namespaces": { + "description": "k8s namespaces of all the containers running this image.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "osDistro": { + "description": "Name of the OS distribution.\n", + "type": "string" + }, + "osDistroRelease": { + "description": "OS distribution release.\n", + "type": "string" + }, + "osDistroVersion": { + "description": "OS distribution version.\n", + "type": "string" + }, + "packageManager": { + "description": "Indicates if the package manager is installed for the OS.\n", + "type": "boolean" + }, + "packages": { + "description": "Packages which exist in the image.\n", + "items": { + "$ref": "#/components/schemas/shared.Packages" + }, + "type": "array" + }, + "pushTime": { + "description": "PushTime is the image push time to the registry.\n", + "format": "date-time", + "type": "string" + }, + "redHatNonRPMImage": { + "description": "RedHatNonRPMImage indicates whether the image is a Red Hat image with non-RPM content.\n", + "type": "boolean" + }, + "registryNamespace": { + "description": "IBM cloud namespace to which the image belongs.\n", + "type": "string" + }, + "registryTags": { + "description": "RegistryTags are the tags of the registry this image is stored.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "registryType": { + "description": "RegistryType indicates the registry type where the image is stored.\n", + "type": "string" + }, + "repoDigests": { + "description": "Digests of the image. Used for content trust (notary). Has one digest per tag.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "repoTag": { + "$ref": "#/components/schemas/shared.ImageTag" + }, + "rhelRepos": { + "description": "RhelRepositories are the (RPM) repositories IDs from which the packages in this image were installed\nUsed for matching vulnerabilities by Red Hat CPEs.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "riskFactors": { + "$ref": "#/components/schemas/vulnerability.RiskFactors" + }, + "scanBuildDate": { + "description": "Scanner build date that published the image.\n", + "type": "string" + }, + "scanVersion": { + "description": "Scanner version that published the image.\n", + "type": "string" + }, + "secretScanMetrics": { + "$ref": "#/components/schemas/secrets.SecretScanMetrics" + }, + "startupBinaries": { + "description": "Binaries which are expected to run when the container is created from this image.\n", + "items": { + "$ref": "#/components/schemas/shared.Binary" + }, + "type": "array" + }, + "tags": { + "description": "Tags associated with the given image.\n", + "items": { + "$ref": "#/components/schemas/shared.ImageTag" + }, + "type": "array" + }, + "topLayer": { + "description": "SHA256 of the image's last layer that is the last element of the Layers field.\n", + "type": "string" + }, + "twistlockImage": { + "description": "Indicates if the image is a Twistlock image (true) or not (false).\n", + "type": "boolean" + }, + "underlyingDistro": { + "description": "UnderlyingDistro is used in cases OS an OS is built on top of another, and we need to know both.\n", + "type": "string" + }, + "underlyingDistroRelease": { + "description": "UnderlyingDistroRelease is used in cases OS an OS is built on top of another, and we need to know both.\n", + "type": "string" + }, + "vulnerabilities": { + "description": "CVE vulnerabilities of the image.\n", + "items": { + "$ref": "#/components/schemas/vuln.Vulnerability" + }, + "type": "array" + }, + "vulnerabilitiesCount": { + "description": "Total number of vulnerabilities.\n", + "type": "integer" + }, + "vulnerabilityDistribution": { + "$ref": "#/components/schemas/vuln.Distribution" + }, + "vulnerabilityRiskScore": { + "description": "Image's CVE risk score.\n", + "format": "float", + "type": "number" + } + }, + "type": "object" + }, + "shared.ImageInstance": { + "description": "ImageInstance represents an image on a single host", + "properties": { + "host": { + "description": ".\n", + "type": "string" + }, + "image": { + "description": ".\n", + "type": "string" + }, + "modified": { + "description": ".\n", + "format": "date-time", + "type": "string" + }, + "registry": { + "description": ".\n", + "type": "string" + }, + "repo": { + "description": ".\n", + "type": "string" + }, + "tag": { + "description": ".\n", + "type": "string" + } + }, + "type": "object" + }, + "shared.ImageScanResult": { + "description": "ImageScanResult holds the result of an image scan", + "properties": { + "Secrets": { + "description": "Secrets are paths to embedded secrets inside the image\nNote: capital letter JSON annotation is kept to avoid converting all images for backward-compatibility support.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "_id": { + "description": "Image identifier (image ID or repo:tag).\n", + "type": "string" + }, + "agentless": { + "description": "Agentless indicates that the host was scanned with the agentless scanner.\n", + "type": "boolean" + }, + "aisUUID": { + "description": "AISUUID is the unique instance ID in the agentless instance scanning system.\n", + "type": "string" + }, + "allCompliance": { + "$ref": "#/components/schemas/vuln.AllCompliance" + }, + "appEmbedded": { + "description": "Indicates that this image was scanned by an App-Embedded Defender.\n", + "type": "boolean" + }, + "applications": { + "description": "Products in the image.\n", + "items": { + "$ref": "#/components/schemas/vuln.Application" + }, + "type": "array" + }, + "baseImage": { + "description": "Image\u2019s base image name. Used when filtering the vulnerabilities by base images.\n", + "type": "string" + }, + "binaries": { + "description": "Binaries in the image.\n", + "items": { + "$ref": "#/components/schemas/shared.Binary" + }, + "type": "array" + }, + "cloudMetadata": { + "$ref": "#/components/schemas/common.CloudMetadata" + }, + "clusterType": { + "$ref": "#/components/schemas/common.ClusterType" + }, + "clusters": { + "description": "Cluster names.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "collections": { + "description": "Collections to which this result applies.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "complianceDistribution": { + "$ref": "#/components/schemas/vuln.Distribution" + }, + "complianceIssues": { + "description": "All the compliance issues.\n", + "items": { + "$ref": "#/components/schemas/vuln.Vulnerability" + }, + "type": "array" + }, + "complianceIssuesCount": { + "description": "Number of compliance issues.\n", + "type": "integer" + }, + "complianceRiskScore": { + "description": "Compliance risk score for the image.\n", + "format": "float", + "type": "number" + }, + "compressed": { + "description": "Compressed indicates if this image seems to be compressed - currently only relevant for buildah images.\n", + "type": "boolean" + }, + "compressedLayerTimes": { + "$ref": "#/components/schemas/shared.CompressedLayerTimes" + }, + "creationTime": { + "description": "Specifies the time of creation for the latest version of the image.\n", + "format": "date-time", + "type": "string" + }, + "csa": { + "description": "CSA indicates the scan was performed by the CSA.\n", + "type": "boolean" + }, + "csaWindows": { + "description": "CSAWindows indicates the scan was performed by the Ivanti agent(CSA Windows - Cortex server).\n", + "type": "boolean" + }, + "distro": { + "description": "Full name of the distribution.\n", + "type": "string" + }, + "ecsClusterName": { + "description": "ECS cluster name.\n", + "type": "string" + }, + "err": { + "description": "Description of an error that occurred during image scan.\n", + "type": "string" + }, + "errCode": { + "$ref": "#/components/schemas/agentless.ImageScanResultErrCode" + }, + "externalLabels": { + "description": "Kubernetes external labels of all containers running this image.\n", + "items": { + "$ref": "#/components/schemas/common.ExternalLabel" + }, + "type": "array" + }, + "files": { + "description": "Files in the container.\n", + "items": { + "$ref": "#/components/schemas/shared.FileDetails" + }, + "type": "array" + }, + "firewallProtection": { + "$ref": "#/components/schemas/waas.ProtectionStatus" + }, + "firstScanTime": { + "description": "Specifies the time of the scan for the first version of the image. This time is preserved even after the version update.\n", + "format": "date-time", + "type": "string" + }, + "foundSecrets": { + "description": "FoundSecrets are secrets with metadata that were found in the secrets' scan. Requires json tag for reporting secrets from image scan.\n", + "items": { + "$ref": "#/components/schemas/vuln.Secret" + }, + "type": "array" + }, + "history": { + "description": "Docker image history.\n", + "items": { + "$ref": "#/components/schemas/shared.ImageHistory" + }, + "type": "array" + }, + "hostDevices": { + "description": "Map from host network device name to IP address.\n", + "items": { + "$ref": "#/components/schemas/common.NetworkDeviceIP" + }, + "type": "array" + }, + "hostRuntimeEnabled": { + "description": "HostRuntimeEnabled indicates if any runtime rule applies to the host.\n", + "type": "boolean" + }, + "hostname": { + "description": "Name of the host that was scanned.\n", + "type": "string" + }, + "hosts": { + "$ref": "#/components/schemas/shared.ImageHosts" + }, + "id": { + "description": "Image ID.\n", + "type": "string" + }, + "image": { + "$ref": "#/components/schemas/shared.Image" + }, + "installedProducts": { + "$ref": "#/components/schemas/shared.InstalledProducts" + }, + "instances": { + "description": "Details about each occurrence of the image (tag + host).\n", + "items": { + "$ref": "#/components/schemas/shared.ImageInstance" + }, + "type": "array" + }, + "isARM64": { + "description": "IsARM64 indicates if the architecture of the image is aarch64.\n", + "type": "boolean" + }, + "k8sClusterAddr": { + "description": "Endpoint of the Kubernetes API server.\n", + "type": "string" + }, + "labels": { + "description": "Image labels.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "layers": { + "description": "Image's filesystem layers. Each layer is a SHA256 digest of the filesystem diff\nSee: https://windsock.io/explaining-docker-image-ids/.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "malwareAnalyzedTime": { + "description": "MalwareAnalyzedTime is the WildFire evaluator analyzing time shown as progress in UI and cannot to be overwritten by a new scan result.\n", + "format": "date-time", + "type": "string" + }, + "missingDistroVulnCoverage": { + "description": "Indicates if the image OS is covered in the IS (true) or not (false).\n", + "type": "boolean" + }, + "namespaces": { + "description": "k8s namespaces of all the containers running this image.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "osDistro": { + "description": "Name of the OS distribution.\n", + "type": "string" + }, + "osDistroRelease": { + "description": "OS distribution release.\n", + "type": "string" + }, + "osDistroVersion": { + "description": "OS distribution version.\n", + "type": "string" + }, + "packageManager": { + "description": "Indicates if the package manager is installed for the OS.\n", + "type": "boolean" + }, + "packages": { + "description": "Packages which exist in the image.\n", + "items": { + "$ref": "#/components/schemas/shared.Packages" + }, + "type": "array" + }, + "pullDuration": { + "description": "PullDuration is the time it took to pull the image.\n", + "format": "int64", + "type": "integer" + }, + "pushTime": { + "description": "PushTime is the image push time to the registry.\n", + "format": "date-time", + "type": "string" + }, + "redHatNonRPMImage": { + "description": "RedHatNonRPMImage indicates whether the image is a Red Hat image with non-RPM content.\n", + "type": "boolean" + }, + "registryNamespace": { + "description": "IBM cloud namespace to which the image belongs.\n", + "type": "string" + }, + "registryTags": { + "description": "RegistryTags are the tags of the registry this image is stored.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "registryType": { + "description": "RegistryType indicates the registry type where the image is stored.\n", + "type": "string" + }, + "repoDigests": { + "description": "Digests of the image. Used for content trust (notary). Has one digest per tag.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "repoTag": { + "$ref": "#/components/schemas/shared.ImageTag" + }, + "rhelRepos": { + "description": "RhelRepositories are the (RPM) repositories IDs from which the packages in this image were installed\nUsed for matching vulnerabilities by Red Hat CPEs.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "riskFactors": { + "$ref": "#/components/schemas/vulnerability.RiskFactors" + }, + "scanBuildDate": { + "description": "Scanner build date that published the image.\n", + "type": "string" + }, + "scanDuration": { + "description": "ScanDuration is the total time it took to scan the image.\n", + "format": "int64", + "type": "integer" + }, + "scanID": { + "description": "ScanID is the ID of the scan.\n", + "type": "integer" + }, + "scanTime": { + "description": "Specifies the time of the last scan of the image.\n", + "format": "date-time", + "type": "string" + }, + "scanVersion": { + "description": "Scanner version that published the image.\n", + "type": "string" + }, + "secretScanMetrics": { + "$ref": "#/components/schemas/secrets.SecretScanMetrics" + }, + "startupBinaries": { + "description": "Binaries which are expected to run when the container is created from this image.\n", + "items": { + "$ref": "#/components/schemas/shared.Binary" + }, + "type": "array" + }, + "stopped": { + "description": "Stopped indicates whether the host was running during the agentless scan.\n", + "type": "boolean" + }, + "tags": { + "description": "Tags associated with the given image.\n", + "items": { + "$ref": "#/components/schemas/shared.ImageTag" + }, + "type": "array" + }, + "topLayer": { + "description": "SHA256 of the image's last layer that is the last element of the Layers field.\n", + "type": "string" + }, + "trustResult": { + "$ref": "#/components/schemas/trust.ImageResult" + }, + "trustStatus": { + "$ref": "#/components/schemas/trust.Status" + }, + "twistlockImage": { + "description": "Indicates if the image is a Twistlock image (true) or not (false).\n", + "type": "boolean" + }, + "type": { + "$ref": "#/components/schemas/shared.ScanType" + }, + "underlyingDistro": { + "description": "UnderlyingDistro is used in cases OS an OS is built on top of another, and we need to know both.\n", + "type": "string" + }, + "underlyingDistroRelease": { + "description": "UnderlyingDistroRelease is used in cases OS an OS is built on top of another, and we need to know both.\n", + "type": "string" + }, + "vulnerabilities": { + "description": "CVE vulnerabilities of the image.\n", + "items": { + "$ref": "#/components/schemas/vuln.Vulnerability" + }, + "type": "array" + }, + "vulnerabilitiesCount": { + "description": "Total number of vulnerabilities.\n", + "type": "integer" + }, + "vulnerabilityDistribution": { + "$ref": "#/components/schemas/vuln.Distribution" + }, + "vulnerabilityRiskScore": { + "description": "Image's CVE risk score.\n", + "format": "float", + "type": "number" + }, + "wildFireUsage": { + "$ref": "#/components/schemas/wildfire.Usage" + } + }, + "type": "object" + }, + "shared.ImageTag": { + "description": "ImageTag represents an image repository and its associated tag or registry digest", + "properties": { + "digest": { + "description": "Image digest (requires V2 or later registry).\n", + "type": "string" + }, + "id": { + "description": "ID of the image.\n", + "type": "string" + }, + "registry": { + "description": "Registry name to which the image belongs.\n", + "type": "string" + }, + "repo": { + "description": "Repository name to which the image belongs.\n", + "type": "string" + }, + "tag": { + "description": "Image tag.\n", + "type": "string" + } + }, + "type": "object" + }, + "shared.Incident": { + "description": "Incident represents an incident", + "properties": { + "_id": { + "description": "Internal ID of the incident.\n", + "type": "string" + }, + "accountID": { + "description": "Cloud account ID.\n", + "type": "string" + }, + "acknowledged": { + "description": "Indicates if the incident has been acknowledged (true) or not (false).\n", + "type": "boolean" + }, + "app": { + "description": "Application that caused the incident.\n", + "type": "string" + }, + "appID": { + "description": "Application ID.\n", + "type": "string" + }, + "audits": { + "description": "All runtime audits of the incident.\n", + "items": { + "$ref": "#/components/schemas/shared.RuntimeAudit" + }, + "type": "array" + }, + "category": { + "$ref": "#/components/schemas/shared.IncidentCategory" + }, + "cluster": { + "description": "Cluster on which the incident was found.\n", + "type": "string" + }, + "collections": { + "description": "Collections to which this incident applies.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "containerID": { + "description": "ID of the container that triggered the incident.\n", + "type": "string" + }, + "containerName": { + "description": "Unique container name.\n", + "type": "string" + }, + "customRuleName": { + "description": "Name of the custom runtime rule that triggered the incident.\n", + "type": "string" + }, + "fqdn": { + "description": "Current hostname's full domain name.\n", + "type": "string" + }, + "function": { + "description": "Name of the serverless function.\n", + "type": "string" + }, + "functionID": { + "description": "ID of the function that triggered the incident.\n", + "type": "string" + }, + "hostname": { + "description": "Current hostname.\n", + "type": "string" + }, + "imageID": { + "description": "Container image ID.\n", + "type": "string" + }, + "imageName": { + "description": "Container image name.\n", + "type": "string" + }, + "labels": { + "additionalProperties": { + "$ref": "#/components/schemas/string" + }, + "description": "Custom labels associated with the container.\n", + "type": "object" + }, + "namespace": { + "description": "k8s deployment namespace.\n", + "type": "string" + }, + "profileID": { + "description": "Runtime profile ID.\n", + "type": "string" + }, + "provider": { + "$ref": "#/components/schemas/common.CloudProvider" + }, + "region": { + "description": "Region of the resource on which the incident was found.\n", + "type": "string" + }, + "resourceID": { + "description": "Unique ID of the resource on which the incident was found.\n", + "type": "string" + }, + "runtime": { + "description": "Runtime of the serverless function.\n", + "type": "string" + }, + "serialNum": { + "description": "Serial number of the incident.\n", + "type": "integer" + }, + "shouldCollect": { + "description": "Indicates if this incident should be collected (true) or not (false).\n", + "type": "boolean" + }, + "time": { + "description": "Time of the incident (in UTC time).\n", + "format": "date-time", + "type": "string" + }, + "type": { + "$ref": "#/components/schemas/shared.IncidentType" + }, + "vmID": { + "description": "Azure unique VM ID on which the incident was found.\n", + "type": "string" + }, + "windows": { + "description": "Windows indicates if defender OS type is Windows.\n", + "type": "boolean" + } + }, + "type": "object" + }, + "shared.IncidentCategory": { + "description": "IncidentCategory is the incident category", + "enum": [ + [ + "portScanning", + "hijackedProcess", + "dataExfiltration", + "kubernetes", + "backdoorAdministrativeAccount", + "backdoorSSHAccess", + "cryptoMiner", + "lateralMovement", + "bruteForce", + "customRule", + "alteredBinary", + "suspiciousBinary", + "executionFlowHijackAttempt", + "reverseShell", + "malware", + "cloudProvider" + ] + ], + "type": "string" + }, + "shared.IncidentType": { + "description": "IncidentType is the type of the incident", + "enum": [ + [ + "host", + "container", + "function", + "appEmbedded", + "fargate" + ] + ], + "type": "string" + }, + "shared.InstalledProducts": { + "description": "InstalledProducts contains data regarding products running in environment\nTODO #34713: Swarm support was deprecated in Joule, remove swarm node/manager boolean (and related compliance) in Lagrange", + "properties": { + "agentless": { + "description": "Agentless indicates whether the scan was performed with agentless approach.\n", + "type": "boolean" + }, + "apache": { + "description": "Apache indicates the apache server version, empty in case apache not running.\n", + "type": "string" + }, + "awsCloud": { + "description": "AWSCloud indicates whether AWS cloud is used.\n", + "type": "boolean" + }, + "clusterType": { + "$ref": "#/components/schemas/common.ClusterType" + }, + "crio": { + "description": "CRI indicates whether the container runtime is CRI (and not docker).\n", + "type": "boolean" + }, + "docker": { + "description": "Docker represents the docker daemon version.\n", + "type": "string" + }, + "dockerEnterprise": { + "description": "DockerEnterprise indicates whether the enterprise version of Docker is installed.\n", + "type": "boolean" + }, + "hasPackageManager": { + "description": "HasPackageManager indicates whether package manager is installed on the OS.\n", + "type": "boolean" + }, + "k8sApiServer": { + "description": "K8sAPIServer indicates whether a kubernetes API server is running.\n", + "type": "boolean" + }, + "k8sControllerManager": { + "description": "K8sControllerManager indicates whether a kubernetes controller manager is running.\n", + "type": "boolean" + }, + "k8sEtcd": { + "description": "K8sEtcd indicates whether etcd is running.\n", + "type": "boolean" + }, + "k8sFederationApiServer": { + "description": "K8sFederationAPIServer indicates whether a federation API server is running.\n", + "type": "boolean" + }, + "k8sFederationControllerManager": { + "description": "K8sFederationControllerManager indicates whether a federation controller manager is running.\n", + "type": "boolean" + }, + "k8sKubelet": { + "description": "K8sKubelet indicates whether kubelet is running.\n", + "type": "boolean" + }, + "k8sProxy": { + "description": "K8sProxy indicates whether a kubernetes proxy is running.\n", + "type": "boolean" + }, + "k8sScheduler": { + "description": "K8sScheduler indicates whether the kubernetes scheduler is running.\n", + "type": "boolean" + }, + "kubernetes": { + "description": "Kubernetes represents the kubernetes version.\n", + "type": "string" + }, + "managedClusterVersion": { + "description": "ManagedClusterVersion is the version of the managed Kubernetes service, e.g. AKS/EKS/GKE/etc.\n", + "type": "string" + }, + "openshift": { + "description": "Openshift indicates whether openshift is deployed.\n", + "type": "boolean" + }, + "openshiftVersion": { + "description": "OpenshiftVersion represents the running openshift version.\n", + "type": "string" + }, + "osDistro": { + "description": "OSDistro specifies the os distribution.\n", + "type": "string" + }, + "serverless": { + "description": "Serverless indicates whether evaluated on a serverless environment.\n", + "type": "boolean" + }, + "swarmManager": { + "description": "SwarmManager indicates whether a swarm manager is running.\n", + "type": "boolean" + }, + "swarmNode": { + "description": "SwarmNode indicates whether the node is part of an active swarm.\n", + "type": "boolean" + } + }, + "type": "object" + }, + "shared.InternetConnections": { + "description": "InternetConnections represents the radar internet connections", + "properties": { + "incoming": { + "description": "Incoming is the incoming connections.\n", + "items": { + "$ref": "#/components/schemas/shared.Connection" + }, + "type": "array" + }, + "outgoing": { + "description": "Outgoing is the outgoing connections.\n", + "items": { + "$ref": "#/components/schemas/shared.Connection" + }, + "type": "array" + } + }, + "type": "object" + }, + "shared.JFrogRepoType": { + "description": "JFrogRepoType represents the type of JFrog Artifactory repository", + "enum": [ + [ + "local", + "remote", + "virtual" + ] + ], + "type": "string" + }, + "shared.KeyValues": { + "description": "KeyValues is a generic key values struct", + "properties": { + "key": { + "description": ".\n", + "type": "string" + }, + "values": { + "description": ".\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + "type": "object" + }, + "shared.KubeClusterRole": { + "description": "KubeClusterRole is a compact version of Kubernetes ClusterRole\nSee https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.25/#clusterrole-v1-rbac-authorization-k8s-io", + "properties": { + "labels": { + "description": "Labels are the labels associated with the role.\n", + "items": { + "$ref": "#/components/schemas/shared.KubeLabel" + }, + "type": "array" + }, + "name": { + "description": "Name is the kubernetes role name.\n", + "type": "string" + }, + "roleBinding": { + "description": "RoleBinding is the name of the role binding used for display.\n", + "type": "string" + }, + "rules": { + "description": "Rules are the policy rules associated with the role.\n", + "items": { + "$ref": "#/components/schemas/shared.KubePolicyRule" + }, + "type": "array" + }, + "version": { + "description": "Version is the resource version of the role object maintained by Kubernetes.\n", + "type": "string" + } + }, + "type": "object" + }, + "shared.KubeLabel": { + "description": "KubeLabel represents a label\nThese are stored as an array to allow special characters in key names,\nsee https://docs.mongodb.com/manual/reference/limits/#Restrictions-on-Field-Names\nFor example: kubernetes.io/bootstrapping", + "properties": { + "key": { + "description": "Key is the key of the label.\n", + "type": "string" + }, + "value": { + "description": "Value is the value of the label.\n", + "type": "string" + } + }, + "type": "object" + }, + "shared.KubePolicyRule": { + "description": "KubePolicyRule is a compact version of Kubernetes PolicyRule\nSee https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.25/#policyrule-v1-rbac-authorization-k8s-io", + "properties": { + "apiGroups": { + "description": ".\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "nonResourceURLs": { + "description": ".\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "resourceNames": { + "description": ".\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "resources": { + "description": ".\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "verbs": { + "description": ".\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + "type": "object" + }, + "shared.KubeRole": { + "description": "KubeRole is a compact version of Kubernetes Role\nSee https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.25/#role-v1-rbac-authorization-k8s-io", + "properties": { + "labels": { + "description": "Labels are the labels associated with the role.\n", + "items": { + "$ref": "#/components/schemas/shared.KubeLabel" + }, + "type": "array" + }, + "name": { + "description": "Name is the role name.\n", + "type": "string" + }, + "namespace": { + "description": "Namespace is the namespace associated with the role.\n", + "type": "string" + }, + "roleBinding": { + "description": "RoleBinding is the name of the role binding used for display.\n", + "type": "string" + }, + "rules": { + "description": "Rules are the list of rules associated with the cluster role.\n", + "items": { + "$ref": "#/components/schemas/shared.KubePolicyRule" + }, + "type": "array" + }, + "version": { + "description": "Version is the resource version of the role object maintained by Kubernetes.\n", + "type": "string" + } + }, + "type": "object" + }, + "shared.LambdaRuntimeType": { + "description": "LambdaRuntimeType represents the runtime type of the serverless function\nThe constants used are taken from: https://docs.aws.amazon.com/lambda/latest/dg/API_CreateFunction.html#SSS-CreateFunction-request-Runtime", + "enum": [ + [ + "python", + "python3.6", + "python3.7", + "python3.8", + "python3.9", + "python3.10", + "python3.11", + "python3.12", + "nodejs", + "nodejs12.x", + "nodejs14.x", + "nodejs16.x", + "nodejs18.x", + "nodejs20.x", + "dotnet", + "dotnetcore2.1", + "dotnetcore3.1", + "dotnet6", + "java", + "java8", + "java11", + "java17", + "java21", + "ruby", + "ruby2.7" + ] + ], + "type": "string" + }, + "shared.License": { + "description": "License represent the customer license", + "properties": { + "access_token": { + "description": "AccessToken is the customer access token.\n", + "type": "string" + }, + "contract_id": { + "description": "ContractID is the customer contract ID.\n", + "type": "string" + }, + "contract_type": { + "$ref": "#/components/schemas/shared.LicenseContractType" + }, + "credits": { + "description": "Credits the total amount of credits purchased by the customer.\n", + "type": "integer" + }, + "customer_id": { + "description": "CustomerID is the customer ID.\n", + "type": "string" + }, + "defender_details": { + "description": "DefenderDetails represents the defenders license details.\n", + "items": { + "$ref": "#/components/schemas/shared.DefenderLicenseDetails" + }, + "type": "array" + }, + "defenders": { + "description": "Deprecated: Defenders is the maximum number of defender allowed in this license. Use DefenderDetails field instead.\n", + "type": "integer" + }, + "expiration_date": { + "description": "ExpirationDate is the license expiration date.\n", + "format": "date-time", + "type": "string" + }, + "issue_date": { + "description": "IssueDate is the license issue date.\n", + "format": "date-time", + "type": "string" + }, + "type": { + "$ref": "#/components/schemas/shared.LicenseTier" + }, + "workloads": { + "description": "Deprecated: Workloads is the number of workloads per license kept for backward compatibility. Use Credits instead.\n", + "type": "integer" + } + }, + "type": "object" + }, + "shared.LicenseConfig": { + "description": "LicenseConfig is the compliance policy license configuration", + "properties": { + "alertThreshold": { + "$ref": "#/components/schemas/shared.LicenseThreshold" + }, + "blockThreshold": { + "$ref": "#/components/schemas/shared.LicenseThreshold" + }, + "critical": { + "description": "Critical is the list of licenses with critical severity.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "high": { + "description": "High is the list of licenses with high severity.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "low": { + "description": "Low is the list of licenses with low severity.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "medium": { + "description": "Medium is the list of licenses with medium severity.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + "type": "object" + }, + "shared.LicenseContractType": { + "description": "LicenseContractType is the license contract type", + "enum": [ + [ + "", + "host", + "avg", + "burndown" + ] + ], + "type": "string" + }, + "shared.LicenseThreshold": { + "description": "LicenseThreshold is the license severity threshold to indicate whether to perform an action (alert/block)\nThreshold values typically vary between 0 and 10 (noninclusive)", + "properties": { + "enabled": { + "description": "Enabled indicates that the action is enabled.\n", + "type": "boolean" + }, + "value": { + "description": "Value is the minimum severity score for which the action is enabled.\n", + "format": "float", + "type": "number" + } + }, + "type": "object" + }, + "shared.LicenseTier": { + "description": "LicenseTier represents the license tier of the customer", + "enum": [ + [ + "", + "developer", + "enterprise", + "evaluation", + "oem" + ] + ], + "type": "string" + }, + "shared.LogInspectionEvent": { + "description": "LogInspectionEvent is a log inspection event detected according to the log inspection rules", + "properties": { + "_id": { + "description": "ID is event's unique identifier.\n", + "type": "string" + }, + "accountID": { + "description": "AccountID is the cloud account ID.\n", + "type": "string" + }, + "cluster": { + "description": "Cluster is the cluster on which the event was found.\n", + "type": "string" + }, + "collections": { + "description": "Collections are collections to which this event applies.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "hostname": { + "description": "Hostname is the hostname on which the event was found.\n", + "type": "string" + }, + "line": { + "description": "Line is the matching log line.\n", + "type": "string" + }, + "logfile": { + "description": "Logfile is the log file which triggered the event.\n", + "type": "string" + }, + "ruleName": { + "description": "RuleName is the name of the applied rule for auditing log inspection events.\n", + "type": "string" + }, + "time": { + "description": "Time is the time of the event.\n", + "format": "date-time", + "type": "string" + } + }, + "type": "object" + }, + "shared.LoggerSetting": { + "description": "LoggerSetting are a specific logger settings", + "properties": { + "allProcEvents": { + "description": "AllProcEvents indicates whether any new spawned container process should generate an event source entry.\n", + "type": "boolean" + }, + "enabled": { + "description": "Enabled indicates whether log feature is enabled.\n", + "type": "boolean" + }, + "verboseScan": { + "description": "VerboseScan indicates whether detailed scan (Compliance/Vulnerability) result should be written to event logger.\n", + "type": "boolean" + } + }, + "type": "object" + }, + "shared.LoggingSettings": { + "description": "LoggingSettings are the logging settings", + "properties": { + "consoleAddress": { + "description": "ConsoleAddress is the console address used by the admin to access the console, used for creating links for runtime events.\n", + "type": "string" + }, + "enableMetricsCollection": { + "description": "EnableMetricsCollection indicates whether metric collections feature is enabled.\n", + "type": "boolean" + }, + "includeRuntimeLink": { + "description": "IncludeRuntimeLink indicates whether link to forensic event should be included in the output.\n", + "type": "boolean" + }, + "stdout": { + "$ref": "#/components/schemas/shared.LoggerSetting" + }, + "syslog": { + "$ref": "#/components/schemas/shared.SyslogSettings" + } + }, + "type": "object" + }, + "shared.Malware": { + "description": "Malware is an executable and its md5", + "properties": { + "allowed": { + "description": "Allowed indicates if this signature is on the allowed list.\n", + "type": "boolean" + }, + "md5": { + "description": ".\n", + "type": "string" + }, + "modified": { + "description": "Modified is the time the malware was added to the DB.\n", + "format": "int64", + "type": "integer" + }, + "name": { + "description": ".\n", + "type": "string" + } + }, + "type": "object" + }, + "shared.MgmtAudit": { + "description": "MgmtAudit represents a management audit in the system", + "properties": { + "api": { + "description": "API is the api used in the audit process.\n", + "type": "string" + }, + "diff": { + "description": "Diff is the diff between old and new values.\n", + "type": "string" + }, + "failure": { + "description": "Failure states whether the request failed or not.\n", + "type": "boolean" + }, + "sourceIP": { + "description": "SourceIP is the request's source IP.\n", + "type": "string" + }, + "status": { + "description": "Status is the request's response status.\n", + "type": "string" + }, + "time": { + "description": "Time is the time of the request.\n", + "format": "date-time", + "type": "string" + }, + "type": { + "$ref": "#/components/schemas/shared.MgmtType" + }, + "username": { + "description": "Username is the username of the user who performed the action.\n", + "type": "string" + } + }, + "type": "object" + }, + "shared.MgmtType": { + "description": "MgmtType represents management audit types", + "enum": [ + [ + "login", + "profile", + "settings", + "rule", + "user", + "group", + "credential", + "tag", + "role", + "pairing" + ] + ], + "type": "string" + }, + "shared.NetworkInfo": { + "description": "NetworkInfo contains data about a container regarding a specific network", + "properties": { + "ipAddress": { + "description": "IPAddress is the container IP.\n", + "type": "string" + }, + "macAddress": { + "description": "MacAddress is the container MAC.\n", + "type": "string" + }, + "name": { + "description": "Name is the network name.\n", + "type": "string" + } + }, + "type": "object" + }, + "shared.NodeJSModuleType": { + "description": "NodeJSModuleType is the type of a NodeJS module", + "enum": [ + [ + "commonjs", + "ecmascript" + ] + ], + "type": "string" + }, + "shared.Package": { + "description": "Package stores relevant package information", + "properties": { + "author": { + "description": "Author is the package's author.\n", + "type": "string" + }, + "binaryIdx": { + "description": "Indexes of the top binaries which use the package.\n", + "items": { + "$ref": "#/components/schemas/int16" + }, + "type": "array" + }, + "binaryPkgs": { + "description": "Names of the distro binary packages (packages which are built on the source of the package).\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "cveCount": { + "description": "Total number of CVEs for this specific package.\n", + "type": "integer" + }, + "defaultGem": { + "description": "DefaultGem indicates this is a gem default package (and not a bundled package).\n", + "type": "boolean" + }, + "files": { + "description": "List of package-related files and their hashes. Only included when the appropriate scan option is set.\n", + "items": { + "$ref": "#/components/schemas/shared.FileDetails" + }, + "type": "array" + }, + "functionLayer": { + "description": "ID of the serverless layer in which the package was discovered.\n", + "type": "string" + }, + "goPkg": { + "description": "GoPkg indicates this is a Go package (and not module).\n", + "type": "boolean" + }, + "isRPMModule": { + "description": "IsRPMModule indicates whether this package data represents an RPM module.\n", + "type": "boolean" + }, + "jarIdentifier": { + "description": "JarIdentifier holds an additional identification detail of a JAR package.\n", + "type": "string" + }, + "layerTime": { + "description": "Image layer to which the package belongs (layer creation time).\n", + "format": "int64", + "type": "integer" + }, + "license": { + "description": "License information for the package.\n", + "type": "string" + }, + "name": { + "description": "Name of the package.\n", + "type": "string" + }, + "originPackageName": { + "description": "OriginPackageName is the name of the third-party origin package.\n", + "type": "string" + }, + "osPackage": { + "description": "OSPackage indicates that a python/java package was installed as an OS package.\n", + "type": "boolean" + }, + "path": { + "description": "Full package path (e.g., JAR or Node.js package path).\n", + "type": "string" + }, + "purl": { + "description": "PURL is a package URL identifier for this package.\n", + "type": "string" + }, + "rpmModule": { + "description": "RPMModule represents the RPM module in which this package is included.\n", + "type": "string" + }, + "securityRepoPkg": { + "description": "SecurityRepoPkg determines if this package is available in a security repository.\n", + "type": "boolean" + }, + "symbols": { + "description": "Symbols contains names of vulnerable functions that are linked in the executable binary, empty if the entire package is vulnerable.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "version": { + "description": "Package version.\n", + "type": "string" + } + }, + "type": "object" + }, + "shared.Packages": { + "description": "Packages is a collection of packages", + "properties": { + "pkgs": { + "description": "List of packages.\n", + "items": { + "$ref": "#/components/schemas/shared.Package" + }, + "type": "array" + }, + "pkgsType": { + "$ref": "#/components/schemas/packages.Type" + } + }, + "type": "object" + }, + "shared.PkgTypeThreshold": { + "description": "PkgTypeThreshold represents specific vulnerability alert and block thresholds for a package type", + "properties": { + "alertThreshold": { + "$ref": "#/components/schemas/shared.AlertThreshold" + }, + "blockThreshold": { + "$ref": "#/components/schemas/shared.BlockThreshold" + }, + "type": { + "$ref": "#/components/schemas/packages.Type" + } + }, + "type": "object" + }, + "shared.PkgsTimes": { + "description": "PkgsTimes are the compressed layer times for pkgs of the specific type", + "properties": { + "pkgTimes": { + "description": ".\n", + "items": { + "$ref": "#/components/schemas/int64" + }, + "type": "array" + }, + "pkgsType": { + "$ref": "#/components/schemas/packages.Type" + } + }, + "type": "object" + }, + "shared.Policy": { + "description": "Policy represents a policy that should be enforced by the Auditor", + "properties": { + "_id": { + "description": "Internal identifier.\n", + "type": "string" + }, + "policyType": { + "$ref": "#/components/schemas/common.PolicyType" + }, + "rules": { + "description": "Rules holds all policy rules.\n", + "items": { + "$ref": "#/components/schemas/shared.PolicyRule" + }, + "type": "array" + } + }, + "type": "object" + }, + "shared.PolicyRule": { + "description": "PolicyRule is a single rule in the policy", + "properties": { + "action": { + "description": "Action to take.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "alertThreshold": { + "$ref": "#/components/schemas/shared.AlertThreshold" + }, + "allCompliance": { + "description": "Reports the results of all compliance checks (both passed and failed) (true).\n", + "type": "boolean" + }, + "auditAllowed": { + "description": "Specifies if Prisma Cloud audits successful transactions.\n", + "type": "boolean" + }, + "blockMsg": { + "$ref": "#/components/schemas/common.PolicyBlockMsg" + }, + "blockThreshold": { + "$ref": "#/components/schemas/shared.BlockThreshold" + }, + "collections": { + "description": "List of collections. Used to scope the rule.\n", + "items": { + "$ref": "#/components/schemas/collection.Collection" + }, + "type": "array" + }, + "condition": { + "$ref": "#/components/schemas/shared.Conditions" + }, + "createPR": { + "description": "CreatePR indicates whether to create a pull request for vulnerability fixes (relevant for code repos).\n", + "type": "boolean" + }, + "cveRules": { + "description": "List of CVE IDs classified for special handling (also known as exceptions).\n", + "items": { + "$ref": "#/components/schemas/shared.CVERule" + }, + "type": "array" + }, + "disabled": { + "description": "Indicates whether the rule is currently disabled. Values: true (disabled) or false (enabled).\n", + "type": "boolean" + }, + "effect": { + "$ref": "#/components/schemas/common.PolicyEffect" + }, + "excludeBaseImageVulns": { + "description": "ExcludeBaseImageVulns indicates whether to exclude vulnerabilities coming from the base image.\n", + "type": "boolean" + }, + "graceDays": { + "description": "Number of days to suppress the rule's block effect. Measured from date the vuln was fixed. If there's no fix, measured from the date the vuln was published.\n", + "type": "integer" + }, + "graceDaysPolicy": { + "$ref": "#/components/schemas/shared.GraceDaysPolicy" + }, + "group": { + "description": "Applicable groups.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "license": { + "$ref": "#/components/schemas/shared.LicenseConfig" + }, + "modified": { + "description": "Specifies the date and time when the rule was last modified.\n", + "format": "date-time", + "type": "string" + }, + "name": { + "description": "Name of the rule.\n", + "type": "string" + }, + "notes": { + "description": "Describes any noteworthy points for a rule. You can include any text.\n", + "type": "string" + }, + "onlyFixed": { + "description": "Applies rule only when vendor fixes are available (true).\n", + "type": "boolean" + }, + "owner": { + "description": "User who created or last modified the rule.\n", + "type": "string" + }, + "pkgTypesThresholds": { + "description": "PkgTypesThresholds holds package type specific alert and block thresholds.\n", + "items": { + "$ref": "#/components/schemas/shared.PkgTypeThreshold" + }, + "type": "array" + }, + "previousName": { + "description": "Previous name of the rule. Required for rule renaming.\n", + "type": "string" + }, + "principal": { + "description": "Applicable users.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "riskFactorsEffects": { + "description": "RiskFactorsEffects indicates the effect (alert/block) of each risk factor.\n", + "items": { + "$ref": "#/components/schemas/shared.RiskFactorEffect" + }, + "type": "array" + }, + "tags": { + "description": "List of tags classified for special handling (also known as exceptions).\n", + "items": { + "$ref": "#/components/schemas/shared.TagRule" + }, + "type": "array" + }, + "verbose": { + "description": "Displays a detailed message when an operation is blocked (true).\n", + "type": "boolean" + } + }, + "type": "object" + }, + "shared.Port": { + "description": "Port is a container port", + "properties": { + "containerPort": { + "description": "ContainerPort is the mapped port inside the container.\n", + "type": "string" + }, + "hostIP": { + "description": "HostIP is the host IP.\n", + "type": "string" + }, + "hostPort": { + "description": "HostPort is the host port.\n", + "type": "integer" + } + }, + "type": "object" + }, + "shared.ProfileKubernetesData": { + "description": "ProfileKubernetesData holds Kubernetes data", + "properties": { + "clusterRoles": { + "description": "ClusterRoles are the cluster roles of the associated service account.\n", + "items": { + "$ref": "#/components/schemas/shared.KubeClusterRole" + }, + "type": "array" + }, + "roles": { + "description": "Roles are the roles of the associated service account.\n", + "items": { + "$ref": "#/components/schemas/shared.KubeRole" + }, + "type": "array" + }, + "serviceAccount": { + "description": "ServiceAccount is the service account used to access Kubernetes apiserver\nThis field will be empty if the container is not running inside of a Pod.\n", + "type": "string" + } + }, + "type": "object" + }, + "shared.Progress": { + "description": "Progress displays the scan progress", + "properties": { + "aisInitialScanInProgress": { + "description": "AISInitialScanInProgress indicates whether agentless next-gen first scheduled scan is in progress.\n", + "type": "boolean" + }, + "aisOnDemandScanInProgress": { + "description": "AISOnDemandScanInProgress indicates whether agentless next-gen on demand scan is in progress.\n", + "type": "boolean" + }, + "discovery": { + "description": "Discovery indicates whether the scan is in discovery phase.\n", + "type": "boolean" + }, + "error": { + "description": "Error is the error that happened during scan.\n", + "type": "string" + }, + "hostname": { + "description": "Hostname is the hostname for which the progress apply.\n", + "type": "string" + }, + "id": { + "description": "ID is the ID of the entity being scanned.\n", + "type": "string" + }, + "onDemand": { + "description": "OnDemand indicates whether the scan was triggered by the user or not (scheduled scan).\n", + "type": "boolean" + }, + "scanTime": { + "description": "ScanTime is the time of scan.\n", + "format": "date-time", + "type": "string" + }, + "scanned": { + "description": "Scanned is the number of entities for which the scan completed.\n", + "type": "integer" + }, + "title": { + "description": "Title is the progress title (set by the scanning process).\n", + "type": "string" + }, + "total": { + "description": "Total is the total amount of entities that should be scanned.\n", + "type": "integer" + }, + "type": { + "$ref": "#/components/schemas/shared.ScanType" + } + }, + "type": "object" + }, + "shared.RegionData": { + "description": "RegionData contains data regarding a region", + "properties": { + "coordinates": { + "$ref": "#/components/schemas/shared.Coordinates" + }, + "name": { + "description": "Name is the region display name.\n", + "type": "string" + }, + "region": { + "description": "Region is the region code name.\n", + "type": "string" + }, + "regionType": { + "$ref": "#/components/schemas/shared.RegionType" + }, + "supportedServices": { + "description": "SupportedServices is a list of cloud service types the region supports.\n", + "items": { + "$ref": "#/components/schemas/shared.ScanResultType" + }, + "type": "array" + } + }, + "type": "object" + }, + "shared.RegionDataByCloudProvider": { + "additionalProperties": { + "$ref": "#/components/schemas/-_shared.RegionData" + }, + "description": "RegionDataByCloudProvider represents the region data per cloud provider", + "type": "object" + }, + "shared.RegionType": { + "description": "RegionType specifies the region type that runs the Amazon services", + "enum": [ + [ + "regular", + "gov", + "china", + "all" + ] + ], + "type": "string" + }, + "shared.RegistryOSType": { + "description": "RegistryOSType specifies the registry images base OS type", + "enum": [ + [ + "linux", + "linuxARM64", + "windows" + ] + ], + "type": "string" + }, + "shared.RegistryScanProgress": { + "description": "RegistryScanProgress represents the registry scan progress", + "properties": { + "discovery": { + "$ref": "#/components/schemas/shared.Progress" + }, + "imageScan": { + "$ref": "#/components/schemas/shared.Progress" + }, + "isScanOngoing": { + "description": "IsScanOngoing indicates if a scan is currently ongoing.\n", + "type": "boolean" + }, + "specScanStartTime": { + "description": "SpecScanStartTime indicates when the current spec scan started.\n", + "format": "date-time", + "type": "string" + } + }, + "type": "object" + }, + "shared.RegistryScanRequest": { + "description": "RegistryScanRequest represents a registry scan request", + "properties": { + "onDemandScan": { + "description": "OnDemandScan indicates whether to handle request using the on-demand scanner.\n", + "type": "boolean" + }, + "scanID": { + "description": "ScanID is the ID of the scan.\n", + "type": "integer" + }, + "settings": { + "$ref": "#/components/schemas/shared.RegistrySpecification" + }, + "tag": { + "$ref": "#/components/schemas/shared.ImageTag" + }, + "type": { + "description": "Type indicates the type of the scan request.\n", + "type": "integer" + } + }, + "type": "object" + }, + "shared.RegistrySettings": { + "description": "RegistrySettings contains each registry's unique settings", + "properties": { + "harborScannerUrlSuffix": { + "description": "Relative path to the Harbor scanner endpoint.\n", + "type": "string" + }, + "specifications": { + "description": "Information for connecting to the registries to be scanned.\n", + "items": { + "$ref": "#/components/schemas/shared.RegistrySpecification" + }, + "type": "array" + }, + "webhookUrlSuffix": { + "description": "Relative path to the webhook HTTP endpoint.\n", + "type": "string" + } + }, + "type": "object" + }, + "shared.RegistrySpecification": { + "description": "RegistrySpecification contains information for connecting to local/remote registry", + "properties": { + "azureCloudMetadata": { + "$ref": "#/components/schemas/common.CloudMetadata" + }, + "caCert": { + "description": "CACert is the Certificate Authority that signed the registry certificate.\n", + "type": "string" + }, + "cap": { + "description": "Specifies the maximum number of images from each repo to fetch and scan, sorted by most recently modified.\n", + "type": "integer" + }, + "collections": { + "description": "Specifies the set of Defenders in-scope for working on a scan job.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "credential": { + "$ref": "#/components/schemas/cred.Credential" + }, + "credentialID": { + "description": "ID of the credentials in the credentials store to use for authenticating with the registry.\n", + "type": "string" + }, + "excludedRepositories": { + "description": "Repositories to exclude from scanning.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "excludedTags": { + "description": "Tags to exclude from scanning.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "gitlabRegistrySpec": { + "$ref": "#/components/schemas/shared.GitlabRegistrySpec" + }, + "harborDeploymentSecurity": { + "description": "Indicates whether the Prisma Cloud plugin uses temporary tokens provided by Harbor to scan images in projects where Harbor's deployment security setting is enabled.\n", + "type": "boolean" + }, + "id": { + "description": "ID is a unique identifier of the registry spec.\n", + "type": "string" + }, + "jfrogRepoTypes": { + "description": "JFrog Artifactory repository types to scan.\n", + "items": { + "$ref": "#/components/schemas/shared.JFrogRepoType" + }, + "type": "array" + }, + "lastScanStatus": { + "description": "LastScanStatus is the last scan status. we keep both LastScanStatus and ScanStatus in order to not lose the latest scan status when a scan starts.\n", + "type": "string" + }, + "lastScanTime": { + "description": "LastScanTime specifies the last time a scan was completed.\n", + "format": "date-time", + "type": "string" + }, + "namespace": { + "description": "IBM Bluemix namespace https://console.bluemix.net/docs/services/Registry/registry_overview.html#registry_planning.\n", + "type": "string" + }, + "os": { + "$ref": "#/components/schemas/shared.RegistryOSType" + }, + "registry": { + "description": "Registry address (e.g., https://gcr.io).\n", + "type": "string" + }, + "repository": { + "description": "Repositories to scan.\n", + "type": "string" + }, + "scanError": { + "description": "ScanError is the error received while scanning the specification.\n", + "type": "string" + }, + "scanStatus": { + "description": "ScanStatus is the scan status that's updated dynamically during the scan, when the scan finishes - its value is passed to the LastScanStatus field in the DB.\n", + "type": "string" + }, + "scanTime": { + "description": "ScanTime specifies the time a scan was started.\n", + "format": "date-time", + "type": "string" + }, + "scannedImagesSuccessTotal": { + "description": "ScannedImagesSuccessTotal is the total number of registry images that were scanned successfully on the last registry specification scan.\n", + "type": "integer" + }, + "scanners": { + "description": "Number of Defenders that can be utilized for each scan job.\n", + "type": "integer" + }, + "tag": { + "description": "Tags to scan.\n", + "type": "string" + }, + "version": { + "description": "Registry type. Determines the protocol Prisma Cloud uses to communicate with the registry.\n", + "type": "string" + }, + "versionPattern": { + "description": "Pattern heuristic for quickly filtering images by tags without having to query all images for modification dates.\n", + "type": "string" + } + }, + "type": "object" + }, + "shared.RiskFactorEffect": { + "description": "RiskFactorEffect represents the effect which is applied by a risk factor", + "properties": { + "effect": { + "$ref": "#/components/schemas/vuln.Effect" + }, + "riskFactor": { + "$ref": "#/components/schemas/vulnerability.RiskFactor" + } + }, + "type": "object" + }, + "shared.RuntimeAttackType": { + "description": "RuntimeAttackType is the sub-category of the attack (e.g., malware process, process not in model, etc...)", + "enum": [ + [ + "", + "cloudMetadataProbing", + "kubeletAPIAccess", + "kubeletReadonlyAccess", + "kubectlSpawned", + "kubectlDownloaded", + "horizontalPortScanning", + "verticalPortScanning", + "explicitlyDeniedIP", + "customFeedIP", + "feedIP", + "unexpectedOutboundPort", + "suspiciousNetworkActivity", + "unexpectedListeningPort", + "explicitlyDeniedListeningPort", + "explicitlyDeniedOutboundPort", + "listeningPortModifiedProcess", + "outboundPortModifiedProcess", + "feedDNS", + "explicitlyDeniedDNS", + "dnsQuery", + "unexpectedProcess", + "portScanProcess", + "malwareProcessCustom", + "malwareProcessFeed", + "explicitlyDeniedProcess", + "modifiedProcess", + "cryptoMinerProcess", + "lateralMovementProcess", + "tmpfsProcess", + "policyHijacked", + "reverseShell", + "suidBinaries", + "unknownOriginBinary", + "webShell", + "administrativeAccount", + "encryptedBinary", + "sshAccess", + "explicitlyDeniedFile", + "malwareFileCustom", + "malwareFileFeed", + "execFileAccess", + "elfFileAccess", + "secretFileAccess", + "regFileAccess", + "wildfireMalware", + "unknownOriginBinary", + "webShell", + "fileIntegrity", + "alteredBinary", + "malwareDownloaded", + "suspiciousELFHeader", + "executionFlowHijackAttempt", + "customRule" + ] + ], + "type": "string" + }, + "shared.RuntimeAudit": { + "description": "RuntimeAudit represents a runtime audit event (fires when a runtime policy is violated)", + "properties": { + "_id": { + "description": "Internal ID (used for in-place updates).\n", + "type": "string" + }, + "accountID": { + "description": "ID of the cloud account where the audit was generated.\n", + "type": "string" + }, + "app": { + "description": "Name of the service which violated the host policy.\n", + "type": "string" + }, + "appID": { + "description": "Application ID.\n", + "type": "string" + }, + "attackTechniques": { + "description": "MITRE attack techniques.\n", + "items": { + "$ref": "#/components/schemas/mitre.Technique" + }, + "type": "array" + }, + "attackType": { + "$ref": "#/components/schemas/shared.RuntimeAttackType" + }, + "cluster": { + "description": "Cluster name.\n", + "type": "string" + }, + "collections": { + "description": "Collections to which this audit applies.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "command": { + "description": "ScrubbedCommand is the command executed by the process with scrubbed PII.\n", + "type": "string" + }, + "container": { + "description": "Indicates if this is a container audit (true) or host audit (false).\n", + "type": "boolean" + }, + "containerId": { + "description": "ID of the container that violates the rule.\n", + "type": "string" + }, + "containerName": { + "description": "Container name.\n", + "type": "string" + }, + "count": { + "description": "Attack type audits count.\n", + "type": "integer" + }, + "country": { + "description": "Outbound country for outgoing network audits.\n", + "type": "string" + }, + "domain": { + "description": "Domain is the requested domain.\n", + "type": "string" + }, + "effect": { + "$ref": "#/components/schemas/runtime.RuleEffect" + }, + "err": { + "description": "Unknown error in the audit process.\n", + "type": "string" + }, + "filepath": { + "description": "Filepath is the path of the modified file.\n", + "type": "string" + }, + "fqdn": { + "description": "Current full domain name used in audit alerts.\n", + "type": "string" + }, + "function": { + "description": "Name of the serverless function that caused the audit.\n", + "type": "string" + }, + "functionID": { + "description": "ID of the function invoked.\n", + "type": "string" + }, + "hostname": { + "description": "Current hostname.\n", + "type": "string" + }, + "imageId": { + "description": "Container image ID.\n", + "type": "string" + }, + "imageName": { + "description": "Container image name.\n", + "type": "string" + }, + "interactive": { + "description": "Indicates if the audit was triggered from a process that was spawned in interactive mode (e.g., docker exec ...) (true) or not (false).\n", + "type": "boolean" + }, + "ip": { + "description": "IP is the connection destination IP address.\n", + "type": "string" + }, + "label": { + "description": "Container deployment label.\n", + "type": "string" + }, + "labels": { + "additionalProperties": { + "$ref": "#/components/schemas/string" + }, + "description": "Custom labels which augment the audit data.\n", + "type": "object" + }, + "md5": { + "description": "MD5 is the MD5 of the modified file (only for executables.\n", + "type": "string" + }, + "msg": { + "description": "Blocking message text.\n", + "type": "string" + }, + "namespace": { + "description": "K8s deployment namespace.\n", + "type": "string" + }, + "os": { + "description": "Operating system distribution.\n", + "type": "string" + }, + "pid": { + "description": "ID of the process that caused the audit event.\n", + "type": "integer" + }, + "port": { + "description": "Port is the connection destination port.\n", + "type": "integer" + }, + "processPath": { + "description": "Path of the process that caused the audit event.\n", + "type": "string" + }, + "profileId": { + "description": "Profile ID of the audit.\n", + "type": "string" + }, + "provider": { + "$ref": "#/components/schemas/common.CloudProvider" + }, + "rawEvent": { + "description": "Unparsed function handler event input.\n", + "type": "string" + }, + "region": { + "description": "Region of the resource where the audit was generated.\n", + "type": "string" + }, + "requestID": { + "description": "ID of the lambda function invocation request.\n", + "type": "string" + }, + "resourceID": { + "description": "Unique ID of the resource where the audit was generated.\n", + "type": "string" + }, + "ruleName": { + "description": "Name of the rule that was applied, if blocked.\n", + "type": "string" + }, + "runtime": { + "$ref": "#/components/schemas/shared.LambdaRuntimeType" + }, + "severity": { + "$ref": "#/components/schemas/shared.RuntimeSeverity" + }, + "time": { + "description": "Time of the audit event (in UTC time).\n", + "format": "date-time", + "type": "string" + }, + "type": { + "$ref": "#/components/schemas/shared.RuntimeType" + }, + "user": { + "description": "Service user.\n", + "type": "string" + }, + "version": { + "description": "Defender version.\n", + "type": "string" + }, + "vmID": { + "description": "Azure unique VM ID where the audit was generated.\n", + "type": "string" + }, + "wildFireReportURL": { + "description": "WildFireReportURL is a URL link of the report generated by wildFire.\n", + "type": "string" + } + }, + "type": "object" + }, + "shared.RuntimeProfileState": { + "description": "RuntimeProfileState represents the state of an image profile", + "enum": [ + [ + "learning", + "dryRun", + "learningExtended", + "manualLearning", + "manualRelearning", + "active", + "manualActive" + ] + ], + "type": "string" + }, + "shared.RuntimeSecretScrubbingSettings": { + "description": "RuntimeSecretScrubbingSettings holds the runtime secret scrubbing settings", + "properties": { + "customSpecs": { + "description": "CustomSpecs is a collection of generic sensitive data masking patterns.\n", + "items": { + "$ref": "#/components/schemas/runtime.SecretScrubbingSpec" + }, + "type": "array" + }, + "skipDefault": { + "description": "SkipDefault indicates whether default secret scrubbing should be skipped.\n", + "type": "boolean" + } + }, + "type": "object" + }, + "shared.RuntimeSeverity": { + "description": "RuntimeSeverity represents the runtime severity", + "enum": [ + [ + "low", + "medium", + "high" + ] + ], + "type": "string" + }, + "shared.RuntimeType": { + "description": "RuntimeType represents the runtime protection type", + "enum": [ + [ + "processes", + "network", + "kubernetes", + "filesystem" + ] + ], + "type": "string" + }, + "shared.ScanErrorInfo": { + "description": "ScanErrorInfo holds information about the errors that occurred during the scan", + "properties": { + "category": { + "description": "Category is the category of error.\n", + "type": "string" + }, + "cause": { + "description": "Cause describes what caused the error.\n", + "type": "string" + }, + "detectedDuring": { + "$ref": "#/components/schemas/shared.AISOperationType" + }, + "error": { + "description": "Error holds the full error string.\n", + "type": "string" + }, + "recommendation": { + "description": "Recommendation provides more information about error and suggestions for possible fixes.\n", + "type": "string" + }, + "score": { + "description": "Score is a rating of how relevant the error is to the customer.\n", + "type": "integer" + }, + "source": { + "description": "Source is details on where the error occurred.\n", + "type": "string" + }, + "updatedAt": { + "description": "UpdatedAt holds the timestamp of the current error, relevant only for AIS scans.\n", + "format": "date-time", + "type": "string" + } + }, + "type": "object" + }, + "shared.ScanResultType": { + "description": "ScanResultType represents a cloud scan result type", + "enum": [ + [ + "aws-ecr", + "aws-lambda", + "aws-ec2", + "aws-eks", + "aws-ecs", + "aws-s3", + "aws-config", + "aws-cloud-trail", + "aws-kms", + "aws-cloud-watch", + "aws-sns", + "aws-security-hub", + "aws-secrets-manager", + "aws-parameter-store", + "azure-acr", + "azure-functions", + "azure-aks", + "azure-aci", + "azure-vm", + "gcp-gcr", + "gcp-gcf", + "gcp-gke", + "gcp-vm", + "gcp-artifact", + "oci-instance" + ] + ], + "type": "string" + }, + "shared.ScanSettings": { + "description": "ScanSettings are global settings for image/host/container and registry scanning", + "properties": { + "agentlessScanPeriodMs": { + "description": "AgentlessScanPeriodMS is the agentless scan period in ms - validated for minimum 1 hour or disabled with zero.\n", + "format": "int64", + "type": "integer" + }, + "cloudPlatformsScanPeriodMs": { + "description": "CloudPlatformsScanPeriodMS is the cloud platforms scan period in ms - validated for minimum 1 hour or disabled with zero.\n", + "format": "int64", + "type": "integer" + }, + "containersScanPeriodMs": { + "description": "ContainersScanPeriodMS is the container scan period in ms - validated for minimum 1 hour or disabled with zero.\n", + "format": "int64", + "type": "integer" + }, + "extractArchive": { + "description": "ExtractArchive indicates whether to search within archive during scan is enabled.\n", + "type": "boolean" + }, + "imagesScanPeriodMs": { + "description": "ImageScanPeriodMS is the image scan period in ms - validated for minimum 1 hour or disabled with zero.\n", + "format": "int64", + "type": "integer" + }, + "includeJsDependencies": { + "description": "IncludeJsDependencies indicates whether to include packages from the \"dependencies\".\n", + "type": "boolean" + }, + "registryScanPeriodMs": { + "description": "RegistryScanPeriodMS is the registry scan period in ms - validated for minimum 1 hour or disabled with zero.\n", + "format": "int64", + "type": "integer" + }, + "registryScanRetentionDays": { + "description": "RegistryScanRetentionDays is the number of days to keep deleted registry images.\n", + "type": "integer" + }, + "scanRunningImages": { + "description": "ScanRunningImages indicates only images that are used by containers should be used.\n", + "type": "boolean" + }, + "serverlessScanPeriodMs": { + "description": "ServerlessScanPeriodMS is the serverless vulnerability scan period in ms - validated for minimum 1 hour or disabled with zero.\n", + "format": "int64", + "type": "integer" + }, + "showInfraContainers": { + "description": "ShowInfraContainers indicates infra containers should be shown.\n", + "type": "boolean" + }, + "showNegligibleVulnerabilities": { + "description": "ShowNegligibleVulnerabilities indicates whether to display negligible vulnerabilities (low severity or will not be fixed).\n", + "type": "boolean" + }, + "systemScanPeriodMs": { + "description": "SystemScanPeriodMS is the host scan period in ms - validated for minimum 1 hour or disabled with zero.\n", + "format": "int64", + "type": "integer" + }, + "tasDropletsScanPeriodMs": { + "description": "TASDropletsScanPeriodMS is the TAS scan period in ms - validated for minimum 1 hour or disabled with zero.\n", + "format": "int64", + "type": "integer" + }, + "vmScanPeriodMs": { + "description": "VMScanPeriodMS is the VM image scan period in ms - validated for minimum 1 hour or disabled with zero.\n", + "format": "int64", + "type": "integer" + } + }, + "type": "object" + }, + "shared.ScanType": { + "description": "ScanType displays the components for an ongoing scan", + "enum": [ + [ + "image", + "ciImage", + "container", + "host", + "agentlessHost", + "registry", + "serverlessScan", + "ciServerless", + "vm", + "tas", + "ciTas", + "cloudDiscovery", + "serverlessRadar", + "serverlessAutoDeploy", + "hostAutoDeploy", + "codeRepo", + "ciCodeRepo" + ] + ], + "type": "string" + }, + "shared.SecretStoreType": { + "description": "SecretStoreType is the secrets store type", + "enum": [ + [ + "hashicorp", + "hashicorp010", + "cyberark", + "awsParameterStore", + "awsSecretsManager", + "azure" + ] + ], + "type": "string" + }, + "shared.SecretsInjectionType": { + "description": "SecretsInjectionType is the method used to inject secrets to containers", + "enum": [ + [ + "envvar", + "filesystem" + ] + ], + "type": "string" + }, + "shared.SecretsPolicy": { + "description": "SecretsPolicy defines policy for distribution of secrets to containers", + "properties": { + "_id": { + "description": "ID is the internal secret policy id.\n", + "type": "string" + }, + "rules": { + "description": "Rules is the list of secret injection rules.\n", + "items": { + "$ref": "#/components/schemas/shared.SecretsRule" + }, + "type": "array" + } + }, + "type": "object" + }, + "shared.SecretsRule": { + "description": "SecretsRule defines distribution of secrets to containers", + "properties": { + "collections": { + "description": "Collections is a list of collections the rule applies to.\n", + "items": { + "$ref": "#/components/schemas/collection.Collection" + }, + "type": "array" + }, + "disabled": { + "description": "Indicates whether the rule is currently disabled. Values: true (disabled) or false (enabled).\n", + "type": "boolean" + }, + "injection": { + "$ref": "#/components/schemas/shared.SecretsInjectionType" + }, + "modified": { + "description": "Specifies the date and time when the rule was last modified.\n", + "format": "date-time", + "type": "string" + }, + "name": { + "description": "Name of the rule.\n", + "type": "string" + }, + "notes": { + "description": "Describes any noteworthy points for a rule. You can include any text.\n", + "type": "string" + }, + "owner": { + "description": "User who created or last modified the rule.\n", + "type": "string" + }, + "previousName": { + "description": "Previous name of the rule. Required for rule renaming.\n", + "type": "string" + }, + "readAllPerm": { + "description": "ReadAllPerm indicates whether file permissions of injected secrets allow read by root only or by all users.\n", + "type": "boolean" + }, + "secrets": { + "description": "Secrets are the encrypted secrets to inject.\n", + "items": { + "$ref": "#/components/schemas/shared.VaultSecret" + }, + "type": "array" + }, + "targetDir": { + "description": "TargetDir is the target directory to inject secret files to if we choose filesystem injection.\n", + "type": "string" + } + }, + "type": "object" + }, + "shared.SecretsStore": { + "description": "SecretsStore represents a secret storage entity", + "properties": { + "appID": { + "description": "AppID is the twistlock application id, as set in Cyberark store.\n", + "type": "string" + }, + "caCert": { + "$ref": "#/components/schemas/common.Secret" + }, + "clientCert": { + "$ref": "#/components/schemas/common.Secret" + }, + "credentialId": { + "description": "CredentialID is the authentication credential id.\n", + "type": "string" + }, + "name": { + "description": "Name is the name of the secret store defined by the user.\n", + "type": "string" + }, + "region": { + "description": "Region is the secrets store's region.\n", + "type": "string" + }, + "type": { + "$ref": "#/components/schemas/shared.SecretStoreType" + }, + "url": { + "description": "URL is the secrets store's endpoint point.\n", + "type": "string" + } + }, + "type": "object" + }, + "shared.SecretsStores": { + "description": "SecretsStores are settings for connecting with secrets storage vaults", + "properties": { + "refreshPeriodHours": { + "description": "RefreshPeriodHours is the secret stores refresh time in hours.\n", + "type": "integer" + }, + "secretsStores": { + "description": "Stores is the list of stores to fetch secrets from.\n", + "items": { + "$ref": "#/components/schemas/shared.SecretsStore" + }, + "type": "array" + } + }, + "type": "object" + }, + "shared.ServerlessAutoDeploySpecification": { + "description": "ServerlessAutoDeploySpecification contains the information for auto-deploying serverless functions protection", + "properties": { + "awsRegionType": { + "$ref": "#/components/schemas/shared.RegionType" + }, + "collections": { + "description": "Collections is a list of collections the rule applies to.\n", + "items": { + "$ref": "#/components/schemas/collection.Collection" + }, + "type": "array" + }, + "consoleAddr": { + "description": "ConsoleAddr represents the hostname of the console to connect to.\n", + "type": "string" + }, + "credentialID": { + "description": "CredentialID is the service provider authentication data.\n", + "type": "string" + }, + "lastModified": { + "description": "LastModified is the last modified time of the specification.\n", + "format": "date-time", + "type": "string" + }, + "name": { + "description": "Name is the name of the spec.\n", + "type": "string" + }, + "proxy": { + "$ref": "#/components/schemas/common.ProxySettings" + }, + "runtimes": { + "description": "Runtimes is the list of runtimes to which the spec applies.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + "type": "object" + }, + "shared.ServerlessAutoDeploySpecifications": { + "description": "ServerlessAutoDeploySpecifications is a list of serverless auto-deploy specifications", + "items": { + "$ref": "#/components/schemas/shared.ServerlessAutoDeploySpecification" + }, + "type": "array" + }, + "shared.ServerlessBundleRequest": { + "description": "ServerlessBundleRequest represents the arguments to serverless bundle request", + "properties": { + "provider": { + "$ref": "#/components/schemas/common.CloudProvider" + }, + "proxyCA": { + "description": "ProxyCA is the proxy\u2019s CA certificate for Defender to trust.\n", + "type": "string" + }, + "runtime": { + "$ref": "#/components/schemas/shared.LambdaRuntimeType" + } + }, + "type": "object" + }, + "shared.ServerlessLayerBundleRequest": { + "description": "ServerlessLayerBundleRequest represents the arguments to a serverless layer bundle request", + "properties": { + "nodeJSModuleType": { + "$ref": "#/components/schemas/shared.NodeJSModuleType" + }, + "provider": { + "$ref": "#/components/schemas/common.CloudProvider" + }, + "proxyCA": { + "description": "ProxyCA is the proxy\u2019s CA certificate for Defender to trust.\n", + "type": "string" + }, + "runtime": { + "$ref": "#/components/schemas/shared.LambdaRuntimeType" + } + }, + "type": "object" + }, + "shared.ServerlessScanSpecification": { + "description": "ServerlessScanSpecification describes how to connect to a serverless provider", + "properties": { + "cap": { + "description": "Specifies the maximum number of functions to fetch and scan, ordered by most recently modified.\n", + "type": "integer" + }, + "enabled": { + "description": "Enabled indicates whether serverless scanning is enabled.\n", + "type": "boolean" + }, + "scanAllVersions": { + "description": "Specifies whether to scan all image versions. If set to false, scans only $LATEST. Default: false.\n", + "type": "boolean" + }, + "scanLayers": { + "description": "Specifies whether to scan a function's layers. Default: true.\n", + "type": "boolean" + } + }, + "type": "object" + }, + "shared.SubnetConnections": { + "description": "SubnetConnections holds the entity incoming and outgoing connections from/to subnets", + "properties": { + "incoming": { + "additionalProperties": { + "$ref": "#/components/schemas/cnnf.RadarConnectionInstances" + }, + "description": "Incoming holds connection from radar entity to subnet.\n", + "type": "object" + }, + "outgoing": { + "additionalProperties": { + "$ref": "#/components/schemas/cnnf.RadarConnectionInstances" + }, + "description": "Outgoing holds connection from subnet to radar entity.\n", + "type": "object" + } + }, + "type": "object" + }, + "shared.SyslogSettings": { + "description": "SyslogSettings are the syslog settings", + "properties": { + "addr": { + "description": "Addr is the remote address for sending events.\n", + "type": "string" + }, + "allProcEvents": { + "description": "AllProcEvents indicates whether any new spawned container process should generate an event source entry.\n", + "type": "boolean" + }, + "cert": { + "description": "Cert is the server cert for dialing TLS syslogger.\n", + "type": "string" + }, + "enabled": { + "description": "Enabled indicates whether log feature is enabled.\n", + "type": "boolean" + }, + "id": { + "description": "ID represents the user's custom identifier string.\n", + "type": "string" + }, + "verboseScan": { + "description": "VerboseScan indicates whether detailed scan (Compliance/Vulnerability) result should be written to event logger.\n", + "type": "boolean" + } + }, + "type": "object" + }, + "shared.TASDropletSpecification": { + "description": "TASDropletSpecification specify which droplets to scan", + "properties": { + "cap": { + "description": "Cap indicates only the last k images should be fetched.\n", + "type": "integer" + }, + "cloudControllerAddress": { + "description": "CloudControllerAddress is the address of the local cloud controller in TAS env.\n", + "type": "string" + }, + "hostname": { + "description": "Hostname is the hostname of the defender that is used as the blobstore scanner.\n", + "type": "string" + }, + "pattern": { + "description": "Name is the droplet name.\n", + "type": "string" + }, + "remote": { + "description": "Remote indicates whether the blobstore is remote or local.\n", + "type": "boolean" + }, + "remoteConfig": { + "$ref": "#/components/schemas/shared.TASRemoteBlobstoreConfig" + } + }, + "type": "object" + }, + "shared.TASRemoteBlobstoreConfig": { + "description": "TASRemoteBlobstoreConfig contains remote blobstore details", + "properties": { + "blobstoreAddress": { + "description": "BlobstoreAddress is the address of the remote cloud controller.\n", + "type": "string" + }, + "cACert": { + "description": "CACert Ops manager CA root certificate in case the user chooses not to skip TLS validation.\n", + "type": "string" + }, + "credential": { + "$ref": "#/components/schemas/cred.Credential" + }, + "credentialID": { + "description": "CredentialID is the id in the credentials store to use for authenticating with the remote blobstore.\n", + "type": "string" + }, + "foundation": { + "description": " Foundation is the name of TAS foundation.\n", + "type": "string" + } + }, + "type": "object" + }, + "shared.Tag": { + "description": "Tag represents a single tag", + "properties": { + "color": { + "$ref": "#/components/schemas/common.Color" + }, + "description": { + "description": "Description is the tag description.\n", + "type": "string" + }, + "name": { + "description": "Name is the tag name.\n", + "type": "string" + }, + "vulns": { + "description": "Vulns are the tagged vulnerabilities.\n", + "items": { + "$ref": "#/components/schemas/shared.TagVulnMetadata" + }, + "type": "array" + } + }, + "type": "object" + }, + "shared.TagRule": { + "description": "TagRule is a tag rule for specific vulnerabilities", + "properties": { + "description": { + "description": "Free-form text for documenting the exception.\n", + "type": "string" + }, + "effect": { + "$ref": "#/components/schemas/vuln.Effect" + }, + "expiration": { + "$ref": "#/components/schemas/vuln.ExpirationDate" + }, + "name": { + "description": "Tag name.\n", + "type": "string" + } + }, + "type": "object" + }, + "shared.TagVulnMetadata": { + "description": "TagVulnMetadata contains the tag vulnerability metadata", + "properties": { + "checkBaseLayer": { + "description": "(Applies only to the resource type 'image') Checks whether the base layer in an image is the resource image.\n", + "type": "boolean" + }, + "comment": { + "description": "Adds a comment.\n", + "type": "string" + }, + "id": { + "description": "Specifies the Common Vulnerability and Exposures (CVE) ID.\n", + "type": "string" + }, + "packageName": { + "description": "Specifies the source or the binary package name where the vulnerability is found.\nUse the source package name for tagging if only source package exists.\nUse the wildcard `*` for tagging all the packages.\n", + "type": "string" + }, + "resourceType": { + "$ref": "#/components/schemas/vuln.TagType" + }, + "resources": { + "description": "(Required when you define the resource type) Specifies the resources for tagging where the vulnerability is found. Either specify the resource names separated by a comma or use the wildcard `*` to apply the tag to all the resources where the vulnerability is found.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + "type": "object" + }, + "shared.TrustAudit": { + "description": "TrustAudit represents a trust audit", + "properties": { + "_id": { + "description": "ID is the registry-repo of the created container.\n", + "type": "string" + }, + "accountID": { + "description": "AccountID is the cloud account ID where the audit was generated.\n", + "type": "string" + }, + "cluster": { + "description": "Cluster is the cluster where the audit was generated.\n", + "type": "string" + }, + "count": { + "description": "Count is the number of times this audit occurred.\n", + "type": "integer" + }, + "effect": { + "$ref": "#/components/schemas/vuln.Effect" + }, + "imageID": { + "description": "ImageID is the container image id.\n", + "type": "string" + }, + "imageName": { + "description": "ImageName is the container image name.\n", + "type": "string" + }, + "msg": { + "description": "Message is the blocking message text.\n", + "type": "string" + }, + "ruleName": { + "description": "If blocked, contains the name of the rule that was applied.\n", + "type": "string" + }, + "time": { + "description": "Time is the UTC time of the audit event.\n", + "format": "date-time", + "type": "string" + } + }, + "type": "object" + }, + "shared.TrustAudits": { + "description": "TrustAudits represents the trust profile audits", + "properties": { + "_id": { + "description": "ProfileID is the runtime profile ID.\n", + "type": "string" + }, + "audits": { + "additionalProperties": { + "$ref": "#/components/schemas/shared.TrustRegistryRepoAudits" + }, + "description": "Audits is a map from trust status (audits are only for untrusted type) to the audit events list.\n", + "type": "object" + }, + "cluster": { + "description": "Cluster is the cluster from which the audit originated.\n", + "type": "string" + }, + "collections": { + "description": "Collections are collections to which this audit applies.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "imageName": { + "description": "ImageName is the container image name.\n", + "type": "string" + }, + "label": { + "description": "Label represents the container deployment label.\n", + "type": "string" + }, + "os": { + "description": "OS is the operating system distribution.\n", + "type": "string" + }, + "resource": { + "$ref": "#/components/schemas/common.RuntimeResource" + }, + "time": { + "description": "Time is the UTC time of the last audit event.\n", + "format": "date-time", + "type": "string" + }, + "total": { + "description": "Total is the total count of audits per runtime profile.\n", + "type": "integer" + } + }, + "type": "object" + }, + "shared.TrustRegistryRepoAudits": { + "description": "TrustRegistryRepoAudits represents the trust registry/repo audits per profile", + "properties": { + "audits": { + "description": "Audits are the trust audits associated with the registry/repo, limited to the determined capacity.\n", + "items": { + "$ref": "#/components/schemas/shared.TrustAudit" + }, + "type": "array" + }, + "count": { + "description": "Count is the total count of the sub-type audits.\n", + "type": "integer" + } + }, + "type": "object" + }, + "shared.TrustedCertSettings": { + "description": "TrustedCertSettings are settings for trusted certs", + "properties": { + "certs": { + "description": "Certs are the list of trusted certificates to use in access scenarios.\n", + "items": { + "$ref": "#/components/schemas/shared.TrustedCertSignature" + }, + "type": "array" + }, + "checkRevocation": { + "description": "CheckRevocation indicates whether to check the certificate revocation.\n", + "type": "boolean" + }, + "enabled": { + "description": "Enabled indicates whether the trusted certificate feature is enabled.\n", + "type": "boolean" + } + }, + "type": "object" + }, + "shared.TrustedCertSignature": { + "description": "TrustedCertSignature represents a trusted cert settings", + "properties": { + "cn": { + "description": "CN is the certificate common name.\n", + "type": "string" + }, + "issuer": { + "description": "Issuer is the certificate issuer.\n", + "type": "string" + }, + "notAfter1": { + "description": "NotAfter is the certificate expiration time\nRemark: the 1 suffix required for backward compatibility (previous values were strings and cannot be serialized).\n", + "format": "date-time", + "type": "string" + }, + "notBefore1": { + "description": "NotBefore is the minimum time for which the cert is valid\nRemark: the 1 suffix required for backward compatibility (previous values were strings and cannot be serialized).\n", + "format": "date-time", + "type": "string" + }, + "raw": { + "description": "Raw is the raw certificate (in PEM format).\n", + "type": "string" + } + }, + "type": "object" + }, + "shared.UploadScanResult": { + "description": "UploadScanResult is the result uploading the scanning result", + "properties": { + "scanId": { + "description": "ID is the scan result ID.\n", + "type": "string" + } + }, + "type": "object" + }, + "shared.User": { + "description": "User represents a local user in Twistlock", + "properties": { + "username": { + "description": "Name of a user.\n", + "type": "string" + } + }, + "type": "object" + }, + "shared.VMSpecification": { + "description": "VMSpecification contains information for setting up and connecting to the image", + "properties": { + "cap": { + "description": "Specifies the maximum number of images to fetch and scan, ordered by most recently modified.\n", + "type": "integer" + }, + "consoleAddr": { + "description": "Network-accessible address that Defender can use to publish scan results to Console.\n", + "type": "string" + }, + "credentialID": { + "description": "ID of the credentials in the credentials store to use for authenticating with the cloud provider.\n", + "type": "string" + }, + "enableSecureBoot": { + "description": "EnableSecureBoot indicates secure boot should be enabled for the instance launched for scanning (currently only supported with GCP).\n", + "type": "boolean" + }, + "excludedImages": { + "description": "Images to exclude from scanning.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "gcpProjectID": { + "description": "GCP project ID to use for listing VM images instead of the default associated with the GCP credential (optional).\n", + "type": "string" + }, + "imageType": { + "$ref": "#/components/schemas/common.ImageType" + }, + "images": { + "description": "The names of images to scan.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "instanceType": { + "description": "InstanceType is the instance type to use for the instance launched for scanning. For example, the default instance type for AWS is \"m4.large\".\n", + "type": "string" + }, + "labels": { + "description": "The labels to use to target images to scan.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "region": { + "description": "Cloud provider region.\n", + "type": "string" + }, + "scanners": { + "description": "Number of Defenders that can be utilized for each scan job.\n", + "type": "integer" + }, + "subnetID": { + "description": "SubnetID is the network subnet ID to use for the instance launched for scanning. Default value is empty string, which represents the default subnet in the VPC.\n", + "type": "string" + }, + "vpcID": { + "description": "VPCID is the network VPC ID to use for the instance launched for scanning. Default value is empty string, which represents the default VPC in the region.\n", + "type": "string" + }, + "zone": { + "description": "Cloud provider zone (part of a region). On GCP, designates in which zone to deploy the VM scan instance.\n", + "type": "string" + } + }, + "type": "object" + }, + "shared.VMSpecifications": { + "description": "VMSpecifications is a list of VM specifications", + "items": { + "$ref": "#/components/schemas/shared.VMSpecification" + }, + "type": "array" + }, + "shared.VaultSecret": { + "description": "VaultSecret represents a secret held by a secret store", + "properties": { + "folder": { + "description": "Folder is one of the following:\nCyberark: Name of the folder for secrets held in Cyberark store\nHashicorp: The directory path for secrets held in Hashicorp store\nAWS: The name of the secret in AWS Secrets Manager or AWS Parameter Store.\n", + "type": "string" + }, + "key": { + "description": "Key is the secret's identifier in the secrets store.\n", + "type": "string" + }, + "name": { + "description": "Name is the name of the secret as input from the user.\n", + "type": "string" + }, + "safe": { + "description": "Safe is the name of the safe, for secrets held in Cyberark store.\n", + "type": "string" + }, + "store": { + "description": "Store is the name of the secrets store where the secret is held.\n", + "type": "string" + }, + "value": { + "$ref": "#/components/schemas/common.Secret" + }, + "version": { + "description": "Version is the Azure secret version.\n", + "type": "string" + } + }, + "type": "object" + }, + "shared.WildFirePolicy": { + "description": "WildFirePolicy is the global wildfire usage policy, set by the client", + "properties": { + "agentlessEnabled": { + "description": "AgentlessEnabled indicates whether agentless scan will consult WF.\n", + "type": "boolean" + }, + "complianceEnabled": { + "description": "ComplianceEnabled indicates whether compliance malware scan will consult WF.\n", + "type": "boolean" + }, + "graywareAsMalware": { + "description": "GraywareAsMalware indicates whether files with WF verdict of Grayware will be treated as malware.\n", + "type": "boolean" + }, + "region": { + "description": "Region is the WF server region to query.\n", + "type": "string" + }, + "runtimeEnabled": { + "description": "RuntimeEnabled indicates whether runtime malware scan will consult WF.\n", + "type": "boolean" + }, + "uploadEnabled": { + "description": "UploadEnabled indicates whether files will be uploaded to WF.\n", + "type": "boolean" + } + }, + "type": "object" + }, + "shared.WildFireSettings": { + "description": "WildFireSettings are the settings for WildFire API requests", + "properties": { + "apiKey": { + "description": "APIKey is the key identifier used for WF APIs.\n", + "type": "string" + }, + "apiKeyExpiration": { + "description": "APIKeyExpiration is the expiration time of the API key.\n", + "format": "date-time", + "type": "string" + }, + "lastError": { + "description": "LastError is the last error that occurred when trying to create/update the wildfire key.\n", + "type": "string" + }, + "policy": { + "$ref": "#/components/schemas/shared.WildFirePolicy" + } + }, + "type": "object" + }, + "string": { + "type": "string" + }, + "time.Duration": { + "format": "int64", + "type": "integer" + }, + "time.Time": { + "format": "date-time", + "type": "string" + }, + "trust.Data": { + "description": "Data holds the image trust data", + "properties": { + "groups": { + "description": "Groups are the trust groups.\n", + "items": { + "$ref": "#/components/schemas/trust.Group" + }, + "type": "array" + }, + "policy": { + "$ref": "#/components/schemas/trust.Policy" + } + }, + "type": "object" + }, + "trust.Group": { + "description": "Group represents a group of images", + "properties": { + "_id": { + "description": "Name of the group.\n", + "type": "string" + }, + "disabled": { + "description": "Indicates whether the rule is currently disabled. Values: true (disabled) or false (enabled).\n", + "type": "boolean" + }, + "images": { + "description": "Image names or IDs (e.g., docker.io/library/ubuntu:16.04 / SHA264@...).\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "layers": { + "description": "Filesystem layers. The image is trusted if its layers have a prefix of the trusted groups layer in the same order.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "modified": { + "description": "Specifies the date and time when the rule was last modified.\n", + "format": "date-time", + "type": "string" + }, + "name": { + "description": "Name of the rule.\n", + "type": "string" + }, + "notes": { + "description": "Describes any noteworthy points for a rule. You can include any text.\n", + "type": "string" + }, + "owner": { + "description": "User who created or last modified the rule.\n", + "type": "string" + }, + "previousName": { + "description": "Previous name of the rule. Required for rule renaming.\n", + "type": "string" + } + }, + "type": "object" + }, + "trust.HostStatus": { + "description": "HostStatus represents an image trust status on a host", + "properties": { + "host": { + "description": "Host name.\n", + "type": "string" + }, + "status": { + "$ref": "#/components/schemas/trust.Status" + } + }, + "type": "object" + }, + "trust.ImageResult": { + "description": "ImageResult represents an aggregated image trust result", + "properties": { + "groups": { + "description": "Trust groups which apply to the image.\n", + "items": { + "$ref": "#/components/schemas/trust.Group" + }, + "type": "array" + }, + "hostsStatuses": { + "description": "Image trust status on each host. Can be set to \"trusted\" or \"untrusted\".\n", + "items": { + "$ref": "#/components/schemas/trust.HostStatus" + }, + "type": "array" + } + }, + "type": "object" + }, + "trust.Policy": { + "description": "Policy represents the trust policy", + "properties": { + "_id": { + "description": "ID is the trust group policy ID.\n", + "type": "string" + }, + "enabled": { + "description": "Enabled indicates whether the policy is enabled.\n", + "type": "boolean" + }, + "rules": { + "description": "Rules is the list of rules in the policy.\n", + "items": { + "$ref": "#/components/schemas/trust.PolicyRule" + }, + "type": "array" + } + }, + "type": "object" + }, + "trust.PolicyRule": { + "description": "PolicyRule represents an trust policy rule", + "properties": { + "allowedGroups": { + "description": "AllowedGroups are the ids of the groups that are whitelisted by this rule.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "blockMsg": { + "$ref": "#/components/schemas/common.PolicyBlockMsg" + }, + "collections": { + "description": "Collections is a list of collections the rule applies to.\n", + "items": { + "$ref": "#/components/schemas/collection.Collection" + }, + "type": "array" + }, + "deniedGroups": { + "description": "DeniedGroups are the ids of the groups that are blacklisted by this rule.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "disabled": { + "description": "Indicates whether the rule is currently disabled. Values: true (disabled) or false (enabled).\n", + "type": "boolean" + }, + "effect": { + "$ref": "#/components/schemas/vuln.Effect" + }, + "modified": { + "description": "Specifies the date and time when the rule was last modified.\n", + "format": "date-time", + "type": "string" + }, + "name": { + "description": "Name of the rule.\n", + "type": "string" + }, + "notes": { + "description": "Describes any noteworthy points for a rule. You can include any text.\n", + "type": "string" + }, + "owner": { + "description": "User who created or last modified the rule.\n", + "type": "string" + }, + "previousName": { + "description": "Previous name of the rule. Required for rule renaming.\n", + "type": "string" + } + }, + "type": "object" + }, + "trust.Status": { + "description": "Status is the trust status for an image", + "enum": [ + [ + "trusted", + "untrusted" + ] + ], + "type": "string" + }, + "types.AccessStats": { + "description": "AccessStats are stats for the access flows", + "properties": { + "docker": { + "$ref": "#/components/schemas/types.AccessStatsCount" + }, + "sshd": { + "$ref": "#/components/schemas/types.AccessStatsCount" + }, + "sudo": { + "$ref": "#/components/schemas/types.AccessStatsCount" + } + }, + "type": "object" + }, + "types.AccessStatsCount": { + "description": "AccessStatsCount stores the total amount of access audits", + "properties": { + "allowed": { + "description": ".\n", + "type": "integer" + }, + "denied": { + "description": ".\n", + "type": "integer" + } + }, + "type": "object" + }, + "types.AgentlessHostStatus": { + "description": "AgentlessHostStatus holds the status of a host handled by an agentless scan", + "properties": { + "account": { + "description": "Account is the cloud account the host belongs to.\n", + "type": "string" + }, + "availabilityDomain": { + "description": "AvailabilityDomain is the host availability domain.\n", + "type": "string" + }, + "category": { + "description": "Category indicates the status category.\n", + "type": "string" + }, + "cause": { + "description": "Cause describes what caused the error category.\n", + "type": "string" + }, + "collections": { + "description": "Collections is a list of the matched collections.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "createdAt": { + "description": "CreatedAt is the time when the instance was launched.\n", + "format": "date-time", + "type": "string" + }, + "details": { + "description": "Details provides more information about status.\n", + "type": "string" + }, + "detectedDuring": { + "$ref": "#/components/schemas/shared.AISOperationType" + }, + "excludedTags": { + "description": "ExcludedTags lists of exclude tags cause the host to be excluded from the scan.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "hostname": { + "description": "Hostname is the hostname. E.g. \"ip-192-0-2-0\" or \"custom\".\n", + "type": "string" + }, + "includedTags": { + "description": "IncludedTags lists of include tags cause the host to be excluded from the scan.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "name": { + "description": "Name is the host's cloud name e.g. \"dimako-test\".\n", + "type": "string" + }, + "ociCompartment": { + "description": "OCICompartment is the compartment the instance belongs to (OCI only).\n", + "type": "string" + }, + "recommendation": { + "description": "Recommendation provides suggestions for possible fixes.\n", + "type": "string" + }, + "region": { + "description": "Region is the region the host belongs to.\n", + "type": "string" + }, + "regionError": { + "description": "RegionError indicates the status origin is a region error.\n", + "type": "boolean" + }, + "resourceID": { + "description": "Unique ID of the resource.\n", + "type": "string" + }, + "scanID": { + "description": "ScanID indicates the scan id in which the status was collected.\n", + "type": "integer" + }, + "scanTime": { + "description": "ScanTime indicates the scan time of the host.\n", + "format": "date-time", + "type": "string" + }, + "source": { + "description": "Source is details on where the status was collected.\n", + "type": "string" + }, + "vmTags": { + "description": "VMTags are the tags of the VM instance.\n", + "items": { + "$ref": "#/components/schemas/common.ExternalLabel" + }, + "type": "array" + } + }, + "type": "object" + }, + "types.AgentlessResourceTemplatesRequest": { + "description": "AgentlessResourceTemplatesRequest is the agentless resource templates request for populating\ntemplates that are needed to be applied prior to an agentless scan with the credential", + "properties": { + "awsRegionType": { + "$ref": "#/components/schemas/shared.RegionType" + }, + "credential": { + "$ref": "#/components/schemas/cred.Credential" + }, + "credentialID": { + "description": "(Required) Specifies the ID for which the templates are generated.\n", + "type": "string" + } + }, + "type": "object" + }, + "types.AlertProfileOption": { + "description": "AlertProfileOption describes options available for configuring an alert type", + "properties": { + "alertType": { + "$ref": "#/components/schemas/api.AlertType" + }, + "hasPolicy": { + "description": "HasPolicy defines whether the alerts are triggered by policy (e.g., this is false for defender alerts).\n", + "type": "boolean" + }, + "name": { + "description": "Name is the display name for the option.\n", + "type": "string" + }, + "rules": { + "description": "Rules are the rule names for the policy associated with this alert type (only relevant if HasPolicy is true).\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "supportedClients": { + "description": "SupportedClients are the supported alert clients for this alert (e.g., jira, email).\n", + "items": { + "$ref": "#/components/schemas/api.AlertClientType" + }, + "type": "array" + } + }, + "type": "object" + }, + "types.AllDefendersUsage": { + "description": "AllDefendersUsage holds stats about the usage of different modules and the sample time", + "properties": { + "appEmbedded": { + "$ref": "#/components/schemas/types.DefenderUsage" + }, + "cloudSecurityAgent": { + "$ref": "#/components/schemas/types.DefenderUsage" + }, + "container": { + "$ref": "#/components/schemas/types.DefenderUsage" + }, + "containerAgentless": { + "$ref": "#/components/schemas/types.DefenderUsage" + }, + "host": { + "$ref": "#/components/schemas/types.DefenderUsage" + }, + "hostAgentless": { + "$ref": "#/components/schemas/types.DefenderUsage" + }, + "period": { + "description": "Period is the date beginning of the usage period.\n", + "format": "date-time", + "type": "string" + }, + "remainingCredits": { + "description": "RemainingCredits is the amount of credits left at the beginning of the period.\n", + "type": "integer" + }, + "serverless": { + "$ref": "#/components/schemas/types.ServerlessUsage" + }, + "waas": { + "$ref": "#/components/schemas/types.DefenderUsage" + }, + "waasOutOfBand": { + "$ref": "#/components/schemas/types.DefenderUsage" + } + }, + "type": "object" + }, + "types.AppFirewallAttackCount": { + "description": "AppFirewallAttackCount holds app firewall attack type and the amount of audits", + "properties": { + "count": { + "description": "Count is the count for the attack type.\n", + "type": "integer" + }, + "type": { + "$ref": "#/components/schemas/waas.AttackType" + } + }, + "type": "object" + }, + "types.AppFirewallStats": { + "additionalProperties": { + "$ref": "#/components/schemas/int" + }, + "description": "AppFirewallStats are the daily stats for app firewall audits\nTODO #20802 - replace string key with WAAS attack type type when mongo changed to avoid encoding map keys without stringer", + "type": "object" + }, + "types.ArtifactoryWebhookRequest": { + "description": "ArtifactoryWebhookRequest is an artifactory webhook request\nArtifactory doesn't have native webhook support, instead it comes as a plugin\nhttps://github.com/jfrog/artifactory-user-plugins/tree/master/webhook\nThe relevant fields in the this struct were reverse engineered from the webhook groovy code and from the fields that were sent by a real artifactory environment", + "type": "object" + }, + "types.AssetsSummary": { + "properties": { + "containerImages": { + "$ref": "#/components/schemas/types.ImageAssetsSummary" + }, + "hosts": { + "$ref": "#/components/schemas/types.HostAssetsSummary" + } + }, + "type": "object" + }, + "types.AttackTechniqueStats": { + "additionalProperties": { + "$ref": "#/components/schemas/int" + }, + "description": "AttackTechniqueStats represents statistics grouped by attack technique", + "type": "object" + }, + "types.AuditTimeslice": { + "description": "AuditTimeslice counts the number of audit events for a given time period", + "properties": { + "count": { + "description": "Count is the number of audit occurrences.\n", + "type": "integer" + }, + "end": { + "description": "End is the end time of the bucket.\n", + "format": "date-time", + "type": "string" + }, + "start": { + "description": "Start is the start time of the bucket.\n", + "format": "date-time", + "type": "string" + } + }, + "type": "object" + }, + "types.AvailableVulnerabilities": { + "description": "AvailableVulnerabilities contains all available vulnerabilities types", + "properties": { + "complianceVulnerabilities": { + "description": "Compliance is the list of all available compliance issues.\n", + "items": { + "$ref": "#/components/schemas/vuln.Vulnerability" + }, + "type": "array" + }, + "cveVulnerabilities": { + "description": "CVE is all available cve vulnerabilities.\n", + "items": { + "$ref": "#/components/schemas/vuln.Vulnerability" + }, + "type": "array" + } + }, + "type": "object" + }, + "types.BFFHostQueryOptions": { + "properties": { + "hasVulnerabilities": { + "description": ".\n", + "type": "boolean" + }, + "limit": { + "description": ".\n", + "type": "integer" + }, + "nextPageToken": { + "description": ".\n", + "type": "string" + }, + "offset": { + "description": ".\n", + "type": "integer" + }, + "reverse": { + "description": ".\n", + "type": "boolean" + }, + "search": { + "description": ".\n", + "type": "string" + }, + "sort": { + "description": ".\n", + "type": "string" + } + }, + "type": "object" + }, + "types.BFFImageQueryOptions": { + "properties": { + "hasRunningContainers": { + "description": ".\n", + "type": "boolean" + }, + "hasVulnerabilities": { + "description": ".\n", + "type": "boolean" + }, + "limit": { + "description": ".\n", + "type": "integer" + }, + "nextPageToken": { + "description": ".\n", + "type": "string" + }, + "offset": { + "description": ".\n", + "type": "integer" + }, + "reverse": { + "description": ".\n", + "type": "boolean" + }, + "scanPassed": { + "description": ".\n", + "type": "boolean" + }, + "search": { + "description": ".\n", + "type": "string" + }, + "sort": { + "description": ".\n", + "type": "string" + }, + "stage": { + "description": ".\n", + "type": "string" + } + }, + "type": "object" + }, + "types.BFFPaginatedResponse": { + "description": "BFFPaginatedResponse is the paginated response", + "properties": { + "nextPageToken": { + "description": ".\n", + "type": "string" + }, + "total": { + "description": ".\n", + "type": "integer" + } + }, + "type": "object" + }, + "types.BaseImage": { + "description": "BaseImage represents an image which is defined as a base image", + "properties": { + "creationTime": { + "description": "CreationTime is the time when the image was created.\n", + "format": "date-time", + "type": "string" + }, + "imageName": { + "description": "ImageName is the image name repository:tag.\n", + "type": "string" + }, + "topLayer": { + "description": "TopLayer is the SHA256 of the image's last filesystem layer.\n", + "type": "string" + } + }, + "type": "object" + }, + "types.BaseImagesRule": { + "description": "BaseImagesRule holds the base images defined by a single scope", + "properties": { + "_id": { + "description": "Pattern is the scope configuration identification, e.g. image name regex pattern.\n", + "type": "string" + }, + "description": { + "description": "Description is the base images scope description.\n", + "type": "string" + }, + "images": { + "description": "Images holds the base images which matches the scope configuration, capped to 50 image digests per scope.\n", + "items": { + "$ref": "#/components/schemas/types.BaseImage" + }, + "type": "array" + } + }, + "type": "object" + }, + "types.BffQueryPermissions": { + "description": "BffQueryPermissions are user permissions", + "type": "object" + }, + "types.CSAPairingSettings": { + "description": "CSAPairingSettings is the settings which are received from the CSA during the pairing process", + "properties": { + "apiKey": { + "description": "APIKey is the key to call the CSA API.\n", + "type": "string" + }, + "apiKeyID": { + "description": "APIKeyID is the key ID to call the CSA API.\n", + "type": "string" + }, + "apiURL": { + "description": "APIURL is the CSA API URL.\n", + "type": "string" + }, + "fqdn": { + "description": "FQDN is the fully qualified domain name of CSA tenant.\n", + "type": "string" + }, + "gcpBucketName": { + "description": "GCPBucketName is the name of the GCP bucket.\n", + "type": "string" + }, + "pubSubSubscription": { + "description": "PubSubSubscription is the subscription name to the pub/sub.\n", + "type": "string" + }, + "pubSubSubscriptionDebug": { + "description": "PubSubSubscriptionDebug is the subscription name to the pub/sub for debugging purposes.\n", + "type": "string" + }, + "region": { + "description": "Region is the (GCP) region where the tenant is deployed.\n", + "type": "string" + }, + "serviceAccountKey": { + "description": "ServiceAccountKey is the service account to the pub/sub and bucket.\n", + "type": "string" + } + }, + "type": "object" + }, + "types.CSAStatus": { + "description": "CSAStatus is the CSA status", + "properties": { + "tenantURL": { + "description": "TenantURL is the CSA tenant URL.\n", + "type": "string" + } + }, + "type": "object" + }, + "types.CVEStats": { + "description": "CVEStats represents statistics about a CVE type", + "properties": { + "count": { + "description": "Count is the number of CVEs from the specific type.\n", + "type": "integer" + }, + "distro": { + "description": "Distro is the impacted image distro (e.g., ubuntu).\n", + "type": "string" + }, + "distro_release": { + "description": "DistroRelase is the impacted image distro release (bionic).\n", + "type": "string" + }, + "modified": { + "description": "Modified is the max unix timestamp for the specific CVE.\n", + "format": "int64", + "type": "integer" + }, + "type": { + "description": "Type is the vulnerability type.\n", + "type": "string" + } + }, + "type": "object" + }, + "types.CVEVulnerability": { + "description": "CVEVulnerability holds data on package and files vulnerabilities", + "properties": { + "affected_cpes": { + "$ref": "#/components/schemas/vulnerability.RHELCpeHashes" + }, + "affected_cpes_uuid": { + "description": "AffectedCpesUUID is used to create unique records for vulnerabilities that only differ in their affected CPEs.\n", + "type": "string" + }, + "app_vuln_id": { + "description": "AppVulnID is the unique ID of the application vulnerability (app+cve+internal custom ID).\n", + "type": "string" + }, + "archs": { + "$ref": "#/components/schemas/vulnerability.CPUArchs" + }, + "conditions": { + "$ref": "#/components/schemas/vulnerability.Conditions" + }, + "cpe_ids": { + "$ref": "#/components/schemas/vulnerability.CpeIDs" + }, + "custom": { + "description": "Custom indicates if this is a custom vulnerability.\n", + "type": "boolean" + }, + "cve": { + "description": ".\n", + "type": "string" + }, + "cvss": { + "description": ".\n", + "format": "float", + "type": "number" + }, + "description": { + "description": "Description is the vulnerability description.\n", + "type": "string" + }, + "distro": { + "description": ".\n", + "type": "string" + }, + "distro_release": { + "description": ".\n", + "type": "string" + }, + "exploit": { + "$ref": "#/components/schemas/vulnerability.ExploitType" + }, + "exploits": { + "$ref": "#/components/schemas/vulnerability.Exploits" + }, + "fixDate": { + "description": "FixDate is the date this CVE was fixed (unix timestamp).\n", + "format": "int64", + "type": "integer" + }, + "go_package": { + "description": "GoPackage indicates a Go vulnerability at package-level and holds the package import path.\n", + "type": "string" + }, + "is_rpm_module": { + "description": "IsRPMModule indicates whether this vulnerability is specific to an RPM module.\n", + "type": "boolean" + }, + "jar_identifier": { + "description": "JarIdentifier holds an additional identification detail of the vulnerable JAR.\n", + "type": "string" + }, + "link": { + "description": "Link is the link for information about the vulnerability (used for custom vulnerabilities).\n", + "type": "string" + }, + "link_id": { + "description": "LinkID is the ID required to construct the vendor link to the CVE.\n", + "type": "string" + }, + "modified": { + "description": "Modified is the last time this CVE was modified (unix timestamp).\n", + "format": "int64", + "type": "integer" + }, + "non_vulnerable": { + "description": "NonVulnerable indicates that the CVE in not vulnerable on its own, but only when it comes together with conditional combination of CVE.\n", + "type": "boolean" + }, + "originBuilder": { + "description": "OriginBuilder indicates the origin of the CVE.\n", + "type": "string" + }, + "package": { + "description": ".\n", + "type": "string" + }, + "rh_general_severity": { + "description": "RHGeneralSeverity is the Red Hat's general severity of this CVE.\n", + "type": "string" + }, + "rpm_module": { + "description": "RPMModule represents the RPM module containing the package affected by this vulnerability.\n", + "type": "string" + }, + "rules": { + "$ref": "#/components/schemas/vulnerability.Rules" + }, + "running_on_with": { + "description": "RunningOnWith is NVD \"running On/With\" conditions.\n", + "type": "string" + }, + "security_repo_pkg": { + "description": "SecurityRepoPkg determines if the package belongs to a security repository (e.g. bullseye-security).\n", + "type": "boolean" + }, + "severity": { + "description": ".\n", + "type": "string" + }, + "status": { + "description": "Status is the official vendor state for the CVE.\n", + "type": "string" + }, + "symbols": { + "$ref": "#/components/schemas/vulnerability.Symbols" + }, + "type": { + "$ref": "#/components/schemas/vulnerability.CVEType" + }, + "vecStr": { + "description": "VectorString is the NVD vulnerability string.\n", + "type": "string" + } + }, + "type": "object" + }, + "types.CertData": { + "description": "CertData is used to add a custom certificate to the product", + "properties": { + "certificate": { + "description": "Data is the certificate pem data.\n", + "type": "string" + } + }, + "type": "object" + }, + "types.CertSettings": { + "description": "CertSettings are the certificates settings", + "properties": { + "caExpiration": { + "description": "CAExpiration holds the expiration date of the CA cert.\n", + "format": "date-time", + "type": "string" + }, + "consoleSAN": { + "description": "ConsoleSAN if specified, use this list as the SAN for the console server certificate. Used for websocket and API.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "defenderOldCAExpiration": { + "description": "DefenderOldCAExpiration holds the expiration time of the defender old CA cert.\n", + "format": "date-time", + "type": "string" + } + }, + "type": "object" + }, + "types.CertificateSettings": { + "description": "CertificateSettings are the certificate settings", + "properties": { + "accessCaCert": { + "description": "AccessCACert is a custom CA certificate.\n", + "type": "string" + }, + "certificatePeriodDays": { + "description": "CertificatePeriodDays is the certificates period in days.\n", + "type": "integer" + } + }, + "type": "object" + }, + "types.CloudComputeInfo": { + "description": "CloudComputeInfo holds some fields from the compute structure that may be contained in the raw cloud info", + "properties": { + "vmId": { + "description": "VMID (\"vmId\") is a field used in Azure raw struct.\n", + "type": "string" + } + }, + "type": "object" + }, + "types.CloudInfo": { + "description": "CloudInfo holds cloud information of a CSA agent\nTODO #CWP-52951: - Cortex should send us normalized cloud attributes instead of raw data.", + "properties": { + "cloud_provider": { + "$ref": "#/components/schemas/types.CloudProvider" + }, + "raw": { + "$ref": "#/components/schemas/types.CloudRawInfo" + } + }, + "type": "object" + }, + "types.CloudProvider": { + "description": "CloudProvider identifies a cloud provider in the CSA Endpoints API", + "enum": [ + [ + "AWS", + "GCP", + "Azure" + ] + ], + "type": "string" + }, + "types.CloudProviders": { + "items": { + "$ref": "#/components/schemas/common.CloudProvider" + }, + "type": "array" + }, + "types.CloudRawInfo": { + "description": "CloudRawInfo holds some fields that may appear in the raw cloud info, depending on cloud provider\nTODO #CWP-52951: - Cortex should send us normalized cloud attributes instead of raw data.", + "properties": { + "compute": { + "$ref": "#/components/schemas/types.CloudComputeInfo" + }, + "id": { + "description": "ID (\"id\") is a field used in GCP raw struct.\n", + "type": "string" + }, + "instance-id": { + "description": "InstanceID (\"instance-id\") is a field used in AWS raw struct.\n", + "type": "string" + } + }, + "type": "object" + }, + "types.ClusterRadarInfo": { + "description": "ClusterRadarInfo contains cluster information to display on the radar", + "properties": { + "cloudProivder": { + "$ref": "#/components/schemas/common.CloudProvider" + }, + "hostCount": { + "description": "HostCount is the number of host running the cluster.\n", + "type": "integer" + }, + "name": { + "description": "Name of the cluster.\n", + "type": "string" + }, + "namespaceCount": { + "description": "Namespace is the number of namespace in the cluster.\n", + "type": "integer" + } + }, + "type": "object" + }, + "types.ComplianceCategoryStats": { + "description": "ComplianceCategoryStats holds data regarding a compliance category", + "properties": { + "failed": { + "description": "Failed is the count of impacted resources by the category IDs.\n", + "type": "integer" + }, + "name": { + "$ref": "#/components/schemas/vuln.ComplianceCategory" + }, + "total": { + "description": "Total is the count of evaluations of category IDs.\n", + "type": "integer" + } + }, + "type": "object" + }, + "types.ComplianceDailyStats": { + "description": "ComplianceDailyStats is the compliance daily stats", + "properties": { + "_id": { + "description": "Date holds the date the data was collected.\n", + "type": "string" + }, + "distribution": { + "$ref": "#/components/schemas/vuln.Distribution" + }, + "modified": { + "description": "Modified is the time the data was modified.\n", + "format": "date-time", + "type": "string" + } + }, + "type": "object" + }, + "types.ComplianceIDStats": { + "description": "ComplianceIDStats holds data regarding applied compliance ID", + "properties": { + "benchmarkID": { + "description": "BenchmarkID is the benchmark ID.\n", + "type": "string" + }, + "category": { + "$ref": "#/components/schemas/vuln.ComplianceCategory" + }, + "description": { + "description": "Description is the compliance description.\n", + "type": "string" + }, + "failed": { + "description": "Failed is the number of occurrences of compliance ID in resources.\n", + "type": "integer" + }, + "id": { + "description": "ID is the compliance ID.\n", + "type": "integer" + }, + "severity": { + "description": "Severity is the compliance severity.\n", + "type": "string" + }, + "templateTitle": { + "description": "TemplateTitle is the template title.\n", + "type": "string" + }, + "total": { + "description": "Total is the count of resources evaluated with the compliance.\n", + "type": "integer" + }, + "type": { + "$ref": "#/components/schemas/vulnerability.Type" + } + }, + "type": "object" + }, + "types.ComplianceStats": { + "description": "ComplianceStats holds compliance data", + "properties": { + "categories": { + "description": "Compliance stats by category.\n", + "items": { + "$ref": "#/components/schemas/types.ComplianceCategoryStats" + }, + "type": "array" + }, + "daily": { + "description": "Daily compliance stats.\n", + "items": { + "$ref": "#/components/schemas/types.ComplianceDailyStats" + }, + "type": "array" + }, + "ids": { + "description": "Compliance data by check ID.\n", + "items": { + "$ref": "#/components/schemas/types.ComplianceIDStats" + }, + "type": "array" + }, + "rules": { + "description": "Compliance stats by policy rules.\n", + "items": { + "$ref": "#/components/schemas/types.RuleComplianceStats" + }, + "type": "array" + }, + "templates": { + "description": "Compliance stats by template.\n", + "items": { + "$ref": "#/components/schemas/types.ComplianceTemplateStats" + }, + "type": "array" + } + }, + "type": "object" + }, + "types.ComplianceTemplateStats": { + "description": "ComplianceTemplateStats holds data regarding a compliance template", + "properties": { + "failed": { + "description": "Failed is the count of impacted resources by the template IDs.\n", + "type": "integer" + }, + "name": { + "$ref": "#/components/schemas/vuln.ComplianceTemplate" + }, + "total": { + "description": "Total is the count of evaluations of template IDs.\n", + "type": "integer" + } + }, + "type": "object" + }, + "types.ConsoleCertificateSettings": { + "description": "ConsoleCertificateSettings are the console certificate settings", + "properties": { + "checkRevocation": { + "description": "CheckRevocation indicates whether cert revocation status is required.\n", + "type": "boolean" + }, + "consoleCaCert": { + "description": "ConsoleCACert is a custom CA certificate for the console.\n", + "type": "string" + }, + "consoleCustomCert": { + "$ref": "#/components/schemas/common.Secret" + }, + "hpkp": { + "$ref": "#/components/schemas/types.HPKPSettings" + } + }, + "type": "object" + }, + "types.ContainerRadarData": { + "description": "ContainerRadarData represent all data relevant to the network radar", + "properties": { + "containerCount": { + "description": "ContainerCount is the total number of containers.\n", + "type": "integer" + }, + "radar": { + "description": "Radar holds all radar entities.\n", + "items": { + "$ref": "#/components/schemas/types.ContainerRadarEntity" + }, + "type": "array" + }, + "radarSubnets": { + "description": "RadarSubnets holds all the radar subnets.\n", + "items": { + "$ref": "#/components/schemas/cnnf.NetworkEntity" + }, + "type": "array" + } + }, + "type": "object" + }, + "types.ContainerRadarEntity": { + "description": "ContainerRadarEntity is the extended container radar entity (include presentation metadata)", + "properties": { + "_id": { + "description": ".\n", + "type": "string" + }, + "agentless": { + "description": "Agentless indicates whether this container was scanned by the agentless scanner.\n", + "type": "boolean" + }, + "allowAll": { + "$ref": "#/components/schemas/cnnf.AllowAllConnections" + }, + "appFirewallAttackCounts": { + "description": "AppFirewallAttackCounts is the counts for the app firewall attacks.\n", + "items": { + "$ref": "#/components/schemas/types.AppFirewallAttackCount" + }, + "type": "array" + }, + "cluster": { + "description": "Cluster is the provided cluster name.\n", + "type": "string" + }, + "complianceDistribution": { + "$ref": "#/components/schemas/vuln.Distribution" + }, + "containerCount": { + "description": "ContainerCount is the amount of containers per entity.\n", + "type": "integer" + }, + "distro": { + "description": ".\n", + "type": "string" + }, + "dns": { + "description": "DNS states whether this is a DNS node.\n", + "type": "boolean" + }, + "filesystemCount": { + "description": ".\n", + "type": "integer" + }, + "firewallProtection": { + "$ref": "#/components/schemas/waas.ProtectionStatus" + }, + "geoip": { + "$ref": "#/components/schemas/runtime.ProfileNetworkGeoIP" + }, + "hasDNSConnection": { + "description": "HasDNSConnection states whether the node has DNS connection.\n", + "type": "boolean" + }, + "hostCount": { + "description": ".\n", + "type": "integer" + }, + "hostname": { + "description": ".\n", + "type": "string" + }, + "imageID": { + "description": "ImageID is the entity's image ID.\n", + "type": "string" + }, + "imageName": { + "description": "ImageName is the entity's image name.\n", + "type": "string" + }, + "imageNames": { + "description": "ImageNames are the names of the image associated with the radar entity.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "incidentCount": { + "description": "IncidentCount is the number of incidents.\n", + "type": "integer" + }, + "incomingConnections": { + "description": "IncomingConnections are the radar entity incoming connections.\n", + "items": { + "$ref": "#/components/schemas/shared.ContainerRadarIncomingConnection" + }, + "type": "array" + }, + "internet": { + "$ref": "#/components/schemas/shared.InternetConnections" + }, + "istio": { + "description": "Istio states whether it is an istio-monitored entity.\n", + "type": "boolean" + }, + "istioAuthorizationPolicies": { + "description": "IstioAuthorizationPolicies are the Istio authorization policies.\n", + "items": { + "$ref": "#/components/schemas/istio.AuthorizationPolicy" + }, + "type": "array" + }, + "k8s": { + "$ref": "#/components/schemas/shared.ProfileKubernetesData" + }, + "label": { + "description": "Label is the entity's label.\n", + "type": "string" + }, + "labels": { + "description": "Labels are the radar entity labels.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "learning": { + "description": "Learning indicates whether the runtime profile associated with the entity is in learning state.\n", + "type": "boolean" + }, + "namespace": { + "description": "Namespace is the kubernetes namespace the entity belongs to (for kubernetes type).\n", + "type": "string" + }, + "networkCount": { + "description": ".\n", + "type": "integer" + }, + "processesCount": { + "description": ".\n", + "type": "integer" + }, + "profileHash": { + "$ref": "#/components/schemas/common.ProfileHash" + }, + "region": { + "description": "Region is the cloud provider region.\n", + "type": "string" + }, + "resolved": { + "description": "Resolved indicates if the entity has all data resolved or just contains the ID and hash, used to indicate if the console should be updated on entity resolving.\n", + "type": "boolean" + }, + "serviceIP": { + "description": "ServiceIP the ip of the kubernetes service (for kubernetes type).\n", + "type": "string" + }, + "serviceName": { + "description": "ServiceName is kubernetes service the entity belongs to (for kubernetes type).\n", + "type": "string" + }, + "servicePorts": { + "description": "ServicePorts are the ports the kubernetes service exposes (for kubernetes type).\n", + "items": { + "$ref": "#/components/schemas/int" + }, + "type": "array" + }, + "shouldSkipNetwork": { + "description": "ShouldSkipNetwork indicates whether network monitoring for this container should be skipeed or not.\n", + "type": "boolean" + }, + "subnetConnections": { + "$ref": "#/components/schemas/shared.SubnetConnections" + }, + "type": { + "$ref": "#/components/schemas/shared.EntityType" + }, + "vulnerabilityDistribution": { + "$ref": "#/components/schemas/vuln.Distribution" + }, + "waasStats": { + "$ref": "#/components/schemas/waas.MonitoringStats" + } + }, + "type": "object" + }, + "types.Count": { + "properties": { + "value": { + "description": ".\n", + "type": "integer" + } + }, + "type": "object" + }, + "types.CredentialUsage": { + "description": "CredentialUsage represents a single credential usage", + "properties": { + "description": { + "description": "Resource description (e.g., repository name for registry scan).\n", + "type": "string" + }, + "type": { + "$ref": "#/components/schemas/cred.UsageType" + } + }, + "type": "object" + }, + "types.DefenderSummary": { + "description": "DefenderSummary is a summary for a type of defender", + "properties": { + "category": { + "$ref": "#/components/schemas/defender.Category" + }, + "connected": { + "description": "Connected counts how many defenders are connected for this category.\n", + "type": "integer" + }, + "deployed": { + "description": "Deployed counts how many defenders are deployed for this category.\n", + "type": "integer" + }, + "licensed": { + "description": "Licensed counts how many defenders are licensed for this category.\n", + "type": "integer" + } + }, + "type": "object" + }, + "types.DefenderUsage": { + "description": "DefenderUsage holds the number of defenders and the credits used for a specific defender type", + "properties": { + "creditCount": { + "description": "CreditCount is credits that was used for this defender type.\n", + "format": "double", + "type": "number" + }, + "defendersCount": { + "description": "DefendersCount is the number of defenders that was used for this defender type.\n", + "format": "double", + "type": "number" + } + }, + "type": "object" + }, + "types.DefendersVersionCount": { + "description": "DefendersVersionCount holds the defenders count per each version", + "properties": { + "count": { + "description": "Defenders count per version.\n", + "type": "integer" + }, + "version": { + "description": "Release version.\n", + "type": "string" + } + }, + "type": "object" + }, + "types.DiscoveredVM": { + "description": "DiscoveredVM represents the information about the instance, fetched from the cloud compute interface", + "properties": { + "_id": { + "description": "ID is the instance id. E.g. \"i-5cd23551\".\n", + "type": "string" + }, + "accountID": { + "description": "AccountID is the cloud provider account ID.\n", + "type": "string" + }, + "architecture": { + "description": "Architecture is the architecture of the image.\n", + "type": "string" + }, + "arn": { + "description": "The Amazon Resource Name (ARN) assigned to the instance.\n", + "type": "string" + }, + "awsSubnetID": { + "description": "AWSSubnetID is the ID of the subnet associated with the VM (AWS only).\n", + "type": "string" + }, + "awsVPCID": { + "description": "AWSVPCID is the ID of the VPC associated with the VM (AWS only).\n", + "type": "string" + }, + "cluster": { + "description": "Cluster is the cluster name that is associated with the vm.\n", + "type": "string" + }, + "collections": { + "description": "Collections is a list of the matched collections.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "createdAt": { + "description": "CreatedAt is the time when the instance was launched.\n", + "format": "date-time", + "type": "string" + }, + "fqdn": { + "description": "FQDN is the host's fully qualified domain name . E.g. \"ip-192-0-2-0.us-east-2.compute.internal\".\n", + "type": "string" + }, + "hasDefender": { + "description": "HasDefender indicates that the instance has a defender installed on it.\n", + "type": "boolean" + }, + "hostname": { + "description": "Hostname is the hostname. E.g. \"ip-192-0-2-0\" or \"custom\".\n", + "type": "string" + }, + "imageID": { + "description": "ImageID is the ID of the AMI used to launch the instance. E.g. \"ami-35501205\".\n", + "type": "string" + }, + "imageName": { + "description": "ImageName is the name of the AMI used to launch the instance.\n", + "type": "string" + }, + "name": { + "description": "Name is the instance name.\n", + "type": "string" + }, + "os": { + "description": "OS is the Operating System installed on the instance.\n", + "type": "string" + }, + "osInfo": { + "$ref": "#/components/schemas/common.OSDistroInfo" + }, + "provider": { + "$ref": "#/components/schemas/common.CloudProvider" + }, + "region": { + "description": "Region is the region the VM is located at.\n", + "type": "string" + }, + "tags": { + "description": "Tags are the tags of the VM instance.\n", + "items": { + "$ref": "#/components/schemas/common.ExternalLabel" + }, + "type": "array" + }, + "timestamp": { + "description": "Timestamp is the time in which the instance info was fetched.\n", + "format": "date-time", + "type": "string" + } + }, + "type": "object" + }, + "types.EcsTaskDefinitionOptions": { + "description": "EcsTaskDefinitionOptions holds the ecs deployment options", + "properties": { + "annotations": { + "additionalProperties": { + "$ref": "#/components/schemas/string" + }, + "description": "Annotations is mapping of key-value pairs of annotations metadata - optional.\n", + "type": "object" + }, + "bottlerocket": { + "description": "Bottlerocket indicates whether to be deployed on a Bottlerocket Linux OS.\n", + "type": "boolean" + }, + "cluster": { + "description": "Cluster is the kubernetes or ecs cluster name.\n", + "type": "string" + }, + "clusterNameResolvingMethod": { + "description": "ClusterNameResolvingMethod is the method used to resolve the cluster name, could be default, manual or api-server.\n", + "type": "string" + }, + "collectPodLabels": { + "description": "CollectPodLabels indicates whether to collect pod related labels resource labels.\n", + "type": "boolean" + }, + "consoleAddr": { + "description": "ConsoleAddr is the console address for defender communication.\n", + "type": "string" + }, + "containerRuntime": { + "$ref": "#/components/schemas/common.ContainerRuntime" + }, + "cpuLimit": { + "description": "CPULimit is the cpu limit for the defender deamonset - optional.\n", + "type": "integer" + }, + "credentialID": { + "description": "CredentialID is the name of the credential used.\n", + "type": "string" + }, + "dockerSocketPath": { + "description": "DockerSocketPath is the path of the docker socket file.\n", + "type": "string" + }, + "gkeAutopilot": { + "description": "GKEAutopilot indicates the deployment is requested for GKE Autopilot.\n", + "type": "boolean" + }, + "hostCustomComplianceEnabled": { + "description": "HostCustomComplianceEnabled indicates whether host custom compliance checks are enabled.\n", + "type": "boolean" + }, + "image": { + "description": "Image is the full daemonset image name.\n", + "type": "string" + }, + "istio": { + "description": "MonitorIstio indicates whether to monitor Istio.\n", + "type": "boolean" + }, + "memoryLimit": { + "description": "MemoryLimit is a memory limit for the defender deamonset - optional.\n", + "type": "integer" + }, + "namespace": { + "description": "Namespace is the target deamonset namespaces.\n", + "type": "string" + }, + "nodeSelector": { + "description": "NodeSelector is a key/value node selector.\n", + "type": "string" + }, + "orchestration": { + "description": "Orchestration is the orchestration type.\n", + "type": "string" + }, + "priorityClassName": { + "description": "PriorityClassName is the name of the priority class for the defender - optional.\n", + "type": "string" + }, + "privileged": { + "description": "Privileged indicates whether to run defenders as privileged.\n", + "type": "boolean" + }, + "projectID": { + "description": "ProjectID is the kubernetes cluster project ID.\n", + "type": "string" + }, + "proxy": { + "$ref": "#/components/schemas/common.DefenderProxyOpt" + }, + "region": { + "description": "Region is the kubernetes cluster location region.\n", + "type": "string" + }, + "roleARN": { + "description": "RoleARN is the role's ARN to associate with the created service account - optional.\n", + "type": "string" + }, + "secretsname": { + "description": "SecretsName is the name of the secret to pull.\n", + "type": "string" + }, + "selinux": { + "description": "SelinuxEnforced indicates whether selinux is enforced on the target host.\n", + "type": "boolean" + }, + "serviceaccounts": { + "description": "MonitorServiceAccounts indicates whether to monitor service accounts.\n", + "type": "boolean" + }, + "talos": { + "description": "Talos indicates if the daemonset is to be deployed on a Talos Linux k8s cluster.\n", + "type": "boolean" + }, + "taskName": { + "description": "TaskName is the name used for the task definition.\n", + "type": "string" + }, + "tolerations": { + "description": "Tolerations is a list of tolerations for the defender deamonset - optional.\n", + "items": { + "$ref": "#/components/schemas/common.Toleration" + }, + "type": "array" + }, + "uniqueHostname": { + "description": "UniqueHostname indicates whether to assign unique hostnames.\n", + "type": "boolean" + } + }, + "type": "object" + }, + "types.Endpoint": { + "description": "Endpoint represents a Cortex XDR agent", + "properties": { + "active_directory": { + "description": ".\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "alias": { + "description": ".\n", + "type": "string" + }, + "assigned_extensions_policy": { + "description": ".\n", + "type": "string" + }, + "assigned_prevention_policy": { + "description": ".\n", + "type": "string" + }, + "cloud_info": { + "$ref": "#/components/schemas/types.CloudInfo" + }, + "cloud_labels": { + "description": ".\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "cloud_provider_account_id": { + "description": ".\n", + "type": "string" + }, + "cloud_security_agent_capable": { + "description": ".\n", + "type": "boolean" + }, + "cloud_security_agent_mode": { + "description": ".\n", + "type": "boolean" + }, + "cluster_name": { + "description": ".\n", + "type": "string" + }, + "content_release_timestamp": { + "description": ".\n", + "format": "int64", + "type": "integer" + }, + "content_status": { + "description": ".\n", + "type": "string" + }, + "content_version": { + "description": ".\n", + "type": "string" + }, + "domain": { + "description": ".\n", + "type": "string" + }, + "endpoint_id": { + "description": "EndpointID is the Endpoint unique identifier.\n", + "type": "string" + }, + "endpoint_name": { + "description": "EndpointName is the hostname.\n", + "type": "string" + }, + "endpoint_status": { + "description": ".\n", + "type": "string" + }, + "endpoint_type": { + "description": ".\n", + "type": "string" + }, + "endpoint_version": { + "description": ".\n", + "type": "string" + }, + "first_seen": { + "description": ".\n", + "format": "int64", + "type": "integer" + }, + "group_name": { + "description": ".\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "install_date": { + "description": ".\n", + "format": "int64", + "type": "integer" + }, + "installation_package": { + "description": ".\n", + "type": "string" + }, + "ip": { + "description": ".\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "ipv6": { + "description": ".\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "is_isolated": { + "description": ".\n", + "type": "string" + }, + "isolated_date": { + "description": ".\n", + "format": "int64", + "type": "integer" + }, + "last_content_update_time": { + "description": ".\n", + "format": "int64", + "type": "integer" + }, + "last_seen": { + "description": "LastSeen is the last time the Endpoint was seen connected (UTC epoch milliseconds).\n", + "format": "int64", + "type": "integer" + }, + "mac_address": { + "description": ".\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "operating_system": { + "description": ".\n", + "type": "string" + }, + "operational_status": { + "description": ".\n", + "type": "string" + }, + "operational_status_description": { + "description": ".\n", + "type": "string" + }, + "operational_status_details": { + "description": ".\n", + "items": { + "$ref": "#/components/schemas/types.OperationalStatusDetail" + }, + "type": "array" + }, + "os_type": { + "description": ".\n", + "type": "string" + }, + "os_version": { + "description": ".\n", + "type": "string" + }, + "public_ip": { + "description": ".\n", + "type": "string" + }, + "scan_status": { + "description": ".\n", + "type": "string" + }, + "tags": { + "$ref": "#/components/schemas/types.Tags" + }, + "token_hash": { + "description": ".\n", + "type": "string" + }, + "users": { + "description": ".\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + "type": "object" + }, + "types.EventStats": { + "description": "EventStats holds counters for all event types", + "properties": { + "admissionAudits": { + "description": ".\n", + "type": "integer" + }, + "agentlessAppFirewall": { + "description": ".\n", + "type": "integer" + }, + "appEmbeddedAppFirewall": { + "description": ".\n", + "type": "integer" + }, + "appEmbeddedRuntime": { + "description": ".\n", + "type": "integer" + }, + "containerAppFirewall": { + "description": ".\n", + "type": "integer" + }, + "containerNetworkFirewall": { + "description": ".\n", + "type": "integer" + }, + "containerRuntime": { + "description": ".\n", + "type": "integer" + }, + "containerSecurityEvents": { + "description": "Cloud Security Agent event stats.\n", + "type": "integer" + }, + "dockerAccess": { + "description": ".\n", + "type": "integer" + }, + "fileIntegrity": { + "description": ".\n", + "type": "integer" + }, + "hostActivities": { + "description": ".\n", + "type": "integer" + }, + "hostAppFirewall": { + "description": ".\n", + "type": "integer" + }, + "hostNetworkFirewall": { + "description": ".\n", + "type": "integer" + }, + "hostRuntime": { + "description": ".\n", + "type": "integer" + }, + "hostSecurityEvents": { + "description": ".\n", + "type": "integer" + }, + "kubernetesAudits": { + "description": ".\n", + "type": "integer" + }, + "logInspection": { + "description": ".\n", + "type": "integer" + }, + "serverlessAppFirewall": { + "description": ".\n", + "type": "integer" + }, + "serverlessRuntime": { + "description": ".\n", + "type": "integer" + }, + "trustAudits": { + "description": ".\n", + "type": "integer" + } + }, + "type": "object" + }, + "types.Group": { + "description": "Group represents a console group", + "properties": { + "_id": { + "description": "Group name.\n", + "type": "string" + }, + "groupId": { + "description": "Group identifier in the Azure SAML identification process.\n", + "type": "string" + }, + "groupName": { + "description": "Group name.\n", + "type": "string" + }, + "lastModified": { + "description": "Datetime when the group was created or last modified.\n", + "format": "date-time", + "type": "string" + }, + "ldapGroup": { + "description": "Indicates if the group is an LDAP group (true) or not (false).\n", + "type": "boolean" + }, + "oauthGroup": { + "description": "Indicates if the group is an OAuth group (true) or not (false).\n", + "type": "boolean" + }, + "oidcGroup": { + "description": "Indicates if the group is an OpenID Connect group (true) or not (false).\n", + "type": "boolean" + }, + "owner": { + "description": "User who created or modified the group.\n", + "type": "string" + }, + "permissions": { + "$ref": "#/components/schemas/api.Permissions" + }, + "role": { + "description": "Role of the group.\n", + "type": "string" + }, + "samlGroup": { + "description": "Indicates if the group is a SAML group (true) or not (false).\n", + "type": "boolean" + }, + "user": { + "description": "Users in the group.\n", + "items": { + "$ref": "#/components/schemas/shared.User" + }, + "type": "array" + } + }, + "type": "object" + }, + "types.Groups": { + "description": "Groups represents a list of groups", + "items": { + "$ref": "#/components/schemas/types.Group" + }, + "type": "array" + }, + "types.HPKPSettings": { + "description": "HPKPSettings represents the public key pinning settings", + "properties": { + "certs": { + "description": "Certs are the public certs used for fingerprinting.\n", + "type": "string" + }, + "enabled": { + "description": ".\n", + "type": "boolean" + }, + "fingerprints": { + "description": "SHA256 fingerprints of the certificates.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + "type": "object" + }, + "types.HostAssetInfo": { + "properties": { + "accountID": { + "description": ".\n", + "type": "string" + }, + "cluster": { + "description": ".\n", + "type": "string" + }, + "collections": { + "description": "Collections to which this result applies.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "distro": { + "description": ".\n", + "type": "string" + }, + "docker": { + "description": ".\n", + "type": "string" + }, + "kubernetes": { + "description": ".\n", + "type": "string" + }, + "lastScanTime": { + "description": ".\n", + "format": "date-time", + "type": "string" + }, + "name": { + "description": ".\n", + "type": "string" + }, + "osDistro": { + "description": ".\n", + "type": "string" + }, + "osRelease": { + "description": ".\n", + "type": "string" + }, + "provider": { + "$ref": "#/components/schemas/common.CloudProvider" + }, + "region": { + "description": ".\n", + "type": "string" + }, + "resourceName": { + "description": ".\n", + "type": "string" + }, + "scanPassed": { + "description": ".\n", + "type": "boolean" + }, + "scannedBy": { + "description": ".\n", + "type": "string" + }, + "stage": { + "description": ".\n", + "type": "string" + }, + "vmImage": { + "description": ".\n", + "type": "string" + } + }, + "type": "object" + }, + "types.HostAssetsSummary": { + "properties": { + "cloudProviders": { + "$ref": "#/components/schemas/types.CloudProviders" + }, + "total": { + "description": ".\n", + "type": "integer" + }, + "vulnerable": { + "description": "Vulnerable is the number of images with impactful vulnerabilities.\n", + "type": "integer" + } + }, + "type": "object" + }, + "types.HostAutoDeploySpecStatus": { + "description": "HostAutoDeploySpecStatus contains the discovery and deployment status for a particular host auto-deploy spec", + "properties": { + "defended": { + "description": "Defended is the number of already defended VMs.\n", + "type": "integer" + }, + "discovered": { + "description": "Discovered is the number of discovered unprodected VMs.\n", + "type": "integer" + }, + "error": { + "description": "Error is an error logged during the the auto-deploy scan (if occurred).\n", + "type": "string" + }, + "errors": { + "description": "Errors are the errors occurred in the command invocations.\n", + "items": { + "$ref": "#/components/schemas/deployment.CommandError" + }, + "type": "array" + }, + "failed": { + "description": "Failed is the number of instances where deployment failed.\n", + "type": "integer" + }, + "missingPermissions": { + "description": "MissingPermissions is the number of instances in regions that the credential don't have permissions to them.\n", + "type": "integer" + }, + "name": { + "description": "Name is the spec name.\n", + "type": "string" + }, + "skipped": { + "description": "Skipped is the number of instances that the deployment was skipped for due to having a running Docker engine or being a worker node in a k8s cluster.\n", + "type": "integer" + }, + "unmatched": { + "description": "Unmatched is the number of discovered instances for which the scope does not apply.\n", + "type": "integer" + }, + "unsupported": { + "description": "Unsupported is the number of instances with missing prerequisites.\n", + "type": "integer" + }, + "windows": { + "description": "Windows is the number of windows instances discovered.\n", + "type": "integer" + } + }, + "type": "object" + }, + "types.HostAutoDeployStatus": { + "description": "HostAutoDeployStatus is the status of the deployment tasks per spec during the host auto-deploy action", + "properties": { + "scanning": { + "description": "Scanning indicates whether scanning is running.\n", + "type": "boolean" + }, + "status": { + "description": "Status contains the deploy status for each spec.\n", + "items": { + "$ref": "#/components/schemas/types.HostAutoDeploySpecStatus" + }, + "type": "array" + } + }, + "type": "object" + }, + "types.HostRadarData": { + "description": "HostRadarData represent all data relevant to the network radar", + "properties": { + "hostCount": { + "description": "HostCount is the total number of hosts.\n", + "type": "integer" + }, + "radar": { + "description": "Radar holds all radar entities.\n", + "items": { + "$ref": "#/components/schemas/types.HostRadarEntity" + }, + "type": "array" + }, + "radarSubnets": { + "description": "RadarSubnets holds all the radar subnets.\n", + "items": { + "$ref": "#/components/schemas/cnnf.NetworkEntity" + }, + "type": "array" + } + }, + "type": "object" + }, + "types.HostRadarEntity": { + "description": "HostRadarEntity is the extended host radar entity (include presentation metadata)", + "properties": { + "OSDistro": { + "description": "OSDistro is the OS distro name (e.g., ubuntu).\n", + "type": "string" + }, + "_id": { + "description": "ID is the host name.\n", + "type": "string" + }, + "activitiesCount": { + "description": "ActivitiesCount is the number of activities detected in the host.\n", + "type": "integer" + }, + "agentless": { + "description": "Agentless indicates whether this host was scanned by the agentless scanner.\n", + "type": "boolean" + }, + "allowAll": { + "$ref": "#/components/schemas/cnnf.AllowAllConnections" + }, + "appFirewallAttackCounts": { + "description": "AppFirewallAttackCounts is the counts for the app firewall attacks.\n", + "items": { + "$ref": "#/components/schemas/types.AppFirewallAttackCount" + }, + "type": "array" + }, + "cloudMetadata": { + "$ref": "#/components/schemas/common.CloudMetadata" + }, + "cluster": { + "description": "Cluster is the cluster the host is deployed on.\n", + "type": "string" + }, + "complianceDistribution": { + "$ref": "#/components/schemas/vuln.Distribution" + }, + "created": { + "description": "Created is the profile creation time.\n", + "format": "date-time", + "type": "string" + }, + "fileIntegrityCount": { + "description": "FileIntegrityCount is the number of file integrity events detected in the host.\n", + "type": "integer" + }, + "filesystemCount": { + "description": "FilesystemCount is number of filesystem events triggered by the entity.\n", + "type": "integer" + }, + "firewallProtection": { + "$ref": "#/components/schemas/waas.ProtectionStatus" + }, + "geoip": { + "$ref": "#/components/schemas/runtime.ProfileNetworkGeoIP" + }, + "incidentCount": { + "description": "IncidentCount is the number of incidents triggered by the entity.\n", + "type": "integer" + }, + "incoming": { + "description": "Incoming are the incoming connections from the host.\n", + "items": { + "$ref": "#/components/schemas/shared.HostRadarIncomingConnection" + }, + "type": "array" + }, + "internet": { + "$ref": "#/components/schemas/shared.InternetConnections" + }, + "labels": { + "description": "Labels are the labels associated with the profile.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "listeningPorts": { + "$ref": "#/components/schemas/common.ProfilePortData" + }, + "logInspectionCount": { + "description": "LogInspectionCount is the number of log inspection events detected in the host.\n", + "type": "integer" + }, + "networkCount": { + "description": "NetworkCount is number of network events triggered by the entity.\n", + "type": "integer" + }, + "outboundPorts": { + "$ref": "#/components/schemas/common.ProfilePortData" + }, + "processesCount": { + "description": "ProcessesCount is the number of processes events triggered by the entity.\n", + "type": "integer" + }, + "profileHash": { + "$ref": "#/components/schemas/common.ProfileHash" + }, + "subnetConnections": { + "$ref": "#/components/schemas/shared.SubnetConnections" + }, + "vulnerabilityDistribution": { + "$ref": "#/components/schemas/vuln.Distribution" + }, + "waasStats": { + "$ref": "#/components/schemas/waas.MonitoringStats" + } + }, + "type": "object" + }, + "types.ImageAssetInfo": { + "properties": { + "collections": { + "description": "Collections to which this result applies.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "digest": { + "description": ".\n", + "type": "string" + }, + "distro": { + "description": ".\n", + "type": "string" + }, + "imageID": { + "description": ".\n", + "type": "string" + }, + "lastScanTime": { + "description": ".\n", + "format": "date-time", + "type": "string" + }, + "name": { + "description": ".\n", + "type": "string" + }, + "osDistro": { + "description": ".\n", + "type": "string" + }, + "osRelease": { + "description": ".\n", + "type": "string" + }, + "registry": { + "description": ".\n", + "type": "string" + }, + "repository": { + "description": ".\n", + "type": "string" + }, + "scanPassed": { + "description": ".\n", + "type": "boolean" + }, + "scannedBy": { + "description": ".\n", + "type": "string" + }, + "stage": { + "description": ".\n", + "type": "string" + } + }, + "type": "object" + }, + "types.ImageAssetsSummary": { + "properties": { + "cloudProviders": { + "$ref": "#/components/schemas/types.CloudProviders" + }, + "stages": { + "$ref": "#/components/schemas/types.Stages" + }, + "vulnerable": { + "description": "Vulnerable is the number of images with impactful vulnerabilities.\n", + "type": "integer" + } + }, + "type": "object" + }, + "types.ImageScanOptions": { + "description": "ImageScanOptions holds the options for image scanning", + "properties": { + "hostname": { + "description": "Hostname is the optional host name to scan.\n", + "type": "string" + }, + "imageTag": { + "$ref": "#/components/schemas/shared.ImageTag" + } + }, + "type": "object" + }, + "types.ImpactedContainer": { + "description": "ImpactedContainer contains details of a running container with an impacted image", + "properties": { + "container": { + "description": ".\n", + "type": "string" + }, + "factors": { + "$ref": "#/components/schemas/types.RiskScoreFactors" + }, + "host": { + "description": ".\n", + "type": "string" + }, + "image": { + "description": ".\n", + "type": "string" + }, + "imageID": { + "description": ".\n", + "type": "string" + }, + "namespace": { + "description": ".\n", + "type": "string" + } + }, + "type": "object" + }, + "types.ImpactedOutOfBandEntity": { + "description": "ImpactedOutOfBandEntity holds the info of an impacted out of band entity", + "properties": { + "containerName": { + "description": "ContainerName is the name of the container or empty for host.\n", + "type": "string" + }, + "hostname": { + "description": "Hostname is the name of the host that was scanned or host on which the container is deployed.\n", + "type": "string" + }, + "image": { + "description": "Image is the image name of the container or empty for host.\n", + "type": "string" + } + }, + "type": "object" + }, + "types.ImpactedPackage": { + "description": "ImpactedPackage holds the vulnerability details for a package", + "properties": { + "cvss": { + "description": "CVSS is the vulnerability cvss score for this package.\n", + "format": "float", + "type": "number" + }, + "package": { + "description": "Package is the impacted package name and version.\n", + "type": "string" + }, + "severity": { + "description": "Severity is the vulnerability severity for this package.\n", + "type": "string" + } + }, + "type": "object" + }, + "types.ImpactedResourceDetails": { + "description": "ImpactedResourceDetails holds the vulnerability details for a specific impacted resource", + "properties": { + "containers": { + "description": "Containers are the running containers of this image found in the environment.\n", + "items": { + "$ref": "#/components/schemas/types.ImpactedContainer" + }, + "type": "array" + }, + "functionDetails": { + "description": "FunctionDetails is a formatted string holding function details.\n", + "type": "string" + }, + "packages": { + "description": "Packages holds vulnerability details per impacted package found in this resource.\n", + "items": { + "$ref": "#/components/schemas/types.ImpactedPackage" + }, + "type": "array" + }, + "resourceID": { + "description": "ResourceID is a resource identifier (e.g. image ID, hostname).\n", + "type": "string" + } + }, + "type": "object" + }, + "types.IntelligenceStatus": { + "description": "IntelligenceStatus stores the status on the intelligence service", + "properties": { + "connected": { + "description": ".\n", + "type": "boolean" + }, + "err": { + "description": ".\n", + "type": "string" + }, + "lastUpdate": { + "description": ".\n", + "format": "date-time", + "type": "string" + }, + "modified": { + "description": ".\n", + "format": "date-time", + "type": "string" + } + }, + "type": "object" + }, + "types.IssueType": { + "description": "IssueType is used to filter scan results by issue type", + "enum": [ + [ + "vulnerabilities", + "compliance", + "" + ] + ], + "type": "string" + }, + "types.LatestVersion": { + "description": "LatestVersion represents the latest remote product version", + "properties": { + "latestVersion": { + "description": "LatestVersion is the latest official product version.\n", + "type": "string" + } + }, + "type": "object" + }, + "types.LicenseStats": { + "description": "LicenseStats holds the console license stats", + "properties": { + "avg": { + "description": "Avg is the average number of credits.\n", + "format": "double", + "type": "number" + }, + "containerDefenders": { + "description": "ContainerDefenders is the total number of container defenders.\n", + "type": "integer" + }, + "dailySamplesDefenders": { + "description": "DailySamplesDefenders holds the last 30 daily credits averages.\n", + "items": { + "$ref": "#/components/schemas/float64" + }, + "type": "array" + }, + "exceeded": { + "description": "Exceeded indicates the number of credits exceeded license.\n", + "type": "boolean" + }, + "hostDefenders": { + "description": "HostDefenders is the total number of host defenders.\n", + "type": "integer" + }, + "hourAvg": { + "description": "HourAvg is the average number of credits per hour.\n", + "format": "double", + "type": "number" + }, + "hourSamples": { + "description": "HourSamples is the number of hourly samples collected.\n", + "format": "double", + "type": "number" + }, + "monthlyUsage": { + "description": "MonthlyUsage holds the last 24 monthly usage averages.\n", + "items": { + "$ref": "#/components/schemas/types.AllDefendersUsage" + }, + "type": "array" + }, + "msg": { + "description": "Msg is the license exceeded error/warning message to show.\n", + "type": "string" + }, + "onDemandCredits": { + "description": "OnDemandCredits is the number of on demand credits used during the current contract.\n", + "type": "integer" + }, + "protectedFunctions": { + "description": "ProtectedFunctions is the number of serverless functions that have a defender installed.\n", + "format": "double", + "type": "number" + }, + "scannedFunctions": { + "description": "ScannedFunctions is the number functions being scanned for vulnerabilities and compliance issues without a defender installed.\n", + "format": "double", + "type": "number" + }, + "serverlessTimestamp": { + "description": "ServerlessTimestamp is the timestamp for the last serverless credit calculation.\n", + "format": "date-time", + "type": "string" + }, + "timestamp": { + "description": "Timestamp is the last collection timestamp.\n", + "format": "date-time", + "type": "string" + }, + "totalCreditUsage": { + "description": "TotalCreditUsage is the total amount of credits used from the beginning of the current contract.\n", + "type": "integer" + } + }, + "type": "object" + }, + "types.LogUploadResponse": { + "description": "LogUploadResponse returns the result of uploading a file to the intelligence", + "properties": { + "remotePath": { + "description": "Path returned by the intelligence.\n", + "type": "string" + } + }, + "type": "object" + }, + "types.LogonSettings": { + "description": "LogonSettings are settings associated with the login properties", + "properties": { + "basicAuthDisabled": { + "description": "Indicates whether the user can use basic auth.\n", + "type": "boolean" + }, + "includeTLS": { + "description": "IncludeTLS indicates that TLS checks should be included in copy links.\n", + "type": "boolean" + }, + "sessionTimeoutSec": { + "description": "SessionTimeoutSec defines the session timeout in seconds.\n", + "format": "int64", + "type": "integer" + }, + "strongPassword": { + "description": "StrongPassword indicates whether strong password enforcement is applied.\n", + "type": "boolean" + }, + "useSupportCredentials": { + "description": "UseSupportCredentials indicates whether to include credentials in the URL.\n", + "type": "boolean" + } + }, + "type": "object" + }, + "types.MgmtAuditFilters": { + "description": "MgmtAuditFilters are filters for management audit queries", + "properties": { + "type": { + "description": "Type is the management audit type filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "username": { + "description": "Usernames is a filter for specific users.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + "type": "object" + }, + "types.NetworkFirewallStats": { + "description": "NetworkFirewallStats stores the total amount of network firewall audits", + "properties": { + "alerted": { + "description": ".\n", + "type": "integer" + }, + "blocked": { + "description": ".\n", + "type": "integer" + } + }, + "type": "object" + }, + "types.OperationalStatusDetail": { + "properties": { + "reason": { + "description": ".\n", + "type": "string" + }, + "title": { + "description": ".\n", + "type": "string" + } + }, + "type": "object" + }, + "types.ProfileStateUpdate": { + "description": "ProfileStateUpdate is the request for updating profile state", + "properties": { + "profileID": { + "description": "ID is the profile ID to relearn.\n", + "type": "string" + }, + "state": { + "$ref": "#/components/schemas/shared.RuntimeProfileState" + } + }, + "type": "object" + }, + "types.Project": { + "description": "Project represent the project details", + "properties": { + "_id": { + "description": "ID is the project name (primary index).\n", + "type": "string" + }, + "address": { + "description": "Address is the project address.\n", + "type": "string" + }, + "ca": { + "description": "CACertificate is the remote console CA certificate.\n", + "items": { + "$ref": "#/components/schemas/byte" + }, + "type": "array" + }, + "creationTime": { + "description": "CreationTime is the remote project creation time.\n", + "format": "date-time", + "type": "string" + }, + "err": { + "description": "Err are errors that happened during project synchronization / setup.\n", + "type": "string" + }, + "password": { + "$ref": "#/components/schemas/common.Secret" + }, + "skipCertificateVerification": { + "description": "SkipCertificateVerification indicates that the connection to the secondary project is done on insecure channel, this is used when secondary\nproject is behind a proxy or when customer is using custom certs.\n", + "type": "boolean" + }, + "username": { + "description": "Username is the remote project username.\n", + "type": "string" + } + }, + "type": "object" + }, + "types.ProjectCredentials": { + "description": "ProjectCredentials are the supervisor project credentials", + "properties": { + "password": { + "description": "Password is the password used for the deleted project access.\n", + "type": "string" + }, + "user": { + "description": "User is the user used for the deleted project access.\n", + "type": "string" + } + }, + "type": "object" + }, + "types.RegistryWebhookRequest": { + "description": "RegistryWebhookRequest is a registry scanning webhook request.\nSchema supports multiple webhook providers:\nhttps://docs.docker.com/docker-hub/webhooks/\nhttps://docs.docker.com/registry/notifications/", + "properties": { + "action": { + "description": "Action is the webhook action.\n", + "type": "string" + }, + "artifactory": { + "$ref": "#/components/schemas/types.ArtifactoryWebhookRequest" + }, + "domain": { + "description": "Domain indicates the artifactory webhook domain (e.g., artifact, docker, build, etc). Used to avoid filter docker events.\n", + "type": "string" + }, + "event_type": { + "description": "EventType is the artifactory webhook action performed (e.g., push).\n", + "type": "string" + }, + "type": { + "description": "Type is the event type (Harbor registry).\n", + "type": "string" + } + }, + "type": "object" + }, + "types.RelatedImage": { + "properties": { + "name": { + "description": ".\n", + "type": "string" + }, + "scanStatus": { + "description": ".\n", + "type": "boolean" + }, + "uaiID": { + "description": ".\n", + "type": "string" + } + }, + "type": "object" + }, + "types.RelatedImages": { + "properties": { + "build": { + "description": ".\n", + "items": { + "$ref": "#/components/schemas/types.RelatedImage" + }, + "type": "array" + }, + "deploy": { + "description": ".\n", + "items": { + "$ref": "#/components/schemas/types.RelatedImage" + }, + "type": "array" + }, + "run": { + "description": ".\n", + "items": { + "$ref": "#/components/schemas/types.RelatedImage" + }, + "type": "array" + } + }, + "type": "object" + }, + "types.ResourceVulnerabilityStats": { + "description": "ResourceVulnerabilityStats holds vulnerability stats of a single resource type", + "properties": { + "count": { + "description": "Count is the total number of vulnerabilities.\n", + "type": "integer" + }, + "cves": { + "$ref": "#/components/schemas/vuln.Distribution" + }, + "impacted": { + "$ref": "#/components/schemas/vuln.Distribution" + }, + "vulnerabilities": { + "description": "All resource vulnerabilities.\n", + "items": { + "$ref": "#/components/schemas/types.VulnerabilityInfo" + }, + "type": "array" + } + }, + "type": "object" + }, + "types.RiskScoreFactors": { + "description": "RiskScoreFactors holds factors used to calculate risk score", + "properties": { + "envVarSecrets": { + "description": "EnvVarSecrets indicates whether a container has access to secrets via environment variables.\n", + "type": "boolean" + }, + "hostAccess": { + "description": "HostAccess indicates whether a container has access to the host network or namespace.\n", + "type": "boolean" + }, + "internet": { + "description": "Internet indicates whether a container has internet access.\n", + "type": "boolean" + }, + "network": { + "description": "Network indicates whether a container is listening to ports.\n", + "type": "boolean" + }, + "noSecurityProfile": { + "description": "NoSecurityProfile indicates whether a container has security profile issue.\n", + "type": "boolean" + }, + "privilegedContainer": { + "description": "PrivilegedContainer indicates whether a container runs using the --privileged flag.\n", + "type": "boolean" + }, + "rootMount": { + "description": "RootMount indicates whether a container has access to the host file system using a root mount.\n", + "type": "boolean" + }, + "rootPrivilege": { + "description": "RootPrivilege indicates whether a container runs as root.\n", + "type": "boolean" + }, + "runtimeSocket": { + "description": "RuntimeSocket indicates whether a container has the runtime socket mounted.\n", + "type": "boolean" + } + }, + "type": "object" + }, + "types.RuleComplianceStats": { + "description": "RuleComplianceStats holds data regarding applied compliance rule", + "properties": { + "failed": { + "description": "Failed is the count of the rule compliance IDs in resources.\n", + "type": "integer" + }, + "name": { + "description": "Name is the name of the applied rule.\n", + "type": "string" + }, + "policyType": { + "$ref": "#/components/schemas/common.PolicyType" + }, + "total": { + "description": "Total is the count of evaluations done by rule.\n", + "type": "integer" + } + }, + "type": "object" + }, + "types.RuntimeStats": { + "description": "RuntimeStats are stats for runtime flows (sum of audits per flow)", + "properties": { + "filesystem": { + "description": ".\n", + "type": "integer" + }, + "kubernetes": { + "description": ".\n", + "type": "integer" + }, + "network": { + "description": ".\n", + "type": "integer" + }, + "processes": { + "description": ".\n", + "type": "integer" + } + }, + "type": "object" + }, + "types.SecretsStatus": { + "description": "SecretsStatus holds the update status for the secrets", + "properties": { + "err": { + "description": ".\n", + "type": "string" + }, + "lastUpdate": { + "description": ".\n", + "format": "date-time", + "type": "string" + } + }, + "type": "object" + }, + "types.SecurityAdvisorConfiguration": { + "description": "SecurityAdvisorConfiguration is the security configuration associated with security advisor", + "properties": { + "accountID": { + "description": "AccountID is the customer account ID.\n", + "type": "string" + }, + "apikey": { + "description": "APIKey is the security advisor secret.\n", + "type": "string" + }, + "findingsURL": { + "description": "FindingsURL is the url to which findings should be sent.\n", + "type": "string" + }, + "providerId": { + "description": "ProviderID is the id assigned to Twistlock.\n", + "type": "string" + }, + "tokenURL": { + "description": "TokenURL is the url from which token should be fetched.\n", + "type": "string" + } + }, + "type": "object" + }, + "types.SecurityAdvisorDashboardResp": { + "description": "SecurityAdvisorDashboardResp is the response to security advisor dashboard", + "properties": { + "url": { + "description": "URL is the console URL link.\n", + "type": "string" + } + }, + "type": "object" + }, + "types.SecurityAdvisorNotes": { + "description": "SecurityAdvisorNotes security advisor the security advisor finding metadata", + "properties": { + "changedSince": { + "description": "ChangedSince is the last time entries were modified.\n", + "type": "string" + } + }, + "type": "object" + }, + "types.ServerlessAutoDeploySpecStatus": { + "description": "ServerlessAutoDeploySpecStatus contains status for a particular serverless auto-deploy spec", + "properties": { + "defended": { + "description": "Defended is the number of already defended functions.\n", + "type": "integer" + }, + "discovered": { + "description": "Discovered is the number of functions to protect.\n", + "type": "integer" + }, + "name": { + "description": "Name is the spec name.\n", + "type": "string" + } + }, + "type": "object" + }, + "types.ServerlessAutoDeployStatus": { + "description": "ServerlessAutoDeployStatus is the status of the serverless auto-deploy scan", + "properties": { + "errors": { + "description": "Errors is the collection of errors for the auto-deploy scan.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "scanning": { + "description": "Scanning indicates whether scanning is running.\n", + "type": "boolean" + }, + "specs": { + "description": "Specs contains the status for each spec.\n", + "items": { + "$ref": "#/components/schemas/types.ServerlessAutoDeploySpecStatus" + }, + "type": "array" + } + }, + "type": "object" + }, + "types.ServerlessRadarStatus": { + "description": "ServerlessRadarStatus holds the status for serverless radar scans", + "properties": { + "err": { + "description": ".\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + "type": "object" + }, + "types.ServerlessUsage": { + "description": "ServerlessUsage holds the number of defenders, invocations and credits used for serverless defenders", + "properties": { + "creditCount": { + "description": "CreditCount is credits that was used for this defender type.\n", + "format": "double", + "type": "number" + }, + "defendersCount": { + "description": "DefendersCount is the number of defenders that was used for this defender type.\n", + "format": "double", + "type": "number" + }, + "protectedFunctions": { + "description": "ProtectedFunctions is the number of serverless functions that have a defender installed.\n", + "format": "double", + "type": "number" + }, + "scannedFunctions": { + "description": "ScannedFunctions is the number functions being scanned for vulnerabilities and compliance issues without a defender installed.\n", + "format": "double", + "type": "number" + } + }, + "type": "object" + }, + "types.Settings": { + "description": "Settings are the global system settings", + "properties": { + "WAASLogScrubbingSpecs": { + "$ref": "#/components/schemas/waas.SensitiveDataSpecs" + }, + "accessCaCert": { + "description": "AccessCACert is a custom CA certificate.\n", + "type": "string" + }, + "address": { + "description": "Address is the intelligence service address.\n", + "type": "string" + }, + "alerts": { + "$ref": "#/components/schemas/api.AlertSettings" + }, + "certSettings": { + "$ref": "#/components/schemas/types.CertSettings" + }, + "certificatePeriodDays": { + "description": "ClientCertificatePeriodDays is the certificates period in days of client certificates.\n", + "type": "integer" + }, + "checkRevocation": { + "description": "CheckRevocation indicates whether cert revocation status is required.\n", + "type": "boolean" + }, + "clusteredDB": { + "$ref": "#/components/schemas/clustereddb.Settings" + }, + "communicationPort": { + "description": "MgmtPortHTTP is the Console HTTP port.\n", + "type": "integer" + }, + "consoleCaCert": { + "description": "ConsoleCACert is a custom CA certificate for the console.\n", + "type": "string" + }, + "consoleCustomCert": { + "$ref": "#/components/schemas/common.Secret" + }, + "consoleNames": { + "description": "ConsoleNames is a list of names to use when generating the console SAN certificate.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "credentialsCountLimit": { + "description": "CredentialsCountLimit is the maximum amount of allowed credentials.\n", + "type": "integer" + }, + "csaAPairingSettings": { + "$ref": "#/components/schemas/types.CSAPairingSettings" + }, + "customEndpoint": { + "description": "CustomEndpoint is the user defined custom endpoint.\n", + "type": "string" + }, + "customEndpointCACert": { + "description": "CustomEndpointCACert is the custom CA cert bundle for trusting the custom endpoint.\n", + "type": "string" + }, + "customEndpointCredentialID": { + "description": "CustomEndpointCredentialID is the custom endpoint credential ID.\n", + "type": "string" + }, + "customEndpointEnabled": { + "description": "CustomEndpointEnabled indicates that the user custom endpoint is enabled.\n", + "type": "boolean" + }, + "customLabels": { + "$ref": "#/components/schemas/shared.CustomLabelsSettings" + }, + "defenderSettings": { + "$ref": "#/components/schemas/defender.Settings" + }, + "enabled": { + "description": "Enabled indicates whether intelligence service is enabled.\n", + "type": "boolean" + }, + "fipsEnabled": { + "description": "FIPSEnabled indicates whether FIPS-compliant cryptography is enforced.\n", + "type": "boolean" + }, + "forensic": { + "$ref": "#/components/schemas/shared.ForensicSettings" + }, + "hasAdmin": { + "description": "HasAdmin indicates whether the admin account is initialized.\n", + "type": "boolean" + }, + "hostAutoDeploy": { + "$ref": "#/components/schemas/shared.HostAutoDeploySpecifications" + }, + "hpkp": { + "$ref": "#/components/schemas/types.HPKPSettings" + }, + "identitySettings": { + "$ref": "#/components/schemas/identity.Settings" + }, + "ldapEnabled": { + "description": "LdapEnabled indicates whether ldap is enabled.\n", + "type": "boolean" + }, + "licenseKey": { + "description": "LicenseKey is the license key.\n", + "type": "string" + }, + "logging": { + "$ref": "#/components/schemas/shared.LoggingSettings" + }, + "logon": { + "$ref": "#/components/schemas/types.LogonSettings" + }, + "oauthEnabled": { + "description": "OauthEnabled indicates whether Oauth is enabled.\n", + "type": "boolean" + }, + "oidcEnabled": { + "description": "OidcEnabled indicates whether OpenID connect is enabled.\n", + "type": "boolean" + }, + "projects": { + "$ref": "#/components/schemas/api.ProjectSettings" + }, + "proxy": { + "$ref": "#/components/schemas/common.ProxySettings" + }, + "registry": { + "$ref": "#/components/schemas/shared.RegistrySettings" + }, + "runtimeSecretScrubbingSettings": { + "$ref": "#/components/schemas/shared.RuntimeSecretScrubbingSettings" + }, + "samlEnabled": { + "description": "SamlEnabled indicates whether saml is enabled.\n", + "type": "boolean" + }, + "scan": { + "$ref": "#/components/schemas/shared.ScanSettings" + }, + "secretsStores": { + "$ref": "#/components/schemas/shared.SecretsStores" + }, + "securedConsolePort": { + "description": "MgmtPortHTTPS is the Console HTTPS port.\n", + "type": "integer" + }, + "serverlessAutoDeploy": { + "$ref": "#/components/schemas/shared.ServerlessAutoDeploySpecifications" + }, + "tasDroplets": { + "description": "TASDropletsSpecification is the TAS droplets scanning settings.\n", + "items": { + "$ref": "#/components/schemas/shared.TASDropletSpecification" + }, + "type": "array" + }, + "telemetry": { + "$ref": "#/components/schemas/types.TelemetrySettings" + }, + "token": { + "description": "Token is the token used to access intelligence service.\n", + "type": "string" + }, + "trustedCerts": { + "description": "TrustedCerts is the list of trusted cert to allow in docker access scenarios.\n", + "items": { + "$ref": "#/components/schemas/shared.TrustedCertSignature" + }, + "type": "array" + }, + "trustedCertsEnabled": { + "description": "TrustedCertsEnabled indicates whether to enable the trusted certificate feature.\n", + "type": "boolean" + }, + "uploadDisabled": { + "description": "UploadDisabled indicates whether logs uploading is disabled.\n", + "type": "boolean" + }, + "version": { + "description": "Version is the current console version.\n", + "type": "string" + }, + "vms": { + "$ref": "#/components/schemas/shared.VMSpecifications" + }, + "webAppsDiscoverySettings": { + "$ref": "#/components/schemas/waas.WebAppsDiscoverySettings" + }, + "wildFireSettings": { + "$ref": "#/components/schemas/shared.WildFireSettings" + }, + "windowsFeedEnabled": { + "description": "WindowsFeedEnabled indicates whether windows feed is enabled.\n", + "type": "boolean" + } + }, + "type": "object" + }, + "types.Stages": { + "properties": { + "build": { + "description": "Build is the count of CI scan.\n", + "type": "integer" + }, + "deploy": { + "description": "Deploy is the count of registry Images.\n", + "type": "integer" + }, + "run": { + "description": "Run is the count of deployed Images.\n", + "type": "integer" + } + }, + "type": "object" + }, + "types.Stats": { + "description": "Stats represents the status model that is stored in the DB", + "properties": { + "AgentlessAppFirewall": { + "$ref": "#/components/schemas/types.AppFirewallStats" + }, + "_id": { + "description": "ID is the metric type.\n", + "type": "string" + }, + "access": { + "$ref": "#/components/schemas/types.AccessStats" + }, + "appEmbeddedAppFirewall": { + "$ref": "#/components/schemas/types.AppFirewallStats" + }, + "container": { + "$ref": "#/components/schemas/types.RuntimeStats" + }, + "containerAppFirewall": { + "$ref": "#/components/schemas/types.AppFirewallStats" + }, + "containerNetworkFirewall": { + "$ref": "#/components/schemas/types.NetworkFirewallStats" + }, + "host": { + "$ref": "#/components/schemas/types.RuntimeStats" + }, + "hostAppFirewall": { + "$ref": "#/components/schemas/types.AppFirewallStats" + }, + "hostComplianceCount": { + "description": "HostComplianceCount is the host compliance count.\n", + "type": "integer" + }, + "hostNetworkFirewall": { + "$ref": "#/components/schemas/types.NetworkFirewallStats" + }, + "incidentsCount": { + "description": "IncidentsCount is the incidents count.\n", + "type": "integer" + }, + "serverless": { + "$ref": "#/components/schemas/types.RuntimeStats" + }, + "serverlessAppFirewall": { + "$ref": "#/components/schemas/types.AppFirewallStats" + }, + "time": { + "description": "UnixTimestamp is the unix timestamp.\n", + "format": "int64", + "type": "integer" + }, + "vulnerabilities": { + "$ref": "#/components/schemas/types.VulnerabilitiesStats" + } + }, + "type": "object" + }, + "types.Status": { + "description": "Status stores the status of a specific defender or for global features such as intelligence or LDAP", + "properties": { + "_id": { + "description": "ID is the defender identifier if the status is per defender or the type for global statuses.\n", + "type": "string" + }, + "appFirewall": { + "$ref": "#/components/schemas/defender.FeatureStatus" + }, + "container": { + "$ref": "#/components/schemas/defender.ScanStatus" + }, + "containerNetworkFirewall": { + "$ref": "#/components/schemas/defender.FeatureStatus" + }, + "features": { + "$ref": "#/components/schemas/defender.FeatureStatus" + }, + "filesystem": { + "$ref": "#/components/schemas/defender.FeatureStatus" + }, + "hostAutoDeploy": { + "$ref": "#/components/schemas/types.HostAutoDeployStatus" + }, + "hostCustomCompliance": { + "$ref": "#/components/schemas/defender.FeatureStatus" + }, + "hostNetworkFirewall": { + "$ref": "#/components/schemas/defender.FeatureStatus" + }, + "image": { + "$ref": "#/components/schemas/defender.ScanStatus" + }, + "intelligence": { + "$ref": "#/components/schemas/types.IntelligenceStatus" + }, + "lastModified": { + "description": "Datetime the status was last modified.\n", + "format": "date-time", + "type": "string" + }, + "network": { + "$ref": "#/components/schemas/defender.FeatureStatus" + }, + "outOfBandAppFirewall": { + "$ref": "#/components/schemas/defender.FeatureStatus" + }, + "process": { + "$ref": "#/components/schemas/defender.FeatureStatus" + }, + "runc": { + "$ref": "#/components/schemas/defender.FeatureStatus" + }, + "runtime": { + "$ref": "#/components/schemas/defender.FeatureStatus" + }, + "secrets": { + "$ref": "#/components/schemas/types.SecretsStatus" + }, + "serverlessAutoDeploy": { + "$ref": "#/components/schemas/types.ServerlessAutoDeployStatus" + }, + "serverlessRadar": { + "$ref": "#/components/schemas/types.ServerlessRadarStatus" + }, + "tasDroplets": { + "$ref": "#/components/schemas/defender.ScanStatus" + }, + "type": { + "$ref": "#/components/schemas/types.StatusType" + }, + "upgrade": { + "$ref": "#/components/schemas/defender.UpgradeStatus" + } + }, + "type": "object" + }, + "types.StatusType": { + "description": "StatusType holds the status of a given flow (defender/intelligence/etc...)\nTODO: Use type in shared.Status object", + "enum": [ + [ + "intelligence", + "secrets", + "serverlessRadar", + "serverlessAutoDeploy", + "hostAutoDeploy" + ] + ], + "type": "string" + }, + "types.Suggestions": { + "properties": { + "suggestions": { + "description": ".\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + "type": "object" + }, + "types.Tags": { + "properties": { + "endpoint_tags": { + "description": ".\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "server_tags": { + "description": ".\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + "type": "object" + }, + "types.TelemetrySettings": { + "description": "TelemetrySettings is the telemetry settings", + "properties": { + "enabled": { + "description": "Enabled determines whether the telemetry settings are enabled.\n", + "type": "boolean" + } + }, + "type": "object" + }, + "types.Trends": { + "description": "Trends contains data on global trends in the system", + "properties": { + "complianceTrend": { + "description": "ComplianceTrend represents the compliance trend.\n", + "items": { + "$ref": "#/components/schemas/types.ComplianceDailyStats" + }, + "type": "array" + }, + "defendersSummary": { + "additionalProperties": { + "$ref": "#/components/schemas/int" + }, + "description": "DefendersSummary represents the defenders count of each category.\n", + "type": "object" + }, + "vulnerabilitySummary": { + "$ref": "#/components/schemas/types.VulnerabilitySummary" + } + }, + "type": "object" + }, + "types.UserCollection": { + "description": "UserCollection holds general collection properties that are accessible to all users", + "properties": { + "color": { + "$ref": "#/components/schemas/common.Color" + }, + "name": { + "description": "Unique name associated with this collection.\n", + "type": "string" + } + }, + "type": "object" + }, + "types.UserPassword": { + "description": "UserPassword represents a new user password", + "properties": { + "newPassword": { + "description": "New password to assign to the user who is invoking the API.\n", + "type": "string" + }, + "oldPassword": { + "description": "User's existing password to replace.\n", + "type": "string" + } + }, + "type": "object" + }, + "types.UserPreferences": { + "description": "UserPreferences are the user global project reference that are persistent between versions", + "properties": { + "_id": { + "description": "User is the user name.\n", + "type": "string" + }, + "hideGuidedTour": { + "description": "HideGuidedTour indicates that guided tour should be hidden.\n", + "type": "boolean" + }, + "hideProjectDialog": { + "description": "HideProjectsDialog indicates the initial project selection dialog should be hidden.\n", + "type": "boolean" + }, + "waasRulesNotificationDismissed": { + "description": "WaasRulesNotificationDismiss indicates the time the user dismissed the waas added rules top bar.\n", + "format": "int64", + "type": "integer" + } + }, + "type": "object" + }, + "types.UserProject": { + "description": "UserProject holds general project properties that are accessible to all users", + "properties": { + "_id": { + "description": "ID is the project id.\n", + "type": "string" + }, + "address": { + "description": "Address is project address.\n", + "type": "string" + }, + "connected": { + "description": "Connected indicates if the project is currently disconnected due to an error.\n", + "type": "boolean" + }, + "creationTime": { + "description": "CreationTime is the project creation time.\n", + "format": "date-time", + "type": "string" + } + }, + "type": "object" + }, + "types.VulnImpactedResources": { + "description": "VulnImpactedResources holds details about the resources impacted by vulnerability", + "properties": { + "_id": { + "description": "ID is the CVE ID (index for the impacted resources).\n", + "type": "string" + }, + "functions": { + "description": "Functions is a map between function id to its details.\n", + "items": { + "$ref": "#/components/schemas/types.ImpactedResourceDetails" + }, + "type": "array" + }, + "functionsCount": { + "description": "FunctionsCount is the total impacted functions count.\n", + "type": "integer" + }, + "hosts": { + "description": "Hosts is the list of impacted hosts.\n", + "items": { + "$ref": "#/components/schemas/types.ImpactedResourceDetails" + }, + "type": "array" + }, + "hostsCount": { + "description": "HostsCount is the total impacted hosts count.\n", + "type": "integer" + }, + "images": { + "description": "Images is the list of impacted hosts.\n", + "items": { + "$ref": "#/components/schemas/types.ImpactedResourceDetails" + }, + "type": "array" + }, + "imagesCount": { + "description": "ImagesCount is the total impacted images count.\n", + "type": "integer" + }, + "registryImages": { + "description": "RegistryImages is a list of impacted registry images.\n", + "items": { + "$ref": "#/components/schemas/types.ImpactedResourceDetails" + }, + "type": "array" + }, + "registryImagesCount": { + "description": "RegistryImagesCount is the total impacted registry images count.\n", + "type": "integer" + } + }, + "type": "object" + }, + "types.VulnSummary": { + "properties": { + "highestCVSSScore": { + "description": ".\n", + "format": "float", + "type": "number" + }, + "vulnFunnel": { + "$ref": "#/components/schemas/vuln.Funnel" + } + }, + "type": "object" + }, + "types.VulnerabilitiesStats": { + "description": "VulnerabilitiesStats are measures the total number of vulnerabilities in a specific images", + "properties": { + "containerCompliance": { + "description": "ContainerCompliance is the sum of all compliance issues for all running containers.\n", + "type": "integer" + }, + "imageCompliance": { + "description": "ImageCompliance is the sum of all compliance issues of all running images.\n", + "type": "integer" + }, + "imageCve": { + "description": "ImageCVE is the sum of cve vulnerabilities of all running images.\n", + "type": "integer" + } + }, + "type": "object" + }, + "types.VulnerabilityInfo": { + "description": "VulnerabilityInfo holds information about vulnerability used for VulnerabilityExplorer", + "properties": { + "cve": { + "description": "CVE ID.\n", + "type": "string" + }, + "description": { + "description": "Vulnerability description.\n", + "type": "string" + }, + "exploits": { + "$ref": "#/components/schemas/vulnerability.Exploits" + }, + "highestCVSS": { + "description": "HighestCVSS is the highest CVSS score of the vulnerability.\n", + "format": "float", + "type": "number" + }, + "highestRiskFactors": { + "$ref": "#/components/schemas/types.RiskScoreFactors" + }, + "highestSeverity": { + "description": "HighestSeverity is the highest severity of the vulnerability.\n", + "type": "string" + }, + "impactedPkgs": { + "description": "Packages impacted by the vulnerability.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "impactedResourceType": { + "$ref": "#/components/schemas/vuln.ResourceType" + }, + "impactedResourcesCnt": { + "description": "Number of resources impacted by this vulnerability.\n", + "type": "integer" + }, + "link": { + "description": "Link to CVE.\n", + "type": "string" + }, + "riskFactors": { + "$ref": "#/components/schemas/vulnerability.RiskFactors" + }, + "riskScore": { + "description": "Risk score.\n", + "format": "float", + "type": "number" + }, + "status": { + "description": "CVE status.\n", + "type": "string" + } + }, + "type": "object" + }, + "types.VulnerabilityStats": { + "description": "VulnerabilityStats holds statistics about vulnerabilities issues", + "properties": { + "_id": { + "description": "ID of the vulnerability stats.\n", + "type": "string" + }, + "containers": { + "$ref": "#/components/schemas/types.ResourceVulnerabilityStats" + }, + "functions": { + "$ref": "#/components/schemas/types.ResourceVulnerabilityStats" + }, + "hosts": { + "$ref": "#/components/schemas/types.ResourceVulnerabilityStats" + }, + "images": { + "$ref": "#/components/schemas/types.ResourceVulnerabilityStats" + }, + "modified": { + "description": "Date/time when the entity was modified.\n", + "format": "date-time", + "type": "string" + }, + "registryImages": { + "$ref": "#/components/schemas/types.ResourceVulnerabilityStats" + } + }, + "type": "object" + }, + "types.VulnerabilitySummary": { + "description": "VulnerabilitySummary represents the stats of each impacted entity", + "properties": { + "containers": { + "$ref": "#/components/schemas/vuln.Distribution" + }, + "functions": { + "$ref": "#/components/schemas/vuln.Distribution" + }, + "hosts": { + "$ref": "#/components/schemas/vuln.Distribution" + }, + "images": { + "$ref": "#/components/schemas/vuln.Distribution" + }, + "registryImages": { + "$ref": "#/components/schemas/vuln.Distribution" + } + }, + "type": "object" + }, + "types.XSOARAlerts": { + "description": "XSOARAlerts is a list of XSOAR alerts", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "uint": { + "type": "integer" + }, + "uint32": { + "type": "integer" + }, + "uint64": { + "type": "integer" + }, + "uint8": { + "type": "integer" + }, + "vuln.AllCompliance": { + "description": "AllCompliance contains data regarding passed compliance checks", + "properties": { + "compliance": { + "description": "Compliance are all the passed compliance checks.\n", + "items": { + "$ref": "#/components/schemas/vuln.Vulnerability" + }, + "type": "array" + }, + "enabled": { + "description": "Enabled indicates whether passed compliance checks is enabled by policy.\n", + "type": "boolean" + } + }, + "type": "object" + }, + "vuln.Application": { + "description": "Application represents a detected application", + "properties": { + "installedFromPackage": { + "description": "Indicates that the app was installed as an OS package.\n", + "type": "boolean" + }, + "knownVulnerabilities": { + "description": "Total number of vulnerabilities for this application.\n", + "type": "integer" + }, + "layerTime": { + "description": "Image layer to which the application belongs - layer creation time.\n", + "format": "int64", + "type": "integer" + }, + "name": { + "description": "Name of the application.\n", + "type": "string" + }, + "originPackageName": { + "description": "OriginPackageName is the name of the app origin package.\n", + "type": "string" + }, + "path": { + "description": "Path of the detected application.\n", + "type": "string" + }, + "rpmModule": { + "description": "RPMModule represents the RPM module in which this application is included.\n", + "type": "string" + }, + "service": { + "description": "Service indicates whether the application is installed as a service.\n", + "type": "boolean" + }, + "version": { + "description": "Version of the application.\n", + "type": "string" + } + }, + "type": "object" + }, + "vuln.ComplianceCategory": { + "description": "ComplianceCategory represents the compliance category", + "enum": [ + [ + "Docker", + "Docker (DISA STIG)", + "Twistlock Labs", + "Custom", + "Istio", + "Linux", + "Kubernetes", + "CRI", + "OpenShift", + "Application Control", + "GKE", + "Prisma Cloud Labs", + "EKS", + "AKS" + ] + ], + "type": "string" + }, + "vuln.ComplianceTemplate": { + "description": "ComplianceTemplate represents the compliance template", + "enum": [ + [ + "PCI", + "HIPAA", + "NIST SP 800-190", + "GDPR", + "DISA STIG" + ] + ], + "type": "string" + }, + "vuln.Condition": { + "description": "Condition are extended options for vulnerability assessment in authorization flows", + "properties": { + "block": { + "description": "Specifies the effect. If true, the effect is block.\n", + "type": "boolean" + }, + "id": { + "description": "Vulnerability ID.\n", + "type": "integer" + } + }, + "type": "object" + }, + "vuln.CustomVulnerabilities": { + "description": "CustomVulnerabilities is a collection of custom vulnerabilities\nTBD: this storage usage is not best practice, should be migrate to a 1 document per vulnerability", + "properties": { + "_id": { + "description": "ID is the custom vulnerabilities feed ID.\n", + "type": "string" + }, + "digest": { + "description": "Digest is the internal custom vulnerabilities feed digest.\n", + "type": "string" + }, + "rules": { + "description": "Rules is the list of custom vulnerabilities rules.\n", + "items": { + "$ref": "#/components/schemas/vuln.CustomVulnerability" + }, + "type": "array" + } + }, + "type": "object" + }, + "vuln.CustomVulnerability": { + "description": "CustomVulnerability is a user customized vulnerability", + "properties": { + "_id": { + "description": ".\n", + "type": "string" + }, + "maxVersionInclusive": { + "description": ".\n", + "type": "string" + }, + "md5": { + "description": ".\n", + "type": "string" + }, + "minVersionInclusive": { + "description": ".\n", + "type": "string" + }, + "name": { + "description": ".\n", + "type": "string" + }, + "package": { + "description": ".\n", + "type": "string" + }, + "type": { + "$ref": "#/components/schemas/packages.Type" + } + }, + "type": "object" + }, + "vuln.Distribution": { + "description": "Distribution counts the number of vulnerabilities per type", + "properties": { + "critical": { + "description": ".\n", + "type": "integer" + }, + "high": { + "description": ".\n", + "type": "integer" + }, + "low": { + "description": ".\n", + "type": "integer" + }, + "medium": { + "description": ".\n", + "type": "integer" + }, + "total": { + "description": ".\n", + "type": "integer" + } + }, + "type": "object" + }, + "vuln.Effect": { + "description": "Effect specifies relevant action for a vulnerability", + "enum": [ + [ + "ignore", + "alert", + "block" + ] + ], + "type": "string" + }, + "vuln.ExpirationDate": { + "description": "ExpirationDate is the vulnerability expiration date", + "properties": { + "date": { + "description": "Date is the vulnerability expiration date.\n", + "format": "date-time", + "type": "string" + }, + "enabled": { + "description": "Enabled indicates that the grace period is enabled.\n", + "type": "boolean" + } + }, + "type": "object" + }, + "vuln.Funnel": { + "description": "Funnel is the vulnerability funnel", + "properties": { + "exploitable": { + "description": ".\n", + "type": "integer" + }, + "packageInUse": { + "description": ".\n", + "type": "integer" + }, + "patchable": { + "description": ".\n", + "type": "integer" + }, + "total": { + "description": ".\n", + "type": "integer" + }, + "urgent": { + "description": "Urgent is the number of critical and high CVEs.\n", + "type": "integer" + } + }, + "type": "object" + }, + "vuln.ResourceType": { + "description": "ResourceType represents the resource type", + "enum": [ + [ + "container", + "image", + "host", + "istio", + "vm", + "function", + "registryImage" + ] + ], + "type": "string" + }, + "vuln.Secret": { + "description": "Secret represents a secret found on the scanned workload", + "properties": { + "group": { + "description": "Group is a group name or ID of owner the file metadata containing the secret.\n", + "type": "string" + }, + "locationInFile": { + "description": "LocationInFile is the line and offset in the file where the secret was found.\n", + "type": "string" + }, + "metadataModifiedTime": { + "description": "MetadataModifiedTime is the modification time of the file metadata containing the secret.\n", + "format": "int64", + "type": "integer" + }, + "modifiedTime": { + "description": "ModifiedTime is the modification time of the file containing the secret.\n", + "format": "int64", + "type": "integer" + }, + "originalFileLocation": { + "description": ".\n", + "type": "string" + }, + "path": { + "description": "Path is the path of the file in which the secret was found.\n", + "type": "string" + }, + "permissions": { + "description": "Permissions are permission bits of the file metadata containing the secret.\n", + "type": "string" + }, + "secretID": { + "description": "SecretID is the SHA1 of the secret content.\n", + "type": "string" + }, + "size": { + "description": "Size is the size in bytes of the file in which the secret was found.\n", + "format": "int64", + "type": "integer" + }, + "snippet": { + "description": "Snippet is the partial plain secret.\n", + "type": "string" + }, + "type": { + "$ref": "#/components/schemas/vuln.SecretType" + }, + "user": { + "description": "User is a username or ID of owner the file metadata containing the secret.\n", + "type": "string" + } + }, + "type": "object" + }, + "vuln.SecretType": { + "description": "SecretType represents a secret type", + "enum": [ + [ + "AWS Access Key ID", + "AWS Secret Key", + "AWS MWS Auth Token", + "Azure Storage Account Access Key", + "Azure Service Principal", + "GCP Service Account Auth Key", + "Private Encryption Key", + "Public Encryption Key", + "PEM X509 Certificate Header", + "SSH Authorized Keys", + "Artifactory API Token", + "Artifactory Password", + "Basic Auth Credentials", + "Mailchimp Access Key", + "NPM Token", + "Slack Token", + "Slack Webhook", + "Square OAuth Secret", + "Notion Integration Token", + "Airtable API Key", + "Atlassian Oauth2 Keys", + "CircleCI Personal Token", + "Databricks Authentication Token", + "GitHub Token", + "GitLab Token", + "Google API key", + "Grafana Token", + "Python Package Index Key (PYPI)", + "Typeform API Token", + "Scalr Token", + "Braintree Access Token", + "Braintree Payments Key", + "Paypal Token Key", + "Braintree Payments ID", + "Datadog Client Token", + "ClickUp Personal API Token", + "OpenAI API Key", + "Java DB Connectivity (JDBC)", + "MongoDB", + ".Net SQL Server" + ] + ], + "type": "string" + }, + "vuln.TagInfo": { + "description": "TagInfo is the tag info in a specific vulnerability context", + "properties": { + "color": { + "$ref": "#/components/schemas/common.Color" + }, + "comment": { + "description": "Tag comment in a specific vulnerability context.\n", + "type": "string" + }, + "name": { + "description": "Name of the tag.\n", + "type": "string" + } + }, + "type": "object" + }, + "vuln.TagType": { + "description": "TagType specifies the resource type for tagging where the vulnerability is found. Use the wildcard `*` to apply the tag to all the resource types where the vulnerability is found", + "enum": [ + [ + "image", + "host", + "function", + "" + ] + ], + "type": "string" + }, + "vuln.Vulnerability": { + "description": "Vulnerability is a general schema for vulnerabilities (e.g., for compliance or packages)", + "properties": { + "applicableRules": { + "description": "Rules applied on the package.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "binaryPkgs": { + "description": "Names of the distro binary package names (packages which are built from the source of the package).\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "block": { + "description": "Indicates if the vulnerability has a block effect (true) or not (false).\n", + "type": "boolean" + }, + "cause": { + "description": "Additional information regarding the root cause for the vulnerability.\n", + "type": "string" + }, + "cri": { + "description": "Indicates if this is a CRI-specific vulnerability (true) or not (false).\n", + "type": "boolean" + }, + "custom": { + "description": "Indicates if the vulnerability is a custom vulnerability (e.g., openscap, sandbox) (true) or not (false).\n", + "type": "boolean" + }, + "cve": { + "description": "CVE ID of the vulnerability (if applied).\n", + "type": "string" + }, + "cvss": { + "description": "CVSS score of the vulnerability.\n", + "format": "float", + "type": "number" + }, + "description": { + "description": "Description of the vulnerability.\n", + "type": "string" + }, + "discovered": { + "description": "Specifies the time of discovery for the vulnerability.\n", + "format": "date-time", + "type": "string" + }, + "exploit": { + "$ref": "#/components/schemas/vulnerability.ExploitType" + }, + "exploits": { + "$ref": "#/components/schemas/vulnerability.Exploits" + }, + "fixDate": { + "description": "Date/time when the vulnerability was fixed (in Unix time).\n", + "format": "int64", + "type": "integer" + }, + "fixLink": { + "description": "Link to the vendor's fixed-version information.\n", + "type": "string" + }, + "functionLayer": { + "description": "Specifies the serverless layer ID in which the vulnerability was discovered.\n", + "type": "string" + }, + "gracePeriodDays": { + "description": "Number of grace days left for a vulnerability, based on the configured grace period. Nil if no block vulnerability rule applies.\n", + "type": "integer" + }, + "id": { + "description": "ID of the violation.\n", + "type": "integer" + }, + "isRPMModule": { + "description": "IsRPMModule indicates whether this vulnerability is specific to an RPM module.\n", + "type": "boolean" + }, + "layerTime": { + "description": "Date/time of the image layer to which the CVE belongs.\n", + "format": "int64", + "type": "integer" + }, + "link": { + "description": "Vendor link to the CVE.\n", + "type": "string" + }, + "packageName": { + "description": "Name of the package that caused the vulnerability.\n", + "type": "string" + }, + "packageType": { + "$ref": "#/components/schemas/packages.Type" + }, + "packageVersion": { + "description": "Version of the package that caused the vulnerability (or null).\n", + "type": "string" + }, + "published": { + "description": "Date/time when the vulnerability was published (in Unix time).\n", + "format": "int64", + "type": "integer" + }, + "riskFactors": { + "$ref": "#/components/schemas/vulnerability.RiskFactors" + }, + "rpmModule": { + "description": "RPMModule specifies the RPM module containing the package affected by this vulnerability.\n", + "type": "string" + }, + "secret": { + "$ref": "#/components/schemas/vuln.Secret" + }, + "severity": { + "description": "Textual representation of the vulnerability's severity.\n", + "type": "string" + }, + "status": { + "description": "Vendor status for the vulnerability.\n", + "type": "string" + }, + "templates": { + "description": "List of templates with which the vulnerability is associated.\n", + "items": { + "$ref": "#/components/schemas/vuln.ComplianceTemplate" + }, + "type": "array" + }, + "text": { + "description": "Description of the violation.\n", + "type": "string" + }, + "title": { + "description": "Compliance title.\n", + "type": "string" + }, + "twistlock": { + "description": "Indicates if this is a Twistlock-specific vulnerability (true) or not (false).\n", + "type": "boolean" + }, + "type": { + "$ref": "#/components/schemas/vulnerability.Type" + }, + "vecStr": { + "description": "Textual representation of the metric values used to score the vulnerability.\n", + "type": "string" + }, + "vulnTagInfos": { + "description": "Tag information for the vulnerability.\n", + "items": { + "$ref": "#/components/schemas/vuln.TagInfo" + }, + "type": "array" + }, + "wildfireMalware": { + "$ref": "#/components/schemas/vuln.WildFireMalware" + } + }, + "type": "object" + }, + "vuln.WildFireMalware": { + "description": "WildFireMalware holds the data for WildFire malicious MD5", + "properties": { + "md5": { + "description": "MD5 is the hash of the malicious binary.\n", + "type": "string" + }, + "path": { + "description": "Path is the path to malicious binary.\n", + "type": "string" + }, + "verdict": { + "description": "Verdict is the malicious source like grayware, malware and phishing.\n", + "type": "string" + } + }, + "type": "object" + }, + "vulnerability.CPUArch": { + "description": "CPUArch represents the CPU architecture", + "type": "integer" + }, + "vulnerability.CPUArchs": { + "description": "CPUArchs represents list of cpu architectures", + "items": { + "$ref": "#/components/schemas/vulnerability.CPUArch" + }, + "type": "array" + }, + "vulnerability.CVEType": { + "description": "CVEType represents the type of a CVE", + "enum": [ + [ + "python", + "gem", + "nodejs", + "jar", + "package", + "product", + "app", + "go", + "nuget", + "osConditions", + "excludedCve" + ] + ], + "type": "string" + }, + "vulnerability.Conditions": { + "description": "Conditions represents a list of CVE rules (used to determine whether a CVE applies to a given package)", + "items": { + "$ref": "#/components/schemas/vulnerability.Rules" + }, + "type": "array" + }, + "vulnerability.CpeIDs": { + "items": { + "$ref": "#/components/schemas/uint32" + }, + "type": "array" + }, + "vulnerability.ExploitData": { + "description": "ExploitData holds information about an exploit", + "properties": { + "kind": { + "$ref": "#/components/schemas/vulnerability.ExploitKind" + }, + "link": { + "description": "Link is a link to information about the exploit.\n", + "type": "string" + }, + "source": { + "$ref": "#/components/schemas/vulnerability.ExploitType" + } + }, + "type": "object" + }, + "vulnerability.ExploitKind": { + "description": "ExploitKind represents the kind of the exploit", + "enum": [ + [ + "poc", + "in-the-wild" + ] + ], + "type": "string" + }, + "vulnerability.ExploitType": { + "description": "ExploitType represents the source of an exploit", + "enum": [ + [ + "", + "exploit-db", + "exploit-windows", + "cisa-kev" + ] + ], + "type": "string" + }, + "vulnerability.Exploits": { + "description": "Exploits represents the exploits data found for a CVE", + "items": { + "$ref": "#/components/schemas/vulnerability.ExploitData" + }, + "type": "array" + }, + "vulnerability.RHELCpeHashes": { + "description": "RHELCpeHashes represent the CPE hashes associated with a given Red Hat repository", + "items": { + "$ref": "#/components/schemas/uint32" + }, + "type": "array" + }, + "vulnerability.RiskFactor": { + "description": "RiskFactor represents a vulnerability risk factor, used in determining a vulnerability risk score", + "enum": [ + [ + "Critical severity", + "High severity", + "Medium severity", + "Has fix", + "Remote execution", + "DoS - Low", + "DoS - High", + "Recent vulnerability", + "Exploit exists - in the wild", + "Exploit exists - POC", + "Attack complexity: low", + "Attack vector: network", + "Reachable from the internet", + "Listening ports", + "Container is running as root", + "No mandatory security profile applied", + "Running as privileged container", + "Package in use", + "Sensitive information", + "Root mount", + "Runtime socket", + "Host access" + ] + ], + "type": "string" + }, + "vulnerability.RiskFactors": { + "additionalProperties": { + "$ref": "#/components/schemas/string" + }, + "description": "RiskFactors maps the existence of vulnerability risk factors", + "type": "object" + }, + "vulnerability.Rules": { + "description": "Rules represents a list of CVE assessment rules (used to determine whether a CVE applies to a given package)", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "vulnerability.Symbols": { + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "vulnerability.Type": { + "description": "Type represents the vulnerability type", + "enum": [ + [ + "container", + "image", + "host_config", + "daemon_config", + "daemon_config_files", + "security_operations", + "k8s_master", + "k8s_worker", + "k8s_federation", + "linux", + "windows", + "istio", + "serverless", + "custom", + "docker_stig", + "openshift_master", + "openshift_worker", + "application_control_linux", + "gke_worker", + "image_malware", + "host_malware", + "aks_worker", + "eks_worker", + "image_secret", + "host_secret" + ] + ], + "type": "string" + }, + "waas.APIChangeDetails": { + "description": "APIChangeDetails contains the details of the API change", + "properties": { + "changeType": { + "$ref": "#/components/schemas/waas.APIChangesType" + }, + "date": { + "description": "Date is the change date.\n", + "format": "date-time", + "type": "string" + }, + "value": { + "description": "Value the value of the change - if applicable.\n", + "type": "string" + } + }, + "type": "object" + }, + "waas.APIChangesType": { + "description": "APIChangesType is used to represent the supported API changes types", + "type": "integer" + }, + "waas.APIProtectionStatus": { + "enum": [ + [ + "unprotected", + "monitored", + "protected" + ] + ], + "type": "string" + }, + "waas.APIRequest": { + "description": "APIRequest represents a single API request and its data", + "properties": { + "bodySchema": { + "$ref": "#/components/schemas/waas.BodySchema" + }, + "bodySchemaDiffExceededLimit": { + "description": "BodySchemaDiffExceededLimit is the date that the request body schema exceeded the size limit for finding body schema changes.\n", + "format": "date-time", + "type": "string" + }, + "clientTypes": { + "description": "ClientTypes are the client types used to access this path.\n", + "items": { + "$ref": "#/components/schemas/waas.ClientType" + }, + "type": "array" + }, + "contentType": { + "description": "ContentType is the request content type.\n", + "type": "string" + }, + "firstSeen": { + "description": "FirstSeen is the date when this path was first seen.\n", + "format": "date-time", + "type": "string" + }, + "hits": { + "description": "Hits are amount of hits on this path.\n", + "type": "integer" + }, + "lastChanged": { + "description": "LastChanged is the date when this path was last changed.\n", + "format": "date-time", + "type": "string" + }, + "lastSeen": { + "description": "LastSeen is the date when this path was last seen.\n", + "format": "date-time", + "type": "string" + }, + "method": { + "description": "Method is the HTTP method of the API request.\n", + "type": "string" + }, + "owaspAPIAttacks": { + "description": "OWASPAPIAttacks are the OWASP API Top10 attacks that were found on the API.\n", + "items": { + "$ref": "#/components/schemas/waas.OWASPAPITop10" + }, + "type": "array" + }, + "path": { + "description": "Path is the path of the API request.\n", + "type": "string" + }, + "protected": { + "description": "Protected indicates that the method+path are protected by WAAS API Protection.\n", + "type": "boolean" + }, + "public": { + "description": "Public indicates this path may be accessed from the internet.\n", + "type": "boolean" + }, + "queryParameters": { + "description": "QueryParameters are the query parameters of the API request.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "requestSizeDistribution": { + "$ref": "#/components/schemas/waas.SizeRangeDistribution" + }, + "requestSizeTotal": { + "description": "RequestSizeTotal is the total request body size.\n", + "type": "integer" + }, + "requiresAuthentication": { + "description": "RequiresAuthentication indicated this path requires authentication to access.\n", + "type": "boolean" + }, + "responseContentType": { + "description": "ResponseContentType is the response content type.\n", + "type": "string" + }, + "responseSensitiveData": { + "description": "ResponseSensitiveData indicated this path may be used with sensitive data attached in response.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "responseSizeDistribution": { + "$ref": "#/components/schemas/waas.SizeRangeDistribution" + }, + "responseSizeTotal": { + "description": "ResponseSizeTotal is the total response body size.\n", + "type": "integer" + }, + "sensitiveData": { + "description": "RequestSensitiveData indicated this path may be used with sensitive data attached in request.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "servers": { + "description": "Servers are the destination servers (including port and schema) of the API request.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "sourceIP": { + "description": "SourceIP is the source IP of the API request.\n", + "type": "string" + }, + "statusCodeDistribution": { + "$ref": "#/components/schemas/waas.StatusCodeDistribution" + } + }, + "type": "object" + }, + "waas.APISpec": { + "description": "APISpec is an API specification", + "properties": { + "description": { + "description": "Description of the app.\n", + "type": "string" + }, + "effect": { + "$ref": "#/components/schemas/waas.Effect" + }, + "endpoints": { + "description": "The app's endpoints.\n", + "items": { + "$ref": "#/components/schemas/waas.Endpoint" + }, + "type": "array" + }, + "fallbackEffect": { + "$ref": "#/components/schemas/waas.Effect" + }, + "paths": { + "description": "Paths of the API's endpoints.\n", + "items": { + "$ref": "#/components/schemas/waas.Path" + }, + "type": "array" + }, + "queryParamFallbackEffect": { + "$ref": "#/components/schemas/waas.Effect" + } + }, + "type": "object" + }, + "waas.APIStats": { + "description": "APIStats contains the API stats that occurred since the last stats dump", + "properties": { + "actionCounts": { + "$ref": "#/components/schemas/waas.ActionStats" + }, + "attackTypeStats": { + "$ref": "#/components/schemas/waas.AttackTypeStats" + }, + "blockedRequests": { + "description": "BlockedRequests is the number of blocked requests since last dump.\n", + "type": "integer" + }, + "forwardedRequests": { + "description": "ForwardedRequests is the number of forwarded requests since last dump.\n", + "type": "integer" + }, + "geoData": { + "$ref": "#/components/schemas/waas.GeoData" + }, + "inspectedBodyBytes": { + "description": "InspectedBodyBytes are the total request and response inspected body bytes.\n", + "type": "integer" + }, + "inspectionLimitExceeded": { + "description": "InspectionLimitExceeded is the total number of requests in which the body size exceeds inspection limit.\n", + "type": "integer" + }, + "interstitialPages": { + "description": "InterstitialPages is the number of interstitial pages served.\n", + "type": "integer" + }, + "lastErrs": { + "description": "LastErrs is the last errors that occurred, storing up to 20 errors.\n", + "items": { + "$ref": "#/components/schemas/waas.ReqErrorCtx" + }, + "type": "array" + }, + "maxRequestInspectionDuration": { + "description": "MaxRequestInspectionDuration is the maximum request inspection duration (time spent in waas until request was forwarded).\n", + "format": "int64", + "type": "integer" + }, + "maxResponseSizeBytes": { + "description": "MaxResponseSizeBytes contains the max response size.\n", + "type": "integer" + }, + "parsingErrs": { + "description": "ParsingErrs is a counter of the parsing errors that occurred.\n", + "type": "integer" + }, + "reCAPTCHAs": { + "description": "ReCAPTCHAs is the number of reCAPTCHA pages served.\n", + "type": "integer" + }, + "responseCodeStats": { + "$ref": "#/components/schemas/waas.ResponseCodeStats" + }, + "totalErrs": { + "description": "TotalErrs is a counter of the errors that occurred.\n", + "type": "integer" + }, + "totalForwardedRequestsDuration": { + "description": "TotalForwardedRequestsDuration is the total request duration for forwarded requests.\n", + "format": "int64", + "type": "integer" + }, + "totalRequestInspectionDuration": { + "description": "TotalRequestInspectionDuration is the total request inspection duration (time spent in waas until request was forwarded).\n", + "format": "int64", + "type": "integer" + }, + "totalRequests": { + "description": "TotalRequests is the number of incoming requests since last dump.\n", + "type": "integer" + }, + "totalResponseSizeBytes": { + "description": "TotalResponsesSizeBytes is the total APIs response size.\n", + "type": "integer" + }, + "totalTimeouts": { + "description": "TotalTimeouts is the number of timed out responses.\n", + "type": "integer" + } + }, + "type": "object" + }, + "waas.AccessControls": { + "description": "AccessControls contains the access controls config (e.g., denied/allowed sources)", + "properties": { + "alert": { + "description": "Alert are the denied sources for which we alert.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "allow": { + "description": "Allow are the allowed sources for which we don't alert or prevent.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "allowMode": { + "description": "AllowMode indicates allowlist (true) or denylist (false) mode.\n", + "type": "boolean" + }, + "enabled": { + "description": "Enabled indicates if access controls protection is enabled.\n", + "type": "boolean" + }, + "fallbackEffect": { + "$ref": "#/components/schemas/waas.Effect" + }, + "prevent": { + "description": "Prevent are the denied sources.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + "type": "object" + }, + "waas.ActionStats": { + "description": "ActionStats contains the WAAS action stats", + "properties": { + "alert": { + "description": "Alerts is the number of Alert actions.\n", + "type": "integer" + }, + "ban": { + "description": "Bans is the number of Ban actions.\n", + "type": "integer" + }, + "prevent": { + "description": "Prevents is the number of Prevent actions.\n", + "type": "integer" + }, + "reCAPTCHA": { + "description": "ReCAPTCHAs is the number of reCAPTCHA actions.\n", + "type": "integer" + } + }, + "type": "object" + }, + "waas.AgentlessPolicyState": { + "description": "AgentlessPolicyState is the state of the agentless policy", + "properties": { + "deletedRules": { + "description": "DeletedRules are rules that were deleted but their VPC deployments have not been terminated.\n", + "items": { + "$ref": "#/components/schemas/waas.Rule" + }, + "type": "array" + }, + "states": { + "description": "States are the VPC configuration states.\n", + "items": { + "$ref": "#/components/schemas/waas.VPCConfigState" + }, + "type": "array" + } + }, + "type": "object" + }, + "waas.AppProtectionStats": { + "description": "AppProtectionStats contains the app protection status statistics", + "properties": { + "protected": { + "description": "Protected indicates the amount of protected WAAS app entities (containers/hosts).\n", + "type": "integer" + }, + "unprotected": { + "description": "Unprotected indicates the amount of unprotected WAAS app entities (containers/hosts).\n", + "type": "integer" + } + }, + "type": "object" + }, + "waas.AppStats": { + "description": "AppStats contains the WAAS app policy statistics", + "properties": { + "accessControl": { + "description": "AccessControl is the total amount of apps with Access Control policy.\n", + "type": "integer" + }, + "bot": { + "description": "Bot is the total amount of apps with Bot Protection policy.\n", + "type": "integer" + }, + "customRulesEnabled": { + "description": "CustomRulesEnabled is the total amount of apps with Custom Rules enabled.\n", + "type": "integer" + }, + "dos": { + "description": "DoS is the total amount of apps with DoS Protection policy.\n", + "type": "integer" + }, + "waf": { + "description": "WAF is the total amount of apps with WAF policy.\n", + "type": "integer" + } + }, + "type": "object" + }, + "waas.ApplicationSpec": { + "description": "ApplicationSpec is an application of a firewall instance", + "properties": { + "apiSpec": { + "$ref": "#/components/schemas/waas.APISpec" + }, + "appID": { + "description": "Unique ID for the app.\n", + "type": "string" + }, + "attackTools": { + "$ref": "#/components/schemas/waas.ProtectionConfig" + }, + "autoApplyPatchesSpec": { + "$ref": "#/components/schemas/waas.AutoApplyPatchesSpec" + }, + "banDurationMinutes": { + "description": "Ban duration, in minutes.\n", + "type": "integer" + }, + "body": { + "$ref": "#/components/schemas/waas.BodyConfig" + }, + "botProtectionSpec": { + "$ref": "#/components/schemas/waas.BotProtectionSpec" + }, + "certificate": { + "$ref": "#/components/schemas/common.Secret" + }, + "clickjackingEnabled": { + "description": "Indicates whether clickjacking protection is enabled (true) or not (false).\n", + "type": "boolean" + }, + "cmdi": { + "$ref": "#/components/schemas/waas.ProtectionConfig" + }, + "codeInjection": { + "$ref": "#/components/schemas/waas.ProtectionConfig" + }, + "csrfEnabled": { + "description": "Indicates whether Cross-Site Request Forgery (CSRF) protection is enabled (true) or not (false).\n", + "type": "boolean" + }, + "customBlockResponse": { + "$ref": "#/components/schemas/waas.CustomBlockResponseConfig" + }, + "customRules": { + "description": "List of custom runtime rules.\n", + "items": { + "$ref": "#/components/schemas/customrules.Ref" + }, + "type": "array" + }, + "disableEventIDHeader": { + "description": "Indicates if event ID header should be attached to the response or not.\n", + "type": "boolean" + }, + "dosConfig": { + "$ref": "#/components/schemas/waas.DoSConfig" + }, + "headerSpecs": { + "description": "Configuration for inspecting HTTP headers.\n", + "items": { + "$ref": "#/components/schemas/waas.HeaderSpec" + }, + "type": "array" + }, + "intelGathering": { + "$ref": "#/components/schemas/waas.IntelGatheringConfig" + }, + "lfi": { + "$ref": "#/components/schemas/waas.ProtectionConfig" + }, + "malformedReq": { + "$ref": "#/components/schemas/waas.ProtectionConfig" + }, + "maliciousUpload": { + "$ref": "#/components/schemas/waas.MaliciousUploadConfig" + }, + "networkControls": { + "$ref": "#/components/schemas/waas.NetworkControls" + }, + "remoteHostForwarding": { + "$ref": "#/components/schemas/waas.RemoteHostForwardingConfig" + }, + "responseHeaderSpecs": { + "description": "Configuration for modifying HTTP response headers.\n", + "items": { + "$ref": "#/components/schemas/waas.ResponseHeaderSpec" + }, + "type": "array" + }, + "sessionCookieBan": { + "description": "Indicates if bans in this app are made by session cookie ID (true) or false (not).\n", + "type": "boolean" + }, + "sessionCookieEnabled": { + "description": "Indicates if session cookies are enabled (true) or not (false).\n", + "type": "boolean" + }, + "sessionCookieSameSite": { + "$ref": "#/components/schemas/waas.SameSite" + }, + "sessionCookieSecure": { + "description": "Indicates the Secure attribute of the session cookie.\n", + "type": "boolean" + }, + "shellshock": { + "$ref": "#/components/schemas/waas.ProtectionConfig" + }, + "sqli": { + "$ref": "#/components/schemas/waas.ProtectionConfig" + }, + "tlsConfig": { + "$ref": "#/components/schemas/waas.TLSConfig" + }, + "xss": { + "$ref": "#/components/schemas/waas.ProtectionConfig" + } + }, + "type": "object" + }, + "waas.AttackType": { + "description": "AttackType is the type of the attack", + "enum": [ + [ + "xss", + "sqli", + "cmdi", + "lfi", + "codeInjection", + "deniedIP", + "deniedCountry", + "header", + "violationsExceeded", + "attackTools", + "shellshock", + "disallowedFile", + "malformedRequest", + "inspectionLimitExceeded", + "informationLeak", + "unexpectedAPI", + "dos", + "searchEngineCrawler", + "businessAnalyticsBot", + "educationalBot", + "newsBot", + "financialBot", + "contentFeedClient", + "archivingBot", + "careerSearchBot", + "mediaSearchBot", + "genericBot", + "webAutomationTool", + "webScraper", + "apiLibrary", + "httpLibrary", + "sessionValidation", + "javascriptTimeout", + "missingCookie", + "browserImpersonation", + "botImpersonation", + "requestAnomalies", + "userDefinedBot", + "recaptchaRequired", + "recaptchaVerificationFailed", + "customRule", + "publicSensitiveDataWithoutAuthentication", + "publicSensitiveDataWithoutEncryption" + ] + ], + "type": "string" + }, + "waas.AttackTypeStats": { + "description": "AttackTypeStats are the WAAS attack type stats", + "properties": { + "accessControl": { + "description": "AccessControl is the count of access control attacks.\n", + "type": "integer" + }, + "apiProtection": { + "description": "APIProtection is the count of API Protection attacks.\n", + "type": "integer" + }, + "attackTools": { + "description": "AttackTools is the count of attack tool attacks.\n", + "type": "integer" + }, + "bots": { + "description": "Bots is the count of Bot attacks.\n", + "type": "integer" + }, + "cmdInjection": { + "description": "CMDInjection is the count of command injection attacks.\n", + "type": "integer" + }, + "codeInjection": { + "description": "CodeInjection is the count of code injection attacks.\n", + "type": "integer" + }, + "customRules": { + "description": "CustomRules is the count of attacks detected by custom rules.\n", + "type": "integer" + }, + "dos": { + "description": "DoS is the count of DoS attacks.\n", + "type": "integer" + }, + "lfi": { + "description": "LFI is the count of local file injection attacks.\n", + "type": "integer" + }, + "sqlInjection": { + "description": "SQLInjection is the count of SQL injection attacks.\n", + "type": "integer" + }, + "waf": { + "description": "WAF is the count of WAF protection attacks.\n", + "type": "integer" + }, + "xss": { + "description": "XSS is the count of XSS attacks.\n", + "type": "integer" + } + }, + "type": "object" + }, + "waas.AutoApplyPatchesSpec": { + "description": "AutoApplyPatchesSpec is the configuration for automation apply patches protection", + "properties": { + "effect": { + "$ref": "#/components/schemas/waas.Effect" + } + }, + "type": "object" + }, + "waas.BodyConfig": { + "description": "BodyConfig represents app configuration related to HTTP Body", + "properties": { + "inspectionLimitExceededEffect": { + "$ref": "#/components/schemas/waas.Effect" + }, + "inspectionSizeBytes": { + "description": "InspectionSizeBytes represents the max amount of data to inspect in request body.\n", + "type": "integer" + }, + "skip": { + "description": "Skip indicates that body inspection should be skipped.\n", + "type": "boolean" + } + }, + "type": "object" + }, + "waas.BodySchema": { + "description": "BodySchema is the request's body schema", + "properties": { + "contentType": { + "description": "ContentType is the content type the schema represents.\n", + "type": "string" + }, + "head": { + "$ref": "#/components/schemas/waas.BodySchemaNode" + } + }, + "type": "object" + }, + "waas.BodySchemaChildren": { + "additionalProperties": { + "$ref": "#/components/schemas/waas.BodySchemaNode" + }, + "description": "BodySchemaChildren represents a set of body schema children, uniquely identified by the body field's name", + "type": "object" + }, + "waas.BodySchemaNode": { + "description": "BodySchemaNode represents a single body schema node", + "properties": { + "children": { + "$ref": "#/components/schemas/waas.BodySchemaChildren" + }, + "name": { + "description": "Name is the body schema item name (key for json, tag name for xml).\n", + "type": "string" + }, + "type": { + "$ref": "#/components/schemas/waas.ParamType" + } + }, + "type": "object" + }, + "waas.BotProtectionSpec": { + "description": "BotProtectionSpec is the bot protections spec", + "properties": { + "interstitialPage": { + "description": "Indicates if an interstitial page is served (true) or not (false).\n", + "type": "boolean" + }, + "jsInjectionSpec": { + "$ref": "#/components/schemas/waas.JSInjectionSpec" + }, + "knownBotProtectionsSpec": { + "$ref": "#/components/schemas/waas.KnownBotProtectionsSpec" + }, + "reCAPTCHASpec": { + "$ref": "#/components/schemas/waas.ReCAPTCHASpec" + }, + "sessionValidation": { + "$ref": "#/components/schemas/waas.Effect" + }, + "unknownBotProtectionSpec": { + "$ref": "#/components/schemas/waas.UnknownBotProtectionSpec" + }, + "userDefinedBots": { + "description": "Effects to perform when user-defined bots are detected.\n", + "items": { + "$ref": "#/components/schemas/waas.UserDefinedBot" + }, + "type": "array" + } + }, + "type": "object" + }, + "waas.CertificateMeta": { + "description": "CertificateMeta is the certificate metadata", + "properties": { + "issuerName": { + "description": "IssuerName is the certificate issuer common name.\n", + "type": "string" + }, + "notAfter": { + "description": "NotAfter is the time the certificate is not valid (expiry time).\n", + "format": "date-time", + "type": "string" + }, + "subjectName": { + "description": "SubjectName is the certificate subject common name.\n", + "type": "string" + } + }, + "type": "object" + }, + "waas.ClientType": { + "description": "ClientType is an HTTP client type", + "enum": [ + [ + "browser", + "mobile", + "httpLib", + "apiLib" + ] + ], + "type": "string" + }, + "waas.CustomBlockResponseConfig": { + "description": "CustomBlockResponseConfig is a custom block message config for a policy", + "properties": { + "body": { + "description": "Custom HTML for the block response.\n", + "type": "string" + }, + "code": { + "description": "Custom HTTP response code for the block response.\n", + "type": "integer" + }, + "enabled": { + "description": "Indicates if the custom block response is enabled (true) or not (false).\n", + "type": "boolean" + } + }, + "type": "object" + }, + "waas.CustomReCAPTCHAPageSpec": { + "description": "CustomReCAPTCHAPageSpec is the custom reCAPTCHA page spec", + "properties": { + "body": { + "description": "Custom HTML for the reCAPTCHA page.\n", + "type": "string" + }, + "enabled": { + "description": "Indicates if the custom reCAPTCHA page is enabled.\n", + "type": "boolean" + } + }, + "type": "object" + }, + "waas.DailyStats": { + "description": "DailyStats represents the WAAS daily stats", + "properties": { + "_id": { + "description": "Date is date that the daily stats are relevant to.\n", + "type": "string" + }, + "actionStats": { + "$ref": "#/components/schemas/waas.ActionStats" + }, + "attackTypeStats": { + "$ref": "#/components/schemas/waas.AttackTypeStats" + }, + "geoData": { + "$ref": "#/components/schemas/waas.GeoData" + }, + "inspectedBytes": { + "description": "InspectedBytes is total amount body bytes inspected by WAAS.\n", + "type": "integer" + }, + "policyChangeCount": { + "description": "PolicyChangeCount is the amount of policy changes for this day.\n", + "type": "integer" + }, + "totalRequests": { + "description": "TotalRequests is the total request count.\n", + "type": "integer" + }, + "unprotectedAppsVulnStats": { + "$ref": "#/components/schemas/waas.UnprotectedAppsVulnStats" + } + }, + "type": "object" + }, + "waas.Dashboard": { + "description": "Dashboard contains the data of the WAAS Dashboard", + "properties": { + "appProtectionStats": { + "$ref": "#/components/schemas/waas.AppProtectionStats" + }, + "dailyStats": { + "description": "DailyStats are the WAAS daily stats.\n", + "items": { + "$ref": "#/components/schemas/waas.DailyStats" + }, + "type": "array" + }, + "insights": { + "description": "Insights are the current WAAS insights.\n", + "items": { + "$ref": "#/components/schemas/waas.Insight" + }, + "type": "array" + }, + "policyStats": { + "$ref": "#/components/schemas/waas.PolicyStats" + } + }, + "type": "object" + }, + "waas.DiscoveredAPI": { + "description": "DiscoveredAPI represents a single discovered API path+method information's", + "properties": { + "appID": { + "description": "AppID is the app ID.\n", + "type": "string" + }, + "clientTypes": { + "description": "ClientTypes are the client types used to access this path.\n", + "items": { + "$ref": "#/components/schemas/waas.ClientType" + }, + "type": "array" + }, + "firstSeen": { + "description": "FirstSeen is the date when this path was first seen.\n", + "format": "date-time", + "type": "string" + }, + "hits": { + "description": "Hits are amount of hits on this path.\n", + "type": "integer" + }, + "host": { + "description": "Host is the host seen for this API.\n", + "type": "string" + }, + "image": { + "description": "Image is the image names seen for this API.\n", + "type": "string" + }, + "lastChanged": { + "description": "LastChanged is the date when this path was last changed.\n", + "format": "date-time", + "type": "string" + }, + "lastSeen": { + "description": "LastSeen is the date when this path was last seen.\n", + "format": "date-time", + "type": "string" + }, + "lbWorkload": { + "description": "LBWorkload indicates if the API was discovered by a load balancer observer.\n", + "type": "boolean" + }, + "method": { + "description": "Method is the API method.\n", + "type": "string" + }, + "owaspAPIAttacks": { + "description": "OWASPAPIAttacks indicates whether OWASP API Top-10 attacks were found on the API.\n", + "type": "boolean" + }, + "path": { + "description": "Path is the API path.\n", + "type": "string" + }, + "protectionStatus": { + "$ref": "#/components/schemas/waas.APIProtectionStatus" + }, + "public": { + "description": "Public indicates this path may be accessed from the internet.\n", + "type": "boolean" + }, + "requiresAuthentication": { + "description": "RequiresAuthentication indicated this path requires authentication to access.\n", + "type": "boolean" + }, + "responseSensitiveData": { + "description": "ResponseSensitiveData indicated this path may be used with sensitive data attached in response.\n", + "type": "boolean" + }, + "riskFactors": { + "$ref": "#/components/schemas/vulnerability.RiskFactors" + }, + "riskScore": { + "description": "RiskScore is the sum of all risk factors (used for sorting and filter by risk factors).\n", + "type": "integer" + }, + "ruleID": { + "description": "RuleID is the rule ID.\n", + "type": "string" + }, + "sensitiveData": { + "description": "SensitiveData indicated this path may be used with sensitive data attached in request.\n", + "type": "boolean" + }, + "servers": { + "description": "Servers are the servers seen for this API.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "vulnerabilityDistribution": { + "$ref": "#/components/schemas/vuln.Distribution" + } + }, + "type": "object" + }, + "waas.DoSConfig": { + "description": "DoSConfig is a dos policy specification", + "properties": { + "alert": { + "$ref": "#/components/schemas/waas.DoSRates" + }, + "ban": { + "$ref": "#/components/schemas/waas.DoSRates" + }, + "enabled": { + "description": "Enabled indicates if dos protection is enabled.\n", + "type": "boolean" + }, + "excludedNetworkLists": { + "description": "Network IPs to exclude from DoS tracking.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "matchConditions": { + "description": "Conditions on which to match to track a request. The conditions are \\\"OR\\\"'d together during the check.\n", + "items": { + "$ref": "#/components/schemas/waas.DoSMatchCondition" + }, + "type": "array" + }, + "trackSession": { + "description": "Indicates if the custom session ID generated during bot protection flow is tracked (true) or not (false).\n", + "type": "boolean" + } + }, + "type": "object" + }, + "waas.DoSMatchCondition": { + "description": "DoSMatchCondition is used for matching a request for tracking", + "properties": { + "fileTypes": { + "description": "File types for request matching.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "methods": { + "description": "HTTP methods for request matching.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "responseCodeRanges": { + "description": "Response codes for the request's response matching.\n", + "items": { + "$ref": "#/components/schemas/waas.StatusCodeRange" + }, + "type": "array" + } + }, + "type": "object" + }, + "waas.DoSRates": { + "description": "DoSRates specifies dos requests rates (thresholds)", + "properties": { + "average": { + "description": "Average request rate (requests / second).\n", + "type": "integer" + }, + "burst": { + "description": "Burst request rate (requests / second).\n", + "type": "integer" + } + }, + "type": "object" + }, + "waas.Effect": { + "description": "Effect is the effect that will be used in the rule", + "enum": [ + [ + "ban", + "prevent", + "alert", + "allow", + "disable", + "reCAPTCHA" + ] + ], + "type": "string" + }, + "waas.Endpoint": { + "description": "Endpoint is an application endpoint", + "properties": { + "basePath": { + "description": "Base path for the endpoint.\n", + "type": "string" + }, + "exposedPort": { + "description": "Exposed port that the proxy is listening on.\n", + "type": "integer" + }, + "grpc": { + "description": "Indicates if the proxy supports gRPC (true) or not (false).\n", + "type": "boolean" + }, + "host": { + "description": "URL address (name or IP) of the endpoint's API specification (e.g., petstore.swagger.io). The address can be prefixed with a wildcard (e.g., *.swagger.io).\n", + "type": "string" + }, + "http2": { + "description": "Indicates if the proxy supports HTTP/2 (true) or not (false).\n", + "type": "boolean" + }, + "internalPort": { + "description": "Internal port that the application is listening on.\n", + "type": "integer" + }, + "tls": { + "description": "Indicates if the connection is secured (true) or not (false).\n", + "type": "boolean" + } + }, + "type": "object" + }, + "waas.ExceptionField": { + "description": "ExceptionField is used to perform the protection exception fields", + "properties": { + "key": { + "description": "Field in HTTP request.\n", + "type": "string" + }, + "keyPattern": { + "description": "Match and scrub by keys, relevant when location is not defined.\n", + "type": "boolean" + }, + "location": { + "$ref": "#/components/schemas/waas.ExceptionLocation" + }, + "response": { + "description": "Indicates that sensitive data should be checked in response, only relevant for pattern based sensitive data rule.\n", + "type": "boolean" + }, + "valuePattern": { + "description": "Match and scrub by values, relevant when location is not defined.\n", + "type": "boolean" + } + }, + "type": "object" + }, + "waas.ExceptionLocation": { + "description": "ExceptionLocation indicates exception http field location", + "enum": [ + [ + "path", + "query", + "queryValues", + "cookie", + "UserAgentHeader", + "header", + "body", + "rawBody", + "XMLPath", + "JSONPath" + ] + ], + "type": "string" + }, + "waas.FeatureExceptions": { + "description": "FeatureExceptions represents subnets that should bypass WAAS features", + "properties": { + "subnets": { + "description": "Subnets are network lists for which requests bypass WAAS features.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + "type": "object" + }, + "waas.FileType": { + "description": "FileType is the type of an uploaded file", + "enum": [ + [ + "pdf", + "officeLegacy", + "officeOoxml", + "odf", + "jpeg", + "png", + "gif", + "bmp", + "ico", + "avi", + "mp4", + "aac", + "mp3", + "wav", + "zip", + "gzip", + "rar", + "7zip" + ] + ], + "type": "string" + }, + "waas.FirewallType": { + "description": "FirewallType represents the firewall type", + "enum": [ + [ + "host-proxy", + "host-out-of-band", + "container-proxy", + "container-out-of-band", + "app-embedded", + "agentless", + "REST" + ] + ], + "type": "string" + }, + "waas.GeoData": { + "additionalProperties": { + "$ref": "#/components/schemas/waas.TrafficStats" + }, + "description": "GeoData are the per-country traffic stats", + "type": "object" + }, + "waas.HSTSConfig": { + "description": "HSTSConfig is the HTTP Strict Transport Security configuration in order to enforce HSTS header\nsee: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Strict-Transport-Security", + "properties": { + "enabled": { + "description": "Enabled indicates if HSTS enforcement is enabled.\n", + "type": "boolean" + }, + "includeSubdomains": { + "description": "IncludeSubdomains indicates if this rule applies to all of the site's subdomains as well.\n", + "type": "boolean" + }, + "maxAgeSeconds": { + "description": "maxAgeSeconds is the time (in seconds) that the browser should remember that a site is only be accessed using HTTPS.\n", + "type": "integer" + }, + "preload": { + "description": "Preload indicates if it should support preload.\n", + "type": "boolean" + } + }, + "type": "object" + }, + "waas.HTTPField": { + "description": "HTTPField is used to perform checks on flags and fields", + "properties": { + "key": { + "description": "Key is the key of the field, if exists (e.g. header and cookie).\n", + "type": "string" + }, + "type": { + "$ref": "#/components/schemas/waas.HTTPFieldType" + }, + "value": { + "description": "Value is the value of the field, if exists.\n", + "type": "string" + } + }, + "type": "object" + }, + "waas.HTTPFieldType": { + "description": "HTTPFieldType indicates type of http field", + "enum": [ + [ + "method", + "xmlBody", + "jsonBody", + "formBody", + "multipartBody", + "rawBody", + "rawBodyResponse", + "protobufBody", + "query", + "queryParamName", + "cookie", + "header", + "url" + ] + ], + "type": "string" + }, + "waas.HeaderSpec": { + "description": "HeaderSpec is specification for a single header and its allowed or blocked values", + "properties": { + "allow": { + "description": "Indicates if the flow is to be allowed (true) or blocked (false).\n", + "type": "boolean" + }, + "effect": { + "$ref": "#/components/schemas/waas.Effect" + }, + "name": { + "description": "Header name.\n", + "type": "string" + }, + "required": { + "description": "Indicates if the header must be present (true) or not (false).\n", + "type": "boolean" + }, + "values": { + "description": "Wildcard expressions that represent the header value.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + "type": "object" + }, + "waas.Insight": { + "description": "Insight represents an insight on the dashboard", + "properties": { + "message": { + "description": "Message is the display message of the insight.\n", + "type": "string" + }, + "type": { + "$ref": "#/components/schemas/waas.InsightType" + } + }, + "type": "object" + }, + "waas.InsightType": { + "description": "InsightType is the insight type", + "enum": [ + [ + "vulnerableUnprotectedApps", + "expiredCertificate", + "upcomingCertificateExpiry", + "noAPIProtection" + ] + ], + "type": "string" + }, + "waas.IntelGatheringConfig": { + "description": "IntelGatheringConfig is the configuration for intelligence gathering protections", + "properties": { + "infoLeakageEffect": { + "$ref": "#/components/schemas/waas.Effect" + }, + "removeFingerprintsEnabled": { + "description": "Indicates if server fingerprints should be removed (true) or not (false).\n", + "type": "boolean" + } + }, + "type": "object" + }, + "waas.JSInjectionSpec": { + "description": "JSInjectionSpec is the js injection protection spec", + "properties": { + "enabled": { + "description": "Indicates if JavaScript injection is enabled (true) or not (false).\n", + "type": "boolean" + }, + "timeoutEffect": { + "$ref": "#/components/schemas/waas.Effect" + } + }, + "type": "object" + }, + "waas.KnownBotProtectionsSpec": { + "description": "KnownBotProtectionsSpec is the known bot protections spec", + "properties": { + "archiving": { + "$ref": "#/components/schemas/waas.Effect" + }, + "businessAnalytics": { + "$ref": "#/components/schemas/waas.Effect" + }, + "careerSearch": { + "$ref": "#/components/schemas/waas.Effect" + }, + "contentFeedClients": { + "$ref": "#/components/schemas/waas.Effect" + }, + "educational": { + "$ref": "#/components/schemas/waas.Effect" + }, + "financial": { + "$ref": "#/components/schemas/waas.Effect" + }, + "mediaSearch": { + "$ref": "#/components/schemas/waas.Effect" + }, + "news": { + "$ref": "#/components/schemas/waas.Effect" + }, + "searchEngineCrawlers": { + "$ref": "#/components/schemas/waas.Effect" + } + }, + "type": "object" + }, + "waas.MaliciousUploadConfig": { + "description": "MaliciousUploadConfig is the configuration for file upload protection", + "properties": { + "allowedExtensions": { + "description": "Allowed file extensions.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "allowedFileTypes": { + "description": "Allowed file types.\n", + "items": { + "$ref": "#/components/schemas/waas.FileType" + }, + "type": "array" + }, + "effect": { + "$ref": "#/components/schemas/waas.Effect" + } + }, + "type": "object" + }, + "waas.Method": { + "description": "Method is a method information", + "properties": { + "method": { + "description": "Type of HTTP request (e.g., PUT, GET, etc.).\n", + "type": "string" + }, + "parameters": { + "description": "Parameters that are part of the HTTP request.\n", + "items": { + "$ref": "#/components/schemas/waas.Param" + }, + "type": "array" + } + }, + "type": "object" + }, + "waas.MinTLSVersion": { + "description": "MinTLSVersion is the list of acceptable TLS versions", + "enum": [ + [ + "1.0", + "1.1", + "1.2", + "1.3" + ] + ], + "type": "string" + }, + "waas.MonitoringStats": { + "description": "MonitoringStats are the waas per-profile monitoring stats", + "properties": { + "aggregationStart": { + "description": "AggregationStart indicates when stats aggregation started.\n", + "format": "date-time", + "type": "string" + }, + "firewallType": { + "$ref": "#/components/schemas/waas.FirewallType" + }, + "lastUpdate": { + "description": "LastUpdate indicates when the stats were last updated.\n", + "format": "date-time", + "type": "string" + }, + "profileID": { + "description": "ProfileID is the profile ID.\n", + "type": "string" + }, + "stats": { + "$ref": "#/components/schemas/waas.APIStats" + } + }, + "type": "object" + }, + "waas.NetworkControls": { + "description": "NetworkControls contains the network controls config (e.g., access controls for IPs and countries)", + "properties": { + "advancedProtectionEffect": { + "$ref": "#/components/schemas/waas.Effect" + }, + "countries": { + "$ref": "#/components/schemas/waas.AccessControls" + }, + "exceptionSubnets": { + "description": "Network lists for which requests completely bypass WAAS checks and protections.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "networkControlsExceptionSubnets": { + "$ref": "#/components/schemas/waas.FeatureExceptions" + }, + "subnets": { + "$ref": "#/components/schemas/waas.AccessControls" + } + }, + "type": "object" + }, + "waas.NetworkList": { + "description": "NetworkList represent network list of IP/CIDR in waas", + "properties": { + "_id": { + "description": "Unique ID.\n", + "type": "string" + }, + "description": { + "description": "Description of the network list.\n", + "type": "string" + }, + "disabled": { + "description": "Indicates whether the rule is currently disabled. Values: true (disabled) or false (enabled).\n", + "type": "boolean" + }, + "modified": { + "description": "Specifies the date and time when the rule was last modified.\n", + "format": "date-time", + "type": "string" + }, + "name": { + "description": "Name of the rule.\n", + "type": "string" + }, + "notes": { + "description": "Describes any noteworthy points for a rule. You can include any text.\n", + "type": "string" + }, + "owner": { + "description": "User who created or last modified the rule.\n", + "type": "string" + }, + "previousName": { + "description": "Previous name of the rule. Required for rule renaming.\n", + "type": "string" + }, + "subnets": { + "description": "List of the IPv4 addresses and IP CIDR blocks.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + "type": "object" + }, + "waas.OWASPAPITop10": { + "description": "OWASPAPITop10 represents OWASP API top 10 attacks", + "enum": [ + [ + "excessiveDataExposure", + "lackOfResources&RateLimiting", + "brokenFunctionLevelAuthorization", + "securityMisconfiguration", + "injection" + ] + ], + "type": "string" + }, + "waas.OWASPTop10": { + "description": "OWASPTop10 represents OWASP top 10 attacks", + "enum": [ + [ + "brokenAccessControl", + "cryptographicFailures", + "injection", + "insecureDesign" + ] + ], + "type": "string" + }, + "waas.OpenAPIScan": { + "description": "OpenAPIScan represents the OpenAPI file scan", + "properties": { + "_id": { + "description": "ID is the scan identifier.\n", + "type": "string" + }, + "issueResults": { + "description": "IssueResults are the scanned issues results.\n", + "items": { + "$ref": "#/components/schemas/waas.OpenAPIScanIssueResult" + }, + "type": "array" + }, + "scanInfo": { + "$ref": "#/components/schemas/waas.OpenAPIScanInfo" + }, + "scanStartTime": { + "description": "ScanStartTime is the scan started.\n", + "format": "date-time", + "type": "string" + }, + "severityDistribution": { + "$ref": "#/components/schemas/waas.OpenAPIScanIssuesSeverityDistribution" + }, + "specInfo": { + "$ref": "#/components/schemas/waas.OpenAPISpecInfo" + } + }, + "type": "object" + }, + "waas.OpenAPIScanInfo": { + "description": "OpenAPIScanInfo is the OpenAPI scan info", + "properties": { + "appID": { + "description": "AppID is the WAAS app id the file was imported from.\n", + "type": "string" + }, + "policyType": { + "$ref": "#/components/schemas/common.PolicyType" + }, + "ruleID": { + "description": "RuleID is the WAAS rule id the file was imported from.\n", + "type": "string" + }, + "source": { + "$ref": "#/components/schemas/waas.OpenAPIScanSource" + } + }, + "type": "object" + }, + "waas.OpenAPIScanIssueMetadata": { + "description": "OpenAPIScanIssueMetadata represents the static metadata of an API definition issue\nFields reflect the KICS metadata,\nExample: https://github.com/Checkmarx/kics/blob/master/assets/queries/openAPI/general/items_undefined/metadata.json", + "properties": { + "category": { + "description": "Category is the issue category.\n", + "type": "string" + }, + "descriptionText": { + "description": "DescriptionText is the issue description.\n", + "type": "string" + }, + "descriptionUrl": { + "description": "DescriptionURL is the issue information url.\n", + "type": "string" + }, + "id": { + "description": "ID is the unique identifier of the issue metadata.\n", + "type": "string" + }, + "override": { + "additionalProperties": { + "$ref": "#/components/schemas/waas.OpenAPIScanIssueMetadata" + }, + "description": "Override is the list of possible override fields by OpenAPI version.\n", + "type": "object" + }, + "queryName": { + "description": "Name is the issue name.\n", + "type": "string" + }, + "severity": { + "$ref": "#/components/schemas/waas.OpenAPIScanIssueSeverity" + } + }, + "type": "object" + }, + "waas.OpenAPIScanIssueResult": { + "description": "OpenAPIScanIssueResult represents a specific issue result in the OpenAPI spec file\nFields reflect the KICS rego queries result,\nExample: https://github.com/Checkmarx/kics/blob/master/assets/queries/openAPI/general/items_undefined/query.rego", + "properties": { + "_id": { + "description": "ID is the issue result ID.\n", + "type": "integer" + }, + "category": { + "description": "Category is the issue category.\n", + "type": "string" + }, + "descriptionText": { + "description": "DescriptionText is the issue description.\n", + "type": "string" + }, + "descriptionUrl": { + "description": "DescriptionURL is the issue information url.\n", + "type": "string" + }, + "id": { + "description": "ID is the unique identifier of the issue metadata.\n", + "type": "string" + }, + "override": { + "additionalProperties": { + "$ref": "#/components/schemas/waas.OpenAPIScanIssueMetadata" + }, + "description": "Override is the list of possible override fields by OpenAPI version.\n", + "type": "object" + }, + "queryName": { + "description": "Name is the issue name.\n", + "type": "string" + }, + "searchKey": { + "description": "SearchKey is the issue location in the spec file.\n", + "type": "string" + }, + "severity": { + "$ref": "#/components/schemas/waas.OpenAPIScanIssueSeverity" + }, + "status": { + "description": "Status is the issue status.\n", + "type": "string" + } + }, + "type": "object" + }, + "waas.OpenAPIScanIssueSeverity": { + "description": "OpenAPIScanIssueSeverity is the OpenAPI spec file issue severity", + "enum": [ + [ + "INFO", + "LOW", + "MEDIUM", + "HIGH" + ] + ], + "type": "string" + }, + "waas.OpenAPIScanIssueStatus": { + "description": "OpenAPIScanIssueStatus represents an OpenAPI file issue status", + "properties": { + "id": { + "description": "ID is the issue result ID.\n", + "type": "integer" + }, + "status": { + "description": "Status is the issue status.\n", + "type": "string" + } + }, + "type": "object" + }, + "waas.OpenAPIScanIssuesSeverityDistribution": { + "description": "OpenAPIScanIssuesSeverityDistribution counts the number of issues per severity type", + "properties": { + "high": { + "description": "High is the high severity issues count.\n", + "type": "integer" + }, + "info": { + "description": "Info is the info severity issues count.\n", + "type": "integer" + }, + "low": { + "description": "Low is the low severity issues count.\n", + "type": "integer" + }, + "medium": { + "description": "Medium is the medium severity issues count.\n", + "type": "integer" + } + }, + "type": "object" + }, + "waas.OpenAPIScanSource": { + "description": "OpenAPIScanSource is the scan trigger source", + "enum": [ + [ + "app", + "cli", + "manual" + ] + ], + "type": "string" + }, + "waas.OpenAPISpecInfo": { + "description": "OpenAPISpecInfo is the OpenAPI spec info", + "properties": { + "content": { + "description": "Content is the OpenAPI spec content.\n", + "items": { + "$ref": "#/components/schemas/byte" + }, + "type": "array" + }, + "contentType": { + "description": "ContentType is the OpenAPI spec file content type.\n", + "type": "string" + }, + "fileName": { + "description": "FileName is the OpenAPI spec file name.\n", + "type": "string" + } + }, + "type": "object" + }, + "waas.OutOfBandMode": { + "description": "OutOfBandMode holds the app firewall out-of-band mode", + "enum": [ + [ + "", + "Observation", + "Protection" + ] + ], + "type": "string" + }, + "waas.OutOfBandRuleScope": { + "description": "OutOfBandRuleScope represents the Out-of-Band Rule Scope", + "enum": [ + [ + "container", + "host", + "" + ] + ], + "type": "string" + }, + "waas.Param": { + "description": "Param contains a parameter information", + "properties": { + "allowEmptyValue": { + "description": "Indicates if an empty value is allowed (true) or not (false).\n", + "type": "boolean" + }, + "array": { + "description": "Indicates if multiple values of the specified type are allowed (true) or not (false).\n", + "type": "boolean" + }, + "explode": { + "description": "Indicates if arrays should generate separate parameters for each array item or object property.\n", + "type": "boolean" + }, + "location": { + "$ref": "#/components/schemas/waas.ParamLocation" + }, + "max": { + "description": "Maximum allowable value for a numeric parameter.\n", + "format": "double", + "type": "number" + }, + "min": { + "description": "Minimum allowable value for a numeric parameter.\n", + "format": "double", + "type": "number" + }, + "name": { + "description": "Name of the parameter.\n", + "type": "string" + }, + "required": { + "description": "Indicates if the parameter is required (true) or not (false).\n", + "type": "boolean" + }, + "style": { + "$ref": "#/components/schemas/waas.ParamStyle" + }, + "type": { + "$ref": "#/components/schemas/waas.ParamType" + } + }, + "type": "object" + }, + "waas.ParamLocation": { + "description": "ParamLocation is the location of a parameter", + "enum": [ + [ + "path", + "query", + "cookie", + "header", + "body", + "json", + "xml", + "formData", + "multipart" + ] + ], + "type": "string" + }, + "waas.ParamStyle": { + "description": "ParamStyle is a param format style, defined by OpenAPI specification\nIt describes how the parameter value will be serialized depending on the type of the parameter value.\nRef: https://swagger.io/docs/specification/serialization/\nhttps://github.com/OAI/OpenAPI-Specification/blob/master/versions/3.0.0.md#style-examples", + "enum": [ + [ + "simple", + "spaceDelimited", + "tabDelimited", + "pipeDelimited", + "form", + "matrix", + "label" + ] + ], + "type": "string" + }, + "waas.ParamType": { + "description": "ParamType is the type of a parameter, defined by OpenAPI specification\nRef: https://github.com/OAI/OpenAPI-Specification/blob/master/versions/2.0.md#data-types", + "enum": [ + [ + "integer", + "number", + "string", + "boolean", + "array", + "object" + ] + ], + "type": "string" + }, + "waas.Path": { + "description": "Path is an API path information", + "properties": { + "methods": { + "description": "Supported operations for the path (e.g., PUT, GET, etc.).\n", + "items": { + "$ref": "#/components/schemas/waas.Method" + }, + "type": "array" + }, + "path": { + "description": "Relative path to an endpoint such as \\\"/pet/{petId}\\\".\n", + "type": "string" + } + }, + "type": "object" + }, + "waas.Policy": { + "description": "Policy representation details", + "properties": { + "_id": { + "description": "Unique internal ID.\n", + "type": "string" + }, + "maxPort": { + "description": "Specifies the upper limit (maxima) for a port number to use in an application firewall.\n", + "type": "integer" + }, + "minPort": { + "description": "Specifies the lower limit (minima) for a port number to use in an application firewall.\n", + "type": "integer" + }, + "rules": { + "description": "Specifies the rules in a policy.\n", + "items": { + "$ref": "#/components/schemas/waas.Rule" + }, + "type": "array" + } + }, + "type": "object" + }, + "waas.PolicyStats": { + "description": "PolicyStats contains the WAAS policy statistics", + "properties": { + "appStats": { + "$ref": "#/components/schemas/waas.AppStats" + }, + "apps": { + "description": "Apps is the total amount of apps in the WAAS policies.\n", + "type": "integer" + }, + "rules": { + "description": "Rules is the total amount of rules in the WAAS policies.\n", + "type": "integer" + } + }, + "type": "object" + }, + "waas.Protection": { + "description": "Protection is the type of protection", + "enum": [ + [ + "firewall", + "dos", + "bot", + "custom", + "accessControl" + ] + ], + "type": "string" + }, + "waas.ProtectionConfig": { + "description": "ProtectionConfig represents a WAAS protection config", + "properties": { + "effect": { + "$ref": "#/components/schemas/waas.Effect" + }, + "exceptionFields": { + "description": "Exceptions.\n", + "items": { + "$ref": "#/components/schemas/waas.ExceptionField" + }, + "type": "array" + } + }, + "type": "object" + }, + "waas.ProtectionStatus": { + "description": "ProtectionStatus describes the status of the WAAS protection", + "properties": { + "enabled": { + "description": "Enabled indicates if WAAS proxy protection is enabled (true) or not (false).\n", + "type": "boolean" + }, + "outOfBandMode": { + "$ref": "#/components/schemas/waas.OutOfBandMode" + }, + "ports": { + "description": "Ports indicates http open ports associated with the container.\n", + "items": { + "$ref": "#/components/schemas/int" + }, + "type": "array" + }, + "supported": { + "description": "Supported indicates if WAAS protection is supported (true) or not (false).\n", + "type": "boolean" + }, + "tlsPorts": { + "description": "TLSPorts indicates https open ports associated with the container.\n", + "items": { + "$ref": "#/components/schemas/int" + }, + "type": "array" + }, + "unprotectedProcesses": { + "description": "UnprotectedProcesses holds the processes that support HTTP/HTTPS without WAAS protection.\n", + "items": { + "$ref": "#/components/schemas/waas.UnprotectedProcess" + }, + "type": "array" + } + }, + "type": "object" + }, + "waas.ReCAPTCHASpec": { + "description": "ReCAPTCHASpec is the reCAPTCHA spec", + "properties": { + "allSessions": { + "description": "Indicates if the reCAPTCHA page is served at the start of every new session (true) or not (false).\n", + "type": "boolean" + }, + "customPageSpec": { + "$ref": "#/components/schemas/waas.CustomReCAPTCHAPageSpec" + }, + "enabled": { + "description": "Indicates if reCAPTCHA integration is enabled (true) or not (false).\n", + "type": "boolean" + }, + "secretKey": { + "$ref": "#/components/schemas/common.Secret" + }, + "siteKey": { + "description": "ReCAPTCHA site key to use when invoking the reCAPTCHA service.\n", + "type": "string" + }, + "successExpirationHours": { + "description": "Duration for which the indication of reCAPTCHA success is kept. Maximum value is 30 days * 24 = 720 hours.\n", + "type": "integer" + }, + "type": { + "$ref": "#/components/schemas/waas.ReCAPTCHAType" + } + }, + "type": "object" + }, + "waas.ReCAPTCHAType": { + "description": "ReCAPTCHAType is the reCAPTCHA configured type", + "enum": [ + [ + "checkbox", + "invisible" + ] + ], + "type": "string" + }, + "waas.RemoteHostForwardingConfig": { + "description": "RemoteHostForwardingConfig defines a remote host to forward requests to", + "properties": { + "enabled": { + "description": "Indicates if remote host forwarding is enabled (true) or not (false).\n", + "type": "boolean" + }, + "target": { + "description": "Remote host to forward requests to.\n", + "type": "string" + } + }, + "type": "object" + }, + "waas.ReqErrorCtx": { + "description": "ReqErrorCtx is the request error context", + "properties": { + "defender": { + "description": "Defender is the defender name from which the error originated.\n", + "type": "string" + }, + "err": { + "description": "Err is the API error.\n", + "type": "string" + }, + "requestInspectionDuration": { + "description": "RequestInspectionDuration is the request inspection handling time by the WAAS plugins (time spent in WAAS before forwarding the request and handling the response).\n", + "format": "int64", + "type": "integer" + }, + "requestStart": { + "description": "RequestStart is the request start time.\n", + "format": "date-time", + "type": "string" + }, + "route": { + "description": "Route is the API route.\n", + "type": "string" + }, + "serveDuration": { + "description": "ServeDuration is the total request handling time including forwarding and response until the error.\n", + "format": "int64", + "type": "integer" + } + }, + "type": "object" + }, + "waas.RequestAnomalies": { + "description": "RequestAnomalies is the request anomalies spec", + "properties": { + "effect": { + "$ref": "#/components/schemas/waas.Effect" + }, + "threshold": { + "$ref": "#/components/schemas/waas.RequestAnomalyThreshold" + } + }, + "type": "object" + }, + "waas.RequestAnomalyThreshold": { + "description": "RequestAnomalyThreshold is the score threshold for which request anomaly violation is triggered", + "enum": [ + [ + "3", + "6", + "9" + ] + ], + "type": "integer" + }, + "waas.ResponseCodeStats": { + "description": "ResponseCodeStats holds counts of different response types\nCategories taken from: https://developer.mozilla.org/en-US/docs/Web/HTTP/Status", + "properties": { + "clientErrors": { + "description": "ClientErrors are the codes in the 400-499 range.\n", + "type": "integer" + }, + "informational": { + "description": "Informational are the codes in the 100-199 range.\n", + "type": "integer" + }, + "redirects": { + "description": "Redirects are the codes in the 300-399 range.\n", + "type": "integer" + }, + "serverErrors": { + "description": "ServerErrors are the codes in the 500-599 range.\n", + "type": "integer" + }, + "successful": { + "description": "Successful are the codes in the 200-299 range.\n", + "type": "integer" + } + }, + "type": "object" + }, + "waas.ResponseHeaderSpec": { + "description": "ResponseHeaderSpec is specification for a single response header to modify", + "properties": { + "name": { + "description": "Header name (will be canonicalized when possible).\n", + "type": "string" + }, + "override": { + "description": "Indicates whether to override existing values (true) or add to them (false).\n", + "type": "boolean" + }, + "values": { + "description": "New header values.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + "type": "object" + }, + "waas.Rule": { + "description": "Rule details for an application firewall", + "properties": { + "allowMalformedHttpHeaderNames": { + "description": "Indicates whether to allow non-compliant characters in the HTTP request header.\n", + "type": "boolean" + }, + "applicationsSpec": { + "description": "Lists the OpenAPI specifications in a rule.\n", + "items": { + "$ref": "#/components/schemas/waas.ApplicationSpec" + }, + "type": "array" + }, + "autoProtectPorts": { + "description": "Indicates whether to automatically detect and protect the HTTP ports.\n", + "type": "boolean" + }, + "collections": { + "description": "Scopes the rule based on a list of collections.\n", + "items": { + "$ref": "#/components/schemas/collection.Collection" + }, + "type": "array" + }, + "disabled": { + "description": "Indicates whether the rule is currently disabled. Values: true (disabled) or false (enabled).\n", + "type": "boolean" + }, + "modified": { + "description": "Specifies the date and time when the rule was last modified.\n", + "format": "date-time", + "type": "string" + }, + "name": { + "description": "Name of the rule.\n", + "type": "string" + }, + "notes": { + "description": "Describes any noteworthy points for a rule. You can include any text.\n", + "type": "string" + }, + "outOfBandScope": { + "$ref": "#/components/schemas/waas.OutOfBandRuleScope" + }, + "owner": { + "description": "User who created or last modified the rule.\n", + "type": "string" + }, + "previousName": { + "description": "Previous name of the rule. Required for rule renaming.\n", + "type": "string" + }, + "readTimeoutSeconds": { + "description": "Specifies the timeout of the request reads in seconds. Default: 5 seconds.\n", + "type": "integer" + }, + "skipAPILearning": { + "description": "Indicates whether to skip the API discovery. Values: true (skipped) or false (Do not skip).\n", + "type": "boolean" + }, + "trafficMirroring": { + "$ref": "#/components/schemas/waas.TrafficMirroringConfig" + }, + "windows": { + "description": "Indicates whether the operating system of the app is Microsoft Windows. The default is Linux.\n", + "type": "boolean" + } + }, + "type": "object" + }, + "waas.SameSite": { + "description": "SameSite allows a server to define a cookie attribute making it impossible for\nthe browser to send this cookie along with cross-site requests. The main\ngoal is to mitigate the risk of cross-origin information leakage, and provide\nsome protection against cross-site request forgery attacks.\n\nSee https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie/SameSite for details", + "enum": [ + [ + "Lax", + "Strict", + "None" + ] + ], + "type": "string" + }, + "waas.SensitiveDataSpec": { + "description": "SensitiveDataSpec defined a single sensitive data specification", + "properties": { + "disabled": { + "description": "Indicates whether the rule is currently disabled. Values: true (disabled) or false (enabled).\n", + "type": "boolean" + }, + "key": { + "description": "Field in HTTP request.\n", + "type": "string" + }, + "keyPattern": { + "description": "Match and scrub by keys, relevant when location is not defined.\n", + "type": "boolean" + }, + "location": { + "$ref": "#/components/schemas/waas.ExceptionLocation" + }, + "modified": { + "description": "Specifies the date and time when the rule was last modified.\n", + "format": "date-time", + "type": "string" + }, + "name": { + "description": "Name of the rule.\n", + "type": "string" + }, + "notes": { + "description": "Describes any noteworthy points for a rule. You can include any text.\n", + "type": "string" + }, + "owner": { + "description": "User who created or last modified the rule.\n", + "type": "string" + }, + "placeholder": { + "description": "Placeholder is the placeholder text to replace the matched field content.\n", + "type": "string" + }, + "previousName": { + "description": "Previous name of the rule. Required for rule renaming.\n", + "type": "string" + }, + "response": { + "description": "Indicates that sensitive data should be checked in response, only relevant for pattern based sensitive data rule.\n", + "type": "boolean" + }, + "sensitiveData": { + "description": "SensitiveData indicates this spec is used for marking APIs as using sensitive data for API discovery.\n", + "type": "boolean" + }, + "skipLogScrubbing": { + "description": "SkipLogScrubbing indicates this spec is not used for log scrubbing.\n", + "type": "boolean" + }, + "valuePattern": { + "description": "Match and scrub by values, relevant when location is not defined.\n", + "type": "boolean" + } + }, + "type": "object" + }, + "waas.SensitiveDataSpecs": { + "description": "SensitiveDataSpecs is the sensitive data specifications", + "items": { + "$ref": "#/components/schemas/waas.SensitiveDataSpec" + }, + "type": "array" + }, + "waas.SizeRangeDistribution": { + "additionalProperties": { + "$ref": "#/components/schemas/int" + }, + "type": "object" + }, + "waas.StatusCodeDistribution": { + "additionalProperties": { + "$ref": "#/components/schemas/int" + }, + "type": "object" + }, + "waas.StatusCodeRange": { + "description": "StatusCodeRange represents a status code range", + "properties": { + "end": { + "description": "End of the range. Can be omitted if using a single status code.\n", + "type": "integer" + }, + "start": { + "description": "Start of the range. Can also be used for a single, non-range value.\n", + "type": "integer" + } + }, + "type": "object" + }, + "waas.TLSConfig": { + "description": "TLSConfig holds the user TLS configuration and the certificate data", + "properties": { + "HSTSConfig": { + "$ref": "#/components/schemas/waas.HSTSConfig" + }, + "metadata": { + "$ref": "#/components/schemas/waas.CertificateMeta" + }, + "minTLSVersion": { + "$ref": "#/components/schemas/waas.MinTLSVersion" + } + }, + "type": "object" + }, + "waas.TrafficMirroringConfig": { + "description": "TrafficMirroringConfig specifies the traffic mirroring configuration is fine in that case", + "properties": { + "enabled": { + "description": "TODO #41884 - remove traffic mirroring enabled flag when no longer needed for BC\nEnabled indicates if traffic mirroring is enabled.\n", + "type": "boolean" + }, + "sampling": { + "description": "Sampling indicates if this is a sampling VPC.\n", + "type": "boolean" + }, + "vpcConfig": { + "$ref": "#/components/schemas/waas.VPCConfig" + } + }, + "type": "object" + }, + "waas.TrafficStats": { + "description": "TrafficStats are traffic stats", + "properties": { + "attacks": { + "description": ".\n", + "type": "integer" + }, + "requests": { + "description": ".\n", + "type": "integer" + } + }, + "type": "object" + }, + "waas.UnknownBotProtectionSpec": { + "description": "UnknownBotProtectionSpec is the unknown bot protection spec", + "properties": { + "apiLibraries": { + "$ref": "#/components/schemas/waas.Effect" + }, + "botImpersonation": { + "$ref": "#/components/schemas/waas.Effect" + }, + "browserImpersonation": { + "$ref": "#/components/schemas/waas.Effect" + }, + "generic": { + "$ref": "#/components/schemas/waas.Effect" + }, + "httpLibraries": { + "$ref": "#/components/schemas/waas.Effect" + }, + "requestAnomalies": { + "$ref": "#/components/schemas/waas.RequestAnomalies" + }, + "webAutomationTools": { + "$ref": "#/components/schemas/waas.Effect" + }, + "webScrapers": { + "$ref": "#/components/schemas/waas.Effect" + } + }, + "type": "object" + }, + "waas.UnprotectedAppsVulnStats": { + "description": "UnprotectedAppsVulnStats contains vulnerability statistics of unprotected web apps", + "properties": { + "critical": { + "description": ".\n", + "type": "integer" + }, + "high": { + "description": ".\n", + "type": "integer" + }, + "low": { + "description": ".\n", + "type": "integer" + }, + "medium": { + "description": ".\n", + "type": "integer" + }, + "none": { + "description": ".\n", + "type": "integer" + } + }, + "type": "object" + }, + "waas.UnprotectedContainersWebApps": { + "description": "UnprotectedContainersWebApps contains the result of scanning unprotected containers summary", + "properties": { + "_id": { + "description": "Image is the image name.\n", + "type": "string" + }, + "count": { + "description": "Count is the sum of containers using this image.\n", + "type": "integer" + }, + "ports": { + "description": "Ports is the open http ports on containers using this image.\n", + "items": { + "$ref": "#/components/schemas/int" + }, + "type": "array" + }, + "tlsPorts": { + "description": "TLSPorts is the open https ports on containers using this image.\n", + "items": { + "$ref": "#/components/schemas/int" + }, + "type": "array" + } + }, + "type": "object" + }, + "waas.UnprotectedHostsWebApps": { + "description": "UnprotectedHostsWebApps contains the result of scanning unprotected hosts summary", + "properties": { + "hostname": { + "description": "Hostname is the host name.\n", + "type": "string" + }, + "unprotectedProcesses": { + "description": "UnprotectedProcesses is processes that uses HTTP/HTTPs but are unprotected by WAAS.\n", + "items": { + "$ref": "#/components/schemas/waas.UnprotectedProcess" + }, + "type": "array" + } + }, + "type": "object" + }, + "waas.UnprotectedProcess": { + "description": "UnprotectedProcess holds unprotected processes alongside the port", + "properties": { + "port": { + "description": "Port is the process port.\n", + "type": "integer" + }, + "process": { + "description": "Process is the process name.\n", + "type": "string" + }, + "tls": { + "description": "TLS is the port TLS indication.\n", + "type": "boolean" + } + }, + "type": "object" + }, + "waas.UserDefinedBot": { + "description": "UserDefinedBot indicates a user-defined bot and its effect", + "properties": { + "effect": { + "$ref": "#/components/schemas/waas.Effect" + }, + "headerName": { + "description": "Header name which defines the bot.\n", + "type": "string" + }, + "headerValues": { + "description": "Header values corresponding to the header name. Can contain wildcards.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "name": { + "description": "Name of the bot.\n", + "type": "string" + }, + "subnets": { + "description": "Subnets where the bot originates. Specify using network lists.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + "type": "object" + }, + "waas.VPCConfig": { + "description": "VPCConfig is the VPC configuration (there is a 1-to-1 relation with the rule, only one configuration per rule)", + "properties": { + "autoScalingEnabled": { + "description": "AutoScalingEnabled indicates that the deployment is made with auto VPC observer instances scaling.\n", + "type": "boolean" + }, + "autoScalingMaxInstances": { + "description": "AutoScalingMaxInstances is the maximum deployed instances when auto scaling is enabled.\n", + "type": "integer" + }, + "configID": { + "description": "ConfigID is a unique ID for the configuration.\n", + "type": "string" + }, + "consoleHostname": { + "description": "ConsoleHostname represents the hostname of the console to connect to.\n", + "type": "string" + }, + "credentialID": { + "description": "CredentialID is the service provider authentication data.\n", + "type": "string" + }, + "instanceNames": { + "description": "InstanceNames are the names of the instances to mirror (can be wildcard).\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "instanceType": { + "description": "InstanceType is the instance type to use for the defender instance.\n", + "type": "string" + }, + "lbARN": { + "description": "LBARN is the ARN of the observed load balancer.\n", + "type": "string" + }, + "lbName": { + "description": "LBName is the name of the observed load balancer.\n", + "type": "string" + }, + "lbType": { + "description": "LBType is the type of the observed load balancer (currentlly only ALB is supported).\n", + "type": "string" + }, + "ports": { + "description": "Ports are the ports to mirror.\n", + "items": { + "$ref": "#/components/schemas/int" + }, + "type": "array" + }, + "region": { + "description": "Region is the AWS region the mirrored VMs are located in.\n", + "type": "string" + }, + "subnetID": { + "description": "SubnetID is the ID of the subnet the defender will be deployed in.\n", + "type": "string" + }, + "tags": { + "description": "Tags are the tags to filter for instances to mirror in Key:Value format or \"*\".\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "vpcID": { + "description": "VPCID is the ID of the VPC to look for instances to mirror and to deploy the defender in.\n", + "type": "string" + } + }, + "type": "object" + }, + "waas.VPCConfigMirroredResource": { + "description": "VPCConfigMirroredResource is a resource(vm or LB) mirrored by a VPC configuration deployment", + "properties": { + "id": { + "description": "ID is the resource ID.\n", + "type": "string" + }, + "name": { + "description": "Name is the resource name.\n", + "type": "string" + } + }, + "type": "object" + }, + "waas.VPCConfigResource": { + "description": "VPCConfigResource is a resource created by a VPC configuration deployment", + "properties": { + "id": { + "description": "ID is the resource ID.\n", + "type": "string" + }, + "name": { + "description": "Name is the resource name.\n", + "type": "string" + }, + "type": { + "description": "Type is the resource type.\n", + "type": "string" + } + }, + "type": "object" + }, + "waas.VPCConfigState": { + "description": "VPCConfigState is the state of a VPC configuration\nThis includes only the state needed by the frontend\nbson bindings do not omit empty as the structure is updated using upsert and fields may need to be set to empty value", + "properties": { + "configID": { + "description": "ConfigID is the ID of the VPC configuration.\n", + "type": "string" + }, + "error": { + "description": "Error is the error received during deployment (on failure).\n", + "type": "string" + }, + "lastUpdate": { + "description": "LastUpdate is the time when the deployment was last updated.\n", + "format": "date-time", + "type": "string" + }, + "status": { + "$ref": "#/components/schemas/waas.VPCConfigStatus" + } + }, + "type": "object" + }, + "waas.VPCConfigStatus": { + "description": "VPCConfigStatus is the status of a VPC configuration deployment", + "enum": [ + [ + "inProcess", + "error", + "ready", + "deletionInProgress", + "deleteError", + "deleted" + ] + ], + "type": "string" + }, + "waas.WebAppsDiscoverySettings": { + "description": "WebAppsDiscoverySettings is the web apps discovery settings", + "properties": { + "disabled": { + "description": "Disabled indicates whether web apps discovery is disabled.\n", + "type": "boolean" + } + }, + "type": "object" + }, + "wildfire.Usage": { + "description": "Usage holds wildfire usage stats, period for the usage varies with context", + "properties": { + "bytes": { + "description": "Bytes is the total number of bytes uploaded to the WildFire API.\n", + "format": "int64", + "type": "integer" + }, + "queries": { + "description": "Queries is the number of queries to the WildFire API.\n", + "format": "int64", + "type": "integer" + }, + "uploads": { + "description": "Uploads is the number of uploads to the WildFire API.\n", + "format": "int64", + "type": "integer" + } + }, + "type": "object" + } + } + }, + "info": { + "title": "Prisma Cloud Compute API", + "version": "33.03.138", + "description": { + "$ref": "desc/intro.md" + } + }, + "openapi": "3.0.3", + "paths": { + "/api/v1/certs/ca.pem": { + "get": { + "description": { + "$ref": "desc/certs/capem_get.md" + }, + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Certs" + ], + "x-prisma-cloud-target-env": { + "permission": "accessUI" + }, + "operationId": "get-certs-ca.pem", + "summary": "Get CA PEM Certificate File" + } + }, + "/api/v1/certs/server-certs.sh": { + "get": { + "description": { + "$ref": "desc/certs/server-certs_get.md" + }, + "parameters": [ + { + "description": "OS is the target os.\n", + "in": "query", + "name": "os", + "schema": { + "type": "string" + } + }, + { + "description": "IPs is the list of addresses for which the certificates are generated.\n", + "in": "query", + "name": "ip", + "schema": { + "type": "string" + } + }, + { + "description": "Hostname is the target defender hostname.\n", + "in": "query", + "name": "hostname", + "schema": { + "type": "string" + } + } + ], + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/-_uint8" + } + } + }, + "description": "" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Certs" + ], + "x-prisma-cloud-target-env": { + "permission": "manageDefenders" + }, + "operationId": "get-certs-server-certs.sh", + "summary": "Get Server Certificates" + } + }, + "/api/v1/registry/webhook/webhook": { + "delete": { + "description": { + "$ref": "desc/registry/webhook_webhook_delete.md" + }, + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Registry" + ], + "x-prisma-cloud-target-env": { + "permission": "none" + }, + "operationId": "delete-registry-webhook-webhook", + "summary": "Delete a Registry Webhook" + }, + "post": { + "description": { + "$ref": "desc/registry/webhook_webhook_post.md" + }, + "requestBody": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/types.RegistryWebhookRequest" + } + } + } + }, + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Registry" + ], + "x-prisma-cloud-target-env": { + "permission": "none" + }, + "operationId": "post-registry-webhook-webhook", + "summary": "Registry Webhook" + } + }, + "/api/v1/signup": { + "post": { + "description": { + "$ref": "desc/signup/post.md" + }, + "requestBody": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/api.AuthenticationRequest" + } + } + } + }, + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Signup" + ], + "x-prisma-cloud-target-env": { + "permission": "none" + }, + "operationId": "post-signup", + "summary": "Create Admin Account" + } + }, + "/api/v1/util/prisma-cloud-jenkins-plugin.hpi": { + "get": { + "description": { + "$ref": "desc/util/twistlock_jenkins_plugin_get.md" + }, + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Util" + ], + "x-prisma-cloud-target-env": { + "permission": "downloads" + }, + "operationId": "get-util-prisma-cloud-jenkins-plugin.hpi", + "summary": "Download Jenkins Plugin for Prisma Cloud Compute" + } + }, + "/api/v1/util/tas-tile": { + "get": { + "description": { + "$ref": "desc/util/twistlock_tas_tile_get.md" + }, + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Util" + ], + "x-prisma-cloud-target-env": { + "permission": "manageDefenders" + }, + "operationId": "get-util-tas-tile", + "summary": "Download VMware TAS Tile for Prisma Cloud Compute" + } + }, + "/api/v33.03/_ping": { + "get": { + "description": { + "$ref": "desc/_ping/get.md" + }, + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/-_uint8" + } + } + }, + "description": "" + }, + "default": { + "description": "" + } + }, + "tags": [ + "_Ping" + ], + "x-prisma-cloud-target-env": { + "permission": "none" + }, + "operationId": "get-_ping", + "summary": "Ping" + } + }, + "/api/v33.03/agentless/progress": { + "get": { + "description": { + "$ref": "desc/agentless/get_agentless_progress.md" + }, + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/-_shared.Progress" + } + } + }, + "description": "" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Agentless" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorHosts" + }, + "operationId": "get-agentless-progress", + "summary": "View the Agentless Scan Progress" + } + }, + "/api/v33.03/agentless/scan": { + "post": { + "description": { + "$ref": "desc/agentless/post_agentless_scan.md" + }, + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Agentless" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorHosts" + }, + "operationId": "post-agentless-scan", + "summary": "Start Agentless Scan" + } + }, + "/api/v33.03/agentless/stop": { + "post": { + "description": { + "$ref": "desc/agentless/post_agentless_stop.md" + }, + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Agentless" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorHosts" + }, + "operationId": "post-agentless-stop", + "summary": "Stop an Ongoing Scan" + } + }, + "/api/v33.03/agentless/templates": { + "post": { + "description": { + "$ref": "desc/agentless/post_agentless_templates.md" + }, + "requestBody": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/types.AgentlessResourceTemplatesRequest" + } + } + } + }, + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Agentless" + ], + "x-prisma-cloud-target-env": { + "permission": "manageCreds" + }, + "operationId": "post-agentless-templates", + "summary": "Download Agentless Permission Templates" + } + }, + "/api/v33.03/application-control/host": { + "get": { + "description": { + "$ref": "desc/application-control/get.md" + }, + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/-_applicationcontrol.Rule" + } + } + }, + "description": "" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Application-Control" + ], + "x-prisma-cloud-target-env": { + "permission": "policyHosts" + }, + "operationId": "get-application-control-host", + "summary": "Host Application Control Rule" + }, + "put": { + "description": { + "$ref": "desc/application-control/put.md" + }, + "requestBody": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/applicationcontrol.Rule" + } + } + } + }, + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/applicationcontrol.Rule" + } + } + }, + "description": "Rule represents an application control policy rule" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Application-Control" + ], + "x-prisma-cloud-target-env": { + "permission": "policyHosts" + }, + "operationId": "put-application-control-host", + "summary": "Update Host Application Control Rules" + } + }, + "/api/v33.03/application-control/host/{id}": { + "delete": { + "description": { + "$ref": "desc/application-control/id_delete.md" + }, + "parameters": [ + { + "in": "path", + "name": "id", + "required": true, + "schema": { + "type": "string" + } + } + ], + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Application-Control" + ], + "x-prisma-cloud-target-env": { + "permission": "policyHosts" + }, + "operationId": "delete-application-control-host-id", + "summary": "Delete a Host Application Control Rule" + } + }, + "/api/v33.03/audits/access": { + "get": { + "description": { + "$ref": "desc/audits/access_get.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Limit is the amount to fix.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Sorts the result using a key.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": "From is an optional minimum time constraints for the audit.\n", + "in": "query", + "name": "from", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "To is an optional maximum time constraints for the audit.\n", + "in": "query", + "name": "to", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "Type is the audit type.\n", + "in": "query", + "name": "type", + "schema": { + "type": "string" + } + }, + { + "description": "RuleNames are the rules names to filter by.\n", + "in": "query", + "name": "ruleName", + "schema": { + "description": "RuleNames are the rules names to filter by.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "APIs are apis to filter by.\n", + "in": "query", + "name": "api", + "schema": { + "description": "APIs are apis to filter by.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Hosts are hosts to filter by.\n", + "in": "query", + "name": "hostname", + "schema": { + "description": "Hosts are hosts to filter by.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Users are users to filter by.\n", + "in": "query", + "name": "user", + "schema": { + "description": "Users are users to filter by.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Allow indicated whether allowed requests should be shown.\n", + "in": "query", + "name": "allow", + "schema": { + "type": "string" + } + }, + { + "description": "Clusters is the cluster filter.\n", + "in": "query", + "name": "cluster", + "schema": { + "description": "Clusters is the cluster filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + } + ], + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/-_shared.Audit" + } + } + }, + "description": "" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Audits" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorAccessDocker" + }, + "operationId": "get-audits-access", + "summary": "Get Docker Access Audit Events" + } + }, + "/api/v33.03/audits/access/download": { + "get": { + "description": { + "$ref": "desc/audits/access_download_get.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Limit is the amount to fix.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Sorts the result using a key.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": "From is an optional minimum time constraints for the audit.\n", + "in": "query", + "name": "from", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "To is an optional maximum time constraints for the audit.\n", + "in": "query", + "name": "to", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "Type is the audit type.\n", + "in": "query", + "name": "type", + "schema": { + "type": "string" + } + }, + { + "description": "RuleNames are the rules names to filter by.\n", + "in": "query", + "name": "ruleName", + "schema": { + "description": "RuleNames are the rules names to filter by.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "APIs are apis to filter by.\n", + "in": "query", + "name": "api", + "schema": { + "description": "APIs are apis to filter by.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Hosts are hosts to filter by.\n", + "in": "query", + "name": "hostname", + "schema": { + "description": "Hosts are hosts to filter by.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Users are users to filter by.\n", + "in": "query", + "name": "user", + "schema": { + "description": "Users are users to filter by.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Allow indicated whether allowed requests should be shown.\n", + "in": "query", + "name": "allow", + "schema": { + "type": "string" + } + }, + { + "description": "Clusters is the cluster filter.\n", + "in": "query", + "name": "cluster", + "schema": { + "description": "Clusters is the cluster filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + } + ], + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Audits" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorAccessDocker" + }, + "operationId": "get-audits-access-download", + "summary": "Download Docker Access Audit Events" + } + }, + "/api/v33.03/audits/admission": { + "get": { + "description": { + "$ref": "desc/audits/admission_get.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Limit is the amount to fix.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Sorts the result using a key.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": "From is an optional minimum time constraints for the activity.\n", + "in": "query", + "name": "from", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "To is an optional maximum time constraints for the activity.\n", + "in": "query", + "name": "to", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "Namespaces is the list of namespaces to use for filtering.\n", + "in": "query", + "name": "namespace", + "schema": { + "description": "Namespaces is the list of namespaces to use for filtering.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Operations is the list of operations to use for filtering.\n", + "in": "query", + "name": "operation", + "schema": { + "description": "Operations is the list of operations to use for filtering.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Clusters is the cluster filter.\n", + "in": "query", + "name": "cluster", + "schema": { + "description": "Clusters is the cluster filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "AttackTechniques are the MITRE attack techniques.\n", + "in": "query", + "name": "attackTechniques", + "schema": { + "description": "AttackTechniques are the MITRE attack techniques.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + } + ], + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/-_admission.Audit" + } + } + }, + "description": "" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Audits" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorAccessKubernetes" + }, + "operationId": "get-audits-admission", + "summary": "Get Admission Audit Events" + } + }, + "/api/v33.03/audits/admission/download": { + "get": { + "description": { + "$ref": "desc/audits/admission_download_get.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Limit is the amount to fix.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Sorts the result using a key.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": "From is an optional minimum time constraints for the activity.\n", + "in": "query", + "name": "from", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "To is an optional maximum time constraints for the activity.\n", + "in": "query", + "name": "to", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "Namespaces is the list of namespaces to use for filtering.\n", + "in": "query", + "name": "namespace", + "schema": { + "description": "Namespaces is the list of namespaces to use for filtering.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Operations is the list of operations to use for filtering.\n", + "in": "query", + "name": "operation", + "schema": { + "description": "Operations is the list of operations to use for filtering.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Clusters is the cluster filter.\n", + "in": "query", + "name": "cluster", + "schema": { + "description": "Clusters is the cluster filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "AttackTechniques are the MITRE attack techniques.\n", + "in": "query", + "name": "attackTechniques", + "schema": { + "description": "AttackTechniques are the MITRE attack techniques.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + } + ], + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Audits" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorAccessKubernetes" + }, + "operationId": "get-audits-admission-download", + "summary": "Download Admission Audit Events" + } + }, + "/api/v33.03/audits/firewall/app/agentless": { + "get": { + "description": { + "$ref": "desc/audits/waas_agentless_get.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Limit is the amount to fix.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Sorts the result using a key.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": "From is an optional minimum time constraints for the audit.\n", + "in": "query", + "name": "from", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "To is an optional maximum time constraints for the audit.\n", + "in": "query", + "name": "to", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "Images is the image names filter.\n", + "in": "query", + "name": "imageName", + "schema": { + "description": "Images is the image names filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Containers is the container names filter.\n", + "in": "query", + "name": "containerName", + "schema": { + "description": "Containers is the container names filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Hosts is the hostnames filter.\n", + "in": "query", + "name": "hostname", + "schema": { + "description": "Hosts is the hostnames filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "RuleNames is the rule names filter.\n", + "in": "query", + "name": "ruleName", + "schema": { + "description": "RuleNames is the rule names filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Types is the firewall audit type filter.\n", + "in": "query", + "name": "type", + "schema": { + "description": "Types is the firewall audit type filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Effect is used to filter by runtime audit effect.\n", + "in": "query", + "name": "effect", + "schema": { + "type": "string" + } + }, + { + "description": "RuleAppIDs is the rule app IDs filter.\n", + "in": "query", + "name": "ruleAppID", + "schema": { + "description": "RuleAppIDs is the rule app IDs filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "FunctionName is used to filter by function name.\n", + "in": "query", + "name": "function", + "schema": { + "description": "FunctionName is used to filter by function name.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Runtime is used to filter by runtime.\n", + "in": "query", + "name": "runtime", + "schema": { + "description": "Runtime is used to filter by runtime.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Namespaces is the list of namespaces to use for filtering.\n", + "in": "query", + "name": "ns", + "schema": { + "description": "Namespaces is the list of namespaces to use for filtering.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "AppIDs is the app embedded appID filter.\n", + "in": "query", + "name": "appID", + "schema": { + "description": "AppIDs is the app embedded appID filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Subnets is the source IPs filter.\n", + "in": "query", + "name": "subnet", + "schema": { + "description": "Subnets is the source IPs filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "ConnectingIPs is the connecting IPs filter.\n", + "in": "query", + "name": "connectingIPs", + "schema": { + "description": "ConnectingIPs is the connecting IPs filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Countries is the source IP country filter.\n", + "in": "query", + "name": "country", + "schema": { + "description": "Countries is the source IP country filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "UserAgents is the user agent header filter.\n", + "in": "query", + "name": "userAgentHeader", + "schema": { + "description": "UserAgents is the user agent header filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "URLs is the URL filter.\n", + "in": "query", + "name": "url", + "schema": { + "description": "URLs is the URL filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "RequestHosts is the request host filter.\n", + "in": "query", + "name": "requestHost", + "schema": { + "description": "RequestHosts is the request host filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Paths is the URL path filter.\n", + "in": "query", + "name": "urlPath", + "schema": { + "description": "Paths is the URL path filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Queries is the URL query filter.\n", + "in": "query", + "name": "urlQuery", + "schema": { + "description": "Queries is the URL query filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Methods is the request method filter.\n", + "in": "query", + "name": "method", + "schema": { + "description": "Methods is the request method filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "RequestHeaderNames is the request header names filter.\n", + "in": "query", + "name": "requestHeaderNames", + "schema": { + "description": "RequestHeaderNames is the request header names filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "OS is the OS filter.\n", + "in": "query", + "name": "os", + "schema": { + "description": "OS is the OS filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Messages is the audit message text filter.\n", + "in": "query", + "name": "msg", + "schema": { + "description": "Messages is the audit message text filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Cluster is the audit cluster filter.\n", + "in": "query", + "name": "cluster", + "schema": { + "description": "Cluster is the audit cluster filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "AttackTechniques are the MITRE attack techniques.\n", + "in": "query", + "name": "attackTechniques", + "schema": { + "description": "AttackTechniques are the MITRE attack techniques.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Aggregate indicates whether the result audits should be aggregated according to the Select field.\n", + "in": "query", + "name": "aggregate", + "schema": { + "type": "boolean" + } + }, + { + "description": "Protections is the firewall audit protection type filter.\n", + "in": "query", + "name": "protection", + "schema": { + "description": "Protections is the firewall audit protection type filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "EventID is the event IDs filter.\n", + "in": "query", + "name": "eventID", + "schema": { + "description": "EventID is the event IDs filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "OWASPTop10 is the OWASP top 10 filter.\n", + "in": "query", + "name": "owaspTop10", + "schema": { + "description": "OWASPTop10 is the OWASP top 10 filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "OWASPAPITop10 is the OWASP API top 10 filter.\n", + "in": "query", + "name": "owaspAPITop10", + "schema": { + "description": "OWASPAPITop10 is the OWASP API top 10 filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "AdditionalHash is used to filter by the additional hash value.\n", + "in": "query", + "name": "additionalHash", + "schema": { + "description": "AdditionalHash is used to filter by the additional hash value.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "ModelPath is used to filter by the API model path.\n", + "in": "query", + "name": "modelPath", + "schema": { + "description": "ModelPath is used to filter by the API model path.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + } + ], + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/-_shared.AppFirewallAudit" + } + } + }, + "description": "" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Audits" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorWAAS" + }, + "operationId": "get-audits-firewall-app-agentless", + "summary": "Get WAAS Agentless Audit Events" + } + }, + "/api/v33.03/audits/firewall/app/agentless/download": { + "get": { + "description": { + "$ref": "desc/audits/waas_agentless_download_get.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Limit is the amount to fix.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Sorts the result using a key.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": "From is an optional minimum time constraints for the audit.\n", + "in": "query", + "name": "from", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "To is an optional maximum time constraints for the audit.\n", + "in": "query", + "name": "to", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "Images is the image names filter.\n", + "in": "query", + "name": "imageName", + "schema": { + "description": "Images is the image names filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Containers is the container names filter.\n", + "in": "query", + "name": "containerName", + "schema": { + "description": "Containers is the container names filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Hosts is the hostnames filter.\n", + "in": "query", + "name": "hostname", + "schema": { + "description": "Hosts is the hostnames filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "RuleNames is the rule names filter.\n", + "in": "query", + "name": "ruleName", + "schema": { + "description": "RuleNames is the rule names filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Types is the firewall audit type filter.\n", + "in": "query", + "name": "type", + "schema": { + "description": "Types is the firewall audit type filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Effect is used to filter by runtime audit effect.\n", + "in": "query", + "name": "effect", + "schema": { + "type": "string" + } + }, + { + "description": "RuleAppIDs is the rule app IDs filter.\n", + "in": "query", + "name": "ruleAppID", + "schema": { + "description": "RuleAppIDs is the rule app IDs filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "FunctionName is used to filter by function name.\n", + "in": "query", + "name": "function", + "schema": { + "description": "FunctionName is used to filter by function name.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Runtime is used to filter by runtime.\n", + "in": "query", + "name": "runtime", + "schema": { + "description": "Runtime is used to filter by runtime.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Namespaces is the list of namespaces to use for filtering.\n", + "in": "query", + "name": "ns", + "schema": { + "description": "Namespaces is the list of namespaces to use for filtering.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "AppIDs is the app embedded appID filter.\n", + "in": "query", + "name": "appID", + "schema": { + "description": "AppIDs is the app embedded appID filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Subnets is the source IPs filter.\n", + "in": "query", + "name": "subnet", + "schema": { + "description": "Subnets is the source IPs filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "ConnectingIPs is the connecting IPs filter.\n", + "in": "query", + "name": "connectingIPs", + "schema": { + "description": "ConnectingIPs is the connecting IPs filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Countries is the source IP country filter.\n", + "in": "query", + "name": "country", + "schema": { + "description": "Countries is the source IP country filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "UserAgents is the user agent header filter.\n", + "in": "query", + "name": "userAgentHeader", + "schema": { + "description": "UserAgents is the user agent header filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "URLs is the URL filter.\n", + "in": "query", + "name": "url", + "schema": { + "description": "URLs is the URL filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "RequestHosts is the request host filter.\n", + "in": "query", + "name": "requestHost", + "schema": { + "description": "RequestHosts is the request host filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Paths is the URL path filter.\n", + "in": "query", + "name": "urlPath", + "schema": { + "description": "Paths is the URL path filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Queries is the URL query filter.\n", + "in": "query", + "name": "urlQuery", + "schema": { + "description": "Queries is the URL query filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Methods is the request method filter.\n", + "in": "query", + "name": "method", + "schema": { + "description": "Methods is the request method filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "RequestHeaderNames is the request header names filter.\n", + "in": "query", + "name": "requestHeaderNames", + "schema": { + "description": "RequestHeaderNames is the request header names filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "OS is the OS filter.\n", + "in": "query", + "name": "os", + "schema": { + "description": "OS is the OS filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Messages is the audit message text filter.\n", + "in": "query", + "name": "msg", + "schema": { + "description": "Messages is the audit message text filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Cluster is the audit cluster filter.\n", + "in": "query", + "name": "cluster", + "schema": { + "description": "Cluster is the audit cluster filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "AttackTechniques are the MITRE attack techniques.\n", + "in": "query", + "name": "attackTechniques", + "schema": { + "description": "AttackTechniques are the MITRE attack techniques.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Aggregate indicates whether the result audits should be aggregated according to the Select field.\n", + "in": "query", + "name": "aggregate", + "schema": { + "type": "boolean" + } + }, + { + "description": "Protections is the firewall audit protection type filter.\n", + "in": "query", + "name": "protection", + "schema": { + "description": "Protections is the firewall audit protection type filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "EventID is the event IDs filter.\n", + "in": "query", + "name": "eventID", + "schema": { + "description": "EventID is the event IDs filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "OWASPTop10 is the OWASP top 10 filter.\n", + "in": "query", + "name": "owaspTop10", + "schema": { + "description": "OWASPTop10 is the OWASP top 10 filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "OWASPAPITop10 is the OWASP API top 10 filter.\n", + "in": "query", + "name": "owaspAPITop10", + "schema": { + "description": "OWASPAPITop10 is the OWASP API top 10 filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "AdditionalHash is used to filter by the additional hash value.\n", + "in": "query", + "name": "additionalHash", + "schema": { + "description": "AdditionalHash is used to filter by the additional hash value.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "ModelPath is used to filter by the API model path.\n", + "in": "query", + "name": "modelPath", + "schema": { + "description": "ModelPath is used to filter by the API model path.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + } + ], + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Audits" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorWAAS" + }, + "operationId": "get-audits-firewall-app-agentless-download", + "summary": "Download WAAS Agentless Audit Events" + } + }, + "/api/v33.03/audits/firewall/app/agentless/timeslice": { + "get": { + "description": { + "$ref": "desc/audits/waas_agentless_timeslice_get.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Limit is the amount to fix.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Sorts the result using a key.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": "From is an optional minimum time constraints for the audit.\n", + "in": "query", + "name": "from", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "To is an optional maximum time constraints for the audit.\n", + "in": "query", + "name": "to", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "Images is the image names filter.\n", + "in": "query", + "name": "imageName", + "schema": { + "description": "Images is the image names filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Containers is the container names filter.\n", + "in": "query", + "name": "containerName", + "schema": { + "description": "Containers is the container names filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Hosts is the hostnames filter.\n", + "in": "query", + "name": "hostname", + "schema": { + "description": "Hosts is the hostnames filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "RuleNames is the rule names filter.\n", + "in": "query", + "name": "ruleName", + "schema": { + "description": "RuleNames is the rule names filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Types is the firewall audit type filter.\n", + "in": "query", + "name": "type", + "schema": { + "description": "Types is the firewall audit type filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Effect is used to filter by runtime audit effect.\n", + "in": "query", + "name": "effect", + "schema": { + "type": "string" + } + }, + { + "description": "RuleAppIDs is the rule app IDs filter.\n", + "in": "query", + "name": "ruleAppID", + "schema": { + "description": "RuleAppIDs is the rule app IDs filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "FunctionName is used to filter by function name.\n", + "in": "query", + "name": "function", + "schema": { + "description": "FunctionName is used to filter by function name.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Runtime is used to filter by runtime.\n", + "in": "query", + "name": "runtime", + "schema": { + "description": "Runtime is used to filter by runtime.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Namespaces is the list of namespaces to use for filtering.\n", + "in": "query", + "name": "ns", + "schema": { + "description": "Namespaces is the list of namespaces to use for filtering.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "AppIDs is the app embedded appID filter.\n", + "in": "query", + "name": "appID", + "schema": { + "description": "AppIDs is the app embedded appID filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Subnets is the source IPs filter.\n", + "in": "query", + "name": "subnet", + "schema": { + "description": "Subnets is the source IPs filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "ConnectingIPs is the connecting IPs filter.\n", + "in": "query", + "name": "connectingIPs", + "schema": { + "description": "ConnectingIPs is the connecting IPs filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Countries is the source IP country filter.\n", + "in": "query", + "name": "country", + "schema": { + "description": "Countries is the source IP country filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "UserAgents is the user agent header filter.\n", + "in": "query", + "name": "userAgentHeader", + "schema": { + "description": "UserAgents is the user agent header filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "URLs is the URL filter.\n", + "in": "query", + "name": "url", + "schema": { + "description": "URLs is the URL filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "RequestHosts is the request host filter.\n", + "in": "query", + "name": "requestHost", + "schema": { + "description": "RequestHosts is the request host filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Paths is the URL path filter.\n", + "in": "query", + "name": "urlPath", + "schema": { + "description": "Paths is the URL path filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Queries is the URL query filter.\n", + "in": "query", + "name": "urlQuery", + "schema": { + "description": "Queries is the URL query filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Methods is the request method filter.\n", + "in": "query", + "name": "method", + "schema": { + "description": "Methods is the request method filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "RequestHeaderNames is the request header names filter.\n", + "in": "query", + "name": "requestHeaderNames", + "schema": { + "description": "RequestHeaderNames is the request header names filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "OS is the OS filter.\n", + "in": "query", + "name": "os", + "schema": { + "description": "OS is the OS filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Messages is the audit message text filter.\n", + "in": "query", + "name": "msg", + "schema": { + "description": "Messages is the audit message text filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Cluster is the audit cluster filter.\n", + "in": "query", + "name": "cluster", + "schema": { + "description": "Cluster is the audit cluster filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "AttackTechniques are the MITRE attack techniques.\n", + "in": "query", + "name": "attackTechniques", + "schema": { + "description": "AttackTechniques are the MITRE attack techniques.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Aggregate indicates whether the result audits should be aggregated according to the Select field.\n", + "in": "query", + "name": "aggregate", + "schema": { + "type": "boolean" + } + }, + { + "description": "Protections is the firewall audit protection type filter.\n", + "in": "query", + "name": "protection", + "schema": { + "description": "Protections is the firewall audit protection type filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "EventID is the event IDs filter.\n", + "in": "query", + "name": "eventID", + "schema": { + "description": "EventID is the event IDs filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "OWASPTop10 is the OWASP top 10 filter.\n", + "in": "query", + "name": "owaspTop10", + "schema": { + "description": "OWASPTop10 is the OWASP top 10 filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "OWASPAPITop10 is the OWASP API top 10 filter.\n", + "in": "query", + "name": "owaspAPITop10", + "schema": { + "description": "OWASPAPITop10 is the OWASP API top 10 filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "AdditionalHash is used to filter by the additional hash value.\n", + "in": "query", + "name": "additionalHash", + "schema": { + "description": "AdditionalHash is used to filter by the additional hash value.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "ModelPath is used to filter by the API model path.\n", + "in": "query", + "name": "modelPath", + "schema": { + "description": "ModelPath is used to filter by the API model path.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Buckets is the number of buckets to return.\n", + "in": "query", + "name": "buckets", + "schema": { + "type": "integer" + } + } + ], + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/-_types.AuditTimeslice" + } + } + }, + "description": "" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Audits" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorWAAS" + }, + "operationId": "get-audits-firewall-app-agentless-timeslice", + "summary": "Get WAAS Agentless Audit Events for a Timeframe" + } + }, + "/api/v33.03/audits/firewall/app/app-embedded": { + "get": { + "description": { + "$ref": "desc/audits/waas_app_embedded_get.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Limit is the amount to fix.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Sorts the result using a key.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": "From is an optional minimum time constraints for the audit.\n", + "in": "query", + "name": "from", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "To is an optional maximum time constraints for the audit.\n", + "in": "query", + "name": "to", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "Images is the image names filter.\n", + "in": "query", + "name": "imageName", + "schema": { + "description": "Images is the image names filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Containers is the container names filter.\n", + "in": "query", + "name": "containerName", + "schema": { + "description": "Containers is the container names filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Hosts is the hostnames filter.\n", + "in": "query", + "name": "hostname", + "schema": { + "description": "Hosts is the hostnames filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "RuleNames is the rule names filter.\n", + "in": "query", + "name": "ruleName", + "schema": { + "description": "RuleNames is the rule names filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Types is the firewall audit type filter.\n", + "in": "query", + "name": "type", + "schema": { + "description": "Types is the firewall audit type filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Effect is used to filter by runtime audit effect.\n", + "in": "query", + "name": "effect", + "schema": { + "type": "string" + } + }, + { + "description": "RuleAppIDs is the rule app IDs filter.\n", + "in": "query", + "name": "ruleAppID", + "schema": { + "description": "RuleAppIDs is the rule app IDs filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "FunctionName is used to filter by function name.\n", + "in": "query", + "name": "function", + "schema": { + "description": "FunctionName is used to filter by function name.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Runtime is used to filter by runtime.\n", + "in": "query", + "name": "runtime", + "schema": { + "description": "Runtime is used to filter by runtime.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Namespaces is the list of namespaces to use for filtering.\n", + "in": "query", + "name": "ns", + "schema": { + "description": "Namespaces is the list of namespaces to use for filtering.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "AppIDs is the app embedded appID filter.\n", + "in": "query", + "name": "appID", + "schema": { + "description": "AppIDs is the app embedded appID filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Subnets is the source IPs filter.\n", + "in": "query", + "name": "subnet", + "schema": { + "description": "Subnets is the source IPs filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "ConnectingIPs is the connecting IPs filter.\n", + "in": "query", + "name": "connectingIPs", + "schema": { + "description": "ConnectingIPs is the connecting IPs filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Countries is the source IP country filter.\n", + "in": "query", + "name": "country", + "schema": { + "description": "Countries is the source IP country filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "UserAgents is the user agent header filter.\n", + "in": "query", + "name": "userAgentHeader", + "schema": { + "description": "UserAgents is the user agent header filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "URLs is the URL filter.\n", + "in": "query", + "name": "url", + "schema": { + "description": "URLs is the URL filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "RequestHosts is the request host filter.\n", + "in": "query", + "name": "requestHost", + "schema": { + "description": "RequestHosts is the request host filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Paths is the URL path filter.\n", + "in": "query", + "name": "urlPath", + "schema": { + "description": "Paths is the URL path filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Queries is the URL query filter.\n", + "in": "query", + "name": "urlQuery", + "schema": { + "description": "Queries is the URL query filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Methods is the request method filter.\n", + "in": "query", + "name": "method", + "schema": { + "description": "Methods is the request method filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "RequestHeaderNames is the request header names filter.\n", + "in": "query", + "name": "requestHeaderNames", + "schema": { + "description": "RequestHeaderNames is the request header names filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "OS is the OS filter.\n", + "in": "query", + "name": "os", + "schema": { + "description": "OS is the OS filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Messages is the audit message text filter.\n", + "in": "query", + "name": "msg", + "schema": { + "description": "Messages is the audit message text filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Cluster is the audit cluster filter.\n", + "in": "query", + "name": "cluster", + "schema": { + "description": "Cluster is the audit cluster filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "AttackTechniques are the MITRE attack techniques.\n", + "in": "query", + "name": "attackTechniques", + "schema": { + "description": "AttackTechniques are the MITRE attack techniques.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Aggregate indicates whether the result audits should be aggregated according to the Select field.\n", + "in": "query", + "name": "aggregate", + "schema": { + "type": "boolean" + } + }, + { + "description": "Protections is the firewall audit protection type filter.\n", + "in": "query", + "name": "protection", + "schema": { + "description": "Protections is the firewall audit protection type filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "EventID is the event IDs filter.\n", + "in": "query", + "name": "eventID", + "schema": { + "description": "EventID is the event IDs filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "OWASPTop10 is the OWASP top 10 filter.\n", + "in": "query", + "name": "owaspTop10", + "schema": { + "description": "OWASPTop10 is the OWASP top 10 filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "OWASPAPITop10 is the OWASP API top 10 filter.\n", + "in": "query", + "name": "owaspAPITop10", + "schema": { + "description": "OWASPAPITop10 is the OWASP API top 10 filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "AdditionalHash is used to filter by the additional hash value.\n", + "in": "query", + "name": "additionalHash", + "schema": { + "description": "AdditionalHash is used to filter by the additional hash value.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "ModelPath is used to filter by the API model path.\n", + "in": "query", + "name": "modelPath", + "schema": { + "description": "ModelPath is used to filter by the API model path.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + } + ], + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/-_shared.AppFirewallAudit" + } + } + }, + "description": "" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Audits" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorWAAS" + }, + "operationId": "get-audits-firewall-app-app-embedded", + "summary": "Get WAAS App-embedded Audit Events" + } + }, + "/api/v33.03/audits/firewall/app/app-embedded/download": { + "get": { + "description": { + "$ref": "desc/audits/waas_app_embedded_download_get.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Limit is the amount to fix.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Sorts the result using a key.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": "From is an optional minimum time constraints for the audit.\n", + "in": "query", + "name": "from", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "To is an optional maximum time constraints for the audit.\n", + "in": "query", + "name": "to", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "Images is the image names filter.\n", + "in": "query", + "name": "imageName", + "schema": { + "description": "Images is the image names filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Containers is the container names filter.\n", + "in": "query", + "name": "containerName", + "schema": { + "description": "Containers is the container names filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Hosts is the hostnames filter.\n", + "in": "query", + "name": "hostname", + "schema": { + "description": "Hosts is the hostnames filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "RuleNames is the rule names filter.\n", + "in": "query", + "name": "ruleName", + "schema": { + "description": "RuleNames is the rule names filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Types is the firewall audit type filter.\n", + "in": "query", + "name": "type", + "schema": { + "description": "Types is the firewall audit type filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Effect is used to filter by runtime audit effect.\n", + "in": "query", + "name": "effect", + "schema": { + "type": "string" + } + }, + { + "description": "RuleAppIDs is the rule app IDs filter.\n", + "in": "query", + "name": "ruleAppID", + "schema": { + "description": "RuleAppIDs is the rule app IDs filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "FunctionName is used to filter by function name.\n", + "in": "query", + "name": "function", + "schema": { + "description": "FunctionName is used to filter by function name.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Runtime is used to filter by runtime.\n", + "in": "query", + "name": "runtime", + "schema": { + "description": "Runtime is used to filter by runtime.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Namespaces is the list of namespaces to use for filtering.\n", + "in": "query", + "name": "ns", + "schema": { + "description": "Namespaces is the list of namespaces to use for filtering.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "AppIDs is the app embedded appID filter.\n", + "in": "query", + "name": "appID", + "schema": { + "description": "AppIDs is the app embedded appID filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Subnets is the source IPs filter.\n", + "in": "query", + "name": "subnet", + "schema": { + "description": "Subnets is the source IPs filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "ConnectingIPs is the connecting IPs filter.\n", + "in": "query", + "name": "connectingIPs", + "schema": { + "description": "ConnectingIPs is the connecting IPs filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Countries is the source IP country filter.\n", + "in": "query", + "name": "country", + "schema": { + "description": "Countries is the source IP country filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "UserAgents is the user agent header filter.\n", + "in": "query", + "name": "userAgentHeader", + "schema": { + "description": "UserAgents is the user agent header filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "URLs is the URL filter.\n", + "in": "query", + "name": "url", + "schema": { + "description": "URLs is the URL filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "RequestHosts is the request host filter.\n", + "in": "query", + "name": "requestHost", + "schema": { + "description": "RequestHosts is the request host filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Paths is the URL path filter.\n", + "in": "query", + "name": "urlPath", + "schema": { + "description": "Paths is the URL path filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Queries is the URL query filter.\n", + "in": "query", + "name": "urlQuery", + "schema": { + "description": "Queries is the URL query filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Methods is the request method filter.\n", + "in": "query", + "name": "method", + "schema": { + "description": "Methods is the request method filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "RequestHeaderNames is the request header names filter.\n", + "in": "query", + "name": "requestHeaderNames", + "schema": { + "description": "RequestHeaderNames is the request header names filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "OS is the OS filter.\n", + "in": "query", + "name": "os", + "schema": { + "description": "OS is the OS filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Messages is the audit message text filter.\n", + "in": "query", + "name": "msg", + "schema": { + "description": "Messages is the audit message text filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Cluster is the audit cluster filter.\n", + "in": "query", + "name": "cluster", + "schema": { + "description": "Cluster is the audit cluster filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "AttackTechniques are the MITRE attack techniques.\n", + "in": "query", + "name": "attackTechniques", + "schema": { + "description": "AttackTechniques are the MITRE attack techniques.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Aggregate indicates whether the result audits should be aggregated according to the Select field.\n", + "in": "query", + "name": "aggregate", + "schema": { + "type": "boolean" + } + }, + { + "description": "Protections is the firewall audit protection type filter.\n", + "in": "query", + "name": "protection", + "schema": { + "description": "Protections is the firewall audit protection type filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "EventID is the event IDs filter.\n", + "in": "query", + "name": "eventID", + "schema": { + "description": "EventID is the event IDs filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "OWASPTop10 is the OWASP top 10 filter.\n", + "in": "query", + "name": "owaspTop10", + "schema": { + "description": "OWASPTop10 is the OWASP top 10 filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "OWASPAPITop10 is the OWASP API top 10 filter.\n", + "in": "query", + "name": "owaspAPITop10", + "schema": { + "description": "OWASPAPITop10 is the OWASP API top 10 filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "AdditionalHash is used to filter by the additional hash value.\n", + "in": "query", + "name": "additionalHash", + "schema": { + "description": "AdditionalHash is used to filter by the additional hash value.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "ModelPath is used to filter by the API model path.\n", + "in": "query", + "name": "modelPath", + "schema": { + "description": "ModelPath is used to filter by the API model path.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + } + ], + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Audits" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorWAAS" + }, + "operationId": "get-audits-firewall-app-app-embedded-download", + "summary": "Download WAAS App-embedded Audit Events" + } + }, + "/api/v33.03/audits/firewall/app/app-embedded/timeslice": { + "get": { + "description": { + "$ref": "desc/audits/waas_app_embedded_timeslice_get.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Limit is the amount to fix.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Sorts the result using a key.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": "From is an optional minimum time constraints for the audit.\n", + "in": "query", + "name": "from", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "To is an optional maximum time constraints for the audit.\n", + "in": "query", + "name": "to", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "Images is the image names filter.\n", + "in": "query", + "name": "imageName", + "schema": { + "description": "Images is the image names filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Containers is the container names filter.\n", + "in": "query", + "name": "containerName", + "schema": { + "description": "Containers is the container names filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Hosts is the hostnames filter.\n", + "in": "query", + "name": "hostname", + "schema": { + "description": "Hosts is the hostnames filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "RuleNames is the rule names filter.\n", + "in": "query", + "name": "ruleName", + "schema": { + "description": "RuleNames is the rule names filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Types is the firewall audit type filter.\n", + "in": "query", + "name": "type", + "schema": { + "description": "Types is the firewall audit type filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Effect is used to filter by runtime audit effect.\n", + "in": "query", + "name": "effect", + "schema": { + "type": "string" + } + }, + { + "description": "RuleAppIDs is the rule app IDs filter.\n", + "in": "query", + "name": "ruleAppID", + "schema": { + "description": "RuleAppIDs is the rule app IDs filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "FunctionName is used to filter by function name.\n", + "in": "query", + "name": "function", + "schema": { + "description": "FunctionName is used to filter by function name.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Runtime is used to filter by runtime.\n", + "in": "query", + "name": "runtime", + "schema": { + "description": "Runtime is used to filter by runtime.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Namespaces is the list of namespaces to use for filtering.\n", + "in": "query", + "name": "ns", + "schema": { + "description": "Namespaces is the list of namespaces to use for filtering.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "AppIDs is the app embedded appID filter.\n", + "in": "query", + "name": "appID", + "schema": { + "description": "AppIDs is the app embedded appID filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Subnets is the source IPs filter.\n", + "in": "query", + "name": "subnet", + "schema": { + "description": "Subnets is the source IPs filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "ConnectingIPs is the connecting IPs filter.\n", + "in": "query", + "name": "connectingIPs", + "schema": { + "description": "ConnectingIPs is the connecting IPs filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Countries is the source IP country filter.\n", + "in": "query", + "name": "country", + "schema": { + "description": "Countries is the source IP country filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "UserAgents is the user agent header filter.\n", + "in": "query", + "name": "userAgentHeader", + "schema": { + "description": "UserAgents is the user agent header filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "URLs is the URL filter.\n", + "in": "query", + "name": "url", + "schema": { + "description": "URLs is the URL filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "RequestHosts is the request host filter.\n", + "in": "query", + "name": "requestHost", + "schema": { + "description": "RequestHosts is the request host filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Paths is the URL path filter.\n", + "in": "query", + "name": "urlPath", + "schema": { + "description": "Paths is the URL path filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Queries is the URL query filter.\n", + "in": "query", + "name": "urlQuery", + "schema": { + "description": "Queries is the URL query filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Methods is the request method filter.\n", + "in": "query", + "name": "method", + "schema": { + "description": "Methods is the request method filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "RequestHeaderNames is the request header names filter.\n", + "in": "query", + "name": "requestHeaderNames", + "schema": { + "description": "RequestHeaderNames is the request header names filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "OS is the OS filter.\n", + "in": "query", + "name": "os", + "schema": { + "description": "OS is the OS filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Messages is the audit message text filter.\n", + "in": "query", + "name": "msg", + "schema": { + "description": "Messages is the audit message text filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Cluster is the audit cluster filter.\n", + "in": "query", + "name": "cluster", + "schema": { + "description": "Cluster is the audit cluster filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "AttackTechniques are the MITRE attack techniques.\n", + "in": "query", + "name": "attackTechniques", + "schema": { + "description": "AttackTechniques are the MITRE attack techniques.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Aggregate indicates whether the result audits should be aggregated according to the Select field.\n", + "in": "query", + "name": "aggregate", + "schema": { + "type": "boolean" + } + }, + { + "description": "Protections is the firewall audit protection type filter.\n", + "in": "query", + "name": "protection", + "schema": { + "description": "Protections is the firewall audit protection type filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "EventID is the event IDs filter.\n", + "in": "query", + "name": "eventID", + "schema": { + "description": "EventID is the event IDs filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "OWASPTop10 is the OWASP top 10 filter.\n", + "in": "query", + "name": "owaspTop10", + "schema": { + "description": "OWASPTop10 is the OWASP top 10 filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "OWASPAPITop10 is the OWASP API top 10 filter.\n", + "in": "query", + "name": "owaspAPITop10", + "schema": { + "description": "OWASPAPITop10 is the OWASP API top 10 filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "AdditionalHash is used to filter by the additional hash value.\n", + "in": "query", + "name": "additionalHash", + "schema": { + "description": "AdditionalHash is used to filter by the additional hash value.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "ModelPath is used to filter by the API model path.\n", + "in": "query", + "name": "modelPath", + "schema": { + "description": "ModelPath is used to filter by the API model path.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Buckets is the number of buckets to return.\n", + "in": "query", + "name": "buckets", + "schema": { + "type": "integer" + } + } + ], + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/-_types.AuditTimeslice" + } + } + }, + "description": "" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Audits" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorWAAS" + }, + "operationId": "get-audits-firewall-app-app-embedded-timeslice", + "summary": "Get WAAS App-embedded Audit Events for a Timeframe" + } + }, + "/api/v33.03/audits/firewall/app/container": { + "get": { + "description": { + "$ref": "desc/audits/waas_container_get.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Limit is the amount to fix.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Sorts the result using a key.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": "From is an optional minimum time constraints for the audit.\n", + "in": "query", + "name": "from", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "To is an optional maximum time constraints for the audit.\n", + "in": "query", + "name": "to", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "Images is the image names filter.\n", + "in": "query", + "name": "imageName", + "schema": { + "description": "Images is the image names filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Containers is the container names filter.\n", + "in": "query", + "name": "containerName", + "schema": { + "description": "Containers is the container names filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Hosts is the hostnames filter.\n", + "in": "query", + "name": "hostname", + "schema": { + "description": "Hosts is the hostnames filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "RuleNames is the rule names filter.\n", + "in": "query", + "name": "ruleName", + "schema": { + "description": "RuleNames is the rule names filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Types is the firewall audit type filter.\n", + "in": "query", + "name": "type", + "schema": { + "description": "Types is the firewall audit type filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Effect is used to filter by runtime audit effect.\n", + "in": "query", + "name": "effect", + "schema": { + "type": "string" + } + }, + { + "description": "RuleAppIDs is the rule app IDs filter.\n", + "in": "query", + "name": "ruleAppID", + "schema": { + "description": "RuleAppIDs is the rule app IDs filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "FunctionName is used to filter by function name.\n", + "in": "query", + "name": "function", + "schema": { + "description": "FunctionName is used to filter by function name.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Runtime is used to filter by runtime.\n", + "in": "query", + "name": "runtime", + "schema": { + "description": "Runtime is used to filter by runtime.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Namespaces is the list of namespaces to use for filtering.\n", + "in": "query", + "name": "ns", + "schema": { + "description": "Namespaces is the list of namespaces to use for filtering.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "AppIDs is the app embedded appID filter.\n", + "in": "query", + "name": "appID", + "schema": { + "description": "AppIDs is the app embedded appID filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Subnets is the source IPs filter.\n", + "in": "query", + "name": "subnet", + "schema": { + "description": "Subnets is the source IPs filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "ConnectingIPs is the connecting IPs filter.\n", + "in": "query", + "name": "connectingIPs", + "schema": { + "description": "ConnectingIPs is the connecting IPs filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Countries is the source IP country filter.\n", + "in": "query", + "name": "country", + "schema": { + "description": "Countries is the source IP country filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "UserAgents is the user agent header filter.\n", + "in": "query", + "name": "userAgentHeader", + "schema": { + "description": "UserAgents is the user agent header filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "URLs is the URL filter.\n", + "in": "query", + "name": "url", + "schema": { + "description": "URLs is the URL filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "RequestHosts is the request host filter.\n", + "in": "query", + "name": "requestHost", + "schema": { + "description": "RequestHosts is the request host filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Paths is the URL path filter.\n", + "in": "query", + "name": "urlPath", + "schema": { + "description": "Paths is the URL path filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Queries is the URL query filter.\n", + "in": "query", + "name": "urlQuery", + "schema": { + "description": "Queries is the URL query filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Methods is the request method filter.\n", + "in": "query", + "name": "method", + "schema": { + "description": "Methods is the request method filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "RequestHeaderNames is the request header names filter.\n", + "in": "query", + "name": "requestHeaderNames", + "schema": { + "description": "RequestHeaderNames is the request header names filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "OS is the OS filter.\n", + "in": "query", + "name": "os", + "schema": { + "description": "OS is the OS filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Messages is the audit message text filter.\n", + "in": "query", + "name": "msg", + "schema": { + "description": "Messages is the audit message text filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Cluster is the audit cluster filter.\n", + "in": "query", + "name": "cluster", + "schema": { + "description": "Cluster is the audit cluster filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "AttackTechniques are the MITRE attack techniques.\n", + "in": "query", + "name": "attackTechniques", + "schema": { + "description": "AttackTechniques are the MITRE attack techniques.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Aggregate indicates whether the result audits should be aggregated according to the Select field.\n", + "in": "query", + "name": "aggregate", + "schema": { + "type": "boolean" + } + }, + { + "description": "Protections is the firewall audit protection type filter.\n", + "in": "query", + "name": "protection", + "schema": { + "description": "Protections is the firewall audit protection type filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "EventID is the event IDs filter.\n", + "in": "query", + "name": "eventID", + "schema": { + "description": "EventID is the event IDs filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "OWASPTop10 is the OWASP top 10 filter.\n", + "in": "query", + "name": "owaspTop10", + "schema": { + "description": "OWASPTop10 is the OWASP top 10 filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "OWASPAPITop10 is the OWASP API top 10 filter.\n", + "in": "query", + "name": "owaspAPITop10", + "schema": { + "description": "OWASPAPITop10 is the OWASP API top 10 filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "AdditionalHash is used to filter by the additional hash value.\n", + "in": "query", + "name": "additionalHash", + "schema": { + "description": "AdditionalHash is used to filter by the additional hash value.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "ModelPath is used to filter by the API model path.\n", + "in": "query", + "name": "modelPath", + "schema": { + "description": "ModelPath is used to filter by the API model path.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + } + ], + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/-_shared.AppFirewallAudit" + } + } + }, + "description": "" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Audits" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorWAAS" + }, + "operationId": "get-audits-firewall-app-container", + "summary": "Get WAAS Container Audit Events" + } + }, + "/api/v33.03/audits/firewall/app/container/download": { + "get": { + "description": { + "$ref": "desc/audits/waas_container_download_get.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Limit is the amount to fix.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Sorts the result using a key.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": "From is an optional minimum time constraints for the audit.\n", + "in": "query", + "name": "from", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "To is an optional maximum time constraints for the audit.\n", + "in": "query", + "name": "to", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "Images is the image names filter.\n", + "in": "query", + "name": "imageName", + "schema": { + "description": "Images is the image names filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Containers is the container names filter.\n", + "in": "query", + "name": "containerName", + "schema": { + "description": "Containers is the container names filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Hosts is the hostnames filter.\n", + "in": "query", + "name": "hostname", + "schema": { + "description": "Hosts is the hostnames filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "RuleNames is the rule names filter.\n", + "in": "query", + "name": "ruleName", + "schema": { + "description": "RuleNames is the rule names filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Types is the firewall audit type filter.\n", + "in": "query", + "name": "type", + "schema": { + "description": "Types is the firewall audit type filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Effect is used to filter by runtime audit effect.\n", + "in": "query", + "name": "effect", + "schema": { + "type": "string" + } + }, + { + "description": "RuleAppIDs is the rule app IDs filter.\n", + "in": "query", + "name": "ruleAppID", + "schema": { + "description": "RuleAppIDs is the rule app IDs filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "FunctionName is used to filter by function name.\n", + "in": "query", + "name": "function", + "schema": { + "description": "FunctionName is used to filter by function name.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Runtime is used to filter by runtime.\n", + "in": "query", + "name": "runtime", + "schema": { + "description": "Runtime is used to filter by runtime.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Namespaces is the list of namespaces to use for filtering.\n", + "in": "query", + "name": "ns", + "schema": { + "description": "Namespaces is the list of namespaces to use for filtering.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "AppIDs is the app embedded appID filter.\n", + "in": "query", + "name": "appID", + "schema": { + "description": "AppIDs is the app embedded appID filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Subnets is the source IPs filter.\n", + "in": "query", + "name": "subnet", + "schema": { + "description": "Subnets is the source IPs filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "ConnectingIPs is the connecting IPs filter.\n", + "in": "query", + "name": "connectingIPs", + "schema": { + "description": "ConnectingIPs is the connecting IPs filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Countries is the source IP country filter.\n", + "in": "query", + "name": "country", + "schema": { + "description": "Countries is the source IP country filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "UserAgents is the user agent header filter.\n", + "in": "query", + "name": "userAgentHeader", + "schema": { + "description": "UserAgents is the user agent header filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "URLs is the URL filter.\n", + "in": "query", + "name": "url", + "schema": { + "description": "URLs is the URL filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "RequestHosts is the request host filter.\n", + "in": "query", + "name": "requestHost", + "schema": { + "description": "RequestHosts is the request host filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Paths is the URL path filter.\n", + "in": "query", + "name": "urlPath", + "schema": { + "description": "Paths is the URL path filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Queries is the URL query filter.\n", + "in": "query", + "name": "urlQuery", + "schema": { + "description": "Queries is the URL query filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Methods is the request method filter.\n", + "in": "query", + "name": "method", + "schema": { + "description": "Methods is the request method filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "RequestHeaderNames is the request header names filter.\n", + "in": "query", + "name": "requestHeaderNames", + "schema": { + "description": "RequestHeaderNames is the request header names filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "OS is the OS filter.\n", + "in": "query", + "name": "os", + "schema": { + "description": "OS is the OS filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Messages is the audit message text filter.\n", + "in": "query", + "name": "msg", + "schema": { + "description": "Messages is the audit message text filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Cluster is the audit cluster filter.\n", + "in": "query", + "name": "cluster", + "schema": { + "description": "Cluster is the audit cluster filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "AttackTechniques are the MITRE attack techniques.\n", + "in": "query", + "name": "attackTechniques", + "schema": { + "description": "AttackTechniques are the MITRE attack techniques.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Aggregate indicates whether the result audits should be aggregated according to the Select field.\n", + "in": "query", + "name": "aggregate", + "schema": { + "type": "boolean" + } + }, + { + "description": "Protections is the firewall audit protection type filter.\n", + "in": "query", + "name": "protection", + "schema": { + "description": "Protections is the firewall audit protection type filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "EventID is the event IDs filter.\n", + "in": "query", + "name": "eventID", + "schema": { + "description": "EventID is the event IDs filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "OWASPTop10 is the OWASP top 10 filter.\n", + "in": "query", + "name": "owaspTop10", + "schema": { + "description": "OWASPTop10 is the OWASP top 10 filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "OWASPAPITop10 is the OWASP API top 10 filter.\n", + "in": "query", + "name": "owaspAPITop10", + "schema": { + "description": "OWASPAPITop10 is the OWASP API top 10 filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "AdditionalHash is used to filter by the additional hash value.\n", + "in": "query", + "name": "additionalHash", + "schema": { + "description": "AdditionalHash is used to filter by the additional hash value.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "ModelPath is used to filter by the API model path.\n", + "in": "query", + "name": "modelPath", + "schema": { + "description": "ModelPath is used to filter by the API model path.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + } + ], + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Audits" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorWAAS" + }, + "operationId": "get-audits-firewall-app-container-download", + "summary": "Download WAAS Container Audit Events" + } + }, + "/api/v33.03/audits/firewall/app/container/timeslice": { + "get": { + "description": { + "$ref": "desc/audits/waas_container_timeslice_get.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Limit is the amount to fix.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Sorts the result using a key.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": "From is an optional minimum time constraints for the audit.\n", + "in": "query", + "name": "from", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "To is an optional maximum time constraints for the audit.\n", + "in": "query", + "name": "to", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "Images is the image names filter.\n", + "in": "query", + "name": "imageName", + "schema": { + "description": "Images is the image names filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Containers is the container names filter.\n", + "in": "query", + "name": "containerName", + "schema": { + "description": "Containers is the container names filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Hosts is the hostnames filter.\n", + "in": "query", + "name": "hostname", + "schema": { + "description": "Hosts is the hostnames filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "RuleNames is the rule names filter.\n", + "in": "query", + "name": "ruleName", + "schema": { + "description": "RuleNames is the rule names filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Types is the firewall audit type filter.\n", + "in": "query", + "name": "type", + "schema": { + "description": "Types is the firewall audit type filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Effect is used to filter by runtime audit effect.\n", + "in": "query", + "name": "effect", + "schema": { + "type": "string" + } + }, + { + "description": "RuleAppIDs is the rule app IDs filter.\n", + "in": "query", + "name": "ruleAppID", + "schema": { + "description": "RuleAppIDs is the rule app IDs filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "FunctionName is used to filter by function name.\n", + "in": "query", + "name": "function", + "schema": { + "description": "FunctionName is used to filter by function name.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Runtime is used to filter by runtime.\n", + "in": "query", + "name": "runtime", + "schema": { + "description": "Runtime is used to filter by runtime.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Namespaces is the list of namespaces to use for filtering.\n", + "in": "query", + "name": "ns", + "schema": { + "description": "Namespaces is the list of namespaces to use for filtering.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "AppIDs is the app embedded appID filter.\n", + "in": "query", + "name": "appID", + "schema": { + "description": "AppIDs is the app embedded appID filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Subnets is the source IPs filter.\n", + "in": "query", + "name": "subnet", + "schema": { + "description": "Subnets is the source IPs filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "ConnectingIPs is the connecting IPs filter.\n", + "in": "query", + "name": "connectingIPs", + "schema": { + "description": "ConnectingIPs is the connecting IPs filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Countries is the source IP country filter.\n", + "in": "query", + "name": "country", + "schema": { + "description": "Countries is the source IP country filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "UserAgents is the user agent header filter.\n", + "in": "query", + "name": "userAgentHeader", + "schema": { + "description": "UserAgents is the user agent header filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "URLs is the URL filter.\n", + "in": "query", + "name": "url", + "schema": { + "description": "URLs is the URL filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "RequestHosts is the request host filter.\n", + "in": "query", + "name": "requestHost", + "schema": { + "description": "RequestHosts is the request host filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Paths is the URL path filter.\n", + "in": "query", + "name": "urlPath", + "schema": { + "description": "Paths is the URL path filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Queries is the URL query filter.\n", + "in": "query", + "name": "urlQuery", + "schema": { + "description": "Queries is the URL query filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Methods is the request method filter.\n", + "in": "query", + "name": "method", + "schema": { + "description": "Methods is the request method filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "RequestHeaderNames is the request header names filter.\n", + "in": "query", + "name": "requestHeaderNames", + "schema": { + "description": "RequestHeaderNames is the request header names filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "OS is the OS filter.\n", + "in": "query", + "name": "os", + "schema": { + "description": "OS is the OS filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Messages is the audit message text filter.\n", + "in": "query", + "name": "msg", + "schema": { + "description": "Messages is the audit message text filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Cluster is the audit cluster filter.\n", + "in": "query", + "name": "cluster", + "schema": { + "description": "Cluster is the audit cluster filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "AttackTechniques are the MITRE attack techniques.\n", + "in": "query", + "name": "attackTechniques", + "schema": { + "description": "AttackTechniques are the MITRE attack techniques.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Aggregate indicates whether the result audits should be aggregated according to the Select field.\n", + "in": "query", + "name": "aggregate", + "schema": { + "type": "boolean" + } + }, + { + "description": "Protections is the firewall audit protection type filter.\n", + "in": "query", + "name": "protection", + "schema": { + "description": "Protections is the firewall audit protection type filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "EventID is the event IDs filter.\n", + "in": "query", + "name": "eventID", + "schema": { + "description": "EventID is the event IDs filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "OWASPTop10 is the OWASP top 10 filter.\n", + "in": "query", + "name": "owaspTop10", + "schema": { + "description": "OWASPTop10 is the OWASP top 10 filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "OWASPAPITop10 is the OWASP API top 10 filter.\n", + "in": "query", + "name": "owaspAPITop10", + "schema": { + "description": "OWASPAPITop10 is the OWASP API top 10 filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "AdditionalHash is used to filter by the additional hash value.\n", + "in": "query", + "name": "additionalHash", + "schema": { + "description": "AdditionalHash is used to filter by the additional hash value.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "ModelPath is used to filter by the API model path.\n", + "in": "query", + "name": "modelPath", + "schema": { + "description": "ModelPath is used to filter by the API model path.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Buckets is the number of buckets to return.\n", + "in": "query", + "name": "buckets", + "schema": { + "type": "integer" + } + } + ], + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/-_types.AuditTimeslice" + } + } + }, + "description": "" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Audits" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorWAAS" + }, + "operationId": "get-audits-firewall-app-container-timeslice", + "summary": "Get WAAS Container Audit Timeslice" + } + }, + "/api/v33.03/audits/firewall/app/host": { + "get": { + "description": { + "$ref": "desc/audits/waas_host_get.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Limit is the amount to fix.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Sorts the result using a key.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": "From is an optional minimum time constraints for the audit.\n", + "in": "query", + "name": "from", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "To is an optional maximum time constraints for the audit.\n", + "in": "query", + "name": "to", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "Images is the image names filter.\n", + "in": "query", + "name": "imageName", + "schema": { + "description": "Images is the image names filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Containers is the container names filter.\n", + "in": "query", + "name": "containerName", + "schema": { + "description": "Containers is the container names filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Hosts is the hostnames filter.\n", + "in": "query", + "name": "hostname", + "schema": { + "description": "Hosts is the hostnames filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "RuleNames is the rule names filter.\n", + "in": "query", + "name": "ruleName", + "schema": { + "description": "RuleNames is the rule names filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Types is the firewall audit type filter.\n", + "in": "query", + "name": "type", + "schema": { + "description": "Types is the firewall audit type filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Effect is used to filter by runtime audit effect.\n", + "in": "query", + "name": "effect", + "schema": { + "type": "string" + } + }, + { + "description": "RuleAppIDs is the rule app IDs filter.\n", + "in": "query", + "name": "ruleAppID", + "schema": { + "description": "RuleAppIDs is the rule app IDs filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "FunctionName is used to filter by function name.\n", + "in": "query", + "name": "function", + "schema": { + "description": "FunctionName is used to filter by function name.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Runtime is used to filter by runtime.\n", + "in": "query", + "name": "runtime", + "schema": { + "description": "Runtime is used to filter by runtime.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Namespaces is the list of namespaces to use for filtering.\n", + "in": "query", + "name": "ns", + "schema": { + "description": "Namespaces is the list of namespaces to use for filtering.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "AppIDs is the app embedded appID filter.\n", + "in": "query", + "name": "appID", + "schema": { + "description": "AppIDs is the app embedded appID filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Subnets is the source IPs filter.\n", + "in": "query", + "name": "subnet", + "schema": { + "description": "Subnets is the source IPs filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "ConnectingIPs is the connecting IPs filter.\n", + "in": "query", + "name": "connectingIPs", + "schema": { + "description": "ConnectingIPs is the connecting IPs filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Countries is the source IP country filter.\n", + "in": "query", + "name": "country", + "schema": { + "description": "Countries is the source IP country filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "UserAgents is the user agent header filter.\n", + "in": "query", + "name": "userAgentHeader", + "schema": { + "description": "UserAgents is the user agent header filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "URLs is the URL filter.\n", + "in": "query", + "name": "url", + "schema": { + "description": "URLs is the URL filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "RequestHosts is the request host filter.\n", + "in": "query", + "name": "requestHost", + "schema": { + "description": "RequestHosts is the request host filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Paths is the URL path filter.\n", + "in": "query", + "name": "urlPath", + "schema": { + "description": "Paths is the URL path filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Queries is the URL query filter.\n", + "in": "query", + "name": "urlQuery", + "schema": { + "description": "Queries is the URL query filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Methods is the request method filter.\n", + "in": "query", + "name": "method", + "schema": { + "description": "Methods is the request method filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "RequestHeaderNames is the request header names filter.\n", + "in": "query", + "name": "requestHeaderNames", + "schema": { + "description": "RequestHeaderNames is the request header names filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "OS is the OS filter.\n", + "in": "query", + "name": "os", + "schema": { + "description": "OS is the OS filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Messages is the audit message text filter.\n", + "in": "query", + "name": "msg", + "schema": { + "description": "Messages is the audit message text filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Cluster is the audit cluster filter.\n", + "in": "query", + "name": "cluster", + "schema": { + "description": "Cluster is the audit cluster filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "AttackTechniques are the MITRE attack techniques.\n", + "in": "query", + "name": "attackTechniques", + "schema": { + "description": "AttackTechniques are the MITRE attack techniques.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Aggregate indicates whether the result audits should be aggregated according to the Select field.\n", + "in": "query", + "name": "aggregate", + "schema": { + "type": "boolean" + } + }, + { + "description": "Protections is the firewall audit protection type filter.\n", + "in": "query", + "name": "protection", + "schema": { + "description": "Protections is the firewall audit protection type filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "EventID is the event IDs filter.\n", + "in": "query", + "name": "eventID", + "schema": { + "description": "EventID is the event IDs filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "OWASPTop10 is the OWASP top 10 filter.\n", + "in": "query", + "name": "owaspTop10", + "schema": { + "description": "OWASPTop10 is the OWASP top 10 filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "OWASPAPITop10 is the OWASP API top 10 filter.\n", + "in": "query", + "name": "owaspAPITop10", + "schema": { + "description": "OWASPAPITop10 is the OWASP API top 10 filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "AdditionalHash is used to filter by the additional hash value.\n", + "in": "query", + "name": "additionalHash", + "schema": { + "description": "AdditionalHash is used to filter by the additional hash value.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "ModelPath is used to filter by the API model path.\n", + "in": "query", + "name": "modelPath", + "schema": { + "description": "ModelPath is used to filter by the API model path.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + } + ], + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/-_shared.AppFirewallAudit" + } + } + }, + "description": "" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Audits" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorWAAS" + }, + "operationId": "get-audits-firewall-app-host", + "summary": "Get WAAS Host Audit Events" + } + }, + "/api/v33.03/audits/firewall/app/host/download": { + "get": { + "description": { + "$ref": "desc/audits/waas_host_download_get.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Limit is the amount to fix.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Sorts the result using a key.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": "From is an optional minimum time constraints for the audit.\n", + "in": "query", + "name": "from", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "To is an optional maximum time constraints for the audit.\n", + "in": "query", + "name": "to", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "Images is the image names filter.\n", + "in": "query", + "name": "imageName", + "schema": { + "description": "Images is the image names filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Containers is the container names filter.\n", + "in": "query", + "name": "containerName", + "schema": { + "description": "Containers is the container names filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Hosts is the hostnames filter.\n", + "in": "query", + "name": "hostname", + "schema": { + "description": "Hosts is the hostnames filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "RuleNames is the rule names filter.\n", + "in": "query", + "name": "ruleName", + "schema": { + "description": "RuleNames is the rule names filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Types is the firewall audit type filter.\n", + "in": "query", + "name": "type", + "schema": { + "description": "Types is the firewall audit type filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Effect is used to filter by runtime audit effect.\n", + "in": "query", + "name": "effect", + "schema": { + "type": "string" + } + }, + { + "description": "RuleAppIDs is the rule app IDs filter.\n", + "in": "query", + "name": "ruleAppID", + "schema": { + "description": "RuleAppIDs is the rule app IDs filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "FunctionName is used to filter by function name.\n", + "in": "query", + "name": "function", + "schema": { + "description": "FunctionName is used to filter by function name.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Runtime is used to filter by runtime.\n", + "in": "query", + "name": "runtime", + "schema": { + "description": "Runtime is used to filter by runtime.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Namespaces is the list of namespaces to use for filtering.\n", + "in": "query", + "name": "ns", + "schema": { + "description": "Namespaces is the list of namespaces to use for filtering.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "AppIDs is the app embedded appID filter.\n", + "in": "query", + "name": "appID", + "schema": { + "description": "AppIDs is the app embedded appID filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Subnets is the source IPs filter.\n", + "in": "query", + "name": "subnet", + "schema": { + "description": "Subnets is the source IPs filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "ConnectingIPs is the connecting IPs filter.\n", + "in": "query", + "name": "connectingIPs", + "schema": { + "description": "ConnectingIPs is the connecting IPs filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Countries is the source IP country filter.\n", + "in": "query", + "name": "country", + "schema": { + "description": "Countries is the source IP country filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "UserAgents is the user agent header filter.\n", + "in": "query", + "name": "userAgentHeader", + "schema": { + "description": "UserAgents is the user agent header filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "URLs is the URL filter.\n", + "in": "query", + "name": "url", + "schema": { + "description": "URLs is the URL filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "RequestHosts is the request host filter.\n", + "in": "query", + "name": "requestHost", + "schema": { + "description": "RequestHosts is the request host filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Paths is the URL path filter.\n", + "in": "query", + "name": "urlPath", + "schema": { + "description": "Paths is the URL path filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Queries is the URL query filter.\n", + "in": "query", + "name": "urlQuery", + "schema": { + "description": "Queries is the URL query filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Methods is the request method filter.\n", + "in": "query", + "name": "method", + "schema": { + "description": "Methods is the request method filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "RequestHeaderNames is the request header names filter.\n", + "in": "query", + "name": "requestHeaderNames", + "schema": { + "description": "RequestHeaderNames is the request header names filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "OS is the OS filter.\n", + "in": "query", + "name": "os", + "schema": { + "description": "OS is the OS filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Messages is the audit message text filter.\n", + "in": "query", + "name": "msg", + "schema": { + "description": "Messages is the audit message text filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Cluster is the audit cluster filter.\n", + "in": "query", + "name": "cluster", + "schema": { + "description": "Cluster is the audit cluster filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "AttackTechniques are the MITRE attack techniques.\n", + "in": "query", + "name": "attackTechniques", + "schema": { + "description": "AttackTechniques are the MITRE attack techniques.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Aggregate indicates whether the result audits should be aggregated according to the Select field.\n", + "in": "query", + "name": "aggregate", + "schema": { + "type": "boolean" + } + }, + { + "description": "Protections is the firewall audit protection type filter.\n", + "in": "query", + "name": "protection", + "schema": { + "description": "Protections is the firewall audit protection type filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "EventID is the event IDs filter.\n", + "in": "query", + "name": "eventID", + "schema": { + "description": "EventID is the event IDs filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "OWASPTop10 is the OWASP top 10 filter.\n", + "in": "query", + "name": "owaspTop10", + "schema": { + "description": "OWASPTop10 is the OWASP top 10 filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "OWASPAPITop10 is the OWASP API top 10 filter.\n", + "in": "query", + "name": "owaspAPITop10", + "schema": { + "description": "OWASPAPITop10 is the OWASP API top 10 filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "AdditionalHash is used to filter by the additional hash value.\n", + "in": "query", + "name": "additionalHash", + "schema": { + "description": "AdditionalHash is used to filter by the additional hash value.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "ModelPath is used to filter by the API model path.\n", + "in": "query", + "name": "modelPath", + "schema": { + "description": "ModelPath is used to filter by the API model path.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + } + ], + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Audits" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorWAAS" + }, + "operationId": "get-audits-firewall-app-host-download", + "summary": "Download WAAS Host Audit Events" + } + }, + "/api/v33.03/audits/firewall/app/host/timeslice": { + "get": { + "description": { + "$ref": "desc/audits/waas_host_timeslice_get.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Limit is the amount to fix.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Sorts the result using a key.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": "From is an optional minimum time constraints for the audit.\n", + "in": "query", + "name": "from", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "To is an optional maximum time constraints for the audit.\n", + "in": "query", + "name": "to", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "Images is the image names filter.\n", + "in": "query", + "name": "imageName", + "schema": { + "description": "Images is the image names filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Containers is the container names filter.\n", + "in": "query", + "name": "containerName", + "schema": { + "description": "Containers is the container names filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Hosts is the hostnames filter.\n", + "in": "query", + "name": "hostname", + "schema": { + "description": "Hosts is the hostnames filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "RuleNames is the rule names filter.\n", + "in": "query", + "name": "ruleName", + "schema": { + "description": "RuleNames is the rule names filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Types is the firewall audit type filter.\n", + "in": "query", + "name": "type", + "schema": { + "description": "Types is the firewall audit type filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Effect is used to filter by runtime audit effect.\n", + "in": "query", + "name": "effect", + "schema": { + "type": "string" + } + }, + { + "description": "RuleAppIDs is the rule app IDs filter.\n", + "in": "query", + "name": "ruleAppID", + "schema": { + "description": "RuleAppIDs is the rule app IDs filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "FunctionName is used to filter by function name.\n", + "in": "query", + "name": "function", + "schema": { + "description": "FunctionName is used to filter by function name.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Runtime is used to filter by runtime.\n", + "in": "query", + "name": "runtime", + "schema": { + "description": "Runtime is used to filter by runtime.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Namespaces is the list of namespaces to use for filtering.\n", + "in": "query", + "name": "ns", + "schema": { + "description": "Namespaces is the list of namespaces to use for filtering.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "AppIDs is the app embedded appID filter.\n", + "in": "query", + "name": "appID", + "schema": { + "description": "AppIDs is the app embedded appID filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Subnets is the source IPs filter.\n", + "in": "query", + "name": "subnet", + "schema": { + "description": "Subnets is the source IPs filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "ConnectingIPs is the connecting IPs filter.\n", + "in": "query", + "name": "connectingIPs", + "schema": { + "description": "ConnectingIPs is the connecting IPs filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Countries is the source IP country filter.\n", + "in": "query", + "name": "country", + "schema": { + "description": "Countries is the source IP country filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "UserAgents is the user agent header filter.\n", + "in": "query", + "name": "userAgentHeader", + "schema": { + "description": "UserAgents is the user agent header filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "URLs is the URL filter.\n", + "in": "query", + "name": "url", + "schema": { + "description": "URLs is the URL filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "RequestHosts is the request host filter.\n", + "in": "query", + "name": "requestHost", + "schema": { + "description": "RequestHosts is the request host filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Paths is the URL path filter.\n", + "in": "query", + "name": "urlPath", + "schema": { + "description": "Paths is the URL path filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Queries is the URL query filter.\n", + "in": "query", + "name": "urlQuery", + "schema": { + "description": "Queries is the URL query filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Methods is the request method filter.\n", + "in": "query", + "name": "method", + "schema": { + "description": "Methods is the request method filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "RequestHeaderNames is the request header names filter.\n", + "in": "query", + "name": "requestHeaderNames", + "schema": { + "description": "RequestHeaderNames is the request header names filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "OS is the OS filter.\n", + "in": "query", + "name": "os", + "schema": { + "description": "OS is the OS filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Messages is the audit message text filter.\n", + "in": "query", + "name": "msg", + "schema": { + "description": "Messages is the audit message text filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Cluster is the audit cluster filter.\n", + "in": "query", + "name": "cluster", + "schema": { + "description": "Cluster is the audit cluster filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "AttackTechniques are the MITRE attack techniques.\n", + "in": "query", + "name": "attackTechniques", + "schema": { + "description": "AttackTechniques are the MITRE attack techniques.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Aggregate indicates whether the result audits should be aggregated according to the Select field.\n", + "in": "query", + "name": "aggregate", + "schema": { + "type": "boolean" + } + }, + { + "description": "Protections is the firewall audit protection type filter.\n", + "in": "query", + "name": "protection", + "schema": { + "description": "Protections is the firewall audit protection type filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "EventID is the event IDs filter.\n", + "in": "query", + "name": "eventID", + "schema": { + "description": "EventID is the event IDs filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "OWASPTop10 is the OWASP top 10 filter.\n", + "in": "query", + "name": "owaspTop10", + "schema": { + "description": "OWASPTop10 is the OWASP top 10 filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "OWASPAPITop10 is the OWASP API top 10 filter.\n", + "in": "query", + "name": "owaspAPITop10", + "schema": { + "description": "OWASPAPITop10 is the OWASP API top 10 filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "AdditionalHash is used to filter by the additional hash value.\n", + "in": "query", + "name": "additionalHash", + "schema": { + "description": "AdditionalHash is used to filter by the additional hash value.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "ModelPath is used to filter by the API model path.\n", + "in": "query", + "name": "modelPath", + "schema": { + "description": "ModelPath is used to filter by the API model path.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Buckets is the number of buckets to return.\n", + "in": "query", + "name": "buckets", + "schema": { + "type": "integer" + } + } + ], + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/-_types.AuditTimeslice" + } + } + }, + "description": "" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Audits" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorWAAS" + }, + "operationId": "get-audits-firewall-app-host-timeslice", + "summary": "Get WAAS Host Audit Timeslice" + } + }, + "/api/v33.03/audits/firewall/app/serverless": { + "get": { + "description": { + "$ref": "desc/audits/waas_serverless_get.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Limit is the amount to fix.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Sorts the result using a key.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": "From is an optional minimum time constraints for the audit.\n", + "in": "query", + "name": "from", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "To is an optional maximum time constraints for the audit.\n", + "in": "query", + "name": "to", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "Images is the image names filter.\n", + "in": "query", + "name": "imageName", + "schema": { + "description": "Images is the image names filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Containers is the container names filter.\n", + "in": "query", + "name": "containerName", + "schema": { + "description": "Containers is the container names filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Hosts is the hostnames filter.\n", + "in": "query", + "name": "hostname", + "schema": { + "description": "Hosts is the hostnames filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "RuleNames is the rule names filter.\n", + "in": "query", + "name": "ruleName", + "schema": { + "description": "RuleNames is the rule names filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Types is the firewall audit type filter.\n", + "in": "query", + "name": "type", + "schema": { + "description": "Types is the firewall audit type filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Effect is used to filter by runtime audit effect.\n", + "in": "query", + "name": "effect", + "schema": { + "type": "string" + } + }, + { + "description": "RuleAppIDs is the rule app IDs filter.\n", + "in": "query", + "name": "ruleAppID", + "schema": { + "description": "RuleAppIDs is the rule app IDs filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "FunctionName is used to filter by function name.\n", + "in": "query", + "name": "function", + "schema": { + "description": "FunctionName is used to filter by function name.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Runtime is used to filter by runtime.\n", + "in": "query", + "name": "runtime", + "schema": { + "description": "Runtime is used to filter by runtime.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Namespaces is the list of namespaces to use for filtering.\n", + "in": "query", + "name": "ns", + "schema": { + "description": "Namespaces is the list of namespaces to use for filtering.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "AppIDs is the app embedded appID filter.\n", + "in": "query", + "name": "appID", + "schema": { + "description": "AppIDs is the app embedded appID filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Subnets is the source IPs filter.\n", + "in": "query", + "name": "subnet", + "schema": { + "description": "Subnets is the source IPs filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "ConnectingIPs is the connecting IPs filter.\n", + "in": "query", + "name": "connectingIPs", + "schema": { + "description": "ConnectingIPs is the connecting IPs filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Countries is the source IP country filter.\n", + "in": "query", + "name": "country", + "schema": { + "description": "Countries is the source IP country filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "UserAgents is the user agent header filter.\n", + "in": "query", + "name": "userAgentHeader", + "schema": { + "description": "UserAgents is the user agent header filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "URLs is the URL filter.\n", + "in": "query", + "name": "url", + "schema": { + "description": "URLs is the URL filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "RequestHosts is the request host filter.\n", + "in": "query", + "name": "requestHost", + "schema": { + "description": "RequestHosts is the request host filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Paths is the URL path filter.\n", + "in": "query", + "name": "urlPath", + "schema": { + "description": "Paths is the URL path filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Queries is the URL query filter.\n", + "in": "query", + "name": "urlQuery", + "schema": { + "description": "Queries is the URL query filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Methods is the request method filter.\n", + "in": "query", + "name": "method", + "schema": { + "description": "Methods is the request method filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "RequestHeaderNames is the request header names filter.\n", + "in": "query", + "name": "requestHeaderNames", + "schema": { + "description": "RequestHeaderNames is the request header names filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "OS is the OS filter.\n", + "in": "query", + "name": "os", + "schema": { + "description": "OS is the OS filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Messages is the audit message text filter.\n", + "in": "query", + "name": "msg", + "schema": { + "description": "Messages is the audit message text filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Cluster is the audit cluster filter.\n", + "in": "query", + "name": "cluster", + "schema": { + "description": "Cluster is the audit cluster filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "AttackTechniques are the MITRE attack techniques.\n", + "in": "query", + "name": "attackTechniques", + "schema": { + "description": "AttackTechniques are the MITRE attack techniques.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Aggregate indicates whether the result audits should be aggregated according to the Select field.\n", + "in": "query", + "name": "aggregate", + "schema": { + "type": "boolean" + } + }, + { + "description": "Protections is the firewall audit protection type filter.\n", + "in": "query", + "name": "protection", + "schema": { + "description": "Protections is the firewall audit protection type filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "EventID is the event IDs filter.\n", + "in": "query", + "name": "eventID", + "schema": { + "description": "EventID is the event IDs filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "OWASPTop10 is the OWASP top 10 filter.\n", + "in": "query", + "name": "owaspTop10", + "schema": { + "description": "OWASPTop10 is the OWASP top 10 filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "OWASPAPITop10 is the OWASP API top 10 filter.\n", + "in": "query", + "name": "owaspAPITop10", + "schema": { + "description": "OWASPAPITop10 is the OWASP API top 10 filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "AdditionalHash is used to filter by the additional hash value.\n", + "in": "query", + "name": "additionalHash", + "schema": { + "description": "AdditionalHash is used to filter by the additional hash value.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "ModelPath is used to filter by the API model path.\n", + "in": "query", + "name": "modelPath", + "schema": { + "description": "ModelPath is used to filter by the API model path.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + } + ], + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/-_shared.AppFirewallAudit" + } + } + }, + "description": "" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Audits" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorWAAS" + }, + "operationId": "get-audits-firewall-app-serverless", + "summary": "Get WAAS Serverless Audit Events" + } + }, + "/api/v33.03/audits/firewall/app/serverless/download": { + "get": { + "description": { + "$ref": "desc/audits/waas_serverless_download_get.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Limit is the amount to fix.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Sorts the result using a key.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": "From is an optional minimum time constraints for the audit.\n", + "in": "query", + "name": "from", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "To is an optional maximum time constraints for the audit.\n", + "in": "query", + "name": "to", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "Images is the image names filter.\n", + "in": "query", + "name": "imageName", + "schema": { + "description": "Images is the image names filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Containers is the container names filter.\n", + "in": "query", + "name": "containerName", + "schema": { + "description": "Containers is the container names filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Hosts is the hostnames filter.\n", + "in": "query", + "name": "hostname", + "schema": { + "description": "Hosts is the hostnames filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "RuleNames is the rule names filter.\n", + "in": "query", + "name": "ruleName", + "schema": { + "description": "RuleNames is the rule names filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Types is the firewall audit type filter.\n", + "in": "query", + "name": "type", + "schema": { + "description": "Types is the firewall audit type filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Effect is used to filter by runtime audit effect.\n", + "in": "query", + "name": "effect", + "schema": { + "type": "string" + } + }, + { + "description": "RuleAppIDs is the rule app IDs filter.\n", + "in": "query", + "name": "ruleAppID", + "schema": { + "description": "RuleAppIDs is the rule app IDs filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "FunctionName is used to filter by function name.\n", + "in": "query", + "name": "function", + "schema": { + "description": "FunctionName is used to filter by function name.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Runtime is used to filter by runtime.\n", + "in": "query", + "name": "runtime", + "schema": { + "description": "Runtime is used to filter by runtime.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Namespaces is the list of namespaces to use for filtering.\n", + "in": "query", + "name": "ns", + "schema": { + "description": "Namespaces is the list of namespaces to use for filtering.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "AppIDs is the app embedded appID filter.\n", + "in": "query", + "name": "appID", + "schema": { + "description": "AppIDs is the app embedded appID filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Subnets is the source IPs filter.\n", + "in": "query", + "name": "subnet", + "schema": { + "description": "Subnets is the source IPs filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "ConnectingIPs is the connecting IPs filter.\n", + "in": "query", + "name": "connectingIPs", + "schema": { + "description": "ConnectingIPs is the connecting IPs filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Countries is the source IP country filter.\n", + "in": "query", + "name": "country", + "schema": { + "description": "Countries is the source IP country filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "UserAgents is the user agent header filter.\n", + "in": "query", + "name": "userAgentHeader", + "schema": { + "description": "UserAgents is the user agent header filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "URLs is the URL filter.\n", + "in": "query", + "name": "url", + "schema": { + "description": "URLs is the URL filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "RequestHosts is the request host filter.\n", + "in": "query", + "name": "requestHost", + "schema": { + "description": "RequestHosts is the request host filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Paths is the URL path filter.\n", + "in": "query", + "name": "urlPath", + "schema": { + "description": "Paths is the URL path filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Queries is the URL query filter.\n", + "in": "query", + "name": "urlQuery", + "schema": { + "description": "Queries is the URL query filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Methods is the request method filter.\n", + "in": "query", + "name": "method", + "schema": { + "description": "Methods is the request method filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "RequestHeaderNames is the request header names filter.\n", + "in": "query", + "name": "requestHeaderNames", + "schema": { + "description": "RequestHeaderNames is the request header names filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "OS is the OS filter.\n", + "in": "query", + "name": "os", + "schema": { + "description": "OS is the OS filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Messages is the audit message text filter.\n", + "in": "query", + "name": "msg", + "schema": { + "description": "Messages is the audit message text filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Cluster is the audit cluster filter.\n", + "in": "query", + "name": "cluster", + "schema": { + "description": "Cluster is the audit cluster filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "AttackTechniques are the MITRE attack techniques.\n", + "in": "query", + "name": "attackTechniques", + "schema": { + "description": "AttackTechniques are the MITRE attack techniques.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Aggregate indicates whether the result audits should be aggregated according to the Select field.\n", + "in": "query", + "name": "aggregate", + "schema": { + "type": "boolean" + } + }, + { + "description": "Protections is the firewall audit protection type filter.\n", + "in": "query", + "name": "protection", + "schema": { + "description": "Protections is the firewall audit protection type filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "EventID is the event IDs filter.\n", + "in": "query", + "name": "eventID", + "schema": { + "description": "EventID is the event IDs filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "OWASPTop10 is the OWASP top 10 filter.\n", + "in": "query", + "name": "owaspTop10", + "schema": { + "description": "OWASPTop10 is the OWASP top 10 filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "OWASPAPITop10 is the OWASP API top 10 filter.\n", + "in": "query", + "name": "owaspAPITop10", + "schema": { + "description": "OWASPAPITop10 is the OWASP API top 10 filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "AdditionalHash is used to filter by the additional hash value.\n", + "in": "query", + "name": "additionalHash", + "schema": { + "description": "AdditionalHash is used to filter by the additional hash value.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "ModelPath is used to filter by the API model path.\n", + "in": "query", + "name": "modelPath", + "schema": { + "description": "ModelPath is used to filter by the API model path.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + } + ], + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Audits" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorWAAS" + }, + "operationId": "get-audits-firewall-app-serverless-download", + "summary": "Download WAAS Serverless Audit Events" + } + }, + "/api/v33.03/audits/firewall/app/serverless/timeslice": { + "get": { + "description": { + "$ref": "desc/audits/waas_serverless_timeslice_get.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Limit is the amount to fix.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Sorts the result using a key.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": "From is an optional minimum time constraints for the audit.\n", + "in": "query", + "name": "from", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "To is an optional maximum time constraints for the audit.\n", + "in": "query", + "name": "to", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "Images is the image names filter.\n", + "in": "query", + "name": "imageName", + "schema": { + "description": "Images is the image names filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Containers is the container names filter.\n", + "in": "query", + "name": "containerName", + "schema": { + "description": "Containers is the container names filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Hosts is the hostnames filter.\n", + "in": "query", + "name": "hostname", + "schema": { + "description": "Hosts is the hostnames filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "RuleNames is the rule names filter.\n", + "in": "query", + "name": "ruleName", + "schema": { + "description": "RuleNames is the rule names filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Types is the firewall audit type filter.\n", + "in": "query", + "name": "type", + "schema": { + "description": "Types is the firewall audit type filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Effect is used to filter by runtime audit effect.\n", + "in": "query", + "name": "effect", + "schema": { + "type": "string" + } + }, + { + "description": "RuleAppIDs is the rule app IDs filter.\n", + "in": "query", + "name": "ruleAppID", + "schema": { + "description": "RuleAppIDs is the rule app IDs filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "FunctionName is used to filter by function name.\n", + "in": "query", + "name": "function", + "schema": { + "description": "FunctionName is used to filter by function name.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Runtime is used to filter by runtime.\n", + "in": "query", + "name": "runtime", + "schema": { + "description": "Runtime is used to filter by runtime.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Namespaces is the list of namespaces to use for filtering.\n", + "in": "query", + "name": "ns", + "schema": { + "description": "Namespaces is the list of namespaces to use for filtering.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "AppIDs is the app embedded appID filter.\n", + "in": "query", + "name": "appID", + "schema": { + "description": "AppIDs is the app embedded appID filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Subnets is the source IPs filter.\n", + "in": "query", + "name": "subnet", + "schema": { + "description": "Subnets is the source IPs filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "ConnectingIPs is the connecting IPs filter.\n", + "in": "query", + "name": "connectingIPs", + "schema": { + "description": "ConnectingIPs is the connecting IPs filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Countries is the source IP country filter.\n", + "in": "query", + "name": "country", + "schema": { + "description": "Countries is the source IP country filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "UserAgents is the user agent header filter.\n", + "in": "query", + "name": "userAgentHeader", + "schema": { + "description": "UserAgents is the user agent header filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "URLs is the URL filter.\n", + "in": "query", + "name": "url", + "schema": { + "description": "URLs is the URL filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "RequestHosts is the request host filter.\n", + "in": "query", + "name": "requestHost", + "schema": { + "description": "RequestHosts is the request host filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Paths is the URL path filter.\n", + "in": "query", + "name": "urlPath", + "schema": { + "description": "Paths is the URL path filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Queries is the URL query filter.\n", + "in": "query", + "name": "urlQuery", + "schema": { + "description": "Queries is the URL query filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Methods is the request method filter.\n", + "in": "query", + "name": "method", + "schema": { + "description": "Methods is the request method filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "RequestHeaderNames is the request header names filter.\n", + "in": "query", + "name": "requestHeaderNames", + "schema": { + "description": "RequestHeaderNames is the request header names filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "OS is the OS filter.\n", + "in": "query", + "name": "os", + "schema": { + "description": "OS is the OS filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Messages is the audit message text filter.\n", + "in": "query", + "name": "msg", + "schema": { + "description": "Messages is the audit message text filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Cluster is the audit cluster filter.\n", + "in": "query", + "name": "cluster", + "schema": { + "description": "Cluster is the audit cluster filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "AttackTechniques are the MITRE attack techniques.\n", + "in": "query", + "name": "attackTechniques", + "schema": { + "description": "AttackTechniques are the MITRE attack techniques.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Aggregate indicates whether the result audits should be aggregated according to the Select field.\n", + "in": "query", + "name": "aggregate", + "schema": { + "type": "boolean" + } + }, + { + "description": "Protections is the firewall audit protection type filter.\n", + "in": "query", + "name": "protection", + "schema": { + "description": "Protections is the firewall audit protection type filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "EventID is the event IDs filter.\n", + "in": "query", + "name": "eventID", + "schema": { + "description": "EventID is the event IDs filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "OWASPTop10 is the OWASP top 10 filter.\n", + "in": "query", + "name": "owaspTop10", + "schema": { + "description": "OWASPTop10 is the OWASP top 10 filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "OWASPAPITop10 is the OWASP API top 10 filter.\n", + "in": "query", + "name": "owaspAPITop10", + "schema": { + "description": "OWASPAPITop10 is the OWASP API top 10 filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "AdditionalHash is used to filter by the additional hash value.\n", + "in": "query", + "name": "additionalHash", + "schema": { + "description": "AdditionalHash is used to filter by the additional hash value.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "ModelPath is used to filter by the API model path.\n", + "in": "query", + "name": "modelPath", + "schema": { + "description": "ModelPath is used to filter by the API model path.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Buckets is the number of buckets to return.\n", + "in": "query", + "name": "buckets", + "schema": { + "type": "integer" + } + } + ], + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/-_types.AuditTimeslice" + } + } + }, + "description": "" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Audits" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorWAAS" + }, + "operationId": "get-audits-firewall-app-serverless-timeslice", + "summary": "Get WAAS Serverless Audit Events for a Timeframe" + } + }, + "/api/v33.03/audits/firewall/network/container": { + "get": { + "description": { + "$ref": "desc/audits/firewall_network_container_get.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Limit is the amount to fix.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Sorts the result using a key.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": "From is an optional minimum time constraints for the audits.\n", + "in": "query", + "name": "from", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "To is an optional maximum time constraints for the audits.\n", + "in": "query", + "name": "to", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "SrcImages are the source images filter.\n", + "in": "query", + "name": "srcImageName", + "schema": { + "description": "SrcImages are the source images filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "DstImages are the destination images filter.\n", + "in": "query", + "name": "dstImageName", + "schema": { + "description": "DstImages are the destination images filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Block is the block/audit filter.\n", + "in": "query", + "name": "block", + "schema": { + "type": "string" + } + } + ], + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/-_shared.ContainerNetworkFirewallProfileAudits" + } + } + }, + "description": "" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Audits" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorCNNF" + }, + "operationId": "get-audits-firewall-network-container", + "summary": "Get CNNS Container Audit Events" + } + }, + "/api/v33.03/audits/firewall/network/container/download": { + "get": { + "description": { + "$ref": "desc/audits/firewall_network_container_download_get.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Limit is the amount to fix.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Sorts the result using a key.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": "From is an optional minimum time constraints for the audits.\n", + "in": "query", + "name": "from", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "To is an optional maximum time constraints for the audits.\n", + "in": "query", + "name": "to", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "SrcImages are the source images filter.\n", + "in": "query", + "name": "srcImageName", + "schema": { + "description": "SrcImages are the source images filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "DstImages are the destination images filter.\n", + "in": "query", + "name": "dstImageName", + "schema": { + "description": "DstImages are the destination images filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Block is the block/audit filter.\n", + "in": "query", + "name": "block", + "schema": { + "type": "string" + } + } + ], + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Audits" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorCNNF" + }, + "operationId": "get-audits-firewall-network-container-download", + "summary": "Download CNNS Container Audit Events" + } + }, + "/api/v33.03/audits/firewall/network/host": { + "get": { + "description": { + "$ref": "desc/audits/firewall_network_host_get.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Limit is the amount to fix.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Sorts the result using a key.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": "From is an optional minimum time constraints for the audits.\n", + "in": "query", + "name": "from", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "To is an optional maximum time constraints for the audits.\n", + "in": "query", + "name": "to", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "SrcHostname are the source hostnames filter.\n", + "in": "query", + "name": "srcHostnames", + "schema": { + "description": "SrcHostname are the source hostnames filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "DstHostname are the destination hostnames filter.\n", + "in": "query", + "name": "dstHostnames", + "schema": { + "description": "DstHostname are the destination hostnames filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + } + ], + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/-_shared.HostNetworkFirewallProfileAudits" + } + } + }, + "description": "" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Audits" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorCNNF" + }, + "operationId": "get-audits-firewall-network-host", + "summary": "Get CNNS Host Audit Events" + } + }, + "/api/v33.03/audits/firewall/network/host/download": { + "get": { + "description": { + "$ref": "desc/audits/firewall_network_host_download_get.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Limit is the amount to fix.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Sorts the result using a key.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": "From is an optional minimum time constraints for the audits.\n", + "in": "query", + "name": "from", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "To is an optional maximum time constraints for the audits.\n", + "in": "query", + "name": "to", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "SrcHostname are the source hostnames filter.\n", + "in": "query", + "name": "srcHostnames", + "schema": { + "description": "SrcHostname are the source hostnames filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "DstHostname are the destination hostnames filter.\n", + "in": "query", + "name": "dstHostnames", + "schema": { + "description": "DstHostname are the destination hostnames filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + } + ], + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Audits" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorCNNF" + }, + "operationId": "get-audits-firewall-network-host-download", + "summary": "Download CNNS Host Audit Events" + } + }, + "/api/v33.03/audits/incidents": { + "get": { + "description": { + "$ref": "desc/audits/incidents_get.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Limit is the amount to fix.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Sorts the result using a key.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": "Filters results from a start datetime.\n", + "in": "query", + "name": "from", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "Filters results from an end datetime.\n", + "in": "query", + "name": "to", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "Filters results by hostname where the incident occurred.\n", + "in": "query", + "name": "hostname", + "schema": { + "description": "Filters results by hostname where the incident occurred.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters results by incident category.\n", + "in": "query", + "name": "category", + "schema": { + "description": "Filters results by incident category.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters results by incident type.\n", + "in": "query", + "name": "type", + "schema": { + "description": "Filters results by incident type.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters results by runtime profile ID.\n", + "in": "query", + "name": "profileID", + "schema": { + "description": "Filters results by runtime profile ID.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters results by incidents that have been acknowledged.\n", + "in": "query", + "name": "acknowledged", + "schema": { + "type": "string" + } + }, + { + "description": "Filters results by region (for functions)\nFilters results by cluster name.\n", + "in": "query", + "name": "cluster", + "schema": { + "description": "Filters results by region (for functions)\nFilters results by cluster name.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters results by ID.\n", + "in": "query", + "name": "id", + "schema": { + "description": "Filters results by ID.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters results by app IDs.\n", + "in": "query", + "name": "appID", + "schema": { + "description": "Filters results by app IDs.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters results by container IDs.\n", + "in": "query", + "name": "containerID", + "schema": { + "description": "Filters results by container IDs.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters results by function IDs.\n", + "in": "query", + "name": "functionID", + "schema": { + "description": "Filters results by function IDs.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters results by custom rule names.\n", + "in": "query", + "name": "customRuleName", + "schema": { + "description": "Filters results by custom rule names.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + } + ], + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/-_shared.Incident" + } + } + }, + "description": "" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Audits" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorRuntimeIncidents" + }, + "operationId": "get-audits-incidents", + "summary": "Get Incident Audit Events" + } + }, + "/api/v33.03/audits/incidents/acknowledge/{id}": { + "patch": { + "description": { + "$ref": "desc/audits/incidents_archive_patch.md" + }, + "parameters": [ + { + "in": "path", + "name": "id", + "required": true, + "schema": { + "type": "string" + } + } + ], + "requestBody": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/shared.Incident" + } + } + } + }, + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Audits" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorRuntimeIncidents" + }, + "operationId": "patch-audits-incidents-acknowledge-id", + "summary": "Archive an Incident Audit Event" + } + }, + "/api/v33.03/audits/incidents/download": { + "get": { + "description": { + "$ref": "desc/audits/incidents_download_get.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Limit is the amount to fix.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Sorts the result using a key.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": "Filters results from a start datetime.\n", + "in": "query", + "name": "from", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "Filters results from an end datetime.\n", + "in": "query", + "name": "to", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "Filters results by hostname where the incident occurred.\n", + "in": "query", + "name": "hostname", + "schema": { + "description": "Filters results by hostname where the incident occurred.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters results by incident category.\n", + "in": "query", + "name": "category", + "schema": { + "description": "Filters results by incident category.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters results by incident type.\n", + "in": "query", + "name": "type", + "schema": { + "description": "Filters results by incident type.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters results by runtime profile ID.\n", + "in": "query", + "name": "profileID", + "schema": { + "description": "Filters results by runtime profile ID.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters results by incidents that have been acknowledged.\n", + "in": "query", + "name": "acknowledged", + "schema": { + "type": "string" + } + }, + { + "description": "Filters results by region (for functions)\nFilters results by cluster name.\n", + "in": "query", + "name": "cluster", + "schema": { + "description": "Filters results by region (for functions)\nFilters results by cluster name.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters results by ID.\n", + "in": "query", + "name": "id", + "schema": { + "description": "Filters results by ID.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters results by app IDs.\n", + "in": "query", + "name": "appID", + "schema": { + "description": "Filters results by app IDs.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters results by container IDs.\n", + "in": "query", + "name": "containerID", + "schema": { + "description": "Filters results by container IDs.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters results by function IDs.\n", + "in": "query", + "name": "functionID", + "schema": { + "description": "Filters results by function IDs.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters results by custom rule names.\n", + "in": "query", + "name": "customRuleName", + "schema": { + "description": "Filters results by custom rule names.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + } + ], + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Audits" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorRuntimeIncidents" + }, + "operationId": "get-audits-incidents-download", + "summary": "Download Incident Audit Events" + } + }, + "/api/v33.03/audits/kubernetes": { + "get": { + "description": { + "$ref": "desc/audits/kubernetes_get.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Limit is the amount to fix.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Sorts the result using a key.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": "From is an optional minimum time constraints for the activity.\n", + "in": "query", + "name": "from", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "To is an optional maximum time constraints for the activity.\n", + "in": "query", + "name": "to", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "Users is the list of users to use for filtering.\n", + "in": "query", + "name": "user", + "schema": { + "description": "Users is the list of users to use for filtering.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "AttackTechniques are the MITRE attack techniques.\n", + "in": "query", + "name": "attackTechniques", + "schema": { + "description": "AttackTechniques are the MITRE attack techniques.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Clusters is the list of clusters for filtering.\n", + "in": "query", + "name": "cluster", + "schema": { + "description": "Clusters is the list of clusters for filtering.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + } + ], + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/-_kubeaudit.Audit" + } + } + }, + "description": "" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Audits" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorAccessKubernetes" + }, + "operationId": "get-audits-kubernetes", + "summary": "Get Kubernetes Audit Events" + } + }, + "/api/v33.03/audits/kubernetes/download": { + "get": { + "description": { + "$ref": "desc/audits/kubernetes_download_get.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Limit is the amount to fix.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Sorts the result using a key.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": "From is an optional minimum time constraints for the activity.\n", + "in": "query", + "name": "from", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "To is an optional maximum time constraints for the activity.\n", + "in": "query", + "name": "to", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "Users is the list of users to use for filtering.\n", + "in": "query", + "name": "user", + "schema": { + "description": "Users is the list of users to use for filtering.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "AttackTechniques are the MITRE attack techniques.\n", + "in": "query", + "name": "attackTechniques", + "schema": { + "description": "AttackTechniques are the MITRE attack techniques.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Clusters is the list of clusters for filtering.\n", + "in": "query", + "name": "cluster", + "schema": { + "description": "Clusters is the list of clusters for filtering.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + } + ], + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Audits" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorAccessKubernetes" + }, + "operationId": "get-audits-kubernetes-download", + "summary": "Download Kubernetes Audit Events" + } + }, + "/api/v33.03/audits/mgmt": { + "get": { + "description": { + "$ref": "desc/audits/mgmt_get.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Limit is the amount to fix.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Sorts the result using a key.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": "From is an optional minimum time constraints for the audit.\n", + "in": "query", + "name": "from", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "To is an optional maximum time constraints for the audit.\n", + "in": "query", + "name": "to", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "Types is the audit type filter.\n", + "in": "query", + "name": "type", + "schema": { + "description": "Types is the audit type filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Usernames is the username filter.\n", + "in": "query", + "name": "username", + "schema": { + "description": "Usernames is the username filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + } + ], + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/-_shared.MgmtAudit" + } + } + }, + "description": "" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Audits" + ], + "x-prisma-cloud-target-env": { + "permission": "systemLogs" + }, + "operationId": "get-audits-mgmt", + "summary": "Get Management Audit Events" + } + }, + "/api/v33.03/audits/mgmt/download": { + "get": { + "description": { + "$ref": "desc/audits/mgmt_download_get.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Limit is the amount to fix.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Sorts the result using a key.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": "From is an optional minimum time constraints for the audit.\n", + "in": "query", + "name": "from", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "To is an optional maximum time constraints for the audit.\n", + "in": "query", + "name": "to", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "Types is the audit type filter.\n", + "in": "query", + "name": "type", + "schema": { + "description": "Types is the audit type filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Usernames is the username filter.\n", + "in": "query", + "name": "username", + "schema": { + "description": "Usernames is the username filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + } + ], + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Audits" + ], + "x-prisma-cloud-target-env": { + "permission": "systemLogs" + }, + "operationId": "get-audits-mgmt-download", + "summary": "Download Management Audit Events" + } + }, + "/api/v33.03/audits/mgmt/filters": { + "get": { + "description": { + "$ref": "desc/audits/mgmt_filters_get.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Limit is the amount to fix.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Sorts the result using a key.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": "From is an optional minimum time constraints for the audit.\n", + "in": "query", + "name": "from", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "To is an optional maximum time constraints for the audit.\n", + "in": "query", + "name": "to", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "Types is the audit type filter.\n", + "in": "query", + "name": "type", + "schema": { + "description": "Types is the audit type filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Usernames is the username filter.\n", + "in": "query", + "name": "username", + "schema": { + "description": "Usernames is the username filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + } + ], + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/types.MgmtAuditFilters" + } + } + }, + "description": "MgmtAuditFilters are filters for management audit queries" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Audits" + ], + "x-prisma-cloud-target-env": { + "permission": "systemLogs" + }, + "operationId": "get-audits-mgmt-filters", + "summary": "Get Management Audit Event Filters" + } + }, + "/api/v33.03/audits/runtime/app-embedded": { + "get": { + "description": { + "$ref": "desc/audits/runtime_app_embedded_get.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Limit is the amount to fix.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Sorts the result using a key.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": "IDs are the audit IDs to filter.\n", + "in": "query", + "name": "id", + "schema": { + "description": "IDs are the audit IDs to filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "ProfileIDs are the profile IDs to filter.\n", + "in": "query", + "name": "profileID", + "schema": { + "description": "ProfileIDs are the profile IDs to filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "From is an optional minimum time constraints for the audit.\n", + "in": "query", + "name": "from", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "To is an optional maximum time constraints for the audit.\n", + "in": "query", + "name": "to", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "Time is used to filter by audit time.\n", + "in": "query", + "name": "time", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "ImageNames is the image name filter.\n", + "in": "query", + "name": "imageName", + "schema": { + "description": "ImageNames is the image name filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Containers is the container name filter.\n", + "in": "query", + "name": "container", + "schema": { + "description": "Containers is the container name filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "ContainerID is used to filter by container ID.\n", + "in": "query", + "name": "containerID", + "schema": { + "description": "ContainerID is used to filter by container ID.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "RuleNames is used to filter by rule name.\n", + "in": "query", + "name": "ruleName", + "schema": { + "description": "RuleNames is used to filter by rule name.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Types is used to filter by runtime audit type.\n", + "in": "query", + "name": "type", + "schema": { + "description": "Types is used to filter by runtime audit type.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Effect is used to filter by runtime audit effect (e.g., block/alert).\n", + "in": "query", + "name": "effect", + "schema": { + "description": "Effect is used to filter by runtime audit effect (e.g., block/alert).\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Users is used to filter by host users.\n", + "in": "query", + "name": "user", + "schema": { + "description": "Users is used to filter by host users.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "OS is the image OS distro filter.\n", + "in": "query", + "name": "os", + "schema": { + "description": "OS is the image OS distro filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Namespaces is the namespaces filter.\n", + "in": "query", + "name": "namespace", + "schema": { + "description": "Namespaces is the namespaces filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Fields is used to fetch specific runtime audit fields.\n", + "in": "query", + "name": "fields", + "schema": { + "description": "Fields is used to fetch specific runtime audit fields.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Clusters is the cluster filter.\n", + "in": "query", + "name": "cluster", + "schema": { + "description": "Clusters is the cluster filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "AttackTypes is used to filter by runtime audit attack type.\n", + "in": "query", + "name": "attackType", + "schema": { + "description": "AttackTypes is used to filter by runtime audit attack type.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Hostname is the hostname filter.\n", + "in": "query", + "name": "hostname", + "schema": { + "description": "Hostname is the hostname filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Message is the audit message text filter.\n", + "in": "query", + "name": "msg", + "schema": { + "description": "Message is the audit message text filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Interactive is the audit interactive filter.\n", + "in": "query", + "name": "interactive", + "schema": { + "description": "Interactive is the audit interactive filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Function is used to filter by function name.\n", + "in": "query", + "name": "function", + "schema": { + "description": "Function is used to filter by function name.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Runtime is used to filter by runtime.\n", + "in": "query", + "name": "runtime", + "schema": { + "description": "Runtime is used to filter by runtime.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "AttackTechniques are the MITRE attack techniques.\n", + "in": "query", + "name": "attackTechniques", + "schema": { + "description": "AttackTechniques are the MITRE attack techniques.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "App is the name constraint of the service that triggered the audit.\n", + "in": "query", + "name": "app", + "schema": { + "description": "App is the name constraint of the service that triggered the audit.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "ProcessPath is the path constraint of the process that triggered the audit.\n", + "in": "query", + "name": "processPath", + "schema": { + "description": "ProcessPath is the path constraint of the process that triggered the audit.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "RequestID is used to filter by request ID.\n", + "in": "query", + "name": "requestID", + "schema": { + "description": "RequestID is used to filter by request ID.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "FunctionID is used to filter by function ID.\n", + "in": "query", + "name": "functionID", + "schema": { + "description": "FunctionID is used to filter by function ID.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Aggregate indicates whether the result audits should be aggregated according to the Select field.\n", + "in": "query", + "name": "aggregate", + "schema": { + "type": "boolean" + } + }, + { + "description": "AppID is used to filter by embedded app or Fargate task that triggered the audit.\n", + "in": "query", + "name": "appID", + "schema": { + "description": "AppID is used to filter by embedded app or Fargate task that triggered the audit.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + } + ], + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/-_shared.RuntimeAudit" + } + } + }, + "description": "" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Audits" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorRuntimeServerless" + }, + "operationId": "get-audits-runtime-app-embedded", + "summary": "Get Runtime App-embedded Audit Events" + } + }, + "/api/v33.03/audits/runtime/app-embedded/download": { + "get": { + "description": { + "$ref": "desc/audits/runtime_app_embedded_download_get.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Limit is the amount to fix.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Sorts the result using a key.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": "IDs are the audit IDs to filter.\n", + "in": "query", + "name": "id", + "schema": { + "description": "IDs are the audit IDs to filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "ProfileIDs are the profile IDs to filter.\n", + "in": "query", + "name": "profileID", + "schema": { + "description": "ProfileIDs are the profile IDs to filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "From is an optional minimum time constraints for the audit.\n", + "in": "query", + "name": "from", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "To is an optional maximum time constraints for the audit.\n", + "in": "query", + "name": "to", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "Time is used to filter by audit time.\n", + "in": "query", + "name": "time", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "ImageNames is the image name filter.\n", + "in": "query", + "name": "imageName", + "schema": { + "description": "ImageNames is the image name filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Containers is the container name filter.\n", + "in": "query", + "name": "container", + "schema": { + "description": "Containers is the container name filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "ContainerID is used to filter by container ID.\n", + "in": "query", + "name": "containerID", + "schema": { + "description": "ContainerID is used to filter by container ID.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "RuleNames is used to filter by rule name.\n", + "in": "query", + "name": "ruleName", + "schema": { + "description": "RuleNames is used to filter by rule name.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Types is used to filter by runtime audit type.\n", + "in": "query", + "name": "type", + "schema": { + "description": "Types is used to filter by runtime audit type.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Effect is used to filter by runtime audit effect (e.g., block/alert).\n", + "in": "query", + "name": "effect", + "schema": { + "description": "Effect is used to filter by runtime audit effect (e.g., block/alert).\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Users is used to filter by host users.\n", + "in": "query", + "name": "user", + "schema": { + "description": "Users is used to filter by host users.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "OS is the image OS distro filter.\n", + "in": "query", + "name": "os", + "schema": { + "description": "OS is the image OS distro filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Namespaces is the namespaces filter.\n", + "in": "query", + "name": "namespace", + "schema": { + "description": "Namespaces is the namespaces filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Fields is used to fetch specific runtime audit fields.\n", + "in": "query", + "name": "fields", + "schema": { + "description": "Fields is used to fetch specific runtime audit fields.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Clusters is the cluster filter.\n", + "in": "query", + "name": "cluster", + "schema": { + "description": "Clusters is the cluster filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "AttackTypes is used to filter by runtime audit attack type.\n", + "in": "query", + "name": "attackType", + "schema": { + "description": "AttackTypes is used to filter by runtime audit attack type.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Hostname is the hostname filter.\n", + "in": "query", + "name": "hostname", + "schema": { + "description": "Hostname is the hostname filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Message is the audit message text filter.\n", + "in": "query", + "name": "msg", + "schema": { + "description": "Message is the audit message text filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Interactive is the audit interactive filter.\n", + "in": "query", + "name": "interactive", + "schema": { + "description": "Interactive is the audit interactive filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Function is used to filter by function name.\n", + "in": "query", + "name": "function", + "schema": { + "description": "Function is used to filter by function name.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Runtime is used to filter by runtime.\n", + "in": "query", + "name": "runtime", + "schema": { + "description": "Runtime is used to filter by runtime.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "AttackTechniques are the MITRE attack techniques.\n", + "in": "query", + "name": "attackTechniques", + "schema": { + "description": "AttackTechniques are the MITRE attack techniques.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "App is the name constraint of the service that triggered the audit.\n", + "in": "query", + "name": "app", + "schema": { + "description": "App is the name constraint of the service that triggered the audit.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "ProcessPath is the path constraint of the process that triggered the audit.\n", + "in": "query", + "name": "processPath", + "schema": { + "description": "ProcessPath is the path constraint of the process that triggered the audit.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "RequestID is used to filter by request ID.\n", + "in": "query", + "name": "requestID", + "schema": { + "description": "RequestID is used to filter by request ID.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "FunctionID is used to filter by function ID.\n", + "in": "query", + "name": "functionID", + "schema": { + "description": "FunctionID is used to filter by function ID.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Aggregate indicates whether the result audits should be aggregated according to the Select field.\n", + "in": "query", + "name": "aggregate", + "schema": { + "type": "boolean" + } + }, + { + "description": "AppID is used to filter by embedded app or Fargate task that triggered the audit.\n", + "in": "query", + "name": "appID", + "schema": { + "description": "AppID is used to filter by embedded app or Fargate task that triggered the audit.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + } + ], + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Audits" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorRuntimeServerless" + }, + "operationId": "get-audits-runtime-app-embedded-download", + "summary": "Download Runtime App-embedded Audit Events" + } + }, + "/api/v33.03/audits/runtime/container": { + "get": { + "description": { + "$ref": "desc/audits/runtime_container_get.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Limit is the amount to fix.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Sorts the result using a key.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": "IDs are the audit IDs to filter.\n", + "in": "query", + "name": "id", + "schema": { + "description": "IDs are the audit IDs to filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "ProfileIDs are the profile IDs to filter.\n", + "in": "query", + "name": "profileID", + "schema": { + "description": "ProfileIDs are the profile IDs to filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "From is an optional minimum time constraints for the audit.\n", + "in": "query", + "name": "from", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "To is an optional maximum time constraints for the audit.\n", + "in": "query", + "name": "to", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "Time is used to filter by audit time.\n", + "in": "query", + "name": "time", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "ImageNames is the image name filter.\n", + "in": "query", + "name": "imageName", + "schema": { + "description": "ImageNames is the image name filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Containers is the container name filter.\n", + "in": "query", + "name": "container", + "schema": { + "description": "Containers is the container name filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "ContainerID is used to filter by container ID.\n", + "in": "query", + "name": "containerID", + "schema": { + "description": "ContainerID is used to filter by container ID.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "RuleNames is used to filter by rule name.\n", + "in": "query", + "name": "ruleName", + "schema": { + "description": "RuleNames is used to filter by rule name.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Types is used to filter by runtime audit type.\n", + "in": "query", + "name": "type", + "schema": { + "description": "Types is used to filter by runtime audit type.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Effect is used to filter by runtime audit effect (e.g., block/alert).\n", + "in": "query", + "name": "effect", + "schema": { + "description": "Effect is used to filter by runtime audit effect (e.g., block/alert).\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Users is used to filter by host users.\n", + "in": "query", + "name": "user", + "schema": { + "description": "Users is used to filter by host users.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "OS is the image OS distro filter.\n", + "in": "query", + "name": "os", + "schema": { + "description": "OS is the image OS distro filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Namespaces is the namespaces filter.\n", + "in": "query", + "name": "namespace", + "schema": { + "description": "Namespaces is the namespaces filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Fields is used to fetch specific runtime audit fields.\n", + "in": "query", + "name": "fields", + "schema": { + "description": "Fields is used to fetch specific runtime audit fields.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Clusters is the cluster filter.\n", + "in": "query", + "name": "cluster", + "schema": { + "description": "Clusters is the cluster filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "AttackTypes is used to filter by runtime audit attack type.\n", + "in": "query", + "name": "attackType", + "schema": { + "description": "AttackTypes is used to filter by runtime audit attack type.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Hostname is the hostname filter.\n", + "in": "query", + "name": "hostname", + "schema": { + "description": "Hostname is the hostname filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Message is the audit message text filter.\n", + "in": "query", + "name": "msg", + "schema": { + "description": "Message is the audit message text filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Interactive is the audit interactive filter.\n", + "in": "query", + "name": "interactive", + "schema": { + "description": "Interactive is the audit interactive filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Function is used to filter by function name.\n", + "in": "query", + "name": "function", + "schema": { + "description": "Function is used to filter by function name.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Runtime is used to filter by runtime.\n", + "in": "query", + "name": "runtime", + "schema": { + "description": "Runtime is used to filter by runtime.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "AttackTechniques are the MITRE attack techniques.\n", + "in": "query", + "name": "attackTechniques", + "schema": { + "description": "AttackTechniques are the MITRE attack techniques.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "App is the name constraint of the service that triggered the audit.\n", + "in": "query", + "name": "app", + "schema": { + "description": "App is the name constraint of the service that triggered the audit.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "ProcessPath is the path constraint of the process that triggered the audit.\n", + "in": "query", + "name": "processPath", + "schema": { + "description": "ProcessPath is the path constraint of the process that triggered the audit.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "RequestID is used to filter by request ID.\n", + "in": "query", + "name": "requestID", + "schema": { + "description": "RequestID is used to filter by request ID.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "FunctionID is used to filter by function ID.\n", + "in": "query", + "name": "functionID", + "schema": { + "description": "FunctionID is used to filter by function ID.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Aggregate indicates whether the result audits should be aggregated according to the Select field.\n", + "in": "query", + "name": "aggregate", + "schema": { + "type": "boolean" + } + }, + { + "description": "AppID is used to filter by embedded app or Fargate task that triggered the audit.\n", + "in": "query", + "name": "appID", + "schema": { + "description": "AppID is used to filter by embedded app or Fargate task that triggered the audit.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + } + ], + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/-_shared.RuntimeAudit" + } + } + }, + "description": "" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Audits" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorRuntimeContainers" + }, + "operationId": "get-audits-runtime-container", + "summary": "Get Runtime Container Audit Events" + } + }, + "/api/v33.03/audits/runtime/container/download": { + "get": { + "description": { + "$ref": "desc/audits/runtime_container_download_get.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Limit is the amount to fix.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Sorts the result using a key.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": "IDs are the audit IDs to filter.\n", + "in": "query", + "name": "id", + "schema": { + "description": "IDs are the audit IDs to filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "ProfileIDs are the profile IDs to filter.\n", + "in": "query", + "name": "profileID", + "schema": { + "description": "ProfileIDs are the profile IDs to filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "From is an optional minimum time constraints for the audit.\n", + "in": "query", + "name": "from", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "To is an optional maximum time constraints for the audit.\n", + "in": "query", + "name": "to", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "Time is used to filter by audit time.\n", + "in": "query", + "name": "time", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "ImageNames is the image name filter.\n", + "in": "query", + "name": "imageName", + "schema": { + "description": "ImageNames is the image name filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Containers is the container name filter.\n", + "in": "query", + "name": "container", + "schema": { + "description": "Containers is the container name filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "ContainerID is used to filter by container ID.\n", + "in": "query", + "name": "containerID", + "schema": { + "description": "ContainerID is used to filter by container ID.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "RuleNames is used to filter by rule name.\n", + "in": "query", + "name": "ruleName", + "schema": { + "description": "RuleNames is used to filter by rule name.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Types is used to filter by runtime audit type.\n", + "in": "query", + "name": "type", + "schema": { + "description": "Types is used to filter by runtime audit type.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Effect is used to filter by runtime audit effect (e.g., block/alert).\n", + "in": "query", + "name": "effect", + "schema": { + "description": "Effect is used to filter by runtime audit effect (e.g., block/alert).\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Users is used to filter by host users.\n", + "in": "query", + "name": "user", + "schema": { + "description": "Users is used to filter by host users.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "OS is the image OS distro filter.\n", + "in": "query", + "name": "os", + "schema": { + "description": "OS is the image OS distro filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Namespaces is the namespaces filter.\n", + "in": "query", + "name": "namespace", + "schema": { + "description": "Namespaces is the namespaces filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Fields is used to fetch specific runtime audit fields.\n", + "in": "query", + "name": "fields", + "schema": { + "description": "Fields is used to fetch specific runtime audit fields.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Clusters is the cluster filter.\n", + "in": "query", + "name": "cluster", + "schema": { + "description": "Clusters is the cluster filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "AttackTypes is used to filter by runtime audit attack type.\n", + "in": "query", + "name": "attackType", + "schema": { + "description": "AttackTypes is used to filter by runtime audit attack type.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Hostname is the hostname filter.\n", + "in": "query", + "name": "hostname", + "schema": { + "description": "Hostname is the hostname filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Message is the audit message text filter.\n", + "in": "query", + "name": "msg", + "schema": { + "description": "Message is the audit message text filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Interactive is the audit interactive filter.\n", + "in": "query", + "name": "interactive", + "schema": { + "description": "Interactive is the audit interactive filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Function is used to filter by function name.\n", + "in": "query", + "name": "function", + "schema": { + "description": "Function is used to filter by function name.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Runtime is used to filter by runtime.\n", + "in": "query", + "name": "runtime", + "schema": { + "description": "Runtime is used to filter by runtime.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "AttackTechniques are the MITRE attack techniques.\n", + "in": "query", + "name": "attackTechniques", + "schema": { + "description": "AttackTechniques are the MITRE attack techniques.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "App is the name constraint of the service that triggered the audit.\n", + "in": "query", + "name": "app", + "schema": { + "description": "App is the name constraint of the service that triggered the audit.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "ProcessPath is the path constraint of the process that triggered the audit.\n", + "in": "query", + "name": "processPath", + "schema": { + "description": "ProcessPath is the path constraint of the process that triggered the audit.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "RequestID is used to filter by request ID.\n", + "in": "query", + "name": "requestID", + "schema": { + "description": "RequestID is used to filter by request ID.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "FunctionID is used to filter by function ID.\n", + "in": "query", + "name": "functionID", + "schema": { + "description": "FunctionID is used to filter by function ID.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Aggregate indicates whether the result audits should be aggregated according to the Select field.\n", + "in": "query", + "name": "aggregate", + "schema": { + "type": "boolean" + } + }, + { + "description": "AppID is used to filter by embedded app or Fargate task that triggered the audit.\n", + "in": "query", + "name": "appID", + "schema": { + "description": "AppID is used to filter by embedded app or Fargate task that triggered the audit.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + } + ], + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Audits" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorRuntimeContainers" + }, + "operationId": "get-audits-runtime-container-download", + "summary": "Download Runtime Container Audit Events" + } + }, + "/api/v33.03/audits/runtime/container/timeslice": { + "get": { + "description": { + "$ref": "desc/audits/runtime_container_timeslice_get.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Limit is the amount to fix.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Sorts the result using a key.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": "IDs are the audit IDs to filter.\n", + "in": "query", + "name": "id", + "schema": { + "description": "IDs are the audit IDs to filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "ProfileIDs are the profile IDs to filter.\n", + "in": "query", + "name": "profileID", + "schema": { + "description": "ProfileIDs are the profile IDs to filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "From is an optional minimum time constraints for the audit.\n", + "in": "query", + "name": "from", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "To is an optional maximum time constraints for the audit.\n", + "in": "query", + "name": "to", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "Time is used to filter by audit time.\n", + "in": "query", + "name": "time", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "ImageNames is the image name filter.\n", + "in": "query", + "name": "imageName", + "schema": { + "description": "ImageNames is the image name filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Containers is the container name filter.\n", + "in": "query", + "name": "container", + "schema": { + "description": "Containers is the container name filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "ContainerID is used to filter by container ID.\n", + "in": "query", + "name": "containerID", + "schema": { + "description": "ContainerID is used to filter by container ID.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "RuleNames is used to filter by rule name.\n", + "in": "query", + "name": "ruleName", + "schema": { + "description": "RuleNames is used to filter by rule name.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Types is used to filter by runtime audit type.\n", + "in": "query", + "name": "type", + "schema": { + "description": "Types is used to filter by runtime audit type.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Effect is used to filter by runtime audit effect (e.g., block/alert).\n", + "in": "query", + "name": "effect", + "schema": { + "description": "Effect is used to filter by runtime audit effect (e.g., block/alert).\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Users is used to filter by host users.\n", + "in": "query", + "name": "user", + "schema": { + "description": "Users is used to filter by host users.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "OS is the image OS distro filter.\n", + "in": "query", + "name": "os", + "schema": { + "description": "OS is the image OS distro filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Namespaces is the namespaces filter.\n", + "in": "query", + "name": "namespace", + "schema": { + "description": "Namespaces is the namespaces filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Fields is used to fetch specific runtime audit fields.\n", + "in": "query", + "name": "fields", + "schema": { + "description": "Fields is used to fetch specific runtime audit fields.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Clusters is the cluster filter.\n", + "in": "query", + "name": "cluster", + "schema": { + "description": "Clusters is the cluster filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "AttackTypes is used to filter by runtime audit attack type.\n", + "in": "query", + "name": "attackType", + "schema": { + "description": "AttackTypes is used to filter by runtime audit attack type.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Hostname is the hostname filter.\n", + "in": "query", + "name": "hostname", + "schema": { + "description": "Hostname is the hostname filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Message is the audit message text filter.\n", + "in": "query", + "name": "msg", + "schema": { + "description": "Message is the audit message text filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Interactive is the audit interactive filter.\n", + "in": "query", + "name": "interactive", + "schema": { + "description": "Interactive is the audit interactive filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Function is used to filter by function name.\n", + "in": "query", + "name": "function", + "schema": { + "description": "Function is used to filter by function name.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Runtime is used to filter by runtime.\n", + "in": "query", + "name": "runtime", + "schema": { + "description": "Runtime is used to filter by runtime.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "AttackTechniques are the MITRE attack techniques.\n", + "in": "query", + "name": "attackTechniques", + "schema": { + "description": "AttackTechniques are the MITRE attack techniques.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "App is the name constraint of the service that triggered the audit.\n", + "in": "query", + "name": "app", + "schema": { + "description": "App is the name constraint of the service that triggered the audit.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "ProcessPath is the path constraint of the process that triggered the audit.\n", + "in": "query", + "name": "processPath", + "schema": { + "description": "ProcessPath is the path constraint of the process that triggered the audit.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "RequestID is used to filter by request ID.\n", + "in": "query", + "name": "requestID", + "schema": { + "description": "RequestID is used to filter by request ID.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "FunctionID is used to filter by function ID.\n", + "in": "query", + "name": "functionID", + "schema": { + "description": "FunctionID is used to filter by function ID.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Aggregate indicates whether the result audits should be aggregated according to the Select field.\n", + "in": "query", + "name": "aggregate", + "schema": { + "type": "boolean" + } + }, + { + "description": "AppID is used to filter by embedded app or Fargate task that triggered the audit.\n", + "in": "query", + "name": "appID", + "schema": { + "description": "AppID is used to filter by embedded app or Fargate task that triggered the audit.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Buckets is the number of buckets to return.\n", + "in": "query", + "name": "buckets", + "schema": { + "type": "integer" + } + } + ], + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/-_types.AuditTimeslice" + } + } + }, + "description": "" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Audits" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorRuntimeContainers" + }, + "operationId": "get-audits-runtime-container-timeslice", + "summary": "Get Runtime Container Audit Events for a Timeframe" + } + }, + "/api/v33.03/audits/runtime/file-integrity": { + "get": { + "description": { + "$ref": "desc/audits/runtime_file-integrity_get.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Limit is the amount to fix.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Sorts the result using a key.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": "IDs is the list of IDs to use for filtering.\n", + "in": "query", + "name": "id", + "schema": { + "description": "IDs is the list of IDs to use for filtering.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "From is an optional minimum time constraints for the event.\n", + "in": "query", + "name": "from", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "To is an optional maximum time constraints for the event.\n", + "in": "query", + "name": "to", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "Hosts is the list of hosts to use for filtering.\n", + "in": "query", + "name": "hostname", + "schema": { + "description": "Hosts is the list of hosts to use for filtering.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Paths is the list of paths to use for filtering.\n", + "in": "query", + "name": "path", + "schema": { + "description": "Paths is the list of paths to use for filtering.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "EventTypes is the list of file intergrity events to use for filtering.\n", + "in": "query", + "name": "eventType", + "schema": { + "description": "EventTypes is the list of file intergrity events to use for filtering.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Clusters is the cluster filter.\n", + "in": "query", + "name": "cluster", + "schema": { + "description": "Clusters is the cluster filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + } + ], + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/-_shared.FileIntegrityEvent" + } + } + }, + "description": "" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Audits" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorRuntimeHosts" + }, + "operationId": "get-audits-runtime-file-integrity", + "summary": "Get Runtime File Integrity Audit Events" + } + }, + "/api/v33.03/audits/runtime/file-integrity/download": { + "get": { + "description": { + "$ref": "desc/audits/runtime_file-integrity_download_get.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Limit is the amount to fix.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Sorts the result using a key.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": "IDs is the list of IDs to use for filtering.\n", + "in": "query", + "name": "id", + "schema": { + "description": "IDs is the list of IDs to use for filtering.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "From is an optional minimum time constraints for the event.\n", + "in": "query", + "name": "from", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "To is an optional maximum time constraints for the event.\n", + "in": "query", + "name": "to", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "Hosts is the list of hosts to use for filtering.\n", + "in": "query", + "name": "hostname", + "schema": { + "description": "Hosts is the list of hosts to use for filtering.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Paths is the list of paths to use for filtering.\n", + "in": "query", + "name": "path", + "schema": { + "description": "Paths is the list of paths to use for filtering.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "EventTypes is the list of file intergrity events to use for filtering.\n", + "in": "query", + "name": "eventType", + "schema": { + "description": "EventTypes is the list of file intergrity events to use for filtering.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Clusters is the cluster filter.\n", + "in": "query", + "name": "cluster", + "schema": { + "description": "Clusters is the cluster filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + } + ], + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Audits" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorRuntimeHosts" + }, + "operationId": "get-audits-runtime-file-integrity-download", + "summary": "Download Runtime File Integrity Audit Events" + } + }, + "/api/v33.03/audits/runtime/host": { + "get": { + "description": { + "$ref": "desc/audits/runtime_host_get.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Limit is the amount to fix.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Sorts the result using a key.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": "IDs are the audit IDs to filter.\n", + "in": "query", + "name": "id", + "schema": { + "description": "IDs are the audit IDs to filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "ProfileIDs are the profile IDs to filter.\n", + "in": "query", + "name": "profileID", + "schema": { + "description": "ProfileIDs are the profile IDs to filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "From is an optional minimum time constraints for the audit.\n", + "in": "query", + "name": "from", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "To is an optional maximum time constraints for the audit.\n", + "in": "query", + "name": "to", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "Time is used to filter by audit time.\n", + "in": "query", + "name": "time", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "ImageNames is the image name filter.\n", + "in": "query", + "name": "imageName", + "schema": { + "description": "ImageNames is the image name filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Containers is the container name filter.\n", + "in": "query", + "name": "container", + "schema": { + "description": "Containers is the container name filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "ContainerID is used to filter by container ID.\n", + "in": "query", + "name": "containerID", + "schema": { + "description": "ContainerID is used to filter by container ID.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "RuleNames is used to filter by rule name.\n", + "in": "query", + "name": "ruleName", + "schema": { + "description": "RuleNames is used to filter by rule name.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Types is used to filter by runtime audit type.\n", + "in": "query", + "name": "type", + "schema": { + "description": "Types is used to filter by runtime audit type.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Effect is used to filter by runtime audit effect (e.g., block/alert).\n", + "in": "query", + "name": "effect", + "schema": { + "description": "Effect is used to filter by runtime audit effect (e.g., block/alert).\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Users is used to filter by host users.\n", + "in": "query", + "name": "user", + "schema": { + "description": "Users is used to filter by host users.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "OS is the image OS distro filter.\n", + "in": "query", + "name": "os", + "schema": { + "description": "OS is the image OS distro filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Namespaces is the namespaces filter.\n", + "in": "query", + "name": "namespace", + "schema": { + "description": "Namespaces is the namespaces filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Fields is used to fetch specific runtime audit fields.\n", + "in": "query", + "name": "fields", + "schema": { + "description": "Fields is used to fetch specific runtime audit fields.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Clusters is the cluster filter.\n", + "in": "query", + "name": "cluster", + "schema": { + "description": "Clusters is the cluster filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "AttackTypes is used to filter by runtime audit attack type.\n", + "in": "query", + "name": "attackType", + "schema": { + "description": "AttackTypes is used to filter by runtime audit attack type.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Hostname is the hostname filter.\n", + "in": "query", + "name": "hostname", + "schema": { + "description": "Hostname is the hostname filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Message is the audit message text filter.\n", + "in": "query", + "name": "msg", + "schema": { + "description": "Message is the audit message text filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Interactive is the audit interactive filter.\n", + "in": "query", + "name": "interactive", + "schema": { + "description": "Interactive is the audit interactive filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Function is used to filter by function name.\n", + "in": "query", + "name": "function", + "schema": { + "description": "Function is used to filter by function name.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Runtime is used to filter by runtime.\n", + "in": "query", + "name": "runtime", + "schema": { + "description": "Runtime is used to filter by runtime.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "AttackTechniques are the MITRE attack techniques.\n", + "in": "query", + "name": "attackTechniques", + "schema": { + "description": "AttackTechniques are the MITRE attack techniques.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "App is the name constraint of the service that triggered the audit.\n", + "in": "query", + "name": "app", + "schema": { + "description": "App is the name constraint of the service that triggered the audit.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "ProcessPath is the path constraint of the process that triggered the audit.\n", + "in": "query", + "name": "processPath", + "schema": { + "description": "ProcessPath is the path constraint of the process that triggered the audit.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "RequestID is used to filter by request ID.\n", + "in": "query", + "name": "requestID", + "schema": { + "description": "RequestID is used to filter by request ID.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "FunctionID is used to filter by function ID.\n", + "in": "query", + "name": "functionID", + "schema": { + "description": "FunctionID is used to filter by function ID.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Aggregate indicates whether the result audits should be aggregated according to the Select field.\n", + "in": "query", + "name": "aggregate", + "schema": { + "type": "boolean" + } + }, + { + "description": "AppID is used to filter by embedded app or Fargate task that triggered the audit.\n", + "in": "query", + "name": "appID", + "schema": { + "description": "AppID is used to filter by embedded app or Fargate task that triggered the audit.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + } + ], + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/-_shared.RuntimeAudit" + } + } + }, + "description": "" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Audits" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorRuntimeHosts" + }, + "operationId": "get-audits-runtime-host", + "summary": "Get Runtime Host Audit Events" + } + }, + "/api/v33.03/audits/runtime/host/download": { + "get": { + "description": { + "$ref": "desc/audits/runtime_host_download_get.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Limit is the amount to fix.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Sorts the result using a key.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": "IDs are the audit IDs to filter.\n", + "in": "query", + "name": "id", + "schema": { + "description": "IDs are the audit IDs to filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "ProfileIDs are the profile IDs to filter.\n", + "in": "query", + "name": "profileID", + "schema": { + "description": "ProfileIDs are the profile IDs to filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "From is an optional minimum time constraints for the audit.\n", + "in": "query", + "name": "from", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "To is an optional maximum time constraints for the audit.\n", + "in": "query", + "name": "to", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "Time is used to filter by audit time.\n", + "in": "query", + "name": "time", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "ImageNames is the image name filter.\n", + "in": "query", + "name": "imageName", + "schema": { + "description": "ImageNames is the image name filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Containers is the container name filter.\n", + "in": "query", + "name": "container", + "schema": { + "description": "Containers is the container name filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "ContainerID is used to filter by container ID.\n", + "in": "query", + "name": "containerID", + "schema": { + "description": "ContainerID is used to filter by container ID.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "RuleNames is used to filter by rule name.\n", + "in": "query", + "name": "ruleName", + "schema": { + "description": "RuleNames is used to filter by rule name.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Types is used to filter by runtime audit type.\n", + "in": "query", + "name": "type", + "schema": { + "description": "Types is used to filter by runtime audit type.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Effect is used to filter by runtime audit effect (e.g., block/alert).\n", + "in": "query", + "name": "effect", + "schema": { + "description": "Effect is used to filter by runtime audit effect (e.g., block/alert).\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Users is used to filter by host users.\n", + "in": "query", + "name": "user", + "schema": { + "description": "Users is used to filter by host users.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "OS is the image OS distro filter.\n", + "in": "query", + "name": "os", + "schema": { + "description": "OS is the image OS distro filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Namespaces is the namespaces filter.\n", + "in": "query", + "name": "namespace", + "schema": { + "description": "Namespaces is the namespaces filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Fields is used to fetch specific runtime audit fields.\n", + "in": "query", + "name": "fields", + "schema": { + "description": "Fields is used to fetch specific runtime audit fields.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Clusters is the cluster filter.\n", + "in": "query", + "name": "cluster", + "schema": { + "description": "Clusters is the cluster filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "AttackTypes is used to filter by runtime audit attack type.\n", + "in": "query", + "name": "attackType", + "schema": { + "description": "AttackTypes is used to filter by runtime audit attack type.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Hostname is the hostname filter.\n", + "in": "query", + "name": "hostname", + "schema": { + "description": "Hostname is the hostname filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Message is the audit message text filter.\n", + "in": "query", + "name": "msg", + "schema": { + "description": "Message is the audit message text filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Interactive is the audit interactive filter.\n", + "in": "query", + "name": "interactive", + "schema": { + "description": "Interactive is the audit interactive filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Function is used to filter by function name.\n", + "in": "query", + "name": "function", + "schema": { + "description": "Function is used to filter by function name.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Runtime is used to filter by runtime.\n", + "in": "query", + "name": "runtime", + "schema": { + "description": "Runtime is used to filter by runtime.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "AttackTechniques are the MITRE attack techniques.\n", + "in": "query", + "name": "attackTechniques", + "schema": { + "description": "AttackTechniques are the MITRE attack techniques.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "App is the name constraint of the service that triggered the audit.\n", + "in": "query", + "name": "app", + "schema": { + "description": "App is the name constraint of the service that triggered the audit.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "ProcessPath is the path constraint of the process that triggered the audit.\n", + "in": "query", + "name": "processPath", + "schema": { + "description": "ProcessPath is the path constraint of the process that triggered the audit.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "RequestID is used to filter by request ID.\n", + "in": "query", + "name": "requestID", + "schema": { + "description": "RequestID is used to filter by request ID.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "FunctionID is used to filter by function ID.\n", + "in": "query", + "name": "functionID", + "schema": { + "description": "FunctionID is used to filter by function ID.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Aggregate indicates whether the result audits should be aggregated according to the Select field.\n", + "in": "query", + "name": "aggregate", + "schema": { + "type": "boolean" + } + }, + { + "description": "AppID is used to filter by embedded app or Fargate task that triggered the audit.\n", + "in": "query", + "name": "appID", + "schema": { + "description": "AppID is used to filter by embedded app or Fargate task that triggered the audit.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + } + ], + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Audits" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorRuntimeHosts" + }, + "operationId": "get-audits-runtime-host-download", + "summary": "Download Runtime Host Audit Events" + } + }, + "/api/v33.03/audits/runtime/host/timeslice": { + "get": { + "description": { + "$ref": "desc/audits/runtime_host_timeslice_get.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Limit is the amount to fix.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Sorts the result using a key.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": "IDs are the audit IDs to filter.\n", + "in": "query", + "name": "id", + "schema": { + "description": "IDs are the audit IDs to filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "ProfileIDs are the profile IDs to filter.\n", + "in": "query", + "name": "profileID", + "schema": { + "description": "ProfileIDs are the profile IDs to filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "From is an optional minimum time constraints for the audit.\n", + "in": "query", + "name": "from", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "To is an optional maximum time constraints for the audit.\n", + "in": "query", + "name": "to", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "Time is used to filter by audit time.\n", + "in": "query", + "name": "time", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "ImageNames is the image name filter.\n", + "in": "query", + "name": "imageName", + "schema": { + "description": "ImageNames is the image name filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Containers is the container name filter.\n", + "in": "query", + "name": "container", + "schema": { + "description": "Containers is the container name filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "ContainerID is used to filter by container ID.\n", + "in": "query", + "name": "containerID", + "schema": { + "description": "ContainerID is used to filter by container ID.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "RuleNames is used to filter by rule name.\n", + "in": "query", + "name": "ruleName", + "schema": { + "description": "RuleNames is used to filter by rule name.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Types is used to filter by runtime audit type.\n", + "in": "query", + "name": "type", + "schema": { + "description": "Types is used to filter by runtime audit type.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Effect is used to filter by runtime audit effect (e.g., block/alert).\n", + "in": "query", + "name": "effect", + "schema": { + "description": "Effect is used to filter by runtime audit effect (e.g., block/alert).\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Users is used to filter by host users.\n", + "in": "query", + "name": "user", + "schema": { + "description": "Users is used to filter by host users.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "OS is the image OS distro filter.\n", + "in": "query", + "name": "os", + "schema": { + "description": "OS is the image OS distro filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Namespaces is the namespaces filter.\n", + "in": "query", + "name": "namespace", + "schema": { + "description": "Namespaces is the namespaces filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Fields is used to fetch specific runtime audit fields.\n", + "in": "query", + "name": "fields", + "schema": { + "description": "Fields is used to fetch specific runtime audit fields.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Clusters is the cluster filter.\n", + "in": "query", + "name": "cluster", + "schema": { + "description": "Clusters is the cluster filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "AttackTypes is used to filter by runtime audit attack type.\n", + "in": "query", + "name": "attackType", + "schema": { + "description": "AttackTypes is used to filter by runtime audit attack type.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Hostname is the hostname filter.\n", + "in": "query", + "name": "hostname", + "schema": { + "description": "Hostname is the hostname filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Message is the audit message text filter.\n", + "in": "query", + "name": "msg", + "schema": { + "description": "Message is the audit message text filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Interactive is the audit interactive filter.\n", + "in": "query", + "name": "interactive", + "schema": { + "description": "Interactive is the audit interactive filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Function is used to filter by function name.\n", + "in": "query", + "name": "function", + "schema": { + "description": "Function is used to filter by function name.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Runtime is used to filter by runtime.\n", + "in": "query", + "name": "runtime", + "schema": { + "description": "Runtime is used to filter by runtime.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "AttackTechniques are the MITRE attack techniques.\n", + "in": "query", + "name": "attackTechniques", + "schema": { + "description": "AttackTechniques are the MITRE attack techniques.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "App is the name constraint of the service that triggered the audit.\n", + "in": "query", + "name": "app", + "schema": { + "description": "App is the name constraint of the service that triggered the audit.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "ProcessPath is the path constraint of the process that triggered the audit.\n", + "in": "query", + "name": "processPath", + "schema": { + "description": "ProcessPath is the path constraint of the process that triggered the audit.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "RequestID is used to filter by request ID.\n", + "in": "query", + "name": "requestID", + "schema": { + "description": "RequestID is used to filter by request ID.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "FunctionID is used to filter by function ID.\n", + "in": "query", + "name": "functionID", + "schema": { + "description": "FunctionID is used to filter by function ID.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Aggregate indicates whether the result audits should be aggregated according to the Select field.\n", + "in": "query", + "name": "aggregate", + "schema": { + "type": "boolean" + } + }, + { + "description": "AppID is used to filter by embedded app or Fargate task that triggered the audit.\n", + "in": "query", + "name": "appID", + "schema": { + "description": "AppID is used to filter by embedded app or Fargate task that triggered the audit.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Buckets is the number of buckets to return.\n", + "in": "query", + "name": "buckets", + "schema": { + "type": "integer" + } + } + ], + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/-_types.AuditTimeslice" + } + } + }, + "description": "" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Audits" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorRuntimeHosts" + }, + "operationId": "get-audits-runtime-host-timeslice", + "summary": "Get Runtime Host Audit Events for a Timeframe" + } + }, + "/api/v33.03/audits/runtime/log-inspection": { + "get": { + "description": { + "$ref": "desc/audits/runtime_log-inspection_get.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Limit is the amount to fix.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Sorts the result using a key.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": "IDs is the list of IDs to use for filtering.\n", + "in": "query", + "name": "id", + "schema": { + "description": "IDs is the list of IDs to use for filtering.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "From is an optional minimum time constraints for the event.\n", + "in": "query", + "name": "from", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "To is an optional maximum time constraints for the event.\n", + "in": "query", + "name": "to", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "Hosts is the list of hosts to use for filtering.\n", + "in": "query", + "name": "hostname", + "schema": { + "description": "Hosts is the list of hosts to use for filtering.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Logfiles is the list of log files to use for filtering.\n", + "in": "query", + "name": "logfile", + "schema": { + "description": "Logfiles is the list of log files to use for filtering.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Clusters is the cluster filter.\n", + "in": "query", + "name": "cluster", + "schema": { + "description": "Clusters is the cluster filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + } + ], + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/-_shared.LogInspectionEvent" + } + } + }, + "description": "" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Audits" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorRuntimeHosts" + }, + "operationId": "get-audits-runtime-log-inspection", + "summary": "Get Runtime Log Inspection Audit Events" + } + }, + "/api/v33.03/audits/runtime/log-inspection/download": { + "get": { + "description": { + "$ref": "desc/audits/runtime_log-inspection_download_get.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Limit is the amount to fix.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Sorts the result using a key.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": "IDs is the list of IDs to use for filtering.\n", + "in": "query", + "name": "id", + "schema": { + "description": "IDs is the list of IDs to use for filtering.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "From is an optional minimum time constraints for the event.\n", + "in": "query", + "name": "from", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "To is an optional maximum time constraints for the event.\n", + "in": "query", + "name": "to", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "Hosts is the list of hosts to use for filtering.\n", + "in": "query", + "name": "hostname", + "schema": { + "description": "Hosts is the list of hosts to use for filtering.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Logfiles is the list of log files to use for filtering.\n", + "in": "query", + "name": "logfile", + "schema": { + "description": "Logfiles is the list of log files to use for filtering.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Clusters is the cluster filter.\n", + "in": "query", + "name": "cluster", + "schema": { + "description": "Clusters is the cluster filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + } + ], + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Audits" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorRuntimeHosts" + }, + "operationId": "get-audits-runtime-log-inspection-download", + "summary": "Download Runtime Log Inspection Audit Events" + } + }, + "/api/v33.03/audits/runtime/serverless": { + "get": { + "description": { + "$ref": "desc/audits/runtime_serverless_get.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Limit is the amount to fix.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Sorts the result using a key.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": "ProfileIDs are the profile ids to filter.\n", + "in": "query", + "name": "profileID", + "schema": { + "description": "ProfileIDs are the profile ids to filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "From is an optional minimum time constraints for the audit.\n", + "in": "query", + "name": "from", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "To is an optional maximum time constraints for the audit.\n", + "in": "query", + "name": "to", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "Time is an optional exact time constraint for the audit.\n", + "in": "query", + "name": "time", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "RuleNames is used to filter by rule name.\n", + "in": "query", + "name": "ruleName", + "schema": { + "description": "RuleNames is used to filter by rule name.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Types is a filter by runtime audit type.\n", + "in": "query", + "name": "type", + "schema": { + "description": "Types is a filter by runtime audit type.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Effect is used to filter by runtime audit effect (block/alert).\n", + "in": "query", + "name": "effect", + "schema": { + "description": "Effect is used to filter by runtime audit effect (block/alert).\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Function is used to filter by function name.\n", + "in": "query", + "name": "function", + "schema": { + "description": "Function is used to filter by function name.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Runtime is used to filter by runtime.\n", + "in": "query", + "name": "runtime", + "schema": { + "description": "Runtime is used to filter by runtime.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "AttackTechniques are the MITRE attack techniques.\n", + "in": "query", + "name": "attackTechniques", + "schema": { + "description": "AttackTechniques are the MITRE attack techniques.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "RequestID is used to filter by request id.\n", + "in": "query", + "name": "requestID", + "schema": { + "description": "RequestID is used to filter by request id.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Message is the audit message text filter.\n", + "in": "query", + "name": "msg", + "schema": { + "description": "Message is the audit message text filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "AttackTypes is used to filter by runtime audit attack type.\n", + "in": "query", + "name": "attackType", + "schema": { + "description": "AttackTypes is used to filter by runtime audit attack type.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Aggregate indicates whether the result audits should be aggregated according to the Select field.\n", + "in": "query", + "name": "aggregate", + "schema": { + "type": "boolean" + } + } + ], + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/-_shared.RuntimeAudit" + } + } + }, + "description": "" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Audits" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorRuntimeServerless" + }, + "operationId": "get-audits-runtime-serverless", + "summary": "Get Runtime Serverless Audit Events" + } + }, + "/api/v33.03/audits/runtime/serverless/download": { + "get": { + "description": { + "$ref": "desc/audits/runtime_serverless_download_get.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Limit is the amount to fix.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Sorts the result using a key.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": "IDs are the audit IDs to filter.\n", + "in": "query", + "name": "id", + "schema": { + "description": "IDs are the audit IDs to filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "ProfileIDs are the profile IDs to filter.\n", + "in": "query", + "name": "profileID", + "schema": { + "description": "ProfileIDs are the profile IDs to filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "From is an optional minimum time constraints for the audit.\n", + "in": "query", + "name": "from", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "To is an optional maximum time constraints for the audit.\n", + "in": "query", + "name": "to", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "Time is used to filter by audit time.\n", + "in": "query", + "name": "time", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "ImageNames is the image name filter.\n", + "in": "query", + "name": "imageName", + "schema": { + "description": "ImageNames is the image name filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Containers is the container name filter.\n", + "in": "query", + "name": "container", + "schema": { + "description": "Containers is the container name filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "ContainerID is used to filter by container ID.\n", + "in": "query", + "name": "containerID", + "schema": { + "description": "ContainerID is used to filter by container ID.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "RuleNames is used to filter by rule name.\n", + "in": "query", + "name": "ruleName", + "schema": { + "description": "RuleNames is used to filter by rule name.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Types is used to filter by runtime audit type.\n", + "in": "query", + "name": "type", + "schema": { + "description": "Types is used to filter by runtime audit type.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Effect is used to filter by runtime audit effect (e.g., block/alert).\n", + "in": "query", + "name": "effect", + "schema": { + "description": "Effect is used to filter by runtime audit effect (e.g., block/alert).\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Users is used to filter by host users.\n", + "in": "query", + "name": "user", + "schema": { + "description": "Users is used to filter by host users.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "OS is the image OS distro filter.\n", + "in": "query", + "name": "os", + "schema": { + "description": "OS is the image OS distro filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Namespaces is the namespaces filter.\n", + "in": "query", + "name": "namespace", + "schema": { + "description": "Namespaces is the namespaces filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Fields is used to fetch specific runtime audit fields.\n", + "in": "query", + "name": "fields", + "schema": { + "description": "Fields is used to fetch specific runtime audit fields.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Clusters is the cluster filter.\n", + "in": "query", + "name": "cluster", + "schema": { + "description": "Clusters is the cluster filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "AttackTypes is used to filter by runtime audit attack type.\n", + "in": "query", + "name": "attackType", + "schema": { + "description": "AttackTypes is used to filter by runtime audit attack type.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Hostname is the hostname filter.\n", + "in": "query", + "name": "hostname", + "schema": { + "description": "Hostname is the hostname filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Message is the audit message text filter.\n", + "in": "query", + "name": "msg", + "schema": { + "description": "Message is the audit message text filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Interactive is the audit interactive filter.\n", + "in": "query", + "name": "interactive", + "schema": { + "description": "Interactive is the audit interactive filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Function is used to filter by function name.\n", + "in": "query", + "name": "function", + "schema": { + "description": "Function is used to filter by function name.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Runtime is used to filter by runtime.\n", + "in": "query", + "name": "runtime", + "schema": { + "description": "Runtime is used to filter by runtime.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "AttackTechniques are the MITRE attack techniques.\n", + "in": "query", + "name": "attackTechniques", + "schema": { + "description": "AttackTechniques are the MITRE attack techniques.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "App is the name constraint of the service that triggered the audit.\n", + "in": "query", + "name": "app", + "schema": { + "description": "App is the name constraint of the service that triggered the audit.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "ProcessPath is the path constraint of the process that triggered the audit.\n", + "in": "query", + "name": "processPath", + "schema": { + "description": "ProcessPath is the path constraint of the process that triggered the audit.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "RequestID is used to filter by request ID.\n", + "in": "query", + "name": "requestID", + "schema": { + "description": "RequestID is used to filter by request ID.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "FunctionID is used to filter by function ID.\n", + "in": "query", + "name": "functionID", + "schema": { + "description": "FunctionID is used to filter by function ID.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Aggregate indicates whether the result audits should be aggregated according to the Select field.\n", + "in": "query", + "name": "aggregate", + "schema": { + "type": "boolean" + } + }, + { + "description": "AppID is used to filter by embedded app or Fargate task that triggered the audit.\n", + "in": "query", + "name": "appID", + "schema": { + "description": "AppID is used to filter by embedded app or Fargate task that triggered the audit.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + } + ], + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Audits" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorRuntimeServerless" + }, + "operationId": "get-audits-runtime-serverless-download", + "summary": "Download Serverless Audit Events" + } + }, + "/api/v33.03/audits/runtime/serverless/timeslice": { + "get": { + "description": { + "$ref": "desc/audits/runtime_serverless_timeslice_get.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Limit is the amount to fix.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Sorts the result using a key.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": "IDs are the audit IDs to filter.\n", + "in": "query", + "name": "id", + "schema": { + "description": "IDs are the audit IDs to filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "ProfileIDs are the profile IDs to filter.\n", + "in": "query", + "name": "profileID", + "schema": { + "description": "ProfileIDs are the profile IDs to filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "From is an optional minimum time constraints for the audit.\n", + "in": "query", + "name": "from", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "To is an optional maximum time constraints for the audit.\n", + "in": "query", + "name": "to", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "Time is used to filter by audit time.\n", + "in": "query", + "name": "time", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "ImageNames is the image name filter.\n", + "in": "query", + "name": "imageName", + "schema": { + "description": "ImageNames is the image name filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Containers is the container name filter.\n", + "in": "query", + "name": "container", + "schema": { + "description": "Containers is the container name filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "ContainerID is used to filter by container ID.\n", + "in": "query", + "name": "containerID", + "schema": { + "description": "ContainerID is used to filter by container ID.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "RuleNames is used to filter by rule name.\n", + "in": "query", + "name": "ruleName", + "schema": { + "description": "RuleNames is used to filter by rule name.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Types is used to filter by runtime audit type.\n", + "in": "query", + "name": "type", + "schema": { + "description": "Types is used to filter by runtime audit type.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Effect is used to filter by runtime audit effect (e.g., block/alert).\n", + "in": "query", + "name": "effect", + "schema": { + "description": "Effect is used to filter by runtime audit effect (e.g., block/alert).\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Users is used to filter by host users.\n", + "in": "query", + "name": "user", + "schema": { + "description": "Users is used to filter by host users.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "OS is the image OS distro filter.\n", + "in": "query", + "name": "os", + "schema": { + "description": "OS is the image OS distro filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Namespaces is the namespaces filter.\n", + "in": "query", + "name": "namespace", + "schema": { + "description": "Namespaces is the namespaces filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Fields is used to fetch specific runtime audit fields.\n", + "in": "query", + "name": "fields", + "schema": { + "description": "Fields is used to fetch specific runtime audit fields.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Clusters is the cluster filter.\n", + "in": "query", + "name": "cluster", + "schema": { + "description": "Clusters is the cluster filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "AttackTypes is used to filter by runtime audit attack type.\n", + "in": "query", + "name": "attackType", + "schema": { + "description": "AttackTypes is used to filter by runtime audit attack type.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Hostname is the hostname filter.\n", + "in": "query", + "name": "hostname", + "schema": { + "description": "Hostname is the hostname filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Message is the audit message text filter.\n", + "in": "query", + "name": "msg", + "schema": { + "description": "Message is the audit message text filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Interactive is the audit interactive filter.\n", + "in": "query", + "name": "interactive", + "schema": { + "description": "Interactive is the audit interactive filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Function is used to filter by function name.\n", + "in": "query", + "name": "function", + "schema": { + "description": "Function is used to filter by function name.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Runtime is used to filter by runtime.\n", + "in": "query", + "name": "runtime", + "schema": { + "description": "Runtime is used to filter by runtime.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "AttackTechniques are the MITRE attack techniques.\n", + "in": "query", + "name": "attackTechniques", + "schema": { + "description": "AttackTechniques are the MITRE attack techniques.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "App is the name constraint of the service that triggered the audit.\n", + "in": "query", + "name": "app", + "schema": { + "description": "App is the name constraint of the service that triggered the audit.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "ProcessPath is the path constraint of the process that triggered the audit.\n", + "in": "query", + "name": "processPath", + "schema": { + "description": "ProcessPath is the path constraint of the process that triggered the audit.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "RequestID is used to filter by request ID.\n", + "in": "query", + "name": "requestID", + "schema": { + "description": "RequestID is used to filter by request ID.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "FunctionID is used to filter by function ID.\n", + "in": "query", + "name": "functionID", + "schema": { + "description": "FunctionID is used to filter by function ID.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Aggregate indicates whether the result audits should be aggregated according to the Select field.\n", + "in": "query", + "name": "aggregate", + "schema": { + "type": "boolean" + } + }, + { + "description": "AppID is used to filter by embedded app or Fargate task that triggered the audit.\n", + "in": "query", + "name": "appID", + "schema": { + "description": "AppID is used to filter by embedded app or Fargate task that triggered the audit.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Buckets is the number of buckets to return.\n", + "in": "query", + "name": "buckets", + "schema": { + "type": "integer" + } + } + ], + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/-_types.AuditTimeslice" + } + } + }, + "description": "" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Audits" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorRuntimeServerless" + }, + "operationId": "get-audits-runtime-serverless-timeslice", + "summary": "Get Runtime Serverless Audit Events for a Timeframe" + } + }, + "/api/v33.03/audits/trust": { + "get": { + "description": { + "$ref": "desc/audits/trust_get.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Limit is the amount to fix.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Sorts the result using a key.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": "From is an optional minimum time constraints for the audit.\n", + "in": "query", + "name": "from", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "To is an optional maximum time constraints for the audit.\n", + "in": "query", + "name": "to", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "RuleNames is used to filter by rulename.\n", + "in": "query", + "name": "ruleName", + "schema": { + "description": "RuleNames is used to filter by rulename.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Effect is used to filter by runtime audit effect (block/alert).\n", + "in": "query", + "name": "effect", + "schema": { + "description": "Effect is used to filter by runtime audit effect (block/alert).\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "IDs is used to filter by registry/repo.\n", + "in": "query", + "name": "_id", + "schema": { + "description": "IDs is used to filter by registry/repo.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + } + ], + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/-_shared.TrustAudits" + } + } + }, + "description": "" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Audits" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorImages" + }, + "operationId": "get-audits-trust", + "summary": "Get Trust Audit Events" + } + }, + "/api/v33.03/audits/trust/download": { + "get": { + "description": { + "$ref": "desc/audits/trust_download_get.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Limit is the amount to fix.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Sorts the result using a key.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": "From is an optional minimum time constraints for the audit.\n", + "in": "query", + "name": "from", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "To is an optional maximum time constraints for the audit.\n", + "in": "query", + "name": "to", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "RuleNames is used to filter by rulename.\n", + "in": "query", + "name": "ruleName", + "schema": { + "description": "RuleNames is used to filter by rulename.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Effect is used to filter by runtime audit effect (block/alert).\n", + "in": "query", + "name": "effect", + "schema": { + "description": "Effect is used to filter by runtime audit effect (block/alert).\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "IDs is used to filter by registry/repo.\n", + "in": "query", + "name": "_id", + "schema": { + "description": "IDs is used to filter by registry/repo.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + } + ], + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Audits" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorImages" + }, + "operationId": "get-audits-trust-download", + "summary": "Download Trust Audit Events" + } + }, + "/api/v33.03/authenticate": { + "post": { + "description": { + "$ref": "desc/authenticate/post.md" + }, + "requestBody": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/api.AuthenticationRequest" + } + } + } + }, + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/api.AuthenticationResponse" + } + } + }, + "description": "AuthenticationResponse returns the result of calling the authentication endpoint" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Authenticate" + ], + "x-prisma-cloud-target-env": { + "permission": "none" + }, + "operationId": "post-authenticate", + "summary": "Get User Authentication Access Token" + } + }, + "/api/v33.03/authenticate-client": { + "post": { + "description": { + "$ref": "desc/authenticate-client/post.md" + }, + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/api.ConsoleAuthResponse" + } + } + }, + "description": "ConsoleAuthResponse represents the console certificates authentication response" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Authenticate-Client" + ], + "x-prisma-cloud-target-env": { + "permission": "none" + }, + "operationId": "post-authenticate-client", + "summary": "Get Client Authentication Access Token" + } + }, + "/api/v33.03/cloud/discovery": { + "get": { + "description": { + "$ref": "desc/cloud/discovery_get.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Limit is the amount to fix.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Sorts the result using a key.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": "Provider is the provider filter.\n", + "in": "query", + "name": "provider", + "schema": { + "description": "Provider is the provider filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "CredentialID is the account filter.\n", + "in": "query", + "name": "credentialID", + "schema": { + "description": "CredentialID is the account filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "ServiceType is the service type filter.\n", + "in": "query", + "name": "serviceType", + "schema": { + "description": "ServiceType is the service type filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Registry is the registry filter.\n", + "in": "query", + "name": "registry", + "schema": { + "description": "Registry is the registry filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "AccountName is the account name filter.\n", + "in": "query", + "name": "accountName", + "schema": { + "description": "AccountName is the account name filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Agentless is the agentless filter.\n", + "in": "query", + "name": "agentless", + "schema": { + "type": "boolean" + } + }, + { + "description": "Zone is the zone filter.\n", + "in": "query", + "name": "zone", + "schema": { + "description": "Zone is the zone filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + } + ], + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/-_shared.CloudDiscoveryResult" + } + } + }, + "description": "" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Cloud" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorCloud" + }, + "operationId": "get-cloud-discovery", + "summary": "Get Cloud Discovery Scan Results" + } + }, + "/api/v33.03/cloud/discovery/download": { + "get": { + "description": { + "$ref": "desc/cloud/discovery_download_get.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Limit is the amount to fix.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Sorts the result using a key.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": "Provider is the provider filter.\n", + "in": "query", + "name": "provider", + "schema": { + "description": "Provider is the provider filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "CredentialID is the account filter.\n", + "in": "query", + "name": "credentialID", + "schema": { + "description": "CredentialID is the account filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "ServiceType is the service type filter.\n", + "in": "query", + "name": "serviceType", + "schema": { + "description": "ServiceType is the service type filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Registry is the registry filter.\n", + "in": "query", + "name": "registry", + "schema": { + "description": "Registry is the registry filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "AccountName is the account name filter.\n", + "in": "query", + "name": "accountName", + "schema": { + "description": "AccountName is the account name filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Agentless is the agentless filter.\n", + "in": "query", + "name": "agentless", + "schema": { + "type": "boolean" + } + }, + { + "description": "Zone is the zone filter.\n", + "in": "query", + "name": "zone", + "schema": { + "description": "Zone is the zone filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + } + ], + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Cloud" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorCloud" + }, + "operationId": "get-cloud-discovery-download", + "summary": "Download Cloud Discovery Scan Results" + } + }, + "/api/v33.03/cloud/discovery/entities": { + "get": { + "description": { + "$ref": "desc/cloud/discovery_entities_get.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Limit is the amount to fix.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Sorts the result using a key.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": "CredentialID is the account filter.\n", + "in": "query", + "name": "credentialID", + "schema": { + "description": "CredentialID is the account filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "ServiceType is the service type filter.\n", + "in": "query", + "name": "serviceType", + "schema": { + "description": "ServiceType is the service type filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Registry is the registry filter.\n", + "in": "query", + "name": "registry", + "schema": { + "description": "Registry is the registry filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Zone is the zone filter.\n", + "in": "query", + "name": "zone", + "schema": { + "description": "Zone is the zone filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Defended is the defended filter.\n", + "in": "query", + "name": "defended", + "schema": { + "type": "boolean" + } + } + ], + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/-_shared.CloudDiscoveryEntity" + } + } + }, + "description": "" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Cloud" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorCloud" + }, + "operationId": "get-cloud-discovery-entities", + "summary": "Get Discovered Cloud Entities" + } + }, + "/api/v33.03/cloud/discovery/scan": { + "post": { + "description": { + "$ref": "desc/cloud/discovery_scan_post.md" + }, + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Cloud" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorCloud" + }, + "operationId": "post-cloud-discovery-scan", + "summary": "Start a Cloud Discovery Scan" + } + }, + "/api/v33.03/cloud/discovery/stop": { + "post": { + "description": { + "$ref": "desc/cloud/discovery_stop_post.md" + }, + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Cloud" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorCloud" + }, + "operationId": "post-cloud-discovery-stop", + "summary": "Stop a Cloud Discovery Scan" + } + }, + "/api/v33.03/cloud/discovery/vms": { + "get": { + "description": { + "$ref": "desc/cloud/discovery_vms_get.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Limit is the amount to fix.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Sorts the result using a key.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": "Provider is the provider filter.\n", + "in": "query", + "name": "provider", + "schema": { + "description": "Provider is the provider filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Region is the region filter.\n", + "in": "query", + "name": "region", + "schema": { + "description": "Region is the region filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "HasDefender indicates only VMs with or without a defender should return.\n", + "in": "query", + "name": "hasDefender", + "schema": { + "type": "boolean" + } + } + ], + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/-_types.DiscoveredVM" + } + } + }, + "description": "" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Cloud" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorCloud" + }, + "operationId": "get-cloud-discovery-vms", + "summary": "Get Discovered VMs" + } + }, + "/api/v33.03/coderepos-ci/evaluate": { + "post": { + "description": { + "$ref": "desc/coderepos-ci/post_resolve.md" + }, + "requestBody": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/coderepos.ScanResult" + } + } + } + }, + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/coderepos.ScanResult" + } + } + }, + "description": "ScanResult holds a specific repository data" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Coderepos-Ci" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorCI" + }, + "operationId": "post-coderepos-ci-evaluate", + "summary": "Resolve Code Repos" + } + }, + "/api/v33.03/collections": { + "get": { + "description": { + "$ref": "desc/collections/get.md" + }, + "parameters": [ + { + "description": "ExcludePrisma indicates to exclude Prisma collections.\n", + "in": "query", + "name": "excludePrisma", + "schema": { + "type": "boolean" + } + }, + { + "description": "Prisma filters the collections originates from Prisma Cloud.\n", + "in": "query", + "name": "prisma", + "schema": { + "type": "boolean" + } + }, + { + "description": "System.\n", + "in": "query", + "name": "system", + "schema": { + "type": "boolean" + } + } + ], + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/-_collection.Collection" + } + } + }, + "description": "" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Collections" + ], + "x-prisma-cloud-target-env": { + "permission": "collections" + }, + "operationId": "get-collections", + "summary": "Get Collections" + }, + "post": { + "description": { + "$ref": "desc/collections/post.md" + }, + "requestBody": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/collection.Collection" + } + } + } + }, + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Collections" + ], + "x-prisma-cloud-target-env": { + "permission": "collections" + }, + "operationId": "post-collections", + "summary": "Add a New Collection" + } + }, + "/api/v33.03/collections/{id}": { + "delete": { + "description": { + "$ref": "desc/collections/name_delete.md" + }, + "parameters": [ + { + "in": "path", + "name": "id", + "required": true, + "schema": { + "type": "string" + } + } + ], + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Collections" + ], + "x-prisma-cloud-target-env": { + "permission": "collections" + }, + "operationId": "delete-collections-id", + "summary": "Delete an Existing Collection" + }, + "put": { + "description": { + "$ref": "desc/collections/name_put.md" + }, + "parameters": [ + { + "in": "path", + "name": "id", + "required": true, + "schema": { + "type": "string" + } + } + ], + "requestBody": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/collection.Collection" + } + } + } + }, + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Collections" + ], + "x-prisma-cloud-target-env": { + "permission": "collections" + }, + "operationId": "put-collections-id", + "summary": "Update an Existing Collection" + } + }, + "/api/v33.03/collections/{id}/usages": { + "get": { + "description": { + "$ref": "desc/collections/name_usages_get.md" + }, + "parameters": [ + { + "in": "path", + "name": "id", + "required": true, + "schema": { + "type": "string" + } + } + ], + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/-_collection.Usage" + } + } + }, + "description": "" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Collections" + ], + "x-prisma-cloud-target-env": { + "permission": "collections" + }, + "operationId": "get-collections-id-usages", + "summary": "Get Policies for a Collection" + } + }, + "/api/v33.03/containers": { + "get": { + "description": { + "$ref": "desc/containers/get.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Limit is the amount to fix.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Sorts the result using a key.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": "Hosts is used to filter containers by host.\n", + "in": "query", + "name": "hostname", + "schema": { + "description": "Hosts is used to filter containers by host.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Images is used to filter containers by image name.\n", + "in": "query", + "name": "image", + "schema": { + "description": "Images is used to filter containers by image name.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "ImageIDs is used to filter containers by image ids.\n", + "in": "query", + "name": "imageId", + "schema": { + "description": "ImageIDs is used to filter containers by image ids.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "IDs is used to filter container by container ID.\n", + "in": "query", + "name": "id", + "schema": { + "description": "IDs is used to filter container by container ID.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "ProfileIDs is used to filter container by runtime profile ID.\n", + "in": "query", + "name": "profileId", + "schema": { + "description": "ProfileIDs is used to filter container by runtime profile ID.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Namespaces are the namespaces to filter.\n", + "in": "query", + "name": "namespaces", + "schema": { + "description": "Namespaces are the namespaces to filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Fields are used to fetch specific container field.\n", + "in": "query", + "name": "fields", + "schema": { + "description": "Fields are used to fetch specific container field.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "FirewallSupported is used to fetch containers with app firewall supported.\n", + "in": "query", + "name": "firewallSupported", + "schema": { + "type": "boolean" + } + }, + { + "description": "Clusters is used to filter containers by cluster name.\n", + "in": "query", + "name": "clusters", + "schema": { + "description": "Clusters is used to filter containers by cluster name.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "ComplianceIDs is used to filter containers by compliance IDs.\n", + "in": "query", + "name": "complianceIDs", + "schema": { + "description": "ComplianceIDs is used to filter containers by compliance IDs.\n", + "items": { + "$ref": "#/components/schemas/int" + }, + "type": "array" + } + }, + { + "description": "ComplianceRuleName is used to filter containers by applied compliance rule name.\n", + "in": "query", + "name": "complianceRuleName", + "schema": { + "type": "string" + } + }, + { + "description": "Agentless indicates that we should return only containers that were scanned by an agentless scanner.\n", + "in": "query", + "name": "agentless", + "schema": { + "type": "boolean" + } + }, + { + "description": "CSA indicates that we should return only containers that were scanned by CSA.\n", + "in": "query", + "name": "csa", + "schema": { + "type": "boolean" + } + } + ], + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/-_shared.ContainerScanResult" + } + } + }, + "description": "" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Containers" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorImages" + }, + "operationId": "get-containers", + "summary": "Get Container Scan Results" + } + }, + "/api/v33.03/containers/count": { + "get": { + "description": { + "$ref": "desc/containers/count_get.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Limit is the amount to fix.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Sorts the result using a key.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": "Hosts is used to filter containers by host.\n", + "in": "query", + "name": "hostname", + "schema": { + "description": "Hosts is used to filter containers by host.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Images is used to filter containers by image name.\n", + "in": "query", + "name": "image", + "schema": { + "description": "Images is used to filter containers by image name.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "ImageIDs is used to filter containers by image ids.\n", + "in": "query", + "name": "imageId", + "schema": { + "description": "ImageIDs is used to filter containers by image ids.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "IDs is used to filter container by container ID.\n", + "in": "query", + "name": "id", + "schema": { + "description": "IDs is used to filter container by container ID.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "ProfileIDs is used to filter container by runtime profile ID.\n", + "in": "query", + "name": "profileId", + "schema": { + "description": "ProfileIDs is used to filter container by runtime profile ID.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Namespaces are the namespaces to filter.\n", + "in": "query", + "name": "namespaces", + "schema": { + "description": "Namespaces are the namespaces to filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Fields are used to fetch specific container field.\n", + "in": "query", + "name": "fields", + "schema": { + "description": "Fields are used to fetch specific container field.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "FirewallSupported is used to fetch containers with app firewall supported.\n", + "in": "query", + "name": "firewallSupported", + "schema": { + "type": "boolean" + } + }, + { + "description": "Clusters is used to filter containers by cluster name.\n", + "in": "query", + "name": "clusters", + "schema": { + "description": "Clusters is used to filter containers by cluster name.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "ComplianceIDs is used to filter containers by compliance IDs.\n", + "in": "query", + "name": "complianceIDs", + "schema": { + "description": "ComplianceIDs is used to filter containers by compliance IDs.\n", + "items": { + "$ref": "#/components/schemas/int" + }, + "type": "array" + } + }, + { + "description": "ComplianceRuleName is used to filter containers by applied compliance rule name.\n", + "in": "query", + "name": "complianceRuleName", + "schema": { + "type": "string" + } + }, + { + "description": "Agentless indicates that we should return only containers that were scanned by an agentless scanner.\n", + "in": "query", + "name": "agentless", + "schema": { + "type": "boolean" + } + }, + { + "description": "CSA indicates that we should return only containers that were scanned by CSA.\n", + "in": "query", + "name": "csa", + "schema": { + "type": "boolean" + } + } + ], + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/int" + } + } + }, + "description": "" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Containers" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorImages" + }, + "operationId": "get-containers-count", + "summary": "Get Containers Count" + } + }, + "/api/v33.03/containers/download": { + "get": { + "description": { + "$ref": "desc/containers/download_get.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Limit is the amount to fix.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Sorts the result using a key.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": "Hosts is used to filter containers by host.\n", + "in": "query", + "name": "hostname", + "schema": { + "description": "Hosts is used to filter containers by host.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Images is used to filter containers by image name.\n", + "in": "query", + "name": "image", + "schema": { + "description": "Images is used to filter containers by image name.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "ImageIDs is used to filter containers by image ids.\n", + "in": "query", + "name": "imageId", + "schema": { + "description": "ImageIDs is used to filter containers by image ids.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "IDs is used to filter container by container ID.\n", + "in": "query", + "name": "id", + "schema": { + "description": "IDs is used to filter container by container ID.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "ProfileIDs is used to filter container by runtime profile ID.\n", + "in": "query", + "name": "profileId", + "schema": { + "description": "ProfileIDs is used to filter container by runtime profile ID.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Namespaces are the namespaces to filter.\n", + "in": "query", + "name": "namespaces", + "schema": { + "description": "Namespaces are the namespaces to filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Fields are used to fetch specific container field.\n", + "in": "query", + "name": "fields", + "schema": { + "description": "Fields are used to fetch specific container field.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "FirewallSupported is used to fetch containers with app firewall supported.\n", + "in": "query", + "name": "firewallSupported", + "schema": { + "type": "boolean" + } + }, + { + "description": "Clusters is used to filter containers by cluster name.\n", + "in": "query", + "name": "clusters", + "schema": { + "description": "Clusters is used to filter containers by cluster name.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "ComplianceIDs is used to filter containers by compliance IDs.\n", + "in": "query", + "name": "complianceIDs", + "schema": { + "description": "ComplianceIDs is used to filter containers by compliance IDs.\n", + "items": { + "$ref": "#/components/schemas/int" + }, + "type": "array" + } + }, + { + "description": "ComplianceRuleName is used to filter containers by applied compliance rule name.\n", + "in": "query", + "name": "complianceRuleName", + "schema": { + "type": "string" + } + }, + { + "description": "Agentless indicates that we should return only containers that were scanned by an agentless scanner.\n", + "in": "query", + "name": "agentless", + "schema": { + "type": "boolean" + } + }, + { + "description": "CSA indicates that we should return only containers that were scanned by CSA.\n", + "in": "query", + "name": "csa", + "schema": { + "type": "boolean" + } + }, + { + "description": "When set to true, an additional field \"Labels\" is included for each container in the output CSV/JSON file.\nThis field will provide a concatenated list of all the labels for the respective container in the format:\nkey1:value1,key2:value2,...,keyN:valueN. The default value for this parameter is \"false\".\n", + "in": "query", + "name": "includeLabels", + "schema": { + "type": "boolean" + } + } + ], + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Containers" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorImages" + }, + "operationId": "get-containers-download", + "summary": "Download Container Scan Results" + } + }, + "/api/v33.03/containers/names": { + "get": { + "description": { + "$ref": "desc/containers/names_get.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Limit is the amount to fix.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Sorts the result using a key.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": "Hosts is used to filter containers by host.\n", + "in": "query", + "name": "hostname", + "schema": { + "description": "Hosts is used to filter containers by host.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Images is used to filter containers by image name.\n", + "in": "query", + "name": "image", + "schema": { + "description": "Images is used to filter containers by image name.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "ImageIDs is used to filter containers by image ids.\n", + "in": "query", + "name": "imageId", + "schema": { + "description": "ImageIDs is used to filter containers by image ids.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "IDs is used to filter container by container ID.\n", + "in": "query", + "name": "id", + "schema": { + "description": "IDs is used to filter container by container ID.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "ProfileIDs is used to filter container by runtime profile ID.\n", + "in": "query", + "name": "profileId", + "schema": { + "description": "ProfileIDs is used to filter container by runtime profile ID.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Namespaces are the namespaces to filter.\n", + "in": "query", + "name": "namespaces", + "schema": { + "description": "Namespaces are the namespaces to filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Fields are used to fetch specific container field.\n", + "in": "query", + "name": "fields", + "schema": { + "description": "Fields are used to fetch specific container field.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "FirewallSupported is used to fetch containers with app firewall supported.\n", + "in": "query", + "name": "firewallSupported", + "schema": { + "type": "boolean" + } + }, + { + "description": "Clusters is used to filter containers by cluster name.\n", + "in": "query", + "name": "clusters", + "schema": { + "description": "Clusters is used to filter containers by cluster name.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "ComplianceIDs is used to filter containers by compliance IDs.\n", + "in": "query", + "name": "complianceIDs", + "schema": { + "description": "ComplianceIDs is used to filter containers by compliance IDs.\n", + "items": { + "$ref": "#/components/schemas/int" + }, + "type": "array" + } + }, + { + "description": "ComplianceRuleName is used to filter containers by applied compliance rule name.\n", + "in": "query", + "name": "complianceRuleName", + "schema": { + "type": "string" + } + }, + { + "description": "Agentless indicates that we should return only containers that were scanned by an agentless scanner.\n", + "in": "query", + "name": "agentless", + "schema": { + "type": "boolean" + } + }, + { + "description": "CSA indicates that we should return only containers that were scanned by CSA.\n", + "in": "query", + "name": "csa", + "schema": { + "type": "boolean" + } + } + ], + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/-_string" + } + } + }, + "description": "" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Containers" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorImages" + }, + "operationId": "get-containers-names", + "summary": "Get Container Names" + } + }, + "/api/v33.03/containers/scan": { + "post": { + "description": { + "$ref": "desc/containers/scan_post.md" + }, + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Containers" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorImages" + }, + "operationId": "post-containers-scan", + "summary": "Start a Container Scan" + } + }, + "/api/v33.03/credentials": { + "get": { + "description": { + "$ref": "desc/credentials/get.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Limit is the amount to fix.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Sorts the result using a key.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": "IDs are the credential IDs to filter.\n", + "in": "query", + "name": "ids", + "schema": { + "description": "IDs are the credential IDs to filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Cloud indicates whether to fetch cloud credentials (AWS/GCP/OCI/Azure) or other types of credentials.\n", + "in": "query", + "name": "cloud", + "schema": { + "type": "boolean" + } + }, + { + "description": "External indicates whether to fetch credentials imported from Prisma.\n", + "in": "query", + "name": "external", + "schema": { + "type": "boolean" + } + }, + { + "description": "AutoImported indicates whether to fetch credentials imported from Prisma automatically.\n", + "in": "query", + "name": "autoImported", + "schema": { + "type": "boolean" + } + } + ], + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/-_cred.Credential" + } + } + }, + "description": "" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Credentials" + ], + "x-prisma-cloud-target-env": { + "permission": "manageCreds" + }, + "operationId": "get-credentials", + "summary": "Get All Credentials" + }, + "post": { + "description": { + "$ref": "desc/credentials/post.md" + }, + "requestBody": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/cred.Credential" + } + } + } + }, + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Credentials" + ], + "x-prisma-cloud-target-env": { + "permission": "manageCreds" + }, + "operationId": "post-credentials", + "summary": "Add Credentials" + } + }, + "/api/v33.03/credentials/{id}": { + "delete": { + "description": { + "$ref": "desc/credentials/id_delete.md" + }, + "parameters": [ + { + "in": "path", + "name": "id", + "required": true, + "schema": { + "type": "string" + } + } + ], + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Credentials" + ], + "x-prisma-cloud-target-env": { + "permission": "manageCreds" + }, + "operationId": "delete-credentials-id", + "summary": "Delete a Credential" + } + }, + "/api/v33.03/credentials/{id}/usages": { + "get": { + "description": { + "$ref": "desc/credentials/id_usages_get.md" + }, + "parameters": [ + { + "in": "path", + "name": "id", + "required": true, + "schema": { + "type": "string" + } + } + ], + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/-_types.CredentialUsage" + } + } + }, + "description": "" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Credentials" + ], + "x-prisma-cloud-target-env": { + "permission": "manageCreds" + }, + "operationId": "get-credentials-id-usages", + "summary": "Get Credential Usages" + } + }, + "/api/v33.03/current/collections": { + "get": { + "description": { + "$ref": "desc/current/collections_get.md" + }, + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/-_types.UserCollection" + } + } + }, + "description": "" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Current" + ], + "x-prisma-cloud-target-env": { + "permission": "accessUI" + }, + "operationId": "get-current-collections", + "summary": "User Collections" + } + }, + "/api/v33.03/current/projects": { + "get": { + "description": { + "$ref": "desc/current/projects_get.md" + }, + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/-_types.UserProject" + } + } + }, + "description": "" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Current" + ], + "x-prisma-cloud-target-env": { + "permission": "accessUI" + }, + "operationId": "get-current-projects", + "summary": "User Projects" + } + }, + "/api/v33.03/custom-compliance": { + "get": { + "description": { + "$ref": "desc/custom-compliance/get.md" + }, + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/-_shared.CustomComplianceCheck" + } + } + }, + "description": "" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Custom-Compliance" + ], + "x-prisma-cloud-target-env": { + "permission": "policyComplianceCustomRules" + }, + "operationId": "get-custom-compliance", + "summary": "Get Custom Compliance Checks" + }, + "put": { + "description": { + "$ref": "desc/custom-compliance/put.md" + }, + "requestBody": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/shared.CustomComplianceCheck" + } + } + } + }, + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/shared.CustomComplianceCheck" + } + } + }, + "description": "CustomComplianceCheck represents a custom compliance check entry" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Custom-Compliance" + ], + "x-prisma-cloud-target-env": { + "permission": "policyComplianceCustomRules" + }, + "operationId": "put-custom-compliance", + "summary": "Update Custom Compliance Checks" + } + }, + "/api/v33.03/custom-compliance/{id}": { + "delete": { + "description": { + "$ref": "desc/custom-compliance/id_delete.md" + }, + "parameters": [ + { + "in": "path", + "name": "id", + "required": true, + "schema": { + "type": "string" + } + } + ], + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Custom-Compliance" + ], + "x-prisma-cloud-target-env": { + "permission": "policyComplianceCustomRules" + }, + "operationId": "delete-custom-compliance-id", + "summary": "Delete a Custom Compliance Check" + } + }, + "/api/v33.03/custom-rules": { + "get": { + "description": { + "$ref": "desc/custom-rules/get.md" + }, + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/-_customrules.Rule" + } + } + }, + "description": "" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Custom-Rules" + ], + "x-prisma-cloud-target-env": { + "permission": "policyCustomRules" + }, + "operationId": "get-custom-rules", + "summary": "Get Custom Rules" + } + }, + "/api/v33.03/custom-rules/{id}": { + "delete": { + "description": { + "$ref": "desc/custom-rules/id_delete.md" + }, + "parameters": [ + { + "in": "path", + "name": "id", + "required": true, + "schema": { + "type": "string" + } + } + ], + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Custom-Rules" + ], + "x-prisma-cloud-target-env": { + "permission": "policyCustomRules" + }, + "operationId": "delete-custom-rules-id", + "summary": "Delete a Custom Rule" + }, + "put": { + "description": { + "$ref": "desc/custom-rules/id_put.md" + }, + "parameters": [ + { + "in": "path", + "name": "id", + "required": true, + "schema": { + "type": "string" + } + } + ], + "requestBody": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/customrules.Rule" + } + } + } + }, + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Custom-Rules" + ], + "x-prisma-cloud-target-env": { + "permission": "policyCustomRules" + }, + "operationId": "put-custom-rules-id", + "summary": "Update a Custom Rule" + } + }, + "/api/v33.03/defenders": { + "get": { + "description": { + "$ref": "desc/defenders/get.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Limit is the amount to fix.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Sorts the result using a key.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": "Hostname is a name of a specific Defender to retrieve.\n", + "in": "query", + "name": "hostname", + "schema": { + "type": "string" + } + }, + { + "description": "Roles are the defender api.Roles to filter.\n", + "in": "query", + "name": "role", + "schema": { + "description": "Roles are the defender api.Roles to filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Indicates whether to return only connected Defenders (true) or disconnected Defenders (false).\n", + "in": "query", + "name": "connected", + "schema": { + "type": "boolean" + } + }, + { + "description": "Indicates the Defender types to return (e.g., docker, dockerWindows, cri, etc).\n", + "in": "query", + "name": "type", + "schema": { + "description": "Indicates the Defender types to return (e.g., docker, dockerWindows, cri, etc).\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Indicates whether to return a list of Defenders that are running the latest version of Prisma Cloud (true)\nor defenders with older versions (false).\n", + "in": "query", + "name": "latest", + "schema": { + "type": "boolean" + } + }, + { + "description": "SupportedVersion indicates only Defenders of supported versions should be fetched.\n", + "in": "query", + "name": "supportedVersion", + "schema": { + "type": "boolean" + } + }, + { + "description": "Scopes the query by cluster name.\n", + "in": "query", + "name": "cluster", + "schema": { + "description": "Scopes the query by cluster name.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Scopes the query by TAS cluster IDs.\n", + "in": "query", + "name": "tasClusterIDs", + "schema": { + "description": "Scopes the query by TAS cluster IDs.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Scopes the query by TAS blobstore scanning only Defenders (true) or TAS full coverage Defenders (false).\n", + "in": "query", + "name": "tasBlobstoreScanner", + "schema": { + "type": "boolean" + } + }, + { + "description": "Scopes the query by TAS foundations.\n", + "in": "query", + "name": "tasFoundations", + "schema": { + "description": "Scopes the query by TAS foundations.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Scopes the query to defenders which are using old certificate.\n", + "in": "query", + "name": "usingOldCA", + "schema": { + "type": "boolean" + } + }, + { + "description": "Scopes the query to defenders which are using expired certificate.\n", + "in": "query", + "name": "usingExpiredCA", + "schema": { + "type": "boolean" + } + }, + { + "description": "Scopes the query by provider type\nIndicates whether to return only defenders running on ARM64 architecture.\n", + "in": "query", + "name": "isARM64", + "schema": { + "type": "boolean" + } + }, + { + "description": "Indicates whether to return only defenders running as VPC Observer.\n", + "in": "query", + "name": "isVPCObserver", + "schema": { + "type": "boolean" + } + } + ], + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/-_defender.Defender" + } + } + }, + "description": "" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Defenders" + ], + "x-prisma-cloud-target-env": { + "permission": "manageDefenders" + }, + "operationId": "get-defenders", + "summary": "Get Deployed Defenders" + } + }, + "/api/v33.03/defenders/app-embedded": { + "post": { + "description": { + "$ref": "desc/defenders/app_embedded_post.md" + }, + "requestBody": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/shared.AppEmbeddedEmbedRequest" + } + } + } + }, + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Defenders" + ], + "x-prisma-cloud-target-env": { + "permission": "manageDefenders" + }, + "operationId": "post-defenders-app-embedded", + "summary": "Generate a Docker File for App-embedded Defender" + } + }, + "/api/v33.03/defenders/daemonset.yaml": { + "post": { + "description": { + "$ref": "desc/defenders/daemonset_yaml_post.md" + }, + "requestBody": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/common.DaemonSetOptions" + } + } + } + }, + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/-_uint8" + } + } + }, + "description": "" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Defenders" + ], + "x-prisma-cloud-target-env": { + "permission": "manageDefenders" + }, + "operationId": "post-defenders-daemonset.yaml", + "summary": "Generate Daemonset Deployment YAML File" + } + }, + "/api/v33.03/defenders/download": { + "get": { + "description": { + "$ref": "desc/defenders/download_get.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Limit is the amount to fix.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Sorts the result using a key.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": "Hostname is a name of a specific Defender to retrieve.\n", + "in": "query", + "name": "hostname", + "schema": { + "type": "string" + } + }, + { + "description": "Roles are the defender api.Roles to filter.\n", + "in": "query", + "name": "role", + "schema": { + "description": "Roles are the defender api.Roles to filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Indicates whether to return only connected Defenders (true) or disconnected Defenders (false).\n", + "in": "query", + "name": "connected", + "schema": { + "type": "boolean" + } + }, + { + "description": "Indicates the Defender types to return (e.g., docker, dockerWindows, cri, etc).\n", + "in": "query", + "name": "type", + "schema": { + "description": "Indicates the Defender types to return (e.g., docker, dockerWindows, cri, etc).\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Indicates whether to return a list of Defenders that are running the latest version of Prisma Cloud (true)\nor defenders with older versions (false).\n", + "in": "query", + "name": "latest", + "schema": { + "type": "boolean" + } + }, + { + "description": "SupportedVersion indicates only Defenders of supported versions should be fetched.\n", + "in": "query", + "name": "supportedVersion", + "schema": { + "type": "boolean" + } + }, + { + "description": "Scopes the query by cluster name.\n", + "in": "query", + "name": "cluster", + "schema": { + "description": "Scopes the query by cluster name.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Scopes the query by TAS cluster IDs.\n", + "in": "query", + "name": "tasClusterIDs", + "schema": { + "description": "Scopes the query by TAS cluster IDs.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Scopes the query by TAS blobstore scanning only Defenders (true) or TAS full coverage Defenders (false).\n", + "in": "query", + "name": "tasBlobstoreScanner", + "schema": { + "type": "boolean" + } + }, + { + "description": "Scopes the query by TAS foundations.\n", + "in": "query", + "name": "tasFoundations", + "schema": { + "description": "Scopes the query by TAS foundations.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Scopes the query to defenders which are using old certificate.\n", + "in": "query", + "name": "usingOldCA", + "schema": { + "type": "boolean" + } + }, + { + "description": "Scopes the query to defenders which are using expired certificate.\n", + "in": "query", + "name": "usingExpiredCA", + "schema": { + "type": "boolean" + } + }, + { + "description": "Scopes the query by provider type\nIndicates whether to return only defenders running on ARM64 architecture.\n", + "in": "query", + "name": "isARM64", + "schema": { + "type": "boolean" + } + }, + { + "description": "Indicates whether to return only defenders running as VPC Observer.\n", + "in": "query", + "name": "isVPCObserver", + "schema": { + "type": "boolean" + } + } + ], + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Defenders" + ], + "x-prisma-cloud-target-env": { + "permission": "manageDefenders" + }, + "operationId": "get-defenders-download", + "summary": "Download Deployed Defenders" + } + }, + "/api/v33.03/defenders/fargate.json": { + "post": { + "description": { + "$ref": "desc/defenders/fargate_json_post.md" + }, + "parameters": [ + { + "description": "ConsoleAddr is the remote console address.\n", + "in": "query", + "name": "consoleaddr", + "schema": { + "type": "string" + } + }, + { + "description": "DefenderType is the type of the defender to create the install bundle for.\n", + "in": "query", + "name": "defenderType", + "schema": { + "description": "Type is the type to be given at startup", + "enum": [ + [ + "none", + "docker", + "dockerWindows", + "containerdWindows", + "swarm", + "daemonset", + "serverLinux", + "serverWindows", + "cri", + "fargate", + "appEmbedded", + "tas", + "tasWindows", + "serverless", + "ecs", + "podman" + ] + ], + "type": "string" + } + }, + { + "description": "Interpreter is a custom interpreter set by the user to run the fargate defender entrypoint script.\n", + "in": "query", + "name": "interpreter", + "schema": { + "type": "string" + } + }, + { + "description": "CloudFormation indicates if the given fargate task definition is in Cloud Formation format.\n", + "in": "query", + "name": "cloudFormation", + "schema": { + "type": "boolean" + } + }, + { + "description": "FilesystemMonitoring is the filesystem monitoring flag.\n", + "in": "query", + "name": "filesystemMonitoring", + "schema": { + "type": "boolean" + } + }, + { + "description": "ExtractEntrypoint indicates if entrypoint will be extracted automatically.\n", + "in": "query", + "name": "extractEntrypoint", + "schema": { + "type": "boolean" + } + }, + { + "description": "RegistryType is the registry type for fetching image details needed to create fargate task definition (e.g., dockerhub).\n", + "in": "query", + "name": "registryType", + "schema": { + "type": "string" + } + }, + { + "description": "RegistryCredentialID of the credentials in the credentials store to use for authenticating with the registry.\n", + "in": "query", + "name": "registryCredentialID", + "schema": { + "type": "string" + } + }, + { + "description": "DefenderImage is the full path to the Defender image, if not specified Prisma's private registry is used.\n", + "in": "query", + "name": "defenderImage", + "schema": { + "type": "string" + } + }, + { + "description": "DefenderImagePullSecret is the name of the secret required to pull the Defender image from private registry.\n", + "in": "query", + "name": "defenderImagePullSecret", + "schema": { + "type": "string" + } + } + ], + "requestBody": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/appembedded.FargateTask" + } + } + } + }, + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/appembedded.FargateTask" + } + } + }, + "description": "FargateTask represents the generic fargate task AWS template" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Defenders" + ], + "x-prisma-cloud-target-env": { + "permission": "manageDefenders" + }, + "operationId": "post-defenders-fargate.json", + "summary": "Generate a Protected JSON Fargate Task Definition" + } + }, + "/api/v33.03/defenders/fargate.yaml": { + "post": { + "description": { + "$ref": "desc/defenders/fargate_yaml_post.md" + }, + "parameters": [ + { + "description": "ConsoleAddr is the remote console address.\n", + "in": "query", + "name": "consoleaddr", + "schema": { + "type": "string" + } + }, + { + "description": "DefenderType is the type of the defender to create the install bundle for.\n", + "in": "query", + "name": "defenderType", + "schema": { + "description": "Type is the type to be given at startup", + "enum": [ + [ + "none", + "docker", + "dockerWindows", + "containerdWindows", + "swarm", + "daemonset", + "serverLinux", + "serverWindows", + "cri", + "fargate", + "appEmbedded", + "tas", + "tasWindows", + "serverless", + "ecs", + "podman" + ] + ], + "type": "string" + } + }, + { + "description": "Interpreter is a custom interpreter set by the user to run the fargate defender entrypoint script.\n", + "in": "query", + "name": "interpreter", + "schema": { + "type": "string" + } + }, + { + "description": "CloudFormation indicates if the given fargate task definition is in Cloud Formation format.\n", + "in": "query", + "name": "cloudFormation", + "schema": { + "type": "boolean" + } + }, + { + "description": "FilesystemMonitoring is the filesystem monitoring flag.\n", + "in": "query", + "name": "filesystemMonitoring", + "schema": { + "type": "boolean" + } + }, + { + "description": "ExtractEntrypoint indicates if entrypoint will be extracted automatically.\n", + "in": "query", + "name": "extractEntrypoint", + "schema": { + "type": "boolean" + } + }, + { + "description": "RegistryType is the registry type for fetching image details needed to create fargate task definition (e.g., dockerhub).\n", + "in": "query", + "name": "registryType", + "schema": { + "type": "string" + } + }, + { + "description": "RegistryCredentialID of the credentials in the credentials store to use for authenticating with the registry.\n", + "in": "query", + "name": "registryCredentialID", + "schema": { + "type": "string" + } + }, + { + "description": "DefenderImage is the full path to the Defender image, if not specified Prisma's private registry is used.\n", + "in": "query", + "name": "defenderImage", + "schema": { + "type": "string" + } + }, + { + "description": "DefenderImagePullSecret is the name of the secret required to pull the Defender image from private registry.\n", + "in": "query", + "name": "defenderImagePullSecret", + "schema": { + "type": "string" + } + } + ], + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/-_uint8" + } + } + }, + "description": "" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Defenders" + ], + "x-prisma-cloud-target-env": { + "permission": "manageDefenders" + }, + "operationId": "post-defenders-fargate.yaml", + "summary": "Generate a Protected YAML Fargate Task Definition" + } + }, + "/api/v33.03/defenders/helm/twistlock-defender-helm.tar.gz": { + "post": { + "description": { + "$ref": "desc/defenders/helm_post.md" + }, + "requestBody": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/common.DaemonSetOptions" + } + } + } + }, + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Defenders" + ], + "x-prisma-cloud-target-env": { + "permission": "manageDefenders" + }, + "operationId": "post-defenders-helm-twistlock-defender-helm.tar.gz", + "summary": "Generate a Helm Deployment Chart for Defender" + } + }, + "/api/v33.03/defenders/image-name": { + "get": { + "description": { + "$ref": "desc/defenders/image-name_get.md" + }, + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/string" + } + } + }, + "description": "" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Defenders" + ], + "x-prisma-cloud-target-env": { + "permission": "manageDefenders" + }, + "operationId": "get-defenders-image-name", + "summary": "Get Docker Image Name for Defender" + } + }, + "/api/v33.03/defenders/install-bundle": { + "get": { + "description": { + "$ref": "desc/defenders/install-bundle_get.md" + }, + "parameters": [ + { + "description": "ConsoleAddr is the remote console address.\n", + "in": "query", + "name": "consoleaddr", + "schema": { + "type": "string" + } + }, + { + "description": "DefenderType is the type of the defender to create the install bundle for.\n", + "in": "query", + "name": "defenderType", + "schema": { + "description": "Type is the type to be given at startup", + "enum": [ + [ + "none", + "docker", + "dockerWindows", + "containerdWindows", + "swarm", + "daemonset", + "serverLinux", + "serverWindows", + "cri", + "fargate", + "appEmbedded", + "tas", + "tasWindows", + "serverless", + "ecs", + "podman" + ] + ], + "type": "string" + } + }, + { + "description": "Interpreter is a custom interpreter set by the user to run the fargate defender entrypoint script.\n", + "in": "query", + "name": "interpreter", + "schema": { + "type": "string" + } + }, + { + "description": "CloudFormation indicates if the given fargate task definition is in Cloud Formation format.\n", + "in": "query", + "name": "cloudFormation", + "schema": { + "type": "boolean" + } + }, + { + "description": "FilesystemMonitoring is the filesystem monitoring flag.\n", + "in": "query", + "name": "filesystemMonitoring", + "schema": { + "type": "boolean" + } + }, + { + "description": "ExtractEntrypoint indicates if entrypoint will be extracted automatically.\n", + "in": "query", + "name": "extractEntrypoint", + "schema": { + "type": "boolean" + } + }, + { + "description": "RegistryType is the registry type for fetching image details needed to create fargate task definition (e.g., dockerhub).\n", + "in": "query", + "name": "registryType", + "schema": { + "type": "string" + } + }, + { + "description": "RegistryCredentialID of the credentials in the credentials store to use for authenticating with the registry.\n", + "in": "query", + "name": "registryCredentialID", + "schema": { + "type": "string" + } + }, + { + "description": "DefenderImage is the full path to the Defender image, if not specified Prisma's private registry is used.\n", + "in": "query", + "name": "defenderImage", + "schema": { + "type": "string" + } + }, + { + "description": "DefenderImagePullSecret is the name of the secret required to pull the Defender image from private registry.\n", + "in": "query", + "name": "defenderImagePullSecret", + "schema": { + "type": "string" + } + } + ], + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/shared.DefenderInstallBundle" + } + } + }, + "description": "DefenderInstallBundle represents the install bundle for the defender" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Defenders" + ], + "x-prisma-cloud-target-env": { + "permission": "manageDefenders" + }, + "operationId": "get-defenders-install-bundle", + "summary": "Get Certificate Bundle for Defender" + } + }, + "/api/v33.03/defenders/names": { + "get": { + "description": { + "$ref": "desc/defenders/names_get.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Limit is the amount to fix.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Sorts the result using a key.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": "Hostname is a name of a specific Defender to retrieve.\n", + "in": "query", + "name": "hostname", + "schema": { + "type": "string" + } + }, + { + "description": "Roles are the defender api.Roles to filter.\n", + "in": "query", + "name": "role", + "schema": { + "description": "Roles are the defender api.Roles to filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Indicates whether to return only connected Defenders (true) or disconnected Defenders (false).\n", + "in": "query", + "name": "connected", + "schema": { + "type": "boolean" + } + }, + { + "description": "Indicates the Defender types to return (e.g., docker, dockerWindows, cri, etc).\n", + "in": "query", + "name": "type", + "schema": { + "description": "Indicates the Defender types to return (e.g., docker, dockerWindows, cri, etc).\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Indicates whether to return a list of Defenders that are running the latest version of Prisma Cloud (true)\nor defenders with older versions (false).\n", + "in": "query", + "name": "latest", + "schema": { + "type": "boolean" + } + }, + { + "description": "SupportedVersion indicates only Defenders of supported versions should be fetched.\n", + "in": "query", + "name": "supportedVersion", + "schema": { + "type": "boolean" + } + }, + { + "description": "Scopes the query by cluster name.\n", + "in": "query", + "name": "cluster", + "schema": { + "description": "Scopes the query by cluster name.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Scopes the query by TAS cluster IDs.\n", + "in": "query", + "name": "tasClusterIDs", + "schema": { + "description": "Scopes the query by TAS cluster IDs.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Scopes the query by TAS blobstore scanning only Defenders (true) or TAS full coverage Defenders (false).\n", + "in": "query", + "name": "tasBlobstoreScanner", + "schema": { + "type": "boolean" + } + }, + { + "description": "Scopes the query by TAS foundations.\n", + "in": "query", + "name": "tasFoundations", + "schema": { + "description": "Scopes the query by TAS foundations.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Scopes the query to defenders which are using old certificate.\n", + "in": "query", + "name": "usingOldCA", + "schema": { + "type": "boolean" + } + }, + { + "description": "Scopes the query to defenders which are using expired certificate.\n", + "in": "query", + "name": "usingExpiredCA", + "schema": { + "type": "boolean" + } + }, + { + "description": "Scopes the query by provider type\nIndicates whether to return only defenders running on ARM64 architecture.\n", + "in": "query", + "name": "isARM64", + "schema": { + "type": "boolean" + } + }, + { + "description": "Indicates whether to return only defenders running as VPC Observer.\n", + "in": "query", + "name": "isVPCObserver", + "schema": { + "type": "boolean" + } + } + ], + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/-_string" + } + } + }, + "description": "" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Defenders" + ], + "x-prisma-cloud-target-env": { + "permission": "manageDefenders" + }, + "operationId": "get-defenders-names", + "summary": "Get Defender Names" + } + }, + "/api/v33.03/defenders/serverless/bundle": { + "post": { + "description": { + "$ref": "desc/defenders/serverless-bundle_post.md" + }, + "requestBody": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/shared.ServerlessBundleRequest" + } + } + } + }, + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Defenders" + ], + "x-prisma-cloud-target-env": { + "permission": "manageDefenders" + }, + "operationId": "post-defenders-serverless-bundle", + "summary": "Generate Serverless Bundle for Defender" + } + }, + "/api/v33.03/defenders/summary": { + "get": { + "description": { + "$ref": "desc/defenders/summary_get.md" + }, + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/-_types.DefenderSummary" + } + } + }, + "description": "" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Defenders" + ], + "x-prisma-cloud-target-env": { + "permission": "manageDefenders" + }, + "operationId": "get-defenders-summary", + "summary": "Get Defenders Summary" + } + }, + "/api/v33.03/defenders/tas-cloud-controller-address": { + "get": { + "description": { + "$ref": "desc/defenders/tas-cloud-controller-address_get.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Limit is the amount to fix.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Sorts the result using a key.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": "Hostname is a name of a specific Defender to retrieve.\n", + "in": "query", + "name": "hostname", + "schema": { + "type": "string" + } + }, + { + "description": "Roles are the defender api.Roles to filter.\n", + "in": "query", + "name": "role", + "schema": { + "description": "Roles are the defender api.Roles to filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Indicates whether to return only connected Defenders (true) or disconnected Defenders (false).\n", + "in": "query", + "name": "connected", + "schema": { + "type": "boolean" + } + }, + { + "description": "Indicates the Defender types to return (e.g., docker, dockerWindows, cri, etc).\n", + "in": "query", + "name": "type", + "schema": { + "description": "Indicates the Defender types to return (e.g., docker, dockerWindows, cri, etc).\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Indicates whether to return a list of Defenders that are running the latest version of Prisma Cloud (true)\nor defenders with older versions (false).\n", + "in": "query", + "name": "latest", + "schema": { + "type": "boolean" + } + }, + { + "description": "SupportedVersion indicates only Defenders of supported versions should be fetched.\n", + "in": "query", + "name": "supportedVersion", + "schema": { + "type": "boolean" + } + }, + { + "description": "Scopes the query by cluster name.\n", + "in": "query", + "name": "cluster", + "schema": { + "description": "Scopes the query by cluster name.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Scopes the query by TAS cluster IDs.\n", + "in": "query", + "name": "tasClusterIDs", + "schema": { + "description": "Scopes the query by TAS cluster IDs.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Scopes the query by TAS blobstore scanning only Defenders (true) or TAS full coverage Defenders (false).\n", + "in": "query", + "name": "tasBlobstoreScanner", + "schema": { + "type": "boolean" + } + }, + { + "description": "Scopes the query by TAS foundations.\n", + "in": "query", + "name": "tasFoundations", + "schema": { + "description": "Scopes the query by TAS foundations.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Scopes the query to defenders which are using old certificate.\n", + "in": "query", + "name": "usingOldCA", + "schema": { + "type": "boolean" + } + }, + { + "description": "Scopes the query to defenders which are using expired certificate.\n", + "in": "query", + "name": "usingExpiredCA", + "schema": { + "type": "boolean" + } + }, + { + "description": "Scopes the query by provider type\nIndicates whether to return only defenders running on ARM64 architecture.\n", + "in": "query", + "name": "isARM64", + "schema": { + "type": "boolean" + } + }, + { + "description": "Indicates whether to return only defenders running as VPC Observer.\n", + "in": "query", + "name": "isVPCObserver", + "schema": { + "type": "boolean" + } + } + ], + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/-_string" + } + } + }, + "description": "" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Defenders" + ], + "x-prisma-cloud-target-env": { + "permission": "manageDefenders" + }, + "operationId": "get-defenders-tas-cloud-controller-address", + "summary": "Defenders Tas Cloud Controller Address" + } + }, + "/api/v33.03/defenders/upgrade": { + "post": { + "description": { + "$ref": "desc/defenders/upgrade_post.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Limit is the amount to fix.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Sorts the result using a key.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": "Hostname is a name of a specific Defender to retrieve.\n", + "in": "query", + "name": "hostname", + "schema": { + "type": "string" + } + }, + { + "description": "Roles are the defender api.Roles to filter.\n", + "in": "query", + "name": "role", + "schema": { + "description": "Roles are the defender api.Roles to filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Indicates whether to return only connected Defenders (true) or disconnected Defenders (false).\n", + "in": "query", + "name": "connected", + "schema": { + "type": "boolean" + } + }, + { + "description": "Indicates the Defender types to return (e.g., docker, dockerWindows, cri, etc).\n", + "in": "query", + "name": "type", + "schema": { + "description": "Indicates the Defender types to return (e.g., docker, dockerWindows, cri, etc).\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Indicates whether to return a list of Defenders that are running the latest version of Prisma Cloud (true)\nor defenders with older versions (false).\n", + "in": "query", + "name": "latest", + "schema": { + "type": "boolean" + } + }, + { + "description": "SupportedVersion indicates only Defenders of supported versions should be fetched.\n", + "in": "query", + "name": "supportedVersion", + "schema": { + "type": "boolean" + } + }, + { + "description": "Scopes the query by cluster name.\n", + "in": "query", + "name": "cluster", + "schema": { + "description": "Scopes the query by cluster name.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Scopes the query by TAS cluster IDs.\n", + "in": "query", + "name": "tasClusterIDs", + "schema": { + "description": "Scopes the query by TAS cluster IDs.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Scopes the query by TAS blobstore scanning only Defenders (true) or TAS full coverage Defenders (false).\n", + "in": "query", + "name": "tasBlobstoreScanner", + "schema": { + "type": "boolean" + } + }, + { + "description": "Scopes the query by TAS foundations.\n", + "in": "query", + "name": "tasFoundations", + "schema": { + "description": "Scopes the query by TAS foundations.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Scopes the query to defenders which are using old certificate.\n", + "in": "query", + "name": "usingOldCA", + "schema": { + "type": "boolean" + } + }, + { + "description": "Scopes the query to defenders which are using expired certificate.\n", + "in": "query", + "name": "usingExpiredCA", + "schema": { + "type": "boolean" + } + }, + { + "description": "Scopes the query by provider type\nIndicates whether to return only defenders running on ARM64 architecture.\n", + "in": "query", + "name": "isARM64", + "schema": { + "type": "boolean" + } + }, + { + "description": "Indicates whether to return only defenders running as VPC Observer.\n", + "in": "query", + "name": "isVPCObserver", + "schema": { + "type": "boolean" + } + } + ], + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Defenders" + ], + "x-prisma-cloud-target-env": { + "permission": "manageDefenders" + }, + "operationId": "post-defenders-upgrade", + "summary": "Upgrade Connected Single Linux Defenders" + } + }, + "/api/v33.03/defenders/{id}": { + "delete": { + "description": { + "$ref": "desc/defenders/id_delete.md" + }, + "parameters": [ + { + "in": "path", + "name": "id", + "required": true, + "schema": { + "type": "string" + } + } + ], + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Defenders" + ], + "x-prisma-cloud-target-env": { + "permission": "manageDefenders" + }, + "operationId": "delete-defenders-id", + "summary": "Delete a Defender" + } + }, + "/api/v33.03/defenders/{id}/features": { + "post": { + "description": { + "$ref": "desc/defenders/id_features_post.md" + }, + "parameters": [ + { + "in": "path", + "name": "id", + "required": true, + "schema": { + "type": "string" + } + } + ], + "requestBody": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/defender.Features" + } + } + } + }, + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/defender.Defender" + } + } + }, + "description": "Defender is an update about an agent starting" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Defenders" + ], + "x-prisma-cloud-target-env": { + "permission": "manageDefenders" + }, + "operationId": "post-defenders-id-features", + "summary": "Update Defender Configuration" + } + }, + "/api/v33.03/defenders/{id}/restart": { + "post": { + "description": { + "$ref": "desc/defenders/id_restart_post.md" + }, + "parameters": [ + { + "in": "path", + "name": "id", + "required": true, + "schema": { + "type": "string" + } + } + ], + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Defenders" + ], + "x-prisma-cloud-target-env": { + "permission": "manageDefenders" + }, + "operationId": "post-defenders-id-restart", + "summary": "Restart a Defender" + } + }, + "/api/v33.03/defenders/{id}/upgrade": { + "post": { + "description": { + "$ref": "desc/defenders/id_upgrade_post.md" + }, + "parameters": [ + { + "in": "path", + "name": "id", + "required": true, + "schema": { + "type": "string" + } + } + ], + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Defenders" + ], + "x-prisma-cloud-target-env": { + "permission": "manageDefenders" + }, + "operationId": "post-defenders-id-upgrade", + "summary": "Upgrade a Defender" + } + }, + "/api/v33.03/feeds/custom/custom-vulnerabilities": { + "get": { + "description": { + "$ref": "desc/feeds/custom-vulnerabilities_get.md" + }, + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/vuln.CustomVulnerabilities" + } + } + }, + "description": "CustomVulnerabilities is a collection of custom vulnerabilities\nTBD: this storage usage is not best practice, should be migrate to a 1 document per vulnerability" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Feeds" + ], + "x-prisma-cloud-target-env": { + "permission": "systemOperations" + }, + "operationId": "get-feeds-custom-custom-vulnerabilities", + "summary": "Get Custom Vulnerability Feed" + }, + "put": { + "description": { + "$ref": "desc/feeds/custom-vulnerabilities_put.md" + }, + "requestBody": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/vuln.CustomVulnerabilities" + } + } + } + }, + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Feeds" + ], + "x-prisma-cloud-target-env": { + "permission": "systemOperations" + }, + "operationId": "put-feeds-custom-custom-vulnerabilities", + "summary": "Update Custom Vulnerability Feed" + } + }, + "/api/v33.03/feeds/custom/malware": { + "get": { + "description": { + "$ref": "desc/feeds/malware_get.md" + }, + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/shared.CustomMalwareFeed" + } + } + }, + "description": "CustomMalwareFeed represent the custom malware" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Feeds" + ], + "x-prisma-cloud-target-env": { + "permission": "user" + }, + "operationId": "get-feeds-custom-malware", + "summary": "Get Custom Malware Feed" + }, + "put": { + "description": { + "$ref": "desc/feeds/malware_put.md" + }, + "requestBody": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/shared.CustomMalwareFeed" + } + } + } + }, + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Feeds" + ], + "x-prisma-cloud-target-env": { + "permission": "systemOperations" + }, + "operationId": "put-feeds-custom-malware", + "summary": "Update Custom Malware Feed" + } + }, + "/api/v33.03/groups": { + "get": { + "description": { + "$ref": "desc/groups/get.md" + }, + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/types.Groups" + } + } + }, + "description": "Groups represents a list of groups" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Groups" + ], + "x-prisma-cloud-target-env": { + "permission": "userManagement" + }, + "operationId": "get-groups", + "summary": "Get Groups" + }, + "post": { + "description": { + "$ref": "desc/groups/post.md" + }, + "requestBody": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/types.Group" + } + } + } + }, + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Groups" + ], + "x-prisma-cloud-target-env": { + "permission": "userManagement" + }, + "operationId": "post-groups", + "summary": "Add a Group" + } + }, + "/api/v33.03/groups/names": { + "get": { + "description": { + "$ref": "desc/groups/names.md" + }, + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/-_string" + } + } + }, + "description": "" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Groups" + ], + "x-prisma-cloud-target-env": { + "permission": "userManagement" + }, + "operationId": "get-groups-names", + "summary": "Get Group Names" + } + }, + "/api/v33.03/groups/{id}": { + "delete": { + "description": { + "$ref": "desc/groups/id_delete.md" + }, + "parameters": [ + { + "in": "path", + "name": "id", + "required": true, + "schema": { + "type": "string" + } + } + ], + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Groups" + ], + "x-prisma-cloud-target-env": { + "permission": "userManagement" + }, + "operationId": "delete-groups-id", + "summary": "Delete a Group" + }, + "put": { + "description": { + "$ref": "desc/groups/id_put.md" + }, + "parameters": [ + { + "in": "path", + "name": "id", + "required": true, + "schema": { + "type": "string" + } + } + ], + "requestBody": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/types.Group" + } + } + } + }, + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Groups" + ], + "x-prisma-cloud-target-env": { + "permission": "userManagement" + }, + "operationId": "put-groups-id", + "summary": "Update a Group" + } + }, + "/api/v33.03/hosts": { + "get": { + "description": { + "$ref": "desc/hosts/get.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Limit is the amount to fix.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Sorts the result using a key.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": "Filters the result based on hostnames.\n", + "in": "query", + "name": "hostname", + "schema": { + "description": "Filters the result based on hostnames.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters the result based on OS distribution names.\n", + "in": "query", + "name": "distro", + "schema": { + "description": "Filters the result based on OS distribution names.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Provides the minimal image data. Information about vulnerabilities, compliance, and extended image metadata are skipped.\nDefault is false.\n", + "in": "query", + "name": "compact", + "schema": { + "type": "boolean" + } + }, + { + "description": "Filters the result based on cluster names.\n", + "in": "query", + "name": "clusters", + "schema": { + "description": "Filters the result based on cluster names.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters the result based on compliance IDs.\n", + "in": "query", + "name": "complianceIDs", + "schema": { + "description": "Filters the result based on compliance IDs.\n", + "items": { + "$ref": "#/components/schemas/int" + }, + "type": "array" + } + }, + { + "description": "Filters the result based on applied compliance rule name.\n", + "in": "query", + "name": "complianceRuleName", + "schema": { + "type": "string" + } + }, + { + "description": "Retrieves the host names that were scanned by the agentless scanner.\n", + "in": "query", + "name": "agentless", + "schema": { + "type": "boolean" + } + }, + { + "description": "Filters only images scanned by CSA.\n", + "in": "query", + "name": "csa", + "schema": { + "type": "boolean" + } + }, + { + "description": "Retrieves the host names that were skipped during an agentless scan.\nDefault is false.\n", + "in": "query", + "name": "stopped", + "schema": { + "type": "boolean" + } + }, + { + "description": "Retrieves the result in the normalized form of low, medium, high, and critical based on vulnerability's severity level.\nDefault is false.\n", + "in": "query", + "name": "normalizedSeverity", + "schema": { + "type": "boolean" + } + }, + { + "description": "Filters results by uaiID.\n", + "in": "query", + "name": "uaiID", + "schema": { + "type": "string" + } + }, + { + "description": "Filters results by issue type.\n", + "in": "query", + "name": "issueType", + "schema": { + "description": "IssueType is used to filter scan results by issue type", + "enum": [ + [ + "vulnerabilities", + "compliance", + "" + ] + ], + "type": "string" + } + } + ], + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/-_shared.ImageScanResult" + } + } + }, + "description": "" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Hosts" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorHosts" + }, + "operationId": "get-hosts", + "summary": "Get Host Scan Results" + } + }, + "/api/v33.03/hosts/download": { + "get": { + "description": { + "$ref": "desc/hosts/download_get.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Limit is the amount to fix.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Sorts the result using a key.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": "Filters the result based on hostnames.\n", + "in": "query", + "name": "hostname", + "schema": { + "description": "Filters the result based on hostnames.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters the result based on OS distribution names.\n", + "in": "query", + "name": "distro", + "schema": { + "description": "Filters the result based on OS distribution names.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Provides the minimal image data. Information about vulnerabilities, compliance, and extended image metadata are skipped.\nDefault is false.\n", + "in": "query", + "name": "compact", + "schema": { + "type": "boolean" + } + }, + { + "description": "Filters the result based on cluster names.\n", + "in": "query", + "name": "clusters", + "schema": { + "description": "Filters the result based on cluster names.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters the result based on compliance IDs.\n", + "in": "query", + "name": "complianceIDs", + "schema": { + "description": "Filters the result based on compliance IDs.\n", + "items": { + "$ref": "#/components/schemas/int" + }, + "type": "array" + } + }, + { + "description": "Filters the result based on applied compliance rule name.\n", + "in": "query", + "name": "complianceRuleName", + "schema": { + "type": "string" + } + }, + { + "description": "Retrieves the host names that were scanned by the agentless scanner.\n", + "in": "query", + "name": "agentless", + "schema": { + "type": "boolean" + } + }, + { + "description": "Filters only images scanned by CSA.\n", + "in": "query", + "name": "csa", + "schema": { + "type": "boolean" + } + }, + { + "description": "Retrieves the host names that were skipped during an agentless scan.\nDefault is false.\n", + "in": "query", + "name": "stopped", + "schema": { + "type": "boolean" + } + }, + { + "description": "Retrieves the result in the normalized form of low, medium, high, and critical based on vulnerability's severity level.\nDefault is false.\n", + "in": "query", + "name": "normalizedSeverity", + "schema": { + "type": "boolean" + } + }, + { + "description": "Filters results by uaiID.\n", + "in": "query", + "name": "uaiID", + "schema": { + "type": "string" + } + }, + { + "description": "Filters results by issue type.\n", + "in": "query", + "name": "issueType", + "schema": { + "description": "IssueType is used to filter scan results by issue type", + "enum": [ + [ + "vulnerabilities", + "compliance", + "" + ] + ], + "type": "string" + } + } + ], + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Hosts" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorHosts" + }, + "operationId": "get-hosts-download", + "summary": "Download Host Scan Results" + } + }, + "/api/v33.03/hosts/evaluate": { + "post": { + "description": { + "$ref": "desc/hosts/evaluate_get.md" + }, + "requestBody": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/api.ResolveImagesReq" + } + } + } + }, + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/api.ResolveImagesResp" + } + } + }, + "description": "ResolveImagesResp represents the images resolution API output" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Hosts" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorCI" + }, + "operationId": "post-hosts-evaluate", + "summary": "Resolve Hosts" + } + }, + "/api/v33.03/hosts/info": { + "get": { + "description": { + "$ref": "desc/hosts/info_get.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Limit is the amount to fix.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Sorts the result using a key.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": "Filters the result based on hostnames.\n", + "in": "query", + "name": "hostname", + "schema": { + "description": "Filters the result based on hostnames.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters the result based on OS distribution names.\n", + "in": "query", + "name": "distro", + "schema": { + "description": "Filters the result based on OS distribution names.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Provides the minimal image data. Information about vulnerabilities, compliance, and extended image metadata are skipped.\nDefault is false.\n", + "in": "query", + "name": "compact", + "schema": { + "type": "boolean" + } + }, + { + "description": "Filters the result based on cluster names.\n", + "in": "query", + "name": "clusters", + "schema": { + "description": "Filters the result based on cluster names.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters the result based on compliance IDs.\n", + "in": "query", + "name": "complianceIDs", + "schema": { + "description": "Filters the result based on compliance IDs.\n", + "items": { + "$ref": "#/components/schemas/int" + }, + "type": "array" + } + }, + { + "description": "Filters the result based on applied compliance rule name.\n", + "in": "query", + "name": "complianceRuleName", + "schema": { + "type": "string" + } + }, + { + "description": "Retrieves the host names that were scanned by the agentless scanner.\n", + "in": "query", + "name": "agentless", + "schema": { + "type": "boolean" + } + }, + { + "description": "Filters only images scanned by CSA.\n", + "in": "query", + "name": "csa", + "schema": { + "type": "boolean" + } + }, + { + "description": "Retrieves the host names that were skipped during an agentless scan.\nDefault is false.\n", + "in": "query", + "name": "stopped", + "schema": { + "type": "boolean" + } + }, + { + "description": "Retrieves the result in the normalized form of low, medium, high, and critical based on vulnerability's severity level.\nDefault is false.\n", + "in": "query", + "name": "normalizedSeverity", + "schema": { + "type": "boolean" + } + }, + { + "description": "Filters results by uaiID.\n", + "in": "query", + "name": "uaiID", + "schema": { + "type": "string" + } + }, + { + "description": "Filters results by issue type.\n", + "in": "query", + "name": "issueType", + "schema": { + "description": "IssueType is used to filter scan results by issue type", + "enum": [ + [ + "vulnerabilities", + "compliance", + "" + ] + ], + "type": "string" + } + } + ], + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/-_shared.HostInfo" + } + } + }, + "description": "" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Hosts" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorRuntimeHosts" + }, + "operationId": "get-hosts-info", + "summary": "Get Host Information" + } + }, + "/api/v33.03/hosts/scan": { + "post": { + "description": { + "$ref": "desc/hosts/scan_post.md" + }, + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Hosts" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorHosts" + }, + "operationId": "post-hosts-scan", + "summary": "Start a Host Scan" + } + }, + "/api/v33.03/images": { + "get": { + "description": { + "$ref": "desc/images/get.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Limit is the amount to fix.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Sorts the result using a key.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": "Filters the result based on image IDs.\n", + "in": "query", + "name": "id", + "schema": { + "description": "Filters the result based on image IDs.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters the result based on hostnames.\n", + "in": "query", + "name": "hostname", + "schema": { + "description": "Filters the result based on hostnames.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters the result based on image repository names.\n", + "in": "query", + "name": "repository", + "schema": { + "description": "Filters the result based on image repository names.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters the result based on image registry names.\n", + "in": "query", + "name": "registry", + "schema": { + "description": "Filters the result based on image registry names.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "List of fields to retrieve.\n", + "in": "query", + "name": "fields", + "schema": { + "description": "List of fields to retrieve.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters the result based on image names.\n", + "in": "query", + "name": "name", + "schema": { + "description": "Filters the result based on image names.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Indicates whether the CVEs are mapped to a specific image layer.\nDefault is false.\n", + "in": "query", + "name": "layers", + "schema": { + "type": "boolean" + } + }, + { + "description": "Indicates whether to filter the base image for vulnerabilities. Requires predefined base images that have already been scanned.\nDefault is false.\n", + "in": "query", + "name": "filterBaseImage", + "schema": { + "type": "boolean" + } + }, + { + "description": "Provides the minimal image data. Information about vulnerabilities, compliance, and extended image metadata are skipped.\nDefault is false.\n", + "in": "query", + "name": "compact", + "schema": { + "type": "boolean" + } + }, + { + "description": "Filters the result based on whether an image is trusted or not trusted by a trusted image policy.\nUse filters: trusted or untrusted.\n", + "in": "query", + "name": "trustStatuses", + "schema": { + "description": "Filters the result based on whether an image is trusted or not trusted by a trusted image policy.\nUse filters: trusted or untrusted.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters the result based on cluster names.\n", + "in": "query", + "name": "clusters", + "schema": { + "description": "Filters the result based on cluster names.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters the result by compliance IDs.\n", + "in": "query", + "name": "complianceIDs", + "schema": { + "description": "Filters the result by compliance IDs.\n", + "items": { + "$ref": "#/components/schemas/int" + }, + "type": "array" + } + }, + { + "description": "Filters the result based on applied compliance rule name.\n", + "in": "query", + "name": "complianceRuleName", + "schema": { + "type": "string" + } + }, + { + "description": "Filters the result based on whether the images are scanned by App-Embedded Defenders.\nDefault is false.\n", + "in": "query", + "name": "appEmbedded", + "schema": { + "type": "boolean" + } + }, + { + "description": "Retrieves the result in the normalized form of low, medium, high, and critical based on vulnerability's severity level.\nDefault is false.\n", + "in": "query", + "name": "normalizedSeverity", + "schema": { + "type": "boolean" + } + }, + { + "description": "Indicates whether to retrieve host names that are scanned by agentless scanner.\nDefault is false.\n", + "in": "query", + "name": "agentless", + "schema": { + "type": "boolean" + } + }, + { + "description": "Filters only images scanned by CSA.\n", + "in": "query", + "name": "csa", + "schema": { + "type": "boolean" + } + }, + { + "description": "Filters results by uaiID.\n", + "in": "query", + "name": "uaiID", + "schema": { + "type": "string" + } + }, + { + "description": "Filters results by issue type.\n", + "in": "query", + "name": "issueType", + "schema": { + "description": "IssueType is used to filter scan results by issue type", + "enum": [ + [ + "vulnerabilities", + "compliance", + "" + ] + ], + "type": "string" + } + } + ], + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/-_shared.ImageScanResult" + } + } + }, + "description": "" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Images" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorImages" + }, + "operationId": "get-images", + "summary": "Get Image Scan Results" + } + }, + "/api/v33.03/images/download": { + "get": { + "description": { + "$ref": "desc/images/download_get.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Limit is the amount to fix.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Sorts the result using a key.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": "Filters the result based on image IDs.\n", + "in": "query", + "name": "id", + "schema": { + "description": "Filters the result based on image IDs.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters the result based on hostnames.\n", + "in": "query", + "name": "hostname", + "schema": { + "description": "Filters the result based on hostnames.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters the result based on image repository names.\n", + "in": "query", + "name": "repository", + "schema": { + "description": "Filters the result based on image repository names.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters the result based on image registry names.\n", + "in": "query", + "name": "registry", + "schema": { + "description": "Filters the result based on image registry names.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "List of fields to retrieve.\n", + "in": "query", + "name": "fields", + "schema": { + "description": "List of fields to retrieve.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters the result based on image names.\n", + "in": "query", + "name": "name", + "schema": { + "description": "Filters the result based on image names.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Indicates whether the CVEs are mapped to a specific image layer.\nDefault is false.\n", + "in": "query", + "name": "layers", + "schema": { + "type": "boolean" + } + }, + { + "description": "Indicates whether to filter the base image for vulnerabilities. Requires predefined base images that have already been scanned.\nDefault is false.\n", + "in": "query", + "name": "filterBaseImage", + "schema": { + "type": "boolean" + } + }, + { + "description": "Provides the minimal image data. Information about vulnerabilities, compliance, and extended image metadata are skipped.\nDefault is false.\n", + "in": "query", + "name": "compact", + "schema": { + "type": "boolean" + } + }, + { + "description": "Filters the result based on whether an image is trusted or not trusted by a trusted image policy.\nUse filters: trusted or untrusted.\n", + "in": "query", + "name": "trustStatuses", + "schema": { + "description": "Filters the result based on whether an image is trusted or not trusted by a trusted image policy.\nUse filters: trusted or untrusted.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters the result based on cluster names.\n", + "in": "query", + "name": "clusters", + "schema": { + "description": "Filters the result based on cluster names.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters the result by compliance IDs.\n", + "in": "query", + "name": "complianceIDs", + "schema": { + "description": "Filters the result by compliance IDs.\n", + "items": { + "$ref": "#/components/schemas/int" + }, + "type": "array" + } + }, + { + "description": "Filters the result based on applied compliance rule name.\n", + "in": "query", + "name": "complianceRuleName", + "schema": { + "type": "string" + } + }, + { + "description": "Filters the result based on whether the images are scanned by App-Embedded Defenders.\nDefault is false.\n", + "in": "query", + "name": "appEmbedded", + "schema": { + "type": "boolean" + } + }, + { + "description": "Retrieves the result in the normalized form of low, medium, high, and critical based on vulnerability's severity level.\nDefault is false.\n", + "in": "query", + "name": "normalizedSeverity", + "schema": { + "type": "boolean" + } + }, + { + "description": "Indicates whether to retrieve host names that are scanned by agentless scanner.\nDefault is false.\n", + "in": "query", + "name": "agentless", + "schema": { + "type": "boolean" + } + }, + { + "description": "Filters only images scanned by CSA.\n", + "in": "query", + "name": "csa", + "schema": { + "type": "boolean" + } + }, + { + "description": "Filters results by uaiID.\n", + "in": "query", + "name": "uaiID", + "schema": { + "type": "string" + } + }, + { + "description": "Filters results by issue type.\n", + "in": "query", + "name": "issueType", + "schema": { + "description": "IssueType is used to filter scan results by issue type", + "enum": [ + [ + "vulnerabilities", + "compliance", + "" + ] + ], + "type": "string" + } + } + ], + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Images" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorImages" + }, + "operationId": "get-images-download", + "summary": "Download Image Scan Results" + } + }, + "/api/v33.03/images/evaluate": { + "post": { + "description": { + "$ref": "desc/images/evaluate_get.md" + }, + "requestBody": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/api.ResolveImagesReq" + } + } + } + }, + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/api.ResolveImagesResp" + } + } + }, + "description": "ResolveImagesResp represents the images resolution API output" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Images" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorCI" + }, + "operationId": "post-images-evaluate", + "summary": "Resolve Images" + } + }, + "/api/v33.03/images/names": { + "get": { + "description": { + "$ref": "desc/images/names_get.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Limit is the amount to fix.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Sorts the result using a key.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": "Filters the result based on image IDs.\n", + "in": "query", + "name": "id", + "schema": { + "description": "Filters the result based on image IDs.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters the result based on hostnames.\n", + "in": "query", + "name": "hostname", + "schema": { + "description": "Filters the result based on hostnames.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters the result based on image repository names.\n", + "in": "query", + "name": "repository", + "schema": { + "description": "Filters the result based on image repository names.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters the result based on image registry names.\n", + "in": "query", + "name": "registry", + "schema": { + "description": "Filters the result based on image registry names.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "List of fields to retrieve.\n", + "in": "query", + "name": "fields", + "schema": { + "description": "List of fields to retrieve.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters the result based on image names.\n", + "in": "query", + "name": "name", + "schema": { + "description": "Filters the result based on image names.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Indicates whether the CVEs are mapped to a specific image layer.\nDefault is false.\n", + "in": "query", + "name": "layers", + "schema": { + "type": "boolean" + } + }, + { + "description": "Indicates whether to filter the base image for vulnerabilities. Requires predefined base images that have already been scanned.\nDefault is false.\n", + "in": "query", + "name": "filterBaseImage", + "schema": { + "type": "boolean" + } + }, + { + "description": "Provides the minimal image data. Information about vulnerabilities, compliance, and extended image metadata are skipped.\nDefault is false.\n", + "in": "query", + "name": "compact", + "schema": { + "type": "boolean" + } + }, + { + "description": "Filters the result based on whether an image is trusted or not trusted by a trusted image policy.\nUse filters: trusted or untrusted.\n", + "in": "query", + "name": "trustStatuses", + "schema": { + "description": "Filters the result based on whether an image is trusted or not trusted by a trusted image policy.\nUse filters: trusted or untrusted.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters the result based on cluster names.\n", + "in": "query", + "name": "clusters", + "schema": { + "description": "Filters the result based on cluster names.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters the result by compliance IDs.\n", + "in": "query", + "name": "complianceIDs", + "schema": { + "description": "Filters the result by compliance IDs.\n", + "items": { + "$ref": "#/components/schemas/int" + }, + "type": "array" + } + }, + { + "description": "Filters the result based on applied compliance rule name.\n", + "in": "query", + "name": "complianceRuleName", + "schema": { + "type": "string" + } + }, + { + "description": "Filters the result based on whether the images are scanned by App-Embedded Defenders.\nDefault is false.\n", + "in": "query", + "name": "appEmbedded", + "schema": { + "type": "boolean" + } + }, + { + "description": "Retrieves the result in the normalized form of low, medium, high, and critical based on vulnerability's severity level.\nDefault is false.\n", + "in": "query", + "name": "normalizedSeverity", + "schema": { + "type": "boolean" + } + }, + { + "description": "Indicates whether to retrieve host names that are scanned by agentless scanner.\nDefault is false.\n", + "in": "query", + "name": "agentless", + "schema": { + "type": "boolean" + } + }, + { + "description": "Filters only images scanned by CSA.\n", + "in": "query", + "name": "csa", + "schema": { + "type": "boolean" + } + }, + { + "description": "Filters results by uaiID.\n", + "in": "query", + "name": "uaiID", + "schema": { + "type": "string" + } + }, + { + "description": "Filters results by issue type.\n", + "in": "query", + "name": "issueType", + "schema": { + "description": "IssueType is used to filter scan results by issue type", + "enum": [ + [ + "vulnerabilities", + "compliance", + "" + ] + ], + "type": "string" + } + } + ], + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/-_string" + } + } + }, + "description": "" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Images" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorImages" + }, + "operationId": "get-images-names", + "summary": "Get Image Names" + } + }, + "/api/v33.03/images/scan": { + "post": { + "description": { + "$ref": "desc/images/scan_post.md" + }, + "requestBody": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/types.ImageScanOptions" + } + } + } + }, + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Images" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorImages" + }, + "operationId": "post-images-scan", + "summary": "Start Image Scan" + } + }, + "/api/v33.03/images/twistlock_defender_app_embedded.tar.gz": { + "get": { + "description": { + "$ref": "desc/images/twistlock_defender_app_embedded_tar_gz_get.md" + }, + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Images" + ], + "x-prisma-cloud-target-env": { + "permission": "manageDefenders" + }, + "operationId": "get-images-twistlock_defender_app_embedded.tar.gz", + "summary": "Download App Embedded Defender" + } + }, + "/api/v33.03/images/twistlock_defender_layer.zip": { + "post": { + "description": { + "$ref": "desc/images/twistlock_defender_layer_zip_post.md" + }, + "requestBody": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/shared.ServerlessLayerBundleRequest" + } + } + } + }, + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Images" + ], + "x-prisma-cloud-target-env": { + "permission": "manageDefenders" + }, + "operationId": "post-images-twistlock_defender_layer.zip", + "summary": "Download Serverless Layer Bundle" + } + }, + "/api/v33.03/policies/compliance/ci/images": { + "get": { + "description": { + "$ref": "desc/policies/compliance_ci_images_get.md" + }, + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/shared.Policy" + } + } + }, + "description": "Policy represents a policy that should be enforced by the Auditor" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Policies" + ], + "x-prisma-cloud-target-env": { + "permission": "policyContainers" + }, + "operationId": "get-policies-compliance-ci-images", + "summary": "Get Continuous Integration (CI) Image Compliance Policy" + }, + "put": { + "description": { + "$ref": "desc/policies/compliance_ci_images_put.md" + }, + "requestBody": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/shared.Policy" + } + } + } + }, + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Policies" + ], + "x-prisma-cloud-target-env": { + "permission": "policyContainers" + }, + "operationId": "put-policies-compliance-ci-images", + "summary": "Update Continuous Integration (CI) Image Compliance Policy" + } + }, + "/api/v33.03/policies/compliance/ci/serverless": { + "get": { + "description": { + "$ref": "desc/policies/compliance_ci_serverless_get.md" + }, + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/shared.Policy" + } + } + }, + "description": "Policy represents a policy that should be enforced by the Auditor" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Policies" + ], + "x-prisma-cloud-target-env": { + "permission": "policyServerless" + }, + "operationId": "get-policies-compliance-ci-serverless", + "summary": "Get Continuous Integration (CI) Serverless Compliance Policy" + }, + "put": { + "description": { + "$ref": "desc/policies/compliance_ci_serverless_put.md" + }, + "requestBody": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/shared.Policy" + } + } + } + }, + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Policies" + ], + "x-prisma-cloud-target-env": { + "permission": "policyServerless" + }, + "operationId": "put-policies-compliance-ci-serverless", + "summary": "Update Continuous Integration (CI) Serverless Compliance Policy" + } + }, + "/api/v33.03/policies/compliance/container": { + "get": { + "description": { + "$ref": "desc/policies/compliance_container_get.md" + }, + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/shared.Policy" + } + } + }, + "description": "Policy represents a policy that should be enforced by the Auditor" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Policies" + ], + "x-prisma-cloud-target-env": { + "permission": "policyContainers" + }, + "operationId": "get-policies-compliance-container", + "summary": "Get Container Compliance Policy" + }, + "put": { + "description": { + "$ref": "desc/policies/compliance_container_put.md" + }, + "requestBody": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/shared.Policy" + } + } + } + }, + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Policies" + ], + "x-prisma-cloud-target-env": { + "permission": "policyContainers" + }, + "operationId": "put-policies-compliance-container", + "summary": "Update Container Compliance Policy" + } + }, + "/api/v33.03/policies/compliance/container/impacted": { + "get": { + "description": { + "$ref": "desc/policies/compliance_container_impacted_get.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Limit is the amount to fix.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Sorts the result using a key.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": "RuleName is the rule name to apply.\n", + "in": "query", + "name": "ruleName", + "schema": { + "type": "string" + } + } + ], + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/-_shared.ImageScanResult" + } + } + }, + "description": "" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Policies" + ], + "x-prisma-cloud-target-env": { + "permission": "policyContainers" + }, + "operationId": "get-policies-compliance-container-impacted", + "summary": "Get Impacted Container Compliance Policy" + } + }, + "/api/v33.03/policies/compliance/host": { + "get": { + "description": { + "$ref": "desc/policies/compliance_host_get.md" + }, + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/shared.Policy" + } + } + }, + "description": "Policy represents a policy that should be enforced by the Auditor" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Policies" + ], + "x-prisma-cloud-target-env": { + "permission": "policyHosts" + }, + "operationId": "get-policies-compliance-host", + "summary": "Get Host Compliance Policy" + }, + "put": { + "description": { + "$ref": "desc/policies/compliance_host_put.md" + }, + "requestBody": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/shared.Policy" + } + } + } + }, + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Policies" + ], + "x-prisma-cloud-target-env": { + "permission": "policyHosts" + }, + "operationId": "put-policies-compliance-host", + "summary": "Update Host Compliance Policy" + } + }, + "/api/v33.03/policies/compliance/serverless": { + "get": { + "description": { + "$ref": "desc/policies/compliance_serverless_get.md" + }, + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/shared.Policy" + } + } + }, + "description": "Policy represents a policy that should be enforced by the Auditor" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Policies" + ], + "x-prisma-cloud-target-env": { + "permission": "policyServerless" + }, + "operationId": "get-policies-compliance-serverless", + "summary": "Get Serverless Compliance Policy" + }, + "put": { + "description": { + "$ref": "desc/policies/compliance_serverless_put.md" + }, + "requestBody": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/shared.Policy" + } + } + } + }, + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Policies" + ], + "x-prisma-cloud-target-env": { + "permission": "policyServerless" + }, + "operationId": "put-policies-compliance-serverless", + "summary": "Update Serverless Compliance Policy" + } + }, + "/api/v33.03/policies/compliance/vms/impacted": { + "get": { + "description": { + "$ref": "desc/policies/compliance_vms_impacted_get.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Limit is the amount to fix.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Sorts the result using a key.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": "RuleName is the rule name to apply.\n", + "in": "query", + "name": "ruleName", + "schema": { + "type": "string" + } + } + ], + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/-_shared.ImageScanResult" + } + } + }, + "description": "" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Policies" + ], + "x-prisma-cloud-target-env": { + "permission": "policyHosts" + }, + "operationId": "get-policies-compliance-vms-impacted", + "summary": "Get Impacted VMs Compliance Policy" + } + }, + "/api/v33.03/policies/firewall/app/agentless": { + "get": { + "description": { + "$ref": "desc/policies/firewall_app_agentless_get.md" + }, + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/waas.Policy" + } + } + }, + "description": "Policy representation details" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Policies" + ], + "x-prisma-cloud-target-env": { + "permission": "policyWAAS" + }, + "operationId": "get-policies-firewall-app-agentless", + "summary": "Get Agentless App Firewall Policy" + }, + "put": { + "description": { + "$ref": "desc/policies/firewall_app_agentless_put.md" + }, + "requestBody": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/waas.Policy" + } + } + } + }, + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Policies" + ], + "x-prisma-cloud-target-env": { + "permission": "policyWAAS" + }, + "operationId": "put-policies-firewall-app-agentless", + "summary": "Set Agentless App Firewall Policy" + } + }, + "/api/v33.03/policies/firewall/app/agentless/impacted": { + "get": { + "description": { + "$ref": "desc/policies/firewall_app_agentless_impacted_get.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Limit is the amount to fix.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Sorts the result using a key.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": "RuleName is the rule name to apply.\n", + "in": "query", + "name": "ruleName", + "schema": { + "type": "string" + } + } + ], + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/-_waas.VPCConfigMirroredResource" + } + } + }, + "description": "" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Policies" + ], + "x-prisma-cloud-target-env": { + "permission": "policyWAAS" + }, + "operationId": "get-policies-firewall-app-agentless-impacted", + "summary": "Get Agentless App Firewall Policy Impacted" + } + }, + "/api/v33.03/policies/firewall/app/agentless/resources": { + "get": { + "description": { + "$ref": "desc/policies/firewall_app_agentless_resources_get.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Limit is the amount to fix.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Sorts the result using a key.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": "ConfigID is the ID of the VPC configuration.\n", + "in": "query", + "name": "configID", + "schema": { + "type": "string" + } + } + ], + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/-_waas.VPCConfigResource" + } + } + }, + "description": "" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Policies" + ], + "x-prisma-cloud-target-env": { + "permission": "policyWAAS" + }, + "operationId": "get-policies-firewall-app-agentless-resources", + "summary": "Get Agentless App Firewall Policy Resources" + } + }, + "/api/v33.03/policies/firewall/app/agentless/state": { + "get": { + "description": { + "$ref": "desc/policies/firewall_app_agentless_state_get.md" + }, + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/waas.AgentlessPolicyState" + } + } + }, + "description": "AgentlessPolicyState is the state of the agentless policy" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Policies" + ], + "x-prisma-cloud-target-env": { + "permission": "policyWAAS" + }, + "operationId": "get-policies-firewall-app-agentless-state", + "summary": "Get Agentless App Firewall Policy State" + } + }, + "/api/v33.03/policies/firewall/app/apispec": { + "post": { + "description": { + "$ref": "desc/policies/firewall_app_apispec_post.md" + }, + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/waas.APISpec" + } + } + }, + "description": "APISpec is an API specification" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Policies" + ], + "x-prisma-cloud-target-env": { + "permission": "policyWAAS" + }, + "operationId": "post-policies-firewall-app-apispec", + "summary": "Generate a WAAS API Specification Object" + } + }, + "/api/v33.03/policies/firewall/app/app-embedded": { + "get": { + "description": { + "$ref": "desc/policies/firewall_app-embedded_get.md" + }, + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/waas.Policy" + } + } + }, + "description": "Policy representation details" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Policies" + ], + "x-prisma-cloud-target-env": { + "permission": "policyWAAS" + }, + "operationId": "get-policies-firewall-app-app-embedded", + "summary": "Get WAAS App-embedded Policy" + }, + "put": { + "description": { + "$ref": "desc/policies/firewall_app-embedded_put.md" + }, + "requestBody": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/waas.Policy" + } + } + } + }, + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Policies" + ], + "x-prisma-cloud-target-env": { + "permission": "policyWAAS" + }, + "operationId": "put-policies-firewall-app-app-embedded", + "summary": "Update WAAS App-embedded Policy" + } + }, + "/api/v33.03/policies/firewall/app/container": { + "get": { + "description": { + "$ref": "desc/policies/firewall_app_container_get.md" + }, + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/waas.Policy" + } + } + }, + "description": "Policy representation details" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Policies" + ], + "x-prisma-cloud-target-env": { + "permission": "policyWAAS" + }, + "operationId": "get-policies-firewall-app-container", + "summary": "Get WAAS Container Policy" + }, + "put": { + "description": { + "$ref": "desc/policies/firewall_app_container_put.md" + }, + "requestBody": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/waas.Policy" + } + } + } + }, + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Policies" + ], + "x-prisma-cloud-target-env": { + "permission": "policyWAAS" + }, + "operationId": "put-policies-firewall-app-container", + "summary": "Update WAAS Container Policy" + } + }, + "/api/v33.03/policies/firewall/app/container/impacted": { + "get": { + "description": { + "$ref": "desc/policies/firewall_app_container_impacted_get.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Limit is the amount to fix.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Sorts the result using a key.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": "RuleName is the rule name to apply.\n", + "in": "query", + "name": "ruleName", + "schema": { + "type": "string" + } + } + ], + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/-_shared.ContainerScanResult" + } + } + }, + "description": "" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Policies" + ], + "x-prisma-cloud-target-env": { + "permission": "policyWAAS" + }, + "operationId": "get-policies-firewall-app-container-impacted", + "summary": "Container App Firewall Policy Impacted" + } + }, + "/api/v33.03/policies/firewall/app/host": { + "get": { + "description": { + "$ref": "desc/policies/firewall_app_host_get.md" + }, + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/waas.Policy" + } + } + }, + "description": "Policy representation details" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Policies" + ], + "x-prisma-cloud-target-env": { + "permission": "policyWAAS" + }, + "operationId": "get-policies-firewall-app-host", + "summary": "Get WAAS Host Policy" + }, + "put": { + "description": { + "$ref": "desc/policies/firewall_app_host_put.md" + }, + "requestBody": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/waas.Policy" + } + } + } + }, + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Policies" + ], + "x-prisma-cloud-target-env": { + "permission": "policyWAAS" + }, + "operationId": "put-policies-firewall-app-host", + "summary": "Update WAAS Host Policy" + } + }, + "/api/v33.03/policies/firewall/app/host/impacted": { + "get": { + "description": { + "$ref": "desc/policies/firewall_app_host_impacted_get.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Limit is the amount to fix.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Sorts the result using a key.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": "RuleName is the rule name to apply.\n", + "in": "query", + "name": "ruleName", + "schema": { + "type": "string" + } + } + ], + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/-_shared.ImageScanResult" + } + } + }, + "description": "" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Policies" + ], + "x-prisma-cloud-target-env": { + "permission": "policyWAAS" + }, + "operationId": "get-policies-firewall-app-host-impacted", + "summary": "Host App Firewall Policy Impacted" + } + }, + "/api/v33.03/policies/firewall/app/network-list": { + "get": { + "description": { + "$ref": "desc/policies/firewall_app_network_list_get.md" + }, + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/-_waas.NetworkList" + } + } + }, + "description": "" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Policies" + ], + "x-prisma-cloud-target-env": { + "permission": "policyWAAS" + }, + "operationId": "get-policies-firewall-app-network-list", + "summary": "Get WAAS Network List" + }, + "post": { + "description": { + "$ref": "desc/policies/firewall_app_network_list_post.md" + }, + "requestBody": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/waas.NetworkList" + } + } + } + }, + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Policies" + ], + "x-prisma-cloud-target-env": { + "permission": "policyWAAS" + }, + "operationId": "post-policies-firewall-app-network-list", + "summary": "Add WAAS Network List" + }, + "put": { + "description": { + "$ref": "desc/policies/firewall_app_network_list_put.md" + }, + "requestBody": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/waas.NetworkList" + } + } + } + }, + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Policies" + ], + "x-prisma-cloud-target-env": { + "permission": "policyWAAS" + }, + "operationId": "put-policies-firewall-app-network-list", + "summary": "Update WAAS Network List" + } + }, + "/api/v33.03/policies/firewall/app/network-list/{id}": { + "delete": { + "description": { + "$ref": "desc/policies/firewall_app_network_list_id_delete.md" + }, + "parameters": [ + { + "in": "path", + "name": "id", + "required": true, + "schema": { + "type": "string" + } + } + ], + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Policies" + ], + "x-prisma-cloud-target-env": { + "permission": "policyWAAS" + }, + "operationId": "delete-policies-firewall-app-network-list-id", + "summary": "Delete WAAS Network List" + } + }, + "/api/v33.03/policies/firewall/app/out-of-band": { + "get": { + "description": { + "$ref": "desc/policies/firewall_app_out-of-band_get.md" + }, + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/waas.Policy" + } + } + }, + "description": "Policy representation details" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Policies" + ], + "x-prisma-cloud-target-env": { + "permission": "policyWAAS" + }, + "operationId": "get-policies-firewall-app-out-of-band", + "summary": "Get Out-of-Band WAAS Policy" + }, + "put": { + "description": { + "$ref": "desc/policies/firewall_app_out-of-band_put.md" + }, + "requestBody": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/waas.Policy" + } + } + } + }, + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Policies" + ], + "x-prisma-cloud-target-env": { + "permission": "policyWAAS" + }, + "operationId": "put-policies-firewall-app-out-of-band", + "summary": "Update Out-of-Band WAAS Policy" + } + }, + "/api/v33.03/policies/firewall/app/out-of-band/impacted": { + "get": { + "description": { + "$ref": "desc/policies/firewall_app_out-of-band_impacted_get.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Limit is the amount to fix.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Sorts the result using a key.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": "RuleName is the rule name to apply.\n", + "in": "query", + "name": "ruleName", + "schema": { + "type": "string" + } + } + ], + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/-_types.ImpactedOutOfBandEntity" + } + } + }, + "description": "" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Policies" + ], + "x-prisma-cloud-target-env": { + "permission": "policyWAAS" + }, + "operationId": "get-policies-firewall-app-out-of-band-impacted", + "summary": "Get Impacted Resources for Out-of-Band WAAS Policy" + } + }, + "/api/v33.03/policies/firewall/app/serverless": { + "get": { + "description": { + "$ref": "desc/policies/firewall_app_serverless_get.md" + }, + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/waas.Policy" + } + } + }, + "description": "Policy representation details" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Policies" + ], + "x-prisma-cloud-target-env": { + "permission": "policyWAAS" + }, + "operationId": "get-policies-firewall-app-serverless", + "summary": "Get WAAS Serverless Policy" + }, + "put": { + "description": { + "$ref": "desc/policies/firewall_app_serverless_put.md" + }, + "requestBody": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/waas.Policy" + } + } + } + }, + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Policies" + ], + "x-prisma-cloud-target-env": { + "permission": "policyWAAS" + }, + "operationId": "put-policies-firewall-app-serverless", + "summary": "Update WAAS Serverless Policy" + } + }, + "/api/v33.03/policies/firewall/network": { + "get": { + "description": { + "$ref": "desc/policies/firewall_network_container_get.md" + }, + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/cnnf.Policy" + } + } + }, + "description": "Policy holds the data for firewall policies (host and container)" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Policies" + ], + "x-prisma-cloud-target-env": { + "permission": "policyCNNF" + }, + "operationId": "get-policies-firewall-network", + "summary": "Get CNNS Container and Host Policy" + }, + "put": { + "description": { + "$ref": "desc/policies/firewall_network_container_put.md" + }, + "requestBody": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/cnnf.Policy" + } + } + } + }, + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Policies" + ], + "x-prisma-cloud-target-env": { + "permission": "policyCNNF" + }, + "operationId": "put-policies-firewall-network", + "summary": "Update CNNS Container and Host Policy" + } + }, + "/api/v33.03/policies/runtime/app-embedded": { + "get": { + "description": { + "$ref": "desc/policies/runtime_app-embedded_get.md" + }, + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/runtime.AppEmbeddedPolicy" + } + } + }, + "description": "AppEmbeddedPolicy represents a runtime policy enforced for a given running resource" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Policies" + ], + "x-prisma-cloud-target-env": { + "permission": "policyRuntimeServerless" + }, + "operationId": "get-policies-runtime-app-embedded", + "summary": "Get Runtime App-embedded Policy" + }, + "post": { + "description": { + "$ref": "desc/policies/runtime_app-embedded_post.md" + }, + "requestBody": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/runtime.AppEmbeddedPolicyRule" + } + } + } + }, + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Policies" + ], + "x-prisma-cloud-target-env": { + "permission": "policyRuntimeServerless" + }, + "operationId": "post-policies-runtime-app-embedded", + "summary": "Add Runtime App-embedded Policy" + }, + "put": { + "description": { + "$ref": "desc/policies/runtime_app-embedded_put.md" + }, + "requestBody": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/runtime.AppEmbeddedPolicy" + } + } + } + }, + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Policies" + ], + "x-prisma-cloud-target-env": { + "permission": "policyRuntimeServerless" + }, + "operationId": "put-policies-runtime-app-embedded", + "summary": "Update Runtime App-embedded Policy" + } + }, + "/api/v33.03/policies/runtime/container": { + "get": { + "description": { + "$ref": "desc/policies/runtime_container_get.md" + }, + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/runtime.ContainerPolicy" + } + } + }, + "description": "ContainerPolicy represents a runtime policy enforced for a given running resource" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Policies" + ], + "x-prisma-cloud-target-env": { + "permission": "policyRuntimeContainer" + }, + "operationId": "get-policies-runtime-container", + "summary": "Get Runtime Container Policy" + }, + "post": { + "description": { + "$ref": "desc/policies/runtime_container_post.md" + }, + "requestBody": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/runtime.ContainerPolicyRule" + } + } + } + }, + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Policies" + ], + "x-prisma-cloud-target-env": { + "permission": "policyRuntimeContainer" + }, + "operationId": "post-policies-runtime-container", + "summary": "Update Runtime Container Policy" + }, + "put": { + "description": { + "$ref": "desc/policies/runtime_container_put.md" + }, + "requestBody": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/runtime.ContainerPolicy" + } + } + } + }, + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Policies" + ], + "x-prisma-cloud-target-env": { + "permission": "policyRuntimeContainer" + }, + "operationId": "put-policies-runtime-container", + "summary": "Set Container Runtime Policy" + } + }, + "/api/v33.03/policies/runtime/container/impacted": { + "get": { + "description": { + "$ref": "desc/policies/runtime_container_impacted_get.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Limit is the amount to fix.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Sorts the result using a key.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": "RuleName is the rule name to apply.\n", + "in": "query", + "name": "ruleName", + "schema": { + "type": "string" + } + } + ], + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/-_shared.ContainerScanResult" + } + } + }, + "description": "" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Policies" + ], + "x-prisma-cloud-target-env": { + "permission": "policyRuntimeContainer" + }, + "operationId": "get-policies-runtime-container-impacted", + "summary": "Update Runtime Impacted Container Policy" + } + }, + "/api/v33.03/policies/runtime/host": { + "get": { + "description": { + "$ref": "desc/policies/runtime_host_get.md" + }, + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/runtime.HostPolicy" + } + } + }, + "description": "HostPolicy represents a host runtime policy enforced for a given running resource" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Policies" + ], + "x-prisma-cloud-target-env": { + "permission": "policyRuntimeHosts" + }, + "operationId": "get-policies-runtime-host", + "summary": "Get Runtime Host Policy" + }, + "post": { + "description": { + "$ref": "desc/policies/runtime_host_post.md" + }, + "requestBody": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/runtime.HostPolicyRule" + } + } + } + }, + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Policies" + ], + "x-prisma-cloud-target-env": { + "permission": "policyRuntimeHosts" + }, + "operationId": "post-policies-runtime-host", + "summary": "Update Runtime Host Policy" + }, + "put": { + "description": { + "$ref": "desc/policies/runtime_host_put.md" + }, + "requestBody": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/runtime.HostPolicy" + } + } + } + }, + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Policies" + ], + "x-prisma-cloud-target-env": { + "permission": "policyRuntimeHosts" + }, + "operationId": "put-policies-runtime-host", + "summary": "Set Host Runtime Policy" + } + }, + "/api/v33.03/policies/runtime/serverless": { + "get": { + "description": { + "$ref": "desc/policies/runtime_serverless_get.md" + }, + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/runtime.ServerlessPolicy" + } + } + }, + "description": "ServerlessPolicy represents a serverless runtime policy enforced for a given running resource" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Policies" + ], + "x-prisma-cloud-target-env": { + "permission": "policyRuntimeServerless" + }, + "operationId": "get-policies-runtime-serverless", + "summary": "Get Runtime Serverless Policy" + }, + "post": { + "description": { + "$ref": "desc/policies/runtime_serverless_post.md" + }, + "requestBody": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/runtime.ServerlessPolicyRule" + } + } + } + }, + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Policies" + ], + "x-prisma-cloud-target-env": { + "permission": "policyRuntimeServerless" + }, + "operationId": "post-policies-runtime-serverless", + "summary": "Update Runtime Serverless Policy" + }, + "put": { + "description": { + "$ref": "desc/policies/runtime_serverless_put.md" + }, + "requestBody": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/runtime.ServerlessPolicy" + } + } + } + }, + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Policies" + ], + "x-prisma-cloud-target-env": { + "permission": "policyRuntimeServerless" + }, + "operationId": "put-policies-runtime-serverless", + "summary": "Set Serverless Runtime Policy" + } + }, + "/api/v33.03/policies/vulnerability/base-images": { + "get": { + "description": { + "$ref": "desc/policies/vulnerability_base_images_get.md" + }, + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/-_types.BaseImagesRule" + } + } + }, + "description": "" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Policies" + ], + "x-prisma-cloud-target-env": { + "permission": "policyContainers" + }, + "operationId": "get-policies-vulnerability-base-images", + "summary": "Get Base Images Rules" + }, + "post": { + "description": { + "$ref": "desc/policies/vulnerability_base_images_post.md" + }, + "requestBody": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/types.BaseImagesRule" + } + } + } + }, + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Policies" + ], + "x-prisma-cloud-target-env": { + "permission": "policyContainers" + }, + "operationId": "post-policies-vulnerability-base-images", + "summary": "Add Base Images Rule" + } + }, + "/api/v33.03/policies/vulnerability/base-images/download": { + "get": { + "description": { + "$ref": "desc/policies/vulnerability_base_images_download.md" + }, + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Policies" + ], + "x-prisma-cloud-target-env": { + "permission": "policyContainers" + }, + "operationId": "get-policies-vulnerability-base-images-download", + "summary": "Download Base Images Rules" + } + }, + "/api/v33.03/policies/vulnerability/base-images/{id}": { + "delete": { + "description": { + "$ref": "desc/policies/vulnerability_base_images_id_delete.md" + }, + "parameters": [ + { + "in": "path", + "name": "id", + "required": true, + "schema": { + "type": "string" + } + } + ], + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Policies" + ], + "x-prisma-cloud-target-env": { + "permission": "policyContainers" + }, + "operationId": "delete-policies-vulnerability-base-images-id", + "summary": "Delete Base Images Rule" + } + }, + "/api/v33.03/policies/vulnerability/ci/images": { + "get": { + "description": { + "$ref": "desc/policies/vulnerability_ci_images_get.md" + }, + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/shared.Policy" + } + } + }, + "description": "Policy represents a policy that should be enforced by the Auditor" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Policies" + ], + "x-prisma-cloud-target-env": { + "permission": "policyContainers" + }, + "operationId": "get-policies-vulnerability-ci-images", + "summary": "Get CI Image Vulnerability Policy" + }, + "put": { + "description": { + "$ref": "desc/policies/vulnerability_ci_images_put.md" + }, + "requestBody": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/shared.Policy" + } + } + } + }, + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Policies" + ], + "x-prisma-cloud-target-env": { + "permission": "policyContainers" + }, + "operationId": "put-policies-vulnerability-ci-images", + "summary": "Update CI Image Vulnerability Policy" + } + }, + "/api/v33.03/policies/vulnerability/ci/serverless": { + "get": { + "description": { + "$ref": "desc/policies/vulnerability_ci_serverless_get.md" + }, + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/shared.Policy" + } + } + }, + "description": "Policy represents a policy that should be enforced by the Auditor" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Policies" + ], + "x-prisma-cloud-target-env": { + "permission": "policyServerless" + }, + "operationId": "get-policies-vulnerability-ci-serverless", + "summary": "Get CI Serverless Vulnerability Policy" + }, + "put": { + "description": { + "$ref": "desc/policies/vulnerability_ci_serverless_put.md" + }, + "requestBody": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/shared.Policy" + } + } + } + }, + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Policies" + ], + "x-prisma-cloud-target-env": { + "permission": "policyServerless" + }, + "operationId": "put-policies-vulnerability-ci-serverless", + "summary": "Update CI Serverless Vulnerability Policy" + } + }, + "/api/v33.03/policies/vulnerability/host": { + "get": { + "description": { + "$ref": "desc/policies/vulnerability_host_get.md" + }, + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/shared.Policy" + } + } + }, + "description": "Policy represents a policy that should be enforced by the Auditor" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Policies" + ], + "x-prisma-cloud-target-env": { + "permission": "policyHosts" + }, + "operationId": "get-policies-vulnerability-host", + "summary": "Get Host Vulnerability Policy" + }, + "put": { + "description": { + "$ref": "desc/policies/vulnerability_host_put.md" + }, + "requestBody": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/shared.Policy" + } + } + } + }, + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Policies" + ], + "x-prisma-cloud-target-env": { + "permission": "policyHosts" + }, + "operationId": "put-policies-vulnerability-host", + "summary": "Update Host Vulnerability Policy" + } + }, + "/api/v33.03/policies/vulnerability/host/impacted": { + "get": { + "description": { + "$ref": "desc/policies/vulnerability_host_impacted_get.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Limit is the amount to fix.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Sorts the result using a key.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": "RuleName is the rule name to apply.\n", + "in": "query", + "name": "ruleName", + "schema": { + "type": "string" + } + } + ], + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/-_shared.ImageScanResult" + } + } + }, + "description": "" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Policies" + ], + "x-prisma-cloud-target-env": { + "permission": "policyHosts" + }, + "operationId": "get-policies-vulnerability-host-impacted", + "summary": "Get Impacted Host Vulnerability Policy" + } + }, + "/api/v33.03/policies/vulnerability/images": { + "get": { + "description": { + "$ref": "desc/policies/vulnerability_images_get.md" + }, + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/shared.Policy" + } + } + }, + "description": "Policy represents a policy that should be enforced by the Auditor" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Policies" + ], + "x-prisma-cloud-target-env": { + "permission": "policyContainers" + }, + "operationId": "get-policies-vulnerability-images", + "summary": "Get Image Vulnerability Policy" + }, + "put": { + "description": { + "$ref": "desc/policies/vulnerability_images_put.md" + }, + "requestBody": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/shared.Policy" + } + } + } + }, + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Policies" + ], + "x-prisma-cloud-target-env": { + "permission": "policyContainers" + }, + "operationId": "put-policies-vulnerability-images", + "summary": "Update Image Vulnerability Policy" + } + }, + "/api/v33.03/policies/vulnerability/images/impacted": { + "get": { + "description": { + "$ref": "desc/policies/vulnerability_images_impacted_get.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Limit is the amount to fix.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Sorts the result using a key.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": "RuleName is the rule name to apply.\n", + "in": "query", + "name": "ruleName", + "schema": { + "type": "string" + } + } + ], + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/-_shared.ImageScanResult" + } + } + }, + "description": "" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Policies" + ], + "x-prisma-cloud-target-env": { + "permission": "policyContainers" + }, + "operationId": "get-policies-vulnerability-images-impacted", + "summary": "Get Impacted Image Vulnerability Policy" + } + }, + "/api/v33.03/policies/vulnerability/serverless": { + "get": { + "description": { + "$ref": "desc/policies/vulnerability_serverless_get.md" + }, + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/shared.Policy" + } + } + }, + "description": "Policy represents a policy that should be enforced by the Auditor" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Policies" + ], + "x-prisma-cloud-target-env": { + "permission": "policyServerless" + }, + "operationId": "get-policies-vulnerability-serverless", + "summary": "Get Serverless Vulnerability Policy" + }, + "put": { + "description": { + "$ref": "desc/policies/vulnerability_serverless_put.md" + }, + "requestBody": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/shared.Policy" + } + } + } + }, + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Policies" + ], + "x-prisma-cloud-target-env": { + "permission": "policyServerless" + }, + "operationId": "put-policies-vulnerability-serverless", + "summary": "Update Serverless Vulnerability Policy" + } + }, + "/api/v33.03/profiles/app-embedded": { + "get": { + "description": { + "$ref": "desc/profiles/app-embedded_get.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Limit is the amount to fix.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Sorts the result using a key.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": "IDs is the runtime profile id filter.\n", + "in": "query", + "name": "id", + "schema": { + "description": "IDs is the runtime profile id filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "AppIDs is the app embedded profile app IDs filter.\n", + "in": "query", + "name": "appID", + "schema": { + "description": "AppIDs is the app embedded profile app IDs filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Containers is the app embedded container filter.\n", + "in": "query", + "name": "container", + "schema": { + "description": "Containers is the app embedded container filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Images is the app embedded images filter.\n", + "in": "query", + "name": "image", + "schema": { + "description": "Images is the app embedded images filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Clusters is the app embedded clusters filter.\n", + "in": "query", + "name": "cluster", + "schema": { + "description": "Clusters is the app embedded clusters filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "ImageIDs is the app embedded image IDs filter.\n", + "in": "query", + "name": "imageID", + "schema": { + "description": "ImageIDs is the app embedded image IDs filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + } + ], + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/-_shared.AppEmbeddedRuntimeProfile" + } + } + }, + "description": "" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Profiles" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorRuntimeServerless" + }, + "operationId": "get-profiles-app-embedded", + "summary": "Get App-embedded Profiles" + } + }, + "/api/v33.03/profiles/app-embedded/download": { + "get": { + "description": { + "$ref": "desc/profiles/app-embedded_download_get.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Limit is the amount to fix.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Sorts the result using a key.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": "IDs is the runtime profile id filter.\n", + "in": "query", + "name": "id", + "schema": { + "description": "IDs is the runtime profile id filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "AppIDs is the app embedded profile app IDs filter.\n", + "in": "query", + "name": "appID", + "schema": { + "description": "AppIDs is the app embedded profile app IDs filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Containers is the app embedded container filter.\n", + "in": "query", + "name": "container", + "schema": { + "description": "Containers is the app embedded container filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Images is the app embedded images filter.\n", + "in": "query", + "name": "image", + "schema": { + "description": "Images is the app embedded images filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Clusters is the app embedded clusters filter.\n", + "in": "query", + "name": "cluster", + "schema": { + "description": "Clusters is the app embedded clusters filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "ImageIDs is the app embedded image IDs filter.\n", + "in": "query", + "name": "imageID", + "schema": { + "description": "ImageIDs is the app embedded image IDs filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + } + ], + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Profiles" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorRuntimeServerless" + }, + "operationId": "get-profiles-app-embedded-download", + "summary": "Download App-embedded Profiles" + } + }, + "/api/v33.03/profiles/container": { + "get": { + "description": { + "$ref": "desc/profiles/container_get.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Limit is the amount to fix.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Sorts the result using a key.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": "IDs is the runtime profile id filter.\n", + "in": "query", + "name": "id", + "schema": { + "description": "IDs is the runtime profile id filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "OS is the service runtime profile OS filter.\n", + "in": "query", + "name": "os", + "schema": { + "description": "OS is the service runtime profile OS filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "States is the runtime profile state filter.\n", + "in": "query", + "name": "state", + "schema": { + "description": "States is the runtime profile state filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "ImageIDs is the runtime profile image id filter.\n", + "in": "query", + "name": "imageID", + "schema": { + "description": "ImageIDs is the runtime profile image id filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Images is the runtime profile image filter.\n", + "in": "query", + "name": "image", + "schema": { + "description": "Images is the runtime profile image filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Hosts is the runtime profile hostname filter.\n", + "in": "query", + "name": "hostName", + "schema": { + "description": "Hosts is the runtime profile hostname filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Namespaces is the runtime profile k8s namespace filter.\n", + "in": "query", + "name": "namespace", + "schema": { + "description": "Namespaces is the runtime profile k8s namespace filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Clusters is the runtime profile k8s cluster filter.\n", + "in": "query", + "name": "cluster", + "schema": { + "description": "Clusters is the runtime profile k8s cluster filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + } + ], + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/-_shared.ContainerRuntimeProfile" + } + } + }, + "description": "" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Profiles" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorRuntimeContainers" + }, + "operationId": "get-profiles-container", + "summary": "Get Runtime Container Profiles" + } + }, + "/api/v33.03/profiles/container/download": { + "get": { + "description": { + "$ref": "desc/profiles/container_download_get.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Limit is the amount to fix.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Sorts the result using a key.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": "IDs is the runtime profile id filter.\n", + "in": "query", + "name": "id", + "schema": { + "description": "IDs is the runtime profile id filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "OS is the service runtime profile OS filter.\n", + "in": "query", + "name": "os", + "schema": { + "description": "OS is the service runtime profile OS filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "States is the runtime profile state filter.\n", + "in": "query", + "name": "state", + "schema": { + "description": "States is the runtime profile state filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "ImageIDs is the runtime profile image id filter.\n", + "in": "query", + "name": "imageID", + "schema": { + "description": "ImageIDs is the runtime profile image id filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Images is the runtime profile image filter.\n", + "in": "query", + "name": "image", + "schema": { + "description": "Images is the runtime profile image filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Hosts is the runtime profile hostname filter.\n", + "in": "query", + "name": "hostName", + "schema": { + "description": "Hosts is the runtime profile hostname filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Namespaces is the runtime profile k8s namespace filter.\n", + "in": "query", + "name": "namespace", + "schema": { + "description": "Namespaces is the runtime profile k8s namespace filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Clusters is the runtime profile k8s cluster filter.\n", + "in": "query", + "name": "cluster", + "schema": { + "description": "Clusters is the runtime profile k8s cluster filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + } + ], + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Profiles" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorRuntimeContainers" + }, + "operationId": "get-profiles-container-download", + "summary": "Download Runtime Container Profiles" + } + }, + "/api/v33.03/profiles/container/learn": { + "post": { + "description": { + "$ref": "desc/profiles/container_learn_post.md" + }, + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Profiles" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorRuntimeContainers" + }, + "operationId": "post-profiles-container-learn", + "summary": "Learn Runtime Container Profiles" + } + }, + "/api/v33.03/profiles/host": { + "get": { + "description": { + "$ref": "desc/profiles/host_get.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Limit is the amount to fix.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Sorts the result using a key.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": "IDs is the runtime profile id filter.\n", + "in": "query", + "name": "id", + "schema": { + "description": "IDs is the runtime profile id filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "OS is the service runtime profile OS filter.\n", + "in": "query", + "name": "os", + "schema": { + "description": "OS is the service runtime profile OS filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "States is the runtime profile state filter.\n", + "in": "query", + "name": "state", + "schema": { + "description": "States is the runtime profile state filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "ImageIDs is the runtime profile image id filter.\n", + "in": "query", + "name": "imageID", + "schema": { + "description": "ImageIDs is the runtime profile image id filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Images is the runtime profile image filter.\n", + "in": "query", + "name": "image", + "schema": { + "description": "Images is the runtime profile image filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Hosts is the runtime profile hostname filter.\n", + "in": "query", + "name": "hostName", + "schema": { + "description": "Hosts is the runtime profile hostname filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Namespaces is the runtime profile k8s namespace filter.\n", + "in": "query", + "name": "namespace", + "schema": { + "description": "Namespaces is the runtime profile k8s namespace filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Clusters is the runtime profile k8s cluster filter.\n", + "in": "query", + "name": "cluster", + "schema": { + "description": "Clusters is the runtime profile k8s cluster filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + } + ], + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/-_runtime.HostProfile" + } + } + }, + "description": "" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Profiles" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorRuntimeHosts" + }, + "operationId": "get-profiles-host", + "summary": "Get Runtime Host Profiles" + } + }, + "/api/v33.03/profiles/host/download": { + "get": { + "description": { + "$ref": "desc/profiles/host_download_get.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Limit is the amount to fix.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Sorts the result using a key.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": "IDs is the runtime profile id filter.\n", + "in": "query", + "name": "id", + "schema": { + "description": "IDs is the runtime profile id filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "OS is the service runtime profile OS filter.\n", + "in": "query", + "name": "os", + "schema": { + "description": "OS is the service runtime profile OS filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "States is the runtime profile state filter.\n", + "in": "query", + "name": "state", + "schema": { + "description": "States is the runtime profile state filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "ImageIDs is the runtime profile image id filter.\n", + "in": "query", + "name": "imageID", + "schema": { + "description": "ImageIDs is the runtime profile image id filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Images is the runtime profile image filter.\n", + "in": "query", + "name": "image", + "schema": { + "description": "Images is the runtime profile image filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Hosts is the runtime profile hostname filter.\n", + "in": "query", + "name": "hostName", + "schema": { + "description": "Hosts is the runtime profile hostname filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Namespaces is the runtime profile k8s namespace filter.\n", + "in": "query", + "name": "namespace", + "schema": { + "description": "Namespaces is the runtime profile k8s namespace filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Clusters is the runtime profile k8s cluster filter.\n", + "in": "query", + "name": "cluster", + "schema": { + "description": "Clusters is the runtime profile k8s cluster filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + } + ], + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Profiles" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorRuntimeHosts" + }, + "operationId": "get-profiles-host-download", + "summary": "Download Runtime Host Profiles" + } + }, + "/api/v33.03/registry": { + "get": { + "description": { + "$ref": "desc/registry/get.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Limit is the amount to fix.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Sorts the result using a key.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": "Filters results by registry image.\n", + "in": "query", + "name": "id", + "schema": { + "description": "Filters results by registry image.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters the result by image IDs that are available in daemonset.\n", + "in": "query", + "name": "imageID", + "schema": { + "description": "Filters the result by image IDs that are available in daemonset.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters the result based on image repository names.\n", + "in": "query", + "name": "repository", + "schema": { + "description": "Filters the result based on image repository names.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters the result based on image registry names.\n", + "in": "query", + "name": "registry", + "schema": { + "description": "Filters the result based on image registry names.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters the result based on full image names.\n", + "in": "query", + "name": "name", + "schema": { + "description": "Filters the result based on full image names.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Indicates whether the CVEs are mapped to an image layer.\nDefault is false.\n", + "in": "query", + "name": "layers", + "schema": { + "type": "boolean" + } + }, + { + "description": "Provides the minimal image data. Information about vulnerabilities, compliance, and extended image metadata are skipped.\nDefault is false.\n", + "in": "query", + "name": "compact", + "schema": { + "type": "boolean" + } + }, + { + "description": "Indicates whether to filter the base image for vulnerabilities. Requires predefined base images that have already been scanned.\nDefault is false.\n", + "in": "query", + "name": "filterBaseImage", + "schema": { + "type": "boolean" + } + }, + { + "description": "Retrieves the result in the normalized form of low, medium, high, and critical based on vulnerability's severity level.\nDefault is false.\n", + "in": "query", + "name": "normalizedSeverity", + "schema": { + "type": "boolean" + } + }, + { + "description": "Filters results by uaiID.\n", + "in": "query", + "name": "uaiID", + "schema": { + "type": "string" + } + }, + { + "description": "Filters results by issue type.\n", + "in": "query", + "name": "issueType", + "schema": { + "description": "IssueType is used to filter scan results by issue type", + "enum": [ + [ + "vulnerabilities", + "compliance", + "" + ] + ], + "type": "string" + } + } + ], + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/-_shared.ImageScanResult" + } + } + }, + "description": "" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Registry" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorImages" + }, + "operationId": "get-registry", + "summary": "Get Registry Scan Results" + } + }, + "/api/v33.03/registry/download": { + "get": { + "description": { + "$ref": "desc/registry/download_get.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Limit is the amount to fix.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Sorts the result using a key.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": "Filters results by registry image.\n", + "in": "query", + "name": "id", + "schema": { + "description": "Filters results by registry image.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters the result by image IDs that are available in daemonset.\n", + "in": "query", + "name": "imageID", + "schema": { + "description": "Filters the result by image IDs that are available in daemonset.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters the result based on image repository names.\n", + "in": "query", + "name": "repository", + "schema": { + "description": "Filters the result based on image repository names.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters the result based on image registry names.\n", + "in": "query", + "name": "registry", + "schema": { + "description": "Filters the result based on image registry names.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters the result based on full image names.\n", + "in": "query", + "name": "name", + "schema": { + "description": "Filters the result based on full image names.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Indicates whether the CVEs are mapped to an image layer.\nDefault is false.\n", + "in": "query", + "name": "layers", + "schema": { + "type": "boolean" + } + }, + { + "description": "Provides the minimal image data. Information about vulnerabilities, compliance, and extended image metadata are skipped.\nDefault is false.\n", + "in": "query", + "name": "compact", + "schema": { + "type": "boolean" + } + }, + { + "description": "Indicates whether to filter the base image for vulnerabilities. Requires predefined base images that have already been scanned.\nDefault is false.\n", + "in": "query", + "name": "filterBaseImage", + "schema": { + "type": "boolean" + } + }, + { + "description": "Retrieves the result in the normalized form of low, medium, high, and critical based on vulnerability's severity level.\nDefault is false.\n", + "in": "query", + "name": "normalizedSeverity", + "schema": { + "type": "boolean" + } + }, + { + "description": "Filters results by uaiID.\n", + "in": "query", + "name": "uaiID", + "schema": { + "type": "string" + } + }, + { + "description": "Filters results by issue type.\n", + "in": "query", + "name": "issueType", + "schema": { + "description": "IssueType is used to filter scan results by issue type", + "enum": [ + [ + "vulnerabilities", + "compliance", + "" + ] + ], + "type": "string" + } + } + ], + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Registry" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorImages" + }, + "operationId": "get-registry-download", + "summary": "Download Registry Scan Results" + } + }, + "/api/v33.03/registry/names": { + "get": { + "description": { + "$ref": "desc/registry/names_get.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Limit is the amount to fix.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Sorts the result using a key.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": "Filters results by registry image.\n", + "in": "query", + "name": "id", + "schema": { + "description": "Filters results by registry image.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters the result by image IDs that are available in daemonset.\n", + "in": "query", + "name": "imageID", + "schema": { + "description": "Filters the result by image IDs that are available in daemonset.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters the result based on image repository names.\n", + "in": "query", + "name": "repository", + "schema": { + "description": "Filters the result based on image repository names.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters the result based on image registry names.\n", + "in": "query", + "name": "registry", + "schema": { + "description": "Filters the result based on image registry names.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters the result based on full image names.\n", + "in": "query", + "name": "name", + "schema": { + "description": "Filters the result based on full image names.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Indicates whether the CVEs are mapped to an image layer.\nDefault is false.\n", + "in": "query", + "name": "layers", + "schema": { + "type": "boolean" + } + }, + { + "description": "Provides the minimal image data. Information about vulnerabilities, compliance, and extended image metadata are skipped.\nDefault is false.\n", + "in": "query", + "name": "compact", + "schema": { + "type": "boolean" + } + }, + { + "description": "Indicates whether to filter the base image for vulnerabilities. Requires predefined base images that have already been scanned.\nDefault is false.\n", + "in": "query", + "name": "filterBaseImage", + "schema": { + "type": "boolean" + } + }, + { + "description": "Retrieves the result in the normalized form of low, medium, high, and critical based on vulnerability's severity level.\nDefault is false.\n", + "in": "query", + "name": "normalizedSeverity", + "schema": { + "type": "boolean" + } + }, + { + "description": "Filters results by uaiID.\n", + "in": "query", + "name": "uaiID", + "schema": { + "type": "string" + } + }, + { + "description": "Filters results by issue type.\n", + "in": "query", + "name": "issueType", + "schema": { + "description": "IssueType is used to filter scan results by issue type", + "enum": [ + [ + "vulnerabilities", + "compliance", + "" + ] + ], + "type": "string" + } + } + ], + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/-_string" + } + } + }, + "description": "" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Registry" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorImages" + }, + "operationId": "get-registry-names", + "summary": "Get Registry Image Names" + } + }, + "/api/v33.03/registry/progress": { + "get": { + "description": { + "$ref": "desc/registry/get_registry_progress.md" + }, + "parameters": [ + { + "description": "OnDemand indicates the requested progress is for an on-demand scan.\n", + "in": "query", + "name": "onDemand", + "schema": { + "type": "boolean" + } + }, + { + "description": "Registry is the image's registry.\n", + "in": "query", + "name": "registry", + "schema": { + "type": "string" + } + }, + { + "description": "Repository is the image's repository.\n", + "in": "query", + "name": "repo", + "schema": { + "type": "string" + } + }, + { + "description": "Tag is the image's tag.\n", + "in": "query", + "name": "tag", + "schema": { + "type": "string" + } + }, + { + "description": "Digest is the image's digest.\n", + "in": "query", + "name": "digest", + "schema": { + "type": "string" + } + } + ], + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/-_shared.RegistryScanProgress" + } + } + }, + "description": "" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Registry" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorImages" + }, + "operationId": "get-registry-progress", + "summary": "View Registry Scan Progress" + } + }, + "/api/v33.03/registry/scan": { + "post": { + "description": { + "$ref": "desc/registry/scan_post.md" + }, + "requestBody": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/shared.RegistryScanRequest" + } + } + } + }, + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Registry" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorImages" + }, + "operationId": "post-registry-scan", + "summary": "Start a Registry Scan" + } + }, + "/api/v33.03/registry/scan/select": { + "post": { + "description": { + "$ref": "desc/registry/scan_select_post.md" + }, + "requestBody": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/-_shared.RegistryScanRequest" + } + } + } + }, + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Registry" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorImages" + }, + "operationId": "post-registry-scan-select", + "summary": "Scan Registries" + } + }, + "/api/v33.03/registry/stop": { + "post": { + "description": { + "$ref": "desc/registry/stop_post.md" + }, + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Registry" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorImages" + }, + "operationId": "post-registry-stop", + "summary": "Stop a Registry Scan" + } + }, + "/api/v33.03/registry/stop/{id}": { + "post": { + "description": { + "$ref": "desc/registry/stop_id_post.md" + }, + "parameters": [ + { + "in": "path", + "name": "id", + "required": true, + "schema": { + "type": "string" + } + } + ], + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Registry" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorImages" + }, + "operationId": "post-registry-stop-id", + "summary": "Stop a Registry spec Scan" + } + }, + "/api/v33.03/sandbox": { + "post": { + "description": { + "$ref": "desc/sandbox/post.md" + }, + "requestBody": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/sandbox.ScanResult" + } + } + } + }, + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/sandbox.ScanResult" + } + } + }, + "description": "ScanResult represents sandbox scan results" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Sandbox" + ], + "x-prisma-cloud-target-env": { + "permission": "sandbox" + }, + "operationId": "post-sandbox", + "summary": "AddSandboxScanResult" + } + }, + "/api/v33.03/sbom/download/cli-images": { + "get": { + "description": { + "$ref": "desc/sbom/download_ci_images_get.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Limit is the amount to fix.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Sorts the result using a key.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": "ID is the ID of the entity of which the SBOM is generated for.\n", + "in": "query", + "name": "id", + "schema": { + "description": "ID is the ID of the entity of which the SBOM is generated for.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "sbomFormat is the file format of the SBOM.\n", + "in": "query", + "name": "sbomFormat", + "schema": { + "type": "string" + } + } + ], + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Sbom" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorImages" + }, + "operationId": "get-sbom-download-cli-images", + "summary": "Download SBOM CI Images" + } + }, + "/api/v33.03/sbom/download/cli-serverless": { + "get": { + "description": { + "$ref": "desc/sbom/download_cli_serverless_get.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Limit is the amount to fix.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Sorts the result using a key.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": "ID is the ID of the entity of which the SBOM is generated for.\n", + "in": "query", + "name": "id", + "schema": { + "description": "ID is the ID of the entity of which the SBOM is generated for.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "sbomFormat is the file format of the SBOM.\n", + "in": "query", + "name": "sbomFormat", + "schema": { + "type": "string" + } + } + ], + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Sbom" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorImages" + }, + "operationId": "get-sbom-download-cli-serverless", + "summary": "Download SBOM CLI Serverless" + } + }, + "/api/v33.03/sbom/download/hosts": { + "get": { + "description": { + "$ref": "desc/sbom/download_hosts_get.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Limit is the amount to fix.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Sorts the result using a key.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": "ID is the ID of the entity of which the SBOM is generated for.\n", + "in": "query", + "name": "id", + "schema": { + "description": "ID is the ID of the entity of which the SBOM is generated for.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "sbomFormat is the file format of the SBOM.\n", + "in": "query", + "name": "sbomFormat", + "schema": { + "type": "string" + } + } + ], + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Sbom" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorImages" + }, + "operationId": "get-sbom-download-hosts", + "summary": "Download SBOM Hosts" + } + }, + "/api/v33.03/sbom/download/images": { + "get": { + "description": { + "$ref": "desc/sbom/download_images_get.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Limit is the amount to fix.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Sorts the result using a key.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": "ID is the ID of the entity of which the SBOM is generated for.\n", + "in": "query", + "name": "id", + "schema": { + "description": "ID is the ID of the entity of which the SBOM is generated for.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "sbomFormat is the file format of the SBOM.\n", + "in": "query", + "name": "sbomFormat", + "schema": { + "type": "string" + } + } + ], + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Sbom" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorImages" + }, + "operationId": "get-sbom-download-images", + "summary": "Download SBOM Images" + } + }, + "/api/v33.03/sbom/download/registry": { + "get": { + "description": { + "$ref": "desc/sbom/download_registry_get.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Limit is the amount to fix.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Sorts the result using a key.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": "ID is the ID of the entity of which the SBOM is generated for.\n", + "in": "query", + "name": "id", + "schema": { + "description": "ID is the ID of the entity of which the SBOM is generated for.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "sbomFormat is the file format of the SBOM.\n", + "in": "query", + "name": "sbomFormat", + "schema": { + "type": "string" + } + } + ], + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Sbom" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorImages" + }, + "operationId": "get-sbom-download-registry", + "summary": "Download SBOM Registry" + } + }, + "/api/v33.03/sbom/download/serverless": { + "get": { + "description": { + "$ref": "desc/sbom/download_serverless_get.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Limit is the amount to fix.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Sorts the result using a key.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": "ID is the ID of the entity of which the SBOM is generated for.\n", + "in": "query", + "name": "id", + "schema": { + "description": "ID is the ID of the entity of which the SBOM is generated for.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "sbomFormat is the file format of the SBOM.\n", + "in": "query", + "name": "sbomFormat", + "schema": { + "type": "string" + } + } + ], + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Sbom" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorImages" + }, + "operationId": "get-sbom-download-serverless", + "summary": "Download SBOM Serverless" + } + }, + "/api/v33.03/sbom/download/vms": { + "get": { + "description": { + "$ref": "desc/sbom/download_vms_get.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Limit is the amount to fix.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Sorts the result using a key.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": "ID is the ID of the entity of which the SBOM is generated for.\n", + "in": "query", + "name": "id", + "schema": { + "description": "ID is the ID of the entity of which the SBOM is generated for.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "sbomFormat is the file format of the SBOM.\n", + "in": "query", + "name": "sbomFormat", + "schema": { + "type": "string" + } + } + ], + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Sbom" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorImages" + }, + "operationId": "get-sbom-download-vms", + "summary": "Download SBOM VMs" + } + }, + "/api/v33.03/scans": { + "get": { + "description": { + "$ref": "desc/scans/get.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Limit is the amount to fix.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Sorts the result using a key.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": "Scan ID used in the image layers fetch.\n", + "in": "query", + "name": "_id", + "schema": { + "type": "string" + } + }, + { + "description": "Jenkins job name.\n", + "in": "query", + "name": "jobName", + "schema": { + "description": "Jenkins job name.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Scan type.\n", + "in": "query", + "name": "type", + "schema": { + "description": "Scan type.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Indicates whether to filter on passed scans (true) or not (false).\n", + "in": "query", + "name": "pass", + "schema": { + "type": "boolean" + } + }, + { + "description": "Build number.\n", + "in": "query", + "name": "build", + "schema": { + "type": "string" + } + }, + { + "description": "Image ID of scanned image.\n", + "in": "query", + "name": "imageID", + "schema": { + "type": "string" + } + }, + { + "description": "Indicates if CVEs are mapped to image layer (true) or not (false).\n", + "in": "query", + "name": "layers", + "schema": { + "type": "boolean" + } + }, + { + "description": "Filters results by start datetime. Based on scan time.\n", + "in": "query", + "name": "from", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "Filters results by end datetime. Based on scan time.\n", + "in": "query", + "name": "to", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "List of fields to retrieve.\n", + "in": "query", + "name": "fields", + "schema": { + "description": "List of fields to retrieve.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Indicates if base image vulnerabilities are to be filtered (true) or not (false). Requires predefined base images that have already been scanned.\n", + "in": "query", + "name": "filterBaseImage", + "schema": { + "type": "boolean" + } + }, + { + "description": "Filters results by uaiID.\n", + "in": "query", + "name": "uaiID", + "schema": { + "type": "string" + } + }, + { + "description": "Filters results by issue type.\n", + "in": "query", + "name": "issueType", + "schema": { + "description": "IssueType is used to filter scan results by issue type", + "enum": [ + [ + "vulnerabilities", + "compliance", + "" + ] + ], + "type": "string" + } + } + ], + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/-_shared.CLIScanResult" + } + } + }, + "description": "" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Scans" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorCI" + }, + "operationId": "get-scans", + "summary": "Get All CI Image Scan Results" + }, + "post": { + "description": { + "$ref": "desc/scans/post.md" + }, + "requestBody": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/shared.CLIScanResult" + } + } + } + }, + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Scans" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorCI" + }, + "operationId": "post-scans", + "summary": "Add CLI Scan Result" + } + }, + "/api/v33.03/scans/download": { + "get": { + "description": { + "$ref": "desc/scans/download_get.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Limit is the amount to fix.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Sorts the result using a key.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": "Scan ID used in the image layers fetch.\n", + "in": "query", + "name": "_id", + "schema": { + "type": "string" + } + }, + { + "description": "Jenkins job name.\n", + "in": "query", + "name": "jobName", + "schema": { + "description": "Jenkins job name.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Scan type.\n", + "in": "query", + "name": "type", + "schema": { + "description": "Scan type.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Indicates whether to filter on passed scans (true) or not (false).\n", + "in": "query", + "name": "pass", + "schema": { + "type": "boolean" + } + }, + { + "description": "Build number.\n", + "in": "query", + "name": "build", + "schema": { + "type": "string" + } + }, + { + "description": "Image ID of scanned image.\n", + "in": "query", + "name": "imageID", + "schema": { + "type": "string" + } + }, + { + "description": "Indicates if CVEs are mapped to image layer (true) or not (false).\n", + "in": "query", + "name": "layers", + "schema": { + "type": "boolean" + } + }, + { + "description": "Filters results by start datetime. Based on scan time.\n", + "in": "query", + "name": "from", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "Filters results by end datetime. Based on scan time.\n", + "in": "query", + "name": "to", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "List of fields to retrieve.\n", + "in": "query", + "name": "fields", + "schema": { + "description": "List of fields to retrieve.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Indicates if base image vulnerabilities are to be filtered (true) or not (false). Requires predefined base images that have already been scanned.\n", + "in": "query", + "name": "filterBaseImage", + "schema": { + "type": "boolean" + } + }, + { + "description": "Filters results by uaiID.\n", + "in": "query", + "name": "uaiID", + "schema": { + "type": "string" + } + }, + { + "description": "Filters results by issue type.\n", + "in": "query", + "name": "issueType", + "schema": { + "description": "IssueType is used to filter scan results by issue type", + "enum": [ + [ + "vulnerabilities", + "compliance", + "" + ] + ], + "type": "string" + } + } + ], + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Scans" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorCI" + }, + "operationId": "get-scans-download", + "summary": "Download CI Image Scan Results" + } + }, + "/api/v33.03/scans/{id}": { + "get": { + "description": { + "$ref": "desc/scans/id_get.md" + }, + "parameters": [ + { + "in": "path", + "name": "id", + "required": true, + "schema": { + "type": "string" + } + } + ], + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Scans" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorCI" + }, + "operationId": "get-scans-id", + "summary": "Get CI Image Scan Results" + } + }, + "/api/v33.03/serverless": { + "get": { + "description": { + "$ref": "desc/serverless/get.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Limit is the amount to fix.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Sorts the result using a key.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": "Retrieves a list of cloud function IDs.\n", + "in": "query", + "name": "id", + "schema": { + "description": "Retrieves a list of cloud function IDs.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Retrieves a list of cloud controller addresses that contains the cloud functions.\n", + "in": "query", + "name": "cloudControllerAddresses", + "schema": { + "description": "Retrieves a list of cloud controller addresses that contains the cloud functions.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters the result based on cloud runtimes.\n", + "in": "query", + "name": "runtime", + "schema": { + "description": "Filters the result based on cloud runtimes.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters the result based on cloud function's versions.\n", + "in": "query", + "name": "version", + "schema": { + "description": "Filters the result based on cloud function's versions.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters the result based on AWS Lambda Layers.\n", + "in": "query", + "name": "functionLayers", + "schema": { + "description": "Filters the result based on AWS Lambda Layers.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters result based on cloud functions that are connected and protected by a Defender.\n", + "in": "query", + "name": "defended", + "schema": { + "type": "boolean" + } + }, + { + "description": "Filters result based on compliance IDs.\n", + "in": "query", + "name": "complianceIDs", + "schema": { + "description": "Filters result based on compliance IDs.\n", + "items": { + "$ref": "#/components/schemas/int" + }, + "type": "array" + } + }, + { + "description": "Filters the result based on applied compliance rule name.\n", + "in": "query", + "name": "complianceRuleName", + "schema": { + "type": "string" + } + }, + { + "description": "Filters result based on platforms (OS and architecture) such as Windows, Linux ARM x64, Linux x86, and so on.\n", + "in": "query", + "name": "platform", + "schema": { + "description": "Filters result based on platforms (OS and architecture) such as Windows, Linux ARM x64, Linux x86, and so on.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Retrieves the result in the normalized form of low, medium, high, and critical based on vulnerability's severity level.\nDefault is false.\n", + "in": "query", + "name": "normalizedSeverity", + "schema": { + "type": "boolean" + } + }, + { + "description": "Filters results by issue type.\n", + "in": "query", + "name": "issueType", + "schema": { + "description": "IssueType is used to filter scan results by issue type", + "enum": [ + [ + "vulnerabilities", + "compliance", + "" + ] + ], + "type": "string" + } + } + ], + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/-_serverless.FunctionInfo" + } + } + }, + "description": "" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Serverless" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorServerless" + }, + "operationId": "get-serverless", + "summary": "Get Serverless Function Scan Results" + } + }, + "/api/v33.03/serverless/download": { + "get": { + "description": { + "$ref": "desc/serverless/download_get.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Limit is the amount to fix.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Sorts the result using a key.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": "Retrieves a list of cloud function IDs.\n", + "in": "query", + "name": "id", + "schema": { + "description": "Retrieves a list of cloud function IDs.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Retrieves a list of cloud controller addresses that contains the cloud functions.\n", + "in": "query", + "name": "cloudControllerAddresses", + "schema": { + "description": "Retrieves a list of cloud controller addresses that contains the cloud functions.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters the result based on cloud runtimes.\n", + "in": "query", + "name": "runtime", + "schema": { + "description": "Filters the result based on cloud runtimes.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters the result based on cloud function's versions.\n", + "in": "query", + "name": "version", + "schema": { + "description": "Filters the result based on cloud function's versions.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters the result based on AWS Lambda Layers.\n", + "in": "query", + "name": "functionLayers", + "schema": { + "description": "Filters the result based on AWS Lambda Layers.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters result based on cloud functions that are connected and protected by a Defender.\n", + "in": "query", + "name": "defended", + "schema": { + "type": "boolean" + } + }, + { + "description": "Filters result based on compliance IDs.\n", + "in": "query", + "name": "complianceIDs", + "schema": { + "description": "Filters result based on compliance IDs.\n", + "items": { + "$ref": "#/components/schemas/int" + }, + "type": "array" + } + }, + { + "description": "Filters the result based on applied compliance rule name.\n", + "in": "query", + "name": "complianceRuleName", + "schema": { + "type": "string" + } + }, + { + "description": "Filters result based on platforms (OS and architecture) such as Windows, Linux ARM x64, Linux x86, and so on.\n", + "in": "query", + "name": "platform", + "schema": { + "description": "Filters result based on platforms (OS and architecture) such as Windows, Linux ARM x64, Linux x86, and so on.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Retrieves the result in the normalized form of low, medium, high, and critical based on vulnerability's severity level.\nDefault is false.\n", + "in": "query", + "name": "normalizedSeverity", + "schema": { + "type": "boolean" + } + }, + { + "description": "Filters results by issue type.\n", + "in": "query", + "name": "issueType", + "schema": { + "description": "IssueType is used to filter scan results by issue type", + "enum": [ + [ + "vulnerabilities", + "compliance", + "" + ] + ], + "type": "string" + } + } + ], + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Serverless" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorServerless" + }, + "operationId": "get-serverless-download", + "summary": "Download Serverless Function Scan Results" + } + }, + "/api/v33.03/serverless/evaluate": { + "post": { + "description": { + "$ref": "desc/serverless/evaluate_post.md" + }, + "requestBody": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/api.ResolveFunctionsReq" + } + } + } + }, + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/api.ResolveFunctionsResp" + } + } + }, + "description": "ResolveFunctionsResp represents the functions resolution API output" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Serverless" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorCI" + }, + "operationId": "post-serverless-evaluate", + "summary": "Resolve Functions" + } + }, + "/api/v33.03/serverless/names": { + "get": { + "description": { + "$ref": "desc/serverless/names_get.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Limit is the amount to fix.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Sorts the result using a key.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": "Retrieves a list of cloud function IDs.\n", + "in": "query", + "name": "id", + "schema": { + "description": "Retrieves a list of cloud function IDs.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Retrieves a list of cloud controller addresses that contains the cloud functions.\n", + "in": "query", + "name": "cloudControllerAddresses", + "schema": { + "description": "Retrieves a list of cloud controller addresses that contains the cloud functions.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters the result based on cloud runtimes.\n", + "in": "query", + "name": "runtime", + "schema": { + "description": "Filters the result based on cloud runtimes.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters the result based on cloud function's versions.\n", + "in": "query", + "name": "version", + "schema": { + "description": "Filters the result based on cloud function's versions.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters the result based on AWS Lambda Layers.\n", + "in": "query", + "name": "functionLayers", + "schema": { + "description": "Filters the result based on AWS Lambda Layers.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters result based on cloud functions that are connected and protected by a Defender.\n", + "in": "query", + "name": "defended", + "schema": { + "type": "boolean" + } + }, + { + "description": "Filters result based on compliance IDs.\n", + "in": "query", + "name": "complianceIDs", + "schema": { + "description": "Filters result based on compliance IDs.\n", + "items": { + "$ref": "#/components/schemas/int" + }, + "type": "array" + } + }, + { + "description": "Filters the result based on applied compliance rule name.\n", + "in": "query", + "name": "complianceRuleName", + "schema": { + "type": "string" + } + }, + { + "description": "Filters result based on platforms (OS and architecture) such as Windows, Linux ARM x64, Linux x86, and so on.\n", + "in": "query", + "name": "platform", + "schema": { + "description": "Filters result based on platforms (OS and architecture) such as Windows, Linux ARM x64, Linux x86, and so on.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Retrieves the result in the normalized form of low, medium, high, and critical based on vulnerability's severity level.\nDefault is false.\n", + "in": "query", + "name": "normalizedSeverity", + "schema": { + "type": "boolean" + } + }, + { + "description": "Filters results by issue type.\n", + "in": "query", + "name": "issueType", + "schema": { + "description": "IssueType is used to filter scan results by issue type", + "enum": [ + [ + "vulnerabilities", + "compliance", + "" + ] + ], + "type": "string" + } + } + ], + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/-_string" + } + } + }, + "description": "" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Serverless" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorServerless" + }, + "operationId": "get-serverless-names", + "summary": "Get Serverless Function Names" + } + }, + "/api/v33.03/serverless/scan": { + "post": { + "description": { + "$ref": "desc/serverless/scan_post.md" + }, + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Serverless" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorServerless" + }, + "operationId": "post-serverless-scan", + "summary": "Start Serverless Function Scan" + } + }, + "/api/v33.03/serverless/stop": { + "post": { + "description": { + "$ref": "desc/serverless/stop_post.md" + }, + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Serverless" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorServerless" + }, + "operationId": "post-serverless-stop", + "summary": "Stop Serverless Function Scan" + } + }, + "/api/v33.03/settings/certificates": { + "post": { + "description": { + "$ref": "desc/settings/certificates_post.md" + }, + "requestBody": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/types.CertificateSettings" + } + } + } + }, + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Settings" + ], + "x-prisma-cloud-target-env": { + "permission": "authConfiguration" + }, + "operationId": "post-settings-certificates", + "summary": "Add Certificate Settings for Clients Accessing a Custom CA" + } + }, + "/api/v33.03/settings/certs": { + "get": { + "description": { + "$ref": "desc/settings/certs_get.md" + }, + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/types.CertSettings" + } + } + }, + "description": "CertSettings are the certificates settings" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Settings" + ], + "x-prisma-cloud-target-env": { + "permission": "manageDefenders" + }, + "operationId": "get-settings-certs", + "summary": "Get Certificate Settings for Prisma Cloud Compute" + }, + "post": { + "description": { + "$ref": "desc/settings/certs_post.md" + }, + "requestBody": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/types.CertSettings" + } + } + } + }, + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Settings" + ], + "x-prisma-cloud-target-env": { + "permission": "manageDefenders" + }, + "operationId": "post-settings-certs", + "summary": "Add Certificate Settings for Prisma Cloud Compute" + } + }, + "/api/v33.03/settings/console-certificate": { + "post": { + "description": { + "$ref": "desc/settings/console-certificates_post.md" + }, + "requestBody": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/types.ConsoleCertificateSettings" + } + } + } + }, + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Settings" + ], + "x-prisma-cloud-target-env": { + "permission": "authConfiguration" + }, + "operationId": "post-settings-console-certificate", + "summary": "Add Certificate Settings for Clients Accessing Prisma Cloud Compute" + } + }, + "/api/v33.03/settings/custom-labels": { + "get": { + "description": { + "$ref": "desc/settings/custom-labels_get.md" + }, + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/shared.CustomLabelsSettings" + } + } + }, + "description": "CustomLabelsSettings are customized label names that are used to augment audit events\nThey can either be docker labels (which appears in the container label specification)\nor k8s/openshift labels (which appears in the pause container that monitors the target container)" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Settings" + ], + "x-prisma-cloud-target-env": { + "permission": "user" + }, + "operationId": "get-settings-custom-labels", + "summary": "Get Alert Labels" + }, + "post": { + "description": { + "$ref": "desc/settings/custom-labels_post.md" + }, + "requestBody": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/shared.CustomLabelsSettings" + } + } + } + }, + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Settings" + ], + "x-prisma-cloud-target-env": { + "permission": "manageAlerts" + }, + "operationId": "post-settings-custom-labels", + "summary": "Add Alert Labels" + } + }, + "/api/v33.03/settings/defender": { + "get": { + "description": { + "$ref": "desc/settings/defender_get.md" + }, + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/defender.Settings" + } + } + }, + "description": "Settings is the Defender settings" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Settings" + ], + "x-prisma-cloud-target-env": { + "permission": "manageDefenders" + }, + "operationId": "get-settings-defender", + "summary": "Get Advanced Defender Settings" + } + }, + "/api/v33.03/settings/intelligence": { + "get": { + "description": { + "$ref": "desc/settings/intelligence_get.md" + }, + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/intelligence.IntelligenceSettings" + } + } + }, + "description": "IntelligenceSettings are the intelligence service settings" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Settings" + ], + "x-prisma-cloud-target-env": { + "permission": "systemOperations" + }, + "operationId": "get-settings-intelligence", + "summary": "Get Intelligence Stream Settings" + }, + "post": { + "description": { + "$ref": "desc/settings/intelligence_post.md" + }, + "requestBody": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/intelligence.IntelligenceSettings" + } + } + } + }, + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Settings" + ], + "x-prisma-cloud-target-env": { + "permission": "systemOperations" + }, + "operationId": "post-settings-intelligence", + "summary": "Add Intelligence Stream Settings" + } + }, + "/api/v33.03/settings/ldap": { + "get": { + "description": { + "$ref": "desc/settings/ldap_get.md" + }, + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/identity.LdapSettings" + } + } + }, + "description": "LdapSettings are the ldap connectivity settings" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Settings" + ], + "x-prisma-cloud-target-env": { + "permission": "authConfiguration" + }, + "operationId": "get-settings-ldap", + "summary": "Get LDAP Integration Settings" + }, + "post": { + "description": { + "$ref": "desc/settings/ldap_post.md" + }, + "requestBody": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/identity.LdapSettings" + } + } + } + }, + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Settings" + ], + "x-prisma-cloud-target-env": { + "permission": "authConfiguration" + }, + "operationId": "post-settings-ldap", + "summary": "Add LDAP Integration Settings" + } + }, + "/api/v33.03/settings/license": { + "get": { + "description": { + "$ref": "desc/settings/license_get.md" + }, + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/shared.License" + } + } + }, + "description": "License represent the customer license" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Settings" + ], + "x-prisma-cloud-target-env": { + "permission": "accessUI" + }, + "operationId": "get-settings-license", + "summary": "Get Prisma Cloud Compute License" + }, + "post": { + "description": { + "$ref": "desc/settings/license_post.md" + }, + "requestBody": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/api.LicenseRequest" + } + } + } + }, + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Settings" + ], + "x-prisma-cloud-target-env": { + "permission": "privilegedOperations" + }, + "operationId": "post-settings-license", + "summary": "Add Prisma Cloud Compute License" + } + }, + "/api/v33.03/settings/logging": { + "get": { + "description": { + "$ref": "desc/settings/logging_get.md" + }, + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/shared.LoggingSettings" + } + } + }, + "description": "LoggingSettings are the logging settings" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Settings" + ], + "x-prisma-cloud-target-env": { + "permission": "manageAlerts" + }, + "operationId": "get-settings-logging", + "summary": "Get Logging Settings" + }, + "post": { + "description": { + "$ref": "desc/settings/logging_post.md" + }, + "requestBody": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/shared.LoggingSettings" + } + } + } + }, + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Settings" + ], + "x-prisma-cloud-target-env": { + "permission": "manageAlerts" + }, + "operationId": "post-settings-logging", + "summary": "Add Logging Settings" + } + }, + "/api/v33.03/settings/logon": { + "get": { + "description": { + "$ref": "desc/settings/logon_get.md" + }, + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/types.LogonSettings" + } + } + }, + "description": "LogonSettings are settings associated with the login properties" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Settings" + ], + "x-prisma-cloud-target-env": { + "permission": "authConfiguration" + }, + "operationId": "get-settings-logon", + "summary": "Get Logon Settings" + }, + "post": { + "description": { + "$ref": "desc/settings/logon_post.md" + }, + "requestBody": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/types.LogonSettings" + } + } + } + }, + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Settings" + ], + "x-prisma-cloud-target-env": { + "permission": "authConfiguration" + }, + "operationId": "post-settings-logon", + "summary": "Add Logon Settings" + } + }, + "/api/v33.03/settings/oauth": { + "get": { + "description": { + "$ref": "desc/settings/oauth_get.md" + }, + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/identity.ProviderSettings" + } + } + }, + "description": "ProviderSettings are the Oauth/ OpenID Connect connectivity settings" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Settings" + ], + "x-prisma-cloud-target-env": { + "permission": "authConfiguration" + }, + "operationId": "get-settings-oauth", + "summary": "Get OAuth Settings" + }, + "post": { + "description": { + "$ref": "desc/settings/oauth_post.md" + }, + "requestBody": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/identity.ProviderSettings" + } + } + } + }, + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Settings" + ], + "x-prisma-cloud-target-env": { + "permission": "authConfiguration" + }, + "operationId": "post-settings-oauth", + "summary": "Add OAuth Settings" + } + }, + "/api/v33.03/settings/oidc": { + "get": { + "description": { + "$ref": "desc/settings/oidc_get.md" + }, + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/identity.ProviderSettings" + } + } + }, + "description": "ProviderSettings are the Oauth/ OpenID Connect connectivity settings" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Settings" + ], + "x-prisma-cloud-target-env": { + "permission": "authConfiguration" + }, + "operationId": "get-settings-oidc", + "summary": "Get Open ID Connect Settings" + }, + "post": { + "description": { + "$ref": "desc/settings/oidc_post.md" + }, + "requestBody": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/identity.ProviderSettings" + } + } + } + }, + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Settings" + ], + "x-prisma-cloud-target-env": { + "permission": "authConfiguration" + }, + "operationId": "post-settings-oidc", + "summary": "Add Open ID Connect Settings" + } + }, + "/api/v33.03/settings/proxy": { + "get": { + "description": { + "$ref": "desc/settings/proxy_get.md" + }, + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/common.ProxySettings" + } + } + }, + "description": "ProxySettings are the http proxy settings" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Settings" + ], + "x-prisma-cloud-target-env": { + "permission": "systemOperations" + }, + "operationId": "get-settings-proxy", + "summary": "Get Proxy Settings of Prisma Cloud Compute" + }, + "post": { + "description": { + "$ref": "desc/settings/proxy_post.md" + }, + "requestBody": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/common.ProxySettings" + } + } + } + }, + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Settings" + ], + "x-prisma-cloud-target-env": { + "permission": "systemOperations" + }, + "operationId": "post-settings-proxy", + "summary": "Add Proxy Settings for Prisma Cloud Compute" + } + }, + "/api/v33.03/settings/registry": { + "get": { + "description": { + "$ref": "desc/settings/registry_get.md" + }, + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/shared.RegistrySettings" + } + } + }, + "description": "RegistrySettings contains each registry's unique settings" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Settings" + ], + "x-prisma-cloud-target-env": { + "permission": "policyContainers" + }, + "operationId": "get-settings-registry", + "summary": "Get Registry Settings" + }, + "post": { + "description": { + "$ref": "desc/settings/registry_post.md" + }, + "parameters": [ + { + "description": "ScanLater indicates to save the setting without starting a scan.\n", + "in": "query", + "name": "scanLater", + "schema": { + "type": "boolean" + } + } + ], + "requestBody": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/shared.RegistrySpecification" + } + } + } + }, + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Settings" + ], + "x-prisma-cloud-target-env": { + "permission": "policyContainers" + }, + "operationId": "post-settings-registry", + "summary": "Add Registry Settings" + }, + "put": { + "description": { + "$ref": "desc/settings/registry_put.md" + }, + "parameters": [ + { + "description": "ScanLater indicates to save the setting without starting a scan.\n", + "in": "query", + "name": "scanLater", + "schema": { + "type": "boolean" + } + } + ], + "requestBody": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/shared.RegistrySettings" + } + } + } + }, + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Settings" + ], + "x-prisma-cloud-target-env": { + "permission": "policyContainers" + }, + "operationId": "put-settings-registry", + "summary": "Update Registry Settings" + } + }, + "/api/v33.03/settings/saml": { + "get": { + "description": { + "$ref": "desc/settings/saml_get.md" + }, + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/identity.SamlSettings" + } + } + }, + "description": "SamlSettings are the saml connectivity settings" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Settings" + ], + "x-prisma-cloud-target-env": { + "permission": "authConfiguration" + }, + "operationId": "get-settings-saml", + "summary": "Get SAML Settings of Prisma Cloud Compute" + }, + "post": { + "description": { + "$ref": "desc/settings/saml_post.md" + }, + "requestBody": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/identity.SamlSettings" + } + } + } + }, + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Settings" + ], + "x-prisma-cloud-target-env": { + "permission": "authConfiguration" + }, + "operationId": "post-settings-saml", + "summary": "Add SAML Settings for Prisma Cloud Compute" + } + }, + "/api/v33.03/settings/scan": { + "get": { + "description": { + "$ref": "desc/settings/scan_get.md" + }, + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/shared.ScanSettings" + } + } + }, + "description": "ScanSettings are global settings for image/host/container and registry scanning" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Settings" + ], + "x-prisma-cloud-target-env": { + "permission": "systemOperations" + }, + "operationId": "get-settings-scan", + "summary": "Get Global Scan Settings" + }, + "post": { + "description": { + "$ref": "desc/settings/scan_post.md" + }, + "requestBody": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/shared.ScanSettings" + } + } + } + }, + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Settings" + ], + "x-prisma-cloud-target-env": { + "permission": "systemOperations" + }, + "operationId": "post-settings-scan", + "summary": "Add Global Scan Settings" + } + }, + "/api/v33.03/settings/tas": { + "get": { + "description": { + "$ref": "desc/settings/tas_get.md" + }, + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/-_shared.TASDropletSpecification" + } + } + }, + "description": "" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Settings" + ], + "x-prisma-cloud-target-env": { + "permission": "policyContainers" + }, + "operationId": "get-settings-tas", + "summary": "Get TAS Settings" + }, + "post": { + "description": { + "$ref": "desc/settings/tas_post.md" + }, + "requestBody": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/-_shared.TASDropletSpecification" + } + } + } + }, + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Settings" + ], + "x-prisma-cloud-target-env": { + "permission": "policyContainers" + }, + "operationId": "post-settings-tas", + "summary": "Add TAS Settings" + } + }, + "/api/v33.03/settings/telemetry": { + "get": { + "description": { + "$ref": "desc/settings/telemetry_get.md" + }, + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/types.TelemetrySettings" + } + } + }, + "description": "TelemetrySettings is the telemetry settings" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Settings" + ], + "x-prisma-cloud-target-env": { + "permission": "systemOperations" + }, + "operationId": "get-settings-telemetry", + "summary": "Get Telemetry Settings" + }, + "post": { + "description": { + "$ref": "desc/settings/telemetry_post.md" + }, + "requestBody": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/types.TelemetrySettings" + } + } + } + }, + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Settings" + ], + "x-prisma-cloud-target-env": { + "permission": "systemOperations" + }, + "operationId": "post-settings-telemetry", + "summary": "Enable or Disable Telemetry Settings" + } + }, + "/api/v33.03/settings/trusted-certificate": { + "post": { + "description": { + "$ref": "desc/settings/telemetry_get.md" + }, + "requestBody": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/types.CertData" + } + } + } + }, + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/shared.TrustedCertSignature" + } + } + }, + "description": "TrustedCertSignature represents a trusted cert settings" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Settings" + ], + "x-prisma-cloud-target-env": { + "permission": "authConfiguration" + }, + "operationId": "post-settings-trusted-certificate", + "summary": "Add a Certificate to a Trusted Certificate List" + } + }, + "/api/v33.03/settings/trusted-certificates": { + "post": { + "description": { + "$ref": "desc/settings/telemetry_post.md" + }, + "requestBody": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/shared.TrustedCertSettings" + } + } + } + }, + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Settings" + ], + "x-prisma-cloud-target-env": { + "permission": "authConfiguration" + }, + "operationId": "post-settings-trusted-certificates", + "summary": "Add Trusted Certificate Settings" + } + }, + "/api/v33.03/settings/vm": { + "get": { + "description": { + "$ref": "desc/settings/vm_get.md" + }, + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/-_shared.VMSpecification" + } + } + }, + "description": "" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Settings" + ], + "x-prisma-cloud-target-env": { + "permission": "policyHosts" + }, + "operationId": "get-settings-vm", + "summary": "Get VM Image Scan Settings" + }, + "put": { + "description": { + "$ref": "desc/settings/vm_put.md" + }, + "requestBody": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/-_shared.VMSpecification" + } + } + } + }, + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Settings" + ], + "x-prisma-cloud-target-env": { + "permission": "policyHosts" + }, + "operationId": "put-settings-vm", + "summary": "Update VM Image Scan Settings" + } + }, + "/api/v33.03/settings/wildfire": { + "get": { + "description": { + "$ref": "desc/settings/wildfire_get.md" + }, + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/shared.WildFireSettings" + } + } + }, + "description": "WildFireSettings are the settings for WildFire API requests" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Settings" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorCI" + }, + "operationId": "get-settings-wildfire", + "summary": "Wild Fire Settings" + } + }, + "/api/v33.03/stats/app-firewall/count": { + "get": { + "description": { + "$ref": "desc/stats/app_firewall_count_get.md" + }, + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/int" + } + } + }, + "description": "" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Stats" + ], + "x-prisma-cloud-target-env": { + "permission": "systemOperations" + }, + "operationId": "get-stats-app-firewall-count", + "summary": "Application Firewall Count" + } + }, + "/api/v33.03/stats/compliance": { + "get": { + "description": { + "$ref": "desc/stats/compliance_get.md" + }, + "parameters": [ + { + "description": "Scopes query by collection.\n", + "in": "query", + "name": "collections", + "schema": { + "description": "Scopes query by collection.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Scopes query by account ID.\n", + "in": "query", + "name": "accountIDs", + "schema": { + "description": "Scopes query by account ID.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters results by rule name.\n", + "in": "query", + "name": "ruleName", + "schema": { + "type": "string" + } + }, + { + "description": "Filters results by policy type. Used to further scope queries because rule names do not need to be unique between policies.\n", + "in": "query", + "name": "policyType", + "schema": { + "description": "PolicyType represents the type of the policy", + "enum": [ + [ + "containerVulnerability", + "containerCompliance", + "ciImagesVulnerability", + "ciImagesCompliance", + "hostVulnerability", + "hostCompliance", + "vmVulnerability", + "vmCompliance", + "serverlessCompliance", + "ciServerlessCompliance", + "serverlessVulnerability", + "ciServerlessVulnerability", + "containerRuntime", + "appEmbeddedRuntime", + "containerAppFirewall", + "hostAppFirewall", + "outOfBandAppFirewall", + "agentlessAppFirewall", + "serverObserverAppFirewall", + "appEmbeddedAppFirewall", + "serverlessAppFirewall", + "networkFirewall", + "secrets", + "hostRuntime", + "serverlessRuntime", + "kubernetesAudit", + "trust", + "admission", + "codeRepoCompliance", + "ciCodeRepoCompliance", + "ciCodeRepoVulnerability", + "codeRepoVulnerability" + ] + ], + "type": "string" + } + }, + { + "description": "Filters results by category. For example, a benchmark or resource type.\n", + "in": "query", + "name": "category", + "schema": { + "description": "ComplianceCategory represents the compliance category", + "enum": [ + [ + "Docker", + "Docker (DISA STIG)", + "Twistlock Labs", + "Custom", + "Istio", + "Linux", + "Kubernetes", + "CRI", + "OpenShift", + "Application Control", + "GKE", + "Prisma Cloud Labs", + "EKS", + "AKS" + ] + ], + "type": "string" + } + }, + { + "description": "Filters results by compliance template.\n", + "in": "query", + "name": "template", + "schema": { + "description": "ComplianceTemplate represents the compliance template", + "enum": [ + [ + "PCI", + "HIPAA", + "NIST SP 800-190", + "GDPR", + "DISA STIG" + ] + ], + "type": "string" + } + } + ], + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/types.ComplianceStats" + } + } + }, + "description": "ComplianceStats holds compliance data" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Stats" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorCompliance" + }, + "operationId": "get-stats-compliance", + "summary": "Get Compliance Stats" + } + }, + "/api/v33.03/stats/compliance/download": { + "get": { + "description": { + "$ref": "desc/stats/compliance_download_get.md" + }, + "parameters": [ + { + "description": "Scopes query by collection.\n", + "in": "query", + "name": "collections", + "schema": { + "description": "Scopes query by collection.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Scopes query by account ID.\n", + "in": "query", + "name": "accountIDs", + "schema": { + "description": "Scopes query by account ID.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters results by rule name.\n", + "in": "query", + "name": "ruleName", + "schema": { + "type": "string" + } + }, + { + "description": "Filters results by policy type. Used to further scope queries because rule names do not need to be unique between policies.\n", + "in": "query", + "name": "policyType", + "schema": { + "description": "PolicyType represents the type of the policy", + "enum": [ + [ + "containerVulnerability", + "containerCompliance", + "ciImagesVulnerability", + "ciImagesCompliance", + "hostVulnerability", + "hostCompliance", + "vmVulnerability", + "vmCompliance", + "serverlessCompliance", + "ciServerlessCompliance", + "serverlessVulnerability", + "ciServerlessVulnerability", + "containerRuntime", + "appEmbeddedRuntime", + "containerAppFirewall", + "hostAppFirewall", + "outOfBandAppFirewall", + "agentlessAppFirewall", + "serverObserverAppFirewall", + "appEmbeddedAppFirewall", + "serverlessAppFirewall", + "networkFirewall", + "secrets", + "hostRuntime", + "serverlessRuntime", + "kubernetesAudit", + "trust", + "admission", + "codeRepoCompliance", + "ciCodeRepoCompliance", + "ciCodeRepoVulnerability", + "codeRepoVulnerability" + ] + ], + "type": "string" + } + }, + { + "description": "Filters results by category. For example, a benchmark or resource type.\n", + "in": "query", + "name": "category", + "schema": { + "description": "ComplianceCategory represents the compliance category", + "enum": [ + [ + "Docker", + "Docker (DISA STIG)", + "Twistlock Labs", + "Custom", + "Istio", + "Linux", + "Kubernetes", + "CRI", + "OpenShift", + "Application Control", + "GKE", + "Prisma Cloud Labs", + "EKS", + "AKS" + ] + ], + "type": "string" + } + }, + { + "description": "Filters results by compliance template.\n", + "in": "query", + "name": "template", + "schema": { + "description": "ComplianceTemplate represents the compliance template", + "enum": [ + [ + "PCI", + "HIPAA", + "NIST SP 800-190", + "GDPR", + "DISA STIG" + ] + ], + "type": "string" + } + } + ], + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Stats" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorCompliance" + }, + "operationId": "get-stats-compliance-download", + "summary": "Download Compliance Stats" + } + }, + "/api/v33.03/stats/compliance/refresh": { + "post": { + "description": { + "$ref": "desc/stats/compliance_refresh.md" + }, + "parameters": [ + { + "description": "Scopes query by collection.\n", + "in": "query", + "name": "collections", + "schema": { + "description": "Scopes query by collection.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Scopes query by account ID.\n", + "in": "query", + "name": "accountIDs", + "schema": { + "description": "Scopes query by account ID.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters results by rule name.\n", + "in": "query", + "name": "ruleName", + "schema": { + "type": "string" + } + }, + { + "description": "Filters results by policy type. Used to further scope queries because rule names do not need to be unique between policies.\n", + "in": "query", + "name": "policyType", + "schema": { + "description": "PolicyType represents the type of the policy", + "enum": [ + [ + "containerVulnerability", + "containerCompliance", + "ciImagesVulnerability", + "ciImagesCompliance", + "hostVulnerability", + "hostCompliance", + "vmVulnerability", + "vmCompliance", + "serverlessCompliance", + "ciServerlessCompliance", + "serverlessVulnerability", + "ciServerlessVulnerability", + "containerRuntime", + "appEmbeddedRuntime", + "containerAppFirewall", + "hostAppFirewall", + "outOfBandAppFirewall", + "agentlessAppFirewall", + "serverObserverAppFirewall", + "appEmbeddedAppFirewall", + "serverlessAppFirewall", + "networkFirewall", + "secrets", + "hostRuntime", + "serverlessRuntime", + "kubernetesAudit", + "trust", + "admission", + "codeRepoCompliance", + "ciCodeRepoCompliance", + "ciCodeRepoVulnerability", + "codeRepoVulnerability" + ] + ], + "type": "string" + } + }, + { + "description": "Filters results by category. For example, a benchmark or resource type.\n", + "in": "query", + "name": "category", + "schema": { + "description": "ComplianceCategory represents the compliance category", + "enum": [ + [ + "Docker", + "Docker (DISA STIG)", + "Twistlock Labs", + "Custom", + "Istio", + "Linux", + "Kubernetes", + "CRI", + "OpenShift", + "Application Control", + "GKE", + "Prisma Cloud Labs", + "EKS", + "AKS" + ] + ], + "type": "string" + } + }, + { + "description": "Filters results by compliance template.\n", + "in": "query", + "name": "template", + "schema": { + "description": "ComplianceTemplate represents the compliance template", + "enum": [ + [ + "PCI", + "HIPAA", + "NIST SP 800-190", + "GDPR", + "DISA STIG" + ] + ], + "type": "string" + } + } + ], + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/types.ComplianceStats" + } + } + }, + "description": "ComplianceStats holds compliance data" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Stats" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorCompliance" + }, + "operationId": "post-stats-compliance-refresh", + "summary": "Refresh Compliance Stats" + } + }, + "/api/v33.03/stats/daily": { + "get": { + "description": { + "$ref": "desc/stats/daily_get.md" + }, + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/-_types.Stats" + } + } + }, + "description": "" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Stats" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorRuntimeContainers" + }, + "operationId": "get-stats-daily", + "summary": "Get Daily Compliance Stats" + } + }, + "/api/v33.03/stats/dashboard": { + "get": { + "description": { + "$ref": "desc/stats/dashboard_get.md" + }, + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/types.Trends" + } + } + }, + "description": "Trends contains data on global trends in the system" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Stats" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorVuln" + }, + "operationId": "get-stats-dashboard", + "summary": "Get Dashboard Stats" + } + }, + "/api/v33.03/stats/events": { + "get": { + "description": { + "$ref": "desc/stats/events_get.md" + }, + "parameters": [ + { + "description": "Collections are collections scoping the query.\n", + "in": "query", + "name": "collections", + "schema": { + "description": "Collections are collections scoping the query.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "AccountIDs are the account IDs scoping the query.\n", + "in": "query", + "name": "accountIDs", + "schema": { + "description": "AccountIDs are the account IDs scoping the query.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "From is an optional minimum time constraints for the audit.\n", + "in": "query", + "name": "from", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "To is an optional maximum time constraints for the audit.\n", + "in": "query", + "name": "to", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "AttackTechniques are the MITRE attack techniques.\n", + "in": "query", + "name": "attackTechniques", + "schema": { + "description": "AttackTechniques are the MITRE attack techniques.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + } + ], + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/types.EventStats" + } + } + }, + "description": "EventStats holds counters for all event types" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Stats" + ], + "x-prisma-cloud-target-env": { + "permission": "accessUI" + }, + "operationId": "get-stats-events", + "summary": "Get Event Stats" + } + }, + "/api/v33.03/stats/license": { + "get": { + "description": { + "$ref": "desc/stats/license_get.md" + }, + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/types.LicenseStats" + } + } + }, + "description": "LicenseStats holds the console license stats" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Stats" + ], + "x-prisma-cloud-target-env": { + "permission": "systemOperations" + }, + "operationId": "get-stats-license", + "summary": "Get Event Stats" + } + }, + "/api/v33.03/stats/vulnerabilities": { + "get": { + "description": { + "$ref": "desc/stats/vulnerabilities_get.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Limit is the amount to fix.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Sorts the result using a key.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": "CVE is the single CVE ID to return vulnerability data for.\n", + "in": "query", + "name": "cve", + "schema": { + "type": "string" + } + }, + { + "description": "SeverityThreshold is the minimum severity indicating that all retrieved CVEs severities are greater than or equal to the threshold.\n", + "in": "query", + "name": "severityThreshold", + "schema": { + "type": "string" + } + }, + { + "description": "CVSSThreshold is the minimum CVSS score indicating that all retrieved CVEs CVSS scores are greater than or equal to the threshold.\n", + "in": "query", + "name": "cvssThreshold", + "schema": { + "format": "float", + "type": "number" + } + }, + { + "description": "ResourceType is the single resource type to return vulnerability data for.\n", + "in": "query", + "name": "resourceType", + "schema": { + "description": "ResourceType represents the resource type", + "enum": [ + [ + "container", + "image", + "host", + "istio", + "vm", + "function", + "registryImage" + ] + ], + "type": "string" + } + }, + { + "description": "Agentless indicates whether to retrieve vulnerability data for agentless hosts/images.\n", + "in": "query", + "name": "agentless", + "schema": { + "type": "boolean" + } + }, + { + "description": "Stopped indicates whether to retrieve vulnerability data for hosts that were not running during agentless scan.\n", + "in": "query", + "name": "stopped", + "schema": { + "type": "boolean" + } + }, + { + "description": "Packages filter by impacted packages.\n", + "in": "query", + "name": "packages", + "schema": { + "description": "Packages filter by impacted packages.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "RiskFactors filter by CVE risk factors.\n", + "in": "query", + "name": "riskFactors", + "schema": { + "description": "RiskFactors filter by CVE risk factors.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "EnvRiskFactors filter by environmental risk factors.\n", + "in": "query", + "name": "envRiskFactors", + "schema": { + "description": "EnvRiskFactors filter by environmental risk factors.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + } + ], + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/-_types.VulnerabilityStats" + } + } + }, + "description": "" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Stats" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorVuln" + }, + "operationId": "get-stats-vulnerabilities", + "summary": "Get Vulnerability (CVEs) Stats" + } + }, + "/api/v33.03/stats/vulnerabilities/download": { + "get": { + "description": { + "$ref": "desc/stats/vulnerabilities_download_get.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Limit is the amount to fix.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Sorts the result using a key.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": "CVE is the single CVE ID to return vulnerability data for.\n", + "in": "query", + "name": "cve", + "schema": { + "type": "string" + } + }, + { + "description": "SeverityThreshold is the minimum severity indicating that all retrieved CVEs severities are greater than or equal to the threshold.\n", + "in": "query", + "name": "severityThreshold", + "schema": { + "type": "string" + } + }, + { + "description": "CVSSThreshold is the minimum CVSS score indicating that all retrieved CVEs CVSS scores are greater than or equal to the threshold.\n", + "in": "query", + "name": "cvssThreshold", + "schema": { + "format": "float", + "type": "number" + } + }, + { + "description": "ResourceType is the single resource type to return vulnerability data for.\n", + "in": "query", + "name": "resourceType", + "schema": { + "description": "ResourceType represents the resource type", + "enum": [ + [ + "container", + "image", + "host", + "istio", + "vm", + "function", + "registryImage" + ] + ], + "type": "string" + } + }, + { + "description": "Agentless indicates whether to retrieve vulnerability data for agentless hosts/images.\n", + "in": "query", + "name": "agentless", + "schema": { + "type": "boolean" + } + }, + { + "description": "Stopped indicates whether to retrieve vulnerability data for hosts that were not running during agentless scan.\n", + "in": "query", + "name": "stopped", + "schema": { + "type": "boolean" + } + }, + { + "description": "Packages filter by impacted packages.\n", + "in": "query", + "name": "packages", + "schema": { + "description": "Packages filter by impacted packages.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "RiskFactors filter by CVE risk factors.\n", + "in": "query", + "name": "riskFactors", + "schema": { + "description": "RiskFactors filter by CVE risk factors.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "EnvRiskFactors filter by environmental risk factors.\n", + "in": "query", + "name": "envRiskFactors", + "schema": { + "description": "EnvRiskFactors filter by environmental risk factors.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + } + ], + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Stats" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorVuln" + }, + "operationId": "get-stats-vulnerabilities-download", + "summary": "Download Vulnerability (CVEs) Stats" + } + }, + "/api/v33.03/stats/vulnerabilities/impacted-resources": { + "get": { + "description": { + "$ref": "desc/stats/vulnerabilities_impacted_resources_get.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Limit is the amount to fix.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Sorts the result using a key.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": "CVE is used to as a pivot for the impacted resource search.\n", + "in": "query", + "name": "cve", + "schema": { + "type": "string" + } + }, + { + "description": "SeverityThreshold is the minimum severity indicating that all retrieved CVEs severities are greater than or equal to the threshold.\n", + "in": "query", + "name": "severityThreshold", + "schema": { + "type": "string" + } + }, + { + "description": "CVSSThreshold is the minimum CVSS score indicating that all retrieved CVEs CVSS scores are greater than or equal to the threshold.\n", + "in": "query", + "name": "cvssThreshold", + "schema": { + "format": "float", + "type": "number" + } + }, + { + "description": "ResourceType is the single resource type to return vulnerability data for.\n", + "in": "query", + "name": "resourceType", + "schema": { + "description": "ResourceType represents the resource type", + "enum": [ + [ + "container", + "image", + "host", + "istio", + "vm", + "function", + "registryImage" + ] + ], + "type": "string" + } + }, + { + "description": "Agentless indicates whether to retrieve vulnerability data for agentless hosts/images.\n", + "in": "query", + "name": "agentless", + "schema": { + "type": "boolean" + } + }, + { + "description": "Stopped indicates whether to retrieve vulnerability data for hosts that were not running during agentless scan.\n", + "in": "query", + "name": "stopped", + "schema": { + "type": "boolean" + } + }, + { + "description": "Packages filter by impacted packages.\n", + "in": "query", + "name": "packages", + "schema": { + "description": "Packages filter by impacted packages.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "RiskFactors filter by CVE risk factors.\n", + "in": "query", + "name": "riskFactors", + "schema": { + "description": "RiskFactors filter by CVE risk factors.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "EnvRiskFactors filter by environmental risk factors.\n", + "in": "query", + "name": "envRiskFactors", + "schema": { + "description": "EnvRiskFactors filter by environmental risk factors.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + } + ], + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/types.VulnImpactedResources" + } + } + }, + "description": "VulnImpactedResources holds details about the resources impacted by vulnerability" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Stats" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorVuln" + }, + "operationId": "get-stats-vulnerabilities-impacted-resources", + "summary": "Get Impacted Resources Vulnerability (CVE) Stats" + } + }, + "/api/v33.03/stats/vulnerabilities/impacted-resources/download": { + "get": { + "description": { + "$ref": "desc/stats/vulnerabilities_impacted_resources_download_get.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Limit is the amount to fix.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Sorts the result using a key.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": "CVE is used to as a pivot for the impacted resource search.\n", + "in": "query", + "name": "cve", + "schema": { + "type": "string" + } + }, + { + "description": "SeverityThreshold is the minimum severity indicating that all retrieved CVEs severities are greater than or equal to the threshold.\n", + "in": "query", + "name": "severityThreshold", + "schema": { + "type": "string" + } + }, + { + "description": "CVSSThreshold is the minimum CVSS score indicating that all retrieved CVEs CVSS scores are greater than or equal to the threshold.\n", + "in": "query", + "name": "cvssThreshold", + "schema": { + "format": "float", + "type": "number" + } + }, + { + "description": "ResourceType is the single resource type to return vulnerability data for.\n", + "in": "query", + "name": "resourceType", + "schema": { + "description": "ResourceType represents the resource type", + "enum": [ + [ + "container", + "image", + "host", + "istio", + "vm", + "function", + "registryImage" + ] + ], + "type": "string" + } + }, + { + "description": "Agentless indicates whether to retrieve vulnerability data for agentless hosts/images.\n", + "in": "query", + "name": "agentless", + "schema": { + "type": "boolean" + } + }, + { + "description": "Stopped indicates whether to retrieve vulnerability data for hosts that were not running during agentless scan.\n", + "in": "query", + "name": "stopped", + "schema": { + "type": "boolean" + } + }, + { + "description": "Packages filter by impacted packages.\n", + "in": "query", + "name": "packages", + "schema": { + "description": "Packages filter by impacted packages.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "RiskFactors filter by CVE risk factors.\n", + "in": "query", + "name": "riskFactors", + "schema": { + "description": "RiskFactors filter by CVE risk factors.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "EnvRiskFactors filter by environmental risk factors.\n", + "in": "query", + "name": "envRiskFactors", + "schema": { + "description": "EnvRiskFactors filter by environmental risk factors.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + } + ], + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Stats" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorVuln" + }, + "operationId": "get-stats-vulnerabilities-impacted-resources-download", + "summary": "Download Impacted Resources Vulnerability (CVE) Stats" + } + }, + "/api/v33.03/stats/vulnerabilities/refresh": { + "post": { + "description": { + "$ref": "desc/stats/vulnerabilities_refresh_post.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Limit is the amount to fix.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Sorts the result using a key.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + } + ], + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/-_types.VulnerabilityStats" + } + } + }, + "description": "" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Stats" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorVuln" + }, + "operationId": "post-stats-vulnerabilities-refresh", + "summary": "Refresh Vulnerability Stats" + } + }, + "/api/v33.03/statuses/buildah": { + "get": { + "description": { + "$ref": "desc/statuses/buildah_get.md" + }, + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/api.BuildahFeatureStatus" + } + } + }, + "description": "BuildahFeatureStatus holds the response for the buildah feature status" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Statuses" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorCI" + }, + "operationId": "get-statuses-buildah", + "summary": "Buildah Feature Status returns the buildah feature status" + } + }, + "/api/v33.03/statuses/registry": { + "get": { + "description": { + "$ref": "desc/statuses/registry_get.md" + }, + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/defender.ScanStatus" + } + } + }, + "description": "ScanStatus represents the status of current scan" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Statuses" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorImages" + }, + "operationId": "get-statuses-registry", + "summary": "Get Registry Scan Status" + } + }, + "/api/v33.03/tags": { + "get": { + "description": { + "$ref": "desc/tags/get.md" + }, + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/-_shared.Tag" + } + } + }, + "description": "" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Tags" + ], + "x-prisma-cloud-target-env": { + "permission": "collections" + }, + "operationId": "get-tags", + "summary": "Get Tags" + }, + "post": { + "description": { + "$ref": "desc/tags/post.md" + }, + "requestBody": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/shared.Tag" + } + } + } + }, + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Tags" + ], + "x-prisma-cloud-target-env": { + "permission": "collections" + }, + "operationId": "post-tags", + "summary": "Add Tags" + } + }, + "/api/v33.03/tags/{id}": { + "delete": { + "description": { + "$ref": "desc/tags/name_delete.md" + }, + "parameters": [ + { + "in": "path", + "name": "id", + "required": true, + "schema": { + "type": "string" + } + } + ], + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Tags" + ], + "x-prisma-cloud-target-env": { + "permission": "collections" + }, + "operationId": "delete-tags-id", + "summary": "Delete a Tag" + }, + "put": { + "description": { + "$ref": "desc/tags/name_put.md" + }, + "parameters": [ + { + "in": "path", + "name": "id", + "required": true, + "schema": { + "type": "string" + } + } + ], + "requestBody": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/shared.Tag" + } + } + } + }, + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Tags" + ], + "x-prisma-cloud-target-env": { + "permission": "collections" + }, + "operationId": "put-tags-id", + "summary": "Update a Tag" + } + }, + "/api/v33.03/tags/{id}/vuln": { + "delete": { + "description": { + "$ref": "desc/tags/tag_cve_delete.md" + }, + "parameters": [ + { + "in": "path", + "name": "id", + "required": true, + "schema": { + "type": "string" + } + } + ], + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Tags" + ], + "x-prisma-cloud-target-env": { + "permission": "collections" + }, + "operationId": "delete-tags-id-vuln", + "summary": "Delete Tag Vulnerability Metadata" + }, + "post": { + "description": { + "$ref": "desc/tags/tag_cve_post.md" + }, + "parameters": [ + { + "in": "path", + "name": "id", + "required": true, + "schema": { + "type": "string" + } + } + ], + "requestBody": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/shared.TagVulnMetadata" + } + } + } + }, + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Tags" + ], + "x-prisma-cloud-target-env": { + "permission": "collections" + }, + "operationId": "post-tags-id-vuln", + "summary": "Set Tag Vulnerability Metadata" + } + }, + "/api/v33.03/tas-droplets": { + "get": { + "description": { + "$ref": "desc/tas-droplets/get.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Limit is the amount to fix.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Sorts the result using a key.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": "Retrieves a list of cloud function IDs.\n", + "in": "query", + "name": "id", + "schema": { + "description": "Retrieves a list of cloud function IDs.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Retrieves a list of cloud controller addresses that contains the cloud functions.\n", + "in": "query", + "name": "cloudControllerAddresses", + "schema": { + "description": "Retrieves a list of cloud controller addresses that contains the cloud functions.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters the result based on cloud runtimes.\n", + "in": "query", + "name": "runtime", + "schema": { + "description": "Filters the result based on cloud runtimes.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters the result based on cloud function's versions.\n", + "in": "query", + "name": "version", + "schema": { + "description": "Filters the result based on cloud function's versions.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters the result based on AWS Lambda Layers.\n", + "in": "query", + "name": "functionLayers", + "schema": { + "description": "Filters the result based on AWS Lambda Layers.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters result based on cloud functions that are connected and protected by a Defender.\n", + "in": "query", + "name": "defended", + "schema": { + "type": "boolean" + } + }, + { + "description": "Filters result based on compliance IDs.\n", + "in": "query", + "name": "complianceIDs", + "schema": { + "description": "Filters result based on compliance IDs.\n", + "items": { + "$ref": "#/components/schemas/int" + }, + "type": "array" + } + }, + { + "description": "Filters the result based on applied compliance rule name.\n", + "in": "query", + "name": "complianceRuleName", + "schema": { + "type": "string" + } + }, + { + "description": "Filters result based on platforms (OS and architecture) such as Windows, Linux ARM x64, Linux x86, and so on.\n", + "in": "query", + "name": "platform", + "schema": { + "description": "Filters result based on platforms (OS and architecture) such as Windows, Linux ARM x64, Linux x86, and so on.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Retrieves the result in the normalized form of low, medium, high, and critical based on vulnerability's severity level.\nDefault is false.\n", + "in": "query", + "name": "normalizedSeverity", + "schema": { + "type": "boolean" + } + }, + { + "description": "Filters results by issue type.\n", + "in": "query", + "name": "issueType", + "schema": { + "description": "IssueType is used to filter scan results by issue type", + "enum": [ + [ + "vulnerabilities", + "compliance", + "" + ] + ], + "type": "string" + } + } + ], + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/-_serverless.FunctionInfo" + } + } + }, + "description": "" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Tas-Droplets" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorImages" + }, + "operationId": "get-tas-droplets", + "summary": "Get TAS Droplets" + } + }, + "/api/v33.03/tas-droplets/addresses": { + "get": { + "description": { + "$ref": "desc/tas-droplets/get_tas_addresses.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Limit is the amount to fix.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Sorts the result using a key.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": "Retrieves a list of cloud function IDs.\n", + "in": "query", + "name": "id", + "schema": { + "description": "Retrieves a list of cloud function IDs.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Retrieves a list of cloud controller addresses that contains the cloud functions.\n", + "in": "query", + "name": "cloudControllerAddresses", + "schema": { + "description": "Retrieves a list of cloud controller addresses that contains the cloud functions.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters the result based on cloud runtimes.\n", + "in": "query", + "name": "runtime", + "schema": { + "description": "Filters the result based on cloud runtimes.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters the result based on cloud function's versions.\n", + "in": "query", + "name": "version", + "schema": { + "description": "Filters the result based on cloud function's versions.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters the result based on AWS Lambda Layers.\n", + "in": "query", + "name": "functionLayers", + "schema": { + "description": "Filters the result based on AWS Lambda Layers.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters result based on cloud functions that are connected and protected by a Defender.\n", + "in": "query", + "name": "defended", + "schema": { + "type": "boolean" + } + }, + { + "description": "Filters result based on compliance IDs.\n", + "in": "query", + "name": "complianceIDs", + "schema": { + "description": "Filters result based on compliance IDs.\n", + "items": { + "$ref": "#/components/schemas/int" + }, + "type": "array" + } + }, + { + "description": "Filters the result based on applied compliance rule name.\n", + "in": "query", + "name": "complianceRuleName", + "schema": { + "type": "string" + } + }, + { + "description": "Filters result based on platforms (OS and architecture) such as Windows, Linux ARM x64, Linux x86, and so on.\n", + "in": "query", + "name": "platform", + "schema": { + "description": "Filters result based on platforms (OS and architecture) such as Windows, Linux ARM x64, Linux x86, and so on.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Retrieves the result in the normalized form of low, medium, high, and critical based on vulnerability's severity level.\nDefault is false.\n", + "in": "query", + "name": "normalizedSeverity", + "schema": { + "type": "boolean" + } + }, + { + "description": "Filters results by issue type.\n", + "in": "query", + "name": "issueType", + "schema": { + "description": "IssueType is used to filter scan results by issue type", + "enum": [ + [ + "vulnerabilities", + "compliance", + "" + ] + ], + "type": "string" + } + } + ], + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/-_string" + } + } + }, + "description": "" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Tas-Droplets" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorImages" + }, + "operationId": "get-tas-droplets-addresses", + "summary": "TAS Cloud Controller Addresses" + } + }, + "/api/v33.03/tas-droplets/download": { + "get": { + "description": { + "$ref": "desc/tas-droplets/download_get.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Limit is the amount to fix.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Sorts the result using a key.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": "Retrieves a list of cloud function IDs.\n", + "in": "query", + "name": "id", + "schema": { + "description": "Retrieves a list of cloud function IDs.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Retrieves a list of cloud controller addresses that contains the cloud functions.\n", + "in": "query", + "name": "cloudControllerAddresses", + "schema": { + "description": "Retrieves a list of cloud controller addresses that contains the cloud functions.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters the result based on cloud runtimes.\n", + "in": "query", + "name": "runtime", + "schema": { + "description": "Filters the result based on cloud runtimes.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters the result based on cloud function's versions.\n", + "in": "query", + "name": "version", + "schema": { + "description": "Filters the result based on cloud function's versions.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters the result based on AWS Lambda Layers.\n", + "in": "query", + "name": "functionLayers", + "schema": { + "description": "Filters the result based on AWS Lambda Layers.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters result based on cloud functions that are connected and protected by a Defender.\n", + "in": "query", + "name": "defended", + "schema": { + "type": "boolean" + } + }, + { + "description": "Filters result based on compliance IDs.\n", + "in": "query", + "name": "complianceIDs", + "schema": { + "description": "Filters result based on compliance IDs.\n", + "items": { + "$ref": "#/components/schemas/int" + }, + "type": "array" + } + }, + { + "description": "Filters the result based on applied compliance rule name.\n", + "in": "query", + "name": "complianceRuleName", + "schema": { + "type": "string" + } + }, + { + "description": "Filters result based on platforms (OS and architecture) such as Windows, Linux ARM x64, Linux x86, and so on.\n", + "in": "query", + "name": "platform", + "schema": { + "description": "Filters result based on platforms (OS and architecture) such as Windows, Linux ARM x64, Linux x86, and so on.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Retrieves the result in the normalized form of low, medium, high, and critical based on vulnerability's severity level.\nDefault is false.\n", + "in": "query", + "name": "normalizedSeverity", + "schema": { + "type": "boolean" + } + }, + { + "description": "Filters results by issue type.\n", + "in": "query", + "name": "issueType", + "schema": { + "description": "IssueType is used to filter scan results by issue type", + "enum": [ + [ + "vulnerabilities", + "compliance", + "" + ] + ], + "type": "string" + } + } + ], + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Tas-Droplets" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorImages" + }, + "operationId": "get-tas-droplets-download", + "summary": "Download TAS Droplets" + } + }, + "/api/v33.03/tas-droplets/progress": { + "get": { + "description": { + "$ref": "desc/tas-droplets/progress_get.md" + }, + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/-_shared.Progress" + } + } + }, + "description": "" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Tas-Droplets" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorImages" + }, + "operationId": "get-tas-droplets-progress", + "summary": "View TAS Droplets Scan Progress" + } + }, + "/api/v33.03/tas-droplets/scan": { + "post": { + "description": { + "$ref": "desc/tas-droplets/scan_post.md" + }, + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Tas-Droplets" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorImages" + }, + "operationId": "post-tas-droplets-scan", + "summary": "Scan TAS Droplets" + } + }, + "/api/v33.03/tas-droplets/stop": { + "post": { + "description": { + "$ref": "desc/tas-droplets/stop_post.md" + }, + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Tas-Droplets" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorImages" + }, + "operationId": "post-tas-droplets-stop", + "summary": "Stop TAS Droplets Ongoing Scan" + } + }, + "/api/v33.03/trust/data": { + "get": { + "description": { + "$ref": "desc/trust/data_get.md" + }, + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/trust.Data" + } + } + }, + "description": "Data holds the image trust data" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Trust" + ], + "x-prisma-cloud-target-env": { + "permission": "policyContainers" + }, + "operationId": "get-trust-data", + "summary": "Get Trusted Repository, Image, and Registry" + }, + "put": { + "description": { + "$ref": "desc/trust/data_put.md" + }, + "requestBody": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/trust.Data" + } + } + } + }, + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Trust" + ], + "x-prisma-cloud-target-env": { + "permission": "policyContainers" + }, + "operationId": "put-trust-data", + "summary": "Update Trusted Repository, Image, and Registry" + } + }, + "/api/v33.03/users": { + "get": { + "description": { + "$ref": "desc/users/get.md" + }, + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/api.UserList" + } + } + }, + "description": "UserList represents a list of users" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Users" + ], + "x-prisma-cloud-target-env": { + "permission": "userManagement" + }, + "operationId": "get-users", + "summary": "Get Users" + }, + "post": { + "description": { + "$ref": "desc/users/post.md" + }, + "requestBody": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/api.User" + } + } + } + }, + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Users" + ], + "x-prisma-cloud-target-env": { + "permission": "userManagement" + }, + "operationId": "post-users", + "summary": "Add Users" + }, + "put": { + "description": { + "$ref": "desc/users/put.md" + }, + "requestBody": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/api.User" + } + } + } + }, + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Users" + ], + "x-prisma-cloud-target-env": { + "permission": "userManagement" + }, + "operationId": "put-users", + "summary": "Update Users" + } + }, + "/api/v33.03/users/password": { + "put": { + "description": { + "$ref": "desc/users/password_put.md" + }, + "requestBody": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/types.UserPassword" + } + } + } + }, + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Users" + ], + "x-prisma-cloud-target-env": { + "permission": "user" + }, + "operationId": "put-users-password", + "summary": "Update User Password" + } + }, + "/api/v33.03/users/{id}": { + "delete": { + "description": { + "$ref": "desc/users/id_delete.md" + }, + "parameters": [ + { + "in": "path", + "name": "id", + "required": true, + "schema": { + "type": "string" + } + } + ], + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Users" + ], + "x-prisma-cloud-target-env": { + "permission": "userManagement" + }, + "operationId": "delete-users-id", + "summary": "Delete Users" + } + }, + "/api/v33.03/util/arm64/twistcli": { + "get": { + "description": { + "$ref": "desc/util/twistcli_arm64_get.md" + }, + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Util" + ], + "x-prisma-cloud-target-env": { + "permission": "downloads" + }, + "operationId": "get-util-arm64-twistcli", + "summary": "Download ARM64 twistcli for Linux OS" + } + }, + "/api/v33.03/util/osx/arm64/twistcli": { + "get": { + "description": { + "$ref": "desc/util/osx_twistcli_arm64_get.md" + }, + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Util" + ], + "x-prisma-cloud-target-env": { + "permission": "downloads" + }, + "operationId": "get-util-osx-arm64-twistcli", + "summary": "Download ARM64 twistcli for MacOS" + } + }, + "/api/v33.03/util/osx/twistcli": { + "get": { + "description": { + "$ref": "desc/util/osx_twistcli_get.md" + }, + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Util" + ], + "x-prisma-cloud-target-env": { + "permission": "downloads" + }, + "operationId": "get-util-osx-twistcli", + "summary": "Download twistcli for MacOS" + } + }, + "/api/v33.03/util/twistcli": { + "get": { + "description": { + "$ref": "desc/util/twistcli_get.md" + }, + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Util" + ], + "x-prisma-cloud-target-env": { + "permission": "downloads" + }, + "operationId": "get-util-twistcli", + "summary": "Download twistcli for Linux OS" + } + }, + "/api/v33.03/util/windows/twistcli.exe": { + "get": { + "description": { + "$ref": "desc/util/windows_twistcli_get.md" + }, + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Util" + ], + "x-prisma-cloud-target-env": { + "permission": "downloads" + }, + "operationId": "get-util-windows-twistcli.exe", + "summary": "Download twistcli for Microsoft Windows" + } + }, + "/api/v33.03/version": { + "get": { + "description": { + "$ref": "desc/version/get.md" + }, + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/string" + } + } + }, + "description": "" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Version" + ], + "x-prisma-cloud-target-env": { + "permission": "user" + }, + "operationId": "get-version", + "summary": "Get Prisma Cloud Compute Version" + } + }, + "/api/v33.03/vms": { + "get": { + "description": { + "$ref": "desc/vms/get.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Limit is the amount to fix.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Sorts the result using a key.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": "Filters the result based on VM IDs.\n", + "in": "query", + "name": "id", + "schema": { + "description": "Filters the result based on VM IDs.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters the result based on image names.\n", + "in": "query", + "name": "name", + "schema": { + "description": "Filters the result based on image names.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters the result based on cloud credentials.\n", + "in": "query", + "name": "credential", + "schema": { + "description": "Filters the result based on cloud credentials.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters the result based on OS distribution names.\n", + "in": "query", + "name": "distro", + "schema": { + "description": "Filters the result based on OS distribution names.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters the result based on release versions.\n", + "in": "query", + "name": "release", + "schema": { + "description": "Filters the result based on release versions.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters the result based on cloud image types. Example: Use marketplace, managed, or gallery for Microsoft Azure.\n", + "in": "query", + "name": "imageType", + "schema": { + "description": "Filters the result based on cloud image types. Example: Use marketplace, managed, or gallery for Microsoft Azure.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters the result based on compliance IDs.\n", + "in": "query", + "name": "complianceIDs", + "schema": { + "description": "Filters the result based on compliance IDs.\n", + "items": { + "$ref": "#/components/schemas/int" + }, + "type": "array" + } + }, + { + "description": "Filters the result based on applied compliance rule name.\n", + "in": "query", + "name": "complianceRuleName", + "schema": { + "type": "string" + } + }, + { + "description": "Retrieves the result in the normalized form of low, medium, high, and critical based on vulnerability's severity level.\nDefault is false.\n", + "in": "query", + "name": "normalizedSeverity", + "schema": { + "type": "boolean" + } + }, + { + "description": "Filters results by issue type.\n", + "in": "query", + "name": "issueType", + "schema": { + "description": "IssueType is used to filter scan results by issue type", + "enum": [ + [ + "vulnerabilities", + "compliance", + "" + ] + ], + "type": "string" + } + } + ], + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/-_shared.ImageScanResult" + } + } + }, + "description": "" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Vms" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorHosts" + }, + "operationId": "get-vms", + "summary": "Get VM Image Scan Results" + } + }, + "/api/v33.03/vms/download": { + "get": { + "description": { + "$ref": "desc/vms/download_get.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Limit is the amount to fix.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Sorts the result using a key.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": "Filters the result based on VM IDs.\n", + "in": "query", + "name": "id", + "schema": { + "description": "Filters the result based on VM IDs.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters the result based on image names.\n", + "in": "query", + "name": "name", + "schema": { + "description": "Filters the result based on image names.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters the result based on cloud credentials.\n", + "in": "query", + "name": "credential", + "schema": { + "description": "Filters the result based on cloud credentials.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters the result based on OS distribution names.\n", + "in": "query", + "name": "distro", + "schema": { + "description": "Filters the result based on OS distribution names.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters the result based on release versions.\n", + "in": "query", + "name": "release", + "schema": { + "description": "Filters the result based on release versions.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters the result based on cloud image types. Example: Use marketplace, managed, or gallery for Microsoft Azure.\n", + "in": "query", + "name": "imageType", + "schema": { + "description": "Filters the result based on cloud image types. Example: Use marketplace, managed, or gallery for Microsoft Azure.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters the result based on compliance IDs.\n", + "in": "query", + "name": "complianceIDs", + "schema": { + "description": "Filters the result based on compliance IDs.\n", + "items": { + "$ref": "#/components/schemas/int" + }, + "type": "array" + } + }, + { + "description": "Filters the result based on applied compliance rule name.\n", + "in": "query", + "name": "complianceRuleName", + "schema": { + "type": "string" + } + }, + { + "description": "Retrieves the result in the normalized form of low, medium, high, and critical based on vulnerability's severity level.\nDefault is false.\n", + "in": "query", + "name": "normalizedSeverity", + "schema": { + "type": "boolean" + } + }, + { + "description": "Filters results by issue type.\n", + "in": "query", + "name": "issueType", + "schema": { + "description": "IssueType is used to filter scan results by issue type", + "enum": [ + [ + "vulnerabilities", + "compliance", + "" + ] + ], + "type": "string" + } + } + ], + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Vms" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorHosts" + }, + "operationId": "get-vms-download", + "summary": "Download VM Image Scan Results" + } + }, + "/api/v33.03/vms/labels": { + "get": { + "description": { + "$ref": "desc/vms/labels_get.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Limit is the amount to fix.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Sorts the result using a key.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": "Filters the result based on VM IDs.\n", + "in": "query", + "name": "id", + "schema": { + "description": "Filters the result based on VM IDs.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters the result based on image names.\n", + "in": "query", + "name": "name", + "schema": { + "description": "Filters the result based on image names.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters the result based on cloud credentials.\n", + "in": "query", + "name": "credential", + "schema": { + "description": "Filters the result based on cloud credentials.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters the result based on OS distribution names.\n", + "in": "query", + "name": "distro", + "schema": { + "description": "Filters the result based on OS distribution names.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters the result based on release versions.\n", + "in": "query", + "name": "release", + "schema": { + "description": "Filters the result based on release versions.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters the result based on cloud image types. Example: Use marketplace, managed, or gallery for Microsoft Azure.\n", + "in": "query", + "name": "imageType", + "schema": { + "description": "Filters the result based on cloud image types. Example: Use marketplace, managed, or gallery for Microsoft Azure.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters the result based on compliance IDs.\n", + "in": "query", + "name": "complianceIDs", + "schema": { + "description": "Filters the result based on compliance IDs.\n", + "items": { + "$ref": "#/components/schemas/int" + }, + "type": "array" + } + }, + { + "description": "Filters the result based on applied compliance rule name.\n", + "in": "query", + "name": "complianceRuleName", + "schema": { + "type": "string" + } + }, + { + "description": "Retrieves the result in the normalized form of low, medium, high, and critical based on vulnerability's severity level.\nDefault is false.\n", + "in": "query", + "name": "normalizedSeverity", + "schema": { + "type": "boolean" + } + }, + { + "description": "Filters results by issue type.\n", + "in": "query", + "name": "issueType", + "schema": { + "description": "IssueType is used to filter scan results by issue type", + "enum": [ + [ + "vulnerabilities", + "compliance", + "" + ] + ], + "type": "string" + } + } + ], + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/-_string" + } + } + }, + "description": "" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Vms" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorHosts" + }, + "operationId": "get-vms-labels", + "summary": "Get VM Image Tags" + } + }, + "/api/v33.03/vms/names": { + "get": { + "description": { + "$ref": "desc/vms/names_get.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Limit is the amount to fix.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Sorts the result using a key.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": "Filters the result based on VM IDs.\n", + "in": "query", + "name": "id", + "schema": { + "description": "Filters the result based on VM IDs.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters the result based on image names.\n", + "in": "query", + "name": "name", + "schema": { + "description": "Filters the result based on image names.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters the result based on cloud credentials.\n", + "in": "query", + "name": "credential", + "schema": { + "description": "Filters the result based on cloud credentials.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters the result based on OS distribution names.\n", + "in": "query", + "name": "distro", + "schema": { + "description": "Filters the result based on OS distribution names.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters the result based on release versions.\n", + "in": "query", + "name": "release", + "schema": { + "description": "Filters the result based on release versions.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters the result based on cloud image types. Example: Use marketplace, managed, or gallery for Microsoft Azure.\n", + "in": "query", + "name": "imageType", + "schema": { + "description": "Filters the result based on cloud image types. Example: Use marketplace, managed, or gallery for Microsoft Azure.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters the result based on compliance IDs.\n", + "in": "query", + "name": "complianceIDs", + "schema": { + "description": "Filters the result based on compliance IDs.\n", + "items": { + "$ref": "#/components/schemas/int" + }, + "type": "array" + } + }, + { + "description": "Filters the result based on applied compliance rule name.\n", + "in": "query", + "name": "complianceRuleName", + "schema": { + "type": "string" + } + }, + { + "description": "Retrieves the result in the normalized form of low, medium, high, and critical based on vulnerability's severity level.\nDefault is false.\n", + "in": "query", + "name": "normalizedSeverity", + "schema": { + "type": "boolean" + } + }, + { + "description": "Filters results by issue type.\n", + "in": "query", + "name": "issueType", + "schema": { + "description": "IssueType is used to filter scan results by issue type", + "enum": [ + [ + "vulnerabilities", + "compliance", + "" + ] + ], + "type": "string" + } + } + ], + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/-_string" + } + } + }, + "description": "" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Vms" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorHosts" + }, + "operationId": "get-vms-names", + "summary": "Get VM Image Names" + } + }, + "/api/v33.03/vms/scan": { + "post": { + "description": { + "$ref": "desc/vms/scan_post.md" + }, + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Vms" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorHosts" + }, + "operationId": "post-vms-scan", + "summary": "Start VM Image Scan" + } + }, + "/api/v33.03/vms/stop": { + "post": { + "description": { + "$ref": "desc/vms/stop_post.md" + }, + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Vms" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorHosts" + }, + "operationId": "post-vms-stop", + "summary": "Stop VM Image Scan" + } + }, + "/api/v33.03/waas/openapi-scans": { + "post": { + "description": { + "$ref": "desc/waas/openapi-scans_post.md" + }, + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/waas.OpenAPIScan" + } + } + }, + "description": "OpenAPIScan represents the OpenAPI file scan" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Waas" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorWAAS" + }, + "operationId": "post-waas-openapi-scans", + "summary": "Scan OpenAPI Specification File for WAAS Observations" + } + } + }, + "tags": [ + { + "name": "Agentless", + "description": { + "$ref": "desc/agentless/agentless.md" + } + }, + { + "name": "Ais-Api" + }, + { + "name": "Alert-Profiles" + }, + { + "name": "Application-Control", + "description": { + "$ref": "desc/application-control/application-control.md" + } + }, + { + "name": "Audits", + "description": { + "$ref": "desc/audits/audits.md" + } + }, + { + "name": "Authenticate", + "description": { + "$ref": "desc/authenticate/authenticate.md" + } + }, + { + "name": "Authenticate-Client", + "description": { + "$ref": "desc/authenticate-client/authenticate-client.md" + } + }, + { + "name": "Backups" + }, + { + "name": "Bff" + }, + { + "name": "Ccs" + }, + { + "name": "Certs", + "description": { + "$ref": "desc/certs/certs.md" + } + }, + { + "name": "Cloud", + "description": { + "$ref": "desc/cloud/cloud.md" + } + }, + { + "name": "Cloud-Scan-Rules" + }, + { + "name": "Cloud-Security-Agent" + }, + { + "name": "Clustered-Db" + }, + { + "name": "Coderepos-Ci" + }, + { + "name": "Collections", + "description": { + "$ref": "desc/collections/collections.md" + } + }, + { + "name": "Config" + }, + { + "name": "Containers", + "description": { + "$ref": "desc/containers/containers.md" + } + }, + { + "name": "Credentials", + "description": { + "$ref": "desc/credentials/credentials.md" + } + }, + { + "name": "Current" + }, + { + "name": "Custom-Compliance", + "description": { + "$ref": "desc/custom-compliance/custom-compliance.md" + } + }, + { + "name": "Custom-Rules", + "description": { + "$ref": "desc/custom-rules/custom-rules.md" + } + }, + { + "name": "Cves" + }, + { + "name": "Defenders", + "description": { + "$ref": "desc/defenders/defenders.md" + } + }, + { + "name": "Deployment" + }, + { + "name": "Feeds", + "description": { + "$ref": "desc/feeds/feeds.md" + } + }, + { + "name": "Forensic" + }, + { + "name": "Groups", + "description": { + "$ref": "desc/groups/groups.md" + } + }, + { + "name": "Harbor" + }, + { + "name": "Hosts", + "description": { + "$ref": "desc/hosts/hosts.md" + } + }, + { + "name": "Images", + "description": { + "$ref": "desc/images/images.md" + } + }, + { + "name": "Kubernetes" + }, + { + "name": "Logout" + }, + { + "name": "Logs" + }, + { + "name": "Policies", + "description": { + "$ref": "desc/policies/policies.md" + } + }, + { + "name": "Profiles", + "description": { + "$ref": "desc/profiles/profiles.md" + } + }, + { + "name": "Projects" + }, + { + "name": "Radar" + }, + { + "name": "Rbac" + }, + { + "name": "Registry", + "description": { + "$ref": "desc/registry/registry.md" + } + }, + { + "name": "Registry-Count" + }, + { + "name": "Runtime" + }, + { + "name": "Sandbox", + "description": { + "$ref": "desc/sandbox/sandbox.md" + } + }, + { + "name": "Sbom", + "description": { + "$ref": "desc/sbom/sbom_intro.md" + } + }, + { + "name": "Scans", + "description": { + "$ref": "desc/scans/scans.md" + } + }, + { + "name": "Scripts" + }, + { + "name": "Security-Advisor" + }, + { + "name": "Serverless", + "description": { + "$ref": "desc/serverless/serverless.md" + } + }, + { + "name": "Settings", + "description": { + "$ref": "desc/settings/settings.md" + } + }, + { + "name": "Signup", + "description": { + "$ref": "desc/signup/signup.md" + } + }, + { + "name": "Static" + }, + { + "name": "Stats", + "description": { + "$ref": "desc/stats/stats.md" + } + }, + { + "name": "Statuses", + "description": { + "$ref": "desc/statuses/statuses.md" + } + }, + { + "description": "This API is an officially supported route", + "externalDocs": { + "url": "https://cdn.twistlock.com/docs/api/twistlock_api.html" + }, + "name": "Supported API" + }, + { + "name": "Tags", + "description": { + "$ref": "desc/tags/tags.md" + } + }, + { + "name": "Tas-Droplets" + }, + { + "name": "Trust", + "description": { + "$ref": "desc/trust/trust.md" + } + }, + { + "name": "Trusted-Images" + }, + { + "name": "Users", + "description": { + "$ref": "desc/users/users.md" + } + }, + { + "name": "Util", + "description": { + "$ref": "desc/util/util.md" + } + }, + { + "name": "Version", + "description": { + "$ref": "desc/version/version.md" + } + }, + { + "name": "Vms", + "description": { + "$ref": "desc/vms/vms.md" + } + }, + { + "name": "Waas" + }, + { + "name": "Xsoar-Alerts" + }, + { + "name": "_Ping", + "description": { + "$ref": "desc/_ping/_ping.md" + } + } + ] +} \ No newline at end of file diff --git a/openapi-specs/cwpp/openapi-33-02-130-saas.json b/openapi-specs/cwpp/33-02/openapi-33-02-130-saas.json similarity index 100% rename from openapi-specs/cwpp/openapi-33-02-130-saas.json rename to openapi-specs/cwpp/33-02/openapi-33-02-130-saas.json diff --git a/openapi-specs/cwpp/openapi-33-03-138-saas.json b/openapi-specs/cwpp/openapi-33-03-138-saas.json new file mode 100644 index 000000000..b077c4de8 --- /dev/null +++ b/openapi-specs/cwpp/openapi-33-03-138-saas.json @@ -0,0 +1,51554 @@ +{ + "components": { + "schemas": { + "-_admission.Audit": { + "items": { + "$ref": "#/components/schemas/admission.Audit" + }, + "type": "array" + }, + "-_ais.ScanInstancesRequest": { + "items": { + "$ref": "#/components/schemas/ais.ScanInstancesRequest" + }, + "type": "array" + }, + "-_ais.ScanInstancesResult": { + "items": { + "$ref": "#/components/schemas/ais.ScanInstancesResult" + }, + "type": "array" + }, + "-_api.AggregationPeriod": { + "items": { + "$ref": "#/components/schemas/api.AggregationPeriod" + }, + "type": "array" + }, + "-_api.AlertProfile": { + "items": { + "$ref": "#/components/schemas/api.AlertProfile" + }, + "type": "array" + }, + "-_applicationcontrol.Rule": { + "items": { + "$ref": "#/components/schemas/applicationcontrol.Rule" + }, + "type": "array" + }, + "-_ccs.ConsoleMessage": { + "items": { + "$ref": "#/components/schemas/ccs.ConsoleMessage" + }, + "type": "array" + }, + "-_collection.Collection": { + "items": { + "$ref": "#/components/schemas/collection.Collection" + }, + "type": "array" + }, + "-_collection.Usage": { + "items": { + "$ref": "#/components/schemas/collection.Usage" + }, + "type": "array" + }, + "-_cred.Credential": { + "items": { + "$ref": "#/components/schemas/cred.Credential" + }, + "type": "array" + }, + "-_customrules.Rule": { + "items": { + "$ref": "#/components/schemas/customrules.Rule" + }, + "type": "array" + }, + "-_defender.Defender": { + "items": { + "$ref": "#/components/schemas/defender.Defender" + }, + "type": "array" + }, + "-_deployment.DaemonSet": { + "items": { + "$ref": "#/components/schemas/deployment.DaemonSet" + }, + "type": "array" + }, + "-_forensic.ContainerEvent": { + "items": { + "$ref": "#/components/schemas/forensic.ContainerEvent" + }, + "type": "array" + }, + "-_forensic.HostEvent": { + "items": { + "$ref": "#/components/schemas/forensic.HostEvent" + }, + "type": "array" + }, + "-_kubeaudit.Audit": { + "items": { + "$ref": "#/components/schemas/kubeaudit.Audit" + }, + "type": "array" + }, + "-_kubeaudit.AuditSpecification": { + "items": { + "$ref": "#/components/schemas/kubeaudit.AuditSpecification" + }, + "type": "array" + }, + "-_log.LogEntry": { + "items": { + "$ref": "#/components/schemas/log.LogEntry" + }, + "type": "array" + }, + "-_prisma.AlertIntegration": { + "items": { + "$ref": "#/components/schemas/prisma.AlertIntegration" + }, + "type": "array" + }, + "-_rbac.Role": { + "items": { + "$ref": "#/components/schemas/rbac.Role" + }, + "type": "array" + }, + "-_runtime.ContainerProfileHost": { + "items": { + "$ref": "#/components/schemas/runtime.ContainerProfileHost" + }, + "type": "array" + }, + "-_runtime.HostProfile": { + "items": { + "$ref": "#/components/schemas/runtime.HostProfile" + }, + "type": "array" + }, + "-_sandbox.ScanResult": { + "items": { + "$ref": "#/components/schemas/sandbox.ScanResult" + }, + "type": "array" + }, + "-_serverless.FunctionInfo": { + "items": { + "$ref": "#/components/schemas/serverless.FunctionInfo" + }, + "type": "array" + }, + "-_serverless.RadarFilter": { + "items": { + "$ref": "#/components/schemas/serverless.RadarFilter" + }, + "type": "array" + }, + "-_shared.AppEmbeddedRuntimeProfile": { + "items": { + "$ref": "#/components/schemas/shared.AppEmbeddedRuntimeProfile" + }, + "type": "array" + }, + "-_shared.AppFirewallAudit": { + "items": { + "$ref": "#/components/schemas/shared.AppFirewallAudit" + }, + "type": "array" + }, + "-_shared.Audit": { + "items": { + "$ref": "#/components/schemas/shared.Audit" + }, + "type": "array" + }, + "-_shared.BackupSpec": { + "items": { + "$ref": "#/components/schemas/shared.BackupSpec" + }, + "type": "array" + }, + "-_shared.CLIScanResult": { + "items": { + "$ref": "#/components/schemas/shared.CLIScanResult" + }, + "type": "array" + }, + "-_shared.CloudDiscoveryAccount": { + "items": { + "$ref": "#/components/schemas/shared.CloudDiscoveryAccount" + }, + "type": "array" + }, + "-_shared.CloudDiscoveryEntity": { + "items": { + "$ref": "#/components/schemas/shared.CloudDiscoveryEntity" + }, + "type": "array" + }, + "-_shared.CloudDiscoveryRadar": { + "items": { + "$ref": "#/components/schemas/shared.CloudDiscoveryRadar" + }, + "type": "array" + }, + "-_shared.CloudDiscoveryResult": { + "items": { + "$ref": "#/components/schemas/shared.CloudDiscoveryResult" + }, + "type": "array" + }, + "-_shared.CloudScanRule": { + "items": { + "$ref": "#/components/schemas/shared.CloudScanRule" + }, + "type": "array" + }, + "-_shared.ContainerNetworkFirewallProfileAudits": { + "items": { + "$ref": "#/components/schemas/shared.ContainerNetworkFirewallProfileAudits" + }, + "type": "array" + }, + "-_shared.ContainerRuntimeProfile": { + "items": { + "$ref": "#/components/schemas/shared.ContainerRuntimeProfile" + }, + "type": "array" + }, + "-_shared.ContainerScanResult": { + "items": { + "$ref": "#/components/schemas/shared.ContainerScanResult" + }, + "type": "array" + }, + "-_shared.CustomComplianceCheck": { + "items": { + "$ref": "#/components/schemas/shared.CustomComplianceCheck" + }, + "type": "array" + }, + "-_shared.FileIntegrityEvent": { + "items": { + "$ref": "#/components/schemas/shared.FileIntegrityEvent" + }, + "type": "array" + }, + "-_shared.HostActivity": { + "items": { + "$ref": "#/components/schemas/shared.HostActivity" + }, + "type": "array" + }, + "-_shared.HostInfo": { + "items": { + "$ref": "#/components/schemas/shared.HostInfo" + }, + "type": "array" + }, + "-_shared.HostNetworkFirewallProfileAudits": { + "items": { + "$ref": "#/components/schemas/shared.HostNetworkFirewallProfileAudits" + }, + "type": "array" + }, + "-_shared.ImageScanResult": { + "items": { + "$ref": "#/components/schemas/shared.ImageScanResult" + }, + "type": "array" + }, + "-_shared.Incident": { + "items": { + "$ref": "#/components/schemas/shared.Incident" + }, + "type": "array" + }, + "-_shared.LambdaRuntimeType": { + "items": { + "$ref": "#/components/schemas/shared.LambdaRuntimeType" + }, + "type": "array" + }, + "-_shared.LogInspectionEvent": { + "items": { + "$ref": "#/components/schemas/shared.LogInspectionEvent" + }, + "type": "array" + }, + "-_shared.MgmtAudit": { + "items": { + "$ref": "#/components/schemas/shared.MgmtAudit" + }, + "type": "array" + }, + "-_shared.Progress": { + "items": { + "$ref": "#/components/schemas/shared.Progress" + }, + "type": "array" + }, + "-_shared.RegionData": { + "items": { + "$ref": "#/components/schemas/shared.RegionData" + }, + "type": "array" + }, + "-_shared.RegistryScanProgress": { + "items": { + "$ref": "#/components/schemas/shared.RegistryScanProgress" + }, + "type": "array" + }, + "-_shared.RegistryScanRequest": { + "items": { + "$ref": "#/components/schemas/shared.RegistryScanRequest" + }, + "type": "array" + }, + "-_shared.RuntimeAudit": { + "items": { + "$ref": "#/components/schemas/shared.RuntimeAudit" + }, + "type": "array" + }, + "-_shared.TASDropletSpecification": { + "items": { + "$ref": "#/components/schemas/shared.TASDropletSpecification" + }, + "type": "array" + }, + "-_shared.Tag": { + "items": { + "$ref": "#/components/schemas/shared.Tag" + }, + "type": "array" + }, + "-_shared.TrustAudits": { + "items": { + "$ref": "#/components/schemas/shared.TrustAudits" + }, + "type": "array" + }, + "-_shared.VMSpecification": { + "items": { + "$ref": "#/components/schemas/shared.VMSpecification" + }, + "type": "array" + }, + "-_string": { + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "-_types.AgentlessHostStatus": { + "items": { + "$ref": "#/components/schemas/types.AgentlessHostStatus" + }, + "type": "array" + }, + "-_types.AlertProfileOption": { + "items": { + "$ref": "#/components/schemas/types.AlertProfileOption" + }, + "type": "array" + }, + "-_types.AuditTimeslice": { + "items": { + "$ref": "#/components/schemas/types.AuditTimeslice" + }, + "type": "array" + }, + "-_types.BaseImagesRule": { + "items": { + "$ref": "#/components/schemas/types.BaseImagesRule" + }, + "type": "array" + }, + "-_types.CVEStats": { + "items": { + "$ref": "#/components/schemas/types.CVEStats" + }, + "type": "array" + }, + "-_types.CVEVulnerability": { + "items": { + "$ref": "#/components/schemas/types.CVEVulnerability" + }, + "type": "array" + }, + "-_types.ClusterRadarInfo": { + "items": { + "$ref": "#/components/schemas/types.ClusterRadarInfo" + }, + "type": "array" + }, + "-_types.CredentialUsage": { + "items": { + "$ref": "#/components/schemas/types.CredentialUsage" + }, + "type": "array" + }, + "-_types.DefenderSummary": { + "items": { + "$ref": "#/components/schemas/types.DefenderSummary" + }, + "type": "array" + }, + "-_types.DefendersVersionCount": { + "items": { + "$ref": "#/components/schemas/types.DefendersVersionCount" + }, + "type": "array" + }, + "-_types.DiscoveredVM": { + "items": { + "$ref": "#/components/schemas/types.DiscoveredVM" + }, + "type": "array" + }, + "-_types.Endpoint": { + "items": { + "$ref": "#/components/schemas/types.Endpoint" + }, + "type": "array" + }, + "-_types.ImpactedOutOfBandEntity": { + "items": { + "$ref": "#/components/schemas/types.ImpactedOutOfBandEntity" + }, + "type": "array" + }, + "-_types.Project": { + "items": { + "$ref": "#/components/schemas/types.Project" + }, + "type": "array" + }, + "-_types.Stats": { + "items": { + "$ref": "#/components/schemas/types.Stats" + }, + "type": "array" + }, + "-_types.UserCollection": { + "items": { + "$ref": "#/components/schemas/types.UserCollection" + }, + "type": "array" + }, + "-_types.UserProject": { + "items": { + "$ref": "#/components/schemas/types.UserProject" + }, + "type": "array" + }, + "-_types.VulnerabilityStats": { + "items": { + "$ref": "#/components/schemas/types.VulnerabilityStats" + }, + "type": "array" + }, + "-_uint8": { + "items": { + "$ref": "#/components/schemas/uint8" + }, + "type": "array" + }, + "-_vuln.WildFireMalware": { + "items": { + "$ref": "#/components/schemas/vuln.WildFireMalware" + }, + "type": "array" + }, + "-_waas.APIChangeDetails": { + "items": { + "$ref": "#/components/schemas/waas.APIChangeDetails" + }, + "type": "array" + }, + "-_waas.DiscoveredAPI": { + "items": { + "$ref": "#/components/schemas/waas.DiscoveredAPI" + }, + "type": "array" + }, + "-_waas.NetworkList": { + "items": { + "$ref": "#/components/schemas/waas.NetworkList" + }, + "type": "array" + }, + "-_waas.OpenAPIScan": { + "items": { + "$ref": "#/components/schemas/waas.OpenAPIScan" + }, + "type": "array" + }, + "-_waas.UnprotectedContainersWebApps": { + "items": { + "$ref": "#/components/schemas/waas.UnprotectedContainersWebApps" + }, + "type": "array" + }, + "-_waas.UnprotectedHostsWebApps": { + "items": { + "$ref": "#/components/schemas/waas.UnprotectedHostsWebApps" + }, + "type": "array" + }, + "-_waas.VPCConfigMirroredResource": { + "items": { + "$ref": "#/components/schemas/waas.VPCConfigMirroredResource" + }, + "type": "array" + }, + "-_waas.VPCConfigResource": { + "items": { + "$ref": "#/components/schemas/waas.VPCConfigResource" + }, + "type": "array" + }, + "admission.Audit": { + "description": "Audit represents an admission audit", + "properties": { + "accountID": { + "description": "AccountID is the cloud account ID.\n", + "type": "string" + }, + "attackTechniques": { + "description": "AttackTechniques are the MITRE attack techniques.\n", + "items": { + "$ref": "#/components/schemas/mitre.Technique" + }, + "type": "array" + }, + "cluster": { + "description": "Cluster is the cluster where the audit took place.\n", + "type": "string" + }, + "collections": { + "description": "Collections are collections to which this audit applies.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "effect": { + "description": "Effect is the rule effect which was applied to the review which led to this audit.\n", + "type": "string" + }, + "kind": { + "description": "Kind is the type of object being manipulated. For example: Pod.\n", + "type": "string" + }, + "message": { + "description": "Message is the rule user defined message which appears on audit.\n", + "type": "string" + }, + "namespace": { + "description": "Namespace is the namespace associated with the request (if any).\n", + "type": "string" + }, + "operation": { + "description": "Operation is the operation being performed.\n", + "type": "string" + }, + "rawRequest": { + "description": "RawRequest is the original review request that caused this audit.\n", + "type": "string" + }, + "resource": { + "description": "Resource is the name of the resource being requested. This is not the kind. For example: pods.\n", + "type": "string" + }, + "ruleName": { + "description": "RuleName is the name of the rule which issued this audit.\n", + "type": "string" + }, + "time": { + "description": "Time is the time at which the audit was generated.\n", + "format": "date-time", + "type": "string" + }, + "userGroups": { + "description": "UserGroups is the names of groups this user is a part of.\n", + "type": "string" + }, + "userUid": { + "description": "UserUID is a unique value that identifies this user across time. If this user is\ndeleted and another user by the same name is added, they will have\ndifferent UIDs.\n", + "type": "string" + }, + "username": { + "description": "Username is the name that uniquely identifies this user among all active users.\n", + "type": "string" + } + }, + "type": "object" + }, + "admission.Policy": { + "description": "Policy represents a policy enforced on Kubernetes admission reviews", + "properties": { + "_id": { + "description": "ID is the policy ID.\n", + "type": "string" + }, + "rules": { + "description": "Rules is a list of rules associated with the admission policy.\n", + "items": { + "$ref": "#/components/schemas/admission.Rule" + }, + "type": "array" + } + }, + "type": "object" + }, + "admission.Rule": { + "description": "Rule represents an admission rule", + "properties": { + "attackTechniques": { + "description": "AttackTechniques are the MITRE attack techniques.\n", + "items": { + "$ref": "#/components/schemas/mitre.Technique" + }, + "type": "array" + }, + "description": { + "description": "Description is the rule description.\n", + "type": "string" + }, + "disabled": { + "description": "Indicates whether the rule is currently disabled. Values: true (disabled) or false (enabled).\n", + "type": "boolean" + }, + "effect": { + "$ref": "#/components/schemas/common.PolicyEffect" + }, + "modified": { + "description": "Specifies the date and time when the rule was last modified.\n", + "format": "date-time", + "type": "string" + }, + "name": { + "description": "Name of the rule.\n", + "type": "string" + }, + "notes": { + "description": "Describes any noteworthy points for a rule. You can include any text.\n", + "type": "string" + }, + "owner": { + "description": "User who created or last modified the rule.\n", + "type": "string" + }, + "previousName": { + "description": "Previous name of the rule. Required for rule renaming.\n", + "type": "string" + }, + "script": { + "description": "Script is the Rego script.\n", + "type": "string" + }, + "skipRawReq": { + "description": "SkipRawReq signals to exclude raw review request in a resulting admission audit.\n", + "type": "boolean" + } + }, + "type": "object" + }, + "agentless.ImageScanResultErrCode": { + "description": "ImageScanResultErrCode represents the asset status error", + "type": "integer" + }, + "ais.ScanInstancesRequest": { + "properties": { + "cloudAccountID": { + "description": ".\n", + "type": "string" + }, + "cloudInstanceIds": { + "description": ".\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "cloudProvider": { + "$ref": "#/components/schemas/common.CloudProvider" + }, + "region": { + "description": ".\n", + "type": "string" + } + }, + "type": "object" + }, + "ais.ScanInstancesResult": { + "properties": { + "description": { + "description": ".\n", + "type": "string" + }, + "instances": { + "description": ".\n", + "items": { + "$ref": "#/components/schemas/ais.ScanInstancesRequest" + }, + "type": "array" + }, + "status": { + "description": ".\n", + "type": "integer" + } + }, + "type": "object" + }, + "api.AggregationPeriod": { + "description": "AggregationPeriod represents a period over which alerts are aggregated", + "properties": { + "displayName": { + "description": "The display name of the aggregation period.\n", + "type": "string" + }, + "periodMS": { + "description": "The aggregation period's duration in milliseconds.\n", + "type": "integer" + } + }, + "type": "object" + }, + "api.AlertClientType": { + "description": "AlertClientType represents the type of alert client (e.g., email, slack, ...)", + "type": "string" + }, + "api.AlertProfile": { + "description": "AlertProfile represents an alert profile (event type and recipients)", + "properties": { + "_id": { + "description": "ID is the alert profile ID.\n", + "type": "string" + }, + "consoleIdentifier": { + "description": "ConsoleIdentifier is the console identifier.\n", + "type": "string" + }, + "cortex": { + "$ref": "#/components/schemas/api.AlertProfileCortexSettings" + }, + "disabled": { + "description": "Indicates whether the rule is currently disabled. Values: true (disabled) or false (enabled).\n", + "type": "boolean" + }, + "email": { + "$ref": "#/components/schemas/api.AlertProfileEmailSettings" + }, + "external": { + "description": "External indicates that the profile is integrated through Prisma Cloud.\n", + "type": "boolean" + }, + "gcpPubsub": { + "$ref": "#/components/schemas/api.AlertProfileGcpPubsubSettings" + }, + "integrationID": { + "description": "IntegrationID is the ID identifying the provider configured in Prisma Cloud.\n", + "type": "string" + }, + "jira": { + "$ref": "#/components/schemas/api.AlertProfileJIRASettings" + }, + "lastError": { + "description": "LastError represents the last error when sending the profile.\n", + "type": "string" + }, + "modified": { + "description": "Specifies the date and time when the rule was last modified.\n", + "format": "date-time", + "type": "string" + }, + "name": { + "description": "Name of the rule.\n", + "type": "string" + }, + "notes": { + "description": "Describes any noteworthy points for a rule. You can include any text.\n", + "type": "string" + }, + "owner": { + "description": "User who created or last modified the rule.\n", + "type": "string" + }, + "pagerduty": { + "$ref": "#/components/schemas/api.AlertProfilePagerDutySettings" + }, + "policy": { + "additionalProperties": { + "$ref": "#/components/schemas/api.AlertRule" + }, + "description": "Policy contains the mapping between alert type to the applied alert rules.\n", + "type": "object" + }, + "previousName": { + "description": "Previous name of the rule. Required for rule renaming.\n", + "type": "string" + }, + "securityAdvisor": { + "$ref": "#/components/schemas/api.AlertProfileSecurityAdvisor" + }, + "securityCenter": { + "$ref": "#/components/schemas/api.AlertProfileSecurityCenterSettings" + }, + "securityHub": { + "$ref": "#/components/schemas/api.AlertProfileSecurityHubSettings" + }, + "serviceNow": { + "$ref": "#/components/schemas/api.AlertProfileServiceNowSettings" + }, + "slack": { + "$ref": "#/components/schemas/api.AlertProfileSlackSettings" + }, + "splunk": { + "$ref": "#/components/schemas/api.AlertProfileSplunkSettings" + }, + "sqs": { + "$ref": "#/components/schemas/api.AlertProfileSQSSettings" + }, + "vulnerabilityImmediateAlertsEnabled": { + "description": "VulnerabilityImmediateAlertsEnabled indicates whether an immediate vulnerability alert will be sent upon new image scan.\n", + "type": "boolean" + }, + "webhook": { + "$ref": "#/components/schemas/api.AlertProfileWebhookSettings" + } + }, + "type": "object" + }, + "api.AlertProfileCortexSettings": { + "description": "AlertProfileCortexSettings represents Cortex applications alert profile settings", + "properties": { + "application": { + "$ref": "#/components/schemas/api.CortexApp" + }, + "caCert": { + "description": "CACert is the certificate used to verify the server.\n", + "type": "string" + }, + "credentialId": { + "description": "CredentialID is the id of the basic authentication credential.\n", + "type": "string" + }, + "enabled": { + "description": "Enabled is Webhook provider enabled/disabled indicator.\n", + "type": "boolean" + }, + "json": { + "description": "JSON is the custom JSON we send to the URL.\n", + "type": "string" + }, + "url": { + "description": "URL is the Webhook address.\n", + "type": "string" + } + }, + "type": "object" + }, + "api.AlertProfileEmailSettings": { + "description": "AlertProfileEmailSettings represents the alert profile Email settings", + "properties": { + "credentialId": { + "description": "CredentialID is the Email authentication credentials id.\n", + "type": "string" + }, + "enabled": { + "description": ".\n", + "type": "boolean" + }, + "from": { + "description": "From is the from address of the mail.\n", + "type": "string" + }, + "labels": { + "description": "Labels are custom label names from which the mail recipients are extracted, allowing to dynamically extract the target of the alerts.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "port": { + "description": ".\n", + "type": "integer" + }, + "recipients": { + "description": ".\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "smtpAddress": { + "description": ".\n", + "type": "string" + }, + "ssl": { + "description": ".\n", + "type": "boolean" + } + }, + "type": "object" + }, + "api.AlertProfileGcpPubsubSettings": { + "description": "AlertProfileGcpPubsubSettings is the GCP Pub/Sub alert profile settings", + "properties": { + "credentialId": { + "description": "CredentialID is the GCP Pub/Sub authentication credentials id.\n", + "type": "string" + }, + "enabled": { + "description": "Enabled indicates whether the GCP Pub/Sub settings are enabled.\n", + "type": "boolean" + }, + "topic": { + "description": "Topic is the GCP Pub/Sub topic (used by subscribers to listen for messages).\n", + "type": "string" + } + }, + "type": "object" + }, + "api.AlertProfileJIRASettings": { + "description": "AlertProfileJIRASettings represents the alert profile JIRA settings", + "properties": { + "assignee": { + "$ref": "#/components/schemas/api.JIRADynamicField" + }, + "baseUrl": { + "description": "BaseURL is the JIRA address.\n", + "type": "string" + }, + "caCert": { + "description": "CACert is the certificate used to verify the server.\n", + "type": "string" + }, + "credentialId": { + "description": "CredentialID is the JIRA authentication credentials id.\n", + "type": "string" + }, + "enabled": { + "description": "Enabled controls whether the rule is enabled.\n", + "type": "boolean" + }, + "issueType": { + "description": "IssueType is the type of the JIRA issue.\n", + "type": "string" + }, + "labels": { + "$ref": "#/components/schemas/api.JIRADynamicLabels" + }, + "priority": { + "description": "Priority is the issue priority.\n", + "type": "string" + }, + "projectKey": { + "$ref": "#/components/schemas/api.JIRADynamicField" + } + }, + "type": "object" + }, + "api.AlertProfilePagerDutySettings": { + "description": "AlertProfilePagerDutySettings represents the alert profile PagerDuty settings", + "properties": { + "enabled": { + "description": "Enabled is PagerDuty provider enabled/disabled indicator.\n", + "type": "boolean" + }, + "routingKey": { + "$ref": "#/components/schemas/common.Secret" + }, + "severity": { + "$ref": "#/components/schemas/api.PagerDutyAlertSeverity" + }, + "summary": { + "description": "Summary is the PagerDuty's event summary.\n", + "type": "string" + } + }, + "type": "object" + }, + "api.AlertProfileSQSSettings": { + "description": "AlertProfileSQSSettings represents the alert profile SQS settings", + "properties": { + "enabled": { + "description": "Enabled is the SQS provider enabled/disabled indicator.\n", + "type": "boolean" + }, + "json": { + "description": "JSON is the custom json we send to SQS.\n", + "type": "string" + } + }, + "type": "object" + }, + "api.AlertProfileSecurityAdvisor": { + "description": "AlertProfileSecurityAdvisor is the IBM security advisor alert profile settings", + "properties": { + "auto": { + "description": "Automatic means the configuration was automatically provisioned by security advisor, and only notes should be created.\n", + "type": "boolean" + }, + "credentialID": { + "description": "CredentialID is the IBM security advisor credential.\n", + "type": "string" + }, + "enabled": { + "description": "Enabled indicates whether the security advisor settings are enabled.\n", + "type": "boolean" + }, + "findingsURL": { + "description": "FindingsURL is the URL to which findings should be sent.\n", + "type": "string" + }, + "providerId": { + "description": "ProviderID is the configured providerID (default twistlock).\n", + "type": "string" + }, + "tokenURL": { + "description": "TokenURL is the url from which security tokens should be fetched.\n", + "type": "string" + } + }, + "type": "object" + }, + "api.AlertProfileSecurityCenterSettings": { + "description": "AlertProfileSecurityCenterSettings is the google cloud security center alert profile settings", + "properties": { + "credentialId": { + "description": "CredentialID is the Security Center authentication credentials id.\n", + "type": "string" + }, + "enabled": { + "description": ".\n", + "type": "boolean" + }, + "sourceID": { + "description": "SourceID is the google cloud security center organization source ID (used to construct security advisor findings).\n", + "type": "string" + } + }, + "type": "object" + }, + "api.AlertProfileSecurityHubSettings": { + "description": "AlertProfileSecurityHubSettings is the AWS security hub alert profile settings", + "properties": { + "accountID": { + "description": "AccountID is the AWS account ID.\n", + "type": "string" + }, + "credentialId": { + "description": "CredentialID is the SecurityHub authentication credentials id.\n", + "type": "string" + }, + "enabled": { + "description": "Enabled indicates whether the security hub settings are enabled.\n", + "type": "boolean" + }, + "region": { + "description": "Region is the aws region.\n", + "type": "string" + } + }, + "type": "object" + }, + "api.AlertProfileServiceNowSettings": { + "description": "AlertProfileServiceNowSettings represents the ServiceNow provider alert profile settings", + "properties": { + "application": { + "$ref": "#/components/schemas/api.ServiceNowApp" + }, + "assignee": { + "description": "Assignee is the ServiceNow user to whom will assign ServiceNow incidents\\items.\n", + "type": "string" + }, + "assignmentGroup": { + "description": "AssignmentGroup is the ServiceNow group of users handling security incidents.\n", + "type": "string" + }, + "auditPriority": { + "description": "AuditPriority is the priority at which to set audit alerts in security incidents.\n", + "type": "string" + }, + "caCert": { + "description": "CA certificate for on-premise ssl (optional).\n", + "type": "string" + }, + "credentialID": { + "description": "CredentialID is the ServiceNow authentication credentials id.\n", + "type": "string" + }, + "enabled": { + "description": "Enabled is the ServiceNow provider enabled/disabled indicator.\n", + "type": "boolean" + }, + "project": { + "description": "Project is the name of the prisma compute project that was used to generate this configuration. It's required as secondary consoles do not store their project name.\n", + "type": "string" + }, + "securityIncidentBaseURL": { + "description": "SecurityIncidentBaseURL is the ServiceNow address, used to send security incidents.\n", + "type": "string" + }, + "vulnerabilityEndpointUrl": { + "description": "VulnerabilityEndpointURL to report ServiceNow vulnerabilities, customer defined scripted REST API, see: https://docs.servicenow.com/bundle/orlando-application-development/page/integrate/custom-web-services/concept/c_CustomWebServices.html.\n", + "type": "string" + } + }, + "type": "object" + }, + "api.AlertProfileSlackSettings": { + "description": "AlertProfileSlackSettings represents the alert profile Slack settings", + "properties": { + "enabled": { + "description": ".\n", + "type": "boolean" + }, + "users": { + "description": ".\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "webhookUrl": { + "description": ".\n", + "type": "string" + } + }, + "type": "object" + }, + "api.AlertProfileSplunkSettings": { + "description": "AlertProfileSplunkSettings represents the alert profile Splunk settings", + "properties": { + "authToken": { + "$ref": "#/components/schemas/common.Secret" + }, + "caCert": { + "description": "CACert is the certificate used to verify the server (optional).\n", + "type": "string" + }, + "enabled": { + "description": "Enabled is Splunk provider enabled/disabled indicator.\n", + "type": "boolean" + }, + "json": { + "description": "JSON is the custom json we send to Splunk.\n", + "type": "string" + }, + "sourceType": { + "description": "SourceType is the alert source type.\n", + "type": "string" + }, + "url": { + "description": "URL is the Splunk HTTP event collector URL.\n", + "type": "string" + } + }, + "type": "object" + }, + "api.AlertProfileWebhookSettings": { + "description": "AlertProfileWebhookSettings represents the alert profile Webhook settings", + "properties": { + "caCert": { + "description": "CACert is the certificate used to verify the server.\n", + "type": "string" + }, + "credentialId": { + "description": "CredentialID is the id of the basic authentication credential.\n", + "type": "string" + }, + "enabled": { + "description": "Enabled is Webhook provider enabled/disabled indicator.\n", + "type": "boolean" + }, + "json": { + "description": "JSON is the custom JSON we send to the URL.\n", + "type": "string" + }, + "url": { + "description": "URL is the Webhook address.\n", + "type": "string" + } + }, + "type": "object" + }, + "api.AlertRule": { + "description": "AlertRule represents the configuration of an alert type", + "properties": { + "allRules": { + "description": "AllRules controls whether an alert is sent out for audits on all policy rules.\n", + "type": "boolean" + }, + "enabled": { + "description": "Enabled controls whether the rule is enabled.\n", + "type": "boolean" + }, + "rules": { + "description": "AssociatedRules defines the specific rules whose audits will generate alerts (relevant only if AllRules is false).\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + "type": "object" + }, + "api.AlertSettings": { + "description": "AlertSettings are the global alert settings", + "properties": { + "aggregationPeriodMs": { + "description": "AggregationPeriodMs is the alert aggregation period in milliseconds.\n", + "type": "integer" + }, + "securityAdvisorWebhook": { + "description": "SecurityAdvisorWebhook is a webhook for IBM security advisor alert wizard, used to authenticate the wizard with the console and to pull data.\n", + "type": "string" + } + }, + "type": "object" + }, + "api.AlertType": { + "description": "AlertType represents an alert type", + "enum": [ + [ + "", + "defender", + "containerRuntime", + "appEmbeddedRuntime", + "containerAppFirewall", + "hostAppFirewall", + "appEmbeddedAppFirewall", + "serverlessAppFirewall", + "agentlessAppFirewall", + "networkFirewall", + "containerVulnerability", + "registryVulnerability", + "containerCompliance", + "hostVulnerability", + "hostCompliance", + "hostRuntime", + "incident", + "serverlessRuntime", + "kubernetesAudit", + "cloudDiscovery", + "admission", + "containerComplianceScan", + "hostComplianceScan", + "waasHealth", + "vmVulnerability", + "vmCompliance", + "containerSecurityEvents", + "hostSecurityEvents" + ] + ], + "type": "string" + }, + "api.AuthType": { + "description": "AuthType is the user authentication type", + "enum": [ + [ + "saml", + "ldap", + "basic", + "oauth", + "oidc" + ] + ], + "type": "string" + }, + "api.AuthenticationRequest": { + "description": "AuthenticationRequest is the required user input for authentication requests", + "properties": { + "password": { + "description": "Password is the password used for authentication.\n", + "type": "string" + }, + "token": { + "description": "Token is the Prisma JWT token used for authentication.\n", + "type": "string" + }, + "username": { + "description": "Username is the username used for authentication.\n", + "type": "string" + } + }, + "type": "object" + }, + "api.AuthenticationResponse": { + "description": "AuthenticationResponse returns the result of calling the authentication endpoint", + "properties": { + "token": { + "description": "Token is the new JWT token.\n", + "type": "string" + } + }, + "type": "object" + }, + "api.BuildahFeatureStatus": { + "description": "BuildahFeatureStatus holds the response for the buildah feature status", + "properties": { + "enabled": { + "description": "Enabled is the buildah feature enabled/disabled indicator.\n", + "type": "boolean" + } + }, + "type": "object" + }, + "api.ConsoleAuthResponse": { + "description": "ConsoleAuthResponse represents the console certificates authentication response", + "properties": { + "role": { + "description": "UserRole is the authenticated user role.\n", + "type": "string" + }, + "token": { + "description": "Token is the console authentication response token.\n", + "type": "string" + } + }, + "type": "object" + }, + "api.CortexApp": { + "description": "CortexApp identifies a Cortex application (there are several)", + "enum": [ + [ + "xsoar", + "xdr" + ] + ], + "type": "string" + }, + "api.DefenderInstallScriptOptions": { + "description": "DefenderInstallScriptOptions holds the parameters for defender install script download", + "properties": { + "port": { + "description": "Port is the communication port between the defender and the console.\n", + "type": "integer" + }, + "proxy": { + "$ref": "#/components/schemas/common.DefenderProxyOpt" + } + }, + "type": "object" + }, + "api.InitStatus": { + "description": "InitStatus returns whether the console is initialized (i.e., if initial user/password is set)", + "properties": { + "initialized": { + "description": "Initialized indicates whether the console is initialized.\n", + "type": "boolean" + } + }, + "type": "object" + }, + "api.JIRADynamicField": { + "description": "JIRADynamicField represents a value that can be given as a string or as a dynamic label\nSee more: https://developer.atlassian.com/cloud/jira/platform/rest/v2/api-group-issues/#api-rest-api-2-issue-post", + "properties": { + "id": { + "description": "ID is the field ID.\n", + "type": "string" + }, + "labels": { + "description": "Labels are the dynamic labels of which the value is based on.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "name": { + "description": "Name is the static string field.\n", + "type": "string" + } + }, + "type": "object" + }, + "api.JIRADynamicLabels": { + "description": "JIRADynamicLabels represents JIRA labels that can be given as strings or as a dynamic label", + "properties": { + "labels": { + "description": "Labels are the dynamic labels of which JIRA labels are based on.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "names": { + "description": "Names are the static strings field.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + "type": "object" + }, + "api.LicenseRequest": { + "description": "LicenseRequest is a request to setup a new license", + "properties": { + "key": { + "description": "Key is the license key.\n", + "type": "string" + } + }, + "type": "object" + }, + "api.PagerDutyAlertSeverity": { + "description": "PagerDutyAlertSeverity is the severity of an alert triggered in PagerDuty", + "enum": [ + [ + "critical", + "error", + "warning", + "info" + ] + ], + "type": "string" + }, + "api.Permission": { + "description": "Permission represents a user or group's permission to access a specific resource.\nCurrently supported resources are:\n- Project - Access to a specific project (if empty, the Master Project by default)\n- Collection - The set of collections in the project that may be accessed (all if empty)\nIf no permissions are assigned, all projects and collections may be accessed", + "properties": { + "collections": { + "description": "List of collections the user can access.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "project": { + "description": "Names of projects which the user can access.\n", + "type": "string" + } + }, + "type": "object" + }, + "api.Permissions": { + "description": "Permissions is a list of permissions", + "items": { + "$ref": "#/components/schemas/api.Permission" + }, + "type": "array" + }, + "api.ProjectSettings": { + "description": "ProjectSettings are settings for supporting federated console", + "properties": { + "master": { + "description": "Master indicates that project feature is enabled and that this console is the master console.\n", + "type": "boolean" + }, + "redirectURL": { + "description": "RedirectURL is the redirectURL for the given project.\n", + "type": "string" + } + }, + "type": "object" + }, + "api.ResolveFunctionsReq": { + "description": "ResolveFunctionsReq represents the parameters supported by the functions resolution API", + "properties": { + "functions": { + "description": "Functions is the list of functions to evaluate.\n", + "items": { + "$ref": "#/components/schemas/serverless.FunctionInfo" + }, + "type": "array" + } + }, + "type": "object" + }, + "api.ResolveFunctionsResp": { + "description": "ResolveFunctionsResp represents the functions resolution API output", + "properties": { + "functions": { + "description": "Functions is the list of functions that were resolved.\n", + "items": { + "$ref": "#/components/schemas/serverless.FunctionInfo" + }, + "type": "array" + } + }, + "type": "object" + }, + "api.ResolveImagesReq": { + "description": "ResolveImagesReq represents the parameters supported by the images resolution API", + "properties": { + "images": { + "description": "Images is the list of image to resolve.\n", + "items": { + "$ref": "#/components/schemas/shared.ImageScanResult" + }, + "type": "array" + } + }, + "type": "object" + }, + "api.ResolveImagesResp": { + "description": "ResolveImagesResp represents the images resolution API output", + "properties": { + "images": { + "description": "Images is the list of images that were resolved.\n", + "items": { + "$ref": "#/components/schemas/shared.ImageScanResult" + }, + "type": "array" + } + }, + "type": "object" + }, + "api.ServiceNowApp": { + "description": "ServiceNowApp identifies a ServiceNow application (there are several)\nfor more details, see:\nhttps://docs.servicenow.com/bundle/orlando-security-management/page/product/security-operations/concept/security-operations-intro.html", + "enum": [ + [ + "securityIncidentsResponse", + "vulnerabilityResponse" + ] + ], + "type": "string" + }, + "api.User": { + "description": "User represents a user in Twistlock", + "properties": { + "authType": { + "$ref": "#/components/schemas/api.AuthType" + }, + "lastModified": { + "description": "Datetime when the user was created or last modified.\n", + "format": "date-time", + "type": "string" + }, + "password": { + "description": "Password for authentication.\n", + "type": "string" + }, + "permissions": { + "$ref": "#/components/schemas/api.Permissions" + }, + "role": { + "description": "User role.\n", + "type": "string" + }, + "username": { + "description": "Username for authentication.\n", + "type": "string" + } + }, + "type": "object" + }, + "api.UserList": { + "description": "UserList represents a list of users", + "items": { + "$ref": "#/components/schemas/api.User" + }, + "type": "array" + }, + "appembedded.FargateTask": { + "additionalProperties": { + "$ref": "#/components/schemas/string" + }, + "description": "FargateTask represents the generic fargate task AWS template", + "type": "object" + }, + "applicationcontrol.Application": { + "description": "Application contains data about allowed installed versions for an application", + "properties": { + "allowedVersions": { + "$ref": "#/components/schemas/vulnerability.Conditions" + }, + "name": { + "description": "Name is the name of the application.\n", + "type": "string" + } + }, + "type": "object" + }, + "applicationcontrol.Rule": { + "description": "Rule represents an application control policy rule", + "properties": { + "_id": { + "description": "ID is the ID of the rule.\n", + "type": "integer" + }, + "applications": { + "description": "Applications are rules configuring the desired effect per application.\n", + "items": { + "$ref": "#/components/schemas/applicationcontrol.Application" + }, + "type": "array" + }, + "description": { + "description": "Description is the rule description.\n", + "type": "string" + }, + "disabled": { + "description": "Indicates whether the rule is currently disabled. Values: true (disabled) or false (enabled).\n", + "type": "boolean" + }, + "modified": { + "description": "Specifies the date and time when the rule was last modified.\n", + "format": "date-time", + "type": "string" + }, + "name": { + "description": "Name of the rule.\n", + "type": "string" + }, + "notes": { + "description": "Describes any noteworthy points for a rule. You can include any text.\n", + "type": "string" + }, + "owner": { + "description": "User who created or last modified the rule.\n", + "type": "string" + }, + "previousName": { + "description": "Previous name of the rule. Required for rule renaming.\n", + "type": "string" + }, + "severity": { + "description": "Severity is the rule's severity.\n", + "type": "string" + } + }, + "type": "object" + }, + "bool": { + "type": "boolean" + }, + "byte": { + "format": "byte", + "type": "string" + }, + "ccs.AccountMessage": { + "description": "AccountMessage is a cloud account message", + "properties": { + "accountID": { + "description": "AccountID is the account ID.\n", + "type": "string" + }, + "awsRegionType": { + "$ref": "#/components/schemas/shared.RegionType" + }, + "cloudType": { + "description": "CloudType is the account type.\n", + "type": "string" + }, + "deleted": { + "description": "Deleted is true if this account is marked deleted.\n", + "type": "boolean" + }, + "enrichedFeatures": { + "description": "Features is a list of enabled features and their mode.\n", + "items": { + "$ref": "#/components/schemas/ccs.Feature" + }, + "type": "array" + }, + "features": { + "description": "EnabledFeatures is a list of enabled feature names, kept for bc.\n", + "items": { + "$ref": "#/components/schemas/ccs.FeatureName" + }, + "type": "array" + }, + "lastModified": { + "description": "LastModified is the last time this account was modified.\n", + "format": "int64", + "type": "integer" + }, + "name": { + "description": "AccountName is the account name.\n", + "type": "string" + }, + "organizationName": { + "description": "OrganizationName is the organization the account belongs to (if any).\n", + "type": "string" + } + }, + "type": "object" + }, + "ccs.ConsoleMessage": { + "description": "ConsoleMessage is a generic console message which contains one type of message, e.g. account, alert rule, etc.", + "properties": { + "accountMessage": { + "$ref": "#/components/schemas/ccs.AccountMessage" + }, + "type": { + "$ref": "#/components/schemas/ccs.MsgType" + } + }, + "type": "object" + }, + "ccs.Feature": { + "properties": { + "mode": { + "$ref": "#/components/schemas/cloudaccount.FeatureMode" + }, + "name": { + "$ref": "#/components/schemas/ccs.FeatureName" + } + }, + "type": "object" + }, + "ccs.FeatureName": { + "description": "FeatureName is the account feature name", + "enum": [ + [ + "agentless", + "serverless", + "cloud-discovery", + "auto-protect" + ] + ], + "type": "string" + }, + "ccs.MsgType": { + "description": "MsgType is the message type, e.g. `account`, `alert-rule`, etc", + "enum": [ + [ + "account" + ] + ], + "type": "string" + }, + "cloudaccount.FeatureMode": { + "enum": [ + [ + "cloud-scan", + "target-scan", + "hub-scan", + "hub" + ] + ], + "type": "string" + }, + "clustereddb.AddMemberRequest": { + "description": "AddMemberRequest represents a request for adding a member to the clustered DB pool", + "properties": { + "address": { + "description": "Address is the member address to add.\n", + "type": "string" + } + }, + "type": "object" + }, + "clustereddb.ReplicaSetMemberStateStr": { + "description": "ReplicaSetMemberStateStr is a string representation of a member's state\nRef. https://docs.mongodb.com/v4.4/reference/replica-states/", + "enum": [ + [ + "STARTUP", + "PRIMARY", + "SECONDARY", + "RECOVERING", + "STARTUP2", + "UNKNOWN", + "ARBITER", + "DOWN", + "ROLLBACK", + "REMOVED" + ] + ], + "type": "string" + }, + "clustereddb.ReplicaSetMemberStatus": { + "description": "ReplicaSetMemberStatus represents replica set member's status\nRef. https://docs.mongodb.com/v4.4/reference/command/replSetGetStatus/#mongodb-data-replSetGetStatus.members", + "properties": { + "name": { + "description": "Name is the member's name (hostname address).\n", + "type": "string" + }, + "stateStr": { + "$ref": "#/components/schemas/clustereddb.ReplicaSetMemberStateStr" + } + }, + "type": "object" + }, + "clustereddb.Settings": { + "description": "Settings represents the clustered DB settings", + "properties": { + "loadBalancerAddress": { + "description": "LoadBalancerAddress is the address of the customer's load balancer in clustered DB mode. All clients (including Defenders) are reaching the Console through the load balancer.\n", + "type": "string" + }, + "seedConsoleAddress": { + "description": "SeedConsoleAddress allows editing the address of the seed Console (optional).\n", + "type": "string" + } + }, + "type": "object" + }, + "clustereddb.StatusResponse": { + "description": "StatusResponse represents the response to a clustered DB status request", + "properties": { + "date": { + "description": "Date indicates the current time according to the queried Mongo server.\n", + "format": "date-time", + "type": "string" + }, + "loadBalancerAddress": { + "description": "LoadBalancerAddress represents the address of the load balancer.\n", + "type": "string" + }, + "members": { + "description": "Members are the replica set members.\n", + "items": { + "$ref": "#/components/schemas/clustereddb.ReplicaSetMemberStatus" + }, + "type": "array" + } + }, + "type": "object" + }, + "cnnf.AllowAllConnections": { + "description": "AllowAllConnections indicates if connections are allowed to/from any entity of the specified types\ne.g. if inbound contains the type subnet, the entity is allowed to receive connections from any subnet", + "properties": { + "inbound": { + "description": "Inbound indicates if connections are allowed from any entity of the specified types.\n", + "items": { + "$ref": "#/components/schemas/cnnf.RuleEntityType" + }, + "type": "array" + }, + "outbound": { + "description": "Outbound indicates if connections are allowed to any entity of the specified types.\n", + "items": { + "$ref": "#/components/schemas/cnnf.RuleEntityType" + }, + "type": "array" + } + }, + "type": "object" + }, + "cnnf.ContainerAudit": { + "description": "ContainerAudit represents a network firewall audit event", + "properties": { + "block": { + "description": "Block indicates whether the connection was blocked.\n", + "type": "boolean" + }, + "count": { + "description": "Count is the event occurrences count.\n", + "type": "integer" + }, + "dstContainerName": { + "description": "DstContainerName is the destination container name.\n", + "type": "string" + }, + "dstDomain": { + "description": "DstDomain is the destination domain that was queried.\n", + "type": "string" + }, + "dstImageName": { + "description": "DstImage is the destination image name.\n", + "type": "string" + }, + "dstPort": { + "description": "DstPort is the connection destination port.\n", + "type": "integer" + }, + "dstProfileHash": { + "$ref": "#/components/schemas/common.ProfileHash" + }, + "dstProfileID": { + "description": "DstProfileID is the destination profile ID.\n", + "type": "string" + }, + "dstSubnet": { + "description": "DstSubnet is the destination subnet.\n", + "type": "string" + }, + "labels": { + "additionalProperties": { + "$ref": "#/components/schemas/string" + }, + "description": "Labels are the custom labels associated with the target container.\n", + "type": "object" + }, + "msg": { + "description": "Message is the event message.\n", + "type": "string" + }, + "ruleID": { + "$ref": "#/components/schemas/cnnf.RuleID" + }, + "srcContainerName": { + "description": "SrcContainerName is the source container name.\n", + "type": "string" + }, + "srcImageName": { + "description": "SrcImage is the source image name.\n", + "type": "string" + }, + "srcProfileHash": { + "$ref": "#/components/schemas/common.ProfileHash" + }, + "srcProfileID": { + "description": "SrcProfileID is the source profile ID.\n", + "type": "string" + }, + "time": { + "description": "Time is the UTC time of the audit event.\n", + "format": "date-time", + "type": "string" + }, + "type": { + "$ref": "#/components/schemas/cnnf.NetworkFirewallAttackType" + } + }, + "type": "object" + }, + "cnnf.EntityID": { + "description": "EntityID represents the ID of each network firewall entity.\n20 bits are used. Max legal value: 2^20-1", + "type": "integer" + }, + "cnnf.HostAudit": { + "description": "HostAudit represents a host network firewall audit event", + "properties": { + "accountID": { + "description": "AccountID is the host account ID.\n", + "type": "string" + }, + "block": { + "description": "Block indicates whether the connection was blocked.\n", + "type": "boolean" + }, + "cluster": { + "description": "Cluster is the cluster from which the audit originated.\n", + "type": "string" + }, + "count": { + "description": "Count is the event occurrences count.\n", + "type": "integer" + }, + "dstHostname": { + "description": "DstHostname is the destination hostname.\n", + "type": "string" + }, + "dstPort": { + "description": "DstPort is the connection destination port.\n", + "type": "integer" + }, + "dstSubnet": { + "description": "DstSubnet is the destination subnet.\n", + "type": "string" + }, + "msg": { + "description": "Message is the event message.\n", + "type": "string" + }, + "ruleID": { + "$ref": "#/components/schemas/cnnf.RuleID" + }, + "srcHash": { + "$ref": "#/components/schemas/common.ProfileHash" + }, + "srcHostname": { + "description": "SrcHostname is the source hostname.\n", + "type": "string" + }, + "srcSubnet": { + "description": "SrcSubnet is the source subnet.\n", + "type": "string" + }, + "time": { + "description": "Time is the UTC time of the audit event.\n", + "format": "date-time", + "type": "string" + }, + "type": { + "$ref": "#/components/schemas/cnnf.NetworkFirewallAttackType" + } + }, + "type": "object" + }, + "cnnf.NetworkEntities": { + "description": "NetworkEntities represents a list of network firewall entities", + "items": { + "$ref": "#/components/schemas/cnnf.NetworkEntity" + }, + "type": "array" + }, + "cnnf.NetworkEntity": { + "description": "NetworkEntity represents a network firewall entity", + "properties": { + "_id": { + "$ref": "#/components/schemas/cnnf.EntityID" + }, + "allowAll": { + "$ref": "#/components/schemas/cnnf.AllowAllConnections" + }, + "collections": { + "description": "Collections indicate the collection the entity is part of.\n", + "items": { + "$ref": "#/components/schemas/collection.Collection" + }, + "type": "array" + }, + "domains": { + "description": "Domains is a list of domains.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "name": { + "description": "Name is the entity name.\n", + "type": "string" + }, + "subnets": { + "description": "Subnets are the CIDR format network.\n", + "items": { + "$ref": "#/components/schemas/cnnf.Subnet" + }, + "type": "array" + }, + "type": { + "$ref": "#/components/schemas/cnnf.RuleEntityType" + } + }, + "type": "object" + }, + "cnnf.NetworkFirewallAttackType": { + "description": "NetworkFirewallAttackType is the network firewall type of attack", + "enum": [ + [ + "unexpectedConnection" + ] + ], + "type": "string" + }, + "cnnf.Policy": { + "description": "Policy holds the data for firewall policies (host and container)", + "properties": { + "_id": { + "description": ".\n", + "type": "string" + }, + "containerEnabled": { + "description": "ContainerEnabled indicates whether container network firewall feature is enabled.\n", + "type": "boolean" + }, + "containerRules": { + "description": "ContainerRules holds the container firewall rules.\n", + "items": { + "$ref": "#/components/schemas/cnnf.Rule" + }, + "type": "array" + }, + "hostEnabled": { + "description": "HostEnabled indicates whether host network firewall feature is enabled.\n", + "type": "boolean" + }, + "hostRules": { + "description": "HostRules holds the host firewall rules.\n", + "items": { + "$ref": "#/components/schemas/cnnf.Rule" + }, + "type": "array" + }, + "modified": { + "description": ".\n", + "format": "date-time", + "type": "string" + }, + "networkEntities": { + "$ref": "#/components/schemas/cnnf.NetworkEntities" + }, + "owner": { + "description": ".\n", + "type": "string" + } + }, + "type": "object" + }, + "cnnf.RadarConnectionInstance": { + "description": "RadarConnectionInstance is an instance of a connection between two radar endpoints", + "properties": { + "dst": { + "description": "Dst is the dst of the connection instance. Typically kept as an IP or a hostname.\n", + "type": "string" + }, + "policyRule": { + "$ref": "#/components/schemas/cnnf.RadarPolicyRule" + }, + "port": { + "$ref": "#/components/schemas/common.PortData" + }, + "src": { + "description": "Src is the src of the connection instance. Typically kept as an IP or a hostname.\n", + "type": "string" + }, + "time": { + "description": "Time is the time the connection instance was added.\n", + "format": "date-time", + "type": "string" + } + }, + "type": "object" + }, + "cnnf.RadarConnectionInstances": { + "description": "RadarConnectionInstances holds the recent connections history between 2 entities (hosts, subnet entities, etc)", + "properties": { + "instances": { + "description": "Instances are connection samples.\n", + "items": { + "$ref": "#/components/schemas/cnnf.RadarConnectionInstance" + }, + "type": "array" + } + }, + "type": "object" + }, + "cnnf.RadarPolicyRule": { + "description": "RadarPolicyRule holds the data of a single policy rule", + "properties": { + "effect": { + "$ref": "#/components/schemas/common.Effect" + }, + "portRanges": { + "description": "PortRanges specify the ranges of ports.\n", + "items": { + "$ref": "#/components/schemas/common.PortRange" + }, + "type": "array" + } + }, + "type": "object" + }, + "cnnf.Rule": { + "description": "Rule contains the properties common to both host and container network firewall", + "properties": { + "disabled": { + "description": "Indicates whether the rule is currently disabled. Values: true (disabled) or false (enabled).\n", + "type": "boolean" + }, + "dst": { + "$ref": "#/components/schemas/cnnf.EntityID" + }, + "effect": { + "$ref": "#/components/schemas/common.Effect" + }, + "id": { + "$ref": "#/components/schemas/cnnf.RuleID" + }, + "modified": { + "description": "Specifies the date and time when the rule was last modified.\n", + "format": "date-time", + "type": "string" + }, + "name": { + "description": "Name of the rule.\n", + "type": "string" + }, + "notes": { + "description": "Describes any noteworthy points for a rule. You can include any text.\n", + "type": "string" + }, + "owner": { + "description": "User who created or last modified the rule.\n", + "type": "string" + }, + "ports": { + "description": "Ports are the entity port range specifications.\n", + "items": { + "$ref": "#/components/schemas/common.PortRange" + }, + "type": "array" + }, + "previousName": { + "description": "Previous name of the rule. Required for rule renaming.\n", + "type": "string" + }, + "src": { + "$ref": "#/components/schemas/cnnf.EntityID" + } + }, + "type": "object" + }, + "cnnf.RuleEntityType": { + "description": "RuleEntityType is the network firewall rule entity type", + "enum": [ + [ + "container", + "host", + "subnet", + "dns" + ] + ], + "type": "string" + }, + "cnnf.RuleID": { + "description": "RuleID represents the ID of each container network firewall policy rule", + "type": "integer" + }, + "cnnf.Subnet": { + "description": "Subnet is a network firewall subnet", + "properties": { + "cidr": { + "description": "CIDR is the IP range of the defined entity.\n", + "type": "string" + }, + "name": { + "description": "Name is the given name to represent the range.\n", + "type": "string" + } + }, + "type": "object" + }, + "coderepos.ManifestFile": { + "description": "ManifestFile holds the data of a specific manifest file (can also be of a dependency manifest file)", + "properties": { + "dependencies": { + "description": "Packages listed in the manifest file.\n", + "items": { + "$ref": "#/components/schemas/coderepos.PkgDependency" + }, + "type": "array" + }, + "distribution": { + "$ref": "#/components/schemas/vuln.Distribution" + }, + "path": { + "description": "Path to the file.\n", + "type": "string" + }, + "type": { + "$ref": "#/components/schemas/packages.Type" + } + }, + "type": "object" + }, + "coderepos.PkgDependency": { + "description": "PkgDependency represents a required package", + "properties": { + "devDependency": { + "description": "Indicates if this dependency is used only for the development of the package (true) or not (false).\n", + "type": "boolean" + }, + "lastResolved": { + "description": "Date/time of the last version resolution. If the value is zero, it means the version is explicit and does not require resolving.\n", + "format": "date-time", + "type": "string" + }, + "licenseSeverity": { + "description": "Maximum severity of the detected licenses according to the compliance policy.\n", + "type": "string" + }, + "licenses": { + "description": "Detected licenses of the dependant package.\n", + "items": { + "$ref": "#/components/schemas/license.SPDXLicense" + }, + "type": "array" + }, + "name": { + "description": "Package name that the dependency refers to.\n", + "type": "string" + }, + "rawRequirement": { + "description": "Line in which the package is declared.\n", + "type": "string" + }, + "unsupported": { + "description": "Indicates if this package is unsupported by the remote package manager DB (e.g., due to a bad name or private package) (true) or not (false).\n", + "type": "boolean" + }, + "version": { + "description": "Package version, either explicitly specified in a manifest or resolved by the scanner.\n", + "type": "string" + }, + "vulnerabilities": { + "description": "Vulnerabilities in the package.\n", + "items": { + "$ref": "#/components/schemas/vuln.Vulnerability" + }, + "type": "array" + } + }, + "type": "object" + }, + "coderepos.Repository": { + "description": "Repository is the metadata for a code repository", + "properties": { + "build": { + "description": "CI build.\n", + "type": "string" + }, + "defaultBranch": { + "description": "Default branch in the repository, usually master.\n", + "type": "string" + }, + "digest": { + "description": "Repository content digest. Used to indicate if the content of the repository has changed.\n", + "type": "string" + }, + "fullName": { + "description": "Full name that represents the repository (/).\n", + "type": "string" + }, + "jobName": { + "description": "CI job name.\n", + "type": "string" + }, + "name": { + "description": "Repository name.\n", + "type": "string" + }, + "owner": { + "description": "GitHub username or organization name of the repository's owner.\n", + "type": "string" + }, + "private": { + "description": "Indicates if the repository is private (true) or not (false).\n", + "type": "boolean" + }, + "size": { + "description": "Size of the repository (in KB).\n", + "type": "integer" + }, + "url": { + "description": "URL is the repository address.\n", + "type": "string" + } + }, + "type": "object" + }, + "coderepos.ScanResult": { + "description": "ScanResult holds a specific repository data", + "properties": { + "_id": { + "description": "Scan report ID in the database.\n", + "type": "string" + }, + "collections": { + "description": "List of matching code repo collections.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "complianceRiskScore": { + "description": "Code repository's compliance risk score. Used for sorting.\n", + "format": "float", + "type": "number" + }, + "files": { + "description": "Scan result for each manifest file in the repository.\n", + "items": { + "$ref": "#/components/schemas/coderepos.ManifestFile" + }, + "type": "array" + }, + "pass": { + "description": "Indicates whether the scan passed or failed.\n", + "type": "boolean" + }, + "repository": { + "$ref": "#/components/schemas/coderepos.Repository" + }, + "scanTime": { + "description": "Date/time when this repository was last scanned. The results might be from the DB and not updated if the repository contents have not changed.\n", + "format": "date-time", + "type": "string" + }, + "type": { + "$ref": "#/components/schemas/shared.CodeRepoProviderType" + }, + "updateTime": { + "description": "Date/time when this repository was last updated.\n", + "format": "date-time", + "type": "string" + }, + "vulnInfo": { + "$ref": "#/components/schemas/shared.ImageInfo" + }, + "vulnerabilityRiskScore": { + "description": "Code repository's CVE risk score. Used for sorting.\n", + "format": "float", + "type": "number" + }, + "vulnerableFiles": { + "description": "Counts how many files have vulnerabilities. Vulnerability info is calculated on demand.\n", + "type": "integer" + } + }, + "type": "object" + }, + "collection.Collection": { + "description": "Collection is a collection of resources", + "properties": { + "accountIDs": { + "description": "List of account IDs.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "appIDs": { + "description": "List of application IDs.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "clusters": { + "description": "List of Kubernetes cluster names.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "color": { + "$ref": "#/components/schemas/common.Color" + }, + "containers": { + "description": "List of containers.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "description": { + "description": "Free-form text.\n", + "type": "string" + }, + "functions": { + "description": "List of functions.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "hosts": { + "description": "List of hosts.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "images": { + "description": "List of images.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "labels": { + "description": "List of labels.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "modified": { + "description": "Datetime when the collection was last modified.\n", + "format": "date-time", + "type": "string" + }, + "name": { + "description": "Collection name. Must be unique.\n", + "type": "string" + }, + "namespaces": { + "description": "List of Kubernetes namespaces.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "owner": { + "description": "User who created or last modified the collection.\n", + "type": "string" + }, + "prisma": { + "description": "Indicates whether this collection originates from Prisma Cloud.\n", + "type": "boolean" + }, + "system": { + "description": "Indicates whether this collection was created by the system (i.e., a non user) (true) or a real user (false).\n", + "type": "boolean" + } + }, + "type": "object" + }, + "collection.Usage": { + "description": "Usage represents details of a collection being used", + "properties": { + "name": { + "description": "Name of the consumer (e.g., container runtime, username, etc.).\n", + "type": "string" + }, + "type": { + "$ref": "#/components/schemas/collection.UsageType" + } + }, + "type": "object" + }, + "collection.UsageType": { + "description": "UsageType represents a collection usage type", + "enum": [ + [ + "policy", + "settings", + "user", + "group", + "registryScan" + ] + ], + "type": "string" + }, + "common.CloudMetadata": { + "description": "CloudMetadata is the metadata for a cloud provider managed asset (e.g., as part of AWS/GCP/Azure/OCI)", + "properties": { + "accountID": { + "description": "Cloud account ID.\n", + "type": "string" + }, + "awsExecutionEnv": { + "description": "AWS execution environment (e.g. EC2/Fargate).\n", + "type": "string" + }, + "image": { + "description": "The name of the image the cloud managed host or container is based on.\n", + "type": "string" + }, + "labels": { + "description": "Cloud provider metadata labels.\n", + "items": { + "$ref": "#/components/schemas/common.ExternalLabel" + }, + "type": "array" + }, + "name": { + "description": "Resource name.\n", + "type": "string" + }, + "provider": { + "$ref": "#/components/schemas/common.CloudProvider" + }, + "region": { + "description": "Resource's region.\n", + "type": "string" + }, + "resourceID": { + "description": "Unique ID of the resource.\n", + "type": "string" + }, + "resourceURL": { + "description": "Server-defined URL for the resource.\n", + "type": "string" + }, + "type": { + "description": "Instance type.\n", + "type": "string" + }, + "vmID": { + "description": "Azure unique vm ID.\n", + "type": "string" + }, + "vmImageID": { + "description": "VMImageID holds the VM instance's image ID.\n", + "type": "string" + } + }, + "type": "object" + }, + "common.CloudProvider": { + "description": "CloudProvider specifies the cloud provider name", + "enum": [ + [ + "aws", + "azure", + "gcp", + "alibaba", + "oci", + "others" + ] + ], + "type": "string" + }, + "common.ClusterType": { + "description": "ClusterType is the cluster type", + "enum": [ + [ + "AKS", + "ECS", + "EKS", + "GKE", + "Kubernetes" + ] + ], + "type": "string" + }, + "common.Color": { + "description": "Color is a hexadecimal representation of color code value", + "type": "string" + }, + "common.ContainerRuntime": { + "description": "ContainerRuntime represents the supported container runtime types", + "enum": [ + [ + "docker", + "containerd", + "crio" + ] + ], + "type": "string" + }, + "common.DaemonSetOptions": { + "description": "DaemonSetOptions are options for creating the daemonset install script for defenders", + "properties": { + "annotations": { + "additionalProperties": { + "$ref": "#/components/schemas/string" + }, + "description": "Annotations is mapping of key-value pairs of annotations metadata - optional.\n", + "type": "object" + }, + "bottlerocket": { + "description": "Bottlerocket indicates whether to be deployed on a Bottlerocket Linux OS.\n", + "type": "boolean" + }, + "cluster": { + "description": "Cluster is the kubernetes or ecs cluster name.\n", + "type": "string" + }, + "clusterNameResolvingMethod": { + "description": "ClusterNameResolvingMethod is the method used to resolve the cluster name, could be default, manual or api-server.\n", + "type": "string" + }, + "collectPodLabels": { + "description": "CollectPodLabels indicates whether to collect pod related labels resource labels.\n", + "type": "boolean" + }, + "consoleAddr": { + "description": "ConsoleAddr is the console address for defender communication.\n", + "type": "string" + }, + "containerRuntime": { + "$ref": "#/components/schemas/common.ContainerRuntime" + }, + "cpuLimit": { + "description": "CPULimit is the cpu limit for the defender deamonset - optional.\n", + "type": "integer" + }, + "credentialID": { + "description": "CredentialID is the name of the credential used.\n", + "type": "string" + }, + "dockerSocketPath": { + "description": "DockerSocketPath is the path of the docker socket file.\n", + "type": "string" + }, + "gkeAutopilot": { + "description": "GKEAutopilot indicates the deployment is requested for GKE Autopilot.\n", + "type": "boolean" + }, + "image": { + "description": "Image is the full daemonset image name.\n", + "type": "string" + }, + "istio": { + "description": "MonitorIstio indicates whether to monitor Istio.\n", + "type": "boolean" + }, + "memoryLimit": { + "description": "MemoryLimit is a memory limit for the defender deamonset - optional.\n", + "type": "integer" + }, + "namespace": { + "description": "Namespace is the target deamonset namespaces.\n", + "type": "string" + }, + "nodeSelector": { + "description": "NodeSelector is a key/value node selector.\n", + "type": "string" + }, + "orchestration": { + "description": "Orchestration is the orchestration type.\n", + "type": "string" + }, + "priorityClassName": { + "description": "PriorityClassName is the name of the priority class for the defender - optional.\n", + "type": "string" + }, + "privileged": { + "description": "Privileged indicates whether to run defenders as privileged.\n", + "type": "boolean" + }, + "projectID": { + "description": "ProjectID is the kubernetes cluster project ID.\n", + "type": "string" + }, + "proxy": { + "$ref": "#/components/schemas/common.DefenderProxyOpt" + }, + "region": { + "description": "Region is the kubernetes cluster location region.\n", + "type": "string" + }, + "roleARN": { + "description": "RoleARN is the role's ARN to associate with the created service account - optional.\n", + "type": "string" + }, + "secretsname": { + "description": "SecretsName is the name of the secret to pull.\n", + "type": "string" + }, + "selinux": { + "description": "SelinuxEnforced indicates whether selinux is enforced on the target host.\n", + "type": "boolean" + }, + "serviceaccounts": { + "description": "MonitorServiceAccounts indicates whether to monitor service accounts.\n", + "type": "boolean" + }, + "talos": { + "description": "Talos indicates if the daemonset is to be deployed on a Talos Linux k8s cluster.\n", + "type": "boolean" + }, + "tolerations": { + "description": "Tolerations is a list of tolerations for the defender deamonset - optional.\n", + "items": { + "$ref": "#/components/schemas/common.Toleration" + }, + "type": "array" + }, + "uniqueHostname": { + "description": "UniqueHostname indicates whether to assign unique hostnames.\n", + "type": "boolean" + } + }, + "type": "object" + }, + "common.DefenderProxyOpt": { + "description": "DefenderProxyOpt holds options for defender proxy configuration\nIt embeds ProxySettings but override it's Password field with a simple string\nThis is needed in order to avoid Secret's MarshalJSON method, which depends on existence of master key file", + "properties": { + "ca": { + "description": "Proxy's CA for Defender to trust. Required when using TLS intercept proxies.\n", + "type": "string" + }, + "httpProxy": { + "description": "Proxy address.\n", + "type": "string" + }, + "noProxy": { + "description": "List of addresses for which the proxy should not be used.\n", + "type": "string" + }, + "password": { + "description": ".\n", + "type": "string" + }, + "user": { + "description": "Username to authenticate with the proxy.\n", + "type": "string" + } + }, + "type": "object" + }, + "common.Effect": { + "description": "Effect is the effect that is used in the CNNF rule", + "enum": [ + [ + "allow", + "alert", + "prevent", + "monitor", + "" + ] + ], + "type": "string" + }, + "common.ExternalLabel": { + "description": "ExternalLabel holds an external label with a source and timestamp", + "properties": { + "key": { + "description": "Label key.\n", + "type": "string" + }, + "sourceName": { + "description": "Source name (e.g., for a namespace, the source name can be 'twistlock').\n", + "type": "string" + }, + "sourceType": { + "$ref": "#/components/schemas/common.ExternalLabelSourceType" + }, + "timestamp": { + "description": "Time when the label was fetched.\n", + "format": "date-time", + "type": "string" + }, + "value": { + "description": "Value of the label.\n", + "type": "string" + } + }, + "type": "object" + }, + "common.ExternalLabelSourceType": { + "description": "ExternalLabelSourceType indicates the source of the labels", + "enum": [ + [ + "namespace", + "deployment", + "aws", + "azure", + "gcp", + "oci" + ] + ], + "type": "string" + }, + "common.HostForensicSettings": { + "description": "HostForensicSettings indicates how to perform host forensic", + "properties": { + "activitiesDisabled": { + "description": "ActivitiesDisabled indicates if the host activity collection is enabled/disabled.\n", + "type": "boolean" + }, + "dockerEnabled": { + "description": "DockerEnabled indicates whether docker commands are collected.\n", + "type": "boolean" + }, + "readonlyDockerEnabled": { + "description": "ReadonlyDockerEnabled indicates whether docker readonly commands are collected.\n", + "type": "boolean" + }, + "serviceActivitiesEnabled": { + "description": "ServiceActivitiesEnabled indicates whether activities from services are collected.\n", + "type": "boolean" + }, + "sshdEnabled": { + "description": "SshdEnabled indicates whether ssh commands are collected.\n", + "type": "boolean" + }, + "sudoEnabled": { + "description": "SudoEnabled indicates whether sudo commands are collected.\n", + "type": "boolean" + } + }, + "type": "object" + }, + "common.ImageType": { + "description": "ImageType is the type of a VM image.\nFor example, in the case of Azure this is one of marketplace/managed/gallery.", + "type": "string" + }, + "common.NetworkDeviceIP": { + "description": "NetworkDeviceIP represents a network device name and address pair", + "properties": { + "ip": { + "description": "Network device IPv4 address.\n", + "type": "string" + }, + "name": { + "description": "Network device name.\n", + "type": "string" + } + }, + "type": "object" + }, + "common.OSDistroInfo": { + "description": "OSDistroInfo represents information regarding the OS distribution", + "properties": { + "distro": { + "description": "Distro is the OS distro name (e.g. ubuntu).\n", + "type": "string" + }, + "distroRelease": { + "description": "DistroRelease is the OS distro release (e.g. willy).\n", + "type": "string" + }, + "fullName": { + "description": "FullName is the full name of the distro (e.g. Ubuntu 19.10).\n", + "type": "string" + }, + "underlyingDistro": { + "description": "UnderlyingDistro is used in cases OS an OS is built on top of another, and we need to know both.\n", + "type": "string" + }, + "underlyingDistroRelease": { + "description": "UnderlyingDistroRelease is used in cases OS an OS is built on top of another, and we need to know both.\n", + "type": "string" + }, + "version": { + "description": "Version is the OS release numeric version (e.g. 19.10).\n", + "type": "string" + } + }, + "type": "object" + }, + "common.PolicyBlockMsg": { + "description": "PolicyBlockMsg represent the block message in a Policy", + "type": "string" + }, + "common.PolicyEffect": { + "description": "PolicyEffect state the effect of evaluating the given policy", + "enum": [ + [ + "allow", + "deny", + "block", + "alert" + ] + ], + "type": "string" + }, + "common.PolicyType": { + "description": "PolicyType represents the type of the policy", + "enum": [ + [ + "containerVulnerability", + "containerCompliance", + "ciImagesVulnerability", + "ciImagesCompliance", + "hostVulnerability", + "hostCompliance", + "vmVulnerability", + "vmCompliance", + "serverlessCompliance", + "ciServerlessCompliance", + "serverlessVulnerability", + "ciServerlessVulnerability", + "containerRuntime", + "appEmbeddedRuntime", + "containerAppFirewall", + "hostAppFirewall", + "outOfBandAppFirewall", + "agentlessAppFirewall", + "serverObserverAppFirewall", + "appEmbeddedAppFirewall", + "serverlessAppFirewall", + "networkFirewall", + "secrets", + "hostRuntime", + "serverlessRuntime", + "kubernetesAudit", + "trust", + "admission", + "codeRepoCompliance", + "ciCodeRepoCompliance", + "ciCodeRepoVulnerability", + "codeRepoVulnerability" + ] + ], + "type": "string" + }, + "common.PortData": { + "description": "PortData is a port of connections with his metadata", + "properties": { + "effect": { + "$ref": "#/components/schemas/common.Effect" + }, + "port": { + "description": "Port is the port number.\n", + "type": "integer" + }, + "protocol": { + "description": "Protocol is the protocol used in the port.\n", + "type": "string" + } + }, + "type": "object" + }, + "common.PortRange": { + "description": "PortRange represents a port range", + "properties": { + "deny": { + "description": "Deny indicates whether the connection is denied.\n", + "type": "boolean" + }, + "end": { + "description": ".\n", + "type": "integer" + }, + "start": { + "description": ".\n", + "type": "integer" + } + }, + "type": "object" + }, + "common.ProfileHash": { + "description": "ProfileHash represents the profile hash\nIt is allowed to contain up to uint32 numbers, and represented by int64 since mongodb does not support unsigned data types", + "format": "int64", + "type": "integer" + }, + "common.ProfilePort": { + "description": "ProfilePort represents a networking profile port", + "properties": { + "port": { + "description": "Port is the port number.\n", + "type": "integer" + }, + "time": { + "description": "Time is the learning timestamp of this port.\n", + "format": "date-time", + "type": "string" + } + }, + "type": "object" + }, + "common.ProfilePortData": { + "description": "ProfilePortData represents a runtime profile ports data", + "properties": { + "all": { + "description": "All indicates that this port data represents any arbitrary ports.\n", + "type": "boolean" + }, + "ports": { + "description": "Ports is the list of profile runtime ports.\n", + "items": { + "$ref": "#/components/schemas/common.ProfilePort" + }, + "type": "array" + } + }, + "type": "object" + }, + "common.ProxySettings": { + "description": "ProxySettings are the http proxy settings", + "properties": { + "ca": { + "description": "Proxy's CA for Defender to trust. Required when using TLS intercept proxies.\n", + "type": "string" + }, + "httpProxy": { + "description": "Proxy address.\n", + "type": "string" + }, + "noProxy": { + "description": "List of addresses for which the proxy should not be used.\n", + "type": "string" + }, + "password": { + "$ref": "#/components/schemas/common.Secret" + }, + "user": { + "description": "Username to authenticate with the proxy.\n", + "type": "string" + } + }, + "type": "object" + }, + "common.RuntimeResource": { + "description": "RuntimeResource represents on which resource in the system a rule applies (e.g., specific host or image)\nEmpty resource or wildcard (*) represents all resources of a given type", + "properties": { + "accountIDs": { + "description": "List of account IDs.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "appIDs": { + "description": "List of application IDs.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "clusters": { + "description": "List of Kubernetes cluster names.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "containers": { + "description": "List of containers.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "functions": { + "description": "List of functions.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "hosts": { + "description": "List of hosts.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "images": { + "description": "List of images.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "labels": { + "description": "List of labels.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "namespaces": { + "description": "List of Kubernetes namespaces.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + "type": "object" + }, + "common.Secret": { + "description": "Secret Stores the plain and encrypted version of a value. The plain version is not stored in a database", + "properties": { + "encrypted": { + "description": "Specifies an encrypted value of the secret.\n", + "type": "string" + }, + "plain": { + "description": "Specifies the plain text value of the secret.\n", + "type": "string" + } + }, + "type": "object" + }, + "common.Toleration": { + "description": "Toleration holds options for pod toleration\nref: https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/\ncode ref: k8s.io/api/core/v1/types.go", + "properties": { + "effect": { + "description": "Effect indicates the taint effect to match. Empty means match all taint effects.\nWhen specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute.\n+optional.\n", + "type": "string" + }, + "key": { + "description": "Key is the taint key that the toleration applies to. Empty means match all taint keys.\nIf the key is empty, operator must be Exists; this combination means to match all values and all keys.\n+optional.\n", + "type": "string" + }, + "operator": { + "description": "Operator represents a key's relationship to the value.\nValid operators are Exists and Equal. Defaults to Equal.\nExists is equivalent to wildcard for value, so that a pod can\ntolerate all taints of a particular category.\n+optional.\n", + "type": "string" + }, + "tolerationSeconds": { + "description": "TolerationSeconds represents the period of time the toleration (which must be\nof effect NoExecute, otherwise this field is ignored) tolerates the taint. By default,\nit is not set, which means tolerate the taint forever (do not evict). Zero and\nnegative values will be treated as 0 (evict immediately) by the system.\n+optional.\n", + "format": "int64", + "type": "integer" + }, + "value": { + "description": "Value is the taint value the toleration matches to.\nIf the operator is Exists, the value should be empty, otherwise just a regular string.\n+optional.\n", + "type": "string" + } + }, + "type": "object" + }, + "cred.AzureMIType": { + "enum": [ + [ + "user-assigned", + "system-assigned" + ] + ], + "type": "string" + }, + "cred.AzureSPInfo": { + "description": "AzureSPInfo contains the Azure credentials needed for certificate based authentications", + "properties": { + "clientId": { + "description": "ClientID is the client identifier.\n", + "type": "string" + }, + "miType": { + "$ref": "#/components/schemas/cred.AzureMIType" + }, + "subscriptionId": { + "description": "SubscriptionID is a GUID that uniquely identifies the subscription to use Azure services.\n", + "type": "string" + }, + "tenantId": { + "description": "TenantID is the ID of the AAD directory in which the application was created.\n", + "type": "string" + } + }, + "type": "object" + }, + "cred.Credential": { + "description": "Credential specifies the authentication data of an external provider", + "properties": { + "_id": { + "description": "Specifies the unique ID for credential.\n", + "type": "string" + }, + "accountGUID": { + "description": "Specifies the unique ID for an IBM Cloud account.\n", + "type": "string" + }, + "accountID": { + "description": "Specifies the account identifier. Example: a username, access key, account GUID, and so on.\n", + "type": "string" + }, + "accountName": { + "description": "Specifies the name of the cloud account.\n", + "type": "string" + }, + "apiToken": { + "$ref": "#/components/schemas/common.Secret" + }, + "azureSPInfo": { + "$ref": "#/components/schemas/cred.AzureSPInfo" + }, + "caCert": { + "description": "Specifies the CA certificate for a certificate-based authentication.\n", + "type": "string" + }, + "cloudProviderAccountID": { + "description": "Specifies the cloud provider account ID.\n", + "type": "string" + }, + "created": { + "description": "Specifies the time when the credential was created (or, when the account ID was changed for AWS).\n", + "format": "date-time", + "type": "string" + }, + "description": { + "description": "Specifies the description for a credential.\n", + "type": "string" + }, + "external": { + "description": "Indicates whether the credential was onboarded from the Prisma platform.\n", + "type": "boolean" + }, + "global": { + "description": "Indicates whether the credential scope is global.\nAvailable values are:\ntrue: Global\nfalse: Not Global\nNote: For GCP, the credential scope is the organization.\n", + "type": "boolean" + }, + "lastModified": { + "description": "Specifies the time when the credential was last modified.\n", + "format": "date-time", + "type": "string" + }, + "ociCred": { + "$ref": "#/components/schemas/cred.OCICred" + }, + "owner": { + "description": "Specifies the user who created or modified the credential.\n", + "type": "string" + }, + "prismaLastModified": { + "description": "Specifies the time when the account was last modified by Prisma Cloud Compute.\n", + "format": "int64", + "type": "integer" + }, + "roleArn": { + "description": "Specifies the Amazon Resource Name (ARN) of the role to be assumed.\n", + "type": "string" + }, + "secret": { + "$ref": "#/components/schemas/common.Secret" + }, + "skipVerify": { + "description": "Indicates whether to skip the certificate verification in TLS communication.\n", + "type": "boolean" + }, + "stsEndpoints": { + "description": "Specifies a list of specific endpoints for use in STS sessions in various regions.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "tokens": { + "$ref": "#/components/schemas/cred.TemporaryToken" + }, + "type": { + "$ref": "#/components/schemas/cred.Type" + }, + "url": { + "description": "Specifies the base server URL.\n", + "type": "string" + }, + "useAWSRole": { + "description": "Indicates whether to authenticate using the IAM Role attached to the instance.\nAvailable values are:\ntrue: Authenticate with the attached credentials\nfalse: Don\u2019t authenticate with the attached credentials.\n", + "type": "boolean" + }, + "useSTSRegionalEndpoint": { + "description": "Indicates whether to use the regional STS endpoint for an STS session.\nAvailable values are:\ntrue: Use the regional STS\nfalse: Don\u2019t use the regional STS.\n", + "type": "boolean" + } + }, + "type": "object" + }, + "cred.OCICred": { + "description": "OCICred are additional parameters required for OCI credentials", + "properties": { + "fingerprint": { + "description": "Fingerprint is the public key signature.\n", + "type": "string" + }, + "tenancyId": { + "description": "TenancyID is the OCID of the tenancy.\n", + "type": "string" + } + }, + "type": "object" + }, + "cred.TemporaryToken": { + "description": "TemporaryToken is a temporary session token for cloud provider APIs\nAWS - https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp.html\nGCP - https://cloud.google.com/iam/docs/creating-short-lived-service-account-credentials\nAzure - https://docs.microsoft.com/en-us/azure/active-directory/manage-apps/what-is-single-sign-on", + "properties": { + "awsAccessKeyId": { + "description": "Specifies a temporary access key.\n", + "type": "string" + }, + "awsSecretAccessKey": { + "$ref": "#/components/schemas/common.Secret" + }, + "duration": { + "description": "Specifies a duration for the token.\n", + "format": "int64", + "type": "integer" + }, + "expirationTime": { + "description": "Specifies an expiration time for the token.\n", + "format": "date-time", + "type": "string" + }, + "token": { + "$ref": "#/components/schemas/common.Secret" + } + }, + "type": "object" + }, + "cred.Type": { + "description": "Type specifies the credential type", + "enum": [ + [ + "aws", + "azure", + "gcp", + "ibmCloud", + "oci", + "apiToken", + "basic", + "dtr", + "kubeconfig", + "certificate", + "gitlabToken" + ] + ], + "type": "string" + }, + "cred.UsageType": { + "description": "UsageType represents the credential usage type", + "enum": [ + [ + "Alert settings", + "Alert profile", + "Registry Scan", + "Serverless Scan", + "Cloud Scan", + "Secret Store", + "Serverless Auto-Deploy", + "Host Auto-deploy", + "VM Scan", + "Agentless Scan Hub", + "Custom Intelligence Endpoint", + "VMware Tanzu blobstore Scan", + "Kubernetes Audit settings", + "Agentless app firewall" + ] + ], + "type": "string" + }, + "customrules.Action": { + "description": "Action is the action to perform if the custom rule applies", + "enum": [ + [ + "audit", + "incident" + ] + ], + "type": "string" + }, + "customrules.Effect": { + "description": "Effect is the effect that will be used for custom rule", + "enum": [ + [ + "block", + "prevent", + "alert", + "allow", + "ban", + "disable" + ] + ], + "type": "string" + }, + "customrules.Ref": { + "description": "Ref represents a custom rule that is referenced by a policy rule", + "properties": { + "_id": { + "description": "Custom rule ID.\n", + "type": "integer" + }, + "action": { + "$ref": "#/components/schemas/customrules.Action" + }, + "effect": { + "$ref": "#/components/schemas/customrules.Effect" + } + }, + "type": "object" + }, + "customrules.Rule": { + "description": "Rule represents a custom rule", + "properties": { + "_id": { + "description": "Rule ID. Must be unique.\n", + "type": "integer" + }, + "attackTechniques": { + "description": "List of attack techniques.\n", + "items": { + "$ref": "#/components/schemas/mitre.Technique" + }, + "type": "array" + }, + "description": { + "description": "Description of the rule.\n", + "type": "string" + }, + "message": { + "description": "Macro that is printed as part of the audit/incident message.\n", + "type": "string" + }, + "minVersion": { + "description": "Minimum version required to support the rule.\n", + "type": "string" + }, + "modified": { + "description": "Datetime when the rule was created or last modified.\n", + "format": "int64", + "type": "integer" + }, + "name": { + "description": "Name of the rule.\n", + "type": "string" + }, + "owner": { + "description": "User who created or modified the rule.\n", + "type": "string" + }, + "script": { + "description": "Custom script.\n", + "type": "string" + }, + "type": { + "$ref": "#/components/schemas/customrules.Type" + }, + "vulnIDs": { + "$ref": "#/components/schemas/customrules.VulnIDs" + } + }, + "type": "object" + }, + "customrules.Type": { + "description": "Type is the type of the custom rule", + "enum": [ + [ + "processes", + "filesystem", + "network-outgoing", + "kubernetes-audit", + "waas-request", + "waas-response" + ] + ], + "type": "string" + }, + "customrules.VulnIDs": { + "description": "VulnIDs is the list of vulnerability IDs", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "defender.Category": { + "description": "Category represents the defender target category", + "enum": [ + [ + "container", + "host", + "serverless", + "appEmbedded", + "hostAgentless", + "containerAgentless", + "cloudSecurityAgent" + ] + ], + "type": "string" + }, + "defender.Defender": { + "description": "Defender is an update about an agent starting", + "properties": { + "category": { + "$ref": "#/components/schemas/defender.Category" + }, + "certificateExpiration": { + "description": "Client certificate expiration time.\n", + "format": "date-time", + "type": "string" + }, + "cloudMetadata": { + "$ref": "#/components/schemas/common.CloudMetadata" + }, + "cluster": { + "description": "Cluster name (fallback is internal IP).\n", + "type": "string" + }, + "clusterID": { + "description": "Unique ID generated for each DaemonSet. Used to group Defenders by clusters. Note: Kubernetes does not provide a cluster name as part of its API.\n", + "type": "string" + }, + "clusterType": { + "$ref": "#/components/schemas/common.ClusterType" + }, + "collections": { + "description": "Collections to which this Defender belongs.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "compatibleVersion": { + "description": "Indicates if Defender has a compatible version for communication (e.g., request logs) (true) or not (false).\n", + "type": "boolean" + }, + "connected": { + "description": "Indicates whether Defender is connected (true) or not (false).\n", + "type": "boolean" + }, + "features": { + "$ref": "#/components/schemas/defender.Features" + }, + "firewallProtection": { + "$ref": "#/components/schemas/waas.ProtectionStatus" + }, + "fqdn": { + "description": "Full domain name of the host. Used in audit alerts to identify specific hosts.\n", + "type": "string" + }, + "hostname": { + "description": "Name of host where Defender is deployed.\n", + "type": "string" + }, + "isARM64": { + "description": "IsARM64 indicates whether the defender runs on aarch64 architecture.\n", + "type": "boolean" + }, + "lastModified": { + "description": "Datetime when the Defender's connectivity status last changed.\n", + "format": "date-time", + "type": "string" + }, + "port": { + "description": "Port that Defender uses to connect to Console.\n", + "type": "integer" + }, + "proxy": { + "$ref": "#/components/schemas/common.ProxySettings" + }, + "remoteLoggingSupported": { + "description": "Indicates if Defender logs can be retrieved remotely (true) or not (false).\n", + "type": "boolean" + }, + "remoteMgmtSupported": { + "description": "Indicates if Defender can be remotely managed (upgraded, restarted) (true) or not (false).\n", + "type": "boolean" + }, + "status": { + "$ref": "#/components/schemas/defender.Status" + }, + "systemInfo": { + "$ref": "#/components/schemas/defender.SystemInfo" + }, + "tasBlobstoreScanner": { + "description": "Indicates TAS blobstore scanning only Defender.\n", + "type": "boolean" + }, + "tasClusterID": { + "description": "TAS cluster ID where Defender runs. This is typically set to the Cloud controller's API address.\n", + "type": "string" + }, + "tasFoundation": { + "description": "TASFoundation is the foundation the Defender is running on.\n", + "type": "string" + }, + "type": { + "$ref": "#/components/schemas/defender.Type" + }, + "usingOldCA": { + "description": "UsingOldCA indicates whether the defender client is using an old certificate signed by an old CA for TLS handshake.\n", + "type": "boolean" + }, + "version": { + "description": "Defender version.\n", + "type": "string" + }, + "vpcObserver": { + "description": "VPCObserver indicates whether the defender runs in a VPC observer.\n", + "type": "boolean" + } + }, + "type": "object" + }, + "defender.FeatureStatus": { + "description": "FeatureStatus holds data about defender features", + "properties": { + "enabled": { + "description": "Indicates if the feature is enabled (true) or not (false).\n", + "type": "boolean" + }, + "err": { + "description": "Error string, if an error occurred.\n", + "type": "string" + }, + "hostname": { + "description": "Name of host where Defender runs.\n", + "type": "string" + } + }, + "type": "object" + }, + "defender.Features": { + "description": "Features is the defender features that can be updated", + "properties": { + "clusterMonitoring": { + "description": "Indicates whether any of the cluster monitoring features are enabled (monitor service accounts, monitor Istio, collect Kubernetes pod labels).\n", + "type": "boolean" + }, + "proxyListenerType": { + "$ref": "#/components/schemas/defender.ProxyListenerType" + } + }, + "type": "object" + }, + "defender.ProxyListenerType": { + "description": "ProxyListenerType is the proxy listener type of defenders", + "type": "string" + }, + "defender.ScanStatus": { + "description": "ScanStatus represents the status of current scan", + "properties": { + "completed": { + "description": "Indicates if scanning has successfully completed (true) or not (false).\n", + "type": "boolean" + }, + "errors": { + "description": "List of errors that occurred during the last scan.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "hostname": { + "description": "Name of the host where Defender runs.\n", + "type": "string" + }, + "scanTime": { + "description": "Datetime of the last completed scan.\n", + "format": "date-time", + "type": "string" + }, + "scanning": { + "description": "Indicates whether scanning is in progress (true) or not (false).\n", + "type": "boolean" + }, + "selective": { + "description": "Indicates if the scan is for a specific resource (true) or not (false).\n", + "type": "boolean" + } + }, + "type": "object" + }, + "defender.Settings": { + "description": "Settings is the Defender settings", + "properties": { + "admissionControlEnabled": { + "description": "Indicates if the admission controller is enabled (true) or not (false).\n", + "type": "boolean" + }, + "admissionControlWebhookSuffix": { + "description": "Relative path to the admission control webhook HTTP endpoint.\n", + "type": "string" + }, + "appEmbeddedFileSystemTracingEnabled": { + "description": "AppEmbeddedFileSystemTracingEnabled is the default deployment state for app embedded Defenders file system tracing.\n", + "type": "boolean" + }, + "automaticUpgrade": { + "description": "Deprecated: indicates if defenders should be automatically upgraded to the latest version.\n", + "type": "boolean" + }, + "disconnectPeriodDays": { + "description": "Number of consecutive days a Defender must remain disconnected for it to be considered decommissioned.\n", + "type": "integer" + }, + "hostCustomComplianceEnabled": { + "description": "Indicates if Defenders support host custom compliance checks (true) or not (false).\n", + "type": "boolean" + }, + "listeningPort": { + "description": "Port on which Defenders listen.\n", + "type": "integer" + } + }, + "type": "object" + }, + "defender.Status": { + "description": "Status is the generic status state per defender or global", + "properties": { + "appFirewall": { + "$ref": "#/components/schemas/defender.FeatureStatus" + }, + "container": { + "$ref": "#/components/schemas/defender.ScanStatus" + }, + "containerNetworkFirewall": { + "$ref": "#/components/schemas/defender.FeatureStatus" + }, + "features": { + "$ref": "#/components/schemas/defender.FeatureStatus" + }, + "filesystem": { + "$ref": "#/components/schemas/defender.FeatureStatus" + }, + "hostCustomCompliance": { + "$ref": "#/components/schemas/defender.FeatureStatus" + }, + "hostNetworkFirewall": { + "$ref": "#/components/schemas/defender.FeatureStatus" + }, + "image": { + "$ref": "#/components/schemas/defender.ScanStatus" + }, + "lastModified": { + "description": "Datetime the status was last modified.\n", + "format": "date-time", + "type": "string" + }, + "network": { + "$ref": "#/components/schemas/defender.FeatureStatus" + }, + "outOfBandAppFirewall": { + "$ref": "#/components/schemas/defender.FeatureStatus" + }, + "process": { + "$ref": "#/components/schemas/defender.FeatureStatus" + }, + "runc": { + "$ref": "#/components/schemas/defender.FeatureStatus" + }, + "runtime": { + "$ref": "#/components/schemas/defender.FeatureStatus" + }, + "tasDroplets": { + "$ref": "#/components/schemas/defender.ScanStatus" + }, + "upgrade": { + "$ref": "#/components/schemas/defender.UpgradeStatus" + } + }, + "type": "object" + }, + "defender.SystemInfo": { + "description": "SystemInfo is the OS information of the host", + "properties": { + "cpuCount": { + "description": "CPU count on the host where Defender runs.\n", + "type": "integer" + }, + "freeDiskSpaceGB": { + "description": "Free disk space (in GB) on the host where Defender runs.\n", + "type": "integer" + }, + "kernelVersion": { + "description": "Kernel version on the host where Defender runs.\n", + "type": "string" + }, + "memoryGB": { + "description": "Total memory (in GB) on the host where Defender runs.\n", + "format": "double", + "type": "number" + }, + "totalDiskSpaceGB": { + "description": "Total disk space (in GB) on the host where Defender runs.\n", + "type": "integer" + } + }, + "type": "object" + }, + "defender.Type": { + "description": "Type is the type to be given at startup", + "enum": [ + [ + "none", + "docker", + "dockerWindows", + "containerdWindows", + "swarm", + "daemonset", + "serverLinux", + "serverWindows", + "cri", + "fargate", + "appEmbedded", + "tas", + "tasWindows", + "serverless", + "ecs", + "podman" + ] + ], + "type": "string" + }, + "defender.UpgradeStatus": { + "description": "UpgradeStatus represents the status of current twistlock defender upgrade", + "properties": { + "err": { + "description": "Error string, if an error occurred.\n", + "type": "string" + }, + "hostname": { + "description": "Name of the host where Defender runs.\n", + "type": "string" + }, + "lastModified": { + "description": "Datetime of the last upgrade.\n", + "format": "date-time", + "type": "string" + }, + "progress": { + "description": "Upgrade progress.\n", + "type": "integer" + } + }, + "type": "object" + }, + "deployment.CommandError": { + "description": "CommandError is the command error on specific instance", + "properties": { + "error": { + "description": "Error is the error in case the command failed.\n", + "type": "string" + }, + "hostname": { + "description": "Hostname is the instance hostname.\n", + "type": "string" + }, + "instanceID": { + "description": "InstanceID is the instance id.\n", + "type": "string" + }, + "instanceName": { + "description": "InstanceName is the instance name.\n", + "type": "string" + }, + "projectID": { + "description": "ProjectID is instance GCP project id.\n", + "type": "string" + }, + "region": { + "description": "Region is the instance region for AWS or zone for GCP.\n", + "type": "string" + }, + "state": { + "description": "State is the error state in which the deployment failed (e.g. timed out/failed due to some other reason).\n", + "type": "string" + }, + "vmImage": { + "description": "VMImage is the instance image.\n", + "type": "string" + } + }, + "type": "object" + }, + "deployment.DaemonSet": { + "description": "DaemonSet holds information about deployed defender DaemonSet\nTODO #12377 - Implement Resource interface for collections filtering, after retrieving correct value to Cluster field", + "properties": { + "address": { + "description": "Address is the kubernetes cluster address.\n", + "type": "string" + }, + "cluster": { + "description": "Cluster is the kubernetes cluster name.\n", + "type": "string" + }, + "credentialID": { + "description": "CredentialID is the name of the credential used.\n", + "type": "string" + }, + "defendersVersion": { + "description": "DefendersVersion is the version of the defenders deployed.\n", + "type": "string" + }, + "desiredDefenders": { + "description": "DesiredDefenders is the number of desired defenders.\n", + "type": "integer" + }, + "error": { + "description": "Error indicates any related errors found.\n", + "type": "string" + }, + "hasDefender": { + "description": "HasDefender indicates if the cluster has at least one running defender.\n", + "type": "boolean" + }, + "projectID": { + "description": "ProjectID is the kubernetes cluster project ID.\n", + "type": "string" + }, + "region": { + "description": "Region is the kubernetes cluster location region.\n", + "type": "string" + }, + "runningDefenders": { + "description": "RunningDefenders is the number of defenders running.\n", + "type": "integer" + }, + "upgradable": { + "description": "Upgradable indicates if the cluster is upgradable.\n", + "type": "boolean" + } + }, + "type": "object" + }, + "float32": { + "format": "float", + "type": "number" + }, + "float64": { + "format": "double", + "type": "number" + }, + "forensic.ContainerEvent": { + "description": "ContainerEvent holds forensic event information (in flat structure)", + "properties": { + "allPorts": { + "description": "AllPorts indicates all listening ports are allowed.\n", + "type": "boolean" + }, + "attack": { + "$ref": "#/components/schemas/shared.RuntimeAttackType" + }, + "category": { + "$ref": "#/components/schemas/shared.IncidentCategory" + }, + "command": { + "description": "Command is the event command.\n", + "type": "string" + }, + "containerId": { + "description": "ContainerID is the event container id.\n", + "type": "string" + }, + "domainName": { + "description": "DomainName is the event queried domain name.\n", + "type": "string" + }, + "domainType": { + "description": "DomainType is the event queried domain type.\n", + "type": "string" + }, + "dstIP": { + "description": "DstIP is the destination IP of the connection.\n", + "type": "string" + }, + "dstPort": { + "description": "DstPort is the destination port.\n", + "type": "integer" + }, + "dstProfileID": { + "description": "DstProfileID is the profile ID of the connection destination.\n", + "type": "string" + }, + "effect": { + "description": "Effect is the runtime audit effect.\n", + "type": "string" + }, + "listeningStartTime": { + "description": "listeningStartTime is the port listening start time.\n", + "format": "date-time", + "type": "string" + }, + "message": { + "description": "Message is the runtime audit message.\n", + "type": "string" + }, + "networkCollectionType": { + "$ref": "#/components/schemas/forensic.NetworkCollection" + }, + "outbound": { + "description": "Outbound indicates if the port is outbound.\n", + "type": "boolean" + }, + "path": { + "description": "Path is the event path.\n", + "type": "string" + }, + "pid": { + "description": "Pid is the event process id.\n", + "type": "integer" + }, + "port": { + "description": "Port is the listening port.\n", + "type": "integer" + }, + "ppid": { + "description": "PPid is the event parent process id.\n", + "type": "integer" + }, + "process": { + "description": "Process is the event process.\n", + "type": "string" + }, + "srcIP": { + "description": "SrcIP is the source IP of the connection.\n", + "type": "string" + }, + "srcProfileID": { + "description": "SrcProfileID is the profile ID of the connection source.\n", + "type": "string" + }, + "static": { + "description": "Static indicates the event was added to the profile without behavioral indication.\n", + "type": "boolean" + }, + "timestamp": { + "description": "Timestamp is the event timestamp.\n", + "format": "date-time", + "type": "string" + }, + "type": { + "$ref": "#/components/schemas/forensic.ContainerEventType" + }, + "user": { + "description": "User is the event user.\n", + "type": "string" + } + }, + "type": "object" + }, + "forensic.ContainerEventType": { + "description": "ContainerEventType represents the kind of event", + "enum": [ + [ + "Process spawned", + "Binary created", + "Container started", + "Listening port", + "Connection established", + "Runtime audit", + "Runtime profile process", + "Runtime profile filesystem", + "Runtime profile networking", + "Incident", + "DNS query" + ] + ], + "type": "string" + }, + "forensic.HostEvent": { + "description": "HostEvent holds host forensic event information", + "properties": { + "app": { + "description": "App is the application associated with the event.\n", + "type": "string" + }, + "attack": { + "$ref": "#/components/schemas/shared.RuntimeAttackType" + }, + "category": { + "$ref": "#/components/schemas/shared.IncidentCategory" + }, + "command": { + "description": "Command is the event command.\n", + "type": "string" + }, + "country": { + "description": "Country is the country associated with the event.\n", + "type": "string" + }, + "domainName": { + "description": "DomainName is the event queried domain name.\n", + "type": "string" + }, + "domainType": { + "description": "DomainType is the event queried domain type.\n", + "type": "string" + }, + "effect": { + "description": "Effect is the runtime audit effect.\n", + "type": "string" + }, + "interactive": { + "description": "Interactive indicates if the event is interactive.\n", + "type": "boolean" + }, + "ip": { + "description": "IP is the IP address associated with the event.\n", + "type": "string" + }, + "listeningStartTime": { + "description": "ListeningStartTime is the listening port start time.\n", + "format": "date-time", + "type": "string" + }, + "message": { + "description": "Message is the runtime audit message.\n", + "type": "string" + }, + "path": { + "description": "Path is the event path.\n", + "type": "string" + }, + "pid": { + "description": "Pid is the event process id.\n", + "type": "integer" + }, + "port": { + "description": "Port is the listening port.\n", + "type": "integer" + }, + "ppath": { + "description": "Path is the event parent path.\n", + "type": "string" + }, + "ppid": { + "description": "PPid is the event parent process id.\n", + "type": "integer" + }, + "process": { + "description": "Process is the event process.\n", + "type": "string" + }, + "timestamp": { + "description": "Timestamp is the event timestamp.\n", + "format": "date-time", + "type": "string" + }, + "type": { + "$ref": "#/components/schemas/forensic.HostEventType" + }, + "user": { + "description": "User is the event user.\n", + "type": "string" + } + }, + "type": "object" + }, + "forensic.HostEventType": { + "description": "HostEventType represents the kind of host event", + "enum": [ + [ + "Process spawned", + "Listening port", + "Binary created", + "Runtime audit", + "SSH event", + "Incident", + "DNS query" + ] + ], + "type": "string" + }, + "forensic.NetworkCollection": { + "description": "NetworkCollection describe the different types of collection of network events", + "type": "string" + }, + "identity.LdapSettings": { + "description": "LdapSettings are the ldap connectivity settings", + "properties": { + "accountPassword": { + "$ref": "#/components/schemas/common.Secret" + }, + "accountUpn": { + "description": "AccountUpn is the user principle name used to connect to the active directory server.\n", + "type": "string" + }, + "caCert": { + "description": "CaCert is cert in PEM format (optional, if not specified, skip_verify flag will be used).\n", + "type": "string" + }, + "enabled": { + "description": "Enabled indicates whether LDAP is enabled.\n", + "type": "boolean" + }, + "groupSearchBase": { + "description": "GroupSearchBase is the LDAP search pattern for groups.\n", + "type": "string" + }, + "searchBase": { + "description": "SearchBase is the LDAP search pattern.\n", + "type": "string" + }, + "type": { + "description": "Type specifies the LDAP server type (AD or OpenLDAP).\n", + "type": "string" + }, + "url": { + "description": "URL is the ldap server url.\n", + "type": "string" + }, + "userSearchBase": { + "description": "UserSearchBase is the LDAP search pattern for users.\n", + "type": "string" + }, + "userSearchIdentifier": { + "description": "UserSearchIdentifier is the user identifier to use for querying open ldap (e.g., cn -> cn=user).\n", + "type": "string" + } + }, + "type": "object" + }, + "identity.ProviderName": { + "description": "ProviderName is the identity provider name", + "enum": [ + [ + "github", + "openshift" + ] + ], + "type": "string" + }, + "identity.ProviderSettings": { + "description": "ProviderSettings are the Oauth/ OpenID Connect connectivity settings", + "properties": { + "authURL": { + "description": "AuthURL specifies auth URL.\n", + "type": "string" + }, + "cert": { + "description": "Cert is idp certificate.\n", + "type": "string" + }, + "clientID": { + "description": "ClientID is the client identifier issued to the client during the registration process.\n", + "type": "string" + }, + "clientSecret": { + "$ref": "#/components/schemas/common.Secret" + }, + "enabled": { + "description": "Enabled indicates whether Auth settings are enabled.\n", + "type": "boolean" + }, + "groupClaim": { + "description": "GroupClaim is the name of the group claim property.\n", + "type": "string" + }, + "groupScope": { + "description": "GroupScope specifies name of group scope.\n", + "type": "string" + }, + "openIDIssuesURL": { + "description": "OpenIDIssuesURL is the base URL for OpenID connect providers.\n", + "type": "string" + }, + "openshiftBaseURL": { + "description": "OpenshiftBaseURL is openshift base URL.\n", + "type": "string" + }, + "providerAlias": { + "description": "ProviderAlias is the provider alias used for display.\n", + "type": "string" + }, + "providerName": { + "$ref": "#/components/schemas/identity.ProviderName" + }, + "tokenURL": { + "description": "TokenURL specifies token URL.\n", + "type": "string" + }, + "userClaim": { + "description": "UserClaim is the name of the user claim property.\n", + "type": "string" + } + }, + "type": "object" + }, + "identity.RedirectURLResponse": { + "description": "RedirectURLResponse is the response for identity redirect endpoint", + "properties": { + "enabled": { + "description": "Enabled identify if auth provider is enabled.\n", + "type": "boolean" + }, + "url": { + "description": "URL is the redirect URL.\n", + "type": "string" + } + }, + "type": "object" + }, + "identity.SamlSettings": { + "description": "SamlSettings are the saml connectivity settings", + "properties": { + "appId": { + "description": "AppID is the Azure application ID.\n", + "type": "string" + }, + "appSecret": { + "$ref": "#/components/schemas/common.Secret" + }, + "audience": { + "description": "Audience specifies the SAML audience used in the verification of the SAML response.\n", + "type": "string" + }, + "cert": { + "description": "Cert is idp certificate in PEM format.\n", + "type": "string" + }, + "consoleURL": { + "description": "ConsoleURL is the external Console URL that is used by the IDP for routing the browser after login.\n", + "type": "string" + }, + "enabled": { + "description": "Enabled indicates whether saml settings are enabled.\n", + "type": "boolean" + }, + "groupAttribute": { + "description": "GroupAttribute is the name of the group attribute.\n", + "type": "string" + }, + "issuer": { + "description": "Issuer is idp issuer id.\n", + "type": "string" + }, + "providerAlias": { + "description": "ProviderAlias is the provider alias used for display.\n", + "type": "string" + }, + "skipAuthnContext": { + "description": "SkipAuthnContext indicates whether request authentication contexts should be skipped.\n", + "type": "boolean" + }, + "tenantId": { + "description": "TenantID is the Azure Tenant ID.\n", + "type": "string" + }, + "type": { + "$ref": "#/components/schemas/identity.SamlType" + }, + "url": { + "description": "URL is idp sso url.\n", + "type": "string" + } + }, + "type": "object" + }, + "identity.SamlType": { + "description": "SamlType represents the type of a SAML configured settings", + "enum": [ + [ + "okta", + "gsuite", + "ping", + "shibboleth", + "azure", + "adfs" + ] + ], + "type": "string" + }, + "identity.Settings": { + "description": "Settings hold the identity settings for supported providers", + "properties": { + "ldap": { + "$ref": "#/components/schemas/identity.LdapSettings" + }, + "oauth": { + "$ref": "#/components/schemas/identity.ProviderSettings" + }, + "openid": { + "$ref": "#/components/schemas/identity.ProviderSettings" + }, + "saml": { + "$ref": "#/components/schemas/identity.SamlSettings" + } + }, + "type": "object" + }, + "int": { + "type": "integer" + }, + "int16": { + "type": "integer" + }, + "int64": { + "format": "int64", + "type": "integer" + }, + "intelligence.IntelligenceSettings": { + "description": "IntelligenceSettings are the intelligence service settings", + "properties": { + "address": { + "description": "Address is the intelligence service address.\n", + "type": "string" + }, + "customEndpoint": { + "description": "CustomEndpoint is the user defined custom endpoint.\n", + "type": "string" + }, + "customEndpointCACert": { + "description": "CustomEndpointCACert is the custom CA cert bundle for trusting the custom endpoint.\n", + "type": "string" + }, + "customEndpointCredentialID": { + "description": "CustomEndpointCredentialID is the custom endpoint credential ID.\n", + "type": "string" + }, + "customEndpointEnabled": { + "description": "CustomEndpointEnabled indicates that the user custom endpoint is enabled.\n", + "type": "boolean" + }, + "enabled": { + "description": "Enabled indicates whether intelligence service is enabled.\n", + "type": "boolean" + }, + "token": { + "description": "Token is the token used to access intelligence service.\n", + "type": "string" + }, + "uploadDisabled": { + "description": "UploadDisabled indicates whether logs uploading is disabled.\n", + "type": "boolean" + }, + "windowsFeedEnabled": { + "description": "WindowsFeedEnabled indicates whether windows feed is enabled.\n", + "type": "boolean" + } + }, + "type": "object" + }, + "istio.AuthorizationPolicy": { + "description": "AuthorizationPolicy is a compact version of Istio AuthorizationPolicy resource\nSee https://istio.io/docs/reference/config/security/authorization-policy/#AuthorizationPolicy", + "properties": { + "effect": { + "$ref": "#/components/schemas/common.Effect" + }, + "name": { + "description": "Name is the authorization policy name.\n", + "type": "string" + }, + "namespace": { + "description": "Namespace is the namespace of the authorization policy.\n", + "type": "string" + }, + "rules": { + "description": "Rules are the access rules this authorization policy defines.\n", + "items": { + "$ref": "#/components/schemas/istio.AuthorizationPolicyRule" + }, + "type": "array" + }, + "targetServices": { + "description": "TargetServices is the list of services the authorization policy applies on.\n", + "items": { + "$ref": "#/components/schemas/istio.AuthorizationPolicyService" + }, + "type": "array" + } + }, + "type": "object" + }, + "istio.AuthorizationPolicyDestination": { + "description": "AuthorizationPolicyDestination is a compact version of Istio Operation resource\nSee https://istio.io/docs/reference/config/security/authorization-policy/#Operation", + "properties": { + "methods": { + "description": "Methods are the destination endpoint HTTP methods, such as: \"GET\", \"POST\".\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "paths": { + "description": "Paths are the destination HTTP paths.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "ports": { + "description": "Ports are the destination endpoint ports.\n", + "items": { + "$ref": "#/components/schemas/int" + }, + "type": "array" + } + }, + "type": "object" + }, + "istio.AuthorizationPolicyRule": { + "description": "AuthorizationPolicyRule is a compact version of Istio Rule resource\nSee https://istio.io/docs/reference/config/security/authorization-policy/#Rule", + "properties": { + "destinations": { + "description": "Destinations are the endpoint definitions the rule grants access to.\n", + "items": { + "$ref": "#/components/schemas/istio.AuthorizationPolicyDestination" + }, + "type": "array" + }, + "sources": { + "description": "Sources are the metadatas of the services the rule grants access to.\n", + "items": { + "$ref": "#/components/schemas/istio.AuthorizationPolicySource" + }, + "type": "array" + } + }, + "type": "object" + }, + "istio.AuthorizationPolicyService": { + "description": "AuthorizationPolicyService represents a service an authorization policy applies on\nSee https://istio.io/docs/reference/config/security/authorization-policy/#Source", + "properties": { + "name": { + "description": "Name is the service name.\n", + "type": "string" + }, + "namespace": { + "description": "Namespace is the service namespace.\n", + "type": "string" + } + }, + "type": "object" + }, + "istio.AuthorizationPolicySource": { + "description": "AuthorizationPolicySource is a compact version of Istio Source resource\nSee https://istio.io/docs/reference/config/security/authorization-policy/#Source", + "properties": { + "namespaces": { + "description": "Namespaces are the source services namespaces.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "principals": { + "description": "Principals are the source services principals.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + "type": "object" + }, + "kubeaudit.Audit": { + "description": "Audit represents a Kubernetes audit - this is the data that is stored for matched audits", + "properties": { + "accountID": { + "description": "AccountID is the account ID the Kubernetes audit belongs to.\n", + "type": "string" + }, + "attackTechniques": { + "description": "AttackTechniques are the MITRE attack techniques.\n", + "items": { + "$ref": "#/components/schemas/mitre.Technique" + }, + "type": "array" + }, + "authorizationInfo": { + "additionalProperties": { + "$ref": "#/components/schemas/string" + }, + "description": "AuthorizationInfo holds the original event authorization info.\n", + "type": "object" + }, + "cluster": { + "description": "Cluster is the cluster the Kubernetes audit belongs to.\n", + "type": "string" + }, + "collections": { + "description": "Collections that apply to the Kubernetes audit.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "eventBlob": { + "description": "EventBlob is the original event that caused this audit.\n", + "type": "string" + }, + "message": { + "description": "Message is the user defined message which appears on audit.\n", + "type": "string" + }, + "provider": { + "$ref": "#/components/schemas/common.CloudProvider" + }, + "requestURI": { + "description": "RequestURI is the request URI as sent by the client to a server.\n", + "type": "string" + }, + "resources": { + "description": "Resource represents the resource that is impacted by this event.\n", + "type": "string" + }, + "sourceIPs": { + "description": "Source IPs, from where the request originated and intermediate proxies (optional).\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "time": { + "description": "Time is the time at which the request was generated.\n", + "format": "date-time", + "type": "string" + }, + "user": { + "$ref": "#/components/schemas/kubeaudit.EventUserInfo" + }, + "verb": { + "description": "Verb is the kubernetes verb associated with the request.\n", + "type": "string" + } + }, + "type": "object" + }, + "kubeaudit.AuditSettings": { + "description": "AuditSettings represents the kubernetes audits settings", + "properties": { + "lastPollingTime": { + "description": "LastPollingTime holds the last time the logs were polled.\n", + "format": "date-time", + "type": "string" + }, + "specifications": { + "description": "Specifications are the K8s audits fetching CSP specifications.\n", + "items": { + "$ref": "#/components/schemas/kubeaudit.AuditSpecification" + }, + "type": "array" + }, + "webhookUrlSuffix": { + "description": "WebhookSuffix is the relative path to the webhook http endpoint, used for auditing K8S events sent to the console from a cluster.\n", + "type": "string" + } + }, + "type": "object" + }, + "kubeaudit.AuditSpecification": { + "description": "AuditSpecification is the specification for fetching audits from a CSP", + "properties": { + "awsRegion": { + "description": "AWSRegion is the cloud region to fetch from.\n", + "type": "string" + }, + "azureResourceGroups": { + "description": "AzureResourceGroups holds the resource groups to filter by.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "azureWorkspaceName": { + "description": "AzureWorkspaceName holds the workspace name to fetch from.\n", + "type": "string" + }, + "clusters": { + "description": "Clusters are the clusters to fetch.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "credentialID": { + "description": "CredentialID is the credential to use for CSP authentication for this specification.\n", + "type": "string" + }, + "deploymentType": { + "$ref": "#/components/schemas/kubeaudit.DeploymentType" + }, + "filter": { + "description": "Filter is a provider specific query using the provider's query syntax for additional filtering.\n", + "type": "string" + }, + "gcpProjectIDs": { + "description": "GCPProjectIDs holds the IDs of projects to fetch from.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "name": { + "description": "Name is the specification unique identification as provided by the user.\n", + "type": "string" + } + }, + "type": "object" + }, + "kubeaudit.DeploymentType": { + "description": "DeploymentType specifies the type of Kubernetes deployment", + "enum": [ + [ + "gke", + "aks", + "eks" + ] + ], + "type": "string" + }, + "kubeaudit.EventUserInfo": { + "description": "EventUserInfo holds the information about the user that authenticated to Kubernentes", + "properties": { + "groups": { + "description": "The names of groups this user is a part of (optional).\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "uid": { + "description": "A unique value that identifies this user across time. If this user is\ndeleted and another user by the same name is added, they will have\ndifferent UIDs (optional).\n", + "type": "string" + }, + "username": { + "description": "The name that uniquely identifies this user among all active users (optional).\n", + "type": "string" + } + }, + "type": "object" + }, + "kubeaudit.Policy": { + "description": "Policy represents a Kubernetes audit policy enforced on Kubernetes audits", + "properties": { + "_id": { + "description": "ID is the Kubernetes audit policy ID.\n", + "type": "string" + }, + "customRulesIDs": { + "description": "CustomRulesIDs is a list of the custom runtime rules ids that apply to this policy.\n", + "items": { + "$ref": "#/components/schemas/int" + }, + "type": "array" + }, + "enabled": { + "description": "Enabled specifies if Kubernetes audits are enabled.\n", + "type": "boolean" + } + }, + "type": "object" + }, + "license.SPDXLicense": { + "description": "SPDXLicense represents a SPDX license ID", + "enum": [ + [ + "0BSD", + "AAL", + "ADSL", + "AFL-1.1", + "AFL-1.2", + "AFL-2.0", + "AFL-2.1", + "AFL-3.0", + "AGPL-1.0", + "AGPL-1.0-only", + "AGPL-1.0-or-later", + "AGPL-3.0", + "AGPL-3.0-only", + "AGPL-3.0-or-later", + "AMDPLPA", + "AML", + "AMPAS", + "ANTLR-PD", + "ANTLR-PD-fallback", + "APAFML", + "APL-1.0", + "APSL-1.0", + "APSL-1.1", + "APSL-1.2", + "APSL-2.0", + "Abstyles", + "Adobe-2006", + "Adobe-Glyph", + "Afmparse", + "Aladdin", + "Apache-1.0", + "Apache-1.1", + "Apache-2.0", + "Artistic-1.0", + "Artistic-1.0-Perl", + "Artistic-1.0-cl8", + "Artistic-2.0", + "BSD-1-Clause", + "BSD-2-Clause", + "BSD-2-Clause-FreeBSD", + "BSD-2-Clause-NetBSD", + "BSD-2-Clause-Patent", + "BSD-2-Clause-Views", + "BSD-3-Clause", + "BSD-3-Clause-Attribution", + "BSD-3-Clause-Clear", + "BSD-3-Clause-LBNL", + "BSD-3-Clause-No-Nuclear-License", + "BSD-3-Clause-No-Nuclear-License-2014", + "BSD-3-Clause-No-Nuclear-Warranty", + "BSD-3-Clause-Open-MPI", + "BSD-4-Clause", + "BSD-4-Clause-UC", + "BSD-Protection", + "BSD-Source-Code", + "BSL-1.0", + "BUSL-1.1", + "Bahyph", + "Barr", + "Beerware", + "BitTorrent-1.0", + "BitTorrent-1.1", + "BlueOak-1.0.0", + "Borceux", + "CAL-1.0", + "CAL-1.0-Combined-Work-Exception", + "CATOSL-1.1", + "CC-BY-1.0", + "CC-BY-2.0", + "CC-BY-2.5", + "CC-BY-3.0", + "CC-BY-3.0-AT", + "CC-BY-3.0-US", + "CC-BY-4.0", + "CC-BY-NC-1.0", + "CC-BY-NC-2.0", + "CC-BY-NC-2.5", + "CC-BY-NC-3.0", + "CC-BY-NC-4.0", + "CC-BY-NC-ND-1.0", + "CC-BY-NC-ND-2.0", + "CC-BY-NC-ND-2.5", + "CC-BY-NC-ND-3.0", + "CC-BY-NC-ND-3.0-IGO", + "CC-BY-NC-ND-4.0", + "CC-BY-NC-SA-1.0", + "CC-BY-NC-SA-2.0", + "CC-BY-NC-SA-2.5", + "CC-BY-NC-SA-3.0", + "CC-BY-NC-SA-4.0", + "CC-BY-ND-1.0", + "CC-BY-ND-2.0", + "CC-BY-ND-2.5", + "CC-BY-ND-3.0", + "CC-BY-ND-4.0", + "CC-BY-SA-1.0", + "CC-BY-SA-2.0", + "CC-BY-SA-2.0-UK", + "CC-BY-SA-2.5", + "CC-BY-SA-3.0", + "CC-BY-SA-3.0-AT", + "CC-BY-SA-4.0", + "CC-PDDC", + "CC0-1.0", + "CDDL-1.0", + "CDDL-1.1", + "CDLA-Permissive-1.0", + "CDLA-Sharing-1.0", + "CECILL-1.0", + "CECILL-1.1", + "CECILL-2.0", + "CECILL-2.1", + "CECILL-B", + "CECILL-C", + "CERN-OHL-1.1", + "CERN-OHL-1.2", + "CERN-OHL-P-2.0", + "CERN-OHL-S-2.0", + "CERN-OHL-W-2.0", + "CNRI-Jython", + "CNRI-Python", + "CNRI-Python-GPL-Compatible", + "CPAL-1.0", + "CPL-1.0", + "CPOL-1.02", + "CUA-OPL-1.0", + "Caldera", + "ClArtistic", + "Condor-1.1", + "Crossword", + "CrystalStacker", + "Cube", + "D-FSL-1.0", + "DOC", + "DSDP", + "Dotseqn", + "ECL-1.0", + "ECL-2.0", + "EFL-1.0", + "EFL-2.0", + "EPICS", + "EPL-1.0", + "EPL-2.0", + "EUDatagrid", + "EUPL-1.0", + "EUPL-1.1", + "EUPL-1.2", + "Entessa", + "ErlPL-1.1", + "Eurosym", + "FSFAP", + "FSFUL", + "FSFULLR", + "FTL", + "Fair", + "Frameworx-1.0", + "FreeImage", + "GFDL-1.1", + "GFDL-1.1-invariants-only", + "GFDL-1.1-invariants-or-later", + "GFDL-1.1-no-invariants-only", + "GFDL-1.1-no-invariants-or-later", + "GFDL-1.1-only", + "GFDL-1.1-or-later", + "GFDL-1.2", + "GFDL-1.2-invariants-only", + "GFDL-1.2-invariants-or-later", + "GFDL-1.2-no-invariants-only", + "GFDL-1.2-no-invariants-or-later", + "GFDL-1.2-only", + "GFDL-1.2-or-later", + "GFDL-1.3", + "GFDL-1.3-invariants-only", + "GFDL-1.3-invariants-or-later", + "GFDL-1.3-no-invariants-only", + "GFDL-1.3-no-invariants-or-later", + "GFDL-1.3-only", + "GFDL-1.3-or-later", + "GL2PS", + "GLWTPL", + "GPL-1.0", + "GPL-1.0+", + "GPL-1.0-only", + "GPL-1.0-or-later", + "GPL-2.0", + "GPL-2.0+", + "GPL-2.0-only", + "GPL-2.0-or-later", + "GPL-2.0-with-GCC-exception", + "GPL-2.0-with-autoconf-exception", + "GPL-2.0-with-bison-exception", + "GPL-2.0-with-classpath-exception", + "GPL-2.0-with-font-exception", + "GPL-3.0", + "GPL-3.0+", + "GPL-3.0-only", + "GPL-3.0-or-later", + "GPL-3.0-with-GCC-exception", + "GPL-3.0-with-autoconf-exception", + "Giftware", + "Glide", + "Glulxe", + "HPND", + "HPND-sell-variant", + "HTMLTIDY", + "HaskellReport", + "Hippocratic-2.1", + "IBM-pibs", + "ICU", + "IJG", + "IPA", + "IPL-1.0", + "ISC", + "ImageMagick", + "Imlib2", + "Info-ZIP", + "Intel", + "Intel-ACPI", + "Interbase-1.0", + "JPNIC", + "JSON", + "JasPer-2.0", + "LAL-1.2", + "LAL-1.3", + "LGPL-2.0", + "LGPL-2.0+", + "LGPL-2.0-only", + "LGPL-2.0-or-later", + "LGPL-2.1", + "LGPL-2.1+", + "LGPL-2.1-only", + "LGPL-2.1-or-later", + "LGPL-3.0", + "LGPL-3.0+", + "LGPL-3.0-only", + "LGPL-3.0-or-later", + "LGPLLR", + "LPL-1.0", + "LPL-1.02", + "LPPL-1.0", + "LPPL-1.1", + "LPPL-1.2", + "LPPL-1.3a", + "LPPL-1.3c", + "Latex2e", + "Leptonica", + "LiLiQ-P-1.1", + "LiLiQ-R-1.1", + "LiLiQ-Rplus-1.1", + "Libpng", + "Linux-OpenIB", + "MIT", + "MIT-0", + "MIT-CMU", + "MIT-advertising", + "MIT-enna", + "MIT-feh", + "MIT-open-group", + "MITNFA", + "MPL-1.0", + "MPL-1.1", + "MPL-2.0", + "MPL-2.0-no-copyleft-exception", + "MS-PL", + "MS-RL", + "MTLL", + "MakeIndex", + "MirOS", + "Motosoto", + "MulanPSL-1.0", + "MulanPSL-2.0", + "Multics", + "Mup", + "NASA-1.3", + "NBPL-1.0", + "NCGL-UK-2.0", + "NCSA", + "NGPL", + "NIST-PD", + "NIST-PD-fallback", + "NLOD-1.0", + "NLPL", + "NOSL", + "NPL-1.0", + "NPL-1.1", + "NPOSL-3.0", + "NRL", + "NTP", + "NTP-0", + "Naumen", + "Net-SNMP", + "NetCDF", + "Newsletr", + "Nokia", + "Noweb", + "Nunit", + "O-UDA-1.0", + "OCCT-PL", + "OCLC-2.0", + "ODC-By-1.0", + "ODbL-1.0", + "OFL-1.0", + "OFL-1.0-RFN", + "OFL-1.0-no-RFN", + "OFL-1.1", + "OFL-1.1-RFN", + "OFL-1.1-no-RFN", + "OGC-1.0", + "OGL-Canada-2.0", + "OGL-UK-1.0", + "OGL-UK-2.0", + "OGL-UK-3.0", + "OGTSL", + "OLDAP-1.1", + "OLDAP-1.2", + "OLDAP-1.3", + "OLDAP-1.4", + "OLDAP-2.0", + "OLDAP-2.0.1", + "OLDAP-2.1", + "OLDAP-2.2", + "OLDAP-2.2.1", + "OLDAP-2.2.2", + "OLDAP-2.3", + "OLDAP-2.4", + "OLDAP-2.5", + "OLDAP-2.6", + "OLDAP-2.7", + "OLDAP-2.8", + "OML", + "OPL-1.0", + "OSET-PL-2.1", + "OSL-1.0", + "OSL-1.1", + "OSL-2.0", + "OSL-2.1", + "OSL-3.0", + "OpenSSL", + "PDDL-1.0", + "PHP-3.0", + "PHP-3.01", + "PSF-2.0", + "Parity-6.0.0", + "Parity-7.0.0", + "Plexus", + "PolyForm-Noncommercial-1.0.0", + "PolyForm-Small-Business-1.0.0", + "PostgreSQL", + "Python-2.0", + "QPL-1.0", + "Qhull", + "RHeCos-1.1", + "RPL-1.1", + "RPL-1.5", + "RPSL-1.0", + "RSA-MD", + "RSCPL", + "Rdisc", + "Ruby", + "SAX-PD", + "SCEA", + "SGI-B-1.0", + "SGI-B-1.1", + "SGI-B-2.0", + "SHL-0.5", + "SHL-0.51", + "SISSL", + "SISSL-1.2", + "SMLNJ", + "SMPPL", + "SNIA", + "SPL-1.0", + "SSH-OpenSSH", + "SSH-short", + "SSPL-1.0", + "SWL", + "Saxpath", + "Sendmail", + "Sendmail-8.23", + "SimPL-2.0", + "Sleepycat", + "Spencer-86", + "Spencer-94", + "Spencer-99", + "StandardML-NJ", + "SugarCRM-1.1.3", + "TAPR-OHL-1.0", + "TCL", + "TCP-wrappers", + "TMate", + "TORQUE-1.1", + "TOSL", + "TU-Berlin-1.0", + "TU-Berlin-2.0", + "UCL-1.0", + "UPL-1.0", + "Unicode-DFS-2015", + "Unicode-DFS-2016", + "Unicode-TOU", + "Unlicense", + "VOSTROM", + "VSL-1.0", + "Vim", + "W3C", + "W3C-19980720", + "W3C-20150513", + "WTFPL", + "Watcom-1.0", + "Wsuipa", + "X11", + "XFree86-1.1", + "XSkat", + "Xerox", + "Xnet", + "YPL-1.0", + "YPL-1.1", + "ZPL-1.1", + "ZPL-2.0", + "ZPL-2.1", + "Zed", + "Zend-2.0", + "Zimbra-1.3", + "Zimbra-1.4", + "Zlib", + "blessing", + "bzip2-1.0.5", + "bzip2-1.0.6", + "copyleft-next-0.3.0", + "copyleft-next-0.3.1", + "curl", + "diffmark", + "dvipdfm", + "eCos-2.0", + "eGenix", + "etalab-2.0", + "gSOAP-1.3b", + "gnuplot", + "iMatix", + "libpng-2.0", + "libselinux-1.0", + "libtiff", + "mpich2", + "psfrag", + "psutils", + "wxWindows", + "xinetd", + "xpp", + "zlib-acknowledgement" + ] + ], + "type": "string" + }, + "log.LogEntry": { + "description": "LogEntry represents a single log line", + "properties": { + "level": { + "description": "Level is the log level.\n", + "type": "string" + }, + "log": { + "description": "Log is the log text.\n", + "type": "string" + }, + "time": { + "description": "Time is the log time.\n", + "format": "date-time", + "type": "string" + } + }, + "type": "object" + }, + "mitre.Technique": { + "description": "Technique is the MITRE framework attack technique", + "enum": [ + [ + "exploitationForPrivilegeEscalation", + "exploitPublicFacingApplication", + "applicationExploitRCE", + "networkServiceScanning", + "endpointDenialOfService", + "exfiltrationGeneral", + "systemNetworkConfigurationDiscovery", + "unsecuredCredentials", + "credentialDumping", + "systemInformationDiscovery", + "systemNetworkConnectionDiscovery", + "systemUserDiscovery", + "accountDiscovery", + "cloudInstanceMetadataAPI", + "accessKubeletMainAPI", + "queryKubeletReadonlyAPI", + "accessKubernetesAPIServer", + "softwareDeploymentTools", + "ingressToolTransfer", + "lateralToolTransfer", + "commandAndControlGeneral", + "resourceHijacking", + "manInTheMiddle", + "nativeBinaryExecution", + "foreignBinaryExecution", + "createAccount", + "accountManipulation", + "abuseElevationControlMechanisms", + "supplyChainCompromise", + "obfuscatedFiles", + "hijackExecutionFlow", + "impairDefences", + "scheduledTaskJob", + "exploitationOfRemoteServices", + "eventTriggeredExecution", + "accountAccessRemoval", + "privilegedContainer", + "writableVolumes", + "execIntoContainer", + "softwareDiscovery", + "createContainer", + "kubernetesSecrets", + "fileAndDirectoryDiscovery", + "masquerading", + "webShell", + "compileAfterDelivery" + ] + ], + "type": "string" + }, + "packages.Type": { + "description": "Type describes the package type", + "enum": [ + [ + "nodejs", + "gem", + "python", + "jar", + "package", + "windows", + "binary", + "nuget", + "go", + "app", + "unknown" + ] + ], + "type": "string" + }, + "prisma.AlertIntegration": { + "description": "AlertIntegration has the relevant fields for Prisma Cloud defined integrations\nhttps://prisma.pan.dev/api/cloud/cspm/integrations#operation/get-all-integrations", + "properties": { + "id": { + "description": "ID of the integration in Prisma Cloud.\n", + "type": "string" + }, + "integrationConfig": { + "$ref": "#/components/schemas/prisma.IntegrationConfig" + }, + "integrationType": { + "description": "IntegrationType is the provider type.\n", + "type": "string" + }, + "name": { + "description": "Name of the integration in Prisma Cloud.\n", + "type": "string" + } + }, + "type": "object" + }, + "prisma.AssetType": { + "description": "AssetType is the integral value that we need to pass to PC in the UAI and Unified Alerts integrations to identify the asset type\nMappings of the asset types agreed upon with PC can be found here - https://docs.google.com/spreadsheets/d/1M0Aj5U4vpFGEnpd0v_xK-CsxSH4lovE7p93hkzE4DTY\nAdditional asset types can be found here - https://redlock.atlassian.net/browse/RLP-57240\nThis value will be identical to resource api id in case of Unified Alerts", + "enum": [ + [ + "15", + "16", + "18", + "5109", + "39", + "45", + "65", + "5051", + "5070", + "7075", + "7077", + "10523", + "10524", + "10562", + "15000", + "20019", + "20028", + "20042", + "20051", + "20125", + "20126", + "20127", + "20155", + "25001", + "30012", + "30013", + "30014", + "30015", + "30016", + "30018", + "30020" + ] + ], + "type": "integer" + }, + "prisma.CloudType": { + "description": "CloudType is the prisma cloud type of the resource that is used for policy verdict creation\nCloud type values are documented here - https://docs.google.com/spreadsheets/d/1ZRlPl2IdEX22-7pSnqxeJGwwS0jyUbJJ16IkuPoiHMU", + "enum": [ + [ + "1", + "2", + "3", + "4", + "5", + "6" + ] + ], + "type": "integer" + }, + "prisma.IntegrationConfig": { + "description": "IntegrationConfig holds the additional configuration data for each integration", + "properties": { + "accountId": { + "description": "SecurityHubAccountID is the AWS account ID.\n", + "type": "string" + }, + "regions": { + "description": "SecurityHubIntegrationRegions holds AWS account available regions.\n", + "items": { + "$ref": "#/components/schemas/prisma.SecurityHubIntegrationRegions" + }, + "type": "array" + }, + "tables": { + "description": "ServiceNowIntegrationConfig holds ServiceNow tables info.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + "type": "object" + }, + "prisma.SecurityHubIntegrationRegions": { + "description": "SecurityHubIntegrationRegions holds AWS Security Hub regions info", + "properties": { + "apiIdentifier": { + "description": "APIIdentifier represents the AWS region.\n", + "type": "string" + }, + "name": { + "description": "Name is the region name.\n", + "type": "string" + } + }, + "type": "object" + }, + "prisma.ServiceProvider": { + "description": "ServiceProvider represents service provider id or \"other\" in case it is non cloud.", + "enum": [ + [ + "aws", + "azure", + "gcp", + "alibaba_cloud", + "oci", + "other" + ] + ], + "type": "string" + }, + "rbac.PermName": { + "description": "PermName is a name of permission to a single resource type", + "enum": [ + [ + "radarsContainers", + "radarsHosts", + "radarsServerless", + "radarsCloud", + "policyContainers", + "policyHosts", + "policyServerless", + "policyCloud", + "policyComplianceCustomRules", + "policyRuntimeContainer", + "policyRuntimeHosts", + "policyRuntimeServerless", + "policyCustomRules", + "policyWAAS", + "policyCNNF", + "policyAccessSecrets", + "policyAccessKubernetes", + "monitorVuln", + "monitorCompliance", + "monitorImages", + "monitorHosts", + "monitorServerless", + "monitorCloud", + "monitorCI", + "monitorRuntimeContainers", + "monitorRuntimeHosts", + "monitorRuntimeServerless", + "monitorRuntimeIncidents", + "sandbox", + "monitorWAAS", + "monitorCNNF", + "monitorAccessDocker", + "monitorAccessKubernetes", + "systemLogs", + "manageDefenders", + "manageAlerts", + "collections", + "manageCreds", + "authConfiguration", + "userManagement", + "systemOperations", + "privilegedOperations", + "downloads", + "accessUI", + "uIEventSubscriber", + "user", + "none" + ] + ], + "type": "string" + }, + "rbac.Permission": { + "description": "Permission is a named resource permission", + "properties": { + "name": { + "$ref": "#/components/schemas/rbac.PermName" + }, + "readWrite": { + "description": "ReadWrite indicates RW or RO permission.\n", + "type": "boolean" + } + }, + "type": "object" + }, + "rbac.Role": { + "description": "Role represents the role of a given user/group", + "properties": { + "description": { + "description": "Description is the role's description.\n", + "type": "string" + }, + "name": { + "description": "Name is the role name.\n", + "type": "string" + }, + "perms": { + "description": "Perms are the role resource permissions.\n", + "items": { + "$ref": "#/components/schemas/rbac.Permission" + }, + "type": "array" + }, + "system": { + "description": "System indicates predefined immutable system role.\n", + "type": "boolean" + } + }, + "type": "object" + }, + "runtime.AntiMalwareRule": { + "description": "AntiMalwareRule represents restrictions/suppression for suspected anti-malware", + "properties": { + "allowedProcesses": { + "description": "AllowedProcesses contains paths of files and processes for which we skip anti-malware checks.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "cryptoMiner": { + "$ref": "#/components/schemas/runtime.RuleEffect" + }, + "customFeed": { + "$ref": "#/components/schemas/runtime.RuleEffect" + }, + "deniedProcesses": { + "$ref": "#/components/schemas/runtime.DenyListRule" + }, + "detectCompilerGeneratedBinary": { + "description": "DetectCompilerGeneratedBinary represents what happens when a compiler service writes a binary.\n", + "type": "boolean" + }, + "encryptedBinaries": { + "$ref": "#/components/schemas/runtime.RuleEffect" + }, + "executionFlowHijack": { + "$ref": "#/components/schemas/runtime.RuleEffect" + }, + "intelligenceFeed": { + "$ref": "#/components/schemas/runtime.RuleEffect" + }, + "reverseShell": { + "$ref": "#/components/schemas/runtime.RuleEffect" + }, + "serviceUnknownOriginBinary": { + "$ref": "#/components/schemas/runtime.RuleEffect" + }, + "skipSSHTracking": { + "description": "SkipSSHTracking indicates whether host SSH tracking should be skipped.\n", + "type": "boolean" + }, + "suspiciousELFHeaders": { + "$ref": "#/components/schemas/runtime.RuleEffect" + }, + "tempFSProc": { + "$ref": "#/components/schemas/runtime.RuleEffect" + }, + "userUnknownOriginBinary": { + "$ref": "#/components/schemas/runtime.RuleEffect" + }, + "webShell": { + "$ref": "#/components/schemas/runtime.RuleEffect" + }, + "wildFireAnalysis": { + "$ref": "#/components/schemas/runtime.RuleEffect" + } + }, + "type": "object" + }, + "runtime.App": { + "description": "App represents the applications runtime data", + "properties": { + "listeningPorts": { + "description": "ListeningPorts represents the applications listening ports.\n", + "items": { + "$ref": "#/components/schemas/runtime.HostProfileListeningPort" + }, + "type": "array" + }, + "name": { + "description": "Name is the app name.\n", + "type": "string" + }, + "outgoingPorts": { + "description": "OutgoingPorts represents the applications outgoing ports.\n", + "items": { + "$ref": "#/components/schemas/runtime.HostProfileOutgoingPort" + }, + "type": "array" + }, + "processes": { + "description": "Processes is a list of the app's descendant processes.\n", + "items": { + "$ref": "#/components/schemas/runtime.ProfileProcess" + }, + "type": "array" + }, + "startupProcess": { + "$ref": "#/components/schemas/runtime.ProfileProcess" + } + }, + "type": "object" + }, + "runtime.AppEmbeddedPolicy": { + "description": "AppEmbeddedPolicy represents a runtime policy enforced for a given running resource", + "properties": { + "_id": { + "description": "Internal identifier.\n", + "type": "string" + }, + "rules": { + "description": "Rules in the policy.\n", + "items": { + "$ref": "#/components/schemas/runtime.AppEmbeddedPolicyRule" + }, + "type": "array" + } + }, + "type": "object" + }, + "runtime.AppEmbeddedPolicyRule": { + "description": "AppEmbeddedPolicyRule represents a single rule in the app embedded runtime policy", + "properties": { + "advancedProtection": { + "description": "Indicates whether advanced protection (e.g., custom or premium feeds for container, added whitelist rules for serverless) is enabled (true) or not (false).\n", + "type": "boolean" + }, + "collections": { + "description": "List of collections. Used to scope the rule.\n", + "items": { + "$ref": "#/components/schemas/collection.Collection" + }, + "type": "array" + }, + "customRules": { + "description": "List of custom runtime rules.\n", + "items": { + "$ref": "#/components/schemas/customrules.Ref" + }, + "type": "array" + }, + "disabled": { + "description": "Indicates whether the rule is currently disabled. Values: true (disabled) or false (enabled).\n", + "type": "boolean" + }, + "dns": { + "$ref": "#/components/schemas/runtime.DNSRule" + }, + "filesystem": { + "$ref": "#/components/schemas/runtime.FilesystemRule" + }, + "modified": { + "description": "Specifies the date and time when the rule was last modified.\n", + "format": "date-time", + "type": "string" + }, + "name": { + "description": "Name of the rule.\n", + "type": "string" + }, + "network": { + "$ref": "#/components/schemas/runtime.NetworkRule" + }, + "notes": { + "description": "Describes any noteworthy points for a rule. You can include any text.\n", + "type": "string" + }, + "owner": { + "description": "User who created or last modified the rule.\n", + "type": "string" + }, + "previousName": { + "description": "Previous name of the rule. Required for rule renaming.\n", + "type": "string" + }, + "processes": { + "$ref": "#/components/schemas/runtime.ProcessesRule" + }, + "wildFireAnalysis": { + "$ref": "#/components/schemas/runtime.RuleEffect" + } + }, + "type": "object" + }, + "runtime.AppListeningPorts": { + "description": "AppListeningPorts is an association of an app and list of listening ports", + "properties": { + "app": { + "description": "App is the name of the app.\n", + "type": "string" + }, + "portsData": { + "$ref": "#/components/schemas/common.ProfilePortData" + } + }, + "type": "object" + }, + "runtime.ContainerCapabilities": { + "description": "ContainerCapabilities are a set of static capabilities for a given container", + "properties": { + "ci": { + "description": "CI indicates the container allowed to write binaries to disk and run them.\n", + "type": "boolean" + }, + "cloudMetadata": { + "description": "CloudMetadata indicates the given container can query cloud metadata api.\n", + "type": "boolean" + }, + "dnsCache": { + "description": "DNSCache are DNS services that are used by all the pods in the cluster.\n", + "type": "boolean" + }, + "dynamicDNSQuery": { + "description": "DynamicDNSQuery indicates capped behavioral dns queries.\n", + "type": "boolean" + }, + "dynamicFileCreation": { + "description": "DynamicFileCreation indicates capped behavioral filesystem paths.\n", + "type": "boolean" + }, + "dynamicProcessCreation": { + "description": "DynamicProcessCreation indicates capped behavioral processes.\n", + "type": "boolean" + }, + "k8s": { + "description": "Kubernetes indicates the given container can perform k8s networking tasks (e.g., contact to api server).\n", + "type": "boolean" + }, + "proxy": { + "description": "Proxy indicates the container can listen on any port and perform multiple outbound connection.\n", + "type": "boolean" + }, + "pullImage": { + "description": "PullImage indicates that the container is allowed pull images (might include files with high entropy).\n", + "type": "boolean" + }, + "sshd": { + "description": "Sshd indicates whether the container can run sshd process.\n", + "type": "boolean" + }, + "unpacker": { + "description": "Unpacker indicates the container is allowed to write shared libraries to disk.\n", + "type": "boolean" + } + }, + "type": "object" + }, + "runtime.ContainerDNSRule": { + "description": "ContainerDNSRule is the DNS runtime rule for container", + "properties": { + "defaultEffect": { + "$ref": "#/components/schemas/runtime.RuleEffect" + }, + "disabled": { + "description": "Disabled a global disable for the DNS rule.\n", + "type": "boolean" + }, + "domainList": { + "$ref": "#/components/schemas/runtime.DNSListRule" + } + }, + "type": "object" + }, + "runtime.ContainerFilesystemRule": { + "description": "ContainerFilesystemRule represents restrictions/suppression for filesystem changes", + "properties": { + "allowedList": { + "description": "AllowedList is the list of allowed file system path.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "backdoorFilesEffect": { + "$ref": "#/components/schemas/runtime.RuleEffect" + }, + "defaultEffect": { + "$ref": "#/components/schemas/runtime.RuleEffect" + }, + "deniedList": { + "$ref": "#/components/schemas/runtime.DenyListRule" + }, + "disabled": { + "description": "Disabled a global disable for the filesystem rule.\n", + "type": "boolean" + }, + "encryptedBinariesEffect": { + "$ref": "#/components/schemas/runtime.RuleEffect" + }, + "newFilesEffect": { + "$ref": "#/components/schemas/runtime.RuleEffect" + }, + "suspiciousELFHeadersEffect": { + "$ref": "#/components/schemas/runtime.RuleEffect" + } + }, + "type": "object" + }, + "runtime.ContainerNetworkRule": { + "description": "ContainerNetworkRule represents the restrictions/suppression for networking", + "properties": { + "allowedIPs": { + "description": "AllowedIPs the allow-listed IP addresses.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "defaultEffect": { + "$ref": "#/components/schemas/runtime.RuleEffect" + }, + "deniedIPs": { + "description": "DeniedIPs the deny-listed IP addresses.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "deniedIPsEffect": { + "$ref": "#/components/schemas/runtime.RuleEffect" + }, + "disabled": { + "description": "Disabled a global disable for the network rule.\n", + "type": "boolean" + }, + "listeningPorts": { + "$ref": "#/components/schemas/runtime.PortListRule" + }, + "modifiedProcEffect": { + "$ref": "#/components/schemas/runtime.RuleEffect" + }, + "outboundPorts": { + "$ref": "#/components/schemas/runtime.PortListRule" + }, + "portScanEffect": { + "$ref": "#/components/schemas/runtime.RuleEffect" + }, + "rawSocketsEffect": { + "$ref": "#/components/schemas/runtime.RuleEffect" + } + }, + "type": "object" + }, + "runtime.ContainerPolicy": { + "description": "ContainerPolicy represents a runtime policy enforced for a given running resource", + "properties": { + "_id": { + "description": "Internal identifier.\n", + "type": "string" + }, + "learningDisabled": { + "description": "Indicates whether automatic behavioural learning is enabled (true) or not (false).\n", + "type": "boolean" + }, + "rules": { + "description": "Rules in the policy.\n", + "items": { + "$ref": "#/components/schemas/runtime.ContainerPolicyRule" + }, + "type": "array" + } + }, + "type": "object" + }, + "runtime.ContainerPolicyRule": { + "description": "ContainerPolicyRule represents a single rule in the runtime policy", + "properties": { + "advancedProtectionEffect": { + "$ref": "#/components/schemas/runtime.RuleEffect" + }, + "cloudMetadataEnforcementEffect": { + "$ref": "#/components/schemas/runtime.RuleEffect" + }, + "collections": { + "description": "List of collections. Used to scope the rule.\n", + "items": { + "$ref": "#/components/schemas/collection.Collection" + }, + "type": "array" + }, + "customRules": { + "description": "List of custom runtime rules.\n", + "items": { + "$ref": "#/components/schemas/customrules.Ref" + }, + "type": "array" + }, + "disabled": { + "description": "Indicates whether the rule is currently disabled. Values: true (disabled) or false (enabled).\n", + "type": "boolean" + }, + "dns": { + "$ref": "#/components/schemas/runtime.ContainerDNSRule" + }, + "filesystem": { + "$ref": "#/components/schemas/runtime.ContainerFilesystemRule" + }, + "kubernetesEnforcementEffect": { + "$ref": "#/components/schemas/runtime.RuleEffect" + }, + "modified": { + "description": "Specifies the date and time when the rule was last modified.\n", + "format": "date-time", + "type": "string" + }, + "name": { + "description": "Name of the rule.\n", + "type": "string" + }, + "network": { + "$ref": "#/components/schemas/runtime.ContainerNetworkRule" + }, + "notes": { + "description": "Describes any noteworthy points for a rule. You can include any text.\n", + "type": "string" + }, + "owner": { + "description": "User who created or last modified the rule.\n", + "type": "string" + }, + "previousName": { + "description": "Previous name of the rule. Required for rule renaming.\n", + "type": "string" + }, + "processes": { + "$ref": "#/components/schemas/runtime.ContainerProcessesRule" + }, + "skipExecSessions": { + "description": "Indicates whether to skip runtime validation for events triggered by docker/kubectl exec.\n", + "type": "boolean" + }, + "wildFireAnalysis": { + "$ref": "#/components/schemas/runtime.RuleEffect" + } + }, + "type": "object" + }, + "runtime.ContainerProcessesRule": { + "description": "ContainerProcessesRule represents restrictions/suppression for running processes", + "properties": { + "allowedList": { + "description": "AllowedList is the list of processes to allow.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "checkParentChild": { + "description": "Indicates whether checking for parent child relationship when comparing spawned processes in the model is enabled.\n", + "type": "boolean" + }, + "cryptoMinersEffect": { + "$ref": "#/components/schemas/runtime.RuleEffect" + }, + "defaultEffect": { + "$ref": "#/components/schemas/runtime.RuleEffect" + }, + "deniedList": { + "$ref": "#/components/schemas/runtime.DenyListRule" + }, + "disabled": { + "description": "Disabled a global disable for the processes rule.\n", + "type": "boolean" + }, + "lateralMovementEffect": { + "$ref": "#/components/schemas/runtime.RuleEffect" + }, + "modifiedProcessEffect": { + "$ref": "#/components/schemas/runtime.RuleEffect" + }, + "reverseShellEffect": { + "$ref": "#/components/schemas/runtime.RuleEffect" + }, + "suidBinariesEffect": { + "$ref": "#/components/schemas/runtime.RuleEffect" + } + }, + "type": "object" + }, + "runtime.ContainerProfileHost": { + "description": "ContainerProfileHost represents a host that runs a container with a specific profile ID", + "properties": { + "agentless": { + "description": "Agentless indicates if the host was scanned by agentless.\n", + "type": "boolean" + }, + "hostname": { + "description": "Hostname is the name of the host.\n", + "type": "string" + }, + "profileID": { + "description": "ProfileID is the profile ID that matches the container running in the host.\n", + "type": "string" + } + }, + "type": "object" + }, + "runtime.DNSListRule": { + "description": "DNSListRule represents an explicitly allowed/denied domains list rule", + "properties": { + "allowed": { + "description": "Allowed the allow-listed domain names.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "denied": { + "description": "Denied the deny-listed domain names.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "effect": { + "$ref": "#/components/schemas/runtime.RuleEffect" + } + }, + "type": "object" + }, + "runtime.DNSQuery": { + "description": "DNSQuery is the data of a DNS query", + "properties": { + "domainName": { + "description": "DomainName is the queried domain name.\n", + "type": "string" + }, + "domainType": { + "description": "DomainType is the queried domain type.\n", + "type": "string" + } + }, + "type": "object" + }, + "runtime.DNSRule": { + "description": "DNSRule is the DNS runtime rule", + "properties": { + "blacklist": { + "description": "List of deny-listed domain names (e.g., www.bad-url.com, *.bad-url.com).\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "effect": { + "$ref": "#/components/schemas/runtime.RuleEffect" + }, + "whitelist": { + "description": "List of allow-listed domain names (e.g., *.gmail.com, *.s3.*.amazon.com).\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + "type": "object" + }, + "runtime.DenyListRule": { + "description": "DenyListRule represents a rule containing paths of files and processes to alert/prevent and the required effect", + "properties": { + "effect": { + "$ref": "#/components/schemas/runtime.RuleEffect" + }, + "paths": { + "description": "Paths are the paths to alert/prevent when an event with one of the paths is triggered.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + "type": "object" + }, + "runtime.FSFileType": { + "description": "FSFileType represents the file type", + "type": "integer" + }, + "runtime.FileIntegrityRule": { + "description": "FileIntegrityRule represents a single file integrity monitoring rule", + "properties": { + "dir": { + "description": "Dir indicates that the path is a directory.\n", + "type": "boolean" + }, + "exclusions": { + "description": "Exclusions are filenames that should be ignored while generating audits\nThese filenames may contain a wildcard regex pattern, e.g. foo*.log, *.cache.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "metadata": { + "description": "Metadata indicates that metadata changes should be monitored (e.g. chmod, chown).\n", + "type": "boolean" + }, + "path": { + "description": "Path is the path to monitor.\n", + "type": "string" + }, + "procWhitelist": { + "description": "ProcWhitelist are the processes to ignore\nFilesystem events caused by these processes DO NOT generate file integrity events.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "read": { + "description": "Read indicates that reads operations should be monitored.\n", + "type": "boolean" + }, + "recursive": { + "description": "Recursive indicates that monitoring should be recursive.\n", + "type": "boolean" + }, + "write": { + "description": "Write indicates that write operations should be monitored.\n", + "type": "boolean" + } + }, + "type": "object" + }, + "runtime.FilesystemRule": { + "description": "FilesystemRule represents restrictions/suppression for filesystem changes", + "properties": { + "backdoorFiles": { + "description": "Monitors files that can create and/or persist backdoors (currently SSH and admin account config files) (true).\n", + "type": "boolean" + }, + "blacklist": { + "description": "List of denied file system path.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "checkNewFiles": { + "description": "Detects changes to binaries and certificates (true).\n", + "type": "boolean" + }, + "effect": { + "$ref": "#/components/schemas/runtime.RuleEffect" + }, + "skipEncryptedBinaries": { + "description": "Indicates that encrypted binaries check should be skipped.\n", + "type": "boolean" + }, + "suspiciousELFHeaders": { + "description": "Indicates whether malware detection based on suspicious ELF headers is enabled.\n", + "type": "boolean" + }, + "whitelist": { + "description": "List of allowed file system path.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + "type": "object" + }, + "runtime.GeoIP": { + "description": "GeoIP represents an ip address with it's origin country code", + "properties": { + "code": { + "description": "Code is the country iso code.\n", + "type": "string" + }, + "ip": { + "description": "IP is the ip address.\n", + "type": "string" + }, + "modified": { + "description": "Modified is the last modified time of this entry.\n", + "format": "date-time", + "type": "string" + } + }, + "type": "object" + }, + "runtime.HostDNSRule": { + "description": "HostDNSRule represents a host DNS runtime rule", + "properties": { + "allow": { + "description": "Allow is a list of user-defined domains to skip checks for.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "deny": { + "description": "Deny is a list of user-defined domains to deny.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "denyListEffect": { + "$ref": "#/components/schemas/runtime.RuleEffect" + }, + "intelligenceFeed": { + "$ref": "#/components/schemas/runtime.RuleEffect" + } + }, + "type": "object" + }, + "runtime.HostNetworkRule": { + "description": "HostNetworkRule represents the restrictions/suppression for host networking", + "properties": { + "allowedOutboundIPs": { + "description": "AllowedOutboundIPs is a list of IPs to skip checks for.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "customFeed": { + "$ref": "#/components/schemas/runtime.RuleEffect" + }, + "deniedListeningPorts": { + "description": "DeniedListeningPorts is a list of listening ports to deny.\n", + "items": { + "$ref": "#/components/schemas/common.PortRange" + }, + "type": "array" + }, + "deniedOutboundIPs": { + "description": "DeniedOutboundIPs is a list of outbound IPs to deny.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "deniedOutboundPorts": { + "description": "DeniedOutboundPorts is a list of outbound ports to deny.\n", + "items": { + "$ref": "#/components/schemas/common.PortRange" + }, + "type": "array" + }, + "denyListEffect": { + "$ref": "#/components/schemas/runtime.RuleEffect" + }, + "intelligenceFeed": { + "$ref": "#/components/schemas/runtime.RuleEffect" + } + }, + "type": "object" + }, + "runtime.HostPolicy": { + "description": "HostPolicy represents a host runtime policy enforced for a given running resource", + "properties": { + "_id": { + "description": "ID is the host runtime policy internal id.\n", + "type": "string" + }, + "owner": { + "description": "Owner is the host runtime policy owner.\n", + "type": "string" + }, + "rules": { + "description": "Rules is the list of host runtime rules.\n", + "items": { + "$ref": "#/components/schemas/runtime.HostPolicyRule" + }, + "type": "array" + } + }, + "type": "object" + }, + "runtime.HostPolicyRule": { + "description": "HostPolicyRule represents a single rule in the runtime policy", + "properties": { + "antiMalware": { + "$ref": "#/components/schemas/runtime.AntiMalwareRule" + }, + "collections": { + "description": "Collections is a list of collections the rule applies to.\n", + "items": { + "$ref": "#/components/schemas/collection.Collection" + }, + "type": "array" + }, + "customRules": { + "description": "CustomRules is a list of custom rules associated with the container runtime policy.\n", + "items": { + "$ref": "#/components/schemas/customrules.Ref" + }, + "type": "array" + }, + "disabled": { + "description": "Indicates whether the rule is currently disabled. Values: true (disabled) or false (enabled).\n", + "type": "boolean" + }, + "dns": { + "$ref": "#/components/schemas/runtime.HostDNSRule" + }, + "fileIntegrityRules": { + "description": "FileIntegrityRules are the file integrity monitoring rules.\n", + "items": { + "$ref": "#/components/schemas/runtime.FileIntegrityRule" + }, + "type": "array" + }, + "forensic": { + "$ref": "#/components/schemas/common.HostForensicSettings" + }, + "logInspectionRules": { + "description": "LogInspectionRules is a list of log inspection rules.\n", + "items": { + "$ref": "#/components/schemas/runtime.LogInspectionRule" + }, + "type": "array" + }, + "modified": { + "description": "Specifies the date and time when the rule was last modified.\n", + "format": "date-time", + "type": "string" + }, + "name": { + "description": "Name of the rule.\n", + "type": "string" + }, + "network": { + "$ref": "#/components/schemas/runtime.HostNetworkRule" + }, + "notes": { + "description": "Describes any noteworthy points for a rule. You can include any text.\n", + "type": "string" + }, + "owner": { + "description": "User who created or last modified the rule.\n", + "type": "string" + }, + "previousName": { + "description": "Previous name of the rule. Required for rule renaming.\n", + "type": "string" + } + }, + "type": "object" + }, + "runtime.HostProfile": { + "description": "HostProfile represents a host runtime profile", + "properties": { + "_id": { + "description": "ID is the profile ID (hostname).\n", + "type": "string" + }, + "accountID": { + "description": "AccountID is the cloud account ID associated with the profile.\n", + "type": "string" + }, + "apps": { + "description": "Apps are the host's apps metadata.\n", + "items": { + "$ref": "#/components/schemas/runtime.App" + }, + "type": "array" + }, + "collections": { + "description": "Collections is a list of collections to which this profile applies.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "created": { + "description": "Created is the profile creation time.\n", + "format": "date-time", + "type": "string" + }, + "geoip": { + "$ref": "#/components/schemas/runtime.ProfileNetworkGeoIP" + }, + "hash": { + "$ref": "#/components/schemas/common.ProfileHash" + }, + "labels": { + "description": "Labels are the labels associated with the profile.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "sshEvents": { + "description": "SSHEvents represents a list SSH events occurred on the host.\n", + "items": { + "$ref": "#/components/schemas/runtime.SSHEvent" + }, + "type": "array" + }, + "time": { + "description": "Time is the last time when this profile was modified.\n", + "format": "date-time", + "type": "string" + } + }, + "type": "object" + }, + "runtime.HostProfileListeningPort": { + "description": "HostProfileListeningPort holds a metadata on listening port stored in host runtime profile", + "properties": { + "command": { + "description": "Command represents the command that triggered the connection.\n", + "type": "string" + }, + "modified": { + "description": "Modified is a timestamp of when the event occurred.\n", + "format": "date-time", + "type": "string" + }, + "port": { + "description": "Port is the port number.\n", + "type": "integer" + }, + "processPath": { + "description": "ProcessPath represents the path to the process that uses the port.\n", + "type": "string" + } + }, + "type": "object" + }, + "runtime.HostProfileOutgoingPort": { + "description": "HostProfileOutgoingPort holds a metadata on outgoing port stored in host runtime profile", + "properties": { + "command": { + "description": "Command represents the command that triggered the connection.\n", + "type": "string" + }, + "country": { + "description": "Country is the country ISO code for the given IP address.\n", + "type": "string" + }, + "ip": { + "description": "IP is the IP address captured over this port.\n", + "type": "string" + }, + "modified": { + "description": "Modified is a timestamp of when the event occurred.\n", + "format": "date-time", + "type": "string" + }, + "port": { + "description": "Port is the port number.\n", + "type": "integer" + }, + "processPath": { + "description": "ProcessPath represents the path to the process that uses the port.\n", + "type": "string" + } + }, + "type": "object" + }, + "runtime.LogInspectionRule": { + "description": "LogInspectionRule represents a single log inspection rule", + "properties": { + "path": { + "description": "Path is the log path.\n", + "type": "string" + }, + "regex": { + "description": "Regex are the regular expressions associated with the rule if it is a custom one.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + "type": "object" + }, + "runtime.NetworkRule": { + "description": "NetworkRule represents the restrictions/suppression for networking", + "properties": { + "blacklistIPs": { + "description": "Deny-listed IP addresses.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "blacklistListeningPorts": { + "description": "Deny-listed listening ports.\n", + "items": { + "$ref": "#/components/schemas/common.PortRange" + }, + "type": "array" + }, + "blacklistOutboundPorts": { + "description": "Deny-listed outbound ports.\n", + "items": { + "$ref": "#/components/schemas/common.PortRange" + }, + "type": "array" + }, + "effect": { + "$ref": "#/components/schemas/runtime.RuleEffect" + }, + "whitelistIPs": { + "description": "Allow-listed IP addresses.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "whitelistListeningPorts": { + "description": "Allow-listed listening ports.\n", + "items": { + "$ref": "#/components/schemas/common.PortRange" + }, + "type": "array" + }, + "whitelistOutboundPorts": { + "description": "Allow-listed outbound ports.\n", + "items": { + "$ref": "#/components/schemas/common.PortRange" + }, + "type": "array" + } + }, + "type": "object" + }, + "runtime.PortListRule": { + "description": "PortListRule represents a rule containing ports to allowed/denied and the required effect", + "properties": { + "allowed": { + "description": "Allowed the allow-listed listening ports.\n", + "items": { + "$ref": "#/components/schemas/common.PortRange" + }, + "type": "array" + }, + "denied": { + "description": "Denied the deny-listed listening ports.\n", + "items": { + "$ref": "#/components/schemas/common.PortRange" + }, + "type": "array" + }, + "effect": { + "$ref": "#/components/schemas/runtime.RuleEffect" + } + }, + "type": "object" + }, + "runtime.ProcessesRule": { + "description": "ProcessesRule represents restrictions/suppression for running processes", + "properties": { + "blacklist": { + "description": "List of processes to deny.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "blockAllBinaries": { + "description": "Indicates that all processes are blocked except the main process.\n", + "type": "boolean" + }, + "checkCryptoMiners": { + "description": "Detect crypto miners.\n", + "type": "boolean" + }, + "checkLateralMovement": { + "description": "Indicates whether dectection of processes that can be used for lateral movement exploits is enabled.\n", + "type": "boolean" + }, + "checkNewBinaries": { + "description": "Indicates whether binaries which do not belong to the original image are allowed to run.\n", + "type": "boolean" + }, + "effect": { + "$ref": "#/components/schemas/runtime.RuleEffect" + }, + "skipModified": { + "description": "Indicates whether to trigger audits/incidents when a modified proc is spawned.\n", + "type": "boolean" + }, + "whitelist": { + "description": "List of processes to allow.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + "type": "object" + }, + "runtime.ProfileFilesystem": { + "description": "ProfileFilesystem defines the filesystem features profile", + "properties": { + "behavioral": { + "description": "Behavioral is filesystem data learned from behavioral analysis.\n", + "items": { + "$ref": "#/components/schemas/runtime.ProfileFilesystemPath" + }, + "type": "array" + }, + "static": { + "description": "Static is filesystem data learned from static analysis.\n", + "items": { + "$ref": "#/components/schemas/runtime.ProfileFilesystemPath" + }, + "type": "array" + } + }, + "type": "object" + }, + "runtime.ProfileFilesystemPath": { + "description": "ProfileFilesystemPath represents the filesystem static data", + "properties": { + "mount": { + "description": "Mount indicates whether the given folder is a mount.\n", + "type": "boolean" + }, + "path": { + "description": "Path is the file path.\n", + "type": "string" + }, + "process": { + "description": "Process is the process that accessed the file.\n", + "type": "string" + }, + "time": { + "description": "Time is the time in which the file was added.\n", + "format": "date-time", + "type": "string" + } + }, + "type": "object" + }, + "runtime.ProfileNetwork": { + "description": "ProfileNetwork represents networking data that is learned", + "properties": { + "behavioral": { + "$ref": "#/components/schemas/runtime.ProfileNetworkBehavioral" + }, + "geoip": { + "$ref": "#/components/schemas/runtime.ProfileNetworkGeoIP" + }, + "static": { + "$ref": "#/components/schemas/runtime.ProfileNetworkStatic" + } + }, + "type": "object" + }, + "runtime.ProfileNetworkBehavioral": { + "description": "ProfileNetworkBehavioral represents the behavioral data learned for networking", + "properties": { + "dnsQueries": { + "description": "DNSQueries is the learned DNS queries.\n", + "items": { + "$ref": "#/components/schemas/runtime.DNSQuery" + }, + "type": "array" + }, + "listeningPorts": { + "description": "Listening is the learned listening ports.\n", + "items": { + "$ref": "#/components/schemas/runtime.AppListeningPorts" + }, + "type": "array" + }, + "outboundPorts": { + "$ref": "#/components/schemas/common.ProfilePortData" + } + }, + "type": "object" + }, + "runtime.ProfileNetworkGeoIP": { + "description": "ProfileNetworkGeoIP represents a cache of last ip-country pairs attached to each profile", + "properties": { + "countries": { + "description": "Countries is a list of ip addresses with their corresponding country codes.\n", + "items": { + "$ref": "#/components/schemas/runtime.GeoIP" + }, + "type": "array" + }, + "modified": { + "description": "Modified is the last modified time of the cache.\n", + "format": "date-time", + "type": "string" + } + }, + "type": "object" + }, + "runtime.ProfileNetworkStatic": { + "description": "ProfileNetworkStatic represent the static section of the networking profile", + "properties": { + "listeningPorts": { + "description": "Listening are the listening ports learned by static analysis.\n", + "items": { + "$ref": "#/components/schemas/runtime.AppListeningPorts" + }, + "type": "array" + } + }, + "type": "object" + }, + "runtime.ProfileProcess": { + "description": "ProfileProcess represents a single process data", + "properties": { + "command": { + "description": "Command is the executed command.\n", + "type": "string" + }, + "interactive": { + "description": "Interactive indicates whether the process belongs to an interactive session.\n", + "type": "boolean" + }, + "md5": { + "description": "MD5 is the process binary MD5 sum.\n", + "type": "string" + }, + "modified": { + "description": "Modified indicates the process binary was modified after the container has started.\n", + "type": "boolean" + }, + "path": { + "description": "Path is the process binary path.\n", + "type": "string" + }, + "ppath": { + "description": "PPath is the parent process path.\n", + "type": "string" + }, + "time": { + "description": "Time is the time in which the process was added. If the process was modified, Time is the modification time.\n", + "format": "date-time", + "type": "string" + }, + "user": { + "description": "User represents the username that started the process.\n", + "type": "string" + } + }, + "type": "object" + }, + "runtime.ProfileProcesses": { + "description": "ProfileProcesses represents the process data that is learned for a specific image", + "properties": { + "behavioral": { + "description": "Behavioral are process details learned from behavioral analysis.\n", + "items": { + "$ref": "#/components/schemas/runtime.ProfileProcess" + }, + "type": "array" + }, + "static": { + "description": "Static are process details learned from static analysis.\n", + "items": { + "$ref": "#/components/schemas/runtime.ProfileProcess" + }, + "type": "array" + } + }, + "type": "object" + }, + "runtime.RuleEffect": { + "description": "RuleEffect is the effect that will be used in the runtime rule", + "enum": [ + [ + "block", + "prevent", + "alert", + "disable" + ] + ], + "type": "string" + }, + "runtime.SSHEvent": { + "description": "SSHEvent represents an SSH event data", + "properties": { + "command": { + "description": "Command is the executed command.\n", + "type": "string" + }, + "country": { + "description": "Country represents the SSH client's origin country.\n", + "type": "string" + }, + "interactive": { + "description": "Interactive indicates whether the process belongs to an interactive session.\n", + "type": "boolean" + }, + "ip": { + "description": "IP address represents the connection client IP address.\n", + "type": "integer" + }, + "loginTime": { + "description": "LoginTime represents the SSH login time.\n", + "format": "int64", + "type": "integer" + }, + "md5": { + "description": "MD5 is the process binary MD5 sum.\n", + "type": "string" + }, + "modified": { + "description": "Modified indicates the process binary was modified after the container has started.\n", + "type": "boolean" + }, + "path": { + "description": "Path is the process binary path.\n", + "type": "string" + }, + "ppath": { + "description": "PPath is the parent process path.\n", + "type": "string" + }, + "time": { + "description": "Time is the time in which the process was added. If the process was modified, Time is the modification time.\n", + "format": "date-time", + "type": "string" + }, + "user": { + "description": "User represents the username that started the process.\n", + "type": "string" + } + }, + "type": "object" + }, + "runtime.SecretScrubbingSpec": { + "description": "SecretScrubbingSpec defined a single runtime secret scrubbing specification", + "properties": { + "disabled": { + "description": "Indicates whether the rule is currently disabled. Values: true (disabled) or false (enabled).\n", + "type": "boolean" + }, + "modified": { + "description": "Specifies the date and time when the rule was last modified.\n", + "format": "date-time", + "type": "string" + }, + "name": { + "description": "Name of the rule.\n", + "type": "string" + }, + "notes": { + "description": "Describes any noteworthy points for a rule. You can include any text.\n", + "type": "string" + }, + "owner": { + "description": "User who created or last modified the rule.\n", + "type": "string" + }, + "pattern": { + "description": "Pattern is the regex pattern to mask sensitive data.\n", + "type": "string" + }, + "placeholder": { + "description": "Placeholder is the placeholder text to replace the matched field content.\n", + "type": "string" + }, + "previousName": { + "description": "Previous name of the rule. Required for rule renaming.\n", + "type": "string" + } + }, + "type": "object" + }, + "runtime.ServerlessPolicy": { + "description": "ServerlessPolicy represents a serverless runtime policy enforced for a given running resource", + "properties": { + "_id": { + "description": "Internal identifier.\n", + "type": "string" + }, + "learningDisabled": { + "description": "Indicates whether automatic behavioural learning is enabled (true) or not (false).\n", + "type": "boolean" + }, + "rules": { + "description": "Rules in the policy.\n", + "items": { + "$ref": "#/components/schemas/runtime.ServerlessPolicyRule" + }, + "type": "array" + } + }, + "type": "object" + }, + "runtime.ServerlessPolicyRule": { + "description": "ServerlessPolicyRule represents a single rule in the serverless runtime policy", + "properties": { + "advancedProtection": { + "description": "Indicates whether advanced protection (e.g., custom or premium feeds for container, added whitelist rules for serverless) is enabled (true) or not (false).\n", + "type": "boolean" + }, + "cloudMetadataEnforcement": { + "description": "Catches containers that access the cloud provider metadata API.\n", + "type": "boolean" + }, + "collections": { + "description": "List of collections. Used to scope the rule.\n", + "items": { + "$ref": "#/components/schemas/collection.Collection" + }, + "type": "array" + }, + "customRules": { + "description": "List of custom runtime rules.\n", + "items": { + "$ref": "#/components/schemas/customrules.Ref" + }, + "type": "array" + }, + "disabled": { + "description": "Indicates whether the rule is currently disabled. Values: true (disabled) or false (enabled).\n", + "type": "boolean" + }, + "dns": { + "$ref": "#/components/schemas/runtime.DNSRule" + }, + "filesystem": { + "$ref": "#/components/schemas/runtime.FilesystemRule" + }, + "kubernetesEnforcement": { + "description": "Detects containers that attempt to compromise the orchestrator.\n", + "type": "boolean" + }, + "modified": { + "description": "Specifies the date and time when the rule was last modified.\n", + "format": "date-time", + "type": "string" + }, + "name": { + "description": "Name of the rule.\n", + "type": "string" + }, + "network": { + "$ref": "#/components/schemas/runtime.NetworkRule" + }, + "notes": { + "description": "Describes any noteworthy points for a rule. You can include any text.\n", + "type": "string" + }, + "owner": { + "description": "User who created or last modified the rule.\n", + "type": "string" + }, + "previousName": { + "description": "Previous name of the rule. Required for rule renaming.\n", + "type": "string" + }, + "processes": { + "$ref": "#/components/schemas/runtime.ProcessesRule" + }, + "skipExecSessions": { + "description": "Indicates whether to skip runtime validation for events triggered by docker/kubectl exec.\n", + "type": "boolean" + }, + "wildFireAnalysis": { + "$ref": "#/components/schemas/runtime.RuleEffect" + } + }, + "type": "object" + }, + "sandbox.ConnectionEvent": { + "description": "ConnectionEvent represents a network connection event", + "properties": { + "countryCode": { + "description": "CountryCode is the country code for the network IP.\n", + "type": "string" + }, + "ip": { + "description": "IP is the network IP.\n", + "type": "string" + }, + "port": { + "description": "Port is the network port.\n", + "type": "integer" + }, + "process": { + "$ref": "#/components/schemas/sandbox.ProcessEvent" + }, + "protocol": { + "description": "Protocol is the transport layer protocol (UDP / TCP).\n", + "type": "string" + }, + "time": { + "description": "Time is the event time.\n", + "format": "date-time", + "type": "string" + } + }, + "type": "object" + }, + "sandbox.DNSQueryEvent": { + "description": "DNSQueryEvent represents a DNS query event with it's connection details", + "properties": { + "countryCode": { + "description": "CountryCode is the country code for the network IP.\n", + "type": "string" + }, + "domainName": { + "description": "DomainName is the domain name for a DNS query.\n", + "type": "string" + }, + "domainType": { + "description": "DomainType is the domain type for a DNS query.\n", + "type": "string" + }, + "ip": { + "description": "IP is the network IP.\n", + "type": "string" + }, + "process": { + "$ref": "#/components/schemas/sandbox.ProcessEvent" + }, + "time": { + "description": "Time is the event time.\n", + "format": "date-time", + "type": "string" + } + }, + "type": "object" + }, + "sandbox.Event": { + "description": "Event is a single event in a chain that lead to finding detection", + "properties": { + "description": { + "description": "Description describes what happened in the event.\n", + "type": "string" + }, + "time": { + "description": "Time is the time of event detection.\n", + "format": "date-time", + "type": "string" + } + }, + "type": "object" + }, + "sandbox.FilesystemAccessType": { + "description": "FilesystemAccessType represents a type of accessing a file", + "enum": [ + [ + "open", + "modify", + "create" + ] + ], + "type": "string" + }, + "sandbox.FilesystemEvent": { + "description": "FilesystemEvent represents a filesystem event during sandbox scan", + "properties": { + "accessType": { + "$ref": "#/components/schemas/sandbox.FilesystemAccessType" + }, + "path": { + "description": "Path is the file path.\n", + "type": "string" + }, + "process": { + "$ref": "#/components/schemas/sandbox.ProcessEvent" + }, + "time": { + "description": "Time is the event time.\n", + "format": "date-time", + "type": "string" + } + }, + "type": "object" + }, + "sandbox.Finding": { + "description": "Finding represents a finding detected during sandbox scan", + "properties": { + "description": { + "description": "Description is the finding description.\n", + "type": "string" + }, + "events": { + "description": "Events are the events that lead to the finding detection.\n", + "items": { + "$ref": "#/components/schemas/sandbox.Event" + }, + "type": "array" + }, + "severity": { + "$ref": "#/components/schemas/sandbox.FindingSeverity" + }, + "time": { + "description": "Time is the detection time (time of triggering event).\n", + "format": "date-time", + "type": "string" + }, + "type": { + "$ref": "#/components/schemas/sandbox.FindingType" + } + }, + "type": "object" + }, + "sandbox.FindingSeverity": { + "description": "FindingSeverity represents a finding severity level", + "enum": [ + [ + "critical", + "high", + "medium", + "low" + ] + ], + "type": "string" + }, + "sandbox.FindingType": { + "description": "FindingType represents a unique sandbox-detected finding type", + "enum": [ + [ + "dropper", + "modifiedBinary", + "executableCreation", + "filelessExecutableCreation", + "wildFireMalware", + "verticalPortScan", + "cryptoMiner", + "suspiciousELFHeader", + "kernelModule", + "modifiedBinaryExecution", + "filelessExecution" + ] + ], + "type": "string" + }, + "sandbox.ListeningEvent": { + "description": "ListeningEvent represents a network listening event", + "properties": { + "port": { + "description": "Port is the network port.\n", + "type": "integer" + }, + "process": { + "$ref": "#/components/schemas/sandbox.ProcessEvent" + }, + "time": { + "description": "Time is the event time.\n", + "format": "date-time", + "type": "string" + } + }, + "type": "object" + }, + "sandbox.ProcessEvent": { + "description": "ProcessEvent represents a process event during sandbox scan", + "properties": { + "command": { + "description": "Command is the command line.\n", + "type": "string" + }, + "md5": { + "description": "MD5 is the md5 hash for the process binary.\n", + "type": "string" + }, + "parent": { + "$ref": "#/components/schemas/sandbox.ProcessInfo" + }, + "path": { + "description": "Path is the binary path.\n", + "type": "string" + }, + "time": { + "description": "Time is the process start time.\n", + "format": "date-time", + "type": "string" + }, + "user": { + "description": "User is the username/id.\n", + "type": "string" + } + }, + "type": "object" + }, + "sandbox.ProcessInfo": { + "description": "ProcessInfo holds process information", + "properties": { + "command": { + "description": "Command is the command line.\n", + "type": "string" + }, + "md5": { + "description": "MD5 is the md5 hash for the process binary.\n", + "type": "string" + }, + "path": { + "description": "Path is the binary path.\n", + "type": "string" + }, + "time": { + "description": "Time is the process start time.\n", + "format": "date-time", + "type": "string" + }, + "user": { + "description": "User is the username/id.\n", + "type": "string" + } + }, + "type": "object" + }, + "sandbox.ScanResult": { + "description": "ScanResult represents sandbox scan results", + "properties": { + "_id": { + "description": "ID is a unique scan identifier.\n", + "type": "string" + }, + "collections": { + "description": "Collections to which this result applies.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "connection": { + "description": "Connection is a list of connection events detected during this scan.\n", + "items": { + "$ref": "#/components/schemas/sandbox.ConnectionEvent" + }, + "type": "array" + }, + "dns": { + "description": "DNS is a list of DNS queries detected during this scan.\n", + "items": { + "$ref": "#/components/schemas/sandbox.DNSQueryEvent" + }, + "type": "array" + }, + "entrypoint": { + "description": "Entrypoint is the command executed in the sandbox scan.\n", + "type": "string" + }, + "filesystem": { + "description": "Filesystem is a list of filesystem events detected during this scan.\n", + "items": { + "$ref": "#/components/schemas/sandbox.FilesystemEvent" + }, + "type": "array" + }, + "findings": { + "description": "Findings are the detected findings during scan.\n", + "items": { + "$ref": "#/components/schemas/sandbox.Finding" + }, + "type": "array" + }, + "image": { + "$ref": "#/components/schemas/shared.ImageInfo" + }, + "imageName": { + "description": "ImageName is the image name (e.g. registry/repo:tag).\n", + "type": "string" + }, + "listening": { + "description": "Listening is a list of listening events detected during this scan.\n", + "items": { + "$ref": "#/components/schemas/sandbox.ListeningEvent" + }, + "type": "array" + }, + "pass": { + "description": "Pass indicates if the scan passed or failed.\n", + "type": "boolean" + }, + "procs": { + "description": "Procs are the different detected process during this scan.\n", + "items": { + "$ref": "#/components/schemas/sandbox.ProcessEvent" + }, + "type": "array" + }, + "riskScore": { + "description": "RiskScore is the weighted total risk score.\n", + "format": "double", + "type": "number" + }, + "scanDuration": { + "description": "ScanDuration is the provided scan duration in nanoseconds.\n", + "format": "int64", + "type": "integer" + }, + "scanTime": { + "description": "Start is the scan start time.\n", + "format": "date-time", + "type": "string" + }, + "suspiciousFiles": { + "description": "SuspiciousFiles are suspicious files detected during scan.\n", + "items": { + "$ref": "#/components/schemas/sandbox.SuspiciousFile" + }, + "type": "array" + } + }, + "type": "object" + }, + "sandbox.SuspiciousFile": { + "description": "SuspiciousFile represents a suspicious file", + "properties": { + "containerPath": { + "description": "ContainerPath is the path of the file in the running container.\n", + "type": "string" + }, + "created": { + "description": "Created indicates if the file was created during runtime.\n", + "type": "boolean" + }, + "md5": { + "description": "MD5 is the file MD5 hash.\n", + "type": "string" + }, + "path": { + "description": "Path is the path to the copy of the file.\n", + "type": "string" + } + }, + "type": "object" + }, + "secrets.SecretScanMetrics": { + "description": "SecretScanMetrics represents metrics collected during secret scan", + "properties": { + "failedScans": { + "description": "FailedScans represents number of failed scans caused by scanner errors.\n", + "format": "int64", + "type": "integer" + }, + "foundSecrets": { + "description": "FoundSecrets represents number of detected secrets.\n", + "type": "integer" + }, + "scanTime": { + "description": "ScanTime represents cumulative secret scan time in microseconds.\n", + "format": "int64", + "type": "integer" + }, + "scanTimeouts": { + "description": "ScanTimeouts represents number of failed scans caused by timeout.\n", + "format": "int64", + "type": "integer" + }, + "scannedFileSize": { + "description": "ScannedFileSize represents accumulated size of scanned files.\n", + "format": "int64", + "type": "integer" + }, + "scannedFiles": { + "description": "ScannedFiles represents number of text files scanned for secrets.\n", + "format": "int64", + "type": "integer" + }, + "totalBytes": { + "description": "TotalBytes represents accumulated file size.\n", + "format": "int64", + "type": "integer" + }, + "totalFiles": { + "description": "TotalFiles represents number of files read for secrets.\n", + "format": "int64", + "type": "integer" + }, + "totalTime": { + "description": "TotalTime represents the total time in microseconds.\n", + "format": "int64", + "type": "integer" + }, + "typesCount": { + "additionalProperties": { + "$ref": "#/components/schemas/int" + }, + "description": "TypesCount represents distribution of secrets by its type.\n", + "type": "object" + } + }, + "type": "object" + }, + "serverless.ActionResources": { + "description": "ActionResources is a single action resources", + "properties": { + "resources": { + "description": "Resources are the resources granted to the action.\n", + "items": { + "$ref": "#/components/schemas/serverless.Resource" + }, + "type": "array" + }, + "serviceAPI": { + "$ref": "#/components/schemas/serverless.ServiceAPI" + } + }, + "type": "object" + }, + "serverless.AssociatedVersion": { + "description": "AssociatedVersion is a single function version associated with the alias", + "properties": { + "version": { + "description": "Version is the function version.\n", + "type": "string" + }, + "weight": { + "description": "Weight is the possibility that the function will be called when triggering the alias.\n", + "type": "string" + } + }, + "type": "object" + }, + "serverless.Condition": { + "description": "Condition contains limitations on resources, such as a specific prefix", + "properties": { + "conditions": { + "description": "Conditions contain the limitations.\n", + "items": { + "$ref": "#/components/schemas/shared.KeyValues" + }, + "type": "array" + }, + "name": { + "description": "Condition in AWS such as: StringLike, StringNotLike, StringEquals, StringNotEquals, StringEqualsIgnoreCase, StringNotEqualsIgnoreCase, ForAllValues:StringLike,...\n", + "type": "string" + } + }, + "type": "object" + }, + "serverless.FunctionInfo": { + "description": "FunctionInfo contains function information collected during function scan", + "properties": { + "Secrets": { + "description": "Secrets are paths to embedded secrets inside the image\nNote: capital letter JSON annotation is kept to avoid converting all images for backward-compatibility support.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "_id": { + "description": "ID of the function.\n", + "type": "string" + }, + "accountID": { + "description": "Cloud account ID.\n", + "type": "string" + }, + "allCompliance": { + "$ref": "#/components/schemas/vuln.AllCompliance" + }, + "applicationName": { + "description": "Name of the application with which the function is associated.\n", + "type": "string" + }, + "applications": { + "description": "Products in the image.\n", + "items": { + "$ref": "#/components/schemas/vuln.Application" + }, + "type": "array" + }, + "architecture": { + "description": "Architecture that the function supports.\n", + "type": "string" + }, + "baseImage": { + "description": "Image\u2019s base image name. Used when filtering the vulnerabilities by base images.\n", + "type": "string" + }, + "binaries": { + "description": "Binaries in the image.\n", + "items": { + "$ref": "#/components/schemas/shared.Binary" + }, + "type": "array" + }, + "cloudControllerAddress": { + "description": "Address of the TAS cloud controller API.\n", + "type": "string" + }, + "cloudMetadata": { + "$ref": "#/components/schemas/common.CloudMetadata" + }, + "clusterType": { + "$ref": "#/components/schemas/common.ClusterType" + }, + "clusters": { + "description": "Cluster names.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "collections": { + "description": "Matched function collections.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "complianceDistribution": { + "$ref": "#/components/schemas/vuln.Distribution" + }, + "complianceIssues": { + "description": "All the compliance issues.\n", + "items": { + "$ref": "#/components/schemas/vuln.Vulnerability" + }, + "type": "array" + }, + "complianceIssuesCount": { + "description": "Number of compliance issues.\n", + "type": "integer" + }, + "complianceRiskScore": { + "description": "Compliance risk score for the image.\n", + "format": "float", + "type": "number" + }, + "compressed": { + "description": "Compressed indicates if this image seems to be compressed - currently only relevant for buildah images.\n", + "type": "boolean" + }, + "compressedLayerTimes": { + "$ref": "#/components/schemas/shared.CompressedLayerTimes" + }, + "creationTime": { + "description": "Specifies the time of creation for the latest version of the image.\n", + "format": "date-time", + "type": "string" + }, + "defended": { + "description": "Indicates status of runtime defense. Covers both manually and automatically deployed function defense.\n", + "type": "boolean" + }, + "defenderLayerARN": { + "description": "Prisma Defender Layer ARN, if it exists.\n", + "type": "string" + }, + "description": { + "description": "User-provided description of the function.\n", + "type": "string" + }, + "distro": { + "description": "Full name of the distribution.\n", + "type": "string" + }, + "ecsClusterName": { + "description": "ECS cluster name.\n", + "type": "string" + }, + "envvars": { + "description": "Function environment variables.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "err": { + "description": "Description of an error that occurred during the scan.\n", + "type": "string" + }, + "externalLabels": { + "description": "Kubernetes external labels of all containers running this image.\n", + "items": { + "$ref": "#/components/schemas/common.ExternalLabel" + }, + "type": "array" + }, + "files": { + "description": "Files in the container.\n", + "items": { + "$ref": "#/components/schemas/shared.FileDetails" + }, + "type": "array" + }, + "firstScanTime": { + "description": "Specifies the time of the scan for the first version of the image. This time is preserved even after the version update.\n", + "format": "date-time", + "type": "string" + }, + "foundSecrets": { + "description": "FoundSecrets are secrets with metadata that were found in the secrets' scan. Requires json tag for reporting secrets from image scan.\n", + "items": { + "$ref": "#/components/schemas/vuln.Secret" + }, + "type": "array" + }, + "functionLayers": { + "description": "Layer ARNs used by this function.\n", + "items": { + "$ref": "#/components/schemas/serverless.LayerInfo" + }, + "type": "array" + }, + "functionTags": { + "description": "Cloud provider metadata tags.\n", + "items": { + "$ref": "#/components/schemas/common.ExternalLabel" + }, + "type": "array" + }, + "handler": { + "description": "Handler is the function handler.\n", + "type": "string" + }, + "hash": { + "description": "Hash of the function.\n", + "type": "string" + }, + "history": { + "description": "Docker image history.\n", + "items": { + "$ref": "#/components/schemas/shared.ImageHistory" + }, + "type": "array" + }, + "hostDevices": { + "description": "Map from host network device name to IP address.\n", + "items": { + "$ref": "#/components/schemas/common.NetworkDeviceIP" + }, + "type": "array" + }, + "hostname": { + "description": "Hostname of the scanner.\n", + "type": "string" + }, + "id": { + "description": "Image ID.\n", + "type": "string" + }, + "image": { + "$ref": "#/components/schemas/shared.Image" + }, + "installedProducts": { + "$ref": "#/components/schemas/shared.InstalledProducts" + }, + "invocations": { + "description": "Invocations is the function invocation count.\n", + "format": "double", + "type": "number" + }, + "isARM64": { + "description": "IsARM64 indicates if the architecture of the image is aarch64.\n", + "type": "boolean" + }, + "k8sClusterAddr": { + "description": "Endpoint of the Kubernetes API server.\n", + "type": "string" + }, + "labels": { + "description": "Image labels.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "lastModified": { + "description": "Date/time when the function was last modified.\n", + "format": "date-time", + "type": "string" + }, + "layers": { + "description": "Image's filesystem layers. Each layer is a SHA256 digest of the filesystem diff\nSee: https://windsock.io/explaining-docker-image-ids/.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "memory": { + "description": "Memory size, in MB, configured for the function.\n", + "format": "int64", + "type": "integer" + }, + "missingDistroVulnCoverage": { + "description": "Indicates if the image OS is covered in the IS (true) or not (false).\n", + "type": "boolean" + }, + "name": { + "description": "Name of the function.\n", + "type": "string" + }, + "namespaces": { + "description": "k8s namespaces of all the containers running this image.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "osDistro": { + "description": "Name of the OS distribution.\n", + "type": "string" + }, + "osDistroRelease": { + "description": "OS distribution release.\n", + "type": "string" + }, + "osDistroVersion": { + "description": "OS distribution version.\n", + "type": "string" + }, + "packageManager": { + "description": "Indicates if the package manager is installed for the OS.\n", + "type": "boolean" + }, + "packages": { + "description": "Packages which exist in the image.\n", + "items": { + "$ref": "#/components/schemas/shared.Packages" + }, + "type": "array" + }, + "platform": { + "description": "Platform is the function OS.\n", + "type": "string" + }, + "provider": { + "$ref": "#/components/schemas/common.CloudProvider" + }, + "pushTime": { + "description": "PushTime is the image push time to the registry.\n", + "format": "date-time", + "type": "string" + }, + "redHatNonRPMImage": { + "description": "RedHatNonRPMImage indicates whether the image is a Red Hat image with non-RPM content.\n", + "type": "boolean" + }, + "region": { + "description": "Function's region.\n", + "type": "string" + }, + "registryNamespace": { + "description": "IBM cloud namespace to which the image belongs.\n", + "type": "string" + }, + "registryTags": { + "description": "RegistryTags are the tags of the registry this image is stored.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "registryType": { + "description": "RegistryType indicates the registry type where the image is stored.\n", + "type": "string" + }, + "repoDigests": { + "description": "Digests of the image. Used for content trust (notary). Has one digest per tag.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "repoTag": { + "$ref": "#/components/schemas/shared.ImageTag" + }, + "resourceGroupName": { + "description": "Name of the resource group to which the resource belongs (only for Azure).\n", + "type": "string" + }, + "rhelRepos": { + "description": "RhelRepositories are the (RPM) repositories IDs from which the packages in this image were installed\nUsed for matching vulnerabilities by Red Hat CPEs.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "riskFactors": { + "$ref": "#/components/schemas/vulnerability.RiskFactors" + }, + "role": { + "description": "AWS execution role.\n", + "type": "string" + }, + "runtime": { + "description": "Runtime environment for the function (e.g., nodejs).\n", + "type": "string" + }, + "scanBuildDate": { + "description": "Scanner build date that published the image.\n", + "type": "string" + }, + "scanTime": { + "description": "Date/time when the scan of the function was performed.\n", + "format": "date-time", + "type": "string" + }, + "scanVersion": { + "description": "Scanner version that published the image.\n", + "type": "string" + }, + "scannerVersion": { + "description": "Scanner version.\n", + "type": "string" + }, + "secretScanMetrics": { + "$ref": "#/components/schemas/secrets.SecretScanMetrics" + }, + "startupBinaries": { + "description": "Binaries which are expected to run when the container is created from this image.\n", + "items": { + "$ref": "#/components/schemas/shared.Binary" + }, + "type": "array" + }, + "status": { + "description": "Status of the function (e.g., running).\n", + "type": "string" + }, + "tags": { + "description": "Tags associated with the given image.\n", + "items": { + "$ref": "#/components/schemas/shared.ImageTag" + }, + "type": "array" + }, + "timeout": { + "description": "Function execution time at which the function will be terminated.\n", + "format": "int64", + "type": "integer" + }, + "topLayer": { + "description": "SHA256 of the image's last layer that is the last element of the Layers field.\n", + "type": "string" + }, + "twistlockImage": { + "description": "Indicates if the image is a Twistlock image (true) or not (false).\n", + "type": "boolean" + }, + "type": { + "$ref": "#/components/schemas/shared.ScanType" + }, + "underlyingDistro": { + "description": "UnderlyingDistro is used in cases OS an OS is built on top of another, and we need to know both.\n", + "type": "string" + }, + "underlyingDistroRelease": { + "description": "UnderlyingDistroRelease is used in cases OS an OS is built on top of another, and we need to know both.\n", + "type": "string" + }, + "version": { + "description": "Version of the function.\n", + "type": "string" + }, + "vulnerabilities": { + "description": "CVE vulnerabilities of the image.\n", + "items": { + "$ref": "#/components/schemas/vuln.Vulnerability" + }, + "type": "array" + }, + "vulnerabilitiesCount": { + "description": "Total number of vulnerabilities.\n", + "type": "integer" + }, + "vulnerabilityDistribution": { + "$ref": "#/components/schemas/vuln.Distribution" + }, + "vulnerabilityRiskScore": { + "description": "Image's CVE risk score.\n", + "format": "float", + "type": "number" + } + }, + "type": "object" + }, + "serverless.LayerInfo": { + "description": "LayerInfo contains information about a lambda layer", + "properties": { + "id": { + "description": "ID of the layer.\n", + "type": "string" + }, + "name": { + "description": "Name of the layer.\n", + "type": "string" + }, + "version": { + "description": "Version of the layer.\n", + "type": "string" + } + }, + "type": "object" + }, + "serverless.Permissions": { + "description": "Permissions contain service function permissions", + "properties": { + "actions": { + "description": "Actions is API actions of the service that the function has access to.\n", + "items": { + "$ref": "#/components/schemas/serverless.ActionResources" + }, + "type": "array" + }, + "service": { + "description": "Service is the service name.\n", + "type": "string" + } + }, + "type": "object" + }, + "serverless.RadarData": { + "description": "RadarData represent all data relevant to the serverless radar", + "properties": { + "serverlessRadar": { + "description": "ServerlessRadar holds all radar entities.\n", + "items": { + "$ref": "#/components/schemas/serverless.RadarEntity" + }, + "type": "array" + } + }, + "type": "object" + }, + "serverless.RadarEntity": { + "description": "RadarEntity is the extended serverless radar entity", + "properties": { + "_id": { + "description": "ID is unique identifier of the function (for AWS - ARN).\n", + "type": "string" + }, + "accountID": { + "description": "AccountID is the cloud account ID.\n", + "type": "string" + }, + "alias": { + "description": "Alias states that the current entity is an alias of the function.\n", + "type": "boolean" + }, + "applicationName": { + "description": "ApplicationName is the name of the application the function is associated with.\n", + "type": "string" + }, + "associatedVersions": { + "description": "AssociatedVersions contain the alias associated versions, or empty if the entity isn't an alias.\n", + "items": { + "$ref": "#/components/schemas/serverless.AssociatedVersion" + }, + "type": "array" + }, + "collections": { + "description": "Collections are the matched function collections.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "complianceDistribution": { + "$ref": "#/components/schemas/vuln.Distribution" + }, + "credentialId": { + "description": "CredentialID is the id reference of the credential used.\n", + "type": "string" + }, + "defended": { + "description": "Defended denotes weather the function is defended by a serverless defender.\n", + "type": "boolean" + }, + "description": { + "description": "Description is the user provided description of the function.\n", + "type": "string" + }, + "incidentCount": { + "description": "IncidentCount is the number of incidents.\n", + "type": "integer" + }, + "invocations": { + "description": "Invocations is the function invocation count.\n", + "format": "double", + "type": "number" + }, + "lastModified": { + "description": "LastModified is the modification time of the function.\n", + "format": "date-time", + "type": "string" + }, + "name": { + "description": "Name is the name of the function.\n", + "type": "string" + }, + "networkCount": { + "description": "NetworkCount contain the runtime network events count.\n", + "type": "integer" + }, + "permissions": { + "description": "Permissions are the function permissions.\n", + "items": { + "$ref": "#/components/schemas/serverless.Permissions" + }, + "type": "array" + }, + "permissionsBoundary": { + "description": "PermissionsBoundary are limitations of the permissions, acting as AND.\n", + "items": { + "$ref": "#/components/schemas/serverless.Permissions" + }, + "type": "array" + }, + "processesCount": { + "description": "ProcessesCount contain the runtime processes events count.\n", + "type": "integer" + }, + "provider": { + "$ref": "#/components/schemas/common.CloudProvider" + }, + "region": { + "description": "Region is the region that was scanned, for example: GCP - \"us-east-1\", Azure - \"westus\".\n", + "type": "string" + }, + "runtime": { + "description": "Runtime is runtime environment for the function, i.e. nodejs.\n", + "type": "string" + }, + "scanned": { + "description": "Scanned indicates if the function was scanned for vulnerabilities and compliance.\n", + "type": "boolean" + }, + "tags": { + "description": "Tags are the cloud provider metadata tags.\n", + "items": { + "$ref": "#/components/schemas/common.ExternalLabel" + }, + "type": "array" + }, + "triggers": { + "description": "Triggers contain invocation paths for functions.\n", + "items": { + "$ref": "#/components/schemas/serverless.Triggers" + }, + "type": "array" + }, + "version": { + "description": "Version is the version of the function, or the alias name if it's an alias.\n", + "type": "string" + }, + "vulnerabilityDistribution": { + "$ref": "#/components/schemas/vuln.Distribution" + } + }, + "type": "object" + }, + "serverless.RadarFilter": { + "description": "RadarFilter contains filter options for serverless radar entities", + "properties": { + "accountIDs": { + "description": "AccountIDs are cloud provider account IDs with discovered entities.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "credentials": { + "description": "Credentials are cloud provider credential ID's with discovered entities.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "provider": { + "$ref": "#/components/schemas/common.CloudProvider" + }, + "regions": { + "description": "Regions are cloud provider regions with discovered entities.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + "type": "object" + }, + "serverless.Resource": { + "description": "Resource is a single action resources", + "properties": { + "allow": { + "description": "Allow states if the resource is allowed or denied.\n", + "type": "boolean" + }, + "condition": { + "description": "Conditions contain limitations on resources, such as a specific prefix.\n", + "items": { + "$ref": "#/components/schemas/serverless.Condition" + }, + "type": "array" + }, + "name": { + "description": "Name is the resource name.\n", + "type": "string" + }, + "negate": { + "description": "Negate indicates that the policy apply to all except the given resource.\n", + "type": "boolean" + } + }, + "type": "object" + }, + "serverless.ServiceAPI": { + "description": "ServiceAPI describes a service API", + "properties": { + "api": { + "description": "API is the service API.\n", + "type": "string" + }, + "negate": { + "description": "Negate indicates the policy apply to all APIs except the given API.\n", + "type": "boolean" + }, + "service": { + "description": "Service is the AWS service.\n", + "type": "string" + } + }, + "type": "object" + }, + "serverless.Trigger": { + "description": "Trigger contains function triggers", + "properties": { + "properties": { + "description": "Properties are the trigger properties. There may be multiple values per key, for example AWS S3 event types: ObjectCreatedByPost, ObjectCreatedByCopy, ObjectCreatedByPut.\n", + "items": { + "$ref": "#/components/schemas/shared.KeyValues" + }, + "type": "array" + }, + "sourceID": { + "description": "SourceID is the id of the service instance that caused the trigger. For example AWS S3 bucket ARN, AWS apigateway ARN, etc.\n", + "type": "string" + } + }, + "type": "object" + }, + "serverless.Triggers": { + "description": "Triggers contain a service function triggers", + "properties": { + "service": { + "description": "Service is the service name.\n", + "type": "string" + }, + "triggers": { + "description": "Triggers are the function invocation paths from the service.\n", + "items": { + "$ref": "#/components/schemas/serverless.Trigger" + }, + "type": "array" + } + }, + "type": "object" + }, + "shared.AISOperationType": { + "description": "AISOperationType represents a scan operation type", + "enum": [ + [ + "discovery", + "create-snapshot", + "deploy-scanner", + "cleanup" + ] + ], + "type": "string" + }, + "shared.ActivityType": { + "description": "ActivityType is the type of user activity", + "enum": [ + [ + "app restart", + "app install", + "app modified", + "cron modified", + "system update", + "system reboot", + "source modified", + "source added", + "iptables changed", + "secret modified", + "login", + "sudo", + "accounts modified", + "sensitive files modified", + "docker" + ] + ], + "type": "string" + }, + "shared.AgentlessAccountScanStatus": { + "description": "AgentlessAccountScanStatus represents agentless cloud account scan status", + "type": "integer" + }, + "shared.AgentlessAccountState": { + "description": "AgentlessAccountState holds the information about the agentless account state", + "properties": { + "lastScan": { + "description": "LastScan is a timestamp of the end of the last scan.\n", + "format": "date-time", + "type": "string" + }, + "regions": { + "description": "Regions is an array of regions scanned in account.\n", + "items": { + "$ref": "#/components/schemas/shared.AgentlessRegionState" + }, + "type": "array" + }, + "scanStatus": { + "$ref": "#/components/schemas/shared.AgentlessAccountScanStatus" + } + }, + "type": "object" + }, + "shared.AgentlessHostTag": { + "description": "AgentlessHostTag is the tag to be checked on a discovered host", + "properties": { + "key": { + "description": "Key is the tag key.\n", + "type": "string" + }, + "value": { + "description": "Value is the tag value.\n", + "type": "string" + } + }, + "type": "object" + }, + "shared.AgentlessRegionState": { + "description": "AgentlessRegionState holds information about the statuses scans in a region", + "properties": { + "availabilityDomain": { + "description": "AvailabilityDomain is the code name of OCI availabilityDomain.\n", + "type": "string" + }, + "errorsInfo": { + "description": "ErrorsInfo holds information about the errors that occured during in region scan.\n", + "items": { + "$ref": "#/components/schemas/shared.ScanErrorInfo" + }, + "type": "array" + }, + "lastScan": { + "description": "LastScan is a timestamp of the end of the last scan.\n", + "format": "date-time", + "type": "string" + }, + "region": { + "description": "Region is the code name of the region.\n", + "type": "string" + }, + "scanCoverage": { + "$ref": "#/components/schemas/shared.AgentlessScanHostCoverage" + }, + "scanID": { + "description": "ScanID is the id of scan cycle the region was last scanned in.\n", + "type": "integer" + }, + "score": { + "description": "Score is an aggregated score of the errors in the region.\n", + "type": "integer" + } + }, + "type": "object" + }, + "shared.AgentlessScanHostCoverage": { + "description": "AgentlessScanHostCoverage contains the scan coverage stats", + "properties": { + "excluded": { + "description": "Excluded is the number of hosts that were excluded from the scan.\n", + "type": "integer" + }, + "issued": { + "description": "Issued is the number of hosts that are failed to scanned.\n", + "type": "integer" + }, + "pending": { + "description": "Pending is the number of hosts that are pending ais scan.\n", + "type": "integer" + }, + "successful": { + "description": "Successful is the number of hosts that were successfully scanned.\n", + "type": "integer" + }, + "unsupported": { + "description": "Unsupported is the number of hosts that are unsupported.\n", + "type": "integer" + } + }, + "type": "object" + }, + "shared.AgentlessScanSpecification": { + "description": "AgentlessScanSpecification contains information for setting up an agentless scan for a group of accounts", + "properties": { + "autoScale": { + "description": "AutoScale indicates that the number of concurrent scanners should be selected automatically.\n", + "type": "boolean" + }, + "cloudScan": { + "description": "CloudScan indicates whether the account is being scanned with prisma.\n", + "type": "boolean" + }, + "consoleAddr": { + "description": "ConsoleAddr is a network-accessible address that scanners can use to publish scan results to Console.\n", + "type": "string" + }, + "customTags": { + "description": "CustomTags are optional tags that can be added to the resources created by the scan.\n", + "items": { + "$ref": "#/components/schemas/shared.AgentlessHostTag" + }, + "type": "array" + }, + "enabled": { + "description": "Enabled indicates whether agentless scanning is enabled.\n", + "type": "boolean" + }, + "excludedTags": { + "description": "ExcludedTags are the tags used to exclude instances from the scan.\n", + "items": { + "$ref": "#/components/schemas/shared.AgentlessHostTag" + }, + "type": "array" + }, + "hubAccount": { + "description": "HubAccount indicates whether the account is configured as a hub account.\n", + "type": "boolean" + }, + "hubCredentialID": { + "description": "HubCredentialID is the ID of the credentials in the credentials store to use for authenticating with the cloud provider on behalf of the scan hub account. Optional.\n", + "type": "string" + }, + "includedTags": { + "description": "IncludedTags are tags that are used to filter hosts to scan. If set, only hosts that have one or more of these tags are scanned.\n", + "items": { + "$ref": "#/components/schemas/shared.AgentlessHostTag" + }, + "type": "array" + }, + "ociCompartment": { + "description": "OCICompartment is the resource group that holds all scan related resources for OCI.\n", + "type": "string" + }, + "ociExcludedCompartments": { + "description": "OCIExcludedCompartments are the compartments excluded from scan (OCI).\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "ociVcn": { + "description": "OCIVcn is the Virtual Cloud Network to use for the instance launched for scanning. Default value is empty string, which represents the default VCN.\n", + "type": "string" + }, + "proxyAddress": { + "description": "ProxyAddress is the optional HTTP proxy address for a setup that includes a proxy server.\n", + "type": "string" + }, + "proxyCA": { + "description": "ProxyCA is the optional proxy CA certificate for a setup that includes a TLS proxy.\n", + "type": "string" + }, + "regions": { + "description": "Regions are the cloud provider regions applicable for the scan. Default is all.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "scanNonRunning": { + "description": "ScanNonRunning indicates whether to scan non running instances.\n", + "type": "boolean" + }, + "scanners": { + "description": "Scanners is the number of concurrent scanners to perform the scan (when auto-scale is off).\n", + "type": "integer" + }, + "securityGroup": { + "description": "SecurityGroup is the security group that scanners should use (for isolation and internet access). Default is empty value to use the cloud account default security group.\n", + "type": "string" + }, + "skipPermissionsCheck": { + "description": "SkipPermissionsCheck indicates whether permissions check should be skipped for the account. This allows users to attempt scanning when permissions check fails.\n", + "type": "boolean" + }, + "subnet": { + "description": "Subnet is the network subnet to use for the instance launched for scanning. Default value is empty string, which represents the default subnet in the default VPC.\n", + "type": "string" + } + }, + "type": "object" + }, + "shared.AlertThreshold": { + "description": "AlertThreshold is the vulnerability policy alert threshold\nThreshold values typically vary between 0 and 10 (noninclusive)", + "properties": { + "disabled": { + "description": "Suppresses alerts for all vulnerabilities (true).\n", + "type": "boolean" + }, + "value": { + "description": "Minimum severity to trigger alerts. Supported values range from 0 to 9, where 0=off, 1=low, 4=medium, 7=high, and 9=critical.\n", + "format": "float", + "type": "number" + } + }, + "type": "object" + }, + "shared.AllowedCVE": { + "description": "AllowedCVE is a CVE to ignore across the product", + "properties": { + "cve": { + "description": "CVE is the CVE to allow.\n", + "type": "string" + }, + "description": { + "description": "Description is the description of why this CVE is allowed.\n", + "type": "string" + }, + "expiration": { + "description": "Expiration is the expiration date for the allowed CVE.\n", + "format": "date-time", + "type": "string" + } + }, + "type": "object" + }, + "shared.AppEmbeddedEmbedRequest": { + "description": "AppEmbeddedEmbedRequest represents the arguments required for a AppEmbedded defender embed request", + "properties": { + "appID": { + "description": "AppID identifies the app that the embedded app defender defender is protecting.\n", + "type": "string" + }, + "consoleAddr": { + "description": "ConsoleAddr is the console address.\n", + "type": "string" + }, + "dataFolder": { + "description": "DataFolder is the path to the Twistlock data folder in the container.\n", + "type": "string" + }, + "dockerfile": { + "description": "Dockerfile is the Dockerfile to embed AppEmbedded defender into.\n", + "type": "string" + }, + "filesystemMonitoring": { + "description": "FilesystemMonitoring is the flag of filesystem monitoring for this Defender.\n", + "type": "boolean" + } + }, + "type": "object" + }, + "shared.AppEmbeddedRuntimeProfile": { + "description": "AppEmbeddedRuntimeProfile represents the app embedded runtime profile", + "properties": { + "_id": { + "description": "ID is the profile ID.\n", + "type": "string" + }, + "appID": { + "description": "AppID is the app embedded defender name.\n", + "type": "string" + }, + "cloudMetadata": { + "$ref": "#/components/schemas/common.CloudMetadata" + }, + "cluster": { + "description": "Cluster is the ECS Fargate cluster name.\n", + "type": "string" + }, + "clusterType": { + "$ref": "#/components/schemas/common.ClusterType" + }, + "collections": { + "description": "Collections are collections to which this profile applies.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "container": { + "description": "Container is the app embedded container name.\n", + "type": "string" + }, + "image": { + "description": "Image is the image name.\n", + "type": "string" + }, + "imageID": { + "description": "ImageID is the image ID.\n", + "type": "string" + }, + "startTime": { + "description": "StartTime is the time when the defender starts.\n", + "format": "date-time", + "type": "string" + } + }, + "type": "object" + }, + "shared.AppFirewallAudit": { + "description": "AppFirewallAudit represents a firewall audit event", + "properties": { + "_id": { + "description": "ID is internal id representation.\n", + "type": "string" + }, + "accountID": { + "description": "AccountID is the cloud account ID where the audit was generated.\n", + "type": "string" + }, + "additionalHash": { + "description": "AdditionalHash for internal use only. This parameter is used to add an additional level of uniqueness to the audit.\n", + "type": "string" + }, + "appID": { + "description": "AppID is the application ID.\n", + "type": "string" + }, + "attackField": { + "$ref": "#/components/schemas/waas.HTTPField" + }, + "attackTechniques": { + "description": "AttackTechniques are the MITRE attack techniques.\n", + "items": { + "$ref": "#/components/schemas/mitre.Technique" + }, + "type": "array" + }, + "cloudProviderName": { + "$ref": "#/components/schemas/prisma.ServiceProvider" + }, + "cluster": { + "description": "Cluster is the cluster on which the audit was originated.\n", + "type": "string" + }, + "collections": { + "description": "Collections are collections to which this audit applies.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "connectingIPs": { + "description": "ConnectingIPs are the requests connecting IPs such as proxy and load-balancer.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "containerId": { + "description": "ContainerID is the firewall container ID.\n", + "type": "string" + }, + "containerName": { + "description": "ContainerName is the firewall container name.\n", + "type": "string" + }, + "count": { + "description": "Count is the number of audit occurrences.\n", + "type": "integer" + }, + "country": { + "description": "Country is the source IP country.\n", + "type": "string" + }, + "effect": { + "$ref": "#/components/schemas/waas.Effect" + }, + "eventID": { + "description": "EventID is the event identifier of the audit relevant request.\n", + "type": "string" + }, + "firewallType": { + "$ref": "#/components/schemas/waas.FirewallType" + }, + "fqdn": { + "description": "FQDN is the current hostname's FQDN.\n", + "type": "string" + }, + "function": { + "description": "Function is the name of the serverless function that caused the audit.\n", + "type": "string" + }, + "functionID": { + "description": "FunctionID is the id of the function called.\n", + "type": "string" + }, + "host": { + "description": "Host indicates this audit is either for host firewall or out of band firewall or agentless firewall.\n", + "type": "boolean" + }, + "hostname": { + "description": "Hostname is the current hostname.\n", + "type": "string" + }, + "imageID": { + "description": "ImageID is the firewall image ID.\n", + "type": "string" + }, + "imageName": { + "description": "ImageName is the firewall image name.\n", + "type": "string" + }, + "labels": { + "additionalProperties": { + "$ref": "#/components/schemas/string" + }, + "description": "Labels are the custom labels associated with the container.\n", + "type": "object" + }, + "method": { + "description": "HTTPMethod is the request HTTP method.\n", + "type": "string" + }, + "modelPath": { + "description": "ModelPath for internal use only. This parameter is a correlated path for the mapped API Model.\n", + "type": "string" + }, + "msg": { + "description": "Message is the blocking message text.\n", + "type": "string" + }, + "ns": { + "description": "Namespaces are the k8s namespaces.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "os": { + "description": "OS is the operating system distribution.\n", + "type": "string" + }, + "owaspAPITop10": { + "$ref": "#/components/schemas/waas.OWASPAPITop10" + }, + "owaspTop10": { + "$ref": "#/components/schemas/waas.OWASPTop10" + }, + "prismaAccountID": { + "description": "PrismaAccountID is the Prisma format account ID.\n", + "type": "string" + }, + "prismaCloudProvider": { + "$ref": "#/components/schemas/prisma.CloudType" + }, + "prismaRegion": { + "description": "PrismaRegion is the Prisma format cloud region.\n", + "type": "string" + }, + "profileId": { + "description": "ProfileID is the profile of the audit.\n", + "type": "string" + }, + "protection": { + "$ref": "#/components/schemas/waas.Protection" + }, + "provider": { + "$ref": "#/components/schemas/common.CloudProvider" + }, + "rawEvent": { + "description": "RawEvent contains unparsed function handler event input.\n", + "type": "string" + }, + "region": { + "description": "Region is the name of the region in which the serverless function is located.\n", + "type": "string" + }, + "requestHeaderNames": { + "description": "RequestHeaderNames are the request header names.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "requestHeaders": { + "description": "RequestHeaders represent the request headers.\n", + "type": "string" + }, + "requestHost": { + "description": "RequestHost is the request host.\n", + "type": "string" + }, + "requestID": { + "description": "RequestID is lambda function invocation request id.\n", + "type": "string" + }, + "resource": { + "$ref": "#/components/schemas/common.RuntimeResource" + }, + "responseHeaderNames": { + "description": "ResponseHeaderNames are the response header names.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "ruleAppID": { + "description": "RuleAppID is the ID of the rule's app that was applied.\n", + "type": "string" + }, + "ruleName": { + "description": "RuleName is the name of the rule that was applied.\n", + "type": "string" + }, + "runtime": { + "$ref": "#/components/schemas/shared.LambdaRuntimeType" + }, + "statusCode": { + "description": "StatusCode is the response status code.\n", + "type": "integer" + }, + "subnet": { + "description": "Subnet is the source IP subnet.\n", + "type": "string" + }, + "time": { + "description": "Time is the UTC time of the audit event.\n", + "format": "date-time", + "type": "string" + }, + "type": { + "$ref": "#/components/schemas/waas.AttackType" + }, + "url": { + "description": "URL is the requests full URL (partial on server side - path and query only).\n", + "type": "string" + }, + "urlPath": { + "description": "URLPath is the requests url path.\n", + "type": "string" + }, + "urlQuery": { + "description": "URLQuery is the requests url query.\n", + "type": "string" + }, + "userAgentHeader": { + "description": "UserAgentHeader is the requests User-Agent header.\n", + "type": "string" + }, + "version": { + "description": "Version is the defender version.\n", + "type": "string" + }, + "workloadAssetType": { + "$ref": "#/components/schemas/prisma.AssetType" + }, + "workloadExternalResourceID": { + "description": "WorkloadExternalResourceID is the workload external resource ID (Asset External ID).\n", + "type": "string" + } + }, + "type": "object" + }, + "shared.Audit": { + "description": "Audit represents an event in the system", + "properties": { + "accountID": { + "description": "AccountID is the cloud account ID where the audit was created.\n", + "type": "string" + }, + "allow": { + "description": "Allow indicates whether the command was allowe or denied.\n", + "type": "boolean" + }, + "api": { + "description": "API is the api that is being audited.\n", + "type": "string" + }, + "cluster": { + "description": "Cluster is the cluster from which the audit originated.\n", + "type": "string" + }, + "collections": { + "description": "Collections are collections to which this audit applies.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "containerName": { + "description": "ContainerName is the name of the container.\n", + "type": "string" + }, + "fqdn": { + "description": "FQDN is the fully qualified domain name from which the audit originated.\n", + "type": "string" + }, + "hostname": { + "description": "Hostname is the hostname from which the audit originated.\n", + "type": "string" + }, + "imageName": { + "description": "ImageName is the name of the image.\n", + "type": "string" + }, + "labels": { + "additionalProperties": { + "$ref": "#/components/schemas/string" + }, + "description": "Labels are the labels associated with the target audit (for containers/images).\n", + "type": "object" + }, + "msg": { + "description": "Msg is the message explaining the audit.\n", + "type": "string" + }, + "namespace": { + "description": "Namespace is the container namespace.\n", + "type": "string" + }, + "ruleName": { + "description": "RulesName is contains the name of the rule that was applied, when blocked.\n", + "type": "string" + }, + "sourceIP": { + "description": "SourceIP is the remote agent's source IP.\n", + "type": "string" + }, + "time": { + "description": "Time is the UTC time of the audit event.\n", + "format": "date-time", + "type": "string" + }, + "type": { + "description": "Type is the audit type.\n", + "type": "string" + }, + "user": { + "description": "User is the user that run the command.\n", + "type": "string" + } + }, + "type": "object" + }, + "shared.BackupSpec": { + "description": "BackupSpec is the backup specification", + "properties": { + "id": { + "description": "ID is the full backup file name, used as the instance id in API calls.\n", + "type": "string" + }, + "name": { + "description": "Name is the backup name.\n", + "type": "string" + }, + "release": { + "description": "Release is the backup release.\n", + "type": "string" + }, + "time": { + "description": "Time is the backup creation time.\n", + "format": "date-time", + "type": "string" + } + }, + "type": "object" + }, + "shared.Binary": { + "description": "Binary represents a detected binary file (ELF)", + "properties": { + "altered": { + "description": "Indicates if the binary was installed from a package manager and modified/replaced (true) or not (false).\n", + "type": "boolean" + }, + "cveCount": { + "description": "Total number of CVEs for this specific binary.\n", + "type": "integer" + }, + "deps": { + "description": "Third-party package files which are used by the binary.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "fileMode": { + "description": "Represents the file's mode and permission bits.\n", + "type": "integer" + }, + "functionLayer": { + "description": "ID of the serverless layer in which the package was discovered.\n", + "type": "string" + }, + "md5": { + "description": "Md5 hashset of the binary.\n", + "type": "string" + }, + "missingPkg": { + "description": "Indicates if this binary is not related to any package (true) or not (false).\n", + "type": "boolean" + }, + "name": { + "description": "Name of the binary.\n", + "type": "string" + }, + "path": { + "description": "Path is the path of the binary.\n", + "type": "string" + }, + "pkgRootDir": { + "description": "Path for searching packages used by the binary.\n", + "type": "string" + }, + "services": { + "description": "Names of services which use the binary.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "version": { + "description": "Version of the binary.\n", + "type": "string" + } + }, + "type": "object" + }, + "shared.BlockThreshold": { + "description": "BlockThreshold is the vulnerability policy block threshold\nThreshold values typically vary between 0 and 10 (noninclusive)", + "properties": { + "enabled": { + "description": "Enables blocking (true).\n", + "type": "boolean" + }, + "value": { + "description": "Minimum severity to trigger blocking. Supported values range from 0 to 9, where 0=off, 1=low, 4=medium, 7=high, and 9=critical.\n", + "format": "float", + "type": "number" + } + }, + "type": "object" + }, + "shared.CLIScanResult": { + "description": "CLIScanResult describes a CLI scan result", + "properties": { + "_id": { + "description": "ID of the scan result.\n", + "type": "string" + }, + "build": { + "description": "CI build.\n", + "type": "string" + }, + "complianceFailureSummary": { + "description": "Scan compliance failure summary.\n", + "type": "string" + }, + "entityInfo": { + "$ref": "#/components/schemas/shared.ImageScanResult" + }, + "jobName": { + "description": "CI job name.\n", + "type": "string" + }, + "pass": { + "description": "Indicates if the scan passed (true) or failed (false).\n", + "type": "boolean" + }, + "time": { + "description": "Time of the scan.\n", + "format": "date-time", + "type": "string" + }, + "version": { + "description": "Scanner version.\n", + "type": "string" + }, + "vulnFailureSummary": { + "description": "Scan vulnerability failure summary.\n", + "type": "string" + } + }, + "type": "object" + }, + "shared.CVEAllowList": { + "description": "CVEAllowList is a collection of allowed CVE's", + "properties": { + "_id": { + "description": "ID is the id of the feed.\n", + "type": "string" + }, + "digest": { + "description": "Digest is the feed digest.\n", + "type": "string" + }, + "rules": { + "description": "Rules is the list of allowed CVEs.\n", + "items": { + "$ref": "#/components/schemas/shared.AllowedCVE" + }, + "type": "array" + } + }, + "type": "object" + }, + "shared.CVERule": { + "description": "CVERule is a vuln rule for specific vulnerability", + "properties": { + "description": { + "description": "Free-form text for documenting the exception.\n", + "type": "string" + }, + "effect": { + "$ref": "#/components/schemas/vuln.Effect" + }, + "expiration": { + "$ref": "#/components/schemas/vuln.ExpirationDate" + }, + "id": { + "description": "CVE ID.\n", + "type": "string" + } + }, + "type": "object" + }, + "shared.CloudDiscoveryAccount": { + "description": "CloudDiscoveryAccount holds data about a discovered account", + "properties": { + "accountName": { + "description": "AccountName is the cloud account name.\n", + "type": "string" + }, + "agentless": { + "description": "Agentless indicates whether the account is scan by agentless.\n", + "type": "boolean" + }, + "credentialId": { + "description": "CredentialID is the id reference of the credential used.\n", + "type": "string" + } + }, + "type": "object" + }, + "shared.CloudDiscoveryEntity": { + "description": "CloudDiscoveryEntity holds data about a discovered entity", + "properties": { + "accountID": { + "description": "AccountID is the cloud provider account ID.\n", + "type": "string" + }, + "activeServicesCount": { + "description": "ActiveServicesCount is the number of active services in ecs cluster.\n", + "format": "int64", + "type": "integer" + }, + "arn": { + "description": "The Amazon Resource Name (ARN) assigned to the entity.\n", + "type": "string" + }, + "collections": { + "description": "Collections are the matched result collections.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "containerGroup": { + "description": "ContainerGroup is the azure aci container group the container belongs to.\n", + "type": "string" + }, + "createdAt": { + "description": "CreatedAt is the time when the entity was created.\n", + "format": "date-time", + "type": "string" + }, + "defended": { + "description": "Defended indicates if the entity is defended.\n", + "type": "boolean" + }, + "endpoints": { + "description": "Endpoints are the cluster endpoints.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "image": { + "description": "Image is the image of an aci container.\n", + "type": "string" + }, + "lastModified": { + "description": "LastModified is the modification time of the function.\n", + "format": "date-time", + "type": "string" + }, + "name": { + "description": "Name is the name of the entity.\n", + "type": "string" + }, + "nodesCount": { + "description": "NodesCount is the number of nodes in the cluster (aks, gke).\n", + "type": "integer" + }, + "provider": { + "$ref": "#/components/schemas/common.CloudProvider" + }, + "region": { + "description": "Region is the region that was scanned, for example: GCP - \"us-east-1\", Azure - \"westus\".\n", + "type": "string" + }, + "registry": { + "description": "Registry is the Azure registry that was scanned, for example: testcloudscanregistry.azurecr.io.\n", + "type": "string" + }, + "resourceGroup": { + "description": "ResourceGroup is the the azure resource group containing the entity.\n", + "type": "string" + }, + "runningTasksCount": { + "description": "RunningTasksCount is the number of running tasks in ecs cluster.\n", + "format": "int64", + "type": "integer" + }, + "runtime": { + "description": "Runtime is runtime environment for the function, i.e. nodejs.\n", + "type": "string" + }, + "serviceType": { + "$ref": "#/components/schemas/shared.ScanResultType" + }, + "status": { + "description": "Status is the current status of entity.\n", + "type": "string" + }, + "timestamp": { + "description": "Timestamp is the time in which the instance info was fetched.\n", + "format": "date-time", + "type": "string" + }, + "version": { + "description": "Version is the version of the entity.\n", + "type": "string" + }, + "zone": { + "description": "Zone is the GCP zone that was scanned.\n", + "type": "string" + } + }, + "type": "object" + }, + "shared.CloudDiscoveryRadar": { + "description": "CloudDiscoveryRadar represents a cloud radar", + "properties": { + "accounts": { + "description": "Accounts is the number of accounts.\n", + "type": "integer" + }, + "agentlessDisabledAccounts": { + "description": "AgentlessDisabledAccounts is the number of accounts with agentless is disable.\n", + "type": "integer" + }, + "appEmbedded": { + "description": "AppEmbedded indicates whether the region includes app Embedded.\n", + "type": "boolean" + }, + "clusters": { + "description": "Clusters indicates whether the region includes clusters.\n", + "type": "boolean" + }, + "defended": { + "description": "Defended is the number of defended entities.\n", + "type": "integer" + }, + "errCount": { + "description": "ErrCount is the number of errors.\n", + "type": "integer" + }, + "functions": { + "description": "Functions indicates whether the region includes functions.\n", + "type": "boolean" + }, + "nodes": { + "description": "NodesCount is the number of nodes.\n", + "type": "integer" + }, + "provider": { + "$ref": "#/components/schemas/common.CloudProvider" + }, + "region": { + "description": "Region is the region that was scanned, for example: GCP - \"us-east-1\", Azure - \"westus\".\n", + "type": "string" + }, + "registries": { + "description": "Registries indicates whether the region includes registries.\n", + "type": "boolean" + }, + "total": { + "description": "Total is total number of entities found in cloud scan.\n", + "type": "integer" + }, + "vms": { + "description": "VMs indicates whether the region includes VMs.\n", + "type": "boolean" + } + }, + "type": "object" + }, + "shared.CloudDiscoveryResult": { + "description": "CloudDiscoveryResult represents a cloud scan result for a specific cloud provider, service and region", + "properties": { + "accountID": { + "description": "AccountID is the cloud account ID.\n", + "type": "string" + }, + "accountName": { + "description": "AccountName is the cloud account name.\n", + "type": "string" + }, + "agentless": { + "description": "Agentless indicates whether the account is scan by agentless.\n", + "type": "boolean" + }, + "collections": { + "description": "Collections are the matched result collections.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "credentialId": { + "description": "CredentialID is the id reference of the credential used.\n", + "type": "string" + }, + "defended": { + "description": "Defended is the number of defended entities (registries, functions, clusters).\n", + "type": "integer" + }, + "defenseCoverage": { + "description": "DefenseCoverage is the defense coverage percentage (0-100).\n", + "type": "integer" + }, + "err": { + "description": "Err holds any error found during a scan.\n", + "type": "string" + }, + "nodes": { + "description": "Nodes is the number of nodes.\n", + "type": "integer" + }, + "project": { + "description": "Project is the GCP project that was scanned.\n", + "type": "string" + }, + "provider": { + "$ref": "#/components/schemas/common.CloudProvider" + }, + "region": { + "description": "Region is the region that was scanned, for example: GCP - \"us-east-1\", Azure - \"westus\".\n", + "type": "string" + }, + "registry": { + "description": "Registry is the registry that was scanned, for example: testcloudscanregistry.azurecr.io.\n", + "type": "string" + }, + "registryTags": { + "additionalProperties": { + "$ref": "#/components/schemas/string" + }, + "description": "RegistryTags are the registry tags.\n", + "type": "object" + }, + "serviceType": { + "$ref": "#/components/schemas/shared.ScanResultType" + }, + "total": { + "description": "Total is total number of entities found in cloud scan.\n", + "type": "integer" + }, + "undefended": { + "description": "Undefended is the number of undefended entities (registries, functions, clusters).\n", + "type": "integer" + }, + "zone": { + "description": "Zone is the zone that was scanned, only relevant to GCP.\n", + "type": "string" + } + }, + "type": "object" + }, + "shared.CloudScanRule": { + "description": "CloudScanRule is a rule for discovery/compliance/serverless radar scanning", + "properties": { + "agentlessAccountState": { + "$ref": "#/components/schemas/shared.AgentlessAccountState" + }, + "agentlessScanSpec": { + "$ref": "#/components/schemas/shared.AgentlessScanSpecification" + }, + "awsRegionType": { + "$ref": "#/components/schemas/shared.RegionType" + }, + "complianceCheckIDs": { + "description": "ComplianceCheckIDs are the compliance checks IDs.\n", + "items": { + "$ref": "#/components/schemas/int" + }, + "type": "array" + }, + "credential": { + "$ref": "#/components/schemas/cred.Credential" + }, + "credentialId": { + "description": "CredentialID is the id reference of the credential.\n", + "type": "string" + }, + "deleted": { + "description": "Deleted reports whether the account is deleted.\n", + "type": "boolean" + }, + "discoverAllFunctionVersions": { + "description": "DiscoverAllFunctionVersions indicates whether serverless discovery and radar scans should scan all function versions or only latest.\n", + "type": "boolean" + }, + "discoveryEnabled": { + "description": "DiscoveryEnabled indicates whether discovery scan is enabled.\n", + "type": "boolean" + }, + "modified": { + "description": "Modified holds the last modified time (in Compute).\n", + "format": "int64", + "type": "integer" + }, + "organizationName": { + "description": "OrganizationName is the organization the account belongs to (if any).\n", + "type": "string" + }, + "prismaLastModified": { + "description": "PrismaLastModified reports the last time the account was modified by Prisma (unix milliseconds).\n", + "format": "int64", + "type": "integer" + }, + "serverlessRadarCap": { + "description": "ServerlessRadarCap is the maximum number of functions to scan in serverless radar.\n", + "type": "integer" + }, + "serverlessRadarEnabled": { + "description": "ServerlessRadarEnabled indicates whether serverless radar scan is enabled.\n", + "type": "boolean" + }, + "serverlessScanSpec": { + "$ref": "#/components/schemas/shared.ServerlessScanSpecification" + }, + "vmTagsEnabled": { + "description": "VMTagsEnabled indicates whether fetching VM instance tags is enabled.\n", + "type": "boolean" + } + }, + "type": "object" + }, + "shared.CodeRepoProviderType": { + "description": "CodeRepoProviderType is the type of provider for the code repository, e.g., GitHub, GitLab etc", + "enum": [ + [ + "github", + "CI" + ] + ], + "type": "string" + }, + "shared.CompressedLayerTimes": { + "description": "CompressedLayerTimes represent the compressed layer times of the image apps and pkgs", + "properties": { + "appTimes": { + "description": ".\n", + "items": { + "$ref": "#/components/schemas/int64" + }, + "type": "array" + }, + "pkgsTimes": { + "description": ".\n", + "items": { + "$ref": "#/components/schemas/shared.PkgsTimes" + }, + "type": "array" + } + }, + "type": "object" + }, + "shared.Conditions": { + "description": "Conditions contains rule conditions. Conditions apply only for their respective policy type", + "properties": { + "device": { + "description": "Allowed volume host device (wildcard). If a \"container create\" command specifies a non matching host device, th action is blocked. Only applies to rules in certain policy types.\n", + "type": "string" + }, + "readonly": { + "description": "Indicates if the condition applies only to read-only commands (i.e., HTTP GET requests) (true) or not (false).\n", + "type": "boolean" + }, + "vulnerabilities": { + "description": "Block and scan severity-based vulnerabilities conditions.\n", + "items": { + "$ref": "#/components/schemas/vuln.Condition" + }, + "type": "array" + } + }, + "type": "object" + }, + "shared.Connection": { + "description": "Connection is a radar internet connection", + "properties": { + "port": { + "description": ".\n", + "type": "integer" + }, + "protocol": { + "description": ".\n", + "type": "string" + } + }, + "type": "object" + }, + "shared.ContainerHistoryEvent": { + "description": "ContainerHistoryEvent is a container process event created by interactive user", + "properties": { + "_id": { + "description": "ID is the history event entity.\n", + "type": "string" + }, + "command": { + "description": "Command is the process that was executed.\n", + "type": "string" + }, + "hostname": { + "description": "Hostname is the hostname on which the command was invoked.\n", + "type": "string" + }, + "time": { + "description": "Time is the time of the event.\n", + "format": "date-time", + "type": "string" + } + }, + "type": "object" + }, + "shared.ContainerInfo": { + "description": "ContainerInfo contains all information gathered on a specific container", + "properties": { + "allCompliance": { + "$ref": "#/components/schemas/vuln.AllCompliance" + }, + "app": { + "description": "App is the app that is hosted in the container.\n", + "type": "string" + }, + "cloudMetadata": { + "$ref": "#/components/schemas/common.CloudMetadata" + }, + "cluster": { + "description": "Cluster is the provided cluster name.\n", + "type": "string" + }, + "clusterType": { + "$ref": "#/components/schemas/common.ClusterType" + }, + "complianceDistribution": { + "$ref": "#/components/schemas/vuln.Distribution" + }, + "complianceIssues": { + "description": "ComplianceIssues are all the container compliance issues.\n", + "items": { + "$ref": "#/components/schemas/vuln.Vulnerability" + }, + "type": "array" + }, + "complianceIssuesCount": { + "description": ".\n", + "type": "integer" + }, + "complianceRiskScore": { + "description": "ComplianceRiskScore is the container's compliance risk score.\n", + "format": "float", + "type": "number" + }, + "externalLabels": { + "description": "ExternalLabels is the external labels e.g., kubernetes namespace labels.\n", + "items": { + "$ref": "#/components/schemas/common.ExternalLabel" + }, + "type": "array" + }, + "id": { + "description": "ID is the container id.\n", + "type": "string" + }, + "image": { + "description": "Image is the canonical image name.\n", + "type": "string" + }, + "imageID": { + "description": "ImageID is the image id.\n", + "type": "string" + }, + "imageName": { + "description": "The image name as stated in the docker run command.\n", + "type": "string" + }, + "infra": { + "description": "Infra represents any container that belongs to the infrastructure.\n", + "type": "boolean" + }, + "installedProducts": { + "$ref": "#/components/schemas/shared.InstalledProducts" + }, + "labels": { + "description": "Labels are the container labels (https://docs.docker.com/engine/userguide/labels-custom-metadata/).\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "name": { + "description": "Name is the container name.\n", + "type": "string" + }, + "namespace": { + "description": "Namespace is the k8s deployment namespace.\n", + "type": "string" + }, + "network": { + "$ref": "#/components/schemas/shared.ContainerNetwork" + }, + "networkSettings": { + "$ref": "#/components/schemas/shared.DockerNetworkInfo" + }, + "processes": { + "description": "Processes are the processes that are running inside the container.\n", + "items": { + "$ref": "#/components/schemas/shared.ContainerProcess" + }, + "type": "array" + }, + "profileID": { + "description": "ProfileID is the container profile id.\n", + "type": "string" + }, + "sizeBytes": { + "description": ".\n", + "format": "int64", + "type": "integer" + }, + "startTime": { + "description": "StartTime is the starting time of the container.\n", + "format": "date-time", + "type": "string" + } + }, + "type": "object" + }, + "shared.ContainerNetwork": { + "description": "ContainerNetwork contains details about the container network (ports, IPs, type etc...)", + "properties": { + "ports": { + "description": "Ports are the ports details associated with the container.\n", + "items": { + "$ref": "#/components/schemas/shared.ContainerPort" + }, + "type": "array" + } + }, + "type": "object" + }, + "shared.ContainerNetworkFirewallProfileAudits": { + "description": "ContainerNetworkFirewallProfileAudits represents the container network firewall profile audits", + "properties": { + "_id": { + "description": "ProfileID is the runtime profile ID.\n", + "type": "string" + }, + "audits": { + "additionalProperties": { + "$ref": "#/components/schemas/shared.ContainerNetworkFirewallSubtypeAudits" + }, + "description": "Audits is a map from the audit sub-type to the audit events list.\n", + "type": "object" + }, + "cluster": { + "description": "Cluster is the cluster from which the audit originated.\n", + "type": "string" + }, + "collections": { + "description": "Collections are collections to which this audit applies.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "imageName": { + "description": "ImageName is the container image name.\n", + "type": "string" + }, + "label": { + "description": "Label represents the container deployment label.\n", + "type": "string" + }, + "os": { + "description": "OS is the operating system distribution.\n", + "type": "string" + }, + "resource": { + "$ref": "#/components/schemas/common.RuntimeResource" + }, + "time": { + "description": "Time is the UTC time of the last audit event.\n", + "format": "date-time", + "type": "string" + }, + "total": { + "description": "Total is the total count of audits per runtime profile.\n", + "type": "integer" + } + }, + "type": "object" + }, + "shared.ContainerNetworkFirewallSubtypeAudits": { + "description": "ContainerNetworkFirewallSubtypeAudits represents the container network firewall sub type audits per profile", + "properties": { + "audits": { + "description": "Audits are the container network firewall audits associated with the sub-type, limited to the determined capacity.\n", + "items": { + "$ref": "#/components/schemas/cnnf.ContainerAudit" + }, + "type": "array" + }, + "count": { + "description": "Count is the total count of the sub-type audits.\n", + "type": "integer" + } + }, + "type": "object" + }, + "shared.ContainerPort": { + "description": "ContainerPort represents the state of a port in a given container", + "properties": { + "container": { + "description": "Container is the mapped port inside the container.\n", + "type": "integer" + }, + "host": { + "description": "Host is the host port number.\n", + "type": "integer" + }, + "hostIP": { + "description": "HostIP is the host IP.\n", + "type": "string" + }, + "listening": { + "description": "Listening indicates whether the port is in listening mode.\n", + "type": "boolean" + }, + "nat": { + "description": "NAT indicates the port is exposed using NAT.\n", + "type": "boolean" + } + }, + "type": "object" + }, + "shared.ContainerProcess": { + "description": "ContainerProcess represents a process inside a container", + "properties": { + "name": { + "description": "Name is a process name.\n", + "type": "string" + } + }, + "type": "object" + }, + "shared.ContainerRadarIncomingConnection": { + "description": "ContainerRadarIncomingConnection is an incoming connection in the network radar", + "properties": { + "policyRules": { + "description": "PolicyRules are the policy rules that are applicable for source/dest. Used for radar display of connections deduced from policy rules.\n", + "items": { + "$ref": "#/components/schemas/cnnf.RadarPolicyRule" + }, + "type": "array" + }, + "ports": { + "description": "Ports are all the ports used by the sender.\n", + "items": { + "$ref": "#/components/schemas/common.PortData" + }, + "type": "array" + }, + "profileHash": { + "$ref": "#/components/schemas/common.ProfileHash" + }, + "profileID": { + "description": "ProfileID is the sender's profile ID.\n", + "type": "string" + } + }, + "type": "object" + }, + "shared.ContainerRuntimeProfile": { + "description": "ContainerRuntimeProfile represents the image runtime profile", + "properties": { + "_id": { + "description": "ID is the profile ID.\n", + "type": "string" + }, + "accountIDs": { + "description": "AccountIDs are the cloud account IDs associated with the container runtime profile.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "archived": { + "description": "Archive indicates whether this profile is archived.\n", + "type": "boolean" + }, + "capabilities": { + "$ref": "#/components/schemas/runtime.ContainerCapabilities" + }, + "cluster": { + "description": "Cluster is the provided cluster name.\n", + "type": "string" + }, + "collections": { + "description": "Collections are collections to which this profile applies.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "created": { + "description": "Created is the profile creation time.\n", + "format": "date-time", + "type": "string" + }, + "entrypoint": { + "description": "Entrypoint is the image entrypoint.\n", + "type": "string" + }, + "events": { + "description": "Events are the last historical interactive process events for this profile, they are updated in a designated flow.\n", + "items": { + "$ref": "#/components/schemas/shared.ContainerHistoryEvent" + }, + "type": "array" + }, + "filesystem": { + "$ref": "#/components/schemas/runtime.ProfileFilesystem" + }, + "hash": { + "$ref": "#/components/schemas/common.ProfileHash" + }, + "hostNetwork": { + "description": "HostNetwork whether the instance share the network namespace with the host.\n", + "type": "boolean" + }, + "hostPid": { + "description": "HostPid indicates whether the instance share the pid namespace with the host.\n", + "type": "boolean" + }, + "image": { + "description": "Image is the image name that represents the image.\n", + "type": "string" + }, + "imageID": { + "description": "ImageID is the profile's image ID.\n", + "type": "string" + }, + "infra": { + "description": "InfraContainer indicates this is an infrastructure container.\n", + "type": "boolean" + }, + "istio": { + "description": "Istio states whether it is an istio-monitored profile.\n", + "type": "boolean" + }, + "k8s": { + "$ref": "#/components/schemas/shared.ProfileKubernetesData" + }, + "label": { + "description": "Label is the profile's label.\n", + "type": "string" + }, + "lastUpdate": { + "description": "Modified is the last time when this profile was modified.\n", + "format": "date-time", + "type": "string" + }, + "learnedStartup": { + "description": "LearnedStartup indicates that startup events were learned.\n", + "type": "boolean" + }, + "namespace": { + "description": "Namespace is the k8s deployment namespace.\n", + "type": "string" + }, + "network": { + "$ref": "#/components/schemas/runtime.ProfileNetwork" + }, + "os": { + "description": "OS is the profile image OS.\n", + "type": "string" + }, + "processes": { + "$ref": "#/components/schemas/runtime.ProfileProcesses" + }, + "relearningCause": { + "description": "RelearningCause is a string that describes the reasoning for a profile to enter the learning mode after\nbeing activated.\n", + "type": "string" + }, + "remainingLearningDurationSec": { + "description": "RemainingLearningDurationSec represents the total time left that the system need to finish learning this image.\n", + "format": "double", + "type": "number" + }, + "state": { + "$ref": "#/components/schemas/shared.RuntimeProfileState" + } + }, + "type": "object" + }, + "shared.ContainerScanResult": { + "description": "ContainerScanResult contains the result of a scanning a container", + "properties": { + "_id": { + "description": "ID is the container ID.\n", + "type": "string" + }, + "agentless": { + "description": "Agentless indicates if the result was received by an agentless scanner.\n", + "type": "boolean" + }, + "agentlessScanID": { + "description": "AgentlessScanID is the ID of the agentless scan in which the result was received.\n", + "type": "integer" + }, + "ais": { + "description": "AIS indicates the scan was performed by AIS.\n", + "type": "boolean" + }, + "collections": { + "description": "Collections are collections to which this container applies.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "csa": { + "description": "CSA indicates the scan was performed by the CSA.\n", + "type": "boolean" + }, + "firewallProtection": { + "$ref": "#/components/schemas/waas.ProtectionStatus" + }, + "hostname": { + "description": "Hostname is the hostname on which the container is deployed.\n", + "type": "string" + }, + "info": { + "$ref": "#/components/schemas/shared.ContainerInfo" + }, + "runtimeEnabled": { + "description": "RuntimeEnabled indicates if any runtime rule applies to the container.\n", + "type": "boolean" + }, + "scanTime": { + "description": "ScanTime is the container scan time.\n", + "format": "date-time", + "type": "string" + } + }, + "type": "object" + }, + "shared.Coordinates": { + "description": "Coordinates represents a region coordinates type", + "properties": { + "latitude": { + "description": "Latitude coordinate.\n", + "format": "float", + "type": "number" + }, + "longitude": { + "description": "Longitude coordinate.\n", + "format": "float", + "type": "number" + } + }, + "type": "object" + }, + "shared.CustomComplianceCheck": { + "description": "CustomComplianceCheck represents a custom compliance check entry", + "properties": { + "_id": { + "description": "ID is the compliance check ID.\n", + "type": "integer" + }, + "disabled": { + "description": "Indicates whether the rule is currently disabled. Values: true (disabled) or false (enabled).\n", + "type": "boolean" + }, + "modified": { + "description": "Specifies the date and time when the rule was last modified.\n", + "format": "date-time", + "type": "string" + }, + "name": { + "description": "Name of the rule.\n", + "type": "string" + }, + "notes": { + "description": "Describes any noteworthy points for a rule. You can include any text.\n", + "type": "string" + }, + "owner": { + "description": "User who created or last modified the rule.\n", + "type": "string" + }, + "previousName": { + "description": "Previous name of the rule. Required for rule renaming.\n", + "type": "string" + }, + "script": { + "description": "Script is the custom check script.\n", + "type": "string" + }, + "severity": { + "description": "Severity is the custom check defined severity.\n", + "type": "string" + }, + "title": { + "description": "Title is the custom check title.\n", + "type": "string" + } + }, + "type": "object" + }, + "shared.CustomIPFeed": { + "description": "CustomIPFeed represent the custom IP feed", + "properties": { + "_id": { + "description": "ID is the custom feed id.\n", + "type": "string" + }, + "digest": { + "description": "Digest is an internal digest of the custom ip feed.\n", + "type": "string" + }, + "feed": { + "$ref": "#/components/schemas/shared.IPs" + }, + "modified": { + "description": "Modified is the last time the custom feed was modified.\n", + "format": "date-time", + "type": "string" + } + }, + "type": "object" + }, + "shared.CustomLabelsSettings": { + "description": "CustomLabelsSettings are customized label names that are used to augment audit events\nThey can either be docker labels (which appears in the container label specification)\nor k8s/openshift labels (which appears in the pause container that monitors the target container)", + "properties": { + "labels": { + "description": "Labels are the custom labels.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + "type": "object" + }, + "shared.CustomMalwareFeed": { + "description": "CustomMalwareFeed represent the custom malware", + "properties": { + "_id": { + "description": "ID is the custom feed id.\n", + "type": "string" + }, + "digest": { + "description": "Digest is an internal digest of the feed.\n", + "type": "string" + }, + "feed": { + "description": "Feed is the list of custom malware signatures.\n", + "items": { + "$ref": "#/components/schemas/shared.Malware" + }, + "type": "array" + }, + "modified": { + "description": "Modified is the last time the custom feed was modified.\n", + "format": "date-time", + "type": "string" + } + }, + "type": "object" + }, + "shared.DefenderInstallBundle": { + "description": "DefenderInstallBundle represents the install bundle for the defender", + "properties": { + "installBundle": { + "description": "InstallBundle is the base64 bundle of certificates used to communicate with the console.\n", + "type": "string" + }, + "wsAddress": { + "description": "WSAddress is the websocket address (console ) the TAS defender connects to.\n", + "type": "string" + } + }, + "type": "object" + }, + "shared.DefenderLicenseDetails": { + "description": "DefenderLicenseDetails represents a single defender license details", + "properties": { + "category": { + "$ref": "#/components/schemas/defender.Category" + }, + "count": { + "description": "Count is the amount of licensed defenders.\n", + "type": "integer" + } + }, + "type": "object" + }, + "shared.DockerNetworkInfo": { + "description": "DockerNetworkInfo contains network-related information about a container", + "properties": { + "ipAddress": { + "description": "IPAddress is the container IP.\n", + "type": "string" + }, + "macAddress": { + "description": "MacAddress is the container MAC.\n", + "type": "string" + }, + "networks": { + "description": "Networks are the networks the container is connected to.\n", + "items": { + "$ref": "#/components/schemas/shared.NetworkInfo" + }, + "type": "array" + }, + "ports": { + "description": "Ports are the container network binding that are externally mapped.\n", + "items": { + "$ref": "#/components/schemas/shared.Port" + }, + "type": "array" + } + }, + "type": "object" + }, + "shared.EncodeServerlessRuleOpts": { + "description": "EncodeServerlessRuleOpts represents the arguments to serverless rule encoding request", + "properties": { + "accountID": { + "description": "AccountID is the cloud account ID.\n", + "type": "string" + }, + "consoleAddr": { + "description": "ConsoleAddr is the remote console address.\n", + "type": "string" + }, + "function": { + "description": "Function is the name of the function.\n", + "type": "string" + }, + "provider": { + "$ref": "#/components/schemas/common.CloudProvider" + }, + "proxy": { + "$ref": "#/components/schemas/common.ProxySettings" + }, + "region": { + "description": "Region is the function's cloud provider region.\n", + "type": "string" + }, + "updateIntervalMs": { + "description": "UpdateIntervalMs is the interval between defender policy requests from the console in milliseconds.\n", + "type": "integer" + } + }, + "type": "object" + }, + "shared.EncodedServerlessRule": { + "description": "EncodedServerlessRule represents a base64-encoded serverless rule", + "properties": { + "data": { + "description": "Data is a base64-encoded serverless runtime rule.\n", + "type": "string" + } + }, + "type": "object" + }, + "shared.EntityType": { + "description": "EntityType represents the type of the resource identifier", + "enum": [ + [ + "", + "docker", + "kubernetes", + "tas", + "istio", + "internet", + "podman" + ] + ], + "type": "string" + }, + "shared.FileDetails": { + "description": "FileDetails contains file details as the file path, hash checksum", + "properties": { + "md5": { + "description": "Hash sum of the file using md5.\n", + "type": "string" + }, + "original_file_location": { + "description": "Path of the original file in a case of archive analysis.\n", + "type": "string" + }, + "path": { + "description": "Path of the file.\n", + "type": "string" + }, + "sha1": { + "description": "Hash sum of the file using SHA-1.\n", + "type": "string" + }, + "sha256": { + "description": "Hash sum of the file using SHA256.\n", + "type": "string" + } + }, + "type": "object" + }, + "shared.FileIntegrityEvent": { + "description": "FileIntegrityEvent represents a single file integrity event detected according to the file integrity monitoring rules", + "properties": { + "_id": { + "description": "ID is activity's unique identifier.\n", + "type": "string" + }, + "accountID": { + "description": "AccountID is the cloud account ID.\n", + "type": "string" + }, + "cluster": { + "description": "Cluster is the cluster on which the event was found.\n", + "type": "string" + }, + "collections": { + "description": "Collections are collections to which this event applies.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "description": { + "description": "Description is a human readable description of the action performed on the path.\n", + "type": "string" + }, + "eventType": { + "$ref": "#/components/schemas/shared.FileIntegrityEventType" + }, + "fileType": { + "$ref": "#/components/schemas/runtime.FSFileType" + }, + "fqdn": { + "description": "FQDN is the current fully qualified domain name used in audit alerts.\n", + "type": "string" + }, + "hostname": { + "description": "Hostname is the hostname on which the event was found.\n", + "type": "string" + }, + "metadata": { + "$ref": "#/components/schemas/shared.FileMetadata" + }, + "path": { + "description": "Path is the absolute path of the event.\n", + "type": "string" + }, + "processName": { + "description": "ProcessName is the name of the process initiated the event.\n", + "type": "string" + }, + "ruleName": { + "description": "RuleName is the name of the applied rule for auditing file integrity rules.\n", + "type": "string" + }, + "time": { + "description": "Time is the time of the event.\n", + "format": "date-time", + "type": "string" + }, + "user": { + "description": "User is the user initiated the event.\n", + "type": "string" + } + }, + "type": "object" + }, + "shared.FileIntegrityEventType": { + "description": "FileIntegrityEventType represents the type of the file integrity event", + "enum": [ + [ + "metadata", + "read", + "write" + ] + ], + "type": "string" + }, + "shared.FileMetadata": { + "description": "FileMetadata represents the metadata of a single file/directory", + "properties": { + "gid": { + "description": "GID is the ID of the group that owns the file/directory.\n", + "type": "integer" + }, + "permissions": { + "description": "Permissions are the file/directory permission bits.\n", + "type": "integer" + }, + "uid": { + "description": "UID is the ID of the user that owns the file/directory.\n", + "type": "integer" + } + }, + "type": "object" + }, + "shared.ForensicSettings": { + "description": "ForensicSettings are settings for the forensic data collection", + "properties": { + "appEmbeddedDiskUsageMb": { + "description": "AppEmbeddedDiskUsageMb is the maximum amount of disk space used to\nstore the app embedded historical forensic events.\n", + "type": "integer" + }, + "collectNetworkFirewall": { + "description": "CollectNetworkFirewall indicates whether network firewall collection is enabled.\n", + "type": "boolean" + }, + "collectNetworkSnapshot": { + "description": "CollectNetworkSnapshot indicates whether network snapshot collection is enabled.\n", + "type": "boolean" + }, + "containerDiskUsageMb": { + "description": "ContainerDiskUsageMb is the maximum amount of disk space used to\nstore the container historical forensic events.\n", + "type": "integer" + }, + "enabled": { + "description": "Enabled indicates whether host and container forensic data collection is enabled.\n", + "type": "boolean" + }, + "hostDiskUsageMb": { + "description": "HostDiskUsageMb is the maximum amount of disk space used to store\nthe host historical forensic events.\n", + "type": "integer" + }, + "incidentSnapshotsCap": { + "description": "IncidentSnapshotCap is the maximum amount of incident snapshots we store.\n", + "type": "integer" + } + }, + "type": "object" + }, + "shared.GitlabRegistrySpec": { + "description": "GitlabRegistrySpec represents a specification for registry scanning in GitLab", + "properties": { + "apiDomainName": { + "description": ".\n", + "type": "string" + }, + "excludedGroupIDs": { + "description": ".\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "groupIDs": { + "description": ".\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "projectIDs": { + "description": ".\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "userID": { + "description": ".\n", + "type": "string" + } + }, + "type": "object" + }, + "shared.GraceDaysPolicy": { + "description": "GraceDaysPolicy indicates the grace days policy by severity", + "properties": { + "critical": { + "description": ".\n", + "type": "integer" + }, + "enabled": { + "description": "Enabled is an indication whether the the grace days by severity is enabled.\n", + "type": "boolean" + }, + "high": { + "description": ".\n", + "type": "integer" + }, + "low": { + "description": ".\n", + "type": "integer" + }, + "medium": { + "description": ".\n", + "type": "integer" + } + }, + "type": "object" + }, + "shared.HostActivity": { + "description": "HostActivity holds information for a user activity", + "properties": { + "_id": { + "description": "ID is activity's unique identifier.\n", + "type": "string" + }, + "accountID": { + "description": "AccountID is the cloud account ID.\n", + "type": "string" + }, + "affectedServices": { + "description": "AffectedServices is the affected systemd service.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "cluster": { + "description": "Cluster is the cluster from which the audit originated.\n", + "type": "string" + }, + "collections": { + "description": "Collections are collections to which this host activity applies.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "command": { + "description": "Command is the original (with arguments) command the user invoked.\n", + "type": "string" + }, + "hostname": { + "description": "Hostname the activity originated from.\n", + "type": "string" + }, + "interactive": { + "description": "Interactive indicates that the target process was spawned in an interactive session.\n", + "type": "boolean" + }, + "modifiedFiles": { + "description": "ModifiedFiles is the related modified files.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "msg": { + "description": "Message contains additional non-structured information about the activity, e.g. throttling message.\n", + "type": "string" + }, + "ruleName": { + "description": "RuleName is the name of the rule applied to the host activity.\n", + "type": "string" + }, + "service": { + "description": "Service is the owning systemd service.\n", + "type": "string" + }, + "time": { + "description": "Time is time of the activity.\n", + "format": "date-time", + "type": "string" + }, + "type": { + "$ref": "#/components/schemas/shared.ActivityType" + }, + "user": { + "description": "Username of the user that triggered the activity.\n", + "type": "string" + } + }, + "type": "object" + }, + "shared.HostAutoDeploySpecification": { + "description": "HostAutoDeploySpecification contains the information for host defender auto-deploy", + "properties": { + "awsRegionType": { + "$ref": "#/components/schemas/shared.RegionType" + }, + "bucketRegion": { + "description": "BucketRegion is the bucket region for Cloud Storage on GCP.\n", + "type": "string" + }, + "collections": { + "description": "Collections is a list of collections the rule applies to.\n", + "items": { + "$ref": "#/components/schemas/collection.Collection" + }, + "type": "array" + }, + "consoleHostname": { + "description": "ConsoleHostname represents the hostname of the console to connect to.\n", + "type": "string" + }, + "credentialID": { + "description": "CredentialID is the service provider authentication data.\n", + "type": "string" + }, + "lastModified": { + "description": "LastModified is the last modified time of the specification.\n", + "format": "date-time", + "type": "string" + }, + "name": { + "description": "Name is the name of the spec.\n", + "type": "string" + } + }, + "type": "object" + }, + "shared.HostAutoDeploySpecifications": { + "description": "HostAutoDeploySpecifications is a list of host auto-deploy specifications", + "items": { + "$ref": "#/components/schemas/shared.HostAutoDeploySpecification" + }, + "type": "array" + }, + "shared.HostInfo": { + "description": "HostInfo is a collection of information about the host and it's runtime state", + "properties": { + "Secrets": { + "description": "Secrets are paths to embedded secrets inside the image\nNote: capital letter JSON annotation is kept to avoid converting all images for backward-compatibility support.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "_id": { + "description": "Image identifier (image ID or repo:tag).\n", + "type": "string" + }, + "agentless": { + "description": "Agentless indicates that the host was scanned with the agentless scanner.\n", + "type": "boolean" + }, + "aisUUID": { + "description": "AISUUID is the unique instance ID in the agentless instance scanning system.\n", + "type": "string" + }, + "allCompliance": { + "$ref": "#/components/schemas/vuln.AllCompliance" + }, + "appEmbedded": { + "description": "Indicates that this image was scanned by an App-Embedded Defender.\n", + "type": "boolean" + }, + "applications": { + "description": "Products in the image.\n", + "items": { + "$ref": "#/components/schemas/vuln.Application" + }, + "type": "array" + }, + "baseImage": { + "description": "Image\u2019s base image name. Used when filtering the vulnerabilities by base images.\n", + "type": "string" + }, + "binaries": { + "description": "Binaries in the image.\n", + "items": { + "$ref": "#/components/schemas/shared.Binary" + }, + "type": "array" + }, + "cloudMetadata": { + "$ref": "#/components/schemas/common.CloudMetadata" + }, + "clusterType": { + "$ref": "#/components/schemas/common.ClusterType" + }, + "clusters": { + "description": "Cluster names.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "collections": { + "description": "Collections to which this result applies.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "complianceDistribution": { + "$ref": "#/components/schemas/vuln.Distribution" + }, + "complianceIssues": { + "description": "All the compliance issues.\n", + "items": { + "$ref": "#/components/schemas/vuln.Vulnerability" + }, + "type": "array" + }, + "complianceIssuesCount": { + "description": "Number of compliance issues.\n", + "type": "integer" + }, + "complianceRiskScore": { + "description": "Compliance risk score for the image.\n", + "format": "float", + "type": "number" + }, + "compressed": { + "description": "Compressed indicates if this image seems to be compressed - currently only relevant for buildah images.\n", + "type": "boolean" + }, + "compressedLayerTimes": { + "$ref": "#/components/schemas/shared.CompressedLayerTimes" + }, + "creationTime": { + "description": "Specifies the time of creation for the latest version of the image.\n", + "format": "date-time", + "type": "string" + }, + "csa": { + "description": "CSA indicates the scan was performed by the CSA.\n", + "type": "boolean" + }, + "csaWindows": { + "description": "CSAWindows indicates the scan was performed by the Ivanti agent(CSA Windows - Cortex server).\n", + "type": "boolean" + }, + "distro": { + "description": "Full name of the distribution.\n", + "type": "string" + }, + "ecsClusterName": { + "description": "ECS cluster name.\n", + "type": "string" + }, + "err": { + "description": "Description of an error that occurred during image scan.\n", + "type": "string" + }, + "errCode": { + "$ref": "#/components/schemas/agentless.ImageScanResultErrCode" + }, + "externalLabels": { + "description": "Kubernetes external labels of all containers running this image.\n", + "items": { + "$ref": "#/components/schemas/common.ExternalLabel" + }, + "type": "array" + }, + "files": { + "description": "Files in the container.\n", + "items": { + "$ref": "#/components/schemas/shared.FileDetails" + }, + "type": "array" + }, + "firewallProtection": { + "$ref": "#/components/schemas/waas.ProtectionStatus" + }, + "firstScanTime": { + "description": "Specifies the time of the scan for the first version of the image. This time is preserved even after the version update.\n", + "format": "date-time", + "type": "string" + }, + "foundSecrets": { + "description": "FoundSecrets are secrets with metadata that were found in the secrets' scan. Requires json tag for reporting secrets from image scan.\n", + "items": { + "$ref": "#/components/schemas/vuln.Secret" + }, + "type": "array" + }, + "history": { + "description": "Docker image history.\n", + "items": { + "$ref": "#/components/schemas/shared.ImageHistory" + }, + "type": "array" + }, + "hostDevices": { + "description": "Map from host network device name to IP address.\n", + "items": { + "$ref": "#/components/schemas/common.NetworkDeviceIP" + }, + "type": "array" + }, + "hostRuntimeEnabled": { + "description": "HostRuntimeEnabled indicates if any runtime rule applies to the host.\n", + "type": "boolean" + }, + "hostname": { + "description": "Name of the host that was scanned.\n", + "type": "string" + }, + "hosts": { + "$ref": "#/components/schemas/shared.ImageHosts" + }, + "id": { + "description": "Image ID.\n", + "type": "string" + }, + "image": { + "$ref": "#/components/schemas/shared.Image" + }, + "installedProducts": { + "$ref": "#/components/schemas/shared.InstalledProducts" + }, + "instances": { + "description": "Details about each occurrence of the image (tag + host).\n", + "items": { + "$ref": "#/components/schemas/shared.ImageInstance" + }, + "type": "array" + }, + "isARM64": { + "description": "IsARM64 indicates if the architecture of the image is aarch64.\n", + "type": "boolean" + }, + "k8sClusterAddr": { + "description": "Endpoint of the Kubernetes API server.\n", + "type": "string" + }, + "labels": { + "description": "Image labels.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "layers": { + "description": "Image's filesystem layers. Each layer is a SHA256 digest of the filesystem diff\nSee: https://windsock.io/explaining-docker-image-ids/.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "malwareAnalyzedTime": { + "description": "MalwareAnalyzedTime is the WildFire evaluator analyzing time shown as progress in UI and cannot to be overwritten by a new scan result.\n", + "format": "date-time", + "type": "string" + }, + "missingDistroVulnCoverage": { + "description": "Indicates if the image OS is covered in the IS (true) or not (false).\n", + "type": "boolean" + }, + "namespaces": { + "description": "k8s namespaces of all the containers running this image.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "osDistro": { + "description": "Name of the OS distribution.\n", + "type": "string" + }, + "osDistroRelease": { + "description": "OS distribution release.\n", + "type": "string" + }, + "osDistroVersion": { + "description": "OS distribution version.\n", + "type": "string" + }, + "packageManager": { + "description": "Indicates if the package manager is installed for the OS.\n", + "type": "boolean" + }, + "packages": { + "description": "Packages which exist in the image.\n", + "items": { + "$ref": "#/components/schemas/shared.Packages" + }, + "type": "array" + }, + "pullDuration": { + "description": "PullDuration is the time it took to pull the image.\n", + "format": "int64", + "type": "integer" + }, + "pushTime": { + "description": "PushTime is the image push time to the registry.\n", + "format": "date-time", + "type": "string" + }, + "redHatNonRPMImage": { + "description": "RedHatNonRPMImage indicates whether the image is a Red Hat image with non-RPM content.\n", + "type": "boolean" + }, + "registryNamespace": { + "description": "IBM cloud namespace to which the image belongs.\n", + "type": "string" + }, + "registryTags": { + "description": "RegistryTags are the tags of the registry this image is stored.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "registryType": { + "description": "RegistryType indicates the registry type where the image is stored.\n", + "type": "string" + }, + "repoDigests": { + "description": "Digests of the image. Used for content trust (notary). Has one digest per tag.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "repoTag": { + "$ref": "#/components/schemas/shared.ImageTag" + }, + "rhelRepos": { + "description": "RhelRepositories are the (RPM) repositories IDs from which the packages in this image were installed\nUsed for matching vulnerabilities by Red Hat CPEs.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "riskFactors": { + "$ref": "#/components/schemas/vulnerability.RiskFactors" + }, + "scanBuildDate": { + "description": "Scanner build date that published the image.\n", + "type": "string" + }, + "scanDuration": { + "description": "ScanDuration is the total time it took to scan the image.\n", + "format": "int64", + "type": "integer" + }, + "scanID": { + "description": "ScanID is the ID of the scan.\n", + "type": "integer" + }, + "scanTime": { + "description": "Specifies the time of the last scan of the image.\n", + "format": "date-time", + "type": "string" + }, + "scanVersion": { + "description": "Scanner version that published the image.\n", + "type": "string" + }, + "secretScanMetrics": { + "$ref": "#/components/schemas/secrets.SecretScanMetrics" + }, + "startupBinaries": { + "description": "Binaries which are expected to run when the container is created from this image.\n", + "items": { + "$ref": "#/components/schemas/shared.Binary" + }, + "type": "array" + }, + "stopped": { + "description": "Stopped indicates whether the host was running during the agentless scan.\n", + "type": "boolean" + }, + "tags": { + "description": "Tags associated with the given image.\n", + "items": { + "$ref": "#/components/schemas/shared.ImageTag" + }, + "type": "array" + }, + "topLayer": { + "description": "SHA256 of the image's last layer that is the last element of the Layers field.\n", + "type": "string" + }, + "trustResult": { + "$ref": "#/components/schemas/trust.ImageResult" + }, + "trustStatus": { + "$ref": "#/components/schemas/trust.Status" + }, + "twistlockImage": { + "description": "Indicates if the image is a Twistlock image (true) or not (false).\n", + "type": "boolean" + }, + "type": { + "$ref": "#/components/schemas/shared.ScanType" + }, + "underlyingDistro": { + "description": "UnderlyingDistro is used in cases OS an OS is built on top of another, and we need to know both.\n", + "type": "string" + }, + "underlyingDistroRelease": { + "description": "UnderlyingDistroRelease is used in cases OS an OS is built on top of another, and we need to know both.\n", + "type": "string" + }, + "vulnerabilities": { + "description": "CVE vulnerabilities of the image.\n", + "items": { + "$ref": "#/components/schemas/vuln.Vulnerability" + }, + "type": "array" + }, + "vulnerabilitiesCount": { + "description": "Total number of vulnerabilities.\n", + "type": "integer" + }, + "vulnerabilityDistribution": { + "$ref": "#/components/schemas/vuln.Distribution" + }, + "vulnerabilityRiskScore": { + "description": "Image's CVE risk score.\n", + "format": "float", + "type": "number" + }, + "wildFireUsage": { + "$ref": "#/components/schemas/wildfire.Usage" + } + }, + "type": "object" + }, + "shared.HostNetworkFirewallProfileAudits": { + "description": "HostNetworkFirewallProfileAudits represents the host network firewall profile audits", + "properties": { + "_id": { + "description": "ProfileID is the runtime profile ID.\n", + "type": "string" + }, + "audits": { + "additionalProperties": { + "$ref": "#/components/schemas/shared.HostNetworkFirewallSubtypeAudits" + }, + "description": "Audits is a map from the audit sub-type to the audit events list.\n", + "type": "object" + }, + "cluster": { + "description": "Cluster is the cluster from which the audit originated.\n", + "type": "string" + }, + "collections": { + "description": "Collections are collections to which this audit applies.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "imageName": { + "description": "ImageName is the container image name.\n", + "type": "string" + }, + "label": { + "description": "Label represents the container deployment label.\n", + "type": "string" + }, + "os": { + "description": "OS is the operating system distribution.\n", + "type": "string" + }, + "resource": { + "$ref": "#/components/schemas/common.RuntimeResource" + }, + "time": { + "description": "Time is the UTC time of the last audit event.\n", + "format": "date-time", + "type": "string" + }, + "total": { + "description": "Total is the total count of audits per runtime profile.\n", + "type": "integer" + } + }, + "type": "object" + }, + "shared.HostNetworkFirewallSubtypeAudits": { + "description": "HostNetworkFirewallSubtypeAudits represents the host network firewall sub type audits per profile", + "properties": { + "audits": { + "description": "Audits are the host network firewall audits associated with the sub-type, limited to the determined capacity.\n", + "items": { + "$ref": "#/components/schemas/cnnf.HostAudit" + }, + "type": "array" + }, + "count": { + "description": "Count is the total count of the sub-type audits.\n", + "type": "integer" + } + }, + "type": "object" + }, + "shared.HostRadarIncomingConnection": { + "description": "HostRadarIncomingConnection is the incoming connection between two apps in two hosts", + "properties": { + "dstHost": { + "description": "DstHost is the src hostname.\n", + "type": "string" + }, + "policyRules": { + "description": "PolicyRules are the policy rules that are applicable for source/dest. Used for radar display of connections deduced from policy rules.\n", + "items": { + "$ref": "#/components/schemas/cnnf.RadarPolicyRule" + }, + "type": "array" + }, + "ports": { + "description": "Ports are the destination ports.\n", + "items": { + "$ref": "#/components/schemas/common.PortData" + }, + "type": "array" + }, + "srcHash": { + "$ref": "#/components/schemas/common.ProfileHash" + }, + "srcHost": { + "description": "SrcHost is the src hostname.\n", + "type": "string" + } + }, + "type": "object" + }, + "shared.IPs": { + "description": "IPs represents a list of IPs", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "shared.Image": { + "description": "Image represents a container image", + "properties": { + "created": { + "description": "Date/time when the image was created.\n", + "format": "date-time", + "type": "string" + }, + "entrypoint": { + "description": "Combined entrypoint of the image (entrypoint + CMD).\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "env": { + "description": "Image environment variables.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "healthcheck": { + "description": "Indicates if health checks are enabled (true) or not (false).\n", + "type": "boolean" + }, + "history": { + "description": "Holds the image history.\n", + "items": { + "$ref": "#/components/schemas/shared.ImageHistory" + }, + "type": "array" + }, + "id": { + "description": "ID of the image.\n", + "type": "string" + }, + "labels": { + "additionalProperties": { + "$ref": "#/components/schemas/string" + }, + "description": "Image labels.\n", + "type": "object" + }, + "layers": { + "description": "Image filesystem layers.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "os": { + "description": "Image os type.\n", + "type": "string" + }, + "repoDigest": { + "description": "Image repo digests.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "repoTags": { + "description": "Image repo tags.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "user": { + "description": "Image user.\n", + "type": "string" + }, + "workingDir": { + "description": "Base working directory of the image.\n", + "type": "string" + } + }, + "type": "object" + }, + "shared.ImageHistory": { + "description": "ImageHistory represent a layer in the image's history", + "properties": { + "baseLayer": { + "description": "Indicates if this layer originated from the base image (true) or not (false).\n", + "type": "boolean" + }, + "created": { + "description": "Date/time when the image layer was created.\n", + "format": "int64", + "type": "integer" + }, + "emptyLayer": { + "description": "Indicates if this instruction didn't create a separate layer (true) or not (false).\n", + "type": "boolean" + }, + "id": { + "description": "ID of the layer.\n", + "type": "string" + }, + "instruction": { + "description": "Docker file instruction and arguments used to create this layer.\n", + "type": "string" + }, + "sizeBytes": { + "description": "Size of the layer (in bytes).\n", + "format": "int64", + "type": "integer" + }, + "tags": { + "description": "Holds the image tags.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "vulnerabilities": { + "description": "Vulnerabilities which originated from this layer.\n", + "items": { + "$ref": "#/components/schemas/vuln.Vulnerability" + }, + "type": "array" + } + }, + "type": "object" + }, + "shared.ImageHost": { + "description": "ImageHost holds information about image scan result per host", + "properties": { + "accountID": { + "description": "AccountID is the cloud account ID the image is associated with.\n", + "type": "string" + }, + "agentless": { + "description": "Agentless indicates if the image was scanned as part of an agentless scan.\n", + "type": "boolean" + }, + "agentlessScanID": { + "description": "AgentlessScanID is the ID of the agentless scan in which the result was received.\n", + "type": "integer" + }, + "ais": { + "description": "AIS indicates the scan was performed by AIS.\n", + "type": "boolean" + }, + "appEmbedded": { + "description": "AppEmbedded indicates if the host is an app embedded host.\n", + "type": "boolean" + }, + "cluster": { + "description": "Cluster is the cluster on which the image is deployed.\n", + "type": "string" + }, + "csa": { + "description": "CSA indicates if the image was scanned by CSA.\n", + "type": "boolean" + }, + "modified": { + "description": "Modified is the last scan time.\n", + "format": "date-time", + "type": "string" + }, + "namespaces": { + "description": "Namespaces are the namespaces on which the image is deployed.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + "type": "object" + }, + "shared.ImageHosts": { + "additionalProperties": { + "$ref": "#/components/schemas/shared.ImageHost" + }, + "description": "ImageHosts is a fast index for image scan results metadata per host", + "type": "object" + }, + "shared.ImageInfo": { + "description": "ImageInfo contains image information collected during image scan", + "properties": { + "Secrets": { + "description": "Secrets are paths to embedded secrets inside the image\nNote: capital letter JSON annotation is kept to avoid converting all images for backward-compatibility support.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "allCompliance": { + "$ref": "#/components/schemas/vuln.AllCompliance" + }, + "applications": { + "description": "Products in the image.\n", + "items": { + "$ref": "#/components/schemas/vuln.Application" + }, + "type": "array" + }, + "baseImage": { + "description": "Image\u2019s base image name. Used when filtering the vulnerabilities by base images.\n", + "type": "string" + }, + "binaries": { + "description": "Binaries in the image.\n", + "items": { + "$ref": "#/components/schemas/shared.Binary" + }, + "type": "array" + }, + "cloudMetadata": { + "$ref": "#/components/schemas/common.CloudMetadata" + }, + "clusterType": { + "$ref": "#/components/schemas/common.ClusterType" + }, + "clusters": { + "description": "Cluster names.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "complianceDistribution": { + "$ref": "#/components/schemas/vuln.Distribution" + }, + "complianceIssues": { + "description": "All the compliance issues.\n", + "items": { + "$ref": "#/components/schemas/vuln.Vulnerability" + }, + "type": "array" + }, + "complianceIssuesCount": { + "description": "Number of compliance issues.\n", + "type": "integer" + }, + "complianceRiskScore": { + "description": "Compliance risk score for the image.\n", + "format": "float", + "type": "number" + }, + "compressed": { + "description": "Compressed indicates if this image seems to be compressed - currently only relevant for buildah images.\n", + "type": "boolean" + }, + "compressedLayerTimes": { + "$ref": "#/components/schemas/shared.CompressedLayerTimes" + }, + "creationTime": { + "description": "Specifies the time of creation for the latest version of the image.\n", + "format": "date-time", + "type": "string" + }, + "distro": { + "description": "Full name of the distribution.\n", + "type": "string" + }, + "ecsClusterName": { + "description": "ECS cluster name.\n", + "type": "string" + }, + "externalLabels": { + "description": "Kubernetes external labels of all containers running this image.\n", + "items": { + "$ref": "#/components/schemas/common.ExternalLabel" + }, + "type": "array" + }, + "files": { + "description": "Files in the container.\n", + "items": { + "$ref": "#/components/schemas/shared.FileDetails" + }, + "type": "array" + }, + "firstScanTime": { + "description": "Specifies the time of the scan for the first version of the image. This time is preserved even after the version update.\n", + "format": "date-time", + "type": "string" + }, + "foundSecrets": { + "description": "FoundSecrets are secrets with metadata that were found in the secrets' scan. Requires json tag for reporting secrets from image scan.\n", + "items": { + "$ref": "#/components/schemas/vuln.Secret" + }, + "type": "array" + }, + "history": { + "description": "Docker image history.\n", + "items": { + "$ref": "#/components/schemas/shared.ImageHistory" + }, + "type": "array" + }, + "hostDevices": { + "description": "Map from host network device name to IP address.\n", + "items": { + "$ref": "#/components/schemas/common.NetworkDeviceIP" + }, + "type": "array" + }, + "id": { + "description": "Image ID.\n", + "type": "string" + }, + "image": { + "$ref": "#/components/schemas/shared.Image" + }, + "installedProducts": { + "$ref": "#/components/schemas/shared.InstalledProducts" + }, + "isARM64": { + "description": "IsARM64 indicates if the architecture of the image is aarch64.\n", + "type": "boolean" + }, + "k8sClusterAddr": { + "description": "Endpoint of the Kubernetes API server.\n", + "type": "string" + }, + "labels": { + "description": "Image labels.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "layers": { + "description": "Image's filesystem layers. Each layer is a SHA256 digest of the filesystem diff\nSee: https://windsock.io/explaining-docker-image-ids/.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "missingDistroVulnCoverage": { + "description": "Indicates if the image OS is covered in the IS (true) or not (false).\n", + "type": "boolean" + }, + "namespaces": { + "description": "k8s namespaces of all the containers running this image.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "osDistro": { + "description": "Name of the OS distribution.\n", + "type": "string" + }, + "osDistroRelease": { + "description": "OS distribution release.\n", + "type": "string" + }, + "osDistroVersion": { + "description": "OS distribution version.\n", + "type": "string" + }, + "packageManager": { + "description": "Indicates if the package manager is installed for the OS.\n", + "type": "boolean" + }, + "packages": { + "description": "Packages which exist in the image.\n", + "items": { + "$ref": "#/components/schemas/shared.Packages" + }, + "type": "array" + }, + "pushTime": { + "description": "PushTime is the image push time to the registry.\n", + "format": "date-time", + "type": "string" + }, + "redHatNonRPMImage": { + "description": "RedHatNonRPMImage indicates whether the image is a Red Hat image with non-RPM content.\n", + "type": "boolean" + }, + "registryNamespace": { + "description": "IBM cloud namespace to which the image belongs.\n", + "type": "string" + }, + "registryTags": { + "description": "RegistryTags are the tags of the registry this image is stored.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "registryType": { + "description": "RegistryType indicates the registry type where the image is stored.\n", + "type": "string" + }, + "repoDigests": { + "description": "Digests of the image. Used for content trust (notary). Has one digest per tag.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "repoTag": { + "$ref": "#/components/schemas/shared.ImageTag" + }, + "rhelRepos": { + "description": "RhelRepositories are the (RPM) repositories IDs from which the packages in this image were installed\nUsed for matching vulnerabilities by Red Hat CPEs.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "riskFactors": { + "$ref": "#/components/schemas/vulnerability.RiskFactors" + }, + "scanBuildDate": { + "description": "Scanner build date that published the image.\n", + "type": "string" + }, + "scanVersion": { + "description": "Scanner version that published the image.\n", + "type": "string" + }, + "secretScanMetrics": { + "$ref": "#/components/schemas/secrets.SecretScanMetrics" + }, + "startupBinaries": { + "description": "Binaries which are expected to run when the container is created from this image.\n", + "items": { + "$ref": "#/components/schemas/shared.Binary" + }, + "type": "array" + }, + "tags": { + "description": "Tags associated with the given image.\n", + "items": { + "$ref": "#/components/schemas/shared.ImageTag" + }, + "type": "array" + }, + "topLayer": { + "description": "SHA256 of the image's last layer that is the last element of the Layers field.\n", + "type": "string" + }, + "twistlockImage": { + "description": "Indicates if the image is a Twistlock image (true) or not (false).\n", + "type": "boolean" + }, + "underlyingDistro": { + "description": "UnderlyingDistro is used in cases OS an OS is built on top of another, and we need to know both.\n", + "type": "string" + }, + "underlyingDistroRelease": { + "description": "UnderlyingDistroRelease is used in cases OS an OS is built on top of another, and we need to know both.\n", + "type": "string" + }, + "vulnerabilities": { + "description": "CVE vulnerabilities of the image.\n", + "items": { + "$ref": "#/components/schemas/vuln.Vulnerability" + }, + "type": "array" + }, + "vulnerabilitiesCount": { + "description": "Total number of vulnerabilities.\n", + "type": "integer" + }, + "vulnerabilityDistribution": { + "$ref": "#/components/schemas/vuln.Distribution" + }, + "vulnerabilityRiskScore": { + "description": "Image's CVE risk score.\n", + "format": "float", + "type": "number" + } + }, + "type": "object" + }, + "shared.ImageInstance": { + "description": "ImageInstance represents an image on a single host", + "properties": { + "host": { + "description": ".\n", + "type": "string" + }, + "image": { + "description": ".\n", + "type": "string" + }, + "modified": { + "description": ".\n", + "format": "date-time", + "type": "string" + }, + "registry": { + "description": ".\n", + "type": "string" + }, + "repo": { + "description": ".\n", + "type": "string" + }, + "tag": { + "description": ".\n", + "type": "string" + } + }, + "type": "object" + }, + "shared.ImageScanResult": { + "description": "ImageScanResult holds the result of an image scan", + "properties": { + "Secrets": { + "description": "Secrets are paths to embedded secrets inside the image\nNote: capital letter JSON annotation is kept to avoid converting all images for backward-compatibility support.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "_id": { + "description": "Image identifier (image ID or repo:tag).\n", + "type": "string" + }, + "agentless": { + "description": "Agentless indicates that the host was scanned with the agentless scanner.\n", + "type": "boolean" + }, + "aisUUID": { + "description": "AISUUID is the unique instance ID in the agentless instance scanning system.\n", + "type": "string" + }, + "allCompliance": { + "$ref": "#/components/schemas/vuln.AllCompliance" + }, + "appEmbedded": { + "description": "Indicates that this image was scanned by an App-Embedded Defender.\n", + "type": "boolean" + }, + "applications": { + "description": "Products in the image.\n", + "items": { + "$ref": "#/components/schemas/vuln.Application" + }, + "type": "array" + }, + "baseImage": { + "description": "Image\u2019s base image name. Used when filtering the vulnerabilities by base images.\n", + "type": "string" + }, + "binaries": { + "description": "Binaries in the image.\n", + "items": { + "$ref": "#/components/schemas/shared.Binary" + }, + "type": "array" + }, + "cloudMetadata": { + "$ref": "#/components/schemas/common.CloudMetadata" + }, + "clusterType": { + "$ref": "#/components/schemas/common.ClusterType" + }, + "clusters": { + "description": "Cluster names.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "collections": { + "description": "Collections to which this result applies.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "complianceDistribution": { + "$ref": "#/components/schemas/vuln.Distribution" + }, + "complianceIssues": { + "description": "All the compliance issues.\n", + "items": { + "$ref": "#/components/schemas/vuln.Vulnerability" + }, + "type": "array" + }, + "complianceIssuesCount": { + "description": "Number of compliance issues.\n", + "type": "integer" + }, + "complianceRiskScore": { + "description": "Compliance risk score for the image.\n", + "format": "float", + "type": "number" + }, + "compressed": { + "description": "Compressed indicates if this image seems to be compressed - currently only relevant for buildah images.\n", + "type": "boolean" + }, + "compressedLayerTimes": { + "$ref": "#/components/schemas/shared.CompressedLayerTimes" + }, + "creationTime": { + "description": "Specifies the time of creation for the latest version of the image.\n", + "format": "date-time", + "type": "string" + }, + "csa": { + "description": "CSA indicates the scan was performed by the CSA.\n", + "type": "boolean" + }, + "csaWindows": { + "description": "CSAWindows indicates the scan was performed by the Ivanti agent(CSA Windows - Cortex server).\n", + "type": "boolean" + }, + "distro": { + "description": "Full name of the distribution.\n", + "type": "string" + }, + "ecsClusterName": { + "description": "ECS cluster name.\n", + "type": "string" + }, + "err": { + "description": "Description of an error that occurred during image scan.\n", + "type": "string" + }, + "errCode": { + "$ref": "#/components/schemas/agentless.ImageScanResultErrCode" + }, + "externalLabels": { + "description": "Kubernetes external labels of all containers running this image.\n", + "items": { + "$ref": "#/components/schemas/common.ExternalLabel" + }, + "type": "array" + }, + "files": { + "description": "Files in the container.\n", + "items": { + "$ref": "#/components/schemas/shared.FileDetails" + }, + "type": "array" + }, + "firewallProtection": { + "$ref": "#/components/schemas/waas.ProtectionStatus" + }, + "firstScanTime": { + "description": "Specifies the time of the scan for the first version of the image. This time is preserved even after the version update.\n", + "format": "date-time", + "type": "string" + }, + "foundSecrets": { + "description": "FoundSecrets are secrets with metadata that were found in the secrets' scan. Requires json tag for reporting secrets from image scan.\n", + "items": { + "$ref": "#/components/schemas/vuln.Secret" + }, + "type": "array" + }, + "history": { + "description": "Docker image history.\n", + "items": { + "$ref": "#/components/schemas/shared.ImageHistory" + }, + "type": "array" + }, + "hostDevices": { + "description": "Map from host network device name to IP address.\n", + "items": { + "$ref": "#/components/schemas/common.NetworkDeviceIP" + }, + "type": "array" + }, + "hostRuntimeEnabled": { + "description": "HostRuntimeEnabled indicates if any runtime rule applies to the host.\n", + "type": "boolean" + }, + "hostname": { + "description": "Name of the host that was scanned.\n", + "type": "string" + }, + "hosts": { + "$ref": "#/components/schemas/shared.ImageHosts" + }, + "id": { + "description": "Image ID.\n", + "type": "string" + }, + "image": { + "$ref": "#/components/schemas/shared.Image" + }, + "installedProducts": { + "$ref": "#/components/schemas/shared.InstalledProducts" + }, + "instances": { + "description": "Details about each occurrence of the image (tag + host).\n", + "items": { + "$ref": "#/components/schemas/shared.ImageInstance" + }, + "type": "array" + }, + "isARM64": { + "description": "IsARM64 indicates if the architecture of the image is aarch64.\n", + "type": "boolean" + }, + "k8sClusterAddr": { + "description": "Endpoint of the Kubernetes API server.\n", + "type": "string" + }, + "labels": { + "description": "Image labels.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "layers": { + "description": "Image's filesystem layers. Each layer is a SHA256 digest of the filesystem diff\nSee: https://windsock.io/explaining-docker-image-ids/.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "malwareAnalyzedTime": { + "description": "MalwareAnalyzedTime is the WildFire evaluator analyzing time shown as progress in UI and cannot to be overwritten by a new scan result.\n", + "format": "date-time", + "type": "string" + }, + "missingDistroVulnCoverage": { + "description": "Indicates if the image OS is covered in the IS (true) or not (false).\n", + "type": "boolean" + }, + "namespaces": { + "description": "k8s namespaces of all the containers running this image.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "osDistro": { + "description": "Name of the OS distribution.\n", + "type": "string" + }, + "osDistroRelease": { + "description": "OS distribution release.\n", + "type": "string" + }, + "osDistroVersion": { + "description": "OS distribution version.\n", + "type": "string" + }, + "packageManager": { + "description": "Indicates if the package manager is installed for the OS.\n", + "type": "boolean" + }, + "packages": { + "description": "Packages which exist in the image.\n", + "items": { + "$ref": "#/components/schemas/shared.Packages" + }, + "type": "array" + }, + "pullDuration": { + "description": "PullDuration is the time it took to pull the image.\n", + "format": "int64", + "type": "integer" + }, + "pushTime": { + "description": "PushTime is the image push time to the registry.\n", + "format": "date-time", + "type": "string" + }, + "redHatNonRPMImage": { + "description": "RedHatNonRPMImage indicates whether the image is a Red Hat image with non-RPM content.\n", + "type": "boolean" + }, + "registryNamespace": { + "description": "IBM cloud namespace to which the image belongs.\n", + "type": "string" + }, + "registryTags": { + "description": "RegistryTags are the tags of the registry this image is stored.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "registryType": { + "description": "RegistryType indicates the registry type where the image is stored.\n", + "type": "string" + }, + "repoDigests": { + "description": "Digests of the image. Used for content trust (notary). Has one digest per tag.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "repoTag": { + "$ref": "#/components/schemas/shared.ImageTag" + }, + "rhelRepos": { + "description": "RhelRepositories are the (RPM) repositories IDs from which the packages in this image were installed\nUsed for matching vulnerabilities by Red Hat CPEs.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "riskFactors": { + "$ref": "#/components/schemas/vulnerability.RiskFactors" + }, + "scanBuildDate": { + "description": "Scanner build date that published the image.\n", + "type": "string" + }, + "scanDuration": { + "description": "ScanDuration is the total time it took to scan the image.\n", + "format": "int64", + "type": "integer" + }, + "scanID": { + "description": "ScanID is the ID of the scan.\n", + "type": "integer" + }, + "scanTime": { + "description": "Specifies the time of the last scan of the image.\n", + "format": "date-time", + "type": "string" + }, + "scanVersion": { + "description": "Scanner version that published the image.\n", + "type": "string" + }, + "secretScanMetrics": { + "$ref": "#/components/schemas/secrets.SecretScanMetrics" + }, + "startupBinaries": { + "description": "Binaries which are expected to run when the container is created from this image.\n", + "items": { + "$ref": "#/components/schemas/shared.Binary" + }, + "type": "array" + }, + "stopped": { + "description": "Stopped indicates whether the host was running during the agentless scan.\n", + "type": "boolean" + }, + "tags": { + "description": "Tags associated with the given image.\n", + "items": { + "$ref": "#/components/schemas/shared.ImageTag" + }, + "type": "array" + }, + "topLayer": { + "description": "SHA256 of the image's last layer that is the last element of the Layers field.\n", + "type": "string" + }, + "trustResult": { + "$ref": "#/components/schemas/trust.ImageResult" + }, + "trustStatus": { + "$ref": "#/components/schemas/trust.Status" + }, + "twistlockImage": { + "description": "Indicates if the image is a Twistlock image (true) or not (false).\n", + "type": "boolean" + }, + "type": { + "$ref": "#/components/schemas/shared.ScanType" + }, + "underlyingDistro": { + "description": "UnderlyingDistro is used in cases OS an OS is built on top of another, and we need to know both.\n", + "type": "string" + }, + "underlyingDistroRelease": { + "description": "UnderlyingDistroRelease is used in cases OS an OS is built on top of another, and we need to know both.\n", + "type": "string" + }, + "vulnerabilities": { + "description": "CVE vulnerabilities of the image.\n", + "items": { + "$ref": "#/components/schemas/vuln.Vulnerability" + }, + "type": "array" + }, + "vulnerabilitiesCount": { + "description": "Total number of vulnerabilities.\n", + "type": "integer" + }, + "vulnerabilityDistribution": { + "$ref": "#/components/schemas/vuln.Distribution" + }, + "vulnerabilityRiskScore": { + "description": "Image's CVE risk score.\n", + "format": "float", + "type": "number" + }, + "wildFireUsage": { + "$ref": "#/components/schemas/wildfire.Usage" + } + }, + "type": "object" + }, + "shared.ImageTag": { + "description": "ImageTag represents an image repository and its associated tag or registry digest", + "properties": { + "digest": { + "description": "Image digest (requires V2 or later registry).\n", + "type": "string" + }, + "id": { + "description": "ID of the image.\n", + "type": "string" + }, + "registry": { + "description": "Registry name to which the image belongs.\n", + "type": "string" + }, + "repo": { + "description": "Repository name to which the image belongs.\n", + "type": "string" + }, + "tag": { + "description": "Image tag.\n", + "type": "string" + } + }, + "type": "object" + }, + "shared.Incident": { + "description": "Incident represents an incident", + "properties": { + "_id": { + "description": "Internal ID of the incident.\n", + "type": "string" + }, + "accountID": { + "description": "Cloud account ID.\n", + "type": "string" + }, + "acknowledged": { + "description": "Indicates if the incident has been acknowledged (true) or not (false).\n", + "type": "boolean" + }, + "app": { + "description": "Application that caused the incident.\n", + "type": "string" + }, + "appID": { + "description": "Application ID.\n", + "type": "string" + }, + "audits": { + "description": "All runtime audits of the incident.\n", + "items": { + "$ref": "#/components/schemas/shared.RuntimeAudit" + }, + "type": "array" + }, + "category": { + "$ref": "#/components/schemas/shared.IncidentCategory" + }, + "cluster": { + "description": "Cluster on which the incident was found.\n", + "type": "string" + }, + "collections": { + "description": "Collections to which this incident applies.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "containerID": { + "description": "ID of the container that triggered the incident.\n", + "type": "string" + }, + "containerName": { + "description": "Unique container name.\n", + "type": "string" + }, + "customRuleName": { + "description": "Name of the custom runtime rule that triggered the incident.\n", + "type": "string" + }, + "fqdn": { + "description": "Current hostname's full domain name.\n", + "type": "string" + }, + "function": { + "description": "Name of the serverless function.\n", + "type": "string" + }, + "functionID": { + "description": "ID of the function that triggered the incident.\n", + "type": "string" + }, + "hostname": { + "description": "Current hostname.\n", + "type": "string" + }, + "imageID": { + "description": "Container image ID.\n", + "type": "string" + }, + "imageName": { + "description": "Container image name.\n", + "type": "string" + }, + "labels": { + "additionalProperties": { + "$ref": "#/components/schemas/string" + }, + "description": "Custom labels associated with the container.\n", + "type": "object" + }, + "namespace": { + "description": "k8s deployment namespace.\n", + "type": "string" + }, + "profileID": { + "description": "Runtime profile ID.\n", + "type": "string" + }, + "provider": { + "$ref": "#/components/schemas/common.CloudProvider" + }, + "region": { + "description": "Region of the resource on which the incident was found.\n", + "type": "string" + }, + "resourceID": { + "description": "Unique ID of the resource on which the incident was found.\n", + "type": "string" + }, + "runtime": { + "description": "Runtime of the serverless function.\n", + "type": "string" + }, + "serialNum": { + "description": "Serial number of the incident.\n", + "type": "integer" + }, + "shouldCollect": { + "description": "Indicates if this incident should be collected (true) or not (false).\n", + "type": "boolean" + }, + "time": { + "description": "Time of the incident (in UTC time).\n", + "format": "date-time", + "type": "string" + }, + "type": { + "$ref": "#/components/schemas/shared.IncidentType" + }, + "vmID": { + "description": "Azure unique VM ID on which the incident was found.\n", + "type": "string" + }, + "windows": { + "description": "Windows indicates if defender OS type is Windows.\n", + "type": "boolean" + } + }, + "type": "object" + }, + "shared.IncidentCategory": { + "description": "IncidentCategory is the incident category", + "enum": [ + [ + "portScanning", + "hijackedProcess", + "dataExfiltration", + "kubernetes", + "backdoorAdministrativeAccount", + "backdoorSSHAccess", + "cryptoMiner", + "lateralMovement", + "bruteForce", + "customRule", + "alteredBinary", + "suspiciousBinary", + "executionFlowHijackAttempt", + "reverseShell", + "malware", + "cloudProvider" + ] + ], + "type": "string" + }, + "shared.IncidentType": { + "description": "IncidentType is the type of the incident", + "enum": [ + [ + "host", + "container", + "function", + "appEmbedded", + "fargate" + ] + ], + "type": "string" + }, + "shared.InstalledProducts": { + "description": "InstalledProducts contains data regarding products running in environment\nTODO #34713: Swarm support was deprecated in Joule, remove swarm node/manager boolean (and related compliance) in Lagrange", + "properties": { + "agentless": { + "description": "Agentless indicates whether the scan was performed with agentless approach.\n", + "type": "boolean" + }, + "apache": { + "description": "Apache indicates the apache server version, empty in case apache not running.\n", + "type": "string" + }, + "awsCloud": { + "description": "AWSCloud indicates whether AWS cloud is used.\n", + "type": "boolean" + }, + "clusterType": { + "$ref": "#/components/schemas/common.ClusterType" + }, + "crio": { + "description": "CRI indicates whether the container runtime is CRI (and not docker).\n", + "type": "boolean" + }, + "docker": { + "description": "Docker represents the docker daemon version.\n", + "type": "string" + }, + "dockerEnterprise": { + "description": "DockerEnterprise indicates whether the enterprise version of Docker is installed.\n", + "type": "boolean" + }, + "hasPackageManager": { + "description": "HasPackageManager indicates whether package manager is installed on the OS.\n", + "type": "boolean" + }, + "k8sApiServer": { + "description": "K8sAPIServer indicates whether a kubernetes API server is running.\n", + "type": "boolean" + }, + "k8sControllerManager": { + "description": "K8sControllerManager indicates whether a kubernetes controller manager is running.\n", + "type": "boolean" + }, + "k8sEtcd": { + "description": "K8sEtcd indicates whether etcd is running.\n", + "type": "boolean" + }, + "k8sFederationApiServer": { + "description": "K8sFederationAPIServer indicates whether a federation API server is running.\n", + "type": "boolean" + }, + "k8sFederationControllerManager": { + "description": "K8sFederationControllerManager indicates whether a federation controller manager is running.\n", + "type": "boolean" + }, + "k8sKubelet": { + "description": "K8sKubelet indicates whether kubelet is running.\n", + "type": "boolean" + }, + "k8sProxy": { + "description": "K8sProxy indicates whether a kubernetes proxy is running.\n", + "type": "boolean" + }, + "k8sScheduler": { + "description": "K8sScheduler indicates whether the kubernetes scheduler is running.\n", + "type": "boolean" + }, + "kubernetes": { + "description": "Kubernetes represents the kubernetes version.\n", + "type": "string" + }, + "managedClusterVersion": { + "description": "ManagedClusterVersion is the version of the managed Kubernetes service, e.g. AKS/EKS/GKE/etc.\n", + "type": "string" + }, + "openshift": { + "description": "Openshift indicates whether openshift is deployed.\n", + "type": "boolean" + }, + "openshiftVersion": { + "description": "OpenshiftVersion represents the running openshift version.\n", + "type": "string" + }, + "osDistro": { + "description": "OSDistro specifies the os distribution.\n", + "type": "string" + }, + "serverless": { + "description": "Serverless indicates whether evaluated on a serverless environment.\n", + "type": "boolean" + }, + "swarmManager": { + "description": "SwarmManager indicates whether a swarm manager is running.\n", + "type": "boolean" + }, + "swarmNode": { + "description": "SwarmNode indicates whether the node is part of an active swarm.\n", + "type": "boolean" + } + }, + "type": "object" + }, + "shared.InternetConnections": { + "description": "InternetConnections represents the radar internet connections", + "properties": { + "incoming": { + "description": "Incoming is the incoming connections.\n", + "items": { + "$ref": "#/components/schemas/shared.Connection" + }, + "type": "array" + }, + "outgoing": { + "description": "Outgoing is the outgoing connections.\n", + "items": { + "$ref": "#/components/schemas/shared.Connection" + }, + "type": "array" + } + }, + "type": "object" + }, + "shared.JFrogRepoType": { + "description": "JFrogRepoType represents the type of JFrog Artifactory repository", + "enum": [ + [ + "local", + "remote", + "virtual" + ] + ], + "type": "string" + }, + "shared.KeyValues": { + "description": "KeyValues is a generic key values struct", + "properties": { + "key": { + "description": ".\n", + "type": "string" + }, + "values": { + "description": ".\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + "type": "object" + }, + "shared.KubeClusterRole": { + "description": "KubeClusterRole is a compact version of Kubernetes ClusterRole\nSee https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.25/#clusterrole-v1-rbac-authorization-k8s-io", + "properties": { + "labels": { + "description": "Labels are the labels associated with the role.\n", + "items": { + "$ref": "#/components/schemas/shared.KubeLabel" + }, + "type": "array" + }, + "name": { + "description": "Name is the kubernetes role name.\n", + "type": "string" + }, + "roleBinding": { + "description": "RoleBinding is the name of the role binding used for display.\n", + "type": "string" + }, + "rules": { + "description": "Rules are the policy rules associated with the role.\n", + "items": { + "$ref": "#/components/schemas/shared.KubePolicyRule" + }, + "type": "array" + }, + "version": { + "description": "Version is the resource version of the role object maintained by Kubernetes.\n", + "type": "string" + } + }, + "type": "object" + }, + "shared.KubeLabel": { + "description": "KubeLabel represents a label\nThese are stored as an array to allow special characters in key names,\nsee https://docs.mongodb.com/manual/reference/limits/#Restrictions-on-Field-Names\nFor example: kubernetes.io/bootstrapping", + "properties": { + "key": { + "description": "Key is the key of the label.\n", + "type": "string" + }, + "value": { + "description": "Value is the value of the label.\n", + "type": "string" + } + }, + "type": "object" + }, + "shared.KubePolicyRule": { + "description": "KubePolicyRule is a compact version of Kubernetes PolicyRule\nSee https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.25/#policyrule-v1-rbac-authorization-k8s-io", + "properties": { + "apiGroups": { + "description": ".\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "nonResourceURLs": { + "description": ".\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "resourceNames": { + "description": ".\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "resources": { + "description": ".\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "verbs": { + "description": ".\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + "type": "object" + }, + "shared.KubeRole": { + "description": "KubeRole is a compact version of Kubernetes Role\nSee https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.25/#role-v1-rbac-authorization-k8s-io", + "properties": { + "labels": { + "description": "Labels are the labels associated with the role.\n", + "items": { + "$ref": "#/components/schemas/shared.KubeLabel" + }, + "type": "array" + }, + "name": { + "description": "Name is the role name.\n", + "type": "string" + }, + "namespace": { + "description": "Namespace is the namespace associated with the role.\n", + "type": "string" + }, + "roleBinding": { + "description": "RoleBinding is the name of the role binding used for display.\n", + "type": "string" + }, + "rules": { + "description": "Rules are the list of rules associated with the cluster role.\n", + "items": { + "$ref": "#/components/schemas/shared.KubePolicyRule" + }, + "type": "array" + }, + "version": { + "description": "Version is the resource version of the role object maintained by Kubernetes.\n", + "type": "string" + } + }, + "type": "object" + }, + "shared.LambdaRuntimeType": { + "description": "LambdaRuntimeType represents the runtime type of the serverless function\nThe constants used are taken from: https://docs.aws.amazon.com/lambda/latest/dg/API_CreateFunction.html#SSS-CreateFunction-request-Runtime", + "enum": [ + [ + "python", + "python3.6", + "python3.7", + "python3.8", + "python3.9", + "python3.10", + "python3.11", + "python3.12", + "nodejs", + "nodejs12.x", + "nodejs14.x", + "nodejs16.x", + "nodejs18.x", + "nodejs20.x", + "dotnet", + "dotnetcore2.1", + "dotnetcore3.1", + "dotnet6", + "java", + "java8", + "java11", + "java17", + "java21", + "ruby", + "ruby2.7" + ] + ], + "type": "string" + }, + "shared.License": { + "description": "License represent the customer license", + "properties": { + "access_token": { + "description": "AccessToken is the customer access token.\n", + "type": "string" + }, + "contract_id": { + "description": "ContractID is the customer contract ID.\n", + "type": "string" + }, + "contract_type": { + "$ref": "#/components/schemas/shared.LicenseContractType" + }, + "credits": { + "description": "Credits the total amount of credits purchased by the customer.\n", + "type": "integer" + }, + "customer_id": { + "description": "CustomerID is the customer ID.\n", + "type": "string" + }, + "defender_details": { + "description": "DefenderDetails represents the defenders license details.\n", + "items": { + "$ref": "#/components/schemas/shared.DefenderLicenseDetails" + }, + "type": "array" + }, + "defenders": { + "description": "Deprecated: Defenders is the maximum number of defender allowed in this license. Use DefenderDetails field instead.\n", + "type": "integer" + }, + "expiration_date": { + "description": "ExpirationDate is the license expiration date.\n", + "format": "date-time", + "type": "string" + }, + "issue_date": { + "description": "IssueDate is the license issue date.\n", + "format": "date-time", + "type": "string" + }, + "type": { + "$ref": "#/components/schemas/shared.LicenseTier" + }, + "workloads": { + "description": "Deprecated: Workloads is the number of workloads per license kept for backward compatibility. Use Credits instead.\n", + "type": "integer" + } + }, + "type": "object" + }, + "shared.LicenseConfig": { + "description": "LicenseConfig is the compliance policy license configuration", + "properties": { + "alertThreshold": { + "$ref": "#/components/schemas/shared.LicenseThreshold" + }, + "blockThreshold": { + "$ref": "#/components/schemas/shared.LicenseThreshold" + }, + "critical": { + "description": "Critical is the list of licenses with critical severity.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "high": { + "description": "High is the list of licenses with high severity.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "low": { + "description": "Low is the list of licenses with low severity.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "medium": { + "description": "Medium is the list of licenses with medium severity.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + "type": "object" + }, + "shared.LicenseContractType": { + "description": "LicenseContractType is the license contract type", + "enum": [ + [ + "", + "host", + "avg", + "burndown" + ] + ], + "type": "string" + }, + "shared.LicenseThreshold": { + "description": "LicenseThreshold is the license severity threshold to indicate whether to perform an action (alert/block)\nThreshold values typically vary between 0 and 10 (noninclusive)", + "properties": { + "enabled": { + "description": "Enabled indicates that the action is enabled.\n", + "type": "boolean" + }, + "value": { + "description": "Value is the minimum severity score for which the action is enabled.\n", + "format": "float", + "type": "number" + } + }, + "type": "object" + }, + "shared.LicenseTier": { + "description": "LicenseTier represents the license tier of the customer", + "enum": [ + [ + "", + "developer", + "enterprise", + "evaluation", + "oem" + ] + ], + "type": "string" + }, + "shared.LogInspectionEvent": { + "description": "LogInspectionEvent is a log inspection event detected according to the log inspection rules", + "properties": { + "_id": { + "description": "ID is event's unique identifier.\n", + "type": "string" + }, + "accountID": { + "description": "AccountID is the cloud account ID.\n", + "type": "string" + }, + "cluster": { + "description": "Cluster is the cluster on which the event was found.\n", + "type": "string" + }, + "collections": { + "description": "Collections are collections to which this event applies.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "hostname": { + "description": "Hostname is the hostname on which the event was found.\n", + "type": "string" + }, + "line": { + "description": "Line is the matching log line.\n", + "type": "string" + }, + "logfile": { + "description": "Logfile is the log file which triggered the event.\n", + "type": "string" + }, + "ruleName": { + "description": "RuleName is the name of the applied rule for auditing log inspection events.\n", + "type": "string" + }, + "time": { + "description": "Time is the time of the event.\n", + "format": "date-time", + "type": "string" + } + }, + "type": "object" + }, + "shared.LoggerSetting": { + "description": "LoggerSetting are a specific logger settings", + "properties": { + "allProcEvents": { + "description": "AllProcEvents indicates whether any new spawned container process should generate an event source entry.\n", + "type": "boolean" + }, + "enabled": { + "description": "Enabled indicates whether log feature is enabled.\n", + "type": "boolean" + }, + "verboseScan": { + "description": "VerboseScan indicates whether detailed scan (Compliance/Vulnerability) result should be written to event logger.\n", + "type": "boolean" + } + }, + "type": "object" + }, + "shared.LoggingSettings": { + "description": "LoggingSettings are the logging settings", + "properties": { + "consoleAddress": { + "description": "ConsoleAddress is the console address used by the admin to access the console, used for creating links for runtime events.\n", + "type": "string" + }, + "enableMetricsCollection": { + "description": "EnableMetricsCollection indicates whether metric collections feature is enabled.\n", + "type": "boolean" + }, + "includeRuntimeLink": { + "description": "IncludeRuntimeLink indicates whether link to forensic event should be included in the output.\n", + "type": "boolean" + }, + "stdout": { + "$ref": "#/components/schemas/shared.LoggerSetting" + }, + "syslog": { + "$ref": "#/components/schemas/shared.SyslogSettings" + } + }, + "type": "object" + }, + "shared.Malware": { + "description": "Malware is an executable and its md5", + "properties": { + "allowed": { + "description": "Allowed indicates if this signature is on the allowed list.\n", + "type": "boolean" + }, + "md5": { + "description": ".\n", + "type": "string" + }, + "modified": { + "description": "Modified is the time the malware was added to the DB.\n", + "format": "int64", + "type": "integer" + }, + "name": { + "description": ".\n", + "type": "string" + } + }, + "type": "object" + }, + "shared.MgmtAudit": { + "description": "MgmtAudit represents a management audit in the system", + "properties": { + "api": { + "description": "API is the api used in the audit process.\n", + "type": "string" + }, + "diff": { + "description": "Diff is the diff between old and new values.\n", + "type": "string" + }, + "failure": { + "description": "Failure states whether the request failed or not.\n", + "type": "boolean" + }, + "sourceIP": { + "description": "SourceIP is the request's source IP.\n", + "type": "string" + }, + "status": { + "description": "Status is the request's response status.\n", + "type": "string" + }, + "time": { + "description": "Time is the time of the request.\n", + "format": "date-time", + "type": "string" + }, + "type": { + "$ref": "#/components/schemas/shared.MgmtType" + }, + "username": { + "description": "Username is the username of the user who performed the action.\n", + "type": "string" + } + }, + "type": "object" + }, + "shared.MgmtType": { + "description": "MgmtType represents management audit types", + "enum": [ + [ + "login", + "profile", + "settings", + "rule", + "user", + "group", + "credential", + "tag", + "role", + "pairing" + ] + ], + "type": "string" + }, + "shared.NetworkInfo": { + "description": "NetworkInfo contains data about a container regarding a specific network", + "properties": { + "ipAddress": { + "description": "IPAddress is the container IP.\n", + "type": "string" + }, + "macAddress": { + "description": "MacAddress is the container MAC.\n", + "type": "string" + }, + "name": { + "description": "Name is the network name.\n", + "type": "string" + } + }, + "type": "object" + }, + "shared.NodeJSModuleType": { + "description": "NodeJSModuleType is the type of a NodeJS module", + "enum": [ + [ + "commonjs", + "ecmascript" + ] + ], + "type": "string" + }, + "shared.Package": { + "description": "Package stores relevant package information", + "properties": { + "author": { + "description": "Author is the package's author.\n", + "type": "string" + }, + "binaryIdx": { + "description": "Indexes of the top binaries which use the package.\n", + "items": { + "$ref": "#/components/schemas/int16" + }, + "type": "array" + }, + "binaryPkgs": { + "description": "Names of the distro binary packages (packages which are built on the source of the package).\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "cveCount": { + "description": "Total number of CVEs for this specific package.\n", + "type": "integer" + }, + "defaultGem": { + "description": "DefaultGem indicates this is a gem default package (and not a bundled package).\n", + "type": "boolean" + }, + "files": { + "description": "List of package-related files and their hashes. Only included when the appropriate scan option is set.\n", + "items": { + "$ref": "#/components/schemas/shared.FileDetails" + }, + "type": "array" + }, + "functionLayer": { + "description": "ID of the serverless layer in which the package was discovered.\n", + "type": "string" + }, + "goPkg": { + "description": "GoPkg indicates this is a Go package (and not module).\n", + "type": "boolean" + }, + "isRPMModule": { + "description": "IsRPMModule indicates whether this package data represents an RPM module.\n", + "type": "boolean" + }, + "jarIdentifier": { + "description": "JarIdentifier holds an additional identification detail of a JAR package.\n", + "type": "string" + }, + "layerTime": { + "description": "Image layer to which the package belongs (layer creation time).\n", + "format": "int64", + "type": "integer" + }, + "license": { + "description": "License information for the package.\n", + "type": "string" + }, + "name": { + "description": "Name of the package.\n", + "type": "string" + }, + "originPackageName": { + "description": "OriginPackageName is the name of the third-party origin package.\n", + "type": "string" + }, + "osPackage": { + "description": "OSPackage indicates that a python/java package was installed as an OS package.\n", + "type": "boolean" + }, + "path": { + "description": "Full package path (e.g., JAR or Node.js package path).\n", + "type": "string" + }, + "purl": { + "description": "PURL is a package URL identifier for this package.\n", + "type": "string" + }, + "rpmModule": { + "description": "RPMModule represents the RPM module in which this package is included.\n", + "type": "string" + }, + "securityRepoPkg": { + "description": "SecurityRepoPkg determines if this package is available in a security repository.\n", + "type": "boolean" + }, + "symbols": { + "description": "Symbols contains names of vulnerable functions that are linked in the executable binary, empty if the entire package is vulnerable.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "version": { + "description": "Package version.\n", + "type": "string" + } + }, + "type": "object" + }, + "shared.Packages": { + "description": "Packages is a collection of packages", + "properties": { + "pkgs": { + "description": "List of packages.\n", + "items": { + "$ref": "#/components/schemas/shared.Package" + }, + "type": "array" + }, + "pkgsType": { + "$ref": "#/components/schemas/packages.Type" + } + }, + "type": "object" + }, + "shared.PkgTypeThreshold": { + "description": "PkgTypeThreshold represents specific vulnerability alert and block thresholds for a package type", + "properties": { + "alertThreshold": { + "$ref": "#/components/schemas/shared.AlertThreshold" + }, + "blockThreshold": { + "$ref": "#/components/schemas/shared.BlockThreshold" + }, + "type": { + "$ref": "#/components/schemas/packages.Type" + } + }, + "type": "object" + }, + "shared.PkgsTimes": { + "description": "PkgsTimes are the compressed layer times for pkgs of the specific type", + "properties": { + "pkgTimes": { + "description": ".\n", + "items": { + "$ref": "#/components/schemas/int64" + }, + "type": "array" + }, + "pkgsType": { + "$ref": "#/components/schemas/packages.Type" + } + }, + "type": "object" + }, + "shared.Policy": { + "description": "Policy represents a policy that should be enforced by the Auditor", + "properties": { + "_id": { + "description": "Internal identifier.\n", + "type": "string" + }, + "policyType": { + "$ref": "#/components/schemas/common.PolicyType" + }, + "rules": { + "description": "Rules holds all policy rules.\n", + "items": { + "$ref": "#/components/schemas/shared.PolicyRule" + }, + "type": "array" + } + }, + "type": "object" + }, + "shared.PolicyRule": { + "description": "PolicyRule is a single rule in the policy", + "properties": { + "action": { + "description": "Action to take.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "alertThreshold": { + "$ref": "#/components/schemas/shared.AlertThreshold" + }, + "allCompliance": { + "description": "Reports the results of all compliance checks (both passed and failed) (true).\n", + "type": "boolean" + }, + "auditAllowed": { + "description": "Specifies if Prisma Cloud audits successful transactions.\n", + "type": "boolean" + }, + "blockMsg": { + "$ref": "#/components/schemas/common.PolicyBlockMsg" + }, + "blockThreshold": { + "$ref": "#/components/schemas/shared.BlockThreshold" + }, + "collections": { + "description": "List of collections. Used to scope the rule.\n", + "items": { + "$ref": "#/components/schemas/collection.Collection" + }, + "type": "array" + }, + "condition": { + "$ref": "#/components/schemas/shared.Conditions" + }, + "createPR": { + "description": "CreatePR indicates whether to create a pull request for vulnerability fixes (relevant for code repos).\n", + "type": "boolean" + }, + "cveRules": { + "description": "List of CVE IDs classified for special handling (also known as exceptions).\n", + "items": { + "$ref": "#/components/schemas/shared.CVERule" + }, + "type": "array" + }, + "disabled": { + "description": "Indicates whether the rule is currently disabled. Values: true (disabled) or false (enabled).\n", + "type": "boolean" + }, + "effect": { + "$ref": "#/components/schemas/common.PolicyEffect" + }, + "excludeBaseImageVulns": { + "description": "ExcludeBaseImageVulns indicates whether to exclude vulnerabilities coming from the base image.\n", + "type": "boolean" + }, + "graceDays": { + "description": "Number of days to suppress the rule's block effect. Measured from date the vuln was fixed. If there's no fix, measured from the date the vuln was published.\n", + "type": "integer" + }, + "graceDaysPolicy": { + "$ref": "#/components/schemas/shared.GraceDaysPolicy" + }, + "group": { + "description": "Applicable groups.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "license": { + "$ref": "#/components/schemas/shared.LicenseConfig" + }, + "modified": { + "description": "Specifies the date and time when the rule was last modified.\n", + "format": "date-time", + "type": "string" + }, + "name": { + "description": "Name of the rule.\n", + "type": "string" + }, + "notes": { + "description": "Describes any noteworthy points for a rule. You can include any text.\n", + "type": "string" + }, + "onlyFixed": { + "description": "Applies rule only when vendor fixes are available (true).\n", + "type": "boolean" + }, + "owner": { + "description": "User who created or last modified the rule.\n", + "type": "string" + }, + "pkgTypesThresholds": { + "description": "PkgTypesThresholds holds package type specific alert and block thresholds.\n", + "items": { + "$ref": "#/components/schemas/shared.PkgTypeThreshold" + }, + "type": "array" + }, + "previousName": { + "description": "Previous name of the rule. Required for rule renaming.\n", + "type": "string" + }, + "principal": { + "description": "Applicable users.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "riskFactorsEffects": { + "description": "RiskFactorsEffects indicates the effect (alert/block) of each risk factor.\n", + "items": { + "$ref": "#/components/schemas/shared.RiskFactorEffect" + }, + "type": "array" + }, + "tags": { + "description": "List of tags classified for special handling (also known as exceptions).\n", + "items": { + "$ref": "#/components/schemas/shared.TagRule" + }, + "type": "array" + }, + "verbose": { + "description": "Displays a detailed message when an operation is blocked (true).\n", + "type": "boolean" + } + }, + "type": "object" + }, + "shared.Port": { + "description": "Port is a container port", + "properties": { + "containerPort": { + "description": "ContainerPort is the mapped port inside the container.\n", + "type": "string" + }, + "hostIP": { + "description": "HostIP is the host IP.\n", + "type": "string" + }, + "hostPort": { + "description": "HostPort is the host port.\n", + "type": "integer" + } + }, + "type": "object" + }, + "shared.ProfileKubernetesData": { + "description": "ProfileKubernetesData holds Kubernetes data", + "properties": { + "clusterRoles": { + "description": "ClusterRoles are the cluster roles of the associated service account.\n", + "items": { + "$ref": "#/components/schemas/shared.KubeClusterRole" + }, + "type": "array" + }, + "roles": { + "description": "Roles are the roles of the associated service account.\n", + "items": { + "$ref": "#/components/schemas/shared.KubeRole" + }, + "type": "array" + }, + "serviceAccount": { + "description": "ServiceAccount is the service account used to access Kubernetes apiserver\nThis field will be empty if the container is not running inside of a Pod.\n", + "type": "string" + } + }, + "type": "object" + }, + "shared.Progress": { + "description": "Progress displays the scan progress", + "properties": { + "aisInitialScanInProgress": { + "description": "AISInitialScanInProgress indicates whether agentless next-gen first scheduled scan is in progress.\n", + "type": "boolean" + }, + "aisOnDemandScanInProgress": { + "description": "AISOnDemandScanInProgress indicates whether agentless next-gen on demand scan is in progress.\n", + "type": "boolean" + }, + "discovery": { + "description": "Discovery indicates whether the scan is in discovery phase.\n", + "type": "boolean" + }, + "error": { + "description": "Error is the error that happened during scan.\n", + "type": "string" + }, + "hostname": { + "description": "Hostname is the hostname for which the progress apply.\n", + "type": "string" + }, + "id": { + "description": "ID is the ID of the entity being scanned.\n", + "type": "string" + }, + "onDemand": { + "description": "OnDemand indicates whether the scan was triggered by the user or not (scheduled scan).\n", + "type": "boolean" + }, + "scanTime": { + "description": "ScanTime is the time of scan.\n", + "format": "date-time", + "type": "string" + }, + "scanned": { + "description": "Scanned is the number of entities for which the scan completed.\n", + "type": "integer" + }, + "title": { + "description": "Title is the progress title (set by the scanning process).\n", + "type": "string" + }, + "total": { + "description": "Total is the total amount of entities that should be scanned.\n", + "type": "integer" + }, + "type": { + "$ref": "#/components/schemas/shared.ScanType" + } + }, + "type": "object" + }, + "shared.RegionData": { + "description": "RegionData contains data regarding a region", + "properties": { + "coordinates": { + "$ref": "#/components/schemas/shared.Coordinates" + }, + "name": { + "description": "Name is the region display name.\n", + "type": "string" + }, + "region": { + "description": "Region is the region code name.\n", + "type": "string" + }, + "regionType": { + "$ref": "#/components/schemas/shared.RegionType" + }, + "supportedServices": { + "description": "SupportedServices is a list of cloud service types the region supports.\n", + "items": { + "$ref": "#/components/schemas/shared.ScanResultType" + }, + "type": "array" + } + }, + "type": "object" + }, + "shared.RegionDataByCloudProvider": { + "additionalProperties": { + "$ref": "#/components/schemas/-_shared.RegionData" + }, + "description": "RegionDataByCloudProvider represents the region data per cloud provider", + "type": "object" + }, + "shared.RegionType": { + "description": "RegionType specifies the region type that runs the Amazon services", + "enum": [ + [ + "regular", + "gov", + "china", + "all" + ] + ], + "type": "string" + }, + "shared.RegistryOSType": { + "description": "RegistryOSType specifies the registry images base OS type", + "enum": [ + [ + "linux", + "linuxARM64", + "windows" + ] + ], + "type": "string" + }, + "shared.RegistryScanProgress": { + "description": "RegistryScanProgress represents the registry scan progress", + "properties": { + "discovery": { + "$ref": "#/components/schemas/shared.Progress" + }, + "imageScan": { + "$ref": "#/components/schemas/shared.Progress" + }, + "isScanOngoing": { + "description": "IsScanOngoing indicates if a scan is currently ongoing.\n", + "type": "boolean" + }, + "specScanStartTime": { + "description": "SpecScanStartTime indicates when the current spec scan started.\n", + "format": "date-time", + "type": "string" + } + }, + "type": "object" + }, + "shared.RegistryScanRequest": { + "description": "RegistryScanRequest represents a registry scan request", + "properties": { + "onDemandScan": { + "description": "OnDemandScan indicates whether to handle request using the on-demand scanner.\n", + "type": "boolean" + }, + "scanID": { + "description": "ScanID is the ID of the scan.\n", + "type": "integer" + }, + "settings": { + "$ref": "#/components/schemas/shared.RegistrySpecification" + }, + "tag": { + "$ref": "#/components/schemas/shared.ImageTag" + }, + "type": { + "description": "Type indicates the type of the scan request.\n", + "type": "integer" + } + }, + "type": "object" + }, + "shared.RegistrySettings": { + "description": "RegistrySettings contains each registry's unique settings", + "properties": { + "harborScannerUrlSuffix": { + "description": "Relative path to the Harbor scanner endpoint.\n", + "type": "string" + }, + "specifications": { + "description": "Information for connecting to the registries to be scanned.\n", + "items": { + "$ref": "#/components/schemas/shared.RegistrySpecification" + }, + "type": "array" + }, + "webhookUrlSuffix": { + "description": "Relative path to the webhook HTTP endpoint.\n", + "type": "string" + } + }, + "type": "object" + }, + "shared.RegistrySpecification": { + "description": "RegistrySpecification contains information for connecting to local/remote registry", + "properties": { + "azureCloudMetadata": { + "$ref": "#/components/schemas/common.CloudMetadata" + }, + "caCert": { + "description": "CACert is the Certificate Authority that signed the registry certificate.\n", + "type": "string" + }, + "cap": { + "description": "Specifies the maximum number of images from each repo to fetch and scan, sorted by most recently modified.\n", + "type": "integer" + }, + "collections": { + "description": "Specifies the set of Defenders in-scope for working on a scan job.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "credential": { + "$ref": "#/components/schemas/cred.Credential" + }, + "credentialID": { + "description": "ID of the credentials in the credentials store to use for authenticating with the registry.\n", + "type": "string" + }, + "excludedRepositories": { + "description": "Repositories to exclude from scanning.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "excludedTags": { + "description": "Tags to exclude from scanning.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "gitlabRegistrySpec": { + "$ref": "#/components/schemas/shared.GitlabRegistrySpec" + }, + "harborDeploymentSecurity": { + "description": "Indicates whether the Prisma Cloud plugin uses temporary tokens provided by Harbor to scan images in projects where Harbor's deployment security setting is enabled.\n", + "type": "boolean" + }, + "id": { + "description": "ID is a unique identifier of the registry spec.\n", + "type": "string" + }, + "jfrogRepoTypes": { + "description": "JFrog Artifactory repository types to scan.\n", + "items": { + "$ref": "#/components/schemas/shared.JFrogRepoType" + }, + "type": "array" + }, + "lastScanStatus": { + "description": "LastScanStatus is the last scan status. we keep both LastScanStatus and ScanStatus in order to not lose the latest scan status when a scan starts.\n", + "type": "string" + }, + "lastScanTime": { + "description": "LastScanTime specifies the last time a scan was completed.\n", + "format": "date-time", + "type": "string" + }, + "namespace": { + "description": "IBM Bluemix namespace https://console.bluemix.net/docs/services/Registry/registry_overview.html#registry_planning.\n", + "type": "string" + }, + "os": { + "$ref": "#/components/schemas/shared.RegistryOSType" + }, + "registry": { + "description": "Registry address (e.g., https://gcr.io).\n", + "type": "string" + }, + "repository": { + "description": "Repositories to scan.\n", + "type": "string" + }, + "scanError": { + "description": "ScanError is the error received while scanning the specification.\n", + "type": "string" + }, + "scanStatus": { + "description": "ScanStatus is the scan status that's updated dynamically during the scan, when the scan finishes - its value is passed to the LastScanStatus field in the DB.\n", + "type": "string" + }, + "scanTime": { + "description": "ScanTime specifies the time a scan was started.\n", + "format": "date-time", + "type": "string" + }, + "scannedImagesSuccessTotal": { + "description": "ScannedImagesSuccessTotal is the total number of registry images that were scanned successfully on the last registry specification scan.\n", + "type": "integer" + }, + "scanners": { + "description": "Number of Defenders that can be utilized for each scan job.\n", + "type": "integer" + }, + "tag": { + "description": "Tags to scan.\n", + "type": "string" + }, + "version": { + "description": "Registry type. Determines the protocol Prisma Cloud uses to communicate with the registry.\n", + "type": "string" + }, + "versionPattern": { + "description": "Pattern heuristic for quickly filtering images by tags without having to query all images for modification dates.\n", + "type": "string" + } + }, + "type": "object" + }, + "shared.RiskFactorEffect": { + "description": "RiskFactorEffect represents the effect which is applied by a risk factor", + "properties": { + "effect": { + "$ref": "#/components/schemas/vuln.Effect" + }, + "riskFactor": { + "$ref": "#/components/schemas/vulnerability.RiskFactor" + } + }, + "type": "object" + }, + "shared.RuntimeAttackType": { + "description": "RuntimeAttackType is the sub-category of the attack (e.g., malware process, process not in model, etc...)", + "enum": [ + [ + "", + "cloudMetadataProbing", + "kubeletAPIAccess", + "kubeletReadonlyAccess", + "kubectlSpawned", + "kubectlDownloaded", + "horizontalPortScanning", + "verticalPortScanning", + "explicitlyDeniedIP", + "customFeedIP", + "feedIP", + "unexpectedOutboundPort", + "suspiciousNetworkActivity", + "unexpectedListeningPort", + "explicitlyDeniedListeningPort", + "explicitlyDeniedOutboundPort", + "listeningPortModifiedProcess", + "outboundPortModifiedProcess", + "feedDNS", + "explicitlyDeniedDNS", + "dnsQuery", + "unexpectedProcess", + "portScanProcess", + "malwareProcessCustom", + "malwareProcessFeed", + "explicitlyDeniedProcess", + "modifiedProcess", + "cryptoMinerProcess", + "lateralMovementProcess", + "tmpfsProcess", + "policyHijacked", + "reverseShell", + "suidBinaries", + "unknownOriginBinary", + "webShell", + "administrativeAccount", + "encryptedBinary", + "sshAccess", + "explicitlyDeniedFile", + "malwareFileCustom", + "malwareFileFeed", + "execFileAccess", + "elfFileAccess", + "secretFileAccess", + "regFileAccess", + "wildfireMalware", + "unknownOriginBinary", + "webShell", + "fileIntegrity", + "alteredBinary", + "malwareDownloaded", + "suspiciousELFHeader", + "executionFlowHijackAttempt", + "customRule" + ] + ], + "type": "string" + }, + "shared.RuntimeAudit": { + "description": "RuntimeAudit represents a runtime audit event (fires when a runtime policy is violated)", + "properties": { + "_id": { + "description": "Internal ID (used for in-place updates).\n", + "type": "string" + }, + "accountID": { + "description": "ID of the cloud account where the audit was generated.\n", + "type": "string" + }, + "app": { + "description": "Name of the service which violated the host policy.\n", + "type": "string" + }, + "appID": { + "description": "Application ID.\n", + "type": "string" + }, + "attackTechniques": { + "description": "MITRE attack techniques.\n", + "items": { + "$ref": "#/components/schemas/mitre.Technique" + }, + "type": "array" + }, + "attackType": { + "$ref": "#/components/schemas/shared.RuntimeAttackType" + }, + "cluster": { + "description": "Cluster name.\n", + "type": "string" + }, + "collections": { + "description": "Collections to which this audit applies.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "command": { + "description": "ScrubbedCommand is the command executed by the process with scrubbed PII.\n", + "type": "string" + }, + "container": { + "description": "Indicates if this is a container audit (true) or host audit (false).\n", + "type": "boolean" + }, + "containerId": { + "description": "ID of the container that violates the rule.\n", + "type": "string" + }, + "containerName": { + "description": "Container name.\n", + "type": "string" + }, + "count": { + "description": "Attack type audits count.\n", + "type": "integer" + }, + "country": { + "description": "Outbound country for outgoing network audits.\n", + "type": "string" + }, + "domain": { + "description": "Domain is the requested domain.\n", + "type": "string" + }, + "effect": { + "$ref": "#/components/schemas/runtime.RuleEffect" + }, + "err": { + "description": "Unknown error in the audit process.\n", + "type": "string" + }, + "filepath": { + "description": "Filepath is the path of the modified file.\n", + "type": "string" + }, + "fqdn": { + "description": "Current full domain name used in audit alerts.\n", + "type": "string" + }, + "function": { + "description": "Name of the serverless function that caused the audit.\n", + "type": "string" + }, + "functionID": { + "description": "ID of the function invoked.\n", + "type": "string" + }, + "hostname": { + "description": "Current hostname.\n", + "type": "string" + }, + "imageId": { + "description": "Container image ID.\n", + "type": "string" + }, + "imageName": { + "description": "Container image name.\n", + "type": "string" + }, + "interactive": { + "description": "Indicates if the audit was triggered from a process that was spawned in interactive mode (e.g., docker exec ...) (true) or not (false).\n", + "type": "boolean" + }, + "ip": { + "description": "IP is the connection destination IP address.\n", + "type": "string" + }, + "label": { + "description": "Container deployment label.\n", + "type": "string" + }, + "labels": { + "additionalProperties": { + "$ref": "#/components/schemas/string" + }, + "description": "Custom labels which augment the audit data.\n", + "type": "object" + }, + "md5": { + "description": "MD5 is the MD5 of the modified file (only for executables.\n", + "type": "string" + }, + "msg": { + "description": "Blocking message text.\n", + "type": "string" + }, + "namespace": { + "description": "K8s deployment namespace.\n", + "type": "string" + }, + "os": { + "description": "Operating system distribution.\n", + "type": "string" + }, + "pid": { + "description": "ID of the process that caused the audit event.\n", + "type": "integer" + }, + "port": { + "description": "Port is the connection destination port.\n", + "type": "integer" + }, + "processPath": { + "description": "Path of the process that caused the audit event.\n", + "type": "string" + }, + "profileId": { + "description": "Profile ID of the audit.\n", + "type": "string" + }, + "provider": { + "$ref": "#/components/schemas/common.CloudProvider" + }, + "rawEvent": { + "description": "Unparsed function handler event input.\n", + "type": "string" + }, + "region": { + "description": "Region of the resource where the audit was generated.\n", + "type": "string" + }, + "requestID": { + "description": "ID of the lambda function invocation request.\n", + "type": "string" + }, + "resourceID": { + "description": "Unique ID of the resource where the audit was generated.\n", + "type": "string" + }, + "ruleName": { + "description": "Name of the rule that was applied, if blocked.\n", + "type": "string" + }, + "runtime": { + "$ref": "#/components/schemas/shared.LambdaRuntimeType" + }, + "severity": { + "$ref": "#/components/schemas/shared.RuntimeSeverity" + }, + "time": { + "description": "Time of the audit event (in UTC time).\n", + "format": "date-time", + "type": "string" + }, + "type": { + "$ref": "#/components/schemas/shared.RuntimeType" + }, + "user": { + "description": "Service user.\n", + "type": "string" + }, + "version": { + "description": "Defender version.\n", + "type": "string" + }, + "vmID": { + "description": "Azure unique VM ID where the audit was generated.\n", + "type": "string" + }, + "wildFireReportURL": { + "description": "WildFireReportURL is a URL link of the report generated by wildFire.\n", + "type": "string" + } + }, + "type": "object" + }, + "shared.RuntimeProfileState": { + "description": "RuntimeProfileState represents the state of an image profile", + "enum": [ + [ + "learning", + "dryRun", + "learningExtended", + "manualLearning", + "manualRelearning", + "active", + "manualActive" + ] + ], + "type": "string" + }, + "shared.RuntimeSecretScrubbingSettings": { + "description": "RuntimeSecretScrubbingSettings holds the runtime secret scrubbing settings", + "properties": { + "customSpecs": { + "description": "CustomSpecs is a collection of generic sensitive data masking patterns.\n", + "items": { + "$ref": "#/components/schemas/runtime.SecretScrubbingSpec" + }, + "type": "array" + }, + "skipDefault": { + "description": "SkipDefault indicates whether default secret scrubbing should be skipped.\n", + "type": "boolean" + } + }, + "type": "object" + }, + "shared.RuntimeSeverity": { + "description": "RuntimeSeverity represents the runtime severity", + "enum": [ + [ + "low", + "medium", + "high" + ] + ], + "type": "string" + }, + "shared.RuntimeType": { + "description": "RuntimeType represents the runtime protection type", + "enum": [ + [ + "processes", + "network", + "kubernetes", + "filesystem" + ] + ], + "type": "string" + }, + "shared.ScanErrorInfo": { + "description": "ScanErrorInfo holds information about the errors that occurred during the scan", + "properties": { + "category": { + "description": "Category is the category of error.\n", + "type": "string" + }, + "cause": { + "description": "Cause describes what caused the error.\n", + "type": "string" + }, + "detectedDuring": { + "$ref": "#/components/schemas/shared.AISOperationType" + }, + "error": { + "description": "Error holds the full error string.\n", + "type": "string" + }, + "recommendation": { + "description": "Recommendation provides more information about error and suggestions for possible fixes.\n", + "type": "string" + }, + "score": { + "description": "Score is a rating of how relevant the error is to the customer.\n", + "type": "integer" + }, + "source": { + "description": "Source is details on where the error occurred.\n", + "type": "string" + }, + "updatedAt": { + "description": "UpdatedAt holds the timestamp of the current error, relevant only for AIS scans.\n", + "format": "date-time", + "type": "string" + } + }, + "type": "object" + }, + "shared.ScanResultType": { + "description": "ScanResultType represents a cloud scan result type", + "enum": [ + [ + "aws-ecr", + "aws-lambda", + "aws-ec2", + "aws-eks", + "aws-ecs", + "aws-s3", + "aws-config", + "aws-cloud-trail", + "aws-kms", + "aws-cloud-watch", + "aws-sns", + "aws-security-hub", + "aws-secrets-manager", + "aws-parameter-store", + "azure-acr", + "azure-functions", + "azure-aks", + "azure-aci", + "azure-vm", + "gcp-gcr", + "gcp-gcf", + "gcp-gke", + "gcp-vm", + "gcp-artifact", + "oci-instance" + ] + ], + "type": "string" + }, + "shared.ScanSettings": { + "description": "ScanSettings are global settings for image/host/container and registry scanning", + "properties": { + "agentlessScanPeriodMs": { + "description": "AgentlessScanPeriodMS is the agentless scan period in ms - validated for minimum 1 hour or disabled with zero.\n", + "format": "int64", + "type": "integer" + }, + "cloudPlatformsScanPeriodMs": { + "description": "CloudPlatformsScanPeriodMS is the cloud platforms scan period in ms - validated for minimum 1 hour or disabled with zero.\n", + "format": "int64", + "type": "integer" + }, + "containersScanPeriodMs": { + "description": "ContainersScanPeriodMS is the container scan period in ms - validated for minimum 1 hour or disabled with zero.\n", + "format": "int64", + "type": "integer" + }, + "extractArchive": { + "description": "ExtractArchive indicates whether to search within archive during scan is enabled.\n", + "type": "boolean" + }, + "imagesScanPeriodMs": { + "description": "ImageScanPeriodMS is the image scan period in ms - validated for minimum 1 hour or disabled with zero.\n", + "format": "int64", + "type": "integer" + }, + "includeJsDependencies": { + "description": "IncludeJsDependencies indicates whether to include packages from the \"dependencies\".\n", + "type": "boolean" + }, + "registryScanPeriodMs": { + "description": "RegistryScanPeriodMS is the registry scan period in ms - validated for minimum 1 hour or disabled with zero.\n", + "format": "int64", + "type": "integer" + }, + "registryScanRetentionDays": { + "description": "RegistryScanRetentionDays is the number of days to keep deleted registry images.\n", + "type": "integer" + }, + "scanRunningImages": { + "description": "ScanRunningImages indicates only images that are used by containers should be used.\n", + "type": "boolean" + }, + "serverlessScanPeriodMs": { + "description": "ServerlessScanPeriodMS is the serverless vulnerability scan period in ms - validated for minimum 1 hour or disabled with zero.\n", + "format": "int64", + "type": "integer" + }, + "showInfraContainers": { + "description": "ShowInfraContainers indicates infra containers should be shown.\n", + "type": "boolean" + }, + "showNegligibleVulnerabilities": { + "description": "ShowNegligibleVulnerabilities indicates whether to display negligible vulnerabilities (low severity or will not be fixed).\n", + "type": "boolean" + }, + "systemScanPeriodMs": { + "description": "SystemScanPeriodMS is the host scan period in ms - validated for minimum 1 hour or disabled with zero.\n", + "format": "int64", + "type": "integer" + }, + "tasDropletsScanPeriodMs": { + "description": "TASDropletsScanPeriodMS is the TAS scan period in ms - validated for minimum 1 hour or disabled with zero.\n", + "format": "int64", + "type": "integer" + }, + "vmScanPeriodMs": { + "description": "VMScanPeriodMS is the VM image scan period in ms - validated for minimum 1 hour or disabled with zero.\n", + "format": "int64", + "type": "integer" + } + }, + "type": "object" + }, + "shared.ScanType": { + "description": "ScanType displays the components for an ongoing scan", + "enum": [ + [ + "image", + "ciImage", + "container", + "host", + "agentlessHost", + "registry", + "serverlessScan", + "ciServerless", + "vm", + "tas", + "ciTas", + "cloudDiscovery", + "serverlessRadar", + "serverlessAutoDeploy", + "hostAutoDeploy", + "codeRepo", + "ciCodeRepo" + ] + ], + "type": "string" + }, + "shared.SecretStoreType": { + "description": "SecretStoreType is the secrets store type", + "enum": [ + [ + "hashicorp", + "hashicorp010", + "cyberark", + "awsParameterStore", + "awsSecretsManager", + "azure" + ] + ], + "type": "string" + }, + "shared.SecretsInjectionType": { + "description": "SecretsInjectionType is the method used to inject secrets to containers", + "enum": [ + [ + "envvar", + "filesystem" + ] + ], + "type": "string" + }, + "shared.SecretsPolicy": { + "description": "SecretsPolicy defines policy for distribution of secrets to containers", + "properties": { + "_id": { + "description": "ID is the internal secret policy id.\n", + "type": "string" + }, + "rules": { + "description": "Rules is the list of secret injection rules.\n", + "items": { + "$ref": "#/components/schemas/shared.SecretsRule" + }, + "type": "array" + } + }, + "type": "object" + }, + "shared.SecretsRule": { + "description": "SecretsRule defines distribution of secrets to containers", + "properties": { + "collections": { + "description": "Collections is a list of collections the rule applies to.\n", + "items": { + "$ref": "#/components/schemas/collection.Collection" + }, + "type": "array" + }, + "disabled": { + "description": "Indicates whether the rule is currently disabled. Values: true (disabled) or false (enabled).\n", + "type": "boolean" + }, + "injection": { + "$ref": "#/components/schemas/shared.SecretsInjectionType" + }, + "modified": { + "description": "Specifies the date and time when the rule was last modified.\n", + "format": "date-time", + "type": "string" + }, + "name": { + "description": "Name of the rule.\n", + "type": "string" + }, + "notes": { + "description": "Describes any noteworthy points for a rule. You can include any text.\n", + "type": "string" + }, + "owner": { + "description": "User who created or last modified the rule.\n", + "type": "string" + }, + "previousName": { + "description": "Previous name of the rule. Required for rule renaming.\n", + "type": "string" + }, + "readAllPerm": { + "description": "ReadAllPerm indicates whether file permissions of injected secrets allow read by root only or by all users.\n", + "type": "boolean" + }, + "secrets": { + "description": "Secrets are the encrypted secrets to inject.\n", + "items": { + "$ref": "#/components/schemas/shared.VaultSecret" + }, + "type": "array" + }, + "targetDir": { + "description": "TargetDir is the target directory to inject secret files to if we choose filesystem injection.\n", + "type": "string" + } + }, + "type": "object" + }, + "shared.SecretsStore": { + "description": "SecretsStore represents a secret storage entity", + "properties": { + "appID": { + "description": "AppID is the twistlock application id, as set in Cyberark store.\n", + "type": "string" + }, + "caCert": { + "$ref": "#/components/schemas/common.Secret" + }, + "clientCert": { + "$ref": "#/components/schemas/common.Secret" + }, + "credentialId": { + "description": "CredentialID is the authentication credential id.\n", + "type": "string" + }, + "name": { + "description": "Name is the name of the secret store defined by the user.\n", + "type": "string" + }, + "region": { + "description": "Region is the secrets store's region.\n", + "type": "string" + }, + "type": { + "$ref": "#/components/schemas/shared.SecretStoreType" + }, + "url": { + "description": "URL is the secrets store's endpoint point.\n", + "type": "string" + } + }, + "type": "object" + }, + "shared.SecretsStores": { + "description": "SecretsStores are settings for connecting with secrets storage vaults", + "properties": { + "refreshPeriodHours": { + "description": "RefreshPeriodHours is the secret stores refresh time in hours.\n", + "type": "integer" + }, + "secretsStores": { + "description": "Stores is the list of stores to fetch secrets from.\n", + "items": { + "$ref": "#/components/schemas/shared.SecretsStore" + }, + "type": "array" + } + }, + "type": "object" + }, + "shared.ServerlessAutoDeploySpecification": { + "description": "ServerlessAutoDeploySpecification contains the information for auto-deploying serverless functions protection", + "properties": { + "awsRegionType": { + "$ref": "#/components/schemas/shared.RegionType" + }, + "collections": { + "description": "Collections is a list of collections the rule applies to.\n", + "items": { + "$ref": "#/components/schemas/collection.Collection" + }, + "type": "array" + }, + "consoleAddr": { + "description": "ConsoleAddr represents the hostname of the console to connect to.\n", + "type": "string" + }, + "credentialID": { + "description": "CredentialID is the service provider authentication data.\n", + "type": "string" + }, + "lastModified": { + "description": "LastModified is the last modified time of the specification.\n", + "format": "date-time", + "type": "string" + }, + "name": { + "description": "Name is the name of the spec.\n", + "type": "string" + }, + "proxy": { + "$ref": "#/components/schemas/common.ProxySettings" + }, + "runtimes": { + "description": "Runtimes is the list of runtimes to which the spec applies.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + "type": "object" + }, + "shared.ServerlessAutoDeploySpecifications": { + "description": "ServerlessAutoDeploySpecifications is a list of serverless auto-deploy specifications", + "items": { + "$ref": "#/components/schemas/shared.ServerlessAutoDeploySpecification" + }, + "type": "array" + }, + "shared.ServerlessBundleRequest": { + "description": "ServerlessBundleRequest represents the arguments to serverless bundle request", + "properties": { + "provider": { + "$ref": "#/components/schemas/common.CloudProvider" + }, + "proxyCA": { + "description": "ProxyCA is the proxy\u2019s CA certificate for Defender to trust.\n", + "type": "string" + }, + "runtime": { + "$ref": "#/components/schemas/shared.LambdaRuntimeType" + } + }, + "type": "object" + }, + "shared.ServerlessLayerBundleRequest": { + "description": "ServerlessLayerBundleRequest represents the arguments to a serverless layer bundle request", + "properties": { + "nodeJSModuleType": { + "$ref": "#/components/schemas/shared.NodeJSModuleType" + }, + "provider": { + "$ref": "#/components/schemas/common.CloudProvider" + }, + "proxyCA": { + "description": "ProxyCA is the proxy\u2019s CA certificate for Defender to trust.\n", + "type": "string" + }, + "runtime": { + "$ref": "#/components/schemas/shared.LambdaRuntimeType" + } + }, + "type": "object" + }, + "shared.ServerlessScanSpecification": { + "description": "ServerlessScanSpecification describes how to connect to a serverless provider", + "properties": { + "cap": { + "description": "Specifies the maximum number of functions to fetch and scan, ordered by most recently modified.\n", + "type": "integer" + }, + "enabled": { + "description": "Enabled indicates whether serverless scanning is enabled.\n", + "type": "boolean" + }, + "scanAllVersions": { + "description": "Specifies whether to scan all image versions. If set to false, scans only $LATEST. Default: false.\n", + "type": "boolean" + }, + "scanLayers": { + "description": "Specifies whether to scan a function's layers. Default: true.\n", + "type": "boolean" + } + }, + "type": "object" + }, + "shared.SubnetConnections": { + "description": "SubnetConnections holds the entity incoming and outgoing connections from/to subnets", + "properties": { + "incoming": { + "additionalProperties": { + "$ref": "#/components/schemas/cnnf.RadarConnectionInstances" + }, + "description": "Incoming holds connection from radar entity to subnet.\n", + "type": "object" + }, + "outgoing": { + "additionalProperties": { + "$ref": "#/components/schemas/cnnf.RadarConnectionInstances" + }, + "description": "Outgoing holds connection from subnet to radar entity.\n", + "type": "object" + } + }, + "type": "object" + }, + "shared.SyslogSettings": { + "description": "SyslogSettings are the syslog settings", + "properties": { + "addr": { + "description": "Addr is the remote address for sending events.\n", + "type": "string" + }, + "allProcEvents": { + "description": "AllProcEvents indicates whether any new spawned container process should generate an event source entry.\n", + "type": "boolean" + }, + "cert": { + "description": "Cert is the server cert for dialing TLS syslogger.\n", + "type": "string" + }, + "enabled": { + "description": "Enabled indicates whether log feature is enabled.\n", + "type": "boolean" + }, + "id": { + "description": "ID represents the user's custom identifier string.\n", + "type": "string" + }, + "verboseScan": { + "description": "VerboseScan indicates whether detailed scan (Compliance/Vulnerability) result should be written to event logger.\n", + "type": "boolean" + } + }, + "type": "object" + }, + "shared.TASDropletSpecification": { + "description": "TASDropletSpecification specify which droplets to scan", + "properties": { + "cap": { + "description": "Cap indicates only the last k images should be fetched.\n", + "type": "integer" + }, + "cloudControllerAddress": { + "description": "CloudControllerAddress is the address of the local cloud controller in TAS env.\n", + "type": "string" + }, + "hostname": { + "description": "Hostname is the hostname of the defender that is used as the blobstore scanner.\n", + "type": "string" + }, + "pattern": { + "description": "Name is the droplet name.\n", + "type": "string" + }, + "remote": { + "description": "Remote indicates whether the blobstore is remote or local.\n", + "type": "boolean" + }, + "remoteConfig": { + "$ref": "#/components/schemas/shared.TASRemoteBlobstoreConfig" + } + }, + "type": "object" + }, + "shared.TASRemoteBlobstoreConfig": { + "description": "TASRemoteBlobstoreConfig contains remote blobstore details", + "properties": { + "blobstoreAddress": { + "description": "BlobstoreAddress is the address of the remote cloud controller.\n", + "type": "string" + }, + "cACert": { + "description": "CACert Ops manager CA root certificate in case the user chooses not to skip TLS validation.\n", + "type": "string" + }, + "credential": { + "$ref": "#/components/schemas/cred.Credential" + }, + "credentialID": { + "description": "CredentialID is the id in the credentials store to use for authenticating with the remote blobstore.\n", + "type": "string" + }, + "foundation": { + "description": " Foundation is the name of TAS foundation.\n", + "type": "string" + } + }, + "type": "object" + }, + "shared.Tag": { + "description": "Tag represents a single tag", + "properties": { + "color": { + "$ref": "#/components/schemas/common.Color" + }, + "description": { + "description": "Description is the tag description.\n", + "type": "string" + }, + "name": { + "description": "Name is the tag name.\n", + "type": "string" + }, + "vulns": { + "description": "Vulns are the tagged vulnerabilities.\n", + "items": { + "$ref": "#/components/schemas/shared.TagVulnMetadata" + }, + "type": "array" + } + }, + "type": "object" + }, + "shared.TagRule": { + "description": "TagRule is a tag rule for specific vulnerabilities", + "properties": { + "description": { + "description": "Free-form text for documenting the exception.\n", + "type": "string" + }, + "effect": { + "$ref": "#/components/schemas/vuln.Effect" + }, + "expiration": { + "$ref": "#/components/schemas/vuln.ExpirationDate" + }, + "name": { + "description": "Tag name.\n", + "type": "string" + } + }, + "type": "object" + }, + "shared.TagVulnMetadata": { + "description": "TagVulnMetadata contains the tag vulnerability metadata", + "properties": { + "checkBaseLayer": { + "description": "(Applies only to the resource type 'image') Checks whether the base layer in an image is the resource image.\n", + "type": "boolean" + }, + "comment": { + "description": "Adds a comment.\n", + "type": "string" + }, + "id": { + "description": "Specifies the Common Vulnerability and Exposures (CVE) ID.\n", + "type": "string" + }, + "packageName": { + "description": "Specifies the source or the binary package name where the vulnerability is found.\nUse the source package name for tagging if only source package exists.\nUse the wildcard `*` for tagging all the packages.\n", + "type": "string" + }, + "resourceType": { + "$ref": "#/components/schemas/vuln.TagType" + }, + "resources": { + "description": "(Required when you define the resource type) Specifies the resources for tagging where the vulnerability is found. Either specify the resource names separated by a comma or use the wildcard `*` to apply the tag to all the resources where the vulnerability is found.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + "type": "object" + }, + "shared.TrustAudit": { + "description": "TrustAudit represents a trust audit", + "properties": { + "_id": { + "description": "ID is the registry-repo of the created container.\n", + "type": "string" + }, + "accountID": { + "description": "AccountID is the cloud account ID where the audit was generated.\n", + "type": "string" + }, + "cluster": { + "description": "Cluster is the cluster where the audit was generated.\n", + "type": "string" + }, + "count": { + "description": "Count is the number of times this audit occurred.\n", + "type": "integer" + }, + "effect": { + "$ref": "#/components/schemas/vuln.Effect" + }, + "imageID": { + "description": "ImageID is the container image id.\n", + "type": "string" + }, + "imageName": { + "description": "ImageName is the container image name.\n", + "type": "string" + }, + "msg": { + "description": "Message is the blocking message text.\n", + "type": "string" + }, + "ruleName": { + "description": "If blocked, contains the name of the rule that was applied.\n", + "type": "string" + }, + "time": { + "description": "Time is the UTC time of the audit event.\n", + "format": "date-time", + "type": "string" + } + }, + "type": "object" + }, + "shared.TrustAudits": { + "description": "TrustAudits represents the trust profile audits", + "properties": { + "_id": { + "description": "ProfileID is the runtime profile ID.\n", + "type": "string" + }, + "audits": { + "additionalProperties": { + "$ref": "#/components/schemas/shared.TrustRegistryRepoAudits" + }, + "description": "Audits is a map from trust status (audits are only for untrusted type) to the audit events list.\n", + "type": "object" + }, + "cluster": { + "description": "Cluster is the cluster from which the audit originated.\n", + "type": "string" + }, + "collections": { + "description": "Collections are collections to which this audit applies.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "imageName": { + "description": "ImageName is the container image name.\n", + "type": "string" + }, + "label": { + "description": "Label represents the container deployment label.\n", + "type": "string" + }, + "os": { + "description": "OS is the operating system distribution.\n", + "type": "string" + }, + "resource": { + "$ref": "#/components/schemas/common.RuntimeResource" + }, + "time": { + "description": "Time is the UTC time of the last audit event.\n", + "format": "date-time", + "type": "string" + }, + "total": { + "description": "Total is the total count of audits per runtime profile.\n", + "type": "integer" + } + }, + "type": "object" + }, + "shared.TrustRegistryRepoAudits": { + "description": "TrustRegistryRepoAudits represents the trust registry/repo audits per profile", + "properties": { + "audits": { + "description": "Audits are the trust audits associated with the registry/repo, limited to the determined capacity.\n", + "items": { + "$ref": "#/components/schemas/shared.TrustAudit" + }, + "type": "array" + }, + "count": { + "description": "Count is the total count of the sub-type audits.\n", + "type": "integer" + } + }, + "type": "object" + }, + "shared.TrustedCertSettings": { + "description": "TrustedCertSettings are settings for trusted certs", + "properties": { + "certs": { + "description": "Certs are the list of trusted certificates to use in access scenarios.\n", + "items": { + "$ref": "#/components/schemas/shared.TrustedCertSignature" + }, + "type": "array" + }, + "checkRevocation": { + "description": "CheckRevocation indicates whether to check the certificate revocation.\n", + "type": "boolean" + }, + "enabled": { + "description": "Enabled indicates whether the trusted certificate feature is enabled.\n", + "type": "boolean" + } + }, + "type": "object" + }, + "shared.TrustedCertSignature": { + "description": "TrustedCertSignature represents a trusted cert settings", + "properties": { + "cn": { + "description": "CN is the certificate common name.\n", + "type": "string" + }, + "issuer": { + "description": "Issuer is the certificate issuer.\n", + "type": "string" + }, + "notAfter1": { + "description": "NotAfter is the certificate expiration time\nRemark: the 1 suffix required for backward compatibility (previous values were strings and cannot be serialized).\n", + "format": "date-time", + "type": "string" + }, + "notBefore1": { + "description": "NotBefore is the minimum time for which the cert is valid\nRemark: the 1 suffix required for backward compatibility (previous values were strings and cannot be serialized).\n", + "format": "date-time", + "type": "string" + }, + "raw": { + "description": "Raw is the raw certificate (in PEM format).\n", + "type": "string" + } + }, + "type": "object" + }, + "shared.UploadScanResult": { + "description": "UploadScanResult is the result uploading the scanning result", + "properties": { + "scanId": { + "description": "ID is the scan result ID.\n", + "type": "string" + } + }, + "type": "object" + }, + "shared.User": { + "description": "User represents a local user in Twistlock", + "properties": { + "username": { + "description": "Name of a user.\n", + "type": "string" + } + }, + "type": "object" + }, + "shared.VMSpecification": { + "description": "VMSpecification contains information for setting up and connecting to the image", + "properties": { + "cap": { + "description": "Specifies the maximum number of images to fetch and scan, ordered by most recently modified.\n", + "type": "integer" + }, + "consoleAddr": { + "description": "Network-accessible address that Defender can use to publish scan results to Console.\n", + "type": "string" + }, + "credentialID": { + "description": "ID of the credentials in the credentials store to use for authenticating with the cloud provider.\n", + "type": "string" + }, + "enableSecureBoot": { + "description": "EnableSecureBoot indicates secure boot should be enabled for the instance launched for scanning (currently only supported with GCP).\n", + "type": "boolean" + }, + "excludedImages": { + "description": "Images to exclude from scanning.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "gcpProjectID": { + "description": "GCP project ID to use for listing VM images instead of the default associated with the GCP credential (optional).\n", + "type": "string" + }, + "imageType": { + "$ref": "#/components/schemas/common.ImageType" + }, + "images": { + "description": "The names of images to scan.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "instanceType": { + "description": "InstanceType is the instance type to use for the instance launched for scanning. For example, the default instance type for AWS is \"m4.large\".\n", + "type": "string" + }, + "labels": { + "description": "The labels to use to target images to scan.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "region": { + "description": "Cloud provider region.\n", + "type": "string" + }, + "scanners": { + "description": "Number of Defenders that can be utilized for each scan job.\n", + "type": "integer" + }, + "subnetID": { + "description": "SubnetID is the network subnet ID to use for the instance launched for scanning. Default value is empty string, which represents the default subnet in the VPC.\n", + "type": "string" + }, + "vpcID": { + "description": "VPCID is the network VPC ID to use for the instance launched for scanning. Default value is empty string, which represents the default VPC in the region.\n", + "type": "string" + }, + "zone": { + "description": "Cloud provider zone (part of a region). On GCP, designates in which zone to deploy the VM scan instance.\n", + "type": "string" + } + }, + "type": "object" + }, + "shared.VMSpecifications": { + "description": "VMSpecifications is a list of VM specifications", + "items": { + "$ref": "#/components/schemas/shared.VMSpecification" + }, + "type": "array" + }, + "shared.VaultSecret": { + "description": "VaultSecret represents a secret held by a secret store", + "properties": { + "folder": { + "description": "Folder is one of the following:\nCyberark: Name of the folder for secrets held in Cyberark store\nHashicorp: The directory path for secrets held in Hashicorp store\nAWS: The name of the secret in AWS Secrets Manager or AWS Parameter Store.\n", + "type": "string" + }, + "key": { + "description": "Key is the secret's identifier in the secrets store.\n", + "type": "string" + }, + "name": { + "description": "Name is the name of the secret as input from the user.\n", + "type": "string" + }, + "safe": { + "description": "Safe is the name of the safe, for secrets held in Cyberark store.\n", + "type": "string" + }, + "store": { + "description": "Store is the name of the secrets store where the secret is held.\n", + "type": "string" + }, + "value": { + "$ref": "#/components/schemas/common.Secret" + }, + "version": { + "description": "Version is the Azure secret version.\n", + "type": "string" + } + }, + "type": "object" + }, + "shared.WildFirePolicy": { + "description": "WildFirePolicy is the global wildfire usage policy, set by the client", + "properties": { + "agentlessEnabled": { + "description": "AgentlessEnabled indicates whether agentless scan will consult WF.\n", + "type": "boolean" + }, + "complianceEnabled": { + "description": "ComplianceEnabled indicates whether compliance malware scan will consult WF.\n", + "type": "boolean" + }, + "graywareAsMalware": { + "description": "GraywareAsMalware indicates whether files with WF verdict of Grayware will be treated as malware.\n", + "type": "boolean" + }, + "region": { + "description": "Region is the WF server region to query.\n", + "type": "string" + }, + "runtimeEnabled": { + "description": "RuntimeEnabled indicates whether runtime malware scan will consult WF.\n", + "type": "boolean" + }, + "uploadEnabled": { + "description": "UploadEnabled indicates whether files will be uploaded to WF.\n", + "type": "boolean" + } + }, + "type": "object" + }, + "shared.WildFireSettings": { + "description": "WildFireSettings are the settings for WildFire API requests", + "properties": { + "apiKey": { + "description": "APIKey is the key identifier used for WF APIs.\n", + "type": "string" + }, + "apiKeyExpiration": { + "description": "APIKeyExpiration is the expiration time of the API key.\n", + "format": "date-time", + "type": "string" + }, + "lastError": { + "description": "LastError is the last error that occurred when trying to create/update the wildfire key.\n", + "type": "string" + }, + "policy": { + "$ref": "#/components/schemas/shared.WildFirePolicy" + } + }, + "type": "object" + }, + "string": { + "type": "string" + }, + "time.Duration": { + "format": "int64", + "type": "integer" + }, + "time.Time": { + "format": "date-time", + "type": "string" + }, + "trust.Data": { + "description": "Data holds the image trust data", + "properties": { + "groups": { + "description": "Groups are the trust groups.\n", + "items": { + "$ref": "#/components/schemas/trust.Group" + }, + "type": "array" + }, + "policy": { + "$ref": "#/components/schemas/trust.Policy" + } + }, + "type": "object" + }, + "trust.Group": { + "description": "Group represents a group of images", + "properties": { + "_id": { + "description": "Name of the group.\n", + "type": "string" + }, + "disabled": { + "description": "Indicates whether the rule is currently disabled. Values: true (disabled) or false (enabled).\n", + "type": "boolean" + }, + "images": { + "description": "Image names or IDs (e.g., docker.io/library/ubuntu:16.04 / SHA264@...).\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "layers": { + "description": "Filesystem layers. The image is trusted if its layers have a prefix of the trusted groups layer in the same order.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "modified": { + "description": "Specifies the date and time when the rule was last modified.\n", + "format": "date-time", + "type": "string" + }, + "name": { + "description": "Name of the rule.\n", + "type": "string" + }, + "notes": { + "description": "Describes any noteworthy points for a rule. You can include any text.\n", + "type": "string" + }, + "owner": { + "description": "User who created or last modified the rule.\n", + "type": "string" + }, + "previousName": { + "description": "Previous name of the rule. Required for rule renaming.\n", + "type": "string" + } + }, + "type": "object" + }, + "trust.HostStatus": { + "description": "HostStatus represents an image trust status on a host", + "properties": { + "host": { + "description": "Host name.\n", + "type": "string" + }, + "status": { + "$ref": "#/components/schemas/trust.Status" + } + }, + "type": "object" + }, + "trust.ImageResult": { + "description": "ImageResult represents an aggregated image trust result", + "properties": { + "groups": { + "description": "Trust groups which apply to the image.\n", + "items": { + "$ref": "#/components/schemas/trust.Group" + }, + "type": "array" + }, + "hostsStatuses": { + "description": "Image trust status on each host. Can be set to \"trusted\" or \"untrusted\".\n", + "items": { + "$ref": "#/components/schemas/trust.HostStatus" + }, + "type": "array" + } + }, + "type": "object" + }, + "trust.Policy": { + "description": "Policy represents the trust policy", + "properties": { + "_id": { + "description": "ID is the trust group policy ID.\n", + "type": "string" + }, + "enabled": { + "description": "Enabled indicates whether the policy is enabled.\n", + "type": "boolean" + }, + "rules": { + "description": "Rules is the list of rules in the policy.\n", + "items": { + "$ref": "#/components/schemas/trust.PolicyRule" + }, + "type": "array" + } + }, + "type": "object" + }, + "trust.PolicyRule": { + "description": "PolicyRule represents an trust policy rule", + "properties": { + "allowedGroups": { + "description": "AllowedGroups are the ids of the groups that are whitelisted by this rule.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "blockMsg": { + "$ref": "#/components/schemas/common.PolicyBlockMsg" + }, + "collections": { + "description": "Collections is a list of collections the rule applies to.\n", + "items": { + "$ref": "#/components/schemas/collection.Collection" + }, + "type": "array" + }, + "deniedGroups": { + "description": "DeniedGroups are the ids of the groups that are blacklisted by this rule.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "disabled": { + "description": "Indicates whether the rule is currently disabled. Values: true (disabled) or false (enabled).\n", + "type": "boolean" + }, + "effect": { + "$ref": "#/components/schemas/vuln.Effect" + }, + "modified": { + "description": "Specifies the date and time when the rule was last modified.\n", + "format": "date-time", + "type": "string" + }, + "name": { + "description": "Name of the rule.\n", + "type": "string" + }, + "notes": { + "description": "Describes any noteworthy points for a rule. You can include any text.\n", + "type": "string" + }, + "owner": { + "description": "User who created or last modified the rule.\n", + "type": "string" + }, + "previousName": { + "description": "Previous name of the rule. Required for rule renaming.\n", + "type": "string" + } + }, + "type": "object" + }, + "trust.Status": { + "description": "Status is the trust status for an image", + "enum": [ + [ + "trusted", + "untrusted" + ] + ], + "type": "string" + }, + "types.AccessStats": { + "description": "AccessStats are stats for the access flows", + "properties": { + "docker": { + "$ref": "#/components/schemas/types.AccessStatsCount" + }, + "sshd": { + "$ref": "#/components/schemas/types.AccessStatsCount" + }, + "sudo": { + "$ref": "#/components/schemas/types.AccessStatsCount" + } + }, + "type": "object" + }, + "types.AccessStatsCount": { + "description": "AccessStatsCount stores the total amount of access audits", + "properties": { + "allowed": { + "description": ".\n", + "type": "integer" + }, + "denied": { + "description": ".\n", + "type": "integer" + } + }, + "type": "object" + }, + "types.AgentlessHostStatus": { + "description": "AgentlessHostStatus holds the status of a host handled by an agentless scan", + "properties": { + "account": { + "description": "Account is the cloud account the host belongs to.\n", + "type": "string" + }, + "availabilityDomain": { + "description": "AvailabilityDomain is the host availability domain.\n", + "type": "string" + }, + "category": { + "description": "Category indicates the status category.\n", + "type": "string" + }, + "cause": { + "description": "Cause describes what caused the error category.\n", + "type": "string" + }, + "collections": { + "description": "Collections is a list of the matched collections.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "createdAt": { + "description": "CreatedAt is the time when the instance was launched.\n", + "format": "date-time", + "type": "string" + }, + "details": { + "description": "Details provides more information about status.\n", + "type": "string" + }, + "detectedDuring": { + "$ref": "#/components/schemas/shared.AISOperationType" + }, + "excludedTags": { + "description": "ExcludedTags lists of exclude tags cause the host to be excluded from the scan.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "hostname": { + "description": "Hostname is the hostname. E.g. \"ip-192-0-2-0\" or \"custom\".\n", + "type": "string" + }, + "includedTags": { + "description": "IncludedTags lists of include tags cause the host to be excluded from the scan.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "name": { + "description": "Name is the host's cloud name e.g. \"dimako-test\".\n", + "type": "string" + }, + "ociCompartment": { + "description": "OCICompartment is the compartment the instance belongs to (OCI only).\n", + "type": "string" + }, + "recommendation": { + "description": "Recommendation provides suggestions for possible fixes.\n", + "type": "string" + }, + "region": { + "description": "Region is the region the host belongs to.\n", + "type": "string" + }, + "regionError": { + "description": "RegionError indicates the status origin is a region error.\n", + "type": "boolean" + }, + "resourceID": { + "description": "Unique ID of the resource.\n", + "type": "string" + }, + "scanID": { + "description": "ScanID indicates the scan id in which the status was collected.\n", + "type": "integer" + }, + "scanTime": { + "description": "ScanTime indicates the scan time of the host.\n", + "format": "date-time", + "type": "string" + }, + "source": { + "description": "Source is details on where the status was collected.\n", + "type": "string" + }, + "vmTags": { + "description": "VMTags are the tags of the VM instance.\n", + "items": { + "$ref": "#/components/schemas/common.ExternalLabel" + }, + "type": "array" + } + }, + "type": "object" + }, + "types.AgentlessResourceTemplatesRequest": { + "description": "AgentlessResourceTemplatesRequest is the agentless resource templates request for populating\ntemplates that are needed to be applied prior to an agentless scan with the credential", + "properties": { + "awsRegionType": { + "$ref": "#/components/schemas/shared.RegionType" + }, + "credential": { + "$ref": "#/components/schemas/cred.Credential" + }, + "credentialID": { + "description": "(Required) Specifies the ID for which the templates are generated.\n", + "type": "string" + } + }, + "type": "object" + }, + "types.AlertProfileOption": { + "description": "AlertProfileOption describes options available for configuring an alert type", + "properties": { + "alertType": { + "$ref": "#/components/schemas/api.AlertType" + }, + "hasPolicy": { + "description": "HasPolicy defines whether the alerts are triggered by policy (e.g., this is false for defender alerts).\n", + "type": "boolean" + }, + "name": { + "description": "Name is the display name for the option.\n", + "type": "string" + }, + "rules": { + "description": "Rules are the rule names for the policy associated with this alert type (only relevant if HasPolicy is true).\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "supportedClients": { + "description": "SupportedClients are the supported alert clients for this alert (e.g., jira, email).\n", + "items": { + "$ref": "#/components/schemas/api.AlertClientType" + }, + "type": "array" + } + }, + "type": "object" + }, + "types.AllDefendersUsage": { + "description": "AllDefendersUsage holds stats about the usage of different modules and the sample time", + "properties": { + "appEmbedded": { + "$ref": "#/components/schemas/types.DefenderUsage" + }, + "cloudSecurityAgent": { + "$ref": "#/components/schemas/types.DefenderUsage" + }, + "container": { + "$ref": "#/components/schemas/types.DefenderUsage" + }, + "containerAgentless": { + "$ref": "#/components/schemas/types.DefenderUsage" + }, + "host": { + "$ref": "#/components/schemas/types.DefenderUsage" + }, + "hostAgentless": { + "$ref": "#/components/schemas/types.DefenderUsage" + }, + "period": { + "description": "Period is the date beginning of the usage period.\n", + "format": "date-time", + "type": "string" + }, + "remainingCredits": { + "description": "RemainingCredits is the amount of credits left at the beginning of the period.\n", + "type": "integer" + }, + "serverless": { + "$ref": "#/components/schemas/types.ServerlessUsage" + }, + "waas": { + "$ref": "#/components/schemas/types.DefenderUsage" + }, + "waasOutOfBand": { + "$ref": "#/components/schemas/types.DefenderUsage" + } + }, + "type": "object" + }, + "types.AppFirewallAttackCount": { + "description": "AppFirewallAttackCount holds app firewall attack type and the amount of audits", + "properties": { + "count": { + "description": "Count is the count for the attack type.\n", + "type": "integer" + }, + "type": { + "$ref": "#/components/schemas/waas.AttackType" + } + }, + "type": "object" + }, + "types.AppFirewallStats": { + "additionalProperties": { + "$ref": "#/components/schemas/int" + }, + "description": "AppFirewallStats are the daily stats for app firewall audits\nTODO #20802 - replace string key with WAAS attack type type when mongo changed to avoid encoding map keys without stringer", + "type": "object" + }, + "types.ArtifactoryWebhookRequest": { + "description": "ArtifactoryWebhookRequest is an artifactory webhook request\nArtifactory doesn't have native webhook support, instead it comes as a plugin\nhttps://github.com/jfrog/artifactory-user-plugins/tree/master/webhook\nThe relevant fields in the this struct were reverse engineered from the webhook groovy code and from the fields that were sent by a real artifactory environment", + "type": "object" + }, + "types.AssetsSummary": { + "properties": { + "containerImages": { + "$ref": "#/components/schemas/types.ImageAssetsSummary" + }, + "hosts": { + "$ref": "#/components/schemas/types.HostAssetsSummary" + } + }, + "type": "object" + }, + "types.AttackTechniqueStats": { + "additionalProperties": { + "$ref": "#/components/schemas/int" + }, + "description": "AttackTechniqueStats represents statistics grouped by attack technique", + "type": "object" + }, + "types.AuditTimeslice": { + "description": "AuditTimeslice counts the number of audit events for a given time period", + "properties": { + "count": { + "description": "Count is the number of audit occurrences.\n", + "type": "integer" + }, + "end": { + "description": "End is the end time of the bucket.\n", + "format": "date-time", + "type": "string" + }, + "start": { + "description": "Start is the start time of the bucket.\n", + "format": "date-time", + "type": "string" + } + }, + "type": "object" + }, + "types.AvailableVulnerabilities": { + "description": "AvailableVulnerabilities contains all available vulnerabilities types", + "properties": { + "complianceVulnerabilities": { + "description": "Compliance is the list of all available compliance issues.\n", + "items": { + "$ref": "#/components/schemas/vuln.Vulnerability" + }, + "type": "array" + }, + "cveVulnerabilities": { + "description": "CVE is all available cve vulnerabilities.\n", + "items": { + "$ref": "#/components/schemas/vuln.Vulnerability" + }, + "type": "array" + } + }, + "type": "object" + }, + "types.BFFHostQueryOptions": { + "properties": { + "hasVulnerabilities": { + "description": ".\n", + "type": "boolean" + }, + "limit": { + "description": ".\n", + "type": "integer" + }, + "nextPageToken": { + "description": ".\n", + "type": "string" + }, + "offset": { + "description": ".\n", + "type": "integer" + }, + "reverse": { + "description": ".\n", + "type": "boolean" + }, + "search": { + "description": ".\n", + "type": "string" + }, + "sort": { + "description": ".\n", + "type": "string" + } + }, + "type": "object" + }, + "types.BFFImageQueryOptions": { + "properties": { + "hasRunningContainers": { + "description": ".\n", + "type": "boolean" + }, + "hasVulnerabilities": { + "description": ".\n", + "type": "boolean" + }, + "limit": { + "description": ".\n", + "type": "integer" + }, + "nextPageToken": { + "description": ".\n", + "type": "string" + }, + "offset": { + "description": ".\n", + "type": "integer" + }, + "reverse": { + "description": ".\n", + "type": "boolean" + }, + "scanPassed": { + "description": ".\n", + "type": "boolean" + }, + "search": { + "description": ".\n", + "type": "string" + }, + "sort": { + "description": ".\n", + "type": "string" + }, + "stage": { + "description": ".\n", + "type": "string" + } + }, + "type": "object" + }, + "types.BFFPaginatedResponse": { + "description": "BFFPaginatedResponse is the paginated response", + "properties": { + "nextPageToken": { + "description": ".\n", + "type": "string" + }, + "total": { + "description": ".\n", + "type": "integer" + } + }, + "type": "object" + }, + "types.BaseImage": { + "description": "BaseImage represents an image which is defined as a base image", + "properties": { + "creationTime": { + "description": "CreationTime is the time when the image was created.\n", + "format": "date-time", + "type": "string" + }, + "imageName": { + "description": "ImageName is the image name repository:tag.\n", + "type": "string" + }, + "topLayer": { + "description": "TopLayer is the SHA256 of the image's last filesystem layer.\n", + "type": "string" + } + }, + "type": "object" + }, + "types.BaseImagesRule": { + "description": "BaseImagesRule holds the base images defined by a single scope", + "properties": { + "_id": { + "description": "Pattern is the scope configuration identification, e.g. image name regex pattern.\n", + "type": "string" + }, + "description": { + "description": "Description is the base images scope description.\n", + "type": "string" + }, + "images": { + "description": "Images holds the base images which matches the scope configuration, capped to 50 image digests per scope.\n", + "items": { + "$ref": "#/components/schemas/types.BaseImage" + }, + "type": "array" + } + }, + "type": "object" + }, + "types.BffQueryPermissions": { + "description": "BffQueryPermissions are user permissions", + "type": "object" + }, + "types.CSAPairingSettings": { + "description": "CSAPairingSettings is the settings which are received from the CSA during the pairing process", + "properties": { + "apiKey": { + "description": "APIKey is the key to call the CSA API.\n", + "type": "string" + }, + "apiKeyID": { + "description": "APIKeyID is the key ID to call the CSA API.\n", + "type": "string" + }, + "apiURL": { + "description": "APIURL is the CSA API URL.\n", + "type": "string" + }, + "fqdn": { + "description": "FQDN is the fully qualified domain name of CSA tenant.\n", + "type": "string" + }, + "gcpBucketName": { + "description": "GCPBucketName is the name of the GCP bucket.\n", + "type": "string" + }, + "pubSubSubscription": { + "description": "PubSubSubscription is the subscription name to the pub/sub.\n", + "type": "string" + }, + "pubSubSubscriptionDebug": { + "description": "PubSubSubscriptionDebug is the subscription name to the pub/sub for debugging purposes.\n", + "type": "string" + }, + "region": { + "description": "Region is the (GCP) region where the tenant is deployed.\n", + "type": "string" + }, + "serviceAccountKey": { + "description": "ServiceAccountKey is the service account to the pub/sub and bucket.\n", + "type": "string" + } + }, + "type": "object" + }, + "types.CSAStatus": { + "description": "CSAStatus is the CSA status", + "properties": { + "tenantURL": { + "description": "TenantURL is the CSA tenant URL.\n", + "type": "string" + } + }, + "type": "object" + }, + "types.CVEStats": { + "description": "CVEStats represents statistics about a CVE type", + "properties": { + "count": { + "description": "Count is the number of CVEs from the specific type.\n", + "type": "integer" + }, + "distro": { + "description": "Distro is the impacted image distro (e.g., ubuntu).\n", + "type": "string" + }, + "distro_release": { + "description": "DistroRelase is the impacted image distro release (bionic).\n", + "type": "string" + }, + "modified": { + "description": "Modified is the max unix timestamp for the specific CVE.\n", + "format": "int64", + "type": "integer" + }, + "type": { + "description": "Type is the vulnerability type.\n", + "type": "string" + } + }, + "type": "object" + }, + "types.CVEVulnerability": { + "description": "CVEVulnerability holds data on package and files vulnerabilities", + "properties": { + "affected_cpes": { + "$ref": "#/components/schemas/vulnerability.RHELCpeHashes" + }, + "affected_cpes_uuid": { + "description": "AffectedCpesUUID is used to create unique records for vulnerabilities that only differ in their affected CPEs.\n", + "type": "string" + }, + "app_vuln_id": { + "description": "AppVulnID is the unique ID of the application vulnerability (app+cve+internal custom ID).\n", + "type": "string" + }, + "archs": { + "$ref": "#/components/schemas/vulnerability.CPUArchs" + }, + "conditions": { + "$ref": "#/components/schemas/vulnerability.Conditions" + }, + "cpe_ids": { + "$ref": "#/components/schemas/vulnerability.CpeIDs" + }, + "custom": { + "description": "Custom indicates if this is a custom vulnerability.\n", + "type": "boolean" + }, + "cve": { + "description": ".\n", + "type": "string" + }, + "cvss": { + "description": ".\n", + "format": "float", + "type": "number" + }, + "description": { + "description": "Description is the vulnerability description.\n", + "type": "string" + }, + "distro": { + "description": ".\n", + "type": "string" + }, + "distro_release": { + "description": ".\n", + "type": "string" + }, + "exploit": { + "$ref": "#/components/schemas/vulnerability.ExploitType" + }, + "exploits": { + "$ref": "#/components/schemas/vulnerability.Exploits" + }, + "fixDate": { + "description": "FixDate is the date this CVE was fixed (unix timestamp).\n", + "format": "int64", + "type": "integer" + }, + "go_package": { + "description": "GoPackage indicates a Go vulnerability at package-level and holds the package import path.\n", + "type": "string" + }, + "is_rpm_module": { + "description": "IsRPMModule indicates whether this vulnerability is specific to an RPM module.\n", + "type": "boolean" + }, + "jar_identifier": { + "description": "JarIdentifier holds an additional identification detail of the vulnerable JAR.\n", + "type": "string" + }, + "link": { + "description": "Link is the link for information about the vulnerability (used for custom vulnerabilities).\n", + "type": "string" + }, + "link_id": { + "description": "LinkID is the ID required to construct the vendor link to the CVE.\n", + "type": "string" + }, + "modified": { + "description": "Modified is the last time this CVE was modified (unix timestamp).\n", + "format": "int64", + "type": "integer" + }, + "non_vulnerable": { + "description": "NonVulnerable indicates that the CVE in not vulnerable on its own, but only when it comes together with conditional combination of CVE.\n", + "type": "boolean" + }, + "originBuilder": { + "description": "OriginBuilder indicates the origin of the CVE.\n", + "type": "string" + }, + "package": { + "description": ".\n", + "type": "string" + }, + "rh_general_severity": { + "description": "RHGeneralSeverity is the Red Hat's general severity of this CVE.\n", + "type": "string" + }, + "rpm_module": { + "description": "RPMModule represents the RPM module containing the package affected by this vulnerability.\n", + "type": "string" + }, + "rules": { + "$ref": "#/components/schemas/vulnerability.Rules" + }, + "running_on_with": { + "description": "RunningOnWith is NVD \"running On/With\" conditions.\n", + "type": "string" + }, + "security_repo_pkg": { + "description": "SecurityRepoPkg determines if the package belongs to a security repository (e.g. bullseye-security).\n", + "type": "boolean" + }, + "severity": { + "description": ".\n", + "type": "string" + }, + "status": { + "description": "Status is the official vendor state for the CVE.\n", + "type": "string" + }, + "symbols": { + "$ref": "#/components/schemas/vulnerability.Symbols" + }, + "type": { + "$ref": "#/components/schemas/vulnerability.CVEType" + }, + "vecStr": { + "description": "VectorString is the NVD vulnerability string.\n", + "type": "string" + } + }, + "type": "object" + }, + "types.CertData": { + "description": "CertData is used to add a custom certificate to the product", + "properties": { + "certificate": { + "description": "Data is the certificate pem data.\n", + "type": "string" + } + }, + "type": "object" + }, + "types.CertSettings": { + "description": "CertSettings are the certificates settings", + "properties": { + "caExpiration": { + "description": "CAExpiration holds the expiration date of the CA cert.\n", + "format": "date-time", + "type": "string" + }, + "consoleSAN": { + "description": "ConsoleSAN if specified, use this list as the SAN for the console server certificate. Used for websocket and API.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "defenderOldCAExpiration": { + "description": "DefenderOldCAExpiration holds the expiration time of the defender old CA cert.\n", + "format": "date-time", + "type": "string" + } + }, + "type": "object" + }, + "types.CertificateSettings": { + "description": "CertificateSettings are the certificate settings", + "properties": { + "accessCaCert": { + "description": "AccessCACert is a custom CA certificate.\n", + "type": "string" + }, + "certificatePeriodDays": { + "description": "CertificatePeriodDays is the certificates period in days.\n", + "type": "integer" + } + }, + "type": "object" + }, + "types.CloudComputeInfo": { + "description": "CloudComputeInfo holds some fields from the compute structure that may be contained in the raw cloud info", + "properties": { + "vmId": { + "description": "VMID (\"vmId\") is a field used in Azure raw struct.\n", + "type": "string" + } + }, + "type": "object" + }, + "types.CloudInfo": { + "description": "CloudInfo holds cloud information of a CSA agent\nTODO #CWP-52951: - Cortex should send us normalized cloud attributes instead of raw data.", + "properties": { + "cloud_provider": { + "$ref": "#/components/schemas/types.CloudProvider" + }, + "raw": { + "$ref": "#/components/schemas/types.CloudRawInfo" + } + }, + "type": "object" + }, + "types.CloudProvider": { + "description": "CloudProvider identifies a cloud provider in the CSA Endpoints API", + "enum": [ + [ + "AWS", + "GCP", + "Azure" + ] + ], + "type": "string" + }, + "types.CloudProviders": { + "items": { + "$ref": "#/components/schemas/common.CloudProvider" + }, + "type": "array" + }, + "types.CloudRawInfo": { + "description": "CloudRawInfo holds some fields that may appear in the raw cloud info, depending on cloud provider\nTODO #CWP-52951: - Cortex should send us normalized cloud attributes instead of raw data.", + "properties": { + "compute": { + "$ref": "#/components/schemas/types.CloudComputeInfo" + }, + "id": { + "description": "ID (\"id\") is a field used in GCP raw struct.\n", + "type": "string" + }, + "instance-id": { + "description": "InstanceID (\"instance-id\") is a field used in AWS raw struct.\n", + "type": "string" + } + }, + "type": "object" + }, + "types.ClusterRadarInfo": { + "description": "ClusterRadarInfo contains cluster information to display on the radar", + "properties": { + "cloudProivder": { + "$ref": "#/components/schemas/common.CloudProvider" + }, + "hostCount": { + "description": "HostCount is the number of host running the cluster.\n", + "type": "integer" + }, + "name": { + "description": "Name of the cluster.\n", + "type": "string" + }, + "namespaceCount": { + "description": "Namespace is the number of namespace in the cluster.\n", + "type": "integer" + } + }, + "type": "object" + }, + "types.ComplianceCategoryStats": { + "description": "ComplianceCategoryStats holds data regarding a compliance category", + "properties": { + "failed": { + "description": "Failed is the count of impacted resources by the category IDs.\n", + "type": "integer" + }, + "name": { + "$ref": "#/components/schemas/vuln.ComplianceCategory" + }, + "total": { + "description": "Total is the count of evaluations of category IDs.\n", + "type": "integer" + } + }, + "type": "object" + }, + "types.ComplianceDailyStats": { + "description": "ComplianceDailyStats is the compliance daily stats", + "properties": { + "_id": { + "description": "Date holds the date the data was collected.\n", + "type": "string" + }, + "distribution": { + "$ref": "#/components/schemas/vuln.Distribution" + }, + "modified": { + "description": "Modified is the time the data was modified.\n", + "format": "date-time", + "type": "string" + } + }, + "type": "object" + }, + "types.ComplianceIDStats": { + "description": "ComplianceIDStats holds data regarding applied compliance ID", + "properties": { + "benchmarkID": { + "description": "BenchmarkID is the benchmark ID.\n", + "type": "string" + }, + "category": { + "$ref": "#/components/schemas/vuln.ComplianceCategory" + }, + "description": { + "description": "Description is the compliance description.\n", + "type": "string" + }, + "failed": { + "description": "Failed is the number of occurrences of compliance ID in resources.\n", + "type": "integer" + }, + "id": { + "description": "ID is the compliance ID.\n", + "type": "integer" + }, + "severity": { + "description": "Severity is the compliance severity.\n", + "type": "string" + }, + "templateTitle": { + "description": "TemplateTitle is the template title.\n", + "type": "string" + }, + "total": { + "description": "Total is the count of resources evaluated with the compliance.\n", + "type": "integer" + }, + "type": { + "$ref": "#/components/schemas/vulnerability.Type" + } + }, + "type": "object" + }, + "types.ComplianceStats": { + "description": "ComplianceStats holds compliance data", + "properties": { + "categories": { + "description": "Compliance stats by category.\n", + "items": { + "$ref": "#/components/schemas/types.ComplianceCategoryStats" + }, + "type": "array" + }, + "daily": { + "description": "Daily compliance stats.\n", + "items": { + "$ref": "#/components/schemas/types.ComplianceDailyStats" + }, + "type": "array" + }, + "ids": { + "description": "Compliance data by check ID.\n", + "items": { + "$ref": "#/components/schemas/types.ComplianceIDStats" + }, + "type": "array" + }, + "rules": { + "description": "Compliance stats by policy rules.\n", + "items": { + "$ref": "#/components/schemas/types.RuleComplianceStats" + }, + "type": "array" + }, + "templates": { + "description": "Compliance stats by template.\n", + "items": { + "$ref": "#/components/schemas/types.ComplianceTemplateStats" + }, + "type": "array" + } + }, + "type": "object" + }, + "types.ComplianceTemplateStats": { + "description": "ComplianceTemplateStats holds data regarding a compliance template", + "properties": { + "failed": { + "description": "Failed is the count of impacted resources by the template IDs.\n", + "type": "integer" + }, + "name": { + "$ref": "#/components/schemas/vuln.ComplianceTemplate" + }, + "total": { + "description": "Total is the count of evaluations of template IDs.\n", + "type": "integer" + } + }, + "type": "object" + }, + "types.ConsoleCertificateSettings": { + "description": "ConsoleCertificateSettings are the console certificate settings", + "properties": { + "checkRevocation": { + "description": "CheckRevocation indicates whether cert revocation status is required.\n", + "type": "boolean" + }, + "consoleCaCert": { + "description": "ConsoleCACert is a custom CA certificate for the console.\n", + "type": "string" + }, + "consoleCustomCert": { + "$ref": "#/components/schemas/common.Secret" + }, + "hpkp": { + "$ref": "#/components/schemas/types.HPKPSettings" + } + }, + "type": "object" + }, + "types.ContainerRadarData": { + "description": "ContainerRadarData represent all data relevant to the network radar", + "properties": { + "containerCount": { + "description": "ContainerCount is the total number of containers.\n", + "type": "integer" + }, + "radar": { + "description": "Radar holds all radar entities.\n", + "items": { + "$ref": "#/components/schemas/types.ContainerRadarEntity" + }, + "type": "array" + }, + "radarSubnets": { + "description": "RadarSubnets holds all the radar subnets.\n", + "items": { + "$ref": "#/components/schemas/cnnf.NetworkEntity" + }, + "type": "array" + } + }, + "type": "object" + }, + "types.ContainerRadarEntity": { + "description": "ContainerRadarEntity is the extended container radar entity (include presentation metadata)", + "properties": { + "_id": { + "description": ".\n", + "type": "string" + }, + "agentless": { + "description": "Agentless indicates whether this container was scanned by the agentless scanner.\n", + "type": "boolean" + }, + "allowAll": { + "$ref": "#/components/schemas/cnnf.AllowAllConnections" + }, + "appFirewallAttackCounts": { + "description": "AppFirewallAttackCounts is the counts for the app firewall attacks.\n", + "items": { + "$ref": "#/components/schemas/types.AppFirewallAttackCount" + }, + "type": "array" + }, + "cluster": { + "description": "Cluster is the provided cluster name.\n", + "type": "string" + }, + "complianceDistribution": { + "$ref": "#/components/schemas/vuln.Distribution" + }, + "containerCount": { + "description": "ContainerCount is the amount of containers per entity.\n", + "type": "integer" + }, + "distro": { + "description": ".\n", + "type": "string" + }, + "dns": { + "description": "DNS states whether this is a DNS node.\n", + "type": "boolean" + }, + "filesystemCount": { + "description": ".\n", + "type": "integer" + }, + "firewallProtection": { + "$ref": "#/components/schemas/waas.ProtectionStatus" + }, + "geoip": { + "$ref": "#/components/schemas/runtime.ProfileNetworkGeoIP" + }, + "hasDNSConnection": { + "description": "HasDNSConnection states whether the node has DNS connection.\n", + "type": "boolean" + }, + "hostCount": { + "description": ".\n", + "type": "integer" + }, + "hostname": { + "description": ".\n", + "type": "string" + }, + "imageID": { + "description": "ImageID is the entity's image ID.\n", + "type": "string" + }, + "imageName": { + "description": "ImageName is the entity's image name.\n", + "type": "string" + }, + "imageNames": { + "description": "ImageNames are the names of the image associated with the radar entity.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "incidentCount": { + "description": "IncidentCount is the number of incidents.\n", + "type": "integer" + }, + "incomingConnections": { + "description": "IncomingConnections are the radar entity incoming connections.\n", + "items": { + "$ref": "#/components/schemas/shared.ContainerRadarIncomingConnection" + }, + "type": "array" + }, + "internet": { + "$ref": "#/components/schemas/shared.InternetConnections" + }, + "istio": { + "description": "Istio states whether it is an istio-monitored entity.\n", + "type": "boolean" + }, + "istioAuthorizationPolicies": { + "description": "IstioAuthorizationPolicies are the Istio authorization policies.\n", + "items": { + "$ref": "#/components/schemas/istio.AuthorizationPolicy" + }, + "type": "array" + }, + "k8s": { + "$ref": "#/components/schemas/shared.ProfileKubernetesData" + }, + "label": { + "description": "Label is the entity's label.\n", + "type": "string" + }, + "labels": { + "description": "Labels are the radar entity labels.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "learning": { + "description": "Learning indicates whether the runtime profile associated with the entity is in learning state.\n", + "type": "boolean" + }, + "namespace": { + "description": "Namespace is the kubernetes namespace the entity belongs to (for kubernetes type).\n", + "type": "string" + }, + "networkCount": { + "description": ".\n", + "type": "integer" + }, + "processesCount": { + "description": ".\n", + "type": "integer" + }, + "profileHash": { + "$ref": "#/components/schemas/common.ProfileHash" + }, + "region": { + "description": "Region is the cloud provider region.\n", + "type": "string" + }, + "resolved": { + "description": "Resolved indicates if the entity has all data resolved or just contains the ID and hash, used to indicate if the console should be updated on entity resolving.\n", + "type": "boolean" + }, + "serviceIP": { + "description": "ServiceIP the ip of the kubernetes service (for kubernetes type).\n", + "type": "string" + }, + "serviceName": { + "description": "ServiceName is kubernetes service the entity belongs to (for kubernetes type).\n", + "type": "string" + }, + "servicePorts": { + "description": "ServicePorts are the ports the kubernetes service exposes (for kubernetes type).\n", + "items": { + "$ref": "#/components/schemas/int" + }, + "type": "array" + }, + "shouldSkipNetwork": { + "description": "ShouldSkipNetwork indicates whether network monitoring for this container should be skipeed or not.\n", + "type": "boolean" + }, + "subnetConnections": { + "$ref": "#/components/schemas/shared.SubnetConnections" + }, + "type": { + "$ref": "#/components/schemas/shared.EntityType" + }, + "vulnerabilityDistribution": { + "$ref": "#/components/schemas/vuln.Distribution" + }, + "waasStats": { + "$ref": "#/components/schemas/waas.MonitoringStats" + } + }, + "type": "object" + }, + "types.Count": { + "properties": { + "value": { + "description": ".\n", + "type": "integer" + } + }, + "type": "object" + }, + "types.CredentialUsage": { + "description": "CredentialUsage represents a single credential usage", + "properties": { + "description": { + "description": "Resource description (e.g., repository name for registry scan).\n", + "type": "string" + }, + "type": { + "$ref": "#/components/schemas/cred.UsageType" + } + }, + "type": "object" + }, + "types.DefenderSummary": { + "description": "DefenderSummary is a summary for a type of defender", + "properties": { + "category": { + "$ref": "#/components/schemas/defender.Category" + }, + "connected": { + "description": "Connected counts how many defenders are connected for this category.\n", + "type": "integer" + }, + "deployed": { + "description": "Deployed counts how many defenders are deployed for this category.\n", + "type": "integer" + }, + "licensed": { + "description": "Licensed counts how many defenders are licensed for this category.\n", + "type": "integer" + } + }, + "type": "object" + }, + "types.DefenderUsage": { + "description": "DefenderUsage holds the number of defenders and the credits used for a specific defender type", + "properties": { + "creditCount": { + "description": "CreditCount is credits that was used for this defender type.\n", + "format": "double", + "type": "number" + }, + "defendersCount": { + "description": "DefendersCount is the number of defenders that was used for this defender type.\n", + "format": "double", + "type": "number" + } + }, + "type": "object" + }, + "types.DefendersVersionCount": { + "description": "DefendersVersionCount holds the defenders count per each version", + "properties": { + "count": { + "description": "Defenders count per version.\n", + "type": "integer" + }, + "version": { + "description": "Release version.\n", + "type": "string" + } + }, + "type": "object" + }, + "types.DiscoveredVM": { + "description": "DiscoveredVM represents the information about the instance, fetched from the cloud compute interface", + "properties": { + "_id": { + "description": "ID is the instance id. E.g. \"i-5cd23551\".\n", + "type": "string" + }, + "accountID": { + "description": "AccountID is the cloud provider account ID.\n", + "type": "string" + }, + "architecture": { + "description": "Architecture is the architecture of the image.\n", + "type": "string" + }, + "arn": { + "description": "The Amazon Resource Name (ARN) assigned to the instance.\n", + "type": "string" + }, + "awsSubnetID": { + "description": "AWSSubnetID is the ID of the subnet associated with the VM (AWS only).\n", + "type": "string" + }, + "awsVPCID": { + "description": "AWSVPCID is the ID of the VPC associated with the VM (AWS only).\n", + "type": "string" + }, + "cluster": { + "description": "Cluster is the cluster name that is associated with the vm.\n", + "type": "string" + }, + "collections": { + "description": "Collections is a list of the matched collections.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "createdAt": { + "description": "CreatedAt is the time when the instance was launched.\n", + "format": "date-time", + "type": "string" + }, + "fqdn": { + "description": "FQDN is the host's fully qualified domain name . E.g. \"ip-192-0-2-0.us-east-2.compute.internal\".\n", + "type": "string" + }, + "hasDefender": { + "description": "HasDefender indicates that the instance has a defender installed on it.\n", + "type": "boolean" + }, + "hostname": { + "description": "Hostname is the hostname. E.g. \"ip-192-0-2-0\" or \"custom\".\n", + "type": "string" + }, + "imageID": { + "description": "ImageID is the ID of the AMI used to launch the instance. E.g. \"ami-35501205\".\n", + "type": "string" + }, + "imageName": { + "description": "ImageName is the name of the AMI used to launch the instance.\n", + "type": "string" + }, + "name": { + "description": "Name is the instance name.\n", + "type": "string" + }, + "os": { + "description": "OS is the Operating System installed on the instance.\n", + "type": "string" + }, + "osInfo": { + "$ref": "#/components/schemas/common.OSDistroInfo" + }, + "provider": { + "$ref": "#/components/schemas/common.CloudProvider" + }, + "region": { + "description": "Region is the region the VM is located at.\n", + "type": "string" + }, + "tags": { + "description": "Tags are the tags of the VM instance.\n", + "items": { + "$ref": "#/components/schemas/common.ExternalLabel" + }, + "type": "array" + }, + "timestamp": { + "description": "Timestamp is the time in which the instance info was fetched.\n", + "format": "date-time", + "type": "string" + } + }, + "type": "object" + }, + "types.EcsTaskDefinitionOptions": { + "description": "EcsTaskDefinitionOptions holds the ecs deployment options", + "properties": { + "annotations": { + "additionalProperties": { + "$ref": "#/components/schemas/string" + }, + "description": "Annotations is mapping of key-value pairs of annotations metadata - optional.\n", + "type": "object" + }, + "bottlerocket": { + "description": "Bottlerocket indicates whether to be deployed on a Bottlerocket Linux OS.\n", + "type": "boolean" + }, + "cluster": { + "description": "Cluster is the kubernetes or ecs cluster name.\n", + "type": "string" + }, + "clusterNameResolvingMethod": { + "description": "ClusterNameResolvingMethod is the method used to resolve the cluster name, could be default, manual or api-server.\n", + "type": "string" + }, + "collectPodLabels": { + "description": "CollectPodLabels indicates whether to collect pod related labels resource labels.\n", + "type": "boolean" + }, + "consoleAddr": { + "description": "ConsoleAddr is the console address for defender communication.\n", + "type": "string" + }, + "containerRuntime": { + "$ref": "#/components/schemas/common.ContainerRuntime" + }, + "cpuLimit": { + "description": "CPULimit is the cpu limit for the defender deamonset - optional.\n", + "type": "integer" + }, + "credentialID": { + "description": "CredentialID is the name of the credential used.\n", + "type": "string" + }, + "dockerSocketPath": { + "description": "DockerSocketPath is the path of the docker socket file.\n", + "type": "string" + }, + "gkeAutopilot": { + "description": "GKEAutopilot indicates the deployment is requested for GKE Autopilot.\n", + "type": "boolean" + }, + "hostCustomComplianceEnabled": { + "description": "HostCustomComplianceEnabled indicates whether host custom compliance checks are enabled.\n", + "type": "boolean" + }, + "image": { + "description": "Image is the full daemonset image name.\n", + "type": "string" + }, + "istio": { + "description": "MonitorIstio indicates whether to monitor Istio.\n", + "type": "boolean" + }, + "memoryLimit": { + "description": "MemoryLimit is a memory limit for the defender deamonset - optional.\n", + "type": "integer" + }, + "namespace": { + "description": "Namespace is the target deamonset namespaces.\n", + "type": "string" + }, + "nodeSelector": { + "description": "NodeSelector is a key/value node selector.\n", + "type": "string" + }, + "orchestration": { + "description": "Orchestration is the orchestration type.\n", + "type": "string" + }, + "priorityClassName": { + "description": "PriorityClassName is the name of the priority class for the defender - optional.\n", + "type": "string" + }, + "privileged": { + "description": "Privileged indicates whether to run defenders as privileged.\n", + "type": "boolean" + }, + "projectID": { + "description": "ProjectID is the kubernetes cluster project ID.\n", + "type": "string" + }, + "proxy": { + "$ref": "#/components/schemas/common.DefenderProxyOpt" + }, + "region": { + "description": "Region is the kubernetes cluster location region.\n", + "type": "string" + }, + "roleARN": { + "description": "RoleARN is the role's ARN to associate with the created service account - optional.\n", + "type": "string" + }, + "secretsname": { + "description": "SecretsName is the name of the secret to pull.\n", + "type": "string" + }, + "selinux": { + "description": "SelinuxEnforced indicates whether selinux is enforced on the target host.\n", + "type": "boolean" + }, + "serviceaccounts": { + "description": "MonitorServiceAccounts indicates whether to monitor service accounts.\n", + "type": "boolean" + }, + "talos": { + "description": "Talos indicates if the daemonset is to be deployed on a Talos Linux k8s cluster.\n", + "type": "boolean" + }, + "taskName": { + "description": "TaskName is the name used for the task definition.\n", + "type": "string" + }, + "tolerations": { + "description": "Tolerations is a list of tolerations for the defender deamonset - optional.\n", + "items": { + "$ref": "#/components/schemas/common.Toleration" + }, + "type": "array" + }, + "uniqueHostname": { + "description": "UniqueHostname indicates whether to assign unique hostnames.\n", + "type": "boolean" + } + }, + "type": "object" + }, + "types.Endpoint": { + "description": "Endpoint represents a Cortex XDR agent", + "properties": { + "active_directory": { + "description": ".\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "alias": { + "description": ".\n", + "type": "string" + }, + "assigned_extensions_policy": { + "description": ".\n", + "type": "string" + }, + "assigned_prevention_policy": { + "description": ".\n", + "type": "string" + }, + "cloud_info": { + "$ref": "#/components/schemas/types.CloudInfo" + }, + "cloud_labels": { + "description": ".\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "cloud_provider_account_id": { + "description": ".\n", + "type": "string" + }, + "cloud_security_agent_capable": { + "description": ".\n", + "type": "boolean" + }, + "cloud_security_agent_mode": { + "description": ".\n", + "type": "boolean" + }, + "cluster_name": { + "description": ".\n", + "type": "string" + }, + "content_release_timestamp": { + "description": ".\n", + "format": "int64", + "type": "integer" + }, + "content_status": { + "description": ".\n", + "type": "string" + }, + "content_version": { + "description": ".\n", + "type": "string" + }, + "domain": { + "description": ".\n", + "type": "string" + }, + "endpoint_id": { + "description": "EndpointID is the Endpoint unique identifier.\n", + "type": "string" + }, + "endpoint_name": { + "description": "EndpointName is the hostname.\n", + "type": "string" + }, + "endpoint_status": { + "description": ".\n", + "type": "string" + }, + "endpoint_type": { + "description": ".\n", + "type": "string" + }, + "endpoint_version": { + "description": ".\n", + "type": "string" + }, + "first_seen": { + "description": ".\n", + "format": "int64", + "type": "integer" + }, + "group_name": { + "description": ".\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "install_date": { + "description": ".\n", + "format": "int64", + "type": "integer" + }, + "installation_package": { + "description": ".\n", + "type": "string" + }, + "ip": { + "description": ".\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "ipv6": { + "description": ".\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "is_isolated": { + "description": ".\n", + "type": "string" + }, + "isolated_date": { + "description": ".\n", + "format": "int64", + "type": "integer" + }, + "last_content_update_time": { + "description": ".\n", + "format": "int64", + "type": "integer" + }, + "last_seen": { + "description": "LastSeen is the last time the Endpoint was seen connected (UTC epoch milliseconds).\n", + "format": "int64", + "type": "integer" + }, + "mac_address": { + "description": ".\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "operating_system": { + "description": ".\n", + "type": "string" + }, + "operational_status": { + "description": ".\n", + "type": "string" + }, + "operational_status_description": { + "description": ".\n", + "type": "string" + }, + "operational_status_details": { + "description": ".\n", + "items": { + "$ref": "#/components/schemas/types.OperationalStatusDetail" + }, + "type": "array" + }, + "os_type": { + "description": ".\n", + "type": "string" + }, + "os_version": { + "description": ".\n", + "type": "string" + }, + "public_ip": { + "description": ".\n", + "type": "string" + }, + "scan_status": { + "description": ".\n", + "type": "string" + }, + "tags": { + "$ref": "#/components/schemas/types.Tags" + }, + "token_hash": { + "description": ".\n", + "type": "string" + }, + "users": { + "description": ".\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + "type": "object" + }, + "types.EventStats": { + "description": "EventStats holds counters for all event types", + "properties": { + "admissionAudits": { + "description": ".\n", + "type": "integer" + }, + "agentlessAppFirewall": { + "description": ".\n", + "type": "integer" + }, + "appEmbeddedAppFirewall": { + "description": ".\n", + "type": "integer" + }, + "appEmbeddedRuntime": { + "description": ".\n", + "type": "integer" + }, + "containerAppFirewall": { + "description": ".\n", + "type": "integer" + }, + "containerNetworkFirewall": { + "description": ".\n", + "type": "integer" + }, + "containerRuntime": { + "description": ".\n", + "type": "integer" + }, + "containerSecurityEvents": { + "description": "Cloud Security Agent event stats.\n", + "type": "integer" + }, + "dockerAccess": { + "description": ".\n", + "type": "integer" + }, + "fileIntegrity": { + "description": ".\n", + "type": "integer" + }, + "hostActivities": { + "description": ".\n", + "type": "integer" + }, + "hostAppFirewall": { + "description": ".\n", + "type": "integer" + }, + "hostNetworkFirewall": { + "description": ".\n", + "type": "integer" + }, + "hostRuntime": { + "description": ".\n", + "type": "integer" + }, + "hostSecurityEvents": { + "description": ".\n", + "type": "integer" + }, + "kubernetesAudits": { + "description": ".\n", + "type": "integer" + }, + "logInspection": { + "description": ".\n", + "type": "integer" + }, + "serverlessAppFirewall": { + "description": ".\n", + "type": "integer" + }, + "serverlessRuntime": { + "description": ".\n", + "type": "integer" + }, + "trustAudits": { + "description": ".\n", + "type": "integer" + } + }, + "type": "object" + }, + "types.Group": { + "description": "Group represents a console group", + "properties": { + "_id": { + "description": "Group name.\n", + "type": "string" + }, + "groupId": { + "description": "Group identifier in the Azure SAML identification process.\n", + "type": "string" + }, + "groupName": { + "description": "Group name.\n", + "type": "string" + }, + "lastModified": { + "description": "Datetime when the group was created or last modified.\n", + "format": "date-time", + "type": "string" + }, + "ldapGroup": { + "description": "Indicates if the group is an LDAP group (true) or not (false).\n", + "type": "boolean" + }, + "oauthGroup": { + "description": "Indicates if the group is an OAuth group (true) or not (false).\n", + "type": "boolean" + }, + "oidcGroup": { + "description": "Indicates if the group is an OpenID Connect group (true) or not (false).\n", + "type": "boolean" + }, + "owner": { + "description": "User who created or modified the group.\n", + "type": "string" + }, + "permissions": { + "$ref": "#/components/schemas/api.Permissions" + }, + "role": { + "description": "Role of the group.\n", + "type": "string" + }, + "samlGroup": { + "description": "Indicates if the group is a SAML group (true) or not (false).\n", + "type": "boolean" + }, + "user": { + "description": "Users in the group.\n", + "items": { + "$ref": "#/components/schemas/shared.User" + }, + "type": "array" + } + }, + "type": "object" + }, + "types.Groups": { + "description": "Groups represents a list of groups", + "items": { + "$ref": "#/components/schemas/types.Group" + }, + "type": "array" + }, + "types.HPKPSettings": { + "description": "HPKPSettings represents the public key pinning settings", + "properties": { + "certs": { + "description": "Certs are the public certs used for fingerprinting.\n", + "type": "string" + }, + "enabled": { + "description": ".\n", + "type": "boolean" + }, + "fingerprints": { + "description": "SHA256 fingerprints of the certificates.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + "type": "object" + }, + "types.HostAssetInfo": { + "properties": { + "accountID": { + "description": ".\n", + "type": "string" + }, + "cluster": { + "description": ".\n", + "type": "string" + }, + "collections": { + "description": "Collections to which this result applies.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "distro": { + "description": ".\n", + "type": "string" + }, + "docker": { + "description": ".\n", + "type": "string" + }, + "kubernetes": { + "description": ".\n", + "type": "string" + }, + "lastScanTime": { + "description": ".\n", + "format": "date-time", + "type": "string" + }, + "name": { + "description": ".\n", + "type": "string" + }, + "osDistro": { + "description": ".\n", + "type": "string" + }, + "osRelease": { + "description": ".\n", + "type": "string" + }, + "provider": { + "$ref": "#/components/schemas/common.CloudProvider" + }, + "region": { + "description": ".\n", + "type": "string" + }, + "resourceName": { + "description": ".\n", + "type": "string" + }, + "scanPassed": { + "description": ".\n", + "type": "boolean" + }, + "scannedBy": { + "description": ".\n", + "type": "string" + }, + "stage": { + "description": ".\n", + "type": "string" + }, + "vmImage": { + "description": ".\n", + "type": "string" + } + }, + "type": "object" + }, + "types.HostAssetsSummary": { + "properties": { + "cloudProviders": { + "$ref": "#/components/schemas/types.CloudProviders" + }, + "total": { + "description": ".\n", + "type": "integer" + }, + "vulnerable": { + "description": "Vulnerable is the number of images with impactful vulnerabilities.\n", + "type": "integer" + } + }, + "type": "object" + }, + "types.HostAutoDeploySpecStatus": { + "description": "HostAutoDeploySpecStatus contains the discovery and deployment status for a particular host auto-deploy spec", + "properties": { + "defended": { + "description": "Defended is the number of already defended VMs.\n", + "type": "integer" + }, + "discovered": { + "description": "Discovered is the number of discovered unprodected VMs.\n", + "type": "integer" + }, + "error": { + "description": "Error is an error logged during the the auto-deploy scan (if occurred).\n", + "type": "string" + }, + "errors": { + "description": "Errors are the errors occurred in the command invocations.\n", + "items": { + "$ref": "#/components/schemas/deployment.CommandError" + }, + "type": "array" + }, + "failed": { + "description": "Failed is the number of instances where deployment failed.\n", + "type": "integer" + }, + "missingPermissions": { + "description": "MissingPermissions is the number of instances in regions that the credential don't have permissions to them.\n", + "type": "integer" + }, + "name": { + "description": "Name is the spec name.\n", + "type": "string" + }, + "skipped": { + "description": "Skipped is the number of instances that the deployment was skipped for due to having a running Docker engine or being a worker node in a k8s cluster.\n", + "type": "integer" + }, + "unmatched": { + "description": "Unmatched is the number of discovered instances for which the scope does not apply.\n", + "type": "integer" + }, + "unsupported": { + "description": "Unsupported is the number of instances with missing prerequisites.\n", + "type": "integer" + }, + "windows": { + "description": "Windows is the number of windows instances discovered.\n", + "type": "integer" + } + }, + "type": "object" + }, + "types.HostAutoDeployStatus": { + "description": "HostAutoDeployStatus is the status of the deployment tasks per spec during the host auto-deploy action", + "properties": { + "scanning": { + "description": "Scanning indicates whether scanning is running.\n", + "type": "boolean" + }, + "status": { + "description": "Status contains the deploy status for each spec.\n", + "items": { + "$ref": "#/components/schemas/types.HostAutoDeploySpecStatus" + }, + "type": "array" + } + }, + "type": "object" + }, + "types.HostRadarData": { + "description": "HostRadarData represent all data relevant to the network radar", + "properties": { + "hostCount": { + "description": "HostCount is the total number of hosts.\n", + "type": "integer" + }, + "radar": { + "description": "Radar holds all radar entities.\n", + "items": { + "$ref": "#/components/schemas/types.HostRadarEntity" + }, + "type": "array" + }, + "radarSubnets": { + "description": "RadarSubnets holds all the radar subnets.\n", + "items": { + "$ref": "#/components/schemas/cnnf.NetworkEntity" + }, + "type": "array" + } + }, + "type": "object" + }, + "types.HostRadarEntity": { + "description": "HostRadarEntity is the extended host radar entity (include presentation metadata)", + "properties": { + "OSDistro": { + "description": "OSDistro is the OS distro name (e.g., ubuntu).\n", + "type": "string" + }, + "_id": { + "description": "ID is the host name.\n", + "type": "string" + }, + "activitiesCount": { + "description": "ActivitiesCount is the number of activities detected in the host.\n", + "type": "integer" + }, + "agentless": { + "description": "Agentless indicates whether this host was scanned by the agentless scanner.\n", + "type": "boolean" + }, + "allowAll": { + "$ref": "#/components/schemas/cnnf.AllowAllConnections" + }, + "appFirewallAttackCounts": { + "description": "AppFirewallAttackCounts is the counts for the app firewall attacks.\n", + "items": { + "$ref": "#/components/schemas/types.AppFirewallAttackCount" + }, + "type": "array" + }, + "cloudMetadata": { + "$ref": "#/components/schemas/common.CloudMetadata" + }, + "cluster": { + "description": "Cluster is the cluster the host is deployed on.\n", + "type": "string" + }, + "complianceDistribution": { + "$ref": "#/components/schemas/vuln.Distribution" + }, + "created": { + "description": "Created is the profile creation time.\n", + "format": "date-time", + "type": "string" + }, + "fileIntegrityCount": { + "description": "FileIntegrityCount is the number of file integrity events detected in the host.\n", + "type": "integer" + }, + "filesystemCount": { + "description": "FilesystemCount is number of filesystem events triggered by the entity.\n", + "type": "integer" + }, + "firewallProtection": { + "$ref": "#/components/schemas/waas.ProtectionStatus" + }, + "geoip": { + "$ref": "#/components/schemas/runtime.ProfileNetworkGeoIP" + }, + "incidentCount": { + "description": "IncidentCount is the number of incidents triggered by the entity.\n", + "type": "integer" + }, + "incoming": { + "description": "Incoming are the incoming connections from the host.\n", + "items": { + "$ref": "#/components/schemas/shared.HostRadarIncomingConnection" + }, + "type": "array" + }, + "internet": { + "$ref": "#/components/schemas/shared.InternetConnections" + }, + "labels": { + "description": "Labels are the labels associated with the profile.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "listeningPorts": { + "$ref": "#/components/schemas/common.ProfilePortData" + }, + "logInspectionCount": { + "description": "LogInspectionCount is the number of log inspection events detected in the host.\n", + "type": "integer" + }, + "networkCount": { + "description": "NetworkCount is number of network events triggered by the entity.\n", + "type": "integer" + }, + "outboundPorts": { + "$ref": "#/components/schemas/common.ProfilePortData" + }, + "processesCount": { + "description": "ProcessesCount is the number of processes events triggered by the entity.\n", + "type": "integer" + }, + "profileHash": { + "$ref": "#/components/schemas/common.ProfileHash" + }, + "subnetConnections": { + "$ref": "#/components/schemas/shared.SubnetConnections" + }, + "vulnerabilityDistribution": { + "$ref": "#/components/schemas/vuln.Distribution" + }, + "waasStats": { + "$ref": "#/components/schemas/waas.MonitoringStats" + } + }, + "type": "object" + }, + "types.ImageAssetInfo": { + "properties": { + "collections": { + "description": "Collections to which this result applies.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "digest": { + "description": ".\n", + "type": "string" + }, + "distro": { + "description": ".\n", + "type": "string" + }, + "imageID": { + "description": ".\n", + "type": "string" + }, + "lastScanTime": { + "description": ".\n", + "format": "date-time", + "type": "string" + }, + "name": { + "description": ".\n", + "type": "string" + }, + "osDistro": { + "description": ".\n", + "type": "string" + }, + "osRelease": { + "description": ".\n", + "type": "string" + }, + "registry": { + "description": ".\n", + "type": "string" + }, + "repository": { + "description": ".\n", + "type": "string" + }, + "scanPassed": { + "description": ".\n", + "type": "boolean" + }, + "scannedBy": { + "description": ".\n", + "type": "string" + }, + "stage": { + "description": ".\n", + "type": "string" + } + }, + "type": "object" + }, + "types.ImageAssetsSummary": { + "properties": { + "cloudProviders": { + "$ref": "#/components/schemas/types.CloudProviders" + }, + "stages": { + "$ref": "#/components/schemas/types.Stages" + }, + "vulnerable": { + "description": "Vulnerable is the number of images with impactful vulnerabilities.\n", + "type": "integer" + } + }, + "type": "object" + }, + "types.ImageScanOptions": { + "description": "ImageScanOptions holds the options for image scanning", + "properties": { + "hostname": { + "description": "Hostname is the optional host name to scan.\n", + "type": "string" + }, + "imageTag": { + "$ref": "#/components/schemas/shared.ImageTag" + } + }, + "type": "object" + }, + "types.ImpactedContainer": { + "description": "ImpactedContainer contains details of a running container with an impacted image", + "properties": { + "container": { + "description": ".\n", + "type": "string" + }, + "factors": { + "$ref": "#/components/schemas/types.RiskScoreFactors" + }, + "host": { + "description": ".\n", + "type": "string" + }, + "image": { + "description": ".\n", + "type": "string" + }, + "imageID": { + "description": ".\n", + "type": "string" + }, + "namespace": { + "description": ".\n", + "type": "string" + } + }, + "type": "object" + }, + "types.ImpactedOutOfBandEntity": { + "description": "ImpactedOutOfBandEntity holds the info of an impacted out of band entity", + "properties": { + "containerName": { + "description": "ContainerName is the name of the container or empty for host.\n", + "type": "string" + }, + "hostname": { + "description": "Hostname is the name of the host that was scanned or host on which the container is deployed.\n", + "type": "string" + }, + "image": { + "description": "Image is the image name of the container or empty for host.\n", + "type": "string" + } + }, + "type": "object" + }, + "types.ImpactedPackage": { + "description": "ImpactedPackage holds the vulnerability details for a package", + "properties": { + "cvss": { + "description": "CVSS is the vulnerability cvss score for this package.\n", + "format": "float", + "type": "number" + }, + "package": { + "description": "Package is the impacted package name and version.\n", + "type": "string" + }, + "severity": { + "description": "Severity is the vulnerability severity for this package.\n", + "type": "string" + } + }, + "type": "object" + }, + "types.ImpactedResourceDetails": { + "description": "ImpactedResourceDetails holds the vulnerability details for a specific impacted resource", + "properties": { + "containers": { + "description": "Containers are the running containers of this image found in the environment.\n", + "items": { + "$ref": "#/components/schemas/types.ImpactedContainer" + }, + "type": "array" + }, + "functionDetails": { + "description": "FunctionDetails is a formatted string holding function details.\n", + "type": "string" + }, + "packages": { + "description": "Packages holds vulnerability details per impacted package found in this resource.\n", + "items": { + "$ref": "#/components/schemas/types.ImpactedPackage" + }, + "type": "array" + }, + "resourceID": { + "description": "ResourceID is a resource identifier (e.g. image ID, hostname).\n", + "type": "string" + } + }, + "type": "object" + }, + "types.IntelligenceStatus": { + "description": "IntelligenceStatus stores the status on the intelligence service", + "properties": { + "connected": { + "description": ".\n", + "type": "boolean" + }, + "err": { + "description": ".\n", + "type": "string" + }, + "lastUpdate": { + "description": ".\n", + "format": "date-time", + "type": "string" + }, + "modified": { + "description": ".\n", + "format": "date-time", + "type": "string" + } + }, + "type": "object" + }, + "types.IssueType": { + "description": "IssueType is used to filter scan results by issue type", + "enum": [ + [ + "vulnerabilities", + "compliance", + "" + ] + ], + "type": "string" + }, + "types.LatestVersion": { + "description": "LatestVersion represents the latest remote product version", + "properties": { + "latestVersion": { + "description": "LatestVersion is the latest official product version.\n", + "type": "string" + } + }, + "type": "object" + }, + "types.LicenseStats": { + "description": "LicenseStats holds the console license stats", + "properties": { + "avg": { + "description": "Avg is the average number of credits.\n", + "format": "double", + "type": "number" + }, + "containerDefenders": { + "description": "ContainerDefenders is the total number of container defenders.\n", + "type": "integer" + }, + "dailySamplesDefenders": { + "description": "DailySamplesDefenders holds the last 30 daily credits averages.\n", + "items": { + "$ref": "#/components/schemas/float64" + }, + "type": "array" + }, + "exceeded": { + "description": "Exceeded indicates the number of credits exceeded license.\n", + "type": "boolean" + }, + "hostDefenders": { + "description": "HostDefenders is the total number of host defenders.\n", + "type": "integer" + }, + "hourAvg": { + "description": "HourAvg is the average number of credits per hour.\n", + "format": "double", + "type": "number" + }, + "hourSamples": { + "description": "HourSamples is the number of hourly samples collected.\n", + "format": "double", + "type": "number" + }, + "monthlyUsage": { + "description": "MonthlyUsage holds the last 24 monthly usage averages.\n", + "items": { + "$ref": "#/components/schemas/types.AllDefendersUsage" + }, + "type": "array" + }, + "msg": { + "description": "Msg is the license exceeded error/warning message to show.\n", + "type": "string" + }, + "onDemandCredits": { + "description": "OnDemandCredits is the number of on demand credits used during the current contract.\n", + "type": "integer" + }, + "protectedFunctions": { + "description": "ProtectedFunctions is the number of serverless functions that have a defender installed.\n", + "format": "double", + "type": "number" + }, + "scannedFunctions": { + "description": "ScannedFunctions is the number functions being scanned for vulnerabilities and compliance issues without a defender installed.\n", + "format": "double", + "type": "number" + }, + "serverlessTimestamp": { + "description": "ServerlessTimestamp is the timestamp for the last serverless credit calculation.\n", + "format": "date-time", + "type": "string" + }, + "timestamp": { + "description": "Timestamp is the last collection timestamp.\n", + "format": "date-time", + "type": "string" + }, + "totalCreditUsage": { + "description": "TotalCreditUsage is the total amount of credits used from the beginning of the current contract.\n", + "type": "integer" + } + }, + "type": "object" + }, + "types.LogUploadResponse": { + "description": "LogUploadResponse returns the result of uploading a file to the intelligence", + "properties": { + "remotePath": { + "description": "Path returned by the intelligence.\n", + "type": "string" + } + }, + "type": "object" + }, + "types.LogonSettings": { + "description": "LogonSettings are settings associated with the login properties", + "properties": { + "basicAuthDisabled": { + "description": "Indicates whether the user can use basic auth.\n", + "type": "boolean" + }, + "includeTLS": { + "description": "IncludeTLS indicates that TLS checks should be included in copy links.\n", + "type": "boolean" + }, + "sessionTimeoutSec": { + "description": "SessionTimeoutSec defines the session timeout in seconds.\n", + "format": "int64", + "type": "integer" + }, + "strongPassword": { + "description": "StrongPassword indicates whether strong password enforcement is applied.\n", + "type": "boolean" + }, + "useSupportCredentials": { + "description": "UseSupportCredentials indicates whether to include credentials in the URL.\n", + "type": "boolean" + } + }, + "type": "object" + }, + "types.MgmtAuditFilters": { + "description": "MgmtAuditFilters are filters for management audit queries", + "properties": { + "type": { + "description": "Type is the management audit type filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "username": { + "description": "Usernames is a filter for specific users.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + "type": "object" + }, + "types.NetworkFirewallStats": { + "description": "NetworkFirewallStats stores the total amount of network firewall audits", + "properties": { + "alerted": { + "description": ".\n", + "type": "integer" + }, + "blocked": { + "description": ".\n", + "type": "integer" + } + }, + "type": "object" + }, + "types.OperationalStatusDetail": { + "properties": { + "reason": { + "description": ".\n", + "type": "string" + }, + "title": { + "description": ".\n", + "type": "string" + } + }, + "type": "object" + }, + "types.ProfileStateUpdate": { + "description": "ProfileStateUpdate is the request for updating profile state", + "properties": { + "profileID": { + "description": "ID is the profile ID to relearn.\n", + "type": "string" + }, + "state": { + "$ref": "#/components/schemas/shared.RuntimeProfileState" + } + }, + "type": "object" + }, + "types.Project": { + "description": "Project represent the project details", + "properties": { + "_id": { + "description": "ID is the project name (primary index).\n", + "type": "string" + }, + "address": { + "description": "Address is the project address.\n", + "type": "string" + }, + "ca": { + "description": "CACertificate is the remote console CA certificate.\n", + "items": { + "$ref": "#/components/schemas/byte" + }, + "type": "array" + }, + "creationTime": { + "description": "CreationTime is the remote project creation time.\n", + "format": "date-time", + "type": "string" + }, + "err": { + "description": "Err are errors that happened during project synchronization / setup.\n", + "type": "string" + }, + "password": { + "$ref": "#/components/schemas/common.Secret" + }, + "skipCertificateVerification": { + "description": "SkipCertificateVerification indicates that the connection to the secondary project is done on insecure channel, this is used when secondary\nproject is behind a proxy or when customer is using custom certs.\n", + "type": "boolean" + }, + "username": { + "description": "Username is the remote project username.\n", + "type": "string" + } + }, + "type": "object" + }, + "types.ProjectCredentials": { + "description": "ProjectCredentials are the supervisor project credentials", + "properties": { + "password": { + "description": "Password is the password used for the deleted project access.\n", + "type": "string" + }, + "user": { + "description": "User is the user used for the deleted project access.\n", + "type": "string" + } + }, + "type": "object" + }, + "types.RegistryWebhookRequest": { + "description": "RegistryWebhookRequest is a registry scanning webhook request.\nSchema supports multiple webhook providers:\nhttps://docs.docker.com/docker-hub/webhooks/\nhttps://docs.docker.com/registry/notifications/", + "properties": { + "action": { + "description": "Action is the webhook action.\n", + "type": "string" + }, + "artifactory": { + "$ref": "#/components/schemas/types.ArtifactoryWebhookRequest" + }, + "domain": { + "description": "Domain indicates the artifactory webhook domain (e.g., artifact, docker, build, etc). Used to avoid filter docker events.\n", + "type": "string" + }, + "event_type": { + "description": "EventType is the artifactory webhook action performed (e.g., push).\n", + "type": "string" + }, + "type": { + "description": "Type is the event type (Harbor registry).\n", + "type": "string" + } + }, + "type": "object" + }, + "types.RelatedImage": { + "properties": { + "name": { + "description": ".\n", + "type": "string" + }, + "scanStatus": { + "description": ".\n", + "type": "boolean" + }, + "uaiID": { + "description": ".\n", + "type": "string" + } + }, + "type": "object" + }, + "types.RelatedImages": { + "properties": { + "build": { + "description": ".\n", + "items": { + "$ref": "#/components/schemas/types.RelatedImage" + }, + "type": "array" + }, + "deploy": { + "description": ".\n", + "items": { + "$ref": "#/components/schemas/types.RelatedImage" + }, + "type": "array" + }, + "run": { + "description": ".\n", + "items": { + "$ref": "#/components/schemas/types.RelatedImage" + }, + "type": "array" + } + }, + "type": "object" + }, + "types.ResourceVulnerabilityStats": { + "description": "ResourceVulnerabilityStats holds vulnerability stats of a single resource type", + "properties": { + "count": { + "description": "Count is the total number of vulnerabilities.\n", + "type": "integer" + }, + "cves": { + "$ref": "#/components/schemas/vuln.Distribution" + }, + "impacted": { + "$ref": "#/components/schemas/vuln.Distribution" + }, + "vulnerabilities": { + "description": "All resource vulnerabilities.\n", + "items": { + "$ref": "#/components/schemas/types.VulnerabilityInfo" + }, + "type": "array" + } + }, + "type": "object" + }, + "types.RiskScoreFactors": { + "description": "RiskScoreFactors holds factors used to calculate risk score", + "properties": { + "envVarSecrets": { + "description": "EnvVarSecrets indicates whether a container has access to secrets via environment variables.\n", + "type": "boolean" + }, + "hostAccess": { + "description": "HostAccess indicates whether a container has access to the host network or namespace.\n", + "type": "boolean" + }, + "internet": { + "description": "Internet indicates whether a container has internet access.\n", + "type": "boolean" + }, + "network": { + "description": "Network indicates whether a container is listening to ports.\n", + "type": "boolean" + }, + "noSecurityProfile": { + "description": "NoSecurityProfile indicates whether a container has security profile issue.\n", + "type": "boolean" + }, + "privilegedContainer": { + "description": "PrivilegedContainer indicates whether a container runs using the --privileged flag.\n", + "type": "boolean" + }, + "rootMount": { + "description": "RootMount indicates whether a container has access to the host file system using a root mount.\n", + "type": "boolean" + }, + "rootPrivilege": { + "description": "RootPrivilege indicates whether a container runs as root.\n", + "type": "boolean" + }, + "runtimeSocket": { + "description": "RuntimeSocket indicates whether a container has the runtime socket mounted.\n", + "type": "boolean" + } + }, + "type": "object" + }, + "types.RuleComplianceStats": { + "description": "RuleComplianceStats holds data regarding applied compliance rule", + "properties": { + "failed": { + "description": "Failed is the count of the rule compliance IDs in resources.\n", + "type": "integer" + }, + "name": { + "description": "Name is the name of the applied rule.\n", + "type": "string" + }, + "policyType": { + "$ref": "#/components/schemas/common.PolicyType" + }, + "total": { + "description": "Total is the count of evaluations done by rule.\n", + "type": "integer" + } + }, + "type": "object" + }, + "types.RuntimeStats": { + "description": "RuntimeStats are stats for runtime flows (sum of audits per flow)", + "properties": { + "filesystem": { + "description": ".\n", + "type": "integer" + }, + "kubernetes": { + "description": ".\n", + "type": "integer" + }, + "network": { + "description": ".\n", + "type": "integer" + }, + "processes": { + "description": ".\n", + "type": "integer" + } + }, + "type": "object" + }, + "types.SecretsStatus": { + "description": "SecretsStatus holds the update status for the secrets", + "properties": { + "err": { + "description": ".\n", + "type": "string" + }, + "lastUpdate": { + "description": ".\n", + "format": "date-time", + "type": "string" + } + }, + "type": "object" + }, + "types.SecurityAdvisorConfiguration": { + "description": "SecurityAdvisorConfiguration is the security configuration associated with security advisor", + "properties": { + "accountID": { + "description": "AccountID is the customer account ID.\n", + "type": "string" + }, + "apikey": { + "description": "APIKey is the security advisor secret.\n", + "type": "string" + }, + "findingsURL": { + "description": "FindingsURL is the url to which findings should be sent.\n", + "type": "string" + }, + "providerId": { + "description": "ProviderID is the id assigned to Twistlock.\n", + "type": "string" + }, + "tokenURL": { + "description": "TokenURL is the url from which token should be fetched.\n", + "type": "string" + } + }, + "type": "object" + }, + "types.SecurityAdvisorDashboardResp": { + "description": "SecurityAdvisorDashboardResp is the response to security advisor dashboard", + "properties": { + "url": { + "description": "URL is the console URL link.\n", + "type": "string" + } + }, + "type": "object" + }, + "types.SecurityAdvisorNotes": { + "description": "SecurityAdvisorNotes security advisor the security advisor finding metadata", + "properties": { + "changedSince": { + "description": "ChangedSince is the last time entries were modified.\n", + "type": "string" + } + }, + "type": "object" + }, + "types.ServerlessAutoDeploySpecStatus": { + "description": "ServerlessAutoDeploySpecStatus contains status for a particular serverless auto-deploy spec", + "properties": { + "defended": { + "description": "Defended is the number of already defended functions.\n", + "type": "integer" + }, + "discovered": { + "description": "Discovered is the number of functions to protect.\n", + "type": "integer" + }, + "name": { + "description": "Name is the spec name.\n", + "type": "string" + } + }, + "type": "object" + }, + "types.ServerlessAutoDeployStatus": { + "description": "ServerlessAutoDeployStatus is the status of the serverless auto-deploy scan", + "properties": { + "errors": { + "description": "Errors is the collection of errors for the auto-deploy scan.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "scanning": { + "description": "Scanning indicates whether scanning is running.\n", + "type": "boolean" + }, + "specs": { + "description": "Specs contains the status for each spec.\n", + "items": { + "$ref": "#/components/schemas/types.ServerlessAutoDeploySpecStatus" + }, + "type": "array" + } + }, + "type": "object" + }, + "types.ServerlessRadarStatus": { + "description": "ServerlessRadarStatus holds the status for serverless radar scans", + "properties": { + "err": { + "description": ".\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + "type": "object" + }, + "types.ServerlessUsage": { + "description": "ServerlessUsage holds the number of defenders, invocations and credits used for serverless defenders", + "properties": { + "creditCount": { + "description": "CreditCount is credits that was used for this defender type.\n", + "format": "double", + "type": "number" + }, + "defendersCount": { + "description": "DefendersCount is the number of defenders that was used for this defender type.\n", + "format": "double", + "type": "number" + }, + "protectedFunctions": { + "description": "ProtectedFunctions is the number of serverless functions that have a defender installed.\n", + "format": "double", + "type": "number" + }, + "scannedFunctions": { + "description": "ScannedFunctions is the number functions being scanned for vulnerabilities and compliance issues without a defender installed.\n", + "format": "double", + "type": "number" + } + }, + "type": "object" + }, + "types.Settings": { + "description": "Settings are the global system settings", + "properties": { + "WAASLogScrubbingSpecs": { + "$ref": "#/components/schemas/waas.SensitiveDataSpecs" + }, + "accessCaCert": { + "description": "AccessCACert is a custom CA certificate.\n", + "type": "string" + }, + "address": { + "description": "Address is the intelligence service address.\n", + "type": "string" + }, + "alerts": { + "$ref": "#/components/schemas/api.AlertSettings" + }, + "certSettings": { + "$ref": "#/components/schemas/types.CertSettings" + }, + "certificatePeriodDays": { + "description": "ClientCertificatePeriodDays is the certificates period in days of client certificates.\n", + "type": "integer" + }, + "checkRevocation": { + "description": "CheckRevocation indicates whether cert revocation status is required.\n", + "type": "boolean" + }, + "clusteredDB": { + "$ref": "#/components/schemas/clustereddb.Settings" + }, + "communicationPort": { + "description": "MgmtPortHTTP is the Console HTTP port.\n", + "type": "integer" + }, + "consoleCaCert": { + "description": "ConsoleCACert is a custom CA certificate for the console.\n", + "type": "string" + }, + "consoleCustomCert": { + "$ref": "#/components/schemas/common.Secret" + }, + "consoleNames": { + "description": "ConsoleNames is a list of names to use when generating the console SAN certificate.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "credentialsCountLimit": { + "description": "CredentialsCountLimit is the maximum amount of allowed credentials.\n", + "type": "integer" + }, + "csaAPairingSettings": { + "$ref": "#/components/schemas/types.CSAPairingSettings" + }, + "customEndpoint": { + "description": "CustomEndpoint is the user defined custom endpoint.\n", + "type": "string" + }, + "customEndpointCACert": { + "description": "CustomEndpointCACert is the custom CA cert bundle for trusting the custom endpoint.\n", + "type": "string" + }, + "customEndpointCredentialID": { + "description": "CustomEndpointCredentialID is the custom endpoint credential ID.\n", + "type": "string" + }, + "customEndpointEnabled": { + "description": "CustomEndpointEnabled indicates that the user custom endpoint is enabled.\n", + "type": "boolean" + }, + "customLabels": { + "$ref": "#/components/schemas/shared.CustomLabelsSettings" + }, + "defenderSettings": { + "$ref": "#/components/schemas/defender.Settings" + }, + "enabled": { + "description": "Enabled indicates whether intelligence service is enabled.\n", + "type": "boolean" + }, + "fipsEnabled": { + "description": "FIPSEnabled indicates whether FIPS-compliant cryptography is enforced.\n", + "type": "boolean" + }, + "forensic": { + "$ref": "#/components/schemas/shared.ForensicSettings" + }, + "hasAdmin": { + "description": "HasAdmin indicates whether the admin account is initialized.\n", + "type": "boolean" + }, + "hostAutoDeploy": { + "$ref": "#/components/schemas/shared.HostAutoDeploySpecifications" + }, + "hpkp": { + "$ref": "#/components/schemas/types.HPKPSettings" + }, + "identitySettings": { + "$ref": "#/components/schemas/identity.Settings" + }, + "ldapEnabled": { + "description": "LdapEnabled indicates whether ldap is enabled.\n", + "type": "boolean" + }, + "licenseKey": { + "description": "LicenseKey is the license key.\n", + "type": "string" + }, + "logging": { + "$ref": "#/components/schemas/shared.LoggingSettings" + }, + "logon": { + "$ref": "#/components/schemas/types.LogonSettings" + }, + "oauthEnabled": { + "description": "OauthEnabled indicates whether Oauth is enabled.\n", + "type": "boolean" + }, + "oidcEnabled": { + "description": "OidcEnabled indicates whether OpenID connect is enabled.\n", + "type": "boolean" + }, + "projects": { + "$ref": "#/components/schemas/api.ProjectSettings" + }, + "proxy": { + "$ref": "#/components/schemas/common.ProxySettings" + }, + "registry": { + "$ref": "#/components/schemas/shared.RegistrySettings" + }, + "runtimeSecretScrubbingSettings": { + "$ref": "#/components/schemas/shared.RuntimeSecretScrubbingSettings" + }, + "samlEnabled": { + "description": "SamlEnabled indicates whether saml is enabled.\n", + "type": "boolean" + }, + "scan": { + "$ref": "#/components/schemas/shared.ScanSettings" + }, + "secretsStores": { + "$ref": "#/components/schemas/shared.SecretsStores" + }, + "securedConsolePort": { + "description": "MgmtPortHTTPS is the Console HTTPS port.\n", + "type": "integer" + }, + "serverlessAutoDeploy": { + "$ref": "#/components/schemas/shared.ServerlessAutoDeploySpecifications" + }, + "tasDroplets": { + "description": "TASDropletsSpecification is the TAS droplets scanning settings.\n", + "items": { + "$ref": "#/components/schemas/shared.TASDropletSpecification" + }, + "type": "array" + }, + "telemetry": { + "$ref": "#/components/schemas/types.TelemetrySettings" + }, + "token": { + "description": "Token is the token used to access intelligence service.\n", + "type": "string" + }, + "trustedCerts": { + "description": "TrustedCerts is the list of trusted cert to allow in docker access scenarios.\n", + "items": { + "$ref": "#/components/schemas/shared.TrustedCertSignature" + }, + "type": "array" + }, + "trustedCertsEnabled": { + "description": "TrustedCertsEnabled indicates whether to enable the trusted certificate feature.\n", + "type": "boolean" + }, + "uploadDisabled": { + "description": "UploadDisabled indicates whether logs uploading is disabled.\n", + "type": "boolean" + }, + "version": { + "description": "Version is the current console version.\n", + "type": "string" + }, + "vms": { + "$ref": "#/components/schemas/shared.VMSpecifications" + }, + "webAppsDiscoverySettings": { + "$ref": "#/components/schemas/waas.WebAppsDiscoverySettings" + }, + "wildFireSettings": { + "$ref": "#/components/schemas/shared.WildFireSettings" + }, + "windowsFeedEnabled": { + "description": "WindowsFeedEnabled indicates whether windows feed is enabled.\n", + "type": "boolean" + } + }, + "type": "object" + }, + "types.Stages": { + "properties": { + "build": { + "description": "Build is the count of CI scan.\n", + "type": "integer" + }, + "deploy": { + "description": "Deploy is the count of registry Images.\n", + "type": "integer" + }, + "run": { + "description": "Run is the count of deployed Images.\n", + "type": "integer" + } + }, + "type": "object" + }, + "types.Stats": { + "description": "Stats represents the status model that is stored in the DB", + "properties": { + "AgentlessAppFirewall": { + "$ref": "#/components/schemas/types.AppFirewallStats" + }, + "_id": { + "description": "ID is the metric type.\n", + "type": "string" + }, + "access": { + "$ref": "#/components/schemas/types.AccessStats" + }, + "appEmbeddedAppFirewall": { + "$ref": "#/components/schemas/types.AppFirewallStats" + }, + "container": { + "$ref": "#/components/schemas/types.RuntimeStats" + }, + "containerAppFirewall": { + "$ref": "#/components/schemas/types.AppFirewallStats" + }, + "containerNetworkFirewall": { + "$ref": "#/components/schemas/types.NetworkFirewallStats" + }, + "host": { + "$ref": "#/components/schemas/types.RuntimeStats" + }, + "hostAppFirewall": { + "$ref": "#/components/schemas/types.AppFirewallStats" + }, + "hostComplianceCount": { + "description": "HostComplianceCount is the host compliance count.\n", + "type": "integer" + }, + "hostNetworkFirewall": { + "$ref": "#/components/schemas/types.NetworkFirewallStats" + }, + "incidentsCount": { + "description": "IncidentsCount is the incidents count.\n", + "type": "integer" + }, + "serverless": { + "$ref": "#/components/schemas/types.RuntimeStats" + }, + "serverlessAppFirewall": { + "$ref": "#/components/schemas/types.AppFirewallStats" + }, + "time": { + "description": "UnixTimestamp is the unix timestamp.\n", + "format": "int64", + "type": "integer" + }, + "vulnerabilities": { + "$ref": "#/components/schemas/types.VulnerabilitiesStats" + } + }, + "type": "object" + }, + "types.Status": { + "description": "Status stores the status of a specific defender or for global features such as intelligence or LDAP", + "properties": { + "_id": { + "description": "ID is the defender identifier if the status is per defender or the type for global statuses.\n", + "type": "string" + }, + "appFirewall": { + "$ref": "#/components/schemas/defender.FeatureStatus" + }, + "container": { + "$ref": "#/components/schemas/defender.ScanStatus" + }, + "containerNetworkFirewall": { + "$ref": "#/components/schemas/defender.FeatureStatus" + }, + "features": { + "$ref": "#/components/schemas/defender.FeatureStatus" + }, + "filesystem": { + "$ref": "#/components/schemas/defender.FeatureStatus" + }, + "hostAutoDeploy": { + "$ref": "#/components/schemas/types.HostAutoDeployStatus" + }, + "hostCustomCompliance": { + "$ref": "#/components/schemas/defender.FeatureStatus" + }, + "hostNetworkFirewall": { + "$ref": "#/components/schemas/defender.FeatureStatus" + }, + "image": { + "$ref": "#/components/schemas/defender.ScanStatus" + }, + "intelligence": { + "$ref": "#/components/schemas/types.IntelligenceStatus" + }, + "lastModified": { + "description": "Datetime the status was last modified.\n", + "format": "date-time", + "type": "string" + }, + "network": { + "$ref": "#/components/schemas/defender.FeatureStatus" + }, + "outOfBandAppFirewall": { + "$ref": "#/components/schemas/defender.FeatureStatus" + }, + "process": { + "$ref": "#/components/schemas/defender.FeatureStatus" + }, + "runc": { + "$ref": "#/components/schemas/defender.FeatureStatus" + }, + "runtime": { + "$ref": "#/components/schemas/defender.FeatureStatus" + }, + "secrets": { + "$ref": "#/components/schemas/types.SecretsStatus" + }, + "serverlessAutoDeploy": { + "$ref": "#/components/schemas/types.ServerlessAutoDeployStatus" + }, + "serverlessRadar": { + "$ref": "#/components/schemas/types.ServerlessRadarStatus" + }, + "tasDroplets": { + "$ref": "#/components/schemas/defender.ScanStatus" + }, + "type": { + "$ref": "#/components/schemas/types.StatusType" + }, + "upgrade": { + "$ref": "#/components/schemas/defender.UpgradeStatus" + } + }, + "type": "object" + }, + "types.StatusType": { + "description": "StatusType holds the status of a given flow (defender/intelligence/etc...)\nTODO: Use type in shared.Status object", + "enum": [ + [ + "intelligence", + "secrets", + "serverlessRadar", + "serverlessAutoDeploy", + "hostAutoDeploy" + ] + ], + "type": "string" + }, + "types.Suggestions": { + "properties": { + "suggestions": { + "description": ".\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + "type": "object" + }, + "types.Tags": { + "properties": { + "endpoint_tags": { + "description": ".\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "server_tags": { + "description": ".\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + "type": "object" + }, + "types.TelemetrySettings": { + "description": "TelemetrySettings is the telemetry settings", + "properties": { + "enabled": { + "description": "Enabled determines whether the telemetry settings are enabled.\n", + "type": "boolean" + } + }, + "type": "object" + }, + "types.Trends": { + "description": "Trends contains data on global trends in the system", + "properties": { + "complianceTrend": { + "description": "ComplianceTrend represents the compliance trend.\n", + "items": { + "$ref": "#/components/schemas/types.ComplianceDailyStats" + }, + "type": "array" + }, + "defendersSummary": { + "additionalProperties": { + "$ref": "#/components/schemas/int" + }, + "description": "DefendersSummary represents the defenders count of each category.\n", + "type": "object" + }, + "vulnerabilitySummary": { + "$ref": "#/components/schemas/types.VulnerabilitySummary" + } + }, + "type": "object" + }, + "types.UserCollection": { + "description": "UserCollection holds general collection properties that are accessible to all users", + "properties": { + "color": { + "$ref": "#/components/schemas/common.Color" + }, + "name": { + "description": "Unique name associated with this collection.\n", + "type": "string" + } + }, + "type": "object" + }, + "types.UserPassword": { + "description": "UserPassword represents a new user password", + "properties": { + "newPassword": { + "description": "New password to assign to the user who is invoking the API.\n", + "type": "string" + }, + "oldPassword": { + "description": "User's existing password to replace.\n", + "type": "string" + } + }, + "type": "object" + }, + "types.UserPreferences": { + "description": "UserPreferences are the user global project reference that are persistent between versions", + "properties": { + "_id": { + "description": "User is the user name.\n", + "type": "string" + }, + "hideGuidedTour": { + "description": "HideGuidedTour indicates that guided tour should be hidden.\n", + "type": "boolean" + }, + "hideProjectDialog": { + "description": "HideProjectsDialog indicates the initial project selection dialog should be hidden.\n", + "type": "boolean" + }, + "waasRulesNotificationDismissed": { + "description": "WaasRulesNotificationDismiss indicates the time the user dismissed the waas added rules top bar.\n", + "format": "int64", + "type": "integer" + } + }, + "type": "object" + }, + "types.UserProject": { + "description": "UserProject holds general project properties that are accessible to all users", + "properties": { + "_id": { + "description": "ID is the project id.\n", + "type": "string" + }, + "address": { + "description": "Address is project address.\n", + "type": "string" + }, + "connected": { + "description": "Connected indicates if the project is currently disconnected due to an error.\n", + "type": "boolean" + }, + "creationTime": { + "description": "CreationTime is the project creation time.\n", + "format": "date-time", + "type": "string" + } + }, + "type": "object" + }, + "types.VulnImpactedResources": { + "description": "VulnImpactedResources holds details about the resources impacted by vulnerability", + "properties": { + "_id": { + "description": "ID is the CVE ID (index for the impacted resources).\n", + "type": "string" + }, + "functions": { + "description": "Functions is a map between function id to its details.\n", + "items": { + "$ref": "#/components/schemas/types.ImpactedResourceDetails" + }, + "type": "array" + }, + "functionsCount": { + "description": "FunctionsCount is the total impacted functions count.\n", + "type": "integer" + }, + "hosts": { + "description": "Hosts is the list of impacted hosts.\n", + "items": { + "$ref": "#/components/schemas/types.ImpactedResourceDetails" + }, + "type": "array" + }, + "hostsCount": { + "description": "HostsCount is the total impacted hosts count.\n", + "type": "integer" + }, + "images": { + "description": "Images is the list of impacted hosts.\n", + "items": { + "$ref": "#/components/schemas/types.ImpactedResourceDetails" + }, + "type": "array" + }, + "imagesCount": { + "description": "ImagesCount is the total impacted images count.\n", + "type": "integer" + }, + "registryImages": { + "description": "RegistryImages is a list of impacted registry images.\n", + "items": { + "$ref": "#/components/schemas/types.ImpactedResourceDetails" + }, + "type": "array" + }, + "registryImagesCount": { + "description": "RegistryImagesCount is the total impacted registry images count.\n", + "type": "integer" + } + }, + "type": "object" + }, + "types.VulnSummary": { + "properties": { + "highestCVSSScore": { + "description": ".\n", + "format": "float", + "type": "number" + }, + "vulnFunnel": { + "$ref": "#/components/schemas/vuln.Funnel" + } + }, + "type": "object" + }, + "types.VulnerabilitiesStats": { + "description": "VulnerabilitiesStats are measures the total number of vulnerabilities in a specific images", + "properties": { + "containerCompliance": { + "description": "ContainerCompliance is the sum of all compliance issues for all running containers.\n", + "type": "integer" + }, + "imageCompliance": { + "description": "ImageCompliance is the sum of all compliance issues of all running images.\n", + "type": "integer" + }, + "imageCve": { + "description": "ImageCVE is the sum of cve vulnerabilities of all running images.\n", + "type": "integer" + } + }, + "type": "object" + }, + "types.VulnerabilityInfo": { + "description": "VulnerabilityInfo holds information about vulnerability used for VulnerabilityExplorer", + "properties": { + "cve": { + "description": "CVE ID.\n", + "type": "string" + }, + "description": { + "description": "Vulnerability description.\n", + "type": "string" + }, + "exploits": { + "$ref": "#/components/schemas/vulnerability.Exploits" + }, + "highestCVSS": { + "description": "HighestCVSS is the highest CVSS score of the vulnerability.\n", + "format": "float", + "type": "number" + }, + "highestRiskFactors": { + "$ref": "#/components/schemas/types.RiskScoreFactors" + }, + "highestSeverity": { + "description": "HighestSeverity is the highest severity of the vulnerability.\n", + "type": "string" + }, + "impactedPkgs": { + "description": "Packages impacted by the vulnerability.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "impactedResourceType": { + "$ref": "#/components/schemas/vuln.ResourceType" + }, + "impactedResourcesCnt": { + "description": "Number of resources impacted by this vulnerability.\n", + "type": "integer" + }, + "link": { + "description": "Link to CVE.\n", + "type": "string" + }, + "riskFactors": { + "$ref": "#/components/schemas/vulnerability.RiskFactors" + }, + "riskScore": { + "description": "Risk score.\n", + "format": "float", + "type": "number" + }, + "status": { + "description": "CVE status.\n", + "type": "string" + } + }, + "type": "object" + }, + "types.VulnerabilityStats": { + "description": "VulnerabilityStats holds statistics about vulnerabilities issues", + "properties": { + "_id": { + "description": "ID of the vulnerability stats.\n", + "type": "string" + }, + "containers": { + "$ref": "#/components/schemas/types.ResourceVulnerabilityStats" + }, + "functions": { + "$ref": "#/components/schemas/types.ResourceVulnerabilityStats" + }, + "hosts": { + "$ref": "#/components/schemas/types.ResourceVulnerabilityStats" + }, + "images": { + "$ref": "#/components/schemas/types.ResourceVulnerabilityStats" + }, + "modified": { + "description": "Date/time when the entity was modified.\n", + "format": "date-time", + "type": "string" + }, + "registryImages": { + "$ref": "#/components/schemas/types.ResourceVulnerabilityStats" + } + }, + "type": "object" + }, + "types.VulnerabilitySummary": { + "description": "VulnerabilitySummary represents the stats of each impacted entity", + "properties": { + "containers": { + "$ref": "#/components/schemas/vuln.Distribution" + }, + "functions": { + "$ref": "#/components/schemas/vuln.Distribution" + }, + "hosts": { + "$ref": "#/components/schemas/vuln.Distribution" + }, + "images": { + "$ref": "#/components/schemas/vuln.Distribution" + }, + "registryImages": { + "$ref": "#/components/schemas/vuln.Distribution" + } + }, + "type": "object" + }, + "types.XSOARAlerts": { + "description": "XSOARAlerts is a list of XSOAR alerts", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "uint": { + "type": "integer" + }, + "uint32": { + "type": "integer" + }, + "uint64": { + "type": "integer" + }, + "uint8": { + "type": "integer" + }, + "vuln.AllCompliance": { + "description": "AllCompliance contains data regarding passed compliance checks", + "properties": { + "compliance": { + "description": "Compliance are all the passed compliance checks.\n", + "items": { + "$ref": "#/components/schemas/vuln.Vulnerability" + }, + "type": "array" + }, + "enabled": { + "description": "Enabled indicates whether passed compliance checks is enabled by policy.\n", + "type": "boolean" + } + }, + "type": "object" + }, + "vuln.Application": { + "description": "Application represents a detected application", + "properties": { + "installedFromPackage": { + "description": "Indicates that the app was installed as an OS package.\n", + "type": "boolean" + }, + "knownVulnerabilities": { + "description": "Total number of vulnerabilities for this application.\n", + "type": "integer" + }, + "layerTime": { + "description": "Image layer to which the application belongs - layer creation time.\n", + "format": "int64", + "type": "integer" + }, + "name": { + "description": "Name of the application.\n", + "type": "string" + }, + "originPackageName": { + "description": "OriginPackageName is the name of the app origin package.\n", + "type": "string" + }, + "path": { + "description": "Path of the detected application.\n", + "type": "string" + }, + "rpmModule": { + "description": "RPMModule represents the RPM module in which this application is included.\n", + "type": "string" + }, + "service": { + "description": "Service indicates whether the application is installed as a service.\n", + "type": "boolean" + }, + "version": { + "description": "Version of the application.\n", + "type": "string" + } + }, + "type": "object" + }, + "vuln.ComplianceCategory": { + "description": "ComplianceCategory represents the compliance category", + "enum": [ + [ + "Docker", + "Docker (DISA STIG)", + "Twistlock Labs", + "Custom", + "Istio", + "Linux", + "Kubernetes", + "CRI", + "OpenShift", + "Application Control", + "GKE", + "Prisma Cloud Labs", + "EKS", + "AKS" + ] + ], + "type": "string" + }, + "vuln.ComplianceTemplate": { + "description": "ComplianceTemplate represents the compliance template", + "enum": [ + [ + "PCI", + "HIPAA", + "NIST SP 800-190", + "GDPR", + "DISA STIG" + ] + ], + "type": "string" + }, + "vuln.Condition": { + "description": "Condition are extended options for vulnerability assessment in authorization flows", + "properties": { + "block": { + "description": "Specifies the effect. If true, the effect is block.\n", + "type": "boolean" + }, + "id": { + "description": "Vulnerability ID.\n", + "type": "integer" + } + }, + "type": "object" + }, + "vuln.CustomVulnerabilities": { + "description": "CustomVulnerabilities is a collection of custom vulnerabilities\nTBD: this storage usage is not best practice, should be migrate to a 1 document per vulnerability", + "properties": { + "_id": { + "description": "ID is the custom vulnerabilities feed ID.\n", + "type": "string" + }, + "digest": { + "description": "Digest is the internal custom vulnerabilities feed digest.\n", + "type": "string" + }, + "rules": { + "description": "Rules is the list of custom vulnerabilities rules.\n", + "items": { + "$ref": "#/components/schemas/vuln.CustomVulnerability" + }, + "type": "array" + } + }, + "type": "object" + }, + "vuln.CustomVulnerability": { + "description": "CustomVulnerability is a user customized vulnerability", + "properties": { + "_id": { + "description": ".\n", + "type": "string" + }, + "maxVersionInclusive": { + "description": ".\n", + "type": "string" + }, + "md5": { + "description": ".\n", + "type": "string" + }, + "minVersionInclusive": { + "description": ".\n", + "type": "string" + }, + "name": { + "description": ".\n", + "type": "string" + }, + "package": { + "description": ".\n", + "type": "string" + }, + "type": { + "$ref": "#/components/schemas/packages.Type" + } + }, + "type": "object" + }, + "vuln.Distribution": { + "description": "Distribution counts the number of vulnerabilities per type", + "properties": { + "critical": { + "description": ".\n", + "type": "integer" + }, + "high": { + "description": ".\n", + "type": "integer" + }, + "low": { + "description": ".\n", + "type": "integer" + }, + "medium": { + "description": ".\n", + "type": "integer" + }, + "total": { + "description": ".\n", + "type": "integer" + } + }, + "type": "object" + }, + "vuln.Effect": { + "description": "Effect specifies relevant action for a vulnerability", + "enum": [ + [ + "ignore", + "alert", + "block" + ] + ], + "type": "string" + }, + "vuln.ExpirationDate": { + "description": "ExpirationDate is the vulnerability expiration date", + "properties": { + "date": { + "description": "Date is the vulnerability expiration date.\n", + "format": "date-time", + "type": "string" + }, + "enabled": { + "description": "Enabled indicates that the grace period is enabled.\n", + "type": "boolean" + } + }, + "type": "object" + }, + "vuln.Funnel": { + "description": "Funnel is the vulnerability funnel", + "properties": { + "exploitable": { + "description": ".\n", + "type": "integer" + }, + "packageInUse": { + "description": ".\n", + "type": "integer" + }, + "patchable": { + "description": ".\n", + "type": "integer" + }, + "total": { + "description": ".\n", + "type": "integer" + }, + "urgent": { + "description": "Urgent is the number of critical and high CVEs.\n", + "type": "integer" + } + }, + "type": "object" + }, + "vuln.ResourceType": { + "description": "ResourceType represents the resource type", + "enum": [ + [ + "container", + "image", + "host", + "istio", + "vm", + "function", + "registryImage" + ] + ], + "type": "string" + }, + "vuln.Secret": { + "description": "Secret represents a secret found on the scanned workload", + "properties": { + "group": { + "description": "Group is a group name or ID of owner the file metadata containing the secret.\n", + "type": "string" + }, + "locationInFile": { + "description": "LocationInFile is the line and offset in the file where the secret was found.\n", + "type": "string" + }, + "metadataModifiedTime": { + "description": "MetadataModifiedTime is the modification time of the file metadata containing the secret.\n", + "format": "int64", + "type": "integer" + }, + "modifiedTime": { + "description": "ModifiedTime is the modification time of the file containing the secret.\n", + "format": "int64", + "type": "integer" + }, + "originalFileLocation": { + "description": ".\n", + "type": "string" + }, + "path": { + "description": "Path is the path of the file in which the secret was found.\n", + "type": "string" + }, + "permissions": { + "description": "Permissions are permission bits of the file metadata containing the secret.\n", + "type": "string" + }, + "secretID": { + "description": "SecretID is the SHA1 of the secret content.\n", + "type": "string" + }, + "size": { + "description": "Size is the size in bytes of the file in which the secret was found.\n", + "format": "int64", + "type": "integer" + }, + "snippet": { + "description": "Snippet is the partial plain secret.\n", + "type": "string" + }, + "type": { + "$ref": "#/components/schemas/vuln.SecretType" + }, + "user": { + "description": "User is a username or ID of owner the file metadata containing the secret.\n", + "type": "string" + } + }, + "type": "object" + }, + "vuln.SecretType": { + "description": "SecretType represents a secret type", + "enum": [ + [ + "AWS Access Key ID", + "AWS Secret Key", + "AWS MWS Auth Token", + "Azure Storage Account Access Key", + "Azure Service Principal", + "GCP Service Account Auth Key", + "Private Encryption Key", + "Public Encryption Key", + "PEM X509 Certificate Header", + "SSH Authorized Keys", + "Artifactory API Token", + "Artifactory Password", + "Basic Auth Credentials", + "Mailchimp Access Key", + "NPM Token", + "Slack Token", + "Slack Webhook", + "Square OAuth Secret", + "Notion Integration Token", + "Airtable API Key", + "Atlassian Oauth2 Keys", + "CircleCI Personal Token", + "Databricks Authentication Token", + "GitHub Token", + "GitLab Token", + "Google API key", + "Grafana Token", + "Python Package Index Key (PYPI)", + "Typeform API Token", + "Scalr Token", + "Braintree Access Token", + "Braintree Payments Key", + "Paypal Token Key", + "Braintree Payments ID", + "Datadog Client Token", + "ClickUp Personal API Token", + "OpenAI API Key", + "Java DB Connectivity (JDBC)", + "MongoDB", + ".Net SQL Server" + ] + ], + "type": "string" + }, + "vuln.TagInfo": { + "description": "TagInfo is the tag info in a specific vulnerability context", + "properties": { + "color": { + "$ref": "#/components/schemas/common.Color" + }, + "comment": { + "description": "Tag comment in a specific vulnerability context.\n", + "type": "string" + }, + "name": { + "description": "Name of the tag.\n", + "type": "string" + } + }, + "type": "object" + }, + "vuln.TagType": { + "description": "TagType specifies the resource type for tagging where the vulnerability is found. Use the wildcard `*` to apply the tag to all the resource types where the vulnerability is found", + "enum": [ + [ + "image", + "host", + "function", + "" + ] + ], + "type": "string" + }, + "vuln.Vulnerability": { + "description": "Vulnerability is a general schema for vulnerabilities (e.g., for compliance or packages)", + "properties": { + "applicableRules": { + "description": "Rules applied on the package.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "binaryPkgs": { + "description": "Names of the distro binary package names (packages which are built from the source of the package).\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "block": { + "description": "Indicates if the vulnerability has a block effect (true) or not (false).\n", + "type": "boolean" + }, + "cause": { + "description": "Additional information regarding the root cause for the vulnerability.\n", + "type": "string" + }, + "cri": { + "description": "Indicates if this is a CRI-specific vulnerability (true) or not (false).\n", + "type": "boolean" + }, + "custom": { + "description": "Indicates if the vulnerability is a custom vulnerability (e.g., openscap, sandbox) (true) or not (false).\n", + "type": "boolean" + }, + "cve": { + "description": "CVE ID of the vulnerability (if applied).\n", + "type": "string" + }, + "cvss": { + "description": "CVSS score of the vulnerability.\n", + "format": "float", + "type": "number" + }, + "description": { + "description": "Description of the vulnerability.\n", + "type": "string" + }, + "discovered": { + "description": "Specifies the time of discovery for the vulnerability.\n", + "format": "date-time", + "type": "string" + }, + "exploit": { + "$ref": "#/components/schemas/vulnerability.ExploitType" + }, + "exploits": { + "$ref": "#/components/schemas/vulnerability.Exploits" + }, + "fixDate": { + "description": "Date/time when the vulnerability was fixed (in Unix time).\n", + "format": "int64", + "type": "integer" + }, + "fixLink": { + "description": "Link to the vendor's fixed-version information.\n", + "type": "string" + }, + "functionLayer": { + "description": "Specifies the serverless layer ID in which the vulnerability was discovered.\n", + "type": "string" + }, + "gracePeriodDays": { + "description": "Number of grace days left for a vulnerability, based on the configured grace period. Nil if no block vulnerability rule applies.\n", + "type": "integer" + }, + "id": { + "description": "ID of the violation.\n", + "type": "integer" + }, + "isRPMModule": { + "description": "IsRPMModule indicates whether this vulnerability is specific to an RPM module.\n", + "type": "boolean" + }, + "layerTime": { + "description": "Date/time of the image layer to which the CVE belongs.\n", + "format": "int64", + "type": "integer" + }, + "link": { + "description": "Vendor link to the CVE.\n", + "type": "string" + }, + "packageName": { + "description": "Name of the package that caused the vulnerability.\n", + "type": "string" + }, + "packageType": { + "$ref": "#/components/schemas/packages.Type" + }, + "packageVersion": { + "description": "Version of the package that caused the vulnerability (or null).\n", + "type": "string" + }, + "published": { + "description": "Date/time when the vulnerability was published (in Unix time).\n", + "format": "int64", + "type": "integer" + }, + "riskFactors": { + "$ref": "#/components/schemas/vulnerability.RiskFactors" + }, + "rpmModule": { + "description": "RPMModule specifies the RPM module containing the package affected by this vulnerability.\n", + "type": "string" + }, + "secret": { + "$ref": "#/components/schemas/vuln.Secret" + }, + "severity": { + "description": "Textual representation of the vulnerability's severity.\n", + "type": "string" + }, + "status": { + "description": "Vendor status for the vulnerability.\n", + "type": "string" + }, + "templates": { + "description": "List of templates with which the vulnerability is associated.\n", + "items": { + "$ref": "#/components/schemas/vuln.ComplianceTemplate" + }, + "type": "array" + }, + "text": { + "description": "Description of the violation.\n", + "type": "string" + }, + "title": { + "description": "Compliance title.\n", + "type": "string" + }, + "twistlock": { + "description": "Indicates if this is a Twistlock-specific vulnerability (true) or not (false).\n", + "type": "boolean" + }, + "type": { + "$ref": "#/components/schemas/vulnerability.Type" + }, + "vecStr": { + "description": "Textual representation of the metric values used to score the vulnerability.\n", + "type": "string" + }, + "vulnTagInfos": { + "description": "Tag information for the vulnerability.\n", + "items": { + "$ref": "#/components/schemas/vuln.TagInfo" + }, + "type": "array" + }, + "wildfireMalware": { + "$ref": "#/components/schemas/vuln.WildFireMalware" + } + }, + "type": "object" + }, + "vuln.WildFireMalware": { + "description": "WildFireMalware holds the data for WildFire malicious MD5", + "properties": { + "md5": { + "description": "MD5 is the hash of the malicious binary.\n", + "type": "string" + }, + "path": { + "description": "Path is the path to malicious binary.\n", + "type": "string" + }, + "verdict": { + "description": "Verdict is the malicious source like grayware, malware and phishing.\n", + "type": "string" + } + }, + "type": "object" + }, + "vulnerability.CPUArch": { + "description": "CPUArch represents the CPU architecture", + "type": "integer" + }, + "vulnerability.CPUArchs": { + "description": "CPUArchs represents list of cpu architectures", + "items": { + "$ref": "#/components/schemas/vulnerability.CPUArch" + }, + "type": "array" + }, + "vulnerability.CVEType": { + "description": "CVEType represents the type of a CVE", + "enum": [ + [ + "python", + "gem", + "nodejs", + "jar", + "package", + "product", + "app", + "go", + "nuget", + "osConditions", + "excludedCve" + ] + ], + "type": "string" + }, + "vulnerability.Conditions": { + "description": "Conditions represents a list of CVE rules (used to determine whether a CVE applies to a given package)", + "items": { + "$ref": "#/components/schemas/vulnerability.Rules" + }, + "type": "array" + }, + "vulnerability.CpeIDs": { + "items": { + "$ref": "#/components/schemas/uint32" + }, + "type": "array" + }, + "vulnerability.ExploitData": { + "description": "ExploitData holds information about an exploit", + "properties": { + "kind": { + "$ref": "#/components/schemas/vulnerability.ExploitKind" + }, + "link": { + "description": "Link is a link to information about the exploit.\n", + "type": "string" + }, + "source": { + "$ref": "#/components/schemas/vulnerability.ExploitType" + } + }, + "type": "object" + }, + "vulnerability.ExploitKind": { + "description": "ExploitKind represents the kind of the exploit", + "enum": [ + [ + "poc", + "in-the-wild" + ] + ], + "type": "string" + }, + "vulnerability.ExploitType": { + "description": "ExploitType represents the source of an exploit", + "enum": [ + [ + "", + "exploit-db", + "exploit-windows", + "cisa-kev" + ] + ], + "type": "string" + }, + "vulnerability.Exploits": { + "description": "Exploits represents the exploits data found for a CVE", + "items": { + "$ref": "#/components/schemas/vulnerability.ExploitData" + }, + "type": "array" + }, + "vulnerability.RHELCpeHashes": { + "description": "RHELCpeHashes represent the CPE hashes associated with a given Red Hat repository", + "items": { + "$ref": "#/components/schemas/uint32" + }, + "type": "array" + }, + "vulnerability.RiskFactor": { + "description": "RiskFactor represents a vulnerability risk factor, used in determining a vulnerability risk score", + "enum": [ + [ + "Critical severity", + "High severity", + "Medium severity", + "Has fix", + "Remote execution", + "DoS - Low", + "DoS - High", + "Recent vulnerability", + "Exploit exists - in the wild", + "Exploit exists - POC", + "Attack complexity: low", + "Attack vector: network", + "Reachable from the internet", + "Listening ports", + "Container is running as root", + "No mandatory security profile applied", + "Running as privileged container", + "Package in use", + "Sensitive information", + "Root mount", + "Runtime socket", + "Host access" + ] + ], + "type": "string" + }, + "vulnerability.RiskFactors": { + "additionalProperties": { + "$ref": "#/components/schemas/string" + }, + "description": "RiskFactors maps the existence of vulnerability risk factors", + "type": "object" + }, + "vulnerability.Rules": { + "description": "Rules represents a list of CVE assessment rules (used to determine whether a CVE applies to a given package)", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "vulnerability.Symbols": { + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "vulnerability.Type": { + "description": "Type represents the vulnerability type", + "enum": [ + [ + "container", + "image", + "host_config", + "daemon_config", + "daemon_config_files", + "security_operations", + "k8s_master", + "k8s_worker", + "k8s_federation", + "linux", + "windows", + "istio", + "serverless", + "custom", + "docker_stig", + "openshift_master", + "openshift_worker", + "application_control_linux", + "gke_worker", + "image_malware", + "host_malware", + "aks_worker", + "eks_worker", + "image_secret", + "host_secret" + ] + ], + "type": "string" + }, + "waas.APIChangeDetails": { + "description": "APIChangeDetails contains the details of the API change", + "properties": { + "changeType": { + "$ref": "#/components/schemas/waas.APIChangesType" + }, + "date": { + "description": "Date is the change date.\n", + "format": "date-time", + "type": "string" + }, + "value": { + "description": "Value the value of the change - if applicable.\n", + "type": "string" + } + }, + "type": "object" + }, + "waas.APIChangesType": { + "description": "APIChangesType is used to represent the supported API changes types", + "type": "integer" + }, + "waas.APIProtectionStatus": { + "enum": [ + [ + "unprotected", + "monitored", + "protected" + ] + ], + "type": "string" + }, + "waas.APIRequest": { + "description": "APIRequest represents a single API request and its data", + "properties": { + "bodySchema": { + "$ref": "#/components/schemas/waas.BodySchema" + }, + "bodySchemaDiffExceededLimit": { + "description": "BodySchemaDiffExceededLimit is the date that the request body schema exceeded the size limit for finding body schema changes.\n", + "format": "date-time", + "type": "string" + }, + "clientTypes": { + "description": "ClientTypes are the client types used to access this path.\n", + "items": { + "$ref": "#/components/schemas/waas.ClientType" + }, + "type": "array" + }, + "contentType": { + "description": "ContentType is the request content type.\n", + "type": "string" + }, + "firstSeen": { + "description": "FirstSeen is the date when this path was first seen.\n", + "format": "date-time", + "type": "string" + }, + "hits": { + "description": "Hits are amount of hits on this path.\n", + "type": "integer" + }, + "lastChanged": { + "description": "LastChanged is the date when this path was last changed.\n", + "format": "date-time", + "type": "string" + }, + "lastSeen": { + "description": "LastSeen is the date when this path was last seen.\n", + "format": "date-time", + "type": "string" + }, + "method": { + "description": "Method is the HTTP method of the API request.\n", + "type": "string" + }, + "owaspAPIAttacks": { + "description": "OWASPAPIAttacks are the OWASP API Top10 attacks that were found on the API.\n", + "items": { + "$ref": "#/components/schemas/waas.OWASPAPITop10" + }, + "type": "array" + }, + "path": { + "description": "Path is the path of the API request.\n", + "type": "string" + }, + "protected": { + "description": "Protected indicates that the method+path are protected by WAAS API Protection.\n", + "type": "boolean" + }, + "public": { + "description": "Public indicates this path may be accessed from the internet.\n", + "type": "boolean" + }, + "queryParameters": { + "description": "QueryParameters are the query parameters of the API request.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "requestSizeDistribution": { + "$ref": "#/components/schemas/waas.SizeRangeDistribution" + }, + "requestSizeTotal": { + "description": "RequestSizeTotal is the total request body size.\n", + "type": "integer" + }, + "requiresAuthentication": { + "description": "RequiresAuthentication indicated this path requires authentication to access.\n", + "type": "boolean" + }, + "responseContentType": { + "description": "ResponseContentType is the response content type.\n", + "type": "string" + }, + "responseSensitiveData": { + "description": "ResponseSensitiveData indicated this path may be used with sensitive data attached in response.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "responseSizeDistribution": { + "$ref": "#/components/schemas/waas.SizeRangeDistribution" + }, + "responseSizeTotal": { + "description": "ResponseSizeTotal is the total response body size.\n", + "type": "integer" + }, + "sensitiveData": { + "description": "RequestSensitiveData indicated this path may be used with sensitive data attached in request.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "servers": { + "description": "Servers are the destination servers (including port and schema) of the API request.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "sourceIP": { + "description": "SourceIP is the source IP of the API request.\n", + "type": "string" + }, + "statusCodeDistribution": { + "$ref": "#/components/schemas/waas.StatusCodeDistribution" + } + }, + "type": "object" + }, + "waas.APISpec": { + "description": "APISpec is an API specification", + "properties": { + "description": { + "description": "Description of the app.\n", + "type": "string" + }, + "effect": { + "$ref": "#/components/schemas/waas.Effect" + }, + "endpoints": { + "description": "The app's endpoints.\n", + "items": { + "$ref": "#/components/schemas/waas.Endpoint" + }, + "type": "array" + }, + "fallbackEffect": { + "$ref": "#/components/schemas/waas.Effect" + }, + "paths": { + "description": "Paths of the API's endpoints.\n", + "items": { + "$ref": "#/components/schemas/waas.Path" + }, + "type": "array" + }, + "queryParamFallbackEffect": { + "$ref": "#/components/schemas/waas.Effect" + } + }, + "type": "object" + }, + "waas.APIStats": { + "description": "APIStats contains the API stats that occurred since the last stats dump", + "properties": { + "actionCounts": { + "$ref": "#/components/schemas/waas.ActionStats" + }, + "attackTypeStats": { + "$ref": "#/components/schemas/waas.AttackTypeStats" + }, + "blockedRequests": { + "description": "BlockedRequests is the number of blocked requests since last dump.\n", + "type": "integer" + }, + "forwardedRequests": { + "description": "ForwardedRequests is the number of forwarded requests since last dump.\n", + "type": "integer" + }, + "geoData": { + "$ref": "#/components/schemas/waas.GeoData" + }, + "inspectedBodyBytes": { + "description": "InspectedBodyBytes are the total request and response inspected body bytes.\n", + "type": "integer" + }, + "inspectionLimitExceeded": { + "description": "InspectionLimitExceeded is the total number of requests in which the body size exceeds inspection limit.\n", + "type": "integer" + }, + "interstitialPages": { + "description": "InterstitialPages is the number of interstitial pages served.\n", + "type": "integer" + }, + "lastErrs": { + "description": "LastErrs is the last errors that occurred, storing up to 20 errors.\n", + "items": { + "$ref": "#/components/schemas/waas.ReqErrorCtx" + }, + "type": "array" + }, + "maxRequestInspectionDuration": { + "description": "MaxRequestInspectionDuration is the maximum request inspection duration (time spent in waas until request was forwarded).\n", + "format": "int64", + "type": "integer" + }, + "maxResponseSizeBytes": { + "description": "MaxResponseSizeBytes contains the max response size.\n", + "type": "integer" + }, + "parsingErrs": { + "description": "ParsingErrs is a counter of the parsing errors that occurred.\n", + "type": "integer" + }, + "reCAPTCHAs": { + "description": "ReCAPTCHAs is the number of reCAPTCHA pages served.\n", + "type": "integer" + }, + "responseCodeStats": { + "$ref": "#/components/schemas/waas.ResponseCodeStats" + }, + "totalErrs": { + "description": "TotalErrs is a counter of the errors that occurred.\n", + "type": "integer" + }, + "totalForwardedRequestsDuration": { + "description": "TotalForwardedRequestsDuration is the total request duration for forwarded requests.\n", + "format": "int64", + "type": "integer" + }, + "totalRequestInspectionDuration": { + "description": "TotalRequestInspectionDuration is the total request inspection duration (time spent in waas until request was forwarded).\n", + "format": "int64", + "type": "integer" + }, + "totalRequests": { + "description": "TotalRequests is the number of incoming requests since last dump.\n", + "type": "integer" + }, + "totalResponseSizeBytes": { + "description": "TotalResponsesSizeBytes is the total APIs response size.\n", + "type": "integer" + }, + "totalTimeouts": { + "description": "TotalTimeouts is the number of timed out responses.\n", + "type": "integer" + } + }, + "type": "object" + }, + "waas.AccessControls": { + "description": "AccessControls contains the access controls config (e.g., denied/allowed sources)", + "properties": { + "alert": { + "description": "Alert are the denied sources for which we alert.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "allow": { + "description": "Allow are the allowed sources for which we don't alert or prevent.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "allowMode": { + "description": "AllowMode indicates allowlist (true) or denylist (false) mode.\n", + "type": "boolean" + }, + "enabled": { + "description": "Enabled indicates if access controls protection is enabled.\n", + "type": "boolean" + }, + "fallbackEffect": { + "$ref": "#/components/schemas/waas.Effect" + }, + "prevent": { + "description": "Prevent are the denied sources.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + "type": "object" + }, + "waas.ActionStats": { + "description": "ActionStats contains the WAAS action stats", + "properties": { + "alert": { + "description": "Alerts is the number of Alert actions.\n", + "type": "integer" + }, + "ban": { + "description": "Bans is the number of Ban actions.\n", + "type": "integer" + }, + "prevent": { + "description": "Prevents is the number of Prevent actions.\n", + "type": "integer" + }, + "reCAPTCHA": { + "description": "ReCAPTCHAs is the number of reCAPTCHA actions.\n", + "type": "integer" + } + }, + "type": "object" + }, + "waas.AgentlessPolicyState": { + "description": "AgentlessPolicyState is the state of the agentless policy", + "properties": { + "deletedRules": { + "description": "DeletedRules are rules that were deleted but their VPC deployments have not been terminated.\n", + "items": { + "$ref": "#/components/schemas/waas.Rule" + }, + "type": "array" + }, + "states": { + "description": "States are the VPC configuration states.\n", + "items": { + "$ref": "#/components/schemas/waas.VPCConfigState" + }, + "type": "array" + } + }, + "type": "object" + }, + "waas.AppProtectionStats": { + "description": "AppProtectionStats contains the app protection status statistics", + "properties": { + "protected": { + "description": "Protected indicates the amount of protected WAAS app entities (containers/hosts).\n", + "type": "integer" + }, + "unprotected": { + "description": "Unprotected indicates the amount of unprotected WAAS app entities (containers/hosts).\n", + "type": "integer" + } + }, + "type": "object" + }, + "waas.AppStats": { + "description": "AppStats contains the WAAS app policy statistics", + "properties": { + "accessControl": { + "description": "AccessControl is the total amount of apps with Access Control policy.\n", + "type": "integer" + }, + "bot": { + "description": "Bot is the total amount of apps with Bot Protection policy.\n", + "type": "integer" + }, + "customRulesEnabled": { + "description": "CustomRulesEnabled is the total amount of apps with Custom Rules enabled.\n", + "type": "integer" + }, + "dos": { + "description": "DoS is the total amount of apps with DoS Protection policy.\n", + "type": "integer" + }, + "waf": { + "description": "WAF is the total amount of apps with WAF policy.\n", + "type": "integer" + } + }, + "type": "object" + }, + "waas.ApplicationSpec": { + "description": "ApplicationSpec is an application of a firewall instance", + "properties": { + "apiSpec": { + "$ref": "#/components/schemas/waas.APISpec" + }, + "appID": { + "description": "Unique ID for the app.\n", + "type": "string" + }, + "attackTools": { + "$ref": "#/components/schemas/waas.ProtectionConfig" + }, + "autoApplyPatchesSpec": { + "$ref": "#/components/schemas/waas.AutoApplyPatchesSpec" + }, + "banDurationMinutes": { + "description": "Ban duration, in minutes.\n", + "type": "integer" + }, + "body": { + "$ref": "#/components/schemas/waas.BodyConfig" + }, + "botProtectionSpec": { + "$ref": "#/components/schemas/waas.BotProtectionSpec" + }, + "certificate": { + "$ref": "#/components/schemas/common.Secret" + }, + "clickjackingEnabled": { + "description": "Indicates whether clickjacking protection is enabled (true) or not (false).\n", + "type": "boolean" + }, + "cmdi": { + "$ref": "#/components/schemas/waas.ProtectionConfig" + }, + "codeInjection": { + "$ref": "#/components/schemas/waas.ProtectionConfig" + }, + "csrfEnabled": { + "description": "Indicates whether Cross-Site Request Forgery (CSRF) protection is enabled (true) or not (false).\n", + "type": "boolean" + }, + "customBlockResponse": { + "$ref": "#/components/schemas/waas.CustomBlockResponseConfig" + }, + "customRules": { + "description": "List of custom runtime rules.\n", + "items": { + "$ref": "#/components/schemas/customrules.Ref" + }, + "type": "array" + }, + "disableEventIDHeader": { + "description": "Indicates if event ID header should be attached to the response or not.\n", + "type": "boolean" + }, + "dosConfig": { + "$ref": "#/components/schemas/waas.DoSConfig" + }, + "headerSpecs": { + "description": "Configuration for inspecting HTTP headers.\n", + "items": { + "$ref": "#/components/schemas/waas.HeaderSpec" + }, + "type": "array" + }, + "intelGathering": { + "$ref": "#/components/schemas/waas.IntelGatheringConfig" + }, + "lfi": { + "$ref": "#/components/schemas/waas.ProtectionConfig" + }, + "malformedReq": { + "$ref": "#/components/schemas/waas.ProtectionConfig" + }, + "maliciousUpload": { + "$ref": "#/components/schemas/waas.MaliciousUploadConfig" + }, + "networkControls": { + "$ref": "#/components/schemas/waas.NetworkControls" + }, + "remoteHostForwarding": { + "$ref": "#/components/schemas/waas.RemoteHostForwardingConfig" + }, + "responseHeaderSpecs": { + "description": "Configuration for modifying HTTP response headers.\n", + "items": { + "$ref": "#/components/schemas/waas.ResponseHeaderSpec" + }, + "type": "array" + }, + "sessionCookieBan": { + "description": "Indicates if bans in this app are made by session cookie ID (true) or false (not).\n", + "type": "boolean" + }, + "sessionCookieEnabled": { + "description": "Indicates if session cookies are enabled (true) or not (false).\n", + "type": "boolean" + }, + "sessionCookieSameSite": { + "$ref": "#/components/schemas/waas.SameSite" + }, + "sessionCookieSecure": { + "description": "Indicates the Secure attribute of the session cookie.\n", + "type": "boolean" + }, + "shellshock": { + "$ref": "#/components/schemas/waas.ProtectionConfig" + }, + "sqli": { + "$ref": "#/components/schemas/waas.ProtectionConfig" + }, + "tlsConfig": { + "$ref": "#/components/schemas/waas.TLSConfig" + }, + "xss": { + "$ref": "#/components/schemas/waas.ProtectionConfig" + } + }, + "type": "object" + }, + "waas.AttackType": { + "description": "AttackType is the type of the attack", + "enum": [ + [ + "xss", + "sqli", + "cmdi", + "lfi", + "codeInjection", + "deniedIP", + "deniedCountry", + "header", + "violationsExceeded", + "attackTools", + "shellshock", + "disallowedFile", + "malformedRequest", + "inspectionLimitExceeded", + "informationLeak", + "unexpectedAPI", + "dos", + "searchEngineCrawler", + "businessAnalyticsBot", + "educationalBot", + "newsBot", + "financialBot", + "contentFeedClient", + "archivingBot", + "careerSearchBot", + "mediaSearchBot", + "genericBot", + "webAutomationTool", + "webScraper", + "apiLibrary", + "httpLibrary", + "sessionValidation", + "javascriptTimeout", + "missingCookie", + "browserImpersonation", + "botImpersonation", + "requestAnomalies", + "userDefinedBot", + "recaptchaRequired", + "recaptchaVerificationFailed", + "customRule", + "publicSensitiveDataWithoutAuthentication", + "publicSensitiveDataWithoutEncryption" + ] + ], + "type": "string" + }, + "waas.AttackTypeStats": { + "description": "AttackTypeStats are the WAAS attack type stats", + "properties": { + "accessControl": { + "description": "AccessControl is the count of access control attacks.\n", + "type": "integer" + }, + "apiProtection": { + "description": "APIProtection is the count of API Protection attacks.\n", + "type": "integer" + }, + "attackTools": { + "description": "AttackTools is the count of attack tool attacks.\n", + "type": "integer" + }, + "bots": { + "description": "Bots is the count of Bot attacks.\n", + "type": "integer" + }, + "cmdInjection": { + "description": "CMDInjection is the count of command injection attacks.\n", + "type": "integer" + }, + "codeInjection": { + "description": "CodeInjection is the count of code injection attacks.\n", + "type": "integer" + }, + "customRules": { + "description": "CustomRules is the count of attacks detected by custom rules.\n", + "type": "integer" + }, + "dos": { + "description": "DoS is the count of DoS attacks.\n", + "type": "integer" + }, + "lfi": { + "description": "LFI is the count of local file injection attacks.\n", + "type": "integer" + }, + "sqlInjection": { + "description": "SQLInjection is the count of SQL injection attacks.\n", + "type": "integer" + }, + "waf": { + "description": "WAF is the count of WAF protection attacks.\n", + "type": "integer" + }, + "xss": { + "description": "XSS is the count of XSS attacks.\n", + "type": "integer" + } + }, + "type": "object" + }, + "waas.AutoApplyPatchesSpec": { + "description": "AutoApplyPatchesSpec is the configuration for automation apply patches protection", + "properties": { + "effect": { + "$ref": "#/components/schemas/waas.Effect" + } + }, + "type": "object" + }, + "waas.BodyConfig": { + "description": "BodyConfig represents app configuration related to HTTP Body", + "properties": { + "inspectionLimitExceededEffect": { + "$ref": "#/components/schemas/waas.Effect" + }, + "inspectionSizeBytes": { + "description": "InspectionSizeBytes represents the max amount of data to inspect in request body.\n", + "type": "integer" + }, + "skip": { + "description": "Skip indicates that body inspection should be skipped.\n", + "type": "boolean" + } + }, + "type": "object" + }, + "waas.BodySchema": { + "description": "BodySchema is the request's body schema", + "properties": { + "contentType": { + "description": "ContentType is the content type the schema represents.\n", + "type": "string" + }, + "head": { + "$ref": "#/components/schemas/waas.BodySchemaNode" + } + }, + "type": "object" + }, + "waas.BodySchemaChildren": { + "additionalProperties": { + "$ref": "#/components/schemas/waas.BodySchemaNode" + }, + "description": "BodySchemaChildren represents a set of body schema children, uniquely identified by the body field's name", + "type": "object" + }, + "waas.BodySchemaNode": { + "description": "BodySchemaNode represents a single body schema node", + "properties": { + "children": { + "$ref": "#/components/schemas/waas.BodySchemaChildren" + }, + "name": { + "description": "Name is the body schema item name (key for json, tag name for xml).\n", + "type": "string" + }, + "type": { + "$ref": "#/components/schemas/waas.ParamType" + } + }, + "type": "object" + }, + "waas.BotProtectionSpec": { + "description": "BotProtectionSpec is the bot protections spec", + "properties": { + "interstitialPage": { + "description": "Indicates if an interstitial page is served (true) or not (false).\n", + "type": "boolean" + }, + "jsInjectionSpec": { + "$ref": "#/components/schemas/waas.JSInjectionSpec" + }, + "knownBotProtectionsSpec": { + "$ref": "#/components/schemas/waas.KnownBotProtectionsSpec" + }, + "reCAPTCHASpec": { + "$ref": "#/components/schemas/waas.ReCAPTCHASpec" + }, + "sessionValidation": { + "$ref": "#/components/schemas/waas.Effect" + }, + "unknownBotProtectionSpec": { + "$ref": "#/components/schemas/waas.UnknownBotProtectionSpec" + }, + "userDefinedBots": { + "description": "Effects to perform when user-defined bots are detected.\n", + "items": { + "$ref": "#/components/schemas/waas.UserDefinedBot" + }, + "type": "array" + } + }, + "type": "object" + }, + "waas.CertificateMeta": { + "description": "CertificateMeta is the certificate metadata", + "properties": { + "issuerName": { + "description": "IssuerName is the certificate issuer common name.\n", + "type": "string" + }, + "notAfter": { + "description": "NotAfter is the time the certificate is not valid (expiry time).\n", + "format": "date-time", + "type": "string" + }, + "subjectName": { + "description": "SubjectName is the certificate subject common name.\n", + "type": "string" + } + }, + "type": "object" + }, + "waas.ClientType": { + "description": "ClientType is an HTTP client type", + "enum": [ + [ + "browser", + "mobile", + "httpLib", + "apiLib" + ] + ], + "type": "string" + }, + "waas.CustomBlockResponseConfig": { + "description": "CustomBlockResponseConfig is a custom block message config for a policy", + "properties": { + "body": { + "description": "Custom HTML for the block response.\n", + "type": "string" + }, + "code": { + "description": "Custom HTTP response code for the block response.\n", + "type": "integer" + }, + "enabled": { + "description": "Indicates if the custom block response is enabled (true) or not (false).\n", + "type": "boolean" + } + }, + "type": "object" + }, + "waas.CustomReCAPTCHAPageSpec": { + "description": "CustomReCAPTCHAPageSpec is the custom reCAPTCHA page spec", + "properties": { + "body": { + "description": "Custom HTML for the reCAPTCHA page.\n", + "type": "string" + }, + "enabled": { + "description": "Indicates if the custom reCAPTCHA page is enabled.\n", + "type": "boolean" + } + }, + "type": "object" + }, + "waas.DailyStats": { + "description": "DailyStats represents the WAAS daily stats", + "properties": { + "_id": { + "description": "Date is date that the daily stats are relevant to.\n", + "type": "string" + }, + "actionStats": { + "$ref": "#/components/schemas/waas.ActionStats" + }, + "attackTypeStats": { + "$ref": "#/components/schemas/waas.AttackTypeStats" + }, + "geoData": { + "$ref": "#/components/schemas/waas.GeoData" + }, + "inspectedBytes": { + "description": "InspectedBytes is total amount body bytes inspected by WAAS.\n", + "type": "integer" + }, + "policyChangeCount": { + "description": "PolicyChangeCount is the amount of policy changes for this day.\n", + "type": "integer" + }, + "totalRequests": { + "description": "TotalRequests is the total request count.\n", + "type": "integer" + }, + "unprotectedAppsVulnStats": { + "$ref": "#/components/schemas/waas.UnprotectedAppsVulnStats" + } + }, + "type": "object" + }, + "waas.Dashboard": { + "description": "Dashboard contains the data of the WAAS Dashboard", + "properties": { + "appProtectionStats": { + "$ref": "#/components/schemas/waas.AppProtectionStats" + }, + "dailyStats": { + "description": "DailyStats are the WAAS daily stats.\n", + "items": { + "$ref": "#/components/schemas/waas.DailyStats" + }, + "type": "array" + }, + "insights": { + "description": "Insights are the current WAAS insights.\n", + "items": { + "$ref": "#/components/schemas/waas.Insight" + }, + "type": "array" + }, + "policyStats": { + "$ref": "#/components/schemas/waas.PolicyStats" + } + }, + "type": "object" + }, + "waas.DiscoveredAPI": { + "description": "DiscoveredAPI represents a single discovered API path+method information's", + "properties": { + "appID": { + "description": "AppID is the app ID.\n", + "type": "string" + }, + "clientTypes": { + "description": "ClientTypes are the client types used to access this path.\n", + "items": { + "$ref": "#/components/schemas/waas.ClientType" + }, + "type": "array" + }, + "firstSeen": { + "description": "FirstSeen is the date when this path was first seen.\n", + "format": "date-time", + "type": "string" + }, + "hits": { + "description": "Hits are amount of hits on this path.\n", + "type": "integer" + }, + "host": { + "description": "Host is the host seen for this API.\n", + "type": "string" + }, + "image": { + "description": "Image is the image names seen for this API.\n", + "type": "string" + }, + "lastChanged": { + "description": "LastChanged is the date when this path was last changed.\n", + "format": "date-time", + "type": "string" + }, + "lastSeen": { + "description": "LastSeen is the date when this path was last seen.\n", + "format": "date-time", + "type": "string" + }, + "lbWorkload": { + "description": "LBWorkload indicates if the API was discovered by a load balancer observer.\n", + "type": "boolean" + }, + "method": { + "description": "Method is the API method.\n", + "type": "string" + }, + "owaspAPIAttacks": { + "description": "OWASPAPIAttacks indicates whether OWASP API Top-10 attacks were found on the API.\n", + "type": "boolean" + }, + "path": { + "description": "Path is the API path.\n", + "type": "string" + }, + "protectionStatus": { + "$ref": "#/components/schemas/waas.APIProtectionStatus" + }, + "public": { + "description": "Public indicates this path may be accessed from the internet.\n", + "type": "boolean" + }, + "requiresAuthentication": { + "description": "RequiresAuthentication indicated this path requires authentication to access.\n", + "type": "boolean" + }, + "responseSensitiveData": { + "description": "ResponseSensitiveData indicated this path may be used with sensitive data attached in response.\n", + "type": "boolean" + }, + "riskFactors": { + "$ref": "#/components/schemas/vulnerability.RiskFactors" + }, + "riskScore": { + "description": "RiskScore is the sum of all risk factors (used for sorting and filter by risk factors).\n", + "type": "integer" + }, + "ruleID": { + "description": "RuleID is the rule ID.\n", + "type": "string" + }, + "sensitiveData": { + "description": "SensitiveData indicated this path may be used with sensitive data attached in request.\n", + "type": "boolean" + }, + "servers": { + "description": "Servers are the servers seen for this API.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "vulnerabilityDistribution": { + "$ref": "#/components/schemas/vuln.Distribution" + } + }, + "type": "object" + }, + "waas.DoSConfig": { + "description": "DoSConfig is a dos policy specification", + "properties": { + "alert": { + "$ref": "#/components/schemas/waas.DoSRates" + }, + "ban": { + "$ref": "#/components/schemas/waas.DoSRates" + }, + "enabled": { + "description": "Enabled indicates if dos protection is enabled.\n", + "type": "boolean" + }, + "excludedNetworkLists": { + "description": "Network IPs to exclude from DoS tracking.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "matchConditions": { + "description": "Conditions on which to match to track a request. The conditions are \\\"OR\\\"'d together during the check.\n", + "items": { + "$ref": "#/components/schemas/waas.DoSMatchCondition" + }, + "type": "array" + }, + "trackSession": { + "description": "Indicates if the custom session ID generated during bot protection flow is tracked (true) or not (false).\n", + "type": "boolean" + } + }, + "type": "object" + }, + "waas.DoSMatchCondition": { + "description": "DoSMatchCondition is used for matching a request for tracking", + "properties": { + "fileTypes": { + "description": "File types for request matching.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "methods": { + "description": "HTTP methods for request matching.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "responseCodeRanges": { + "description": "Response codes for the request's response matching.\n", + "items": { + "$ref": "#/components/schemas/waas.StatusCodeRange" + }, + "type": "array" + } + }, + "type": "object" + }, + "waas.DoSRates": { + "description": "DoSRates specifies dos requests rates (thresholds)", + "properties": { + "average": { + "description": "Average request rate (requests / second).\n", + "type": "integer" + }, + "burst": { + "description": "Burst request rate (requests / second).\n", + "type": "integer" + } + }, + "type": "object" + }, + "waas.Effect": { + "description": "Effect is the effect that will be used in the rule", + "enum": [ + [ + "ban", + "prevent", + "alert", + "allow", + "disable", + "reCAPTCHA" + ] + ], + "type": "string" + }, + "waas.Endpoint": { + "description": "Endpoint is an application endpoint", + "properties": { + "basePath": { + "description": "Base path for the endpoint.\n", + "type": "string" + }, + "exposedPort": { + "description": "Exposed port that the proxy is listening on.\n", + "type": "integer" + }, + "grpc": { + "description": "Indicates if the proxy supports gRPC (true) or not (false).\n", + "type": "boolean" + }, + "host": { + "description": "URL address (name or IP) of the endpoint's API specification (e.g., petstore.swagger.io). The address can be prefixed with a wildcard (e.g., *.swagger.io).\n", + "type": "string" + }, + "http2": { + "description": "Indicates if the proxy supports HTTP/2 (true) or not (false).\n", + "type": "boolean" + }, + "internalPort": { + "description": "Internal port that the application is listening on.\n", + "type": "integer" + }, + "tls": { + "description": "Indicates if the connection is secured (true) or not (false).\n", + "type": "boolean" + } + }, + "type": "object" + }, + "waas.ExceptionField": { + "description": "ExceptionField is used to perform the protection exception fields", + "properties": { + "key": { + "description": "Field in HTTP request.\n", + "type": "string" + }, + "keyPattern": { + "description": "Match and scrub by keys, relevant when location is not defined.\n", + "type": "boolean" + }, + "location": { + "$ref": "#/components/schemas/waas.ExceptionLocation" + }, + "response": { + "description": "Indicates that sensitive data should be checked in response, only relevant for pattern based sensitive data rule.\n", + "type": "boolean" + }, + "valuePattern": { + "description": "Match and scrub by values, relevant when location is not defined.\n", + "type": "boolean" + } + }, + "type": "object" + }, + "waas.ExceptionLocation": { + "description": "ExceptionLocation indicates exception http field location", + "enum": [ + [ + "path", + "query", + "queryValues", + "cookie", + "UserAgentHeader", + "header", + "body", + "rawBody", + "XMLPath", + "JSONPath" + ] + ], + "type": "string" + }, + "waas.FeatureExceptions": { + "description": "FeatureExceptions represents subnets that should bypass WAAS features", + "properties": { + "subnets": { + "description": "Subnets are network lists for which requests bypass WAAS features.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + "type": "object" + }, + "waas.FileType": { + "description": "FileType is the type of an uploaded file", + "enum": [ + [ + "pdf", + "officeLegacy", + "officeOoxml", + "odf", + "jpeg", + "png", + "gif", + "bmp", + "ico", + "avi", + "mp4", + "aac", + "mp3", + "wav", + "zip", + "gzip", + "rar", + "7zip" + ] + ], + "type": "string" + }, + "waas.FirewallType": { + "description": "FirewallType represents the firewall type", + "enum": [ + [ + "host-proxy", + "host-out-of-band", + "container-proxy", + "container-out-of-band", + "app-embedded", + "agentless", + "REST" + ] + ], + "type": "string" + }, + "waas.GeoData": { + "additionalProperties": { + "$ref": "#/components/schemas/waas.TrafficStats" + }, + "description": "GeoData are the per-country traffic stats", + "type": "object" + }, + "waas.HSTSConfig": { + "description": "HSTSConfig is the HTTP Strict Transport Security configuration in order to enforce HSTS header\nsee: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Strict-Transport-Security", + "properties": { + "enabled": { + "description": "Enabled indicates if HSTS enforcement is enabled.\n", + "type": "boolean" + }, + "includeSubdomains": { + "description": "IncludeSubdomains indicates if this rule applies to all of the site's subdomains as well.\n", + "type": "boolean" + }, + "maxAgeSeconds": { + "description": "maxAgeSeconds is the time (in seconds) that the browser should remember that a site is only be accessed using HTTPS.\n", + "type": "integer" + }, + "preload": { + "description": "Preload indicates if it should support preload.\n", + "type": "boolean" + } + }, + "type": "object" + }, + "waas.HTTPField": { + "description": "HTTPField is used to perform checks on flags and fields", + "properties": { + "key": { + "description": "Key is the key of the field, if exists (e.g. header and cookie).\n", + "type": "string" + }, + "type": { + "$ref": "#/components/schemas/waas.HTTPFieldType" + }, + "value": { + "description": "Value is the value of the field, if exists.\n", + "type": "string" + } + }, + "type": "object" + }, + "waas.HTTPFieldType": { + "description": "HTTPFieldType indicates type of http field", + "enum": [ + [ + "method", + "xmlBody", + "jsonBody", + "formBody", + "multipartBody", + "rawBody", + "rawBodyResponse", + "protobufBody", + "query", + "queryParamName", + "cookie", + "header", + "url" + ] + ], + "type": "string" + }, + "waas.HeaderSpec": { + "description": "HeaderSpec is specification for a single header and its allowed or blocked values", + "properties": { + "allow": { + "description": "Indicates if the flow is to be allowed (true) or blocked (false).\n", + "type": "boolean" + }, + "effect": { + "$ref": "#/components/schemas/waas.Effect" + }, + "name": { + "description": "Header name.\n", + "type": "string" + }, + "required": { + "description": "Indicates if the header must be present (true) or not (false).\n", + "type": "boolean" + }, + "values": { + "description": "Wildcard expressions that represent the header value.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + "type": "object" + }, + "waas.Insight": { + "description": "Insight represents an insight on the dashboard", + "properties": { + "message": { + "description": "Message is the display message of the insight.\n", + "type": "string" + }, + "type": { + "$ref": "#/components/schemas/waas.InsightType" + } + }, + "type": "object" + }, + "waas.InsightType": { + "description": "InsightType is the insight type", + "enum": [ + [ + "vulnerableUnprotectedApps", + "expiredCertificate", + "upcomingCertificateExpiry", + "noAPIProtection" + ] + ], + "type": "string" + }, + "waas.IntelGatheringConfig": { + "description": "IntelGatheringConfig is the configuration for intelligence gathering protections", + "properties": { + "infoLeakageEffect": { + "$ref": "#/components/schemas/waas.Effect" + }, + "removeFingerprintsEnabled": { + "description": "Indicates if server fingerprints should be removed (true) or not (false).\n", + "type": "boolean" + } + }, + "type": "object" + }, + "waas.JSInjectionSpec": { + "description": "JSInjectionSpec is the js injection protection spec", + "properties": { + "enabled": { + "description": "Indicates if JavaScript injection is enabled (true) or not (false).\n", + "type": "boolean" + }, + "timeoutEffect": { + "$ref": "#/components/schemas/waas.Effect" + } + }, + "type": "object" + }, + "waas.KnownBotProtectionsSpec": { + "description": "KnownBotProtectionsSpec is the known bot protections spec", + "properties": { + "archiving": { + "$ref": "#/components/schemas/waas.Effect" + }, + "businessAnalytics": { + "$ref": "#/components/schemas/waas.Effect" + }, + "careerSearch": { + "$ref": "#/components/schemas/waas.Effect" + }, + "contentFeedClients": { + "$ref": "#/components/schemas/waas.Effect" + }, + "educational": { + "$ref": "#/components/schemas/waas.Effect" + }, + "financial": { + "$ref": "#/components/schemas/waas.Effect" + }, + "mediaSearch": { + "$ref": "#/components/schemas/waas.Effect" + }, + "news": { + "$ref": "#/components/schemas/waas.Effect" + }, + "searchEngineCrawlers": { + "$ref": "#/components/schemas/waas.Effect" + } + }, + "type": "object" + }, + "waas.MaliciousUploadConfig": { + "description": "MaliciousUploadConfig is the configuration for file upload protection", + "properties": { + "allowedExtensions": { + "description": "Allowed file extensions.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "allowedFileTypes": { + "description": "Allowed file types.\n", + "items": { + "$ref": "#/components/schemas/waas.FileType" + }, + "type": "array" + }, + "effect": { + "$ref": "#/components/schemas/waas.Effect" + } + }, + "type": "object" + }, + "waas.Method": { + "description": "Method is a method information", + "properties": { + "method": { + "description": "Type of HTTP request (e.g., PUT, GET, etc.).\n", + "type": "string" + }, + "parameters": { + "description": "Parameters that are part of the HTTP request.\n", + "items": { + "$ref": "#/components/schemas/waas.Param" + }, + "type": "array" + } + }, + "type": "object" + }, + "waas.MinTLSVersion": { + "description": "MinTLSVersion is the list of acceptable TLS versions", + "enum": [ + [ + "1.0", + "1.1", + "1.2", + "1.3" + ] + ], + "type": "string" + }, + "waas.MonitoringStats": { + "description": "MonitoringStats are the waas per-profile monitoring stats", + "properties": { + "aggregationStart": { + "description": "AggregationStart indicates when stats aggregation started.\n", + "format": "date-time", + "type": "string" + }, + "firewallType": { + "$ref": "#/components/schemas/waas.FirewallType" + }, + "lastUpdate": { + "description": "LastUpdate indicates when the stats were last updated.\n", + "format": "date-time", + "type": "string" + }, + "profileID": { + "description": "ProfileID is the profile ID.\n", + "type": "string" + }, + "stats": { + "$ref": "#/components/schemas/waas.APIStats" + } + }, + "type": "object" + }, + "waas.NetworkControls": { + "description": "NetworkControls contains the network controls config (e.g., access controls for IPs and countries)", + "properties": { + "advancedProtectionEffect": { + "$ref": "#/components/schemas/waas.Effect" + }, + "countries": { + "$ref": "#/components/schemas/waas.AccessControls" + }, + "exceptionSubnets": { + "description": "Network lists for which requests completely bypass WAAS checks and protections.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "networkControlsExceptionSubnets": { + "$ref": "#/components/schemas/waas.FeatureExceptions" + }, + "subnets": { + "$ref": "#/components/schemas/waas.AccessControls" + } + }, + "type": "object" + }, + "waas.NetworkList": { + "description": "NetworkList represent network list of IP/CIDR in waas", + "properties": { + "_id": { + "description": "Unique ID.\n", + "type": "string" + }, + "description": { + "description": "Description of the network list.\n", + "type": "string" + }, + "disabled": { + "description": "Indicates whether the rule is currently disabled. Values: true (disabled) or false (enabled).\n", + "type": "boolean" + }, + "modified": { + "description": "Specifies the date and time when the rule was last modified.\n", + "format": "date-time", + "type": "string" + }, + "name": { + "description": "Name of the rule.\n", + "type": "string" + }, + "notes": { + "description": "Describes any noteworthy points for a rule. You can include any text.\n", + "type": "string" + }, + "owner": { + "description": "User who created or last modified the rule.\n", + "type": "string" + }, + "previousName": { + "description": "Previous name of the rule. Required for rule renaming.\n", + "type": "string" + }, + "subnets": { + "description": "List of the IPv4 addresses and IP CIDR blocks.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + "type": "object" + }, + "waas.OWASPAPITop10": { + "description": "OWASPAPITop10 represents OWASP API top 10 attacks", + "enum": [ + [ + "excessiveDataExposure", + "lackOfResources&RateLimiting", + "brokenFunctionLevelAuthorization", + "securityMisconfiguration", + "injection" + ] + ], + "type": "string" + }, + "waas.OWASPTop10": { + "description": "OWASPTop10 represents OWASP top 10 attacks", + "enum": [ + [ + "brokenAccessControl", + "cryptographicFailures", + "injection", + "insecureDesign" + ] + ], + "type": "string" + }, + "waas.OpenAPIScan": { + "description": "OpenAPIScan represents the OpenAPI file scan", + "properties": { + "_id": { + "description": "ID is the scan identifier.\n", + "type": "string" + }, + "issueResults": { + "description": "IssueResults are the scanned issues results.\n", + "items": { + "$ref": "#/components/schemas/waas.OpenAPIScanIssueResult" + }, + "type": "array" + }, + "scanInfo": { + "$ref": "#/components/schemas/waas.OpenAPIScanInfo" + }, + "scanStartTime": { + "description": "ScanStartTime is the scan started.\n", + "format": "date-time", + "type": "string" + }, + "severityDistribution": { + "$ref": "#/components/schemas/waas.OpenAPIScanIssuesSeverityDistribution" + }, + "specInfo": { + "$ref": "#/components/schemas/waas.OpenAPISpecInfo" + } + }, + "type": "object" + }, + "waas.OpenAPIScanInfo": { + "description": "OpenAPIScanInfo is the OpenAPI scan info", + "properties": { + "appID": { + "description": "AppID is the WAAS app id the file was imported from.\n", + "type": "string" + }, + "policyType": { + "$ref": "#/components/schemas/common.PolicyType" + }, + "ruleID": { + "description": "RuleID is the WAAS rule id the file was imported from.\n", + "type": "string" + }, + "source": { + "$ref": "#/components/schemas/waas.OpenAPIScanSource" + } + }, + "type": "object" + }, + "waas.OpenAPIScanIssueMetadata": { + "description": "OpenAPIScanIssueMetadata represents the static metadata of an API definition issue\nFields reflect the KICS metadata,\nExample: https://github.com/Checkmarx/kics/blob/master/assets/queries/openAPI/general/items_undefined/metadata.json", + "properties": { + "category": { + "description": "Category is the issue category.\n", + "type": "string" + }, + "descriptionText": { + "description": "DescriptionText is the issue description.\n", + "type": "string" + }, + "descriptionUrl": { + "description": "DescriptionURL is the issue information url.\n", + "type": "string" + }, + "id": { + "description": "ID is the unique identifier of the issue metadata.\n", + "type": "string" + }, + "override": { + "additionalProperties": { + "$ref": "#/components/schemas/waas.OpenAPIScanIssueMetadata" + }, + "description": "Override is the list of possible override fields by OpenAPI version.\n", + "type": "object" + }, + "queryName": { + "description": "Name is the issue name.\n", + "type": "string" + }, + "severity": { + "$ref": "#/components/schemas/waas.OpenAPIScanIssueSeverity" + } + }, + "type": "object" + }, + "waas.OpenAPIScanIssueResult": { + "description": "OpenAPIScanIssueResult represents a specific issue result in the OpenAPI spec file\nFields reflect the KICS rego queries result,\nExample: https://github.com/Checkmarx/kics/blob/master/assets/queries/openAPI/general/items_undefined/query.rego", + "properties": { + "_id": { + "description": "ID is the issue result ID.\n", + "type": "integer" + }, + "category": { + "description": "Category is the issue category.\n", + "type": "string" + }, + "descriptionText": { + "description": "DescriptionText is the issue description.\n", + "type": "string" + }, + "descriptionUrl": { + "description": "DescriptionURL is the issue information url.\n", + "type": "string" + }, + "id": { + "description": "ID is the unique identifier of the issue metadata.\n", + "type": "string" + }, + "override": { + "additionalProperties": { + "$ref": "#/components/schemas/waas.OpenAPIScanIssueMetadata" + }, + "description": "Override is the list of possible override fields by OpenAPI version.\n", + "type": "object" + }, + "queryName": { + "description": "Name is the issue name.\n", + "type": "string" + }, + "searchKey": { + "description": "SearchKey is the issue location in the spec file.\n", + "type": "string" + }, + "severity": { + "$ref": "#/components/schemas/waas.OpenAPIScanIssueSeverity" + }, + "status": { + "description": "Status is the issue status.\n", + "type": "string" + } + }, + "type": "object" + }, + "waas.OpenAPIScanIssueSeverity": { + "description": "OpenAPIScanIssueSeverity is the OpenAPI spec file issue severity", + "enum": [ + [ + "INFO", + "LOW", + "MEDIUM", + "HIGH" + ] + ], + "type": "string" + }, + "waas.OpenAPIScanIssueStatus": { + "description": "OpenAPIScanIssueStatus represents an OpenAPI file issue status", + "properties": { + "id": { + "description": "ID is the issue result ID.\n", + "type": "integer" + }, + "status": { + "description": "Status is the issue status.\n", + "type": "string" + } + }, + "type": "object" + }, + "waas.OpenAPIScanIssuesSeverityDistribution": { + "description": "OpenAPIScanIssuesSeverityDistribution counts the number of issues per severity type", + "properties": { + "high": { + "description": "High is the high severity issues count.\n", + "type": "integer" + }, + "info": { + "description": "Info is the info severity issues count.\n", + "type": "integer" + }, + "low": { + "description": "Low is the low severity issues count.\n", + "type": "integer" + }, + "medium": { + "description": "Medium is the medium severity issues count.\n", + "type": "integer" + } + }, + "type": "object" + }, + "waas.OpenAPIScanSource": { + "description": "OpenAPIScanSource is the scan trigger source", + "enum": [ + [ + "app", + "cli", + "manual" + ] + ], + "type": "string" + }, + "waas.OpenAPISpecInfo": { + "description": "OpenAPISpecInfo is the OpenAPI spec info", + "properties": { + "content": { + "description": "Content is the OpenAPI spec content.\n", + "items": { + "$ref": "#/components/schemas/byte" + }, + "type": "array" + }, + "contentType": { + "description": "ContentType is the OpenAPI spec file content type.\n", + "type": "string" + }, + "fileName": { + "description": "FileName is the OpenAPI spec file name.\n", + "type": "string" + } + }, + "type": "object" + }, + "waas.OutOfBandMode": { + "description": "OutOfBandMode holds the app firewall out-of-band mode", + "enum": [ + [ + "", + "Observation", + "Protection" + ] + ], + "type": "string" + }, + "waas.OutOfBandRuleScope": { + "description": "OutOfBandRuleScope represents the Out-of-Band Rule Scope", + "enum": [ + [ + "container", + "host", + "" + ] + ], + "type": "string" + }, + "waas.Param": { + "description": "Param contains a parameter information", + "properties": { + "allowEmptyValue": { + "description": "Indicates if an empty value is allowed (true) or not (false).\n", + "type": "boolean" + }, + "array": { + "description": "Indicates if multiple values of the specified type are allowed (true) or not (false).\n", + "type": "boolean" + }, + "explode": { + "description": "Indicates if arrays should generate separate parameters for each array item or object property.\n", + "type": "boolean" + }, + "location": { + "$ref": "#/components/schemas/waas.ParamLocation" + }, + "max": { + "description": "Maximum allowable value for a numeric parameter.\n", + "format": "double", + "type": "number" + }, + "min": { + "description": "Minimum allowable value for a numeric parameter.\n", + "format": "double", + "type": "number" + }, + "name": { + "description": "Name of the parameter.\n", + "type": "string" + }, + "required": { + "description": "Indicates if the parameter is required (true) or not (false).\n", + "type": "boolean" + }, + "style": { + "$ref": "#/components/schemas/waas.ParamStyle" + }, + "type": { + "$ref": "#/components/schemas/waas.ParamType" + } + }, + "type": "object" + }, + "waas.ParamLocation": { + "description": "ParamLocation is the location of a parameter", + "enum": [ + [ + "path", + "query", + "cookie", + "header", + "body", + "json", + "xml", + "formData", + "multipart" + ] + ], + "type": "string" + }, + "waas.ParamStyle": { + "description": "ParamStyle is a param format style, defined by OpenAPI specification\nIt describes how the parameter value will be serialized depending on the type of the parameter value.\nRef: https://swagger.io/docs/specification/serialization/\nhttps://github.com/OAI/OpenAPI-Specification/blob/master/versions/3.0.0.md#style-examples", + "enum": [ + [ + "simple", + "spaceDelimited", + "tabDelimited", + "pipeDelimited", + "form", + "matrix", + "label" + ] + ], + "type": "string" + }, + "waas.ParamType": { + "description": "ParamType is the type of a parameter, defined by OpenAPI specification\nRef: https://github.com/OAI/OpenAPI-Specification/blob/master/versions/2.0.md#data-types", + "enum": [ + [ + "integer", + "number", + "string", + "boolean", + "array", + "object" + ] + ], + "type": "string" + }, + "waas.Path": { + "description": "Path is an API path information", + "properties": { + "methods": { + "description": "Supported operations for the path (e.g., PUT, GET, etc.).\n", + "items": { + "$ref": "#/components/schemas/waas.Method" + }, + "type": "array" + }, + "path": { + "description": "Relative path to an endpoint such as \\\"/pet/{petId}\\\".\n", + "type": "string" + } + }, + "type": "object" + }, + "waas.Policy": { + "description": "Policy representation details", + "properties": { + "_id": { + "description": "Unique internal ID.\n", + "type": "string" + }, + "maxPort": { + "description": "Specifies the upper limit (maxima) for a port number to use in an application firewall.\n", + "type": "integer" + }, + "minPort": { + "description": "Specifies the lower limit (minima) for a port number to use in an application firewall.\n", + "type": "integer" + }, + "rules": { + "description": "Specifies the rules in a policy.\n", + "items": { + "$ref": "#/components/schemas/waas.Rule" + }, + "type": "array" + } + }, + "type": "object" + }, + "waas.PolicyStats": { + "description": "PolicyStats contains the WAAS policy statistics", + "properties": { + "appStats": { + "$ref": "#/components/schemas/waas.AppStats" + }, + "apps": { + "description": "Apps is the total amount of apps in the WAAS policies.\n", + "type": "integer" + }, + "rules": { + "description": "Rules is the total amount of rules in the WAAS policies.\n", + "type": "integer" + } + }, + "type": "object" + }, + "waas.Protection": { + "description": "Protection is the type of protection", + "enum": [ + [ + "firewall", + "dos", + "bot", + "custom", + "accessControl" + ] + ], + "type": "string" + }, + "waas.ProtectionConfig": { + "description": "ProtectionConfig represents a WAAS protection config", + "properties": { + "effect": { + "$ref": "#/components/schemas/waas.Effect" + }, + "exceptionFields": { + "description": "Exceptions.\n", + "items": { + "$ref": "#/components/schemas/waas.ExceptionField" + }, + "type": "array" + } + }, + "type": "object" + }, + "waas.ProtectionStatus": { + "description": "ProtectionStatus describes the status of the WAAS protection", + "properties": { + "enabled": { + "description": "Enabled indicates if WAAS proxy protection is enabled (true) or not (false).\n", + "type": "boolean" + }, + "outOfBandMode": { + "$ref": "#/components/schemas/waas.OutOfBandMode" + }, + "ports": { + "description": "Ports indicates http open ports associated with the container.\n", + "items": { + "$ref": "#/components/schemas/int" + }, + "type": "array" + }, + "supported": { + "description": "Supported indicates if WAAS protection is supported (true) or not (false).\n", + "type": "boolean" + }, + "tlsPorts": { + "description": "TLSPorts indicates https open ports associated with the container.\n", + "items": { + "$ref": "#/components/schemas/int" + }, + "type": "array" + }, + "unprotectedProcesses": { + "description": "UnprotectedProcesses holds the processes that support HTTP/HTTPS without WAAS protection.\n", + "items": { + "$ref": "#/components/schemas/waas.UnprotectedProcess" + }, + "type": "array" + } + }, + "type": "object" + }, + "waas.ReCAPTCHASpec": { + "description": "ReCAPTCHASpec is the reCAPTCHA spec", + "properties": { + "allSessions": { + "description": "Indicates if the reCAPTCHA page is served at the start of every new session (true) or not (false).\n", + "type": "boolean" + }, + "customPageSpec": { + "$ref": "#/components/schemas/waas.CustomReCAPTCHAPageSpec" + }, + "enabled": { + "description": "Indicates if reCAPTCHA integration is enabled (true) or not (false).\n", + "type": "boolean" + }, + "secretKey": { + "$ref": "#/components/schemas/common.Secret" + }, + "siteKey": { + "description": "ReCAPTCHA site key to use when invoking the reCAPTCHA service.\n", + "type": "string" + }, + "successExpirationHours": { + "description": "Duration for which the indication of reCAPTCHA success is kept. Maximum value is 30 days * 24 = 720 hours.\n", + "type": "integer" + }, + "type": { + "$ref": "#/components/schemas/waas.ReCAPTCHAType" + } + }, + "type": "object" + }, + "waas.ReCAPTCHAType": { + "description": "ReCAPTCHAType is the reCAPTCHA configured type", + "enum": [ + [ + "checkbox", + "invisible" + ] + ], + "type": "string" + }, + "waas.RemoteHostForwardingConfig": { + "description": "RemoteHostForwardingConfig defines a remote host to forward requests to", + "properties": { + "enabled": { + "description": "Indicates if remote host forwarding is enabled (true) or not (false).\n", + "type": "boolean" + }, + "target": { + "description": "Remote host to forward requests to.\n", + "type": "string" + } + }, + "type": "object" + }, + "waas.ReqErrorCtx": { + "description": "ReqErrorCtx is the request error context", + "properties": { + "defender": { + "description": "Defender is the defender name from which the error originated.\n", + "type": "string" + }, + "err": { + "description": "Err is the API error.\n", + "type": "string" + }, + "requestInspectionDuration": { + "description": "RequestInspectionDuration is the request inspection handling time by the WAAS plugins (time spent in WAAS before forwarding the request and handling the response).\n", + "format": "int64", + "type": "integer" + }, + "requestStart": { + "description": "RequestStart is the request start time.\n", + "format": "date-time", + "type": "string" + }, + "route": { + "description": "Route is the API route.\n", + "type": "string" + }, + "serveDuration": { + "description": "ServeDuration is the total request handling time including forwarding and response until the error.\n", + "format": "int64", + "type": "integer" + } + }, + "type": "object" + }, + "waas.RequestAnomalies": { + "description": "RequestAnomalies is the request anomalies spec", + "properties": { + "effect": { + "$ref": "#/components/schemas/waas.Effect" + }, + "threshold": { + "$ref": "#/components/schemas/waas.RequestAnomalyThreshold" + } + }, + "type": "object" + }, + "waas.RequestAnomalyThreshold": { + "description": "RequestAnomalyThreshold is the score threshold for which request anomaly violation is triggered", + "enum": [ + [ + "3", + "6", + "9" + ] + ], + "type": "integer" + }, + "waas.ResponseCodeStats": { + "description": "ResponseCodeStats holds counts of different response types\nCategories taken from: https://developer.mozilla.org/en-US/docs/Web/HTTP/Status", + "properties": { + "clientErrors": { + "description": "ClientErrors are the codes in the 400-499 range.\n", + "type": "integer" + }, + "informational": { + "description": "Informational are the codes in the 100-199 range.\n", + "type": "integer" + }, + "redirects": { + "description": "Redirects are the codes in the 300-399 range.\n", + "type": "integer" + }, + "serverErrors": { + "description": "ServerErrors are the codes in the 500-599 range.\n", + "type": "integer" + }, + "successful": { + "description": "Successful are the codes in the 200-299 range.\n", + "type": "integer" + } + }, + "type": "object" + }, + "waas.ResponseHeaderSpec": { + "description": "ResponseHeaderSpec is specification for a single response header to modify", + "properties": { + "name": { + "description": "Header name (will be canonicalized when possible).\n", + "type": "string" + }, + "override": { + "description": "Indicates whether to override existing values (true) or add to them (false).\n", + "type": "boolean" + }, + "values": { + "description": "New header values.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + "type": "object" + }, + "waas.Rule": { + "description": "Rule details for an application firewall", + "properties": { + "allowMalformedHttpHeaderNames": { + "description": "Indicates whether to allow non-compliant characters in the HTTP request header.\n", + "type": "boolean" + }, + "applicationsSpec": { + "description": "Lists the OpenAPI specifications in a rule.\n", + "items": { + "$ref": "#/components/schemas/waas.ApplicationSpec" + }, + "type": "array" + }, + "autoProtectPorts": { + "description": "Indicates whether to automatically detect and protect the HTTP ports.\n", + "type": "boolean" + }, + "collections": { + "description": "Scopes the rule based on a list of collections.\n", + "items": { + "$ref": "#/components/schemas/collection.Collection" + }, + "type": "array" + }, + "disabled": { + "description": "Indicates whether the rule is currently disabled. Values: true (disabled) or false (enabled).\n", + "type": "boolean" + }, + "modified": { + "description": "Specifies the date and time when the rule was last modified.\n", + "format": "date-time", + "type": "string" + }, + "name": { + "description": "Name of the rule.\n", + "type": "string" + }, + "notes": { + "description": "Describes any noteworthy points for a rule. You can include any text.\n", + "type": "string" + }, + "outOfBandScope": { + "$ref": "#/components/schemas/waas.OutOfBandRuleScope" + }, + "owner": { + "description": "User who created or last modified the rule.\n", + "type": "string" + }, + "previousName": { + "description": "Previous name of the rule. Required for rule renaming.\n", + "type": "string" + }, + "readTimeoutSeconds": { + "description": "Specifies the timeout of the request reads in seconds. Default: 5 seconds.\n", + "type": "integer" + }, + "skipAPILearning": { + "description": "Indicates whether to skip the API discovery. Values: true (skipped) or false (Do not skip).\n", + "type": "boolean" + }, + "trafficMirroring": { + "$ref": "#/components/schemas/waas.TrafficMirroringConfig" + }, + "windows": { + "description": "Indicates whether the operating system of the app is Microsoft Windows. The default is Linux.\n", + "type": "boolean" + } + }, + "type": "object" + }, + "waas.SameSite": { + "description": "SameSite allows a server to define a cookie attribute making it impossible for\nthe browser to send this cookie along with cross-site requests. The main\ngoal is to mitigate the risk of cross-origin information leakage, and provide\nsome protection against cross-site request forgery attacks.\n\nSee https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie/SameSite for details", + "enum": [ + [ + "Lax", + "Strict", + "None" + ] + ], + "type": "string" + }, + "waas.SensitiveDataSpec": { + "description": "SensitiveDataSpec defined a single sensitive data specification", + "properties": { + "disabled": { + "description": "Indicates whether the rule is currently disabled. Values: true (disabled) or false (enabled).\n", + "type": "boolean" + }, + "key": { + "description": "Field in HTTP request.\n", + "type": "string" + }, + "keyPattern": { + "description": "Match and scrub by keys, relevant when location is not defined.\n", + "type": "boolean" + }, + "location": { + "$ref": "#/components/schemas/waas.ExceptionLocation" + }, + "modified": { + "description": "Specifies the date and time when the rule was last modified.\n", + "format": "date-time", + "type": "string" + }, + "name": { + "description": "Name of the rule.\n", + "type": "string" + }, + "notes": { + "description": "Describes any noteworthy points for a rule. You can include any text.\n", + "type": "string" + }, + "owner": { + "description": "User who created or last modified the rule.\n", + "type": "string" + }, + "placeholder": { + "description": "Placeholder is the placeholder text to replace the matched field content.\n", + "type": "string" + }, + "previousName": { + "description": "Previous name of the rule. Required for rule renaming.\n", + "type": "string" + }, + "response": { + "description": "Indicates that sensitive data should be checked in response, only relevant for pattern based sensitive data rule.\n", + "type": "boolean" + }, + "sensitiveData": { + "description": "SensitiveData indicates this spec is used for marking APIs as using sensitive data for API discovery.\n", + "type": "boolean" + }, + "skipLogScrubbing": { + "description": "SkipLogScrubbing indicates this spec is not used for log scrubbing.\n", + "type": "boolean" + }, + "valuePattern": { + "description": "Match and scrub by values, relevant when location is not defined.\n", + "type": "boolean" + } + }, + "type": "object" + }, + "waas.SensitiveDataSpecs": { + "description": "SensitiveDataSpecs is the sensitive data specifications", + "items": { + "$ref": "#/components/schemas/waas.SensitiveDataSpec" + }, + "type": "array" + }, + "waas.SizeRangeDistribution": { + "additionalProperties": { + "$ref": "#/components/schemas/int" + }, + "type": "object" + }, + "waas.StatusCodeDistribution": { + "additionalProperties": { + "$ref": "#/components/schemas/int" + }, + "type": "object" + }, + "waas.StatusCodeRange": { + "description": "StatusCodeRange represents a status code range", + "properties": { + "end": { + "description": "End of the range. Can be omitted if using a single status code.\n", + "type": "integer" + }, + "start": { + "description": "Start of the range. Can also be used for a single, non-range value.\n", + "type": "integer" + } + }, + "type": "object" + }, + "waas.TLSConfig": { + "description": "TLSConfig holds the user TLS configuration and the certificate data", + "properties": { + "HSTSConfig": { + "$ref": "#/components/schemas/waas.HSTSConfig" + }, + "metadata": { + "$ref": "#/components/schemas/waas.CertificateMeta" + }, + "minTLSVersion": { + "$ref": "#/components/schemas/waas.MinTLSVersion" + } + }, + "type": "object" + }, + "waas.TrafficMirroringConfig": { + "description": "TrafficMirroringConfig specifies the traffic mirroring configuration is fine in that case", + "properties": { + "enabled": { + "description": "TODO #41884 - remove traffic mirroring enabled flag when no longer needed for BC\nEnabled indicates if traffic mirroring is enabled.\n", + "type": "boolean" + }, + "sampling": { + "description": "Sampling indicates if this is a sampling VPC.\n", + "type": "boolean" + }, + "vpcConfig": { + "$ref": "#/components/schemas/waas.VPCConfig" + } + }, + "type": "object" + }, + "waas.TrafficStats": { + "description": "TrafficStats are traffic stats", + "properties": { + "attacks": { + "description": ".\n", + "type": "integer" + }, + "requests": { + "description": ".\n", + "type": "integer" + } + }, + "type": "object" + }, + "waas.UnknownBotProtectionSpec": { + "description": "UnknownBotProtectionSpec is the unknown bot protection spec", + "properties": { + "apiLibraries": { + "$ref": "#/components/schemas/waas.Effect" + }, + "botImpersonation": { + "$ref": "#/components/schemas/waas.Effect" + }, + "browserImpersonation": { + "$ref": "#/components/schemas/waas.Effect" + }, + "generic": { + "$ref": "#/components/schemas/waas.Effect" + }, + "httpLibraries": { + "$ref": "#/components/schemas/waas.Effect" + }, + "requestAnomalies": { + "$ref": "#/components/schemas/waas.RequestAnomalies" + }, + "webAutomationTools": { + "$ref": "#/components/schemas/waas.Effect" + }, + "webScrapers": { + "$ref": "#/components/schemas/waas.Effect" + } + }, + "type": "object" + }, + "waas.UnprotectedAppsVulnStats": { + "description": "UnprotectedAppsVulnStats contains vulnerability statistics of unprotected web apps", + "properties": { + "critical": { + "description": ".\n", + "type": "integer" + }, + "high": { + "description": ".\n", + "type": "integer" + }, + "low": { + "description": ".\n", + "type": "integer" + }, + "medium": { + "description": ".\n", + "type": "integer" + }, + "none": { + "description": ".\n", + "type": "integer" + } + }, + "type": "object" + }, + "waas.UnprotectedContainersWebApps": { + "description": "UnprotectedContainersWebApps contains the result of scanning unprotected containers summary", + "properties": { + "_id": { + "description": "Image is the image name.\n", + "type": "string" + }, + "count": { + "description": "Count is the sum of containers using this image.\n", + "type": "integer" + }, + "ports": { + "description": "Ports is the open http ports on containers using this image.\n", + "items": { + "$ref": "#/components/schemas/int" + }, + "type": "array" + }, + "tlsPorts": { + "description": "TLSPorts is the open https ports on containers using this image.\n", + "items": { + "$ref": "#/components/schemas/int" + }, + "type": "array" + } + }, + "type": "object" + }, + "waas.UnprotectedHostsWebApps": { + "description": "UnprotectedHostsWebApps contains the result of scanning unprotected hosts summary", + "properties": { + "hostname": { + "description": "Hostname is the host name.\n", + "type": "string" + }, + "unprotectedProcesses": { + "description": "UnprotectedProcesses is processes that uses HTTP/HTTPs but are unprotected by WAAS.\n", + "items": { + "$ref": "#/components/schemas/waas.UnprotectedProcess" + }, + "type": "array" + } + }, + "type": "object" + }, + "waas.UnprotectedProcess": { + "description": "UnprotectedProcess holds unprotected processes alongside the port", + "properties": { + "port": { + "description": "Port is the process port.\n", + "type": "integer" + }, + "process": { + "description": "Process is the process name.\n", + "type": "string" + }, + "tls": { + "description": "TLS is the port TLS indication.\n", + "type": "boolean" + } + }, + "type": "object" + }, + "waas.UserDefinedBot": { + "description": "UserDefinedBot indicates a user-defined bot and its effect", + "properties": { + "effect": { + "$ref": "#/components/schemas/waas.Effect" + }, + "headerName": { + "description": "Header name which defines the bot.\n", + "type": "string" + }, + "headerValues": { + "description": "Header values corresponding to the header name. Can contain wildcards.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "name": { + "description": "Name of the bot.\n", + "type": "string" + }, + "subnets": { + "description": "Subnets where the bot originates. Specify using network lists.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + "type": "object" + }, + "waas.VPCConfig": { + "description": "VPCConfig is the VPC configuration (there is a 1-to-1 relation with the rule, only one configuration per rule)", + "properties": { + "autoScalingEnabled": { + "description": "AutoScalingEnabled indicates that the deployment is made with auto VPC observer instances scaling.\n", + "type": "boolean" + }, + "autoScalingMaxInstances": { + "description": "AutoScalingMaxInstances is the maximum deployed instances when auto scaling is enabled.\n", + "type": "integer" + }, + "configID": { + "description": "ConfigID is a unique ID for the configuration.\n", + "type": "string" + }, + "consoleHostname": { + "description": "ConsoleHostname represents the hostname of the console to connect to.\n", + "type": "string" + }, + "credentialID": { + "description": "CredentialID is the service provider authentication data.\n", + "type": "string" + }, + "instanceNames": { + "description": "InstanceNames are the names of the instances to mirror (can be wildcard).\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "instanceType": { + "description": "InstanceType is the instance type to use for the defender instance.\n", + "type": "string" + }, + "lbARN": { + "description": "LBARN is the ARN of the observed load balancer.\n", + "type": "string" + }, + "lbName": { + "description": "LBName is the name of the observed load balancer.\n", + "type": "string" + }, + "lbType": { + "description": "LBType is the type of the observed load balancer (currentlly only ALB is supported).\n", + "type": "string" + }, + "ports": { + "description": "Ports are the ports to mirror.\n", + "items": { + "$ref": "#/components/schemas/int" + }, + "type": "array" + }, + "region": { + "description": "Region is the AWS region the mirrored VMs are located in.\n", + "type": "string" + }, + "subnetID": { + "description": "SubnetID is the ID of the subnet the defender will be deployed in.\n", + "type": "string" + }, + "tags": { + "description": "Tags are the tags to filter for instances to mirror in Key:Value format or \"*\".\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "vpcID": { + "description": "VPCID is the ID of the VPC to look for instances to mirror and to deploy the defender in.\n", + "type": "string" + } + }, + "type": "object" + }, + "waas.VPCConfigMirroredResource": { + "description": "VPCConfigMirroredResource is a resource(vm or LB) mirrored by a VPC configuration deployment", + "properties": { + "id": { + "description": "ID is the resource ID.\n", + "type": "string" + }, + "name": { + "description": "Name is the resource name.\n", + "type": "string" + } + }, + "type": "object" + }, + "waas.VPCConfigResource": { + "description": "VPCConfigResource is a resource created by a VPC configuration deployment", + "properties": { + "id": { + "description": "ID is the resource ID.\n", + "type": "string" + }, + "name": { + "description": "Name is the resource name.\n", + "type": "string" + }, + "type": { + "description": "Type is the resource type.\n", + "type": "string" + } + }, + "type": "object" + }, + "waas.VPCConfigState": { + "description": "VPCConfigState is the state of a VPC configuration\nThis includes only the state needed by the frontend\nbson bindings do not omit empty as the structure is updated using upsert and fields may need to be set to empty value", + "properties": { + "configID": { + "description": "ConfigID is the ID of the VPC configuration.\n", + "type": "string" + }, + "error": { + "description": "Error is the error received during deployment (on failure).\n", + "type": "string" + }, + "lastUpdate": { + "description": "LastUpdate is the time when the deployment was last updated.\n", + "format": "date-time", + "type": "string" + }, + "status": { + "$ref": "#/components/schemas/waas.VPCConfigStatus" + } + }, + "type": "object" + }, + "waas.VPCConfigStatus": { + "description": "VPCConfigStatus is the status of a VPC configuration deployment", + "enum": [ + [ + "inProcess", + "error", + "ready", + "deletionInProgress", + "deleteError", + "deleted" + ] + ], + "type": "string" + }, + "waas.WebAppsDiscoverySettings": { + "description": "WebAppsDiscoverySettings is the web apps discovery settings", + "properties": { + "disabled": { + "description": "Disabled indicates whether web apps discovery is disabled.\n", + "type": "boolean" + } + }, + "type": "object" + }, + "wildfire.Usage": { + "description": "Usage holds wildfire usage stats, period for the usage varies with context", + "properties": { + "bytes": { + "description": "Bytes is the total number of bytes uploaded to the WildFire API.\n", + "format": "int64", + "type": "integer" + }, + "queries": { + "description": "Queries is the number of queries to the WildFire API.\n", + "format": "int64", + "type": "integer" + }, + "uploads": { + "description": "Uploads is the number of uploads to the WildFire API.\n", + "format": "int64", + "type": "integer" + } + }, + "type": "object" + } + } + }, + "info": { + "title": "Prisma Cloud Compute API", + "version": "33.03.138", + "description": { + "$ref": "desc/intro.md" + } + }, + "openapi": "3.0.3", + "paths": { + "/api/v1/certs/ca.pem": { + "get": { + "description": { + "$ref": "desc/certs/capem_get.md" + }, + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Certs" + ], + "x-prisma-cloud-target-env": { + "permission": "accessUI" + }, + "operationId": "get-certs-ca.pem", + "summary": "Get CA PEM Certificate File" + } + }, + "/api/v1/certs/server-certs.sh": { + "get": { + "description": { + "$ref": "desc/certs/server-certs_get.md" + }, + "parameters": [ + { + "description": "OS is the target os.\n", + "in": "query", + "name": "os", + "schema": { + "type": "string" + } + }, + { + "description": "IPs is the list of addresses for which the certificates are generated.\n", + "in": "query", + "name": "ip", + "schema": { + "type": "string" + } + }, + { + "description": "Hostname is the target defender hostname.\n", + "in": "query", + "name": "hostname", + "schema": { + "type": "string" + } + } + ], + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/-_uint8" + } + } + }, + "description": "" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Certs" + ], + "x-prisma-cloud-target-env": { + "permission": "manageDefenders" + }, + "operationId": "get-certs-server-certs.sh", + "summary": "Get Server Certificates" + } + }, + "/api/v1/registry/webhook/webhook": { + "delete": { + "description": { + "$ref": "desc/registry/webhook_webhook_delete.md" + }, + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Registry" + ], + "x-prisma-cloud-target-env": { + "permission": "none" + }, + "operationId": "delete-registry-webhook-webhook", + "summary": "Delete a Registry Webhook" + }, + "post": { + "description": { + "$ref": "desc/registry/webhook_webhook_post.md" + }, + "requestBody": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/types.RegistryWebhookRequest" + } + } + } + }, + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Registry" + ], + "x-prisma-cloud-target-env": { + "permission": "none" + }, + "operationId": "post-registry-webhook-webhook", + "summary": "Registry Webhook" + } + }, + "/api/v1/util/prisma-cloud-jenkins-plugin.hpi": { + "get": { + "description": { + "$ref": "desc/util/twistlock_jenkins_plugin_get.md" + }, + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Util" + ], + "x-prisma-cloud-target-env": { + "permission": "downloads" + }, + "operationId": "get-util-prisma-cloud-jenkins-plugin.hpi", + "summary": "Download Jenkins Plugin for Prisma Cloud Compute" + } + }, + "/api/v1/util/tas-tile": { + "get": { + "description": { + "$ref": "desc/util/twistlock_tas_tile_get.md" + }, + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Util" + ], + "x-prisma-cloud-target-env": { + "permission": "manageDefenders" + }, + "operationId": "get-util-tas-tile", + "summary": "Download VMware TAS Tile for Prisma Cloud Compute" + } + }, + "/api/v33.03/_ping": { + "get": { + "description": { + "$ref": "desc/_ping/get.md" + }, + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/-_uint8" + } + } + }, + "description": "" + }, + "default": { + "description": "" + } + }, + "tags": [ + "_Ping" + ], + "x-prisma-cloud-target-env": { + "permission": "none" + }, + "operationId": "get-_ping", + "summary": "Ping" + } + }, + "/api/v33.03/agentless/progress": { + "get": { + "description": { + "$ref": "desc/agentless/get_agentless_progress.md" + }, + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/-_shared.Progress" + } + } + }, + "description": "" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Agentless" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorHosts" + }, + "operationId": "get-agentless-progress", + "summary": "View the Agentless Scan Progress" + } + }, + "/api/v33.03/agentless/scan": { + "post": { + "description": { + "$ref": "desc/agentless/post_agentless_scan.md" + }, + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Agentless" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorHosts" + }, + "operationId": "post-agentless-scan", + "summary": "Start Agentless Scan" + } + }, + "/api/v33.03/agentless/stop": { + "post": { + "description": { + "$ref": "desc/agentless/post_agentless_stop.md" + }, + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Agentless" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorHosts" + }, + "operationId": "post-agentless-stop", + "summary": "Stop an Ongoing Scan" + } + }, + "/api/v33.03/agentless/templates": { + "post": { + "description": { + "$ref": "desc/agentless/post_agentless_templates.md" + }, + "requestBody": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/types.AgentlessResourceTemplatesRequest" + } + } + } + }, + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Agentless" + ], + "x-prisma-cloud-target-env": { + "permission": "manageCreds" + }, + "operationId": "post-agentless-templates", + "summary": "Download Agentless Permission Templates" + } + }, + "/api/v33.03/application-control/host": { + "get": { + "description": { + "$ref": "desc/application-control/get.md" + }, + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/-_applicationcontrol.Rule" + } + } + }, + "description": "" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Application-Control" + ], + "x-prisma-cloud-target-env": { + "permission": "policyHosts" + }, + "operationId": "get-application-control-host", + "summary": "Host Application Control Rule" + }, + "put": { + "description": { + "$ref": "desc/application-control/put.md" + }, + "requestBody": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/applicationcontrol.Rule" + } + } + } + }, + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/applicationcontrol.Rule" + } + } + }, + "description": "Rule represents an application control policy rule" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Application-Control" + ], + "x-prisma-cloud-target-env": { + "permission": "policyHosts" + }, + "operationId": "put-application-control-host", + "summary": "Update Host Application Control Rules" + } + }, + "/api/v33.03/application-control/host/{id}": { + "delete": { + "description": { + "$ref": "desc/application-control/id_delete.md" + }, + "parameters": [ + { + "in": "path", + "name": "id", + "required": true, + "schema": { + "type": "string" + } + } + ], + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Application-Control" + ], + "x-prisma-cloud-target-env": { + "permission": "policyHosts" + }, + "operationId": "delete-application-control-host-id", + "summary": "Delete a Host Application Control Rule" + } + }, + "/api/v33.03/audits/access": { + "get": { + "description": { + "$ref": "desc/audits/access_get.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Limit is the amount to fix.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Sorts the result using a key.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": "From is an optional minimum time constraints for the audit.\n", + "in": "query", + "name": "from", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "To is an optional maximum time constraints for the audit.\n", + "in": "query", + "name": "to", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "Type is the audit type.\n", + "in": "query", + "name": "type", + "schema": { + "type": "string" + } + }, + { + "description": "RuleNames are the rules names to filter by.\n", + "in": "query", + "name": "ruleName", + "schema": { + "description": "RuleNames are the rules names to filter by.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "APIs are apis to filter by.\n", + "in": "query", + "name": "api", + "schema": { + "description": "APIs are apis to filter by.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Hosts are hosts to filter by.\n", + "in": "query", + "name": "hostname", + "schema": { + "description": "Hosts are hosts to filter by.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Users are users to filter by.\n", + "in": "query", + "name": "user", + "schema": { + "description": "Users are users to filter by.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Allow indicated whether allowed requests should be shown.\n", + "in": "query", + "name": "allow", + "schema": { + "type": "string" + } + }, + { + "description": "Clusters is the cluster filter.\n", + "in": "query", + "name": "cluster", + "schema": { + "description": "Clusters is the cluster filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + } + ], + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/-_shared.Audit" + } + } + }, + "description": "" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Audits" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorAccessDocker" + }, + "operationId": "get-audits-access", + "summary": "Get Docker Access Audit Events" + } + }, + "/api/v33.03/audits/access/download": { + "get": { + "description": { + "$ref": "desc/audits/access_download_get.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Limit is the amount to fix.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Sorts the result using a key.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": "From is an optional minimum time constraints for the audit.\n", + "in": "query", + "name": "from", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "To is an optional maximum time constraints for the audit.\n", + "in": "query", + "name": "to", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "Type is the audit type.\n", + "in": "query", + "name": "type", + "schema": { + "type": "string" + } + }, + { + "description": "RuleNames are the rules names to filter by.\n", + "in": "query", + "name": "ruleName", + "schema": { + "description": "RuleNames are the rules names to filter by.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "APIs are apis to filter by.\n", + "in": "query", + "name": "api", + "schema": { + "description": "APIs are apis to filter by.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Hosts are hosts to filter by.\n", + "in": "query", + "name": "hostname", + "schema": { + "description": "Hosts are hosts to filter by.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Users are users to filter by.\n", + "in": "query", + "name": "user", + "schema": { + "description": "Users are users to filter by.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Allow indicated whether allowed requests should be shown.\n", + "in": "query", + "name": "allow", + "schema": { + "type": "string" + } + }, + { + "description": "Clusters is the cluster filter.\n", + "in": "query", + "name": "cluster", + "schema": { + "description": "Clusters is the cluster filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + } + ], + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Audits" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorAccessDocker" + }, + "operationId": "get-audits-access-download", + "summary": "Download Docker Access Audit Events" + } + }, + "/api/v33.03/audits/admission": { + "get": { + "description": { + "$ref": "desc/audits/admission_get.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Limit is the amount to fix.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Sorts the result using a key.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": "From is an optional minimum time constraints for the activity.\n", + "in": "query", + "name": "from", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "To is an optional maximum time constraints for the activity.\n", + "in": "query", + "name": "to", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "Namespaces is the list of namespaces to use for filtering.\n", + "in": "query", + "name": "namespace", + "schema": { + "description": "Namespaces is the list of namespaces to use for filtering.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Operations is the list of operations to use for filtering.\n", + "in": "query", + "name": "operation", + "schema": { + "description": "Operations is the list of operations to use for filtering.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Clusters is the cluster filter.\n", + "in": "query", + "name": "cluster", + "schema": { + "description": "Clusters is the cluster filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "AttackTechniques are the MITRE attack techniques.\n", + "in": "query", + "name": "attackTechniques", + "schema": { + "description": "AttackTechniques are the MITRE attack techniques.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + } + ], + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/-_admission.Audit" + } + } + }, + "description": "" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Audits" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorAccessKubernetes" + }, + "operationId": "get-audits-admission", + "summary": "Get Admission Audit Events" + } + }, + "/api/v33.03/audits/admission/download": { + "get": { + "description": { + "$ref": "desc/audits/admission_download_get.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Limit is the amount to fix.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Sorts the result using a key.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": "From is an optional minimum time constraints for the activity.\n", + "in": "query", + "name": "from", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "To is an optional maximum time constraints for the activity.\n", + "in": "query", + "name": "to", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "Namespaces is the list of namespaces to use for filtering.\n", + "in": "query", + "name": "namespace", + "schema": { + "description": "Namespaces is the list of namespaces to use for filtering.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Operations is the list of operations to use for filtering.\n", + "in": "query", + "name": "operation", + "schema": { + "description": "Operations is the list of operations to use for filtering.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Clusters is the cluster filter.\n", + "in": "query", + "name": "cluster", + "schema": { + "description": "Clusters is the cluster filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "AttackTechniques are the MITRE attack techniques.\n", + "in": "query", + "name": "attackTechniques", + "schema": { + "description": "AttackTechniques are the MITRE attack techniques.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + } + ], + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Audits" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorAccessKubernetes" + }, + "operationId": "get-audits-admission-download", + "summary": "Download Admission Audit Events" + } + }, + "/api/v33.03/audits/firewall/app/agentless": { + "get": { + "description": { + "$ref": "desc/audits/waas_agentless_get.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Limit is the amount to fix.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Sorts the result using a key.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": "From is an optional minimum time constraints for the audit.\n", + "in": "query", + "name": "from", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "To is an optional maximum time constraints for the audit.\n", + "in": "query", + "name": "to", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "Images is the image names filter.\n", + "in": "query", + "name": "imageName", + "schema": { + "description": "Images is the image names filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Containers is the container names filter.\n", + "in": "query", + "name": "containerName", + "schema": { + "description": "Containers is the container names filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Hosts is the hostnames filter.\n", + "in": "query", + "name": "hostname", + "schema": { + "description": "Hosts is the hostnames filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "RuleNames is the rule names filter.\n", + "in": "query", + "name": "ruleName", + "schema": { + "description": "RuleNames is the rule names filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Types is the firewall audit type filter.\n", + "in": "query", + "name": "type", + "schema": { + "description": "Types is the firewall audit type filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Effect is used to filter by runtime audit effect.\n", + "in": "query", + "name": "effect", + "schema": { + "type": "string" + } + }, + { + "description": "RuleAppIDs is the rule app IDs filter.\n", + "in": "query", + "name": "ruleAppID", + "schema": { + "description": "RuleAppIDs is the rule app IDs filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "FunctionName is used to filter by function name.\n", + "in": "query", + "name": "function", + "schema": { + "description": "FunctionName is used to filter by function name.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Runtime is used to filter by runtime.\n", + "in": "query", + "name": "runtime", + "schema": { + "description": "Runtime is used to filter by runtime.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Namespaces is the list of namespaces to use for filtering.\n", + "in": "query", + "name": "ns", + "schema": { + "description": "Namespaces is the list of namespaces to use for filtering.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "AppIDs is the app embedded appID filter.\n", + "in": "query", + "name": "appID", + "schema": { + "description": "AppIDs is the app embedded appID filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Subnets is the source IPs filter.\n", + "in": "query", + "name": "subnet", + "schema": { + "description": "Subnets is the source IPs filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "ConnectingIPs is the connecting IPs filter.\n", + "in": "query", + "name": "connectingIPs", + "schema": { + "description": "ConnectingIPs is the connecting IPs filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Countries is the source IP country filter.\n", + "in": "query", + "name": "country", + "schema": { + "description": "Countries is the source IP country filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "UserAgents is the user agent header filter.\n", + "in": "query", + "name": "userAgentHeader", + "schema": { + "description": "UserAgents is the user agent header filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "URLs is the URL filter.\n", + "in": "query", + "name": "url", + "schema": { + "description": "URLs is the URL filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "RequestHosts is the request host filter.\n", + "in": "query", + "name": "requestHost", + "schema": { + "description": "RequestHosts is the request host filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Paths is the URL path filter.\n", + "in": "query", + "name": "urlPath", + "schema": { + "description": "Paths is the URL path filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Queries is the URL query filter.\n", + "in": "query", + "name": "urlQuery", + "schema": { + "description": "Queries is the URL query filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Methods is the request method filter.\n", + "in": "query", + "name": "method", + "schema": { + "description": "Methods is the request method filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "RequestHeaderNames is the request header names filter.\n", + "in": "query", + "name": "requestHeaderNames", + "schema": { + "description": "RequestHeaderNames is the request header names filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "OS is the OS filter.\n", + "in": "query", + "name": "os", + "schema": { + "description": "OS is the OS filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Messages is the audit message text filter.\n", + "in": "query", + "name": "msg", + "schema": { + "description": "Messages is the audit message text filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Cluster is the audit cluster filter.\n", + "in": "query", + "name": "cluster", + "schema": { + "description": "Cluster is the audit cluster filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "AttackTechniques are the MITRE attack techniques.\n", + "in": "query", + "name": "attackTechniques", + "schema": { + "description": "AttackTechniques are the MITRE attack techniques.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Aggregate indicates whether the result audits should be aggregated according to the Select field.\n", + "in": "query", + "name": "aggregate", + "schema": { + "type": "boolean" + } + }, + { + "description": "Protections is the firewall audit protection type filter.\n", + "in": "query", + "name": "protection", + "schema": { + "description": "Protections is the firewall audit protection type filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "EventID is the event IDs filter.\n", + "in": "query", + "name": "eventID", + "schema": { + "description": "EventID is the event IDs filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "OWASPTop10 is the OWASP top 10 filter.\n", + "in": "query", + "name": "owaspTop10", + "schema": { + "description": "OWASPTop10 is the OWASP top 10 filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "OWASPAPITop10 is the OWASP API top 10 filter.\n", + "in": "query", + "name": "owaspAPITop10", + "schema": { + "description": "OWASPAPITop10 is the OWASP API top 10 filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "AdditionalHash is used to filter by the additional hash value.\n", + "in": "query", + "name": "additionalHash", + "schema": { + "description": "AdditionalHash is used to filter by the additional hash value.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "ModelPath is used to filter by the API model path.\n", + "in": "query", + "name": "modelPath", + "schema": { + "description": "ModelPath is used to filter by the API model path.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + } + ], + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/-_shared.AppFirewallAudit" + } + } + }, + "description": "" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Audits" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorWAAS" + }, + "operationId": "get-audits-firewall-app-agentless", + "summary": "Get WAAS Agentless Audit Events" + } + }, + "/api/v33.03/audits/firewall/app/agentless/download": { + "get": { + "description": { + "$ref": "desc/audits/waas_agentless_download_get.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Limit is the amount to fix.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Sorts the result using a key.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": "From is an optional minimum time constraints for the audit.\n", + "in": "query", + "name": "from", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "To is an optional maximum time constraints for the audit.\n", + "in": "query", + "name": "to", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "Images is the image names filter.\n", + "in": "query", + "name": "imageName", + "schema": { + "description": "Images is the image names filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Containers is the container names filter.\n", + "in": "query", + "name": "containerName", + "schema": { + "description": "Containers is the container names filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Hosts is the hostnames filter.\n", + "in": "query", + "name": "hostname", + "schema": { + "description": "Hosts is the hostnames filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "RuleNames is the rule names filter.\n", + "in": "query", + "name": "ruleName", + "schema": { + "description": "RuleNames is the rule names filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Types is the firewall audit type filter.\n", + "in": "query", + "name": "type", + "schema": { + "description": "Types is the firewall audit type filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Effect is used to filter by runtime audit effect.\n", + "in": "query", + "name": "effect", + "schema": { + "type": "string" + } + }, + { + "description": "RuleAppIDs is the rule app IDs filter.\n", + "in": "query", + "name": "ruleAppID", + "schema": { + "description": "RuleAppIDs is the rule app IDs filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "FunctionName is used to filter by function name.\n", + "in": "query", + "name": "function", + "schema": { + "description": "FunctionName is used to filter by function name.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Runtime is used to filter by runtime.\n", + "in": "query", + "name": "runtime", + "schema": { + "description": "Runtime is used to filter by runtime.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Namespaces is the list of namespaces to use for filtering.\n", + "in": "query", + "name": "ns", + "schema": { + "description": "Namespaces is the list of namespaces to use for filtering.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "AppIDs is the app embedded appID filter.\n", + "in": "query", + "name": "appID", + "schema": { + "description": "AppIDs is the app embedded appID filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Subnets is the source IPs filter.\n", + "in": "query", + "name": "subnet", + "schema": { + "description": "Subnets is the source IPs filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "ConnectingIPs is the connecting IPs filter.\n", + "in": "query", + "name": "connectingIPs", + "schema": { + "description": "ConnectingIPs is the connecting IPs filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Countries is the source IP country filter.\n", + "in": "query", + "name": "country", + "schema": { + "description": "Countries is the source IP country filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "UserAgents is the user agent header filter.\n", + "in": "query", + "name": "userAgentHeader", + "schema": { + "description": "UserAgents is the user agent header filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "URLs is the URL filter.\n", + "in": "query", + "name": "url", + "schema": { + "description": "URLs is the URL filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "RequestHosts is the request host filter.\n", + "in": "query", + "name": "requestHost", + "schema": { + "description": "RequestHosts is the request host filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Paths is the URL path filter.\n", + "in": "query", + "name": "urlPath", + "schema": { + "description": "Paths is the URL path filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Queries is the URL query filter.\n", + "in": "query", + "name": "urlQuery", + "schema": { + "description": "Queries is the URL query filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Methods is the request method filter.\n", + "in": "query", + "name": "method", + "schema": { + "description": "Methods is the request method filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "RequestHeaderNames is the request header names filter.\n", + "in": "query", + "name": "requestHeaderNames", + "schema": { + "description": "RequestHeaderNames is the request header names filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "OS is the OS filter.\n", + "in": "query", + "name": "os", + "schema": { + "description": "OS is the OS filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Messages is the audit message text filter.\n", + "in": "query", + "name": "msg", + "schema": { + "description": "Messages is the audit message text filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Cluster is the audit cluster filter.\n", + "in": "query", + "name": "cluster", + "schema": { + "description": "Cluster is the audit cluster filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "AttackTechniques are the MITRE attack techniques.\n", + "in": "query", + "name": "attackTechniques", + "schema": { + "description": "AttackTechniques are the MITRE attack techniques.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Aggregate indicates whether the result audits should be aggregated according to the Select field.\n", + "in": "query", + "name": "aggregate", + "schema": { + "type": "boolean" + } + }, + { + "description": "Protections is the firewall audit protection type filter.\n", + "in": "query", + "name": "protection", + "schema": { + "description": "Protections is the firewall audit protection type filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "EventID is the event IDs filter.\n", + "in": "query", + "name": "eventID", + "schema": { + "description": "EventID is the event IDs filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "OWASPTop10 is the OWASP top 10 filter.\n", + "in": "query", + "name": "owaspTop10", + "schema": { + "description": "OWASPTop10 is the OWASP top 10 filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "OWASPAPITop10 is the OWASP API top 10 filter.\n", + "in": "query", + "name": "owaspAPITop10", + "schema": { + "description": "OWASPAPITop10 is the OWASP API top 10 filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "AdditionalHash is used to filter by the additional hash value.\n", + "in": "query", + "name": "additionalHash", + "schema": { + "description": "AdditionalHash is used to filter by the additional hash value.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "ModelPath is used to filter by the API model path.\n", + "in": "query", + "name": "modelPath", + "schema": { + "description": "ModelPath is used to filter by the API model path.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + } + ], + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Audits" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorWAAS" + }, + "operationId": "get-audits-firewall-app-agentless-download", + "summary": "Download WAAS Agentless Audit Events" + } + }, + "/api/v33.03/audits/firewall/app/agentless/timeslice": { + "get": { + "description": { + "$ref": "desc/audits/waas_agentless_timeslice_get.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Limit is the amount to fix.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Sorts the result using a key.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": "From is an optional minimum time constraints for the audit.\n", + "in": "query", + "name": "from", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "To is an optional maximum time constraints for the audit.\n", + "in": "query", + "name": "to", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "Images is the image names filter.\n", + "in": "query", + "name": "imageName", + "schema": { + "description": "Images is the image names filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Containers is the container names filter.\n", + "in": "query", + "name": "containerName", + "schema": { + "description": "Containers is the container names filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Hosts is the hostnames filter.\n", + "in": "query", + "name": "hostname", + "schema": { + "description": "Hosts is the hostnames filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "RuleNames is the rule names filter.\n", + "in": "query", + "name": "ruleName", + "schema": { + "description": "RuleNames is the rule names filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Types is the firewall audit type filter.\n", + "in": "query", + "name": "type", + "schema": { + "description": "Types is the firewall audit type filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Effect is used to filter by runtime audit effect.\n", + "in": "query", + "name": "effect", + "schema": { + "type": "string" + } + }, + { + "description": "RuleAppIDs is the rule app IDs filter.\n", + "in": "query", + "name": "ruleAppID", + "schema": { + "description": "RuleAppIDs is the rule app IDs filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "FunctionName is used to filter by function name.\n", + "in": "query", + "name": "function", + "schema": { + "description": "FunctionName is used to filter by function name.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Runtime is used to filter by runtime.\n", + "in": "query", + "name": "runtime", + "schema": { + "description": "Runtime is used to filter by runtime.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Namespaces is the list of namespaces to use for filtering.\n", + "in": "query", + "name": "ns", + "schema": { + "description": "Namespaces is the list of namespaces to use for filtering.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "AppIDs is the app embedded appID filter.\n", + "in": "query", + "name": "appID", + "schema": { + "description": "AppIDs is the app embedded appID filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Subnets is the source IPs filter.\n", + "in": "query", + "name": "subnet", + "schema": { + "description": "Subnets is the source IPs filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "ConnectingIPs is the connecting IPs filter.\n", + "in": "query", + "name": "connectingIPs", + "schema": { + "description": "ConnectingIPs is the connecting IPs filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Countries is the source IP country filter.\n", + "in": "query", + "name": "country", + "schema": { + "description": "Countries is the source IP country filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "UserAgents is the user agent header filter.\n", + "in": "query", + "name": "userAgentHeader", + "schema": { + "description": "UserAgents is the user agent header filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "URLs is the URL filter.\n", + "in": "query", + "name": "url", + "schema": { + "description": "URLs is the URL filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "RequestHosts is the request host filter.\n", + "in": "query", + "name": "requestHost", + "schema": { + "description": "RequestHosts is the request host filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Paths is the URL path filter.\n", + "in": "query", + "name": "urlPath", + "schema": { + "description": "Paths is the URL path filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Queries is the URL query filter.\n", + "in": "query", + "name": "urlQuery", + "schema": { + "description": "Queries is the URL query filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Methods is the request method filter.\n", + "in": "query", + "name": "method", + "schema": { + "description": "Methods is the request method filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "RequestHeaderNames is the request header names filter.\n", + "in": "query", + "name": "requestHeaderNames", + "schema": { + "description": "RequestHeaderNames is the request header names filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "OS is the OS filter.\n", + "in": "query", + "name": "os", + "schema": { + "description": "OS is the OS filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Messages is the audit message text filter.\n", + "in": "query", + "name": "msg", + "schema": { + "description": "Messages is the audit message text filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Cluster is the audit cluster filter.\n", + "in": "query", + "name": "cluster", + "schema": { + "description": "Cluster is the audit cluster filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "AttackTechniques are the MITRE attack techniques.\n", + "in": "query", + "name": "attackTechniques", + "schema": { + "description": "AttackTechniques are the MITRE attack techniques.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Aggregate indicates whether the result audits should be aggregated according to the Select field.\n", + "in": "query", + "name": "aggregate", + "schema": { + "type": "boolean" + } + }, + { + "description": "Protections is the firewall audit protection type filter.\n", + "in": "query", + "name": "protection", + "schema": { + "description": "Protections is the firewall audit protection type filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "EventID is the event IDs filter.\n", + "in": "query", + "name": "eventID", + "schema": { + "description": "EventID is the event IDs filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "OWASPTop10 is the OWASP top 10 filter.\n", + "in": "query", + "name": "owaspTop10", + "schema": { + "description": "OWASPTop10 is the OWASP top 10 filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "OWASPAPITop10 is the OWASP API top 10 filter.\n", + "in": "query", + "name": "owaspAPITop10", + "schema": { + "description": "OWASPAPITop10 is the OWASP API top 10 filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "AdditionalHash is used to filter by the additional hash value.\n", + "in": "query", + "name": "additionalHash", + "schema": { + "description": "AdditionalHash is used to filter by the additional hash value.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "ModelPath is used to filter by the API model path.\n", + "in": "query", + "name": "modelPath", + "schema": { + "description": "ModelPath is used to filter by the API model path.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Buckets is the number of buckets to return.\n", + "in": "query", + "name": "buckets", + "schema": { + "type": "integer" + } + } + ], + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/-_types.AuditTimeslice" + } + } + }, + "description": "" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Audits" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorWAAS" + }, + "operationId": "get-audits-firewall-app-agentless-timeslice", + "summary": "Get WAAS Agentless Audit Events for a Timeframe" + } + }, + "/api/v33.03/audits/firewall/app/app-embedded": { + "get": { + "description": { + "$ref": "desc/audits/waas_app_embedded_get.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Limit is the amount to fix.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Sorts the result using a key.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": "From is an optional minimum time constraints for the audit.\n", + "in": "query", + "name": "from", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "To is an optional maximum time constraints for the audit.\n", + "in": "query", + "name": "to", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "Images is the image names filter.\n", + "in": "query", + "name": "imageName", + "schema": { + "description": "Images is the image names filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Containers is the container names filter.\n", + "in": "query", + "name": "containerName", + "schema": { + "description": "Containers is the container names filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Hosts is the hostnames filter.\n", + "in": "query", + "name": "hostname", + "schema": { + "description": "Hosts is the hostnames filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "RuleNames is the rule names filter.\n", + "in": "query", + "name": "ruleName", + "schema": { + "description": "RuleNames is the rule names filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Types is the firewall audit type filter.\n", + "in": "query", + "name": "type", + "schema": { + "description": "Types is the firewall audit type filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Effect is used to filter by runtime audit effect.\n", + "in": "query", + "name": "effect", + "schema": { + "type": "string" + } + }, + { + "description": "RuleAppIDs is the rule app IDs filter.\n", + "in": "query", + "name": "ruleAppID", + "schema": { + "description": "RuleAppIDs is the rule app IDs filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "FunctionName is used to filter by function name.\n", + "in": "query", + "name": "function", + "schema": { + "description": "FunctionName is used to filter by function name.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Runtime is used to filter by runtime.\n", + "in": "query", + "name": "runtime", + "schema": { + "description": "Runtime is used to filter by runtime.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Namespaces is the list of namespaces to use for filtering.\n", + "in": "query", + "name": "ns", + "schema": { + "description": "Namespaces is the list of namespaces to use for filtering.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "AppIDs is the app embedded appID filter.\n", + "in": "query", + "name": "appID", + "schema": { + "description": "AppIDs is the app embedded appID filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Subnets is the source IPs filter.\n", + "in": "query", + "name": "subnet", + "schema": { + "description": "Subnets is the source IPs filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "ConnectingIPs is the connecting IPs filter.\n", + "in": "query", + "name": "connectingIPs", + "schema": { + "description": "ConnectingIPs is the connecting IPs filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Countries is the source IP country filter.\n", + "in": "query", + "name": "country", + "schema": { + "description": "Countries is the source IP country filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "UserAgents is the user agent header filter.\n", + "in": "query", + "name": "userAgentHeader", + "schema": { + "description": "UserAgents is the user agent header filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "URLs is the URL filter.\n", + "in": "query", + "name": "url", + "schema": { + "description": "URLs is the URL filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "RequestHosts is the request host filter.\n", + "in": "query", + "name": "requestHost", + "schema": { + "description": "RequestHosts is the request host filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Paths is the URL path filter.\n", + "in": "query", + "name": "urlPath", + "schema": { + "description": "Paths is the URL path filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Queries is the URL query filter.\n", + "in": "query", + "name": "urlQuery", + "schema": { + "description": "Queries is the URL query filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Methods is the request method filter.\n", + "in": "query", + "name": "method", + "schema": { + "description": "Methods is the request method filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "RequestHeaderNames is the request header names filter.\n", + "in": "query", + "name": "requestHeaderNames", + "schema": { + "description": "RequestHeaderNames is the request header names filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "OS is the OS filter.\n", + "in": "query", + "name": "os", + "schema": { + "description": "OS is the OS filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Messages is the audit message text filter.\n", + "in": "query", + "name": "msg", + "schema": { + "description": "Messages is the audit message text filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Cluster is the audit cluster filter.\n", + "in": "query", + "name": "cluster", + "schema": { + "description": "Cluster is the audit cluster filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "AttackTechniques are the MITRE attack techniques.\n", + "in": "query", + "name": "attackTechniques", + "schema": { + "description": "AttackTechniques are the MITRE attack techniques.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Aggregate indicates whether the result audits should be aggregated according to the Select field.\n", + "in": "query", + "name": "aggregate", + "schema": { + "type": "boolean" + } + }, + { + "description": "Protections is the firewall audit protection type filter.\n", + "in": "query", + "name": "protection", + "schema": { + "description": "Protections is the firewall audit protection type filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "EventID is the event IDs filter.\n", + "in": "query", + "name": "eventID", + "schema": { + "description": "EventID is the event IDs filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "OWASPTop10 is the OWASP top 10 filter.\n", + "in": "query", + "name": "owaspTop10", + "schema": { + "description": "OWASPTop10 is the OWASP top 10 filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "OWASPAPITop10 is the OWASP API top 10 filter.\n", + "in": "query", + "name": "owaspAPITop10", + "schema": { + "description": "OWASPAPITop10 is the OWASP API top 10 filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "AdditionalHash is used to filter by the additional hash value.\n", + "in": "query", + "name": "additionalHash", + "schema": { + "description": "AdditionalHash is used to filter by the additional hash value.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "ModelPath is used to filter by the API model path.\n", + "in": "query", + "name": "modelPath", + "schema": { + "description": "ModelPath is used to filter by the API model path.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + } + ], + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/-_shared.AppFirewallAudit" + } + } + }, + "description": "" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Audits" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorWAAS" + }, + "operationId": "get-audits-firewall-app-app-embedded", + "summary": "Get WAAS App-embedded Audit Events" + } + }, + "/api/v33.03/audits/firewall/app/app-embedded/download": { + "get": { + "description": { + "$ref": "desc/audits/waas_app_embedded_download_get.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Limit is the amount to fix.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Sorts the result using a key.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": "From is an optional minimum time constraints for the audit.\n", + "in": "query", + "name": "from", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "To is an optional maximum time constraints for the audit.\n", + "in": "query", + "name": "to", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "Images is the image names filter.\n", + "in": "query", + "name": "imageName", + "schema": { + "description": "Images is the image names filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Containers is the container names filter.\n", + "in": "query", + "name": "containerName", + "schema": { + "description": "Containers is the container names filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Hosts is the hostnames filter.\n", + "in": "query", + "name": "hostname", + "schema": { + "description": "Hosts is the hostnames filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "RuleNames is the rule names filter.\n", + "in": "query", + "name": "ruleName", + "schema": { + "description": "RuleNames is the rule names filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Types is the firewall audit type filter.\n", + "in": "query", + "name": "type", + "schema": { + "description": "Types is the firewall audit type filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Effect is used to filter by runtime audit effect.\n", + "in": "query", + "name": "effect", + "schema": { + "type": "string" + } + }, + { + "description": "RuleAppIDs is the rule app IDs filter.\n", + "in": "query", + "name": "ruleAppID", + "schema": { + "description": "RuleAppIDs is the rule app IDs filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "FunctionName is used to filter by function name.\n", + "in": "query", + "name": "function", + "schema": { + "description": "FunctionName is used to filter by function name.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Runtime is used to filter by runtime.\n", + "in": "query", + "name": "runtime", + "schema": { + "description": "Runtime is used to filter by runtime.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Namespaces is the list of namespaces to use for filtering.\n", + "in": "query", + "name": "ns", + "schema": { + "description": "Namespaces is the list of namespaces to use for filtering.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "AppIDs is the app embedded appID filter.\n", + "in": "query", + "name": "appID", + "schema": { + "description": "AppIDs is the app embedded appID filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Subnets is the source IPs filter.\n", + "in": "query", + "name": "subnet", + "schema": { + "description": "Subnets is the source IPs filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "ConnectingIPs is the connecting IPs filter.\n", + "in": "query", + "name": "connectingIPs", + "schema": { + "description": "ConnectingIPs is the connecting IPs filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Countries is the source IP country filter.\n", + "in": "query", + "name": "country", + "schema": { + "description": "Countries is the source IP country filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "UserAgents is the user agent header filter.\n", + "in": "query", + "name": "userAgentHeader", + "schema": { + "description": "UserAgents is the user agent header filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "URLs is the URL filter.\n", + "in": "query", + "name": "url", + "schema": { + "description": "URLs is the URL filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "RequestHosts is the request host filter.\n", + "in": "query", + "name": "requestHost", + "schema": { + "description": "RequestHosts is the request host filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Paths is the URL path filter.\n", + "in": "query", + "name": "urlPath", + "schema": { + "description": "Paths is the URL path filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Queries is the URL query filter.\n", + "in": "query", + "name": "urlQuery", + "schema": { + "description": "Queries is the URL query filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Methods is the request method filter.\n", + "in": "query", + "name": "method", + "schema": { + "description": "Methods is the request method filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "RequestHeaderNames is the request header names filter.\n", + "in": "query", + "name": "requestHeaderNames", + "schema": { + "description": "RequestHeaderNames is the request header names filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "OS is the OS filter.\n", + "in": "query", + "name": "os", + "schema": { + "description": "OS is the OS filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Messages is the audit message text filter.\n", + "in": "query", + "name": "msg", + "schema": { + "description": "Messages is the audit message text filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Cluster is the audit cluster filter.\n", + "in": "query", + "name": "cluster", + "schema": { + "description": "Cluster is the audit cluster filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "AttackTechniques are the MITRE attack techniques.\n", + "in": "query", + "name": "attackTechniques", + "schema": { + "description": "AttackTechniques are the MITRE attack techniques.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Aggregate indicates whether the result audits should be aggregated according to the Select field.\n", + "in": "query", + "name": "aggregate", + "schema": { + "type": "boolean" + } + }, + { + "description": "Protections is the firewall audit protection type filter.\n", + "in": "query", + "name": "protection", + "schema": { + "description": "Protections is the firewall audit protection type filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "EventID is the event IDs filter.\n", + "in": "query", + "name": "eventID", + "schema": { + "description": "EventID is the event IDs filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "OWASPTop10 is the OWASP top 10 filter.\n", + "in": "query", + "name": "owaspTop10", + "schema": { + "description": "OWASPTop10 is the OWASP top 10 filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "OWASPAPITop10 is the OWASP API top 10 filter.\n", + "in": "query", + "name": "owaspAPITop10", + "schema": { + "description": "OWASPAPITop10 is the OWASP API top 10 filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "AdditionalHash is used to filter by the additional hash value.\n", + "in": "query", + "name": "additionalHash", + "schema": { + "description": "AdditionalHash is used to filter by the additional hash value.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "ModelPath is used to filter by the API model path.\n", + "in": "query", + "name": "modelPath", + "schema": { + "description": "ModelPath is used to filter by the API model path.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + } + ], + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Audits" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorWAAS" + }, + "operationId": "get-audits-firewall-app-app-embedded-download", + "summary": "Download WAAS App-embedded Audit Events" + } + }, + "/api/v33.03/audits/firewall/app/app-embedded/timeslice": { + "get": { + "description": { + "$ref": "desc/audits/waas_app_embedded_timeslice_get.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Limit is the amount to fix.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Sorts the result using a key.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": "From is an optional minimum time constraints for the audit.\n", + "in": "query", + "name": "from", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "To is an optional maximum time constraints for the audit.\n", + "in": "query", + "name": "to", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "Images is the image names filter.\n", + "in": "query", + "name": "imageName", + "schema": { + "description": "Images is the image names filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Containers is the container names filter.\n", + "in": "query", + "name": "containerName", + "schema": { + "description": "Containers is the container names filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Hosts is the hostnames filter.\n", + "in": "query", + "name": "hostname", + "schema": { + "description": "Hosts is the hostnames filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "RuleNames is the rule names filter.\n", + "in": "query", + "name": "ruleName", + "schema": { + "description": "RuleNames is the rule names filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Types is the firewall audit type filter.\n", + "in": "query", + "name": "type", + "schema": { + "description": "Types is the firewall audit type filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Effect is used to filter by runtime audit effect.\n", + "in": "query", + "name": "effect", + "schema": { + "type": "string" + } + }, + { + "description": "RuleAppIDs is the rule app IDs filter.\n", + "in": "query", + "name": "ruleAppID", + "schema": { + "description": "RuleAppIDs is the rule app IDs filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "FunctionName is used to filter by function name.\n", + "in": "query", + "name": "function", + "schema": { + "description": "FunctionName is used to filter by function name.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Runtime is used to filter by runtime.\n", + "in": "query", + "name": "runtime", + "schema": { + "description": "Runtime is used to filter by runtime.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Namespaces is the list of namespaces to use for filtering.\n", + "in": "query", + "name": "ns", + "schema": { + "description": "Namespaces is the list of namespaces to use for filtering.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "AppIDs is the app embedded appID filter.\n", + "in": "query", + "name": "appID", + "schema": { + "description": "AppIDs is the app embedded appID filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Subnets is the source IPs filter.\n", + "in": "query", + "name": "subnet", + "schema": { + "description": "Subnets is the source IPs filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "ConnectingIPs is the connecting IPs filter.\n", + "in": "query", + "name": "connectingIPs", + "schema": { + "description": "ConnectingIPs is the connecting IPs filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Countries is the source IP country filter.\n", + "in": "query", + "name": "country", + "schema": { + "description": "Countries is the source IP country filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "UserAgents is the user agent header filter.\n", + "in": "query", + "name": "userAgentHeader", + "schema": { + "description": "UserAgents is the user agent header filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "URLs is the URL filter.\n", + "in": "query", + "name": "url", + "schema": { + "description": "URLs is the URL filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "RequestHosts is the request host filter.\n", + "in": "query", + "name": "requestHost", + "schema": { + "description": "RequestHosts is the request host filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Paths is the URL path filter.\n", + "in": "query", + "name": "urlPath", + "schema": { + "description": "Paths is the URL path filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Queries is the URL query filter.\n", + "in": "query", + "name": "urlQuery", + "schema": { + "description": "Queries is the URL query filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Methods is the request method filter.\n", + "in": "query", + "name": "method", + "schema": { + "description": "Methods is the request method filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "RequestHeaderNames is the request header names filter.\n", + "in": "query", + "name": "requestHeaderNames", + "schema": { + "description": "RequestHeaderNames is the request header names filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "OS is the OS filter.\n", + "in": "query", + "name": "os", + "schema": { + "description": "OS is the OS filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Messages is the audit message text filter.\n", + "in": "query", + "name": "msg", + "schema": { + "description": "Messages is the audit message text filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Cluster is the audit cluster filter.\n", + "in": "query", + "name": "cluster", + "schema": { + "description": "Cluster is the audit cluster filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "AttackTechniques are the MITRE attack techniques.\n", + "in": "query", + "name": "attackTechniques", + "schema": { + "description": "AttackTechniques are the MITRE attack techniques.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Aggregate indicates whether the result audits should be aggregated according to the Select field.\n", + "in": "query", + "name": "aggregate", + "schema": { + "type": "boolean" + } + }, + { + "description": "Protections is the firewall audit protection type filter.\n", + "in": "query", + "name": "protection", + "schema": { + "description": "Protections is the firewall audit protection type filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "EventID is the event IDs filter.\n", + "in": "query", + "name": "eventID", + "schema": { + "description": "EventID is the event IDs filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "OWASPTop10 is the OWASP top 10 filter.\n", + "in": "query", + "name": "owaspTop10", + "schema": { + "description": "OWASPTop10 is the OWASP top 10 filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "OWASPAPITop10 is the OWASP API top 10 filter.\n", + "in": "query", + "name": "owaspAPITop10", + "schema": { + "description": "OWASPAPITop10 is the OWASP API top 10 filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "AdditionalHash is used to filter by the additional hash value.\n", + "in": "query", + "name": "additionalHash", + "schema": { + "description": "AdditionalHash is used to filter by the additional hash value.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "ModelPath is used to filter by the API model path.\n", + "in": "query", + "name": "modelPath", + "schema": { + "description": "ModelPath is used to filter by the API model path.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Buckets is the number of buckets to return.\n", + "in": "query", + "name": "buckets", + "schema": { + "type": "integer" + } + } + ], + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/-_types.AuditTimeslice" + } + } + }, + "description": "" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Audits" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorWAAS" + }, + "operationId": "get-audits-firewall-app-app-embedded-timeslice", + "summary": "Get WAAS App-embedded Audit Events for a Timeframe" + } + }, + "/api/v33.03/audits/firewall/app/container": { + "get": { + "description": { + "$ref": "desc/audits/waas_container_get.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Limit is the amount to fix.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Sorts the result using a key.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": "From is an optional minimum time constraints for the audit.\n", + "in": "query", + "name": "from", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "To is an optional maximum time constraints for the audit.\n", + "in": "query", + "name": "to", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "Images is the image names filter.\n", + "in": "query", + "name": "imageName", + "schema": { + "description": "Images is the image names filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Containers is the container names filter.\n", + "in": "query", + "name": "containerName", + "schema": { + "description": "Containers is the container names filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Hosts is the hostnames filter.\n", + "in": "query", + "name": "hostname", + "schema": { + "description": "Hosts is the hostnames filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "RuleNames is the rule names filter.\n", + "in": "query", + "name": "ruleName", + "schema": { + "description": "RuleNames is the rule names filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Types is the firewall audit type filter.\n", + "in": "query", + "name": "type", + "schema": { + "description": "Types is the firewall audit type filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Effect is used to filter by runtime audit effect.\n", + "in": "query", + "name": "effect", + "schema": { + "type": "string" + } + }, + { + "description": "RuleAppIDs is the rule app IDs filter.\n", + "in": "query", + "name": "ruleAppID", + "schema": { + "description": "RuleAppIDs is the rule app IDs filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "FunctionName is used to filter by function name.\n", + "in": "query", + "name": "function", + "schema": { + "description": "FunctionName is used to filter by function name.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Runtime is used to filter by runtime.\n", + "in": "query", + "name": "runtime", + "schema": { + "description": "Runtime is used to filter by runtime.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Namespaces is the list of namespaces to use for filtering.\n", + "in": "query", + "name": "ns", + "schema": { + "description": "Namespaces is the list of namespaces to use for filtering.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "AppIDs is the app embedded appID filter.\n", + "in": "query", + "name": "appID", + "schema": { + "description": "AppIDs is the app embedded appID filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Subnets is the source IPs filter.\n", + "in": "query", + "name": "subnet", + "schema": { + "description": "Subnets is the source IPs filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "ConnectingIPs is the connecting IPs filter.\n", + "in": "query", + "name": "connectingIPs", + "schema": { + "description": "ConnectingIPs is the connecting IPs filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Countries is the source IP country filter.\n", + "in": "query", + "name": "country", + "schema": { + "description": "Countries is the source IP country filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "UserAgents is the user agent header filter.\n", + "in": "query", + "name": "userAgentHeader", + "schema": { + "description": "UserAgents is the user agent header filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "URLs is the URL filter.\n", + "in": "query", + "name": "url", + "schema": { + "description": "URLs is the URL filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "RequestHosts is the request host filter.\n", + "in": "query", + "name": "requestHost", + "schema": { + "description": "RequestHosts is the request host filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Paths is the URL path filter.\n", + "in": "query", + "name": "urlPath", + "schema": { + "description": "Paths is the URL path filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Queries is the URL query filter.\n", + "in": "query", + "name": "urlQuery", + "schema": { + "description": "Queries is the URL query filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Methods is the request method filter.\n", + "in": "query", + "name": "method", + "schema": { + "description": "Methods is the request method filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "RequestHeaderNames is the request header names filter.\n", + "in": "query", + "name": "requestHeaderNames", + "schema": { + "description": "RequestHeaderNames is the request header names filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "OS is the OS filter.\n", + "in": "query", + "name": "os", + "schema": { + "description": "OS is the OS filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Messages is the audit message text filter.\n", + "in": "query", + "name": "msg", + "schema": { + "description": "Messages is the audit message text filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Cluster is the audit cluster filter.\n", + "in": "query", + "name": "cluster", + "schema": { + "description": "Cluster is the audit cluster filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "AttackTechniques are the MITRE attack techniques.\n", + "in": "query", + "name": "attackTechniques", + "schema": { + "description": "AttackTechniques are the MITRE attack techniques.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Aggregate indicates whether the result audits should be aggregated according to the Select field.\n", + "in": "query", + "name": "aggregate", + "schema": { + "type": "boolean" + } + }, + { + "description": "Protections is the firewall audit protection type filter.\n", + "in": "query", + "name": "protection", + "schema": { + "description": "Protections is the firewall audit protection type filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "EventID is the event IDs filter.\n", + "in": "query", + "name": "eventID", + "schema": { + "description": "EventID is the event IDs filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "OWASPTop10 is the OWASP top 10 filter.\n", + "in": "query", + "name": "owaspTop10", + "schema": { + "description": "OWASPTop10 is the OWASP top 10 filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "OWASPAPITop10 is the OWASP API top 10 filter.\n", + "in": "query", + "name": "owaspAPITop10", + "schema": { + "description": "OWASPAPITop10 is the OWASP API top 10 filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "AdditionalHash is used to filter by the additional hash value.\n", + "in": "query", + "name": "additionalHash", + "schema": { + "description": "AdditionalHash is used to filter by the additional hash value.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "ModelPath is used to filter by the API model path.\n", + "in": "query", + "name": "modelPath", + "schema": { + "description": "ModelPath is used to filter by the API model path.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + } + ], + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/-_shared.AppFirewallAudit" + } + } + }, + "description": "" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Audits" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorWAAS" + }, + "operationId": "get-audits-firewall-app-container", + "summary": "Get WAAS Container Audit Events" + } + }, + "/api/v33.03/audits/firewall/app/container/download": { + "get": { + "description": { + "$ref": "desc/audits/waas_container_download_get.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Limit is the amount to fix.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Sorts the result using a key.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": "From is an optional minimum time constraints for the audit.\n", + "in": "query", + "name": "from", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "To is an optional maximum time constraints for the audit.\n", + "in": "query", + "name": "to", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "Images is the image names filter.\n", + "in": "query", + "name": "imageName", + "schema": { + "description": "Images is the image names filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Containers is the container names filter.\n", + "in": "query", + "name": "containerName", + "schema": { + "description": "Containers is the container names filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Hosts is the hostnames filter.\n", + "in": "query", + "name": "hostname", + "schema": { + "description": "Hosts is the hostnames filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "RuleNames is the rule names filter.\n", + "in": "query", + "name": "ruleName", + "schema": { + "description": "RuleNames is the rule names filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Types is the firewall audit type filter.\n", + "in": "query", + "name": "type", + "schema": { + "description": "Types is the firewall audit type filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Effect is used to filter by runtime audit effect.\n", + "in": "query", + "name": "effect", + "schema": { + "type": "string" + } + }, + { + "description": "RuleAppIDs is the rule app IDs filter.\n", + "in": "query", + "name": "ruleAppID", + "schema": { + "description": "RuleAppIDs is the rule app IDs filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "FunctionName is used to filter by function name.\n", + "in": "query", + "name": "function", + "schema": { + "description": "FunctionName is used to filter by function name.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Runtime is used to filter by runtime.\n", + "in": "query", + "name": "runtime", + "schema": { + "description": "Runtime is used to filter by runtime.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Namespaces is the list of namespaces to use for filtering.\n", + "in": "query", + "name": "ns", + "schema": { + "description": "Namespaces is the list of namespaces to use for filtering.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "AppIDs is the app embedded appID filter.\n", + "in": "query", + "name": "appID", + "schema": { + "description": "AppIDs is the app embedded appID filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Subnets is the source IPs filter.\n", + "in": "query", + "name": "subnet", + "schema": { + "description": "Subnets is the source IPs filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "ConnectingIPs is the connecting IPs filter.\n", + "in": "query", + "name": "connectingIPs", + "schema": { + "description": "ConnectingIPs is the connecting IPs filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Countries is the source IP country filter.\n", + "in": "query", + "name": "country", + "schema": { + "description": "Countries is the source IP country filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "UserAgents is the user agent header filter.\n", + "in": "query", + "name": "userAgentHeader", + "schema": { + "description": "UserAgents is the user agent header filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "URLs is the URL filter.\n", + "in": "query", + "name": "url", + "schema": { + "description": "URLs is the URL filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "RequestHosts is the request host filter.\n", + "in": "query", + "name": "requestHost", + "schema": { + "description": "RequestHosts is the request host filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Paths is the URL path filter.\n", + "in": "query", + "name": "urlPath", + "schema": { + "description": "Paths is the URL path filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Queries is the URL query filter.\n", + "in": "query", + "name": "urlQuery", + "schema": { + "description": "Queries is the URL query filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Methods is the request method filter.\n", + "in": "query", + "name": "method", + "schema": { + "description": "Methods is the request method filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "RequestHeaderNames is the request header names filter.\n", + "in": "query", + "name": "requestHeaderNames", + "schema": { + "description": "RequestHeaderNames is the request header names filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "OS is the OS filter.\n", + "in": "query", + "name": "os", + "schema": { + "description": "OS is the OS filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Messages is the audit message text filter.\n", + "in": "query", + "name": "msg", + "schema": { + "description": "Messages is the audit message text filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Cluster is the audit cluster filter.\n", + "in": "query", + "name": "cluster", + "schema": { + "description": "Cluster is the audit cluster filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "AttackTechniques are the MITRE attack techniques.\n", + "in": "query", + "name": "attackTechniques", + "schema": { + "description": "AttackTechniques are the MITRE attack techniques.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Aggregate indicates whether the result audits should be aggregated according to the Select field.\n", + "in": "query", + "name": "aggregate", + "schema": { + "type": "boolean" + } + }, + { + "description": "Protections is the firewall audit protection type filter.\n", + "in": "query", + "name": "protection", + "schema": { + "description": "Protections is the firewall audit protection type filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "EventID is the event IDs filter.\n", + "in": "query", + "name": "eventID", + "schema": { + "description": "EventID is the event IDs filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "OWASPTop10 is the OWASP top 10 filter.\n", + "in": "query", + "name": "owaspTop10", + "schema": { + "description": "OWASPTop10 is the OWASP top 10 filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "OWASPAPITop10 is the OWASP API top 10 filter.\n", + "in": "query", + "name": "owaspAPITop10", + "schema": { + "description": "OWASPAPITop10 is the OWASP API top 10 filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "AdditionalHash is used to filter by the additional hash value.\n", + "in": "query", + "name": "additionalHash", + "schema": { + "description": "AdditionalHash is used to filter by the additional hash value.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "ModelPath is used to filter by the API model path.\n", + "in": "query", + "name": "modelPath", + "schema": { + "description": "ModelPath is used to filter by the API model path.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + } + ], + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Audits" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorWAAS" + }, + "operationId": "get-audits-firewall-app-container-download", + "summary": "Download WAAS Container Audit Events" + } + }, + "/api/v33.03/audits/firewall/app/container/timeslice": { + "get": { + "description": { + "$ref": "desc/audits/waas_container_timeslice_get.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Limit is the amount to fix.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Sorts the result using a key.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": "From is an optional minimum time constraints for the audit.\n", + "in": "query", + "name": "from", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "To is an optional maximum time constraints for the audit.\n", + "in": "query", + "name": "to", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "Images is the image names filter.\n", + "in": "query", + "name": "imageName", + "schema": { + "description": "Images is the image names filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Containers is the container names filter.\n", + "in": "query", + "name": "containerName", + "schema": { + "description": "Containers is the container names filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Hosts is the hostnames filter.\n", + "in": "query", + "name": "hostname", + "schema": { + "description": "Hosts is the hostnames filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "RuleNames is the rule names filter.\n", + "in": "query", + "name": "ruleName", + "schema": { + "description": "RuleNames is the rule names filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Types is the firewall audit type filter.\n", + "in": "query", + "name": "type", + "schema": { + "description": "Types is the firewall audit type filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Effect is used to filter by runtime audit effect.\n", + "in": "query", + "name": "effect", + "schema": { + "type": "string" + } + }, + { + "description": "RuleAppIDs is the rule app IDs filter.\n", + "in": "query", + "name": "ruleAppID", + "schema": { + "description": "RuleAppIDs is the rule app IDs filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "FunctionName is used to filter by function name.\n", + "in": "query", + "name": "function", + "schema": { + "description": "FunctionName is used to filter by function name.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Runtime is used to filter by runtime.\n", + "in": "query", + "name": "runtime", + "schema": { + "description": "Runtime is used to filter by runtime.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Namespaces is the list of namespaces to use for filtering.\n", + "in": "query", + "name": "ns", + "schema": { + "description": "Namespaces is the list of namespaces to use for filtering.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "AppIDs is the app embedded appID filter.\n", + "in": "query", + "name": "appID", + "schema": { + "description": "AppIDs is the app embedded appID filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Subnets is the source IPs filter.\n", + "in": "query", + "name": "subnet", + "schema": { + "description": "Subnets is the source IPs filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "ConnectingIPs is the connecting IPs filter.\n", + "in": "query", + "name": "connectingIPs", + "schema": { + "description": "ConnectingIPs is the connecting IPs filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Countries is the source IP country filter.\n", + "in": "query", + "name": "country", + "schema": { + "description": "Countries is the source IP country filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "UserAgents is the user agent header filter.\n", + "in": "query", + "name": "userAgentHeader", + "schema": { + "description": "UserAgents is the user agent header filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "URLs is the URL filter.\n", + "in": "query", + "name": "url", + "schema": { + "description": "URLs is the URL filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "RequestHosts is the request host filter.\n", + "in": "query", + "name": "requestHost", + "schema": { + "description": "RequestHosts is the request host filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Paths is the URL path filter.\n", + "in": "query", + "name": "urlPath", + "schema": { + "description": "Paths is the URL path filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Queries is the URL query filter.\n", + "in": "query", + "name": "urlQuery", + "schema": { + "description": "Queries is the URL query filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Methods is the request method filter.\n", + "in": "query", + "name": "method", + "schema": { + "description": "Methods is the request method filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "RequestHeaderNames is the request header names filter.\n", + "in": "query", + "name": "requestHeaderNames", + "schema": { + "description": "RequestHeaderNames is the request header names filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "OS is the OS filter.\n", + "in": "query", + "name": "os", + "schema": { + "description": "OS is the OS filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Messages is the audit message text filter.\n", + "in": "query", + "name": "msg", + "schema": { + "description": "Messages is the audit message text filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Cluster is the audit cluster filter.\n", + "in": "query", + "name": "cluster", + "schema": { + "description": "Cluster is the audit cluster filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "AttackTechniques are the MITRE attack techniques.\n", + "in": "query", + "name": "attackTechniques", + "schema": { + "description": "AttackTechniques are the MITRE attack techniques.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Aggregate indicates whether the result audits should be aggregated according to the Select field.\n", + "in": "query", + "name": "aggregate", + "schema": { + "type": "boolean" + } + }, + { + "description": "Protections is the firewall audit protection type filter.\n", + "in": "query", + "name": "protection", + "schema": { + "description": "Protections is the firewall audit protection type filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "EventID is the event IDs filter.\n", + "in": "query", + "name": "eventID", + "schema": { + "description": "EventID is the event IDs filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "OWASPTop10 is the OWASP top 10 filter.\n", + "in": "query", + "name": "owaspTop10", + "schema": { + "description": "OWASPTop10 is the OWASP top 10 filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "OWASPAPITop10 is the OWASP API top 10 filter.\n", + "in": "query", + "name": "owaspAPITop10", + "schema": { + "description": "OWASPAPITop10 is the OWASP API top 10 filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "AdditionalHash is used to filter by the additional hash value.\n", + "in": "query", + "name": "additionalHash", + "schema": { + "description": "AdditionalHash is used to filter by the additional hash value.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "ModelPath is used to filter by the API model path.\n", + "in": "query", + "name": "modelPath", + "schema": { + "description": "ModelPath is used to filter by the API model path.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Buckets is the number of buckets to return.\n", + "in": "query", + "name": "buckets", + "schema": { + "type": "integer" + } + } + ], + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/-_types.AuditTimeslice" + } + } + }, + "description": "" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Audits" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorWAAS" + }, + "operationId": "get-audits-firewall-app-container-timeslice", + "summary": "Get WAAS Container Audit Timeslice" + } + }, + "/api/v33.03/audits/firewall/app/host": { + "get": { + "description": { + "$ref": "desc/audits/waas_host_get.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Limit is the amount to fix.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Sorts the result using a key.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": "From is an optional minimum time constraints for the audit.\n", + "in": "query", + "name": "from", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "To is an optional maximum time constraints for the audit.\n", + "in": "query", + "name": "to", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "Images is the image names filter.\n", + "in": "query", + "name": "imageName", + "schema": { + "description": "Images is the image names filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Containers is the container names filter.\n", + "in": "query", + "name": "containerName", + "schema": { + "description": "Containers is the container names filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Hosts is the hostnames filter.\n", + "in": "query", + "name": "hostname", + "schema": { + "description": "Hosts is the hostnames filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "RuleNames is the rule names filter.\n", + "in": "query", + "name": "ruleName", + "schema": { + "description": "RuleNames is the rule names filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Types is the firewall audit type filter.\n", + "in": "query", + "name": "type", + "schema": { + "description": "Types is the firewall audit type filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Effect is used to filter by runtime audit effect.\n", + "in": "query", + "name": "effect", + "schema": { + "type": "string" + } + }, + { + "description": "RuleAppIDs is the rule app IDs filter.\n", + "in": "query", + "name": "ruleAppID", + "schema": { + "description": "RuleAppIDs is the rule app IDs filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "FunctionName is used to filter by function name.\n", + "in": "query", + "name": "function", + "schema": { + "description": "FunctionName is used to filter by function name.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Runtime is used to filter by runtime.\n", + "in": "query", + "name": "runtime", + "schema": { + "description": "Runtime is used to filter by runtime.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Namespaces is the list of namespaces to use for filtering.\n", + "in": "query", + "name": "ns", + "schema": { + "description": "Namespaces is the list of namespaces to use for filtering.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "AppIDs is the app embedded appID filter.\n", + "in": "query", + "name": "appID", + "schema": { + "description": "AppIDs is the app embedded appID filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Subnets is the source IPs filter.\n", + "in": "query", + "name": "subnet", + "schema": { + "description": "Subnets is the source IPs filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "ConnectingIPs is the connecting IPs filter.\n", + "in": "query", + "name": "connectingIPs", + "schema": { + "description": "ConnectingIPs is the connecting IPs filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Countries is the source IP country filter.\n", + "in": "query", + "name": "country", + "schema": { + "description": "Countries is the source IP country filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "UserAgents is the user agent header filter.\n", + "in": "query", + "name": "userAgentHeader", + "schema": { + "description": "UserAgents is the user agent header filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "URLs is the URL filter.\n", + "in": "query", + "name": "url", + "schema": { + "description": "URLs is the URL filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "RequestHosts is the request host filter.\n", + "in": "query", + "name": "requestHost", + "schema": { + "description": "RequestHosts is the request host filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Paths is the URL path filter.\n", + "in": "query", + "name": "urlPath", + "schema": { + "description": "Paths is the URL path filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Queries is the URL query filter.\n", + "in": "query", + "name": "urlQuery", + "schema": { + "description": "Queries is the URL query filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Methods is the request method filter.\n", + "in": "query", + "name": "method", + "schema": { + "description": "Methods is the request method filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "RequestHeaderNames is the request header names filter.\n", + "in": "query", + "name": "requestHeaderNames", + "schema": { + "description": "RequestHeaderNames is the request header names filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "OS is the OS filter.\n", + "in": "query", + "name": "os", + "schema": { + "description": "OS is the OS filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Messages is the audit message text filter.\n", + "in": "query", + "name": "msg", + "schema": { + "description": "Messages is the audit message text filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Cluster is the audit cluster filter.\n", + "in": "query", + "name": "cluster", + "schema": { + "description": "Cluster is the audit cluster filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "AttackTechniques are the MITRE attack techniques.\n", + "in": "query", + "name": "attackTechniques", + "schema": { + "description": "AttackTechniques are the MITRE attack techniques.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Aggregate indicates whether the result audits should be aggregated according to the Select field.\n", + "in": "query", + "name": "aggregate", + "schema": { + "type": "boolean" + } + }, + { + "description": "Protections is the firewall audit protection type filter.\n", + "in": "query", + "name": "protection", + "schema": { + "description": "Protections is the firewall audit protection type filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "EventID is the event IDs filter.\n", + "in": "query", + "name": "eventID", + "schema": { + "description": "EventID is the event IDs filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "OWASPTop10 is the OWASP top 10 filter.\n", + "in": "query", + "name": "owaspTop10", + "schema": { + "description": "OWASPTop10 is the OWASP top 10 filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "OWASPAPITop10 is the OWASP API top 10 filter.\n", + "in": "query", + "name": "owaspAPITop10", + "schema": { + "description": "OWASPAPITop10 is the OWASP API top 10 filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "AdditionalHash is used to filter by the additional hash value.\n", + "in": "query", + "name": "additionalHash", + "schema": { + "description": "AdditionalHash is used to filter by the additional hash value.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "ModelPath is used to filter by the API model path.\n", + "in": "query", + "name": "modelPath", + "schema": { + "description": "ModelPath is used to filter by the API model path.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + } + ], + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/-_shared.AppFirewallAudit" + } + } + }, + "description": "" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Audits" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorWAAS" + }, + "operationId": "get-audits-firewall-app-host", + "summary": "Get WAAS Host Audit Events" + } + }, + "/api/v33.03/audits/firewall/app/host/download": { + "get": { + "description": { + "$ref": "desc/audits/waas_host_download_get.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Limit is the amount to fix.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Sorts the result using a key.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": "From is an optional minimum time constraints for the audit.\n", + "in": "query", + "name": "from", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "To is an optional maximum time constraints for the audit.\n", + "in": "query", + "name": "to", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "Images is the image names filter.\n", + "in": "query", + "name": "imageName", + "schema": { + "description": "Images is the image names filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Containers is the container names filter.\n", + "in": "query", + "name": "containerName", + "schema": { + "description": "Containers is the container names filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Hosts is the hostnames filter.\n", + "in": "query", + "name": "hostname", + "schema": { + "description": "Hosts is the hostnames filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "RuleNames is the rule names filter.\n", + "in": "query", + "name": "ruleName", + "schema": { + "description": "RuleNames is the rule names filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Types is the firewall audit type filter.\n", + "in": "query", + "name": "type", + "schema": { + "description": "Types is the firewall audit type filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Effect is used to filter by runtime audit effect.\n", + "in": "query", + "name": "effect", + "schema": { + "type": "string" + } + }, + { + "description": "RuleAppIDs is the rule app IDs filter.\n", + "in": "query", + "name": "ruleAppID", + "schema": { + "description": "RuleAppIDs is the rule app IDs filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "FunctionName is used to filter by function name.\n", + "in": "query", + "name": "function", + "schema": { + "description": "FunctionName is used to filter by function name.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Runtime is used to filter by runtime.\n", + "in": "query", + "name": "runtime", + "schema": { + "description": "Runtime is used to filter by runtime.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Namespaces is the list of namespaces to use for filtering.\n", + "in": "query", + "name": "ns", + "schema": { + "description": "Namespaces is the list of namespaces to use for filtering.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "AppIDs is the app embedded appID filter.\n", + "in": "query", + "name": "appID", + "schema": { + "description": "AppIDs is the app embedded appID filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Subnets is the source IPs filter.\n", + "in": "query", + "name": "subnet", + "schema": { + "description": "Subnets is the source IPs filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "ConnectingIPs is the connecting IPs filter.\n", + "in": "query", + "name": "connectingIPs", + "schema": { + "description": "ConnectingIPs is the connecting IPs filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Countries is the source IP country filter.\n", + "in": "query", + "name": "country", + "schema": { + "description": "Countries is the source IP country filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "UserAgents is the user agent header filter.\n", + "in": "query", + "name": "userAgentHeader", + "schema": { + "description": "UserAgents is the user agent header filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "URLs is the URL filter.\n", + "in": "query", + "name": "url", + "schema": { + "description": "URLs is the URL filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "RequestHosts is the request host filter.\n", + "in": "query", + "name": "requestHost", + "schema": { + "description": "RequestHosts is the request host filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Paths is the URL path filter.\n", + "in": "query", + "name": "urlPath", + "schema": { + "description": "Paths is the URL path filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Queries is the URL query filter.\n", + "in": "query", + "name": "urlQuery", + "schema": { + "description": "Queries is the URL query filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Methods is the request method filter.\n", + "in": "query", + "name": "method", + "schema": { + "description": "Methods is the request method filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "RequestHeaderNames is the request header names filter.\n", + "in": "query", + "name": "requestHeaderNames", + "schema": { + "description": "RequestHeaderNames is the request header names filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "OS is the OS filter.\n", + "in": "query", + "name": "os", + "schema": { + "description": "OS is the OS filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Messages is the audit message text filter.\n", + "in": "query", + "name": "msg", + "schema": { + "description": "Messages is the audit message text filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Cluster is the audit cluster filter.\n", + "in": "query", + "name": "cluster", + "schema": { + "description": "Cluster is the audit cluster filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "AttackTechniques are the MITRE attack techniques.\n", + "in": "query", + "name": "attackTechniques", + "schema": { + "description": "AttackTechniques are the MITRE attack techniques.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Aggregate indicates whether the result audits should be aggregated according to the Select field.\n", + "in": "query", + "name": "aggregate", + "schema": { + "type": "boolean" + } + }, + { + "description": "Protections is the firewall audit protection type filter.\n", + "in": "query", + "name": "protection", + "schema": { + "description": "Protections is the firewall audit protection type filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "EventID is the event IDs filter.\n", + "in": "query", + "name": "eventID", + "schema": { + "description": "EventID is the event IDs filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "OWASPTop10 is the OWASP top 10 filter.\n", + "in": "query", + "name": "owaspTop10", + "schema": { + "description": "OWASPTop10 is the OWASP top 10 filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "OWASPAPITop10 is the OWASP API top 10 filter.\n", + "in": "query", + "name": "owaspAPITop10", + "schema": { + "description": "OWASPAPITop10 is the OWASP API top 10 filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "AdditionalHash is used to filter by the additional hash value.\n", + "in": "query", + "name": "additionalHash", + "schema": { + "description": "AdditionalHash is used to filter by the additional hash value.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "ModelPath is used to filter by the API model path.\n", + "in": "query", + "name": "modelPath", + "schema": { + "description": "ModelPath is used to filter by the API model path.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + } + ], + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Audits" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorWAAS" + }, + "operationId": "get-audits-firewall-app-host-download", + "summary": "Download WAAS Host Audit Events" + } + }, + "/api/v33.03/audits/firewall/app/host/timeslice": { + "get": { + "description": { + "$ref": "desc/audits/waas_host_timeslice_get.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Limit is the amount to fix.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Sorts the result using a key.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": "From is an optional minimum time constraints for the audit.\n", + "in": "query", + "name": "from", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "To is an optional maximum time constraints for the audit.\n", + "in": "query", + "name": "to", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "Images is the image names filter.\n", + "in": "query", + "name": "imageName", + "schema": { + "description": "Images is the image names filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Containers is the container names filter.\n", + "in": "query", + "name": "containerName", + "schema": { + "description": "Containers is the container names filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Hosts is the hostnames filter.\n", + "in": "query", + "name": "hostname", + "schema": { + "description": "Hosts is the hostnames filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "RuleNames is the rule names filter.\n", + "in": "query", + "name": "ruleName", + "schema": { + "description": "RuleNames is the rule names filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Types is the firewall audit type filter.\n", + "in": "query", + "name": "type", + "schema": { + "description": "Types is the firewall audit type filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Effect is used to filter by runtime audit effect.\n", + "in": "query", + "name": "effect", + "schema": { + "type": "string" + } + }, + { + "description": "RuleAppIDs is the rule app IDs filter.\n", + "in": "query", + "name": "ruleAppID", + "schema": { + "description": "RuleAppIDs is the rule app IDs filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "FunctionName is used to filter by function name.\n", + "in": "query", + "name": "function", + "schema": { + "description": "FunctionName is used to filter by function name.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Runtime is used to filter by runtime.\n", + "in": "query", + "name": "runtime", + "schema": { + "description": "Runtime is used to filter by runtime.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Namespaces is the list of namespaces to use for filtering.\n", + "in": "query", + "name": "ns", + "schema": { + "description": "Namespaces is the list of namespaces to use for filtering.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "AppIDs is the app embedded appID filter.\n", + "in": "query", + "name": "appID", + "schema": { + "description": "AppIDs is the app embedded appID filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Subnets is the source IPs filter.\n", + "in": "query", + "name": "subnet", + "schema": { + "description": "Subnets is the source IPs filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "ConnectingIPs is the connecting IPs filter.\n", + "in": "query", + "name": "connectingIPs", + "schema": { + "description": "ConnectingIPs is the connecting IPs filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Countries is the source IP country filter.\n", + "in": "query", + "name": "country", + "schema": { + "description": "Countries is the source IP country filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "UserAgents is the user agent header filter.\n", + "in": "query", + "name": "userAgentHeader", + "schema": { + "description": "UserAgents is the user agent header filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "URLs is the URL filter.\n", + "in": "query", + "name": "url", + "schema": { + "description": "URLs is the URL filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "RequestHosts is the request host filter.\n", + "in": "query", + "name": "requestHost", + "schema": { + "description": "RequestHosts is the request host filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Paths is the URL path filter.\n", + "in": "query", + "name": "urlPath", + "schema": { + "description": "Paths is the URL path filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Queries is the URL query filter.\n", + "in": "query", + "name": "urlQuery", + "schema": { + "description": "Queries is the URL query filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Methods is the request method filter.\n", + "in": "query", + "name": "method", + "schema": { + "description": "Methods is the request method filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "RequestHeaderNames is the request header names filter.\n", + "in": "query", + "name": "requestHeaderNames", + "schema": { + "description": "RequestHeaderNames is the request header names filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "OS is the OS filter.\n", + "in": "query", + "name": "os", + "schema": { + "description": "OS is the OS filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Messages is the audit message text filter.\n", + "in": "query", + "name": "msg", + "schema": { + "description": "Messages is the audit message text filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Cluster is the audit cluster filter.\n", + "in": "query", + "name": "cluster", + "schema": { + "description": "Cluster is the audit cluster filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "AttackTechniques are the MITRE attack techniques.\n", + "in": "query", + "name": "attackTechniques", + "schema": { + "description": "AttackTechniques are the MITRE attack techniques.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Aggregate indicates whether the result audits should be aggregated according to the Select field.\n", + "in": "query", + "name": "aggregate", + "schema": { + "type": "boolean" + } + }, + { + "description": "Protections is the firewall audit protection type filter.\n", + "in": "query", + "name": "protection", + "schema": { + "description": "Protections is the firewall audit protection type filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "EventID is the event IDs filter.\n", + "in": "query", + "name": "eventID", + "schema": { + "description": "EventID is the event IDs filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "OWASPTop10 is the OWASP top 10 filter.\n", + "in": "query", + "name": "owaspTop10", + "schema": { + "description": "OWASPTop10 is the OWASP top 10 filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "OWASPAPITop10 is the OWASP API top 10 filter.\n", + "in": "query", + "name": "owaspAPITop10", + "schema": { + "description": "OWASPAPITop10 is the OWASP API top 10 filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "AdditionalHash is used to filter by the additional hash value.\n", + "in": "query", + "name": "additionalHash", + "schema": { + "description": "AdditionalHash is used to filter by the additional hash value.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "ModelPath is used to filter by the API model path.\n", + "in": "query", + "name": "modelPath", + "schema": { + "description": "ModelPath is used to filter by the API model path.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Buckets is the number of buckets to return.\n", + "in": "query", + "name": "buckets", + "schema": { + "type": "integer" + } + } + ], + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/-_types.AuditTimeslice" + } + } + }, + "description": "" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Audits" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorWAAS" + }, + "operationId": "get-audits-firewall-app-host-timeslice", + "summary": "Get WAAS Host Audit Timeslice" + } + }, + "/api/v33.03/audits/firewall/app/serverless": { + "get": { + "description": { + "$ref": "desc/audits/waas_serverless_get.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Limit is the amount to fix.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Sorts the result using a key.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": "From is an optional minimum time constraints for the audit.\n", + "in": "query", + "name": "from", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "To is an optional maximum time constraints for the audit.\n", + "in": "query", + "name": "to", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "Images is the image names filter.\n", + "in": "query", + "name": "imageName", + "schema": { + "description": "Images is the image names filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Containers is the container names filter.\n", + "in": "query", + "name": "containerName", + "schema": { + "description": "Containers is the container names filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Hosts is the hostnames filter.\n", + "in": "query", + "name": "hostname", + "schema": { + "description": "Hosts is the hostnames filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "RuleNames is the rule names filter.\n", + "in": "query", + "name": "ruleName", + "schema": { + "description": "RuleNames is the rule names filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Types is the firewall audit type filter.\n", + "in": "query", + "name": "type", + "schema": { + "description": "Types is the firewall audit type filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Effect is used to filter by runtime audit effect.\n", + "in": "query", + "name": "effect", + "schema": { + "type": "string" + } + }, + { + "description": "RuleAppIDs is the rule app IDs filter.\n", + "in": "query", + "name": "ruleAppID", + "schema": { + "description": "RuleAppIDs is the rule app IDs filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "FunctionName is used to filter by function name.\n", + "in": "query", + "name": "function", + "schema": { + "description": "FunctionName is used to filter by function name.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Runtime is used to filter by runtime.\n", + "in": "query", + "name": "runtime", + "schema": { + "description": "Runtime is used to filter by runtime.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Namespaces is the list of namespaces to use for filtering.\n", + "in": "query", + "name": "ns", + "schema": { + "description": "Namespaces is the list of namespaces to use for filtering.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "AppIDs is the app embedded appID filter.\n", + "in": "query", + "name": "appID", + "schema": { + "description": "AppIDs is the app embedded appID filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Subnets is the source IPs filter.\n", + "in": "query", + "name": "subnet", + "schema": { + "description": "Subnets is the source IPs filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "ConnectingIPs is the connecting IPs filter.\n", + "in": "query", + "name": "connectingIPs", + "schema": { + "description": "ConnectingIPs is the connecting IPs filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Countries is the source IP country filter.\n", + "in": "query", + "name": "country", + "schema": { + "description": "Countries is the source IP country filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "UserAgents is the user agent header filter.\n", + "in": "query", + "name": "userAgentHeader", + "schema": { + "description": "UserAgents is the user agent header filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "URLs is the URL filter.\n", + "in": "query", + "name": "url", + "schema": { + "description": "URLs is the URL filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "RequestHosts is the request host filter.\n", + "in": "query", + "name": "requestHost", + "schema": { + "description": "RequestHosts is the request host filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Paths is the URL path filter.\n", + "in": "query", + "name": "urlPath", + "schema": { + "description": "Paths is the URL path filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Queries is the URL query filter.\n", + "in": "query", + "name": "urlQuery", + "schema": { + "description": "Queries is the URL query filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Methods is the request method filter.\n", + "in": "query", + "name": "method", + "schema": { + "description": "Methods is the request method filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "RequestHeaderNames is the request header names filter.\n", + "in": "query", + "name": "requestHeaderNames", + "schema": { + "description": "RequestHeaderNames is the request header names filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "OS is the OS filter.\n", + "in": "query", + "name": "os", + "schema": { + "description": "OS is the OS filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Messages is the audit message text filter.\n", + "in": "query", + "name": "msg", + "schema": { + "description": "Messages is the audit message text filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Cluster is the audit cluster filter.\n", + "in": "query", + "name": "cluster", + "schema": { + "description": "Cluster is the audit cluster filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "AttackTechniques are the MITRE attack techniques.\n", + "in": "query", + "name": "attackTechniques", + "schema": { + "description": "AttackTechniques are the MITRE attack techniques.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Aggregate indicates whether the result audits should be aggregated according to the Select field.\n", + "in": "query", + "name": "aggregate", + "schema": { + "type": "boolean" + } + }, + { + "description": "Protections is the firewall audit protection type filter.\n", + "in": "query", + "name": "protection", + "schema": { + "description": "Protections is the firewall audit protection type filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "EventID is the event IDs filter.\n", + "in": "query", + "name": "eventID", + "schema": { + "description": "EventID is the event IDs filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "OWASPTop10 is the OWASP top 10 filter.\n", + "in": "query", + "name": "owaspTop10", + "schema": { + "description": "OWASPTop10 is the OWASP top 10 filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "OWASPAPITop10 is the OWASP API top 10 filter.\n", + "in": "query", + "name": "owaspAPITop10", + "schema": { + "description": "OWASPAPITop10 is the OWASP API top 10 filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "AdditionalHash is used to filter by the additional hash value.\n", + "in": "query", + "name": "additionalHash", + "schema": { + "description": "AdditionalHash is used to filter by the additional hash value.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "ModelPath is used to filter by the API model path.\n", + "in": "query", + "name": "modelPath", + "schema": { + "description": "ModelPath is used to filter by the API model path.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + } + ], + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/-_shared.AppFirewallAudit" + } + } + }, + "description": "" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Audits" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorWAAS" + }, + "operationId": "get-audits-firewall-app-serverless", + "summary": "Get WAAS Serverless Audit Events" + } + }, + "/api/v33.03/audits/firewall/app/serverless/download": { + "get": { + "description": { + "$ref": "desc/audits/waas_serverless_download_get.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Limit is the amount to fix.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Sorts the result using a key.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": "From is an optional minimum time constraints for the audit.\n", + "in": "query", + "name": "from", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "To is an optional maximum time constraints for the audit.\n", + "in": "query", + "name": "to", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "Images is the image names filter.\n", + "in": "query", + "name": "imageName", + "schema": { + "description": "Images is the image names filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Containers is the container names filter.\n", + "in": "query", + "name": "containerName", + "schema": { + "description": "Containers is the container names filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Hosts is the hostnames filter.\n", + "in": "query", + "name": "hostname", + "schema": { + "description": "Hosts is the hostnames filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "RuleNames is the rule names filter.\n", + "in": "query", + "name": "ruleName", + "schema": { + "description": "RuleNames is the rule names filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Types is the firewall audit type filter.\n", + "in": "query", + "name": "type", + "schema": { + "description": "Types is the firewall audit type filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Effect is used to filter by runtime audit effect.\n", + "in": "query", + "name": "effect", + "schema": { + "type": "string" + } + }, + { + "description": "RuleAppIDs is the rule app IDs filter.\n", + "in": "query", + "name": "ruleAppID", + "schema": { + "description": "RuleAppIDs is the rule app IDs filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "FunctionName is used to filter by function name.\n", + "in": "query", + "name": "function", + "schema": { + "description": "FunctionName is used to filter by function name.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Runtime is used to filter by runtime.\n", + "in": "query", + "name": "runtime", + "schema": { + "description": "Runtime is used to filter by runtime.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Namespaces is the list of namespaces to use for filtering.\n", + "in": "query", + "name": "ns", + "schema": { + "description": "Namespaces is the list of namespaces to use for filtering.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "AppIDs is the app embedded appID filter.\n", + "in": "query", + "name": "appID", + "schema": { + "description": "AppIDs is the app embedded appID filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Subnets is the source IPs filter.\n", + "in": "query", + "name": "subnet", + "schema": { + "description": "Subnets is the source IPs filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "ConnectingIPs is the connecting IPs filter.\n", + "in": "query", + "name": "connectingIPs", + "schema": { + "description": "ConnectingIPs is the connecting IPs filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Countries is the source IP country filter.\n", + "in": "query", + "name": "country", + "schema": { + "description": "Countries is the source IP country filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "UserAgents is the user agent header filter.\n", + "in": "query", + "name": "userAgentHeader", + "schema": { + "description": "UserAgents is the user agent header filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "URLs is the URL filter.\n", + "in": "query", + "name": "url", + "schema": { + "description": "URLs is the URL filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "RequestHosts is the request host filter.\n", + "in": "query", + "name": "requestHost", + "schema": { + "description": "RequestHosts is the request host filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Paths is the URL path filter.\n", + "in": "query", + "name": "urlPath", + "schema": { + "description": "Paths is the URL path filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Queries is the URL query filter.\n", + "in": "query", + "name": "urlQuery", + "schema": { + "description": "Queries is the URL query filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Methods is the request method filter.\n", + "in": "query", + "name": "method", + "schema": { + "description": "Methods is the request method filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "RequestHeaderNames is the request header names filter.\n", + "in": "query", + "name": "requestHeaderNames", + "schema": { + "description": "RequestHeaderNames is the request header names filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "OS is the OS filter.\n", + "in": "query", + "name": "os", + "schema": { + "description": "OS is the OS filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Messages is the audit message text filter.\n", + "in": "query", + "name": "msg", + "schema": { + "description": "Messages is the audit message text filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Cluster is the audit cluster filter.\n", + "in": "query", + "name": "cluster", + "schema": { + "description": "Cluster is the audit cluster filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "AttackTechniques are the MITRE attack techniques.\n", + "in": "query", + "name": "attackTechniques", + "schema": { + "description": "AttackTechniques are the MITRE attack techniques.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Aggregate indicates whether the result audits should be aggregated according to the Select field.\n", + "in": "query", + "name": "aggregate", + "schema": { + "type": "boolean" + } + }, + { + "description": "Protections is the firewall audit protection type filter.\n", + "in": "query", + "name": "protection", + "schema": { + "description": "Protections is the firewall audit protection type filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "EventID is the event IDs filter.\n", + "in": "query", + "name": "eventID", + "schema": { + "description": "EventID is the event IDs filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "OWASPTop10 is the OWASP top 10 filter.\n", + "in": "query", + "name": "owaspTop10", + "schema": { + "description": "OWASPTop10 is the OWASP top 10 filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "OWASPAPITop10 is the OWASP API top 10 filter.\n", + "in": "query", + "name": "owaspAPITop10", + "schema": { + "description": "OWASPAPITop10 is the OWASP API top 10 filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "AdditionalHash is used to filter by the additional hash value.\n", + "in": "query", + "name": "additionalHash", + "schema": { + "description": "AdditionalHash is used to filter by the additional hash value.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "ModelPath is used to filter by the API model path.\n", + "in": "query", + "name": "modelPath", + "schema": { + "description": "ModelPath is used to filter by the API model path.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + } + ], + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Audits" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorWAAS" + }, + "operationId": "get-audits-firewall-app-serverless-download", + "summary": "Download WAAS Serverless Audit Events" + } + }, + "/api/v33.03/audits/firewall/app/serverless/timeslice": { + "get": { + "description": { + "$ref": "desc/audits/waas_serverless_timeslice_get.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Limit is the amount to fix.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Sorts the result using a key.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": "From is an optional minimum time constraints for the audit.\n", + "in": "query", + "name": "from", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "To is an optional maximum time constraints for the audit.\n", + "in": "query", + "name": "to", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "Images is the image names filter.\n", + "in": "query", + "name": "imageName", + "schema": { + "description": "Images is the image names filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Containers is the container names filter.\n", + "in": "query", + "name": "containerName", + "schema": { + "description": "Containers is the container names filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Hosts is the hostnames filter.\n", + "in": "query", + "name": "hostname", + "schema": { + "description": "Hosts is the hostnames filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "RuleNames is the rule names filter.\n", + "in": "query", + "name": "ruleName", + "schema": { + "description": "RuleNames is the rule names filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Types is the firewall audit type filter.\n", + "in": "query", + "name": "type", + "schema": { + "description": "Types is the firewall audit type filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Effect is used to filter by runtime audit effect.\n", + "in": "query", + "name": "effect", + "schema": { + "type": "string" + } + }, + { + "description": "RuleAppIDs is the rule app IDs filter.\n", + "in": "query", + "name": "ruleAppID", + "schema": { + "description": "RuleAppIDs is the rule app IDs filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "FunctionName is used to filter by function name.\n", + "in": "query", + "name": "function", + "schema": { + "description": "FunctionName is used to filter by function name.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Runtime is used to filter by runtime.\n", + "in": "query", + "name": "runtime", + "schema": { + "description": "Runtime is used to filter by runtime.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Namespaces is the list of namespaces to use for filtering.\n", + "in": "query", + "name": "ns", + "schema": { + "description": "Namespaces is the list of namespaces to use for filtering.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "AppIDs is the app embedded appID filter.\n", + "in": "query", + "name": "appID", + "schema": { + "description": "AppIDs is the app embedded appID filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Subnets is the source IPs filter.\n", + "in": "query", + "name": "subnet", + "schema": { + "description": "Subnets is the source IPs filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "ConnectingIPs is the connecting IPs filter.\n", + "in": "query", + "name": "connectingIPs", + "schema": { + "description": "ConnectingIPs is the connecting IPs filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Countries is the source IP country filter.\n", + "in": "query", + "name": "country", + "schema": { + "description": "Countries is the source IP country filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "UserAgents is the user agent header filter.\n", + "in": "query", + "name": "userAgentHeader", + "schema": { + "description": "UserAgents is the user agent header filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "URLs is the URL filter.\n", + "in": "query", + "name": "url", + "schema": { + "description": "URLs is the URL filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "RequestHosts is the request host filter.\n", + "in": "query", + "name": "requestHost", + "schema": { + "description": "RequestHosts is the request host filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Paths is the URL path filter.\n", + "in": "query", + "name": "urlPath", + "schema": { + "description": "Paths is the URL path filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Queries is the URL query filter.\n", + "in": "query", + "name": "urlQuery", + "schema": { + "description": "Queries is the URL query filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Methods is the request method filter.\n", + "in": "query", + "name": "method", + "schema": { + "description": "Methods is the request method filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "RequestHeaderNames is the request header names filter.\n", + "in": "query", + "name": "requestHeaderNames", + "schema": { + "description": "RequestHeaderNames is the request header names filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "OS is the OS filter.\n", + "in": "query", + "name": "os", + "schema": { + "description": "OS is the OS filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Messages is the audit message text filter.\n", + "in": "query", + "name": "msg", + "schema": { + "description": "Messages is the audit message text filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Cluster is the audit cluster filter.\n", + "in": "query", + "name": "cluster", + "schema": { + "description": "Cluster is the audit cluster filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "AttackTechniques are the MITRE attack techniques.\n", + "in": "query", + "name": "attackTechniques", + "schema": { + "description": "AttackTechniques are the MITRE attack techniques.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Aggregate indicates whether the result audits should be aggregated according to the Select field.\n", + "in": "query", + "name": "aggregate", + "schema": { + "type": "boolean" + } + }, + { + "description": "Protections is the firewall audit protection type filter.\n", + "in": "query", + "name": "protection", + "schema": { + "description": "Protections is the firewall audit protection type filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "EventID is the event IDs filter.\n", + "in": "query", + "name": "eventID", + "schema": { + "description": "EventID is the event IDs filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "OWASPTop10 is the OWASP top 10 filter.\n", + "in": "query", + "name": "owaspTop10", + "schema": { + "description": "OWASPTop10 is the OWASP top 10 filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "OWASPAPITop10 is the OWASP API top 10 filter.\n", + "in": "query", + "name": "owaspAPITop10", + "schema": { + "description": "OWASPAPITop10 is the OWASP API top 10 filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "AdditionalHash is used to filter by the additional hash value.\n", + "in": "query", + "name": "additionalHash", + "schema": { + "description": "AdditionalHash is used to filter by the additional hash value.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "ModelPath is used to filter by the API model path.\n", + "in": "query", + "name": "modelPath", + "schema": { + "description": "ModelPath is used to filter by the API model path.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Buckets is the number of buckets to return.\n", + "in": "query", + "name": "buckets", + "schema": { + "type": "integer" + } + } + ], + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/-_types.AuditTimeslice" + } + } + }, + "description": "" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Audits" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorWAAS" + }, + "operationId": "get-audits-firewall-app-serverless-timeslice", + "summary": "Get WAAS Serverless Audit Events for a Timeframe" + } + }, + "/api/v33.03/audits/firewall/network/container": { + "get": { + "description": { + "$ref": "desc/audits/firewall_network_container_get.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Limit is the amount to fix.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Sorts the result using a key.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": "From is an optional minimum time constraints for the audits.\n", + "in": "query", + "name": "from", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "To is an optional maximum time constraints for the audits.\n", + "in": "query", + "name": "to", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "SrcImages are the source images filter.\n", + "in": "query", + "name": "srcImageName", + "schema": { + "description": "SrcImages are the source images filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "DstImages are the destination images filter.\n", + "in": "query", + "name": "dstImageName", + "schema": { + "description": "DstImages are the destination images filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Block is the block/audit filter.\n", + "in": "query", + "name": "block", + "schema": { + "type": "string" + } + } + ], + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/-_shared.ContainerNetworkFirewallProfileAudits" + } + } + }, + "description": "" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Audits" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorCNNF" + }, + "operationId": "get-audits-firewall-network-container", + "summary": "Get CNNS Container Audit Events" + } + }, + "/api/v33.03/audits/firewall/network/container/download": { + "get": { + "description": { + "$ref": "desc/audits/firewall_network_container_download_get.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Limit is the amount to fix.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Sorts the result using a key.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": "From is an optional minimum time constraints for the audits.\n", + "in": "query", + "name": "from", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "To is an optional maximum time constraints for the audits.\n", + "in": "query", + "name": "to", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "SrcImages are the source images filter.\n", + "in": "query", + "name": "srcImageName", + "schema": { + "description": "SrcImages are the source images filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "DstImages are the destination images filter.\n", + "in": "query", + "name": "dstImageName", + "schema": { + "description": "DstImages are the destination images filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Block is the block/audit filter.\n", + "in": "query", + "name": "block", + "schema": { + "type": "string" + } + } + ], + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Audits" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorCNNF" + }, + "operationId": "get-audits-firewall-network-container-download", + "summary": "Download CNNS Container Audit Events" + } + }, + "/api/v33.03/audits/firewall/network/host": { + "get": { + "description": { + "$ref": "desc/audits/firewall_network_host_get.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Limit is the amount to fix.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Sorts the result using a key.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": "From is an optional minimum time constraints for the audits.\n", + "in": "query", + "name": "from", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "To is an optional maximum time constraints for the audits.\n", + "in": "query", + "name": "to", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "SrcHostname are the source hostnames filter.\n", + "in": "query", + "name": "srcHostnames", + "schema": { + "description": "SrcHostname are the source hostnames filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "DstHostname are the destination hostnames filter.\n", + "in": "query", + "name": "dstHostnames", + "schema": { + "description": "DstHostname are the destination hostnames filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + } + ], + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/-_shared.HostNetworkFirewallProfileAudits" + } + } + }, + "description": "" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Audits" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorCNNF" + }, + "operationId": "get-audits-firewall-network-host", + "summary": "Get CNNS Host Audit Events" + } + }, + "/api/v33.03/audits/firewall/network/host/download": { + "get": { + "description": { + "$ref": "desc/audits/firewall_network_host_download_get.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Limit is the amount to fix.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Sorts the result using a key.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": "From is an optional minimum time constraints for the audits.\n", + "in": "query", + "name": "from", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "To is an optional maximum time constraints for the audits.\n", + "in": "query", + "name": "to", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "SrcHostname are the source hostnames filter.\n", + "in": "query", + "name": "srcHostnames", + "schema": { + "description": "SrcHostname are the source hostnames filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "DstHostname are the destination hostnames filter.\n", + "in": "query", + "name": "dstHostnames", + "schema": { + "description": "DstHostname are the destination hostnames filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + } + ], + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Audits" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorCNNF" + }, + "operationId": "get-audits-firewall-network-host-download", + "summary": "Download CNNS Host Audit Events" + } + }, + "/api/v33.03/audits/incidents": { + "get": { + "description": { + "$ref": "desc/audits/incidents_get.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Limit is the amount to fix.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Sorts the result using a key.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": "Filters results from a start datetime.\n", + "in": "query", + "name": "from", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "Filters results from an end datetime.\n", + "in": "query", + "name": "to", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "Filters results by hostname where the incident occurred.\n", + "in": "query", + "name": "hostname", + "schema": { + "description": "Filters results by hostname where the incident occurred.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters results by incident category.\n", + "in": "query", + "name": "category", + "schema": { + "description": "Filters results by incident category.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters results by incident type.\n", + "in": "query", + "name": "type", + "schema": { + "description": "Filters results by incident type.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters results by runtime profile ID.\n", + "in": "query", + "name": "profileID", + "schema": { + "description": "Filters results by runtime profile ID.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters results by incidents that have been acknowledged.\n", + "in": "query", + "name": "acknowledged", + "schema": { + "type": "string" + } + }, + { + "description": "Filters results by region (for functions)\nFilters results by cluster name.\n", + "in": "query", + "name": "cluster", + "schema": { + "description": "Filters results by region (for functions)\nFilters results by cluster name.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters results by ID.\n", + "in": "query", + "name": "id", + "schema": { + "description": "Filters results by ID.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters results by app IDs.\n", + "in": "query", + "name": "appID", + "schema": { + "description": "Filters results by app IDs.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters results by container IDs.\n", + "in": "query", + "name": "containerID", + "schema": { + "description": "Filters results by container IDs.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters results by function IDs.\n", + "in": "query", + "name": "functionID", + "schema": { + "description": "Filters results by function IDs.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters results by custom rule names.\n", + "in": "query", + "name": "customRuleName", + "schema": { + "description": "Filters results by custom rule names.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + } + ], + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/-_shared.Incident" + } + } + }, + "description": "" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Audits" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorRuntimeIncidents" + }, + "operationId": "get-audits-incidents", + "summary": "Get Incident Audit Events" + } + }, + "/api/v33.03/audits/incidents/acknowledge/{id}": { + "patch": { + "description": { + "$ref": "desc/audits/incidents_archive_patch.md" + }, + "parameters": [ + { + "in": "path", + "name": "id", + "required": true, + "schema": { + "type": "string" + } + } + ], + "requestBody": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/shared.Incident" + } + } + } + }, + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Audits" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorRuntimeIncidents" + }, + "operationId": "patch-audits-incidents-acknowledge-id", + "summary": "Archive an Incident Audit Event" + } + }, + "/api/v33.03/audits/incidents/download": { + "get": { + "description": { + "$ref": "desc/audits/incidents_download_get.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Limit is the amount to fix.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Sorts the result using a key.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": "Filters results from a start datetime.\n", + "in": "query", + "name": "from", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "Filters results from an end datetime.\n", + "in": "query", + "name": "to", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "Filters results by hostname where the incident occurred.\n", + "in": "query", + "name": "hostname", + "schema": { + "description": "Filters results by hostname where the incident occurred.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters results by incident category.\n", + "in": "query", + "name": "category", + "schema": { + "description": "Filters results by incident category.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters results by incident type.\n", + "in": "query", + "name": "type", + "schema": { + "description": "Filters results by incident type.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters results by runtime profile ID.\n", + "in": "query", + "name": "profileID", + "schema": { + "description": "Filters results by runtime profile ID.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters results by incidents that have been acknowledged.\n", + "in": "query", + "name": "acknowledged", + "schema": { + "type": "string" + } + }, + { + "description": "Filters results by region (for functions)\nFilters results by cluster name.\n", + "in": "query", + "name": "cluster", + "schema": { + "description": "Filters results by region (for functions)\nFilters results by cluster name.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters results by ID.\n", + "in": "query", + "name": "id", + "schema": { + "description": "Filters results by ID.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters results by app IDs.\n", + "in": "query", + "name": "appID", + "schema": { + "description": "Filters results by app IDs.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters results by container IDs.\n", + "in": "query", + "name": "containerID", + "schema": { + "description": "Filters results by container IDs.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters results by function IDs.\n", + "in": "query", + "name": "functionID", + "schema": { + "description": "Filters results by function IDs.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters results by custom rule names.\n", + "in": "query", + "name": "customRuleName", + "schema": { + "description": "Filters results by custom rule names.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + } + ], + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Audits" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorRuntimeIncidents" + }, + "operationId": "get-audits-incidents-download", + "summary": "Download Incident Audit Events" + } + }, + "/api/v33.03/audits/kubernetes": { + "get": { + "description": { + "$ref": "desc/audits/kubernetes_get.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Limit is the amount to fix.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Sorts the result using a key.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": "From is an optional minimum time constraints for the activity.\n", + "in": "query", + "name": "from", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "To is an optional maximum time constraints for the activity.\n", + "in": "query", + "name": "to", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "Users is the list of users to use for filtering.\n", + "in": "query", + "name": "user", + "schema": { + "description": "Users is the list of users to use for filtering.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "AttackTechniques are the MITRE attack techniques.\n", + "in": "query", + "name": "attackTechniques", + "schema": { + "description": "AttackTechniques are the MITRE attack techniques.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Clusters is the list of clusters for filtering.\n", + "in": "query", + "name": "cluster", + "schema": { + "description": "Clusters is the list of clusters for filtering.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + } + ], + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/-_kubeaudit.Audit" + } + } + }, + "description": "" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Audits" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorAccessKubernetes" + }, + "operationId": "get-audits-kubernetes", + "summary": "Get Kubernetes Audit Events" + } + }, + "/api/v33.03/audits/kubernetes/download": { + "get": { + "description": { + "$ref": "desc/audits/kubernetes_download_get.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Limit is the amount to fix.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Sorts the result using a key.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": "From is an optional minimum time constraints for the activity.\n", + "in": "query", + "name": "from", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "To is an optional maximum time constraints for the activity.\n", + "in": "query", + "name": "to", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "Users is the list of users to use for filtering.\n", + "in": "query", + "name": "user", + "schema": { + "description": "Users is the list of users to use for filtering.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "AttackTechniques are the MITRE attack techniques.\n", + "in": "query", + "name": "attackTechniques", + "schema": { + "description": "AttackTechniques are the MITRE attack techniques.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Clusters is the list of clusters for filtering.\n", + "in": "query", + "name": "cluster", + "schema": { + "description": "Clusters is the list of clusters for filtering.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + } + ], + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Audits" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorAccessKubernetes" + }, + "operationId": "get-audits-kubernetes-download", + "summary": "Download Kubernetes Audit Events" + } + }, + "/api/v33.03/audits/mgmt": { + "get": { + "description": { + "$ref": "desc/audits/mgmt_get.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Limit is the amount to fix.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Sorts the result using a key.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": "From is an optional minimum time constraints for the audit.\n", + "in": "query", + "name": "from", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "To is an optional maximum time constraints for the audit.\n", + "in": "query", + "name": "to", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "Types is the audit type filter.\n", + "in": "query", + "name": "type", + "schema": { + "description": "Types is the audit type filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Usernames is the username filter.\n", + "in": "query", + "name": "username", + "schema": { + "description": "Usernames is the username filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + } + ], + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/-_shared.MgmtAudit" + } + } + }, + "description": "" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Audits" + ], + "x-prisma-cloud-target-env": { + "permission": "systemLogs" + }, + "operationId": "get-audits-mgmt", + "summary": "Get Management Audit Events" + } + }, + "/api/v33.03/audits/mgmt/download": { + "get": { + "description": { + "$ref": "desc/audits/mgmt_download_get.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Limit is the amount to fix.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Sorts the result using a key.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": "From is an optional minimum time constraints for the audit.\n", + "in": "query", + "name": "from", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "To is an optional maximum time constraints for the audit.\n", + "in": "query", + "name": "to", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "Types is the audit type filter.\n", + "in": "query", + "name": "type", + "schema": { + "description": "Types is the audit type filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Usernames is the username filter.\n", + "in": "query", + "name": "username", + "schema": { + "description": "Usernames is the username filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + } + ], + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Audits" + ], + "x-prisma-cloud-target-env": { + "permission": "systemLogs" + }, + "operationId": "get-audits-mgmt-download", + "summary": "Download Management Audit Events" + } + }, + "/api/v33.03/audits/mgmt/filters": { + "get": { + "description": { + "$ref": "desc/audits/mgmt_filters_get.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Limit is the amount to fix.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Sorts the result using a key.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": "From is an optional minimum time constraints for the audit.\n", + "in": "query", + "name": "from", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "To is an optional maximum time constraints for the audit.\n", + "in": "query", + "name": "to", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "Types is the audit type filter.\n", + "in": "query", + "name": "type", + "schema": { + "description": "Types is the audit type filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Usernames is the username filter.\n", + "in": "query", + "name": "username", + "schema": { + "description": "Usernames is the username filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + } + ], + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/types.MgmtAuditFilters" + } + } + }, + "description": "MgmtAuditFilters are filters for management audit queries" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Audits" + ], + "x-prisma-cloud-target-env": { + "permission": "systemLogs" + }, + "operationId": "get-audits-mgmt-filters", + "summary": "Get Management Audit Event Filters" + } + }, + "/api/v33.03/audits/runtime/app-embedded": { + "get": { + "description": { + "$ref": "desc/audits/runtime_app_embedded_get.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Limit is the amount to fix.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Sorts the result using a key.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": "IDs are the audit IDs to filter.\n", + "in": "query", + "name": "id", + "schema": { + "description": "IDs are the audit IDs to filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "ProfileIDs are the profile IDs to filter.\n", + "in": "query", + "name": "profileID", + "schema": { + "description": "ProfileIDs are the profile IDs to filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "From is an optional minimum time constraints for the audit.\n", + "in": "query", + "name": "from", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "To is an optional maximum time constraints for the audit.\n", + "in": "query", + "name": "to", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "Time is used to filter by audit time.\n", + "in": "query", + "name": "time", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "ImageNames is the image name filter.\n", + "in": "query", + "name": "imageName", + "schema": { + "description": "ImageNames is the image name filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Containers is the container name filter.\n", + "in": "query", + "name": "container", + "schema": { + "description": "Containers is the container name filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "ContainerID is used to filter by container ID.\n", + "in": "query", + "name": "containerID", + "schema": { + "description": "ContainerID is used to filter by container ID.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "RuleNames is used to filter by rule name.\n", + "in": "query", + "name": "ruleName", + "schema": { + "description": "RuleNames is used to filter by rule name.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Types is used to filter by runtime audit type.\n", + "in": "query", + "name": "type", + "schema": { + "description": "Types is used to filter by runtime audit type.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Effect is used to filter by runtime audit effect (e.g., block/alert).\n", + "in": "query", + "name": "effect", + "schema": { + "description": "Effect is used to filter by runtime audit effect (e.g., block/alert).\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Users is used to filter by host users.\n", + "in": "query", + "name": "user", + "schema": { + "description": "Users is used to filter by host users.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "OS is the image OS distro filter.\n", + "in": "query", + "name": "os", + "schema": { + "description": "OS is the image OS distro filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Namespaces is the namespaces filter.\n", + "in": "query", + "name": "namespace", + "schema": { + "description": "Namespaces is the namespaces filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Fields is used to fetch specific runtime audit fields.\n", + "in": "query", + "name": "fields", + "schema": { + "description": "Fields is used to fetch specific runtime audit fields.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Clusters is the cluster filter.\n", + "in": "query", + "name": "cluster", + "schema": { + "description": "Clusters is the cluster filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "AttackTypes is used to filter by runtime audit attack type.\n", + "in": "query", + "name": "attackType", + "schema": { + "description": "AttackTypes is used to filter by runtime audit attack type.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Hostname is the hostname filter.\n", + "in": "query", + "name": "hostname", + "schema": { + "description": "Hostname is the hostname filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Message is the audit message text filter.\n", + "in": "query", + "name": "msg", + "schema": { + "description": "Message is the audit message text filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Interactive is the audit interactive filter.\n", + "in": "query", + "name": "interactive", + "schema": { + "description": "Interactive is the audit interactive filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Function is used to filter by function name.\n", + "in": "query", + "name": "function", + "schema": { + "description": "Function is used to filter by function name.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Runtime is used to filter by runtime.\n", + "in": "query", + "name": "runtime", + "schema": { + "description": "Runtime is used to filter by runtime.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "AttackTechniques are the MITRE attack techniques.\n", + "in": "query", + "name": "attackTechniques", + "schema": { + "description": "AttackTechniques are the MITRE attack techniques.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "App is the name constraint of the service that triggered the audit.\n", + "in": "query", + "name": "app", + "schema": { + "description": "App is the name constraint of the service that triggered the audit.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "ProcessPath is the path constraint of the process that triggered the audit.\n", + "in": "query", + "name": "processPath", + "schema": { + "description": "ProcessPath is the path constraint of the process that triggered the audit.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "RequestID is used to filter by request ID.\n", + "in": "query", + "name": "requestID", + "schema": { + "description": "RequestID is used to filter by request ID.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "FunctionID is used to filter by function ID.\n", + "in": "query", + "name": "functionID", + "schema": { + "description": "FunctionID is used to filter by function ID.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Aggregate indicates whether the result audits should be aggregated according to the Select field.\n", + "in": "query", + "name": "aggregate", + "schema": { + "type": "boolean" + } + }, + { + "description": "AppID is used to filter by embedded app or Fargate task that triggered the audit.\n", + "in": "query", + "name": "appID", + "schema": { + "description": "AppID is used to filter by embedded app or Fargate task that triggered the audit.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + } + ], + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/-_shared.RuntimeAudit" + } + } + }, + "description": "" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Audits" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorRuntimeServerless" + }, + "operationId": "get-audits-runtime-app-embedded", + "summary": "Get Runtime App-embedded Audit Events" + } + }, + "/api/v33.03/audits/runtime/app-embedded/download": { + "get": { + "description": { + "$ref": "desc/audits/runtime_app_embedded_download_get.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Limit is the amount to fix.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Sorts the result using a key.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": "IDs are the audit IDs to filter.\n", + "in": "query", + "name": "id", + "schema": { + "description": "IDs are the audit IDs to filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "ProfileIDs are the profile IDs to filter.\n", + "in": "query", + "name": "profileID", + "schema": { + "description": "ProfileIDs are the profile IDs to filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "From is an optional minimum time constraints for the audit.\n", + "in": "query", + "name": "from", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "To is an optional maximum time constraints for the audit.\n", + "in": "query", + "name": "to", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "Time is used to filter by audit time.\n", + "in": "query", + "name": "time", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "ImageNames is the image name filter.\n", + "in": "query", + "name": "imageName", + "schema": { + "description": "ImageNames is the image name filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Containers is the container name filter.\n", + "in": "query", + "name": "container", + "schema": { + "description": "Containers is the container name filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "ContainerID is used to filter by container ID.\n", + "in": "query", + "name": "containerID", + "schema": { + "description": "ContainerID is used to filter by container ID.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "RuleNames is used to filter by rule name.\n", + "in": "query", + "name": "ruleName", + "schema": { + "description": "RuleNames is used to filter by rule name.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Types is used to filter by runtime audit type.\n", + "in": "query", + "name": "type", + "schema": { + "description": "Types is used to filter by runtime audit type.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Effect is used to filter by runtime audit effect (e.g., block/alert).\n", + "in": "query", + "name": "effect", + "schema": { + "description": "Effect is used to filter by runtime audit effect (e.g., block/alert).\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Users is used to filter by host users.\n", + "in": "query", + "name": "user", + "schema": { + "description": "Users is used to filter by host users.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "OS is the image OS distro filter.\n", + "in": "query", + "name": "os", + "schema": { + "description": "OS is the image OS distro filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Namespaces is the namespaces filter.\n", + "in": "query", + "name": "namespace", + "schema": { + "description": "Namespaces is the namespaces filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Fields is used to fetch specific runtime audit fields.\n", + "in": "query", + "name": "fields", + "schema": { + "description": "Fields is used to fetch specific runtime audit fields.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Clusters is the cluster filter.\n", + "in": "query", + "name": "cluster", + "schema": { + "description": "Clusters is the cluster filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "AttackTypes is used to filter by runtime audit attack type.\n", + "in": "query", + "name": "attackType", + "schema": { + "description": "AttackTypes is used to filter by runtime audit attack type.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Hostname is the hostname filter.\n", + "in": "query", + "name": "hostname", + "schema": { + "description": "Hostname is the hostname filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Message is the audit message text filter.\n", + "in": "query", + "name": "msg", + "schema": { + "description": "Message is the audit message text filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Interactive is the audit interactive filter.\n", + "in": "query", + "name": "interactive", + "schema": { + "description": "Interactive is the audit interactive filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Function is used to filter by function name.\n", + "in": "query", + "name": "function", + "schema": { + "description": "Function is used to filter by function name.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Runtime is used to filter by runtime.\n", + "in": "query", + "name": "runtime", + "schema": { + "description": "Runtime is used to filter by runtime.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "AttackTechniques are the MITRE attack techniques.\n", + "in": "query", + "name": "attackTechniques", + "schema": { + "description": "AttackTechniques are the MITRE attack techniques.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "App is the name constraint of the service that triggered the audit.\n", + "in": "query", + "name": "app", + "schema": { + "description": "App is the name constraint of the service that triggered the audit.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "ProcessPath is the path constraint of the process that triggered the audit.\n", + "in": "query", + "name": "processPath", + "schema": { + "description": "ProcessPath is the path constraint of the process that triggered the audit.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "RequestID is used to filter by request ID.\n", + "in": "query", + "name": "requestID", + "schema": { + "description": "RequestID is used to filter by request ID.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "FunctionID is used to filter by function ID.\n", + "in": "query", + "name": "functionID", + "schema": { + "description": "FunctionID is used to filter by function ID.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Aggregate indicates whether the result audits should be aggregated according to the Select field.\n", + "in": "query", + "name": "aggregate", + "schema": { + "type": "boolean" + } + }, + { + "description": "AppID is used to filter by embedded app or Fargate task that triggered the audit.\n", + "in": "query", + "name": "appID", + "schema": { + "description": "AppID is used to filter by embedded app or Fargate task that triggered the audit.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + } + ], + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Audits" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorRuntimeServerless" + }, + "operationId": "get-audits-runtime-app-embedded-download", + "summary": "Download Runtime App-embedded Audit Events" + } + }, + "/api/v33.03/audits/runtime/container": { + "get": { + "description": { + "$ref": "desc/audits/runtime_container_get.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Limit is the amount to fix.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Sorts the result using a key.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": "IDs are the audit IDs to filter.\n", + "in": "query", + "name": "id", + "schema": { + "description": "IDs are the audit IDs to filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "ProfileIDs are the profile IDs to filter.\n", + "in": "query", + "name": "profileID", + "schema": { + "description": "ProfileIDs are the profile IDs to filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "From is an optional minimum time constraints for the audit.\n", + "in": "query", + "name": "from", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "To is an optional maximum time constraints for the audit.\n", + "in": "query", + "name": "to", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "Time is used to filter by audit time.\n", + "in": "query", + "name": "time", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "ImageNames is the image name filter.\n", + "in": "query", + "name": "imageName", + "schema": { + "description": "ImageNames is the image name filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Containers is the container name filter.\n", + "in": "query", + "name": "container", + "schema": { + "description": "Containers is the container name filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "ContainerID is used to filter by container ID.\n", + "in": "query", + "name": "containerID", + "schema": { + "description": "ContainerID is used to filter by container ID.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "RuleNames is used to filter by rule name.\n", + "in": "query", + "name": "ruleName", + "schema": { + "description": "RuleNames is used to filter by rule name.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Types is used to filter by runtime audit type.\n", + "in": "query", + "name": "type", + "schema": { + "description": "Types is used to filter by runtime audit type.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Effect is used to filter by runtime audit effect (e.g., block/alert).\n", + "in": "query", + "name": "effect", + "schema": { + "description": "Effect is used to filter by runtime audit effect (e.g., block/alert).\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Users is used to filter by host users.\n", + "in": "query", + "name": "user", + "schema": { + "description": "Users is used to filter by host users.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "OS is the image OS distro filter.\n", + "in": "query", + "name": "os", + "schema": { + "description": "OS is the image OS distro filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Namespaces is the namespaces filter.\n", + "in": "query", + "name": "namespace", + "schema": { + "description": "Namespaces is the namespaces filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Fields is used to fetch specific runtime audit fields.\n", + "in": "query", + "name": "fields", + "schema": { + "description": "Fields is used to fetch specific runtime audit fields.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Clusters is the cluster filter.\n", + "in": "query", + "name": "cluster", + "schema": { + "description": "Clusters is the cluster filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "AttackTypes is used to filter by runtime audit attack type.\n", + "in": "query", + "name": "attackType", + "schema": { + "description": "AttackTypes is used to filter by runtime audit attack type.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Hostname is the hostname filter.\n", + "in": "query", + "name": "hostname", + "schema": { + "description": "Hostname is the hostname filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Message is the audit message text filter.\n", + "in": "query", + "name": "msg", + "schema": { + "description": "Message is the audit message text filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Interactive is the audit interactive filter.\n", + "in": "query", + "name": "interactive", + "schema": { + "description": "Interactive is the audit interactive filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Function is used to filter by function name.\n", + "in": "query", + "name": "function", + "schema": { + "description": "Function is used to filter by function name.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Runtime is used to filter by runtime.\n", + "in": "query", + "name": "runtime", + "schema": { + "description": "Runtime is used to filter by runtime.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "AttackTechniques are the MITRE attack techniques.\n", + "in": "query", + "name": "attackTechniques", + "schema": { + "description": "AttackTechniques are the MITRE attack techniques.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "App is the name constraint of the service that triggered the audit.\n", + "in": "query", + "name": "app", + "schema": { + "description": "App is the name constraint of the service that triggered the audit.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "ProcessPath is the path constraint of the process that triggered the audit.\n", + "in": "query", + "name": "processPath", + "schema": { + "description": "ProcessPath is the path constraint of the process that triggered the audit.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "RequestID is used to filter by request ID.\n", + "in": "query", + "name": "requestID", + "schema": { + "description": "RequestID is used to filter by request ID.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "FunctionID is used to filter by function ID.\n", + "in": "query", + "name": "functionID", + "schema": { + "description": "FunctionID is used to filter by function ID.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Aggregate indicates whether the result audits should be aggregated according to the Select field.\n", + "in": "query", + "name": "aggregate", + "schema": { + "type": "boolean" + } + }, + { + "description": "AppID is used to filter by embedded app or Fargate task that triggered the audit.\n", + "in": "query", + "name": "appID", + "schema": { + "description": "AppID is used to filter by embedded app or Fargate task that triggered the audit.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + } + ], + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/-_shared.RuntimeAudit" + } + } + }, + "description": "" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Audits" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorRuntimeContainers" + }, + "operationId": "get-audits-runtime-container", + "summary": "Get Runtime Container Audit Events" + } + }, + "/api/v33.03/audits/runtime/container/download": { + "get": { + "description": { + "$ref": "desc/audits/runtime_container_download_get.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Limit is the amount to fix.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Sorts the result using a key.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": "IDs are the audit IDs to filter.\n", + "in": "query", + "name": "id", + "schema": { + "description": "IDs are the audit IDs to filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "ProfileIDs are the profile IDs to filter.\n", + "in": "query", + "name": "profileID", + "schema": { + "description": "ProfileIDs are the profile IDs to filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "From is an optional minimum time constraints for the audit.\n", + "in": "query", + "name": "from", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "To is an optional maximum time constraints for the audit.\n", + "in": "query", + "name": "to", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "Time is used to filter by audit time.\n", + "in": "query", + "name": "time", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "ImageNames is the image name filter.\n", + "in": "query", + "name": "imageName", + "schema": { + "description": "ImageNames is the image name filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Containers is the container name filter.\n", + "in": "query", + "name": "container", + "schema": { + "description": "Containers is the container name filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "ContainerID is used to filter by container ID.\n", + "in": "query", + "name": "containerID", + "schema": { + "description": "ContainerID is used to filter by container ID.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "RuleNames is used to filter by rule name.\n", + "in": "query", + "name": "ruleName", + "schema": { + "description": "RuleNames is used to filter by rule name.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Types is used to filter by runtime audit type.\n", + "in": "query", + "name": "type", + "schema": { + "description": "Types is used to filter by runtime audit type.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Effect is used to filter by runtime audit effect (e.g., block/alert).\n", + "in": "query", + "name": "effect", + "schema": { + "description": "Effect is used to filter by runtime audit effect (e.g., block/alert).\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Users is used to filter by host users.\n", + "in": "query", + "name": "user", + "schema": { + "description": "Users is used to filter by host users.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "OS is the image OS distro filter.\n", + "in": "query", + "name": "os", + "schema": { + "description": "OS is the image OS distro filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Namespaces is the namespaces filter.\n", + "in": "query", + "name": "namespace", + "schema": { + "description": "Namespaces is the namespaces filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Fields is used to fetch specific runtime audit fields.\n", + "in": "query", + "name": "fields", + "schema": { + "description": "Fields is used to fetch specific runtime audit fields.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Clusters is the cluster filter.\n", + "in": "query", + "name": "cluster", + "schema": { + "description": "Clusters is the cluster filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "AttackTypes is used to filter by runtime audit attack type.\n", + "in": "query", + "name": "attackType", + "schema": { + "description": "AttackTypes is used to filter by runtime audit attack type.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Hostname is the hostname filter.\n", + "in": "query", + "name": "hostname", + "schema": { + "description": "Hostname is the hostname filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Message is the audit message text filter.\n", + "in": "query", + "name": "msg", + "schema": { + "description": "Message is the audit message text filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Interactive is the audit interactive filter.\n", + "in": "query", + "name": "interactive", + "schema": { + "description": "Interactive is the audit interactive filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Function is used to filter by function name.\n", + "in": "query", + "name": "function", + "schema": { + "description": "Function is used to filter by function name.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Runtime is used to filter by runtime.\n", + "in": "query", + "name": "runtime", + "schema": { + "description": "Runtime is used to filter by runtime.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "AttackTechniques are the MITRE attack techniques.\n", + "in": "query", + "name": "attackTechniques", + "schema": { + "description": "AttackTechniques are the MITRE attack techniques.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "App is the name constraint of the service that triggered the audit.\n", + "in": "query", + "name": "app", + "schema": { + "description": "App is the name constraint of the service that triggered the audit.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "ProcessPath is the path constraint of the process that triggered the audit.\n", + "in": "query", + "name": "processPath", + "schema": { + "description": "ProcessPath is the path constraint of the process that triggered the audit.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "RequestID is used to filter by request ID.\n", + "in": "query", + "name": "requestID", + "schema": { + "description": "RequestID is used to filter by request ID.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "FunctionID is used to filter by function ID.\n", + "in": "query", + "name": "functionID", + "schema": { + "description": "FunctionID is used to filter by function ID.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Aggregate indicates whether the result audits should be aggregated according to the Select field.\n", + "in": "query", + "name": "aggregate", + "schema": { + "type": "boolean" + } + }, + { + "description": "AppID is used to filter by embedded app or Fargate task that triggered the audit.\n", + "in": "query", + "name": "appID", + "schema": { + "description": "AppID is used to filter by embedded app or Fargate task that triggered the audit.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + } + ], + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Audits" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorRuntimeContainers" + }, + "operationId": "get-audits-runtime-container-download", + "summary": "Download Runtime Container Audit Events" + } + }, + "/api/v33.03/audits/runtime/container/timeslice": { + "get": { + "description": { + "$ref": "desc/audits/runtime_container_timeslice_get.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Limit is the amount to fix.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Sorts the result using a key.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": "IDs are the audit IDs to filter.\n", + "in": "query", + "name": "id", + "schema": { + "description": "IDs are the audit IDs to filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "ProfileIDs are the profile IDs to filter.\n", + "in": "query", + "name": "profileID", + "schema": { + "description": "ProfileIDs are the profile IDs to filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "From is an optional minimum time constraints for the audit.\n", + "in": "query", + "name": "from", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "To is an optional maximum time constraints for the audit.\n", + "in": "query", + "name": "to", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "Time is used to filter by audit time.\n", + "in": "query", + "name": "time", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "ImageNames is the image name filter.\n", + "in": "query", + "name": "imageName", + "schema": { + "description": "ImageNames is the image name filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Containers is the container name filter.\n", + "in": "query", + "name": "container", + "schema": { + "description": "Containers is the container name filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "ContainerID is used to filter by container ID.\n", + "in": "query", + "name": "containerID", + "schema": { + "description": "ContainerID is used to filter by container ID.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "RuleNames is used to filter by rule name.\n", + "in": "query", + "name": "ruleName", + "schema": { + "description": "RuleNames is used to filter by rule name.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Types is used to filter by runtime audit type.\n", + "in": "query", + "name": "type", + "schema": { + "description": "Types is used to filter by runtime audit type.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Effect is used to filter by runtime audit effect (e.g., block/alert).\n", + "in": "query", + "name": "effect", + "schema": { + "description": "Effect is used to filter by runtime audit effect (e.g., block/alert).\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Users is used to filter by host users.\n", + "in": "query", + "name": "user", + "schema": { + "description": "Users is used to filter by host users.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "OS is the image OS distro filter.\n", + "in": "query", + "name": "os", + "schema": { + "description": "OS is the image OS distro filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Namespaces is the namespaces filter.\n", + "in": "query", + "name": "namespace", + "schema": { + "description": "Namespaces is the namespaces filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Fields is used to fetch specific runtime audit fields.\n", + "in": "query", + "name": "fields", + "schema": { + "description": "Fields is used to fetch specific runtime audit fields.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Clusters is the cluster filter.\n", + "in": "query", + "name": "cluster", + "schema": { + "description": "Clusters is the cluster filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "AttackTypes is used to filter by runtime audit attack type.\n", + "in": "query", + "name": "attackType", + "schema": { + "description": "AttackTypes is used to filter by runtime audit attack type.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Hostname is the hostname filter.\n", + "in": "query", + "name": "hostname", + "schema": { + "description": "Hostname is the hostname filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Message is the audit message text filter.\n", + "in": "query", + "name": "msg", + "schema": { + "description": "Message is the audit message text filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Interactive is the audit interactive filter.\n", + "in": "query", + "name": "interactive", + "schema": { + "description": "Interactive is the audit interactive filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Function is used to filter by function name.\n", + "in": "query", + "name": "function", + "schema": { + "description": "Function is used to filter by function name.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Runtime is used to filter by runtime.\n", + "in": "query", + "name": "runtime", + "schema": { + "description": "Runtime is used to filter by runtime.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "AttackTechniques are the MITRE attack techniques.\n", + "in": "query", + "name": "attackTechniques", + "schema": { + "description": "AttackTechniques are the MITRE attack techniques.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "App is the name constraint of the service that triggered the audit.\n", + "in": "query", + "name": "app", + "schema": { + "description": "App is the name constraint of the service that triggered the audit.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "ProcessPath is the path constraint of the process that triggered the audit.\n", + "in": "query", + "name": "processPath", + "schema": { + "description": "ProcessPath is the path constraint of the process that triggered the audit.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "RequestID is used to filter by request ID.\n", + "in": "query", + "name": "requestID", + "schema": { + "description": "RequestID is used to filter by request ID.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "FunctionID is used to filter by function ID.\n", + "in": "query", + "name": "functionID", + "schema": { + "description": "FunctionID is used to filter by function ID.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Aggregate indicates whether the result audits should be aggregated according to the Select field.\n", + "in": "query", + "name": "aggregate", + "schema": { + "type": "boolean" + } + }, + { + "description": "AppID is used to filter by embedded app or Fargate task that triggered the audit.\n", + "in": "query", + "name": "appID", + "schema": { + "description": "AppID is used to filter by embedded app or Fargate task that triggered the audit.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Buckets is the number of buckets to return.\n", + "in": "query", + "name": "buckets", + "schema": { + "type": "integer" + } + } + ], + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/-_types.AuditTimeslice" + } + } + }, + "description": "" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Audits" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorRuntimeContainers" + }, + "operationId": "get-audits-runtime-container-timeslice", + "summary": "Get Runtime Container Audit Events for a Timeframe" + } + }, + "/api/v33.03/audits/runtime/file-integrity": { + "get": { + "description": { + "$ref": "desc/audits/runtime_file-integrity_get.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Limit is the amount to fix.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Sorts the result using a key.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": "IDs is the list of IDs to use for filtering.\n", + "in": "query", + "name": "id", + "schema": { + "description": "IDs is the list of IDs to use for filtering.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "From is an optional minimum time constraints for the event.\n", + "in": "query", + "name": "from", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "To is an optional maximum time constraints for the event.\n", + "in": "query", + "name": "to", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "Hosts is the list of hosts to use for filtering.\n", + "in": "query", + "name": "hostname", + "schema": { + "description": "Hosts is the list of hosts to use for filtering.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Paths is the list of paths to use for filtering.\n", + "in": "query", + "name": "path", + "schema": { + "description": "Paths is the list of paths to use for filtering.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "EventTypes is the list of file intergrity events to use for filtering.\n", + "in": "query", + "name": "eventType", + "schema": { + "description": "EventTypes is the list of file intergrity events to use for filtering.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Clusters is the cluster filter.\n", + "in": "query", + "name": "cluster", + "schema": { + "description": "Clusters is the cluster filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + } + ], + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/-_shared.FileIntegrityEvent" + } + } + }, + "description": "" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Audits" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorRuntimeHosts" + }, + "operationId": "get-audits-runtime-file-integrity", + "summary": "Get Runtime File Integrity Audit Events" + } + }, + "/api/v33.03/audits/runtime/file-integrity/download": { + "get": { + "description": { + "$ref": "desc/audits/runtime_file-integrity_download_get.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Limit is the amount to fix.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Sorts the result using a key.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": "IDs is the list of IDs to use for filtering.\n", + "in": "query", + "name": "id", + "schema": { + "description": "IDs is the list of IDs to use for filtering.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "From is an optional minimum time constraints for the event.\n", + "in": "query", + "name": "from", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "To is an optional maximum time constraints for the event.\n", + "in": "query", + "name": "to", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "Hosts is the list of hosts to use for filtering.\n", + "in": "query", + "name": "hostname", + "schema": { + "description": "Hosts is the list of hosts to use for filtering.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Paths is the list of paths to use for filtering.\n", + "in": "query", + "name": "path", + "schema": { + "description": "Paths is the list of paths to use for filtering.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "EventTypes is the list of file intergrity events to use for filtering.\n", + "in": "query", + "name": "eventType", + "schema": { + "description": "EventTypes is the list of file intergrity events to use for filtering.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Clusters is the cluster filter.\n", + "in": "query", + "name": "cluster", + "schema": { + "description": "Clusters is the cluster filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + } + ], + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Audits" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorRuntimeHosts" + }, + "operationId": "get-audits-runtime-file-integrity-download", + "summary": "Download Runtime File Integrity Audit Events" + } + }, + "/api/v33.03/audits/runtime/host": { + "get": { + "description": { + "$ref": "desc/audits/runtime_host_get.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Limit is the amount to fix.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Sorts the result using a key.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": "IDs are the audit IDs to filter.\n", + "in": "query", + "name": "id", + "schema": { + "description": "IDs are the audit IDs to filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "ProfileIDs are the profile IDs to filter.\n", + "in": "query", + "name": "profileID", + "schema": { + "description": "ProfileIDs are the profile IDs to filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "From is an optional minimum time constraints for the audit.\n", + "in": "query", + "name": "from", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "To is an optional maximum time constraints for the audit.\n", + "in": "query", + "name": "to", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "Time is used to filter by audit time.\n", + "in": "query", + "name": "time", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "ImageNames is the image name filter.\n", + "in": "query", + "name": "imageName", + "schema": { + "description": "ImageNames is the image name filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Containers is the container name filter.\n", + "in": "query", + "name": "container", + "schema": { + "description": "Containers is the container name filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "ContainerID is used to filter by container ID.\n", + "in": "query", + "name": "containerID", + "schema": { + "description": "ContainerID is used to filter by container ID.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "RuleNames is used to filter by rule name.\n", + "in": "query", + "name": "ruleName", + "schema": { + "description": "RuleNames is used to filter by rule name.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Types is used to filter by runtime audit type.\n", + "in": "query", + "name": "type", + "schema": { + "description": "Types is used to filter by runtime audit type.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Effect is used to filter by runtime audit effect (e.g., block/alert).\n", + "in": "query", + "name": "effect", + "schema": { + "description": "Effect is used to filter by runtime audit effect (e.g., block/alert).\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Users is used to filter by host users.\n", + "in": "query", + "name": "user", + "schema": { + "description": "Users is used to filter by host users.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "OS is the image OS distro filter.\n", + "in": "query", + "name": "os", + "schema": { + "description": "OS is the image OS distro filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Namespaces is the namespaces filter.\n", + "in": "query", + "name": "namespace", + "schema": { + "description": "Namespaces is the namespaces filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Fields is used to fetch specific runtime audit fields.\n", + "in": "query", + "name": "fields", + "schema": { + "description": "Fields is used to fetch specific runtime audit fields.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Clusters is the cluster filter.\n", + "in": "query", + "name": "cluster", + "schema": { + "description": "Clusters is the cluster filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "AttackTypes is used to filter by runtime audit attack type.\n", + "in": "query", + "name": "attackType", + "schema": { + "description": "AttackTypes is used to filter by runtime audit attack type.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Hostname is the hostname filter.\n", + "in": "query", + "name": "hostname", + "schema": { + "description": "Hostname is the hostname filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Message is the audit message text filter.\n", + "in": "query", + "name": "msg", + "schema": { + "description": "Message is the audit message text filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Interactive is the audit interactive filter.\n", + "in": "query", + "name": "interactive", + "schema": { + "description": "Interactive is the audit interactive filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Function is used to filter by function name.\n", + "in": "query", + "name": "function", + "schema": { + "description": "Function is used to filter by function name.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Runtime is used to filter by runtime.\n", + "in": "query", + "name": "runtime", + "schema": { + "description": "Runtime is used to filter by runtime.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "AttackTechniques are the MITRE attack techniques.\n", + "in": "query", + "name": "attackTechniques", + "schema": { + "description": "AttackTechniques are the MITRE attack techniques.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "App is the name constraint of the service that triggered the audit.\n", + "in": "query", + "name": "app", + "schema": { + "description": "App is the name constraint of the service that triggered the audit.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "ProcessPath is the path constraint of the process that triggered the audit.\n", + "in": "query", + "name": "processPath", + "schema": { + "description": "ProcessPath is the path constraint of the process that triggered the audit.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "RequestID is used to filter by request ID.\n", + "in": "query", + "name": "requestID", + "schema": { + "description": "RequestID is used to filter by request ID.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "FunctionID is used to filter by function ID.\n", + "in": "query", + "name": "functionID", + "schema": { + "description": "FunctionID is used to filter by function ID.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Aggregate indicates whether the result audits should be aggregated according to the Select field.\n", + "in": "query", + "name": "aggregate", + "schema": { + "type": "boolean" + } + }, + { + "description": "AppID is used to filter by embedded app or Fargate task that triggered the audit.\n", + "in": "query", + "name": "appID", + "schema": { + "description": "AppID is used to filter by embedded app or Fargate task that triggered the audit.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + } + ], + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/-_shared.RuntimeAudit" + } + } + }, + "description": "" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Audits" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorRuntimeHosts" + }, + "operationId": "get-audits-runtime-host", + "summary": "Get Runtime Host Audit Events" + } + }, + "/api/v33.03/audits/runtime/host/download": { + "get": { + "description": { + "$ref": "desc/audits/runtime_host_download_get.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Limit is the amount to fix.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Sorts the result using a key.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": "IDs are the audit IDs to filter.\n", + "in": "query", + "name": "id", + "schema": { + "description": "IDs are the audit IDs to filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "ProfileIDs are the profile IDs to filter.\n", + "in": "query", + "name": "profileID", + "schema": { + "description": "ProfileIDs are the profile IDs to filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "From is an optional minimum time constraints for the audit.\n", + "in": "query", + "name": "from", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "To is an optional maximum time constraints for the audit.\n", + "in": "query", + "name": "to", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "Time is used to filter by audit time.\n", + "in": "query", + "name": "time", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "ImageNames is the image name filter.\n", + "in": "query", + "name": "imageName", + "schema": { + "description": "ImageNames is the image name filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Containers is the container name filter.\n", + "in": "query", + "name": "container", + "schema": { + "description": "Containers is the container name filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "ContainerID is used to filter by container ID.\n", + "in": "query", + "name": "containerID", + "schema": { + "description": "ContainerID is used to filter by container ID.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "RuleNames is used to filter by rule name.\n", + "in": "query", + "name": "ruleName", + "schema": { + "description": "RuleNames is used to filter by rule name.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Types is used to filter by runtime audit type.\n", + "in": "query", + "name": "type", + "schema": { + "description": "Types is used to filter by runtime audit type.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Effect is used to filter by runtime audit effect (e.g., block/alert).\n", + "in": "query", + "name": "effect", + "schema": { + "description": "Effect is used to filter by runtime audit effect (e.g., block/alert).\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Users is used to filter by host users.\n", + "in": "query", + "name": "user", + "schema": { + "description": "Users is used to filter by host users.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "OS is the image OS distro filter.\n", + "in": "query", + "name": "os", + "schema": { + "description": "OS is the image OS distro filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Namespaces is the namespaces filter.\n", + "in": "query", + "name": "namespace", + "schema": { + "description": "Namespaces is the namespaces filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Fields is used to fetch specific runtime audit fields.\n", + "in": "query", + "name": "fields", + "schema": { + "description": "Fields is used to fetch specific runtime audit fields.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Clusters is the cluster filter.\n", + "in": "query", + "name": "cluster", + "schema": { + "description": "Clusters is the cluster filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "AttackTypes is used to filter by runtime audit attack type.\n", + "in": "query", + "name": "attackType", + "schema": { + "description": "AttackTypes is used to filter by runtime audit attack type.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Hostname is the hostname filter.\n", + "in": "query", + "name": "hostname", + "schema": { + "description": "Hostname is the hostname filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Message is the audit message text filter.\n", + "in": "query", + "name": "msg", + "schema": { + "description": "Message is the audit message text filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Interactive is the audit interactive filter.\n", + "in": "query", + "name": "interactive", + "schema": { + "description": "Interactive is the audit interactive filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Function is used to filter by function name.\n", + "in": "query", + "name": "function", + "schema": { + "description": "Function is used to filter by function name.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Runtime is used to filter by runtime.\n", + "in": "query", + "name": "runtime", + "schema": { + "description": "Runtime is used to filter by runtime.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "AttackTechniques are the MITRE attack techniques.\n", + "in": "query", + "name": "attackTechniques", + "schema": { + "description": "AttackTechniques are the MITRE attack techniques.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "App is the name constraint of the service that triggered the audit.\n", + "in": "query", + "name": "app", + "schema": { + "description": "App is the name constraint of the service that triggered the audit.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "ProcessPath is the path constraint of the process that triggered the audit.\n", + "in": "query", + "name": "processPath", + "schema": { + "description": "ProcessPath is the path constraint of the process that triggered the audit.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "RequestID is used to filter by request ID.\n", + "in": "query", + "name": "requestID", + "schema": { + "description": "RequestID is used to filter by request ID.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "FunctionID is used to filter by function ID.\n", + "in": "query", + "name": "functionID", + "schema": { + "description": "FunctionID is used to filter by function ID.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Aggregate indicates whether the result audits should be aggregated according to the Select field.\n", + "in": "query", + "name": "aggregate", + "schema": { + "type": "boolean" + } + }, + { + "description": "AppID is used to filter by embedded app or Fargate task that triggered the audit.\n", + "in": "query", + "name": "appID", + "schema": { + "description": "AppID is used to filter by embedded app or Fargate task that triggered the audit.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + } + ], + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Audits" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorRuntimeHosts" + }, + "operationId": "get-audits-runtime-host-download", + "summary": "Download Runtime Host Audit Events" + } + }, + "/api/v33.03/audits/runtime/host/timeslice": { + "get": { + "description": { + "$ref": "desc/audits/runtime_host_timeslice_get.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Limit is the amount to fix.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Sorts the result using a key.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": "IDs are the audit IDs to filter.\n", + "in": "query", + "name": "id", + "schema": { + "description": "IDs are the audit IDs to filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "ProfileIDs are the profile IDs to filter.\n", + "in": "query", + "name": "profileID", + "schema": { + "description": "ProfileIDs are the profile IDs to filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "From is an optional minimum time constraints for the audit.\n", + "in": "query", + "name": "from", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "To is an optional maximum time constraints for the audit.\n", + "in": "query", + "name": "to", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "Time is used to filter by audit time.\n", + "in": "query", + "name": "time", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "ImageNames is the image name filter.\n", + "in": "query", + "name": "imageName", + "schema": { + "description": "ImageNames is the image name filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Containers is the container name filter.\n", + "in": "query", + "name": "container", + "schema": { + "description": "Containers is the container name filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "ContainerID is used to filter by container ID.\n", + "in": "query", + "name": "containerID", + "schema": { + "description": "ContainerID is used to filter by container ID.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "RuleNames is used to filter by rule name.\n", + "in": "query", + "name": "ruleName", + "schema": { + "description": "RuleNames is used to filter by rule name.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Types is used to filter by runtime audit type.\n", + "in": "query", + "name": "type", + "schema": { + "description": "Types is used to filter by runtime audit type.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Effect is used to filter by runtime audit effect (e.g., block/alert).\n", + "in": "query", + "name": "effect", + "schema": { + "description": "Effect is used to filter by runtime audit effect (e.g., block/alert).\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Users is used to filter by host users.\n", + "in": "query", + "name": "user", + "schema": { + "description": "Users is used to filter by host users.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "OS is the image OS distro filter.\n", + "in": "query", + "name": "os", + "schema": { + "description": "OS is the image OS distro filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Namespaces is the namespaces filter.\n", + "in": "query", + "name": "namespace", + "schema": { + "description": "Namespaces is the namespaces filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Fields is used to fetch specific runtime audit fields.\n", + "in": "query", + "name": "fields", + "schema": { + "description": "Fields is used to fetch specific runtime audit fields.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Clusters is the cluster filter.\n", + "in": "query", + "name": "cluster", + "schema": { + "description": "Clusters is the cluster filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "AttackTypes is used to filter by runtime audit attack type.\n", + "in": "query", + "name": "attackType", + "schema": { + "description": "AttackTypes is used to filter by runtime audit attack type.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Hostname is the hostname filter.\n", + "in": "query", + "name": "hostname", + "schema": { + "description": "Hostname is the hostname filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Message is the audit message text filter.\n", + "in": "query", + "name": "msg", + "schema": { + "description": "Message is the audit message text filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Interactive is the audit interactive filter.\n", + "in": "query", + "name": "interactive", + "schema": { + "description": "Interactive is the audit interactive filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Function is used to filter by function name.\n", + "in": "query", + "name": "function", + "schema": { + "description": "Function is used to filter by function name.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Runtime is used to filter by runtime.\n", + "in": "query", + "name": "runtime", + "schema": { + "description": "Runtime is used to filter by runtime.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "AttackTechniques are the MITRE attack techniques.\n", + "in": "query", + "name": "attackTechniques", + "schema": { + "description": "AttackTechniques are the MITRE attack techniques.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "App is the name constraint of the service that triggered the audit.\n", + "in": "query", + "name": "app", + "schema": { + "description": "App is the name constraint of the service that triggered the audit.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "ProcessPath is the path constraint of the process that triggered the audit.\n", + "in": "query", + "name": "processPath", + "schema": { + "description": "ProcessPath is the path constraint of the process that triggered the audit.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "RequestID is used to filter by request ID.\n", + "in": "query", + "name": "requestID", + "schema": { + "description": "RequestID is used to filter by request ID.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "FunctionID is used to filter by function ID.\n", + "in": "query", + "name": "functionID", + "schema": { + "description": "FunctionID is used to filter by function ID.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Aggregate indicates whether the result audits should be aggregated according to the Select field.\n", + "in": "query", + "name": "aggregate", + "schema": { + "type": "boolean" + } + }, + { + "description": "AppID is used to filter by embedded app or Fargate task that triggered the audit.\n", + "in": "query", + "name": "appID", + "schema": { + "description": "AppID is used to filter by embedded app or Fargate task that triggered the audit.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Buckets is the number of buckets to return.\n", + "in": "query", + "name": "buckets", + "schema": { + "type": "integer" + } + } + ], + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/-_types.AuditTimeslice" + } + } + }, + "description": "" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Audits" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorRuntimeHosts" + }, + "operationId": "get-audits-runtime-host-timeslice", + "summary": "Get Runtime Host Audit Events for a Timeframe" + } + }, + "/api/v33.03/audits/runtime/log-inspection": { + "get": { + "description": { + "$ref": "desc/audits/runtime_log-inspection_get.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Limit is the amount to fix.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Sorts the result using a key.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": "IDs is the list of IDs to use for filtering.\n", + "in": "query", + "name": "id", + "schema": { + "description": "IDs is the list of IDs to use for filtering.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "From is an optional minimum time constraints for the event.\n", + "in": "query", + "name": "from", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "To is an optional maximum time constraints for the event.\n", + "in": "query", + "name": "to", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "Hosts is the list of hosts to use for filtering.\n", + "in": "query", + "name": "hostname", + "schema": { + "description": "Hosts is the list of hosts to use for filtering.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Logfiles is the list of log files to use for filtering.\n", + "in": "query", + "name": "logfile", + "schema": { + "description": "Logfiles is the list of log files to use for filtering.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Clusters is the cluster filter.\n", + "in": "query", + "name": "cluster", + "schema": { + "description": "Clusters is the cluster filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + } + ], + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/-_shared.LogInspectionEvent" + } + } + }, + "description": "" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Audits" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorRuntimeHosts" + }, + "operationId": "get-audits-runtime-log-inspection", + "summary": "Get Runtime Log Inspection Audit Events" + } + }, + "/api/v33.03/audits/runtime/log-inspection/download": { + "get": { + "description": { + "$ref": "desc/audits/runtime_log-inspection_download_get.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Limit is the amount to fix.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Sorts the result using a key.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": "IDs is the list of IDs to use for filtering.\n", + "in": "query", + "name": "id", + "schema": { + "description": "IDs is the list of IDs to use for filtering.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "From is an optional minimum time constraints for the event.\n", + "in": "query", + "name": "from", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "To is an optional maximum time constraints for the event.\n", + "in": "query", + "name": "to", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "Hosts is the list of hosts to use for filtering.\n", + "in": "query", + "name": "hostname", + "schema": { + "description": "Hosts is the list of hosts to use for filtering.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Logfiles is the list of log files to use for filtering.\n", + "in": "query", + "name": "logfile", + "schema": { + "description": "Logfiles is the list of log files to use for filtering.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Clusters is the cluster filter.\n", + "in": "query", + "name": "cluster", + "schema": { + "description": "Clusters is the cluster filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + } + ], + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Audits" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorRuntimeHosts" + }, + "operationId": "get-audits-runtime-log-inspection-download", + "summary": "Download Runtime Log Inspection Audit Events" + } + }, + "/api/v33.03/audits/runtime/serverless": { + "get": { + "description": { + "$ref": "desc/audits/runtime_serverless_get.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Limit is the amount to fix.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Sorts the result using a key.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": "ProfileIDs are the profile ids to filter.\n", + "in": "query", + "name": "profileID", + "schema": { + "description": "ProfileIDs are the profile ids to filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "From is an optional minimum time constraints for the audit.\n", + "in": "query", + "name": "from", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "To is an optional maximum time constraints for the audit.\n", + "in": "query", + "name": "to", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "Time is an optional exact time constraint for the audit.\n", + "in": "query", + "name": "time", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "RuleNames is used to filter by rule name.\n", + "in": "query", + "name": "ruleName", + "schema": { + "description": "RuleNames is used to filter by rule name.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Types is a filter by runtime audit type.\n", + "in": "query", + "name": "type", + "schema": { + "description": "Types is a filter by runtime audit type.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Effect is used to filter by runtime audit effect (block/alert).\n", + "in": "query", + "name": "effect", + "schema": { + "description": "Effect is used to filter by runtime audit effect (block/alert).\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Function is used to filter by function name.\n", + "in": "query", + "name": "function", + "schema": { + "description": "Function is used to filter by function name.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Runtime is used to filter by runtime.\n", + "in": "query", + "name": "runtime", + "schema": { + "description": "Runtime is used to filter by runtime.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "AttackTechniques are the MITRE attack techniques.\n", + "in": "query", + "name": "attackTechniques", + "schema": { + "description": "AttackTechniques are the MITRE attack techniques.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "RequestID is used to filter by request id.\n", + "in": "query", + "name": "requestID", + "schema": { + "description": "RequestID is used to filter by request id.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Message is the audit message text filter.\n", + "in": "query", + "name": "msg", + "schema": { + "description": "Message is the audit message text filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "AttackTypes is used to filter by runtime audit attack type.\n", + "in": "query", + "name": "attackType", + "schema": { + "description": "AttackTypes is used to filter by runtime audit attack type.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Aggregate indicates whether the result audits should be aggregated according to the Select field.\n", + "in": "query", + "name": "aggregate", + "schema": { + "type": "boolean" + } + } + ], + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/-_shared.RuntimeAudit" + } + } + }, + "description": "" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Audits" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorRuntimeServerless" + }, + "operationId": "get-audits-runtime-serverless", + "summary": "Get Runtime Serverless Audit Events" + } + }, + "/api/v33.03/audits/runtime/serverless/download": { + "get": { + "description": { + "$ref": "desc/audits/runtime_serverless_download_get.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Limit is the amount to fix.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Sorts the result using a key.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": "IDs are the audit IDs to filter.\n", + "in": "query", + "name": "id", + "schema": { + "description": "IDs are the audit IDs to filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "ProfileIDs are the profile IDs to filter.\n", + "in": "query", + "name": "profileID", + "schema": { + "description": "ProfileIDs are the profile IDs to filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "From is an optional minimum time constraints for the audit.\n", + "in": "query", + "name": "from", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "To is an optional maximum time constraints for the audit.\n", + "in": "query", + "name": "to", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "Time is used to filter by audit time.\n", + "in": "query", + "name": "time", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "ImageNames is the image name filter.\n", + "in": "query", + "name": "imageName", + "schema": { + "description": "ImageNames is the image name filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Containers is the container name filter.\n", + "in": "query", + "name": "container", + "schema": { + "description": "Containers is the container name filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "ContainerID is used to filter by container ID.\n", + "in": "query", + "name": "containerID", + "schema": { + "description": "ContainerID is used to filter by container ID.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "RuleNames is used to filter by rule name.\n", + "in": "query", + "name": "ruleName", + "schema": { + "description": "RuleNames is used to filter by rule name.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Types is used to filter by runtime audit type.\n", + "in": "query", + "name": "type", + "schema": { + "description": "Types is used to filter by runtime audit type.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Effect is used to filter by runtime audit effect (e.g., block/alert).\n", + "in": "query", + "name": "effect", + "schema": { + "description": "Effect is used to filter by runtime audit effect (e.g., block/alert).\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Users is used to filter by host users.\n", + "in": "query", + "name": "user", + "schema": { + "description": "Users is used to filter by host users.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "OS is the image OS distro filter.\n", + "in": "query", + "name": "os", + "schema": { + "description": "OS is the image OS distro filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Namespaces is the namespaces filter.\n", + "in": "query", + "name": "namespace", + "schema": { + "description": "Namespaces is the namespaces filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Fields is used to fetch specific runtime audit fields.\n", + "in": "query", + "name": "fields", + "schema": { + "description": "Fields is used to fetch specific runtime audit fields.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Clusters is the cluster filter.\n", + "in": "query", + "name": "cluster", + "schema": { + "description": "Clusters is the cluster filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "AttackTypes is used to filter by runtime audit attack type.\n", + "in": "query", + "name": "attackType", + "schema": { + "description": "AttackTypes is used to filter by runtime audit attack type.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Hostname is the hostname filter.\n", + "in": "query", + "name": "hostname", + "schema": { + "description": "Hostname is the hostname filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Message is the audit message text filter.\n", + "in": "query", + "name": "msg", + "schema": { + "description": "Message is the audit message text filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Interactive is the audit interactive filter.\n", + "in": "query", + "name": "interactive", + "schema": { + "description": "Interactive is the audit interactive filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Function is used to filter by function name.\n", + "in": "query", + "name": "function", + "schema": { + "description": "Function is used to filter by function name.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Runtime is used to filter by runtime.\n", + "in": "query", + "name": "runtime", + "schema": { + "description": "Runtime is used to filter by runtime.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "AttackTechniques are the MITRE attack techniques.\n", + "in": "query", + "name": "attackTechniques", + "schema": { + "description": "AttackTechniques are the MITRE attack techniques.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "App is the name constraint of the service that triggered the audit.\n", + "in": "query", + "name": "app", + "schema": { + "description": "App is the name constraint of the service that triggered the audit.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "ProcessPath is the path constraint of the process that triggered the audit.\n", + "in": "query", + "name": "processPath", + "schema": { + "description": "ProcessPath is the path constraint of the process that triggered the audit.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "RequestID is used to filter by request ID.\n", + "in": "query", + "name": "requestID", + "schema": { + "description": "RequestID is used to filter by request ID.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "FunctionID is used to filter by function ID.\n", + "in": "query", + "name": "functionID", + "schema": { + "description": "FunctionID is used to filter by function ID.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Aggregate indicates whether the result audits should be aggregated according to the Select field.\n", + "in": "query", + "name": "aggregate", + "schema": { + "type": "boolean" + } + }, + { + "description": "AppID is used to filter by embedded app or Fargate task that triggered the audit.\n", + "in": "query", + "name": "appID", + "schema": { + "description": "AppID is used to filter by embedded app or Fargate task that triggered the audit.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + } + ], + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Audits" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorRuntimeServerless" + }, + "operationId": "get-audits-runtime-serverless-download", + "summary": "Download Serverless Audit Events" + } + }, + "/api/v33.03/audits/runtime/serverless/timeslice": { + "get": { + "description": { + "$ref": "desc/audits/runtime_serverless_timeslice_get.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Limit is the amount to fix.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Sorts the result using a key.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": "IDs are the audit IDs to filter.\n", + "in": "query", + "name": "id", + "schema": { + "description": "IDs are the audit IDs to filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "ProfileIDs are the profile IDs to filter.\n", + "in": "query", + "name": "profileID", + "schema": { + "description": "ProfileIDs are the profile IDs to filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "From is an optional minimum time constraints for the audit.\n", + "in": "query", + "name": "from", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "To is an optional maximum time constraints for the audit.\n", + "in": "query", + "name": "to", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "Time is used to filter by audit time.\n", + "in": "query", + "name": "time", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "ImageNames is the image name filter.\n", + "in": "query", + "name": "imageName", + "schema": { + "description": "ImageNames is the image name filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Containers is the container name filter.\n", + "in": "query", + "name": "container", + "schema": { + "description": "Containers is the container name filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "ContainerID is used to filter by container ID.\n", + "in": "query", + "name": "containerID", + "schema": { + "description": "ContainerID is used to filter by container ID.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "RuleNames is used to filter by rule name.\n", + "in": "query", + "name": "ruleName", + "schema": { + "description": "RuleNames is used to filter by rule name.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Types is used to filter by runtime audit type.\n", + "in": "query", + "name": "type", + "schema": { + "description": "Types is used to filter by runtime audit type.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Effect is used to filter by runtime audit effect (e.g., block/alert).\n", + "in": "query", + "name": "effect", + "schema": { + "description": "Effect is used to filter by runtime audit effect (e.g., block/alert).\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Users is used to filter by host users.\n", + "in": "query", + "name": "user", + "schema": { + "description": "Users is used to filter by host users.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "OS is the image OS distro filter.\n", + "in": "query", + "name": "os", + "schema": { + "description": "OS is the image OS distro filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Namespaces is the namespaces filter.\n", + "in": "query", + "name": "namespace", + "schema": { + "description": "Namespaces is the namespaces filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Fields is used to fetch specific runtime audit fields.\n", + "in": "query", + "name": "fields", + "schema": { + "description": "Fields is used to fetch specific runtime audit fields.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Clusters is the cluster filter.\n", + "in": "query", + "name": "cluster", + "schema": { + "description": "Clusters is the cluster filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "AttackTypes is used to filter by runtime audit attack type.\n", + "in": "query", + "name": "attackType", + "schema": { + "description": "AttackTypes is used to filter by runtime audit attack type.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Hostname is the hostname filter.\n", + "in": "query", + "name": "hostname", + "schema": { + "description": "Hostname is the hostname filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Message is the audit message text filter.\n", + "in": "query", + "name": "msg", + "schema": { + "description": "Message is the audit message text filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Interactive is the audit interactive filter.\n", + "in": "query", + "name": "interactive", + "schema": { + "description": "Interactive is the audit interactive filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Function is used to filter by function name.\n", + "in": "query", + "name": "function", + "schema": { + "description": "Function is used to filter by function name.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Runtime is used to filter by runtime.\n", + "in": "query", + "name": "runtime", + "schema": { + "description": "Runtime is used to filter by runtime.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "AttackTechniques are the MITRE attack techniques.\n", + "in": "query", + "name": "attackTechniques", + "schema": { + "description": "AttackTechniques are the MITRE attack techniques.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "App is the name constraint of the service that triggered the audit.\n", + "in": "query", + "name": "app", + "schema": { + "description": "App is the name constraint of the service that triggered the audit.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "ProcessPath is the path constraint of the process that triggered the audit.\n", + "in": "query", + "name": "processPath", + "schema": { + "description": "ProcessPath is the path constraint of the process that triggered the audit.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "RequestID is used to filter by request ID.\n", + "in": "query", + "name": "requestID", + "schema": { + "description": "RequestID is used to filter by request ID.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "FunctionID is used to filter by function ID.\n", + "in": "query", + "name": "functionID", + "schema": { + "description": "FunctionID is used to filter by function ID.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Aggregate indicates whether the result audits should be aggregated according to the Select field.\n", + "in": "query", + "name": "aggregate", + "schema": { + "type": "boolean" + } + }, + { + "description": "AppID is used to filter by embedded app or Fargate task that triggered the audit.\n", + "in": "query", + "name": "appID", + "schema": { + "description": "AppID is used to filter by embedded app or Fargate task that triggered the audit.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Buckets is the number of buckets to return.\n", + "in": "query", + "name": "buckets", + "schema": { + "type": "integer" + } + } + ], + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/-_types.AuditTimeslice" + } + } + }, + "description": "" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Audits" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorRuntimeServerless" + }, + "operationId": "get-audits-runtime-serverless-timeslice", + "summary": "Get Runtime Serverless Audit Events for a Timeframe" + } + }, + "/api/v33.03/audits/trust": { + "get": { + "description": { + "$ref": "desc/audits/trust_get.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Limit is the amount to fix.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Sorts the result using a key.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": "From is an optional minimum time constraints for the audit.\n", + "in": "query", + "name": "from", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "To is an optional maximum time constraints for the audit.\n", + "in": "query", + "name": "to", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "RuleNames is used to filter by rulename.\n", + "in": "query", + "name": "ruleName", + "schema": { + "description": "RuleNames is used to filter by rulename.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Effect is used to filter by runtime audit effect (block/alert).\n", + "in": "query", + "name": "effect", + "schema": { + "description": "Effect is used to filter by runtime audit effect (block/alert).\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "IDs is used to filter by registry/repo.\n", + "in": "query", + "name": "_id", + "schema": { + "description": "IDs is used to filter by registry/repo.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + } + ], + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/-_shared.TrustAudits" + } + } + }, + "description": "" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Audits" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorImages" + }, + "operationId": "get-audits-trust", + "summary": "Get Trust Audit Events" + } + }, + "/api/v33.03/audits/trust/download": { + "get": { + "description": { + "$ref": "desc/audits/trust_download_get.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Limit is the amount to fix.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Sorts the result using a key.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": "From is an optional minimum time constraints for the audit.\n", + "in": "query", + "name": "from", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "To is an optional maximum time constraints for the audit.\n", + "in": "query", + "name": "to", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "RuleNames is used to filter by rulename.\n", + "in": "query", + "name": "ruleName", + "schema": { + "description": "RuleNames is used to filter by rulename.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Effect is used to filter by runtime audit effect (block/alert).\n", + "in": "query", + "name": "effect", + "schema": { + "description": "Effect is used to filter by runtime audit effect (block/alert).\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "IDs is used to filter by registry/repo.\n", + "in": "query", + "name": "_id", + "schema": { + "description": "IDs is used to filter by registry/repo.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + } + ], + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Audits" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorImages" + }, + "operationId": "get-audits-trust-download", + "summary": "Download Trust Audit Events" + } + }, + "/api/v33.03/authenticate": { + "post": { + "description": { + "$ref": "desc/authenticate/post.md" + }, + "requestBody": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/api.AuthenticationRequest" + } + } + } + }, + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/api.AuthenticationResponse" + } + } + }, + "description": "AuthenticationResponse returns the result of calling the authentication endpoint" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Authenticate" + ], + "x-prisma-cloud-target-env": { + "permission": "none" + }, + "operationId": "post-authenticate", + "summary": "Get User Authentication Access Token" + } + }, + "/api/v33.03/cloud/discovery": { + "get": { + "description": { + "$ref": "desc/cloud/discovery_get.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Limit is the amount to fix.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Sorts the result using a key.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": "Provider is the provider filter.\n", + "in": "query", + "name": "provider", + "schema": { + "description": "Provider is the provider filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "CredentialID is the account filter.\n", + "in": "query", + "name": "credentialID", + "schema": { + "description": "CredentialID is the account filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "ServiceType is the service type filter.\n", + "in": "query", + "name": "serviceType", + "schema": { + "description": "ServiceType is the service type filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Registry is the registry filter.\n", + "in": "query", + "name": "registry", + "schema": { + "description": "Registry is the registry filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "AccountName is the account name filter.\n", + "in": "query", + "name": "accountName", + "schema": { + "description": "AccountName is the account name filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Agentless is the agentless filter.\n", + "in": "query", + "name": "agentless", + "schema": { + "type": "boolean" + } + }, + { + "description": "Zone is the zone filter.\n", + "in": "query", + "name": "zone", + "schema": { + "description": "Zone is the zone filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + } + ], + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/-_shared.CloudDiscoveryResult" + } + } + }, + "description": "" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Cloud" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorCloud" + }, + "operationId": "get-cloud-discovery", + "summary": "Get Cloud Discovery Scan Results" + } + }, + "/api/v33.03/cloud/discovery/download": { + "get": { + "description": { + "$ref": "desc/cloud/discovery_download_get.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Limit is the amount to fix.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Sorts the result using a key.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": "Provider is the provider filter.\n", + "in": "query", + "name": "provider", + "schema": { + "description": "Provider is the provider filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "CredentialID is the account filter.\n", + "in": "query", + "name": "credentialID", + "schema": { + "description": "CredentialID is the account filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "ServiceType is the service type filter.\n", + "in": "query", + "name": "serviceType", + "schema": { + "description": "ServiceType is the service type filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Registry is the registry filter.\n", + "in": "query", + "name": "registry", + "schema": { + "description": "Registry is the registry filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "AccountName is the account name filter.\n", + "in": "query", + "name": "accountName", + "schema": { + "description": "AccountName is the account name filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Agentless is the agentless filter.\n", + "in": "query", + "name": "agentless", + "schema": { + "type": "boolean" + } + }, + { + "description": "Zone is the zone filter.\n", + "in": "query", + "name": "zone", + "schema": { + "description": "Zone is the zone filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + } + ], + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Cloud" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorCloud" + }, + "operationId": "get-cloud-discovery-download", + "summary": "Download Cloud Discovery Scan Results" + } + }, + "/api/v33.03/cloud/discovery/entities": { + "get": { + "description": { + "$ref": "desc/cloud/discovery_entities_get.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Limit is the amount to fix.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Sorts the result using a key.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": "CredentialID is the account filter.\n", + "in": "query", + "name": "credentialID", + "schema": { + "description": "CredentialID is the account filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "ServiceType is the service type filter.\n", + "in": "query", + "name": "serviceType", + "schema": { + "description": "ServiceType is the service type filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Registry is the registry filter.\n", + "in": "query", + "name": "registry", + "schema": { + "description": "Registry is the registry filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Zone is the zone filter.\n", + "in": "query", + "name": "zone", + "schema": { + "description": "Zone is the zone filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Defended is the defended filter.\n", + "in": "query", + "name": "defended", + "schema": { + "type": "boolean" + } + } + ], + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/-_shared.CloudDiscoveryEntity" + } + } + }, + "description": "" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Cloud" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorCloud" + }, + "operationId": "get-cloud-discovery-entities", + "summary": "Get Discovered Cloud Entities" + } + }, + "/api/v33.03/cloud/discovery/scan": { + "post": { + "description": { + "$ref": "desc/cloud/discovery_scan_post.md" + }, + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Cloud" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorCloud" + }, + "operationId": "post-cloud-discovery-scan", + "summary": "Start a Cloud Discovery Scan" + } + }, + "/api/v33.03/cloud/discovery/stop": { + "post": { + "description": { + "$ref": "desc/cloud/discovery_stop_post.md" + }, + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Cloud" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorCloud" + }, + "operationId": "post-cloud-discovery-stop", + "summary": "Stop a Cloud Discovery Scan" + } + }, + "/api/v33.03/cloud/discovery/vms": { + "get": { + "description": { + "$ref": "desc/cloud/discovery_vms_get.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Limit is the amount to fix.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Sorts the result using a key.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": "Provider is the provider filter.\n", + "in": "query", + "name": "provider", + "schema": { + "description": "Provider is the provider filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Region is the region filter.\n", + "in": "query", + "name": "region", + "schema": { + "description": "Region is the region filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "HasDefender indicates only VMs with or without a defender should return.\n", + "in": "query", + "name": "hasDefender", + "schema": { + "type": "boolean" + } + } + ], + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/-_types.DiscoveredVM" + } + } + }, + "description": "" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Cloud" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorCloud" + }, + "operationId": "get-cloud-discovery-vms", + "summary": "Get Discovered VMs" + } + }, + "/api/v33.03/coderepos-ci/evaluate": { + "post": { + "description": { + "$ref": "desc/coderepos-ci/post_resolve.md" + }, + "requestBody": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/coderepos.ScanResult" + } + } + } + }, + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/coderepos.ScanResult" + } + } + }, + "description": "ScanResult holds a specific repository data" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Coderepos-Ci" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorCI" + }, + "operationId": "post-coderepos-ci-evaluate", + "summary": "Resolve Code Repos" + } + }, + "/api/v33.03/collections": { + "get": { + "description": { + "$ref": "desc/collections/get.md" + }, + "parameters": [ + { + "description": "ExcludePrisma indicates to exclude Prisma collections.\n", + "in": "query", + "name": "excludePrisma", + "schema": { + "type": "boolean" + } + }, + { + "description": "Prisma filters the collections originates from Prisma Cloud.\n", + "in": "query", + "name": "prisma", + "schema": { + "type": "boolean" + } + }, + { + "description": "System.\n", + "in": "query", + "name": "system", + "schema": { + "type": "boolean" + } + } + ], + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/-_collection.Collection" + } + } + }, + "description": "" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Collections" + ], + "x-prisma-cloud-target-env": { + "permission": "collections" + }, + "operationId": "get-collections", + "summary": "Get Collections" + }, + "post": { + "description": { + "$ref": "desc/collections/post.md" + }, + "requestBody": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/collection.Collection" + } + } + } + }, + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Collections" + ], + "x-prisma-cloud-target-env": { + "permission": "collections" + }, + "operationId": "post-collections", + "summary": "Add a New Collection" + } + }, + "/api/v33.03/collections/{id}": { + "delete": { + "description": { + "$ref": "desc/collections/name_delete.md" + }, + "parameters": [ + { + "in": "path", + "name": "id", + "required": true, + "schema": { + "type": "string" + } + } + ], + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Collections" + ], + "x-prisma-cloud-target-env": { + "permission": "collections" + }, + "operationId": "delete-collections-id", + "summary": "Delete an Existing Collection" + }, + "put": { + "description": { + "$ref": "desc/collections/name_put.md" + }, + "parameters": [ + { + "in": "path", + "name": "id", + "required": true, + "schema": { + "type": "string" + } + } + ], + "requestBody": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/collection.Collection" + } + } + } + }, + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Collections" + ], + "x-prisma-cloud-target-env": { + "permission": "collections" + }, + "operationId": "put-collections-id", + "summary": "Update an Existing Collection" + } + }, + "/api/v33.03/collections/{id}/usages": { + "get": { + "description": { + "$ref": "desc/collections/name_usages_get.md" + }, + "parameters": [ + { + "in": "path", + "name": "id", + "required": true, + "schema": { + "type": "string" + } + } + ], + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/-_collection.Usage" + } + } + }, + "description": "" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Collections" + ], + "x-prisma-cloud-target-env": { + "permission": "collections" + }, + "operationId": "get-collections-id-usages", + "summary": "Get Policies for a Collection" + } + }, + "/api/v33.03/containers": { + "get": { + "description": { + "$ref": "desc/containers/get.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Limit is the amount to fix.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Sorts the result using a key.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": "Hosts is used to filter containers by host.\n", + "in": "query", + "name": "hostname", + "schema": { + "description": "Hosts is used to filter containers by host.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Images is used to filter containers by image name.\n", + "in": "query", + "name": "image", + "schema": { + "description": "Images is used to filter containers by image name.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "ImageIDs is used to filter containers by image ids.\n", + "in": "query", + "name": "imageId", + "schema": { + "description": "ImageIDs is used to filter containers by image ids.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "IDs is used to filter container by container ID.\n", + "in": "query", + "name": "id", + "schema": { + "description": "IDs is used to filter container by container ID.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "ProfileIDs is used to filter container by runtime profile ID.\n", + "in": "query", + "name": "profileId", + "schema": { + "description": "ProfileIDs is used to filter container by runtime profile ID.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Namespaces are the namespaces to filter.\n", + "in": "query", + "name": "namespaces", + "schema": { + "description": "Namespaces are the namespaces to filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Fields are used to fetch specific container field.\n", + "in": "query", + "name": "fields", + "schema": { + "description": "Fields are used to fetch specific container field.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "FirewallSupported is used to fetch containers with app firewall supported.\n", + "in": "query", + "name": "firewallSupported", + "schema": { + "type": "boolean" + } + }, + { + "description": "Clusters is used to filter containers by cluster name.\n", + "in": "query", + "name": "clusters", + "schema": { + "description": "Clusters is used to filter containers by cluster name.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "ComplianceIDs is used to filter containers by compliance IDs.\n", + "in": "query", + "name": "complianceIDs", + "schema": { + "description": "ComplianceIDs is used to filter containers by compliance IDs.\n", + "items": { + "$ref": "#/components/schemas/int" + }, + "type": "array" + } + }, + { + "description": "ComplianceRuleName is used to filter containers by applied compliance rule name.\n", + "in": "query", + "name": "complianceRuleName", + "schema": { + "type": "string" + } + }, + { + "description": "Agentless indicates that we should return only containers that were scanned by an agentless scanner.\n", + "in": "query", + "name": "agentless", + "schema": { + "type": "boolean" + } + }, + { + "description": "CSA indicates that we should return only containers that were scanned by CSA.\n", + "in": "query", + "name": "csa", + "schema": { + "type": "boolean" + } + } + ], + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/-_shared.ContainerScanResult" + } + } + }, + "description": "" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Containers" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorImages" + }, + "operationId": "get-containers", + "summary": "Get Container Scan Results" + } + }, + "/api/v33.03/containers/count": { + "get": { + "description": { + "$ref": "desc/containers/count_get.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Limit is the amount to fix.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Sorts the result using a key.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": "Hosts is used to filter containers by host.\n", + "in": "query", + "name": "hostname", + "schema": { + "description": "Hosts is used to filter containers by host.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Images is used to filter containers by image name.\n", + "in": "query", + "name": "image", + "schema": { + "description": "Images is used to filter containers by image name.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "ImageIDs is used to filter containers by image ids.\n", + "in": "query", + "name": "imageId", + "schema": { + "description": "ImageIDs is used to filter containers by image ids.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "IDs is used to filter container by container ID.\n", + "in": "query", + "name": "id", + "schema": { + "description": "IDs is used to filter container by container ID.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "ProfileIDs is used to filter container by runtime profile ID.\n", + "in": "query", + "name": "profileId", + "schema": { + "description": "ProfileIDs is used to filter container by runtime profile ID.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Namespaces are the namespaces to filter.\n", + "in": "query", + "name": "namespaces", + "schema": { + "description": "Namespaces are the namespaces to filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Fields are used to fetch specific container field.\n", + "in": "query", + "name": "fields", + "schema": { + "description": "Fields are used to fetch specific container field.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "FirewallSupported is used to fetch containers with app firewall supported.\n", + "in": "query", + "name": "firewallSupported", + "schema": { + "type": "boolean" + } + }, + { + "description": "Clusters is used to filter containers by cluster name.\n", + "in": "query", + "name": "clusters", + "schema": { + "description": "Clusters is used to filter containers by cluster name.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "ComplianceIDs is used to filter containers by compliance IDs.\n", + "in": "query", + "name": "complianceIDs", + "schema": { + "description": "ComplianceIDs is used to filter containers by compliance IDs.\n", + "items": { + "$ref": "#/components/schemas/int" + }, + "type": "array" + } + }, + { + "description": "ComplianceRuleName is used to filter containers by applied compliance rule name.\n", + "in": "query", + "name": "complianceRuleName", + "schema": { + "type": "string" + } + }, + { + "description": "Agentless indicates that we should return only containers that were scanned by an agentless scanner.\n", + "in": "query", + "name": "agentless", + "schema": { + "type": "boolean" + } + }, + { + "description": "CSA indicates that we should return only containers that were scanned by CSA.\n", + "in": "query", + "name": "csa", + "schema": { + "type": "boolean" + } + } + ], + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/int" + } + } + }, + "description": "" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Containers" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorImages" + }, + "operationId": "get-containers-count", + "summary": "Get Containers Count" + } + }, + "/api/v33.03/containers/download": { + "get": { + "description": { + "$ref": "desc/containers/download_get.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Limit is the amount to fix.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Sorts the result using a key.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": "Hosts is used to filter containers by host.\n", + "in": "query", + "name": "hostname", + "schema": { + "description": "Hosts is used to filter containers by host.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Images is used to filter containers by image name.\n", + "in": "query", + "name": "image", + "schema": { + "description": "Images is used to filter containers by image name.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "ImageIDs is used to filter containers by image ids.\n", + "in": "query", + "name": "imageId", + "schema": { + "description": "ImageIDs is used to filter containers by image ids.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "IDs is used to filter container by container ID.\n", + "in": "query", + "name": "id", + "schema": { + "description": "IDs is used to filter container by container ID.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "ProfileIDs is used to filter container by runtime profile ID.\n", + "in": "query", + "name": "profileId", + "schema": { + "description": "ProfileIDs is used to filter container by runtime profile ID.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Namespaces are the namespaces to filter.\n", + "in": "query", + "name": "namespaces", + "schema": { + "description": "Namespaces are the namespaces to filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Fields are used to fetch specific container field.\n", + "in": "query", + "name": "fields", + "schema": { + "description": "Fields are used to fetch specific container field.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "FirewallSupported is used to fetch containers with app firewall supported.\n", + "in": "query", + "name": "firewallSupported", + "schema": { + "type": "boolean" + } + }, + { + "description": "Clusters is used to filter containers by cluster name.\n", + "in": "query", + "name": "clusters", + "schema": { + "description": "Clusters is used to filter containers by cluster name.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "ComplianceIDs is used to filter containers by compliance IDs.\n", + "in": "query", + "name": "complianceIDs", + "schema": { + "description": "ComplianceIDs is used to filter containers by compliance IDs.\n", + "items": { + "$ref": "#/components/schemas/int" + }, + "type": "array" + } + }, + { + "description": "ComplianceRuleName is used to filter containers by applied compliance rule name.\n", + "in": "query", + "name": "complianceRuleName", + "schema": { + "type": "string" + } + }, + { + "description": "Agentless indicates that we should return only containers that were scanned by an agentless scanner.\n", + "in": "query", + "name": "agentless", + "schema": { + "type": "boolean" + } + }, + { + "description": "CSA indicates that we should return only containers that were scanned by CSA.\n", + "in": "query", + "name": "csa", + "schema": { + "type": "boolean" + } + }, + { + "description": "When set to true, an additional field \"Labels\" is included for each container in the output CSV/JSON file.\nThis field will provide a concatenated list of all the labels for the respective container in the format:\nkey1:value1,key2:value2,...,keyN:valueN. The default value for this parameter is \"false\".\n", + "in": "query", + "name": "includeLabels", + "schema": { + "type": "boolean" + } + } + ], + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Containers" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorImages" + }, + "operationId": "get-containers-download", + "summary": "Download Container Scan Results" + } + }, + "/api/v33.03/containers/names": { + "get": { + "description": { + "$ref": "desc/containers/names_get.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Limit is the amount to fix.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Sorts the result using a key.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": "Hosts is used to filter containers by host.\n", + "in": "query", + "name": "hostname", + "schema": { + "description": "Hosts is used to filter containers by host.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Images is used to filter containers by image name.\n", + "in": "query", + "name": "image", + "schema": { + "description": "Images is used to filter containers by image name.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "ImageIDs is used to filter containers by image ids.\n", + "in": "query", + "name": "imageId", + "schema": { + "description": "ImageIDs is used to filter containers by image ids.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "IDs is used to filter container by container ID.\n", + "in": "query", + "name": "id", + "schema": { + "description": "IDs is used to filter container by container ID.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "ProfileIDs is used to filter container by runtime profile ID.\n", + "in": "query", + "name": "profileId", + "schema": { + "description": "ProfileIDs is used to filter container by runtime profile ID.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Namespaces are the namespaces to filter.\n", + "in": "query", + "name": "namespaces", + "schema": { + "description": "Namespaces are the namespaces to filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Fields are used to fetch specific container field.\n", + "in": "query", + "name": "fields", + "schema": { + "description": "Fields are used to fetch specific container field.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "FirewallSupported is used to fetch containers with app firewall supported.\n", + "in": "query", + "name": "firewallSupported", + "schema": { + "type": "boolean" + } + }, + { + "description": "Clusters is used to filter containers by cluster name.\n", + "in": "query", + "name": "clusters", + "schema": { + "description": "Clusters is used to filter containers by cluster name.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "ComplianceIDs is used to filter containers by compliance IDs.\n", + "in": "query", + "name": "complianceIDs", + "schema": { + "description": "ComplianceIDs is used to filter containers by compliance IDs.\n", + "items": { + "$ref": "#/components/schemas/int" + }, + "type": "array" + } + }, + { + "description": "ComplianceRuleName is used to filter containers by applied compliance rule name.\n", + "in": "query", + "name": "complianceRuleName", + "schema": { + "type": "string" + } + }, + { + "description": "Agentless indicates that we should return only containers that were scanned by an agentless scanner.\n", + "in": "query", + "name": "agentless", + "schema": { + "type": "boolean" + } + }, + { + "description": "CSA indicates that we should return only containers that were scanned by CSA.\n", + "in": "query", + "name": "csa", + "schema": { + "type": "boolean" + } + } + ], + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/-_string" + } + } + }, + "description": "" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Containers" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorImages" + }, + "operationId": "get-containers-names", + "summary": "Get Container Names" + } + }, + "/api/v33.03/containers/scan": { + "post": { + "description": { + "$ref": "desc/containers/scan_post.md" + }, + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Containers" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorImages" + }, + "operationId": "post-containers-scan", + "summary": "Start a Container Scan" + } + }, + "/api/v33.03/credentials": { + "get": { + "description": { + "$ref": "desc/credentials/get.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Limit is the amount to fix.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Sorts the result using a key.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": "IDs are the credential IDs to filter.\n", + "in": "query", + "name": "ids", + "schema": { + "description": "IDs are the credential IDs to filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Cloud indicates whether to fetch cloud credentials (AWS/GCP/OCI/Azure) or other types of credentials.\n", + "in": "query", + "name": "cloud", + "schema": { + "type": "boolean" + } + }, + { + "description": "External indicates whether to fetch credentials imported from Prisma.\n", + "in": "query", + "name": "external", + "schema": { + "type": "boolean" + } + }, + { + "description": "AutoImported indicates whether to fetch credentials imported from Prisma automatically.\n", + "in": "query", + "name": "autoImported", + "schema": { + "type": "boolean" + } + } + ], + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/-_cred.Credential" + } + } + }, + "description": "" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Credentials" + ], + "x-prisma-cloud-target-env": { + "permission": "manageCreds" + }, + "operationId": "get-credentials", + "summary": "Get All Credentials" + }, + "post": { + "description": { + "$ref": "desc/credentials/post.md" + }, + "requestBody": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/cred.Credential" + } + } + } + }, + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Credentials" + ], + "x-prisma-cloud-target-env": { + "permission": "manageCreds" + }, + "operationId": "post-credentials", + "summary": "Add Credentials" + } + }, + "/api/v33.03/credentials/{id}": { + "delete": { + "description": { + "$ref": "desc/credentials/id_delete.md" + }, + "parameters": [ + { + "in": "path", + "name": "id", + "required": true, + "schema": { + "type": "string" + } + } + ], + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Credentials" + ], + "x-prisma-cloud-target-env": { + "permission": "manageCreds" + }, + "operationId": "delete-credentials-id", + "summary": "Delete a Credential" + } + }, + "/api/v33.03/credentials/{id}/usages": { + "get": { + "description": { + "$ref": "desc/credentials/id_usages_get.md" + }, + "parameters": [ + { + "in": "path", + "name": "id", + "required": true, + "schema": { + "type": "string" + } + } + ], + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/-_types.CredentialUsage" + } + } + }, + "description": "" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Credentials" + ], + "x-prisma-cloud-target-env": { + "permission": "manageCreds" + }, + "operationId": "get-credentials-id-usages", + "summary": "Get Credential Usages" + } + }, + "/api/v33.03/current/collections": { + "get": { + "description": { + "$ref": "desc/current/collections_get.md" + }, + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/-_types.UserCollection" + } + } + }, + "description": "" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Current" + ], + "x-prisma-cloud-target-env": { + "permission": "accessUI" + }, + "operationId": "get-current-collections", + "summary": "User Collections" + } + }, + "/api/v33.03/custom-compliance": { + "get": { + "description": { + "$ref": "desc/custom-compliance/get.md" + }, + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/-_shared.CustomComplianceCheck" + } + } + }, + "description": "" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Custom-Compliance" + ], + "x-prisma-cloud-target-env": { + "permission": "policyComplianceCustomRules" + }, + "operationId": "get-custom-compliance", + "summary": "Get Custom Compliance Checks" + }, + "put": { + "description": { + "$ref": "desc/custom-compliance/put.md" + }, + "requestBody": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/shared.CustomComplianceCheck" + } + } + } + }, + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/shared.CustomComplianceCheck" + } + } + }, + "description": "CustomComplianceCheck represents a custom compliance check entry" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Custom-Compliance" + ], + "x-prisma-cloud-target-env": { + "permission": "policyComplianceCustomRules" + }, + "operationId": "put-custom-compliance", + "summary": "Update Custom Compliance Checks" + } + }, + "/api/v33.03/custom-compliance/{id}": { + "delete": { + "description": { + "$ref": "desc/custom-compliance/id_delete.md" + }, + "parameters": [ + { + "in": "path", + "name": "id", + "required": true, + "schema": { + "type": "string" + } + } + ], + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Custom-Compliance" + ], + "x-prisma-cloud-target-env": { + "permission": "policyComplianceCustomRules" + }, + "operationId": "delete-custom-compliance-id", + "summary": "Delete a Custom Compliance Check" + } + }, + "/api/v33.03/custom-rules": { + "get": { + "description": { + "$ref": "desc/custom-rules/get.md" + }, + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/-_customrules.Rule" + } + } + }, + "description": "" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Custom-Rules" + ], + "x-prisma-cloud-target-env": { + "permission": "policyCustomRules" + }, + "operationId": "get-custom-rules", + "summary": "Get Custom Rules" + } + }, + "/api/v33.03/custom-rules/{id}": { + "delete": { + "description": { + "$ref": "desc/custom-rules/id_delete.md" + }, + "parameters": [ + { + "in": "path", + "name": "id", + "required": true, + "schema": { + "type": "string" + } + } + ], + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Custom-Rules" + ], + "x-prisma-cloud-target-env": { + "permission": "policyCustomRules" + }, + "operationId": "delete-custom-rules-id", + "summary": "Delete a Custom Rule" + }, + "put": { + "description": { + "$ref": "desc/custom-rules/id_put.md" + }, + "parameters": [ + { + "in": "path", + "name": "id", + "required": true, + "schema": { + "type": "string" + } + } + ], + "requestBody": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/customrules.Rule" + } + } + } + }, + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Custom-Rules" + ], + "x-prisma-cloud-target-env": { + "permission": "policyCustomRules" + }, + "operationId": "put-custom-rules-id", + "summary": "Update a Custom Rule" + } + }, + "/api/v33.03/defenders": { + "get": { + "description": { + "$ref": "desc/defenders/get.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Limit is the amount to fix.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Sorts the result using a key.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": "Hostname is a name of a specific Defender to retrieve.\n", + "in": "query", + "name": "hostname", + "schema": { + "type": "string" + } + }, + { + "description": "Roles are the defender api.Roles to filter.\n", + "in": "query", + "name": "role", + "schema": { + "description": "Roles are the defender api.Roles to filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Indicates whether to return only connected Defenders (true) or disconnected Defenders (false).\n", + "in": "query", + "name": "connected", + "schema": { + "type": "boolean" + } + }, + { + "description": "Indicates the Defender types to return (e.g., docker, dockerWindows, cri, etc).\n", + "in": "query", + "name": "type", + "schema": { + "description": "Indicates the Defender types to return (e.g., docker, dockerWindows, cri, etc).\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Indicates whether to return a list of Defenders that are running the latest version of Prisma Cloud (true)\nor defenders with older versions (false).\n", + "in": "query", + "name": "latest", + "schema": { + "type": "boolean" + } + }, + { + "description": "SupportedVersion indicates only Defenders of supported versions should be fetched.\n", + "in": "query", + "name": "supportedVersion", + "schema": { + "type": "boolean" + } + }, + { + "description": "Scopes the query by cluster name.\n", + "in": "query", + "name": "cluster", + "schema": { + "description": "Scopes the query by cluster name.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Scopes the query by TAS cluster IDs.\n", + "in": "query", + "name": "tasClusterIDs", + "schema": { + "description": "Scopes the query by TAS cluster IDs.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Scopes the query by TAS blobstore scanning only Defenders (true) or TAS full coverage Defenders (false).\n", + "in": "query", + "name": "tasBlobstoreScanner", + "schema": { + "type": "boolean" + } + }, + { + "description": "Scopes the query by TAS foundations.\n", + "in": "query", + "name": "tasFoundations", + "schema": { + "description": "Scopes the query by TAS foundations.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Scopes the query to defenders which are using old certificate.\n", + "in": "query", + "name": "usingOldCA", + "schema": { + "type": "boolean" + } + }, + { + "description": "Scopes the query to defenders which are using expired certificate.\n", + "in": "query", + "name": "usingExpiredCA", + "schema": { + "type": "boolean" + } + }, + { + "description": "Scopes the query by provider type\nIndicates whether to return only defenders running on ARM64 architecture.\n", + "in": "query", + "name": "isARM64", + "schema": { + "type": "boolean" + } + }, + { + "description": "Indicates whether to return only defenders running as VPC Observer.\n", + "in": "query", + "name": "isVPCObserver", + "schema": { + "type": "boolean" + } + } + ], + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/-_defender.Defender" + } + } + }, + "description": "" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Defenders" + ], + "x-prisma-cloud-target-env": { + "permission": "manageDefenders" + }, + "operationId": "get-defenders", + "summary": "Get Deployed Defenders" + } + }, + "/api/v33.03/defenders/app-embedded": { + "post": { + "description": { + "$ref": "desc/defenders/app_embedded_post.md" + }, + "requestBody": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/shared.AppEmbeddedEmbedRequest" + } + } + } + }, + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Defenders" + ], + "x-prisma-cloud-target-env": { + "permission": "manageDefenders" + }, + "operationId": "post-defenders-app-embedded", + "summary": "Generate a Docker File for App-embedded Defender" + } + }, + "/api/v33.03/defenders/daemonset.yaml": { + "post": { + "description": { + "$ref": "desc/defenders/daemonset_yaml_post.md" + }, + "requestBody": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/common.DaemonSetOptions" + } + } + } + }, + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/-_uint8" + } + } + }, + "description": "" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Defenders" + ], + "x-prisma-cloud-target-env": { + "permission": "manageDefenders" + }, + "operationId": "post-defenders-daemonset.yaml", + "summary": "Generate Daemonset Deployment YAML File" + } + }, + "/api/v33.03/defenders/download": { + "get": { + "description": { + "$ref": "desc/defenders/download_get.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Limit is the amount to fix.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Sorts the result using a key.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": "Hostname is a name of a specific Defender to retrieve.\n", + "in": "query", + "name": "hostname", + "schema": { + "type": "string" + } + }, + { + "description": "Roles are the defender api.Roles to filter.\n", + "in": "query", + "name": "role", + "schema": { + "description": "Roles are the defender api.Roles to filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Indicates whether to return only connected Defenders (true) or disconnected Defenders (false).\n", + "in": "query", + "name": "connected", + "schema": { + "type": "boolean" + } + }, + { + "description": "Indicates the Defender types to return (e.g., docker, dockerWindows, cri, etc).\n", + "in": "query", + "name": "type", + "schema": { + "description": "Indicates the Defender types to return (e.g., docker, dockerWindows, cri, etc).\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Indicates whether to return a list of Defenders that are running the latest version of Prisma Cloud (true)\nor defenders with older versions (false).\n", + "in": "query", + "name": "latest", + "schema": { + "type": "boolean" + } + }, + { + "description": "SupportedVersion indicates only Defenders of supported versions should be fetched.\n", + "in": "query", + "name": "supportedVersion", + "schema": { + "type": "boolean" + } + }, + { + "description": "Scopes the query by cluster name.\n", + "in": "query", + "name": "cluster", + "schema": { + "description": "Scopes the query by cluster name.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Scopes the query by TAS cluster IDs.\n", + "in": "query", + "name": "tasClusterIDs", + "schema": { + "description": "Scopes the query by TAS cluster IDs.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Scopes the query by TAS blobstore scanning only Defenders (true) or TAS full coverage Defenders (false).\n", + "in": "query", + "name": "tasBlobstoreScanner", + "schema": { + "type": "boolean" + } + }, + { + "description": "Scopes the query by TAS foundations.\n", + "in": "query", + "name": "tasFoundations", + "schema": { + "description": "Scopes the query by TAS foundations.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Scopes the query to defenders which are using old certificate.\n", + "in": "query", + "name": "usingOldCA", + "schema": { + "type": "boolean" + } + }, + { + "description": "Scopes the query to defenders which are using expired certificate.\n", + "in": "query", + "name": "usingExpiredCA", + "schema": { + "type": "boolean" + } + }, + { + "description": "Scopes the query by provider type\nIndicates whether to return only defenders running on ARM64 architecture.\n", + "in": "query", + "name": "isARM64", + "schema": { + "type": "boolean" + } + }, + { + "description": "Indicates whether to return only defenders running as VPC Observer.\n", + "in": "query", + "name": "isVPCObserver", + "schema": { + "type": "boolean" + } + } + ], + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Defenders" + ], + "x-prisma-cloud-target-env": { + "permission": "manageDefenders" + }, + "operationId": "get-defenders-download", + "summary": "Download Deployed Defenders" + } + }, + "/api/v33.03/defenders/fargate.json": { + "post": { + "description": { + "$ref": "desc/defenders/fargate_json_post.md" + }, + "parameters": [ + { + "description": "ConsoleAddr is the remote console address.\n", + "in": "query", + "name": "consoleaddr", + "schema": { + "type": "string" + } + }, + { + "description": "DefenderType is the type of the defender to create the install bundle for.\n", + "in": "query", + "name": "defenderType", + "schema": { + "description": "Type is the type to be given at startup", + "enum": [ + [ + "none", + "docker", + "dockerWindows", + "containerdWindows", + "swarm", + "daemonset", + "serverLinux", + "serverWindows", + "cri", + "fargate", + "appEmbedded", + "tas", + "tasWindows", + "serverless", + "ecs", + "podman" + ] + ], + "type": "string" + } + }, + { + "description": "Interpreter is a custom interpreter set by the user to run the fargate defender entrypoint script.\n", + "in": "query", + "name": "interpreter", + "schema": { + "type": "string" + } + }, + { + "description": "CloudFormation indicates if the given fargate task definition is in Cloud Formation format.\n", + "in": "query", + "name": "cloudFormation", + "schema": { + "type": "boolean" + } + }, + { + "description": "FilesystemMonitoring is the filesystem monitoring flag.\n", + "in": "query", + "name": "filesystemMonitoring", + "schema": { + "type": "boolean" + } + }, + { + "description": "ExtractEntrypoint indicates if entrypoint will be extracted automatically.\n", + "in": "query", + "name": "extractEntrypoint", + "schema": { + "type": "boolean" + } + }, + { + "description": "RegistryType is the registry type for fetching image details needed to create fargate task definition (e.g., dockerhub).\n", + "in": "query", + "name": "registryType", + "schema": { + "type": "string" + } + }, + { + "description": "RegistryCredentialID of the credentials in the credentials store to use for authenticating with the registry.\n", + "in": "query", + "name": "registryCredentialID", + "schema": { + "type": "string" + } + }, + { + "description": "DefenderImage is the full path to the Defender image, if not specified Prisma's private registry is used.\n", + "in": "query", + "name": "defenderImage", + "schema": { + "type": "string" + } + }, + { + "description": "DefenderImagePullSecret is the name of the secret required to pull the Defender image from private registry.\n", + "in": "query", + "name": "defenderImagePullSecret", + "schema": { + "type": "string" + } + } + ], + "requestBody": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/appembedded.FargateTask" + } + } + } + }, + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/appembedded.FargateTask" + } + } + }, + "description": "FargateTask represents the generic fargate task AWS template" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Defenders" + ], + "x-prisma-cloud-target-env": { + "permission": "manageDefenders" + }, + "operationId": "post-defenders-fargate.json", + "summary": "Generate a Protected JSON Fargate Task Definition" + } + }, + "/api/v33.03/defenders/fargate.yaml": { + "post": { + "description": { + "$ref": "desc/defenders/fargate_yaml_post.md" + }, + "parameters": [ + { + "description": "ConsoleAddr is the remote console address.\n", + "in": "query", + "name": "consoleaddr", + "schema": { + "type": "string" + } + }, + { + "description": "DefenderType is the type of the defender to create the install bundle for.\n", + "in": "query", + "name": "defenderType", + "schema": { + "description": "Type is the type to be given at startup", + "enum": [ + [ + "none", + "docker", + "dockerWindows", + "containerdWindows", + "swarm", + "daemonset", + "serverLinux", + "serverWindows", + "cri", + "fargate", + "appEmbedded", + "tas", + "tasWindows", + "serverless", + "ecs", + "podman" + ] + ], + "type": "string" + } + }, + { + "description": "Interpreter is a custom interpreter set by the user to run the fargate defender entrypoint script.\n", + "in": "query", + "name": "interpreter", + "schema": { + "type": "string" + } + }, + { + "description": "CloudFormation indicates if the given fargate task definition is in Cloud Formation format.\n", + "in": "query", + "name": "cloudFormation", + "schema": { + "type": "boolean" + } + }, + { + "description": "FilesystemMonitoring is the filesystem monitoring flag.\n", + "in": "query", + "name": "filesystemMonitoring", + "schema": { + "type": "boolean" + } + }, + { + "description": "ExtractEntrypoint indicates if entrypoint will be extracted automatically.\n", + "in": "query", + "name": "extractEntrypoint", + "schema": { + "type": "boolean" + } + }, + { + "description": "RegistryType is the registry type for fetching image details needed to create fargate task definition (e.g., dockerhub).\n", + "in": "query", + "name": "registryType", + "schema": { + "type": "string" + } + }, + { + "description": "RegistryCredentialID of the credentials in the credentials store to use for authenticating with the registry.\n", + "in": "query", + "name": "registryCredentialID", + "schema": { + "type": "string" + } + }, + { + "description": "DefenderImage is the full path to the Defender image, if not specified Prisma's private registry is used.\n", + "in": "query", + "name": "defenderImage", + "schema": { + "type": "string" + } + }, + { + "description": "DefenderImagePullSecret is the name of the secret required to pull the Defender image from private registry.\n", + "in": "query", + "name": "defenderImagePullSecret", + "schema": { + "type": "string" + } + } + ], + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/-_uint8" + } + } + }, + "description": "" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Defenders" + ], + "x-prisma-cloud-target-env": { + "permission": "manageDefenders" + }, + "operationId": "post-defenders-fargate.yaml", + "summary": "Generate a Protected YAML Fargate Task Definition" + } + }, + "/api/v33.03/defenders/helm/twistlock-defender-helm.tar.gz": { + "post": { + "description": { + "$ref": "desc/defenders/helm_post.md" + }, + "requestBody": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/common.DaemonSetOptions" + } + } + } + }, + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Defenders" + ], + "x-prisma-cloud-target-env": { + "permission": "manageDefenders" + }, + "operationId": "post-defenders-helm-twistlock-defender-helm.tar.gz", + "summary": "Generate a Helm Deployment Chart for Defender" + } + }, + "/api/v33.03/defenders/image-name": { + "get": { + "description": { + "$ref": "desc/defenders/image-name_get.md" + }, + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/string" + } + } + }, + "description": "" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Defenders" + ], + "x-prisma-cloud-target-env": { + "permission": "manageDefenders" + }, + "operationId": "get-defenders-image-name", + "summary": "Get Docker Image Name for Defender" + } + }, + "/api/v33.03/defenders/install-bundle": { + "get": { + "description": { + "$ref": "desc/defenders/install-bundle_get.md" + }, + "parameters": [ + { + "description": "ConsoleAddr is the remote console address.\n", + "in": "query", + "name": "consoleaddr", + "schema": { + "type": "string" + } + }, + { + "description": "DefenderType is the type of the defender to create the install bundle for.\n", + "in": "query", + "name": "defenderType", + "schema": { + "description": "Type is the type to be given at startup", + "enum": [ + [ + "none", + "docker", + "dockerWindows", + "containerdWindows", + "swarm", + "daemonset", + "serverLinux", + "serverWindows", + "cri", + "fargate", + "appEmbedded", + "tas", + "tasWindows", + "serverless", + "ecs", + "podman" + ] + ], + "type": "string" + } + }, + { + "description": "Interpreter is a custom interpreter set by the user to run the fargate defender entrypoint script.\n", + "in": "query", + "name": "interpreter", + "schema": { + "type": "string" + } + }, + { + "description": "CloudFormation indicates if the given fargate task definition is in Cloud Formation format.\n", + "in": "query", + "name": "cloudFormation", + "schema": { + "type": "boolean" + } + }, + { + "description": "FilesystemMonitoring is the filesystem monitoring flag.\n", + "in": "query", + "name": "filesystemMonitoring", + "schema": { + "type": "boolean" + } + }, + { + "description": "ExtractEntrypoint indicates if entrypoint will be extracted automatically.\n", + "in": "query", + "name": "extractEntrypoint", + "schema": { + "type": "boolean" + } + }, + { + "description": "RegistryType is the registry type for fetching image details needed to create fargate task definition (e.g., dockerhub).\n", + "in": "query", + "name": "registryType", + "schema": { + "type": "string" + } + }, + { + "description": "RegistryCredentialID of the credentials in the credentials store to use for authenticating with the registry.\n", + "in": "query", + "name": "registryCredentialID", + "schema": { + "type": "string" + } + }, + { + "description": "DefenderImage is the full path to the Defender image, if not specified Prisma's private registry is used.\n", + "in": "query", + "name": "defenderImage", + "schema": { + "type": "string" + } + }, + { + "description": "DefenderImagePullSecret is the name of the secret required to pull the Defender image from private registry.\n", + "in": "query", + "name": "defenderImagePullSecret", + "schema": { + "type": "string" + } + } + ], + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/shared.DefenderInstallBundle" + } + } + }, + "description": "DefenderInstallBundle represents the install bundle for the defender" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Defenders" + ], + "x-prisma-cloud-target-env": { + "permission": "manageDefenders" + }, + "operationId": "get-defenders-install-bundle", + "summary": "Get Certificate Bundle for Defender" + } + }, + "/api/v33.03/defenders/names": { + "get": { + "description": { + "$ref": "desc/defenders/names_get.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Limit is the amount to fix.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Sorts the result using a key.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": "Hostname is a name of a specific Defender to retrieve.\n", + "in": "query", + "name": "hostname", + "schema": { + "type": "string" + } + }, + { + "description": "Roles are the defender api.Roles to filter.\n", + "in": "query", + "name": "role", + "schema": { + "description": "Roles are the defender api.Roles to filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Indicates whether to return only connected Defenders (true) or disconnected Defenders (false).\n", + "in": "query", + "name": "connected", + "schema": { + "type": "boolean" + } + }, + { + "description": "Indicates the Defender types to return (e.g., docker, dockerWindows, cri, etc).\n", + "in": "query", + "name": "type", + "schema": { + "description": "Indicates the Defender types to return (e.g., docker, dockerWindows, cri, etc).\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Indicates whether to return a list of Defenders that are running the latest version of Prisma Cloud (true)\nor defenders with older versions (false).\n", + "in": "query", + "name": "latest", + "schema": { + "type": "boolean" + } + }, + { + "description": "SupportedVersion indicates only Defenders of supported versions should be fetched.\n", + "in": "query", + "name": "supportedVersion", + "schema": { + "type": "boolean" + } + }, + { + "description": "Scopes the query by cluster name.\n", + "in": "query", + "name": "cluster", + "schema": { + "description": "Scopes the query by cluster name.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Scopes the query by TAS cluster IDs.\n", + "in": "query", + "name": "tasClusterIDs", + "schema": { + "description": "Scopes the query by TAS cluster IDs.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Scopes the query by TAS blobstore scanning only Defenders (true) or TAS full coverage Defenders (false).\n", + "in": "query", + "name": "tasBlobstoreScanner", + "schema": { + "type": "boolean" + } + }, + { + "description": "Scopes the query by TAS foundations.\n", + "in": "query", + "name": "tasFoundations", + "schema": { + "description": "Scopes the query by TAS foundations.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Scopes the query to defenders which are using old certificate.\n", + "in": "query", + "name": "usingOldCA", + "schema": { + "type": "boolean" + } + }, + { + "description": "Scopes the query to defenders which are using expired certificate.\n", + "in": "query", + "name": "usingExpiredCA", + "schema": { + "type": "boolean" + } + }, + { + "description": "Scopes the query by provider type\nIndicates whether to return only defenders running on ARM64 architecture.\n", + "in": "query", + "name": "isARM64", + "schema": { + "type": "boolean" + } + }, + { + "description": "Indicates whether to return only defenders running as VPC Observer.\n", + "in": "query", + "name": "isVPCObserver", + "schema": { + "type": "boolean" + } + } + ], + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/-_string" + } + } + }, + "description": "" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Defenders" + ], + "x-prisma-cloud-target-env": { + "permission": "manageDefenders" + }, + "operationId": "get-defenders-names", + "summary": "Get Defender Names" + } + }, + "/api/v33.03/defenders/serverless/bundle": { + "post": { + "description": { + "$ref": "desc/defenders/serverless-bundle_post.md" + }, + "requestBody": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/shared.ServerlessBundleRequest" + } + } + } + }, + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Defenders" + ], + "x-prisma-cloud-target-env": { + "permission": "manageDefenders" + }, + "operationId": "post-defenders-serverless-bundle", + "summary": "Generate Serverless Bundle for Defender" + } + }, + "/api/v33.03/defenders/summary": { + "get": { + "description": { + "$ref": "desc/defenders/summary_get.md" + }, + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/-_types.DefenderSummary" + } + } + }, + "description": "" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Defenders" + ], + "x-prisma-cloud-target-env": { + "permission": "manageDefenders" + }, + "operationId": "get-defenders-summary", + "summary": "Get Defenders Summary" + } + }, + "/api/v33.03/defenders/tas-cloud-controller-address": { + "get": { + "description": { + "$ref": "desc/defenders/tas-cloud-controller-address_get.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Limit is the amount to fix.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Sorts the result using a key.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": "Hostname is a name of a specific Defender to retrieve.\n", + "in": "query", + "name": "hostname", + "schema": { + "type": "string" + } + }, + { + "description": "Roles are the defender api.Roles to filter.\n", + "in": "query", + "name": "role", + "schema": { + "description": "Roles are the defender api.Roles to filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Indicates whether to return only connected Defenders (true) or disconnected Defenders (false).\n", + "in": "query", + "name": "connected", + "schema": { + "type": "boolean" + } + }, + { + "description": "Indicates the Defender types to return (e.g., docker, dockerWindows, cri, etc).\n", + "in": "query", + "name": "type", + "schema": { + "description": "Indicates the Defender types to return (e.g., docker, dockerWindows, cri, etc).\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Indicates whether to return a list of Defenders that are running the latest version of Prisma Cloud (true)\nor defenders with older versions (false).\n", + "in": "query", + "name": "latest", + "schema": { + "type": "boolean" + } + }, + { + "description": "SupportedVersion indicates only Defenders of supported versions should be fetched.\n", + "in": "query", + "name": "supportedVersion", + "schema": { + "type": "boolean" + } + }, + { + "description": "Scopes the query by cluster name.\n", + "in": "query", + "name": "cluster", + "schema": { + "description": "Scopes the query by cluster name.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Scopes the query by TAS cluster IDs.\n", + "in": "query", + "name": "tasClusterIDs", + "schema": { + "description": "Scopes the query by TAS cluster IDs.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Scopes the query by TAS blobstore scanning only Defenders (true) or TAS full coverage Defenders (false).\n", + "in": "query", + "name": "tasBlobstoreScanner", + "schema": { + "type": "boolean" + } + }, + { + "description": "Scopes the query by TAS foundations.\n", + "in": "query", + "name": "tasFoundations", + "schema": { + "description": "Scopes the query by TAS foundations.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Scopes the query to defenders which are using old certificate.\n", + "in": "query", + "name": "usingOldCA", + "schema": { + "type": "boolean" + } + }, + { + "description": "Scopes the query to defenders which are using expired certificate.\n", + "in": "query", + "name": "usingExpiredCA", + "schema": { + "type": "boolean" + } + }, + { + "description": "Scopes the query by provider type\nIndicates whether to return only defenders running on ARM64 architecture.\n", + "in": "query", + "name": "isARM64", + "schema": { + "type": "boolean" + } + }, + { + "description": "Indicates whether to return only defenders running as VPC Observer.\n", + "in": "query", + "name": "isVPCObserver", + "schema": { + "type": "boolean" + } + } + ], + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/-_string" + } + } + }, + "description": "" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Defenders" + ], + "x-prisma-cloud-target-env": { + "permission": "manageDefenders" + }, + "operationId": "get-defenders-tas-cloud-controller-address", + "summary": "Defenders Tas Cloud Controller Address" + } + }, + "/api/v33.03/defenders/upgrade": { + "post": { + "description": { + "$ref": "desc/defenders/upgrade_post.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Limit is the amount to fix.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Sorts the result using a key.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": "Hostname is a name of a specific Defender to retrieve.\n", + "in": "query", + "name": "hostname", + "schema": { + "type": "string" + } + }, + { + "description": "Roles are the defender api.Roles to filter.\n", + "in": "query", + "name": "role", + "schema": { + "description": "Roles are the defender api.Roles to filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Indicates whether to return only connected Defenders (true) or disconnected Defenders (false).\n", + "in": "query", + "name": "connected", + "schema": { + "type": "boolean" + } + }, + { + "description": "Indicates the Defender types to return (e.g., docker, dockerWindows, cri, etc).\n", + "in": "query", + "name": "type", + "schema": { + "description": "Indicates the Defender types to return (e.g., docker, dockerWindows, cri, etc).\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Indicates whether to return a list of Defenders that are running the latest version of Prisma Cloud (true)\nor defenders with older versions (false).\n", + "in": "query", + "name": "latest", + "schema": { + "type": "boolean" + } + }, + { + "description": "SupportedVersion indicates only Defenders of supported versions should be fetched.\n", + "in": "query", + "name": "supportedVersion", + "schema": { + "type": "boolean" + } + }, + { + "description": "Scopes the query by cluster name.\n", + "in": "query", + "name": "cluster", + "schema": { + "description": "Scopes the query by cluster name.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Scopes the query by TAS cluster IDs.\n", + "in": "query", + "name": "tasClusterIDs", + "schema": { + "description": "Scopes the query by TAS cluster IDs.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Scopes the query by TAS blobstore scanning only Defenders (true) or TAS full coverage Defenders (false).\n", + "in": "query", + "name": "tasBlobstoreScanner", + "schema": { + "type": "boolean" + } + }, + { + "description": "Scopes the query by TAS foundations.\n", + "in": "query", + "name": "tasFoundations", + "schema": { + "description": "Scopes the query by TAS foundations.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Scopes the query to defenders which are using old certificate.\n", + "in": "query", + "name": "usingOldCA", + "schema": { + "type": "boolean" + } + }, + { + "description": "Scopes the query to defenders which are using expired certificate.\n", + "in": "query", + "name": "usingExpiredCA", + "schema": { + "type": "boolean" + } + }, + { + "description": "Scopes the query by provider type\nIndicates whether to return only defenders running on ARM64 architecture.\n", + "in": "query", + "name": "isARM64", + "schema": { + "type": "boolean" + } + }, + { + "description": "Indicates whether to return only defenders running as VPC Observer.\n", + "in": "query", + "name": "isVPCObserver", + "schema": { + "type": "boolean" + } + } + ], + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Defenders" + ], + "x-prisma-cloud-target-env": { + "permission": "manageDefenders" + }, + "operationId": "post-defenders-upgrade", + "summary": "Upgrade Connected Single Linux Defenders" + } + }, + "/api/v33.03/defenders/{id}": { + "delete": { + "description": { + "$ref": "desc/defenders/id_delete.md" + }, + "parameters": [ + { + "in": "path", + "name": "id", + "required": true, + "schema": { + "type": "string" + } + } + ], + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Defenders" + ], + "x-prisma-cloud-target-env": { + "permission": "manageDefenders" + }, + "operationId": "delete-defenders-id", + "summary": "Delete a Defender" + } + }, + "/api/v33.03/defenders/{id}/features": { + "post": { + "description": { + "$ref": "desc/defenders/id_features_post.md" + }, + "parameters": [ + { + "in": "path", + "name": "id", + "required": true, + "schema": { + "type": "string" + } + } + ], + "requestBody": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/defender.Features" + } + } + } + }, + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/defender.Defender" + } + } + }, + "description": "Defender is an update about an agent starting" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Defenders" + ], + "x-prisma-cloud-target-env": { + "permission": "manageDefenders" + }, + "operationId": "post-defenders-id-features", + "summary": "Update Defender Configuration" + } + }, + "/api/v33.03/defenders/{id}/restart": { + "post": { + "description": { + "$ref": "desc/defenders/id_restart_post.md" + }, + "parameters": [ + { + "in": "path", + "name": "id", + "required": true, + "schema": { + "type": "string" + } + } + ], + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Defenders" + ], + "x-prisma-cloud-target-env": { + "permission": "manageDefenders" + }, + "operationId": "post-defenders-id-restart", + "summary": "Restart a Defender" + } + }, + "/api/v33.03/defenders/{id}/upgrade": { + "post": { + "description": { + "$ref": "desc/defenders/id_upgrade_post.md" + }, + "parameters": [ + { + "in": "path", + "name": "id", + "required": true, + "schema": { + "type": "string" + } + } + ], + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Defenders" + ], + "x-prisma-cloud-target-env": { + "permission": "manageDefenders" + }, + "operationId": "post-defenders-id-upgrade", + "summary": "Upgrade a Defender" + } + }, + "/api/v33.03/feeds/custom/custom-vulnerabilities": { + "get": { + "description": { + "$ref": "desc/feeds/custom-vulnerabilities_get.md" + }, + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/vuln.CustomVulnerabilities" + } + } + }, + "description": "CustomVulnerabilities is a collection of custom vulnerabilities\nTBD: this storage usage is not best practice, should be migrate to a 1 document per vulnerability" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Feeds" + ], + "x-prisma-cloud-target-env": { + "permission": "systemOperations" + }, + "operationId": "get-feeds-custom-custom-vulnerabilities", + "summary": "Get Custom Vulnerability Feed" + }, + "put": { + "description": { + "$ref": "desc/feeds/custom-vulnerabilities_put.md" + }, + "requestBody": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/vuln.CustomVulnerabilities" + } + } + } + }, + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Feeds" + ], + "x-prisma-cloud-target-env": { + "permission": "systemOperations" + }, + "operationId": "put-feeds-custom-custom-vulnerabilities", + "summary": "Update Custom Vulnerability Feed" + } + }, + "/api/v33.03/feeds/custom/malware": { + "get": { + "description": { + "$ref": "desc/feeds/malware_get.md" + }, + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/shared.CustomMalwareFeed" + } + } + }, + "description": "CustomMalwareFeed represent the custom malware" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Feeds" + ], + "x-prisma-cloud-target-env": { + "permission": "user" + }, + "operationId": "get-feeds-custom-malware", + "summary": "Get Custom Malware Feed" + }, + "put": { + "description": { + "$ref": "desc/feeds/malware_put.md" + }, + "requestBody": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/shared.CustomMalwareFeed" + } + } + } + }, + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Feeds" + ], + "x-prisma-cloud-target-env": { + "permission": "systemOperations" + }, + "operationId": "put-feeds-custom-malware", + "summary": "Update Custom Malware Feed" + } + }, + "/api/v33.03/groups": { + "get": { + "description": { + "$ref": "desc/groups/get.md" + }, + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/types.Groups" + } + } + }, + "description": "Groups represents a list of groups" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Groups" + ], + "x-prisma-cloud-target-env": { + "permission": "userManagement" + }, + "operationId": "get-groups", + "summary": "Get Groups" + } + }, + "/api/v33.03/groups/names": { + "get": { + "description": { + "$ref": "desc/groups/names.md" + }, + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/-_string" + } + } + }, + "description": "" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Groups" + ], + "x-prisma-cloud-target-env": { + "permission": "userManagement" + }, + "operationId": "get-groups-names", + "summary": "Get Group Names" + } + }, + "/api/v33.03/hosts": { + "get": { + "description": { + "$ref": "desc/hosts/get.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Limit is the amount to fix.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Sorts the result using a key.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": "Filters the result based on hostnames.\n", + "in": "query", + "name": "hostname", + "schema": { + "description": "Filters the result based on hostnames.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters the result based on OS distribution names.\n", + "in": "query", + "name": "distro", + "schema": { + "description": "Filters the result based on OS distribution names.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Provides the minimal image data. Information about vulnerabilities, compliance, and extended image metadata are skipped.\nDefault is false.\n", + "in": "query", + "name": "compact", + "schema": { + "type": "boolean" + } + }, + { + "description": "Filters the result based on cluster names.\n", + "in": "query", + "name": "clusters", + "schema": { + "description": "Filters the result based on cluster names.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters the result based on compliance IDs.\n", + "in": "query", + "name": "complianceIDs", + "schema": { + "description": "Filters the result based on compliance IDs.\n", + "items": { + "$ref": "#/components/schemas/int" + }, + "type": "array" + } + }, + { + "description": "Filters the result based on applied compliance rule name.\n", + "in": "query", + "name": "complianceRuleName", + "schema": { + "type": "string" + } + }, + { + "description": "Retrieves the host names that were scanned by the agentless scanner.\n", + "in": "query", + "name": "agentless", + "schema": { + "type": "boolean" + } + }, + { + "description": "Filters only images scanned by CSA.\n", + "in": "query", + "name": "csa", + "schema": { + "type": "boolean" + } + }, + { + "description": "Retrieves the host names that were skipped during an agentless scan.\nDefault is false.\n", + "in": "query", + "name": "stopped", + "schema": { + "type": "boolean" + } + }, + { + "description": "Retrieves the result in the normalized form of low, medium, high, and critical based on vulnerability's severity level.\nDefault is false.\n", + "in": "query", + "name": "normalizedSeverity", + "schema": { + "type": "boolean" + } + }, + { + "description": "Filters results by uaiID.\n", + "in": "query", + "name": "uaiID", + "schema": { + "type": "string" + } + }, + { + "description": "Filters results by issue type.\n", + "in": "query", + "name": "issueType", + "schema": { + "description": "IssueType is used to filter scan results by issue type", + "enum": [ + [ + "vulnerabilities", + "compliance", + "" + ] + ], + "type": "string" + } + } + ], + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/-_shared.ImageScanResult" + } + } + }, + "description": "" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Hosts" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorHosts" + }, + "operationId": "get-hosts", + "summary": "Get Host Scan Results" + } + }, + "/api/v33.03/hosts/download": { + "get": { + "description": { + "$ref": "desc/hosts/download_get.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Limit is the amount to fix.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Sorts the result using a key.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": "Filters the result based on hostnames.\n", + "in": "query", + "name": "hostname", + "schema": { + "description": "Filters the result based on hostnames.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters the result based on OS distribution names.\n", + "in": "query", + "name": "distro", + "schema": { + "description": "Filters the result based on OS distribution names.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Provides the minimal image data. Information about vulnerabilities, compliance, and extended image metadata are skipped.\nDefault is false.\n", + "in": "query", + "name": "compact", + "schema": { + "type": "boolean" + } + }, + { + "description": "Filters the result based on cluster names.\n", + "in": "query", + "name": "clusters", + "schema": { + "description": "Filters the result based on cluster names.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters the result based on compliance IDs.\n", + "in": "query", + "name": "complianceIDs", + "schema": { + "description": "Filters the result based on compliance IDs.\n", + "items": { + "$ref": "#/components/schemas/int" + }, + "type": "array" + } + }, + { + "description": "Filters the result based on applied compliance rule name.\n", + "in": "query", + "name": "complianceRuleName", + "schema": { + "type": "string" + } + }, + { + "description": "Retrieves the host names that were scanned by the agentless scanner.\n", + "in": "query", + "name": "agentless", + "schema": { + "type": "boolean" + } + }, + { + "description": "Filters only images scanned by CSA.\n", + "in": "query", + "name": "csa", + "schema": { + "type": "boolean" + } + }, + { + "description": "Retrieves the host names that were skipped during an agentless scan.\nDefault is false.\n", + "in": "query", + "name": "stopped", + "schema": { + "type": "boolean" + } + }, + { + "description": "Retrieves the result in the normalized form of low, medium, high, and critical based on vulnerability's severity level.\nDefault is false.\n", + "in": "query", + "name": "normalizedSeverity", + "schema": { + "type": "boolean" + } + }, + { + "description": "Filters results by uaiID.\n", + "in": "query", + "name": "uaiID", + "schema": { + "type": "string" + } + }, + { + "description": "Filters results by issue type.\n", + "in": "query", + "name": "issueType", + "schema": { + "description": "IssueType is used to filter scan results by issue type", + "enum": [ + [ + "vulnerabilities", + "compliance", + "" + ] + ], + "type": "string" + } + } + ], + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Hosts" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorHosts" + }, + "operationId": "get-hosts-download", + "summary": "Download Host Scan Results" + } + }, + "/api/v33.03/hosts/evaluate": { + "post": { + "description": { + "$ref": "desc/hosts/evaluate_get.md" + }, + "requestBody": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/api.ResolveImagesReq" + } + } + } + }, + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/api.ResolveImagesResp" + } + } + }, + "description": "ResolveImagesResp represents the images resolution API output" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Hosts" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorCI" + }, + "operationId": "post-hosts-evaluate", + "summary": "Resolve Hosts" + } + }, + "/api/v33.03/hosts/info": { + "get": { + "description": { + "$ref": "desc/hosts/info_get.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Limit is the amount to fix.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Sorts the result using a key.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": "Filters the result based on hostnames.\n", + "in": "query", + "name": "hostname", + "schema": { + "description": "Filters the result based on hostnames.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters the result based on OS distribution names.\n", + "in": "query", + "name": "distro", + "schema": { + "description": "Filters the result based on OS distribution names.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Provides the minimal image data. Information about vulnerabilities, compliance, and extended image metadata are skipped.\nDefault is false.\n", + "in": "query", + "name": "compact", + "schema": { + "type": "boolean" + } + }, + { + "description": "Filters the result based on cluster names.\n", + "in": "query", + "name": "clusters", + "schema": { + "description": "Filters the result based on cluster names.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters the result based on compliance IDs.\n", + "in": "query", + "name": "complianceIDs", + "schema": { + "description": "Filters the result based on compliance IDs.\n", + "items": { + "$ref": "#/components/schemas/int" + }, + "type": "array" + } + }, + { + "description": "Filters the result based on applied compliance rule name.\n", + "in": "query", + "name": "complianceRuleName", + "schema": { + "type": "string" + } + }, + { + "description": "Retrieves the host names that were scanned by the agentless scanner.\n", + "in": "query", + "name": "agentless", + "schema": { + "type": "boolean" + } + }, + { + "description": "Filters only images scanned by CSA.\n", + "in": "query", + "name": "csa", + "schema": { + "type": "boolean" + } + }, + { + "description": "Retrieves the host names that were skipped during an agentless scan.\nDefault is false.\n", + "in": "query", + "name": "stopped", + "schema": { + "type": "boolean" + } + }, + { + "description": "Retrieves the result in the normalized form of low, medium, high, and critical based on vulnerability's severity level.\nDefault is false.\n", + "in": "query", + "name": "normalizedSeverity", + "schema": { + "type": "boolean" + } + }, + { + "description": "Filters results by uaiID.\n", + "in": "query", + "name": "uaiID", + "schema": { + "type": "string" + } + }, + { + "description": "Filters results by issue type.\n", + "in": "query", + "name": "issueType", + "schema": { + "description": "IssueType is used to filter scan results by issue type", + "enum": [ + [ + "vulnerabilities", + "compliance", + "" + ] + ], + "type": "string" + } + } + ], + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/-_shared.HostInfo" + } + } + }, + "description": "" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Hosts" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorRuntimeHosts" + }, + "operationId": "get-hosts-info", + "summary": "Get Host Information" + } + }, + "/api/v33.03/hosts/scan": { + "post": { + "description": { + "$ref": "desc/hosts/scan_post.md" + }, + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Hosts" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorHosts" + }, + "operationId": "post-hosts-scan", + "summary": "Start a Host Scan" + } + }, + "/api/v33.03/images": { + "get": { + "description": { + "$ref": "desc/images/get.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Limit is the amount to fix.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Sorts the result using a key.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": "Filters the result based on image IDs.\n", + "in": "query", + "name": "id", + "schema": { + "description": "Filters the result based on image IDs.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters the result based on hostnames.\n", + "in": "query", + "name": "hostname", + "schema": { + "description": "Filters the result based on hostnames.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters the result based on image repository names.\n", + "in": "query", + "name": "repository", + "schema": { + "description": "Filters the result based on image repository names.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters the result based on image registry names.\n", + "in": "query", + "name": "registry", + "schema": { + "description": "Filters the result based on image registry names.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "List of fields to retrieve.\n", + "in": "query", + "name": "fields", + "schema": { + "description": "List of fields to retrieve.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters the result based on image names.\n", + "in": "query", + "name": "name", + "schema": { + "description": "Filters the result based on image names.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Indicates whether the CVEs are mapped to a specific image layer.\nDefault is false.\n", + "in": "query", + "name": "layers", + "schema": { + "type": "boolean" + } + }, + { + "description": "Indicates whether to filter the base image for vulnerabilities. Requires predefined base images that have already been scanned.\nDefault is false.\n", + "in": "query", + "name": "filterBaseImage", + "schema": { + "type": "boolean" + } + }, + { + "description": "Provides the minimal image data. Information about vulnerabilities, compliance, and extended image metadata are skipped.\nDefault is false.\n", + "in": "query", + "name": "compact", + "schema": { + "type": "boolean" + } + }, + { + "description": "Filters the result based on whether an image is trusted or not trusted by a trusted image policy.\nUse filters: trusted or untrusted.\n", + "in": "query", + "name": "trustStatuses", + "schema": { + "description": "Filters the result based on whether an image is trusted or not trusted by a trusted image policy.\nUse filters: trusted or untrusted.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters the result based on cluster names.\n", + "in": "query", + "name": "clusters", + "schema": { + "description": "Filters the result based on cluster names.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters the result by compliance IDs.\n", + "in": "query", + "name": "complianceIDs", + "schema": { + "description": "Filters the result by compliance IDs.\n", + "items": { + "$ref": "#/components/schemas/int" + }, + "type": "array" + } + }, + { + "description": "Filters the result based on applied compliance rule name.\n", + "in": "query", + "name": "complianceRuleName", + "schema": { + "type": "string" + } + }, + { + "description": "Filters the result based on whether the images are scanned by App-Embedded Defenders.\nDefault is false.\n", + "in": "query", + "name": "appEmbedded", + "schema": { + "type": "boolean" + } + }, + { + "description": "Retrieves the result in the normalized form of low, medium, high, and critical based on vulnerability's severity level.\nDefault is false.\n", + "in": "query", + "name": "normalizedSeverity", + "schema": { + "type": "boolean" + } + }, + { + "description": "Indicates whether to retrieve host names that are scanned by agentless scanner.\nDefault is false.\n", + "in": "query", + "name": "agentless", + "schema": { + "type": "boolean" + } + }, + { + "description": "Filters only images scanned by CSA.\n", + "in": "query", + "name": "csa", + "schema": { + "type": "boolean" + } + }, + { + "description": "Filters results by uaiID.\n", + "in": "query", + "name": "uaiID", + "schema": { + "type": "string" + } + }, + { + "description": "Filters results by issue type.\n", + "in": "query", + "name": "issueType", + "schema": { + "description": "IssueType is used to filter scan results by issue type", + "enum": [ + [ + "vulnerabilities", + "compliance", + "" + ] + ], + "type": "string" + } + } + ], + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/-_shared.ImageScanResult" + } + } + }, + "description": "" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Images" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorImages" + }, + "operationId": "get-images", + "summary": "Get Image Scan Results" + } + }, + "/api/v33.03/images/download": { + "get": { + "description": { + "$ref": "desc/images/download_get.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Limit is the amount to fix.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Sorts the result using a key.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": "Filters the result based on image IDs.\n", + "in": "query", + "name": "id", + "schema": { + "description": "Filters the result based on image IDs.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters the result based on hostnames.\n", + "in": "query", + "name": "hostname", + "schema": { + "description": "Filters the result based on hostnames.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters the result based on image repository names.\n", + "in": "query", + "name": "repository", + "schema": { + "description": "Filters the result based on image repository names.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters the result based on image registry names.\n", + "in": "query", + "name": "registry", + "schema": { + "description": "Filters the result based on image registry names.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "List of fields to retrieve.\n", + "in": "query", + "name": "fields", + "schema": { + "description": "List of fields to retrieve.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters the result based on image names.\n", + "in": "query", + "name": "name", + "schema": { + "description": "Filters the result based on image names.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Indicates whether the CVEs are mapped to a specific image layer.\nDefault is false.\n", + "in": "query", + "name": "layers", + "schema": { + "type": "boolean" + } + }, + { + "description": "Indicates whether to filter the base image for vulnerabilities. Requires predefined base images that have already been scanned.\nDefault is false.\n", + "in": "query", + "name": "filterBaseImage", + "schema": { + "type": "boolean" + } + }, + { + "description": "Provides the minimal image data. Information about vulnerabilities, compliance, and extended image metadata are skipped.\nDefault is false.\n", + "in": "query", + "name": "compact", + "schema": { + "type": "boolean" + } + }, + { + "description": "Filters the result based on whether an image is trusted or not trusted by a trusted image policy.\nUse filters: trusted or untrusted.\n", + "in": "query", + "name": "trustStatuses", + "schema": { + "description": "Filters the result based on whether an image is trusted or not trusted by a trusted image policy.\nUse filters: trusted or untrusted.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters the result based on cluster names.\n", + "in": "query", + "name": "clusters", + "schema": { + "description": "Filters the result based on cluster names.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters the result by compliance IDs.\n", + "in": "query", + "name": "complianceIDs", + "schema": { + "description": "Filters the result by compliance IDs.\n", + "items": { + "$ref": "#/components/schemas/int" + }, + "type": "array" + } + }, + { + "description": "Filters the result based on applied compliance rule name.\n", + "in": "query", + "name": "complianceRuleName", + "schema": { + "type": "string" + } + }, + { + "description": "Filters the result based on whether the images are scanned by App-Embedded Defenders.\nDefault is false.\n", + "in": "query", + "name": "appEmbedded", + "schema": { + "type": "boolean" + } + }, + { + "description": "Retrieves the result in the normalized form of low, medium, high, and critical based on vulnerability's severity level.\nDefault is false.\n", + "in": "query", + "name": "normalizedSeverity", + "schema": { + "type": "boolean" + } + }, + { + "description": "Indicates whether to retrieve host names that are scanned by agentless scanner.\nDefault is false.\n", + "in": "query", + "name": "agentless", + "schema": { + "type": "boolean" + } + }, + { + "description": "Filters only images scanned by CSA.\n", + "in": "query", + "name": "csa", + "schema": { + "type": "boolean" + } + }, + { + "description": "Filters results by uaiID.\n", + "in": "query", + "name": "uaiID", + "schema": { + "type": "string" + } + }, + { + "description": "Filters results by issue type.\n", + "in": "query", + "name": "issueType", + "schema": { + "description": "IssueType is used to filter scan results by issue type", + "enum": [ + [ + "vulnerabilities", + "compliance", + "" + ] + ], + "type": "string" + } + } + ], + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Images" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorImages" + }, + "operationId": "get-images-download", + "summary": "Download Image Scan Results" + } + }, + "/api/v33.03/images/evaluate": { + "post": { + "description": { + "$ref": "desc/images/evaluate_get.md" + }, + "requestBody": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/api.ResolveImagesReq" + } + } + } + }, + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/api.ResolveImagesResp" + } + } + }, + "description": "ResolveImagesResp represents the images resolution API output" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Images" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorCI" + }, + "operationId": "post-images-evaluate", + "summary": "Resolve Images" + } + }, + "/api/v33.03/images/names": { + "get": { + "description": { + "$ref": "desc/images/names_get.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Limit is the amount to fix.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Sorts the result using a key.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": "Filters the result based on image IDs.\n", + "in": "query", + "name": "id", + "schema": { + "description": "Filters the result based on image IDs.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters the result based on hostnames.\n", + "in": "query", + "name": "hostname", + "schema": { + "description": "Filters the result based on hostnames.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters the result based on image repository names.\n", + "in": "query", + "name": "repository", + "schema": { + "description": "Filters the result based on image repository names.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters the result based on image registry names.\n", + "in": "query", + "name": "registry", + "schema": { + "description": "Filters the result based on image registry names.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "List of fields to retrieve.\n", + "in": "query", + "name": "fields", + "schema": { + "description": "List of fields to retrieve.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters the result based on image names.\n", + "in": "query", + "name": "name", + "schema": { + "description": "Filters the result based on image names.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Indicates whether the CVEs are mapped to a specific image layer.\nDefault is false.\n", + "in": "query", + "name": "layers", + "schema": { + "type": "boolean" + } + }, + { + "description": "Indicates whether to filter the base image for vulnerabilities. Requires predefined base images that have already been scanned.\nDefault is false.\n", + "in": "query", + "name": "filterBaseImage", + "schema": { + "type": "boolean" + } + }, + { + "description": "Provides the minimal image data. Information about vulnerabilities, compliance, and extended image metadata are skipped.\nDefault is false.\n", + "in": "query", + "name": "compact", + "schema": { + "type": "boolean" + } + }, + { + "description": "Filters the result based on whether an image is trusted or not trusted by a trusted image policy.\nUse filters: trusted or untrusted.\n", + "in": "query", + "name": "trustStatuses", + "schema": { + "description": "Filters the result based on whether an image is trusted or not trusted by a trusted image policy.\nUse filters: trusted or untrusted.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters the result based on cluster names.\n", + "in": "query", + "name": "clusters", + "schema": { + "description": "Filters the result based on cluster names.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters the result by compliance IDs.\n", + "in": "query", + "name": "complianceIDs", + "schema": { + "description": "Filters the result by compliance IDs.\n", + "items": { + "$ref": "#/components/schemas/int" + }, + "type": "array" + } + }, + { + "description": "Filters the result based on applied compliance rule name.\n", + "in": "query", + "name": "complianceRuleName", + "schema": { + "type": "string" + } + }, + { + "description": "Filters the result based on whether the images are scanned by App-Embedded Defenders.\nDefault is false.\n", + "in": "query", + "name": "appEmbedded", + "schema": { + "type": "boolean" + } + }, + { + "description": "Retrieves the result in the normalized form of low, medium, high, and critical based on vulnerability's severity level.\nDefault is false.\n", + "in": "query", + "name": "normalizedSeverity", + "schema": { + "type": "boolean" + } + }, + { + "description": "Indicates whether to retrieve host names that are scanned by agentless scanner.\nDefault is false.\n", + "in": "query", + "name": "agentless", + "schema": { + "type": "boolean" + } + }, + { + "description": "Filters only images scanned by CSA.\n", + "in": "query", + "name": "csa", + "schema": { + "type": "boolean" + } + }, + { + "description": "Filters results by uaiID.\n", + "in": "query", + "name": "uaiID", + "schema": { + "type": "string" + } + }, + { + "description": "Filters results by issue type.\n", + "in": "query", + "name": "issueType", + "schema": { + "description": "IssueType is used to filter scan results by issue type", + "enum": [ + [ + "vulnerabilities", + "compliance", + "" + ] + ], + "type": "string" + } + } + ], + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/-_string" + } + } + }, + "description": "" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Images" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorImages" + }, + "operationId": "get-images-names", + "summary": "Get Image Names" + } + }, + "/api/v33.03/images/scan": { + "post": { + "description": { + "$ref": "desc/images/scan_post.md" + }, + "requestBody": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/types.ImageScanOptions" + } + } + } + }, + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Images" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorImages" + }, + "operationId": "post-images-scan", + "summary": "Start Image Scan" + } + }, + "/api/v33.03/images/twistlock_defender_app_embedded.tar.gz": { + "get": { + "description": { + "$ref": "desc/images/twistlock_defender_app_embedded_tar_gz_get.md" + }, + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Images" + ], + "x-prisma-cloud-target-env": { + "permission": "manageDefenders" + }, + "operationId": "get-images-twistlock_defender_app_embedded.tar.gz", + "summary": "Download App Embedded Defender" + } + }, + "/api/v33.03/images/twistlock_defender_layer.zip": { + "post": { + "description": { + "$ref": "desc/images/twistlock_defender_layer_zip_post.md" + }, + "requestBody": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/shared.ServerlessLayerBundleRequest" + } + } + } + }, + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Images" + ], + "x-prisma-cloud-target-env": { + "permission": "manageDefenders" + }, + "operationId": "post-images-twistlock_defender_layer.zip", + "summary": "Download Serverless Layer Bundle" + } + }, + "/api/v33.03/policies/compliance/ci/images": { + "get": { + "description": { + "$ref": "desc/policies/compliance_ci_images_get.md" + }, + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/shared.Policy" + } + } + }, + "description": "Policy represents a policy that should be enforced by the Auditor" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Policies" + ], + "x-prisma-cloud-target-env": { + "permission": "policyContainers" + }, + "operationId": "get-policies-compliance-ci-images", + "summary": "Get Continuous Integration (CI) Image Compliance Policy" + }, + "put": { + "description": { + "$ref": "desc/policies/compliance_ci_images_put.md" + }, + "requestBody": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/shared.Policy" + } + } + } + }, + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Policies" + ], + "x-prisma-cloud-target-env": { + "permission": "policyContainers" + }, + "operationId": "put-policies-compliance-ci-images", + "summary": "Update Continuous Integration (CI) Image Compliance Policy" + } + }, + "/api/v33.03/policies/compliance/ci/serverless": { + "get": { + "description": { + "$ref": "desc/policies/compliance_ci_serverless_get.md" + }, + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/shared.Policy" + } + } + }, + "description": "Policy represents a policy that should be enforced by the Auditor" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Policies" + ], + "x-prisma-cloud-target-env": { + "permission": "policyServerless" + }, + "operationId": "get-policies-compliance-ci-serverless", + "summary": "Get Continuous Integration (CI) Serverless Compliance Policy" + }, + "put": { + "description": { + "$ref": "desc/policies/compliance_ci_serverless_put.md" + }, + "requestBody": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/shared.Policy" + } + } + } + }, + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Policies" + ], + "x-prisma-cloud-target-env": { + "permission": "policyServerless" + }, + "operationId": "put-policies-compliance-ci-serverless", + "summary": "Update Continuous Integration (CI) Serverless Compliance Policy" + } + }, + "/api/v33.03/policies/compliance/container": { + "get": { + "description": { + "$ref": "desc/policies/compliance_container_get.md" + }, + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/shared.Policy" + } + } + }, + "description": "Policy represents a policy that should be enforced by the Auditor" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Policies" + ], + "x-prisma-cloud-target-env": { + "permission": "policyContainers" + }, + "operationId": "get-policies-compliance-container", + "summary": "Get Container Compliance Policy" + }, + "put": { + "description": { + "$ref": "desc/policies/compliance_container_put.md" + }, + "requestBody": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/shared.Policy" + } + } + } + }, + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Policies" + ], + "x-prisma-cloud-target-env": { + "permission": "policyContainers" + }, + "operationId": "put-policies-compliance-container", + "summary": "Update Container Compliance Policy" + } + }, + "/api/v33.03/policies/compliance/container/impacted": { + "get": { + "description": { + "$ref": "desc/policies/compliance_container_impacted_get.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Limit is the amount to fix.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Sorts the result using a key.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": "RuleName is the rule name to apply.\n", + "in": "query", + "name": "ruleName", + "schema": { + "type": "string" + } + } + ], + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/-_shared.ImageScanResult" + } + } + }, + "description": "" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Policies" + ], + "x-prisma-cloud-target-env": { + "permission": "policyContainers" + }, + "operationId": "get-policies-compliance-container-impacted", + "summary": "Get Impacted Container Compliance Policy" + } + }, + "/api/v33.03/policies/compliance/host": { + "get": { + "description": { + "$ref": "desc/policies/compliance_host_get.md" + }, + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/shared.Policy" + } + } + }, + "description": "Policy represents a policy that should be enforced by the Auditor" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Policies" + ], + "x-prisma-cloud-target-env": { + "permission": "policyHosts" + }, + "operationId": "get-policies-compliance-host", + "summary": "Get Host Compliance Policy" + }, + "put": { + "description": { + "$ref": "desc/policies/compliance_host_put.md" + }, + "requestBody": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/shared.Policy" + } + } + } + }, + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Policies" + ], + "x-prisma-cloud-target-env": { + "permission": "policyHosts" + }, + "operationId": "put-policies-compliance-host", + "summary": "Update Host Compliance Policy" + } + }, + "/api/v33.03/policies/compliance/serverless": { + "get": { + "description": { + "$ref": "desc/policies/compliance_serverless_get.md" + }, + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/shared.Policy" + } + } + }, + "description": "Policy represents a policy that should be enforced by the Auditor" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Policies" + ], + "x-prisma-cloud-target-env": { + "permission": "policyServerless" + }, + "operationId": "get-policies-compliance-serverless", + "summary": "Get Serverless Compliance Policy" + }, + "put": { + "description": { + "$ref": "desc/policies/compliance_serverless_put.md" + }, + "requestBody": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/shared.Policy" + } + } + } + }, + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Policies" + ], + "x-prisma-cloud-target-env": { + "permission": "policyServerless" + }, + "operationId": "put-policies-compliance-serverless", + "summary": "Update Serverless Compliance Policy" + } + }, + "/api/v33.03/policies/compliance/vms/impacted": { + "get": { + "description": { + "$ref": "desc/policies/compliance_vms_impacted_get.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Limit is the amount to fix.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Sorts the result using a key.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": "RuleName is the rule name to apply.\n", + "in": "query", + "name": "ruleName", + "schema": { + "type": "string" + } + } + ], + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/-_shared.ImageScanResult" + } + } + }, + "description": "" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Policies" + ], + "x-prisma-cloud-target-env": { + "permission": "policyHosts" + }, + "operationId": "get-policies-compliance-vms-impacted", + "summary": "Get Impacted VMs Compliance Policy" + } + }, + "/api/v33.03/policies/firewall/app/agentless": { + "get": { + "description": { + "$ref": "desc/policies/firewall_app_agentless_get.md" + }, + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/waas.Policy" + } + } + }, + "description": "Policy representation details" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Policies" + ], + "x-prisma-cloud-target-env": { + "permission": "policyWAAS" + }, + "operationId": "get-policies-firewall-app-agentless", + "summary": "Get Agentless App Firewall Policy" + }, + "put": { + "description": { + "$ref": "desc/policies/firewall_app_agentless_put.md" + }, + "requestBody": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/waas.Policy" + } + } + } + }, + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Policies" + ], + "x-prisma-cloud-target-env": { + "permission": "policyWAAS" + }, + "operationId": "put-policies-firewall-app-agentless", + "summary": "Set Agentless App Firewall Policy" + } + }, + "/api/v33.03/policies/firewall/app/agentless/impacted": { + "get": { + "description": { + "$ref": "desc/policies/firewall_app_agentless_impacted_get.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Limit is the amount to fix.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Sorts the result using a key.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": "RuleName is the rule name to apply.\n", + "in": "query", + "name": "ruleName", + "schema": { + "type": "string" + } + } + ], + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/-_waas.VPCConfigMirroredResource" + } + } + }, + "description": "" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Policies" + ], + "x-prisma-cloud-target-env": { + "permission": "policyWAAS" + }, + "operationId": "get-policies-firewall-app-agentless-impacted", + "summary": "Get Agentless App Firewall Policy Impacted" + } + }, + "/api/v33.03/policies/firewall/app/agentless/resources": { + "get": { + "description": { + "$ref": "desc/policies/firewall_app_agentless_resources_get.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Limit is the amount to fix.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Sorts the result using a key.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": "ConfigID is the ID of the VPC configuration.\n", + "in": "query", + "name": "configID", + "schema": { + "type": "string" + } + } + ], + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/-_waas.VPCConfigResource" + } + } + }, + "description": "" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Policies" + ], + "x-prisma-cloud-target-env": { + "permission": "policyWAAS" + }, + "operationId": "get-policies-firewall-app-agentless-resources", + "summary": "Get Agentless App Firewall Policy Resources" + } + }, + "/api/v33.03/policies/firewall/app/agentless/state": { + "get": { + "description": { + "$ref": "desc/policies/firewall_app_agentless_state_get.md" + }, + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/waas.AgentlessPolicyState" + } + } + }, + "description": "AgentlessPolicyState is the state of the agentless policy" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Policies" + ], + "x-prisma-cloud-target-env": { + "permission": "policyWAAS" + }, + "operationId": "get-policies-firewall-app-agentless-state", + "summary": "Get Agentless App Firewall Policy State" + } + }, + "/api/v33.03/policies/firewall/app/apispec": { + "post": { + "description": { + "$ref": "desc/policies/firewall_app_apispec_post.md" + }, + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/waas.APISpec" + } + } + }, + "description": "APISpec is an API specification" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Policies" + ], + "x-prisma-cloud-target-env": { + "permission": "policyWAAS" + }, + "operationId": "post-policies-firewall-app-apispec", + "summary": "Generate a WAAS API Specification Object" + } + }, + "/api/v33.03/policies/firewall/app/app-embedded": { + "get": { + "description": { + "$ref": "desc/policies/firewall_app-embedded_get.md" + }, + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/waas.Policy" + } + } + }, + "description": "Policy representation details" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Policies" + ], + "x-prisma-cloud-target-env": { + "permission": "policyWAAS" + }, + "operationId": "get-policies-firewall-app-app-embedded", + "summary": "Get WAAS App-embedded Policy" + }, + "put": { + "description": { + "$ref": "desc/policies/firewall_app-embedded_put.md" + }, + "requestBody": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/waas.Policy" + } + } + } + }, + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Policies" + ], + "x-prisma-cloud-target-env": { + "permission": "policyWAAS" + }, + "operationId": "put-policies-firewall-app-app-embedded", + "summary": "Update WAAS App-embedded Policy" + } + }, + "/api/v33.03/policies/firewall/app/container": { + "get": { + "description": { + "$ref": "desc/policies/firewall_app_container_get.md" + }, + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/waas.Policy" + } + } + }, + "description": "Policy representation details" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Policies" + ], + "x-prisma-cloud-target-env": { + "permission": "policyWAAS" + }, + "operationId": "get-policies-firewall-app-container", + "summary": "Get WAAS Container Policy" + }, + "put": { + "description": { + "$ref": "desc/policies/firewall_app_container_put.md" + }, + "requestBody": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/waas.Policy" + } + } + } + }, + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Policies" + ], + "x-prisma-cloud-target-env": { + "permission": "policyWAAS" + }, + "operationId": "put-policies-firewall-app-container", + "summary": "Update WAAS Container Policy" + } + }, + "/api/v33.03/policies/firewall/app/container/impacted": { + "get": { + "description": { + "$ref": "desc/policies/firewall_app_container_impacted_get.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Limit is the amount to fix.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Sorts the result using a key.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": "RuleName is the rule name to apply.\n", + "in": "query", + "name": "ruleName", + "schema": { + "type": "string" + } + } + ], + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/-_shared.ContainerScanResult" + } + } + }, + "description": "" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Policies" + ], + "x-prisma-cloud-target-env": { + "permission": "policyWAAS" + }, + "operationId": "get-policies-firewall-app-container-impacted", + "summary": "Container App Firewall Policy Impacted" + } + }, + "/api/v33.03/policies/firewall/app/host": { + "get": { + "description": { + "$ref": "desc/policies/firewall_app_host_get.md" + }, + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/waas.Policy" + } + } + }, + "description": "Policy representation details" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Policies" + ], + "x-prisma-cloud-target-env": { + "permission": "policyWAAS" + }, + "operationId": "get-policies-firewall-app-host", + "summary": "Get WAAS Host Policy" + }, + "put": { + "description": { + "$ref": "desc/policies/firewall_app_host_put.md" + }, + "requestBody": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/waas.Policy" + } + } + } + }, + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Policies" + ], + "x-prisma-cloud-target-env": { + "permission": "policyWAAS" + }, + "operationId": "put-policies-firewall-app-host", + "summary": "Update WAAS Host Policy" + } + }, + "/api/v33.03/policies/firewall/app/host/impacted": { + "get": { + "description": { + "$ref": "desc/policies/firewall_app_host_impacted_get.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Limit is the amount to fix.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Sorts the result using a key.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": "RuleName is the rule name to apply.\n", + "in": "query", + "name": "ruleName", + "schema": { + "type": "string" + } + } + ], + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/-_shared.ImageScanResult" + } + } + }, + "description": "" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Policies" + ], + "x-prisma-cloud-target-env": { + "permission": "policyWAAS" + }, + "operationId": "get-policies-firewall-app-host-impacted", + "summary": "Host App Firewall Policy Impacted" + } + }, + "/api/v33.03/policies/firewall/app/network-list": { + "get": { + "description": { + "$ref": "desc/policies/firewall_app_network_list_get.md" + }, + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/-_waas.NetworkList" + } + } + }, + "description": "" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Policies" + ], + "x-prisma-cloud-target-env": { + "permission": "policyWAAS" + }, + "operationId": "get-policies-firewall-app-network-list", + "summary": "Get WAAS Network List" + }, + "post": { + "description": { + "$ref": "desc/policies/firewall_app_network_list_post.md" + }, + "requestBody": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/waas.NetworkList" + } + } + } + }, + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Policies" + ], + "x-prisma-cloud-target-env": { + "permission": "policyWAAS" + }, + "operationId": "post-policies-firewall-app-network-list", + "summary": "Add WAAS Network List" + }, + "put": { + "description": { + "$ref": "desc/policies/firewall_app_network_list_put.md" + }, + "requestBody": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/waas.NetworkList" + } + } + } + }, + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Policies" + ], + "x-prisma-cloud-target-env": { + "permission": "policyWAAS" + }, + "operationId": "put-policies-firewall-app-network-list", + "summary": "Update WAAS Network List" + } + }, + "/api/v33.03/policies/firewall/app/network-list/{id}": { + "delete": { + "description": { + "$ref": "desc/policies/firewall_app_network_list_id_delete.md" + }, + "parameters": [ + { + "in": "path", + "name": "id", + "required": true, + "schema": { + "type": "string" + } + } + ], + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Policies" + ], + "x-prisma-cloud-target-env": { + "permission": "policyWAAS" + }, + "operationId": "delete-policies-firewall-app-network-list-id", + "summary": "Delete WAAS Network List" + } + }, + "/api/v33.03/policies/firewall/app/out-of-band": { + "get": { + "description": { + "$ref": "desc/policies/firewall_app_out-of-band_get.md" + }, + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/waas.Policy" + } + } + }, + "description": "Policy representation details" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Policies" + ], + "x-prisma-cloud-target-env": { + "permission": "policyWAAS" + }, + "operationId": "get-policies-firewall-app-out-of-band", + "summary": "Get Out-of-Band WAAS Policy" + }, + "put": { + "description": { + "$ref": "desc/policies/firewall_app_out-of-band_put.md" + }, + "requestBody": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/waas.Policy" + } + } + } + }, + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Policies" + ], + "x-prisma-cloud-target-env": { + "permission": "policyWAAS" + }, + "operationId": "put-policies-firewall-app-out-of-band", + "summary": "Update Out-of-Band WAAS Policy" + } + }, + "/api/v33.03/policies/firewall/app/out-of-band/impacted": { + "get": { + "description": { + "$ref": "desc/policies/firewall_app_out-of-band_impacted_get.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Limit is the amount to fix.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Sorts the result using a key.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": "RuleName is the rule name to apply.\n", + "in": "query", + "name": "ruleName", + "schema": { + "type": "string" + } + } + ], + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/-_types.ImpactedOutOfBandEntity" + } + } + }, + "description": "" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Policies" + ], + "x-prisma-cloud-target-env": { + "permission": "policyWAAS" + }, + "operationId": "get-policies-firewall-app-out-of-band-impacted", + "summary": "Get Impacted Resources for Out-of-Band WAAS Policy" + } + }, + "/api/v33.03/policies/firewall/app/serverless": { + "get": { + "description": { + "$ref": "desc/policies/firewall_app_serverless_get.md" + }, + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/waas.Policy" + } + } + }, + "description": "Policy representation details" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Policies" + ], + "x-prisma-cloud-target-env": { + "permission": "policyWAAS" + }, + "operationId": "get-policies-firewall-app-serverless", + "summary": "Get WAAS Serverless Policy" + }, + "put": { + "description": { + "$ref": "desc/policies/firewall_app_serverless_put.md" + }, + "requestBody": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/waas.Policy" + } + } + } + }, + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Policies" + ], + "x-prisma-cloud-target-env": { + "permission": "policyWAAS" + }, + "operationId": "put-policies-firewall-app-serverless", + "summary": "Update WAAS Serverless Policy" + } + }, + "/api/v33.03/policies/firewall/network": { + "get": { + "description": { + "$ref": "desc/policies/firewall_network_container_get.md" + }, + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/cnnf.Policy" + } + } + }, + "description": "Policy holds the data for firewall policies (host and container)" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Policies" + ], + "x-prisma-cloud-target-env": { + "permission": "policyCNNF" + }, + "operationId": "get-policies-firewall-network", + "summary": "Get CNNS Container and Host Policy" + }, + "put": { + "description": { + "$ref": "desc/policies/firewall_network_container_put.md" + }, + "requestBody": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/cnnf.Policy" + } + } + } + }, + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Policies" + ], + "x-prisma-cloud-target-env": { + "permission": "policyCNNF" + }, + "operationId": "put-policies-firewall-network", + "summary": "Update CNNS Container and Host Policy" + } + }, + "/api/v33.03/policies/runtime/app-embedded": { + "get": { + "description": { + "$ref": "desc/policies/runtime_app-embedded_get.md" + }, + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/runtime.AppEmbeddedPolicy" + } + } + }, + "description": "AppEmbeddedPolicy represents a runtime policy enforced for a given running resource" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Policies" + ], + "x-prisma-cloud-target-env": { + "permission": "policyRuntimeServerless" + }, + "operationId": "get-policies-runtime-app-embedded", + "summary": "Get Runtime App-embedded Policy" + }, + "post": { + "description": { + "$ref": "desc/policies/runtime_app-embedded_post.md" + }, + "requestBody": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/runtime.AppEmbeddedPolicyRule" + } + } + } + }, + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Policies" + ], + "x-prisma-cloud-target-env": { + "permission": "policyRuntimeServerless" + }, + "operationId": "post-policies-runtime-app-embedded", + "summary": "Add Runtime App-embedded Policy" + }, + "put": { + "description": { + "$ref": "desc/policies/runtime_app-embedded_put.md" + }, + "requestBody": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/runtime.AppEmbeddedPolicy" + } + } + } + }, + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Policies" + ], + "x-prisma-cloud-target-env": { + "permission": "policyRuntimeServerless" + }, + "operationId": "put-policies-runtime-app-embedded", + "summary": "Update Runtime App-embedded Policy" + } + }, + "/api/v33.03/policies/runtime/container": { + "get": { + "description": { + "$ref": "desc/policies/runtime_container_get.md" + }, + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/runtime.ContainerPolicy" + } + } + }, + "description": "ContainerPolicy represents a runtime policy enforced for a given running resource" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Policies" + ], + "x-prisma-cloud-target-env": { + "permission": "policyRuntimeContainer" + }, + "operationId": "get-policies-runtime-container", + "summary": "Get Runtime Container Policy" + }, + "post": { + "description": { + "$ref": "desc/policies/runtime_container_post.md" + }, + "requestBody": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/runtime.ContainerPolicyRule" + } + } + } + }, + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Policies" + ], + "x-prisma-cloud-target-env": { + "permission": "policyRuntimeContainer" + }, + "operationId": "post-policies-runtime-container", + "summary": "Update Runtime Container Policy" + }, + "put": { + "description": { + "$ref": "desc/policies/runtime_container_put.md" + }, + "requestBody": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/runtime.ContainerPolicy" + } + } + } + }, + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Policies" + ], + "x-prisma-cloud-target-env": { + "permission": "policyRuntimeContainer" + }, + "operationId": "put-policies-runtime-container", + "summary": "Set Container Runtime Policy" + } + }, + "/api/v33.03/policies/runtime/container/impacted": { + "get": { + "description": { + "$ref": "desc/policies/runtime_container_impacted_get.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Limit is the amount to fix.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Sorts the result using a key.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": "RuleName is the rule name to apply.\n", + "in": "query", + "name": "ruleName", + "schema": { + "type": "string" + } + } + ], + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/-_shared.ContainerScanResult" + } + } + }, + "description": "" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Policies" + ], + "x-prisma-cloud-target-env": { + "permission": "policyRuntimeContainer" + }, + "operationId": "get-policies-runtime-container-impacted", + "summary": "Update Runtime Impacted Container Policy" + } + }, + "/api/v33.03/policies/runtime/host": { + "get": { + "description": { + "$ref": "desc/policies/runtime_host_get.md" + }, + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/runtime.HostPolicy" + } + } + }, + "description": "HostPolicy represents a host runtime policy enforced for a given running resource" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Policies" + ], + "x-prisma-cloud-target-env": { + "permission": "policyRuntimeHosts" + }, + "operationId": "get-policies-runtime-host", + "summary": "Get Runtime Host Policy" + }, + "post": { + "description": { + "$ref": "desc/policies/runtime_host_post.md" + }, + "requestBody": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/runtime.HostPolicyRule" + } + } + } + }, + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Policies" + ], + "x-prisma-cloud-target-env": { + "permission": "policyRuntimeHosts" + }, + "operationId": "post-policies-runtime-host", + "summary": "Update Runtime Host Policy" + }, + "put": { + "description": { + "$ref": "desc/policies/runtime_host_put.md" + }, + "requestBody": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/runtime.HostPolicy" + } + } + } + }, + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Policies" + ], + "x-prisma-cloud-target-env": { + "permission": "policyRuntimeHosts" + }, + "operationId": "put-policies-runtime-host", + "summary": "Set Host Runtime Policy" + } + }, + "/api/v33.03/policies/runtime/serverless": { + "get": { + "description": { + "$ref": "desc/policies/runtime_serverless_get.md" + }, + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/runtime.ServerlessPolicy" + } + } + }, + "description": "ServerlessPolicy represents a serverless runtime policy enforced for a given running resource" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Policies" + ], + "x-prisma-cloud-target-env": { + "permission": "policyRuntimeServerless" + }, + "operationId": "get-policies-runtime-serverless", + "summary": "Get Runtime Serverless Policy" + }, + "post": { + "description": { + "$ref": "desc/policies/runtime_serverless_post.md" + }, + "requestBody": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/runtime.ServerlessPolicyRule" + } + } + } + }, + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Policies" + ], + "x-prisma-cloud-target-env": { + "permission": "policyRuntimeServerless" + }, + "operationId": "post-policies-runtime-serverless", + "summary": "Update Runtime Serverless Policy" + }, + "put": { + "description": { + "$ref": "desc/policies/runtime_serverless_put.md" + }, + "requestBody": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/runtime.ServerlessPolicy" + } + } + } + }, + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Policies" + ], + "x-prisma-cloud-target-env": { + "permission": "policyRuntimeServerless" + }, + "operationId": "put-policies-runtime-serverless", + "summary": "Set Serverless Runtime Policy" + } + }, + "/api/v33.03/policies/vulnerability/base-images": { + "get": { + "description": { + "$ref": "desc/policies/vulnerability_base_images_get.md" + }, + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/-_types.BaseImagesRule" + } + } + }, + "description": "" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Policies" + ], + "x-prisma-cloud-target-env": { + "permission": "policyContainers" + }, + "operationId": "get-policies-vulnerability-base-images", + "summary": "Get Base Images Rules" + }, + "post": { + "description": { + "$ref": "desc/policies/vulnerability_base_images_post.md" + }, + "requestBody": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/types.BaseImagesRule" + } + } + } + }, + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Policies" + ], + "x-prisma-cloud-target-env": { + "permission": "policyContainers" + }, + "operationId": "post-policies-vulnerability-base-images", + "summary": "Add Base Images Rule" + } + }, + "/api/v33.03/policies/vulnerability/base-images/download": { + "get": { + "description": { + "$ref": "desc/policies/vulnerability_base_images_download.md" + }, + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Policies" + ], + "x-prisma-cloud-target-env": { + "permission": "policyContainers" + }, + "operationId": "get-policies-vulnerability-base-images-download", + "summary": "Download Base Images Rules" + } + }, + "/api/v33.03/policies/vulnerability/base-images/{id}": { + "delete": { + "description": { + "$ref": "desc/policies/vulnerability_base_images_id_delete.md" + }, + "parameters": [ + { + "in": "path", + "name": "id", + "required": true, + "schema": { + "type": "string" + } + } + ], + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Policies" + ], + "x-prisma-cloud-target-env": { + "permission": "policyContainers" + }, + "operationId": "delete-policies-vulnerability-base-images-id", + "summary": "Delete Base Images Rule" + } + }, + "/api/v33.03/policies/vulnerability/ci/images": { + "get": { + "description": { + "$ref": "desc/policies/vulnerability_ci_images_get.md" + }, + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/shared.Policy" + } + } + }, + "description": "Policy represents a policy that should be enforced by the Auditor" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Policies" + ], + "x-prisma-cloud-target-env": { + "permission": "policyContainers" + }, + "operationId": "get-policies-vulnerability-ci-images", + "summary": "Get CI Image Vulnerability Policy" + }, + "put": { + "description": { + "$ref": "desc/policies/vulnerability_ci_images_put.md" + }, + "requestBody": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/shared.Policy" + } + } + } + }, + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Policies" + ], + "x-prisma-cloud-target-env": { + "permission": "policyContainers" + }, + "operationId": "put-policies-vulnerability-ci-images", + "summary": "Update CI Image Vulnerability Policy" + } + }, + "/api/v33.03/policies/vulnerability/ci/serverless": { + "get": { + "description": { + "$ref": "desc/policies/vulnerability_ci_serverless_get.md" + }, + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/shared.Policy" + } + } + }, + "description": "Policy represents a policy that should be enforced by the Auditor" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Policies" + ], + "x-prisma-cloud-target-env": { + "permission": "policyServerless" + }, + "operationId": "get-policies-vulnerability-ci-serverless", + "summary": "Get CI Serverless Vulnerability Policy" + }, + "put": { + "description": { + "$ref": "desc/policies/vulnerability_ci_serverless_put.md" + }, + "requestBody": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/shared.Policy" + } + } + } + }, + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Policies" + ], + "x-prisma-cloud-target-env": { + "permission": "policyServerless" + }, + "operationId": "put-policies-vulnerability-ci-serverless", + "summary": "Update CI Serverless Vulnerability Policy" + } + }, + "/api/v33.03/policies/vulnerability/host": { + "get": { + "description": { + "$ref": "desc/policies/vulnerability_host_get.md" + }, + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/shared.Policy" + } + } + }, + "description": "Policy represents a policy that should be enforced by the Auditor" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Policies" + ], + "x-prisma-cloud-target-env": { + "permission": "policyHosts" + }, + "operationId": "get-policies-vulnerability-host", + "summary": "Get Host Vulnerability Policy" + }, + "put": { + "description": { + "$ref": "desc/policies/vulnerability_host_put.md" + }, + "requestBody": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/shared.Policy" + } + } + } + }, + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Policies" + ], + "x-prisma-cloud-target-env": { + "permission": "policyHosts" + }, + "operationId": "put-policies-vulnerability-host", + "summary": "Update Host Vulnerability Policy" + } + }, + "/api/v33.03/policies/vulnerability/host/impacted": { + "get": { + "description": { + "$ref": "desc/policies/vulnerability_host_impacted_get.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Limit is the amount to fix.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Sorts the result using a key.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": "RuleName is the rule name to apply.\n", + "in": "query", + "name": "ruleName", + "schema": { + "type": "string" + } + } + ], + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/-_shared.ImageScanResult" + } + } + }, + "description": "" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Policies" + ], + "x-prisma-cloud-target-env": { + "permission": "policyHosts" + }, + "operationId": "get-policies-vulnerability-host-impacted", + "summary": "Get Impacted Host Vulnerability Policy" + } + }, + "/api/v33.03/policies/vulnerability/images": { + "get": { + "description": { + "$ref": "desc/policies/vulnerability_images_get.md" + }, + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/shared.Policy" + } + } + }, + "description": "Policy represents a policy that should be enforced by the Auditor" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Policies" + ], + "x-prisma-cloud-target-env": { + "permission": "policyContainers" + }, + "operationId": "get-policies-vulnerability-images", + "summary": "Get Image Vulnerability Policy" + }, + "put": { + "description": { + "$ref": "desc/policies/vulnerability_images_put.md" + }, + "requestBody": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/shared.Policy" + } + } + } + }, + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Policies" + ], + "x-prisma-cloud-target-env": { + "permission": "policyContainers" + }, + "operationId": "put-policies-vulnerability-images", + "summary": "Update Image Vulnerability Policy" + } + }, + "/api/v33.03/policies/vulnerability/images/impacted": { + "get": { + "description": { + "$ref": "desc/policies/vulnerability_images_impacted_get.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Limit is the amount to fix.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Sorts the result using a key.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": "RuleName is the rule name to apply.\n", + "in": "query", + "name": "ruleName", + "schema": { + "type": "string" + } + } + ], + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/-_shared.ImageScanResult" + } + } + }, + "description": "" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Policies" + ], + "x-prisma-cloud-target-env": { + "permission": "policyContainers" + }, + "operationId": "get-policies-vulnerability-images-impacted", + "summary": "Get Impacted Image Vulnerability Policy" + } + }, + "/api/v33.03/policies/vulnerability/serverless": { + "get": { + "description": { + "$ref": "desc/policies/vulnerability_serverless_get.md" + }, + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/shared.Policy" + } + } + }, + "description": "Policy represents a policy that should be enforced by the Auditor" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Policies" + ], + "x-prisma-cloud-target-env": { + "permission": "policyServerless" + }, + "operationId": "get-policies-vulnerability-serverless", + "summary": "Get Serverless Vulnerability Policy" + }, + "put": { + "description": { + "$ref": "desc/policies/vulnerability_serverless_put.md" + }, + "requestBody": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/shared.Policy" + } + } + } + }, + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Policies" + ], + "x-prisma-cloud-target-env": { + "permission": "policyServerless" + }, + "operationId": "put-policies-vulnerability-serverless", + "summary": "Update Serverless Vulnerability Policy" + } + }, + "/api/v33.03/profiles/app-embedded": { + "get": { + "description": { + "$ref": "desc/profiles/app-embedded_get.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Limit is the amount to fix.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Sorts the result using a key.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": "IDs is the runtime profile id filter.\n", + "in": "query", + "name": "id", + "schema": { + "description": "IDs is the runtime profile id filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "AppIDs is the app embedded profile app IDs filter.\n", + "in": "query", + "name": "appID", + "schema": { + "description": "AppIDs is the app embedded profile app IDs filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Containers is the app embedded container filter.\n", + "in": "query", + "name": "container", + "schema": { + "description": "Containers is the app embedded container filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Images is the app embedded images filter.\n", + "in": "query", + "name": "image", + "schema": { + "description": "Images is the app embedded images filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Clusters is the app embedded clusters filter.\n", + "in": "query", + "name": "cluster", + "schema": { + "description": "Clusters is the app embedded clusters filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "ImageIDs is the app embedded image IDs filter.\n", + "in": "query", + "name": "imageID", + "schema": { + "description": "ImageIDs is the app embedded image IDs filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + } + ], + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/-_shared.AppEmbeddedRuntimeProfile" + } + } + }, + "description": "" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Profiles" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorRuntimeServerless" + }, + "operationId": "get-profiles-app-embedded", + "summary": "Get App-embedded Profiles" + } + }, + "/api/v33.03/profiles/app-embedded/download": { + "get": { + "description": { + "$ref": "desc/profiles/app-embedded_download_get.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Limit is the amount to fix.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Sorts the result using a key.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": "IDs is the runtime profile id filter.\n", + "in": "query", + "name": "id", + "schema": { + "description": "IDs is the runtime profile id filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "AppIDs is the app embedded profile app IDs filter.\n", + "in": "query", + "name": "appID", + "schema": { + "description": "AppIDs is the app embedded profile app IDs filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Containers is the app embedded container filter.\n", + "in": "query", + "name": "container", + "schema": { + "description": "Containers is the app embedded container filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Images is the app embedded images filter.\n", + "in": "query", + "name": "image", + "schema": { + "description": "Images is the app embedded images filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Clusters is the app embedded clusters filter.\n", + "in": "query", + "name": "cluster", + "schema": { + "description": "Clusters is the app embedded clusters filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "ImageIDs is the app embedded image IDs filter.\n", + "in": "query", + "name": "imageID", + "schema": { + "description": "ImageIDs is the app embedded image IDs filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + } + ], + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Profiles" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorRuntimeServerless" + }, + "operationId": "get-profiles-app-embedded-download", + "summary": "Download App-embedded Profiles" + } + }, + "/api/v33.03/profiles/container": { + "get": { + "description": { + "$ref": "desc/profiles/container_get.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Limit is the amount to fix.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Sorts the result using a key.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": "IDs is the runtime profile id filter.\n", + "in": "query", + "name": "id", + "schema": { + "description": "IDs is the runtime profile id filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "OS is the service runtime profile OS filter.\n", + "in": "query", + "name": "os", + "schema": { + "description": "OS is the service runtime profile OS filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "States is the runtime profile state filter.\n", + "in": "query", + "name": "state", + "schema": { + "description": "States is the runtime profile state filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "ImageIDs is the runtime profile image id filter.\n", + "in": "query", + "name": "imageID", + "schema": { + "description": "ImageIDs is the runtime profile image id filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Images is the runtime profile image filter.\n", + "in": "query", + "name": "image", + "schema": { + "description": "Images is the runtime profile image filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Hosts is the runtime profile hostname filter.\n", + "in": "query", + "name": "hostName", + "schema": { + "description": "Hosts is the runtime profile hostname filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Namespaces is the runtime profile k8s namespace filter.\n", + "in": "query", + "name": "namespace", + "schema": { + "description": "Namespaces is the runtime profile k8s namespace filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Clusters is the runtime profile k8s cluster filter.\n", + "in": "query", + "name": "cluster", + "schema": { + "description": "Clusters is the runtime profile k8s cluster filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + } + ], + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/-_shared.ContainerRuntimeProfile" + } + } + }, + "description": "" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Profiles" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorRuntimeContainers" + }, + "operationId": "get-profiles-container", + "summary": "Get Runtime Container Profiles" + } + }, + "/api/v33.03/profiles/container/download": { + "get": { + "description": { + "$ref": "desc/profiles/container_download_get.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Limit is the amount to fix.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Sorts the result using a key.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": "IDs is the runtime profile id filter.\n", + "in": "query", + "name": "id", + "schema": { + "description": "IDs is the runtime profile id filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "OS is the service runtime profile OS filter.\n", + "in": "query", + "name": "os", + "schema": { + "description": "OS is the service runtime profile OS filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "States is the runtime profile state filter.\n", + "in": "query", + "name": "state", + "schema": { + "description": "States is the runtime profile state filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "ImageIDs is the runtime profile image id filter.\n", + "in": "query", + "name": "imageID", + "schema": { + "description": "ImageIDs is the runtime profile image id filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Images is the runtime profile image filter.\n", + "in": "query", + "name": "image", + "schema": { + "description": "Images is the runtime profile image filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Hosts is the runtime profile hostname filter.\n", + "in": "query", + "name": "hostName", + "schema": { + "description": "Hosts is the runtime profile hostname filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Namespaces is the runtime profile k8s namespace filter.\n", + "in": "query", + "name": "namespace", + "schema": { + "description": "Namespaces is the runtime profile k8s namespace filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Clusters is the runtime profile k8s cluster filter.\n", + "in": "query", + "name": "cluster", + "schema": { + "description": "Clusters is the runtime profile k8s cluster filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + } + ], + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Profiles" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorRuntimeContainers" + }, + "operationId": "get-profiles-container-download", + "summary": "Download Runtime Container Profiles" + } + }, + "/api/v33.03/profiles/container/learn": { + "post": { + "description": { + "$ref": "desc/profiles/container_learn_post.md" + }, + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Profiles" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorRuntimeContainers" + }, + "operationId": "post-profiles-container-learn", + "summary": "Learn Runtime Container Profiles" + } + }, + "/api/v33.03/profiles/host": { + "get": { + "description": { + "$ref": "desc/profiles/host_get.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Limit is the amount to fix.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Sorts the result using a key.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": "IDs is the runtime profile id filter.\n", + "in": "query", + "name": "id", + "schema": { + "description": "IDs is the runtime profile id filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "OS is the service runtime profile OS filter.\n", + "in": "query", + "name": "os", + "schema": { + "description": "OS is the service runtime profile OS filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "States is the runtime profile state filter.\n", + "in": "query", + "name": "state", + "schema": { + "description": "States is the runtime profile state filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "ImageIDs is the runtime profile image id filter.\n", + "in": "query", + "name": "imageID", + "schema": { + "description": "ImageIDs is the runtime profile image id filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Images is the runtime profile image filter.\n", + "in": "query", + "name": "image", + "schema": { + "description": "Images is the runtime profile image filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Hosts is the runtime profile hostname filter.\n", + "in": "query", + "name": "hostName", + "schema": { + "description": "Hosts is the runtime profile hostname filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Namespaces is the runtime profile k8s namespace filter.\n", + "in": "query", + "name": "namespace", + "schema": { + "description": "Namespaces is the runtime profile k8s namespace filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Clusters is the runtime profile k8s cluster filter.\n", + "in": "query", + "name": "cluster", + "schema": { + "description": "Clusters is the runtime profile k8s cluster filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + } + ], + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/-_runtime.HostProfile" + } + } + }, + "description": "" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Profiles" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorRuntimeHosts" + }, + "operationId": "get-profiles-host", + "summary": "Get Runtime Host Profiles" + } + }, + "/api/v33.03/profiles/host/download": { + "get": { + "description": { + "$ref": "desc/profiles/host_download_get.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Limit is the amount to fix.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Sorts the result using a key.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": "IDs is the runtime profile id filter.\n", + "in": "query", + "name": "id", + "schema": { + "description": "IDs is the runtime profile id filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "OS is the service runtime profile OS filter.\n", + "in": "query", + "name": "os", + "schema": { + "description": "OS is the service runtime profile OS filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "States is the runtime profile state filter.\n", + "in": "query", + "name": "state", + "schema": { + "description": "States is the runtime profile state filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "ImageIDs is the runtime profile image id filter.\n", + "in": "query", + "name": "imageID", + "schema": { + "description": "ImageIDs is the runtime profile image id filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Images is the runtime profile image filter.\n", + "in": "query", + "name": "image", + "schema": { + "description": "Images is the runtime profile image filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Hosts is the runtime profile hostname filter.\n", + "in": "query", + "name": "hostName", + "schema": { + "description": "Hosts is the runtime profile hostname filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Namespaces is the runtime profile k8s namespace filter.\n", + "in": "query", + "name": "namespace", + "schema": { + "description": "Namespaces is the runtime profile k8s namespace filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Clusters is the runtime profile k8s cluster filter.\n", + "in": "query", + "name": "cluster", + "schema": { + "description": "Clusters is the runtime profile k8s cluster filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + } + ], + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Profiles" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorRuntimeHosts" + }, + "operationId": "get-profiles-host-download", + "summary": "Download Runtime Host Profiles" + } + }, + "/api/v33.03/registry": { + "get": { + "description": { + "$ref": "desc/registry/get.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Limit is the amount to fix.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Sorts the result using a key.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": "Filters results by registry image.\n", + "in": "query", + "name": "id", + "schema": { + "description": "Filters results by registry image.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters the result by image IDs that are available in daemonset.\n", + "in": "query", + "name": "imageID", + "schema": { + "description": "Filters the result by image IDs that are available in daemonset.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters the result based on image repository names.\n", + "in": "query", + "name": "repository", + "schema": { + "description": "Filters the result based on image repository names.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters the result based on image registry names.\n", + "in": "query", + "name": "registry", + "schema": { + "description": "Filters the result based on image registry names.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters the result based on full image names.\n", + "in": "query", + "name": "name", + "schema": { + "description": "Filters the result based on full image names.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Indicates whether the CVEs are mapped to an image layer.\nDefault is false.\n", + "in": "query", + "name": "layers", + "schema": { + "type": "boolean" + } + }, + { + "description": "Provides the minimal image data. Information about vulnerabilities, compliance, and extended image metadata are skipped.\nDefault is false.\n", + "in": "query", + "name": "compact", + "schema": { + "type": "boolean" + } + }, + { + "description": "Indicates whether to filter the base image for vulnerabilities. Requires predefined base images that have already been scanned.\nDefault is false.\n", + "in": "query", + "name": "filterBaseImage", + "schema": { + "type": "boolean" + } + }, + { + "description": "Retrieves the result in the normalized form of low, medium, high, and critical based on vulnerability's severity level.\nDefault is false.\n", + "in": "query", + "name": "normalizedSeverity", + "schema": { + "type": "boolean" + } + }, + { + "description": "Filters results by uaiID.\n", + "in": "query", + "name": "uaiID", + "schema": { + "type": "string" + } + }, + { + "description": "Filters results by issue type.\n", + "in": "query", + "name": "issueType", + "schema": { + "description": "IssueType is used to filter scan results by issue type", + "enum": [ + [ + "vulnerabilities", + "compliance", + "" + ] + ], + "type": "string" + } + } + ], + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/-_shared.ImageScanResult" + } + } + }, + "description": "" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Registry" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorImages" + }, + "operationId": "get-registry", + "summary": "Get Registry Scan Results" + } + }, + "/api/v33.03/registry/download": { + "get": { + "description": { + "$ref": "desc/registry/download_get.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Limit is the amount to fix.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Sorts the result using a key.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": "Filters results by registry image.\n", + "in": "query", + "name": "id", + "schema": { + "description": "Filters results by registry image.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters the result by image IDs that are available in daemonset.\n", + "in": "query", + "name": "imageID", + "schema": { + "description": "Filters the result by image IDs that are available in daemonset.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters the result based on image repository names.\n", + "in": "query", + "name": "repository", + "schema": { + "description": "Filters the result based on image repository names.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters the result based on image registry names.\n", + "in": "query", + "name": "registry", + "schema": { + "description": "Filters the result based on image registry names.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters the result based on full image names.\n", + "in": "query", + "name": "name", + "schema": { + "description": "Filters the result based on full image names.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Indicates whether the CVEs are mapped to an image layer.\nDefault is false.\n", + "in": "query", + "name": "layers", + "schema": { + "type": "boolean" + } + }, + { + "description": "Provides the minimal image data. Information about vulnerabilities, compliance, and extended image metadata are skipped.\nDefault is false.\n", + "in": "query", + "name": "compact", + "schema": { + "type": "boolean" + } + }, + { + "description": "Indicates whether to filter the base image for vulnerabilities. Requires predefined base images that have already been scanned.\nDefault is false.\n", + "in": "query", + "name": "filterBaseImage", + "schema": { + "type": "boolean" + } + }, + { + "description": "Retrieves the result in the normalized form of low, medium, high, and critical based on vulnerability's severity level.\nDefault is false.\n", + "in": "query", + "name": "normalizedSeverity", + "schema": { + "type": "boolean" + } + }, + { + "description": "Filters results by uaiID.\n", + "in": "query", + "name": "uaiID", + "schema": { + "type": "string" + } + }, + { + "description": "Filters results by issue type.\n", + "in": "query", + "name": "issueType", + "schema": { + "description": "IssueType is used to filter scan results by issue type", + "enum": [ + [ + "vulnerabilities", + "compliance", + "" + ] + ], + "type": "string" + } + } + ], + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Registry" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorImages" + }, + "operationId": "get-registry-download", + "summary": "Download Registry Scan Results" + } + }, + "/api/v33.03/registry/names": { + "get": { + "description": { + "$ref": "desc/registry/names_get.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Limit is the amount to fix.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Sorts the result using a key.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": "Filters results by registry image.\n", + "in": "query", + "name": "id", + "schema": { + "description": "Filters results by registry image.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters the result by image IDs that are available in daemonset.\n", + "in": "query", + "name": "imageID", + "schema": { + "description": "Filters the result by image IDs that are available in daemonset.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters the result based on image repository names.\n", + "in": "query", + "name": "repository", + "schema": { + "description": "Filters the result based on image repository names.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters the result based on image registry names.\n", + "in": "query", + "name": "registry", + "schema": { + "description": "Filters the result based on image registry names.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters the result based on full image names.\n", + "in": "query", + "name": "name", + "schema": { + "description": "Filters the result based on full image names.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Indicates whether the CVEs are mapped to an image layer.\nDefault is false.\n", + "in": "query", + "name": "layers", + "schema": { + "type": "boolean" + } + }, + { + "description": "Provides the minimal image data. Information about vulnerabilities, compliance, and extended image metadata are skipped.\nDefault is false.\n", + "in": "query", + "name": "compact", + "schema": { + "type": "boolean" + } + }, + { + "description": "Indicates whether to filter the base image for vulnerabilities. Requires predefined base images that have already been scanned.\nDefault is false.\n", + "in": "query", + "name": "filterBaseImage", + "schema": { + "type": "boolean" + } + }, + { + "description": "Retrieves the result in the normalized form of low, medium, high, and critical based on vulnerability's severity level.\nDefault is false.\n", + "in": "query", + "name": "normalizedSeverity", + "schema": { + "type": "boolean" + } + }, + { + "description": "Filters results by uaiID.\n", + "in": "query", + "name": "uaiID", + "schema": { + "type": "string" + } + }, + { + "description": "Filters results by issue type.\n", + "in": "query", + "name": "issueType", + "schema": { + "description": "IssueType is used to filter scan results by issue type", + "enum": [ + [ + "vulnerabilities", + "compliance", + "" + ] + ], + "type": "string" + } + } + ], + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/-_string" + } + } + }, + "description": "" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Registry" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorImages" + }, + "operationId": "get-registry-names", + "summary": "Get Registry Image Names" + } + }, + "/api/v33.03/registry/progress": { + "get": { + "description": { + "$ref": "desc/registry/get_registry_progress.md" + }, + "parameters": [ + { + "description": "OnDemand indicates the requested progress is for an on-demand scan.\n", + "in": "query", + "name": "onDemand", + "schema": { + "type": "boolean" + } + }, + { + "description": "Registry is the image's registry.\n", + "in": "query", + "name": "registry", + "schema": { + "type": "string" + } + }, + { + "description": "Repository is the image's repository.\n", + "in": "query", + "name": "repo", + "schema": { + "type": "string" + } + }, + { + "description": "Tag is the image's tag.\n", + "in": "query", + "name": "tag", + "schema": { + "type": "string" + } + }, + { + "description": "Digest is the image's digest.\n", + "in": "query", + "name": "digest", + "schema": { + "type": "string" + } + } + ], + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/-_shared.RegistryScanProgress" + } + } + }, + "description": "" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Registry" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorImages" + }, + "operationId": "get-registry-progress", + "summary": "View Registry Scan Progress" + } + }, + "/api/v33.03/registry/scan": { + "post": { + "description": { + "$ref": "desc/registry/scan_post.md" + }, + "requestBody": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/shared.RegistryScanRequest" + } + } + } + }, + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Registry" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorImages" + }, + "operationId": "post-registry-scan", + "summary": "Start a Registry Scan" + } + }, + "/api/v33.03/registry/scan/select": { + "post": { + "description": { + "$ref": "desc/registry/scan_select_post.md" + }, + "requestBody": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/-_shared.RegistryScanRequest" + } + } + } + }, + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Registry" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorImages" + }, + "operationId": "post-registry-scan-select", + "summary": "Scan Registries" + } + }, + "/api/v33.03/registry/stop": { + "post": { + "description": { + "$ref": "desc/registry/stop_post.md" + }, + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Registry" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorImages" + }, + "operationId": "post-registry-stop", + "summary": "Stop a Registry Scan" + } + }, + "/api/v33.03/registry/stop/{id}": { + "post": { + "description": { + "$ref": "desc/registry/stop_id_post.md" + }, + "parameters": [ + { + "in": "path", + "name": "id", + "required": true, + "schema": { + "type": "string" + } + } + ], + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Registry" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorImages" + }, + "operationId": "post-registry-stop-id", + "summary": "Stop a Registry spec Scan" + } + }, + "/api/v33.03/sandbox": { + "post": { + "description": { + "$ref": "desc/sandbox/post.md" + }, + "requestBody": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/sandbox.ScanResult" + } + } + } + }, + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/sandbox.ScanResult" + } + } + }, + "description": "ScanResult represents sandbox scan results" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Sandbox" + ], + "x-prisma-cloud-target-env": { + "permission": "sandbox" + }, + "operationId": "post-sandbox", + "summary": "AddSandboxScanResult" + } + }, + "/api/v33.03/sbom/download/cli-images": { + "get": { + "description": { + "$ref": "desc/sbom/download_ci_images_get.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Limit is the amount to fix.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Sorts the result using a key.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": "ID is the ID of the entity of which the SBOM is generated for.\n", + "in": "query", + "name": "id", + "schema": { + "description": "ID is the ID of the entity of which the SBOM is generated for.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "sbomFormat is the file format of the SBOM.\n", + "in": "query", + "name": "sbomFormat", + "schema": { + "type": "string" + } + } + ], + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Sbom" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorImages" + }, + "operationId": "get-sbom-download-cli-images", + "summary": "Download SBOM CI Images" + } + }, + "/api/v33.03/sbom/download/cli-serverless": { + "get": { + "description": { + "$ref": "desc/sbom/download_cli_serverless_get.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Limit is the amount to fix.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Sorts the result using a key.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": "ID is the ID of the entity of which the SBOM is generated for.\n", + "in": "query", + "name": "id", + "schema": { + "description": "ID is the ID of the entity of which the SBOM is generated for.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "sbomFormat is the file format of the SBOM.\n", + "in": "query", + "name": "sbomFormat", + "schema": { + "type": "string" + } + } + ], + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Sbom" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorImages" + }, + "operationId": "get-sbom-download-cli-serverless", + "summary": "Download SBOM CLI Serverless" + } + }, + "/api/v33.03/sbom/download/hosts": { + "get": { + "description": { + "$ref": "desc/sbom/download_hosts_get.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Limit is the amount to fix.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Sorts the result using a key.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": "ID is the ID of the entity of which the SBOM is generated for.\n", + "in": "query", + "name": "id", + "schema": { + "description": "ID is the ID of the entity of which the SBOM is generated for.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "sbomFormat is the file format of the SBOM.\n", + "in": "query", + "name": "sbomFormat", + "schema": { + "type": "string" + } + } + ], + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Sbom" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorImages" + }, + "operationId": "get-sbom-download-hosts", + "summary": "Download SBOM Hosts" + } + }, + "/api/v33.03/sbom/download/images": { + "get": { + "description": { + "$ref": "desc/sbom/download_images_get.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Limit is the amount to fix.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Sorts the result using a key.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": "ID is the ID of the entity of which the SBOM is generated for.\n", + "in": "query", + "name": "id", + "schema": { + "description": "ID is the ID of the entity of which the SBOM is generated for.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "sbomFormat is the file format of the SBOM.\n", + "in": "query", + "name": "sbomFormat", + "schema": { + "type": "string" + } + } + ], + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Sbom" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorImages" + }, + "operationId": "get-sbom-download-images", + "summary": "Download SBOM Images" + } + }, + "/api/v33.03/sbom/download/registry": { + "get": { + "description": { + "$ref": "desc/sbom/download_registry_get.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Limit is the amount to fix.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Sorts the result using a key.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": "ID is the ID of the entity of which the SBOM is generated for.\n", + "in": "query", + "name": "id", + "schema": { + "description": "ID is the ID of the entity of which the SBOM is generated for.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "sbomFormat is the file format of the SBOM.\n", + "in": "query", + "name": "sbomFormat", + "schema": { + "type": "string" + } + } + ], + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Sbom" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorImages" + }, + "operationId": "get-sbom-download-registry", + "summary": "Download SBOM Registry" + } + }, + "/api/v33.03/sbom/download/serverless": { + "get": { + "description": { + "$ref": "desc/sbom/download_serverless_get.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Limit is the amount to fix.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Sorts the result using a key.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": "ID is the ID of the entity of which the SBOM is generated for.\n", + "in": "query", + "name": "id", + "schema": { + "description": "ID is the ID of the entity of which the SBOM is generated for.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "sbomFormat is the file format of the SBOM.\n", + "in": "query", + "name": "sbomFormat", + "schema": { + "type": "string" + } + } + ], + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Sbom" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorImages" + }, + "operationId": "get-sbom-download-serverless", + "summary": "Download SBOM Serverless" + } + }, + "/api/v33.03/sbom/download/vms": { + "get": { + "description": { + "$ref": "desc/sbom/download_vms_get.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Limit is the amount to fix.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Sorts the result using a key.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": "ID is the ID of the entity of which the SBOM is generated for.\n", + "in": "query", + "name": "id", + "schema": { + "description": "ID is the ID of the entity of which the SBOM is generated for.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "sbomFormat is the file format of the SBOM.\n", + "in": "query", + "name": "sbomFormat", + "schema": { + "type": "string" + } + } + ], + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Sbom" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorImages" + }, + "operationId": "get-sbom-download-vms", + "summary": "Download SBOM VMs" + } + }, + "/api/v33.03/scans": { + "get": { + "description": { + "$ref": "desc/scans/get.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Limit is the amount to fix.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Sorts the result using a key.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": "Scan ID used in the image layers fetch.\n", + "in": "query", + "name": "_id", + "schema": { + "type": "string" + } + }, + { + "description": "Jenkins job name.\n", + "in": "query", + "name": "jobName", + "schema": { + "description": "Jenkins job name.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Scan type.\n", + "in": "query", + "name": "type", + "schema": { + "description": "Scan type.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Indicates whether to filter on passed scans (true) or not (false).\n", + "in": "query", + "name": "pass", + "schema": { + "type": "boolean" + } + }, + { + "description": "Build number.\n", + "in": "query", + "name": "build", + "schema": { + "type": "string" + } + }, + { + "description": "Image ID of scanned image.\n", + "in": "query", + "name": "imageID", + "schema": { + "type": "string" + } + }, + { + "description": "Indicates if CVEs are mapped to image layer (true) or not (false).\n", + "in": "query", + "name": "layers", + "schema": { + "type": "boolean" + } + }, + { + "description": "Filters results by start datetime. Based on scan time.\n", + "in": "query", + "name": "from", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "Filters results by end datetime. Based on scan time.\n", + "in": "query", + "name": "to", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "List of fields to retrieve.\n", + "in": "query", + "name": "fields", + "schema": { + "description": "List of fields to retrieve.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Indicates if base image vulnerabilities are to be filtered (true) or not (false). Requires predefined base images that have already been scanned.\n", + "in": "query", + "name": "filterBaseImage", + "schema": { + "type": "boolean" + } + }, + { + "description": "Filters results by uaiID.\n", + "in": "query", + "name": "uaiID", + "schema": { + "type": "string" + } + }, + { + "description": "Filters results by issue type.\n", + "in": "query", + "name": "issueType", + "schema": { + "description": "IssueType is used to filter scan results by issue type", + "enum": [ + [ + "vulnerabilities", + "compliance", + "" + ] + ], + "type": "string" + } + } + ], + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/-_shared.CLIScanResult" + } + } + }, + "description": "" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Scans" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorCI" + }, + "operationId": "get-scans", + "summary": "Get All CI Image Scan Results" + }, + "post": { + "description": { + "$ref": "desc/scans/post.md" + }, + "requestBody": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/shared.CLIScanResult" + } + } + } + }, + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Scans" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorCI" + }, + "operationId": "post-scans", + "summary": "Add CLI Scan Result" + } + }, + "/api/v33.03/scans/download": { + "get": { + "description": { + "$ref": "desc/scans/download_get.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Limit is the amount to fix.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Sorts the result using a key.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": "Scan ID used in the image layers fetch.\n", + "in": "query", + "name": "_id", + "schema": { + "type": "string" + } + }, + { + "description": "Jenkins job name.\n", + "in": "query", + "name": "jobName", + "schema": { + "description": "Jenkins job name.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Scan type.\n", + "in": "query", + "name": "type", + "schema": { + "description": "Scan type.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Indicates whether to filter on passed scans (true) or not (false).\n", + "in": "query", + "name": "pass", + "schema": { + "type": "boolean" + } + }, + { + "description": "Build number.\n", + "in": "query", + "name": "build", + "schema": { + "type": "string" + } + }, + { + "description": "Image ID of scanned image.\n", + "in": "query", + "name": "imageID", + "schema": { + "type": "string" + } + }, + { + "description": "Indicates if CVEs are mapped to image layer (true) or not (false).\n", + "in": "query", + "name": "layers", + "schema": { + "type": "boolean" + } + }, + { + "description": "Filters results by start datetime. Based on scan time.\n", + "in": "query", + "name": "from", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "Filters results by end datetime. Based on scan time.\n", + "in": "query", + "name": "to", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "List of fields to retrieve.\n", + "in": "query", + "name": "fields", + "schema": { + "description": "List of fields to retrieve.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Indicates if base image vulnerabilities are to be filtered (true) or not (false). Requires predefined base images that have already been scanned.\n", + "in": "query", + "name": "filterBaseImage", + "schema": { + "type": "boolean" + } + }, + { + "description": "Filters results by uaiID.\n", + "in": "query", + "name": "uaiID", + "schema": { + "type": "string" + } + }, + { + "description": "Filters results by issue type.\n", + "in": "query", + "name": "issueType", + "schema": { + "description": "IssueType is used to filter scan results by issue type", + "enum": [ + [ + "vulnerabilities", + "compliance", + "" + ] + ], + "type": "string" + } + } + ], + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Scans" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorCI" + }, + "operationId": "get-scans-download", + "summary": "Download CI Image Scan Results" + } + }, + "/api/v33.03/scans/{id}": { + "get": { + "description": { + "$ref": "desc/scans/id_get.md" + }, + "parameters": [ + { + "in": "path", + "name": "id", + "required": true, + "schema": { + "type": "string" + } + } + ], + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Scans" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorCI" + }, + "operationId": "get-scans-id", + "summary": "Get CI Image Scan Results" + } + }, + "/api/v33.03/serverless": { + "get": { + "description": { + "$ref": "desc/serverless/get.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Limit is the amount to fix.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Sorts the result using a key.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": "Retrieves a list of cloud function IDs.\n", + "in": "query", + "name": "id", + "schema": { + "description": "Retrieves a list of cloud function IDs.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Retrieves a list of cloud controller addresses that contains the cloud functions.\n", + "in": "query", + "name": "cloudControllerAddresses", + "schema": { + "description": "Retrieves a list of cloud controller addresses that contains the cloud functions.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters the result based on cloud runtimes.\n", + "in": "query", + "name": "runtime", + "schema": { + "description": "Filters the result based on cloud runtimes.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters the result based on cloud function's versions.\n", + "in": "query", + "name": "version", + "schema": { + "description": "Filters the result based on cloud function's versions.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters the result based on AWS Lambda Layers.\n", + "in": "query", + "name": "functionLayers", + "schema": { + "description": "Filters the result based on AWS Lambda Layers.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters result based on cloud functions that are connected and protected by a Defender.\n", + "in": "query", + "name": "defended", + "schema": { + "type": "boolean" + } + }, + { + "description": "Filters result based on compliance IDs.\n", + "in": "query", + "name": "complianceIDs", + "schema": { + "description": "Filters result based on compliance IDs.\n", + "items": { + "$ref": "#/components/schemas/int" + }, + "type": "array" + } + }, + { + "description": "Filters the result based on applied compliance rule name.\n", + "in": "query", + "name": "complianceRuleName", + "schema": { + "type": "string" + } + }, + { + "description": "Filters result based on platforms (OS and architecture) such as Windows, Linux ARM x64, Linux x86, and so on.\n", + "in": "query", + "name": "platform", + "schema": { + "description": "Filters result based on platforms (OS and architecture) such as Windows, Linux ARM x64, Linux x86, and so on.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Retrieves the result in the normalized form of low, medium, high, and critical based on vulnerability's severity level.\nDefault is false.\n", + "in": "query", + "name": "normalizedSeverity", + "schema": { + "type": "boolean" + } + }, + { + "description": "Filters results by issue type.\n", + "in": "query", + "name": "issueType", + "schema": { + "description": "IssueType is used to filter scan results by issue type", + "enum": [ + [ + "vulnerabilities", + "compliance", + "" + ] + ], + "type": "string" + } + } + ], + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/-_serverless.FunctionInfo" + } + } + }, + "description": "" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Serverless" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorServerless" + }, + "operationId": "get-serverless", + "summary": "Get Serverless Function Scan Results" + } + }, + "/api/v33.03/serverless/download": { + "get": { + "description": { + "$ref": "desc/serverless/download_get.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Limit is the amount to fix.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Sorts the result using a key.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": "Retrieves a list of cloud function IDs.\n", + "in": "query", + "name": "id", + "schema": { + "description": "Retrieves a list of cloud function IDs.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Retrieves a list of cloud controller addresses that contains the cloud functions.\n", + "in": "query", + "name": "cloudControllerAddresses", + "schema": { + "description": "Retrieves a list of cloud controller addresses that contains the cloud functions.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters the result based on cloud runtimes.\n", + "in": "query", + "name": "runtime", + "schema": { + "description": "Filters the result based on cloud runtimes.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters the result based on cloud function's versions.\n", + "in": "query", + "name": "version", + "schema": { + "description": "Filters the result based on cloud function's versions.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters the result based on AWS Lambda Layers.\n", + "in": "query", + "name": "functionLayers", + "schema": { + "description": "Filters the result based on AWS Lambda Layers.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters result based on cloud functions that are connected and protected by a Defender.\n", + "in": "query", + "name": "defended", + "schema": { + "type": "boolean" + } + }, + { + "description": "Filters result based on compliance IDs.\n", + "in": "query", + "name": "complianceIDs", + "schema": { + "description": "Filters result based on compliance IDs.\n", + "items": { + "$ref": "#/components/schemas/int" + }, + "type": "array" + } + }, + { + "description": "Filters the result based on applied compliance rule name.\n", + "in": "query", + "name": "complianceRuleName", + "schema": { + "type": "string" + } + }, + { + "description": "Filters result based on platforms (OS and architecture) such as Windows, Linux ARM x64, Linux x86, and so on.\n", + "in": "query", + "name": "platform", + "schema": { + "description": "Filters result based on platforms (OS and architecture) such as Windows, Linux ARM x64, Linux x86, and so on.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Retrieves the result in the normalized form of low, medium, high, and critical based on vulnerability's severity level.\nDefault is false.\n", + "in": "query", + "name": "normalizedSeverity", + "schema": { + "type": "boolean" + } + }, + { + "description": "Filters results by issue type.\n", + "in": "query", + "name": "issueType", + "schema": { + "description": "IssueType is used to filter scan results by issue type", + "enum": [ + [ + "vulnerabilities", + "compliance", + "" + ] + ], + "type": "string" + } + } + ], + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Serverless" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorServerless" + }, + "operationId": "get-serverless-download", + "summary": "Download Serverless Function Scan Results" + } + }, + "/api/v33.03/serverless/evaluate": { + "post": { + "description": { + "$ref": "desc/serverless/evaluate_post.md" + }, + "requestBody": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/api.ResolveFunctionsReq" + } + } + } + }, + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/api.ResolveFunctionsResp" + } + } + }, + "description": "ResolveFunctionsResp represents the functions resolution API output" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Serverless" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorCI" + }, + "operationId": "post-serverless-evaluate", + "summary": "Resolve Functions" + } + }, + "/api/v33.03/serverless/names": { + "get": { + "description": { + "$ref": "desc/serverless/names_get.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Limit is the amount to fix.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Sorts the result using a key.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": "Retrieves a list of cloud function IDs.\n", + "in": "query", + "name": "id", + "schema": { + "description": "Retrieves a list of cloud function IDs.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Retrieves a list of cloud controller addresses that contains the cloud functions.\n", + "in": "query", + "name": "cloudControllerAddresses", + "schema": { + "description": "Retrieves a list of cloud controller addresses that contains the cloud functions.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters the result based on cloud runtimes.\n", + "in": "query", + "name": "runtime", + "schema": { + "description": "Filters the result based on cloud runtimes.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters the result based on cloud function's versions.\n", + "in": "query", + "name": "version", + "schema": { + "description": "Filters the result based on cloud function's versions.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters the result based on AWS Lambda Layers.\n", + "in": "query", + "name": "functionLayers", + "schema": { + "description": "Filters the result based on AWS Lambda Layers.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters result based on cloud functions that are connected and protected by a Defender.\n", + "in": "query", + "name": "defended", + "schema": { + "type": "boolean" + } + }, + { + "description": "Filters result based on compliance IDs.\n", + "in": "query", + "name": "complianceIDs", + "schema": { + "description": "Filters result based on compliance IDs.\n", + "items": { + "$ref": "#/components/schemas/int" + }, + "type": "array" + } + }, + { + "description": "Filters the result based on applied compliance rule name.\n", + "in": "query", + "name": "complianceRuleName", + "schema": { + "type": "string" + } + }, + { + "description": "Filters result based on platforms (OS and architecture) such as Windows, Linux ARM x64, Linux x86, and so on.\n", + "in": "query", + "name": "platform", + "schema": { + "description": "Filters result based on platforms (OS and architecture) such as Windows, Linux ARM x64, Linux x86, and so on.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Retrieves the result in the normalized form of low, medium, high, and critical based on vulnerability's severity level.\nDefault is false.\n", + "in": "query", + "name": "normalizedSeverity", + "schema": { + "type": "boolean" + } + }, + { + "description": "Filters results by issue type.\n", + "in": "query", + "name": "issueType", + "schema": { + "description": "IssueType is used to filter scan results by issue type", + "enum": [ + [ + "vulnerabilities", + "compliance", + "" + ] + ], + "type": "string" + } + } + ], + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/-_string" + } + } + }, + "description": "" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Serverless" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorServerless" + }, + "operationId": "get-serverless-names", + "summary": "Get Serverless Function Names" + } + }, + "/api/v33.03/serverless/scan": { + "post": { + "description": { + "$ref": "desc/serverless/scan_post.md" + }, + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Serverless" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorServerless" + }, + "operationId": "post-serverless-scan", + "summary": "Start Serverless Function Scan" + } + }, + "/api/v33.03/serverless/stop": { + "post": { + "description": { + "$ref": "desc/serverless/stop_post.md" + }, + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Serverless" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorServerless" + }, + "operationId": "post-serverless-stop", + "summary": "Stop Serverless Function Scan" + } + }, + "/api/v33.03/settings/certs": { + "get": { + "description": { + "$ref": "desc/settings/certs_get.md" + }, + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/types.CertSettings" + } + } + }, + "description": "CertSettings are the certificates settings" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Settings" + ], + "x-prisma-cloud-target-env": { + "permission": "manageDefenders" + }, + "operationId": "get-settings-certs", + "summary": "Get Certificate Settings for Prisma Cloud Compute" + } + }, + "/api/v33.03/settings/custom-labels": { + "get": { + "description": { + "$ref": "desc/settings/custom-labels_get.md" + }, + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/shared.CustomLabelsSettings" + } + } + }, + "description": "CustomLabelsSettings are customized label names that are used to augment audit events\nThey can either be docker labels (which appears in the container label specification)\nor k8s/openshift labels (which appears in the pause container that monitors the target container)" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Settings" + ], + "x-prisma-cloud-target-env": { + "permission": "user" + }, + "operationId": "get-settings-custom-labels", + "summary": "Get Alert Labels" + }, + "post": { + "description": { + "$ref": "desc/settings/custom-labels_post.md" + }, + "requestBody": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/shared.CustomLabelsSettings" + } + } + } + }, + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Settings" + ], + "x-prisma-cloud-target-env": { + "permission": "manageAlerts" + }, + "operationId": "post-settings-custom-labels", + "summary": "Add Alert Labels" + } + }, + "/api/v33.03/settings/defender": { + "get": { + "description": { + "$ref": "desc/settings/defender_get.md" + }, + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/defender.Settings" + } + } + }, + "description": "Settings is the Defender settings" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Settings" + ], + "x-prisma-cloud-target-env": { + "permission": "manageDefenders" + }, + "operationId": "get-settings-defender", + "summary": "Get Advanced Defender Settings" + } + }, + "/api/v33.03/settings/intelligence": { + "get": { + "description": { + "$ref": "desc/settings/intelligence_get.md" + }, + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/intelligence.IntelligenceSettings" + } + } + }, + "description": "IntelligenceSettings are the intelligence service settings" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Settings" + ], + "x-prisma-cloud-target-env": { + "permission": "systemOperations" + }, + "operationId": "get-settings-intelligence", + "summary": "Get Intelligence Stream Settings" + } + }, + "/api/v33.03/settings/license": { + "get": { + "description": { + "$ref": "desc/settings/license_get.md" + }, + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/shared.License" + } + } + }, + "description": "License represent the customer license" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Settings" + ], + "x-prisma-cloud-target-env": { + "permission": "accessUI" + }, + "operationId": "get-settings-license", + "summary": "Get Prisma Cloud Compute License" + } + }, + "/api/v33.03/settings/logging": { + "get": { + "description": { + "$ref": "desc/settings/logging_get.md" + }, + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/shared.LoggingSettings" + } + } + }, + "description": "LoggingSettings are the logging settings" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Settings" + ], + "x-prisma-cloud-target-env": { + "permission": "manageAlerts" + }, + "operationId": "get-settings-logging", + "summary": "Get Logging Settings" + }, + "post": { + "description": { + "$ref": "desc/settings/logging_post.md" + }, + "requestBody": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/shared.LoggingSettings" + } + } + } + }, + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Settings" + ], + "x-prisma-cloud-target-env": { + "permission": "manageAlerts" + }, + "operationId": "post-settings-logging", + "summary": "Add Logging Settings" + } + }, + "/api/v33.03/settings/logon": { + "get": { + "description": { + "$ref": "desc/settings/logon_get.md" + }, + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/types.LogonSettings" + } + } + }, + "description": "LogonSettings are settings associated with the login properties" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Settings" + ], + "x-prisma-cloud-target-env": { + "permission": "authConfiguration" + }, + "operationId": "get-settings-logon", + "summary": "Get Logon Settings" + } + }, + "/api/v33.03/settings/proxy": { + "get": { + "description": { + "$ref": "desc/settings/proxy_get.md" + }, + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/common.ProxySettings" + } + } + }, + "description": "ProxySettings are the http proxy settings" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Settings" + ], + "x-prisma-cloud-target-env": { + "permission": "systemOperations" + }, + "operationId": "get-settings-proxy", + "summary": "Get Proxy Settings of Prisma Cloud Compute" + }, + "post": { + "description": { + "$ref": "desc/settings/proxy_post.md" + }, + "requestBody": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/common.ProxySettings" + } + } + } + }, + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Settings" + ], + "x-prisma-cloud-target-env": { + "permission": "systemOperations" + }, + "operationId": "post-settings-proxy", + "summary": "Add Proxy Settings for Prisma Cloud Compute" + } + }, + "/api/v33.03/settings/registry": { + "get": { + "description": { + "$ref": "desc/settings/registry_get.md" + }, + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/shared.RegistrySettings" + } + } + }, + "description": "RegistrySettings contains each registry's unique settings" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Settings" + ], + "x-prisma-cloud-target-env": { + "permission": "policyContainers" + }, + "operationId": "get-settings-registry", + "summary": "Get Registry Settings" + }, + "post": { + "description": { + "$ref": "desc/settings/registry_post.md" + }, + "parameters": [ + { + "description": "ScanLater indicates to save the setting without starting a scan.\n", + "in": "query", + "name": "scanLater", + "schema": { + "type": "boolean" + } + } + ], + "requestBody": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/shared.RegistrySpecification" + } + } + } + }, + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Settings" + ], + "x-prisma-cloud-target-env": { + "permission": "policyContainers" + }, + "operationId": "post-settings-registry", + "summary": "Add Registry Settings" + }, + "put": { + "description": { + "$ref": "desc/settings/registry_put.md" + }, + "parameters": [ + { + "description": "ScanLater indicates to save the setting without starting a scan.\n", + "in": "query", + "name": "scanLater", + "schema": { + "type": "boolean" + } + } + ], + "requestBody": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/shared.RegistrySettings" + } + } + } + }, + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Settings" + ], + "x-prisma-cloud-target-env": { + "permission": "policyContainers" + }, + "operationId": "put-settings-registry", + "summary": "Update Registry Settings" + } + }, + "/api/v33.03/settings/saml": { + "get": { + "description": { + "$ref": "desc/settings/saml_get.md" + }, + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/identity.SamlSettings" + } + } + }, + "description": "SamlSettings are the saml connectivity settings" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Settings" + ], + "x-prisma-cloud-target-env": { + "permission": "authConfiguration" + }, + "operationId": "get-settings-saml", + "summary": "Get SAML Settings of Prisma Cloud Compute" + } + }, + "/api/v33.03/settings/scan": { + "get": { + "description": { + "$ref": "desc/settings/scan_get.md" + }, + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/shared.ScanSettings" + } + } + }, + "description": "ScanSettings are global settings for image/host/container and registry scanning" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Settings" + ], + "x-prisma-cloud-target-env": { + "permission": "systemOperations" + }, + "operationId": "get-settings-scan", + "summary": "Get Global Scan Settings" + }, + "post": { + "description": { + "$ref": "desc/settings/scan_post.md" + }, + "requestBody": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/shared.ScanSettings" + } + } + } + }, + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Settings" + ], + "x-prisma-cloud-target-env": { + "permission": "systemOperations" + }, + "operationId": "post-settings-scan", + "summary": "Add Global Scan Settings" + } + }, + "/api/v33.03/settings/tas": { + "get": { + "description": { + "$ref": "desc/settings/tas_get.md" + }, + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/-_shared.TASDropletSpecification" + } + } + }, + "description": "" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Settings" + ], + "x-prisma-cloud-target-env": { + "permission": "policyContainers" + }, + "operationId": "get-settings-tas", + "summary": "Get TAS Settings" + }, + "post": { + "description": { + "$ref": "desc/settings/tas_post.md" + }, + "requestBody": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/-_shared.TASDropletSpecification" + } + } + } + }, + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Settings" + ], + "x-prisma-cloud-target-env": { + "permission": "policyContainers" + }, + "operationId": "post-settings-tas", + "summary": "Add TAS Settings" + } + }, + "/api/v33.03/settings/vm": { + "get": { + "description": { + "$ref": "desc/settings/vm_get.md" + }, + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/-_shared.VMSpecification" + } + } + }, + "description": "" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Settings" + ], + "x-prisma-cloud-target-env": { + "permission": "policyHosts" + }, + "operationId": "get-settings-vm", + "summary": "Get VM Image Scan Settings" + }, + "put": { + "description": { + "$ref": "desc/settings/vm_put.md" + }, + "requestBody": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/-_shared.VMSpecification" + } + } + } + }, + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Settings" + ], + "x-prisma-cloud-target-env": { + "permission": "policyHosts" + }, + "operationId": "put-settings-vm", + "summary": "Update VM Image Scan Settings" + } + }, + "/api/v33.03/settings/wildfire": { + "get": { + "description": { + "$ref": "desc/settings/wildfire_get.md" + }, + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/shared.WildFireSettings" + } + } + }, + "description": "WildFireSettings are the settings for WildFire API requests" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Settings" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorCI" + }, + "operationId": "get-settings-wildfire", + "summary": "Wild Fire Settings" + } + }, + "/api/v33.03/stats/app-firewall/count": { + "get": { + "description": { + "$ref": "desc/stats/app_firewall_count_get.md" + }, + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/int" + } + } + }, + "description": "" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Stats" + ], + "x-prisma-cloud-target-env": { + "permission": "systemOperations" + }, + "operationId": "get-stats-app-firewall-count", + "summary": "Application Firewall Count" + } + }, + "/api/v33.03/stats/compliance": { + "get": { + "description": { + "$ref": "desc/stats/compliance_get.md" + }, + "parameters": [ + { + "description": "Scopes query by collection.\n", + "in": "query", + "name": "collections", + "schema": { + "description": "Scopes query by collection.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Scopes query by account ID.\n", + "in": "query", + "name": "accountIDs", + "schema": { + "description": "Scopes query by account ID.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters results by rule name.\n", + "in": "query", + "name": "ruleName", + "schema": { + "type": "string" + } + }, + { + "description": "Filters results by policy type. Used to further scope queries because rule names do not need to be unique between policies.\n", + "in": "query", + "name": "policyType", + "schema": { + "description": "PolicyType represents the type of the policy", + "enum": [ + [ + "containerVulnerability", + "containerCompliance", + "ciImagesVulnerability", + "ciImagesCompliance", + "hostVulnerability", + "hostCompliance", + "vmVulnerability", + "vmCompliance", + "serverlessCompliance", + "ciServerlessCompliance", + "serverlessVulnerability", + "ciServerlessVulnerability", + "containerRuntime", + "appEmbeddedRuntime", + "containerAppFirewall", + "hostAppFirewall", + "outOfBandAppFirewall", + "agentlessAppFirewall", + "serverObserverAppFirewall", + "appEmbeddedAppFirewall", + "serverlessAppFirewall", + "networkFirewall", + "secrets", + "hostRuntime", + "serverlessRuntime", + "kubernetesAudit", + "trust", + "admission", + "codeRepoCompliance", + "ciCodeRepoCompliance", + "ciCodeRepoVulnerability", + "codeRepoVulnerability" + ] + ], + "type": "string" + } + }, + { + "description": "Filters results by category. For example, a benchmark or resource type.\n", + "in": "query", + "name": "category", + "schema": { + "description": "ComplianceCategory represents the compliance category", + "enum": [ + [ + "Docker", + "Docker (DISA STIG)", + "Twistlock Labs", + "Custom", + "Istio", + "Linux", + "Kubernetes", + "CRI", + "OpenShift", + "Application Control", + "GKE", + "Prisma Cloud Labs", + "EKS", + "AKS" + ] + ], + "type": "string" + } + }, + { + "description": "Filters results by compliance template.\n", + "in": "query", + "name": "template", + "schema": { + "description": "ComplianceTemplate represents the compliance template", + "enum": [ + [ + "PCI", + "HIPAA", + "NIST SP 800-190", + "GDPR", + "DISA STIG" + ] + ], + "type": "string" + } + } + ], + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/types.ComplianceStats" + } + } + }, + "description": "ComplianceStats holds compliance data" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Stats" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorCompliance" + }, + "operationId": "get-stats-compliance", + "summary": "Get Compliance Stats" + } + }, + "/api/v33.03/stats/compliance/download": { + "get": { + "description": { + "$ref": "desc/stats/compliance_download_get.md" + }, + "parameters": [ + { + "description": "Scopes query by collection.\n", + "in": "query", + "name": "collections", + "schema": { + "description": "Scopes query by collection.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Scopes query by account ID.\n", + "in": "query", + "name": "accountIDs", + "schema": { + "description": "Scopes query by account ID.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters results by rule name.\n", + "in": "query", + "name": "ruleName", + "schema": { + "type": "string" + } + }, + { + "description": "Filters results by policy type. Used to further scope queries because rule names do not need to be unique between policies.\n", + "in": "query", + "name": "policyType", + "schema": { + "description": "PolicyType represents the type of the policy", + "enum": [ + [ + "containerVulnerability", + "containerCompliance", + "ciImagesVulnerability", + "ciImagesCompliance", + "hostVulnerability", + "hostCompliance", + "vmVulnerability", + "vmCompliance", + "serverlessCompliance", + "ciServerlessCompliance", + "serverlessVulnerability", + "ciServerlessVulnerability", + "containerRuntime", + "appEmbeddedRuntime", + "containerAppFirewall", + "hostAppFirewall", + "outOfBandAppFirewall", + "agentlessAppFirewall", + "serverObserverAppFirewall", + "appEmbeddedAppFirewall", + "serverlessAppFirewall", + "networkFirewall", + "secrets", + "hostRuntime", + "serverlessRuntime", + "kubernetesAudit", + "trust", + "admission", + "codeRepoCompliance", + "ciCodeRepoCompliance", + "ciCodeRepoVulnerability", + "codeRepoVulnerability" + ] + ], + "type": "string" + } + }, + { + "description": "Filters results by category. For example, a benchmark or resource type.\n", + "in": "query", + "name": "category", + "schema": { + "description": "ComplianceCategory represents the compliance category", + "enum": [ + [ + "Docker", + "Docker (DISA STIG)", + "Twistlock Labs", + "Custom", + "Istio", + "Linux", + "Kubernetes", + "CRI", + "OpenShift", + "Application Control", + "GKE", + "Prisma Cloud Labs", + "EKS", + "AKS" + ] + ], + "type": "string" + } + }, + { + "description": "Filters results by compliance template.\n", + "in": "query", + "name": "template", + "schema": { + "description": "ComplianceTemplate represents the compliance template", + "enum": [ + [ + "PCI", + "HIPAA", + "NIST SP 800-190", + "GDPR", + "DISA STIG" + ] + ], + "type": "string" + } + } + ], + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Stats" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorCompliance" + }, + "operationId": "get-stats-compliance-download", + "summary": "Download Compliance Stats" + } + }, + "/api/v33.03/stats/compliance/refresh": { + "post": { + "description": { + "$ref": "desc/stats/compliance_refresh.md" + }, + "parameters": [ + { + "description": "Scopes query by collection.\n", + "in": "query", + "name": "collections", + "schema": { + "description": "Scopes query by collection.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Scopes query by account ID.\n", + "in": "query", + "name": "accountIDs", + "schema": { + "description": "Scopes query by account ID.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters results by rule name.\n", + "in": "query", + "name": "ruleName", + "schema": { + "type": "string" + } + }, + { + "description": "Filters results by policy type. Used to further scope queries because rule names do not need to be unique between policies.\n", + "in": "query", + "name": "policyType", + "schema": { + "description": "PolicyType represents the type of the policy", + "enum": [ + [ + "containerVulnerability", + "containerCompliance", + "ciImagesVulnerability", + "ciImagesCompliance", + "hostVulnerability", + "hostCompliance", + "vmVulnerability", + "vmCompliance", + "serverlessCompliance", + "ciServerlessCompliance", + "serverlessVulnerability", + "ciServerlessVulnerability", + "containerRuntime", + "appEmbeddedRuntime", + "containerAppFirewall", + "hostAppFirewall", + "outOfBandAppFirewall", + "agentlessAppFirewall", + "serverObserverAppFirewall", + "appEmbeddedAppFirewall", + "serverlessAppFirewall", + "networkFirewall", + "secrets", + "hostRuntime", + "serverlessRuntime", + "kubernetesAudit", + "trust", + "admission", + "codeRepoCompliance", + "ciCodeRepoCompliance", + "ciCodeRepoVulnerability", + "codeRepoVulnerability" + ] + ], + "type": "string" + } + }, + { + "description": "Filters results by category. For example, a benchmark or resource type.\n", + "in": "query", + "name": "category", + "schema": { + "description": "ComplianceCategory represents the compliance category", + "enum": [ + [ + "Docker", + "Docker (DISA STIG)", + "Twistlock Labs", + "Custom", + "Istio", + "Linux", + "Kubernetes", + "CRI", + "OpenShift", + "Application Control", + "GKE", + "Prisma Cloud Labs", + "EKS", + "AKS" + ] + ], + "type": "string" + } + }, + { + "description": "Filters results by compliance template.\n", + "in": "query", + "name": "template", + "schema": { + "description": "ComplianceTemplate represents the compliance template", + "enum": [ + [ + "PCI", + "HIPAA", + "NIST SP 800-190", + "GDPR", + "DISA STIG" + ] + ], + "type": "string" + } + } + ], + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/types.ComplianceStats" + } + } + }, + "description": "ComplianceStats holds compliance data" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Stats" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorCompliance" + }, + "operationId": "post-stats-compliance-refresh", + "summary": "Refresh Compliance Stats" + } + }, + "/api/v33.03/stats/daily": { + "get": { + "description": { + "$ref": "desc/stats/daily_get.md" + }, + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/-_types.Stats" + } + } + }, + "description": "" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Stats" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorRuntimeContainers" + }, + "operationId": "get-stats-daily", + "summary": "Get Daily Compliance Stats" + } + }, + "/api/v33.03/stats/dashboard": { + "get": { + "description": { + "$ref": "desc/stats/dashboard_get.md" + }, + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/types.Trends" + } + } + }, + "description": "Trends contains data on global trends in the system" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Stats" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorVuln" + }, + "operationId": "get-stats-dashboard", + "summary": "Get Dashboard Stats" + } + }, + "/api/v33.03/stats/events": { + "get": { + "description": { + "$ref": "desc/stats/events_get.md" + }, + "parameters": [ + { + "description": "Collections are collections scoping the query.\n", + "in": "query", + "name": "collections", + "schema": { + "description": "Collections are collections scoping the query.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "AccountIDs are the account IDs scoping the query.\n", + "in": "query", + "name": "accountIDs", + "schema": { + "description": "AccountIDs are the account IDs scoping the query.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "From is an optional minimum time constraints for the audit.\n", + "in": "query", + "name": "from", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "To is an optional maximum time constraints for the audit.\n", + "in": "query", + "name": "to", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "AttackTechniques are the MITRE attack techniques.\n", + "in": "query", + "name": "attackTechniques", + "schema": { + "description": "AttackTechniques are the MITRE attack techniques.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + } + ], + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/types.EventStats" + } + } + }, + "description": "EventStats holds counters for all event types" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Stats" + ], + "x-prisma-cloud-target-env": { + "permission": "accessUI" + }, + "operationId": "get-stats-events", + "summary": "Get Event Stats" + } + }, + "/api/v33.03/stats/license": { + "get": { + "description": { + "$ref": "desc/stats/license_get.md" + }, + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/types.LicenseStats" + } + } + }, + "description": "LicenseStats holds the console license stats" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Stats" + ], + "x-prisma-cloud-target-env": { + "permission": "systemOperations" + }, + "operationId": "get-stats-license", + "summary": "Get Event Stats" + } + }, + "/api/v33.03/stats/vulnerabilities": { + "get": { + "description": { + "$ref": "desc/stats/vulnerabilities_get.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Limit is the amount to fix.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Sorts the result using a key.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": "CVE is the single CVE ID to return vulnerability data for.\n", + "in": "query", + "name": "cve", + "schema": { + "type": "string" + } + }, + { + "description": "SeverityThreshold is the minimum severity indicating that all retrieved CVEs severities are greater than or equal to the threshold.\n", + "in": "query", + "name": "severityThreshold", + "schema": { + "type": "string" + } + }, + { + "description": "CVSSThreshold is the minimum CVSS score indicating that all retrieved CVEs CVSS scores are greater than or equal to the threshold.\n", + "in": "query", + "name": "cvssThreshold", + "schema": { + "format": "float", + "type": "number" + } + }, + { + "description": "ResourceType is the single resource type to return vulnerability data for.\n", + "in": "query", + "name": "resourceType", + "schema": { + "description": "ResourceType represents the resource type", + "enum": [ + [ + "container", + "image", + "host", + "istio", + "vm", + "function", + "registryImage" + ] + ], + "type": "string" + } + }, + { + "description": "Agentless indicates whether to retrieve vulnerability data for agentless hosts/images.\n", + "in": "query", + "name": "agentless", + "schema": { + "type": "boolean" + } + }, + { + "description": "Stopped indicates whether to retrieve vulnerability data for hosts that were not running during agentless scan.\n", + "in": "query", + "name": "stopped", + "schema": { + "type": "boolean" + } + }, + { + "description": "Packages filter by impacted packages.\n", + "in": "query", + "name": "packages", + "schema": { + "description": "Packages filter by impacted packages.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "RiskFactors filter by CVE risk factors.\n", + "in": "query", + "name": "riskFactors", + "schema": { + "description": "RiskFactors filter by CVE risk factors.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "EnvRiskFactors filter by environmental risk factors.\n", + "in": "query", + "name": "envRiskFactors", + "schema": { + "description": "EnvRiskFactors filter by environmental risk factors.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + } + ], + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/-_types.VulnerabilityStats" + } + } + }, + "description": "" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Stats" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorVuln" + }, + "operationId": "get-stats-vulnerabilities", + "summary": "Get Vulnerability (CVEs) Stats" + } + }, + "/api/v33.03/stats/vulnerabilities/download": { + "get": { + "description": { + "$ref": "desc/stats/vulnerabilities_download_get.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Limit is the amount to fix.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Sorts the result using a key.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": "CVE is the single CVE ID to return vulnerability data for.\n", + "in": "query", + "name": "cve", + "schema": { + "type": "string" + } + }, + { + "description": "SeverityThreshold is the minimum severity indicating that all retrieved CVEs severities are greater than or equal to the threshold.\n", + "in": "query", + "name": "severityThreshold", + "schema": { + "type": "string" + } + }, + { + "description": "CVSSThreshold is the minimum CVSS score indicating that all retrieved CVEs CVSS scores are greater than or equal to the threshold.\n", + "in": "query", + "name": "cvssThreshold", + "schema": { + "format": "float", + "type": "number" + } + }, + { + "description": "ResourceType is the single resource type to return vulnerability data for.\n", + "in": "query", + "name": "resourceType", + "schema": { + "description": "ResourceType represents the resource type", + "enum": [ + [ + "container", + "image", + "host", + "istio", + "vm", + "function", + "registryImage" + ] + ], + "type": "string" + } + }, + { + "description": "Agentless indicates whether to retrieve vulnerability data for agentless hosts/images.\n", + "in": "query", + "name": "agentless", + "schema": { + "type": "boolean" + } + }, + { + "description": "Stopped indicates whether to retrieve vulnerability data for hosts that were not running during agentless scan.\n", + "in": "query", + "name": "stopped", + "schema": { + "type": "boolean" + } + }, + { + "description": "Packages filter by impacted packages.\n", + "in": "query", + "name": "packages", + "schema": { + "description": "Packages filter by impacted packages.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "RiskFactors filter by CVE risk factors.\n", + "in": "query", + "name": "riskFactors", + "schema": { + "description": "RiskFactors filter by CVE risk factors.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "EnvRiskFactors filter by environmental risk factors.\n", + "in": "query", + "name": "envRiskFactors", + "schema": { + "description": "EnvRiskFactors filter by environmental risk factors.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + } + ], + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Stats" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorVuln" + }, + "operationId": "get-stats-vulnerabilities-download", + "summary": "Download Vulnerability (CVEs) Stats" + } + }, + "/api/v33.03/stats/vulnerabilities/impacted-resources": { + "get": { + "description": { + "$ref": "desc/stats/vulnerabilities_impacted_resources_get.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Limit is the amount to fix.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Sorts the result using a key.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": "CVE is used to as a pivot for the impacted resource search.\n", + "in": "query", + "name": "cve", + "schema": { + "type": "string" + } + }, + { + "description": "SeverityThreshold is the minimum severity indicating that all retrieved CVEs severities are greater than or equal to the threshold.\n", + "in": "query", + "name": "severityThreshold", + "schema": { + "type": "string" + } + }, + { + "description": "CVSSThreshold is the minimum CVSS score indicating that all retrieved CVEs CVSS scores are greater than or equal to the threshold.\n", + "in": "query", + "name": "cvssThreshold", + "schema": { + "format": "float", + "type": "number" + } + }, + { + "description": "ResourceType is the single resource type to return vulnerability data for.\n", + "in": "query", + "name": "resourceType", + "schema": { + "description": "ResourceType represents the resource type", + "enum": [ + [ + "container", + "image", + "host", + "istio", + "vm", + "function", + "registryImage" + ] + ], + "type": "string" + } + }, + { + "description": "Agentless indicates whether to retrieve vulnerability data for agentless hosts/images.\n", + "in": "query", + "name": "agentless", + "schema": { + "type": "boolean" + } + }, + { + "description": "Stopped indicates whether to retrieve vulnerability data for hosts that were not running during agentless scan.\n", + "in": "query", + "name": "stopped", + "schema": { + "type": "boolean" + } + }, + { + "description": "Packages filter by impacted packages.\n", + "in": "query", + "name": "packages", + "schema": { + "description": "Packages filter by impacted packages.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "RiskFactors filter by CVE risk factors.\n", + "in": "query", + "name": "riskFactors", + "schema": { + "description": "RiskFactors filter by CVE risk factors.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "EnvRiskFactors filter by environmental risk factors.\n", + "in": "query", + "name": "envRiskFactors", + "schema": { + "description": "EnvRiskFactors filter by environmental risk factors.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + } + ], + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/types.VulnImpactedResources" + } + } + }, + "description": "VulnImpactedResources holds details about the resources impacted by vulnerability" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Stats" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorVuln" + }, + "operationId": "get-stats-vulnerabilities-impacted-resources", + "summary": "Get Impacted Resources Vulnerability (CVE) Stats" + } + }, + "/api/v33.03/stats/vulnerabilities/impacted-resources/download": { + "get": { + "description": { + "$ref": "desc/stats/vulnerabilities_impacted_resources_download_get.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Limit is the amount to fix.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Sorts the result using a key.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": "CVE is used to as a pivot for the impacted resource search.\n", + "in": "query", + "name": "cve", + "schema": { + "type": "string" + } + }, + { + "description": "SeverityThreshold is the minimum severity indicating that all retrieved CVEs severities are greater than or equal to the threshold.\n", + "in": "query", + "name": "severityThreshold", + "schema": { + "type": "string" + } + }, + { + "description": "CVSSThreshold is the minimum CVSS score indicating that all retrieved CVEs CVSS scores are greater than or equal to the threshold.\n", + "in": "query", + "name": "cvssThreshold", + "schema": { + "format": "float", + "type": "number" + } + }, + { + "description": "ResourceType is the single resource type to return vulnerability data for.\n", + "in": "query", + "name": "resourceType", + "schema": { + "description": "ResourceType represents the resource type", + "enum": [ + [ + "container", + "image", + "host", + "istio", + "vm", + "function", + "registryImage" + ] + ], + "type": "string" + } + }, + { + "description": "Agentless indicates whether to retrieve vulnerability data for agentless hosts/images.\n", + "in": "query", + "name": "agentless", + "schema": { + "type": "boolean" + } + }, + { + "description": "Stopped indicates whether to retrieve vulnerability data for hosts that were not running during agentless scan.\n", + "in": "query", + "name": "stopped", + "schema": { + "type": "boolean" + } + }, + { + "description": "Packages filter by impacted packages.\n", + "in": "query", + "name": "packages", + "schema": { + "description": "Packages filter by impacted packages.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "RiskFactors filter by CVE risk factors.\n", + "in": "query", + "name": "riskFactors", + "schema": { + "description": "RiskFactors filter by CVE risk factors.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "EnvRiskFactors filter by environmental risk factors.\n", + "in": "query", + "name": "envRiskFactors", + "schema": { + "description": "EnvRiskFactors filter by environmental risk factors.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + } + ], + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Stats" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorVuln" + }, + "operationId": "get-stats-vulnerabilities-impacted-resources-download", + "summary": "Download Impacted Resources Vulnerability (CVE) Stats" + } + }, + "/api/v33.03/stats/vulnerabilities/refresh": { + "post": { + "description": { + "$ref": "desc/stats/vulnerabilities_refresh_post.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Limit is the amount to fix.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Sorts the result using a key.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + } + ], + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/-_types.VulnerabilityStats" + } + } + }, + "description": "" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Stats" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorVuln" + }, + "operationId": "post-stats-vulnerabilities-refresh", + "summary": "Refresh Vulnerability Stats" + } + }, + "/api/v33.03/statuses/buildah": { + "get": { + "description": { + "$ref": "desc/statuses/buildah_get.md" + }, + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/api.BuildahFeatureStatus" + } + } + }, + "description": "BuildahFeatureStatus holds the response for the buildah feature status" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Statuses" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorCI" + }, + "operationId": "get-statuses-buildah", + "summary": "Buildah Feature Status returns the buildah feature status" + } + }, + "/api/v33.03/statuses/registry": { + "get": { + "description": { + "$ref": "desc/statuses/registry_get.md" + }, + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/defender.ScanStatus" + } + } + }, + "description": "ScanStatus represents the status of current scan" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Statuses" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorImages" + }, + "operationId": "get-statuses-registry", + "summary": "Get Registry Scan Status" + } + }, + "/api/v33.03/tags": { + "get": { + "description": { + "$ref": "desc/tags/get.md" + }, + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/-_shared.Tag" + } + } + }, + "description": "" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Tags" + ], + "x-prisma-cloud-target-env": { + "permission": "collections" + }, + "operationId": "get-tags", + "summary": "Get Tags" + }, + "post": { + "description": { + "$ref": "desc/tags/post.md" + }, + "requestBody": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/shared.Tag" + } + } + } + }, + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Tags" + ], + "x-prisma-cloud-target-env": { + "permission": "collections" + }, + "operationId": "post-tags", + "summary": "Add Tags" + } + }, + "/api/v33.03/tags/{id}": { + "delete": { + "description": { + "$ref": "desc/tags/name_delete.md" + }, + "parameters": [ + { + "in": "path", + "name": "id", + "required": true, + "schema": { + "type": "string" + } + } + ], + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Tags" + ], + "x-prisma-cloud-target-env": { + "permission": "collections" + }, + "operationId": "delete-tags-id", + "summary": "Delete a Tag" + }, + "put": { + "description": { + "$ref": "desc/tags/name_put.md" + }, + "parameters": [ + { + "in": "path", + "name": "id", + "required": true, + "schema": { + "type": "string" + } + } + ], + "requestBody": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/shared.Tag" + } + } + } + }, + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Tags" + ], + "x-prisma-cloud-target-env": { + "permission": "collections" + }, + "operationId": "put-tags-id", + "summary": "Update a Tag" + } + }, + "/api/v33.03/tags/{id}/vuln": { + "delete": { + "description": { + "$ref": "desc/tags/tag_cve_delete.md" + }, + "parameters": [ + { + "in": "path", + "name": "id", + "required": true, + "schema": { + "type": "string" + } + } + ], + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Tags" + ], + "x-prisma-cloud-target-env": { + "permission": "collections" + }, + "operationId": "delete-tags-id-vuln", + "summary": "Delete Tag Vulnerability Metadata" + }, + "post": { + "description": { + "$ref": "desc/tags/tag_cve_post.md" + }, + "parameters": [ + { + "in": "path", + "name": "id", + "required": true, + "schema": { + "type": "string" + } + } + ], + "requestBody": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/shared.TagVulnMetadata" + } + } + } + }, + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Tags" + ], + "x-prisma-cloud-target-env": { + "permission": "collections" + }, + "operationId": "post-tags-id-vuln", + "summary": "Set Tag Vulnerability Metadata" + } + }, + "/api/v33.03/tas-droplets": { + "get": { + "description": { + "$ref": "desc/tas-droplets/get.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Limit is the amount to fix.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Sorts the result using a key.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": "Retrieves a list of cloud function IDs.\n", + "in": "query", + "name": "id", + "schema": { + "description": "Retrieves a list of cloud function IDs.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Retrieves a list of cloud controller addresses that contains the cloud functions.\n", + "in": "query", + "name": "cloudControllerAddresses", + "schema": { + "description": "Retrieves a list of cloud controller addresses that contains the cloud functions.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters the result based on cloud runtimes.\n", + "in": "query", + "name": "runtime", + "schema": { + "description": "Filters the result based on cloud runtimes.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters the result based on cloud function's versions.\n", + "in": "query", + "name": "version", + "schema": { + "description": "Filters the result based on cloud function's versions.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters the result based on AWS Lambda Layers.\n", + "in": "query", + "name": "functionLayers", + "schema": { + "description": "Filters the result based on AWS Lambda Layers.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters result based on cloud functions that are connected and protected by a Defender.\n", + "in": "query", + "name": "defended", + "schema": { + "type": "boolean" + } + }, + { + "description": "Filters result based on compliance IDs.\n", + "in": "query", + "name": "complianceIDs", + "schema": { + "description": "Filters result based on compliance IDs.\n", + "items": { + "$ref": "#/components/schemas/int" + }, + "type": "array" + } + }, + { + "description": "Filters the result based on applied compliance rule name.\n", + "in": "query", + "name": "complianceRuleName", + "schema": { + "type": "string" + } + }, + { + "description": "Filters result based on platforms (OS and architecture) such as Windows, Linux ARM x64, Linux x86, and so on.\n", + "in": "query", + "name": "platform", + "schema": { + "description": "Filters result based on platforms (OS and architecture) such as Windows, Linux ARM x64, Linux x86, and so on.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Retrieves the result in the normalized form of low, medium, high, and critical based on vulnerability's severity level.\nDefault is false.\n", + "in": "query", + "name": "normalizedSeverity", + "schema": { + "type": "boolean" + } + }, + { + "description": "Filters results by issue type.\n", + "in": "query", + "name": "issueType", + "schema": { + "description": "IssueType is used to filter scan results by issue type", + "enum": [ + [ + "vulnerabilities", + "compliance", + "" + ] + ], + "type": "string" + } + } + ], + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/-_serverless.FunctionInfo" + } + } + }, + "description": "" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Tas-Droplets" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorImages" + }, + "operationId": "get-tas-droplets", + "summary": "Get TAS Droplets" + } + }, + "/api/v33.03/tas-droplets/addresses": { + "get": { + "description": { + "$ref": "desc/tas-droplets/get_tas_addresses.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Limit is the amount to fix.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Sorts the result using a key.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": "Retrieves a list of cloud function IDs.\n", + "in": "query", + "name": "id", + "schema": { + "description": "Retrieves a list of cloud function IDs.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Retrieves a list of cloud controller addresses that contains the cloud functions.\n", + "in": "query", + "name": "cloudControllerAddresses", + "schema": { + "description": "Retrieves a list of cloud controller addresses that contains the cloud functions.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters the result based on cloud runtimes.\n", + "in": "query", + "name": "runtime", + "schema": { + "description": "Filters the result based on cloud runtimes.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters the result based on cloud function's versions.\n", + "in": "query", + "name": "version", + "schema": { + "description": "Filters the result based on cloud function's versions.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters the result based on AWS Lambda Layers.\n", + "in": "query", + "name": "functionLayers", + "schema": { + "description": "Filters the result based on AWS Lambda Layers.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters result based on cloud functions that are connected and protected by a Defender.\n", + "in": "query", + "name": "defended", + "schema": { + "type": "boolean" + } + }, + { + "description": "Filters result based on compliance IDs.\n", + "in": "query", + "name": "complianceIDs", + "schema": { + "description": "Filters result based on compliance IDs.\n", + "items": { + "$ref": "#/components/schemas/int" + }, + "type": "array" + } + }, + { + "description": "Filters the result based on applied compliance rule name.\n", + "in": "query", + "name": "complianceRuleName", + "schema": { + "type": "string" + } + }, + { + "description": "Filters result based on platforms (OS and architecture) such as Windows, Linux ARM x64, Linux x86, and so on.\n", + "in": "query", + "name": "platform", + "schema": { + "description": "Filters result based on platforms (OS and architecture) such as Windows, Linux ARM x64, Linux x86, and so on.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Retrieves the result in the normalized form of low, medium, high, and critical based on vulnerability's severity level.\nDefault is false.\n", + "in": "query", + "name": "normalizedSeverity", + "schema": { + "type": "boolean" + } + }, + { + "description": "Filters results by issue type.\n", + "in": "query", + "name": "issueType", + "schema": { + "description": "IssueType is used to filter scan results by issue type", + "enum": [ + [ + "vulnerabilities", + "compliance", + "" + ] + ], + "type": "string" + } + } + ], + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/-_string" + } + } + }, + "description": "" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Tas-Droplets" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorImages" + }, + "operationId": "get-tas-droplets-addresses", + "summary": "TAS Cloud Controller Addresses" + } + }, + "/api/v33.03/tas-droplets/download": { + "get": { + "description": { + "$ref": "desc/tas-droplets/download_get.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Limit is the amount to fix.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Sorts the result using a key.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": "Retrieves a list of cloud function IDs.\n", + "in": "query", + "name": "id", + "schema": { + "description": "Retrieves a list of cloud function IDs.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Retrieves a list of cloud controller addresses that contains the cloud functions.\n", + "in": "query", + "name": "cloudControllerAddresses", + "schema": { + "description": "Retrieves a list of cloud controller addresses that contains the cloud functions.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters the result based on cloud runtimes.\n", + "in": "query", + "name": "runtime", + "schema": { + "description": "Filters the result based on cloud runtimes.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters the result based on cloud function's versions.\n", + "in": "query", + "name": "version", + "schema": { + "description": "Filters the result based on cloud function's versions.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters the result based on AWS Lambda Layers.\n", + "in": "query", + "name": "functionLayers", + "schema": { + "description": "Filters the result based on AWS Lambda Layers.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters result based on cloud functions that are connected and protected by a Defender.\n", + "in": "query", + "name": "defended", + "schema": { + "type": "boolean" + } + }, + { + "description": "Filters result based on compliance IDs.\n", + "in": "query", + "name": "complianceIDs", + "schema": { + "description": "Filters result based on compliance IDs.\n", + "items": { + "$ref": "#/components/schemas/int" + }, + "type": "array" + } + }, + { + "description": "Filters the result based on applied compliance rule name.\n", + "in": "query", + "name": "complianceRuleName", + "schema": { + "type": "string" + } + }, + { + "description": "Filters result based on platforms (OS and architecture) such as Windows, Linux ARM x64, Linux x86, and so on.\n", + "in": "query", + "name": "platform", + "schema": { + "description": "Filters result based on platforms (OS and architecture) such as Windows, Linux ARM x64, Linux x86, and so on.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Retrieves the result in the normalized form of low, medium, high, and critical based on vulnerability's severity level.\nDefault is false.\n", + "in": "query", + "name": "normalizedSeverity", + "schema": { + "type": "boolean" + } + }, + { + "description": "Filters results by issue type.\n", + "in": "query", + "name": "issueType", + "schema": { + "description": "IssueType is used to filter scan results by issue type", + "enum": [ + [ + "vulnerabilities", + "compliance", + "" + ] + ], + "type": "string" + } + } + ], + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Tas-Droplets" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorImages" + }, + "operationId": "get-tas-droplets-download", + "summary": "Download TAS Droplets" + } + }, + "/api/v33.03/tas-droplets/progress": { + "get": { + "description": { + "$ref": "desc/tas-droplets/progress_get.md" + }, + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/-_shared.Progress" + } + } + }, + "description": "" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Tas-Droplets" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorImages" + }, + "operationId": "get-tas-droplets-progress", + "summary": "View TAS Droplets Scan Progress" + } + }, + "/api/v33.03/tas-droplets/scan": { + "post": { + "description": { + "$ref": "desc/tas-droplets/scan_post.md" + }, + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Tas-Droplets" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorImages" + }, + "operationId": "post-tas-droplets-scan", + "summary": "Scan TAS Droplets" + } + }, + "/api/v33.03/tas-droplets/stop": { + "post": { + "description": { + "$ref": "desc/tas-droplets/stop_post.md" + }, + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Tas-Droplets" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorImages" + }, + "operationId": "post-tas-droplets-stop", + "summary": "Stop TAS Droplets Ongoing Scan" + } + }, + "/api/v33.03/trust/data": { + "get": { + "description": { + "$ref": "desc/trust/data_get.md" + }, + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/trust.Data" + } + } + }, + "description": "Data holds the image trust data" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Trust" + ], + "x-prisma-cloud-target-env": { + "permission": "policyContainers" + }, + "operationId": "get-trust-data", + "summary": "Get Trusted Repository, Image, and Registry" + }, + "put": { + "description": { + "$ref": "desc/trust/data_put.md" + }, + "requestBody": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/trust.Data" + } + } + } + }, + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Trust" + ], + "x-prisma-cloud-target-env": { + "permission": "policyContainers" + }, + "operationId": "put-trust-data", + "summary": "Update Trusted Repository, Image, and Registry" + } + }, + "/api/v33.03/users": { + "get": { + "description": { + "$ref": "desc/users/get.md" + }, + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/api.UserList" + } + } + }, + "description": "UserList represents a list of users" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Users" + ], + "x-prisma-cloud-target-env": { + "permission": "userManagement" + }, + "operationId": "get-users", + "summary": "Get Users" + } + }, + "/api/v33.03/util/arm64/twistcli": { + "get": { + "description": { + "$ref": "desc/util/twistcli_arm64_get.md" + }, + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Util" + ], + "x-prisma-cloud-target-env": { + "permission": "downloads" + }, + "operationId": "get-util-arm64-twistcli", + "summary": "Download ARM64 twistcli for Linux OS" + } + }, + "/api/v33.03/util/osx/arm64/twistcli": { + "get": { + "description": { + "$ref": "desc/util/osx_twistcli_arm64_get.md" + }, + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Util" + ], + "x-prisma-cloud-target-env": { + "permission": "downloads" + }, + "operationId": "get-util-osx-arm64-twistcli", + "summary": "Download ARM64 twistcli for MacOS" + } + }, + "/api/v33.03/util/osx/twistcli": { + "get": { + "description": { + "$ref": "desc/util/osx_twistcli_get.md" + }, + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Util" + ], + "x-prisma-cloud-target-env": { + "permission": "downloads" + }, + "operationId": "get-util-osx-twistcli", + "summary": "Download twistcli for MacOS" + } + }, + "/api/v33.03/util/twistcli": { + "get": { + "description": { + "$ref": "desc/util/twistcli_get.md" + }, + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Util" + ], + "x-prisma-cloud-target-env": { + "permission": "downloads" + }, + "operationId": "get-util-twistcli", + "summary": "Download twistcli for Linux OS" + } + }, + "/api/v33.03/util/windows/twistcli.exe": { + "get": { + "description": { + "$ref": "desc/util/windows_twistcli_get.md" + }, + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Util" + ], + "x-prisma-cloud-target-env": { + "permission": "downloads" + }, + "operationId": "get-util-windows-twistcli.exe", + "summary": "Download twistcli for Microsoft Windows" + } + }, + "/api/v33.03/version": { + "get": { + "description": { + "$ref": "desc/version/get.md" + }, + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/string" + } + } + }, + "description": "" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Version" + ], + "x-prisma-cloud-target-env": { + "permission": "user" + }, + "operationId": "get-version", + "summary": "Get Prisma Cloud Compute Version" + } + }, + "/api/v33.03/vms": { + "get": { + "description": { + "$ref": "desc/vms/get.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Limit is the amount to fix.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Sorts the result using a key.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": "Filters the result based on VM IDs.\n", + "in": "query", + "name": "id", + "schema": { + "description": "Filters the result based on VM IDs.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters the result based on image names.\n", + "in": "query", + "name": "name", + "schema": { + "description": "Filters the result based on image names.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters the result based on cloud credentials.\n", + "in": "query", + "name": "credential", + "schema": { + "description": "Filters the result based on cloud credentials.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters the result based on OS distribution names.\n", + "in": "query", + "name": "distro", + "schema": { + "description": "Filters the result based on OS distribution names.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters the result based on release versions.\n", + "in": "query", + "name": "release", + "schema": { + "description": "Filters the result based on release versions.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters the result based on cloud image types. Example: Use marketplace, managed, or gallery for Microsoft Azure.\n", + "in": "query", + "name": "imageType", + "schema": { + "description": "Filters the result based on cloud image types. Example: Use marketplace, managed, or gallery for Microsoft Azure.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters the result based on compliance IDs.\n", + "in": "query", + "name": "complianceIDs", + "schema": { + "description": "Filters the result based on compliance IDs.\n", + "items": { + "$ref": "#/components/schemas/int" + }, + "type": "array" + } + }, + { + "description": "Filters the result based on applied compliance rule name.\n", + "in": "query", + "name": "complianceRuleName", + "schema": { + "type": "string" + } + }, + { + "description": "Retrieves the result in the normalized form of low, medium, high, and critical based on vulnerability's severity level.\nDefault is false.\n", + "in": "query", + "name": "normalizedSeverity", + "schema": { + "type": "boolean" + } + }, + { + "description": "Filters results by issue type.\n", + "in": "query", + "name": "issueType", + "schema": { + "description": "IssueType is used to filter scan results by issue type", + "enum": [ + [ + "vulnerabilities", + "compliance", + "" + ] + ], + "type": "string" + } + } + ], + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/-_shared.ImageScanResult" + } + } + }, + "description": "" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Vms" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorHosts" + }, + "operationId": "get-vms", + "summary": "Get VM Image Scan Results" + } + }, + "/api/v33.03/vms/download": { + "get": { + "description": { + "$ref": "desc/vms/download_get.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Limit is the amount to fix.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Sorts the result using a key.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": "Filters the result based on VM IDs.\n", + "in": "query", + "name": "id", + "schema": { + "description": "Filters the result based on VM IDs.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters the result based on image names.\n", + "in": "query", + "name": "name", + "schema": { + "description": "Filters the result based on image names.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters the result based on cloud credentials.\n", + "in": "query", + "name": "credential", + "schema": { + "description": "Filters the result based on cloud credentials.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters the result based on OS distribution names.\n", + "in": "query", + "name": "distro", + "schema": { + "description": "Filters the result based on OS distribution names.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters the result based on release versions.\n", + "in": "query", + "name": "release", + "schema": { + "description": "Filters the result based on release versions.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters the result based on cloud image types. Example: Use marketplace, managed, or gallery for Microsoft Azure.\n", + "in": "query", + "name": "imageType", + "schema": { + "description": "Filters the result based on cloud image types. Example: Use marketplace, managed, or gallery for Microsoft Azure.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters the result based on compliance IDs.\n", + "in": "query", + "name": "complianceIDs", + "schema": { + "description": "Filters the result based on compliance IDs.\n", + "items": { + "$ref": "#/components/schemas/int" + }, + "type": "array" + } + }, + { + "description": "Filters the result based on applied compliance rule name.\n", + "in": "query", + "name": "complianceRuleName", + "schema": { + "type": "string" + } + }, + { + "description": "Retrieves the result in the normalized form of low, medium, high, and critical based on vulnerability's severity level.\nDefault is false.\n", + "in": "query", + "name": "normalizedSeverity", + "schema": { + "type": "boolean" + } + }, + { + "description": "Filters results by issue type.\n", + "in": "query", + "name": "issueType", + "schema": { + "description": "IssueType is used to filter scan results by issue type", + "enum": [ + [ + "vulnerabilities", + "compliance", + "" + ] + ], + "type": "string" + } + } + ], + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Vms" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorHosts" + }, + "operationId": "get-vms-download", + "summary": "Download VM Image Scan Results" + } + }, + "/api/v33.03/vms/labels": { + "get": { + "description": { + "$ref": "desc/vms/labels_get.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Limit is the amount to fix.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Sorts the result using a key.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": "Filters the result based on VM IDs.\n", + "in": "query", + "name": "id", + "schema": { + "description": "Filters the result based on VM IDs.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters the result based on image names.\n", + "in": "query", + "name": "name", + "schema": { + "description": "Filters the result based on image names.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters the result based on cloud credentials.\n", + "in": "query", + "name": "credential", + "schema": { + "description": "Filters the result based on cloud credentials.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters the result based on OS distribution names.\n", + "in": "query", + "name": "distro", + "schema": { + "description": "Filters the result based on OS distribution names.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters the result based on release versions.\n", + "in": "query", + "name": "release", + "schema": { + "description": "Filters the result based on release versions.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters the result based on cloud image types. Example: Use marketplace, managed, or gallery for Microsoft Azure.\n", + "in": "query", + "name": "imageType", + "schema": { + "description": "Filters the result based on cloud image types. Example: Use marketplace, managed, or gallery for Microsoft Azure.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters the result based on compliance IDs.\n", + "in": "query", + "name": "complianceIDs", + "schema": { + "description": "Filters the result based on compliance IDs.\n", + "items": { + "$ref": "#/components/schemas/int" + }, + "type": "array" + } + }, + { + "description": "Filters the result based on applied compliance rule name.\n", + "in": "query", + "name": "complianceRuleName", + "schema": { + "type": "string" + } + }, + { + "description": "Retrieves the result in the normalized form of low, medium, high, and critical based on vulnerability's severity level.\nDefault is false.\n", + "in": "query", + "name": "normalizedSeverity", + "schema": { + "type": "boolean" + } + }, + { + "description": "Filters results by issue type.\n", + "in": "query", + "name": "issueType", + "schema": { + "description": "IssueType is used to filter scan results by issue type", + "enum": [ + [ + "vulnerabilities", + "compliance", + "" + ] + ], + "type": "string" + } + } + ], + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/-_string" + } + } + }, + "description": "" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Vms" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorHosts" + }, + "operationId": "get-vms-labels", + "summary": "Get VM Image Tags" + } + }, + "/api/v33.03/vms/names": { + "get": { + "description": { + "$ref": "desc/vms/names_get.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Limit is the amount to fix.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Sorts the result using a key.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": "Filters the result based on VM IDs.\n", + "in": "query", + "name": "id", + "schema": { + "description": "Filters the result based on VM IDs.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters the result based on image names.\n", + "in": "query", + "name": "name", + "schema": { + "description": "Filters the result based on image names.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters the result based on cloud credentials.\n", + "in": "query", + "name": "credential", + "schema": { + "description": "Filters the result based on cloud credentials.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters the result based on OS distribution names.\n", + "in": "query", + "name": "distro", + "schema": { + "description": "Filters the result based on OS distribution names.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters the result based on release versions.\n", + "in": "query", + "name": "release", + "schema": { + "description": "Filters the result based on release versions.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters the result based on cloud image types. Example: Use marketplace, managed, or gallery for Microsoft Azure.\n", + "in": "query", + "name": "imageType", + "schema": { + "description": "Filters the result based on cloud image types. Example: Use marketplace, managed, or gallery for Microsoft Azure.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters the result based on compliance IDs.\n", + "in": "query", + "name": "complianceIDs", + "schema": { + "description": "Filters the result based on compliance IDs.\n", + "items": { + "$ref": "#/components/schemas/int" + }, + "type": "array" + } + }, + { + "description": "Filters the result based on applied compliance rule name.\n", + "in": "query", + "name": "complianceRuleName", + "schema": { + "type": "string" + } + }, + { + "description": "Retrieves the result in the normalized form of low, medium, high, and critical based on vulnerability's severity level.\nDefault is false.\n", + "in": "query", + "name": "normalizedSeverity", + "schema": { + "type": "boolean" + } + }, + { + "description": "Filters results by issue type.\n", + "in": "query", + "name": "issueType", + "schema": { + "description": "IssueType is used to filter scan results by issue type", + "enum": [ + [ + "vulnerabilities", + "compliance", + "" + ] + ], + "type": "string" + } + } + ], + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/-_string" + } + } + }, + "description": "" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Vms" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorHosts" + }, + "operationId": "get-vms-names", + "summary": "Get VM Image Names" + } + }, + "/api/v33.03/vms/scan": { + "post": { + "description": { + "$ref": "desc/vms/scan_post.md" + }, + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Vms" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorHosts" + }, + "operationId": "post-vms-scan", + "summary": "Start VM Image Scan" + } + }, + "/api/v33.03/vms/stop": { + "post": { + "description": { + "$ref": "desc/vms/stop_post.md" + }, + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Vms" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorHosts" + }, + "operationId": "post-vms-stop", + "summary": "Stop VM Image Scan" + } + }, + "/api/v33.03/waas/openapi-scans": { + "post": { + "description": { + "$ref": "desc/waas/openapi-scans_post.md" + }, + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/waas.OpenAPIScan" + } + } + }, + "description": "OpenAPIScan represents the OpenAPI file scan" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Waas" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorWAAS" + }, + "operationId": "post-waas-openapi-scans", + "summary": "Scan OpenAPI Specification File for WAAS Observations" + } + } + }, + "tags": [ + { + "name": "Agentless", + "description": { + "$ref": "desc/agentless/agentless.md" + } + }, + { + "name": "Ais-Api" + }, + { + "name": "Alert-Profiles" + }, + { + "name": "Application-Control", + "description": { + "$ref": "desc/application-control/application-control.md" + } + }, + { + "name": "Audits", + "description": { + "$ref": "desc/audits/audits.md" + } + }, + { + "name": "Authenticate", + "description": { + "$ref": "desc/authenticate/authenticate.md" + } + }, + { + "name": "Authenticate-Client", + "description": { + "$ref": "desc/authenticate-client/authenticate-client.md" + } + }, + { + "name": "Backups" + }, + { + "name": "Bff" + }, + { + "name": "Ccs" + }, + { + "name": "Certs", + "description": { + "$ref": "desc/certs/certs.md" + } + }, + { + "name": "Cloud", + "description": { + "$ref": "desc/cloud/cloud.md" + } + }, + { + "name": "Cloud-Scan-Rules" + }, + { + "name": "Cloud-Security-Agent" + }, + { + "name": "Clustered-Db" + }, + { + "name": "Coderepos-Ci" + }, + { + "name": "Collections", + "description": { + "$ref": "desc/collections/collections.md" + } + }, + { + "name": "Config" + }, + { + "name": "Containers", + "description": { + "$ref": "desc/containers/containers.md" + } + }, + { + "name": "Credentials", + "description": { + "$ref": "desc/credentials/credentials.md" + } + }, + { + "name": "Current" + }, + { + "name": "Custom-Compliance", + "description": { + "$ref": "desc/custom-compliance/custom-compliance.md" + } + }, + { + "name": "Custom-Rules", + "description": { + "$ref": "desc/custom-rules/custom-rules.md" + } + }, + { + "name": "Cves" + }, + { + "name": "Defenders", + "description": { + "$ref": "desc/defenders/defenders.md" + } + }, + { + "name": "Deployment" + }, + { + "name": "Feeds", + "description": { + "$ref": "desc/feeds/feeds.md" + } + }, + { + "name": "Forensic" + }, + { + "name": "Groups", + "description": { + "$ref": "desc/groups/groups.md" + } + }, + { + "name": "Harbor" + }, + { + "name": "Hosts", + "description": { + "$ref": "desc/hosts/hosts.md" + } + }, + { + "name": "Images", + "description": { + "$ref": "desc/images/images.md" + } + }, + { + "name": "Kubernetes" + }, + { + "name": "Logout" + }, + { + "name": "Logs" + }, + { + "name": "Policies", + "description": { + "$ref": "desc/policies/policies.md" + } + }, + { + "name": "Profiles", + "description": { + "$ref": "desc/profiles/profiles.md" + } + }, + { + "name": "Projects" + }, + { + "name": "Radar" + }, + { + "name": "Rbac" + }, + { + "name": "Registry", + "description": { + "$ref": "desc/registry/registry.md" + } + }, + { + "name": "Registry-Count" + }, + { + "name": "Runtime" + }, + { + "name": "Sandbox", + "description": { + "$ref": "desc/sandbox/sandbox.md" + } + }, + { + "name": "Sbom", + "description": { + "$ref": "desc/sbom/sbom_intro.md" + } + }, + { + "name": "Scans", + "description": { + "$ref": "desc/scans/scans.md" + } + }, + { + "name": "Scripts" + }, + { + "name": "Security-Advisor" + }, + { + "name": "Serverless", + "description": { + "$ref": "desc/serverless/serverless.md" + } + }, + { + "name": "Settings", + "description": { + "$ref": "desc/settings/settings.md" + } + }, + { + "name": "Signup", + "description": { + "$ref": "desc/signup/signup.md" + } + }, + { + "name": "Static" + }, + { + "name": "Stats", + "description": { + "$ref": "desc/stats/stats.md" + } + }, + { + "name": "Statuses", + "description": { + "$ref": "desc/statuses/statuses.md" + } + }, + { + "description": "This API is an officially supported route", + "externalDocs": { + "url": "https://cdn.twistlock.com/docs/api/twistlock_api.html" + }, + "name": "Supported API" + }, + { + "name": "Tags", + "description": { + "$ref": "desc/tags/tags.md" + } + }, + { + "name": "Tas-Droplets" + }, + { + "name": "Trust", + "description": { + "$ref": "desc/trust/trust.md" + } + }, + { + "name": "Trusted-Images" + }, + { + "name": "Users", + "description": { + "$ref": "desc/users/users.md" + } + }, + { + "name": "Util", + "description": { + "$ref": "desc/util/util.md" + } + }, + { + "name": "Version", + "description": { + "$ref": "desc/version/version.md" + } + }, + { + "name": "Vms", + "description": { + "$ref": "desc/vms/vms.md" + } + }, + { + "name": "Waas" + }, + { + "name": "Xsoar-Alerts" + }, + { + "name": "_Ping", + "description": { + "$ref": "desc/_ping/_ping.md" + } + } + ], + "servers": [ + { + "url": "PATH_TO_CONSOLE" + } + ] +} \ No newline at end of file diff --git a/products/compute/api/33-02/access-api-self-hosted.md b/products/compute/api/33-02/access-api-self-hosted.md new file mode 100644 index 000000000..40445b655 --- /dev/null +++ b/products/compute/api/33-02/access-api-self-hosted.md @@ -0,0 +1,150 @@ +--- +id: access-api-self-hosted +title: Access the Prisma Cloud Compute Edition (PCCE) APIs +--- + +The Prisma Cloud Compute API is exposed on the host that runs Console on port 8083 (HTTPS). +The port is specified at install time in _twistlock.cfg_. + +All example commands specify a variable called `CONSOLE`, which represents the address for your Console. +The address for your Console depends on how you installed it. + +For Onebox installs, where you install Console on a stand-alone host, the value for `CONSOLE` is the IP address or DNS name of the host. +HTTPS access to Console is servered on port 8083, so the full address would be: + +```bash +CONSOLE = https://:8083 +``` + +For the default Kubernetes installation procedure, the Console service is exposed by a LoadBalancer, and so the address for `CONSOLE` is + +```bash +CONSLE = https://:8083 +``` + +Access to the API requires authentication. +You can either: + +- Retrieve a token, then pass the token in the Authorization field of all subsequent requests. +- Use Basic HTTP authentication for each request. + +:::note +The default install of Prisma Cloud Compute Edition uses self-signed certificates. +By default, curl validates the server's certificate. +Because the certificate for the CA that signed the server's cert isn't in your CA store, curl can't validate the server's cert. + +You've got two options: + +- Pass the --insecure flag to curl. + With this flag, validation that the server is who it claims to be is bypassed. + The connection is still encrypted. + +- Configure Prisma Cloud Compute to use your own custom certs. + ::: + +## Accessing the API using Basic authentication + +The basic token is a Base64 encoded string of type username:password. + +1. Generate the Base64 encoding of your username and password. + Assume your username is api, and your password is api. + +```bash +$ echo -n "api:api" | openssl base64 +YXBpOmFwaQ== +``` + +2. To access any other endpoint, set the Authorization field of your HTTP header to Basic and add the encoded string. + For example, to get all your runtime container policies: + +```bash +$ curl --insecure \ + -H 'Authorization: Basic YWRtaW46YWRtaW4=' \ + "https:///api/v/policies/runtime/container +``` + +:::note +The curl command can handle basic auth for you with the `--user` option. +::: + +## Accessing the API using token authentication + +To access the API using a token: + +1. Retrieve a token from the [Authenticate](/prisma-cloud/api/cwpp/post-authenticate/) ![alt text](/icons/api-icon-pan-dev.svg) endpoint with your user credentials. + +By default, access tokens are valid for 30 minutes. You can set the validity period in Console under **Manage** > **Authentication** > **Logon**. + +You can also retrieve tokens using client certificates. + +```bash +$ curl \ + -H "Content-Type: application/json" \ + -d '{"username":"admin", "password":"admin"}' \ + "https:///api/v/authenticate" +{ + "token":"eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9..." +} +``` + +If you integrated Prisma Cloud Compute Console with Active Directory, and you're using the sAMAccountName _user identifier_, escape the backslash in the `DOMAIN\sAMAccountName` username value. +For example: + +```bash +$ curl \ + -H "Content-Type: application/json" \ + -d '{"username":"DOMAIN\\admin", "password":"admin"}' \ + "https:///api/v/authenticate" +{ + "token":"eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9..." +} +``` + +2. Call the Prisma Cloud Compute API, submitting the token in the Authorization field in the HTTP header of your request. + For example, test connection to the API using the [Get Runtime Container Policies](/compute/api/get-policies-runtime-container/) ![alt text](/icons/api-icon-pan-dev.svg) endpoint: + +```bash +$ curl --insecure \ + -H "Authorization: Bearer eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9..." \ + "https:///api/v/policies/runtime/container" +``` + +## Accessing the API using a client certificate + +You can retrieve a token using client certificates issued by your public key infrastructure. + +**Prerequisites:** + +- You have configured Prisma Cloud Compute Console with your server certificate. + Go to **Manage > Authentication > Certificates > TLS certificate for Console**, and upload your certificate (cat the cert and private key into a single file). + +1. Install your client certificate on your local machine. + +2. Request a token using your client certificate. + +```bash +$ curl --insecure \ + -X POST \ + --cert cert.pem \ + "https:///api/v/authenticate-client" +{ + "token":"eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9..." +} +``` + +3. Call the Prisma Cloud Compute API, submitting the token in the Authorization field in the HTTP header of your request. + For example, to get all policies: + +```bash +$ curl --insecure \ + -H "Authorization: Bearer eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9..." \ + "https:///api/v/policies/runtime/container" +``` + +## Accessing the API in a Multi-Tenant Environment + +Requests to the Prisma Cloud Compute API with Projects enabled will be made against all available tenants. To query for a specific tenant, include the `project=name` query parameter to restrict requests to the given tenant. (This does not apply to authentication endpoints.) + +:::note +This parameter is required if the authenticated user does not have access to all tenants. +::: diff --git a/products/compute/api/33-02/set-up-console.md b/products/compute/api/33-02/set-up-console.md new file mode 100644 index 000000000..f84b07761 --- /dev/null +++ b/products/compute/api/33-02/set-up-console.md @@ -0,0 +1,77 @@ +--- +id: set-up-console +title: Set Up Console +--- + +After first installing Prisma Cloud Compute console, you must create an initial admin user and set up your license. +The Prisma Cloud API provides endpoints to complete the set up of a freshly installed Console. + +:::note +This section pertains to the Prisma Cloud Compute Edition consoles only. +::: + +## Create your first admin user + +After Console is first installed, you must create the first admin user. +To do this, use the [Signup](/compute/api/post-signup/) ![alt text](/icons/api-icon-pan-dev.svg) endpoint. + +The following example curl command creates the initial admin user named butterbean. + +```bash +$ curl -k \ + -H 'Content-Type: application/json' \ + -X POST \ + -d '{"username": "butterbean", "password": ""}' \ + https://:8083/api/v1/signup +``` + +The signup process can only be executed once, whether from the Console UI or the API. +Calling this endpoint after the initial sign up has been completed results in a 400 error response. + +## Set up your license + +Console isn't functional until you provide your license key. +The Prisma Cloud API provides an endpoint for setting up your license. + +In this procedure, you access the Prisma Cloud API using an auth token. + +:::note +Prisma Cloud provides a single license that protects a specific number of nodes. +The number of nodes covered depends on your subscription. +You can use the same license to install multiple instances of Console. +There is need to get a new license when building out new environments with Prisma Cloud. + +For example, if you have licensed 100 nodes and you have deployed to 10 separate tenants, each with its own Console, use the same license key for each instance of Console. +::: + +1. Get an auth token from the [Authenticate](/prisma-cloud/api/cwpp/post-authenticate/) ![alt text](/icons/api-icon-pan-dev.svg) endpoint. + +```bash +$ curl -H "Content-Type: application/json" \ + -d '{"username":"admin", "password":"admin"}' \ + https://localhost:8083/api/vVERSION/authenticate +{ "token":"eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9..." } +``` + +2. Set environment variables for your auth token and license key. + +```bash +$ echo $LICENSE_KEY +{"key":"your license key here"} +``` + +```bash +$ echo $TOKEN +eyJ0eXAiOiJK... +``` + +3. Execute the command referencing these vars to set the license using the [License](/compute/api/post-settings-license/) ![alt text](/icons/api-icon-pan-dev.svg) endpoint. + +```bash +$ curl -H "Authorization: Bearer $TOKEN" \ + -H "Content-Type: application/json" \ + -d $LICENSE_KEY \ + https://localhost:8083/api/v/settings/license +``` + +The result should be 200 OK with an empty body "{}". diff --git a/products/compute/api/33-02/stable-endpoints.md b/products/compute/api/33-02/stable-endpoints.md new file mode 100644 index 000000000..6acb0882d --- /dev/null +++ b/products/compute/api/33-02/stable-endpoints.md @@ -0,0 +1,105 @@ +--- +id: stable-endpoints +title: Supported Endpoints +--- + +With every release, the Compute APIs are versioned to indicate the release number to which they correspond. +The version-specific APIs are supported for the subsequent two major releases. + +With API versioning, as your Console is upgraded to newer versions, you can continue to use older versioned APIs with stability and migrate to newer version APIs at your convenience within the N-2 support lifecycle. + +:memo: **Note:** Starting from release 33.00, Prisma Cloud does not restrict connections and REST API calls from the n-3 release as well. So the current release will allow Defenders and REST API calls from release 30.xx also. + +The deployment scripts and Twistcli that you download from Console, uses the APIs associated with the specific version of Console. + +### Previous API Versions of Prisma Cloud Compute Edition + +All minor or maintenance versions (xx) of 32.xx release have n-2 support for backward compatibility. The documentation for all the supported releases is available at: + +* [Prisma Cloud Compute Edition - 33.02](/compute/api/) +* [Prisma Cloud Compute Edition - 32.07](/compute/api/32-07/) +* [Prisma Cloud Compute Edition - 31.02](/compute/api/31-02/) + +## Versioning + +The Compute API is versioned as follows: + +`/api/vX/route` + +Where: + +- `v1` - Always points to the latest API. This represents a larger set of APIs. Only the following v1 endpoints are supported and documented: + - api/v1/certs/ca.pem, get + - api/v1/certs/server-certs.sh, get + - api/v1/cloud/discovery/entities, get + - api/v1/registry/webhook/webhook, delete + - api/v1/registry/webhook/webhook, post + - api/v1/signup, post + - api/v1/util/prisma-cloud-jenkins-plugin.hpi, get + - api/v1/util/tas-tile, get + +- `vVersion` - Points to a version-specific API, where `Version` specifies the major and minor parts of a release's version string. + +As a best practice, update your scripts to use the version-specific API endpoints to ensure that your implementation is fully supported. +For the version-specific APIs, you will have access to the API Reference and Release Notes documentation for changes or updates that may impact you. + +When using the version-specific endpoints, you will need to update your automation scripts approximately once a year to stay in sync with the product [Support lifecycle for connected components](https://docs.prismacloud.io/en/classic/compute-admin-guide/upgrade/support-lifecycle). If you are upgraded to Darwin, see [Support Lifecycle for Connected Components](https://docs.prismacloud.io/en/enterprise-edition/content-collections/runtime-security/upgrade/support-lifecycle). + +Starting with version 30.xx, each maintenance release (like 30.01, 30.02, and so on) may contain new features and improvements. As a result, the URLs for the APIs will be updated to reflect the version. + +You can continue to use different .xx versions of the API for your automation requirements, as we’ll continue to support backward compatibility for two major releases, including minor (maintenance) release versions before the current one (n-2). For example, while on build 30.01, you can continue to use the API paths such as api/v30.00, api/v22.12, and api/v22.06 due to backward compatibility. + +Though we recommend you to update scripts to use the current or new API paths, you won't need to worry about making changes to your code immediately when a new major or minor (maintenance) release is announced. + +**Note**: If you have a mixed environment of different Defenders versions, then use the version of the API that matches the earliest version. + +If you use the /v1 APIs, Palo Alto Networks recommends that you consider revising your scripts to target the versioned API endpoints. +If you opt to continue using the v1 API endpoints, adhere to the following guidelines: + +- Review the list of v1 endpoints you are using and make sure the corresponding versioned endpoints are available. +- If you are using an API that is only in the /v1 category and does not have a corresponding versioned API, you must review your implementation and update your scripts to ensure that you do not experience a disruption. +- If you are using /v1 endpoints that are unsupported and not versioned, you can submit a feature request. + Your request to support the endpoint will be considered when planning the product roadmap for future releases. + +## Supported Endpoints + +The API Reference documentation includes the supported endpoints only. +You can download a copy of the OpenAPI spec file from the Prisma Cloud Compute Console. The spec file lists all available endpoints, including unsupported endpoints. +Use the supported endpoints to ensure stability. +As the unsupported endpoints are not documented for use, they are subject to change, deprecation, or removal without notice. + +In the OpenAPI spec file, supported endpoints are tagged as supported. +For example, the `POST /api/vX/authenticate` endpoint is tagged as follows: + +``` +"tags": [ + "Authenticate", + "Supported API" +] +``` + +## Supported Endpoint Categories + +Supported endpoints tend to fall into one of the following categories: + +- Reporting endpoints +- Config-as-code +- Deployment and config + +### Reporting Endpoints + +Reporting API calls are the ones used to download the health or scan data such as vulnerabilities/compliance/runtime. +Access to the underlying data in JSON and CSV formats allows customers to easily access and transform data into business intelligence in the forms that meet their needs. +The output may be human-readable reports or, in other cases, the reporting data may feed automated decisions and processes. + +These are mostly under the **Monitor** section in the Compute Console. + +### Config-as-Code + +Configuration as code is the formal migration of config between environments, backed by a version control system. +Customers who want to programmatically store and manage the configuration of infrastructure components can automate these components using the same approaches as production code and services. + +### Deployment and Config + +Deployment and config endpoints are essential to automate the installation of Console, Defenders, as well as any configuration that deals with integrations. +These are useful to those who base their management of environments on automation, using tools such as Ansible, Puppet, Terraform, etc to define desired configurations. diff --git a/products/compute/api/33-02/welcome-prisma-cloud-apis.md b/products/compute/api/33-02/welcome-prisma-cloud-apis.md new file mode 100644 index 000000000..7bcda5ee1 --- /dev/null +++ b/products/compute/api/33-02/welcome-prisma-cloud-apis.md @@ -0,0 +1,125 @@ +--- +id: compute-api-reference-home +title: Welcome to the Compute APIs +slug: /compute/api/33-02 +keywords: + - Developer + - Prisma + - Prisma Cloud + - Reference + - API +--- + +### About + +The Prisma Cloud Workload Protection REST API lets you automate workflows and integrate with external systems. +Use the API to: + +- Set up, configure, reconfigure, and deploy Prisma Cloud Compute components to secure your hosts, containers, and serverless functions against vulnerabilities, malware, and compliance violations. +- Extract the security data that Prisma Cloud Compute has collected about your environment and send it to your monitoring, alerting, and reporting systems. + +### How to find your version + +To find the the version of Prisma Cloud Workload Protection that you're running: + +1. Log into your Prisma Cloud Compute console. + +2. Click the bell icon in the top right of the page. + + The drop-down shows the currently running version: + + ![Console screenshot](/img/compute-version.png) + +### cURL Examples + +All the cURL examples in these documents specify a `` variable, which represents the address for Console. +The Console address will depend on how Console was installed. + +The Prisma Cloud Compute API is exposed on port `8083` (HTTPS). +This port is specified at install time in `twistlock.cfg`. + +- **(Default) Kubernetes installations:** Console service is exposed by a LoadBalancer. + + The value for `` is the LoadBalancer followed by port `8083`: + + ```bash + $ https://:8083 + ``` + +- **Onebox installations:** Console installed on a stand-alone host. + + The value for `` is the IP address or DNS name of the host followed by port `8083`: + + ```bash + $ https://:8083 + ``` + +The cURL example for each endpoint is called with a username (`-u `) only. +The cURL command can be modified to use any of the following: + +- **Authentication Token:** Use the `-H` option to pass the authentication token from the [Authenticate](/prisma-cloud/api/cwpp/post-authenticate/) ![alt text](/icons/api-icon-pan-dev.svg) endpoint into the request header. + +For example, replace `` with the token from the [Authenticate](/prisma-cloud/api/cwpp/post-authenticate/) ![alt text](/icons/api-icon-pan-dev.svg) endpoint. + +```bash +$ curl -k \ +-H 'Authorization: Bearer ' \ +-X POST \ +https:///api/vVERSION/ +``` + +- **Username and Password:** Use the `-u` and `-p` options to include the username and password, eliminating the need to enter a password in a secondary step. + +For example, replace `` with the username string and `` with the password string. + +```bash +$ curl -k \ +-u \ +-p \ +-X POST \ +https:///api/vVERSION/ +``` + +- **Username Only:** This will require the user's password to be entered as a secondary step. + +For example, replace `` with the username string. + +```bash +$ curl -k \ +-u \ +-X POST \ +https:///api/vVERSION/ +``` + +**Note:** This is a more secure method than including the `-p` option since your terminal history won't contain the password. + +### Paginated Responses + +Paginated API requests are capped to a max of 250 returned objects because very large responses could DoS Console. The default value is 50 objects per page. + +If the response contains more than 250 objects, cycle through the collection with the `offset` query parameter to retrieve more objects. + +For example: + +```bash +$ https:///api/v/images?limit=250&offset=X +``` + +### API Rate Limits + +Rate limiting is applied to some endpoints. The documentation for each such endpoint has details of the rate limits enforced on it. For example, [Get Container Scan Results](https://pan.dev/prisma-cloud/api/cwpp/get-containers/). + +### View parameter descriptions + +The parameter descriptions are available for each endpoint. The body or query (wherever applicable) parameters are listed after the endpoint description. +The response parameters are hidden under the label `Response` 200. + +Click `>` to view hidden parameters. + +#### View API endpoint parameters + +![Expand Body Parameters](/img/expandingbodyparameters.gif) + +#### View API endpoint response parameters + +![Expand Response Parameters](/img/expandingresponse.gif) diff --git a/products/compute/api/stable-endpoints.md b/products/compute/api/stable-endpoints.md index 6acb0882d..eae49a84f 100644 --- a/products/compute/api/stable-endpoints.md +++ b/products/compute/api/stable-endpoints.md @@ -16,7 +16,7 @@ The deployment scripts and Twistcli that you download from Console, uses the API All minor or maintenance versions (xx) of 32.xx release have n-2 support for backward compatibility. The documentation for all the supported releases is available at: -* [Prisma Cloud Compute Edition - 33.02](/compute/api/) +* [Prisma Cloud Compute Edition - 33.03](/compute/api/) * [Prisma Cloud Compute Edition - 32.07](/compute/api/32-07/) * [Prisma Cloud Compute Edition - 31.02](/compute/api/31-02/) diff --git a/products/compute/sidebars.ts b/products/compute/sidebars.ts index 5785111cb..69d39039c 100644 --- a/products/compute/sidebars.ts +++ b/products/compute/sidebars.ts @@ -15,7 +15,7 @@ module.exports = { { type: "html", defaultStyle: true, - value: versionCrumb(`33-02`), + value: versionCrumb(`33-03`), }, "compute/api/compute-api-reference-home", "compute/api/access-api-self-hosted", @@ -115,4 +115,18 @@ module.exports = { ], }, ], + compute_3302: [ + { + type: "category", + label: "Prisma Cloud Compute Edition - 33.00", + collapsed: true, + items: [ + "compute/api/33-02/compute-api-reference-home", + "compute/api/33-02/access-api-self-hosted", + "compute/api/33-02/set-up-console", + "compute/api/33-02/stable-endpoints", + require("./api/33-02/sidebar"), + ], + }, + ], };