From 6784df057c199188c226462eebc60f22e207c418 Mon Sep 17 00:00:00 2001 From: Bryan Linda <48506502+blindaa121@users.noreply.github.com> Date: Mon, 24 Jul 2023 06:23:45 -0700 Subject: [PATCH] PCCE-Maxwell-Update-3 (#439) * PCCE-Maxwell-Update-3 * Update sidebars.js * Update crumbs.json * Updated spec file * Sync Terraform module documentation to pan.dev (#442) * Adds images for Orchestration Hub (#441) * upgrade to canary 0.0.0-616 --------- Co-authored-by: Saurabh Sugandh Co-authored-by: create-pr-on-fork-for-pan-dev[bot] <135888023+create-pr-on-fork-for-pan-dev[bot]@users.noreply.github.com> Co-authored-by: James Holland <6574404+jamesholland-uk@users.noreply.github.com> Co-authored-by: Steven Serrata Co-authored-by: Steven Serrata <9343811+sserrata@users.noreply.github.com> --- crumbs.json | 4 +- docusaurus.config.js | 11 +- .../openapi_enriched_selfhosted_sorted.json | 0 .../compute/openapi_30_03_122_new.json | 57565 ++++++++++++++++ package.json | 4 +- .../compute/api/30-02/stable-endpoints.md | 104 + products/compute/api/stable-endpoints.md | 1 + .../compute/api/welcome-prisma-cloud-apis.md | 1 + products/compute/sidebars.js | 20 +- yarn.lock | 18 +- 10 files changed, 57708 insertions(+), 20 deletions(-) rename openapi-specs/compute/{ => 30-02}/openapi_enriched_selfhosted_sorted.json (100%) create mode 100644 openapi-specs/compute/openapi_30_03_122_new.json create mode 100644 products/compute/api/30-02/stable-endpoints.md diff --git a/crumbs.json b/crumbs.json index c26f20196..f4c5909b6 100644 --- a/crumbs.json +++ b/crumbs.json @@ -159,11 +159,11 @@ }, { "href": "/compute/api/", - "label": "Prisma Cloud API v30.02", + "label": "Prisma Cloud API v30.03", "description": "Prisma Cloud API Reference ", "icon": "⚙️", "sitemap_feature": ["API"], - "sitemap_osversion": ["Self-Hosted 30.02"] + "sitemap_osversion": ["Self-Hosted 30.03"] } ] }, diff --git a/docusaurus.config.js b/docusaurus.config.js index a19ed3d08..0b531641b 100644 --- a/docusaurus.config.js +++ b/docusaurus.config.js @@ -756,8 +756,8 @@ const config = { specPath: "openapi-specs/compute", outputDir: "products/compute/api", sidebarOptions: { groupPathsBy: "tag", categoryLinkSource: "tag" }, - version: "30.02", - label: "v30.02", + version: "30.03", + label: "v30.03", showExtensions: true, baseUrl: "/compute/api/", versions: { @@ -789,6 +789,13 @@ const config = { sidebarOptions: { groupPathsBy: "tag", categoryLinkSource: "tag" }, baseUrl: "/compute/api/30-01/", }, + compute_3002: { + specPath: "openapi-specs/compute/30-02", + outputDir: "products/compute/api/30-02", + showExtensions: true, + sidebarOptions: { groupPathsBy: "tag", categoryLinkSource: "tag" }, + baseUrl: "/compute/api/30-02/", + }, }, }, ], diff --git a/openapi-specs/compute/openapi_enriched_selfhosted_sorted.json b/openapi-specs/compute/30-02/openapi_enriched_selfhosted_sorted.json similarity index 100% rename from openapi-specs/compute/openapi_enriched_selfhosted_sorted.json rename to openapi-specs/compute/30-02/openapi_enriched_selfhosted_sorted.json diff --git a/openapi-specs/compute/openapi_30_03_122_new.json b/openapi-specs/compute/openapi_30_03_122_new.json new file mode 100644 index 000000000..c41063c5d --- /dev/null +++ b/openapi-specs/compute/openapi_30_03_122_new.json @@ -0,0 +1,57565 @@ +{ + "components": { + "schemas": { + "-_admission.Audit": { + "items": { + "$ref": "#/components/schemas/admission.Audit" + }, + "type": "array" + }, + "-_api.AlertProfile": { + "items": { + "$ref": "#/components/schemas/api.AlertProfile" + }, + "type": "array" + }, + "-_applicationcontrol.Rule": { + "items": { + "$ref": "#/components/schemas/applicationcontrol.Rule" + }, + "type": "array" + }, + "-_ccs.ConsoleMessage": { + "items": { + "$ref": "#/components/schemas/ccs.ConsoleMessage" + }, + "type": "array" + }, + "-_coderepos.ScanResult": { + "items": { + "$ref": "#/components/schemas/coderepos.ScanResult" + }, + "type": "array" + }, + "-_collection.Collection": { + "items": { + "$ref": "#/components/schemas/collection.Collection" + }, + "type": "array" + }, + "-_collection.Usage": { + "items": { + "$ref": "#/components/schemas/collection.Usage" + }, + "type": "array" + }, + "-_cred.Credential": { + "items": { + "$ref": "#/components/schemas/cred.Credential" + }, + "type": "array" + }, + "-_customrules.Rule": { + "items": { + "$ref": "#/components/schemas/customrules.Rule" + }, + "type": "array" + }, + "-_defender.Defender": { + "items": { + "$ref": "#/components/schemas/defender.Defender" + }, + "type": "array" + }, + "-_deployment.DaemonSet": { + "items": { + "$ref": "#/components/schemas/deployment.DaemonSet" + }, + "type": "array" + }, + "-_forensic.ContainerEvent": { + "items": { + "$ref": "#/components/schemas/forensic.ContainerEvent" + }, + "type": "array" + }, + "-_forensic.HostEvent": { + "items": { + "$ref": "#/components/schemas/forensic.HostEvent" + }, + "type": "array" + }, + "-_kubeaudit.Audit": { + "items": { + "$ref": "#/components/schemas/kubeaudit.Audit" + }, + "type": "array" + }, + "-_kubeaudit.AuditSpecification": { + "items": { + "$ref": "#/components/schemas/kubeaudit.AuditSpecification" + }, + "type": "array" + }, + "-_log.LogEntry": { + "items": { + "$ref": "#/components/schemas/log.LogEntry" + }, + "type": "array" + }, + "-_prisma.AlertIntegration": { + "items": { + "$ref": "#/components/schemas/prisma.AlertIntegration" + }, + "type": "array" + }, + "-_rbac.Role": { + "items": { + "$ref": "#/components/schemas/rbac.Role" + }, + "type": "array" + }, + "-_runtime.ContainerProfileHost": { + "items": { + "$ref": "#/components/schemas/runtime.ContainerProfileHost" + }, + "type": "array" + }, + "-_runtime.HostProfile": { + "items": { + "$ref": "#/components/schemas/runtime.HostProfile" + }, + "type": "array" + }, + "-_sandbox.ScanResult": { + "items": { + "$ref": "#/components/schemas/sandbox.ScanResult" + }, + "type": "array" + }, + "-_serverless.FunctionInfo": { + "items": { + "$ref": "#/components/schemas/serverless.FunctionInfo" + }, + "type": "array" + }, + "-_serverless.RadarFilter": { + "items": { + "$ref": "#/components/schemas/serverless.RadarFilter" + }, + "type": "array" + }, + "-_shared.AppEmbeddedRuntimeProfile": { + "items": { + "$ref": "#/components/schemas/shared.AppEmbeddedRuntimeProfile" + }, + "type": "array" + }, + "-_shared.AppFirewallAudit": { + "items": { + "$ref": "#/components/schemas/shared.AppFirewallAudit" + }, + "type": "array" + }, + "-_shared.Audit": { + "items": { + "$ref": "#/components/schemas/shared.Audit" + }, + "type": "array" + }, + "-_shared.BackupSpec": { + "items": { + "$ref": "#/components/schemas/shared.BackupSpec" + }, + "type": "array" + }, + "-_shared.CLIScanResult": { + "items": { + "$ref": "#/components/schemas/shared.CLIScanResult" + }, + "type": "array" + }, + "-_shared.CloudDiscoveryAccount": { + "items": { + "$ref": "#/components/schemas/shared.CloudDiscoveryAccount" + }, + "type": "array" + }, + "-_shared.CloudDiscoveryEntity": { + "items": { + "$ref": "#/components/schemas/shared.CloudDiscoveryEntity" + }, + "type": "array" + }, + "-_shared.CloudDiscoveryRadar": { + "items": { + "$ref": "#/components/schemas/shared.CloudDiscoveryRadar" + }, + "type": "array" + }, + "-_shared.CloudDiscoveryResult": { + "items": { + "$ref": "#/components/schemas/shared.CloudDiscoveryResult" + }, + "type": "array" + }, + "-_shared.CloudScanRule": { + "items": { + "$ref": "#/components/schemas/shared.CloudScanRule" + }, + "type": "array" + }, + "-_shared.CodeRepoSpecification": { + "items": { + "$ref": "#/components/schemas/shared.CodeRepoSpecification" + }, + "type": "array" + }, + "-_shared.ContainerNetworkFirewallProfileAudits": { + "items": { + "$ref": "#/components/schemas/shared.ContainerNetworkFirewallProfileAudits" + }, + "type": "array" + }, + "-_shared.ContainerRuntimeProfile": { + "items": { + "$ref": "#/components/schemas/shared.ContainerRuntimeProfile" + }, + "type": "array" + }, + "-_shared.ContainerScanResult": { + "items": { + "$ref": "#/components/schemas/shared.ContainerScanResult" + }, + "type": "array" + }, + "-_shared.CustomComplianceCheck": { + "items": { + "$ref": "#/components/schemas/shared.CustomComplianceCheck" + }, + "type": "array" + }, + "-_shared.FileIntegrityEvent": { + "items": { + "$ref": "#/components/schemas/shared.FileIntegrityEvent" + }, + "type": "array" + }, + "-_shared.HostActivity": { + "items": { + "$ref": "#/components/schemas/shared.HostActivity" + }, + "type": "array" + }, + "-_shared.HostInfo": { + "items": { + "$ref": "#/components/schemas/shared.HostInfo" + }, + "type": "array" + }, + "-_shared.HostNetworkFirewallProfileAudits": { + "items": { + "$ref": "#/components/schemas/shared.HostNetworkFirewallProfileAudits" + }, + "type": "array" + }, + "-_shared.ImageScanResult": { + "items": { + "$ref": "#/components/schemas/shared.ImageScanResult" + }, + "type": "array" + }, + "-_shared.Incident": { + "items": { + "$ref": "#/components/schemas/shared.Incident" + }, + "type": "array" + }, + "-_shared.LambdaRuntimeType": { + "items": { + "$ref": "#/components/schemas/shared.LambdaRuntimeType" + }, + "type": "array" + }, + "-_shared.LogInspectionEvent": { + "items": { + "$ref": "#/components/schemas/shared.LogInspectionEvent" + }, + "type": "array" + }, + "-_shared.MgmtAudit": { + "items": { + "$ref": "#/components/schemas/shared.MgmtAudit" + }, + "type": "array" + }, + "-_shared.Progress": { + "items": { + "$ref": "#/components/schemas/shared.Progress" + }, + "type": "array" + }, + "-_shared.RegionData": { + "items": { + "$ref": "#/components/schemas/shared.RegionData" + }, + "type": "array" + }, + "-_shared.RegistryScanProgress": { + "items": { + "$ref": "#/components/schemas/shared.RegistryScanProgress" + }, + "type": "array" + }, + "-_shared.RuntimeAudit": { + "items": { + "$ref": "#/components/schemas/shared.RuntimeAudit" + }, + "type": "array" + }, + "-_shared.TASDropletSpecification": { + "items": { + "$ref": "#/components/schemas/shared.TASDropletSpecification" + }, + "type": "array" + }, + "-_shared.Tag": { + "items": { + "$ref": "#/components/schemas/shared.Tag" + }, + "type": "array" + }, + "-_shared.TrustAudits": { + "items": { + "$ref": "#/components/schemas/shared.TrustAudits" + }, + "type": "array" + }, + "-_shared.VMSpecification": { + "items": { + "$ref": "#/components/schemas/shared.VMSpecification" + }, + "type": "array" + }, + "-_string": { + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "-_types.AlertProfileOption": { + "items": { + "$ref": "#/components/schemas/types.AlertProfileOption" + }, + "type": "array" + }, + "-_types.AuditTimeslice": { + "items": { + "$ref": "#/components/schemas/types.AuditTimeslice" + }, + "type": "array" + }, + "-_types.BaseImagesRule": { + "items": { + "$ref": "#/components/schemas/types.BaseImagesRule" + }, + "type": "array" + }, + "-_types.CVEStats": { + "items": { + "$ref": "#/components/schemas/types.CVEStats" + }, + "type": "array" + }, + "-_types.CVEVulnerability": { + "items": { + "$ref": "#/components/schemas/types.CVEVulnerability" + }, + "type": "array" + }, + "-_types.ClusterRadarInfo": { + "items": { + "$ref": "#/components/schemas/types.ClusterRadarInfo" + }, + "type": "array" + }, + "-_types.CredentialUsage": { + "items": { + "$ref": "#/components/schemas/types.CredentialUsage" + }, + "type": "array" + }, + "-_types.DefenderSummary": { + "items": { + "$ref": "#/components/schemas/types.DefenderSummary" + }, + "type": "array" + }, + "-_types.DefendersVersionCount": { + "items": { + "$ref": "#/components/schemas/types.DefendersVersionCount" + }, + "type": "array" + }, + "-_types.DiscoveredVM": { + "items": { + "$ref": "#/components/schemas/types.DiscoveredVM" + }, + "type": "array" + }, + "-_types.ImpactedOutOfBandEntity": { + "items": { + "$ref": "#/components/schemas/types.ImpactedOutOfBandEntity" + }, + "type": "array" + }, + "-_types.Project": { + "items": { + "$ref": "#/components/schemas/types.Project" + }, + "type": "array" + }, + "-_types.Stats": { + "items": { + "$ref": "#/components/schemas/types.Stats" + }, + "type": "array" + }, + "-_types.UserCollection": { + "items": { + "$ref": "#/components/schemas/types.UserCollection" + }, + "type": "array" + }, + "-_types.UserProject": { + "items": { + "$ref": "#/components/schemas/types.UserProject" + }, + "type": "array" + }, + "-_types.VulnerabilityStats": { + "items": { + "$ref": "#/components/schemas/types.VulnerabilityStats" + }, + "type": "array" + }, + "-_uint8": { + "items": { + "$ref": "#/components/schemas/uint8" + }, + "type": "array" + }, + "-_waas.APIChangeDetails": { + "items": { + "$ref": "#/components/schemas/waas.APIChangeDetails" + }, + "type": "array" + }, + "-_waas.DiscoveredAPI": { + "items": { + "$ref": "#/components/schemas/waas.DiscoveredAPI" + }, + "type": "array" + }, + "-_waas.NetworkList": { + "items": { + "$ref": "#/components/schemas/waas.NetworkList" + }, + "type": "array" + }, + "-_waas.OpenAPIScan": { + "items": { + "$ref": "#/components/schemas/waas.OpenAPIScan" + }, + "type": "array" + }, + "-_waas.UnprotectedContainersWebApps": { + "items": { + "$ref": "#/components/schemas/waas.UnprotectedContainersWebApps" + }, + "type": "array" + }, + "-_waas.UnprotectedHostsWebApps": { + "items": { + "$ref": "#/components/schemas/waas.UnprotectedHostsWebApps" + }, + "type": "array" + }, + "-_waas.VPCConfigMirroredVM": { + "items": { + "$ref": "#/components/schemas/waas.VPCConfigMirroredVM" + }, + "type": "array" + }, + "-_waas.VPCConfigResource": { + "items": { + "$ref": "#/components/schemas/waas.VPCConfigResource" + }, + "type": "array" + }, + "admission.Audit": { + "description": "Audit represents an admission audit", + "properties": { + "accountID": { + "description": "AccountID is the cloud account ID.\n", + "type": "string" + }, + "attackTechniques": { + "description": "AttackTechniques are the MITRE attack techniques.\n", + "items": { + "$ref": "#/components/schemas/mitre.Technique" + }, + "type": "array" + }, + "cluster": { + "description": "Cluster is the cluster where the audit took place.\n", + "type": "string" + }, + "collections": { + "description": "Collections are collections to which this audit applies.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "effect": { + "description": "Effect is the rule effect which was applied to the review which led to this audit.\n", + "type": "string" + }, + "kind": { + "description": "Kind is the type of object being manipulated. For example: Pod.\n", + "type": "string" + }, + "message": { + "description": "Message is the rule user defined message which appears on audit.\n", + "type": "string" + }, + "namespace": { + "description": "Namespace is the namespace associated with the request (if any).\n", + "type": "string" + }, + "operation": { + "description": "Operation is the operation being performed.\n", + "type": "string" + }, + "rawRequest": { + "description": "RawRequest is the original review request that caused this audit.\n", + "type": "string" + }, + "resource": { + "description": "Resource is the name of the resource being requested. This is not the kind. For example: pods.\n", + "type": "string" + }, + "ruleName": { + "description": "RuleName is the name of the rule which issued this audit.\n", + "type": "string" + }, + "time": { + "description": "Time is the time at which the audit was generated.\n", + "format": "date-time", + "type": "string" + }, + "userGroups": { + "description": "UserGroups is the names of groups this user is a part of.\n", + "type": "string" + }, + "userUid": { + "description": "UserUID is a unique value that identifies this user across time. If this user is\ndeleted and another user by the same name is added, they will have\ndifferent UIDs.\n", + "type": "string" + }, + "username": { + "description": "Username is the name that uniquely identifies this user among all active users.\n", + "type": "string" + } + }, + "type": "object" + }, + "admission.Policy": { + "description": "Policy represents a policy enforced on Kubernetes admission reviews", + "properties": { + "_id": { + "description": "ID is the policy ID.\n", + "type": "string" + }, + "rules": { + "description": "Rules is a list of rules associated with the admission policy.\n", + "items": { + "$ref": "#/components/schemas/admission.Rule" + }, + "type": "array" + } + }, + "type": "object" + }, + "admission.Rule": { + "description": "Rule represents an admission rule", + "properties": { + "attackTechniques": { + "description": "AttackTechniques are the MITRE attack techniques.\n", + "items": { + "$ref": "#/components/schemas/mitre.Technique" + }, + "type": "array" + }, + "description": { + "description": "Description is the rule description.\n", + "type": "string" + }, + "disabled": { + "description": "Indicates if the rule is currently disabled (true) or not (false).\n", + "type": "boolean" + }, + "effect": { + "$ref": "#/components/schemas/common.PolicyEffect" + }, + "modified": { + "description": "Datetime when the rule was last modified.\n", + "format": "date-time", + "type": "string" + }, + "name": { + "description": "Name of the rule.\n", + "type": "string" + }, + "notes": { + "description": "Free-form text.\n", + "type": "string" + }, + "owner": { + "description": "User who created or last modified the rule.\n", + "type": "string" + }, + "previousName": { + "description": "Previous name of the rule. Required for rule renaming.\n", + "type": "string" + }, + "script": { + "description": "Script is the Rego script.\n", + "type": "string" + }, + "skipRawReq": { + "description": "SkipRawReq signals to exclude raw review request in a resulting admission audit.\n", + "type": "boolean" + } + }, + "type": "object" + }, + "api.AlertClientType": { + "description": "AlertClientType represents the type of alert client (e.g., email, slack, ...)", + "type": "string" + }, + "api.AlertProfile": { + "description": "AlertProfile represents an alert profile (event type and recipients)", + "properties": { + "_id": { + "description": "ID is the alert profile ID.\n", + "type": "string" + }, + "consoleIdentifier": { + "description": "ConsoleIdentifier is the console identifier.\n", + "type": "string" + }, + "cortex": { + "$ref": "#/components/schemas/api.AlertProfileCortexSettings" + }, + "disabled": { + "description": "Indicates if the rule is currently disabled (true) or not (false).\n", + "type": "boolean" + }, + "email": { + "$ref": "#/components/schemas/api.AlertProfileEmailSettings" + }, + "external": { + "description": "External indicates that the profile is integrated through Prisma Cloud.\n", + "type": "boolean" + }, + "gcpPubsub": { + "$ref": "#/components/schemas/api.AlertProfileGcpPubsubSettings" + }, + "integrationID": { + "description": "IntegrationID is the ID identifying the provider configured in Prisma Cloud.\n", + "type": "string" + }, + "jira": { + "$ref": "#/components/schemas/api.AlertProfileJIRASettings" + }, + "lastError": { + "description": "LastError represents the last error when sending the profile.\n", + "type": "string" + }, + "modified": { + "description": "Datetime when the rule was last modified.\n", + "format": "date-time", + "type": "string" + }, + "name": { + "description": "Name of the rule.\n", + "type": "string" + }, + "notes": { + "description": "Free-form text.\n", + "type": "string" + }, + "owner": { + "description": "User who created or last modified the rule.\n", + "type": "string" + }, + "pagerduty": { + "$ref": "#/components/schemas/api.AlertProfilePagerDutySettings" + }, + "policy": { + "additionalProperties": { + "$ref": "#/components/schemas/api.AlertRule" + }, + "description": "Policy contains the mapping between alert type to the applied alert rules.\n", + "type": "object" + }, + "previousName": { + "description": "Previous name of the rule. Required for rule renaming.\n", + "type": "string" + }, + "securityAdvisor": { + "$ref": "#/components/schemas/api.AlertProfileSecurityAdvisor" + }, + "securityCenter": { + "$ref": "#/components/schemas/api.AlertProfileSecurityCenterSettings" + }, + "securityHub": { + "$ref": "#/components/schemas/api.AlertProfileSecurityHubSettings" + }, + "serviceNow": { + "$ref": "#/components/schemas/api.AlertProfileServiceNowSettings" + }, + "slack": { + "$ref": "#/components/schemas/api.AlertProfileSlackSettings" + }, + "splunk": { + "$ref": "#/components/schemas/api.AlertProfileSplunkSettings" + }, + "sqs": { + "$ref": "#/components/schemas/api.AlertProfileSQSSettings" + }, + "vulnerabilityImmediateAlertsEnabled": { + "description": "VulnerabilityImmediateAlertsEnabled indicates whether an immediate vulnerability alert will be sent upon new image scan.\n", + "type": "boolean" + }, + "webhook": { + "$ref": "#/components/schemas/api.AlertProfileWebhookSettings" + } + }, + "type": "object" + }, + "api.AlertProfileCortexSettings": { + "description": "AlertProfileCortexSettings represents Cortex applications alert profile settings", + "properties": { + "application": { + "$ref": "#/components/schemas/api.CortexApp" + }, + "caCert": { + "description": "CACert is the certificate used to verify the server.\n", + "type": "string" + }, + "credentialId": { + "description": "CredentialID is the id of the basic authentication credential.\n", + "type": "string" + }, + "enabled": { + "description": "Enabled is Webhook provider enabled/disabled indicator.\n", + "type": "boolean" + }, + "json": { + "description": "JSON is the custom JSON we send to the URL.\n", + "type": "string" + }, + "url": { + "description": "URL is the Webhook address.\n", + "type": "string" + } + }, + "type": "object" + }, + "api.AlertProfileEmailSettings": { + "description": "AlertProfileEmailSettings represents the alert profile Email settings", + "properties": { + "credentialId": { + "description": "CredentialID is the Email authentication credentials id.\n", + "type": "string" + }, + "enabled": { + "description": ".\n", + "type": "boolean" + }, + "from": { + "description": "From is the from address of the mail.\n", + "type": "string" + }, + "labels": { + "description": "Labels are custom label names from which the mail recipients are extracted, allowing to dynamically extract the target of the alerts.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "port": { + "description": ".\n", + "type": "integer" + }, + "recipients": { + "description": ".\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "smtpAddress": { + "description": ".\n", + "type": "string" + }, + "ssl": { + "description": ".\n", + "type": "boolean" + } + }, + "type": "object" + }, + "api.AlertProfileGcpPubsubSettings": { + "description": "AlertProfileGcpPubsubSettings is the GCP Pub/Sub alert profile settings", + "properties": { + "credentialId": { + "description": "CredentialID is the GCP Pub/Sub authentication credentials id.\n", + "type": "string" + }, + "enabled": { + "description": "Enabled indicates whether the GCP Pub/Sub settings are enabled.\n", + "type": "boolean" + }, + "topic": { + "description": "Topic is the GCP Pub/Sub topic (used by subscribers to listen for messages).\n", + "type": "string" + } + }, + "type": "object" + }, + "api.AlertProfileJIRASettings": { + "description": "AlertProfileJIRASettings represents the alert profile JIRA settings", + "properties": { + "assignee": { + "$ref": "#/components/schemas/api.JIRADynamicField" + }, + "baseUrl": { + "description": "BaseURL is the JIRA address.\n", + "type": "string" + }, + "caCert": { + "description": "CACert is the certificate used to verify the server.\n", + "type": "string" + }, + "credentialId": { + "description": "CredentialID is the JIRA authentication credentials id.\n", + "type": "string" + }, + "enabled": { + "description": "Enabled controls whether the rule is enabled.\n", + "type": "boolean" + }, + "issueType": { + "description": "IssueType is the type of the JIRA issue.\n", + "type": "string" + }, + "labels": { + "$ref": "#/components/schemas/api.JIRADynamicLabels" + }, + "priority": { + "description": "Priority is the issue priority.\n", + "type": "string" + }, + "projectKey": { + "$ref": "#/components/schemas/api.JIRADynamicField" + } + }, + "type": "object" + }, + "api.AlertProfilePagerDutySettings": { + "description": "AlertProfilePagerDutySettings represents the alert profile PagerDuty settings", + "properties": { + "enabled": { + "description": "Enabled is PagerDuty provider enabled/disabled indicator.\n", + "type": "boolean" + }, + "routingKey": { + "$ref": "#/components/schemas/common.Secret" + }, + "severity": { + "$ref": "#/components/schemas/api.PagerDutyAlertSeverity" + }, + "summary": { + "description": "Summary is the PagerDuty's event summary.\n", + "type": "string" + } + }, + "type": "object" + }, + "api.AlertProfileSQSSettings": { + "description": "AlertProfileSQSSettings represents the alert profile SQS settings", + "properties": { + "enabled": { + "description": "Enabled is the SQS provider enabled/disabled indicator.\n", + "type": "boolean" + }, + "json": { + "description": "JSON is the custom json we send to SQS.\n", + "type": "string" + } + }, + "type": "object" + }, + "api.AlertProfileSecurityAdvisor": { + "description": "AlertProfileSecurityAdvisor is the IBM security advisor alert profile settings", + "properties": { + "auto": { + "description": "Automatic means the configuration was automatically provisioned by security advisor, and only notes should be created.\n", + "type": "boolean" + }, + "credentialID": { + "description": "CredentialID is the IBM security advisor credential.\n", + "type": "string" + }, + "enabled": { + "description": "Enabled indicates whether the security advisor settings are enabled.\n", + "type": "boolean" + }, + "findingsURL": { + "description": "FindingsURL is the URL to which findings should be sent.\n", + "type": "string" + }, + "providerId": { + "description": "ProviderID is the configured providerID (default twistlock).\n", + "type": "string" + }, + "tokenURL": { + "description": "TokenURL is the url from which security tokens should be fetched.\n", + "type": "string" + } + }, + "type": "object" + }, + "api.AlertProfileSecurityCenterSettings": { + "description": "AlertProfileSecurityCenterSettings is the google cloud security center alert profile settings", + "properties": { + "credentialId": { + "description": "CredentialID is the Security Center authentication credentials id.\n", + "type": "string" + }, + "enabled": { + "description": ".\n", + "type": "boolean" + }, + "sourceID": { + "description": "SourceID is the google cloud security center organization source ID (used to construct security advisor findings).\n", + "type": "string" + } + }, + "type": "object" + }, + "api.AlertProfileSecurityHubSettings": { + "description": "AlertProfileSecurityHubSettings is the AWS security hub alert profile settings", + "properties": { + "accountID": { + "description": "AccountID is the AWS account ID.\n", + "type": "string" + }, + "credentialId": { + "description": "CredentialID is the SecurityHub authentication credentials id.\n", + "type": "string" + }, + "enabled": { + "description": "Enabled indicates whether the security hub settings are enabled.\n", + "type": "boolean" + }, + "region": { + "description": "Region is the aws region.\n", + "type": "string" + } + }, + "type": "object" + }, + "api.AlertProfileServiceNowSettings": { + "description": "AlertProfileServiceNowSettings represents the ServiceNow provider alert profile settings", + "properties": { + "application": { + "$ref": "#/components/schemas/api.ServiceNowApp" + }, + "assignee": { + "description": "Assignee is the ServiceNow user to whom will assign ServiceNow incidents\\items.\n", + "type": "string" + }, + "assignmentGroup": { + "description": "AssignmentGroup is the ServiceNow group of users handling security incidents.\n", + "type": "string" + }, + "auditPriority": { + "description": "AuditPriority is the priority at which to set audit alerts in security incidents.\n", + "type": "string" + }, + "caCert": { + "description": "CA certificate for on-premise ssl (optional).\n", + "type": "string" + }, + "credentialID": { + "description": "CredentialID is the ServiceNow authentication credentials id.\n", + "type": "string" + }, + "enabled": { + "description": "Enabled is the ServiceNow provider enabled/disabled indicator.\n", + "type": "boolean" + }, + "project": { + "description": "Project is the name of the prisma compute project that was used to generate this configuration. It's required as secondary consoles do not store their project name.\n", + "type": "string" + }, + "securityIncidentBaseURL": { + "description": "SecurityIncidentBaseURL is the ServiceNow address, used to send security incidents.\n", + "type": "string" + }, + "vulnerabilityEndpointUrl": { + "description": "VulnerabilityEndpointURL to report ServiceNow vulnerabilities, customer defined scripted REST API, see: https://docs.servicenow.com/bundle/orlando-application-development/page/integrate/custom-web-services/concept/c_CustomWebServices.html.\n", + "type": "string" + } + }, + "type": "object" + }, + "api.AlertProfileSlackSettings": { + "description": "AlertProfileSlackSettings represents the alert profile Slack settings", + "properties": { + "enabled": { + "description": ".\n", + "type": "boolean" + }, + "users": { + "description": ".\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "webhookUrl": { + "description": ".\n", + "type": "string" + } + }, + "type": "object" + }, + "api.AlertProfileSplunkSettings": { + "description": "AlertProfileSplunkSettings represents the alert profile Splunk settings", + "properties": { + "authToken": { + "$ref": "#/components/schemas/common.Secret" + }, + "caCert": { + "description": "CACert is the certificate used to verify the server (optional).\n", + "type": "string" + }, + "enabled": { + "description": "Enabled is Splunk provider enabled/disabled indicator.\n", + "type": "boolean" + }, + "json": { + "description": "JSON is the custom json we send to Splunk.\n", + "type": "string" + }, + "sourceType": { + "description": "SourceType is the alert source type.\n", + "type": "string" + }, + "url": { + "description": "URL is the Splunk HTTP event collector URL.\n", + "type": "string" + } + }, + "type": "object" + }, + "api.AlertProfileWebhookSettings": { + "description": "AlertProfileWebhookSettings represents the alert profile Webhook settings", + "properties": { + "caCert": { + "description": "CACert is the certificate used to verify the server.\n", + "type": "string" + }, + "credentialId": { + "description": "CredentialID is the id of the basic authentication credential.\n", + "type": "string" + }, + "enabled": { + "description": "Enabled is Webhook provider enabled/disabled indicator.\n", + "type": "boolean" + }, + "json": { + "description": "JSON is the custom JSON we send to the URL.\n", + "type": "string" + }, + "url": { + "description": "URL is the Webhook address.\n", + "type": "string" + } + }, + "type": "object" + }, + "api.AlertRule": { + "description": "AlertRule represents the configuration of an alert type", + "properties": { + "allRules": { + "description": "AllRules controls whether an alert is sent out for audits on all policy rules.\n", + "type": "boolean" + }, + "enabled": { + "description": "Enabled controls whether the rule is enabled.\n", + "type": "boolean" + }, + "rules": { + "description": "AssociatedRules defines the specific rules whose audits will generate alerts (relevant only if AllRules is false).\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + "type": "object" + }, + "api.AlertSettings": { + "description": "AlertSettings are the global alert settings", + "properties": { + "aggregationPeriodMs": { + "description": "AggregationPeriodMs is the alert aggregation period in milliseconds.\n", + "type": "integer" + }, + "securityAdvisorWebhook": { + "description": "SecurityAdvisorWebhook is a webhook for IBM security advisor alert wizard, used to authenticate the wizard with the console and to pull data.\n", + "type": "string" + } + }, + "type": "object" + }, + "api.AlertType": { + "description": "AlertType represents an alert type", + "enum": [ + [ + "", + "defender", + "containerRuntime", + "appEmbeddedRuntime", + "containerAppFirewall", + "hostAppFirewall", + "appEmbeddedAppFirewall", + "serverlessAppFirewall", + "agentlessAppFirewall", + "networkFirewall", + "containerVulnerability", + "registryVulnerability", + "containerCompliance", + "hostVulnerability", + "codeRepoVulnerability", + "hostCompliance", + "docker", + "hostRuntime", + "incident", + "serverlessRuntime", + "kubernetesAudit", + "cloudDiscovery", + "admission", + "containerComplianceScan", + "hostComplianceScan", + "waasHealth", + "vmVulnerability", + "vmCompliance" + ] + ], + "type": "string" + }, + "api.AuthType": { + "description": "AuthType is the user authentication type", + "enum": [ + [ + "saml", + "ldap", + "basic", + "oauth", + "oidc" + ] + ], + "type": "string" + }, + "api.AuthenticationRequest": { + "description": "AuthenticationRequest is the required user input for authentication requests", + "properties": { + "password": { + "description": "Password is the password used for authentication.\n", + "type": "string" + }, + "token": { + "description": "Token is the Prisma JWT token used for authentication.\n", + "type": "string" + }, + "username": { + "description": "Username is the username used for authentication.\n", + "type": "string" + } + }, + "type": "object" + }, + "api.AuthenticationResponse": { + "description": "AuthenticationResponse returns the result of calling the authentication endpoint", + "properties": { + "token": { + "description": "Token is the new JWT token.\n", + "type": "string" + } + }, + "type": "object" + }, + "api.CortexApp": { + "description": "CortexApp identifies a Cortex application (there are several)", + "enum": [ + [ + "xsoar", + "xdr" + ] + ], + "type": "string" + }, + "api.DefenderInstallScriptOptions": { + "description": "DefenderInstallScriptOptions holds the parameters for defender install script download", + "properties": { + "port": { + "description": "Port is the communication port between the defender and the console.\n", + "type": "integer" + }, + "proxy": { + "$ref": "#/components/schemas/common.DefenderProxyOpt" + } + }, + "type": "object" + }, + "api.InitStatus": { + "description": "InitStatus returns whether the console is initialized (i.e., if initial user/password is set)", + "properties": { + "initialized": { + "description": "Initialized indicates whether the console is initialized.\n", + "type": "boolean" + } + }, + "type": "object" + }, + "api.JIRADynamicField": { + "description": "JIRADynamicField represents a value that can be given as a string or as a dynamic label\nSee more: https://developer.atlassian.com/cloud/jira/platform/rest/v2/api-group-issues/#api-rest-api-2-issue-post", + "properties": { + "id": { + "description": "ID is the field ID.\n", + "type": "string" + }, + "labels": { + "description": "Labels are the dynamic labels of which the value is based on.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "name": { + "description": "Name is the static string field.\n", + "type": "string" + } + }, + "type": "object" + }, + "api.JIRADynamicLabels": { + "description": "JIRADynamicLabels represents JIRA labels that can be given as strings or as a dynamic label", + "properties": { + "labels": { + "description": "Labels are the dynamic labels of which JIRA labels are based on.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "names": { + "description": "Names are the static strings field.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + "type": "object" + }, + "api.LicenseRequest": { + "description": "LicenseRequest is a request to setup a new license", + "properties": { + "key": { + "description": "Key is the license key.\n", + "type": "string" + } + }, + "type": "object" + }, + "api.PagerDutyAlertSeverity": { + "description": "PagerDutyAlertSeverity is the severity of an alert triggered in PagerDuty", + "enum": [ + [ + "critical", + "error", + "warning", + "info" + ] + ], + "type": "string" + }, + "api.Permission": { + "description": "Permission represents a user or group's permission to access a specific resource.\nCurrently supported resources are:\n- Project - Access to a specific project (if empty, the Master Project by default)\n- Collection - The set of collections in the project that may be accessed (all if empty)\nIf no permissions are assigned, all projects and collections may be accessed", + "properties": { + "collections": { + "description": "List of collections the user can access.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "project": { + "description": "Names of projects which the user can access.\n", + "type": "string" + } + }, + "type": "object" + }, + "api.Permissions": { + "description": "Permissions is a list of permissions", + "items": { + "$ref": "#/components/schemas/api.Permission" + }, + "type": "array" + }, + "api.ProjectSettings": { + "description": "ProjectSettings are settings for supporting federated console", + "properties": { + "master": { + "description": "Master indicates that project feature is enabled and that this console is the master console.\n", + "type": "boolean" + }, + "redirectURL": { + "description": "RedirectURL is the redirectURL for the given project.\n", + "type": "string" + } + }, + "type": "object" + }, + "api.ResolveFunctionsReq": { + "description": "ResolveFunctionsReq represents the parameters supported by the functions resolution API", + "properties": { + "functions": { + "description": "Functions is the list of functions to evaluate.\n", + "items": { + "$ref": "#/components/schemas/serverless.FunctionInfo" + }, + "type": "array" + } + }, + "type": "object" + }, + "api.ResolveFunctionsResp": { + "description": "ResolveFunctionsResp represents the functions resolution API output", + "properties": { + "functions": { + "description": "Functions is the list of functions that were resolved.\n", + "items": { + "$ref": "#/components/schemas/serverless.FunctionInfo" + }, + "type": "array" + } + }, + "type": "object" + }, + "api.ResolveImagesReq": { + "description": "ResolveImagesReq represents the parameters supported by the images resolution API", + "properties": { + "images": { + "description": "Images is the list of image to resolve.\n", + "items": { + "$ref": "#/components/schemas/shared.ImageScanResult" + }, + "type": "array" + } + }, + "type": "object" + }, + "api.ResolveImagesResp": { + "description": "ResolveImagesResp represents the images resolution API output", + "properties": { + "images": { + "description": "Images is the list of images that were resolved.\n", + "items": { + "$ref": "#/components/schemas/shared.ImageScanResult" + }, + "type": "array" + } + }, + "type": "object" + }, + "api.ServiceNowApp": { + "description": "ServiceNowApp identifies a ServiceNow application (there are several)\nfor more details, see:\nhttps://docs.servicenow.com/bundle/orlando-security-management/page/product/security-operations/concept/security-operations-intro.html", + "enum": [ + [ + "securityIncidentsResponse", + "vulnerabilityResponse" + ] + ], + "type": "string" + }, + "api.User": { + "description": "User represents a user in Twistlock", + "properties": { + "authType": { + "$ref": "#/components/schemas/api.AuthType" + }, + "lastModified": { + "description": "Datetime when the user was created or last modified.\n", + "format": "date-time", + "type": "string" + }, + "password": { + "description": "Password for authentication.\n", + "type": "string" + }, + "permissions": { + "$ref": "#/components/schemas/api.Permissions" + }, + "role": { + "description": "User role.\n", + "type": "string" + }, + "username": { + "description": "Username for authentication.\n", + "type": "string" + } + }, + "type": "object" + }, + "api.UserList": { + "description": "UserList represents a list of users", + "items": { + "$ref": "#/components/schemas/api.User" + }, + "type": "array" + }, + "appembedded.FargateTask": { + "additionalProperties": { + "$ref": "#/components/schemas/string" + }, + "description": "FargateTask represents the generic fargate task AWS template", + "type": "object" + }, + "applicationcontrol.Application": { + "description": "Application contains data about allowed installed versions for an application", + "properties": { + "allowedVersions": { + "$ref": "#/components/schemas/vuln.Conditions" + }, + "name": { + "description": "Name is the name of the application.\n", + "type": "string" + } + }, + "type": "object" + }, + "applicationcontrol.Rule": { + "description": "Rule represents an application control policy rule", + "properties": { + "_id": { + "description": "ID is the ID of the rule.\n", + "type": "integer" + }, + "applications": { + "description": "Applications are rules configuring the desired effect per application.\n", + "items": { + "$ref": "#/components/schemas/applicationcontrol.Application" + }, + "type": "array" + }, + "description": { + "description": "Description is the rule description.\n", + "type": "string" + }, + "disabled": { + "description": "Indicates if the rule is currently disabled (true) or not (false).\n", + "type": "boolean" + }, + "modified": { + "description": "Datetime when the rule was last modified.\n", + "format": "date-time", + "type": "string" + }, + "name": { + "description": "Name of the rule.\n", + "type": "string" + }, + "notes": { + "description": "Free-form text.\n", + "type": "string" + }, + "owner": { + "description": "User who created or last modified the rule.\n", + "type": "string" + }, + "previousName": { + "description": "Previous name of the rule. Required for rule renaming.\n", + "type": "string" + }, + "severity": { + "description": "Severity is the rule's severity.\n", + "type": "string" + } + }, + "type": "object" + }, + "bool": { + "type": "boolean" + }, + "byte": { + "format": "byte", + "type": "string" + }, + "ccs.ConsoleMessage": { + "description": "ConsoleMessage is a generic console message which contains one type of message, e.g. account, alert rule, etc.", + "properties": { + "accountMessage": { + "$ref": "#/components/schemas/shared.AccountMessage" + }, + "type": { + "$ref": "#/components/schemas/ccs.MsgType" + } + }, + "type": "object" + }, + "ccs.MsgType": { + "description": "MsgType is the message type, e.g. `account`, `alert-rule`, etc", + "enum": [ + [ + "account" + ] + ], + "type": "string" + }, + "clustereddb.AddMemberRequest": { + "description": "AddMemberRequest represents a request for adding a member to the clustered DB pool", + "properties": { + "address": { + "description": "Address is the member address to add.\n", + "type": "string" + } + }, + "type": "object" + }, + "clustereddb.ReplicaSetMemberStateStr": { + "description": "ReplicaSetMemberStateStr is a string representation of a member's state\nRef. https://docs.mongodb.com/v4.4/reference/replica-states/", + "enum": [ + [ + "STARTUP", + "PRIMARY", + "SECONDARY", + "RECOVERING", + "STARTUP2", + "UNKNOWN", + "ARBITER", + "DOWN", + "ROLLBACK", + "REMOVED" + ] + ], + "type": "string" + }, + "clustereddb.ReplicaSetMemberStatus": { + "description": "ReplicaSetMemberStatus represents replica set member's status\nRef. https://docs.mongodb.com/v4.4/reference/command/replSetGetStatus/#mongodb-data-replSetGetStatus.members", + "properties": { + "name": { + "description": "Name is the member's name (hostname address).\n", + "type": "string" + }, + "stateStr": { + "$ref": "#/components/schemas/clustereddb.ReplicaSetMemberStateStr" + } + }, + "type": "object" + }, + "clustereddb.Settings": { + "description": "Settings represents the clustered DB settings", + "properties": { + "loadBalancerAddress": { + "description": "LoadBalancerAddress is the address of the customer's load balancer in clustered DB mode. All clients (including Defenders) are reaching the Console through the load balancer.\n", + "type": "string" + }, + "seedConsoleAddress": { + "description": "SeedConsoleAddress allows editing the address of the seed Console (optional).\n", + "type": "string" + } + }, + "type": "object" + }, + "clustereddb.StatusResponse": { + "description": "StatusResponse represents the response to a clustered DB status request", + "properties": { + "date": { + "description": "Date indicates the current time according to the queried Mongo server.\n", + "format": "date-time", + "type": "string" + }, + "loadBalancerAddress": { + "description": "LoadBalancerAddress represents the address of the load balancer.\n", + "type": "string" + }, + "members": { + "description": "Members are the replica set members.\n", + "items": { + "$ref": "#/components/schemas/clustereddb.ReplicaSetMemberStatus" + }, + "type": "array" + } + }, + "type": "object" + }, + "cnnf.AllowAllConnections": { + "description": "AllowAllConnections indicates if connections are allowed to/from any entity of the specified types\ne.g. if inbound contains the type subnet, the entity is allowed to receive connections from any subnet", + "properties": { + "inbound": { + "description": "Inbound indicates if connections are allowed from any entity of the specified types.\n", + "items": { + "$ref": "#/components/schemas/cnnf.RuleEntityType" + }, + "type": "array" + }, + "outbound": { + "description": "Outbound indicates if connections are allowed to any entity of the specified types.\n", + "items": { + "$ref": "#/components/schemas/cnnf.RuleEntityType" + }, + "type": "array" + } + }, + "type": "object" + }, + "cnnf.ContainerAudit": { + "description": "ContainerAudit represents a network firewall audit event", + "properties": { + "block": { + "description": "Block indicates whether the connection was blocked.\n", + "type": "boolean" + }, + "count": { + "description": "Count is the event occurrences count.\n", + "type": "integer" + }, + "dstContainerName": { + "description": "DstContainerName is the destination container name.\n", + "type": "string" + }, + "dstDomain": { + "description": "DstDomain is the destination domain that was queried.\n", + "type": "string" + }, + "dstImageName": { + "description": "DstImage is the destination image name.\n", + "type": "string" + }, + "dstPort": { + "description": "DstPort is the connection destination port.\n", + "type": "integer" + }, + "dstProfileHash": { + "$ref": "#/components/schemas/common.ProfileHash" + }, + "dstProfileID": { + "description": "DstProfileID is the destination profile ID.\n", + "type": "string" + }, + "dstSubnet": { + "description": "DstSubnet is the destination subnet.\n", + "type": "string" + }, + "labels": { + "additionalProperties": { + "$ref": "#/components/schemas/string" + }, + "description": "Labels are the custom labels associated with the target container.\n", + "type": "object" + }, + "msg": { + "description": "Message is the event message.\n", + "type": "string" + }, + "ruleID": { + "$ref": "#/components/schemas/cnnf.RuleID" + }, + "srcContainerName": { + "description": "SrcContainerName is the source container name.\n", + "type": "string" + }, + "srcImageName": { + "description": "SrcImage is the source image name.\n", + "type": "string" + }, + "srcProfileHash": { + "$ref": "#/components/schemas/common.ProfileHash" + }, + "srcProfileID": { + "description": "SrcProfileID is the source profile ID.\n", + "type": "string" + }, + "time": { + "description": "Time is the UTC time of the audit event.\n", + "format": "date-time", + "type": "string" + }, + "type": { + "$ref": "#/components/schemas/cnnf.NetworkFirewallAttackType" + } + }, + "type": "object" + }, + "cnnf.EntityID": { + "description": "EntityID represents the ID of each network firewall entity.\n20 bits are used. Max legal value: 2^20-1", + "type": "integer" + }, + "cnnf.HostAudit": { + "description": "HostAudit represents a host network firewall audit event", + "properties": { + "accountID": { + "description": "AccountID is the host account ID.\n", + "type": "string" + }, + "block": { + "description": "Block indicates whether the connection was blocked.\n", + "type": "boolean" + }, + "cluster": { + "description": "Cluster is the cluster from which the audit originated.\n", + "type": "string" + }, + "count": { + "description": "Count is the event occurrences count.\n", + "type": "integer" + }, + "dstHostname": { + "description": "DstHostname is the destination hostname.\n", + "type": "string" + }, + "dstPort": { + "description": "DstPort is the connection destination port.\n", + "type": "integer" + }, + "dstSubnet": { + "description": "DstSubnet is the destination subnet.\n", + "type": "string" + }, + "msg": { + "description": "Message is the event message.\n", + "type": "string" + }, + "ruleID": { + "$ref": "#/components/schemas/cnnf.RuleID" + }, + "srcHash": { + "$ref": "#/components/schemas/common.ProfileHash" + }, + "srcHostname": { + "description": "SrcHostname is the source hostname.\n", + "type": "string" + }, + "srcSubnet": { + "description": "SrcSubnet is the source subnet.\n", + "type": "string" + }, + "time": { + "description": "Time is the UTC time of the audit event.\n", + "format": "date-time", + "type": "string" + }, + "type": { + "$ref": "#/components/schemas/cnnf.NetworkFirewallAttackType" + } + }, + "type": "object" + }, + "cnnf.NetworkEntities": { + "description": "NetworkEntities represents a list of network firewall entities", + "items": { + "$ref": "#/components/schemas/cnnf.NetworkEntity" + }, + "type": "array" + }, + "cnnf.NetworkEntity": { + "description": "NetworkEntity represents a network firewall entity", + "properties": { + "_id": { + "$ref": "#/components/schemas/cnnf.EntityID" + }, + "allowAll": { + "$ref": "#/components/schemas/cnnf.AllowAllConnections" + }, + "collections": { + "description": "Collections indicate the collection the entity is part of.\n", + "items": { + "$ref": "#/components/schemas/collection.Collection" + }, + "type": "array" + }, + "domains": { + "description": "Domains is a list of domains.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "name": { + "description": "Name is the entity name.\n", + "type": "string" + }, + "subnets": { + "description": "Subnets are the CIDR format network.\n", + "items": { + "$ref": "#/components/schemas/cnnf.Subnet" + }, + "type": "array" + }, + "type": { + "$ref": "#/components/schemas/cnnf.RuleEntityType" + } + }, + "type": "object" + }, + "cnnf.NetworkFirewallAttackType": { + "description": "NetworkFirewallAttackType is the network firewall type of attack", + "enum": [ + [ + "unexpectedConnection" + ] + ], + "type": "string" + }, + "cnnf.Policy": { + "description": "Policy holds the data for firewall policies (host and container)", + "properties": { + "_id": { + "description": ".\n", + "type": "string" + }, + "containerEnabled": { + "description": "ContainerEnabled indicates whether container network firewall feature is enabled.\n", + "type": "boolean" + }, + "containerRules": { + "description": "ContainerRules holds the container firewall rules.\n", + "items": { + "$ref": "#/components/schemas/cnnf.Rule" + }, + "type": "array" + }, + "hostEnabled": { + "description": "HostEnabled indicates whether host network firewall feature is enabled.\n", + "type": "boolean" + }, + "hostRules": { + "description": "HostRules holds the host firewall rules.\n", + "items": { + "$ref": "#/components/schemas/cnnf.Rule" + }, + "type": "array" + }, + "modified": { + "description": ".\n", + "format": "date-time", + "type": "string" + }, + "networkEntities": { + "$ref": "#/components/schemas/cnnf.NetworkEntities" + }, + "owner": { + "description": ".\n", + "type": "string" + } + }, + "type": "object" + }, + "cnnf.RadarConnectionInstance": { + "description": "RadarConnectionInstance is an instance of a connection between two radar endpoints", + "properties": { + "dst": { + "description": "Dst is the dst of the connection instance. Typically kept as an IP or a hostname.\n", + "type": "string" + }, + "policyRule": { + "$ref": "#/components/schemas/cnnf.RadarPolicyRule" + }, + "port": { + "$ref": "#/components/schemas/common.PortData" + }, + "src": { + "description": "Src is the src of the connection instance. Typically kept as an IP or a hostname.\n", + "type": "string" + }, + "time": { + "description": "Time is the time the connection instance was added.\n", + "format": "date-time", + "type": "string" + } + }, + "type": "object" + }, + "cnnf.RadarConnectionInstances": { + "description": "RadarConnectionInstances holds the recent connections history between 2 entities (hosts, subnet entities, etc)", + "properties": { + "instances": { + "description": "Instances are connection samples.\n", + "items": { + "$ref": "#/components/schemas/cnnf.RadarConnectionInstance" + }, + "type": "array" + } + }, + "type": "object" + }, + "cnnf.RadarPolicyRule": { + "description": "RadarPolicyRule holds the data of a single policy rule", + "properties": { + "effect": { + "$ref": "#/components/schemas/common.Effect" + }, + "portRanges": { + "description": "PortRanges specify the ranges of ports.\n", + "items": { + "$ref": "#/components/schemas/common.PortRange" + }, + "type": "array" + } + }, + "type": "object" + }, + "cnnf.Rule": { + "description": "Rule contains the properties common to both host and container network firewall", + "properties": { + "disabled": { + "description": "Indicates if the rule is currently disabled (true) or not (false).\n", + "type": "boolean" + }, + "dst": { + "$ref": "#/components/schemas/cnnf.EntityID" + }, + "effect": { + "$ref": "#/components/schemas/common.Effect" + }, + "id": { + "$ref": "#/components/schemas/cnnf.RuleID" + }, + "modified": { + "description": "Datetime when the rule was last modified.\n", + "format": "date-time", + "type": "string" + }, + "name": { + "description": "Name of the rule.\n", + "type": "string" + }, + "notes": { + "description": "Free-form text.\n", + "type": "string" + }, + "owner": { + "description": "User who created or last modified the rule.\n", + "type": "string" + }, + "ports": { + "description": "Ports are the entity port range specifications.\n", + "items": { + "$ref": "#/components/schemas/common.PortRange" + }, + "type": "array" + }, + "previousName": { + "description": "Previous name of the rule. Required for rule renaming.\n", + "type": "string" + }, + "src": { + "$ref": "#/components/schemas/cnnf.EntityID" + } + }, + "type": "object" + }, + "cnnf.RuleEntityType": { + "description": "RuleEntityType is the network firewall rule entity type", + "enum": [ + [ + "container", + "host", + "subnet", + "dns" + ] + ], + "type": "string" + }, + "cnnf.RuleID": { + "description": "RuleID represents the ID of each container network firewall policy rule", + "type": "integer" + }, + "cnnf.Subnet": { + "description": "Subnet is a network firewall subnet", + "properties": { + "cidr": { + "description": "CIDR is the IP range of the defined entity.\n", + "type": "string" + }, + "name": { + "description": "Name is the given name to represent the range.\n", + "type": "string" + } + }, + "type": "object" + }, + "coderepos.ManifestFile": { + "description": "ManifestFile holds the data of a specific manifest file (can also be of a dependency manifest file)", + "properties": { + "dependencies": { + "description": "Packages listed in the manifest file.\n", + "items": { + "$ref": "#/components/schemas/coderepos.PkgDependency" + }, + "type": "array" + }, + "distribution": { + "$ref": "#/components/schemas/vuln.Distribution" + }, + "path": { + "description": "Path to the file.\n", + "type": "string" + }, + "type": { + "$ref": "#/components/schemas/vuln.PackageType" + } + }, + "type": "object" + }, + "coderepos.PkgDependency": { + "description": "PkgDependency represents a required package", + "properties": { + "devDependency": { + "description": "Indicates if this dependency is used only for the development of the package (true) or not (false).\n", + "type": "boolean" + }, + "lastResolved": { + "description": "Date/time of the last version resolution. If the value is zero, it means the version is explicit and does not require resolving.\n", + "format": "date-time", + "type": "string" + }, + "licenseSeverity": { + "description": "Maximum severity of the detected licenses according to the compliance policy.\n", + "type": "string" + }, + "licenses": { + "description": "Detected licenses of the dependant package.\n", + "items": { + "$ref": "#/components/schemas/license.SPDXLicense" + }, + "type": "array" + }, + "name": { + "description": "Package name that the dependency refers to.\n", + "type": "string" + }, + "rawRequirement": { + "description": "Line in which the package is declared.\n", + "type": "string" + }, + "unsupported": { + "description": "Indicates if this package is unsupported by the remote package manager DB (e.g., due to a bad name or private package) (true) or not (false).\n", + "type": "boolean" + }, + "version": { + "description": "Package version, either explicitly specified in a manifest or resolved by the scanner.\n", + "type": "string" + }, + "vulnerabilities": { + "description": "Vulnerabilities in the package.\n", + "items": { + "$ref": "#/components/schemas/vuln.Vulnerability" + }, + "type": "array" + } + }, + "type": "object" + }, + "coderepos.Repository": { + "description": "Repository is the metadata for a code repository", + "properties": { + "build": { + "description": "CI build.\n", + "type": "string" + }, + "defaultBranch": { + "description": "Default branch in the repository, usually master.\n", + "type": "string" + }, + "digest": { + "description": "Repository content digest. Used to indicate if the content of the repository has changed.\n", + "type": "string" + }, + "fullName": { + "description": "Full name that represents the repository (/).\n", + "type": "string" + }, + "jobName": { + "description": "CI job name.\n", + "type": "string" + }, + "name": { + "description": "Repository name.\n", + "type": "string" + }, + "owner": { + "description": "GitHub username or organization name of the repository's owner.\n", + "type": "string" + }, + "private": { + "description": "Indicates if the repository is private (true) or not (false).\n", + "type": "boolean" + }, + "size": { + "description": "Size of the repository (in KB).\n", + "type": "integer" + }, + "url": { + "description": "URL is the repository address.\n", + "type": "string" + } + }, + "type": "object" + }, + "coderepos.ScanResult": { + "description": "ScanResult holds a specific repository data", + "properties": { + "_id": { + "description": "Scan report ID in the database.\n", + "type": "string" + }, + "collections": { + "description": "List of matching code repo collections.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "complianceRiskScore": { + "description": "Code repository's compliance risk score. Used for sorting.\n", + "format": "float", + "type": "number" + }, + "files": { + "description": "Scan result for each manifest file in the repository.\n", + "items": { + "$ref": "#/components/schemas/coderepos.ManifestFile" + }, + "type": "array" + }, + "pass": { + "description": "Indicates whether the scan passed or failed.\n", + "type": "boolean" + }, + "repository": { + "$ref": "#/components/schemas/coderepos.Repository" + }, + "scanTime": { + "description": "Date/time when this repository was last scanned. The results might be from the DB and not updated if the repository contents have not changed.\n", + "format": "date-time", + "type": "string" + }, + "type": { + "$ref": "#/components/schemas/shared.CodeRepoProviderType" + }, + "updateTime": { + "description": "Date/time when this repository was last updated.\n", + "format": "date-time", + "type": "string" + }, + "vulnInfo": { + "$ref": "#/components/schemas/shared.ImageInfo" + }, + "vulnerabilityRiskScore": { + "description": "Code repository's CVE risk score. Used for sorting.\n", + "format": "float", + "type": "number" + }, + "vulnerableFiles": { + "description": "Counts how many files have vulnerabilities. Vulnerability info is calculated on demand.\n", + "type": "integer" + } + }, + "type": "object" + }, + "collection.Collection": { + "description": "Collection is a collection of resources", + "properties": { + "accountIDs": { + "description": "List of account IDs.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "appIDs": { + "description": "List of application IDs.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "clusters": { + "description": "List of Kubernetes cluster names.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "codeRepos": { + "description": "List of code repositories.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "color": { + "$ref": "#/components/schemas/common.Color" + }, + "containers": { + "description": "List of containers.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "description": { + "description": "Free-form text.\n", + "type": "string" + }, + "functions": { + "description": "List of functions.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "hosts": { + "description": "List of hosts.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "images": { + "description": "List of images.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "labels": { + "description": "List of labels.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "modified": { + "description": "Datetime when the collection was last modified.\n", + "format": "date-time", + "type": "string" + }, + "name": { + "description": "Collection name. Must be unique.\n", + "type": "string" + }, + "namespaces": { + "description": "List of Kubernetes namespaces.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "owner": { + "description": "User who created or last modified the collection.\n", + "type": "string" + }, + "prisma": { + "description": "Indicates whether this collection originates from Prisma Cloud.\n", + "type": "boolean" + }, + "system": { + "description": "Indicates whether this collection was created by the system (i.e., a non user) (true) or a real user (false).\n", + "type": "boolean" + } + }, + "type": "object" + }, + "collection.Usage": { + "description": "Usage represents details of a collection being used", + "properties": { + "name": { + "description": "Name of the consumer (e.g., container runtime, username, etc.).\n", + "type": "string" + }, + "type": { + "$ref": "#/components/schemas/collection.UsageType" + } + }, + "type": "object" + }, + "collection.UsageType": { + "description": "UsageType represents a collection usage type", + "enum": [ + [ + "policy", + "settings", + "user", + "group", + "registryScan" + ] + ], + "type": "string" + }, + "common.CloudMetadata": { + "description": "CloudMetadata is the metadata for an instance running in a cloud provider (AWS/GCP/Azure)", + "properties": { + "accountID": { + "description": "Cloud account ID.\n", + "type": "string" + }, + "awsExecutionEnv": { + "description": "AWS execution environment (e.g. EC2/Fargate).\n", + "type": "string" + }, + "image": { + "description": "Image name.\n", + "type": "string" + }, + "labels": { + "description": "Cloud provider metadata labels.\n", + "items": { + "$ref": "#/components/schemas/common.ExternalLabel" + }, + "type": "array" + }, + "name": { + "description": "Instance name.\n", + "type": "string" + }, + "provider": { + "$ref": "#/components/schemas/common.CloudProvider" + }, + "region": { + "description": "Instance region.\n", + "type": "string" + }, + "resourceID": { + "description": "Unique ID of the resource.\n", + "type": "string" + }, + "resourceURL": { + "description": "Server-defined URL for the resource.\n", + "type": "string" + }, + "type": { + "description": "Instance type.\n", + "type": "string" + }, + "vmID": { + "description": "Azure unique vm ID.\n", + "type": "string" + }, + "vmImageID": { + "description": "VMImageID holds the VM image ID.\n", + "type": "string" + } + }, + "type": "object" + }, + "common.CloudProvider": { + "description": "CloudProvider specifies the cloud provider name", + "enum": [ + [ + "aws", + "azure", + "gcp", + "alibaba", + "oci", + "others" + ] + ], + "type": "string" + }, + "common.ClusterType": { + "description": "ClusterType is the cluster type", + "enum": [ + [ + "AKS", + "ECS", + "EKS", + "GKE", + "Kubernetes" + ] + ], + "type": "string" + }, + "common.Color": { + "description": "Color is a hexadecimal representation of color code value", + "type": "string" + }, + "common.ContainerRuntime": { + "description": "ContainerRuntime represents the supported container runtime types", + "enum": [ + [ + "docker", + "containerd", + "crio" + ] + ], + "type": "string" + }, + "common.DaemonSetOptions": { + "description": "DaemonSetOptions are options for creating the daemonset install script for defenders", + "properties": { + "annotations": { + "additionalProperties": { + "$ref": "#/components/schemas/string" + }, + "description": "Annotations is mapping of key-value pairs of annotations metadata - optional.\n", + "type": "object" + }, + "bottlerocket": { + "description": "Bottlerocket indicates whether to be deployed on a Bottlerocket Linux OS.\n", + "type": "boolean" + }, + "cluster": { + "description": "Cluster is the kubernetes or ecs cluster name.\n", + "type": "string" + }, + "collectPodLabels": { + "description": "CollectPodLabels indicates whether to collect pod related labels resource labels.\n", + "type": "boolean" + }, + "consoleAddr": { + "description": "ConsoleAddr is the console address for defender communication.\n", + "type": "string" + }, + "containerRuntime": { + "$ref": "#/components/schemas/common.ContainerRuntime" + }, + "cpuLimit": { + "description": "CPULimit is the cpu limit for the defender deamonset - optional.\n", + "type": "integer" + }, + "credentialID": { + "description": "CredentialID is the name of the credential used.\n", + "type": "string" + }, + "dockerSocketPath": { + "description": "DockerSocketPath is the path of the docker socket file.\n", + "type": "string" + }, + "gkeAutopilot": { + "description": "GKEAutopilot indicates the deployment is requested for GKE Autopilot.\n", + "type": "boolean" + }, + "image": { + "description": "Image is the full daemonset image name.\n", + "type": "string" + }, + "istio": { + "description": "MonitorIstio indicates whether to monitor Istio.\n", + "type": "boolean" + }, + "memoryLimit": { + "description": "MemoryLimit is a memory limit for the defender deamonset - optional.\n", + "type": "integer" + }, + "namespace": { + "description": "Namespace is the target deamonset namespaces.\n", + "type": "string" + }, + "nodeSelector": { + "description": "NodeSelector is a key/value node selector.\n", + "type": "string" + }, + "orchestration": { + "description": "Orchestration is the orchestration type.\n", + "type": "string" + }, + "priorityClassName": { + "description": "PriorityClassName is the name of the priority class for the defender - optional.\n", + "type": "string" + }, + "privileged": { + "description": "Privileged indicates whether to run defenders as privileged.\n", + "type": "boolean" + }, + "projectID": { + "description": "ProjectID is the kubernetes cluster project ID.\n", + "type": "string" + }, + "proxy": { + "$ref": "#/components/schemas/common.DefenderProxyOpt" + }, + "region": { + "description": "Region is the kubernetes cluster location region.\n", + "type": "string" + }, + "roleARN": { + "description": "RoleARN is the role's ARN to associate with the created service account - optional.\n", + "type": "string" + }, + "secretsname": { + "description": "SecretsName is the name of the secret to pull.\n", + "type": "string" + }, + "selinux": { + "description": "SelinuxEnforced indicates whether selinux is enforced on the target host.\n", + "type": "boolean" + }, + "serviceaccounts": { + "description": "MonitorServiceAccounts indicates whether to monitor service accounts.\n", + "type": "boolean" + }, + "talos": { + "description": "Talos indicates if the daemonset is to be deployed on a Talos Linux k8s cluster.\n", + "type": "boolean" + }, + "tolerations": { + "description": "Tolerations is a list of tolerations for the defender deamonset - optional.\n", + "items": { + "$ref": "#/components/schemas/common.Toleration" + }, + "type": "array" + }, + "uniqueHostname": { + "description": "UniqueHostname indicates whether to assign unique hostnames.\n", + "type": "boolean" + } + }, + "type": "object" + }, + "common.DefenderProxyOpt": { + "description": "DefenderProxyOpt holds options for defender proxy configuration\nIt embeds ProxySettings but override it's Password field with a simple string\nThis is needed in order to avoid Secret's MarshalJSON method, which depends on existence of master key file", + "properties": { + "ca": { + "description": "Proxy's CA for Defender to trust. Required when using TLS intercept proxies.\n", + "type": "string" + }, + "httpProxy": { + "description": "Proxy address.\n", + "type": "string" + }, + "noProxy": { + "description": "List of addresses for which the proxy should not be used.\n", + "type": "string" + }, + "password": { + "description": ".\n", + "type": "string" + }, + "user": { + "description": "Username to authenticate with the proxy.\n", + "type": "string" + } + }, + "type": "object" + }, + "common.Effect": { + "description": "Effect is the effect that is used in the CNNF rule", + "enum": [ + [ + "allow", + "alert", + "prevent", + "monitor", + "" + ] + ], + "type": "string" + }, + "common.ExternalLabel": { + "description": "ExternalLabel holds an external label with a source and timestamp", + "properties": { + "key": { + "description": "Label key.\n", + "type": "string" + }, + "sourceName": { + "description": "Source name (e.g., for a namespace, the source name can be 'twistlock').\n", + "type": "string" + }, + "sourceType": { + "$ref": "#/components/schemas/common.ExternalLabelSourceType" + }, + "timestamp": { + "description": "Time when the label was fetched.\n", + "format": "date-time", + "type": "string" + }, + "value": { + "description": "Value of the label.\n", + "type": "string" + } + }, + "type": "object" + }, + "common.ExternalLabelSourceType": { + "description": "ExternalLabelSourceType indicates the source of the labels", + "enum": [ + [ + "namespace", + "deployment", + "aws", + "azure", + "gcp", + "oci" + ] + ], + "type": "string" + }, + "common.HostForensicSettings": { + "description": "HostForensicSettings indicates how to perform host forensic", + "properties": { + "activitiesDisabled": { + "description": "ActivitiesDisabled indicates if the host activity collection is enabled/disabled.\n", + "type": "boolean" + }, + "dockerEnabled": { + "description": "DockerEnabled indicates whether docker commands are collected.\n", + "type": "boolean" + }, + "readonlyDockerEnabled": { + "description": "ReadonlyDockerEnabled indicates whether docker readonly commands are collected.\n", + "type": "boolean" + }, + "serviceActivitiesEnabled": { + "description": "ServiceActivitiesEnabled indicates whether activities from services are collected.\n", + "type": "boolean" + }, + "sshdEnabled": { + "description": "SshdEnabled indicates whether ssh commands are collected.\n", + "type": "boolean" + }, + "sudoEnabled": { + "description": "SudoEnabled indicates whether sudo commands are collected.\n", + "type": "boolean" + } + }, + "type": "object" + }, + "common.ImageType": { + "description": "ImageType is the type of a VM image.\nFor example, in the case of Azure this is one of marketplace/managed/gallery.", + "type": "string" + }, + "common.NetworkDeviceIP": { + "description": "NetworkDeviceIP represents a network device name and address pair", + "properties": { + "ip": { + "description": "Network device IPv4 address.\n", + "type": "string" + }, + "name": { + "description": "Network device name.\n", + "type": "string" + } + }, + "type": "object" + }, + "common.OSDistroInfo": { + "description": "OSDistroInfo represents information regarding the OS distribution", + "properties": { + "distro": { + "description": "Distro is the OS distro name (e.g. ubuntu).\n", + "type": "string" + }, + "distroRelease": { + "description": "DistroRelease is the OS distro release (e.g. willy).\n", + "type": "string" + }, + "fullName": { + "description": "FullName is the full name of the distro (e.g. Ubuntu 19.10).\n", + "type": "string" + }, + "version": { + "description": "Version is the OS release numeric version (e.g. 19.10).\n", + "type": "string" + } + }, + "type": "object" + }, + "common.PolicyBlockMsg": { + "description": "PolicyBlockMsg represent the block message in a Policy", + "type": "string" + }, + "common.PolicyEffect": { + "description": "PolicyEffect state the effect of evaluating the given policy", + "enum": [ + [ + "allow", + "deny", + "block", + "alert" + ] + ], + "type": "string" + }, + "common.PolicyType": { + "description": "PolicyType represents the type of the policy", + "enum": [ + [ + "docker", + "containerVulnerability", + "containerCompliance", + "ciImagesVulnerability", + "ciImagesCompliance", + "hostVulnerability", + "hostCompliance", + "vmVulnerability", + "vmCompliance", + "serverlessCompliance", + "ciServerlessCompliance", + "serverlessVulnerability", + "ciServerlessVulnerability", + "containerRuntime", + "appEmbeddedRuntime", + "containerAppFirewall", + "hostAppFirewall", + "outOfBandAppFirewall", + "agentlessAppFirewall", + "appEmbeddedAppFirewall", + "serverlessAppFirewall", + "networkFirewall", + "secrets", + "hostRuntime", + "serverlessRuntime", + "kubernetesAudit", + "trust", + "admission", + "codeRepoVulnerability", + "ciCodeRepoVulnerability", + "codeRepoCompliance", + "ciCodeRepoCompliance" + ] + ], + "type": "string" + }, + "common.PortData": { + "description": "PortData is a port of connections with his metadata", + "properties": { + "effect": { + "$ref": "#/components/schemas/common.Effect" + }, + "port": { + "description": "Port is the port number.\n", + "type": "integer" + }, + "protocol": { + "description": "Protocol is the protocol used in the port.\n", + "type": "string" + } + }, + "type": "object" + }, + "common.PortRange": { + "description": "PortRange represents a port range", + "properties": { + "deny": { + "description": "Deny indicates whether the connection is denied.\n", + "type": "boolean" + }, + "end": { + "description": ".\n", + "type": "integer" + }, + "start": { + "description": ".\n", + "type": "integer" + } + }, + "type": "object" + }, + "common.ProfileHash": { + "description": "ProfileHash represents the profile hash\nIt is allowed to contain up to uint32 numbers, and represented by int64 since mongodb does not support unsigned data types", + "format": "int64", + "type": "integer" + }, + "common.ProfilePort": { + "description": "ProfilePort represents a networking profile port", + "properties": { + "port": { + "description": "Port is the port number.\n", + "type": "integer" + }, + "time": { + "description": "Time is the learning timestamp of this port.\n", + "format": "date-time", + "type": "string" + } + }, + "type": "object" + }, + "common.ProfilePortData": { + "description": "ProfilePortData represents a runtime profile ports data", + "properties": { + "all": { + "description": "All indicates that this port data represents any arbitrary ports.\n", + "type": "boolean" + }, + "ports": { + "description": "Ports is the list of profile runtime ports.\n", + "items": { + "$ref": "#/components/schemas/common.ProfilePort" + }, + "type": "array" + } + }, + "type": "object" + }, + "common.ProxySettings": { + "description": "ProxySettings are the http proxy settings", + "properties": { + "ca": { + "description": "Proxy's CA for Defender to trust. Required when using TLS intercept proxies.\n", + "type": "string" + }, + "httpProxy": { + "description": "Proxy address.\n", + "type": "string" + }, + "noProxy": { + "description": "List of addresses for which the proxy should not be used.\n", + "type": "string" + }, + "password": { + "$ref": "#/components/schemas/common.Secret" + }, + "user": { + "description": "Username to authenticate with the proxy.\n", + "type": "string" + } + }, + "type": "object" + }, + "common.RuntimeResource": { + "description": "RuntimeResource represents on which resource in the system a rule applies (e.g., specific host or image)\nEmpty resource or wildcard (*) represents all resources of a given type", + "properties": { + "accountIDs": { + "description": "List of account IDs.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "appIDs": { + "description": "List of application IDs.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "clusters": { + "description": "List of Kubernetes cluster names.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "codeRepos": { + "description": "List of code repositories.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "containers": { + "description": "List of containers.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "functions": { + "description": "List of functions.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "hosts": { + "description": "List of hosts.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "images": { + "description": "List of images.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "labels": { + "description": "List of labels.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "namespaces": { + "description": "List of Kubernetes namespaces.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + "type": "object" + }, + "common.Secret": { + "description": "Secret Stores the plain and encrypted version of a value. The plain version is not stored in a database", + "properties": { + "encrypted": { + "description": "Specifies an encrypted value of the secret.\n", + "type": "string" + }, + "plain": { + "description": "Specifies the plain text value of the secret.\n", + "type": "string" + } + }, + "type": "object" + }, + "common.Toleration": { + "description": "Toleration holds options for pod toleration\nref: https://kubernetes.io/docs/concepts/scheduling-eviction/taint-and-toleration/\ncode ref: k8s.io/api/core/v1/types.go", + "properties": { + "effect": { + "description": "Effect indicates the taint effect to match. Empty means match all taint effects.\nWhen specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute.\n+optional.\n", + "type": "string" + }, + "key": { + "description": "Key is the taint key that the toleration applies to. Empty means match all taint keys.\nIf the key is empty, operator must be Exists; this combination means to match all values and all keys.\n+optional.\n", + "type": "string" + }, + "operator": { + "description": "Operator represents a key's relationship to the value.\nValid operators are Exists and Equal. Defaults to Equal.\nExists is equivalent to wildcard for value, so that a pod can\ntolerate all taints of a particular category.\n+optional.\n", + "type": "string" + }, + "tolerationSeconds": { + "description": "TolerationSeconds represents the period of time the toleration (which must be\nof effect NoExecute, otherwise this field is ignored) tolerates the taint. By default,\nit is not set, which means tolerate the taint forever (do not evict). Zero and\nnegative values will be treated as 0 (evict immediately) by the system.\n+optional.\n", + "format": "int64", + "type": "integer" + }, + "value": { + "description": "Value is the taint value the toleration matches to.\nIf the operator is Exists, the value should be empty, otherwise just a regular string.\n+optional.\n", + "type": "string" + } + }, + "type": "object" + }, + "cred.AzureMIType": { + "enum": [ + [ + "user-assigned", + "system-assigned" + ] + ], + "type": "string" + }, + "cred.AzureSPInfo": { + "description": "AzureSPInfo contains the Azure credentials needed for certificate based authentications", + "properties": { + "clientId": { + "description": "ClientID is the client identifier.\n", + "type": "string" + }, + "miType": { + "$ref": "#/components/schemas/cred.AzureMIType" + }, + "subscriptionId": { + "description": "SubscriptionID is a GUID that uniquely identifies the subscription to use Azure services.\n", + "type": "string" + }, + "tenantId": { + "description": "TenantID is the ID of the AAD directory in which the application was created.\n", + "type": "string" + } + }, + "type": "object" + }, + "cred.Credential": { + "description": "Credential specifies the authentication data of an external provider", + "properties": { + "_id": { + "description": "Specifies the unique ID for credential.\n", + "type": "string" + }, + "accountGUID": { + "description": "Specifies the unique ID for an IBM Cloud account.\n", + "type": "string" + }, + "accountID": { + "description": "Specifies the account identifier. Example: a username, access key, account GUID, and so on.\n", + "type": "string" + }, + "accountName": { + "description": "Specifies the name of the cloud account.\n", + "type": "string" + }, + "apiToken": { + "$ref": "#/components/schemas/common.Secret" + }, + "azureSPInfo": { + "$ref": "#/components/schemas/cred.AzureSPInfo" + }, + "caCert": { + "description": "Specifies the CA certificate for a certificate-based authentication.\n", + "type": "string" + }, + "cloudProviderAccountID": { + "description": "Specifies the cloud provider account ID.\n", + "type": "string" + }, + "created": { + "description": "Specifies the time when the credential was created (or, when the account ID was changed for AWS).\n", + "format": "date-time", + "type": "string" + }, + "description": { + "description": "Specifies the description for a credential.\n", + "type": "string" + }, + "external": { + "description": "Indicates whether the credential is external.\nAvailable values are:\ntrue: external\nfalse: Not external.\n", + "type": "boolean" + }, + "global": { + "description": "Indicates whether the credential scope is global.\nAvailable values are:\ntrue: Global\nfalse: Not Global\nNote: For GCP, the credential scope is the organization.\n", + "type": "boolean" + }, + "lastModified": { + "description": "Specifies the time when the credential was last modified.\n", + "format": "date-time", + "type": "string" + }, + "ociCred": { + "$ref": "#/components/schemas/cred.OCICred" + }, + "owner": { + "description": "Specifies the user who created or modified the credential.\n", + "type": "string" + }, + "prismaLastModified": { + "description": "Specifies the time when the account was last modified by Prisma Cloud Compute.\n", + "format": "int64", + "type": "integer" + }, + "roleArn": { + "description": "Specifies the Amazon Resource Name (ARN) of the role to be assumed.\n", + "type": "string" + }, + "secret": { + "$ref": "#/components/schemas/common.Secret" + }, + "skipVerify": { + "description": "Indicates whether to skip the certificate verification in TLS communication.\n", + "type": "boolean" + }, + "stsEndpoints": { + "description": "Specifies a list of specific endpoints for use in STS sessions in various regions.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "tokens": { + "$ref": "#/components/schemas/cred.TemporaryToken" + }, + "type": { + "$ref": "#/components/schemas/cred.Type" + }, + "url": { + "description": "Specifies the base server URL.\n", + "type": "string" + }, + "useAWSRole": { + "description": "Indicates whether to authenticate using the IAM Role attached to the instance.\nAvailable values are:\ntrue: Authenticate with the attached credentials\nfalse: Don\u2019t authenticate with the attached credentials.\n", + "type": "boolean" + }, + "useSTSRegionalEndpoint": { + "description": "Indicates whether to use the regional STS endpoint for an STS session.\nAvailable values are:\ntrue: Use the regional STS\nfalse: Don\u2019t use the regional STS.\n", + "type": "boolean" + } + }, + "type": "object" + }, + "cred.OCICred": { + "description": "OCICred are additional parameters required for OCI credentials", + "properties": { + "fingerprint": { + "description": "Fingerprint is the public key signature.\n", + "type": "string" + }, + "tenancyId": { + "description": "TenancyID is the OCID of the tenancy.\n", + "type": "string" + } + }, + "type": "object" + }, + "cred.TemporaryToken": { + "description": "TemporaryToken is a temporary session token for cloud provider APIs\nAWS - https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_temp.html\nGCP - https://cloud.google.com/iam/docs/creating-short-lived-service-account-credentials\nAzure - https://docs.microsoft.com/en-us/azure/active-directory/manage-apps/what-is-single-sign-on", + "properties": { + "awsAccessKeyId": { + "description": "Specifies a temporary access key.\n", + "type": "string" + }, + "awsSecretAccessKey": { + "$ref": "#/components/schemas/common.Secret" + }, + "duration": { + "description": "Specifies a duration for the token.\n", + "format": "int64", + "type": "integer" + }, + "expirationTime": { + "description": "Specifies an expiration time for the token.\n", + "format": "date-time", + "type": "string" + }, + "token": { + "$ref": "#/components/schemas/common.Secret" + } + }, + "type": "object" + }, + "cred.Type": { + "description": "Type specifies the credential type", + "enum": [ + [ + "aws", + "azure", + "gcp", + "ibmCloud", + "oci", + "apiToken", + "githubToken", + "githubEnterpriseToken", + "basic", + "dtr", + "kubeconfig", + "certificate", + "gitlabToken" + ] + ], + "type": "string" + }, + "cred.UsageType": { + "description": "UsageType represents the credential usage type", + "enum": [ + [ + "Alert settings", + "Alert profile", + "Registry Scan", + "Serverless Scan", + "Cloud Scan", + "Secret Store", + "Serverless Auto-Deploy", + "Host Auto-deploy", + "VM Scan", + "Code Repository Scan", + "Agentless Scan Hub", + "Custom Intelligence Endpoint", + "VMware Tanzu blobstore Scan", + "Kubernetes Audit settings", + "Agentless app firewall" + ] + ], + "type": "string" + }, + "customrules.Action": { + "description": "Action is the action to perform if the custom rule applies", + "enum": [ + [ + "audit", + "incident" + ] + ], + "type": "string" + }, + "customrules.Effect": { + "description": "Effect is the effect that will be used for custom rule", + "enum": [ + [ + "block", + "prevent", + "alert", + "allow", + "ban", + "disable" + ] + ], + "type": "string" + }, + "customrules.Ref": { + "description": "Ref represents a custom rule that is referenced by a policy rule", + "properties": { + "_id": { + "description": "Custom rule ID.\n", + "type": "integer" + }, + "action": { + "$ref": "#/components/schemas/customrules.Action" + }, + "effect": { + "$ref": "#/components/schemas/customrules.Effect" + } + }, + "type": "object" + }, + "customrules.Rule": { + "description": "Rule represents a custom rule", + "properties": { + "_id": { + "description": "Rule ID. Must be unique.\n", + "type": "integer" + }, + "attackTechniques": { + "description": "List of attack techniques.\n", + "items": { + "$ref": "#/components/schemas/mitre.Technique" + }, + "type": "array" + }, + "description": { + "description": "Description of the rule.\n", + "type": "string" + }, + "message": { + "description": "Macro that is printed as part of the audit/incident message.\n", + "type": "string" + }, + "minVersion": { + "description": "Minimum version required to support the rule.\n", + "type": "string" + }, + "modified": { + "description": "Datetime when the rule was created or last modified.\n", + "format": "int64", + "type": "integer" + }, + "name": { + "description": "Name of the rule.\n", + "type": "string" + }, + "owner": { + "description": "User who created or modified the rule.\n", + "type": "string" + }, + "script": { + "description": "Custom script.\n", + "type": "string" + }, + "type": { + "$ref": "#/components/schemas/customrules.Type" + }, + "vulnIDs": { + "$ref": "#/components/schemas/customrules.VulnIDs" + } + }, + "type": "object" + }, + "customrules.Type": { + "description": "Type is the type of the custom rule", + "enum": [ + [ + "processes", + "filesystem", + "network-outgoing", + "kubernetes-audit", + "waas-request", + "waas-response" + ] + ], + "type": "string" + }, + "customrules.VulnIDs": { + "description": "VulnIDs is the list of vulnerability IDs", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "defender.Category": { + "description": "Category represents the defender target category", + "enum": [ + [ + "container", + "host", + "serverless", + "appEmbedded", + "hostAgentless", + "containerAgentless" + ] + ], + "type": "string" + }, + "defender.Defender": { + "description": "Defender is an update about an agent starting", + "properties": { + "category": { + "$ref": "#/components/schemas/defender.Category" + }, + "certificateExpiration": { + "description": "Client certificate expiration time.\n", + "format": "date-time", + "type": "string" + }, + "cloudMetadata": { + "$ref": "#/components/schemas/common.CloudMetadata" + }, + "cluster": { + "description": "Cluster name (fallback is internal IP).\n", + "type": "string" + }, + "clusterID": { + "description": "Unique ID generated for each DaemonSet. Used to group Defenders by clusters. Note: Kubernetes does not provide a cluster name as part of its API.\n", + "type": "string" + }, + "clusterType": { + "$ref": "#/components/schemas/common.ClusterType" + }, + "collections": { + "description": "Collections to which this Defender belongs.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "compatibleVersion": { + "description": "Indicates if Defender has a compatible version for communication (e.g., request logs) (true) or not (false).\n", + "type": "boolean" + }, + "connected": { + "description": "Indicates whether Defender is connected (true) or not (false).\n", + "type": "boolean" + }, + "features": { + "$ref": "#/components/schemas/defender.Features" + }, + "firewallProtection": { + "$ref": "#/components/schemas/waas.ProtectionStatus" + }, + "fqdn": { + "description": "Full domain name of the host. Used in audit alerts to identify specific hosts.\n", + "type": "string" + }, + "hostname": { + "description": "Name of host where Defender is deployed.\n", + "type": "string" + }, + "isARM64": { + "description": "IsARM64 indicates whether the defender runs on aarch64 architecture.\n", + "type": "boolean" + }, + "lastModified": { + "description": "Datetime when the Defender's connectivity status last changed.\n", + "format": "date-time", + "type": "string" + }, + "port": { + "description": "Port that Defender uses to connect to Console.\n", + "type": "integer" + }, + "proxy": { + "$ref": "#/components/schemas/common.ProxySettings" + }, + "remoteLoggingSupported": { + "description": "Indicates if Defender logs can be retrieved remotely (true) or not (false).\n", + "type": "boolean" + }, + "remoteMgmtSupported": { + "description": "Indicates if Defender can be remotely managed (upgraded, restarted) (true) or not (false).\n", + "type": "boolean" + }, + "status": { + "$ref": "#/components/schemas/defender.Status" + }, + "systemInfo": { + "$ref": "#/components/schemas/defender.SystemInfo" + }, + "tasBlobstoreScanner": { + "description": "Indicates TAS blobstore scanning only Defender.\n", + "type": "boolean" + }, + "tasClusterID": { + "description": "TAS cluster ID where Defender runs. This is typically set to the Cloud controller's API address.\n", + "type": "string" + }, + "tasFoundation": { + "description": "TASFoundation is the foundation the Defender is running on.\n", + "type": "string" + }, + "type": { + "$ref": "#/components/schemas/defender.Type" + }, + "usingOldCA": { + "description": "UsingOldCA indicates whether the defender client is using an old certificate signed by an old CA for TLS handshake.\n", + "type": "boolean" + }, + "version": { + "description": "Defender version.\n", + "type": "string" + }, + "vpcObserver": { + "description": "VPCObserver indicates whether the defender runs in a VPC observer.\n", + "type": "boolean" + } + }, + "type": "object" + }, + "defender.FeatureStatus": { + "description": "FeatureStatus holds data about defender features", + "properties": { + "enabled": { + "description": "Indicates if the feature is enabled (true) or not (false).\n", + "type": "boolean" + }, + "err": { + "description": "Error string, if an error occurred.\n", + "type": "string" + }, + "hostname": { + "description": "Name of host where Defender runs.\n", + "type": "string" + } + }, + "type": "object" + }, + "defender.Features": { + "description": "Features is the defender features that can be updated", + "properties": { + "clusterMonitoring": { + "description": "Indicates whether any of the cluster monitoring features are enabled (monitor service accounts, monitor Istio, collect Kubernetes pod labels).\n", + "type": "boolean" + }, + "proxyListenerType": { + "$ref": "#/components/schemas/defender.ProxyListenerType" + } + }, + "type": "object" + }, + "defender.ProxyListenerType": { + "description": "ProxyListenerType is the proxy listener type of defenders", + "enum": [ + [ + "none", + "tcp", + "default" + ] + ], + "type": "string" + }, + "defender.ScanStatus": { + "description": "ScanStatus represents the status of current scan", + "properties": { + "completed": { + "description": "Indicates if scanning has successfully completed (true) or not (false).\n", + "type": "boolean" + }, + "errors": { + "description": "List of errors that occurred during the last scan.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "hostname": { + "description": "Name of the host where Defender runs.\n", + "type": "string" + }, + "scanTime": { + "description": "Datetime of the last completed scan.\n", + "format": "date-time", + "type": "string" + }, + "scanning": { + "description": "Indicates whether scanning is in progress (true) or not (false).\n", + "type": "boolean" + }, + "selective": { + "description": "Indicates if the scan is for a specific resource (true) or not (false).\n", + "type": "boolean" + } + }, + "type": "object" + }, + "defender.Settings": { + "description": "Settings is the Defender settings", + "properties": { + "admissionControlEnabled": { + "description": "Indicates if the admission controller is enabled (true) or not (false).\n", + "type": "boolean" + }, + "admissionControlWebhookSuffix": { + "description": "Relative path to the admission control webhook HTTP endpoint.\n", + "type": "string" + }, + "appEmbeddedFileSystemTracingEnabled": { + "description": "AppEmbeddedFileSystemTracingEnabled is the default deployment state for app embedded Defenders file system tracing.\n", + "type": "boolean" + }, + "automaticUpgrade": { + "description": "Deprecated: indicates if defenders should be automatically upgraded to the latest version.\n", + "type": "boolean" + }, + "disconnectPeriodDays": { + "description": "Number of consecutive days a Defender must remain disconnected for it to be considered decommissioned.\n", + "type": "integer" + }, + "hostCustomComplianceEnabled": { + "description": "Indicates if Defenders support host custom compliance checks (true) or not (false).\n", + "type": "boolean" + }, + "listeningPort": { + "description": "Port on which Defenders listen.\n", + "type": "integer" + } + }, + "type": "object" + }, + "defender.Status": { + "description": "Status is the generic status state per defender or global", + "properties": { + "appFirewall": { + "$ref": "#/components/schemas/defender.FeatureStatus" + }, + "container": { + "$ref": "#/components/schemas/defender.ScanStatus" + }, + "containerNetworkFirewall": { + "$ref": "#/components/schemas/defender.FeatureStatus" + }, + "features": { + "$ref": "#/components/schemas/defender.FeatureStatus" + }, + "filesystem": { + "$ref": "#/components/schemas/defender.FeatureStatus" + }, + "hostCustomCompliance": { + "$ref": "#/components/schemas/defender.FeatureStatus" + }, + "hostNetworkFirewall": { + "$ref": "#/components/schemas/defender.FeatureStatus" + }, + "image": { + "$ref": "#/components/schemas/defender.ScanStatus" + }, + "lastModified": { + "description": "Datetime the status was last modified.\n", + "format": "date-time", + "type": "string" + }, + "network": { + "$ref": "#/components/schemas/defender.FeatureStatus" + }, + "outOfBandAppFirewall": { + "$ref": "#/components/schemas/defender.FeatureStatus" + }, + "process": { + "$ref": "#/components/schemas/defender.FeatureStatus" + }, + "runc": { + "$ref": "#/components/schemas/defender.FeatureStatus" + }, + "runtime": { + "$ref": "#/components/schemas/defender.FeatureStatus" + }, + "tasDroplets": { + "$ref": "#/components/schemas/defender.ScanStatus" + }, + "upgrade": { + "$ref": "#/components/schemas/defender.UpgradeStatus" + } + }, + "type": "object" + }, + "defender.SystemInfo": { + "description": "SystemInfo is the OS information of the host", + "properties": { + "cpuCount": { + "description": "CPU count on the host where Defender runs.\n", + "type": "integer" + }, + "freeDiskSpaceGB": { + "description": "Free disk space (in GB) on the host where Defender runs.\n", + "type": "integer" + }, + "kernelVersion": { + "description": "Kernel version on the host where Defender runs.\n", + "type": "string" + }, + "memoryGB": { + "description": "Total memory (in GB) on the host where Defender runs.\n", + "format": "double", + "type": "number" + }, + "totalDiskSpaceGB": { + "description": "Total disk space (in GB) on the host where Defender runs.\n", + "type": "integer" + } + }, + "type": "object" + }, + "defender.Type": { + "description": "Type is the type to be given at startup", + "enum": [ + [ + "none", + "docker", + "dockerWindows", + "containerdWindows", + "swarm", + "daemonset", + "serverLinux", + "serverWindows", + "cri", + "fargate", + "appEmbedded", + "tas", + "tasWindows", + "serverless", + "ecs" + ] + ], + "type": "string" + }, + "defender.UpgradeStatus": { + "description": "UpgradeStatus represents the status of current twistlock defender upgrade", + "properties": { + "err": { + "description": "Error string, if an error occurred.\n", + "type": "string" + }, + "hostname": { + "description": "Name of the host where Defender runs.\n", + "type": "string" + }, + "lastModified": { + "description": "Datetime of the last upgrade.\n", + "format": "date-time", + "type": "string" + }, + "progress": { + "description": "Upgrade progress.\n", + "type": "integer" + } + }, + "type": "object" + }, + "deployment.CommandError": { + "description": "CommandError is the command error on specific instance", + "properties": { + "error": { + "description": "Error is the error in case the command failed.\n", + "type": "string" + }, + "hostname": { + "description": "Hostname is the instance hostname.\n", + "type": "string" + }, + "instanceID": { + "description": "InstanceID is the instance id.\n", + "type": "string" + }, + "instanceName": { + "description": "InstanceName is the instance name.\n", + "type": "string" + }, + "projectID": { + "description": "ProjectID is instance GCP project id.\n", + "type": "string" + }, + "region": { + "description": "Region is the instance region for AWS or zone for GCP.\n", + "type": "string" + }, + "state": { + "description": "State is the error state in which the deployment failed (e.g. timed out/failed due to some other reason).\n", + "type": "string" + }, + "vmImage": { + "description": "VMImage is the instance image.\n", + "type": "string" + } + }, + "type": "object" + }, + "deployment.DaemonSet": { + "description": "DaemonSet holds information about deployed defender DaemonSet\nTODO #12377 - Implement Resource interface for collections filtering, after retrieving correct value to Cluster field", + "properties": { + "address": { + "description": "Address is the kubernetes cluster address.\n", + "type": "string" + }, + "cluster": { + "description": "Cluster is the kubernetes cluster name.\n", + "type": "string" + }, + "credentialID": { + "description": "CredentialID is the name of the credential used.\n", + "type": "string" + }, + "defendersVersion": { + "description": "DefendersVersion is the version of the defenders deployed.\n", + "type": "string" + }, + "desiredDefenders": { + "description": "DesiredDefenders is the number of desired defenders.\n", + "type": "integer" + }, + "error": { + "description": "Error indicates any related errors found.\n", + "type": "string" + }, + "hasDefender": { + "description": "HasDefender indicates if the cluster has at least one running defender.\n", + "type": "boolean" + }, + "projectID": { + "description": "ProjectID is the kubernetes cluster project ID.\n", + "type": "string" + }, + "region": { + "description": "Region is the kubernetes cluster location region.\n", + "type": "string" + }, + "runningDefenders": { + "description": "RunningDefenders is the number of defenders running.\n", + "type": "integer" + }, + "upgradable": { + "description": "Upgradable indicates if the cluster is upgradable.\n", + "type": "boolean" + } + }, + "type": "object" + }, + "float32": { + "format": "float", + "type": "number" + }, + "float64": { + "format": "double", + "type": "number" + }, + "forensic.ContainerEvent": { + "description": "ContainerEvent holds forensic event information (in flat structure)", + "properties": { + "allPorts": { + "description": "AllPorts indicates all listening ports are allowed.\n", + "type": "boolean" + }, + "attack": { + "$ref": "#/components/schemas/shared.RuntimeAttackType" + }, + "category": { + "$ref": "#/components/schemas/shared.IncidentCategory" + }, + "command": { + "description": "Command is the event command.\n", + "type": "string" + }, + "containerId": { + "description": "ContainerID is the event container id.\n", + "type": "string" + }, + "domainName": { + "description": "DomainName is the event queried domain name.\n", + "type": "string" + }, + "domainType": { + "description": "DomainType is the event queried domain type.\n", + "type": "string" + }, + "dstIP": { + "description": "DstIP is the destination IP of the connection.\n", + "type": "string" + }, + "dstPort": { + "description": "DstPort is the destination port.\n", + "type": "integer" + }, + "dstProfileID": { + "description": "DstProfileID is the profile ID of the connection destination.\n", + "type": "string" + }, + "effect": { + "description": "Effect is the runtime audit effect.\n", + "type": "string" + }, + "listeningStartTime": { + "description": "listeningStartTime is the port listening start time.\n", + "format": "date-time", + "type": "string" + }, + "message": { + "description": "Message is the runtime audit message.\n", + "type": "string" + }, + "networkCollectionType": { + "$ref": "#/components/schemas/forensic.NetworkCollection" + }, + "outbound": { + "description": "Outbound indicates if the port is outbound.\n", + "type": "boolean" + }, + "path": { + "description": "Path is the event path.\n", + "type": "string" + }, + "pid": { + "description": "Pid is the event process id.\n", + "type": "integer" + }, + "port": { + "description": "Port is the listening port.\n", + "type": "integer" + }, + "ppid": { + "description": "PPid is the event parent process id.\n", + "type": "integer" + }, + "process": { + "description": "Process is the event process.\n", + "type": "string" + }, + "srcIP": { + "description": "SrcIP is the source IP of the connection.\n", + "type": "string" + }, + "srcProfileID": { + "description": "SrcProfileID is the profile ID of the connection source.\n", + "type": "string" + }, + "static": { + "description": "Static indicates the event was added to the profile without behavioral indication.\n", + "type": "boolean" + }, + "timestamp": { + "description": "Timestamp is the event timestamp.\n", + "format": "date-time", + "type": "string" + }, + "type": { + "$ref": "#/components/schemas/forensic.ContainerEventType" + }, + "user": { + "description": "User is the event user.\n", + "type": "string" + } + }, + "type": "object" + }, + "forensic.ContainerEventType": { + "description": "ContainerEventType represents the kind of event", + "enum": [ + [ + "Process spawned", + "Binary created", + "Container started", + "Listening port", + "Connection established", + "Runtime audit", + "Runtime profile process", + "Runtime profile filesystem", + "Runtime profile networking", + "Incident", + "DNS query" + ] + ], + "type": "string" + }, + "forensic.HostEvent": { + "description": "HostEvent holds host forensic event information", + "properties": { + "app": { + "description": "App is the application associated with the event.\n", + "type": "string" + }, + "attack": { + "$ref": "#/components/schemas/shared.RuntimeAttackType" + }, + "category": { + "$ref": "#/components/schemas/shared.IncidentCategory" + }, + "command": { + "description": "Command is the event command.\n", + "type": "string" + }, + "country": { + "description": "Country is the country associated with the event.\n", + "type": "string" + }, + "domainName": { + "description": "DomainName is the event queried domain name.\n", + "type": "string" + }, + "domainType": { + "description": "DomainType is the event queried domain type.\n", + "type": "string" + }, + "effect": { + "description": "Effect is the runtime audit effect.\n", + "type": "string" + }, + "interactive": { + "description": "Interactive indicates if the event is interactive.\n", + "type": "boolean" + }, + "ip": { + "description": "IP is the IP address associated with the event.\n", + "type": "string" + }, + "listeningStartTime": { + "description": "ListeningStartTime is the listening port start time.\n", + "format": "date-time", + "type": "string" + }, + "message": { + "description": "Message is the runtime audit message.\n", + "type": "string" + }, + "path": { + "description": "Path is the event path.\n", + "type": "string" + }, + "pid": { + "description": "Pid is the event process id.\n", + "type": "integer" + }, + "port": { + "description": "Port is the listening port.\n", + "type": "integer" + }, + "ppath": { + "description": "Path is the event parent path.\n", + "type": "string" + }, + "ppid": { + "description": "PPid is the event parent process id.\n", + "type": "integer" + }, + "process": { + "description": "Process is the event process.\n", + "type": "string" + }, + "timestamp": { + "description": "Timestamp is the event timestamp.\n", + "format": "date-time", + "type": "string" + }, + "type": { + "$ref": "#/components/schemas/forensic.HostEventType" + }, + "user": { + "description": "User is the event user.\n", + "type": "string" + } + }, + "type": "object" + }, + "forensic.HostEventType": { + "description": "HostEventType represents the kind of host event", + "enum": [ + [ + "Process spawned", + "Listening port", + "Binary created", + "Runtime audit", + "SSH event", + "Incident", + "DNS query" + ] + ], + "type": "string" + }, + "forensic.NetworkCollection": { + "description": "NetworkCollection describe the different types of collection of network events", + "type": "string" + }, + "identity.LdapSettings": { + "description": "LdapSettings are the ldap connectivity settings", + "properties": { + "accountPassword": { + "$ref": "#/components/schemas/common.Secret" + }, + "accountUpn": { + "description": "AccountUpn is the user principle name used to connect to the active directory server.\n", + "type": "string" + }, + "caCert": { + "description": "CaCert is cert in PEM format (optional, if not specified, skip_verify flag will be used).\n", + "type": "string" + }, + "enabled": { + "description": "Enabled indicates whether LDAP is enabled.\n", + "type": "boolean" + }, + "groupSearchBase": { + "description": "GroupSearchBase is the LDAP search pattern for groups.\n", + "type": "string" + }, + "searchBase": { + "description": "SearchBase is the LDAP search pattern.\n", + "type": "string" + }, + "type": { + "description": "Type specifies the LDAP server type (AD or OpenLDAP).\n", + "type": "string" + }, + "url": { + "description": "URL is the ldap server url.\n", + "type": "string" + }, + "userSearchBase": { + "description": "UserSearchBase is the LDAP search pattern for users.\n", + "type": "string" + }, + "userSearchIdentifier": { + "description": "UserSearchIdentifier is the user identifier to use for querying open ldap (e.g., cn -> cn=user).\n", + "type": "string" + } + }, + "type": "object" + }, + "identity.ProviderName": { + "description": "ProviderName is the identity provider name", + "enum": [ + [ + "github", + "openshift" + ] + ], + "type": "string" + }, + "identity.ProviderSettings": { + "description": "ProviderSettings are the Oauth/ OpenID Connect connectivity settings", + "properties": { + "authURL": { + "description": "AuthURL specifies auth URL.\n", + "type": "string" + }, + "cert": { + "description": "Cert is idp certificate.\n", + "type": "string" + }, + "clientID": { + "description": "ClientID is the client identifier issued to the client during the registration process.\n", + "type": "string" + }, + "clientSecret": { + "$ref": "#/components/schemas/common.Secret" + }, + "enabled": { + "description": "Enabled indicates whether Auth settings are enabled.\n", + "type": "boolean" + }, + "groupClaim": { + "description": "GroupClaim is the name of the group claim property.\n", + "type": "string" + }, + "groupScope": { + "description": "GroupScope specifies name of group scope.\n", + "type": "string" + }, + "openIDIssuesURL": { + "description": "OpenIDIssuesURL is the base URL for OpenID connect providers.\n", + "type": "string" + }, + "openshiftBaseURL": { + "description": "OpenshiftBaseURL is openshift base URL.\n", + "type": "string" + }, + "providerAlias": { + "description": "ProviderAlias is the provider alias used for display.\n", + "type": "string" + }, + "providerName": { + "$ref": "#/components/schemas/identity.ProviderName" + }, + "tokenURL": { + "description": "TokenURL specifies token URL.\n", + "type": "string" + }, + "userClaim": { + "description": "UserClaim is the name of the user claim property.\n", + "type": "string" + } + }, + "type": "object" + }, + "identity.RedirectURLResponse": { + "description": "RedirectURLResponse is the response for identity redirect endpoint", + "properties": { + "enabled": { + "description": "Enabled identify if auth provider is enabled.\n", + "type": "boolean" + }, + "url": { + "description": "URL is the redirect URL.\n", + "type": "string" + } + }, + "type": "object" + }, + "identity.SamlSettings": { + "description": "SamlSettings are the saml connectivity settings", + "properties": { + "appId": { + "description": "AppID is the Azure application ID.\n", + "type": "string" + }, + "appSecret": { + "$ref": "#/components/schemas/common.Secret" + }, + "audience": { + "description": "Audience specifies the SAML audience used in the verification of the SAML response.\n", + "type": "string" + }, + "cert": { + "description": "Cert is idp certificate in PEM format.\n", + "type": "string" + }, + "consoleURL": { + "description": "ConsoleURL is the external Console URL that is used by the IDP for routing the browser after login.\n", + "type": "string" + }, + "enabled": { + "description": "Enabled indicates whether saml settings are enabled.\n", + "type": "boolean" + }, + "groupAttribute": { + "description": "GroupAttribute is the name of the group attribute.\n", + "type": "string" + }, + "issuer": { + "description": "Issuer is idp issuer id.\n", + "type": "string" + }, + "providerAlias": { + "description": "ProviderAlias is the provider alias used for display.\n", + "type": "string" + }, + "skipAuthnContext": { + "description": "SkipAuthnContext indicates whether request authentication contexts should be skipped.\n", + "type": "boolean" + }, + "tenantId": { + "description": "TenantID is the Azure Tenant ID.\n", + "type": "string" + }, + "type": { + "$ref": "#/components/schemas/identity.SamlType" + }, + "url": { + "description": "URL is idp sso url.\n", + "type": "string" + } + }, + "type": "object" + }, + "identity.SamlType": { + "description": "SamlType represents the type of a SAML configured settings", + "enum": [ + [ + "okta", + "gsuite", + "ping", + "shibboleth", + "azure", + "adfs" + ] + ], + "type": "string" + }, + "identity.Settings": { + "description": "Settings hold the identity settings for supported providers", + "properties": { + "ldap": { + "$ref": "#/components/schemas/identity.LdapSettings" + }, + "oauth": { + "$ref": "#/components/schemas/identity.ProviderSettings" + }, + "openid": { + "$ref": "#/components/schemas/identity.ProviderSettings" + }, + "saml": { + "$ref": "#/components/schemas/identity.SamlSettings" + } + }, + "type": "object" + }, + "int": { + "type": "integer" + }, + "int16": { + "type": "integer" + }, + "int64": { + "format": "int64", + "type": "integer" + }, + "intelligence.IntelligenceSettings": { + "description": "IntelligenceSettings are the intelligence service settings", + "properties": { + "address": { + "description": "Address is the intelligence service address.\n", + "type": "string" + }, + "customEndpoint": { + "description": "CustomEndpoint is the user defined custom endpoint.\n", + "type": "string" + }, + "customEndpointCACert": { + "description": "CustomEndpointCACert is the custom CA cert bundle for trusting the custom endpoint.\n", + "type": "string" + }, + "customEndpointCredentialID": { + "description": "CustomEndpointCredentialID is the custom endpoint credential ID.\n", + "type": "string" + }, + "customEndpointEnabled": { + "description": "CustomEndpointEnabled indicates that the user custom endpoint is enabled.\n", + "type": "boolean" + }, + "enabled": { + "description": "Enabled indicates whether intelligence service is enabled.\n", + "type": "boolean" + }, + "token": { + "description": "Token is the token used to access intelligence service.\n", + "type": "string" + }, + "uploadDisabled": { + "description": "UploadDisabled indicates whether logs uploading is disabled.\n", + "type": "boolean" + }, + "windowsFeedEnabled": { + "description": "WindowsFeedEnabled indicates whether windows feed is enabled.\n", + "type": "boolean" + } + }, + "type": "object" + }, + "istio.AuthorizationPolicy": { + "description": "AuthorizationPolicy is a compact version of Istio AuthorizationPolicy resource\nSee https://istio.io/docs/reference/config/security/authorization-policy/#AuthorizationPolicy", + "properties": { + "effect": { + "$ref": "#/components/schemas/common.Effect" + }, + "name": { + "description": "Name is the authorization policy name.\n", + "type": "string" + }, + "namespace": { + "description": "Namespace is the namespace of the authorization policy.\n", + "type": "string" + }, + "rules": { + "description": "Rules are the access rules this authorization policy defines.\n", + "items": { + "$ref": "#/components/schemas/istio.AuthorizationPolicyRule" + }, + "type": "array" + }, + "targetServices": { + "description": "TargetServices is the list of services the authorization policy applies on.\n", + "items": { + "$ref": "#/components/schemas/istio.AuthorizationPolicyService" + }, + "type": "array" + } + }, + "type": "object" + }, + "istio.AuthorizationPolicyDestination": { + "description": "AuthorizationPolicyDestination is a compact version of Istio Operation resource\nSee https://istio.io/docs/reference/config/security/authorization-policy/#Operation", + "properties": { + "methods": { + "description": "Methods are the destination endpoint HTTP methods, such as: \"GET\", \"POST\".\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "paths": { + "description": "Paths are the destination HTTP paths.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "ports": { + "description": "Ports are the destination endpoint ports.\n", + "items": { + "$ref": "#/components/schemas/int" + }, + "type": "array" + } + }, + "type": "object" + }, + "istio.AuthorizationPolicyRule": { + "description": "AuthorizationPolicyRule is a compact version of Istio Rule resource\nSee https://istio.io/docs/reference/config/security/authorization-policy/#Rule", + "properties": { + "destinations": { + "description": "Destinations are the endpoint definitions the rule grants access to.\n", + "items": { + "$ref": "#/components/schemas/istio.AuthorizationPolicyDestination" + }, + "type": "array" + }, + "sources": { + "description": "Sources are the metadatas of the services the rule grants access to.\n", + "items": { + "$ref": "#/components/schemas/istio.AuthorizationPolicySource" + }, + "type": "array" + } + }, + "type": "object" + }, + "istio.AuthorizationPolicyService": { + "description": "AuthorizationPolicyService represents a service an authorization policy applies on\nSee https://istio.io/docs/reference/config/security/authorization-policy/#Source", + "properties": { + "name": { + "description": "Name is the service name.\n", + "type": "string" + }, + "namespace": { + "description": "Namespace is the service namespace.\n", + "type": "string" + } + }, + "type": "object" + }, + "istio.AuthorizationPolicySource": { + "description": "AuthorizationPolicySource is a compact version of Istio Source resource\nSee https://istio.io/docs/reference/config/security/authorization-policy/#Source", + "properties": { + "namespaces": { + "description": "Namespaces are the source services namespaces.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "principals": { + "description": "Principals are the source services principals.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + "type": "object" + }, + "kubeaudit.Audit": { + "description": "Audit represents a Kubernetes audit - this is the data that is stored for matched audits", + "properties": { + "accountID": { + "description": "AccountID is the account ID the Kubernetes audit belongs to.\n", + "type": "string" + }, + "attackTechniques": { + "description": "AttackTechniques are the MITRE attack techniques.\n", + "items": { + "$ref": "#/components/schemas/mitre.Technique" + }, + "type": "array" + }, + "authorizationInfo": { + "additionalProperties": { + "$ref": "#/components/schemas/string" + }, + "description": "AuthorizationInfo holds the original event authorization info.\n", + "type": "object" + }, + "cluster": { + "description": "Cluster is the cluster the Kubernetes audit belongs to.\n", + "type": "string" + }, + "collections": { + "description": "Collections that apply to the Kubernetes audit.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "eventBlob": { + "description": "EventBlob is the original event that caused this audit.\n", + "type": "string" + }, + "message": { + "description": "Message is the user defined message which appears on audit.\n", + "type": "string" + }, + "provider": { + "$ref": "#/components/schemas/common.CloudProvider" + }, + "requestURI": { + "description": "RequestURI is the request URI as sent by the client to a server.\n", + "type": "string" + }, + "resources": { + "description": "Resource represents the resource that is impacted by this event.\n", + "type": "string" + }, + "sourceIPs": { + "description": "Source IPs, from where the request originated and intermediate proxies (optional).\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "time": { + "description": "Time is the time at which the request was generated.\n", + "format": "date-time", + "type": "string" + }, + "user": { + "$ref": "#/components/schemas/kubeaudit.EventUserInfo" + }, + "verb": { + "description": "Verb is the kubernetes verb associated with the request.\n", + "type": "string" + } + }, + "type": "object" + }, + "kubeaudit.AuditSettings": { + "description": "AuditSettings represents the kubernetes audits settings", + "properties": { + "lastPollingTime": { + "description": "LastPollingTime holds the last time the logs were polled.\n", + "format": "date-time", + "type": "string" + }, + "specifications": { + "description": "Specifications are the K8s audits fetching CSP specifications.\n", + "items": { + "$ref": "#/components/schemas/kubeaudit.AuditSpecification" + }, + "type": "array" + }, + "webhookUrlSuffix": { + "description": "WebhookSuffix is the relative path to the webhook http endpoint, used for auditing K8S events sent to the console from a cluster.\n", + "type": "string" + } + }, + "type": "object" + }, + "kubeaudit.AuditSpecification": { + "description": "AuditSpecification is the specification for fetching audits from a CSP", + "properties": { + "awsRegion": { + "description": "AWSRegion is the cloud region to fetch from.\n", + "type": "string" + }, + "azureResourceGroups": { + "description": "AzureResourceGroups holds the resource groups to filter by.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "azureWorkspaceName": { + "description": "AzureWorkspaceName holds the workspace name to fetch from.\n", + "type": "string" + }, + "clusters": { + "description": "Clusters are the clusters to fetch.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "credentialID": { + "description": "CredentialID is the credential to use for CSP authentication for this specification.\n", + "type": "string" + }, + "deploymentType": { + "$ref": "#/components/schemas/kubeaudit.DeploymentType" + }, + "filter": { + "description": "Filter is a provider specific query using the provider's query syntax for additional filtering.\n", + "type": "string" + }, + "gcpProjectIDs": { + "description": "GCPProjectIDs holds the IDs of projects to fetch from.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "name": { + "description": "Name is the specification unique identification as provided by the user.\n", + "type": "string" + } + }, + "type": "object" + }, + "kubeaudit.DeploymentType": { + "description": "DeploymentType specifies the type of Kubernetes deployment", + "enum": [ + [ + "gke", + "aks", + "eks" + ] + ], + "type": "string" + }, + "kubeaudit.EventUserInfo": { + "description": "EventUserInfo holds the information about the user that authenticated to Kubernentes", + "properties": { + "groups": { + "description": "The names of groups this user is a part of (optional).\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "uid": { + "description": "A unique value that identifies this user across time. If this user is\ndeleted and another user by the same name is added, they will have\ndifferent UIDs (optional).\n", + "type": "string" + }, + "username": { + "description": "The name that uniquely identifies this user among all active users (optional).\n", + "type": "string" + } + }, + "type": "object" + }, + "kubeaudit.Policy": { + "description": "Policy represents a Kubernetes audit policy enforced on Kubernetes audits", + "properties": { + "_id": { + "description": "ID is the Kubernetes audit policy ID.\n", + "type": "string" + }, + "customRulesIDs": { + "description": "CustomRulesIDs is a list of the custom runtime rules ids that apply to this policy.\n", + "items": { + "$ref": "#/components/schemas/int" + }, + "type": "array" + }, + "enabled": { + "description": "Enabled specifies if Kubernetes audits are enabled.\n", + "type": "boolean" + } + }, + "type": "object" + }, + "license.SPDXLicense": { + "description": "SPDXLicense represents a SPDX license ID", + "enum": [ + [ + "0BSD", + "AAL", + "ADSL", + "AFL-1.1", + "AFL-1.2", + "AFL-2.0", + "AFL-2.1", + "AFL-3.0", + "AGPL-1.0", + "AGPL-1.0-only", + "AGPL-1.0-or-later", + "AGPL-3.0", + "AGPL-3.0-only", + "AGPL-3.0-or-later", + "AMDPLPA", + "AML", + "AMPAS", + "ANTLR-PD", + "ANTLR-PD-fallback", + "APAFML", + "APL-1.0", + "APSL-1.0", + "APSL-1.1", + "APSL-1.2", + "APSL-2.0", + "Abstyles", + "Adobe-2006", + "Adobe-Glyph", + "Afmparse", + "Aladdin", + "Apache-1.0", + "Apache-1.1", + "Apache-2.0", + "Artistic-1.0", + "Artistic-1.0-Perl", + "Artistic-1.0-cl8", + "Artistic-2.0", + "BSD-1-Clause", + "BSD-2-Clause", + "BSD-2-Clause-FreeBSD", + "BSD-2-Clause-NetBSD", + "BSD-2-Clause-Patent", + "BSD-2-Clause-Views", + "BSD-3-Clause", + "BSD-3-Clause-Attribution", + "BSD-3-Clause-Clear", + "BSD-3-Clause-LBNL", + "BSD-3-Clause-No-Nuclear-License", + "BSD-3-Clause-No-Nuclear-License-2014", + "BSD-3-Clause-No-Nuclear-Warranty", + "BSD-3-Clause-Open-MPI", + "BSD-4-Clause", + "BSD-4-Clause-UC", + "BSD-Protection", + "BSD-Source-Code", + "BSL-1.0", + "BUSL-1.1", + "Bahyph", + "Barr", + "Beerware", + "BitTorrent-1.0", + "BitTorrent-1.1", + "BlueOak-1.0.0", + "Borceux", + "CAL-1.0", + "CAL-1.0-Combined-Work-Exception", + "CATOSL-1.1", + "CC-BY-1.0", + "CC-BY-2.0", + "CC-BY-2.5", + "CC-BY-3.0", + "CC-BY-3.0-AT", + "CC-BY-3.0-US", + "CC-BY-4.0", + "CC-BY-NC-1.0", + "CC-BY-NC-2.0", + "CC-BY-NC-2.5", + "CC-BY-NC-3.0", + "CC-BY-NC-4.0", + "CC-BY-NC-ND-1.0", + "CC-BY-NC-ND-2.0", + "CC-BY-NC-ND-2.5", + "CC-BY-NC-ND-3.0", + "CC-BY-NC-ND-3.0-IGO", + "CC-BY-NC-ND-4.0", + "CC-BY-NC-SA-1.0", + "CC-BY-NC-SA-2.0", + "CC-BY-NC-SA-2.5", + "CC-BY-NC-SA-3.0", + "CC-BY-NC-SA-4.0", + "CC-BY-ND-1.0", + "CC-BY-ND-2.0", + "CC-BY-ND-2.5", + "CC-BY-ND-3.0", + "CC-BY-ND-4.0", + "CC-BY-SA-1.0", + "CC-BY-SA-2.0", + "CC-BY-SA-2.0-UK", + "CC-BY-SA-2.5", + "CC-BY-SA-3.0", + "CC-BY-SA-3.0-AT", + "CC-BY-SA-4.0", + "CC-PDDC", + "CC0-1.0", + "CDDL-1.0", + "CDDL-1.1", + "CDLA-Permissive-1.0", + "CDLA-Sharing-1.0", + "CECILL-1.0", + "CECILL-1.1", + "CECILL-2.0", + "CECILL-2.1", + "CECILL-B", + "CECILL-C", + "CERN-OHL-1.1", + "CERN-OHL-1.2", + "CERN-OHL-P-2.0", + "CERN-OHL-S-2.0", + "CERN-OHL-W-2.0", + "CNRI-Jython", + "CNRI-Python", + "CNRI-Python-GPL-Compatible", + "CPAL-1.0", + "CPL-1.0", + "CPOL-1.02", + "CUA-OPL-1.0", + "Caldera", + "ClArtistic", + "Condor-1.1", + "Crossword", + "CrystalStacker", + "Cube", + "D-FSL-1.0", + "DOC", + "DSDP", + "Dotseqn", + "ECL-1.0", + "ECL-2.0", + "EFL-1.0", + "EFL-2.0", + "EPICS", + "EPL-1.0", + "EPL-2.0", + "EUDatagrid", + "EUPL-1.0", + "EUPL-1.1", + "EUPL-1.2", + "Entessa", + "ErlPL-1.1", + "Eurosym", + "FSFAP", + "FSFUL", + "FSFULLR", + "FTL", + "Fair", + "Frameworx-1.0", + "FreeImage", + "GFDL-1.1", + "GFDL-1.1-invariants-only", + "GFDL-1.1-invariants-or-later", + "GFDL-1.1-no-invariants-only", + "GFDL-1.1-no-invariants-or-later", + "GFDL-1.1-only", + "GFDL-1.1-or-later", + "GFDL-1.2", + "GFDL-1.2-invariants-only", + "GFDL-1.2-invariants-or-later", + "GFDL-1.2-no-invariants-only", + "GFDL-1.2-no-invariants-or-later", + "GFDL-1.2-only", + "GFDL-1.2-or-later", + "GFDL-1.3", + "GFDL-1.3-invariants-only", + "GFDL-1.3-invariants-or-later", + "GFDL-1.3-no-invariants-only", + "GFDL-1.3-no-invariants-or-later", + "GFDL-1.3-only", + "GFDL-1.3-or-later", + "GL2PS", + "GLWTPL", + "GPL-1.0", + "GPL-1.0+", + "GPL-1.0-only", + "GPL-1.0-or-later", + "GPL-2.0", + "GPL-2.0+", + "GPL-2.0-only", + "GPL-2.0-or-later", + "GPL-2.0-with-GCC-exception", + "GPL-2.0-with-autoconf-exception", + "GPL-2.0-with-bison-exception", + "GPL-2.0-with-classpath-exception", + "GPL-2.0-with-font-exception", + "GPL-3.0", + "GPL-3.0+", + "GPL-3.0-only", + "GPL-3.0-or-later", + "GPL-3.0-with-GCC-exception", + "GPL-3.0-with-autoconf-exception", + "Giftware", + "Glide", + "Glulxe", + "HPND", + "HPND-sell-variant", + "HTMLTIDY", + "HaskellReport", + "Hippocratic-2.1", + "IBM-pibs", + "ICU", + "IJG", + "IPA", + "IPL-1.0", + "ISC", + "ImageMagick", + "Imlib2", + "Info-ZIP", + "Intel", + "Intel-ACPI", + "Interbase-1.0", + "JPNIC", + "JSON", + "JasPer-2.0", + "LAL-1.2", + "LAL-1.3", + "LGPL-2.0", + "LGPL-2.0+", + "LGPL-2.0-only", + "LGPL-2.0-or-later", + "LGPL-2.1", + "LGPL-2.1+", + "LGPL-2.1-only", + "LGPL-2.1-or-later", + "LGPL-3.0", + "LGPL-3.0+", + "LGPL-3.0-only", + "LGPL-3.0-or-later", + "LGPLLR", + "LPL-1.0", + "LPL-1.02", + "LPPL-1.0", + "LPPL-1.1", + "LPPL-1.2", + "LPPL-1.3a", + "LPPL-1.3c", + "Latex2e", + "Leptonica", + "LiLiQ-P-1.1", + "LiLiQ-R-1.1", + "LiLiQ-Rplus-1.1", + "Libpng", + "Linux-OpenIB", + "MIT", + "MIT-0", + "MIT-CMU", + "MIT-advertising", + "MIT-enna", + "MIT-feh", + "MIT-open-group", + "MITNFA", + "MPL-1.0", + "MPL-1.1", + "MPL-2.0", + "MPL-2.0-no-copyleft-exception", + "MS-PL", + "MS-RL", + "MTLL", + "MakeIndex", + "MirOS", + "Motosoto", + "MulanPSL-1.0", + "MulanPSL-2.0", + "Multics", + "Mup", + "NASA-1.3", + "NBPL-1.0", + "NCGL-UK-2.0", + "NCSA", + "NGPL", + "NIST-PD", + "NIST-PD-fallback", + "NLOD-1.0", + "NLPL", + "NOSL", + "NPL-1.0", + "NPL-1.1", + "NPOSL-3.0", + "NRL", + "NTP", + "NTP-0", + "Naumen", + "Net-SNMP", + "NetCDF", + "Newsletr", + "Nokia", + "Noweb", + "Nunit", + "O-UDA-1.0", + "OCCT-PL", + "OCLC-2.0", + "ODC-By-1.0", + "ODbL-1.0", + "OFL-1.0", + "OFL-1.0-RFN", + "OFL-1.0-no-RFN", + "OFL-1.1", + "OFL-1.1-RFN", + "OFL-1.1-no-RFN", + "OGC-1.0", + "OGL-Canada-2.0", + "OGL-UK-1.0", + "OGL-UK-2.0", + "OGL-UK-3.0", + "OGTSL", + "OLDAP-1.1", + "OLDAP-1.2", + "OLDAP-1.3", + "OLDAP-1.4", + "OLDAP-2.0", + "OLDAP-2.0.1", + "OLDAP-2.1", + "OLDAP-2.2", + "OLDAP-2.2.1", + "OLDAP-2.2.2", + "OLDAP-2.3", + "OLDAP-2.4", + "OLDAP-2.5", + "OLDAP-2.6", + "OLDAP-2.7", + "OLDAP-2.8", + "OML", + "OPL-1.0", + "OSET-PL-2.1", + "OSL-1.0", + "OSL-1.1", + "OSL-2.0", + "OSL-2.1", + "OSL-3.0", + "OpenSSL", + "PDDL-1.0", + "PHP-3.0", + "PHP-3.01", + "PSF-2.0", + "Parity-6.0.0", + "Parity-7.0.0", + "Plexus", + "PolyForm-Noncommercial-1.0.0", + "PolyForm-Small-Business-1.0.0", + "PostgreSQL", + "Python-2.0", + "QPL-1.0", + "Qhull", + "RHeCos-1.1", + "RPL-1.1", + "RPL-1.5", + "RPSL-1.0", + "RSA-MD", + "RSCPL", + "Rdisc", + "Ruby", + "SAX-PD", + "SCEA", + "SGI-B-1.0", + "SGI-B-1.1", + "SGI-B-2.0", + "SHL-0.5", + "SHL-0.51", + "SISSL", + "SISSL-1.2", + "SMLNJ", + "SMPPL", + "SNIA", + "SPL-1.0", + "SSH-OpenSSH", + "SSH-short", + "SSPL-1.0", + "SWL", + "Saxpath", + "Sendmail", + "Sendmail-8.23", + "SimPL-2.0", + "Sleepycat", + "Spencer-86", + "Spencer-94", + "Spencer-99", + "StandardML-NJ", + "SugarCRM-1.1.3", + "TAPR-OHL-1.0", + "TCL", + "TCP-wrappers", + "TMate", + "TORQUE-1.1", + "TOSL", + "TU-Berlin-1.0", + "TU-Berlin-2.0", + "UCL-1.0", + "UPL-1.0", + "Unicode-DFS-2015", + "Unicode-DFS-2016", + "Unicode-TOU", + "Unlicense", + "VOSTROM", + "VSL-1.0", + "Vim", + "W3C", + "W3C-19980720", + "W3C-20150513", + "WTFPL", + "Watcom-1.0", + "Wsuipa", + "X11", + "XFree86-1.1", + "XSkat", + "Xerox", + "Xnet", + "YPL-1.0", + "YPL-1.1", + "ZPL-1.1", + "ZPL-2.0", + "ZPL-2.1", + "Zed", + "Zend-2.0", + "Zimbra-1.3", + "Zimbra-1.4", + "Zlib", + "blessing", + "bzip2-1.0.5", + "bzip2-1.0.6", + "copyleft-next-0.3.0", + "copyleft-next-0.3.1", + "curl", + "diffmark", + "dvipdfm", + "eCos-2.0", + "eGenix", + "etalab-2.0", + "gSOAP-1.3b", + "gnuplot", + "iMatix", + "libpng-2.0", + "libselinux-1.0", + "libtiff", + "mpich2", + "psfrag", + "psutils", + "wxWindows", + "xinetd", + "xpp", + "zlib-acknowledgement" + ] + ], + "type": "string" + }, + "log.LogEntry": { + "description": "LogEntry represents a single log line", + "properties": { + "level": { + "description": "Level is the log level.\n", + "type": "string" + }, + "log": { + "description": "Log is the log text.\n", + "type": "string" + }, + "time": { + "description": "Time is the log time.\n", + "format": "date-time", + "type": "string" + } + }, + "type": "object" + }, + "mitre.Technique": { + "description": "Technique is the MITRE framework attack technique", + "enum": [ + [ + "exploitationForPrivilegeEscalation", + "exploitPublicFacingApplication", + "applicationExploitRCE", + "networkServiceScanning", + "endpointDenialOfService", + "exfiltrationGeneral", + "systemNetworkConfigurationDiscovery", + "unsecuredCredentials", + "credentialDumping", + "systemInformationDiscovery", + "systemNetworkConnectionDiscovery", + "systemUserDiscovery", + "accountDiscovery", + "cloudInstanceMetadataAPI", + "accessKubeletMainAPI", + "queryKubeletReadonlyAPI", + "accessKubernetesAPIServer", + "softwareDeploymentTools", + "ingressToolTransfer", + "lateralToolTransfer", + "commandAndControlGeneral", + "resourceHijacking", + "manInTheMiddle", + "nativeBinaryExecution", + "foreignBinaryExecution", + "createAccount", + "accountManipulation", + "abuseElevationControlMechanisms", + "supplyChainCompromise", + "obfuscatedFiles", + "hijackExecutionFlow", + "impairDefences", + "scheduledTaskJob", + "exploitationOfRemoteServices", + "eventTriggeredExecution", + "accountAccessRemoval", + "privilegedContainer", + "writableVolumes", + "execIntoContainer", + "softwareDiscovery", + "createContainer", + "kubernetesSecrets", + "fileAndDirectoryDiscovery", + "masquerading", + "webShell", + "compileAfterDelivery" + ] + ], + "type": "string" + }, + "prisma.AlertIntegration": { + "description": "AlertIntegration has the relevant fields for Prisma Cloud defined integrations\nhttps://prisma.pan.dev/api/cloud/cspm/integrations#operation/get-all-integrations", + "properties": { + "id": { + "description": "ID of the integration in Prisma Cloud.\n", + "type": "string" + }, + "integrationConfig": { + "$ref": "#/components/schemas/prisma.IntegrationConfig" + }, + "integrationType": { + "description": "IntegrationType is the provider type.\n", + "type": "string" + }, + "name": { + "description": "Name of the integration in Prisma Cloud.\n", + "type": "string" + } + }, + "type": "object" + }, + "prisma.IntegrationConfig": { + "description": "IntegrationConfig holds the additional configuration data for each integration", + "properties": { + "accountId": { + "description": "SecurityHubAccountID is the AWS account ID.\n", + "type": "string" + }, + "regions": { + "description": "SecurityHubIntegrationRegions holds AWS account available regions.\n", + "items": { + "$ref": "#/components/schemas/prisma.SecurityHubIntegrationRegions" + }, + "type": "array" + }, + "tables": { + "description": "ServiceNowIntegrationConfig holds ServiceNow tables info.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + "type": "object" + }, + "prisma.SecurityHubIntegrationRegions": { + "description": "SecurityHubIntegrationRegions holds AWS Security Hub regions info", + "properties": { + "apiIdentifier": { + "description": "APIIdentifier represents the AWS region.\n", + "type": "string" + }, + "name": { + "description": "Name is the region name.\n", + "type": "string" + } + }, + "type": "object" + }, + "rbac.PermName": { + "description": "PermName is a name of permission to a single resource type", + "enum": [ + [ + "radarsContainers", + "radarsHosts", + "radarsServerless", + "radarsCloud", + "policyCodeRepos", + "policyContainers", + "policyHosts", + "policyServerless", + "policyCloud", + "policyComplianceCustomRules", + "policyRuntimeContainer", + "policyRuntimeHosts", + "policyRuntimeServerless", + "policyCustomRules", + "policyWAAS", + "policyCNNF", + "policyAccessDocker", + "policyAccessSecrets", + "policyAccessKubernetes", + "monitorVuln", + "monitorCompliance", + "monitorCodeRepos", + "monitorImages", + "monitorHosts", + "monitorServerless", + "monitorCloud", + "monitorCI", + "monitorRuntimeContainers", + "monitorRuntimeHosts", + "monitorRuntimeServerless", + "monitorRuntimeIncidents", + "sandbox", + "monitorWAAS", + "monitorCNNF", + "monitorAccessDocker", + "monitorAccessKubernetes", + "systemLogs", + "manageDefenders", + "manageAlerts", + "collections", + "manageCreds", + "authConfiguration", + "userManagement", + "systemOperations", + "privilegedOperations", + "downloads", + "accessUI", + "uIEventSubscriber", + "user", + "none" + ] + ], + "type": "string" + }, + "rbac.Permission": { + "description": "Permission is a named resource permission", + "properties": { + "name": { + "$ref": "#/components/schemas/rbac.PermName" + }, + "readWrite": { + "description": "ReadWrite indicates RW or RO permission.\n", + "type": "boolean" + } + }, + "type": "object" + }, + "rbac.Role": { + "description": "Role represents the role of a given user/group", + "properties": { + "description": { + "description": "Description is the role's description.\n", + "type": "string" + }, + "name": { + "description": "Name is the role name.\n", + "type": "string" + }, + "perms": { + "description": "Perms are the role resource permissions.\n", + "items": { + "$ref": "#/components/schemas/rbac.Permission" + }, + "type": "array" + }, + "system": { + "description": "System indicates predefined immutable system role.\n", + "type": "boolean" + } + }, + "type": "object" + }, + "runtime.AntiMalwareRule": { + "description": "AntiMalwareRule represents restrictions/suppression for suspected anti-malware", + "properties": { + "allowedProcesses": { + "description": "AllowedProcesses contains paths of files and processes for which we skip anti-malware checks.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "cryptoMiner": { + "$ref": "#/components/schemas/runtime.RuleEffect" + }, + "customFeed": { + "$ref": "#/components/schemas/runtime.RuleEffect" + }, + "deniedProcesses": { + "$ref": "#/components/schemas/runtime.DenyListRule" + }, + "detectCompilerGeneratedBinary": { + "description": "DetectCompilerGeneratedBinary represents what happens when a compiler service writes a binary.\n", + "type": "boolean" + }, + "encryptedBinaries": { + "$ref": "#/components/schemas/runtime.RuleEffect" + }, + "executionFlowHijack": { + "$ref": "#/components/schemas/runtime.RuleEffect" + }, + "intelligenceFeed": { + "$ref": "#/components/schemas/runtime.RuleEffect" + }, + "reverseShell": { + "$ref": "#/components/schemas/runtime.RuleEffect" + }, + "serviceUnknownOriginBinary": { + "$ref": "#/components/schemas/runtime.RuleEffect" + }, + "skipSSHTracking": { + "description": "SkipSSHTracking indicates whether host SSH tracking should be skipped.\n", + "type": "boolean" + }, + "suspiciousELFHeaders": { + "$ref": "#/components/schemas/runtime.RuleEffect" + }, + "tempFSProc": { + "$ref": "#/components/schemas/runtime.RuleEffect" + }, + "userUnknownOriginBinary": { + "$ref": "#/components/schemas/runtime.RuleEffect" + }, + "webShell": { + "$ref": "#/components/schemas/runtime.RuleEffect" + }, + "wildFireAnalysis": { + "$ref": "#/components/schemas/runtime.RuleEffect" + } + }, + "type": "object" + }, + "runtime.App": { + "description": "App represents the applications runtime data", + "properties": { + "listeningPorts": { + "description": "ListeningPorts represents the applications listening ports.\n", + "items": { + "$ref": "#/components/schemas/runtime.HostProfileListeningPort" + }, + "type": "array" + }, + "name": { + "description": "Name is the app name.\n", + "type": "string" + }, + "outgoingPorts": { + "description": "OutgoingPorts represents the applications outgoing ports.\n", + "items": { + "$ref": "#/components/schemas/runtime.HostProfileOutgoingPort" + }, + "type": "array" + }, + "processes": { + "description": "Processes is a list of the app's descendant processes.\n", + "items": { + "$ref": "#/components/schemas/runtime.ProfileProcess" + }, + "type": "array" + }, + "startupProcess": { + "$ref": "#/components/schemas/runtime.ProfileProcess" + } + }, + "type": "object" + }, + "runtime.AppEmbeddedPolicy": { + "description": "AppEmbeddedPolicy represents a runtime policy enforced for a given running resource", + "properties": { + "_id": { + "description": "Internal identifier.\n", + "type": "string" + }, + "rules": { + "description": "Rules in the policy.\n", + "items": { + "$ref": "#/components/schemas/runtime.AppEmbeddedPolicyRule" + }, + "type": "array" + } + }, + "type": "object" + }, + "runtime.AppEmbeddedPolicyRule": { + "description": "AppEmbeddedPolicyRule represents a single rule in the app embedded runtime policy", + "properties": { + "advancedProtection": { + "description": "Indicates whether advanced protection (e.g., custom or premium feeds for container, added whitelist rules for serverless) is enabled (true) or not (false).\n", + "type": "boolean" + }, + "collections": { + "description": "List of collections. Used to scope the rule.\n", + "items": { + "$ref": "#/components/schemas/collection.Collection" + }, + "type": "array" + }, + "customRules": { + "description": "List of custom runtime rules.\n", + "items": { + "$ref": "#/components/schemas/customrules.Ref" + }, + "type": "array" + }, + "disabled": { + "description": "Indicates if the rule is currently disabled (true) or not (false).\n", + "type": "boolean" + }, + "dns": { + "$ref": "#/components/schemas/runtime.DNSRule" + }, + "filesystem": { + "$ref": "#/components/schemas/runtime.FilesystemRule" + }, + "modified": { + "description": "Datetime when the rule was last modified.\n", + "format": "date-time", + "type": "string" + }, + "name": { + "description": "Name of the rule.\n", + "type": "string" + }, + "network": { + "$ref": "#/components/schemas/runtime.NetworkRule" + }, + "notes": { + "description": "Free-form text.\n", + "type": "string" + }, + "owner": { + "description": "User who created or last modified the rule.\n", + "type": "string" + }, + "previousName": { + "description": "Previous name of the rule. Required for rule renaming.\n", + "type": "string" + }, + "processes": { + "$ref": "#/components/schemas/runtime.ProcessesRule" + }, + "wildFireAnalysis": { + "$ref": "#/components/schemas/runtime.RuleEffect" + } + }, + "type": "object" + }, + "runtime.AppListeningPorts": { + "description": "AppListeningPorts is an association of an app and list of listening ports", + "properties": { + "app": { + "description": "App is the name of the app.\n", + "type": "string" + }, + "portsData": { + "$ref": "#/components/schemas/common.ProfilePortData" + } + }, + "type": "object" + }, + "runtime.ContainerCapabilities": { + "description": "ContainerCapabilities are a set of static capabilities for a given container", + "properties": { + "ci": { + "description": "CI indicates the container allowed to write binaries to disk and run them.\n", + "type": "boolean" + }, + "cloudMetadata": { + "description": "CloudMetadata indicates the given container can query cloud metadata api.\n", + "type": "boolean" + }, + "dnsCache": { + "description": "DNSCache are DNS services that are used by all the pods in the cluster.\n", + "type": "boolean" + }, + "dynamicDNSQuery": { + "description": "DynamicDNSQuery indicates capped behavioral dns queries.\n", + "type": "boolean" + }, + "dynamicFileCreation": { + "description": "DynamicFileCreation indicates capped behavioral filesystem paths.\n", + "type": "boolean" + }, + "dynamicProcessCreation": { + "description": "DynamicProcessCreation indicates capped behavioral processes.\n", + "type": "boolean" + }, + "k8s": { + "description": "Kubernetes indicates the given container can perform k8s networking tasks (e.g., contact to api server).\n", + "type": "boolean" + }, + "proxy": { + "description": "Proxy indicates the container can listen on any port and perform multiple outbound connection.\n", + "type": "boolean" + }, + "pullImage": { + "description": "PullImage indicates that the container is allowed pull images (might include files with high entropy).\n", + "type": "boolean" + }, + "sshd": { + "description": "Sshd indicates whether the container can run sshd process.\n", + "type": "boolean" + }, + "unpacker": { + "description": "Unpacker indicates the container is allowed to write shared libraries to disk.\n", + "type": "boolean" + } + }, + "type": "object" + }, + "runtime.ContainerDNSRule": { + "description": "ContainerDNSRule is the DNS runtime rule for container", + "properties": { + "defaultEffect": { + "$ref": "#/components/schemas/runtime.RuleEffect" + }, + "disabled": { + "description": "Disabled a global disable for the DNS rule.\n", + "type": "boolean" + }, + "domainList": { + "$ref": "#/components/schemas/runtime.DNSListRule" + } + }, + "type": "object" + }, + "runtime.ContainerFilesystemRule": { + "description": "ContainerFilesystemRule represents restrictions/suppression for filesystem changes", + "properties": { + "allowedList": { + "description": "AllowedList is the list of allowed file system path.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "backdoorFilesEffect": { + "$ref": "#/components/schemas/runtime.RuleEffect" + }, + "defaultEffect": { + "$ref": "#/components/schemas/runtime.RuleEffect" + }, + "deniedList": { + "$ref": "#/components/schemas/runtime.DenyListRule" + }, + "disabled": { + "description": "Disabled a global disable for the filesystem rule.\n", + "type": "boolean" + }, + "encryptedBinariesEffect": { + "$ref": "#/components/schemas/runtime.RuleEffect" + }, + "newFilesEffect": { + "$ref": "#/components/schemas/runtime.RuleEffect" + }, + "suspiciousELFHeadersEffect": { + "$ref": "#/components/schemas/runtime.RuleEffect" + } + }, + "type": "object" + }, + "runtime.ContainerNetworkRule": { + "description": "ContainerNetworkRule represents the restrictions/suppression for networking", + "properties": { + "allowedIPs": { + "description": "AllowedIPs the allow-listed IP addresses.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "defaultEffect": { + "$ref": "#/components/schemas/runtime.RuleEffect" + }, + "deniedIPs": { + "description": "DeniedIPs the deny-listed IP addresses.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "deniedIPsEffect": { + "$ref": "#/components/schemas/runtime.RuleEffect" + }, + "disabled": { + "description": "Disabled a global disable for the network rule.\n", + "type": "boolean" + }, + "listeningPorts": { + "$ref": "#/components/schemas/runtime.PortListRule" + }, + "modifiedProcEffect": { + "$ref": "#/components/schemas/runtime.RuleEffect" + }, + "outboundPorts": { + "$ref": "#/components/schemas/runtime.PortListRule" + }, + "portScanEffect": { + "$ref": "#/components/schemas/runtime.RuleEffect" + }, + "rawSocketsEffect": { + "$ref": "#/components/schemas/runtime.RuleEffect" + } + }, + "type": "object" + }, + "runtime.ContainerPolicy": { + "description": "ContainerPolicy represents a runtime policy enforced for a given running resource", + "properties": { + "_id": { + "description": "Internal identifier.\n", + "type": "string" + }, + "learningDisabled": { + "description": "Indicates whether automatic behavioural learning is enabled (true) or not (false).\n", + "type": "boolean" + }, + "rules": { + "description": "Rules in the policy.\n", + "items": { + "$ref": "#/components/schemas/runtime.ContainerPolicyRule" + }, + "type": "array" + } + }, + "type": "object" + }, + "runtime.ContainerPolicyRule": { + "description": "ContainerPolicyRule represents a single rule in the runtime policy", + "properties": { + "advancedProtectionEffect": { + "$ref": "#/components/schemas/runtime.RuleEffect" + }, + "cloudMetadataEnforcementEffect": { + "$ref": "#/components/schemas/runtime.RuleEffect" + }, + "collections": { + "description": "List of collections. Used to scope the rule.\n", + "items": { + "$ref": "#/components/schemas/collection.Collection" + }, + "type": "array" + }, + "customRules": { + "description": "List of custom runtime rules.\n", + "items": { + "$ref": "#/components/schemas/customrules.Ref" + }, + "type": "array" + }, + "disabled": { + "description": "Indicates if the rule is currently disabled (true) or not (false).\n", + "type": "boolean" + }, + "dns": { + "$ref": "#/components/schemas/runtime.ContainerDNSRule" + }, + "filesystem": { + "$ref": "#/components/schemas/runtime.ContainerFilesystemRule" + }, + "kubernetesEnforcementEffect": { + "$ref": "#/components/schemas/runtime.RuleEffect" + }, + "modified": { + "description": "Datetime when the rule was last modified.\n", + "format": "date-time", + "type": "string" + }, + "name": { + "description": "Name of the rule.\n", + "type": "string" + }, + "network": { + "$ref": "#/components/schemas/runtime.ContainerNetworkRule" + }, + "notes": { + "description": "Free-form text.\n", + "type": "string" + }, + "owner": { + "description": "User who created or last modified the rule.\n", + "type": "string" + }, + "previousName": { + "description": "Previous name of the rule. Required for rule renaming.\n", + "type": "string" + }, + "processes": { + "$ref": "#/components/schemas/runtime.ContainerProcessesRule" + }, + "skipExecSessions": { + "description": "Indicates whether to skip runtime validation for events triggered by docker/kubectl exec.\n", + "type": "boolean" + }, + "wildFireAnalysis": { + "$ref": "#/components/schemas/runtime.RuleEffect" + } + }, + "type": "object" + }, + "runtime.ContainerProcessesRule": { + "description": "ContainerProcessesRule represents restrictions/suppression for running processes", + "properties": { + "allowedList": { + "description": "AllowedList is the list of processes to allow.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "checkParentChild": { + "description": "Indicates whether checking for parent child relationship when comparing spawned processes in the model is enabled.\n", + "type": "boolean" + }, + "cryptoMinersEffect": { + "$ref": "#/components/schemas/runtime.RuleEffect" + }, + "defaultEffect": { + "$ref": "#/components/schemas/runtime.RuleEffect" + }, + "deniedList": { + "$ref": "#/components/schemas/runtime.DenyListRule" + }, + "disabled": { + "description": "Disabled a global disable for the processes rule.\n", + "type": "boolean" + }, + "lateralMovementEffect": { + "$ref": "#/components/schemas/runtime.RuleEffect" + }, + "modifiedProcessEffect": { + "$ref": "#/components/schemas/runtime.RuleEffect" + }, + "reverseShellEffect": { + "$ref": "#/components/schemas/runtime.RuleEffect" + }, + "suidBinariesEffect": { + "$ref": "#/components/schemas/runtime.RuleEffect" + } + }, + "type": "object" + }, + "runtime.ContainerProfileHost": { + "description": "ContainerProfileHost represents a host that runs a container with a specific profile ID", + "properties": { + "agentless": { + "description": "Agentless indicates if the host was scanned by agentless.\n", + "type": "boolean" + }, + "hostname": { + "description": "Hostname is the name of the host.\n", + "type": "string" + }, + "profileID": { + "description": "ProfileID is the profile ID that matches the container running in the host.\n", + "type": "string" + } + }, + "type": "object" + }, + "runtime.DNSListRule": { + "description": "DNSListRule represents an explicitly allowed/denied domains list rule", + "properties": { + "allowed": { + "description": "Allowed the allow-listed domain names.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "denied": { + "description": "Denied the deny-listed domain names.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "effect": { + "$ref": "#/components/schemas/runtime.RuleEffect" + } + }, + "type": "object" + }, + "runtime.DNSQuery": { + "description": "DNSQuery is the data of a DNS query", + "properties": { + "domainName": { + "description": "DomainName is the queried domain name.\n", + "type": "string" + }, + "domainType": { + "description": "DomainType is the queried domain type.\n", + "type": "string" + } + }, + "type": "object" + }, + "runtime.DNSRule": { + "description": "DNSRule is the DNS runtime rule", + "properties": { + "blacklist": { + "description": "List of deny-listed domain names (e.g., www.bad-url.com, *.bad-url.com).\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "effect": { + "$ref": "#/components/schemas/runtime.RuleEffect" + }, + "whitelist": { + "description": "List of allow-listed domain names (e.g., *.gmail.com, *.s3.*.amazon.com).\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + "type": "object" + }, + "runtime.DenyListRule": { + "description": "DenyListRule represents a rule containing paths of files and processes to alert/prevent and the required effect", + "properties": { + "effect": { + "$ref": "#/components/schemas/runtime.RuleEffect" + }, + "paths": { + "description": "Paths are the paths to alert/prevent when an event with one of the paths is triggered.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + "type": "object" + }, + "runtime.FSFileType": { + "description": "FSFileType represents the file type", + "type": "integer" + }, + "runtime.FileIntegrityRule": { + "description": "FileIntegrityRule represents a single file integrity monitoring rule", + "properties": { + "dir": { + "description": "Dir indicates that the path is a directory.\n", + "type": "boolean" + }, + "exclusions": { + "description": "Exclusions are filenames that should be ignored while generating audits\nThese filenames may contain a wildcard regex pattern, e.g. foo*.log, *.cache.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "metadata": { + "description": "Metadata indicates that metadata changes should be monitored (e.g. chmod, chown).\n", + "type": "boolean" + }, + "path": { + "description": "Path is the path to monitor.\n", + "type": "string" + }, + "procWhitelist": { + "description": "ProcWhitelist are the processes to ignore\nFilesystem events caused by these processes DO NOT generate file integrity events.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "read": { + "description": "Read indicates that reads operations should be monitored.\n", + "type": "boolean" + }, + "recursive": { + "description": "Recursive indicates that monitoring should be recursive.\n", + "type": "boolean" + }, + "write": { + "description": "Write indicates that write operations should be monitored.\n", + "type": "boolean" + } + }, + "type": "object" + }, + "runtime.FilesystemRule": { + "description": "FilesystemRule represents restrictions/suppression for filesystem changes", + "properties": { + "backdoorFiles": { + "description": "Monitors files that can create and/or persist backdoors (currently SSH and admin account config files) (true).\n", + "type": "boolean" + }, + "blacklist": { + "description": "List of denied file system path.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "checkNewFiles": { + "description": "Detects changes to binaries and certificates (true).\n", + "type": "boolean" + }, + "effect": { + "$ref": "#/components/schemas/runtime.RuleEffect" + }, + "skipEncryptedBinaries": { + "description": "Indicates that encrypted binaries check should be skipped.\n", + "type": "boolean" + }, + "suspiciousELFHeaders": { + "description": "Indicates whether malware detection based on suspicious ELF headers is enabled.\n", + "type": "boolean" + }, + "whitelist": { + "description": "List of allowed file system path.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + "type": "object" + }, + "runtime.GeoIP": { + "description": "GeoIP represents an ip address with it's origin country code", + "properties": { + "code": { + "description": "Code is the country iso code.\n", + "type": "string" + }, + "ip": { + "description": "IP is the ip address.\n", + "type": "string" + }, + "modified": { + "description": "Modified is the last modified time of this entry.\n", + "format": "date-time", + "type": "string" + } + }, + "type": "object" + }, + "runtime.HostDNSRule": { + "description": "HostDNSRule represents a host DNS runtime rule", + "properties": { + "allow": { + "description": "Allow is a list of user-defined domains to skip checks for.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "deny": { + "description": "Deny is a list of user-defined domains to deny.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "denyListEffect": { + "$ref": "#/components/schemas/runtime.RuleEffect" + }, + "intelligenceFeed": { + "$ref": "#/components/schemas/runtime.RuleEffect" + } + }, + "type": "object" + }, + "runtime.HostNetworkRule": { + "description": "HostNetworkRule represents the restrictions/suppression for host networking", + "properties": { + "allowedOutboundIPs": { + "description": "AllowedOutboundIPs is a list of IPs to skip checks for.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "customFeed": { + "$ref": "#/components/schemas/runtime.RuleEffect" + }, + "deniedListeningPorts": { + "description": "DeniedListeningPorts is a list of listening ports to deny.\n", + "items": { + "$ref": "#/components/schemas/common.PortRange" + }, + "type": "array" + }, + "deniedOutboundIPs": { + "description": "DeniedOutboundIPs is a list of outbound IPs to deny.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "deniedOutboundPorts": { + "description": "DeniedOutboundPorts is a list of outbound ports to deny.\n", + "items": { + "$ref": "#/components/schemas/common.PortRange" + }, + "type": "array" + }, + "denyListEffect": { + "$ref": "#/components/schemas/runtime.RuleEffect" + }, + "intelligenceFeed": { + "$ref": "#/components/schemas/runtime.RuleEffect" + } + }, + "type": "object" + }, + "runtime.HostPolicy": { + "description": "HostPolicy represents a host runtime policy enforced for a given running resource", + "properties": { + "_id": { + "description": "ID is the host runtime policy internal id.\n", + "type": "string" + }, + "owner": { + "description": "Owner is the host runtime policy owner.\n", + "type": "string" + }, + "rules": { + "description": "Rules is the list of host runtime rules.\n", + "items": { + "$ref": "#/components/schemas/runtime.HostPolicyRule" + }, + "type": "array" + } + }, + "type": "object" + }, + "runtime.HostPolicyRule": { + "description": "HostPolicyRule represents a single rule in the runtime policy", + "properties": { + "antiMalware": { + "$ref": "#/components/schemas/runtime.AntiMalwareRule" + }, + "collections": { + "description": "Collections is a list of collections the rule applies to.\n", + "items": { + "$ref": "#/components/schemas/collection.Collection" + }, + "type": "array" + }, + "customRules": { + "description": "CustomRules is a list of custom rules associated with the container runtime policy.\n", + "items": { + "$ref": "#/components/schemas/customrules.Ref" + }, + "type": "array" + }, + "disabled": { + "description": "Indicates if the rule is currently disabled (true) or not (false).\n", + "type": "boolean" + }, + "dns": { + "$ref": "#/components/schemas/runtime.HostDNSRule" + }, + "fileIntegrityRules": { + "description": "FileIntegrityRules are the file integrity monitoring rules.\n", + "items": { + "$ref": "#/components/schemas/runtime.FileIntegrityRule" + }, + "type": "array" + }, + "forensic": { + "$ref": "#/components/schemas/common.HostForensicSettings" + }, + "logInspectionRules": { + "description": "LogInspectionRules is a list of log inspection rules.\n", + "items": { + "$ref": "#/components/schemas/runtime.LogInspectionRule" + }, + "type": "array" + }, + "modified": { + "description": "Datetime when the rule was last modified.\n", + "format": "date-time", + "type": "string" + }, + "name": { + "description": "Name of the rule.\n", + "type": "string" + }, + "network": { + "$ref": "#/components/schemas/runtime.HostNetworkRule" + }, + "notes": { + "description": "Free-form text.\n", + "type": "string" + }, + "owner": { + "description": "User who created or last modified the rule.\n", + "type": "string" + }, + "previousName": { + "description": "Previous name of the rule. Required for rule renaming.\n", + "type": "string" + } + }, + "type": "object" + }, + "runtime.HostProfile": { + "description": "HostProfile represents a host runtime profile", + "properties": { + "_id": { + "description": "ID is the profile ID (hostname).\n", + "type": "string" + }, + "accountID": { + "description": "AccountID is the cloud account ID associated with the profile.\n", + "type": "string" + }, + "apps": { + "description": "Apps are the host's apps metadata.\n", + "items": { + "$ref": "#/components/schemas/runtime.App" + }, + "type": "array" + }, + "collections": { + "description": "Collections is a list of collections to which this profile applies.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "created": { + "description": "Created is the profile creation time.\n", + "format": "date-time", + "type": "string" + }, + "geoip": { + "$ref": "#/components/schemas/runtime.ProfileNetworkGeoIP" + }, + "hash": { + "$ref": "#/components/schemas/common.ProfileHash" + }, + "labels": { + "description": "Labels are the labels associated with the profile.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "sshEvents": { + "description": "SSHEvents represents a list SSH events occurred on the host.\n", + "items": { + "$ref": "#/components/schemas/runtime.SSHEvent" + }, + "type": "array" + }, + "time": { + "description": "Time is the last time when this profile was modified.\n", + "format": "date-time", + "type": "string" + } + }, + "type": "object" + }, + "runtime.HostProfileListeningPort": { + "description": "HostProfileListeningPort holds a metadata on listening port stored in host runtime profile", + "properties": { + "command": { + "description": "Command represents the command that triggered the connection.\n", + "type": "string" + }, + "modified": { + "description": "Modified is a timestamp of when the event occurred.\n", + "format": "date-time", + "type": "string" + }, + "port": { + "description": "Port is the port number.\n", + "type": "integer" + }, + "processPath": { + "description": "ProcessPath represents the path to the process that uses the port.\n", + "type": "string" + } + }, + "type": "object" + }, + "runtime.HostProfileOutgoingPort": { + "description": "HostProfileOutgoingPort holds a metadata on outgoing port stored in host runtime profile", + "properties": { + "command": { + "description": "Command represents the command that triggered the connection.\n", + "type": "string" + }, + "country": { + "description": "Country is the country ISO code for the given IP address.\n", + "type": "string" + }, + "ip": { + "description": "IP is the IP address captured over this port.\n", + "type": "string" + }, + "modified": { + "description": "Modified is a timestamp of when the event occurred.\n", + "format": "date-time", + "type": "string" + }, + "port": { + "description": "Port is the port number.\n", + "type": "integer" + }, + "processPath": { + "description": "ProcessPath represents the path to the process that uses the port.\n", + "type": "string" + } + }, + "type": "object" + }, + "runtime.LogInspectionRule": { + "description": "LogInspectionRule represents a single log inspection rule", + "properties": { + "path": { + "description": "Path is the log path.\n", + "type": "string" + }, + "regex": { + "description": "Regex are the regular expressions associated with the rule if it is a custom one.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + "type": "object" + }, + "runtime.NetworkRule": { + "description": "NetworkRule represents the restrictions/suppression for networking", + "properties": { + "blacklistIPs": { + "description": "Deny-listed IP addresses.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "blacklistListeningPorts": { + "description": "Deny-listed listening ports.\n", + "items": { + "$ref": "#/components/schemas/common.PortRange" + }, + "type": "array" + }, + "blacklistOutboundPorts": { + "description": "Deny-listed outbound ports.\n", + "items": { + "$ref": "#/components/schemas/common.PortRange" + }, + "type": "array" + }, + "effect": { + "$ref": "#/components/schemas/runtime.RuleEffect" + }, + "whitelistIPs": { + "description": "Allow-listed IP addresses.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "whitelistListeningPorts": { + "description": "Allow-listed listening ports.\n", + "items": { + "$ref": "#/components/schemas/common.PortRange" + }, + "type": "array" + }, + "whitelistOutboundPorts": { + "description": "Allow-listed outbound ports.\n", + "items": { + "$ref": "#/components/schemas/common.PortRange" + }, + "type": "array" + } + }, + "type": "object" + }, + "runtime.PortListRule": { + "description": "PortListRule represents a rule containing ports to allowed/denied and the required effect", + "properties": { + "allowed": { + "description": "Allowed the allow-listed listening ports.\n", + "items": { + "$ref": "#/components/schemas/common.PortRange" + }, + "type": "array" + }, + "denied": { + "description": "Denied the deny-listed listening ports.\n", + "items": { + "$ref": "#/components/schemas/common.PortRange" + }, + "type": "array" + }, + "effect": { + "$ref": "#/components/schemas/runtime.RuleEffect" + } + }, + "type": "object" + }, + "runtime.ProcessesRule": { + "description": "ProcessesRule represents restrictions/suppression for running processes", + "properties": { + "blacklist": { + "description": "List of processes to deny.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "blockAllBinaries": { + "description": "Indicates that all processes are blocked except the main process.\n", + "type": "boolean" + }, + "checkCryptoMiners": { + "description": "Detect crypto miners.\n", + "type": "boolean" + }, + "checkLateralMovement": { + "description": "Indicates whether dectection of processes that can be used for lateral movement exploits is enabled.\n", + "type": "boolean" + }, + "checkNewBinaries": { + "description": "Indicates whether binaries which do not belong to the original image are allowed to run.\n", + "type": "boolean" + }, + "effect": { + "$ref": "#/components/schemas/runtime.RuleEffect" + }, + "skipModified": { + "description": "Indicates whether to trigger audits/incidents when a modified proc is spawned.\n", + "type": "boolean" + }, + "whitelist": { + "description": "List of processes to allow.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + "type": "object" + }, + "runtime.ProfileFilesystem": { + "description": "ProfileFilesystem defines the filesystem features profile", + "properties": { + "behavioral": { + "description": "Behavioral is filesystem data learned from behavioral analysis.\n", + "items": { + "$ref": "#/components/schemas/runtime.ProfileFilesystemPath" + }, + "type": "array" + }, + "static": { + "description": "Static is filesystem data learned from static analysis.\n", + "items": { + "$ref": "#/components/schemas/runtime.ProfileFilesystemPath" + }, + "type": "array" + } + }, + "type": "object" + }, + "runtime.ProfileFilesystemPath": { + "description": "ProfileFilesystemPath represents the filesystem static data", + "properties": { + "mount": { + "description": "Mount indicates whether the given folder is a mount.\n", + "type": "boolean" + }, + "path": { + "description": "Path is the file path.\n", + "type": "string" + }, + "process": { + "description": "Process is the process that accessed the file.\n", + "type": "string" + }, + "time": { + "description": "Time is the time in which the file was added.\n", + "format": "date-time", + "type": "string" + } + }, + "type": "object" + }, + "runtime.ProfileNetwork": { + "description": "ProfileNetwork represents networking data that is learned", + "properties": { + "behavioral": { + "$ref": "#/components/schemas/runtime.ProfileNetworkBehavioral" + }, + "geoip": { + "$ref": "#/components/schemas/runtime.ProfileNetworkGeoIP" + }, + "static": { + "$ref": "#/components/schemas/runtime.ProfileNetworkStatic" + } + }, + "type": "object" + }, + "runtime.ProfileNetworkBehavioral": { + "description": "ProfileNetworkBehavioral represents the behavioral data learned for networking", + "properties": { + "dnsQueries": { + "description": "DNSQueries is the learned DNS queries.\n", + "items": { + "$ref": "#/components/schemas/runtime.DNSQuery" + }, + "type": "array" + }, + "listeningPorts": { + "description": "Listening is the learned listening ports.\n", + "items": { + "$ref": "#/components/schemas/runtime.AppListeningPorts" + }, + "type": "array" + }, + "outboundPorts": { + "$ref": "#/components/schemas/common.ProfilePortData" + } + }, + "type": "object" + }, + "runtime.ProfileNetworkGeoIP": { + "description": "ProfileNetworkGeoIP represents a cache of last ip-country pairs attached to each profile", + "properties": { + "countries": { + "description": "Countries is a list of ip addresses with their corresponding country codes.\n", + "items": { + "$ref": "#/components/schemas/runtime.GeoIP" + }, + "type": "array" + }, + "modified": { + "description": "Modified is the last modified time of the cache.\n", + "format": "date-time", + "type": "string" + } + }, + "type": "object" + }, + "runtime.ProfileNetworkStatic": { + "description": "ProfileNetworkStatic represent the static section of the networking profile", + "properties": { + "listeningPorts": { + "description": "Listening are the listening ports learned by static analysis.\n", + "items": { + "$ref": "#/components/schemas/runtime.AppListeningPorts" + }, + "type": "array" + } + }, + "type": "object" + }, + "runtime.ProfileProcess": { + "description": "ProfileProcess represents a single process data", + "properties": { + "command": { + "description": "Command is the executed command.\n", + "type": "string" + }, + "interactive": { + "description": "Interactive indicates whether the process belongs to an interactive session.\n", + "type": "boolean" + }, + "md5": { + "description": "MD5 is the process binary MD5 sum.\n", + "type": "string" + }, + "modified": { + "description": "Modified indicates the process binary was modified after the container has started.\n", + "type": "boolean" + }, + "path": { + "description": "Path is the process binary path.\n", + "type": "string" + }, + "ppath": { + "description": "PPath is the parent process path.\n", + "type": "string" + }, + "time": { + "description": "Time is the time in which the process was added. If the process was modified, Time is the modification time.\n", + "format": "date-time", + "type": "string" + }, + "user": { + "description": "User represents the username that started the process.\n", + "type": "string" + } + }, + "type": "object" + }, + "runtime.ProfileProcesses": { + "description": "ProfileProcesses represents the process data that is learned for a specific image", + "properties": { + "behavioral": { + "description": "Behavioral are process details learned from behavioral analysis.\n", + "items": { + "$ref": "#/components/schemas/runtime.ProfileProcess" + }, + "type": "array" + }, + "static": { + "description": "Static are process details learned from static analysis.\n", + "items": { + "$ref": "#/components/schemas/runtime.ProfileProcess" + }, + "type": "array" + } + }, + "type": "object" + }, + "runtime.RuleEffect": { + "description": "RuleEffect is the effect that will be used in the runtime rule", + "enum": [ + [ + "block", + "prevent", + "alert", + "disable" + ] + ], + "type": "string" + }, + "runtime.SSHEvent": { + "description": "SSHEvent represents an SSH event data", + "properties": { + "command": { + "description": "Command is the executed command.\n", + "type": "string" + }, + "country": { + "description": "Country represents the SSH client's origin country.\n", + "type": "string" + }, + "interactive": { + "description": "Interactive indicates whether the process belongs to an interactive session.\n", + "type": "boolean" + }, + "ip": { + "description": "IP address represents the connection client IP address.\n", + "type": "integer" + }, + "loginTime": { + "description": "LoginTime represents the SSH login time.\n", + "format": "int64", + "type": "integer" + }, + "md5": { + "description": "MD5 is the process binary MD5 sum.\n", + "type": "string" + }, + "modified": { + "description": "Modified indicates the process binary was modified after the container has started.\n", + "type": "boolean" + }, + "path": { + "description": "Path is the process binary path.\n", + "type": "string" + }, + "ppath": { + "description": "PPath is the parent process path.\n", + "type": "string" + }, + "time": { + "description": "Time is the time in which the process was added. If the process was modified, Time is the modification time.\n", + "format": "date-time", + "type": "string" + }, + "user": { + "description": "User represents the username that started the process.\n", + "type": "string" + } + }, + "type": "object" + }, + "runtime.SecretScrubbingSpec": { + "description": "SecretScrubbingSpec defined a single runtime secret scrubbing specification", + "properties": { + "disabled": { + "description": "Indicates if the rule is currently disabled (true) or not (false).\n", + "type": "boolean" + }, + "modified": { + "description": "Datetime when the rule was last modified.\n", + "format": "date-time", + "type": "string" + }, + "name": { + "description": "Name of the rule.\n", + "type": "string" + }, + "notes": { + "description": "Free-form text.\n", + "type": "string" + }, + "owner": { + "description": "User who created or last modified the rule.\n", + "type": "string" + }, + "pattern": { + "description": "Pattern is the regex pattern to mask sensitive data.\n", + "type": "string" + }, + "placeholder": { + "description": "Placeholder is the placeholder text to replace the matched field content.\n", + "type": "string" + }, + "previousName": { + "description": "Previous name of the rule. Required for rule renaming.\n", + "type": "string" + } + }, + "type": "object" + }, + "runtime.ServerlessPolicy": { + "description": "ServerlessPolicy represents a serverless runtime policy enforced for a given running resource", + "properties": { + "_id": { + "description": "Internal identifier.\n", + "type": "string" + }, + "learningDisabled": { + "description": "Indicates whether automatic behavioural learning is enabled (true) or not (false).\n", + "type": "boolean" + }, + "rules": { + "description": "Rules in the policy.\n", + "items": { + "$ref": "#/components/schemas/runtime.ServerlessPolicyRule" + }, + "type": "array" + } + }, + "type": "object" + }, + "runtime.ServerlessPolicyRule": { + "description": "ServerlessPolicyRule represents a single rule in the serverless runtime policy", + "properties": { + "advancedProtection": { + "description": "Indicates whether advanced protection (e.g., custom or premium feeds for container, added whitelist rules for serverless) is enabled (true) or not (false).\n", + "type": "boolean" + }, + "cloudMetadataEnforcement": { + "description": "Catches containers that access the cloud provider metadata API.\n", + "type": "boolean" + }, + "collections": { + "description": "List of collections. Used to scope the rule.\n", + "items": { + "$ref": "#/components/schemas/collection.Collection" + }, + "type": "array" + }, + "customRules": { + "description": "List of custom runtime rules.\n", + "items": { + "$ref": "#/components/schemas/customrules.Ref" + }, + "type": "array" + }, + "disabled": { + "description": "Indicates if the rule is currently disabled (true) or not (false).\n", + "type": "boolean" + }, + "dns": { + "$ref": "#/components/schemas/runtime.DNSRule" + }, + "filesystem": { + "$ref": "#/components/schemas/runtime.FilesystemRule" + }, + "kubernetesEnforcement": { + "description": "Detects containers that attempt to compromise the orchestrator.\n", + "type": "boolean" + }, + "modified": { + "description": "Datetime when the rule was last modified.\n", + "format": "date-time", + "type": "string" + }, + "name": { + "description": "Name of the rule.\n", + "type": "string" + }, + "network": { + "$ref": "#/components/schemas/runtime.NetworkRule" + }, + "notes": { + "description": "Free-form text.\n", + "type": "string" + }, + "owner": { + "description": "User who created or last modified the rule.\n", + "type": "string" + }, + "previousName": { + "description": "Previous name of the rule. Required for rule renaming.\n", + "type": "string" + }, + "processes": { + "$ref": "#/components/schemas/runtime.ProcessesRule" + }, + "skipExecSessions": { + "description": "Indicates whether to skip runtime validation for events triggered by docker/kubectl exec.\n", + "type": "boolean" + }, + "wildFireAnalysis": { + "$ref": "#/components/schemas/runtime.RuleEffect" + } + }, + "type": "object" + }, + "sandbox.ConnectionEvent": { + "description": "ConnectionEvent represents a network connection event", + "properties": { + "countryCode": { + "description": "CountryCode is the country code for the network IP.\n", + "type": "string" + }, + "ip": { + "description": "IP is the network IP.\n", + "type": "string" + }, + "port": { + "description": "Port is the network port.\n", + "type": "integer" + }, + "process": { + "$ref": "#/components/schemas/sandbox.ProcessEvent" + }, + "protocol": { + "description": "Protocol is the transport layer protocol (UDP / TCP).\n", + "type": "string" + }, + "time": { + "description": "Time is the event time.\n", + "format": "date-time", + "type": "string" + } + }, + "type": "object" + }, + "sandbox.DNSQueryEvent": { + "description": "DNSQueryEvent represents a DNS query event with it's connection details", + "properties": { + "countryCode": { + "description": "CountryCode is the country code for the network IP.\n", + "type": "string" + }, + "domainName": { + "description": "DomainName is the domain name for a DNS query.\n", + "type": "string" + }, + "domainType": { + "description": "DomainType is the domain type for a DNS query.\n", + "type": "string" + }, + "ip": { + "description": "IP is the network IP.\n", + "type": "string" + }, + "process": { + "$ref": "#/components/schemas/sandbox.ProcessEvent" + }, + "time": { + "description": "Time is the event time.\n", + "format": "date-time", + "type": "string" + } + }, + "type": "object" + }, + "sandbox.Event": { + "description": "Event is a single event in a chain that lead to finding detection", + "properties": { + "description": { + "description": "Description describes what happened in the event.\n", + "type": "string" + }, + "time": { + "description": "Time is the time of event detection.\n", + "format": "date-time", + "type": "string" + } + }, + "type": "object" + }, + "sandbox.FilesystemAccessType": { + "description": "FilesystemAccessType represents a type of accessing a file", + "enum": [ + [ + "open", + "modify", + "create" + ] + ], + "type": "string" + }, + "sandbox.FilesystemEvent": { + "description": "FilesystemEvent represents a filesystem event during sandbox scan", + "properties": { + "accessType": { + "$ref": "#/components/schemas/sandbox.FilesystemAccessType" + }, + "path": { + "description": "Path is the file path.\n", + "type": "string" + }, + "process": { + "$ref": "#/components/schemas/sandbox.ProcessEvent" + }, + "time": { + "description": "Time is the event time.\n", + "format": "date-time", + "type": "string" + } + }, + "type": "object" + }, + "sandbox.Finding": { + "description": "Finding represents a finding detected during sandbox scan", + "properties": { + "description": { + "description": "Description is the finding description.\n", + "type": "string" + }, + "events": { + "description": "Events are the events that lead to the finding detection.\n", + "items": { + "$ref": "#/components/schemas/sandbox.Event" + }, + "type": "array" + }, + "severity": { + "$ref": "#/components/schemas/sandbox.FindingSeverity" + }, + "time": { + "description": "Time is the detection time (time of triggering event).\n", + "format": "date-time", + "type": "string" + }, + "type": { + "$ref": "#/components/schemas/sandbox.FindingType" + } + }, + "type": "object" + }, + "sandbox.FindingSeverity": { + "description": "FindingSeverity represents a finding severity level", + "enum": [ + [ + "critical", + "high", + "medium", + "low" + ] + ], + "type": "string" + }, + "sandbox.FindingType": { + "description": "FindingType represents a unique sandbox-detected finding type", + "enum": [ + [ + "dropper", + "modifiedBinary", + "executableCreation", + "filelessExecutableCreation", + "wildFireMalware", + "verticalPortScan", + "cryptoMiner", + "suspiciousELFHeader", + "kernelModule", + "modifiedBinaryExecution", + "filelessExecution" + ] + ], + "type": "string" + }, + "sandbox.ListeningEvent": { + "description": "ListeningEvent represents a network listening event", + "properties": { + "port": { + "description": "Port is the network port.\n", + "type": "integer" + }, + "process": { + "$ref": "#/components/schemas/sandbox.ProcessEvent" + }, + "time": { + "description": "Time is the event time.\n", + "format": "date-time", + "type": "string" + } + }, + "type": "object" + }, + "sandbox.ProcessEvent": { + "description": "ProcessEvent represents a process event during sandbox scan", + "properties": { + "command": { + "description": "Command is the command line.\n", + "type": "string" + }, + "md5": { + "description": "MD5 is the md5 hash for the process binary.\n", + "type": "string" + }, + "parent": { + "$ref": "#/components/schemas/sandbox.ProcessInfo" + }, + "path": { + "description": "Path is the binary path.\n", + "type": "string" + }, + "time": { + "description": "Time is the process start time.\n", + "format": "date-time", + "type": "string" + }, + "user": { + "description": "User is the username/id.\n", + "type": "string" + } + }, + "type": "object" + }, + "sandbox.ProcessInfo": { + "description": "ProcessInfo holds process information", + "properties": { + "command": { + "description": "Command is the command line.\n", + "type": "string" + }, + "md5": { + "description": "MD5 is the md5 hash for the process binary.\n", + "type": "string" + }, + "path": { + "description": "Path is the binary path.\n", + "type": "string" + }, + "time": { + "description": "Time is the process start time.\n", + "format": "date-time", + "type": "string" + }, + "user": { + "description": "User is the username/id.\n", + "type": "string" + } + }, + "type": "object" + }, + "sandbox.ScanResult": { + "description": "ScanResult represents sandbox scan results", + "properties": { + "_id": { + "description": "ID is a unique scan identifier.\n", + "type": "string" + }, + "collections": { + "description": "Collections to which this result applies.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "connection": { + "description": "Connection is a list of connection events detected during this scan.\n", + "items": { + "$ref": "#/components/schemas/sandbox.ConnectionEvent" + }, + "type": "array" + }, + "dns": { + "description": "DNS is a list of DNS queries detected during this scan.\n", + "items": { + "$ref": "#/components/schemas/sandbox.DNSQueryEvent" + }, + "type": "array" + }, + "entrypoint": { + "description": "Entrypoint is the command executed in the sandbox scan.\n", + "type": "string" + }, + "filesystem": { + "description": "Filesystem is a list of filesystem events detected during this scan.\n", + "items": { + "$ref": "#/components/schemas/sandbox.FilesystemEvent" + }, + "type": "array" + }, + "findings": { + "description": "Findings are the detected findings during scan.\n", + "items": { + "$ref": "#/components/schemas/sandbox.Finding" + }, + "type": "array" + }, + "image": { + "$ref": "#/components/schemas/shared.ImageInfo" + }, + "imageName": { + "description": "ImageName is the image name (e.g. registry/repo:tag).\n", + "type": "string" + }, + "listening": { + "description": "Listening is a list of listening events detected during this scan.\n", + "items": { + "$ref": "#/components/schemas/sandbox.ListeningEvent" + }, + "type": "array" + }, + "pass": { + "description": "Pass indicates if the scan passed or failed.\n", + "type": "boolean" + }, + "procs": { + "description": "Procs are the different detected process during this scan.\n", + "items": { + "$ref": "#/components/schemas/sandbox.ProcessEvent" + }, + "type": "array" + }, + "riskScore": { + "description": "RiskScore is the weighted total risk score.\n", + "format": "double", + "type": "number" + }, + "scanDuration": { + "description": "ScanDuration is the provided scan duration in nanoseconds.\n", + "format": "int64", + "type": "integer" + }, + "scanTime": { + "description": "Start is the scan start time.\n", + "format": "date-time", + "type": "string" + }, + "suspiciousFiles": { + "description": "SuspiciousFiles are suspicious files detected during scan.\n", + "items": { + "$ref": "#/components/schemas/sandbox.SuspiciousFile" + }, + "type": "array" + } + }, + "type": "object" + }, + "sandbox.SuspiciousFile": { + "description": "SuspiciousFile represents a suspicious file", + "properties": { + "containerPath": { + "description": "ContainerPath is the path of the file in the running container.\n", + "type": "string" + }, + "created": { + "description": "Created indicates if the file was created during runtime.\n", + "type": "boolean" + }, + "md5": { + "description": "MD5 is the file MD5 hash.\n", + "type": "string" + }, + "path": { + "description": "Path is the path to the copy of the file.\n", + "type": "string" + } + }, + "type": "object" + }, + "serverless.ActionResources": { + "description": "ActionResources is a single action resources", + "properties": { + "resources": { + "description": "Resources are the resources granted to the action.\n", + "items": { + "$ref": "#/components/schemas/serverless.Resource" + }, + "type": "array" + }, + "serviceAPI": { + "$ref": "#/components/schemas/serverless.ServiceAPI" + } + }, + "type": "object" + }, + "serverless.AssociatedVersion": { + "description": "AssociatedVersion is a single function version associated with the alias", + "properties": { + "version": { + "description": "Version is the function version.\n", + "type": "string" + }, + "weight": { + "description": "Weight is the possibility that the function will be called when triggering the alias.\n", + "type": "string" + } + }, + "type": "object" + }, + "serverless.Condition": { + "description": "Condition contains limitations on resources, such as a specific prefix", + "properties": { + "conditions": { + "description": "Conditions contain the limitations.\n", + "items": { + "$ref": "#/components/schemas/shared.KeyValues" + }, + "type": "array" + }, + "name": { + "description": "Condition in AWS such as: StringLike, StringNotLike, StringEquals, StringNotEquals, StringEqualsIgnoreCase, StringNotEqualsIgnoreCase, ForAllValues:StringLike,...\n", + "type": "string" + } + }, + "type": "object" + }, + "serverless.FunctionInfo": { + "description": "FunctionInfo contains function information collected during function scan", + "properties": { + "Secrets": { + "description": "Secrets are paths to embedded secrets inside the image\nNote: capital letter JSON annotation is kept to avoid converting all images for backward-compatibility support.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "_id": { + "description": "ID of the function.\n", + "type": "string" + }, + "accountID": { + "description": "Cloud account ID.\n", + "type": "string" + }, + "allCompliance": { + "$ref": "#/components/schemas/vuln.AllCompliance" + }, + "applicationName": { + "description": "Name of the application with which the function is associated.\n", + "type": "string" + }, + "applications": { + "description": "Products in the image.\n", + "items": { + "$ref": "#/components/schemas/vuln.Application" + }, + "type": "array" + }, + "architecture": { + "description": "Architecture that the function supports.\n", + "type": "string" + }, + "baseImage": { + "description": "Image\u2019s base image name. Used when filtering the vulnerabilities by base images.\n", + "type": "string" + }, + "binaries": { + "description": "Binaries in the image.\n", + "items": { + "$ref": "#/components/schemas/shared.Binary" + }, + "type": "array" + }, + "cloudControllerAddress": { + "description": "Address of the TAS cloud controller API.\n", + "type": "string" + }, + "cloudMetadata": { + "$ref": "#/components/schemas/common.CloudMetadata" + }, + "clusterType": { + "$ref": "#/components/schemas/common.ClusterType" + }, + "clusters": { + "description": "Cluster names.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "collections": { + "description": "Matched function collections.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "complianceDistribution": { + "$ref": "#/components/schemas/vuln.Distribution" + }, + "complianceIssues": { + "description": "All the compliance issues.\n", + "items": { + "$ref": "#/components/schemas/vuln.Vulnerability" + }, + "type": "array" + }, + "complianceIssuesCount": { + "description": "Number of compliance issues.\n", + "type": "integer" + }, + "complianceRiskScore": { + "description": "Compliance risk score for the image.\n", + "format": "float", + "type": "number" + }, + "creationTime": { + "description": "Specifies the time of creation for the latest version of the image.\n", + "format": "date-time", + "type": "string" + }, + "defended": { + "description": "Indicates status of runtime defense. Covers both manually and automatically deployed function defense.\n", + "type": "boolean" + }, + "defenderLayerARN": { + "description": "Prisma Defender Layer ARN, if it exists.\n", + "type": "string" + }, + "description": { + "description": "User-provided description of the function.\n", + "type": "string" + }, + "distro": { + "description": "Full name of the distribution.\n", + "type": "string" + }, + "ecsClusterName": { + "description": "ECS cluster name.\n", + "type": "string" + }, + "envvars": { + "description": "Function environment variables.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "err": { + "description": "Description of an error that occurred during the scan.\n", + "type": "string" + }, + "externalLabels": { + "description": "Kubernetes external labels of all containers running this image.\n", + "items": { + "$ref": "#/components/schemas/common.ExternalLabel" + }, + "type": "array" + }, + "files": { + "description": "Files in the container.\n", + "items": { + "$ref": "#/components/schemas/shared.FileDetails" + }, + "type": "array" + }, + "firstScanTime": { + "description": "Specifies the time of the scan for the first version of the image. This time is preserved even after the version update.\n", + "format": "date-time", + "type": "string" + }, + "functionLayers": { + "description": "Layer ARNs used by this function.\n", + "items": { + "$ref": "#/components/schemas/serverless.LayerInfo" + }, + "type": "array" + }, + "functionTags": { + "description": "Cloud provider metadata tags.\n", + "items": { + "$ref": "#/components/schemas/common.ExternalLabel" + }, + "type": "array" + }, + "handler": { + "description": "Handler is the function handler.\n", + "type": "string" + }, + "hash": { + "description": "Hash of the function.\n", + "type": "string" + }, + "history": { + "description": "Docker image history.\n", + "items": { + "$ref": "#/components/schemas/shared.ImageHistory" + }, + "type": "array" + }, + "hostDevices": { + "description": "Map from host network device name to IP address.\n", + "items": { + "$ref": "#/components/schemas/common.NetworkDeviceIP" + }, + "type": "array" + }, + "hostname": { + "description": "Hostname of the scanner.\n", + "type": "string" + }, + "id": { + "description": "Image ID.\n", + "type": "string" + }, + "image": { + "$ref": "#/components/schemas/shared.Image" + }, + "installedProducts": { + "$ref": "#/components/schemas/shared.InstalledProducts" + }, + "invocations": { + "description": "Invocations is the function invocation count.\n", + "format": "double", + "type": "number" + }, + "isARM64": { + "description": "IsARM64 indicates if the architecture of the image is aarch64.\n", + "type": "boolean" + }, + "k8sClusterAddr": { + "description": "Endpoint of the Kubernetes API server.\n", + "type": "string" + }, + "labels": { + "description": "Image labels.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "lastModified": { + "description": "Date/time when the function was last modified.\n", + "format": "date-time", + "type": "string" + }, + "layers": { + "description": "Image's filesystem layers. Each layer is a SHA256 digest of the filesystem diff\nSee: https://windsock.io/explaining-docker-image-ids/.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "memory": { + "description": "Memory size, in MB, configured for the function.\n", + "format": "int64", + "type": "integer" + }, + "missingDistroVulnCoverage": { + "description": "Indicates if the image OS is covered in the IS (true) or not (false).\n", + "type": "boolean" + }, + "name": { + "description": "Name of the function.\n", + "type": "string" + }, + "namespaces": { + "description": "k8s namespaces of all the containers running this image.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "osDistro": { + "description": "Name of the OS distribution.\n", + "type": "string" + }, + "osDistroRelease": { + "description": "OS distribution release.\n", + "type": "string" + }, + "osDistroVersion": { + "description": "OS distribution version.\n", + "type": "string" + }, + "packageCorrelationDone": { + "description": "PackageCorrelationDone indicates that the correlation to OS packages has been done.\n", + "type": "boolean" + }, + "packageManager": { + "description": "Indicates if the package manager is installed for the OS.\n", + "type": "boolean" + }, + "packages": { + "description": "Packages which exist in the image.\n", + "items": { + "$ref": "#/components/schemas/shared.Packages" + }, + "type": "array" + }, + "platform": { + "description": "Platform is the function OS.\n", + "type": "string" + }, + "provider": { + "$ref": "#/components/schemas/common.CloudProvider" + }, + "pushTime": { + "description": "PushTime is the image push time to the registry.\n", + "format": "date-time", + "type": "string" + }, + "region": { + "description": "Function's region.\n", + "type": "string" + }, + "registryNamespace": { + "description": "IBM cloud namespace to which the image belongs.\n", + "type": "string" + }, + "registryType": { + "description": "RegistryType indicates the registry type where the image is stored.\n", + "type": "string" + }, + "repoDigests": { + "description": "Digests of the image. Used for content trust (notary). Has one digest per tag.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "repoTag": { + "$ref": "#/components/schemas/shared.ImageTag" + }, + "resourceGroupName": { + "description": "Name of the resource group to which the resource belongs (only for Azure).\n", + "type": "string" + }, + "rhelRepos": { + "description": "RhelRepositories are the (RPM) repositories IDs from which the packages in this image were installed\nUsed for matching vulnerabilities by Red Hat CPEs.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "riskFactors": { + "$ref": "#/components/schemas/vuln.RiskFactors" + }, + "role": { + "description": "AWS execution role.\n", + "type": "string" + }, + "runtime": { + "description": "Runtime environment for the function (e.g., nodejs).\n", + "type": "string" + }, + "scanBuildDate": { + "description": "Scanner build date that published the image.\n", + "type": "string" + }, + "scanTime": { + "description": "Date/time when the scan of the function was performed.\n", + "format": "date-time", + "type": "string" + }, + "scanVersion": { + "description": "Scanner version that published the image.\n", + "type": "string" + }, + "scannerVersion": { + "description": "Scanner version.\n", + "type": "string" + }, + "startupBinaries": { + "description": "Binaries which are expected to run when the container is created from this image.\n", + "items": { + "$ref": "#/components/schemas/shared.Binary" + }, + "type": "array" + }, + "status": { + "description": "Status of the function (e.g., running).\n", + "type": "string" + }, + "tags": { + "description": "Tags associated with the given image.\n", + "items": { + "$ref": "#/components/schemas/shared.ImageTag" + }, + "type": "array" + }, + "timeout": { + "description": "Function execution time at which the function will be terminated.\n", + "format": "int64", + "type": "integer" + }, + "topLayer": { + "description": "SHA256 of the image's last layer that is the last element of the Layers field.\n", + "type": "string" + }, + "twistlockImage": { + "description": "Indicates if the image is a Twistlock image (true) or not (false).\n", + "type": "boolean" + }, + "type": { + "$ref": "#/components/schemas/shared.ScanType" + }, + "version": { + "description": "Version of the function.\n", + "type": "string" + }, + "vulnerabilities": { + "description": "CVE vulnerabilities of the image.\n", + "items": { + "$ref": "#/components/schemas/vuln.Vulnerability" + }, + "type": "array" + }, + "vulnerabilitiesCount": { + "description": "Total number of vulnerabilities.\n", + "type": "integer" + }, + "vulnerabilityDistribution": { + "$ref": "#/components/schemas/vuln.Distribution" + }, + "vulnerabilityRiskScore": { + "description": "Image's CVE risk score.\n", + "format": "float", + "type": "number" + } + }, + "type": "object" + }, + "serverless.LayerInfo": { + "description": "LayerInfo contains information about a lambda layer", + "properties": { + "id": { + "description": "ID of the layer.\n", + "type": "string" + }, + "name": { + "description": "Name of the layer.\n", + "type": "string" + }, + "version": { + "description": "Version of the layer.\n", + "type": "string" + } + }, + "type": "object" + }, + "serverless.Permissions": { + "description": "Permissions contain service function permissions", + "properties": { + "actions": { + "description": "Actions is API actions of the service that the function has access to.\n", + "items": { + "$ref": "#/components/schemas/serverless.ActionResources" + }, + "type": "array" + }, + "service": { + "description": "Service is the service name.\n", + "type": "string" + } + }, + "type": "object" + }, + "serverless.RadarData": { + "description": "RadarData represent all data relevant to the serverless radar", + "properties": { + "serverlessRadar": { + "description": "ServerlessRadar holds all radar entities.\n", + "items": { + "$ref": "#/components/schemas/serverless.RadarEntity" + }, + "type": "array" + } + }, + "type": "object" + }, + "serverless.RadarEntity": { + "description": "RadarEntity is the extended serverless radar entity", + "properties": { + "_id": { + "description": "ID is unique identifier of the function (for AWS - ARN).\n", + "type": "string" + }, + "accountID": { + "description": "AccountID is the cloud account ID.\n", + "type": "string" + }, + "alias": { + "description": "Alias states that the current entity is an alias of the function.\n", + "type": "boolean" + }, + "applicationName": { + "description": "ApplicationName is the name of the application the function is associated with.\n", + "type": "string" + }, + "associatedVersions": { + "description": "AssociatedVersions contain the alias associated versions, or empty if the entity isn't an alias.\n", + "items": { + "$ref": "#/components/schemas/serverless.AssociatedVersion" + }, + "type": "array" + }, + "collections": { + "description": "Collections are the matched function collections.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "complianceDistribution": { + "$ref": "#/components/schemas/vuln.Distribution" + }, + "credentialId": { + "description": "CredentialID is the id reference of the credential used.\n", + "type": "string" + }, + "defended": { + "description": "Defended denotes weather the function is defended by a serverless defender.\n", + "type": "boolean" + }, + "description": { + "description": "Description is the user provided description of the function.\n", + "type": "string" + }, + "incidentCount": { + "description": "IncidentCount is the number of incidents.\n", + "type": "integer" + }, + "invocations": { + "description": "Invocations is the function invocation count.\n", + "format": "double", + "type": "number" + }, + "lastModified": { + "description": "LastModified is the modification time of the function.\n", + "format": "date-time", + "type": "string" + }, + "name": { + "description": "Name is the name of the function.\n", + "type": "string" + }, + "networkCount": { + "description": "NetworkCount contain the runtime network events count.\n", + "type": "integer" + }, + "permissions": { + "description": "Permissions are the function permissions.\n", + "items": { + "$ref": "#/components/schemas/serverless.Permissions" + }, + "type": "array" + }, + "permissionsBoundary": { + "description": "PermissionsBoundary are limitations of the permissions, acting as AND.\n", + "items": { + "$ref": "#/components/schemas/serverless.Permissions" + }, + "type": "array" + }, + "processesCount": { + "description": "ProcessesCount contain the runtime processes events count.\n", + "type": "integer" + }, + "provider": { + "$ref": "#/components/schemas/common.CloudProvider" + }, + "region": { + "description": "Region is the region that was scanned, for example: GCP - \"us-east-1\", Azure - \"westus\".\n", + "type": "string" + }, + "runtime": { + "description": "Runtime is runtime environment for the function, i.e. nodejs.\n", + "type": "string" + }, + "scanned": { + "description": "Scanned indicates if the function was scanned for vulnerabilities and compliance.\n", + "type": "boolean" + }, + "tags": { + "description": "Tags are the cloud provider metadata tags.\n", + "items": { + "$ref": "#/components/schemas/common.ExternalLabel" + }, + "type": "array" + }, + "triggers": { + "description": "Triggers contain invocation paths for functions.\n", + "items": { + "$ref": "#/components/schemas/serverless.Triggers" + }, + "type": "array" + }, + "version": { + "description": "Version is the version of the function, or the alias name if it's an alias.\n", + "type": "string" + }, + "vulnerabilityDistribution": { + "$ref": "#/components/schemas/vuln.Distribution" + } + }, + "type": "object" + }, + "serverless.RadarFilter": { + "description": "RadarFilter contains filter options for serverless radar entities", + "properties": { + "accountIDs": { + "description": "AccountIDs are cloud provider account IDs with discovered entities.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "credentials": { + "description": "Credentials are cloud provider credential ID's with discovered entities.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "provider": { + "$ref": "#/components/schemas/common.CloudProvider" + }, + "regions": { + "description": "Regions are cloud provider regions with discovered entities.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + "type": "object" + }, + "serverless.Resource": { + "description": "Resource is a single action resources", + "properties": { + "allow": { + "description": "Allow states if the resource is allowed or denied.\n", + "type": "boolean" + }, + "condition": { + "description": "Conditions contain limitations on resources, such as a specific prefix.\n", + "items": { + "$ref": "#/components/schemas/serverless.Condition" + }, + "type": "array" + }, + "name": { + "description": "Name is the resource name.\n", + "type": "string" + }, + "negate": { + "description": "Negate indicates that the policy apply to all except the given resource.\n", + "type": "boolean" + } + }, + "type": "object" + }, + "serverless.ServiceAPI": { + "description": "ServiceAPI describes a service API", + "properties": { + "api": { + "description": "API is the service API.\n", + "type": "string" + }, + "negate": { + "description": "Negate indicates the policy apply to all APIs except the given API.\n", + "type": "boolean" + }, + "service": { + "description": "Service is the AWS service.\n", + "type": "string" + } + }, + "type": "object" + }, + "serverless.Trigger": { + "description": "Trigger contains function triggers", + "properties": { + "properties": { + "description": "Properties are the trigger properties. There may be multiple values per key, for example AWS S3 event types: ObjectCreatedByPost, ObjectCreatedByCopy, ObjectCreatedByPut.\n", + "items": { + "$ref": "#/components/schemas/shared.KeyValues" + }, + "type": "array" + }, + "sourceID": { + "description": "SourceID is the id of the service instance that caused the trigger. For example AWS S3 bucket ARN, AWS apigateway ARN, etc.\n", + "type": "string" + } + }, + "type": "object" + }, + "serverless.Triggers": { + "description": "Triggers contain a service function triggers", + "properties": { + "service": { + "description": "Service is the service name.\n", + "type": "string" + }, + "triggers": { + "description": "Triggers are the function invocation paths from the service.\n", + "items": { + "$ref": "#/components/schemas/serverless.Trigger" + }, + "type": "array" + } + }, + "type": "object" + }, + "shared.AccountMessage": { + "description": "AccountMessage is a cloud account message", + "properties": { + "accountID": { + "description": "AccountID is the account ID.\n", + "type": "string" + }, + "awsRegionType": { + "$ref": "#/components/schemas/shared.RegionType" + }, + "cloudType": { + "description": "CloudType is the account type.\n", + "type": "string" + }, + "deleted": { + "description": "Deleted is true if this account is marked deleted.\n", + "type": "boolean" + }, + "features": { + "description": "EnabledFeatures is a list of enabled features, e.g. agentless, serverless, cloud discovery.\n", + "items": { + "$ref": "#/components/schemas/shared.FeatureName" + }, + "type": "array" + }, + "lastModified": { + "description": "LastModified is the last time this account was modified.\n", + "format": "int64", + "type": "integer" + }, + "name": { + "description": "AccountName is the account name.\n", + "type": "string" + }, + "organizationName": { + "description": "OrganizationName is the organization the account belongs to (if any).\n", + "type": "string" + } + }, + "type": "object" + }, + "shared.ActivityType": { + "description": "ActivityType is the type of user activity", + "enum": [ + [ + "app restart", + "app install", + "app modified", + "cron modified", + "system update", + "system reboot", + "source modified", + "source added", + "iptables changed", + "secret modified", + "login", + "sudo", + "accounts modified", + "sensitive files modified", + "docker" + ] + ], + "type": "string" + }, + "shared.AgentlessAccountScanStatus": { + "description": "AgentlessAccountScanStatus represents agentless cloud account scan status", + "type": "integer" + }, + "shared.AgentlessAccountState": { + "description": "AgentlessAccountState holds the information about the agentless account state", + "properties": { + "lastScan": { + "description": "LastScan is a timestamp of the end of the last scan.\n", + "format": "date-time", + "type": "string" + }, + "regions": { + "description": "Regions is an array of regions scanned in account.\n", + "items": { + "$ref": "#/components/schemas/shared.AgentlessRegionState" + }, + "type": "array" + }, + "scanStatus": { + "$ref": "#/components/schemas/shared.AgentlessAccountScanStatus" + } + }, + "type": "object" + }, + "shared.AgentlessHostTag": { + "description": "AgentlessHostTag is the tag to be checked on a discovered host", + "properties": { + "key": { + "description": "Key is the tag key.\n", + "type": "string" + }, + "value": { + "description": "Value is the tag value.\n", + "type": "string" + } + }, + "type": "object" + }, + "shared.AgentlessRegionState": { + "description": "AgentlessRegionState holds information about the statuses scans in a region", + "properties": { + "availabilityDomain": { + "description": "AvailabilityDomain is the code name of OCI availabilityDomain.\n", + "type": "string" + }, + "errorsInfo": { + "description": "ErrorsInfo holds information about the errors that occured during in region scan.\n", + "items": { + "$ref": "#/components/schemas/shared.ScanErrorInfo" + }, + "type": "array" + }, + "lastScan": { + "description": "LastScan is a timestamp of the end of the last scan.\n", + "format": "date-time", + "type": "string" + }, + "region": { + "description": "Region is the code name of the region.\n", + "type": "string" + }, + "scanID": { + "description": "ScanID is the id of scan cycle the region was last scanned in.\n", + "type": "integer" + }, + "score": { + "description": "Score is an aggregated score of the errors in the region.\n", + "type": "integer" + } + }, + "type": "object" + }, + "shared.AgentlessReportErrorRequest": { + "description": "AgentlessReportErrorRequest contains an agentless scan error that scanner reports to console", + "properties": { + "error": { + "description": "Error specifies the error that occurred during scan.\n", + "type": "string" + }, + "host": { + "description": "Host specifies the name of the host that experienced the error.\n", + "type": "string" + }, + "resultDetails": { + "description": "ResultDetails contains a more detailed result about a failed scan.\n", + "type": "string" + } + }, + "type": "object" + }, + "shared.AgentlessScanSpecification": { + "description": "AgentlessScanSpecification contains information for setting up an agentless scan for a group of accounts", + "properties": { + "autoScale": { + "description": "AutoScale indicates that the number of concurrent scanners should be selected automatically.\n", + "type": "boolean" + }, + "consoleAddr": { + "description": "ConsoleAddr is a network-accessible address that scanners can use to publish scan results to Console.\n", + "type": "string" + }, + "customTags": { + "description": "CustomTags are optional tags that can be added to the resources created by the scan.\n", + "items": { + "$ref": "#/components/schemas/shared.AgentlessHostTag" + }, + "type": "array" + }, + "enabled": { + "description": "Enabled indicates whether agentless scanning is enabled.\n", + "type": "boolean" + }, + "excludedTags": { + "description": "ExcludedTags are the tags used to exclude instances from the scan.\n", + "items": { + "$ref": "#/components/schemas/shared.AgentlessHostTag" + }, + "type": "array" + }, + "hubAccount": { + "description": "HubAccount indicates whether the account is configured as a hub account.\n", + "type": "boolean" + }, + "hubCredentialID": { + "description": "HubCredentialID is the ID of the credentials in the credentials store to use for authenticating with the cloud provider on behalf of the scan hub account. Optional.\n", + "type": "string" + }, + "includedTags": { + "description": "IncludedTags are tags that are used to filter hosts to scan. If set, only hosts that have one or more of these tags are scanned.\n", + "items": { + "$ref": "#/components/schemas/shared.AgentlessHostTag" + }, + "type": "array" + }, + "ociCompartment": { + "description": "OCICompartment is the resource group that holds all scan related resources for OCI.\n", + "type": "string" + }, + "ociExcludedCompartments": { + "description": "OCIExcludedCompartments are the compartments excluded from scan (OCI).\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "ociVcn": { + "description": "OCIVcn is the Virtual Cloud Network to use for the instance launched for scanning. Default value is empty string, which represents the default VCN.\n", + "type": "string" + }, + "proxyAddress": { + "description": "ProxyAddress is the optional HTTP proxy address for a setup that includes a proxy server.\n", + "type": "string" + }, + "proxyCA": { + "description": "ProxyCA is the optional proxy CA certificate for a setup that includes a TLS proxy.\n", + "type": "string" + }, + "regions": { + "description": "Regions are the cloud provider regions applicable for the scan. Default is all.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "scanNonRunning": { + "description": "ScanNonRunning indicates whether to scan non running instances.\n", + "type": "boolean" + }, + "scanners": { + "description": "Scanners is the number of concurrent scanners to perform the scan (when auto-scale is off).\n", + "type": "integer" + }, + "securityGroup": { + "description": "SecurityGroup is the security group that scanners should use (for isolation and internet access). Default is empty value to use the cloud account default security group.\n", + "type": "string" + }, + "skipPermissionsCheck": { + "description": "SkipPermissionsCheck indicates whether permissions check should be skipped for the account. This allows users to attempt scanning when permissions check fails.\n", + "type": "boolean" + }, + "subnet": { + "description": "Subnet is the network subnet to use for the instance launched for scanning. Default value is empty string, which represents the default subnet in the default VPC.\n", + "type": "string" + } + }, + "type": "object" + }, + "shared.AlertThreshold": { + "description": "AlertThreshold is the vulnerability policy alert threshold\nThreshold values typically vary between 0 and 10 (noninclusive)", + "properties": { + "disabled": { + "description": "Suppresses alerts for all vulnerabilities (true).\n", + "type": "boolean" + }, + "value": { + "description": "Minimum severity to trigger alerts. Supported values range from 0 to 9, where 0=off, 1=low, 4=medium, 7=high, and 9=critical.\n", + "format": "float", + "type": "number" + } + }, + "type": "object" + }, + "shared.AllowedCVE": { + "description": "AllowedCVE is a CVE to ignore across the product", + "properties": { + "cve": { + "description": "CVE is the CVE to allow.\n", + "type": "string" + }, + "description": { + "description": "Description is the description of why this CVE is allowed.\n", + "type": "string" + }, + "expiration": { + "description": "Expiration is the expiration date for the allowed CVE.\n", + "format": "date-time", + "type": "string" + } + }, + "type": "object" + }, + "shared.AppEmbeddedEmbedRequest": { + "description": "AppEmbeddedEmbedRequest represents the arguments required for a AppEmbedded defender embed request", + "properties": { + "appID": { + "description": "AppID identifies the app that the embedded app defender defender is protecting.\n", + "type": "string" + }, + "consoleAddr": { + "description": "ConsoleAddr is the console address.\n", + "type": "string" + }, + "dataFolder": { + "description": "DataFolder is the path to the Twistlock data folder in the container.\n", + "type": "string" + }, + "dockerfile": { + "description": "Dockerfile is the Dockerfile to embed AppEmbedded defender into.\n", + "type": "string" + }, + "filesystemMonitoring": { + "description": "FilesystemMonitoring is the flag of filesystem monitoring for this Defender.\n", + "type": "boolean" + } + }, + "type": "object" + }, + "shared.AppEmbeddedRuntimeProfile": { + "description": "AppEmbeddedRuntimeProfile represents the app embedded runtime profile", + "properties": { + "_id": { + "description": "ID is the profile ID.\n", + "type": "string" + }, + "appID": { + "description": "AppID is the app embedded defender name.\n", + "type": "string" + }, + "cloudMetadata": { + "$ref": "#/components/schemas/common.CloudMetadata" + }, + "cluster": { + "description": "Cluster is the ECS Fargate cluster name.\n", + "type": "string" + }, + "clusterType": { + "$ref": "#/components/schemas/common.ClusterType" + }, + "collections": { + "description": "Collections are collections to which this profile applies.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "container": { + "description": "Container is the app embedded container name.\n", + "type": "string" + }, + "image": { + "description": "Image is the image name.\n", + "type": "string" + }, + "imageID": { + "description": "ImageID is the image ID.\n", + "type": "string" + }, + "startTime": { + "description": "StartTime is the time when the defender starts.\n", + "format": "date-time", + "type": "string" + } + }, + "type": "object" + }, + "shared.AppFirewallAudit": { + "description": "AppFirewallAudit represents a firewall audit event", + "properties": { + "_id": { + "description": "ID is internal id representation.\n", + "type": "string" + }, + "accountID": { + "description": "AccountID is the cloud account ID where the audit was generated.\n", + "type": "string" + }, + "appID": { + "description": "AppID is the application ID.\n", + "type": "string" + }, + "attackField": { + "$ref": "#/components/schemas/waas.HTTPField" + }, + "attackTechniques": { + "description": "AttackTechniques are the MITRE attack techniques.\n", + "items": { + "$ref": "#/components/schemas/mitre.Technique" + }, + "type": "array" + }, + "cluster": { + "description": "Cluster is the cluster on which the audit was originated.\n", + "type": "string" + }, + "collections": { + "description": "Collections are collections to which this audit applies.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "connectingIPs": { + "description": "ConnectingIPs are the requests connecting IPs such as proxy and load-balancer.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "containerId": { + "description": "ContainerID is the firewall container ID.\n", + "type": "string" + }, + "containerName": { + "description": "ContainerName is the firewall container name.\n", + "type": "string" + }, + "count": { + "description": "Count is the number of audit occurrences.\n", + "type": "integer" + }, + "country": { + "description": "Country is the source IP country.\n", + "type": "string" + }, + "effect": { + "$ref": "#/components/schemas/waas.Effect" + }, + "eventID": { + "description": "EventID is the event identifier of the audit relevant request.\n", + "type": "string" + }, + "firewallType": { + "$ref": "#/components/schemas/waas.FirewallType" + }, + "fqdn": { + "description": "FQDN is the current hostname's FQDN.\n", + "type": "string" + }, + "function": { + "description": "Function is the name of the serverless function that caused the audit.\n", + "type": "string" + }, + "functionID": { + "description": "FunctionID is the id of the function called.\n", + "type": "string" + }, + "host": { + "description": "Host indicates this audit is either for host firewall or out of band firewall or agentless firewall.\n", + "type": "boolean" + }, + "hostname": { + "description": "Hostname is the current hostname.\n", + "type": "string" + }, + "imageName": { + "description": "ImageName is the firewall image name.\n", + "type": "string" + }, + "labels": { + "additionalProperties": { + "$ref": "#/components/schemas/string" + }, + "description": "Labels are the custom labels associated with the container.\n", + "type": "object" + }, + "method": { + "description": "HTTPMethod is the request HTTP method.\n", + "type": "string" + }, + "msg": { + "description": "Message is the blocking message text.\n", + "type": "string" + }, + "ns": { + "description": "Namespaces are the k8s namespaces.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "os": { + "description": "OS is the operating system distribution.\n", + "type": "string" + }, + "owaspAPITop10": { + "$ref": "#/components/schemas/waas.OWASPAPITop10" + }, + "owaspTop10": { + "$ref": "#/components/schemas/waas.OWASPTop10" + }, + "profileId": { + "description": "ProfileID is the profile of the audit.\n", + "type": "string" + }, + "protection": { + "$ref": "#/components/schemas/waas.Protection" + }, + "provider": { + "$ref": "#/components/schemas/common.CloudProvider" + }, + "rawEvent": { + "description": "RawEvent contains unparsed function handler event input.\n", + "type": "string" + }, + "region": { + "description": "Region is the name of the region in which the serverless function is located.\n", + "type": "string" + }, + "requestHeaderNames": { + "description": "RequestHeaderNames are the request header names.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "requestHeaders": { + "description": "RequestHeaders represent the request headers.\n", + "type": "string" + }, + "requestHost": { + "description": "RequestHost is the request host.\n", + "type": "string" + }, + "requestID": { + "description": "RequestID is lambda function invocation request id.\n", + "type": "string" + }, + "resource": { + "$ref": "#/components/schemas/common.RuntimeResource" + }, + "responseHeaderNames": { + "description": "ResponseHeaderNames are the response header names.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "ruleAppID": { + "description": "RuleAppID is the ID of the rule's app that was applied.\n", + "type": "string" + }, + "ruleName": { + "description": "RuleName is the name of the rule that was applied.\n", + "type": "string" + }, + "runtime": { + "$ref": "#/components/schemas/shared.LambdaRuntimeType" + }, + "statusCode": { + "description": "StatusCode is the response status code.\n", + "type": "integer" + }, + "subnet": { + "description": "Subnet is the source IP subnet.\n", + "type": "string" + }, + "time": { + "description": "Time is the UTC time of the audit event.\n", + "format": "date-time", + "type": "string" + }, + "type": { + "$ref": "#/components/schemas/waas.AttackType" + }, + "url": { + "description": "URL is the requests full URL (partial on server side - path and query only).\n", + "type": "string" + }, + "urlPath": { + "description": "URLPath is the requests url path.\n", + "type": "string" + }, + "urlQuery": { + "description": "URLQuery is the requests url query.\n", + "type": "string" + }, + "userAgentHeader": { + "description": "UserAgentHeader is the requests User-Agent header.\n", + "type": "string" + }, + "version": { + "description": "Version is the defender version.\n", + "type": "string" + } + }, + "type": "object" + }, + "shared.Audit": { + "description": "Audit represents an event in the system", + "properties": { + "accountID": { + "description": "AccountID is the cloud account ID where the audit was created.\n", + "type": "string" + }, + "allow": { + "description": "Allow indicates whether the command was allowe or denied.\n", + "type": "boolean" + }, + "api": { + "description": "API is the api that is being audited.\n", + "type": "string" + }, + "cluster": { + "description": "Cluster is the cluster from which the audit originated.\n", + "type": "string" + }, + "collections": { + "description": "Collections are collections to which this audit applies.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "containerName": { + "description": "ContainerName is the name of the container.\n", + "type": "string" + }, + "fqdn": { + "description": "FQDN is the fully qualified domain name from which the audit originated.\n", + "type": "string" + }, + "hostname": { + "description": "Hostname is the hostname from which the audit originated.\n", + "type": "string" + }, + "imageName": { + "description": "ImageName is the name of the image.\n", + "type": "string" + }, + "labels": { + "additionalProperties": { + "$ref": "#/components/schemas/string" + }, + "description": "Labels are the labels associated with the target audit (for containers/images).\n", + "type": "object" + }, + "msg": { + "description": "Msg is the message explaining the audit.\n", + "type": "string" + }, + "namespace": { + "description": "Namespace is the container namespace.\n", + "type": "string" + }, + "ruleName": { + "description": "RulesName is contains the name of the rule that was applied, when blocked.\n", + "type": "string" + }, + "sourceIP": { + "description": "SourceIP is the remote agent's source IP.\n", + "type": "string" + }, + "time": { + "description": "Time is the UTC time of the audit event.\n", + "format": "date-time", + "type": "string" + }, + "type": { + "description": "Type is the audit type.\n", + "type": "string" + }, + "user": { + "description": "User is the user that run the command.\n", + "type": "string" + } + }, + "type": "object" + }, + "shared.BackupSpec": { + "description": "BackupSpec is the backup specification", + "properties": { + "id": { + "description": "ID is the full backup file name, used as the instance id in API calls.\n", + "type": "string" + }, + "name": { + "description": "Name is the backup name.\n", + "type": "string" + }, + "release": { + "description": "Release is the backup release.\n", + "type": "string" + }, + "time": { + "description": "Time is the backup creation time.\n", + "format": "date-time", + "type": "string" + } + }, + "type": "object" + }, + "shared.Binary": { + "description": "Binary represents a detected binary file (ELF)", + "properties": { + "altered": { + "description": "Indicates if the binary was installed from a package manager and modified/replaced (true) or not (false).\n", + "type": "boolean" + }, + "cveCount": { + "description": "Total number of CVEs for this specific binary.\n", + "type": "integer" + }, + "deps": { + "description": "Third-party package files which are used by the binary.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "fileMode": { + "description": "Represents the file's mode and permission bits.\n", + "type": "integer" + }, + "functionLayer": { + "description": "ID of the serverless layer in which the package was discovered.\n", + "type": "string" + }, + "md5": { + "description": "Md5 hashset of the binary.\n", + "type": "string" + }, + "missingPkg": { + "description": "Indicates if this binary is not related to any package (true) or not (false).\n", + "type": "boolean" + }, + "name": { + "description": "Name of the binary.\n", + "type": "string" + }, + "path": { + "description": "Path is the path of the binary.\n", + "type": "string" + }, + "pkgRootDir": { + "description": "Path for searching packages used by the binary.\n", + "type": "string" + }, + "services": { + "description": "Names of services which use the binary.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "version": { + "description": "Version of the binary.\n", + "type": "string" + } + }, + "type": "object" + }, + "shared.BlockThreshold": { + "description": "BlockThreshold is the vulnerability policy block threshold\nThreshold values typically vary between 0 and 10 (noninclusive)", + "properties": { + "enabled": { + "description": "Enables blocking (true).\n", + "type": "boolean" + }, + "value": { + "description": "Minimum severity to trigger blocking. Supported values range from 0 to 9, where 0=off, 1=low, 4=medium, 7=high, and 9=critical.\n", + "format": "float", + "type": "number" + } + }, + "type": "object" + }, + "shared.CLIScanResult": { + "description": "CLIScanResult describes a CLI scan result", + "properties": { + "_id": { + "description": "ID of the scan result.\n", + "type": "string" + }, + "build": { + "description": "CI build.\n", + "type": "string" + }, + "complianceFailureSummary": { + "description": "Scan compliance failure summary.\n", + "type": "string" + }, + "entityInfo": { + "$ref": "#/components/schemas/shared.ImageScanResult" + }, + "jobName": { + "description": "CI job name.\n", + "type": "string" + }, + "pass": { + "description": "Indicates if the scan passed (true) or failed (false).\n", + "type": "boolean" + }, + "time": { + "description": "Time of the scan.\n", + "format": "date-time", + "type": "string" + }, + "version": { + "description": "Scanner version.\n", + "type": "string" + }, + "vulnFailureSummary": { + "description": "Scan vulnerability failure summary.\n", + "type": "string" + } + }, + "type": "object" + }, + "shared.CPUArch": { + "description": "CPUArch represents the CPU architecture", + "type": "integer" + }, + "shared.CPUArchs": { + "description": "CPUArchs represents list of cpu architectures", + "items": { + "$ref": "#/components/schemas/shared.CPUArch" + }, + "type": "array" + }, + "shared.CVEAllowList": { + "description": "CVEAllowList is a collection of allowed CVE's", + "properties": { + "_id": { + "description": "ID is the id of the feed.\n", + "type": "string" + }, + "digest": { + "description": "Digest is the feed digest.\n", + "type": "string" + }, + "rules": { + "description": "Rules is the list of allowed CVEs.\n", + "items": { + "$ref": "#/components/schemas/shared.AllowedCVE" + }, + "type": "array" + } + }, + "type": "object" + }, + "shared.CVERule": { + "description": "CVERule is a vuln rule for specific vulnerability", + "properties": { + "description": { + "description": "Free-form text for documenting the exception.\n", + "type": "string" + }, + "effect": { + "$ref": "#/components/schemas/vuln.Effect" + }, + "expiration": { + "$ref": "#/components/schemas/vuln.ExpirationDate" + }, + "id": { + "description": "CVE ID.\n", + "type": "string" + } + }, + "type": "object" + }, + "shared.CVEType": { + "description": "CVEType represents the type of a CVE", + "enum": [ + [ + "python", + "gem", + "nodejs", + "jar", + "package", + "product", + "app", + "go", + "nuget" + ] + ], + "type": "string" + }, + "shared.CloudDiscoveryAccount": { + "description": "CloudDiscoveryAccount holds data about a discovered account", + "properties": { + "accountName": { + "description": "AccountName is the cloud account name.\n", + "type": "string" + }, + "agentless": { + "description": "Agentless indicates whether the account is scan by agentless.\n", + "type": "boolean" + }, + "credentialId": { + "description": "CredentialID is the id reference of the credential used.\n", + "type": "string" + } + }, + "type": "object" + }, + "shared.CloudDiscoveryEntity": { + "description": "CloudDiscoveryEntity holds data about a discovered entity", + "properties": { + "accountID": { + "description": "AccountID is the cloud provider account ID.\n", + "type": "string" + }, + "activeServicesCount": { + "description": "ActiveServicesCount is the number of active services in ecs cluster.\n", + "format": "int64", + "type": "integer" + }, + "arn": { + "description": "The Amazon Resource Name (ARN) assigned to the entity.\n", + "type": "string" + }, + "collections": { + "description": "Collections are the matched result collections.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "containerGroup": { + "description": "ContainerGroup is the azure aci container group the container belongs to.\n", + "type": "string" + }, + "createdAt": { + "description": "CreatedAt is the time when the entity was created.\n", + "format": "date-time", + "type": "string" + }, + "defended": { + "description": "Defended indicates if the entity is defended.\n", + "type": "boolean" + }, + "endpoints": { + "description": "Endpoints are the cluster endpoints.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "image": { + "description": "Image is the image of an aci container.\n", + "type": "string" + }, + "lastModified": { + "description": "LastModified is the modification time of the function.\n", + "format": "date-time", + "type": "string" + }, + "name": { + "description": "Name is the name of the entity.\n", + "type": "string" + }, + "nodesCount": { + "description": "NodesCount is the number of nodes in the cluster (aks, gke).\n", + "type": "integer" + }, + "provider": { + "$ref": "#/components/schemas/common.CloudProvider" + }, + "region": { + "description": "Region is the region that was scanned, for example: GCP - \"us-east-1\", Azure - \"westus\".\n", + "type": "string" + }, + "registry": { + "description": "Registry is the Azure registry that was scanned, for example: testcloudscanregistry.azurecr.io.\n", + "type": "string" + }, + "resourceGroup": { + "description": "ResourceGroup is the the azure resource group containing the entity.\n", + "type": "string" + }, + "runningTasksCount": { + "description": "RunningTasksCount is the number of running tasks in ecs cluster.\n", + "format": "int64", + "type": "integer" + }, + "runtime": { + "description": "Runtime is runtime environment for the function, i.e. nodejs.\n", + "type": "string" + }, + "serviceType": { + "$ref": "#/components/schemas/shared.ScanResultType" + }, + "status": { + "description": "Status is the current status of entity.\n", + "type": "string" + }, + "timestamp": { + "description": "Timestamp is the time in which the instance info was fetched.\n", + "format": "date-time", + "type": "string" + }, + "version": { + "description": "Version is the version of the entity.\n", + "type": "string" + }, + "zone": { + "description": "Zone is the GCP zone that was scanned.\n", + "type": "string" + } + }, + "type": "object" + }, + "shared.CloudDiscoveryRadar": { + "description": "CloudDiscoveryRadar represents a cloud radar", + "properties": { + "accounts": { + "description": "Accounts is the number of accounts.\n", + "type": "integer" + }, + "agentlessDisabledAccounts": { + "description": "AgentlessDisabledAccounts is the number of accounts with agentless is disable.\n", + "type": "integer" + }, + "appEmbedded": { + "description": "AppEmbedded indicates whether the region includes app Embedded.\n", + "type": "boolean" + }, + "clusters": { + "description": "Clusters indicates whether the region includes clusters.\n", + "type": "boolean" + }, + "defended": { + "description": "Defended is the number of defended entities.\n", + "type": "integer" + }, + "errCount": { + "description": "ErrCount is the number of errors.\n", + "type": "integer" + }, + "functions": { + "description": "Functions indicates whether the region includes functions.\n", + "type": "boolean" + }, + "nodes": { + "description": "NodesCount is the number of nodes.\n", + "type": "integer" + }, + "provider": { + "$ref": "#/components/schemas/common.CloudProvider" + }, + "region": { + "description": "Region is the region that was scanned, for example: GCP - \"us-east-1\", Azure - \"westus\".\n", + "type": "string" + }, + "registries": { + "description": "Registries indicates whether the region includes registries.\n", + "type": "boolean" + }, + "total": { + "description": "Total is total number of entities found in cloud scan.\n", + "type": "integer" + }, + "vms": { + "description": "VMs indicates whether the region includes VMs.\n", + "type": "boolean" + } + }, + "type": "object" + }, + "shared.CloudDiscoveryResult": { + "description": "CloudDiscoveryResult represents a cloud scan result for a specific cloud provider, service and region", + "properties": { + "accountID": { + "description": "AccountID is the cloud account ID.\n", + "type": "string" + }, + "accountName": { + "description": "AccountName is the cloud account name.\n", + "type": "string" + }, + "agentless": { + "description": "Agentless indicates whether the account is scan by agentless.\n", + "type": "boolean" + }, + "collections": { + "description": "Collections are the matched result collections.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "credentialId": { + "description": "CredentialID is the id reference of the credential used.\n", + "type": "string" + }, + "defended": { + "description": "Defended is the number of defended entities (registries, functions, clusters).\n", + "type": "integer" + }, + "defenseCoverage": { + "description": "DefenseCoverage is the defense coverage.\n", + "type": "integer" + }, + "err": { + "description": "Err holds any error found during a scan.\n", + "type": "string" + }, + "nodes": { + "description": "Nodes is the number of nodes.\n", + "type": "integer" + }, + "project": { + "description": "Project is the GCP project that was scanned.\n", + "type": "string" + }, + "provider": { + "$ref": "#/components/schemas/common.CloudProvider" + }, + "region": { + "description": "Region is the region that was scanned, for example: GCP - \"us-east-1\", Azure - \"westus\".\n", + "type": "string" + }, + "registry": { + "description": "Registry is the Azure registry that was scanned, for example: testcloudscanregistry.azurecr.io.\n", + "type": "string" + }, + "serviceType": { + "$ref": "#/components/schemas/shared.ScanResultType" + }, + "total": { + "description": "Total is total number of entities found in cloud scan.\n", + "type": "integer" + }, + "undefended": { + "description": "Undefended is the number of undefended entities (registries, functions, clusters).\n", + "type": "integer" + }, + "zone": { + "description": "Zone is the zone that was scanned, only relevant to GCP.\n", + "type": "string" + } + }, + "type": "object" + }, + "shared.CloudScanRule": { + "description": "CloudScanRule is a rule for discovery/compliance/serverless radar scanning", + "properties": { + "agentlessAccountState": { + "$ref": "#/components/schemas/shared.AgentlessAccountState" + }, + "agentlessScanSpec": { + "$ref": "#/components/schemas/shared.AgentlessScanSpecification" + }, + "awsRegionType": { + "$ref": "#/components/schemas/shared.RegionType" + }, + "complianceCheckIDs": { + "description": "ComplianceCheckIDs are the compliance checks IDs.\n", + "items": { + "$ref": "#/components/schemas/int" + }, + "type": "array" + }, + "credential": { + "$ref": "#/components/schemas/cred.Credential" + }, + "credentialId": { + "description": "CredentialID is the id reference of the credential.\n", + "type": "string" + }, + "deleted": { + "description": "Deleted reports whether the account is deleted.\n", + "type": "boolean" + }, + "discoverAllFunctionVersions": { + "description": "DiscoverAllFunctionVersions indicates whether serverless discovery and radar scans should scan all function versions or only latest.\n", + "type": "boolean" + }, + "discoveryEnabled": { + "description": "DiscoveryEnabled indicates whether discovery scan is enabled.\n", + "type": "boolean" + }, + "modified": { + "description": "Modified holds the last modified time (in Compute).\n", + "format": "int64", + "type": "integer" + }, + "organizationName": { + "description": "OrganizationName is the organization the account belongs to (if any).\n", + "type": "string" + }, + "prismaLastModified": { + "description": "PrismaLastModified reports the last time the account was modified by Prisma (unix milliseconds).\n", + "format": "int64", + "type": "integer" + }, + "serverlessRadarCap": { + "description": "ServerlessRadarCap is the maximum number of functions to scan in serverless radar.\n", + "type": "integer" + }, + "serverlessRadarEnabled": { + "description": "ServerlessRadarEnabled indicates whether serverless radar scan is enabled.\n", + "type": "boolean" + }, + "serverlessScanSpec": { + "$ref": "#/components/schemas/shared.ServerlessScanSpecification" + }, + "vmTagsEnabled": { + "description": "VMTagsEnabled indicates whether fetching VM instance tags is enabled.\n", + "type": "boolean" + } + }, + "type": "object" + }, + "shared.CodeRepoProviderType": { + "description": "CodeRepoProviderType is the type of provider for the code repository, e.g., GitHub, GitLab etc", + "enum": [ + [ + "github", + "CI" + ] + ], + "type": "string" + }, + "shared.CodeRepoSettings": { + "description": "CodeRepoSettings is the settings for scanning remote code repositories", + "properties": { + "specifications": { + "description": "Repository specifications used for scanning.\n", + "items": { + "$ref": "#/components/schemas/shared.CodeRepoSpecification" + }, + "type": "array" + }, + "webhookUrlSuffix": { + "description": "Random URL suffix generated for the webhook API.\n", + "type": "string" + } + }, + "type": "object" + }, + "shared.CodeRepoSpecification": { + "description": "CodeRepoSpecification is a specification for scanning specific repositories", + "properties": { + "credentialID": { + "description": "ID of the credentials in the credentials store to use for authenticating with the code repo service provider.\n", + "type": "string" + }, + "excludedManifestPaths": { + "description": "Paths in the repository the scanner ignores when looking for manifest files to evaluate.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "explicitManifestNames": { + "description": "Additional manifest files for the scanner to evaluate. Explicitly specify manifest filenames when you use non-standard naming schemes. (e.g., prod-requirements.txt).\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "publicOnly": { + "description": "Indicates whether this specification is meant for (unauthenticated) public-only scanning (true) or private as well (false).\n", + "type": "boolean" + }, + "repositories": { + "description": "Repository names to scan. The format is /.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "targetPythonVersion": { + "description": "Python version to consider when resolving Python dependencies. The default value is the latest version.\n", + "type": "string" + }, + "type": { + "$ref": "#/components/schemas/shared.CodeRepoProviderType" + } + }, + "type": "object" + }, + "shared.Conditions": { + "description": "Conditions contains rule conditions. Conditions apply only for their respective policy type", + "properties": { + "device": { + "description": "Allowed volume host device (wildcard). If a \"container create\" command specifies a non matching host device, th action is blocked. Only applies to rules in certain policy types.\n", + "type": "string" + }, + "readonly": { + "description": "Indicates if the condition applies only to read-only commands (i.e., HTTP GET requests) (true) or not (false).\n", + "type": "boolean" + }, + "vulnerabilities": { + "description": "Block and scan severity-based vulnerabilities conditions.\n", + "items": { + "$ref": "#/components/schemas/vuln.Condition" + }, + "type": "array" + } + }, + "type": "object" + }, + "shared.Connection": { + "description": "Connection is a radar internet connection", + "properties": { + "port": { + "description": ".\n", + "type": "integer" + }, + "protocol": { + "description": ".\n", + "type": "string" + } + }, + "type": "object" + }, + "shared.ContainerHistoryEvent": { + "description": "ContainerHistoryEvent is a container process event created by interactive user", + "properties": { + "_id": { + "description": "ID is the history event entity.\n", + "type": "string" + }, + "command": { + "description": "Command is the process that was executed.\n", + "type": "string" + }, + "hostname": { + "description": "Hostname is the hostname on which the command was invoked.\n", + "type": "string" + }, + "time": { + "description": "Time is the time of the event.\n", + "format": "date-time", + "type": "string" + } + }, + "type": "object" + }, + "shared.ContainerInfo": { + "description": "ContainerInfo contains all information gathered on a specific container", + "properties": { + "allCompliance": { + "$ref": "#/components/schemas/vuln.AllCompliance" + }, + "app": { + "description": "App is the app that is hosted in the container.\n", + "type": "string" + }, + "cloudMetadata": { + "$ref": "#/components/schemas/common.CloudMetadata" + }, + "cluster": { + "description": "Cluster is the provided cluster name.\n", + "type": "string" + }, + "clusterType": { + "$ref": "#/components/schemas/common.ClusterType" + }, + "complianceDistribution": { + "$ref": "#/components/schemas/vuln.Distribution" + }, + "complianceIssues": { + "description": "ComplianceIssues are all the container compliance issues.\n", + "items": { + "$ref": "#/components/schemas/vuln.Vulnerability" + }, + "type": "array" + }, + "complianceIssuesCount": { + "description": ".\n", + "type": "integer" + }, + "complianceRiskScore": { + "description": "ComplianceRiskScore is the container's compliance risk score.\n", + "format": "float", + "type": "number" + }, + "externalLabels": { + "description": "ExternalLabels is the external labels e.g., kubernetes namespace labels.\n", + "items": { + "$ref": "#/components/schemas/common.ExternalLabel" + }, + "type": "array" + }, + "id": { + "description": "ID is the container id.\n", + "type": "string" + }, + "image": { + "description": "Image is the canonical image name.\n", + "type": "string" + }, + "imageID": { + "description": "ImageID is the image id.\n", + "type": "string" + }, + "imageName": { + "description": "Deprecated: The image name as stated in the docker run command.\n", + "type": "string" + }, + "infra": { + "description": "Infra represents any container that belongs to the infrastructure.\n", + "type": "boolean" + }, + "installedProducts": { + "$ref": "#/components/schemas/shared.InstalledProducts" + }, + "labels": { + "description": "Labels are the container labels (https://docs.docker.com/engine/userguide/labels-custom-metadata/).\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "name": { + "description": "Name is the container name.\n", + "type": "string" + }, + "namespace": { + "description": "Namespace is the k8s deployment namespace.\n", + "type": "string" + }, + "network": { + "$ref": "#/components/schemas/shared.ContainerNetwork" + }, + "networkSettings": { + "$ref": "#/components/schemas/shared.DockerNetworkInfo" + }, + "processes": { + "description": "Processes are the processes that are running inside the container.\n", + "items": { + "$ref": "#/components/schemas/shared.ContainerProcess" + }, + "type": "array" + }, + "profileID": { + "description": "ProfileID is the container profile id.\n", + "type": "string" + }, + "sizeBytes": { + "description": ".\n", + "format": "int64", + "type": "integer" + }, + "startTime": { + "description": "StartTime is the starting time of the container.\n", + "format": "date-time", + "type": "string" + } + }, + "type": "object" + }, + "shared.ContainerNetwork": { + "description": "ContainerNetwork contains details about the container network (ports, IPs, type etc...)", + "properties": { + "ports": { + "description": "Ports are the ports details associated with the container.\n", + "items": { + "$ref": "#/components/schemas/shared.ContainerPort" + }, + "type": "array" + } + }, + "type": "object" + }, + "shared.ContainerNetworkFirewallProfileAudits": { + "description": "ContainerNetworkFirewallProfileAudits represents the container network firewall profile audits", + "properties": { + "_id": { + "description": "ProfileID is the runtime profile ID.\n", + "type": "string" + }, + "audits": { + "additionalProperties": { + "$ref": "#/components/schemas/shared.ContainerNetworkFirewallSubtypeAudits" + }, + "description": "Audits is a map from the audit sub-type to the audit events list.\n", + "type": "object" + }, + "cluster": { + "description": "Cluster is the cluster from which the audit originated.\n", + "type": "string" + }, + "collections": { + "description": "Collections are collections to which this audit applies.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "imageName": { + "description": "ImageName is the container image name.\n", + "type": "string" + }, + "label": { + "description": "Label represents the container deployment label.\n", + "type": "string" + }, + "os": { + "description": "OS is the operating system distribution.\n", + "type": "string" + }, + "resource": { + "$ref": "#/components/schemas/common.RuntimeResource" + }, + "time": { + "description": "Time is the UTC time of the last audit event.\n", + "format": "date-time", + "type": "string" + }, + "total": { + "description": "Total is the total count of audits per runtime profile.\n", + "type": "integer" + } + }, + "type": "object" + }, + "shared.ContainerNetworkFirewallSubtypeAudits": { + "description": "ContainerNetworkFirewallSubtypeAudits represents the container network firewall sub type audits per profile", + "properties": { + "audits": { + "description": "Audits are the container network firewall audits associated with the sub-type, limited to the determined capacity.\n", + "items": { + "$ref": "#/components/schemas/cnnf.ContainerAudit" + }, + "type": "array" + }, + "count": { + "description": "Count is the total count of the sub-type audits.\n", + "type": "integer" + } + }, + "type": "object" + }, + "shared.ContainerPort": { + "description": "ContainerPort represents the state of a port in a given container", + "properties": { + "container": { + "description": "Container is the mapped port inside the container.\n", + "type": "integer" + }, + "host": { + "description": "Host is the host port number.\n", + "type": "integer" + }, + "hostIP": { + "description": "HostIP is the host IP.\n", + "type": "string" + }, + "listening": { + "description": "Listening indicates whether the port is in listening mode.\n", + "type": "boolean" + }, + "nat": { + "description": "NAT indicates the port is exposed using NAT.\n", + "type": "boolean" + } + }, + "type": "object" + }, + "shared.ContainerProcess": { + "description": "ContainerProcess represents a process inside a container", + "properties": { + "name": { + "description": "Name is a process name.\n", + "type": "string" + } + }, + "type": "object" + }, + "shared.ContainerRadarIncomingConnection": { + "description": "ContainerRadarIncomingConnection is an incoming connection in the network radar", + "properties": { + "policyRules": { + "description": "PolicyRules are the policy rules that are applicable for source/dest. Used for radar display of connections deduced from policy rules.\n", + "items": { + "$ref": "#/components/schemas/cnnf.RadarPolicyRule" + }, + "type": "array" + }, + "ports": { + "description": "Ports are all the ports used by the sender.\n", + "items": { + "$ref": "#/components/schemas/common.PortData" + }, + "type": "array" + }, + "profileHash": { + "$ref": "#/components/schemas/common.ProfileHash" + }, + "profileID": { + "description": "ProfileID is the sender's profile ID.\n", + "type": "string" + } + }, + "type": "object" + }, + "shared.ContainerRuntimeProfile": { + "description": "ContainerRuntimeProfile represents the image runtime profile", + "properties": { + "_id": { + "description": "ID is the profile ID.\n", + "type": "string" + }, + "accountIDs": { + "description": "AccountIDs are the cloud account IDs associated with the container runtime profile.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "archived": { + "description": "Archive indicates whether this profile is archived.\n", + "type": "boolean" + }, + "capabilities": { + "$ref": "#/components/schemas/runtime.ContainerCapabilities" + }, + "cluster": { + "description": "Cluster is the provided cluster name.\n", + "type": "string" + }, + "collections": { + "description": "Collections are collections to which this profile applies.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "created": { + "description": "Created is the profile creation time.\n", + "format": "date-time", + "type": "string" + }, + "entrypoint": { + "description": "Entrypoint is the image entrypoint.\n", + "type": "string" + }, + "events": { + "description": "Events are the last historical interactive process events for this profile, they are updated in a designated flow.\n", + "items": { + "$ref": "#/components/schemas/shared.ContainerHistoryEvent" + }, + "type": "array" + }, + "filesystem": { + "$ref": "#/components/schemas/runtime.ProfileFilesystem" + }, + "hash": { + "$ref": "#/components/schemas/common.ProfileHash" + }, + "hostNetwork": { + "description": "HostNetwork whether the instance share the network namespace with the host.\n", + "type": "boolean" + }, + "hostPid": { + "description": "HostPid indicates whether the instance share the pid namespace with the host.\n", + "type": "boolean" + }, + "image": { + "description": "Image is the image name that represents the image.\n", + "type": "string" + }, + "imageID": { + "description": "ImageID is the profile's image ID.\n", + "type": "string" + }, + "infra": { + "description": "InfraContainer indicates this is an infrastructure container.\n", + "type": "boolean" + }, + "istio": { + "description": "Istio states whether it is an istio-monitored profile.\n", + "type": "boolean" + }, + "k8s": { + "$ref": "#/components/schemas/shared.ProfileKubernetesData" + }, + "label": { + "description": "Label is the profile's label.\n", + "type": "string" + }, + "lastUpdate": { + "description": "Modified is the last time when this profile was modified.\n", + "format": "date-time", + "type": "string" + }, + "learnedStartup": { + "description": "LearnedStartup indicates that startup events were learned.\n", + "type": "boolean" + }, + "namespace": { + "description": "Namespace is the k8s deployment namespace.\n", + "type": "string" + }, + "network": { + "$ref": "#/components/schemas/runtime.ProfileNetwork" + }, + "os": { + "description": "OS is the profile image OS.\n", + "type": "string" + }, + "processes": { + "$ref": "#/components/schemas/runtime.ProfileProcesses" + }, + "relearningCause": { + "description": "RelearningCause is a string that describes the reasoning for a profile to enter the learning mode after\nbeing activated.\n", + "type": "string" + }, + "remainingLearningDurationSec": { + "description": "RemainingLearningDurationSec represents the total time left that the system need to finish learning this image.\n", + "format": "double", + "type": "number" + }, + "state": { + "$ref": "#/components/schemas/shared.RuntimeProfileState" + } + }, + "type": "object" + }, + "shared.ContainerScanResult": { + "description": "ContainerScanResult contains the result of a scanning a container", + "properties": { + "_id": { + "description": "ID is the container ID.\n", + "type": "string" + }, + "agentless": { + "description": "Agentless indicates if the result was received by an agentless scanner.\n", + "type": "boolean" + }, + "agentlessScanID": { + "description": "AgentlessScanID is the ID of the agentless scan in which the result was received.\n", + "type": "integer" + }, + "collections": { + "description": "Collections are collections to which this container applies.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "firewallProtection": { + "$ref": "#/components/schemas/waas.ProtectionStatus" + }, + "hostname": { + "description": "Hostname is the hostname on which the container is deployed.\n", + "type": "string" + }, + "info": { + "$ref": "#/components/schemas/shared.ContainerInfo" + }, + "runtimeEnabled": { + "description": "RuntimeEnabled indicates if any runtime rule applies to the container.\n", + "type": "boolean" + }, + "scanTime": { + "description": "ScanTime is the container scan time.\n", + "format": "date-time", + "type": "string" + } + }, + "type": "object" + }, + "shared.Coordinates": { + "description": "Coordinates represents a region coordinates type", + "properties": { + "latitude": { + "description": "Latitude coordinate.\n", + "format": "float", + "type": "number" + }, + "longitude": { + "description": "Longitude coordinate.\n", + "format": "float", + "type": "number" + } + }, + "type": "object" + }, + "shared.CustomComplianceCheck": { + "description": "CustomComplianceCheck represents a custom compliance check entry", + "properties": { + "_id": { + "description": "ID is the compliance check ID.\n", + "type": "integer" + }, + "disabled": { + "description": "Indicates if the rule is currently disabled (true) or not (false).\n", + "type": "boolean" + }, + "modified": { + "description": "Datetime when the rule was last modified.\n", + "format": "date-time", + "type": "string" + }, + "name": { + "description": "Name of the rule.\n", + "type": "string" + }, + "notes": { + "description": "Free-form text.\n", + "type": "string" + }, + "owner": { + "description": "User who created or last modified the rule.\n", + "type": "string" + }, + "previousName": { + "description": "Previous name of the rule. Required for rule renaming.\n", + "type": "string" + }, + "script": { + "description": "Script is the custom check script.\n", + "type": "string" + }, + "severity": { + "description": "Severity is the custom check defined severity.\n", + "type": "string" + }, + "title": { + "description": "Title is the custom check title.\n", + "type": "string" + } + }, + "type": "object" + }, + "shared.CustomIPFeed": { + "description": "CustomIPFeed represent the custom IP feed", + "properties": { + "_id": { + "description": "ID is the custom feed id.\n", + "type": "string" + }, + "digest": { + "description": "Digest is an internal digest of the custom ip feed.\n", + "type": "string" + }, + "feed": { + "$ref": "#/components/schemas/shared.IPs" + }, + "modified": { + "description": "Modified is the last time the custom feed was modified.\n", + "format": "date-time", + "type": "string" + } + }, + "type": "object" + }, + "shared.CustomLabelsSettings": { + "description": "CustomLabelsSettings are customized label names that are used to augment audit events\nThey can either be docker labels (which appears in the container label specification)\nor k8s/openshift labels (which appears in the pause container that monitors the target container)", + "properties": { + "labels": { + "description": "Labels are the custom labels.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + "type": "object" + }, + "shared.CustomMalwareFeed": { + "description": "CustomMalwareFeed represent the custom malware", + "properties": { + "_id": { + "description": "ID is the custom feed id.\n", + "type": "string" + }, + "digest": { + "description": "Digest is an internal digest of the feed.\n", + "type": "string" + }, + "feed": { + "description": "Feed is the list of custom malware signatures.\n", + "items": { + "$ref": "#/components/schemas/shared.Malware" + }, + "type": "array" + }, + "modified": { + "description": "Modified is the last time the custom feed was modified.\n", + "format": "date-time", + "type": "string" + } + }, + "type": "object" + }, + "shared.DefenderInstallBundle": { + "description": "DefenderInstallBundle represents the install bundle for the defender", + "properties": { + "installBundle": { + "description": "InstallBundle is the base64 bundle of certificates used to communicate with the console.\n", + "type": "string" + }, + "wsAddress": { + "description": "WSAddress is the websocket address (console ) the TAS defender connects to.\n", + "type": "string" + } + }, + "type": "object" + }, + "shared.DefenderLicenseDetails": { + "description": "DefenderLicenseDetails represents a single defender license details", + "properties": { + "category": { + "$ref": "#/components/schemas/defender.Category" + }, + "count": { + "description": "Count is the amount of licensed defenders.\n", + "type": "integer" + } + }, + "type": "object" + }, + "shared.DockerNetworkInfo": { + "description": "DockerNetworkInfo contains network-related information about a container", + "properties": { + "ipAddress": { + "description": "IPAddress is the container IP.\n", + "type": "string" + }, + "macAddress": { + "description": "MacAddress is the container MAC.\n", + "type": "string" + }, + "networks": { + "description": "Networks are the networks the container is connected to.\n", + "items": { + "$ref": "#/components/schemas/shared.NetworkInfo" + }, + "type": "array" + }, + "ports": { + "description": "Ports are the container network binding that are externally mapped.\n", + "items": { + "$ref": "#/components/schemas/shared.Port" + }, + "type": "array" + } + }, + "type": "object" + }, + "shared.EncodeServerlessRuleOpts": { + "description": "EncodeServerlessRuleOpts represents the arguments to serverless rule encoding request", + "properties": { + "accountID": { + "description": "AccountID is the cloud account ID.\n", + "type": "string" + }, + "consoleAddr": { + "description": "ConsoleAddr is the remote console address.\n", + "type": "string" + }, + "function": { + "description": "Function is the name of the function.\n", + "type": "string" + }, + "provider": { + "$ref": "#/components/schemas/common.CloudProvider" + }, + "proxy": { + "$ref": "#/components/schemas/common.ProxySettings" + }, + "region": { + "description": "Region is the function's cloud provider region.\n", + "type": "string" + }, + "updateIntervalMs": { + "description": "UpdateIntervalMs is the interval between defender policy requests from the console in milliseconds.\n", + "type": "integer" + } + }, + "type": "object" + }, + "shared.EncodedServerlessRule": { + "description": "EncodedServerlessRule represents a base64-encoded serverless rule", + "properties": { + "data": { + "description": "Data is a base64-encoded serverless runtime rule.\n", + "type": "string" + } + }, + "type": "object" + }, + "shared.EntityType": { + "description": "EntityType represents the type of the resource identifier", + "enum": [ + [ + "", + "docker", + "kubernetes", + "tas", + "istio", + "internet" + ] + ], + "type": "string" + }, + "shared.FeatureName": { + "description": "FeatureName is the account feature name", + "enum": [ + [ + "agentless", + "serverless", + "cloud-discovery", + "auto-protect" + ] + ], + "type": "string" + }, + "shared.FileDetails": { + "description": "FileDetails contains file details as the file path, hash checksum", + "properties": { + "md5": { + "description": "Hash sum of the file using md5.\n", + "type": "string" + }, + "path": { + "description": "Path of the file.\n", + "type": "string" + }, + "sha1": { + "description": "Hash sum of the file using SHA-1.\n", + "type": "string" + }, + "sha256": { + "description": "Hash sum of the file using SHA256.\n", + "type": "string" + } + }, + "type": "object" + }, + "shared.FileIntegrityEvent": { + "description": "FileIntegrityEvent represents a single file integrity event detected according to the file integrity monitoring rules", + "properties": { + "_id": { + "description": "ID is activity's unique identifier.\n", + "type": "string" + }, + "accountID": { + "description": "AccountID is the cloud account ID.\n", + "type": "string" + }, + "cluster": { + "description": "Cluster is the cluster on which the event was found.\n", + "type": "string" + }, + "collections": { + "description": "Collections are collections to which this event applies.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "description": { + "description": "Description is a human readable description of the action performed on the path.\n", + "type": "string" + }, + "eventType": { + "$ref": "#/components/schemas/shared.FileIntegrityEventType" + }, + "fileType": { + "$ref": "#/components/schemas/runtime.FSFileType" + }, + "fqdn": { + "description": "FQDN is the current fully qualified domain name used in audit alerts.\n", + "type": "string" + }, + "hostname": { + "description": "Hostname is the hostname on which the event was found.\n", + "type": "string" + }, + "metadata": { + "$ref": "#/components/schemas/shared.FileMetadata" + }, + "path": { + "description": "Path is the absolute path of the event.\n", + "type": "string" + }, + "processName": { + "description": "ProcessName is the name of the process initiated the event.\n", + "type": "string" + }, + "ruleName": { + "description": "RuleName is the name of the applied rule for auditing file integrity rules.\n", + "type": "string" + }, + "time": { + "description": "Time is the time of the event.\n", + "format": "date-time", + "type": "string" + }, + "user": { + "description": "User is the user initiated the event.\n", + "type": "string" + } + }, + "type": "object" + }, + "shared.FileIntegrityEventType": { + "description": "FileIntegrityEventType represents the type of the file integrity event", + "enum": [ + [ + "metadata", + "read", + "write" + ] + ], + "type": "string" + }, + "shared.FileMetadata": { + "description": "FileMetadata represents the metadata of a single file/directory", + "properties": { + "gid": { + "description": "GID is the ID of the group that owns the file/directory.\n", + "type": "integer" + }, + "permissions": { + "description": "Permissions are the file/directory permission bits.\n", + "type": "integer" + }, + "uid": { + "description": "UID is the ID of the user that owns the file/directory.\n", + "type": "integer" + } + }, + "type": "object" + }, + "shared.ForensicSettings": { + "description": "ForensicSettings are settings for the forensic data collection", + "properties": { + "appEmbeddedDiskUsageMb": { + "description": "AppEmbeddedDiskUsageMb is the maximum amount of disk space used to\nstore the app embedded historical forensic events.\n", + "type": "integer" + }, + "collectNetworkFirewall": { + "description": "CollectNetworkFirewall indicates whether network firewall collection is enabled.\n", + "type": "boolean" + }, + "collectNetworkSnapshot": { + "description": "CollectNetworkSnapshot indicates whether network snapshot collection is enabled.\n", + "type": "boolean" + }, + "containerDiskUsageMb": { + "description": "ContainerDiskUsageMb is the maximum amount of disk space used to\nstore the container historical forensic events.\n", + "type": "integer" + }, + "enabled": { + "description": "Enabled indicates whether host and container forensic data collection is enabled.\n", + "type": "boolean" + }, + "hostDiskUsageMb": { + "description": "HostDiskUsageMb is the maximum amount of disk space used to store\nthe host historical forensic events.\n", + "type": "integer" + }, + "incidentSnapshotsCap": { + "description": "IncidentSnapshotCap is the maximum amount of incident snapshots we store.\n", + "type": "integer" + } + }, + "type": "object" + }, + "shared.GitlabRegistrySpec": { + "description": "GitlabRegistrySpec represents a specification for registry scanning in GitLab", + "properties": { + "excludedGroupIDs": { + "description": ".\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "groupIDs": { + "description": ".\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "projectIDs": { + "description": ".\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "userID": { + "description": ".\n", + "type": "string" + } + }, + "type": "object" + }, + "shared.GraceDaysPolicy": { + "description": "GraceDaysPolicy indicates the grace days policy by severity", + "properties": { + "critical": { + "description": ".\n", + "type": "integer" + }, + "enabled": { + "description": "Enabled is an indication whether the the grace days by severity is enabled.\n", + "type": "boolean" + }, + "high": { + "description": ".\n", + "type": "integer" + }, + "low": { + "description": ".\n", + "type": "integer" + }, + "medium": { + "description": ".\n", + "type": "integer" + } + }, + "type": "object" + }, + "shared.HostActivity": { + "description": "HostActivity holds information for a user activity", + "properties": { + "_id": { + "description": "ID is activity's unique identifier.\n", + "type": "string" + }, + "accountID": { + "description": "AccountID is the cloud account ID.\n", + "type": "string" + }, + "affectedServices": { + "description": "AffectedServices is the affected systemd service.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "cluster": { + "description": "Cluster is the cluster from which the audit originated.\n", + "type": "string" + }, + "collections": { + "description": "Collections are collections to which this host activity applies.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "command": { + "description": "Command is the original (with arguments) command the user invoked.\n", + "type": "string" + }, + "hostname": { + "description": "Hostname the activity originated from.\n", + "type": "string" + }, + "interactive": { + "description": "Interactive indicates that the target process was spawned in an interactive session.\n", + "type": "boolean" + }, + "modifiedFiles": { + "description": "ModifiedFiles is the related modified files.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "msg": { + "description": "Message contains additional non-structured information about the activity, e.g. throttling message.\n", + "type": "string" + }, + "ruleName": { + "description": "RuleName is the name of the rule applied to the host activity.\n", + "type": "string" + }, + "service": { + "description": "Service is the owning systemd service.\n", + "type": "string" + }, + "time": { + "description": "Time is time of the activity.\n", + "format": "date-time", + "type": "string" + }, + "type": { + "$ref": "#/components/schemas/shared.ActivityType" + }, + "user": { + "description": "Username of the user that triggered the activity.\n", + "type": "string" + } + }, + "type": "object" + }, + "shared.HostAutoDeploySpecification": { + "description": "HostAutoDeploySpecification contains the information for host defender auto-deploy", + "properties": { + "awsRegionType": { + "$ref": "#/components/schemas/shared.RegionType" + }, + "bucketRegion": { + "description": "BucketRegion is the bucket region for Cloud Storage on GCP.\n", + "type": "string" + }, + "collections": { + "description": "Collections is a list of collections the rule applies to.\n", + "items": { + "$ref": "#/components/schemas/collection.Collection" + }, + "type": "array" + }, + "consoleHostname": { + "description": "ConsoleHostname represents the hostname of the console to connect to.\n", + "type": "string" + }, + "credentialID": { + "description": "CredentialID is the service provider authentication data.\n", + "type": "string" + }, + "lastModified": { + "description": "LastModified is the last modified time of the specification.\n", + "format": "date-time", + "type": "string" + }, + "name": { + "description": "Name is the name of the spec.\n", + "type": "string" + } + }, + "type": "object" + }, + "shared.HostAutoDeploySpecifications": { + "description": "HostAutoDeploySpecifications is a list of host auto-deploy specifications", + "items": { + "$ref": "#/components/schemas/shared.HostAutoDeploySpecification" + }, + "type": "array" + }, + "shared.HostInfo": { + "description": "HostInfo is a collection of information about the host and it's runtime state", + "properties": { + "Secrets": { + "description": "Secrets are paths to embedded secrets inside the image\nNote: capital letter JSON annotation is kept to avoid converting all images for backward-compatibility support.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "_id": { + "description": "Image identifier (image ID or repo:tag).\n", + "type": "string" + }, + "agentless": { + "description": "Agentless indicates that the host was scanned with the agentless scanner.\n", + "type": "boolean" + }, + "allCompliance": { + "$ref": "#/components/schemas/vuln.AllCompliance" + }, + "appEmbedded": { + "description": "Indicates that this image was scanned by an App-Embedded Defender.\n", + "type": "boolean" + }, + "applications": { + "description": "Products in the image.\n", + "items": { + "$ref": "#/components/schemas/vuln.Application" + }, + "type": "array" + }, + "baseImage": { + "description": "Image\u2019s base image name. Used when filtering the vulnerabilities by base images.\n", + "type": "string" + }, + "binaries": { + "description": "Binaries in the image.\n", + "items": { + "$ref": "#/components/schemas/shared.Binary" + }, + "type": "array" + }, + "cloudMetadata": { + "$ref": "#/components/schemas/common.CloudMetadata" + }, + "clusterType": { + "$ref": "#/components/schemas/common.ClusterType" + }, + "clusters": { + "description": "Cluster names.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "collections": { + "description": "Collections to which this result applies.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "complianceDistribution": { + "$ref": "#/components/schemas/vuln.Distribution" + }, + "complianceIssues": { + "description": "All the compliance issues.\n", + "items": { + "$ref": "#/components/schemas/vuln.Vulnerability" + }, + "type": "array" + }, + "complianceIssuesCount": { + "description": "Number of compliance issues.\n", + "type": "integer" + }, + "complianceRiskScore": { + "description": "Compliance risk score for the image.\n", + "format": "float", + "type": "number" + }, + "creationTime": { + "description": "Specifies the time of creation for the latest version of the image.\n", + "format": "date-time", + "type": "string" + }, + "distro": { + "description": "Full name of the distribution.\n", + "type": "string" + }, + "ecsClusterName": { + "description": "ECS cluster name.\n", + "type": "string" + }, + "err": { + "description": "Description of an error that occurred during image health scan.\n", + "type": "string" + }, + "externalLabels": { + "description": "Kubernetes external labels of all containers running this image.\n", + "items": { + "$ref": "#/components/schemas/common.ExternalLabel" + }, + "type": "array" + }, + "files": { + "description": "Files in the container.\n", + "items": { + "$ref": "#/components/schemas/shared.FileDetails" + }, + "type": "array" + }, + "firewallProtection": { + "$ref": "#/components/schemas/waas.ProtectionStatus" + }, + "firstScanTime": { + "description": "Specifies the time of the scan for the first version of the image. This time is preserved even after the version update.\n", + "format": "date-time", + "type": "string" + }, + "history": { + "description": "Docker image history.\n", + "items": { + "$ref": "#/components/schemas/shared.ImageHistory" + }, + "type": "array" + }, + "hostDevices": { + "description": "Map from host network device name to IP address.\n", + "items": { + "$ref": "#/components/schemas/common.NetworkDeviceIP" + }, + "type": "array" + }, + "hostRuntimeEnabled": { + "description": "HostRuntimeEnabled indicates if any runtime rule applies to the host.\n", + "type": "boolean" + }, + "hostname": { + "description": "Name of the host that was scanned.\n", + "type": "string" + }, + "hosts": { + "$ref": "#/components/schemas/shared.ImageHosts" + }, + "id": { + "description": "Image ID.\n", + "type": "string" + }, + "image": { + "$ref": "#/components/schemas/shared.Image" + }, + "installedProducts": { + "$ref": "#/components/schemas/shared.InstalledProducts" + }, + "instances": { + "description": "Details about each occurrence of the image (tag + host).\n", + "items": { + "$ref": "#/components/schemas/shared.ImageInstance" + }, + "type": "array" + }, + "isARM64": { + "description": "IsARM64 indicates if the architecture of the image is aarch64.\n", + "type": "boolean" + }, + "k8sClusterAddr": { + "description": "Endpoint of the Kubernetes API server.\n", + "type": "string" + }, + "labels": { + "description": "Image labels.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "layers": { + "description": "Image's filesystem layers. Each layer is a SHA256 digest of the filesystem diff\nSee: https://windsock.io/explaining-docker-image-ids/.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "malwareAnalyzedTime": { + "description": "MalwareAnalyzedTime is the WildFire evaluator analyzing time shown as progress in UI and cannot to be overwritten by a new scan result.\n", + "format": "date-time", + "type": "string" + }, + "missingDistroVulnCoverage": { + "description": "Indicates if the image OS is covered in the IS (true) or not (false).\n", + "type": "boolean" + }, + "namespaces": { + "description": "k8s namespaces of all the containers running this image.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "osDistro": { + "description": "Name of the OS distribution.\n", + "type": "string" + }, + "osDistroRelease": { + "description": "OS distribution release.\n", + "type": "string" + }, + "osDistroVersion": { + "description": "OS distribution version.\n", + "type": "string" + }, + "packageCorrelationDone": { + "description": "PackageCorrelationDone indicates that the correlation to OS packages has been done.\n", + "type": "boolean" + }, + "packageManager": { + "description": "Indicates if the package manager is installed for the OS.\n", + "type": "boolean" + }, + "packages": { + "description": "Packages which exist in the image.\n", + "items": { + "$ref": "#/components/schemas/shared.Packages" + }, + "type": "array" + }, + "pullDuration": { + "description": "PullDuration is the time it took to pull the image.\n", + "format": "int64", + "type": "integer" + }, + "pushTime": { + "description": "PushTime is the image push time to the registry.\n", + "format": "date-time", + "type": "string" + }, + "registryNamespace": { + "description": "IBM cloud namespace to which the image belongs.\n", + "type": "string" + }, + "registryType": { + "description": "RegistryType indicates the registry type where the image is stored.\n", + "type": "string" + }, + "repoDigests": { + "description": "Digests of the image. Used for content trust (notary). Has one digest per tag.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "repoTag": { + "$ref": "#/components/schemas/shared.ImageTag" + }, + "rhelRepos": { + "description": "RhelRepositories are the (RPM) repositories IDs from which the packages in this image were installed\nUsed for matching vulnerabilities by Red Hat CPEs.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "riskFactors": { + "$ref": "#/components/schemas/vuln.RiskFactors" + }, + "scanBuildDate": { + "description": "Scanner build date that published the image.\n", + "type": "string" + }, + "scanDuration": { + "description": "ScanDuration is the total time it took to scan the image.\n", + "format": "int64", + "type": "integer" + }, + "scanID": { + "description": "ScanID is the ID of the scan.\n", + "type": "integer" + }, + "scanTime": { + "description": "Specifies the time of the last scan of the image.\n", + "format": "date-time", + "type": "string" + }, + "scanVersion": { + "description": "Scanner version that published the image.\n", + "type": "string" + }, + "startupBinaries": { + "description": "Binaries which are expected to run when the container is created from this image.\n", + "items": { + "$ref": "#/components/schemas/shared.Binary" + }, + "type": "array" + }, + "stopped": { + "description": "Stopped indicates whether the host was running during the agentless scan.\n", + "type": "boolean" + }, + "tags": { + "description": "Tags associated with the given image.\n", + "items": { + "$ref": "#/components/schemas/shared.ImageTag" + }, + "type": "array" + }, + "topLayer": { + "description": "SHA256 of the image's last layer that is the last element of the Layers field.\n", + "type": "string" + }, + "trustResult": { + "$ref": "#/components/schemas/trust.ImageResult" + }, + "trustStatus": { + "$ref": "#/components/schemas/trust.Status" + }, + "twistlockImage": { + "description": "Indicates if the image is a Twistlock image (true) or not (false).\n", + "type": "boolean" + }, + "type": { + "$ref": "#/components/schemas/shared.ScanType" + }, + "vulnerabilities": { + "description": "CVE vulnerabilities of the image.\n", + "items": { + "$ref": "#/components/schemas/vuln.Vulnerability" + }, + "type": "array" + }, + "vulnerabilitiesCount": { + "description": "Total number of vulnerabilities.\n", + "type": "integer" + }, + "vulnerabilityDistribution": { + "$ref": "#/components/schemas/vuln.Distribution" + }, + "vulnerabilityRiskScore": { + "description": "Image's CVE risk score.\n", + "format": "float", + "type": "number" + }, + "wildFireUsage": { + "$ref": "#/components/schemas/wildfire.Usage" + } + }, + "type": "object" + }, + "shared.HostNetworkFirewallProfileAudits": { + "description": "HostNetworkFirewallProfileAudits represents the host network firewall profile audits", + "properties": { + "_id": { + "description": "ProfileID is the runtime profile ID.\n", + "type": "string" + }, + "audits": { + "additionalProperties": { + "$ref": "#/components/schemas/shared.HostNetworkFirewallSubtypeAudits" + }, + "description": "Audits is a map from the audit sub-type to the audit events list.\n", + "type": "object" + }, + "cluster": { + "description": "Cluster is the cluster from which the audit originated.\n", + "type": "string" + }, + "collections": { + "description": "Collections are collections to which this audit applies.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "imageName": { + "description": "ImageName is the container image name.\n", + "type": "string" + }, + "label": { + "description": "Label represents the container deployment label.\n", + "type": "string" + }, + "os": { + "description": "OS is the operating system distribution.\n", + "type": "string" + }, + "resource": { + "$ref": "#/components/schemas/common.RuntimeResource" + }, + "time": { + "description": "Time is the UTC time of the last audit event.\n", + "format": "date-time", + "type": "string" + }, + "total": { + "description": "Total is the total count of audits per runtime profile.\n", + "type": "integer" + } + }, + "type": "object" + }, + "shared.HostNetworkFirewallSubtypeAudits": { + "description": "HostNetworkFirewallSubtypeAudits represents the host network firewall sub type audits per profile", + "properties": { + "audits": { + "description": "Audits are the host network firewall audits associated with the sub-type, limited to the determined capacity.\n", + "items": { + "$ref": "#/components/schemas/cnnf.HostAudit" + }, + "type": "array" + }, + "count": { + "description": "Count is the total count of the sub-type audits.\n", + "type": "integer" + } + }, + "type": "object" + }, + "shared.HostRadarIncomingConnection": { + "description": "HostRadarIncomingConnection is the incoming connection between two apps in two hosts", + "properties": { + "dstHost": { + "description": "DstHost is the src hostname.\n", + "type": "string" + }, + "policyRules": { + "description": "PolicyRules are the policy rules that are applicable for source/dest. Used for radar display of connections deduced from policy rules.\n", + "items": { + "$ref": "#/components/schemas/cnnf.RadarPolicyRule" + }, + "type": "array" + }, + "ports": { + "description": "Ports are the destination ports.\n", + "items": { + "$ref": "#/components/schemas/common.PortData" + }, + "type": "array" + }, + "srcHash": { + "$ref": "#/components/schemas/common.ProfileHash" + }, + "srcHost": { + "description": "SrcHost is the src hostname.\n", + "type": "string" + } + }, + "type": "object" + }, + "shared.IPs": { + "description": "IPs represents a list of IPs", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "shared.Image": { + "description": "Image represents a container image", + "properties": { + "created": { + "description": "Date/time when the image was created.\n", + "format": "date-time", + "type": "string" + }, + "entrypoint": { + "description": "Combined entrypoint of the image (entrypoint + CMD).\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "env": { + "description": "Image environment variables.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "healthcheck": { + "description": "Indicates if health checks are enabled (true) or not (false).\n", + "type": "boolean" + }, + "history": { + "description": "Holds the image history.\n", + "items": { + "$ref": "#/components/schemas/shared.ImageHistory" + }, + "type": "array" + }, + "id": { + "description": "ID of the image.\n", + "type": "string" + }, + "labels": { + "additionalProperties": { + "$ref": "#/components/schemas/string" + }, + "description": "Image labels.\n", + "type": "object" + }, + "layers": { + "description": "Image filesystem layers.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "os": { + "description": "Image os type.\n", + "type": "string" + }, + "repoDigest": { + "description": "Image repo digests.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "repoTags": { + "description": "Image repo tags.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "user": { + "description": "Image user.\n", + "type": "string" + }, + "workingDir": { + "description": "Base working directory of the image.\n", + "type": "string" + } + }, + "type": "object" + }, + "shared.ImageHistory": { + "description": "ImageHistory represent a layer in the image's history", + "properties": { + "baseLayer": { + "description": "Indicates if this layer originated from the base image (true) or not (false).\n", + "type": "boolean" + }, + "created": { + "description": "Date/time when the image layer was created.\n", + "format": "int64", + "type": "integer" + }, + "emptyLayer": { + "description": "Indicates if this instruction didn't create a separate layer (true) or not (false).\n", + "type": "boolean" + }, + "id": { + "description": "ID of the layer.\n", + "type": "string" + }, + "instruction": { + "description": "Docker file instruction and arguments used to create this layer.\n", + "type": "string" + }, + "sizeBytes": { + "description": "Size of the layer (in bytes).\n", + "format": "int64", + "type": "integer" + }, + "tags": { + "description": "Holds the image tags.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "vulnerabilities": { + "description": "Vulnerabilities which originated from this layer.\n", + "items": { + "$ref": "#/components/schemas/vuln.Vulnerability" + }, + "type": "array" + } + }, + "type": "object" + }, + "shared.ImageHost": { + "description": "ImageHost holds information about image scan result per host", + "properties": { + "accountID": { + "description": "AccountID is the cloud account ID the image is associated with.\n", + "type": "string" + }, + "agentless": { + "description": "Agentless indicates if the image was scanned as part of an agentless scan.\n", + "type": "boolean" + }, + "agentlessScanID": { + "description": "AgentlessScanID is the ID of the agentless scan in which the result was received.\n", + "type": "integer" + }, + "appEmbedded": { + "description": "AppEmbedded indicates if the host is an app embedded host.\n", + "type": "boolean" + }, + "cluster": { + "description": "Cluster is the cluster on which the image is deployed.\n", + "type": "string" + }, + "modified": { + "description": "Modified is the last scan time.\n", + "format": "date-time", + "type": "string" + }, + "namespaces": { + "description": "Namespaces are the namespaces on which the image is deployed.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + "type": "object" + }, + "shared.ImageHosts": { + "additionalProperties": { + "$ref": "#/components/schemas/shared.ImageHost" + }, + "description": "ImageHosts is a fast index for image scan results metadata per host", + "type": "object" + }, + "shared.ImageInfo": { + "description": "ImageInfo contains image information collected during image scan", + "properties": { + "Secrets": { + "description": "Secrets are paths to embedded secrets inside the image\nNote: capital letter JSON annotation is kept to avoid converting all images for backward-compatibility support.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "allCompliance": { + "$ref": "#/components/schemas/vuln.AllCompliance" + }, + "applications": { + "description": "Products in the image.\n", + "items": { + "$ref": "#/components/schemas/vuln.Application" + }, + "type": "array" + }, + "baseImage": { + "description": "Image\u2019s base image name. Used when filtering the vulnerabilities by base images.\n", + "type": "string" + }, + "binaries": { + "description": "Binaries in the image.\n", + "items": { + "$ref": "#/components/schemas/shared.Binary" + }, + "type": "array" + }, + "cloudMetadata": { + "$ref": "#/components/schemas/common.CloudMetadata" + }, + "clusterType": { + "$ref": "#/components/schemas/common.ClusterType" + }, + "clusters": { + "description": "Cluster names.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "complianceDistribution": { + "$ref": "#/components/schemas/vuln.Distribution" + }, + "complianceIssues": { + "description": "All the compliance issues.\n", + "items": { + "$ref": "#/components/schemas/vuln.Vulnerability" + }, + "type": "array" + }, + "complianceIssuesCount": { + "description": "Number of compliance issues.\n", + "type": "integer" + }, + "complianceRiskScore": { + "description": "Compliance risk score for the image.\n", + "format": "float", + "type": "number" + }, + "creationTime": { + "description": "Specifies the time of creation for the latest version of the image.\n", + "format": "date-time", + "type": "string" + }, + "distro": { + "description": "Full name of the distribution.\n", + "type": "string" + }, + "ecsClusterName": { + "description": "ECS cluster name.\n", + "type": "string" + }, + "externalLabels": { + "description": "Kubernetes external labels of all containers running this image.\n", + "items": { + "$ref": "#/components/schemas/common.ExternalLabel" + }, + "type": "array" + }, + "files": { + "description": "Files in the container.\n", + "items": { + "$ref": "#/components/schemas/shared.FileDetails" + }, + "type": "array" + }, + "firstScanTime": { + "description": "Specifies the time of the scan for the first version of the image. This time is preserved even after the version update.\n", + "format": "date-time", + "type": "string" + }, + "history": { + "description": "Docker image history.\n", + "items": { + "$ref": "#/components/schemas/shared.ImageHistory" + }, + "type": "array" + }, + "hostDevices": { + "description": "Map from host network device name to IP address.\n", + "items": { + "$ref": "#/components/schemas/common.NetworkDeviceIP" + }, + "type": "array" + }, + "id": { + "description": "Image ID.\n", + "type": "string" + }, + "image": { + "$ref": "#/components/schemas/shared.Image" + }, + "installedProducts": { + "$ref": "#/components/schemas/shared.InstalledProducts" + }, + "isARM64": { + "description": "IsARM64 indicates if the architecture of the image is aarch64.\n", + "type": "boolean" + }, + "k8sClusterAddr": { + "description": "Endpoint of the Kubernetes API server.\n", + "type": "string" + }, + "labels": { + "description": "Image labels.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "layers": { + "description": "Image's filesystem layers. Each layer is a SHA256 digest of the filesystem diff\nSee: https://windsock.io/explaining-docker-image-ids/.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "missingDistroVulnCoverage": { + "description": "Indicates if the image OS is covered in the IS (true) or not (false).\n", + "type": "boolean" + }, + "namespaces": { + "description": "k8s namespaces of all the containers running this image.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "osDistro": { + "description": "Name of the OS distribution.\n", + "type": "string" + }, + "osDistroRelease": { + "description": "OS distribution release.\n", + "type": "string" + }, + "osDistroVersion": { + "description": "OS distribution version.\n", + "type": "string" + }, + "packageCorrelationDone": { + "description": "PackageCorrelationDone indicates that the correlation to OS packages has been done.\n", + "type": "boolean" + }, + "packageManager": { + "description": "Indicates if the package manager is installed for the OS.\n", + "type": "boolean" + }, + "packages": { + "description": "Packages which exist in the image.\n", + "items": { + "$ref": "#/components/schemas/shared.Packages" + }, + "type": "array" + }, + "pushTime": { + "description": "PushTime is the image push time to the registry.\n", + "format": "date-time", + "type": "string" + }, + "registryNamespace": { + "description": "IBM cloud namespace to which the image belongs.\n", + "type": "string" + }, + "registryType": { + "description": "RegistryType indicates the registry type where the image is stored.\n", + "type": "string" + }, + "repoDigests": { + "description": "Digests of the image. Used for content trust (notary). Has one digest per tag.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "repoTag": { + "$ref": "#/components/schemas/shared.ImageTag" + }, + "rhelRepos": { + "description": "RhelRepositories are the (RPM) repositories IDs from which the packages in this image were installed\nUsed for matching vulnerabilities by Red Hat CPEs.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "riskFactors": { + "$ref": "#/components/schemas/vuln.RiskFactors" + }, + "scanBuildDate": { + "description": "Scanner build date that published the image.\n", + "type": "string" + }, + "scanVersion": { + "description": "Scanner version that published the image.\n", + "type": "string" + }, + "startupBinaries": { + "description": "Binaries which are expected to run when the container is created from this image.\n", + "items": { + "$ref": "#/components/schemas/shared.Binary" + }, + "type": "array" + }, + "tags": { + "description": "Tags associated with the given image.\n", + "items": { + "$ref": "#/components/schemas/shared.ImageTag" + }, + "type": "array" + }, + "topLayer": { + "description": "SHA256 of the image's last layer that is the last element of the Layers field.\n", + "type": "string" + }, + "twistlockImage": { + "description": "Indicates if the image is a Twistlock image (true) or not (false).\n", + "type": "boolean" + }, + "vulnerabilities": { + "description": "CVE vulnerabilities of the image.\n", + "items": { + "$ref": "#/components/schemas/vuln.Vulnerability" + }, + "type": "array" + }, + "vulnerabilitiesCount": { + "description": "Total number of vulnerabilities.\n", + "type": "integer" + }, + "vulnerabilityDistribution": { + "$ref": "#/components/schemas/vuln.Distribution" + }, + "vulnerabilityRiskScore": { + "description": "Image's CVE risk score.\n", + "format": "float", + "type": "number" + } + }, + "type": "object" + }, + "shared.ImageInstance": { + "description": "ImageInstance represents an image on a single host", + "properties": { + "host": { + "description": ".\n", + "type": "string" + }, + "image": { + "description": ".\n", + "type": "string" + }, + "modified": { + "description": ".\n", + "format": "date-time", + "type": "string" + }, + "registry": { + "description": ".\n", + "type": "string" + }, + "repo": { + "description": ".\n", + "type": "string" + }, + "tag": { + "description": ".\n", + "type": "string" + } + }, + "type": "object" + }, + "shared.ImageScanResult": { + "description": "ImageScanResult holds the result of an image scan", + "properties": { + "Secrets": { + "description": "Secrets are paths to embedded secrets inside the image\nNote: capital letter JSON annotation is kept to avoid converting all images for backward-compatibility support.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "_id": { + "description": "Image identifier (image ID or repo:tag).\n", + "type": "string" + }, + "agentless": { + "description": "Agentless indicates that the host was scanned with the agentless scanner.\n", + "type": "boolean" + }, + "allCompliance": { + "$ref": "#/components/schemas/vuln.AllCompliance" + }, + "appEmbedded": { + "description": "Indicates that this image was scanned by an App-Embedded Defender.\n", + "type": "boolean" + }, + "applications": { + "description": "Products in the image.\n", + "items": { + "$ref": "#/components/schemas/vuln.Application" + }, + "type": "array" + }, + "baseImage": { + "description": "Image\u2019s base image name. Used when filtering the vulnerabilities by base images.\n", + "type": "string" + }, + "binaries": { + "description": "Binaries in the image.\n", + "items": { + "$ref": "#/components/schemas/shared.Binary" + }, + "type": "array" + }, + "cloudMetadata": { + "$ref": "#/components/schemas/common.CloudMetadata" + }, + "clusterType": { + "$ref": "#/components/schemas/common.ClusterType" + }, + "clusters": { + "description": "Cluster names.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "collections": { + "description": "Collections to which this result applies.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "complianceDistribution": { + "$ref": "#/components/schemas/vuln.Distribution" + }, + "complianceIssues": { + "description": "All the compliance issues.\n", + "items": { + "$ref": "#/components/schemas/vuln.Vulnerability" + }, + "type": "array" + }, + "complianceIssuesCount": { + "description": "Number of compliance issues.\n", + "type": "integer" + }, + "complianceRiskScore": { + "description": "Compliance risk score for the image.\n", + "format": "float", + "type": "number" + }, + "creationTime": { + "description": "Specifies the time of creation for the latest version of the image.\n", + "format": "date-time", + "type": "string" + }, + "distro": { + "description": "Full name of the distribution.\n", + "type": "string" + }, + "ecsClusterName": { + "description": "ECS cluster name.\n", + "type": "string" + }, + "err": { + "description": "Description of an error that occurred during image health scan.\n", + "type": "string" + }, + "externalLabels": { + "description": "Kubernetes external labels of all containers running this image.\n", + "items": { + "$ref": "#/components/schemas/common.ExternalLabel" + }, + "type": "array" + }, + "files": { + "description": "Files in the container.\n", + "items": { + "$ref": "#/components/schemas/shared.FileDetails" + }, + "type": "array" + }, + "firewallProtection": { + "$ref": "#/components/schemas/waas.ProtectionStatus" + }, + "firstScanTime": { + "description": "Specifies the time of the scan for the first version of the image. This time is preserved even after the version update.\n", + "format": "date-time", + "type": "string" + }, + "history": { + "description": "Docker image history.\n", + "items": { + "$ref": "#/components/schemas/shared.ImageHistory" + }, + "type": "array" + }, + "hostDevices": { + "description": "Map from host network device name to IP address.\n", + "items": { + "$ref": "#/components/schemas/common.NetworkDeviceIP" + }, + "type": "array" + }, + "hostRuntimeEnabled": { + "description": "HostRuntimeEnabled indicates if any runtime rule applies to the host.\n", + "type": "boolean" + }, + "hostname": { + "description": "Name of the host that was scanned.\n", + "type": "string" + }, + "hosts": { + "$ref": "#/components/schemas/shared.ImageHosts" + }, + "id": { + "description": "Image ID.\n", + "type": "string" + }, + "image": { + "$ref": "#/components/schemas/shared.Image" + }, + "installedProducts": { + "$ref": "#/components/schemas/shared.InstalledProducts" + }, + "instances": { + "description": "Details about each occurrence of the image (tag + host).\n", + "items": { + "$ref": "#/components/schemas/shared.ImageInstance" + }, + "type": "array" + }, + "isARM64": { + "description": "IsARM64 indicates if the architecture of the image is aarch64.\n", + "type": "boolean" + }, + "k8sClusterAddr": { + "description": "Endpoint of the Kubernetes API server.\n", + "type": "string" + }, + "labels": { + "description": "Image labels.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "layers": { + "description": "Image's filesystem layers. Each layer is a SHA256 digest of the filesystem diff\nSee: https://windsock.io/explaining-docker-image-ids/.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "malwareAnalyzedTime": { + "description": "MalwareAnalyzedTime is the WildFire evaluator analyzing time shown as progress in UI and cannot to be overwritten by a new scan result.\n", + "format": "date-time", + "type": "string" + }, + "missingDistroVulnCoverage": { + "description": "Indicates if the image OS is covered in the IS (true) or not (false).\n", + "type": "boolean" + }, + "namespaces": { + "description": "k8s namespaces of all the containers running this image.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "osDistro": { + "description": "Name of the OS distribution.\n", + "type": "string" + }, + "osDistroRelease": { + "description": "OS distribution release.\n", + "type": "string" + }, + "osDistroVersion": { + "description": "OS distribution version.\n", + "type": "string" + }, + "packageCorrelationDone": { + "description": "PackageCorrelationDone indicates that the correlation to OS packages has been done.\n", + "type": "boolean" + }, + "packageManager": { + "description": "Indicates if the package manager is installed for the OS.\n", + "type": "boolean" + }, + "packages": { + "description": "Packages which exist in the image.\n", + "items": { + "$ref": "#/components/schemas/shared.Packages" + }, + "type": "array" + }, + "pullDuration": { + "description": "PullDuration is the time it took to pull the image.\n", + "format": "int64", + "type": "integer" + }, + "pushTime": { + "description": "PushTime is the image push time to the registry.\n", + "format": "date-time", + "type": "string" + }, + "registryNamespace": { + "description": "IBM cloud namespace to which the image belongs.\n", + "type": "string" + }, + "registryType": { + "description": "RegistryType indicates the registry type where the image is stored.\n", + "type": "string" + }, + "repoDigests": { + "description": "Digests of the image. Used for content trust (notary). Has one digest per tag.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "repoTag": { + "$ref": "#/components/schemas/shared.ImageTag" + }, + "rhelRepos": { + "description": "RhelRepositories are the (RPM) repositories IDs from which the packages in this image were installed\nUsed for matching vulnerabilities by Red Hat CPEs.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "riskFactors": { + "$ref": "#/components/schemas/vuln.RiskFactors" + }, + "scanBuildDate": { + "description": "Scanner build date that published the image.\n", + "type": "string" + }, + "scanDuration": { + "description": "ScanDuration is the total time it took to scan the image.\n", + "format": "int64", + "type": "integer" + }, + "scanID": { + "description": "ScanID is the ID of the scan.\n", + "type": "integer" + }, + "scanTime": { + "description": "Specifies the time of the last scan of the image.\n", + "format": "date-time", + "type": "string" + }, + "scanVersion": { + "description": "Scanner version that published the image.\n", + "type": "string" + }, + "startupBinaries": { + "description": "Binaries which are expected to run when the container is created from this image.\n", + "items": { + "$ref": "#/components/schemas/shared.Binary" + }, + "type": "array" + }, + "stopped": { + "description": "Stopped indicates whether the host was running during the agentless scan.\n", + "type": "boolean" + }, + "tags": { + "description": "Tags associated with the given image.\n", + "items": { + "$ref": "#/components/schemas/shared.ImageTag" + }, + "type": "array" + }, + "topLayer": { + "description": "SHA256 of the image's last layer that is the last element of the Layers field.\n", + "type": "string" + }, + "trustResult": { + "$ref": "#/components/schemas/trust.ImageResult" + }, + "trustStatus": { + "$ref": "#/components/schemas/trust.Status" + }, + "twistlockImage": { + "description": "Indicates if the image is a Twistlock image (true) or not (false).\n", + "type": "boolean" + }, + "type": { + "$ref": "#/components/schemas/shared.ScanType" + }, + "vulnerabilities": { + "description": "CVE vulnerabilities of the image.\n", + "items": { + "$ref": "#/components/schemas/vuln.Vulnerability" + }, + "type": "array" + }, + "vulnerabilitiesCount": { + "description": "Total number of vulnerabilities.\n", + "type": "integer" + }, + "vulnerabilityDistribution": { + "$ref": "#/components/schemas/vuln.Distribution" + }, + "vulnerabilityRiskScore": { + "description": "Image's CVE risk score.\n", + "format": "float", + "type": "number" + }, + "wildFireUsage": { + "$ref": "#/components/schemas/wildfire.Usage" + } + }, + "type": "object" + }, + "shared.ImageTag": { + "description": "ImageTag represents an image repository and its associated tag or registry digest", + "properties": { + "digest": { + "description": "Image digest (requires V2 or later registry).\n", + "type": "string" + }, + "id": { + "description": "ID of the image.\n", + "type": "string" + }, + "registry": { + "description": "Registry name to which the image belongs.\n", + "type": "string" + }, + "repo": { + "description": "Repository name to which the image belongs.\n", + "type": "string" + }, + "tag": { + "description": "Image tag.\n", + "type": "string" + } + }, + "type": "object" + }, + "shared.Incident": { + "description": "Incident represents an incident", + "properties": { + "_id": { + "description": "Internal ID of the incident.\n", + "type": "string" + }, + "accountID": { + "description": "Cloud account ID.\n", + "type": "string" + }, + "acknowledged": { + "description": "Indicates if the incident has been acknowledged (true) or not (false).\n", + "type": "boolean" + }, + "app": { + "description": "Application that caused the incident.\n", + "type": "string" + }, + "appID": { + "description": "Application ID.\n", + "type": "string" + }, + "audits": { + "description": "All runtime audits of the incident.\n", + "items": { + "$ref": "#/components/schemas/shared.RuntimeAudit" + }, + "type": "array" + }, + "category": { + "$ref": "#/components/schemas/shared.IncidentCategory" + }, + "cluster": { + "description": "Cluster on which the incident was found.\n", + "type": "string" + }, + "collections": { + "description": "Collections to which this incident applies.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "containerID": { + "description": "ID of the container that triggered the incident.\n", + "type": "string" + }, + "containerName": { + "description": "Unique container name.\n", + "type": "string" + }, + "customRuleName": { + "description": "Name of the custom runtime rule that triggered the incident.\n", + "type": "string" + }, + "fqdn": { + "description": "Current hostname's full domain name.\n", + "type": "string" + }, + "function": { + "description": "Name of the serverless function.\n", + "type": "string" + }, + "functionID": { + "description": "ID of the function that triggered the incident.\n", + "type": "string" + }, + "hostname": { + "description": "Current hostname.\n", + "type": "string" + }, + "imageID": { + "description": "Container image ID.\n", + "type": "string" + }, + "imageName": { + "description": "Container image name.\n", + "type": "string" + }, + "labels": { + "additionalProperties": { + "$ref": "#/components/schemas/string" + }, + "description": "Custom labels associated with the container.\n", + "type": "object" + }, + "namespace": { + "description": "k8s deployment namespace.\n", + "type": "string" + }, + "profileID": { + "description": "Runtime profile ID.\n", + "type": "string" + }, + "provider": { + "$ref": "#/components/schemas/common.CloudProvider" + }, + "region": { + "description": "Region of the resource on which the incident was found.\n", + "type": "string" + }, + "resourceID": { + "description": "Unique ID of the resource on which the incident was found.\n", + "type": "string" + }, + "runtime": { + "description": "Runtime of the serverless function.\n", + "type": "string" + }, + "serialNum": { + "description": "Serial number of the incident.\n", + "type": "integer" + }, + "shouldCollect": { + "description": "Indicates if this incident should be collected (true) or not (false).\n", + "type": "boolean" + }, + "time": { + "description": "Time of the incident (in UTC time).\n", + "format": "date-time", + "type": "string" + }, + "type": { + "$ref": "#/components/schemas/shared.IncidentType" + }, + "vmID": { + "description": "Azure unique VM ID on which the incident was found.\n", + "type": "string" + }, + "windows": { + "description": "Windows indicates if defender OS type is Windows.\n", + "type": "boolean" + } + }, + "type": "object" + }, + "shared.IncidentCategory": { + "description": "IncidentCategory is the incident category", + "enum": [ + [ + "portScanning", + "hijackedProcess", + "dataExfiltration", + "kubernetes", + "backdoorAdministrativeAccount", + "backdoorSSHAccess", + "cryptoMiner", + "lateralMovement", + "bruteForce", + "customRule", + "alteredBinary", + "suspiciousBinary", + "executionFlowHijackAttempt", + "reverseShell", + "malware", + "cloudProvider" + ] + ], + "type": "string" + }, + "shared.IncidentType": { + "description": "IncidentType is the type of the incident", + "enum": [ + [ + "host", + "container", + "function", + "appEmbedded", + "fargate" + ] + ], + "type": "string" + }, + "shared.InstalledProducts": { + "description": "InstalledProducts contains data regarding products running in environment\nTODO #34713: Swarm support was deprecated in Joule, remove swarm node/manager boolean (and related compliance) in Lagrange", + "properties": { + "agentless": { + "description": "Agentless indicates whether the scan was performed with agentless approach.\n", + "type": "boolean" + }, + "apache": { + "description": "Apache indicates the apache server version, empty in case apache not running.\n", + "type": "string" + }, + "awsCloud": { + "description": "AWSCloud indicates whether AWS cloud is used.\n", + "type": "boolean" + }, + "crio": { + "description": "CRI indicates whether the container runtime is CRI (and not docker).\n", + "type": "boolean" + }, + "docker": { + "description": "Docker represents the docker daemon version.\n", + "type": "string" + }, + "dockerEnterprise": { + "description": "DockerEnterprise indicates whether the enterprise version of Docker is installed.\n", + "type": "boolean" + }, + "hasPackageManager": { + "description": "HasPackageManager indicates whether package manager is installed on the OS.\n", + "type": "boolean" + }, + "k8sApiServer": { + "description": "K8sAPIServer indicates whether a kubernetes API server is running.\n", + "type": "boolean" + }, + "k8sControllerManager": { + "description": "K8sControllerManager indicates whether a kubernetes controller manager is running.\n", + "type": "boolean" + }, + "k8sEtcd": { + "description": "K8sEtcd indicates whether etcd is running.\n", + "type": "boolean" + }, + "k8sFederationApiServer": { + "description": "K8sFederationAPIServer indicates whether a federation API server is running.\n", + "type": "boolean" + }, + "k8sFederationControllerManager": { + "description": "K8sFederationControllerManager indicates whether a federation controller manager is running.\n", + "type": "boolean" + }, + "k8sKubelet": { + "description": "K8sKubelet indicates whether kubelet is running.\n", + "type": "boolean" + }, + "k8sProxy": { + "description": "K8sProxy indicates whether a kubernetes proxy is running.\n", + "type": "boolean" + }, + "k8sScheduler": { + "description": "K8sScheduler indicates whether the kubernetes scheduler is running.\n", + "type": "boolean" + }, + "kubernetes": { + "description": "Kubernetes represents the kubernetes version.\n", + "type": "string" + }, + "openshift": { + "description": "Openshift indicates whether openshift is deployed.\n", + "type": "boolean" + }, + "openshiftVersion": { + "description": "OpenshiftVersion represents the running openshift version.\n", + "type": "string" + }, + "osDistro": { + "description": "OSDistro specifies the os distribution.\n", + "type": "string" + }, + "serverless": { + "description": "Serverless indicates whether evaluated on a serverless environment.\n", + "type": "boolean" + }, + "swarmManager": { + "description": "SwarmManager indicates whether a swarm manager is running.\n", + "type": "boolean" + }, + "swarmNode": { + "description": "SwarmNode indicates whether the node is part of an active swarm.\n", + "type": "boolean" + } + }, + "type": "object" + }, + "shared.InternetConnections": { + "description": "InternetConnections represents the radar internet connections", + "properties": { + "incoming": { + "description": "Incoming is the incoming connections.\n", + "items": { + "$ref": "#/components/schemas/shared.Connection" + }, + "type": "array" + }, + "outgoing": { + "description": "Outgoing is the outgoing connections.\n", + "items": { + "$ref": "#/components/schemas/shared.Connection" + }, + "type": "array" + } + }, + "type": "object" + }, + "shared.JFrogRepoType": { + "description": "JFrogRepoType represents the type of JFrog Artifactory repository", + "enum": [ + [ + "local", + "remote", + "virtual" + ] + ], + "type": "string" + }, + "shared.KeyValues": { + "description": "KeyValues is a generic key values struct", + "properties": { + "key": { + "description": ".\n", + "type": "string" + }, + "values": { + "description": ".\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + "type": "object" + }, + "shared.KubeClusterRole": { + "description": "KubeClusterRole is a compact version of Kubernetes ClusterRole\nSee https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.25/#clusterrole-v1-rbac-authorization-k8s-io", + "properties": { + "labels": { + "description": "Labels are the labels associated with the role.\n", + "items": { + "$ref": "#/components/schemas/shared.KubeLabel" + }, + "type": "array" + }, + "name": { + "description": "Name is the kubernetes role name.\n", + "type": "string" + }, + "roleBinding": { + "description": "RoleBinding is the name of the role binding used for display.\n", + "type": "string" + }, + "rules": { + "description": "Rules are the policy rules associated with the role.\n", + "items": { + "$ref": "#/components/schemas/shared.KubePolicyRule" + }, + "type": "array" + }, + "version": { + "description": "Version is the resource version of the role object maintained by Kubernetes.\n", + "type": "string" + } + }, + "type": "object" + }, + "shared.KubeLabel": { + "description": "KubeLabel represents a label\nThese are stored as an array to allow special characters in key names,\nsee https://docs.mongodb.com/manual/reference/limits/#Restrictions-on-Field-Names\nFor example: kubernetes.io/bootstrapping", + "properties": { + "key": { + "description": "Key is the key of the label.\n", + "type": "string" + }, + "value": { + "description": "Value is the value of the label.\n", + "type": "string" + } + }, + "type": "object" + }, + "shared.KubePolicyRule": { + "description": "KubePolicyRule is a compact version of Kubernetes PolicyRule\nSee https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.25/#policyrule-v1-rbac-authorization-k8s-io", + "properties": { + "apiGroups": { + "description": ".\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "nonResourceURLs": { + "description": ".\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "resourceNames": { + "description": ".\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "resources": { + "description": ".\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "verbs": { + "description": ".\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + "type": "object" + }, + "shared.KubeRole": { + "description": "KubeRole is a compact version of Kubernetes Role\nSee https://kubernetes.io/docs/reference/generated/kubernetes-api/v1.25/#role-v1-rbac-authorization-k8s-io", + "properties": { + "labels": { + "description": "Labels are the labels associated with the role.\n", + "items": { + "$ref": "#/components/schemas/shared.KubeLabel" + }, + "type": "array" + }, + "name": { + "description": "Name is the role name.\n", + "type": "string" + }, + "namespace": { + "description": "Namespace is the namespace associated with the role.\n", + "type": "string" + }, + "roleBinding": { + "description": "RoleBinding is the name of the role binding used for display.\n", + "type": "string" + }, + "rules": { + "description": "Rules are the list of rules associated with the cluster role.\n", + "items": { + "$ref": "#/components/schemas/shared.KubePolicyRule" + }, + "type": "array" + }, + "version": { + "description": "Version is the resource version of the role object maintained by Kubernetes.\n", + "type": "string" + } + }, + "type": "object" + }, + "shared.LambdaRuntimeType": { + "description": "LambdaRuntimeType represents the runtime type of the serverless function\nThe constants used are taken from: https://docs.aws.amazon.com/lambda/latest/dg/API_CreateFunction.html#SSS-CreateFunction-request-Runtime", + "enum": [ + [ + "python", + "python3.6", + "python3.7", + "python3.8", + "python3.9", + "nodejs12.x", + "nodejs14.x", + "dotnetcore2.1", + "dotnetcore3.1", + "dotnet6", + "java8", + "java11", + "ruby2.7" + ] + ], + "type": "string" + }, + "shared.License": { + "description": "License represent the customer license", + "properties": { + "access_token": { + "description": "AccessToken is the customer access token.\n", + "type": "string" + }, + "contract_id": { + "description": "ContractID is the customer contract ID.\n", + "type": "string" + }, + "contract_type": { + "$ref": "#/components/schemas/shared.LicenseContractType" + }, + "credits": { + "description": "Credits the total amount of credits purchased by the customer.\n", + "type": "integer" + }, + "customer_id": { + "description": "CustomerID is the customer ID.\n", + "type": "string" + }, + "defender_details": { + "description": "DefenderDetails represents the defenders license details.\n", + "items": { + "$ref": "#/components/schemas/shared.DefenderLicenseDetails" + }, + "type": "array" + }, + "defenders": { + "description": "Deprecated: Defenders is the maximum number of defender allowed in this license. Use DefenderDetails field instead.\n", + "type": "integer" + }, + "expiration_date": { + "description": "ExpirationDate is the license expiration date.\n", + "format": "date-time", + "type": "string" + }, + "issue_date": { + "description": "IssueDate is the license issue date.\n", + "format": "date-time", + "type": "string" + }, + "type": { + "$ref": "#/components/schemas/shared.LicenseTier" + }, + "workloads": { + "description": "Deprecated: Workloads is the number of workloads per license kept for backward compatibility. Use Credits instead.\n", + "type": "integer" + } + }, + "type": "object" + }, + "shared.LicenseConfig": { + "description": "LicenseConfig is the compliance policy license configuration", + "properties": { + "alertThreshold": { + "$ref": "#/components/schemas/shared.LicenseThreshold" + }, + "blockThreshold": { + "$ref": "#/components/schemas/shared.LicenseThreshold" + }, + "critical": { + "description": "Critical is the list of licenses with critical severity.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "high": { + "description": "High is the list of licenses with high severity.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "low": { + "description": "Low is the list of licenses with low severity.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "medium": { + "description": "Medium is the list of licenses with medium severity.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + "type": "object" + }, + "shared.LicenseContractType": { + "description": "LicenseContractType is the license contract type", + "enum": [ + [ + "", + "host", + "avg", + "burndown" + ] + ], + "type": "string" + }, + "shared.LicenseThreshold": { + "description": "LicenseThreshold is the license severity threshold to indicate whether to perform an action (alert/block)\nThreshold values typically vary between 0 and 10 (noninclusive)", + "properties": { + "enabled": { + "description": "Enabled indicates that the action is enabled.\n", + "type": "boolean" + }, + "value": { + "description": "Value is the minimum severity score for which the action is enabled.\n", + "format": "float", + "type": "number" + } + }, + "type": "object" + }, + "shared.LicenseTier": { + "description": "LicenseTier represents the license tier of the customer", + "enum": [ + [ + "", + "developer", + "enterprise", + "evaluation", + "oem" + ] + ], + "type": "string" + }, + "shared.LogInspectionEvent": { + "description": "LogInspectionEvent is a log inspection event detected according to the log inspection rules", + "properties": { + "_id": { + "description": "ID is event's unique identifier.\n", + "type": "string" + }, + "accountID": { + "description": "AccountID is the cloud account ID.\n", + "type": "string" + }, + "cluster": { + "description": "Cluster is the cluster on which the event was found.\n", + "type": "string" + }, + "collections": { + "description": "Collections are collections to which this event applies.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "hostname": { + "description": "Hostname is the hostname on which the event was found.\n", + "type": "string" + }, + "line": { + "description": "Line is the matching log line.\n", + "type": "string" + }, + "logfile": { + "description": "Logfile is the log file which triggered the event.\n", + "type": "string" + }, + "ruleName": { + "description": "RuleName is the name of the applied rule for auditing log inspection events.\n", + "type": "string" + }, + "time": { + "description": "Time is the time of the event.\n", + "format": "date-time", + "type": "string" + } + }, + "type": "object" + }, + "shared.LoggerSetting": { + "description": "LoggerSetting are a specific logger settings", + "properties": { + "allProcEvents": { + "description": "AllProcEvents indicates whether any new spawned container process should generate an event source entry.\n", + "type": "boolean" + }, + "enabled": { + "description": "Enabled indicates whether log feature is enabled.\n", + "type": "boolean" + }, + "verboseScan": { + "description": "VerboseScan indicates whether detailed scan (Compliance/Vulnerability) result should be written to event logger.\n", + "type": "boolean" + } + }, + "type": "object" + }, + "shared.LoggingSettings": { + "description": "LoggingSettings are the logging settings", + "properties": { + "consoleAddress": { + "description": "ConsoleAddress is the console address used by the admin to access the console, used for creating links for runtime events.\n", + "type": "string" + }, + "enableMetricsCollection": { + "description": "EnableMetricsCollection indicates whether metric collections feature is enabled.\n", + "type": "boolean" + }, + "includeRuntimeLink": { + "description": "IncludeRuntimeLink indicates whether link to forensic event should be included in the output.\n", + "type": "boolean" + }, + "stdout": { + "$ref": "#/components/schemas/shared.LoggerSetting" + }, + "syslog": { + "$ref": "#/components/schemas/shared.SyslogSettings" + } + }, + "type": "object" + }, + "shared.Malware": { + "description": "Malware is an executable and its md5", + "properties": { + "allowed": { + "description": "Allowed indicates if this signature is on the allowed list.\n", + "type": "boolean" + }, + "md5": { + "description": ".\n", + "type": "string" + }, + "modified": { + "description": "Modified is the time the malware was added to the DB.\n", + "format": "int64", + "type": "integer" + }, + "name": { + "description": ".\n", + "type": "string" + } + }, + "type": "object" + }, + "shared.MgmtAudit": { + "description": "MgmtAudit represents a management audit in the system", + "properties": { + "api": { + "description": "API is the api used in the audit process.\n", + "type": "string" + }, + "diff": { + "description": "Diff is the diff between old and new values.\n", + "type": "string" + }, + "failure": { + "description": "Failure states whether the request failed or not.\n", + "type": "boolean" + }, + "sourceIP": { + "description": "SourceIP is the request's source IP.\n", + "type": "string" + }, + "status": { + "description": "Status is the request's response status.\n", + "type": "string" + }, + "time": { + "description": "Time is the time of the request.\n", + "format": "date-time", + "type": "string" + }, + "type": { + "$ref": "#/components/schemas/shared.MgmtType" + }, + "username": { + "description": "Username is the username of the user who performed the action.\n", + "type": "string" + } + }, + "type": "object" + }, + "shared.MgmtType": { + "description": "MgmtType represents management audit types", + "enum": [ + [ + "login", + "profile", + "settings", + "rule", + "user", + "group", + "credential", + "tag", + "role" + ] + ], + "type": "string" + }, + "shared.NetworkInfo": { + "description": "NetworkInfo contains data about a container regarding a specific network", + "properties": { + "ipAddress": { + "description": "IPAddress is the container IP.\n", + "type": "string" + }, + "macAddress": { + "description": "MacAddress is the container MAC.\n", + "type": "string" + }, + "name": { + "description": "Name is the network name.\n", + "type": "string" + } + }, + "type": "object" + }, + "shared.Package": { + "description": "Package stores relevant package information", + "properties": { + "binaryIdx": { + "description": "Indexes of the top binaries which use the package.\n", + "items": { + "$ref": "#/components/schemas/int16" + }, + "type": "array" + }, + "binaryPkgs": { + "description": "Names of the distro binary packages (packages which are built on the source of the package).\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "cveCount": { + "description": "Total number of CVEs for this specific package.\n", + "type": "integer" + }, + "defaultGem": { + "description": "DefaultGem indicates this is a gem default package (and not a bundled package).\n", + "type": "boolean" + }, + "files": { + "description": "List of package-related files and their hashes. Only included when the appropriate scan option is set.\n", + "items": { + "$ref": "#/components/schemas/shared.FileDetails" + }, + "type": "array" + }, + "functionLayer": { + "description": "ID of the serverless layer in which the package was discovered.\n", + "type": "string" + }, + "goPkg": { + "description": "GoPkg indicates this is a Go package (and not module).\n", + "type": "boolean" + }, + "jarIdentifier": { + "description": "JarIdentifier holds an additional identification detail of a JAR package.\n", + "type": "string" + }, + "layerTime": { + "description": "Image layer to which the package belongs (layer creation time).\n", + "format": "int64", + "type": "integer" + }, + "license": { + "description": "License information for the package.\n", + "type": "string" + }, + "name": { + "description": "Name of the package.\n", + "type": "string" + }, + "osPackage": { + "description": "OSPackage indicates that a python/java package was installed as an OS package.\n", + "type": "boolean" + }, + "path": { + "description": "Full package path (e.g., JAR or Node.js package path).\n", + "type": "string" + }, + "version": { + "description": "Package version.\n", + "type": "string" + } + }, + "type": "object" + }, + "shared.Packages": { + "description": "Packages is a collection of packages", + "properties": { + "pkgs": { + "description": "List of packages.\n", + "items": { + "$ref": "#/components/schemas/shared.Package" + }, + "type": "array" + }, + "pkgsType": { + "$ref": "#/components/schemas/vuln.PackageType" + } + }, + "type": "object" + }, + "shared.Policy": { + "description": "Policy represents a policy that should be enforced by the Auditor", + "properties": { + "_id": { + "description": "Internal identifier.\n", + "type": "string" + }, + "policyType": { + "$ref": "#/components/schemas/common.PolicyType" + }, + "rules": { + "description": "Rules holds all policy rules.\n", + "items": { + "$ref": "#/components/schemas/shared.PolicyRule" + }, + "type": "array" + } + }, + "type": "object" + }, + "shared.PolicyRule": { + "description": "PolicyRule is a single rule in the policy", + "properties": { + "action": { + "description": "Action to take.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "alertThreshold": { + "$ref": "#/components/schemas/shared.AlertThreshold" + }, + "allCompliance": { + "description": "Reports the results of all compliance checks (both passed and failed) (true).\n", + "type": "boolean" + }, + "auditAllowed": { + "description": "Specifies if Prisma Cloud audits successful transactions.\n", + "type": "boolean" + }, + "blockMsg": { + "$ref": "#/components/schemas/common.PolicyBlockMsg" + }, + "blockThreshold": { + "$ref": "#/components/schemas/shared.BlockThreshold" + }, + "collections": { + "description": "List of collections. Used to scope the rule.\n", + "items": { + "$ref": "#/components/schemas/collection.Collection" + }, + "type": "array" + }, + "condition": { + "$ref": "#/components/schemas/shared.Conditions" + }, + "createPR": { + "description": "CreatePR indicates whether to create a pull request for vulnerability fixes (relevant for code repos).\n", + "type": "boolean" + }, + "cveRules": { + "description": "List of CVE IDs classified for special handling (also known as exceptions).\n", + "items": { + "$ref": "#/components/schemas/shared.CVERule" + }, + "type": "array" + }, + "disabled": { + "description": "Indicates if the rule is currently disabled (true) or not (false).\n", + "type": "boolean" + }, + "effect": { + "$ref": "#/components/schemas/common.PolicyEffect" + }, + "excludeBaseImageVulns": { + "description": "ExcludeBaseImageVulns indicates whether to exclude vulnerabilities coming from the base image.\n", + "type": "boolean" + }, + "graceDays": { + "description": "Number of days to suppress the rule's block effect. Measured from date the vuln was fixed. If there's no fix, measured from the date the vuln was published.\n", + "type": "integer" + }, + "graceDaysPolicy": { + "$ref": "#/components/schemas/shared.GraceDaysPolicy" + }, + "group": { + "description": "Applicable groups.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "license": { + "$ref": "#/components/schemas/shared.LicenseConfig" + }, + "modified": { + "description": "Datetime when the rule was last modified.\n", + "format": "date-time", + "type": "string" + }, + "name": { + "description": "Name of the rule.\n", + "type": "string" + }, + "notes": { + "description": "Free-form text.\n", + "type": "string" + }, + "onlyFixed": { + "description": "Applies rule only when vendor fixes are available (true).\n", + "type": "boolean" + }, + "owner": { + "description": "User who created or last modified the rule.\n", + "type": "string" + }, + "previousName": { + "description": "Previous name of the rule. Required for rule renaming.\n", + "type": "string" + }, + "principal": { + "description": "Applicable users.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "riskFactorsEffects": { + "description": "RiskFactorsEffects indicates the effect (alert/block) of each risk factor.\n", + "items": { + "$ref": "#/components/schemas/shared.RiskFactorEffect" + }, + "type": "array" + }, + "tags": { + "description": "List of tags classified for special handling (also known as exceptions).\n", + "items": { + "$ref": "#/components/schemas/shared.TagRule" + }, + "type": "array" + }, + "verbose": { + "description": "Displays a detailed message when an operation is blocked (true).\n", + "type": "boolean" + } + }, + "type": "object" + }, + "shared.Port": { + "description": "Port is a container port", + "properties": { + "containerPort": { + "description": "ContainerPort is the mapped port inside the container.\n", + "type": "string" + }, + "hostIP": { + "description": "HostIP is the host IP.\n", + "type": "string" + }, + "hostPort": { + "description": "HostPort is the host port.\n", + "type": "integer" + } + }, + "type": "object" + }, + "shared.ProfileKubernetesData": { + "description": "ProfileKubernetesData holds Kubernetes data", + "properties": { + "clusterRoles": { + "description": "ClusterRoles are the cluster roles of the associated service account.\n", + "items": { + "$ref": "#/components/schemas/shared.KubeClusterRole" + }, + "type": "array" + }, + "roles": { + "description": "Roles are the roles of the associated service account.\n", + "items": { + "$ref": "#/components/schemas/shared.KubeRole" + }, + "type": "array" + }, + "serviceAccount": { + "description": "ServiceAccount is the service account used to access Kubernetes apiserver\nThis field will be empty if the container is not running inside of a Pod.\n", + "type": "string" + } + }, + "type": "object" + }, + "shared.Progress": { + "description": "Progress displays the scan progress", + "properties": { + "discovery": { + "description": "Discovery indicates whether the scan is in discovery phase.\n", + "type": "boolean" + }, + "error": { + "description": "Error is the error that happened during scan.\n", + "type": "string" + }, + "hostname": { + "description": "Hostname is the hostname for which the progress apply.\n", + "type": "string" + }, + "id": { + "description": "ID is the ID of the entity being scanned.\n", + "type": "string" + }, + "scanTime": { + "description": "ScanTime is the time of scan.\n", + "format": "date-time", + "type": "string" + }, + "scanned": { + "description": "Scanned is the number of entities for which the scan completed.\n", + "type": "integer" + }, + "title": { + "description": "Title is the progress title (set by the scanning process).\n", + "type": "string" + }, + "total": { + "description": "Total is the total amount of entities that should be scanned.\n", + "type": "integer" + }, + "type": { + "$ref": "#/components/schemas/shared.ScanType" + } + }, + "type": "object" + }, + "shared.RegionData": { + "description": "RegionData contains data regarding a region", + "properties": { + "coordinates": { + "$ref": "#/components/schemas/shared.Coordinates" + }, + "name": { + "description": "Name is the region display name.\n", + "type": "string" + }, + "region": { + "description": "Region is the region code name.\n", + "type": "string" + }, + "regionType": { + "$ref": "#/components/schemas/shared.RegionType" + }, + "supportedServices": { + "description": "SupportedServices is a list of cloud service types the region supports.\n", + "items": { + "$ref": "#/components/schemas/shared.ScanResultType" + }, + "type": "array" + } + }, + "type": "object" + }, + "shared.RegionDataByCloudProvider": { + "additionalProperties": { + "$ref": "#/components/schemas/-_shared.RegionData" + }, + "description": "RegionDataByCloudProvider represents the region data per cloud provider", + "type": "object" + }, + "shared.RegionType": { + "description": "RegionType specifies the region type that runs the Amazon services", + "enum": [ + [ + "regular", + "gov", + "china", + "all" + ] + ], + "type": "string" + }, + "shared.RegistryOSType": { + "description": "RegistryOSType specifies the registry images base OS type", + "enum": [ + [ + "linux", + "linuxARM64", + "windows" + ] + ], + "type": "string" + }, + "shared.RegistryScanProgress": { + "description": "RegistryScanProgress represents the registry scan progress", + "properties": { + "discovery": { + "$ref": "#/components/schemas/shared.Progress" + }, + "imageScan": { + "$ref": "#/components/schemas/shared.Progress" + }, + "isScanOngoing": { + "description": "IsScanOngoing indicates if a scan is currently ongoing.\n", + "type": "boolean" + } + }, + "type": "object" + }, + "shared.RegistryScanRequest": { + "description": "RegistryScanRequest represents a registry scan request", + "properties": { + "onDemandScan": { + "description": "OnDemandScan indicates whether to handle request using the on-demand scanner.\n", + "type": "boolean" + }, + "scanID": { + "description": "ScanID is the ID of the scan.\n", + "type": "integer" + }, + "settings": { + "$ref": "#/components/schemas/shared.RegistrySpecification" + }, + "tag": { + "$ref": "#/components/schemas/shared.ImageTag" + }, + "type": { + "description": "Type indicates the type of the scan request.\n", + "type": "integer" + } + }, + "type": "object" + }, + "shared.RegistrySettings": { + "description": "RegistrySettings contains each registry's unique settings", + "properties": { + "harborScannerUrlSuffix": { + "description": "Relative path to the Harbor scanner endpoint.\n", + "type": "string" + }, + "specifications": { + "description": "Information for connecting to the registries to be scanned.\n", + "items": { + "$ref": "#/components/schemas/shared.RegistrySpecification" + }, + "type": "array" + }, + "webhookUrlSuffix": { + "description": "Relative path to the webhook HTTP endpoint.\n", + "type": "string" + } + }, + "type": "object" + }, + "shared.RegistrySpecification": { + "description": "RegistrySpecification contains information for connecting to local/remote registry", + "properties": { + "azureCloudMetadata": { + "$ref": "#/components/schemas/common.CloudMetadata" + }, + "caCert": { + "description": "CACert is the Certificate Authority that signed the registry certificate.\n", + "type": "string" + }, + "cap": { + "description": "Specifies the maximum number of images from each repo to fetch and scan, sorted by most recently modified.\n", + "type": "integer" + }, + "collections": { + "description": "Specifies the set of Defenders in-scope for working on a scan job.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "credential": { + "$ref": "#/components/schemas/cred.Credential" + }, + "credentialID": { + "description": "ID of the credentials in the credentials store to use for authenticating with the registry.\n", + "type": "string" + }, + "excludedRepositories": { + "description": "Repositories to exclude from scanning.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "excludedTags": { + "description": "Tags to exclude from scanning.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "gitlabRegistrySpec": { + "$ref": "#/components/schemas/shared.GitlabRegistrySpec" + }, + "harborDeploymentSecurity": { + "description": "Indicates whether the Prisma Cloud plugin uses temporary tokens provided by Harbor to scan images in projects where Harbor's deployment security setting is enabled.\n", + "type": "boolean" + }, + "jfrogRepoTypes": { + "description": "JFrog Artifactory repository types to scan.\n", + "items": { + "$ref": "#/components/schemas/shared.JFrogRepoType" + }, + "type": "array" + }, + "namespace": { + "description": "IBM Bluemix namespace https://console.bluemix.net/docs/services/Registry/registry_overview.html#registry_planning.\n", + "type": "string" + }, + "os": { + "$ref": "#/components/schemas/shared.RegistryOSType" + }, + "registry": { + "description": "Registry address (e.g., https://gcr.io).\n", + "type": "string" + }, + "repository": { + "description": "Repositories to scan.\n", + "type": "string" + }, + "scanners": { + "description": "Number of Defenders that can be utilized for each scan job.\n", + "type": "integer" + }, + "tag": { + "description": "Tags to scan.\n", + "type": "string" + }, + "version": { + "description": "Registry type. Determines the protocol Prisma Cloud uses to communicate with the registry.\n", + "type": "string" + }, + "versionPattern": { + "description": "Pattern heuristic for quickly filtering images by tags without having to query all images for modification dates.\n", + "type": "string" + } + }, + "type": "object" + }, + "shared.RiskFactorEffect": { + "description": "RiskFactorEffect represents the effect which is applied by a risk factor", + "properties": { + "effect": { + "$ref": "#/components/schemas/vuln.Effect" + }, + "riskFactor": { + "$ref": "#/components/schemas/vuln.RiskFactor" + } + }, + "type": "object" + }, + "shared.RuntimeAttackType": { + "description": "RuntimeAttackType is the sub-category of the attack (e.g., malware process, process not in model, etc...)", + "enum": [ + [ + "", + "cloudMetadataProbing", + "kubeletAPIAccess", + "kubeletReadonlyAccess", + "kubectlSpawned", + "kubectlDownloaded", + "horizontalPortScanning", + "verticalPortScanning", + "explicitlyDeniedIP", + "customFeedIP", + "feedIP", + "unexpectedOutboundPort", + "suspiciousNetworkActivity", + "unexpectedListeningPort", + "explicitlyDeniedListeningPort", + "explicitlyDeniedOutboundPort", + "listeningPortModifiedProcess", + "outboundPortModifiedProcess", + "feedDNS", + "explicitlyDeniedDNS", + "dnsQuery", + "unexpectedProcess", + "portScanProcess", + "malwareProcessCustom", + "malwareProcessFeed", + "explicitlyDeniedProcess", + "modifiedProcess", + "cryptoMinerProcess", + "lateralMovementProcess", + "tmpfsProcess", + "policyHijacked", + "reverseShell", + "suidBinaries", + "unknownOriginBinary", + "webShell", + "administrativeAccount", + "encryptedBinary", + "sshAccess", + "explicitlyDeniedFile", + "malwareFileCustom", + "malwareFileFeed", + "execFileAccess", + "elfFileAccess", + "secretFileAccess", + "regFileAccess", + "wildfireMalware", + "unknownOriginBinary", + "webShell", + "fileIntegrity", + "alteredBinary", + "malwareDownloaded", + "suspiciousELFHeader", + "executionFlowHijackAttempt", + "customRule" + ] + ], + "type": "string" + }, + "shared.RuntimeAudit": { + "description": "RuntimeAudit represents a runtime audit event (fires when a runtime policy is violated)", + "properties": { + "_id": { + "description": "Internal ID (used for in-place updates).\n", + "type": "string" + }, + "accountID": { + "description": "ID of the cloud account where the audit was generated.\n", + "type": "string" + }, + "app": { + "description": "Name of the service which violated the host policy.\n", + "type": "string" + }, + "appID": { + "description": "Application ID.\n", + "type": "string" + }, + "attackTechniques": { + "description": "MITRE attack techniques.\n", + "items": { + "$ref": "#/components/schemas/mitre.Technique" + }, + "type": "array" + }, + "attackType": { + "$ref": "#/components/schemas/shared.RuntimeAttackType" + }, + "cluster": { + "description": "Cluster name.\n", + "type": "string" + }, + "collections": { + "description": "Collections to which this audit applies.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "command": { + "description": "ScrubbedCommand is the command executed by the process with scrubbed PII.\n", + "type": "string" + }, + "container": { + "description": "Indicates if this is a container audit (true) or host audit (false).\n", + "type": "boolean" + }, + "containerId": { + "description": "ID of the container that violates the rule.\n", + "type": "string" + }, + "containerName": { + "description": "Container name.\n", + "type": "string" + }, + "count": { + "description": "Attack type audits count.\n", + "type": "integer" + }, + "country": { + "description": "Outbound country for outgoing network audits.\n", + "type": "string" + }, + "domain": { + "description": "Domain is the requested domain.\n", + "type": "string" + }, + "effect": { + "$ref": "#/components/schemas/runtime.RuleEffect" + }, + "err": { + "description": "Unknown error in the audit process.\n", + "type": "string" + }, + "filepath": { + "description": "Filepath is the path of the modified file.\n", + "type": "string" + }, + "fqdn": { + "description": "Current full domain name used in audit alerts.\n", + "type": "string" + }, + "function": { + "description": "Name of the serverless function that caused the audit.\n", + "type": "string" + }, + "functionID": { + "description": "ID of the function invoked.\n", + "type": "string" + }, + "hostname": { + "description": "Current hostname.\n", + "type": "string" + }, + "imageId": { + "description": "Container image ID.\n", + "type": "string" + }, + "imageName": { + "description": "Container image name.\n", + "type": "string" + }, + "interactive": { + "description": "Indicates if the audit was triggered from a process that was spawned in interactive mode (e.g., docker exec ...) (true) or not (false).\n", + "type": "boolean" + }, + "ip": { + "description": "IP is the connection destination IP address.\n", + "type": "string" + }, + "label": { + "description": "Container deployment label.\n", + "type": "string" + }, + "labels": { + "additionalProperties": { + "$ref": "#/components/schemas/string" + }, + "description": "Custom labels which augment the audit data.\n", + "type": "object" + }, + "md5": { + "description": "MD5 is the MD5 of the modified file (only for executables.\n", + "type": "string" + }, + "msg": { + "description": "Blocking message text.\n", + "type": "string" + }, + "namespace": { + "description": "K8s deployment namespace.\n", + "type": "string" + }, + "os": { + "description": "Operating system distribution.\n", + "type": "string" + }, + "pid": { + "description": "ID of the process that caused the audit event.\n", + "type": "integer" + }, + "port": { + "description": "Port is the connection destination port.\n", + "type": "integer" + }, + "processPath": { + "description": "Path of the process that caused the audit event.\n", + "type": "string" + }, + "profileId": { + "description": "Profile ID of the audit.\n", + "type": "string" + }, + "provider": { + "$ref": "#/components/schemas/common.CloudProvider" + }, + "rawEvent": { + "description": "Unparsed function handler event input.\n", + "type": "string" + }, + "region": { + "description": "Region of the resource where the audit was generated.\n", + "type": "string" + }, + "requestID": { + "description": "ID of the lambda function invocation request.\n", + "type": "string" + }, + "resourceID": { + "description": "Unique ID of the resource where the audit was generated.\n", + "type": "string" + }, + "ruleName": { + "description": "Name of the rule that was applied, if blocked.\n", + "type": "string" + }, + "runtime": { + "$ref": "#/components/schemas/shared.LambdaRuntimeType" + }, + "severity": { + "$ref": "#/components/schemas/shared.RuntimeSeverity" + }, + "time": { + "description": "Time of the audit event (in UTC time).\n", + "format": "date-time", + "type": "string" + }, + "type": { + "$ref": "#/components/schemas/shared.RuntimeType" + }, + "user": { + "description": "Service user.\n", + "type": "string" + }, + "version": { + "description": "Defender version.\n", + "type": "string" + }, + "vmID": { + "description": "Azure unique VM ID where the audit was generated.\n", + "type": "string" + }, + "wildFireReportURL": { + "description": "WildFireReportURL is a URL link of the report generated by wildFire.\n", + "type": "string" + } + }, + "type": "object" + }, + "shared.RuntimeProfileState": { + "description": "RuntimeProfileState represents the state of an image profile", + "enum": [ + [ + "learning", + "dryRun", + "learningExtended", + "manualLearning", + "manualRelearning", + "active", + "manualActive" + ] + ], + "type": "string" + }, + "shared.RuntimeSecretScrubbingSettings": { + "description": "RuntimeSecretScrubbingSettings holds the runtime secret scrubbing settings", + "properties": { + "customSpecs": { + "description": "CustomSpecs is a collection of generic sensitive data masking patterns.\n", + "items": { + "$ref": "#/components/schemas/runtime.SecretScrubbingSpec" + }, + "type": "array" + }, + "skipDefault": { + "description": "SkipDefault indicates whether default secret scrubbing should be skipped.\n", + "type": "boolean" + } + }, + "type": "object" + }, + "shared.RuntimeSeverity": { + "description": "RuntimeSeverity represents the runtime severity", + "enum": [ + [ + "low", + "medium", + "high" + ] + ], + "type": "string" + }, + "shared.RuntimeType": { + "description": "RuntimeType represents the runtime protection type", + "enum": [ + [ + "processes", + "network", + "kubernetes", + "filesystem" + ] + ], + "type": "string" + }, + "shared.ScanErrorInfo": { + "description": "ScanErrorInfo holds information about the errors that occurred during the scan", + "properties": { + "category": { + "description": "Category is the category of error.\n", + "type": "string" + }, + "cause": { + "description": "Cause describes what caused the error.\n", + "type": "string" + }, + "error": { + "description": "Error holds the full error string.\n", + "type": "string" + }, + "recommendation": { + "description": "Recommendation provides more information about error and suggestions for possible fixes.\n", + "type": "string" + }, + "score": { + "description": "Score is a rating of how relevant the error is to the customer.\n", + "type": "integer" + }, + "source": { + "description": "Source is details on where the error occurred.\n", + "type": "string" + } + }, + "type": "object" + }, + "shared.ScanResultType": { + "description": "ScanResultType represents a cloud scan result type", + "enum": [ + [ + "aws-ecr", + "aws-lambda", + "aws-ec2", + "aws-eks", + "aws-ecs", + "aws-s3", + "aws-config", + "aws-cloud-trail", + "aws-kms", + "aws-cloud-watch", + "aws-sns", + "aws-security-hub", + "aws-secrets-manager", + "aws-parameter-store", + "azure-acr", + "azure-functions", + "azure-aks", + "azure-aci", + "azure-vm", + "gcp-gcr", + "gcp-gcf", + "gcp-gke", + "gcp-vm", + "gcp-artifact", + "oci-instance" + ] + ], + "type": "string" + }, + "shared.ScanSettings": { + "description": "ScanSettings are global settings for image/host/container and registry scanning", + "properties": { + "agentlessScanPeriodMs": { + "description": "AgentlessScanPeriodMS is the agentless scan period in ms - validated for minimum 1 hour or disabled with zero.\n", + "format": "int64", + "type": "integer" + }, + "cloudPlatformsScanPeriodMs": { + "description": "CloudPlatformsScanPeriodMS is the cloud platforms scan period in ms - validated for minimum 1 hour or disabled with zero.\n", + "format": "int64", + "type": "integer" + }, + "codeReposScanPeriodMs": { + "description": "CodeReposScanPeriodMS is the code repository scan period in ms - validated for minimum 1 hour or disabled with zero.\n", + "format": "int64", + "type": "integer" + }, + "containersScanPeriodMs": { + "description": "ContainersScanPeriodMS is the container scan period in ms - validated for minimum 1 hour or disabled with zero.\n", + "format": "int64", + "type": "integer" + }, + "extractArchive": { + "description": "ExtractArchive indicates whether to search within archive during scan is enabled.\n", + "type": "boolean" + }, + "imagesScanPeriodMs": { + "description": "ImageScanPeriodMS is the image scan period in ms - validated for minimum 1 hour or disabled with zero.\n", + "format": "int64", + "type": "integer" + }, + "includeJsDependencies": { + "description": "IncludeJsDependencies indicates whether to include packages from the \"dependencies\".\n", + "type": "boolean" + }, + "registryScanPeriodMs": { + "description": "RegistryScanPeriodMS is the registry scan period in ms - validated for minimum 1 hour or disabled with zero.\n", + "format": "int64", + "type": "integer" + }, + "registryScanRetentionDays": { + "description": "RegistryScanRetentionDays is the number of days to keep deleted registry images.\n", + "type": "integer" + }, + "scanRunningImages": { + "description": "ScanRunningImages indicates only images that are used by containers should be used.\n", + "type": "boolean" + }, + "serverlessScanPeriodMs": { + "description": "ServerlessScanPeriodMS is the serverless vulnerability scan period in ms - validated for minimum 1 hour or disabled with zero.\n", + "format": "int64", + "type": "integer" + }, + "showInfraContainers": { + "description": "ShowInfraContainers indicates infra containers should be shown.\n", + "type": "boolean" + }, + "showNegligibleVulnerabilities": { + "description": "ShowNegligibleVulnerabilities indicates whether to display negligible vulnerabilities (low severity or will not be fixed).\n", + "type": "boolean" + }, + "systemScanPeriodMs": { + "description": "SystemScanPeriodMS is the host scan period in ms - validated for minimum 1 hour or disabled with zero.\n", + "format": "int64", + "type": "integer" + }, + "tasDropletsScanPeriodMs": { + "description": "TASDropletsScanPeriodMS is the TAS scan period in ms - validated for minimum 1 hour or disabled with zero.\n", + "format": "int64", + "type": "integer" + }, + "vmScanPeriodMs": { + "description": "VMScanPeriodMS is the VM image scan period in ms - validated for minimum 1 hour or disabled with zero.\n", + "format": "int64", + "type": "integer" + } + }, + "type": "object" + }, + "shared.ScanType": { + "description": "ScanType displays the components for an ongoing scan", + "enum": [ + [ + "image", + "ciImage", + "container", + "host", + "agentlessHost", + "registry", + "serverlessScan", + "ciServerless", + "vm", + "tas", + "ciTas", + "cloudDiscovery", + "serverlessRadar", + "serverlessAutoDeploy", + "hostAutoDeploy", + "codeRepo", + "ciCodeRepo" + ] + ], + "type": "string" + }, + "shared.SecretStoreType": { + "description": "SecretStoreType is the secrets store type", + "enum": [ + [ + "hashicorp", + "hashicorp010", + "cyberark", + "awsParameterStore", + "awsSecretsManager", + "azure" + ] + ], + "type": "string" + }, + "shared.SecretsInjectionType": { + "description": "SecretsInjectionType is the method used to inject secrets to containers", + "enum": [ + [ + "envvar", + "filesystem" + ] + ], + "type": "string" + }, + "shared.SecretsPolicy": { + "description": "SecretsPolicy defines policy for distribution of secrets to containers", + "properties": { + "_id": { + "description": "ID is the internal secret policy id.\n", + "type": "string" + }, + "rules": { + "description": "Rules is the list of secret injection rules.\n", + "items": { + "$ref": "#/components/schemas/shared.SecretsRule" + }, + "type": "array" + } + }, + "type": "object" + }, + "shared.SecretsRule": { + "description": "SecretsRule defines distribution of secrets to containers", + "properties": { + "collections": { + "description": "Collections is a list of collections the rule applies to.\n", + "items": { + "$ref": "#/components/schemas/collection.Collection" + }, + "type": "array" + }, + "disabled": { + "description": "Indicates if the rule is currently disabled (true) or not (false).\n", + "type": "boolean" + }, + "injection": { + "$ref": "#/components/schemas/shared.SecretsInjectionType" + }, + "modified": { + "description": "Datetime when the rule was last modified.\n", + "format": "date-time", + "type": "string" + }, + "name": { + "description": "Name of the rule.\n", + "type": "string" + }, + "notes": { + "description": "Free-form text.\n", + "type": "string" + }, + "owner": { + "description": "User who created or last modified the rule.\n", + "type": "string" + }, + "previousName": { + "description": "Previous name of the rule. Required for rule renaming.\n", + "type": "string" + }, + "readAllPerm": { + "description": "ReadAllPerm indicates whether file permissions of injected secrets allow read by root only or by all users.\n", + "type": "boolean" + }, + "secrets": { + "description": "Secrets are the encrypted secrets to inject.\n", + "items": { + "$ref": "#/components/schemas/shared.VaultSecret" + }, + "type": "array" + }, + "targetDir": { + "description": "TargetDir is the target directory to inject secret files to if we choose filesystem injection.\n", + "type": "string" + } + }, + "type": "object" + }, + "shared.SecretsStore": { + "description": "SecretsStore represents a secret storage entity", + "properties": { + "appID": { + "description": "AppID is the twistlock application id, as set in Cyberark store.\n", + "type": "string" + }, + "caCert": { + "$ref": "#/components/schemas/common.Secret" + }, + "clientCert": { + "$ref": "#/components/schemas/common.Secret" + }, + "credentialId": { + "description": "CredentialID is the authentication credential id.\n", + "type": "string" + }, + "name": { + "description": "Name is the name of the secret store defined by the user.\n", + "type": "string" + }, + "region": { + "description": "Region is the secrets store's region.\n", + "type": "string" + }, + "type": { + "$ref": "#/components/schemas/shared.SecretStoreType" + }, + "url": { + "description": "URL is the secrets store's endpoint point.\n", + "type": "string" + } + }, + "type": "object" + }, + "shared.SecretsStores": { + "description": "SecretsStores are settings for connecting with secrets storage vaults", + "properties": { + "refreshPeriodHours": { + "description": "RefreshPeriodHours is the secret stores refresh time in hours.\n", + "type": "integer" + }, + "secretsStores": { + "description": "Stores is the list of stores to fetch secrets from.\n", + "items": { + "$ref": "#/components/schemas/shared.SecretsStore" + }, + "type": "array" + } + }, + "type": "object" + }, + "shared.ServerlessAutoDeploySpecification": { + "description": "ServerlessAutoDeploySpecification contains the information for auto-deploying serverless functions protection", + "properties": { + "awsRegionType": { + "$ref": "#/components/schemas/shared.RegionType" + }, + "collections": { + "description": "Collections is a list of collections the rule applies to.\n", + "items": { + "$ref": "#/components/schemas/collection.Collection" + }, + "type": "array" + }, + "consoleAddr": { + "description": "ConsoleAddr represents the hostname of the console to connect to.\n", + "type": "string" + }, + "credentialID": { + "description": "CredentialID is the service provider authentication data.\n", + "type": "string" + }, + "lastModified": { + "description": "LastModified is the last modified time of the specification.\n", + "format": "date-time", + "type": "string" + }, + "name": { + "description": "Name is the name of the spec.\n", + "type": "string" + }, + "proxy": { + "$ref": "#/components/schemas/common.ProxySettings" + }, + "runtimes": { + "description": "Runtimes is the list of runtimes to which the spec applies.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + "type": "object" + }, + "shared.ServerlessAutoDeploySpecifications": { + "description": "ServerlessAutoDeploySpecifications is a list of serverless auto-deploy specifications", + "items": { + "$ref": "#/components/schemas/shared.ServerlessAutoDeploySpecification" + }, + "type": "array" + }, + "shared.ServerlessBundleRequest": { + "description": "ServerlessBundleRequest represents the arguments to serverless bundle request", + "properties": { + "provider": { + "$ref": "#/components/schemas/common.CloudProvider" + }, + "proxyCA": { + "description": "ProxyCA is the proxy\u2019s CA certificate for Defender to trust.\n", + "type": "string" + }, + "runtime": { + "$ref": "#/components/schemas/shared.LambdaRuntimeType" + } + }, + "type": "object" + }, + "shared.ServerlessScanSpecification": { + "description": "ServerlessScanSpecification describes how to connect to a serverless provider", + "properties": { + "cap": { + "description": "Specifies the maximum number of functions to fetch and scan, ordered by most recently modified.\n", + "type": "integer" + }, + "enabled": { + "description": "Enabled indicates whether serverless scanning is enabled.\n", + "type": "boolean" + }, + "scanAllVersions": { + "description": "Specifies whether to scan all image versions. If set to false, scans only $LATEST. Default: false.\n", + "type": "boolean" + }, + "scanLayers": { + "description": "Specifies whether to scan a function's layers. Default: true.\n", + "type": "boolean" + } + }, + "type": "object" + }, + "shared.SubnetConnections": { + "description": "SubnetConnections holds the entity incoming and outgoing connections from/to subnets", + "properties": { + "incoming": { + "additionalProperties": { + "$ref": "#/components/schemas/cnnf.RadarConnectionInstances" + }, + "description": "Incoming holds connection from radar entity to subnet.\n", + "type": "object" + }, + "outgoing": { + "additionalProperties": { + "$ref": "#/components/schemas/cnnf.RadarConnectionInstances" + }, + "description": "Outgoing holds connection from subnet to radar entity.\n", + "type": "object" + } + }, + "type": "object" + }, + "shared.SyslogSettings": { + "description": "SyslogSettings are the syslog settings", + "properties": { + "addr": { + "description": "Addr is the remote address for sending events.\n", + "type": "string" + }, + "allProcEvents": { + "description": "AllProcEvents indicates whether any new spawned container process should generate an event source entry.\n", + "type": "boolean" + }, + "enabled": { + "description": "Enabled indicates whether log feature is enabled.\n", + "type": "boolean" + }, + "id": { + "description": "ID represents the user's custom identifier string.\n", + "type": "string" + }, + "verboseScan": { + "description": "VerboseScan indicates whether detailed scan (Compliance/Vulnerability) result should be written to event logger.\n", + "type": "boolean" + } + }, + "type": "object" + }, + "shared.TASDropletSpecification": { + "description": "TASDropletSpecification specify which droplets to scan", + "properties": { + "cap": { + "description": "Cap indicates only the last k images should be fetched.\n", + "type": "integer" + }, + "cloudControllerAddress": { + "description": "CloudControllerAddress is the address of the local cloud controller in TAS env.\n", + "type": "string" + }, + "hostname": { + "description": "Hostname is the hostname of the defender that is used as the blobstore scanner.\n", + "type": "string" + }, + "pattern": { + "description": "Name is the droplet name.\n", + "type": "string" + }, + "remote": { + "description": "Remote indicates whether the blobstore is remote or local.\n", + "type": "boolean" + }, + "remoteConfig": { + "$ref": "#/components/schemas/shared.TASRemoteBlobstoreConfig" + } + }, + "type": "object" + }, + "shared.TASRemoteBlobstoreConfig": { + "description": "TASRemoteBlobstoreConfig contains remote blobstore details", + "properties": { + "blobstoreAddress": { + "description": "BlobstoreAddress is the address of the remote cloud controller.\n", + "type": "string" + }, + "cACert": { + "description": "CACert Ops manager CA root certificate in case the user chooses not to skip TLS validation.\n", + "type": "string" + }, + "credential": { + "$ref": "#/components/schemas/cred.Credential" + }, + "credentialID": { + "description": "CredentialID is the id in the credentials store to use for authenticating with the remote blobstore.\n", + "type": "string" + }, + "foundation": { + "description": " Foundation is the name of TAS foundation.\n", + "type": "string" + } + }, + "type": "object" + }, + "shared.Tag": { + "description": "Tag represents a single tag", + "properties": { + "color": { + "$ref": "#/components/schemas/common.Color" + }, + "description": { + "description": "Description is the tag description.\n", + "type": "string" + }, + "name": { + "description": "Name is the tag name.\n", + "type": "string" + }, + "vulns": { + "description": "Vulns are the tagged vulnerabilities.\n", + "items": { + "$ref": "#/components/schemas/shared.TagVulnMetadata" + }, + "type": "array" + } + }, + "type": "object" + }, + "shared.TagRule": { + "description": "TagRule is a tag rule for specific vulnerabilities", + "properties": { + "description": { + "description": "Free-form text for documenting the exception.\n", + "type": "string" + }, + "effect": { + "$ref": "#/components/schemas/vuln.Effect" + }, + "expiration": { + "$ref": "#/components/schemas/vuln.ExpirationDate" + }, + "name": { + "description": "Tag name.\n", + "type": "string" + } + }, + "type": "object" + }, + "shared.TagVulnMetadata": { + "description": "TagVulnMetadata contains the tag vulnerability metadata", + "properties": { + "checkBaseLayer": { + "description": "(Applies only to the resource type 'image') Checks whether the base layer in an image is the resource image.\n", + "type": "boolean" + }, + "comment": { + "description": "Adds a comment.\n", + "type": "string" + }, + "id": { + "description": "Specifies the Common Vulnerability and Exposures (CVE) ID.\n", + "type": "string" + }, + "packageName": { + "description": "Specifies the source or the binary package name where the vulnerability is found.\nUse the source package name for tagging if only source package exists.\nUse the wildcard `*` for tagging all the packages.\n", + "type": "string" + }, + "resourceType": { + "$ref": "#/components/schemas/vuln.TagType" + }, + "resources": { + "description": "(Required when you define the resource type) Specifies the resources for tagging where the vulnerability is found. Either specify the resource names separated by a comma or use the wildcard `*` to apply the tag to all the resources where the vulnerability is found.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + "type": "object" + }, + "shared.TrustAudit": { + "description": "TrustAudit represents a trust audit", + "properties": { + "_id": { + "description": "ID is the registry-repo of the created container.\n", + "type": "string" + }, + "accountID": { + "description": "AccountID is the cloud account ID where the audit was generated.\n", + "type": "string" + }, + "cluster": { + "description": "Cluster is the cluster where the audit was generated.\n", + "type": "string" + }, + "count": { + "description": "Count is the number of times this audit occurred.\n", + "type": "integer" + }, + "effect": { + "$ref": "#/components/schemas/vuln.Effect" + }, + "imageID": { + "description": "ImageID is the container image id.\n", + "type": "string" + }, + "imageName": { + "description": "ImageName is the container image name.\n", + "type": "string" + }, + "msg": { + "description": "Message is the blocking message text.\n", + "type": "string" + }, + "ruleName": { + "description": "If blocked, contains the name of the rule that was applied.\n", + "type": "string" + }, + "time": { + "description": "Time is the UTC time of the audit event.\n", + "format": "date-time", + "type": "string" + } + }, + "type": "object" + }, + "shared.TrustAudits": { + "description": "TrustAudits represents the trust profile audits", + "properties": { + "_id": { + "description": "ProfileID is the runtime profile ID.\n", + "type": "string" + }, + "audits": { + "additionalProperties": { + "$ref": "#/components/schemas/shared.TrustRegistryRepoAudits" + }, + "description": "Audits is a map from trust status (audits are only for untrusted type) to the audit events list.\n", + "type": "object" + }, + "cluster": { + "description": "Cluster is the cluster from which the audit originated.\n", + "type": "string" + }, + "collections": { + "description": "Collections are collections to which this audit applies.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "imageName": { + "description": "ImageName is the container image name.\n", + "type": "string" + }, + "label": { + "description": "Label represents the container deployment label.\n", + "type": "string" + }, + "os": { + "description": "OS is the operating system distribution.\n", + "type": "string" + }, + "resource": { + "$ref": "#/components/schemas/common.RuntimeResource" + }, + "time": { + "description": "Time is the UTC time of the last audit event.\n", + "format": "date-time", + "type": "string" + }, + "total": { + "description": "Total is the total count of audits per runtime profile.\n", + "type": "integer" + } + }, + "type": "object" + }, + "shared.TrustRegistryRepoAudits": { + "description": "TrustRegistryRepoAudits represents the trust registry/repo audits per profile", + "properties": { + "audits": { + "description": "Audits are the trust audits associated with the registry/repo, limited to the determined capacity.\n", + "items": { + "$ref": "#/components/schemas/shared.TrustAudit" + }, + "type": "array" + }, + "count": { + "description": "Count is the total count of the sub-type audits.\n", + "type": "integer" + } + }, + "type": "object" + }, + "shared.TrustedCertSettings": { + "description": "TrustedCertSettings are settings for trusted certs", + "properties": { + "certs": { + "description": "Certs are the list of trusted certificates to use in access scenarios.\n", + "items": { + "$ref": "#/components/schemas/shared.TrustedCertSignature" + }, + "type": "array" + }, + "checkRevocation": { + "description": "CheckRevocation indicates whether to check the certificate revocation.\n", + "type": "boolean" + }, + "enabled": { + "description": "Enabled indicates whether the trusted certificate feature is enabled.\n", + "type": "boolean" + } + }, + "type": "object" + }, + "shared.TrustedCertSignature": { + "description": "TrustedCertSignature represents a trusted cert settings", + "properties": { + "cn": { + "description": "CN is the certificate common name.\n", + "type": "string" + }, + "issuer": { + "description": "Issuer is the certificate issuer.\n", + "type": "string" + }, + "notAfter1": { + "description": "NotAfter is the certificate expiration time\nRemark: the 1 suffix required for backward compatibility (previous values were strings and cannot be serialized).\n", + "format": "date-time", + "type": "string" + }, + "notBefore1": { + "description": "NotBefore is the minimum time for which the cert is valid\nRemark: the 1 suffix required for backward compatibility (previous values were strings and cannot be serialized).\n", + "format": "date-time", + "type": "string" + }, + "raw": { + "description": "Raw is the raw certificate (in PEM format).\n", + "type": "string" + } + }, + "type": "object" + }, + "shared.UploadScanResult": { + "description": "UploadScanResult is the result uploading the scanning result", + "properties": { + "scanId": { + "description": "ID is the scan result ID.\n", + "type": "string" + } + }, + "type": "object" + }, + "shared.User": { + "description": "User represents a local user in Twistlock", + "properties": { + "username": { + "description": "Name of a user.\n", + "type": "string" + } + }, + "type": "object" + }, + "shared.VMSpecification": { + "description": "VMSpecification contains information for setting up and connecting to the image", + "properties": { + "cap": { + "description": "Specifies the maximum number of images to fetch and scan, ordered by most recently modified.\n", + "type": "integer" + }, + "consoleAddr": { + "description": "Network-accessible address that Defender can use to publish scan results to Console.\n", + "type": "string" + }, + "credentialID": { + "description": "ID of the credentials in the credentials store to use for authenticating with the cloud provider.\n", + "type": "string" + }, + "enableSecureBoot": { + "description": "EnableSecureBoot indicates secure boot should be enabled for the instance launched for scanning (currently only supported with GCP).\n", + "type": "boolean" + }, + "excludedImages": { + "description": "Images to exclude from scanning.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "gcpProjectID": { + "description": "GCP project ID to use for listing VM images instead of the default associated with the GCP credential (optional).\n", + "type": "string" + }, + "imageType": { + "$ref": "#/components/schemas/common.ImageType" + }, + "images": { + "description": "The names of images to scan.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "instanceType": { + "description": "InstanceType is the instance type to use for the instance launched for scanning. For example, the default instance type for AWS is \"m4.large\".\n", + "type": "string" + }, + "labels": { + "description": "The labels to use to target images to scan.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "region": { + "description": "Cloud provider region.\n", + "type": "string" + }, + "scanners": { + "description": "Number of Defenders that can be utilized for each scan job.\n", + "type": "integer" + }, + "subnetID": { + "description": "SubnetID is the network subnet ID to use for the instance launched for scanning. Default value is empty string, which represents the default subnet in the VPC.\n", + "type": "string" + }, + "vpcID": { + "description": "VPCID is the network VPC ID to use for the instance launched for scanning. Default value is empty string, which represents the default VPC in the region.\n", + "type": "string" + }, + "zone": { + "description": "Cloud provider zone (part of a region). On GCP, designates in which zone to deploy the VM scan instance.\n", + "type": "string" + } + }, + "type": "object" + }, + "shared.VMSpecifications": { + "description": "VMSpecifications is a list of VM specifications", + "items": { + "$ref": "#/components/schemas/shared.VMSpecification" + }, + "type": "array" + }, + "shared.VaultSecret": { + "description": "VaultSecret represents a secret held by a secret store", + "properties": { + "folder": { + "description": "Folder is one of the following:\nCyberark: Name of the folder for secrets held in Cyberark store\nHashicorp: The directory path for secrets held in Hashicorp store\nAWS: The name of the secret in AWS Secrets Manager or AWS Parameter Store.\n", + "type": "string" + }, + "key": { + "description": "Key is the secret's identifier in the secrets store.\n", + "type": "string" + }, + "name": { + "description": "Name is the name of the secret as input from the user.\n", + "type": "string" + }, + "safe": { + "description": "Safe is the name of the safe, for secrets held in Cyberark store.\n", + "type": "string" + }, + "store": { + "description": "Store is the name of the secrets store where the secret is held.\n", + "type": "string" + }, + "value": { + "$ref": "#/components/schemas/common.Secret" + }, + "version": { + "description": "Version is the Azure secret version.\n", + "type": "string" + } + }, + "type": "object" + }, + "shared.WildFirePolicy": { + "description": "WildFirePolicy is the global wildfire usage policy, set by the client", + "properties": { + "agentlessEnabled": { + "description": "AgentlessEnabled indicates whether agentless scan will consult WF.\n", + "type": "boolean" + }, + "complianceEnabled": { + "description": "ComplianceEnabled indicates whether compliance malware scan will consult WF.\n", + "type": "boolean" + }, + "graywareAsMalware": { + "description": "GraywareAsMalware indicates whether files with WF verdict of Grayware will be treated as malware.\n", + "type": "boolean" + }, + "region": { + "description": "Region is the WF server region to query.\n", + "type": "string" + }, + "runtimeEnabled": { + "description": "RuntimeEnabled indicates whether runtime malware scan will consult WF.\n", + "type": "boolean" + }, + "uploadEnabled": { + "description": "UploadEnabled indicates whether files will be uploaded to WF.\n", + "type": "boolean" + } + }, + "type": "object" + }, + "shared.WildFireSettings": { + "description": "WildFireSettings are the settings for WildFire API requests", + "properties": { + "apiKey": { + "description": "APIKey is the key identifier used for WF APIs.\n", + "type": "string" + }, + "apiKeyExpiration": { + "description": "APIKeyExpiration is the expiration time of the API key.\n", + "format": "date-time", + "type": "string" + }, + "lastError": { + "description": "LastError is the last error that occurred when trying to create/update the wildfire key.\n", + "type": "string" + }, + "policy": { + "$ref": "#/components/schemas/shared.WildFirePolicy" + } + }, + "type": "object" + }, + "string": { + "type": "string" + }, + "time.Duration": { + "format": "int64", + "type": "integer" + }, + "time.Time": { + "format": "date-time", + "type": "string" + }, + "trust.Data": { + "description": "Data holds the image trust data", + "properties": { + "groups": { + "description": "Groups are the trust groups.\n", + "items": { + "$ref": "#/components/schemas/trust.Group" + }, + "type": "array" + }, + "policy": { + "$ref": "#/components/schemas/trust.Policy" + } + }, + "type": "object" + }, + "trust.Group": { + "description": "Group represents a group of images", + "properties": { + "_id": { + "description": "Name of the group.\n", + "type": "string" + }, + "disabled": { + "description": "Indicates if the rule is currently disabled (true) or not (false).\n", + "type": "boolean" + }, + "images": { + "description": "Image names or IDs (e.g., docker.io/library/ubuntu:16.04 / SHA264@...).\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "layers": { + "description": "Filesystem layers. The image is trusted if its layers have a prefix of the trusted groups layer in the same order.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "modified": { + "description": "Datetime when the rule was last modified.\n", + "format": "date-time", + "type": "string" + }, + "name": { + "description": "Name of the rule.\n", + "type": "string" + }, + "notes": { + "description": "Free-form text.\n", + "type": "string" + }, + "owner": { + "description": "User who created or last modified the rule.\n", + "type": "string" + }, + "previousName": { + "description": "Previous name of the rule. Required for rule renaming.\n", + "type": "string" + } + }, + "type": "object" + }, + "trust.HostStatus": { + "description": "HostStatus represents an image trust status on a host", + "properties": { + "host": { + "description": "Host name.\n", + "type": "string" + }, + "status": { + "$ref": "#/components/schemas/trust.Status" + } + }, + "type": "object" + }, + "trust.ImageResult": { + "description": "ImageResult represents an aggregated image trust result", + "properties": { + "groups": { + "description": "Trust groups which apply to the image.\n", + "items": { + "$ref": "#/components/schemas/trust.Group" + }, + "type": "array" + }, + "hostsStatuses": { + "description": "Image trust status on each host. Can be set to \"trusted\" or \"untrusted\".\n", + "items": { + "$ref": "#/components/schemas/trust.HostStatus" + }, + "type": "array" + } + }, + "type": "object" + }, + "trust.Policy": { + "description": "Policy represents the trust policy", + "properties": { + "_id": { + "description": "ID is the trust group policy ID.\n", + "type": "string" + }, + "enabled": { + "description": "Enabled indicates whether the policy is enabled.\n", + "type": "boolean" + }, + "rules": { + "description": "Rules is the list of rules in the policy.\n", + "items": { + "$ref": "#/components/schemas/trust.PolicyRule" + }, + "type": "array" + } + }, + "type": "object" + }, + "trust.PolicyRule": { + "description": "PolicyRule represents an trust policy rule", + "properties": { + "allowedGroups": { + "description": "AllowedGroups are the ids of the groups that are whitelisted by this rule.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "blockMsg": { + "$ref": "#/components/schemas/common.PolicyBlockMsg" + }, + "collections": { + "description": "Collections is a list of collections the rule applies to.\n", + "items": { + "$ref": "#/components/schemas/collection.Collection" + }, + "type": "array" + }, + "deniedGroups": { + "description": "DeniedGroups are the ids of the groups that are blacklisted by this rule.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "disabled": { + "description": "Indicates if the rule is currently disabled (true) or not (false).\n", + "type": "boolean" + }, + "effect": { + "$ref": "#/components/schemas/vuln.Effect" + }, + "modified": { + "description": "Datetime when the rule was last modified.\n", + "format": "date-time", + "type": "string" + }, + "name": { + "description": "Name of the rule.\n", + "type": "string" + }, + "notes": { + "description": "Free-form text.\n", + "type": "string" + }, + "owner": { + "description": "User who created or last modified the rule.\n", + "type": "string" + }, + "previousName": { + "description": "Previous name of the rule. Required for rule renaming.\n", + "type": "string" + } + }, + "type": "object" + }, + "trust.Status": { + "description": "Status is the trust status for an image", + "enum": [ + [ + "trusted", + "untrusted" + ] + ], + "type": "string" + }, + "types.AccessStats": { + "description": "AccessStats are stats for the access flows", + "properties": { + "docker": { + "$ref": "#/components/schemas/types.AccessStatsCount" + }, + "sshd": { + "$ref": "#/components/schemas/types.AccessStatsCount" + }, + "sudo": { + "$ref": "#/components/schemas/types.AccessStatsCount" + } + }, + "type": "object" + }, + "types.AccessStatsCount": { + "description": "AccessStatsCount stores the total amount of access audits", + "properties": { + "allowed": { + "description": ".\n", + "type": "integer" + }, + "denied": { + "description": ".\n", + "type": "integer" + } + }, + "type": "object" + }, + "types.AgentlessResourceTemplatesRequest": { + "description": "AgentlessResourceTemplatesRequest is the agentless resource templates request for populating\ntemplates that are needed to be applied prior to an agentless scan with the credential", + "properties": { + "awsRegionType": { + "$ref": "#/components/schemas/shared.RegionType" + }, + "credential": { + "$ref": "#/components/schemas/cred.Credential" + }, + "credentialID": { + "description": "(Required) Specifies the ID for which the templates are generated.\n", + "type": "string" + } + }, + "type": "object" + }, + "types.AlertProfileOption": { + "description": "AlertProfileOption describes options available for configuring an alert type", + "properties": { + "alertType": { + "$ref": "#/components/schemas/api.AlertType" + }, + "hasPolicy": { + "description": "HasPolicy defines whether the alerts are triggered by policy (e.g., this is false for defender alerts).\n", + "type": "boolean" + }, + "name": { + "description": "Name is the display name for the option.\n", + "type": "string" + }, + "rules": { + "description": "Rules are the rule names for the policy associated with this alert type (only relevant if HasPolicy is true).\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "supportedClients": { + "description": "SupportedClients are the supported alert clients for this alert (e.g., jira, email).\n", + "items": { + "$ref": "#/components/schemas/api.AlertClientType" + }, + "type": "array" + } + }, + "type": "object" + }, + "types.AllDefendersUsage": { + "description": "AllDefendersUsage holds stats about the usage of different modules and the sample time", + "properties": { + "appEmbedded": { + "$ref": "#/components/schemas/types.DefenderUsage" + }, + "container": { + "$ref": "#/components/schemas/types.DefenderUsage" + }, + "containerAgentless": { + "$ref": "#/components/schemas/types.DefenderUsage" + }, + "host": { + "$ref": "#/components/schemas/types.DefenderUsage" + }, + "hostAgentless": { + "$ref": "#/components/schemas/types.DefenderUsage" + }, + "period": { + "description": "Period is the date beginning of the usage period.\n", + "format": "date-time", + "type": "string" + }, + "remainingCredits": { + "description": "RemainingCredits is the amount of credits left at the beginning of the period.\n", + "type": "integer" + }, + "serverless": { + "$ref": "#/components/schemas/types.ServerlessUsage" + }, + "waas": { + "$ref": "#/components/schemas/types.DefenderUsage" + }, + "waasOutOfBand": { + "$ref": "#/components/schemas/types.DefenderUsage" + } + }, + "type": "object" + }, + "types.AppFirewallAttackCount": { + "description": "AppFirewallAttackCount holds app firewall attack type and the amount of audits", + "properties": { + "count": { + "description": "Count is the count for the attack type.\n", + "type": "integer" + }, + "type": { + "$ref": "#/components/schemas/waas.AttackType" + } + }, + "type": "object" + }, + "types.AppFirewallStats": { + "additionalProperties": { + "$ref": "#/components/schemas/int" + }, + "description": "AppFirewallStats are the daily stats for app firewall audits\nTODO #20802 - replace string key with WAAS attack type type when mongo changed to avoid encoding map keys without stringer", + "type": "object" + }, + "types.ArtifactoryWebhookRequest": { + "description": "ArtifactoryWebhookRequest is an artifactory webhook request\nArtifactory doesn't have native webhook support, instead it comes as a plugin\nhttps://github.com/jfrog/artifactory-user-plugins/tree/master/webhook\nThe relevant fields in the this struct were reverse engineered from the webhook groovy code and from the fields that were sent by a real artifactory environment", + "type": "object" + }, + "types.AttackTechniqueStats": { + "additionalProperties": { + "$ref": "#/components/schemas/int" + }, + "description": "AttackTechniqueStats represents statistics grouped by attack technique", + "type": "object" + }, + "types.AuditTimeslice": { + "description": "AuditTimeslice counts the number of audit events for a given time period", + "properties": { + "count": { + "description": "Count is the number of audit occurrences.\n", + "type": "integer" + }, + "end": { + "description": "End is the end time of the bucket.\n", + "format": "date-time", + "type": "string" + }, + "start": { + "description": "Start is the start time of the bucket.\n", + "format": "date-time", + "type": "string" + } + }, + "type": "object" + }, + "types.AvailableVulnerabilities": { + "description": "AvailableVulnerabilities contains all available vulnerabilities types", + "properties": { + "complianceVulnerabilities": { + "description": "Compliance is the list of all available compliance issues.\n", + "items": { + "$ref": "#/components/schemas/vuln.Vulnerability" + }, + "type": "array" + }, + "cveVulnerabilities": { + "description": "CVE is all available cve vulnerabilities.\n", + "items": { + "$ref": "#/components/schemas/vuln.Vulnerability" + }, + "type": "array" + } + }, + "type": "object" + }, + "types.BaseImage": { + "description": "BaseImage represents an image which is defined as a base image", + "properties": { + "creationTime": { + "description": "CreationTime is the time when the image was created.\n", + "format": "date-time", + "type": "string" + }, + "imageName": { + "description": "ImageName is the image name repository:tag.\n", + "type": "string" + }, + "topLayer": { + "description": "TopLayer is the SHA256 of the image's last filesystem layer.\n", + "type": "string" + } + }, + "type": "object" + }, + "types.BaseImagesRule": { + "description": "BaseImagesRule holds the base images defined by a single scope", + "properties": { + "_id": { + "description": "Pattern is the scope configuration identification, e.g. image name regex pattern.\n", + "type": "string" + }, + "description": { + "description": "Description is the base images scope description.\n", + "type": "string" + }, + "images": { + "description": "Images holds the base images which matches the scope configuration, capped to 50 image digests per scope.\n", + "items": { + "$ref": "#/components/schemas/types.BaseImage" + }, + "type": "array" + } + }, + "type": "object" + }, + "types.CVEStats": { + "description": "CVEStats represents statistics about a CVE type", + "properties": { + "count": { + "description": "Count is the number of CVEs from the specific type.\n", + "type": "integer" + }, + "distro": { + "description": "Distro is the impacted image distro (e.g., ubuntu).\n", + "type": "string" + }, + "distro_release": { + "description": "DistroRelase is the impacted image distro release (bionic).\n", + "type": "string" + }, + "modified": { + "description": "Modified is the max unix timestamp for the specific CVE.\n", + "format": "int64", + "type": "integer" + }, + "type": { + "description": "Type is the vulnerability type.\n", + "type": "string" + } + }, + "type": "object" + }, + "types.CVEVulnerability": { + "description": "CVEVulnerability holds data on package and files vulnerabilities", + "properties": { + "affected_cpes": { + "$ref": "#/components/schemas/vuln.RHELCpeHashes" + }, + "app_vuln_id": { + "description": "AppVulnID is the unique ID of the application vulnerability (app+cve+internal custom ID).\n", + "type": "string" + }, + "archs": { + "$ref": "#/components/schemas/shared.CPUArchs" + }, + "conditions": { + "$ref": "#/components/schemas/vuln.Conditions" + }, + "custom": { + "description": "Custom indicates if this is a custom vulnerability.\n", + "type": "boolean" + }, + "cve": { + "description": ".\n", + "type": "string" + }, + "cvss": { + "description": ".\n", + "format": "float", + "type": "number" + }, + "description": { + "description": "Description is the vulnerability description.\n", + "type": "string" + }, + "distro": { + "description": ".\n", + "type": "string" + }, + "distro_release": { + "description": ".\n", + "type": "string" + }, + "exploit": { + "$ref": "#/components/schemas/vuln.ExploitType" + }, + "exploits": { + "$ref": "#/components/schemas/vuln.Exploits" + }, + "fixDate": { + "description": "FixDate is the date this CVE was fixed (unix timestamp).\n", + "format": "int64", + "type": "integer" + }, + "go_package": { + "description": "GoPackage indicates a Go vulnerability at package-level and holds the package import path.\n", + "type": "string" + }, + "jar_identifier": { + "description": "JarIdentifier holds an additional identification detail of the vulnerable JAR.\n", + "type": "string" + }, + "link": { + "description": "Link is the link for information about the vulnerability (used for custom vulnerabilities).\n", + "type": "string" + }, + "link_id": { + "description": "LinkID is the ID required to construct the vendor link to the CVE.\n", + "type": "string" + }, + "modified": { + "description": "Modified is the last time this CVE was modified (unix timestamp).\n", + "format": "int64", + "type": "integer" + }, + "package": { + "description": ".\n", + "type": "string" + }, + "rules": { + "$ref": "#/components/schemas/vuln.Rules" + }, + "severity": { + "description": ".\n", + "type": "string" + }, + "status": { + "description": "Status is the official vendor state for the CVE.\n", + "type": "string" + }, + "type": { + "$ref": "#/components/schemas/shared.CVEType" + }, + "vecStr": { + "description": "VectorString is the NVD vulnerability string.\n", + "type": "string" + } + }, + "type": "object" + }, + "types.CertData": { + "description": "CertData is used to add a custom certificate to the product", + "properties": { + "certificate": { + "description": "Data is the certificate pem data.\n", + "type": "string" + } + }, + "type": "object" + }, + "types.CertSettings": { + "description": "CertSettings are the certificates settings", + "properties": { + "caExpiration": { + "description": "CAExpiration holds the expiration date of the CA cert.\n", + "format": "date-time", + "type": "string" + }, + "consoleSAN": { + "description": "ConsoleSAN if specified, use this list as the SAN for the console server certificate. Used for websocket and API.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "defenderOldCAExpiration": { + "description": "DefenderOldCAExpiration holds the expiration time of the defender old CA cert.\n", + "format": "date-time", + "type": "string" + } + }, + "type": "object" + }, + "types.CertificateSettings": { + "description": "CertificateSettings are the certificate settings", + "properties": { + "accessCaCert": { + "description": "AccessCACert is a custom CA certificate.\n", + "type": "string" + }, + "certificatePeriodDays": { + "description": "CertificatePeriodDays is the certificates period in days.\n", + "type": "integer" + } + }, + "type": "object" + }, + "types.ClusterRadarInfo": { + "description": "ClusterRadarInfo contains cluster information to display on the radar", + "properties": { + "cloudProivder": { + "$ref": "#/components/schemas/common.CloudProvider" + }, + "hostCount": { + "description": "HostCount is the number of host running the cluster.\n", + "type": "integer" + }, + "name": { + "description": "Name of the cluster.\n", + "type": "string" + }, + "namespaceCount": { + "description": "Namespace is the number of namespace in the cluster.\n", + "type": "integer" + } + }, + "type": "object" + }, + "types.ComplianceCategoryStats": { + "description": "ComplianceCategoryStats holds data regarding a compliance category", + "properties": { + "failed": { + "description": "Failed is the count of impacted resources by the category IDs.\n", + "type": "integer" + }, + "name": { + "$ref": "#/components/schemas/vuln.ComplianceCategory" + }, + "total": { + "description": "Total is the count of evaluations of category IDs.\n", + "type": "integer" + } + }, + "type": "object" + }, + "types.ComplianceDailyStats": { + "description": "ComplianceDailyStats is the compliance daily stats", + "properties": { + "_id": { + "description": "Date holds the date the data was collected.\n", + "type": "string" + }, + "distribution": { + "$ref": "#/components/schemas/vuln.Distribution" + }, + "modified": { + "description": "Modified is the time the data was modified.\n", + "format": "date-time", + "type": "string" + } + }, + "type": "object" + }, + "types.ComplianceIDStats": { + "description": "ComplianceIDStats holds data regarding applied compliance ID", + "properties": { + "benchmarkID": { + "description": "BenchmarkID is the benchmark ID.\n", + "type": "string" + }, + "category": { + "$ref": "#/components/schemas/vuln.ComplianceCategory" + }, + "description": { + "description": "Description is the compliance description.\n", + "type": "string" + }, + "failed": { + "description": "Failed is the number of occurrences of compliance ID in resources.\n", + "type": "integer" + }, + "id": { + "description": "ID is the compliance ID.\n", + "type": "integer" + }, + "severity": { + "description": "Severity is the compliance severity.\n", + "type": "string" + }, + "templateTitle": { + "description": "TemplateTitle is the template title.\n", + "type": "string" + }, + "total": { + "description": "Total is the count of resources evaluated with the compliance.\n", + "type": "integer" + }, + "type": { + "$ref": "#/components/schemas/vuln.Type" + } + }, + "type": "object" + }, + "types.ComplianceStats": { + "description": "ComplianceStats holds compliance data", + "properties": { + "categories": { + "description": "Compliance stats by category.\n", + "items": { + "$ref": "#/components/schemas/types.ComplianceCategoryStats" + }, + "type": "array" + }, + "daily": { + "description": "Daily compliance stats.\n", + "items": { + "$ref": "#/components/schemas/types.ComplianceDailyStats" + }, + "type": "array" + }, + "ids": { + "description": "Compliance data by check ID.\n", + "items": { + "$ref": "#/components/schemas/types.ComplianceIDStats" + }, + "type": "array" + }, + "rules": { + "description": "Compliance stats by policy rules.\n", + "items": { + "$ref": "#/components/schemas/types.RuleComplianceStats" + }, + "type": "array" + }, + "templates": { + "description": "Compliance stats by template.\n", + "items": { + "$ref": "#/components/schemas/types.ComplianceTemplateStats" + }, + "type": "array" + } + }, + "type": "object" + }, + "types.ComplianceTemplateStats": { + "description": "ComplianceTemplateStats holds data regarding a compliance template", + "properties": { + "failed": { + "description": "Failed is the count of impacted resources by the template IDs.\n", + "type": "integer" + }, + "name": { + "$ref": "#/components/schemas/vuln.ComplianceTemplate" + }, + "total": { + "description": "Total is the count of evaluations of template IDs.\n", + "type": "integer" + } + }, + "type": "object" + }, + "types.ConsoleAuthResponse": { + "description": "ConsoleAuthResponse represents the console certificates authentication response", + "properties": { + "role": { + "description": "UserRole is the authenticated user role.\n", + "type": "string" + }, + "token": { + "description": "Token is the console authentication response token.\n", + "type": "string" + } + }, + "type": "object" + }, + "types.ConsoleCertificateSettings": { + "description": "ConsoleCertificateSettings are the console certificate settings", + "properties": { + "checkRevocation": { + "description": "CheckRevocation indicates whether cert revocation status is required.\n", + "type": "boolean" + }, + "consoleCaCert": { + "description": "ConsoleCACert is a custom CA certificate for the console.\n", + "type": "string" + }, + "consoleCustomCert": { + "$ref": "#/components/schemas/common.Secret" + }, + "hpkp": { + "$ref": "#/components/schemas/types.HPKPSettings" + } + }, + "type": "object" + }, + "types.ContainerRadarData": { + "description": "ContainerRadarData represent all data relevant to the network radar", + "properties": { + "containerCount": { + "description": "ContainerCount is the total number of containers.\n", + "type": "integer" + }, + "radar": { + "description": "Radar holds all radar entities.\n", + "items": { + "$ref": "#/components/schemas/types.ContainerRadarEntity" + }, + "type": "array" + }, + "radarSubnets": { + "description": "RadarSubnets holds all the radar subnets.\n", + "items": { + "$ref": "#/components/schemas/cnnf.NetworkEntity" + }, + "type": "array" + } + }, + "type": "object" + }, + "types.ContainerRadarEntity": { + "description": "ContainerRadarEntity is the extended container radar entity (include presentation metadata)", + "properties": { + "_id": { + "description": ".\n", + "type": "string" + }, + "agentless": { + "description": "Agentless indicates whether this container was scanned by the agentless scanner.\n", + "type": "boolean" + }, + "allowAll": { + "$ref": "#/components/schemas/cnnf.AllowAllConnections" + }, + "appFirewallAttackCounts": { + "description": "AppFirewallAttackCounts is the counts for the app firewall attacks.\n", + "items": { + "$ref": "#/components/schemas/types.AppFirewallAttackCount" + }, + "type": "array" + }, + "cluster": { + "description": "Cluster is the provided cluster name.\n", + "type": "string" + }, + "complianceDistribution": { + "$ref": "#/components/schemas/vuln.Distribution" + }, + "containerCount": { + "description": "ContainerCount is the amount of containers per entity.\n", + "type": "integer" + }, + "distro": { + "description": ".\n", + "type": "string" + }, + "dns": { + "description": "DNS states whether this is a DNS node.\n", + "type": "boolean" + }, + "filesystemCount": { + "description": ".\n", + "type": "integer" + }, + "firewallProtection": { + "$ref": "#/components/schemas/waas.ProtectionStatus" + }, + "geoip": { + "$ref": "#/components/schemas/runtime.ProfileNetworkGeoIP" + }, + "hasDNSConnection": { + "description": "HasDNSConnection states whether the node has DNS connection.\n", + "type": "boolean" + }, + "hostCount": { + "description": ".\n", + "type": "integer" + }, + "hostname": { + "description": ".\n", + "type": "string" + }, + "imageID": { + "description": "ImageID is the entity's image ID.\n", + "type": "string" + }, + "imageName": { + "description": "ImageName is the entity's image name.\n", + "type": "string" + }, + "imageNames": { + "description": "ImageNames are the names of the image associated with the radar entity.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "incidentCount": { + "description": "IncidentCount is the number of incidents.\n", + "type": "integer" + }, + "incomingConnections": { + "description": "IncomingConnections are the radar entity incoming connections.\n", + "items": { + "$ref": "#/components/schemas/shared.ContainerRadarIncomingConnection" + }, + "type": "array" + }, + "internet": { + "$ref": "#/components/schemas/shared.InternetConnections" + }, + "istio": { + "description": "Istio states whether it is an istio-monitored entity.\n", + "type": "boolean" + }, + "istioAuthorizationPolicies": { + "description": "IstioAuthorizationPolicies are the Istio authorization policies.\n", + "items": { + "$ref": "#/components/schemas/istio.AuthorizationPolicy" + }, + "type": "array" + }, + "k8s": { + "$ref": "#/components/schemas/shared.ProfileKubernetesData" + }, + "label": { + "description": "Label is the entity's label.\n", + "type": "string" + }, + "labels": { + "description": "Labels are the radar entity labels.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "learning": { + "description": "Learning indicates whether the runtime profile associated with the entity is in learning state.\n", + "type": "boolean" + }, + "namespace": { + "description": "Namespace is the kubernetes namespace the entity belongs to (for kubernetes type).\n", + "type": "string" + }, + "networkCount": { + "description": ".\n", + "type": "integer" + }, + "processesCount": { + "description": ".\n", + "type": "integer" + }, + "profileHash": { + "$ref": "#/components/schemas/common.ProfileHash" + }, + "region": { + "description": "Region is the cloud provider region.\n", + "type": "string" + }, + "resolved": { + "description": "Resolved indicates if the entity has all data resolved or just contains the ID and hash, used to indicate if the console should be updated on entity resolving.\n", + "type": "boolean" + }, + "serviceIP": { + "description": "ServiceIP the ip of the kubernetes service (for kubernetes type).\n", + "type": "string" + }, + "serviceName": { + "description": "ServiceName is kubernetes service the entity belongs to (for kubernetes type).\n", + "type": "string" + }, + "servicePorts": { + "description": "ServicePorts are the ports the kubernetes service exposes (for kubernetes type).\n", + "items": { + "$ref": "#/components/schemas/int" + }, + "type": "array" + }, + "shouldSkipNetwork": { + "description": "ShouldSkipNetwork indicates whether network monitoring for this container should be skipeed or not.\n", + "type": "boolean" + }, + "subnetConnections": { + "$ref": "#/components/schemas/shared.SubnetConnections" + }, + "type": { + "$ref": "#/components/schemas/shared.EntityType" + }, + "vulnerabilityDistribution": { + "$ref": "#/components/schemas/vuln.Distribution" + }, + "waasStats": { + "$ref": "#/components/schemas/waas.MonitoringStats" + } + }, + "type": "object" + }, + "types.CredentialUsage": { + "description": "CredentialUsage represents a single credential usage", + "properties": { + "description": { + "description": "Resource description (e.g., repository name for registry scan).\n", + "type": "string" + }, + "type": { + "$ref": "#/components/schemas/cred.UsageType" + } + }, + "type": "object" + }, + "types.DefenderSummary": { + "description": "DefenderSummary is a summary for a type of defender", + "properties": { + "category": { + "$ref": "#/components/schemas/defender.Category" + }, + "connected": { + "description": "Connected counts how many defenders are connected for this category.\n", + "type": "integer" + }, + "deployed": { + "description": "Deployed counts how many defenders are deployed for this category.\n", + "type": "integer" + }, + "licensed": { + "description": "Licensed counts how many defenders are licensed for this category.\n", + "type": "integer" + } + }, + "type": "object" + }, + "types.DefenderUsage": { + "description": "DefenderUsage holds the number of defenders and the credits used for a specific defender type", + "properties": { + "creditCount": { + "description": "CreditCount is credits that was used for this defender type.\n", + "format": "double", + "type": "number" + }, + "defendersCount": { + "description": "DefendersCount is the number of defenders that was used for this defender type.\n", + "format": "double", + "type": "number" + } + }, + "type": "object" + }, + "types.DefendersVersionCount": { + "description": "DefendersVersionCount holds the defenders count per each version", + "properties": { + "count": { + "description": "Defenders count per version.\n", + "type": "integer" + }, + "version": { + "description": "Release version.\n", + "type": "string" + } + }, + "type": "object" + }, + "types.DiscoveredVM": { + "description": "DiscoveredVM represents the information about the instance, fetched from the cloud compute interface", + "properties": { + "_id": { + "description": "ID is the instance id. E.g. \"i-5cd23551\".\n", + "type": "string" + }, + "accountID": { + "description": "AccountID is the cloud provider account ID.\n", + "type": "string" + }, + "architecture": { + "description": "Architecture is the architecture of the image.\n", + "type": "string" + }, + "arn": { + "description": "The Amazon Resource Name (ARN) assigned to the instance.\n", + "type": "string" + }, + "awsSubnetID": { + "description": "AWSSubnetID is the ID of the subnet associated with the VM (AWS only).\n", + "type": "string" + }, + "awsVPCID": { + "description": "AWSVPCID is the ID of the VPC associated with the VM (AWS only).\n", + "type": "string" + }, + "cluster": { + "description": "Cluster is the cluster name that is associated with the vm.\n", + "type": "string" + }, + "collections": { + "description": "Collections is a list of the matched collections.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "createdAt": { + "description": "CreatedAt is the time when the instance was launched.\n", + "format": "date-time", + "type": "string" + }, + "fqdn": { + "description": "FQDN is the host's fully qualified domain name . E.g. \"ip-192-0-2-0.us-east-2.compute.internal\".\n", + "type": "string" + }, + "hasDefender": { + "description": "HasDefender indicates that the instance has a defender installed on it.\n", + "type": "boolean" + }, + "hostname": { + "description": "Hostname is the hostname. E.g. \"ip-192-0-2-0\" or \"custom\".\n", + "type": "string" + }, + "imageID": { + "description": "ImageID is the ID of the AMI used to launch the instance. E.g. \"ami-35501205\".\n", + "type": "string" + }, + "imageName": { + "description": "ImageName is the name of the AMI used to launch the instance.\n", + "type": "string" + }, + "name": { + "description": "Name is the instance name.\n", + "type": "string" + }, + "os": { + "description": "OS is the Operating System installed on the instance.\n", + "type": "string" + }, + "osInfo": { + "$ref": "#/components/schemas/common.OSDistroInfo" + }, + "provider": { + "$ref": "#/components/schemas/common.CloudProvider" + }, + "region": { + "description": "Region is the region the VM is located at.\n", + "type": "string" + }, + "tags": { + "description": "Tags are the tags of the VM instance.\n", + "items": { + "$ref": "#/components/schemas/common.ExternalLabel" + }, + "type": "array" + }, + "timestamp": { + "description": "Timestamp is the time in which the instance info was fetched.\n", + "format": "date-time", + "type": "string" + } + }, + "type": "object" + }, + "types.EcsTaskDefinitionOptions": { + "description": "EcsTaskDefinitionOptions holds the ecs deployment options", + "properties": { + "annotations": { + "additionalProperties": { + "$ref": "#/components/schemas/string" + }, + "description": "Annotations is mapping of key-value pairs of annotations metadata - optional.\n", + "type": "object" + }, + "bottlerocket": { + "description": "Bottlerocket indicates whether to be deployed on a Bottlerocket Linux OS.\n", + "type": "boolean" + }, + "cluster": { + "description": "Cluster is the kubernetes or ecs cluster name.\n", + "type": "string" + }, + "collectPodLabels": { + "description": "CollectPodLabels indicates whether to collect pod related labels resource labels.\n", + "type": "boolean" + }, + "consoleAddr": { + "description": "ConsoleAddr is the console address for defender communication.\n", + "type": "string" + }, + "containerRuntime": { + "$ref": "#/components/schemas/common.ContainerRuntime" + }, + "cpuLimit": { + "description": "CPULimit is the cpu limit for the defender deamonset - optional.\n", + "type": "integer" + }, + "credentialID": { + "description": "CredentialID is the name of the credential used.\n", + "type": "string" + }, + "dockerSocketPath": { + "description": "DockerSocketPath is the path of the docker socket file.\n", + "type": "string" + }, + "gkeAutopilot": { + "description": "GKEAutopilot indicates the deployment is requested for GKE Autopilot.\n", + "type": "boolean" + }, + "hostCustomComplianceEnabled": { + "description": "HostCustomComplianceEnabled indicates whether host custom compliance checks are enabled.\n", + "type": "boolean" + }, + "image": { + "description": "Image is the full daemonset image name.\n", + "type": "string" + }, + "istio": { + "description": "MonitorIstio indicates whether to monitor Istio.\n", + "type": "boolean" + }, + "memoryLimit": { + "description": "MemoryLimit is a memory limit for the defender deamonset - optional.\n", + "type": "integer" + }, + "namespace": { + "description": "Namespace is the target deamonset namespaces.\n", + "type": "string" + }, + "nodeSelector": { + "description": "NodeSelector is a key/value node selector.\n", + "type": "string" + }, + "orchestration": { + "description": "Orchestration is the orchestration type.\n", + "type": "string" + }, + "priorityClassName": { + "description": "PriorityClassName is the name of the priority class for the defender - optional.\n", + "type": "string" + }, + "privileged": { + "description": "Privileged indicates whether to run defenders as privileged.\n", + "type": "boolean" + }, + "projectID": { + "description": "ProjectID is the kubernetes cluster project ID.\n", + "type": "string" + }, + "proxy": { + "$ref": "#/components/schemas/common.DefenderProxyOpt" + }, + "region": { + "description": "Region is the kubernetes cluster location region.\n", + "type": "string" + }, + "roleARN": { + "description": "RoleARN is the role's ARN to associate with the created service account - optional.\n", + "type": "string" + }, + "secretsname": { + "description": "SecretsName is the name of the secret to pull.\n", + "type": "string" + }, + "selinux": { + "description": "SelinuxEnforced indicates whether selinux is enforced on the target host.\n", + "type": "boolean" + }, + "serviceaccounts": { + "description": "MonitorServiceAccounts indicates whether to monitor service accounts.\n", + "type": "boolean" + }, + "talos": { + "description": "Talos indicates if the daemonset is to be deployed on a Talos Linux k8s cluster.\n", + "type": "boolean" + }, + "taskName": { + "description": "TaskName is the name used for the task definition.\n", + "type": "string" + }, + "tolerations": { + "description": "Tolerations is a list of tolerations for the defender deamonset - optional.\n", + "items": { + "$ref": "#/components/schemas/common.Toleration" + }, + "type": "array" + }, + "uniqueHostname": { + "description": "UniqueHostname indicates whether to assign unique hostnames.\n", + "type": "boolean" + } + }, + "type": "object" + }, + "types.EventStats": { + "description": "EventStats holds counters for all event types", + "properties": { + "admissionAudits": { + "description": ".\n", + "type": "integer" + }, + "agentlessAppFirewall": { + "description": ".\n", + "type": "integer" + }, + "appEmbeddedAppFirewall": { + "description": ".\n", + "type": "integer" + }, + "appEmbeddedRuntime": { + "description": ".\n", + "type": "integer" + }, + "containerAppFirewall": { + "description": ".\n", + "type": "integer" + }, + "containerNetworkFirewall": { + "description": ".\n", + "type": "integer" + }, + "containerRuntime": { + "description": ".\n", + "type": "integer" + }, + "dockerAccess": { + "description": ".\n", + "type": "integer" + }, + "fileIntegrity": { + "description": ".\n", + "type": "integer" + }, + "hostActivities": { + "description": ".\n", + "type": "integer" + }, + "hostAppFirewall": { + "description": ".\n", + "type": "integer" + }, + "hostNetworkFirewall": { + "description": ".\n", + "type": "integer" + }, + "hostRuntime": { + "description": ".\n", + "type": "integer" + }, + "kubernetesAudits": { + "description": ".\n", + "type": "integer" + }, + "logInspection": { + "description": ".\n", + "type": "integer" + }, + "serverlessAppFirewall": { + "description": ".\n", + "type": "integer" + }, + "serverlessRuntime": { + "description": ".\n", + "type": "integer" + }, + "trustAudits": { + "description": ".\n", + "type": "integer" + } + }, + "type": "object" + }, + "types.Group": { + "description": "Group represents a console group", + "properties": { + "_id": { + "description": "Group name.\n", + "type": "string" + }, + "groupId": { + "description": "Group identifier in the Azure SAML identification process.\n", + "type": "string" + }, + "groupName": { + "description": "Group name.\n", + "type": "string" + }, + "lastModified": { + "description": "Datetime when the group was created or last modified.\n", + "format": "date-time", + "type": "string" + }, + "ldapGroup": { + "description": "Indicates if the group is an LDAP group (true) or not (false).\n", + "type": "boolean" + }, + "oauthGroup": { + "description": "Indicates if the group is an OAuth group (true) or not (false).\n", + "type": "boolean" + }, + "oidcGroup": { + "description": "Indicates if the group is an OpenID Connect group (true) or not (false).\n", + "type": "boolean" + }, + "owner": { + "description": "User who created or modified the group.\n", + "type": "string" + }, + "permissions": { + "$ref": "#/components/schemas/api.Permissions" + }, + "role": { + "description": "Role of the group.\n", + "type": "string" + }, + "samlGroup": { + "description": "Indicates if the group is a SAML group (true) or not (false).\n", + "type": "boolean" + }, + "user": { + "description": "Users in the group.\n", + "items": { + "$ref": "#/components/schemas/shared.User" + }, + "type": "array" + } + }, + "type": "object" + }, + "types.Groups": { + "description": "Groups represents a list of groups", + "items": { + "$ref": "#/components/schemas/types.Group" + }, + "type": "array" + }, + "types.HPKPSettings": { + "description": "HPKPSettings represents the public key pinning settings", + "properties": { + "certs": { + "description": "Certs are the public certs used for fingerprinting.\n", + "type": "string" + }, + "enabled": { + "description": ".\n", + "type": "boolean" + }, + "fingerprints": { + "description": "SHA256 fingerprints of the certificates.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + "type": "object" + }, + "types.HostAutoDeploySpecStatus": { + "description": "HostAutoDeploySpecStatus contains the discovery and deployment status for a particular host auto-deploy spec", + "properties": { + "defended": { + "description": "Defended is the number of already defended VMs.\n", + "type": "integer" + }, + "discovered": { + "description": "Discovered is the number of discovered unprodected VMs.\n", + "type": "integer" + }, + "error": { + "description": "Error is an error logged during the the auto-deploy scan (if occurred).\n", + "type": "string" + }, + "errors": { + "description": "Errors are the errors occurred in the command invocations.\n", + "items": { + "$ref": "#/components/schemas/deployment.CommandError" + }, + "type": "array" + }, + "failed": { + "description": "Failed is the number of instances where deployment failed.\n", + "type": "integer" + }, + "missingPermissions": { + "description": "MissingPermissions is the number of instances in regions that the credential don't have permissions to them.\n", + "type": "integer" + }, + "name": { + "description": "Name is the spec name.\n", + "type": "string" + }, + "skipped": { + "description": "Skipped is the number of instances that the deployment was skipped for due to having a running Docker engine or being a worker node in a k8s cluster.\n", + "type": "integer" + }, + "unmatched": { + "description": "Unmatched is the number of discovered instances for which the scope does not apply.\n", + "type": "integer" + }, + "unsupported": { + "description": "Unsupported is the number of instances with missing prerequisites.\n", + "type": "integer" + }, + "windows": { + "description": "Windows is the number of windows instances discovered.\n", + "type": "integer" + } + }, + "type": "object" + }, + "types.HostAutoDeployStatus": { + "description": "HostAutoDeployStatus is the status of the deployment tasks per spec during the host auto-deploy action", + "properties": { + "scanning": { + "description": "Scanning indicates whether scanning is running.\n", + "type": "boolean" + }, + "status": { + "description": "Status contains the deploy status for each spec.\n", + "items": { + "$ref": "#/components/schemas/types.HostAutoDeploySpecStatus" + }, + "type": "array" + } + }, + "type": "object" + }, + "types.HostRadarData": { + "description": "HostRadarData represent all data relevant to the network radar", + "properties": { + "hostCount": { + "description": "HostCount is the total number of hosts.\n", + "type": "integer" + }, + "radar": { + "description": "Radar holds all radar entities.\n", + "items": { + "$ref": "#/components/schemas/types.HostRadarEntity" + }, + "type": "array" + }, + "radarSubnets": { + "description": "RadarSubnets holds all the radar subnets.\n", + "items": { + "$ref": "#/components/schemas/cnnf.NetworkEntity" + }, + "type": "array" + } + }, + "type": "object" + }, + "types.HostRadarEntity": { + "description": "HostRadarEntity is the extended host radar entity (include presentation metadata)", + "properties": { + "OSDistro": { + "description": "OSDistro is the OS distro name (e.g., ubuntu).\n", + "type": "string" + }, + "_id": { + "description": "ID is the host name.\n", + "type": "string" + }, + "activitiesCount": { + "description": "ActivitiesCount is the number of activities detected in the host.\n", + "type": "integer" + }, + "agentless": { + "description": "Agentless indicates whether this host was scanned by the agentless scanner.\n", + "type": "boolean" + }, + "allowAll": { + "$ref": "#/components/schemas/cnnf.AllowAllConnections" + }, + "appFirewallAttackCounts": { + "description": "AppFirewallAttackCounts is the counts for the app firewall attacks.\n", + "items": { + "$ref": "#/components/schemas/types.AppFirewallAttackCount" + }, + "type": "array" + }, + "cloudMetadata": { + "$ref": "#/components/schemas/common.CloudMetadata" + }, + "cluster": { + "description": "Cluster is the cluster the host is deployed on.\n", + "type": "string" + }, + "complianceDistribution": { + "$ref": "#/components/schemas/vuln.Distribution" + }, + "created": { + "description": "Created is the profile creation time.\n", + "format": "date-time", + "type": "string" + }, + "fileIntegrityCount": { + "description": "FileIntegrityCount is the number of file integrity events detected in the host.\n", + "type": "integer" + }, + "filesystemCount": { + "description": "FilesystemCount is number of filesystem events triggered by the entity.\n", + "type": "integer" + }, + "firewallProtection": { + "$ref": "#/components/schemas/waas.ProtectionStatus" + }, + "geoip": { + "$ref": "#/components/schemas/runtime.ProfileNetworkGeoIP" + }, + "incidentCount": { + "description": "IncidentCount is the number of incidents triggered by the entity.\n", + "type": "integer" + }, + "incoming": { + "description": "Incoming are the incoming connections from the host.\n", + "items": { + "$ref": "#/components/schemas/shared.HostRadarIncomingConnection" + }, + "type": "array" + }, + "internet": { + "$ref": "#/components/schemas/shared.InternetConnections" + }, + "labels": { + "description": "Labels are the labels associated with the profile.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "listeningPorts": { + "$ref": "#/components/schemas/common.ProfilePortData" + }, + "logInspectionCount": { + "description": "LogInspectionCount is the number of log inspection events detected in the host.\n", + "type": "integer" + }, + "networkCount": { + "description": "NetworkCount is number of network events triggered by the entity.\n", + "type": "integer" + }, + "outboundPorts": { + "$ref": "#/components/schemas/common.ProfilePortData" + }, + "processesCount": { + "description": "ProcessesCount is the number of processes events triggered by the entity.\n", + "type": "integer" + }, + "profileHash": { + "$ref": "#/components/schemas/common.ProfileHash" + }, + "subnetConnections": { + "$ref": "#/components/schemas/shared.SubnetConnections" + }, + "vulnerabilityDistribution": { + "$ref": "#/components/schemas/vuln.Distribution" + }, + "waasStats": { + "$ref": "#/components/schemas/waas.MonitoringStats" + } + }, + "type": "object" + }, + "types.ImageScanOptions": { + "description": "ImageScanOptions holds the options for image scanning", + "properties": { + "hostname": { + "description": "Hostname is the optional host name to scan.\n", + "type": "string" + }, + "imageTag": { + "$ref": "#/components/schemas/shared.ImageTag" + } + }, + "type": "object" + }, + "types.ImpactedContainer": { + "description": "ImpactedContainer contains details of a running container with an impacted image", + "properties": { + "container": { + "description": ".\n", + "type": "string" + }, + "factors": { + "$ref": "#/components/schemas/types.RiskScoreFactors" + }, + "host": { + "description": ".\n", + "type": "string" + }, + "image": { + "description": ".\n", + "type": "string" + }, + "imageID": { + "description": ".\n", + "type": "string" + }, + "namespace": { + "description": ".\n", + "type": "string" + } + }, + "type": "object" + }, + "types.ImpactedOutOfBandEntity": { + "description": "ImpactedOutOfBandEntity holds the info of an impacted out of band entity", + "properties": { + "containerName": { + "description": "ContainerName is the name of the container or empty for host.\n", + "type": "string" + }, + "hostname": { + "description": "Hostname is the name of the host that was scanned or host on which the container is deployed.\n", + "type": "string" + }, + "image": { + "description": "Image is the image name of the container or empty for host.\n", + "type": "string" + } + }, + "type": "object" + }, + "types.ImpactedPackage": { + "description": "ImpactedPackage holds the vulnerability details for a package", + "properties": { + "cvss": { + "description": "CVSS is the vulnerability cvss score for this package.\n", + "format": "float", + "type": "number" + }, + "package": { + "description": "Package is the impacted package name and version.\n", + "type": "string" + }, + "severity": { + "description": "Severity is the vulnerability severity for this package.\n", + "type": "string" + } + }, + "type": "object" + }, + "types.ImpactedResourceDetails": { + "description": "ImpactedResourceDetails holds the vulnerability details for a specific impacted resource", + "properties": { + "containers": { + "description": "Containers are the running containers of this image found in the environment.\n", + "items": { + "$ref": "#/components/schemas/types.ImpactedContainer" + }, + "type": "array" + }, + "functionDetails": { + "description": "FunctionDetails is a formatted string holding function details.\n", + "type": "string" + }, + "packages": { + "description": "Packages holds vulnerability details per impacted package found in this resource.\n", + "items": { + "$ref": "#/components/schemas/types.ImpactedPackage" + }, + "type": "array" + }, + "resourceID": { + "description": "ResourceID is a resource identifier (e.g. image ID, hostname).\n", + "type": "string" + } + }, + "type": "object" + }, + "types.IntelligenceStatus": { + "description": "IntelligenceStatus stores the status on the intelligence service", + "properties": { + "connected": { + "description": ".\n", + "type": "boolean" + }, + "err": { + "description": ".\n", + "type": "string" + }, + "lastUpdate": { + "description": ".\n", + "format": "date-time", + "type": "string" + }, + "modified": { + "description": ".\n", + "format": "date-time", + "type": "string" + } + }, + "type": "object" + }, + "types.LatestVersion": { + "description": "LatestVersion represents the latest remote product version", + "properties": { + "latestVersion": { + "description": "LatestVersion is the latest official product version.\n", + "type": "string" + } + }, + "type": "object" + }, + "types.LicenseStats": { + "description": "LicenseStats holds the console license stats", + "properties": { + "avg": { + "description": "Avg is the average number of credits.\n", + "format": "double", + "type": "number" + }, + "containerDefenders": { + "description": "ContainerDefenders is the total number of container defenders.\n", + "type": "integer" + }, + "dailySamplesDefenders": { + "description": "DailySamplesDefenders holds the last 30 daily credits averages.\n", + "items": { + "$ref": "#/components/schemas/float64" + }, + "type": "array" + }, + "exceeded": { + "description": "Exceeded indicates the number of credits exceeded license.\n", + "type": "boolean" + }, + "hostDefenders": { + "description": "HostDefenders is the total number of host defenders.\n", + "type": "integer" + }, + "hourAvg": { + "description": "HourAvg is the average number of credits per hour.\n", + "format": "double", + "type": "number" + }, + "hourSamples": { + "description": "HourSamples is the number of hourly samples collected.\n", + "format": "double", + "type": "number" + }, + "monthlyUsage": { + "description": "MonthlyUsage holds the last 24 monthly usage averages.\n", + "items": { + "$ref": "#/components/schemas/types.AllDefendersUsage" + }, + "type": "array" + }, + "msg": { + "description": "Msg is the license exceeded error/warning message to show.\n", + "type": "string" + }, + "onDemandCredits": { + "description": "OnDemandCredits is the number of on demand credits used during the current contract.\n", + "type": "integer" + }, + "protectedFunctions": { + "description": "ProtectedFunctions is the number of serverless functions that have a defender installed.\n", + "format": "double", + "type": "number" + }, + "scannedFunctions": { + "description": "ScannedFunctions is the number functions being scanned for vulnerabilities and compliance issues without a defender installed.\n", + "format": "double", + "type": "number" + }, + "serverlessTimestamp": { + "description": "ServerlessTimestamp is the timestamp for the last serverless credit calculation.\n", + "format": "date-time", + "type": "string" + }, + "timestamp": { + "description": "Timestamp is the last collection timestamp.\n", + "format": "date-time", + "type": "string" + }, + "totalCreditUsage": { + "description": "TotalCreditUsage is the total amount of credits used from the beginning of the current contract.\n", + "type": "integer" + } + }, + "type": "object" + }, + "types.LogUploadResponse": { + "description": "LogUploadResponse returns the result of uploading a file to the intelligence", + "properties": { + "remotePath": { + "description": "Path returned by the intelligence.\n", + "type": "string" + } + }, + "type": "object" + }, + "types.LogonSettings": { + "description": "LogonSettings are settings associated with the login properties", + "properties": { + "basicAuthDisabled": { + "description": "Indicates whether the user can use basic auth.\n", + "type": "boolean" + }, + "includeTLS": { + "description": "IncludeTLS indicates that TLS checks should be included in copy links.\n", + "type": "boolean" + }, + "sessionTimeoutSec": { + "description": "SessionTimeoutSec defines the session timeout in seconds.\n", + "format": "int64", + "type": "integer" + }, + "strongPassword": { + "description": "StrongPassword indicates whether strong password enforcement is applied.\n", + "type": "boolean" + }, + "useSupportCredentials": { + "description": "UseSupportCredentials indicates whether to include credentials in the URL.\n", + "type": "boolean" + } + }, + "type": "object" + }, + "types.MgmtAuditFilters": { + "description": "MgmtAuditFilters are filters for management audit queries", + "properties": { + "type": { + "description": "Type is the management audit type filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "username": { + "description": "Usernames is a filter for specific users.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + "type": "object" + }, + "types.NetworkFirewallStats": { + "description": "NetworkFirewallStats stores the total amount of network firewall audits", + "properties": { + "alerted": { + "description": ".\n", + "type": "integer" + }, + "blocked": { + "description": ".\n", + "type": "integer" + } + }, + "type": "object" + }, + "types.ProfileStateUpdate": { + "description": "ProfileStateUpdate is the request for updating profile state", + "properties": { + "profileID": { + "description": "ID is the profile ID to relearn.\n", + "type": "string" + }, + "state": { + "$ref": "#/components/schemas/shared.RuntimeProfileState" + } + }, + "type": "object" + }, + "types.Project": { + "description": "Project represent the project details", + "properties": { + "_id": { + "description": "ID is the project name (primary index).\n", + "type": "string" + }, + "address": { + "description": "Address is the project address.\n", + "type": "string" + }, + "ca": { + "description": "CACertificate is the remote console CA certificate.\n", + "items": { + "$ref": "#/components/schemas/byte" + }, + "type": "array" + }, + "creationTime": { + "description": "CreationTime is the remote project creation time.\n", + "format": "date-time", + "type": "string" + }, + "err": { + "description": "Err are errors that happened during project synchronization / setup.\n", + "type": "string" + }, + "password": { + "$ref": "#/components/schemas/common.Secret" + }, + "skipCertificateVerification": { + "description": "SkipCertificateVerification indicates that the connection to the secondary project is done on insecure channel, this is used when secondary\nproject is behind a proxy or when customer is using custom certs.\n", + "type": "boolean" + }, + "username": { + "description": "Username is the remote project username.\n", + "type": "string" + } + }, + "type": "object" + }, + "types.ProjectCredentials": { + "description": "ProjectCredentials are the supervisor project credentials", + "properties": { + "password": { + "description": "Password is the password used for the deleted project access.\n", + "type": "string" + }, + "user": { + "description": "User is the user used for the deleted project access.\n", + "type": "string" + } + }, + "type": "object" + }, + "types.RegistryWebhookRequest": { + "description": "RegistryWebhookRequest is a registry scanning webhook request.\nSchema supports multiple webhook providers:\nhttps://docs.docker.com/docker-hub/webhooks/\nhttps://docs.docker.com/registry/notifications/", + "properties": { + "action": { + "description": "Action is the webhook action.\n", + "type": "string" + }, + "artifactory": { + "$ref": "#/components/schemas/types.ArtifactoryWebhookRequest" + }, + "domain": { + "description": "Domain indicates the artifactory webhook domain (e.g., artifact, docker, build, etc). Used to avoid filter docker events.\n", + "type": "string" + }, + "event_type": { + "description": "EventType is the artifactory webhook action performed (e.g., push).\n", + "type": "string" + }, + "type": { + "description": "Type is the event type (Harbor registry).\n", + "type": "string" + } + }, + "type": "object" + }, + "types.ResourceVulnerabilityStats": { + "description": "ResourceVulnerabilityStats holds vulnerability stats of a single resource type", + "properties": { + "count": { + "description": "Count is the total number of vulnerabilities.\n", + "type": "integer" + }, + "cves": { + "$ref": "#/components/schemas/vuln.Distribution" + }, + "impacted": { + "$ref": "#/components/schemas/vuln.Distribution" + }, + "vulnerabilities": { + "description": "All resource vulnerabilities.\n", + "items": { + "$ref": "#/components/schemas/types.VulnerabilityInfo" + }, + "type": "array" + } + }, + "type": "object" + }, + "types.RiskScoreFactors": { + "description": "RiskScoreFactors holds factors used to calculate risk score", + "properties": { + "envVarSecrets": { + "description": "EnvVarSecrets indicates whether a container has access to secrets via environment variables.\n", + "type": "boolean" + }, + "hostAccess": { + "description": "HostAccess indicates whether a container has access to the host network or namespace.\n", + "type": "boolean" + }, + "internet": { + "description": "Internet indicates whether a container has internet access.\n", + "type": "boolean" + }, + "network": { + "description": "Network indicates whether a container is listening to ports.\n", + "type": "boolean" + }, + "noSecurityProfile": { + "description": "NoSecurityProfile indicates whether a container has security profile issue.\n", + "type": "boolean" + }, + "privilegedContainer": { + "description": "PrivilegedContainer indicates whether a container runs using the --privileged flag.\n", + "type": "boolean" + }, + "rootMount": { + "description": "RootMount indicates whether a container has access to the host file system using a root mount.\n", + "type": "boolean" + }, + "rootPrivilege": { + "description": "RootPrivilege indicates whether a container runs as root.\n", + "type": "boolean" + }, + "runtimeSocket": { + "description": "RuntimeSocket indicates whether a container has the runtime socket mounted.\n", + "type": "boolean" + } + }, + "type": "object" + }, + "types.RuleComplianceStats": { + "description": "RuleComplianceStats holds data regarding applied compliance rule", + "properties": { + "failed": { + "description": "Failed is the count of the rule compliance IDs in resources.\n", + "type": "integer" + }, + "name": { + "description": "Name is the name of the applied rule.\n", + "type": "string" + }, + "policyType": { + "$ref": "#/components/schemas/common.PolicyType" + }, + "total": { + "description": "Total is the count of evaluations done by rule.\n", + "type": "integer" + } + }, + "type": "object" + }, + "types.RuntimeStats": { + "description": "RuntimeStats are stats for runtime flows (sum of audits per flow)", + "properties": { + "filesystem": { + "description": ".\n", + "type": "integer" + }, + "kubernetes": { + "description": ".\n", + "type": "integer" + }, + "network": { + "description": ".\n", + "type": "integer" + }, + "processes": { + "description": ".\n", + "type": "integer" + } + }, + "type": "object" + }, + "types.SecretsStatus": { + "description": "SecretsStatus holds the update status for the secrets", + "properties": { + "err": { + "description": ".\n", + "type": "string" + }, + "lastUpdate": { + "description": ".\n", + "format": "date-time", + "type": "string" + } + }, + "type": "object" + }, + "types.SecurityAdvisorConfiguration": { + "description": "SecurityAdvisorConfiguration is the security configuration associated with security advisor", + "properties": { + "accountID": { + "description": "AccountID is the customer account ID.\n", + "type": "string" + }, + "apikey": { + "description": "APIKey is the security advisor secret.\n", + "type": "string" + }, + "findingsURL": { + "description": "FindingsURL is the url to which findings should be sent.\n", + "type": "string" + }, + "providerId": { + "description": "ProviderID is the id assigned to Twistlock.\n", + "type": "string" + }, + "tokenURL": { + "description": "TokenURL is the url from which token should be fetched.\n", + "type": "string" + } + }, + "type": "object" + }, + "types.SecurityAdvisorDashboardResp": { + "description": "SecurityAdvisorDashboardResp is the response to security advisor dashboard", + "properties": { + "url": { + "description": "URL is the console URL link.\n", + "type": "string" + } + }, + "type": "object" + }, + "types.SecurityAdvisorNotes": { + "description": "SecurityAdvisorNotes security advisor the security advisor finding metadata", + "properties": { + "changedSince": { + "description": "ChangedSince is the last time entries were modified.\n", + "type": "string" + } + }, + "type": "object" + }, + "types.ServerlessAutoDeploySpecStatus": { + "description": "ServerlessAutoDeploySpecStatus contains status for a particular serverless auto-deploy spec", + "properties": { + "defended": { + "description": "Defended is the number of already defended functions.\n", + "type": "integer" + }, + "discovered": { + "description": "Discovered is the number of functions to protect.\n", + "type": "integer" + }, + "name": { + "description": "Name is the spec name.\n", + "type": "string" + } + }, + "type": "object" + }, + "types.ServerlessAutoDeployStatus": { + "description": "ServerlessAutoDeployStatus is the status of the serverless auto-deploy scan", + "properties": { + "errors": { + "description": "Errors is the collection of errors for the auto-deploy scan.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "scanning": { + "description": "Scanning indicates whether scanning is running.\n", + "type": "boolean" + }, + "specs": { + "description": "Specs contains the status for each spec.\n", + "items": { + "$ref": "#/components/schemas/types.ServerlessAutoDeploySpecStatus" + }, + "type": "array" + } + }, + "type": "object" + }, + "types.ServerlessRadarStatus": { + "description": "ServerlessRadarStatus holds the status for serverless radar scans", + "properties": { + "err": { + "description": ".\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + "type": "object" + }, + "types.ServerlessUsage": { + "description": "ServerlessUsage holds the number of defenders, invocations and credits used for serverless defenders", + "properties": { + "creditCount": { + "description": "CreditCount is credits that was used for this defender type.\n", + "format": "double", + "type": "number" + }, + "defendersCount": { + "description": "DefendersCount is the number of defenders that was used for this defender type.\n", + "format": "double", + "type": "number" + }, + "protectedFunctions": { + "description": "ProtectedFunctions is the number of serverless functions that have a defender installed.\n", + "format": "double", + "type": "number" + }, + "scannedFunctions": { + "description": "ScannedFunctions is the number functions being scanned for vulnerabilities and compliance issues without a defender installed.\n", + "format": "double", + "type": "number" + } + }, + "type": "object" + }, + "types.Settings": { + "description": "Settings are the global system settings", + "properties": { + "WAASLogScrubbingSpecs": { + "$ref": "#/components/schemas/waas.SensitiveDataSpecs" + }, + "accessCaCert": { + "description": "AccessCACert is a custom CA certificate.\n", + "type": "string" + }, + "address": { + "description": "Address is the intelligence service address.\n", + "type": "string" + }, + "alerts": { + "$ref": "#/components/schemas/api.AlertSettings" + }, + "certSettings": { + "$ref": "#/components/schemas/types.CertSettings" + }, + "certificatePeriodDays": { + "description": "ClientCertificatePeriodDays is the certificates period in days of client certificates.\n", + "type": "integer" + }, + "checkRevocation": { + "description": "CheckRevocation indicates whether cert revocation status is required.\n", + "type": "boolean" + }, + "clusteredDB": { + "$ref": "#/components/schemas/clustereddb.Settings" + }, + "codeRepoSettings": { + "$ref": "#/components/schemas/shared.CodeRepoSettings" + }, + "communicationPort": { + "description": "MgmtPortHTTP is the Console HTTP port.\n", + "type": "integer" + }, + "consoleCaCert": { + "description": "ConsoleCACert is a custom CA certificate for the console.\n", + "type": "string" + }, + "consoleCustomCert": { + "$ref": "#/components/schemas/common.Secret" + }, + "consoleNames": { + "description": "ConsoleNames is a list of names to use when generating the console SAN certificate.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "credentialsCountLimit": { + "description": "CredentialsCountLimit is the maximum amount of allowed credentials.\n", + "type": "integer" + }, + "customEndpoint": { + "description": "CustomEndpoint is the user defined custom endpoint.\n", + "type": "string" + }, + "customEndpointCACert": { + "description": "CustomEndpointCACert is the custom CA cert bundle for trusting the custom endpoint.\n", + "type": "string" + }, + "customEndpointCredentialID": { + "description": "CustomEndpointCredentialID is the custom endpoint credential ID.\n", + "type": "string" + }, + "customEndpointEnabled": { + "description": "CustomEndpointEnabled indicates that the user custom endpoint is enabled.\n", + "type": "boolean" + }, + "customLabels": { + "$ref": "#/components/schemas/shared.CustomLabelsSettings" + }, + "defenderSettings": { + "$ref": "#/components/schemas/defender.Settings" + }, + "enabled": { + "description": "Enabled indicates whether intelligence service is enabled.\n", + "type": "boolean" + }, + "fipsEnabled": { + "description": "FIPSEnabled indicates whether FIPS-compliant cryptography is enforced.\n", + "type": "boolean" + }, + "forensic": { + "$ref": "#/components/schemas/shared.ForensicSettings" + }, + "hasAdmin": { + "description": "HasAdmin indicates whether the admin account is initialized.\n", + "type": "boolean" + }, + "hostAutoDeploy": { + "$ref": "#/components/schemas/shared.HostAutoDeploySpecifications" + }, + "hpkp": { + "$ref": "#/components/schemas/types.HPKPSettings" + }, + "identitySettings": { + "$ref": "#/components/schemas/identity.Settings" + }, + "ldapEnabled": { + "description": "LdapEnabled indicates whether ldap is enabled.\n", + "type": "boolean" + }, + "licenseKey": { + "description": "LicenseKey is the license key.\n", + "type": "string" + }, + "logging": { + "$ref": "#/components/schemas/shared.LoggingSettings" + }, + "logon": { + "$ref": "#/components/schemas/types.LogonSettings" + }, + "oauthEnabled": { + "description": "OauthEnabled indicates whether Oauth is enabled.\n", + "type": "boolean" + }, + "oidcEnabled": { + "description": "OidcEnabled indicates whether OpenID connect is enabled.\n", + "type": "boolean" + }, + "projects": { + "$ref": "#/components/schemas/api.ProjectSettings" + }, + "proxy": { + "$ref": "#/components/schemas/common.ProxySettings" + }, + "registry": { + "$ref": "#/components/schemas/shared.RegistrySettings" + }, + "runtimeSecretScrubbingSettings": { + "$ref": "#/components/schemas/shared.RuntimeSecretScrubbingSettings" + }, + "samlEnabled": { + "description": "SamlEnabled indicates whether saml is enabled.\n", + "type": "boolean" + }, + "scan": { + "$ref": "#/components/schemas/shared.ScanSettings" + }, + "secretsStores": { + "$ref": "#/components/schemas/shared.SecretsStores" + }, + "securedConsolePort": { + "description": "MgmtPortHTTPS is the Console HTTPS port.\n", + "type": "integer" + }, + "serverlessAutoDeploy": { + "$ref": "#/components/schemas/shared.ServerlessAutoDeploySpecifications" + }, + "tasDroplets": { + "description": "TASDropletsSpecification is the TAS droplets scanning settings.\n", + "items": { + "$ref": "#/components/schemas/shared.TASDropletSpecification" + }, + "type": "array" + }, + "telemetry": { + "$ref": "#/components/schemas/types.TelemetrySettings" + }, + "token": { + "description": "Token is the token used to access intelligence service.\n", + "type": "string" + }, + "trustedCerts": { + "description": "TrustedCerts is the list of trusted cert to allow in docker access scenarios.\n", + "items": { + "$ref": "#/components/schemas/shared.TrustedCertSignature" + }, + "type": "array" + }, + "trustedCertsEnabled": { + "description": "TrustedCertsEnabled indicates whether to enable the trusted certificate feature.\n", + "type": "boolean" + }, + "uploadDisabled": { + "description": "UploadDisabled indicates whether logs uploading is disabled.\n", + "type": "boolean" + }, + "version": { + "description": "Version is the current console version.\n", + "type": "string" + }, + "vms": { + "$ref": "#/components/schemas/shared.VMSpecifications" + }, + "webAppsDiscoverySettings": { + "$ref": "#/components/schemas/waas.WebAppsDiscoverySettings" + }, + "wildFireSettings": { + "$ref": "#/components/schemas/shared.WildFireSettings" + }, + "windowsFeedEnabled": { + "description": "WindowsFeedEnabled indicates whether windows feed is enabled.\n", + "type": "boolean" + } + }, + "type": "object" + }, + "types.Stats": { + "description": "Stats represents the status model that is stored in the DB", + "properties": { + "AgentlessAppFirewall": { + "$ref": "#/components/schemas/types.AppFirewallStats" + }, + "_id": { + "description": "ID is the metric type.\n", + "type": "string" + }, + "access": { + "$ref": "#/components/schemas/types.AccessStats" + }, + "appEmbeddedAppFirewall": { + "$ref": "#/components/schemas/types.AppFirewallStats" + }, + "container": { + "$ref": "#/components/schemas/types.RuntimeStats" + }, + "containerAppFirewall": { + "$ref": "#/components/schemas/types.AppFirewallStats" + }, + "containerNetworkFirewall": { + "$ref": "#/components/schemas/types.NetworkFirewallStats" + }, + "host": { + "$ref": "#/components/schemas/types.RuntimeStats" + }, + "hostAppFirewall": { + "$ref": "#/components/schemas/types.AppFirewallStats" + }, + "hostComplianceCount": { + "description": "HostComplianceCount is the host compliance count.\n", + "type": "integer" + }, + "hostNetworkFirewall": { + "$ref": "#/components/schemas/types.NetworkFirewallStats" + }, + "incidentsCount": { + "description": "IncidentsCount is the incidents count.\n", + "type": "integer" + }, + "serverless": { + "$ref": "#/components/schemas/types.RuntimeStats" + }, + "serverlessAppFirewall": { + "$ref": "#/components/schemas/types.AppFirewallStats" + }, + "time": { + "description": "UnixTimestamp is the unix timestamp.\n", + "format": "int64", + "type": "integer" + }, + "vulnerabilities": { + "$ref": "#/components/schemas/types.VulnerabilitiesStats" + } + }, + "type": "object" + }, + "types.Status": { + "description": "Status stores the status of a specific defender or for global features such as intelligence or LDAP", + "properties": { + "_id": { + "description": "ID is the defender identifier if the status is per defender or the type for global statuses.\n", + "type": "string" + }, + "appFirewall": { + "$ref": "#/components/schemas/defender.FeatureStatus" + }, + "container": { + "$ref": "#/components/schemas/defender.ScanStatus" + }, + "containerNetworkFirewall": { + "$ref": "#/components/schemas/defender.FeatureStatus" + }, + "features": { + "$ref": "#/components/schemas/defender.FeatureStatus" + }, + "filesystem": { + "$ref": "#/components/schemas/defender.FeatureStatus" + }, + "hostAutoDeploy": { + "$ref": "#/components/schemas/types.HostAutoDeployStatus" + }, + "hostCustomCompliance": { + "$ref": "#/components/schemas/defender.FeatureStatus" + }, + "hostNetworkFirewall": { + "$ref": "#/components/schemas/defender.FeatureStatus" + }, + "image": { + "$ref": "#/components/schemas/defender.ScanStatus" + }, + "intelligence": { + "$ref": "#/components/schemas/types.IntelligenceStatus" + }, + "lastModified": { + "description": "Datetime the status was last modified.\n", + "format": "date-time", + "type": "string" + }, + "network": { + "$ref": "#/components/schemas/defender.FeatureStatus" + }, + "outOfBandAppFirewall": { + "$ref": "#/components/schemas/defender.FeatureStatus" + }, + "process": { + "$ref": "#/components/schemas/defender.FeatureStatus" + }, + "runc": { + "$ref": "#/components/schemas/defender.FeatureStatus" + }, + "runtime": { + "$ref": "#/components/schemas/defender.FeatureStatus" + }, + "secrets": { + "$ref": "#/components/schemas/types.SecretsStatus" + }, + "serverlessAutoDeploy": { + "$ref": "#/components/schemas/types.ServerlessAutoDeployStatus" + }, + "serverlessRadar": { + "$ref": "#/components/schemas/types.ServerlessRadarStatus" + }, + "tasDroplets": { + "$ref": "#/components/schemas/defender.ScanStatus" + }, + "type": { + "$ref": "#/components/schemas/types.StatusType" + }, + "upgrade": { + "$ref": "#/components/schemas/defender.UpgradeStatus" + } + }, + "type": "object" + }, + "types.StatusType": { + "description": "StatusType holds the status of a given flow (defender/intelligence/etc...)\nTODO: Use type in shared.Status object", + "enum": [ + [ + "intelligence", + "secrets", + "serverlessRadar", + "serverlessAutoDeploy", + "hostAutoDeploy" + ] + ], + "type": "string" + }, + "types.TelemetrySettings": { + "description": "TelemetrySettings is the telemetry settings", + "properties": { + "enabled": { + "description": "Enabled determines whether the telemetry settings are enabled.\n", + "type": "boolean" + } + }, + "type": "object" + }, + "types.Trends": { + "description": "Trends contains data on global trends in the system", + "properties": { + "complianceTrend": { + "description": "ComplianceTrend represents the compliance trend.\n", + "items": { + "$ref": "#/components/schemas/types.ComplianceDailyStats" + }, + "type": "array" + }, + "defendersSummary": { + "additionalProperties": { + "$ref": "#/components/schemas/int" + }, + "description": "DefendersSummary represents the defenders count of each category.\n", + "type": "object" + }, + "vulnerabilitySummary": { + "$ref": "#/components/schemas/types.VulnerabilitySummary" + } + }, + "type": "object" + }, + "types.UserCollection": { + "description": "UserCollection holds general collection properties that are accessible to all users", + "properties": { + "color": { + "$ref": "#/components/schemas/common.Color" + }, + "name": { + "description": "Unique name associated with this collection.\n", + "type": "string" + } + }, + "type": "object" + }, + "types.UserPassword": { + "description": "UserPassword represents a new user password", + "properties": { + "newPassword": { + "description": "New password to assign to the user who is invoking the API.\n", + "type": "string" + }, + "oldPassword": { + "description": "User's existing password to replace.\n", + "type": "string" + } + }, + "type": "object" + }, + "types.UserPreferences": { + "description": "UserPreferences are the user global project reference that are persistent between versions", + "properties": { + "_id": { + "description": "User is the user name.\n", + "type": "string" + }, + "hideGuidedTour": { + "description": "HideGuidedTour indicates that guided tour should be hidden.\n", + "type": "boolean" + }, + "hideProjectDialog": { + "description": "HideProjectsDialog indicates the initial project selection dialog should be hidden.\n", + "type": "boolean" + }, + "waasRulesNotificationDismissed": { + "description": "WaasRulesNotificationDismiss indicates the time the user dismissed the waas added rules top bar.\n", + "format": "int64", + "type": "integer" + } + }, + "type": "object" + }, + "types.UserProject": { + "description": "UserProject holds general project properties that are accessible to all users", + "properties": { + "_id": { + "description": "ID is the project id.\n", + "type": "string" + }, + "address": { + "description": "Address is project address.\n", + "type": "string" + }, + "connected": { + "description": "Connected indicates if the project is currently disconnected due to an error.\n", + "type": "boolean" + }, + "creationTime": { + "description": "CreationTime is the project creation time.\n", + "format": "date-time", + "type": "string" + } + }, + "type": "object" + }, + "types.VulnImpactedResources": { + "description": "VulnImpactedResources holds details about the resources impacted by vulnerability", + "properties": { + "_id": { + "description": "ID is the CVE ID (index for the impacted resources).\n", + "type": "string" + }, + "codeRepos": { + "description": "CodeRepos is a list of impacted code repositories.\n", + "items": { + "$ref": "#/components/schemas/types.ImpactedResourceDetails" + }, + "type": "array" + }, + "codeReposCount": { + "description": "CodeReposCount is the total impacted code repositories count.\n", + "type": "integer" + }, + "functions": { + "description": "Functions is a map between function id to its details.\n", + "items": { + "$ref": "#/components/schemas/types.ImpactedResourceDetails" + }, + "type": "array" + }, + "functionsCount": { + "description": "FunctionsCount is the total impacted functions count.\n", + "type": "integer" + }, + "hosts": { + "description": "Hosts is the list of impacted hosts.\n", + "items": { + "$ref": "#/components/schemas/types.ImpactedResourceDetails" + }, + "type": "array" + }, + "hostsCount": { + "description": "HostsCount is the total impacted hosts count.\n", + "type": "integer" + }, + "images": { + "description": "Images is the list of impacted hosts.\n", + "items": { + "$ref": "#/components/schemas/types.ImpactedResourceDetails" + }, + "type": "array" + }, + "imagesCount": { + "description": "ImagesCount is the total impacted images count.\n", + "type": "integer" + }, + "registryImages": { + "description": "RegistryImages is a list of impacted registry images.\n", + "items": { + "$ref": "#/components/schemas/types.ImpactedResourceDetails" + }, + "type": "array" + }, + "registryImagesCount": { + "description": "RegistryImagesCount is the total impacted registry images count.\n", + "type": "integer" + } + }, + "type": "object" + }, + "types.VulnerabilitiesStats": { + "description": "VulnerabilitiesStats are measures the total number of vulnerabilities in a specific images", + "properties": { + "containerCompliance": { + "description": "ContainerCompliance is the sum of all compliance issues for all running containers.\n", + "type": "integer" + }, + "imageCompliance": { + "description": "ImageCompliance is the sum of all compliance issues of all running images.\n", + "type": "integer" + }, + "imageCve": { + "description": "ImageCVE is the sum of cve vulnerabilities of all running images.\n", + "type": "integer" + } + }, + "type": "object" + }, + "types.VulnerabilityInfo": { + "description": "VulnerabilityInfo holds information about vulnerability used for VulnerabilityExplorer", + "properties": { + "cve": { + "description": "CVE ID.\n", + "type": "string" + }, + "description": { + "description": "Vulnerability description.\n", + "type": "string" + }, + "exploits": { + "$ref": "#/components/schemas/vuln.Exploits" + }, + "highestCVSS": { + "description": "HighestCVSS is the highest CVSS score of the vulnerability.\n", + "format": "float", + "type": "number" + }, + "highestRiskFactors": { + "$ref": "#/components/schemas/types.RiskScoreFactors" + }, + "highestSeverity": { + "description": "HighestSeverity is the highest severity of the vulnerability.\n", + "type": "string" + }, + "impactedPkgs": { + "description": "Packages impacted by the vulnerability.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "impactedResourceType": { + "$ref": "#/components/schemas/vuln.ResourceType" + }, + "impactedResourcesCnt": { + "description": "Number of resources impacted by this vulnerability.\n", + "type": "integer" + }, + "link": { + "description": "Link to CVE.\n", + "type": "string" + }, + "riskFactors": { + "$ref": "#/components/schemas/vuln.RiskFactors" + }, + "riskScore": { + "description": "Risk score.\n", + "format": "float", + "type": "number" + }, + "status": { + "description": "CVE status.\n", + "type": "string" + } + }, + "type": "object" + }, + "types.VulnerabilityStats": { + "description": "VulnerabilityStats holds statistics about vulnerabilities issues", + "properties": { + "_id": { + "description": "ID of the vulnerability stats.\n", + "type": "string" + }, + "codeRepos": { + "$ref": "#/components/schemas/types.ResourceVulnerabilityStats" + }, + "containers": { + "$ref": "#/components/schemas/types.ResourceVulnerabilityStats" + }, + "functions": { + "$ref": "#/components/schemas/types.ResourceVulnerabilityStats" + }, + "hosts": { + "$ref": "#/components/schemas/types.ResourceVulnerabilityStats" + }, + "images": { + "$ref": "#/components/schemas/types.ResourceVulnerabilityStats" + }, + "modified": { + "description": "Date/time when the entity was modified.\n", + "format": "date-time", + "type": "string" + }, + "registryImages": { + "$ref": "#/components/schemas/types.ResourceVulnerabilityStats" + } + }, + "type": "object" + }, + "types.VulnerabilitySummary": { + "description": "VulnerabilitySummary represents the stats of each impacted entity", + "properties": { + "containers": { + "$ref": "#/components/schemas/vuln.Distribution" + }, + "functions": { + "$ref": "#/components/schemas/vuln.Distribution" + }, + "hosts": { + "$ref": "#/components/schemas/vuln.Distribution" + }, + "images": { + "$ref": "#/components/schemas/vuln.Distribution" + }, + "registryImages": { + "$ref": "#/components/schemas/vuln.Distribution" + } + }, + "type": "object" + }, + "types.XSOARAlerts": { + "description": "XSOARAlerts is a list of XSOAR alerts", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "uint32": { + "type": "integer" + }, + "uint64": { + "type": "integer" + }, + "uint8": { + "type": "integer" + }, + "vuln.AllCompliance": { + "description": "AllCompliance contains data regarding passed compliance checks", + "properties": { + "compliance": { + "description": "Compliance are all the passed compliance checks.\n", + "items": { + "$ref": "#/components/schemas/vuln.Vulnerability" + }, + "type": "array" + }, + "enabled": { + "description": "Enabled indicates whether passed compliance checks is enabled by policy.\n", + "type": "boolean" + } + }, + "type": "object" + }, + "vuln.Application": { + "description": "Application represents a detected application", + "properties": { + "installedFromPackage": { + "description": "Indicates that the app was installed as an OS package.\n", + "type": "boolean" + }, + "knownVulnerabilities": { + "description": "Total number of vulnerabilities for this application.\n", + "type": "integer" + }, + "layerTime": { + "description": "Image layer to which the application belongs - layer creation time.\n", + "format": "int64", + "type": "integer" + }, + "name": { + "description": "Name of the application.\n", + "type": "string" + }, + "path": { + "description": "Path of the detected application.\n", + "type": "string" + }, + "service": { + "description": "Service indicates whether the application is installed as a service.\n", + "type": "boolean" + }, + "version": { + "description": "Version of the application.\n", + "type": "string" + } + }, + "type": "object" + }, + "vuln.ComplianceCategory": { + "description": "ComplianceCategory represents the compliance category", + "enum": [ + [ + "Docker", + "Docker (DISA STIG)", + "Twistlock Labs", + "Custom", + "Istio", + "Linux", + "Kubernetes", + "CRI", + "OpenShift", + "Application Control", + "Prisma Cloud Labs" + ] + ], + "type": "string" + }, + "vuln.ComplianceTemplate": { + "description": "ComplianceTemplate represents the compliance template", + "enum": [ + [ + "PCI", + "HIPAA", + "NIST SP 800-190", + "GDPR", + "DISA STIG" + ] + ], + "type": "string" + }, + "vuln.Condition": { + "description": "Condition are extended options for vulnerability assessment in authorization flows", + "properties": { + "block": { + "description": "Specifies the effect. If true, the effect is block.\n", + "type": "boolean" + }, + "id": { + "description": "Vulnerability ID.\n", + "type": "integer" + } + }, + "type": "object" + }, + "vuln.Conditions": { + "description": "Conditions represents a list of CVE rules (used to determine whether a CVE applies to a given package)", + "items": { + "$ref": "#/components/schemas/vuln.Rules" + }, + "type": "array" + }, + "vuln.CustomVulnerabilities": { + "description": "CustomVulnerabilities is a collection of custom vulnerabilities\nTBD: this storage usage is not best practice, should be migrate to a 1 document per vulnerability", + "properties": { + "_id": { + "description": "ID is the custom vulnerabilities feed ID.\n", + "type": "string" + }, + "digest": { + "description": "Digest is the internal custom vulnerabilities feed digest.\n", + "type": "string" + }, + "rules": { + "description": "Rules is the list of custom vulnerabilities rules.\n", + "items": { + "$ref": "#/components/schemas/vuln.CustomVulnerability" + }, + "type": "array" + } + }, + "type": "object" + }, + "vuln.CustomVulnerability": { + "description": "CustomVulnerability is a user customized vulnerability", + "properties": { + "_id": { + "description": ".\n", + "type": "string" + }, + "maxVersionInclusive": { + "description": ".\n", + "type": "string" + }, + "md5": { + "description": ".\n", + "type": "string" + }, + "minVersionInclusive": { + "description": ".\n", + "type": "string" + }, + "name": { + "description": ".\n", + "type": "string" + }, + "package": { + "description": ".\n", + "type": "string" + }, + "type": { + "$ref": "#/components/schemas/vuln.PackageType" + } + }, + "type": "object" + }, + "vuln.Distribution": { + "description": "Distribution counts the number of vulnerabilities per type", + "properties": { + "critical": { + "description": ".\n", + "type": "integer" + }, + "high": { + "description": ".\n", + "type": "integer" + }, + "low": { + "description": ".\n", + "type": "integer" + }, + "medium": { + "description": ".\n", + "type": "integer" + }, + "total": { + "description": ".\n", + "type": "integer" + } + }, + "type": "object" + }, + "vuln.Effect": { + "description": "Effect specifies relevant action for a vulnerability", + "enum": [ + [ + "ignore", + "alert", + "block" + ] + ], + "type": "string" + }, + "vuln.ExpirationDate": { + "description": "ExpirationDate is the vulnerability expiration date", + "properties": { + "date": { + "description": "Date is the vulnerability expiration date.\n", + "format": "date-time", + "type": "string" + }, + "enabled": { + "description": "Enabled indicates that the grace period is enabled.\n", + "type": "boolean" + } + }, + "type": "object" + }, + "vuln.ExploitData": { + "description": "ExploitData holds information about an exploit", + "properties": { + "kind": { + "$ref": "#/components/schemas/vuln.ExploitKind" + }, + "link": { + "description": "Link is a link to information about the exploit.\n", + "type": "string" + }, + "source": { + "$ref": "#/components/schemas/vuln.ExploitType" + } + }, + "type": "object" + }, + "vuln.ExploitKind": { + "description": "ExploitKind represents the kind of the exploit", + "enum": [ + [ + "poc", + "in-the-wild" + ] + ], + "type": "string" + }, + "vuln.ExploitType": { + "description": "ExploitType represents the source of an exploit", + "enum": [ + [ + "", + "exploit-db", + "exploit-windows", + "cisa-kev" + ] + ], + "type": "string" + }, + "vuln.Exploits": { + "description": "Exploits represents the exploits data found for a CVE", + "items": { + "$ref": "#/components/schemas/vuln.ExploitData" + }, + "type": "array" + }, + "vuln.PackageType": { + "description": "PackageType describes the package type", + "enum": [ + [ + "nodejs", + "gem", + "python", + "jar", + "package", + "windows", + "binary", + "nuget", + "go", + "unknown" + ] + ], + "type": "string" + }, + "vuln.RHELCpeHashes": { + "description": "RHELCpeHashes represent the CPE hashes associated with a given Red Hat repository", + "items": { + "$ref": "#/components/schemas/uint32" + }, + "type": "array" + }, + "vuln.ResourceType": { + "description": "ResourceType represents the resource type", + "enum": [ + [ + "container", + "image", + "host", + "istio", + "vm", + "function", + "codeRepo", + "registryImage" + ] + ], + "type": "string" + }, + "vuln.RiskFactor": { + "description": "RiskFactor represents a vulnerability risk factor, used in determining a vulnerability risk score", + "enum": [ + [ + "Critical severity", + "High severity", + "Medium severity", + "Has fix", + "Remote execution", + "DoS - Low", + "DoS - High", + "Recent vulnerability", + "Exploit exists - in the wild", + "Exploit exists - POC", + "Attack complexity: low", + "Attack vector: network", + "Reachable from the internet", + "Listening ports", + "Container is running as root", + "No mandatory security profile applied", + "Running as privileged container", + "Package in use", + "Sensitive information", + "Root mount", + "Runtime socket", + "Host access" + ] + ], + "type": "string" + }, + "vuln.RiskFactors": { + "additionalProperties": { + "$ref": "#/components/schemas/string" + }, + "description": "RiskFactors maps the existence of vulnerability risk factors", + "type": "object" + }, + "vuln.Rules": { + "description": "Rules represents a list of CVE assessment rules (used to determine whether a CVE applies to a given package)", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "vuln.TagInfo": { + "description": "TagInfo is the tag info in a specific vulnerability context", + "properties": { + "color": { + "$ref": "#/components/schemas/common.Color" + }, + "comment": { + "description": "Tag comment in a specific vulnerability context.\n", + "type": "string" + }, + "name": { + "description": "Name of the tag.\n", + "type": "string" + } + }, + "type": "object" + }, + "vuln.TagType": { + "description": "TagType specifies the resource type for tagging where the vulnerability is found. Use the wildcard `*` to apply the tag to all the resource types where the vulnerability is found", + "enum": [ + [ + "image", + "host", + "function", + "codeRepo", + "" + ] + ], + "type": "string" + }, + "vuln.Type": { + "description": "Type represents the vulnerability type", + "enum": [ + [ + "container", + "image", + "host_config", + "daemon_config", + "daemon_config_files", + "security_operations", + "k8s_master", + "k8s_worker", + "k8s_federation", + "linux", + "windows", + "istio", + "serverless", + "custom", + "docker_stig", + "openshift_master", + "openshift_worker", + "application_control_linux", + "image_malware", + "host_malware" + ] + ], + "type": "string" + }, + "vuln.Vulnerability": { + "description": "Vulnerability is a general schema for vulnerabilities (e.g., for compliance or packages)", + "properties": { + "applicableRules": { + "description": "Rules applied on the package.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "binaryPkgs": { + "description": "Names of the distro binary package names (packages which are built from the source of the package).\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "block": { + "description": "Indicates if the vulnerability has a block effect (true) or not (false).\n", + "type": "boolean" + }, + "cause": { + "description": "Additional information regarding the root cause for the vulnerability.\n", + "type": "string" + }, + "cri": { + "description": "Indicates if this is a CRI-specific vulnerability (true) or not (false).\n", + "type": "boolean" + }, + "custom": { + "description": "Indicates if the vulnerability is a custom vulnerability (e.g., openscap, sandbox) (true) or not (false).\n", + "type": "boolean" + }, + "cve": { + "description": "CVE ID of the vulnerability (if applied).\n", + "type": "string" + }, + "cvss": { + "description": "CVSS score of the vulnerability.\n", + "format": "float", + "type": "number" + }, + "description": { + "description": "Description of the vulnerability.\n", + "type": "string" + }, + "discovered": { + "description": "Specifies the time of discovery for the vulnerability.\n", + "format": "date-time", + "type": "string" + }, + "exploit": { + "$ref": "#/components/schemas/vuln.ExploitType" + }, + "exploits": { + "$ref": "#/components/schemas/vuln.Exploits" + }, + "fixDate": { + "description": "Date/time when the vulnerability was fixed (in Unix time).\n", + "format": "int64", + "type": "integer" + }, + "fixLink": { + "description": "Link to the vendor's fixed-version information.\n", + "type": "string" + }, + "functionLayer": { + "description": "Specifies the serverless layer ID in which the vulnerability was discovered.\n", + "type": "string" + }, + "gracePeriodDays": { + "description": "Number of grace days left for a vulnerability, based on the configured grace period. Nil if no block vulnerability rule applies.\n", + "type": "integer" + }, + "id": { + "description": "ID of the violation.\n", + "type": "integer" + }, + "layerTime": { + "description": "Date/time of the image layer to which the CVE belongs.\n", + "format": "int64", + "type": "integer" + }, + "link": { + "description": "Vendor link to the CVE.\n", + "type": "string" + }, + "packageName": { + "description": "Name of the package that caused the vulnerability.\n", + "type": "string" + }, + "packageVersion": { + "description": "Version of the package that caused the vulnerability (or null).\n", + "type": "string" + }, + "published": { + "description": "Date/time when the vulnerability was published (in Unix time).\n", + "format": "int64", + "type": "integer" + }, + "riskFactors": { + "$ref": "#/components/schemas/vuln.RiskFactors" + }, + "severity": { + "description": "Textual representation of the vulnerability's severity.\n", + "type": "string" + }, + "status": { + "description": "Vendor status for the vulnerability.\n", + "type": "string" + }, + "templates": { + "description": "List of templates with which the vulnerability is associated.\n", + "items": { + "$ref": "#/components/schemas/vuln.ComplianceTemplate" + }, + "type": "array" + }, + "text": { + "description": "Description of the violation.\n", + "type": "string" + }, + "title": { + "description": "Compliance title.\n", + "type": "string" + }, + "twistlock": { + "description": "Indicates if this is a Twistlock-specific vulnerability (true) or not (false).\n", + "type": "boolean" + }, + "type": { + "$ref": "#/components/schemas/vuln.Type" + }, + "vecStr": { + "description": "Textual representation of the metric values used to score the vulnerability.\n", + "type": "string" + }, + "vulnTagInfos": { + "description": "Tag information for the vulnerability.\n", + "items": { + "$ref": "#/components/schemas/vuln.TagInfo" + }, + "type": "array" + }, + "wildfireMalware": { + "$ref": "#/components/schemas/vuln.WildFireMalware" + } + }, + "type": "object" + }, + "vuln.WildFireMalware": { + "description": "WildFireMalware holds the data for WildFire malicious MD5", + "properties": { + "md5": { + "description": "MD5 is the hash of the malicious binary.\n", + "type": "string" + }, + "path": { + "description": "Path is the path to malicious binary.\n", + "type": "string" + }, + "verdict": { + "description": "Verdict is the malicious source like grayware, malware and phishing.\n", + "type": "string" + } + }, + "type": "object" + }, + "waas.APIChangeDetails": { + "description": "APIChangeDetails contains the details of the API change", + "properties": { + "changeType": { + "$ref": "#/components/schemas/waas.APIChangesType" + }, + "date": { + "description": "Date is the change date.\n", + "format": "date-time", + "type": "string" + }, + "value": { + "description": "Value the value of the change - if applicable.\n", + "type": "string" + } + }, + "type": "object" + }, + "waas.APIChangesType": { + "description": "APIChangesType is used to represent the supported API changes types", + "type": "integer" + }, + "waas.APIProtectionStatus": { + "enum": [ + [ + "unprotected", + "monitored", + "protected" + ] + ], + "type": "string" + }, + "waas.APIRequest": { + "description": "APIRequest represents a single API request and its data", + "properties": { + "bodySchema": { + "$ref": "#/components/schemas/waas.BodySchema" + }, + "bodySchemaDiffExceededLimit": { + "description": "BodySchemaDiffExceededLimit is the date that the request body schema exceeded the size limit for finding body schema changes.\n", + "format": "date-time", + "type": "string" + }, + "clientTypes": { + "description": "ClientTypes are the client types used to access this path.\n", + "items": { + "$ref": "#/components/schemas/waas.ClientType" + }, + "type": "array" + }, + "contentType": { + "description": "ContentType is the request content type.\n", + "type": "string" + }, + "firstSeen": { + "description": "FirstSeen is the date when this path was first seen.\n", + "format": "date-time", + "type": "string" + }, + "hits": { + "description": "Hits are amount of hits on this path.\n", + "type": "integer" + }, + "lastChanged": { + "description": "LastChanged is the date when this path was last changed.\n", + "format": "date-time", + "type": "string" + }, + "lastSeen": { + "description": "LastSeen is the date when this path was last seen.\n", + "format": "date-time", + "type": "string" + }, + "method": { + "description": "Method is the HTTP method of the API request.\n", + "type": "string" + }, + "owaspAPIAttacks": { + "description": "OWASPAPIAttacks are the OWASP API Top10 attacks that were found on the API.\n", + "items": { + "$ref": "#/components/schemas/waas.OWASPAPITop10" + }, + "type": "array" + }, + "path": { + "description": "Path is the path of the API request.\n", + "type": "string" + }, + "protected": { + "description": "Protected indicates that the method+path are protected by WAAS API Protection.\n", + "type": "boolean" + }, + "public": { + "description": "Public indicates this path may be accessed from the internet.\n", + "type": "boolean" + }, + "queryParameters": { + "description": "QueryParameters are the query parameters of the API request.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "requestSizeDistribution": { + "$ref": "#/components/schemas/waas.SizeRangeDistribution" + }, + "requestSizeTotal": { + "description": "RequestSizeTotal is the total request body size.\n", + "type": "integer" + }, + "requiresAuthentication": { + "description": "RequiresAuthentication indicated this path requires authentication to access.\n", + "type": "boolean" + }, + "responseContentType": { + "description": "ResponseContentType is the response content type.\n", + "type": "string" + }, + "responseSensitiveData": { + "description": "ResponseSensitiveData indicated this path may be used with sensitive data attached in response.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "responseSizeDistribution": { + "$ref": "#/components/schemas/waas.SizeRangeDistribution" + }, + "responseSizeTotal": { + "description": "ResponseSizeTotal is the total response body size.\n", + "type": "integer" + }, + "sensitiveData": { + "description": "RequestSensitiveData indicated this path may be used with sensitive data attached in request.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "servers": { + "description": "Servers are the destination servers (including port and schema) of the API request.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "sourceIP": { + "description": "SourceIP is the source IP of the API request.\n", + "type": "string" + }, + "statusCodeDistribution": { + "$ref": "#/components/schemas/waas.StatusCodeDistribution" + } + }, + "type": "object" + }, + "waas.APISpec": { + "description": "APISpec is an API specification", + "properties": { + "description": { + "description": "Description of the app.\n", + "type": "string" + }, + "effect": { + "$ref": "#/components/schemas/waas.Effect" + }, + "endpoints": { + "description": "The app's endpoints.\n", + "items": { + "$ref": "#/components/schemas/waas.Endpoint" + }, + "type": "array" + }, + "fallbackEffect": { + "$ref": "#/components/schemas/waas.Effect" + }, + "paths": { + "description": "Paths of the API's endpoints.\n", + "items": { + "$ref": "#/components/schemas/waas.Path" + }, + "type": "array" + }, + "queryParamFallbackEffect": { + "$ref": "#/components/schemas/waas.Effect" + } + }, + "type": "object" + }, + "waas.APIStats": { + "description": "APIStats contains the API stats that occurred since the last stats dump", + "properties": { + "actionCounts": { + "$ref": "#/components/schemas/waas.ActionStats" + }, + "attackTypeStats": { + "$ref": "#/components/schemas/waas.AttackTypeStats" + }, + "blockedRequests": { + "description": "BlockedRequests is the number of blocked requests since last dump.\n", + "type": "integer" + }, + "forwardedRequests": { + "description": "ForwardedRequests is the number of forwarded requests since last dump.\n", + "type": "integer" + }, + "geoData": { + "$ref": "#/components/schemas/waas.GeoData" + }, + "inspectedBodyBytes": { + "description": "InspectedBodyBytes are the total request and response inspected body bytes.\n", + "type": "integer" + }, + "inspectionLimitExceeded": { + "description": "InspectionLimitExceeded is the total number of requests in which the body size exceeds inspection limit.\n", + "type": "integer" + }, + "interstitialPages": { + "description": "InterstitialPages is the number of interstitial pages served.\n", + "type": "integer" + }, + "lastErrs": { + "description": "LastErrs is the last errors that occurred, storing up to 20 errors.\n", + "items": { + "$ref": "#/components/schemas/waas.ReqErrorCtx" + }, + "type": "array" + }, + "maxRequestInspectionDuration": { + "description": "MaxRequestInspectionDuration is the maximum request inspection duration (time spent in waas until request was forwarded).\n", + "format": "int64", + "type": "integer" + }, + "maxResponseSizeBytes": { + "description": "MaxResponseSizeBytes contains the max response size.\n", + "type": "integer" + }, + "parsingErrs": { + "description": "ParsingErrs is a counter of the parsing errors that occurred.\n", + "type": "integer" + }, + "reCAPTCHAs": { + "description": "ReCAPTCHAs is the number of reCAPTCHA pages served.\n", + "type": "integer" + }, + "responseCodeStats": { + "$ref": "#/components/schemas/waas.ResponseCodeStats" + }, + "totalErrs": { + "description": "TotalErrs is a counter of the errors that occurred.\n", + "type": "integer" + }, + "totalForwardedRequestsDuration": { + "description": "TotalForwardedRequestsDuration is the total request duration for forwarded requests.\n", + "format": "int64", + "type": "integer" + }, + "totalRequestInspectionDuration": { + "description": "TotalRequestInspectionDuration is the total request inspection duration (time spent in waas until request was forwarded).\n", + "format": "int64", + "type": "integer" + }, + "totalRequests": { + "description": "TotalRequests is the number of incoming requests since last dump.\n", + "type": "integer" + }, + "totalResponseSizeBytes": { + "description": "TotalResponsesSizeBytes is the total APIs response size.\n", + "type": "integer" + }, + "totalTimeouts": { + "description": "TotalTimeouts is the number of timed out responses.\n", + "type": "integer" + } + }, + "type": "object" + }, + "waas.AccessControls": { + "description": "AccessControls contains the access controls config (e.g., denied/allowed sources)", + "properties": { + "alert": { + "description": "Alert are the denied sources for which we alert.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "allow": { + "description": "Allow are the allowed sources for which we don't alert or prevent.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "allowMode": { + "description": "AllowMode indicates allowlist (true) or denylist (false) mode.\n", + "type": "boolean" + }, + "enabled": { + "description": "Enabled indicates if access controls protection is enabled.\n", + "type": "boolean" + }, + "fallbackEffect": { + "$ref": "#/components/schemas/waas.Effect" + }, + "prevent": { + "description": "Prevent are the denied sources.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + "type": "object" + }, + "waas.ActionStats": { + "description": "ActionStats contains the WAAS action stats", + "properties": { + "alert": { + "description": "Alerts is the number of Alert actions.\n", + "type": "integer" + }, + "ban": { + "description": "Bans is the number of Ban actions.\n", + "type": "integer" + }, + "prevent": { + "description": "Prevents is the number of Prevent actions.\n", + "type": "integer" + }, + "reCAPTCHA": { + "description": "ReCAPTCHAs is the number of reCAPTCHA actions.\n", + "type": "integer" + } + }, + "type": "object" + }, + "waas.AgentlessPolicyState": { + "description": "AgentlessPolicyState is the state of the agentless policy", + "properties": { + "deletedRules": { + "description": "DeletedRules are rules that were deleted but their VPC deployments have not been terminated.\n", + "items": { + "$ref": "#/components/schemas/waas.Rule" + }, + "type": "array" + }, + "states": { + "description": "States are the VPC configuration states.\n", + "items": { + "$ref": "#/components/schemas/waas.VPCConfigState" + }, + "type": "array" + } + }, + "type": "object" + }, + "waas.AppProtectionStats": { + "description": "AppProtectionStats contains the app protection status statistics", + "properties": { + "protected": { + "description": "Protected indicates the amount of protected WAAS app entities (containers/hosts).\n", + "type": "integer" + }, + "unprotected": { + "description": "Unprotected indicates the amount of unprotected WAAS app entities (containers/hosts).\n", + "type": "integer" + } + }, + "type": "object" + }, + "waas.AppStats": { + "description": "AppStats contains the WAAS app policy statistics", + "properties": { + "accessControl": { + "description": "AccessControl is the total amount of apps with Access Control policy.\n", + "type": "integer" + }, + "bot": { + "description": "Bot is the total amount of apps with Bot Protection policy.\n", + "type": "integer" + }, + "customRulesEnabled": { + "description": "CustomRulesEnabled is the total amount of apps with Custom Rules enabled.\n", + "type": "integer" + }, + "dos": { + "description": "DoS is the total amount of apps with DoS Protection policy.\n", + "type": "integer" + }, + "waf": { + "description": "WAF is the total amount of apps with WAF policy.\n", + "type": "integer" + } + }, + "type": "object" + }, + "waas.ApplicationSpec": { + "description": "ApplicationSpec is an application of a firewall instance", + "properties": { + "apiSpec": { + "$ref": "#/components/schemas/waas.APISpec" + }, + "appID": { + "description": "Unique ID for the app.\n", + "type": "string" + }, + "attackTools": { + "$ref": "#/components/schemas/waas.ProtectionConfig" + }, + "autoApplyPatchesSpec": { + "$ref": "#/components/schemas/waas.AutoApplyPatchesSpec" + }, + "banDurationMinutes": { + "description": "Ban duration, in minutes.\n", + "type": "integer" + }, + "body": { + "$ref": "#/components/schemas/waas.BodyConfig" + }, + "botProtectionSpec": { + "$ref": "#/components/schemas/waas.BotProtectionSpec" + }, + "certificate": { + "$ref": "#/components/schemas/common.Secret" + }, + "clickjackingEnabled": { + "description": "Indicates whether clickjacking protection is enabled (true) or not (false).\n", + "type": "boolean" + }, + "cmdi": { + "$ref": "#/components/schemas/waas.ProtectionConfig" + }, + "codeInjection": { + "$ref": "#/components/schemas/waas.ProtectionConfig" + }, + "csrfEnabled": { + "description": "Indicates whether Cross-Site Request Forgery (CSRF) protection is enabled (true) or not (false).\n", + "type": "boolean" + }, + "customBlockResponse": { + "$ref": "#/components/schemas/waas.CustomBlockResponseConfig" + }, + "customRules": { + "description": "List of custom runtime rules.\n", + "items": { + "$ref": "#/components/schemas/customrules.Ref" + }, + "type": "array" + }, + "disableEventIDHeader": { + "description": "Indicates if event ID header should be attached to the response or not.\n", + "type": "boolean" + }, + "dosConfig": { + "$ref": "#/components/schemas/waas.DoSConfig" + }, + "headerSpecs": { + "description": "Configuration for inspecting HTTP headers.\n", + "items": { + "$ref": "#/components/schemas/waas.HeaderSpec" + }, + "type": "array" + }, + "intelGathering": { + "$ref": "#/components/schemas/waas.IntelGatheringConfig" + }, + "lfi": { + "$ref": "#/components/schemas/waas.ProtectionConfig" + }, + "malformedReq": { + "$ref": "#/components/schemas/waas.ProtectionConfig" + }, + "maliciousUpload": { + "$ref": "#/components/schemas/waas.MaliciousUploadConfig" + }, + "networkControls": { + "$ref": "#/components/schemas/waas.NetworkControls" + }, + "remoteHostForwarding": { + "$ref": "#/components/schemas/waas.RemoteHostForwardingConfig" + }, + "responseHeaderSpecs": { + "description": "Configuration for modifying HTTP response headers.\n", + "items": { + "$ref": "#/components/schemas/waas.ResponseHeaderSpec" + }, + "type": "array" + }, + "sessionCookieBan": { + "description": "Indicates if bans in this app are made by session cookie ID (true) or false (not).\n", + "type": "boolean" + }, + "sessionCookieEnabled": { + "description": "Indicates if session cookies are enabled (true) or not (false).\n", + "type": "boolean" + }, + "sessionCookieSameSite": { + "$ref": "#/components/schemas/waas.SameSite" + }, + "sessionCookieSecure": { + "description": "Indicates the Secure attribute of the session cookie.\n", + "type": "boolean" + }, + "shellshock": { + "$ref": "#/components/schemas/waas.ProtectionConfig" + }, + "sqli": { + "$ref": "#/components/schemas/waas.ProtectionConfig" + }, + "tlsConfig": { + "$ref": "#/components/schemas/waas.TLSConfig" + }, + "xss": { + "$ref": "#/components/schemas/waas.ProtectionConfig" + } + }, + "type": "object" + }, + "waas.AttackType": { + "description": "AttackType is the type of the attack", + "enum": [ + [ + "xss", + "sqli", + "cmdi", + "lfi", + "codeInjection", + "deniedIP", + "deniedCountry", + "header", + "violationsExceeded", + "attackTools", + "shellshock", + "disallowedFile", + "malformedRequest", + "inspectionLimitExceeded", + "informationLeak", + "unexpectedAPI", + "dos", + "searchEngineCrawler", + "businessAnalyticsBot", + "educationalBot", + "newsBot", + "financialBot", + "contentFeedClient", + "archivingBot", + "careerSearchBot", + "mediaSearchBot", + "genericBot", + "webAutomationTool", + "webScraper", + "apiLibrary", + "httpLibrary", + "sessionValidation", + "javascriptTimeout", + "missingCookie", + "browserImpersonation", + "botImpersonation", + "requestAnomalies", + "userDefinedBot", + "recaptchaRequired", + "recaptchaVerificationFailed", + "customRule" + ] + ], + "type": "string" + }, + "waas.AttackTypeStats": { + "description": "AttackTypeStats are the WAAS attack type stats", + "properties": { + "accessControl": { + "description": "AccessControl is the count of access control attacks.\n", + "type": "integer" + }, + "apiProtection": { + "description": "APIProtection is the count of API Protection attacks.\n", + "type": "integer" + }, + "attackTools": { + "description": "AttackTools is the count of attack tool attacks.\n", + "type": "integer" + }, + "bots": { + "description": "Bots is the count of Bot attacks.\n", + "type": "integer" + }, + "cmdInjection": { + "description": "CMDInjection is the count of command injection attacks.\n", + "type": "integer" + }, + "codeInjection": { + "description": "CodeInjection is the count of code injection attacks.\n", + "type": "integer" + }, + "customRules": { + "description": "CustomRules is the count of attacks detected by custom rules.\n", + "type": "integer" + }, + "dos": { + "description": "DoS is the count of DoS attacks.\n", + "type": "integer" + }, + "lfi": { + "description": "LFI is the count of local file injection attacks.\n", + "type": "integer" + }, + "sqlInjection": { + "description": "SQLInjection is the count of SQL injection attacks.\n", + "type": "integer" + }, + "waf": { + "description": "WAF is the count of WAF protection attacks.\n", + "type": "integer" + }, + "xss": { + "description": "XSS is the count of XSS attacks.\n", + "type": "integer" + } + }, + "type": "object" + }, + "waas.AutoApplyPatchesSpec": { + "description": "AutoApplyPatchesSpec is the configuration for automation apply patches protection", + "properties": { + "effect": { + "$ref": "#/components/schemas/waas.Effect" + } + }, + "type": "object" + }, + "waas.BodyConfig": { + "description": "BodyConfig represents app configuration related to HTTP Body", + "properties": { + "inspectionLimitExceededEffect": { + "$ref": "#/components/schemas/waas.Effect" + }, + "inspectionSizeBytes": { + "description": "InspectionSizeBytes represents the max amount of data to inspect in request body.\n", + "type": "integer" + }, + "skip": { + "description": "Skip indicates that body inspection should be skipped.\n", + "type": "boolean" + } + }, + "type": "object" + }, + "waas.BodySchema": { + "description": "BodySchema is the request's body schema", + "properties": { + "contentType": { + "description": "ContentType is the content type the schema represents.\n", + "type": "string" + }, + "head": { + "$ref": "#/components/schemas/waas.BodySchemaNode" + } + }, + "type": "object" + }, + "waas.BodySchemaChildren": { + "additionalProperties": { + "$ref": "#/components/schemas/waas.BodySchemaNode" + }, + "description": "BodySchemaChildren represents a set of body schema children, uniquely identified by the body field's name", + "type": "object" + }, + "waas.BodySchemaNode": { + "description": "BodySchemaNode represents a single body schema node", + "properties": { + "children": { + "$ref": "#/components/schemas/waas.BodySchemaChildren" + }, + "name": { + "description": "Name is the body schema item name (key for json, tag name for xml).\n", + "type": "string" + }, + "type": { + "$ref": "#/components/schemas/waas.ParamType" + } + }, + "type": "object" + }, + "waas.BotProtectionSpec": { + "description": "BotProtectionSpec is the bot protections spec", + "properties": { + "interstitialPage": { + "description": "Indicates if an interstitial page is served (true) or not (false).\n", + "type": "boolean" + }, + "jsInjectionSpec": { + "$ref": "#/components/schemas/waas.JSInjectionSpec" + }, + "knownBotProtectionsSpec": { + "$ref": "#/components/schemas/waas.KnownBotProtectionsSpec" + }, + "reCAPTCHASpec": { + "$ref": "#/components/schemas/waas.ReCAPTCHASpec" + }, + "sessionValidation": { + "$ref": "#/components/schemas/waas.Effect" + }, + "unknownBotProtectionSpec": { + "$ref": "#/components/schemas/waas.UnknownBotProtectionSpec" + }, + "userDefinedBots": { + "description": "Effects to perform when user-defined bots are detected.\n", + "items": { + "$ref": "#/components/schemas/waas.UserDefinedBot" + }, + "type": "array" + } + }, + "type": "object" + }, + "waas.CertificateMeta": { + "description": "CertificateMeta is the certificate metadata", + "properties": { + "issuerName": { + "description": "IssuerName is the certificate issuer common name.\n", + "type": "string" + }, + "notAfter": { + "description": "NotAfter is the time the certificate is not valid (expiry time).\n", + "format": "date-time", + "type": "string" + }, + "subjectName": { + "description": "SubjectName is the certificate subject common name.\n", + "type": "string" + } + }, + "type": "object" + }, + "waas.ClientType": { + "description": "ClientType is an HTTP client type", + "enum": [ + [ + "browser", + "mobile", + "httpLib", + "apiLib" + ] + ], + "type": "string" + }, + "waas.CustomBlockResponseConfig": { + "description": "CustomBlockResponseConfig is a custom block message config for a policy", + "properties": { + "body": { + "description": "Custom HTML for the block response.\n", + "type": "string" + }, + "code": { + "description": "Custom HTTP response code for the block response.\n", + "type": "integer" + }, + "enabled": { + "description": "Indicates if the custom block response is enabled (true) or not (false).\n", + "type": "boolean" + } + }, + "type": "object" + }, + "waas.CustomReCAPTCHAPageSpec": { + "description": "CustomReCAPTCHAPageSpec is the custom reCAPTCHA page spec", + "properties": { + "body": { + "description": "Custom HTML for the reCAPTCHA page.\n", + "type": "string" + }, + "enabled": { + "description": "Indicates if the custom reCAPTCHA page is enabled.\n", + "type": "boolean" + } + }, + "type": "object" + }, + "waas.DailyStats": { + "description": "DailyStats represents the WAAS daily stats", + "properties": { + "_id": { + "description": "Date is date that the daily stats are relevant to.\n", + "type": "string" + }, + "actionStats": { + "$ref": "#/components/schemas/waas.ActionStats" + }, + "attackTypeStats": { + "$ref": "#/components/schemas/waas.AttackTypeStats" + }, + "geoData": { + "$ref": "#/components/schemas/waas.GeoData" + }, + "inspectedBytes": { + "description": "InspectedBytes is total amount body bytes inspected by WAAS.\n", + "type": "integer" + }, + "policyChangeCount": { + "description": "PolicyChangeCount is the amount of policy changes for this day.\n", + "type": "integer" + }, + "totalRequests": { + "description": "TotalRequests is the total request count.\n", + "type": "integer" + }, + "unprotectedAppsVulnStats": { + "$ref": "#/components/schemas/waas.UnprotectedAppsVulnStats" + } + }, + "type": "object" + }, + "waas.Dashboard": { + "description": "Dashboard contains the data of the WAAS Dashboard", + "properties": { + "appProtectionStats": { + "$ref": "#/components/schemas/waas.AppProtectionStats" + }, + "dailyStats": { + "description": "DailyStats are the WAAS daily stats.\n", + "items": { + "$ref": "#/components/schemas/waas.DailyStats" + }, + "type": "array" + }, + "insights": { + "description": "Insights are the current WAAS insights.\n", + "items": { + "$ref": "#/components/schemas/waas.Insight" + }, + "type": "array" + }, + "policyStats": { + "$ref": "#/components/schemas/waas.PolicyStats" + } + }, + "type": "object" + }, + "waas.DiscoveredAPI": { + "description": "DiscoveredAPI represents a single discovered API path+method information's", + "properties": { + "appID": { + "description": "AppID is the app ID.\n", + "type": "string" + }, + "clientTypes": { + "description": "ClientTypes are the client types used to access this path.\n", + "items": { + "$ref": "#/components/schemas/waas.ClientType" + }, + "type": "array" + }, + "firstSeen": { + "description": "FirstSeen is the date when this path was first seen.\n", + "format": "date-time", + "type": "string" + }, + "hits": { + "description": "Hits are amount of hits on this path.\n", + "type": "integer" + }, + "host": { + "description": "Host is the host seen for this API.\n", + "type": "string" + }, + "image": { + "description": "Image is the image names seen for this API.\n", + "type": "string" + }, + "lastChanged": { + "description": "LastChanged is the date when this path was last changed.\n", + "format": "date-time", + "type": "string" + }, + "lastSeen": { + "description": "LastSeen is the date when this path was last seen.\n", + "format": "date-time", + "type": "string" + }, + "method": { + "description": "Method is the API method.\n", + "type": "string" + }, + "owaspAPIAttacks": { + "description": "OWASPAPIAttacks indicates whether OWASP API Top-10 attacks were found on the API.\n", + "type": "boolean" + }, + "path": { + "description": "Path is the API path.\n", + "type": "string" + }, + "protectionStatus": { + "$ref": "#/components/schemas/waas.APIProtectionStatus" + }, + "public": { + "description": "Public indicates this path may be accessed from the internet.\n", + "type": "boolean" + }, + "requiresAuthentication": { + "description": "RequiresAuthentication indicated this path requires authentication to access.\n", + "type": "boolean" + }, + "responseSensitiveData": { + "description": "ResponseSensitiveData indicated this path may be used with sensitive data attached in response.\n", + "type": "boolean" + }, + "riskFactors": { + "$ref": "#/components/schemas/vuln.RiskFactors" + }, + "riskScore": { + "description": "RiskScore is the sum of all risk factors (used for sorting and filter by risk factors).\n", + "type": "integer" + }, + "ruleID": { + "description": "RuleID is the rule ID.\n", + "type": "string" + }, + "sensitiveData": { + "description": "SensitiveData indicated this path may be used with sensitive data attached in request.\n", + "type": "boolean" + }, + "servers": { + "description": "Servers are the servers seen for this API.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "vulnerabilityDistribution": { + "$ref": "#/components/schemas/vuln.Distribution" + } + }, + "type": "object" + }, + "waas.DoSConfig": { + "description": "DoSConfig is a dos policy specification", + "properties": { + "alert": { + "$ref": "#/components/schemas/waas.DoSRates" + }, + "ban": { + "$ref": "#/components/schemas/waas.DoSRates" + }, + "enabled": { + "description": "Enabled indicates if dos protection is enabled.\n", + "type": "boolean" + }, + "excludedNetworkLists": { + "description": "Network IPs to exclude from DoS tracking.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "matchConditions": { + "description": "Conditions on which to match to track a request. The conditions are \\\"OR\\\"'d together during the check.\n", + "items": { + "$ref": "#/components/schemas/waas.DoSMatchCondition" + }, + "type": "array" + }, + "trackSession": { + "description": "Indicates if the custom session ID generated during bot protection flow is tracked (true) or not (false).\n", + "type": "boolean" + } + }, + "type": "object" + }, + "waas.DoSMatchCondition": { + "description": "DoSMatchCondition is used for matching a request for tracking", + "properties": { + "fileTypes": { + "description": "File types for request matching.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "methods": { + "description": "HTTP methods for request matching.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "responseCodeRanges": { + "description": "Response codes for the request's response matching.\n", + "items": { + "$ref": "#/components/schemas/waas.StatusCodeRange" + }, + "type": "array" + } + }, + "type": "object" + }, + "waas.DoSRates": { + "description": "DoSRates specifies dos requests rates (thresholds)", + "properties": { + "average": { + "description": "Average request rate (requests / second).\n", + "type": "integer" + }, + "burst": { + "description": "Burst request rate (requests / second).\n", + "type": "integer" + } + }, + "type": "object" + }, + "waas.Effect": { + "description": "Effect is the effect that will be used in the rule", + "enum": [ + [ + "ban", + "prevent", + "alert", + "allow", + "disable", + "reCAPTCHA" + ] + ], + "type": "string" + }, + "waas.Endpoint": { + "description": "Endpoint is an application endpoint", + "properties": { + "basePath": { + "description": "Base path for the endpoint.\n", + "type": "string" + }, + "exposedPort": { + "description": "Exposed port that the proxy is listening on.\n", + "type": "integer" + }, + "grpc": { + "description": "Indicates if the proxy supports gRPC (true) or not (false).\n", + "type": "boolean" + }, + "host": { + "description": "URL address (name or IP) of the endpoint's API specification (e.g., petstore.swagger.io). The address can be prefixed with a wildcard (e.g., *.swagger.io).\n", + "type": "string" + }, + "http2": { + "description": "Indicates if the proxy supports HTTP/2 (true) or not (false).\n", + "type": "boolean" + }, + "internalPort": { + "description": "Internal port that the application is listening on.\n", + "type": "integer" + }, + "tls": { + "description": "Indicates if the connection is secured (true) or not (false).\n", + "type": "boolean" + } + }, + "type": "object" + }, + "waas.ExceptionField": { + "description": "ExceptionField is used to perform the protection exception fields", + "properties": { + "key": { + "description": "Field in HTTP request.\n", + "type": "string" + }, + "keyPattern": { + "description": "Match and scrub by keys, relevant when location is not defined.\n", + "type": "boolean" + }, + "location": { + "$ref": "#/components/schemas/waas.ExceptionLocation" + }, + "response": { + "description": "Indicates that sensitive data should be checked in response, only relevant for pattern based sensitive data rule.\n", + "type": "boolean" + }, + "valuePattern": { + "description": "Match and scrub by values, relevant when location is not defined.\n", + "type": "boolean" + } + }, + "type": "object" + }, + "waas.ExceptionLocation": { + "description": "ExceptionLocation indicates exception http field location", + "enum": [ + [ + "path", + "query", + "queryValues", + "cookie", + "UserAgentHeader", + "header", + "body", + "rawBody", + "XMLPath", + "JSONPath" + ] + ], + "type": "string" + }, + "waas.FeatureExceptions": { + "description": "FeatureExceptions represents subnets that should bypass WAAS features", + "properties": { + "subnets": { + "description": "Subnets are network lists for which requests bypass WAAS features.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + "type": "object" + }, + "waas.FileType": { + "description": "FileType is the type of an uploaded file", + "enum": [ + [ + "pdf", + "officeLegacy", + "officeOoxml", + "odf", + "jpeg", + "png", + "gif", + "bmp", + "ico", + "avi", + "mp4", + "aac", + "mp3", + "wav", + "zip", + "gzip", + "rar", + "7zip" + ] + ], + "type": "string" + }, + "waas.FirewallType": { + "description": "FirewallType represents the firewall type", + "enum": [ + [ + "host-proxy", + "host-out-of-band", + "container-proxy", + "container-out-of-band", + "app-embedded", + "agentless" + ] + ], + "type": "string" + }, + "waas.GeoData": { + "additionalProperties": { + "$ref": "#/components/schemas/waas.TrafficStats" + }, + "description": "GeoData are the per-country traffic stats", + "type": "object" + }, + "waas.HSTSConfig": { + "description": "HSTSConfig is the HTTP Strict Transport Security configuration in order to enforce HSTS header\nsee: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Strict-Transport-Security", + "properties": { + "enabled": { + "description": "Enabled indicates if HSTS enforcement is enabled.\n", + "type": "boolean" + }, + "includeSubdomains": { + "description": "IncludeSubdomains indicates if this rule applies to all of the site's subdomains as well.\n", + "type": "boolean" + }, + "maxAgeSeconds": { + "description": "maxAgeSeconds is the time (in seconds) that the browser should remember that a site is only be accessed using HTTPS.\n", + "type": "integer" + }, + "preload": { + "description": "Preload indicates if it should support preload.\n", + "type": "boolean" + } + }, + "type": "object" + }, + "waas.HTTPField": { + "description": "HTTPField is used to perform checks on flags and fields", + "properties": { + "key": { + "description": "Key is the key of the field, if exists (e.g. header and cookie).\n", + "type": "string" + }, + "type": { + "$ref": "#/components/schemas/waas.HTTPFieldType" + }, + "value": { + "description": "Value is the value of the field, if exists.\n", + "type": "string" + } + }, + "type": "object" + }, + "waas.HTTPFieldType": { + "description": "HTTPFieldType indicates type of http field", + "enum": [ + [ + "method", + "xmlBody", + "jsonBody", + "formBody", + "multipartBody", + "rawBody", + "protobufBody", + "query", + "queryParamName", + "cookie", + "header", + "url" + ] + ], + "type": "string" + }, + "waas.HeaderSpec": { + "description": "HeaderSpec is specification for a single header and its allowed or blocked values", + "properties": { + "allow": { + "description": "Indicates if the flow is to be allowed (true) or blocked (false).\n", + "type": "boolean" + }, + "effect": { + "$ref": "#/components/schemas/waas.Effect" + }, + "name": { + "description": "Header name.\n", + "type": "string" + }, + "required": { + "description": "Indicates if the header must be present (true) or not (false).\n", + "type": "boolean" + }, + "values": { + "description": "Wildcard expressions that represent the header value.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + "type": "object" + }, + "waas.Insight": { + "description": "Insight represents an insight on the dashboard", + "properties": { + "message": { + "description": "Message is the display message of the insight.\n", + "type": "string" + }, + "type": { + "$ref": "#/components/schemas/waas.InsightType" + } + }, + "type": "object" + }, + "waas.InsightType": { + "description": "InsightType is the insight type", + "enum": [ + [ + "vulnerableUnprotectedApps", + "expiredCertificate", + "upcomingCertificateExpiry", + "noAPIProtection" + ] + ], + "type": "string" + }, + "waas.IntelGatheringConfig": { + "description": "IntelGatheringConfig is the configuration for intelligence gathering protections", + "properties": { + "infoLeakageEffect": { + "$ref": "#/components/schemas/waas.Effect" + }, + "removeFingerprintsEnabled": { + "description": "Indicates if server fingerprints should be removed (true) or not (false).\n", + "type": "boolean" + } + }, + "type": "object" + }, + "waas.JSInjectionSpec": { + "description": "JSInjectionSpec is the js injection protection spec", + "properties": { + "enabled": { + "description": "Indicates if JavaScript injection is enabled (true) or not (false).\n", + "type": "boolean" + }, + "timeoutEffect": { + "$ref": "#/components/schemas/waas.Effect" + } + }, + "type": "object" + }, + "waas.KnownBotProtectionsSpec": { + "description": "KnownBotProtectionsSpec is the known bot protections spec", + "properties": { + "archiving": { + "$ref": "#/components/schemas/waas.Effect" + }, + "businessAnalytics": { + "$ref": "#/components/schemas/waas.Effect" + }, + "careerSearch": { + "$ref": "#/components/schemas/waas.Effect" + }, + "contentFeedClients": { + "$ref": "#/components/schemas/waas.Effect" + }, + "educational": { + "$ref": "#/components/schemas/waas.Effect" + }, + "financial": { + "$ref": "#/components/schemas/waas.Effect" + }, + "mediaSearch": { + "$ref": "#/components/schemas/waas.Effect" + }, + "news": { + "$ref": "#/components/schemas/waas.Effect" + }, + "searchEngineCrawlers": { + "$ref": "#/components/schemas/waas.Effect" + } + }, + "type": "object" + }, + "waas.MaliciousUploadConfig": { + "description": "MaliciousUploadConfig is the configuration for file upload protection", + "properties": { + "allowedExtensions": { + "description": "Allowed file extensions.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "allowedFileTypes": { + "description": "Allowed file types.\n", + "items": { + "$ref": "#/components/schemas/waas.FileType" + }, + "type": "array" + }, + "effect": { + "$ref": "#/components/schemas/waas.Effect" + } + }, + "type": "object" + }, + "waas.Method": { + "description": "Method is a method information", + "properties": { + "method": { + "description": "Type of HTTP request (e.g., PUT, GET, etc.).\n", + "type": "string" + }, + "parameters": { + "description": "Parameters that are part of the HTTP request.\n", + "items": { + "$ref": "#/components/schemas/waas.Param" + }, + "type": "array" + } + }, + "type": "object" + }, + "waas.MinTLSVersion": { + "description": "MinTLSVersion is the list of acceptable TLS versions", + "enum": [ + [ + "1.0", + "1.1", + "1.2", + "1.3" + ] + ], + "type": "string" + }, + "waas.MonitoringStats": { + "description": "MonitoringStats are the waas per-profile monitoring stats", + "properties": { + "aggregationStart": { + "description": "AggregationStart indicates when stats aggregation started.\n", + "format": "date-time", + "type": "string" + }, + "firewallType": { + "$ref": "#/components/schemas/waas.FirewallType" + }, + "lastUpdate": { + "description": "LastUpdate indicates when the stats were last updated.\n", + "format": "date-time", + "type": "string" + }, + "profileID": { + "description": "ProfileID is the profile ID.\n", + "type": "string" + }, + "stats": { + "$ref": "#/components/schemas/waas.APIStats" + } + }, + "type": "object" + }, + "waas.NetworkControls": { + "description": "NetworkControls contains the network controls config (e.g., access controls for IPs and countries)", + "properties": { + "advancedProtectionEffect": { + "$ref": "#/components/schemas/waas.Effect" + }, + "countries": { + "$ref": "#/components/schemas/waas.AccessControls" + }, + "exceptionSubnets": { + "description": "Network lists for which requests completely bypass WAAS checks and protections.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "networkControlsExceptionSubnets": { + "$ref": "#/components/schemas/waas.FeatureExceptions" + }, + "subnets": { + "$ref": "#/components/schemas/waas.AccessControls" + } + }, + "type": "object" + }, + "waas.NetworkList": { + "description": "NetworkList represent network list of IP/CIDR in waas", + "properties": { + "_id": { + "description": "Unique ID.\n", + "type": "string" + }, + "description": { + "description": "Description of the network list.\n", + "type": "string" + }, + "disabled": { + "description": "Indicates if the rule is currently disabled (true) or not (false).\n", + "type": "boolean" + }, + "modified": { + "description": "Datetime when the rule was last modified.\n", + "format": "date-time", + "type": "string" + }, + "name": { + "description": "Name of the rule.\n", + "type": "string" + }, + "notes": { + "description": "Free-form text.\n", + "type": "string" + }, + "owner": { + "description": "User who created or last modified the rule.\n", + "type": "string" + }, + "previousName": { + "description": "Previous name of the rule. Required for rule renaming.\n", + "type": "string" + }, + "subnets": { + "description": "List of the IPv4 addresses and IP CIDR blocks.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + "type": "object" + }, + "waas.OWASPAPITop10": { + "description": "OWASPAPITop10 represents OWASP API top 10 attacks", + "enum": [ + [ + "excessiveDataExposure", + "lackOfResources&RateLimiting", + "brokenFunctionLevelAuthorization", + "securityMisconfiguration", + "injection" + ] + ], + "type": "string" + }, + "waas.OWASPTop10": { + "description": "OWASPTop10 represents OWASP top 10 attacks", + "enum": [ + [ + "brokenAccessControl", + "cryptographicFailures", + "injection", + "insecureDesign" + ] + ], + "type": "string" + }, + "waas.OpenAPIScan": { + "description": "OpenAPIScan represents the OpenAPI file scan", + "properties": { + "_id": { + "description": "ID is the scan identifier.\n", + "type": "string" + }, + "issueResults": { + "description": "IssueResults are the scanned issues results.\n", + "items": { + "$ref": "#/components/schemas/waas.OpenAPIScanIssueResult" + }, + "type": "array" + }, + "scanInfo": { + "$ref": "#/components/schemas/waas.OpenAPIScanInfo" + }, + "scanStartTime": { + "description": "ScanStartTime is the scan started.\n", + "format": "date-time", + "type": "string" + }, + "severityDistribution": { + "$ref": "#/components/schemas/waas.OpenAPIScanIssuesSeverityDistribution" + }, + "specInfo": { + "$ref": "#/components/schemas/waas.OpenAPISpecInfo" + } + }, + "type": "object" + }, + "waas.OpenAPIScanInfo": { + "description": "OpenAPIScanInfo is the OpenAPI scan info", + "properties": { + "appID": { + "description": "AppID is the WAAS app id the file was imported from.\n", + "type": "string" + }, + "policyType": { + "$ref": "#/components/schemas/common.PolicyType" + }, + "ruleID": { + "description": "RuleID is the WAAS rule id the file was imported from.\n", + "type": "string" + }, + "source": { + "$ref": "#/components/schemas/waas.OpenAPIScanSource" + } + }, + "type": "object" + }, + "waas.OpenAPIScanIssueMetadata": { + "description": "OpenAPIScanIssueMetadata represents the static metadata of an API definition issue\nFields reflect the KICS metadata,\nExample: https://github.com/Checkmarx/kics/blob/master/assets/queries/openAPI/general/items_undefined/metadata.json", + "properties": { + "category": { + "description": "Category is the issue category.\n", + "type": "string" + }, + "descriptionText": { + "description": "DescriptionText is the issue description.\n", + "type": "string" + }, + "descriptionUrl": { + "description": "DescriptionURL is the issue information url.\n", + "type": "string" + }, + "id": { + "description": "ID is the unique identifier of the issue metadata.\n", + "type": "string" + }, + "override": { + "additionalProperties": { + "$ref": "#/components/schemas/waas.OpenAPIScanIssueMetadata" + }, + "description": "Override is the list of possible override fields by OpenAPI version.\n", + "type": "object" + }, + "queryName": { + "description": "Name is the issue name.\n", + "type": "string" + }, + "severity": { + "$ref": "#/components/schemas/waas.OpenAPIScanIssueSeverity" + } + }, + "type": "object" + }, + "waas.OpenAPIScanIssueResult": { + "description": "OpenAPIScanIssueResult represents a specific issue result in the OpenAPI spec file\nFields reflect the KICS rego queries result,\nExample: https://github.com/Checkmarx/kics/blob/master/assets/queries/openAPI/general/items_undefined/query.rego", + "properties": { + "_id": { + "description": "ID is the issue result ID.\n", + "type": "integer" + }, + "category": { + "description": "Category is the issue category.\n", + "type": "string" + }, + "descriptionText": { + "description": "DescriptionText is the issue description.\n", + "type": "string" + }, + "descriptionUrl": { + "description": "DescriptionURL is the issue information url.\n", + "type": "string" + }, + "id": { + "description": "ID is the unique identifier of the issue metadata.\n", + "type": "string" + }, + "override": { + "additionalProperties": { + "$ref": "#/components/schemas/waas.OpenAPIScanIssueMetadata" + }, + "description": "Override is the list of possible override fields by OpenAPI version.\n", + "type": "object" + }, + "queryName": { + "description": "Name is the issue name.\n", + "type": "string" + }, + "searchKey": { + "description": "SearchKey is the issue location in the spec file.\n", + "type": "string" + }, + "severity": { + "$ref": "#/components/schemas/waas.OpenAPIScanIssueSeverity" + }, + "status": { + "description": "Status is the issue status.\n", + "type": "string" + } + }, + "type": "object" + }, + "waas.OpenAPIScanIssueSeverity": { + "description": "OpenAPIScanIssueSeverity is the OpenAPI spec file issue severity", + "enum": [ + [ + "INFO", + "LOW", + "MEDIUM", + "HIGH" + ] + ], + "type": "string" + }, + "waas.OpenAPIScanIssueStatus": { + "description": "OpenAPIScanIssueStatus represents an OpenAPI file issue status", + "properties": { + "id": { + "description": "ID is the issue result ID.\n", + "type": "integer" + }, + "status": { + "description": "Status is the issue status.\n", + "type": "string" + } + }, + "type": "object" + }, + "waas.OpenAPIScanIssuesSeverityDistribution": { + "description": "OpenAPIScanIssuesSeverityDistribution counts the number of issues per severity type", + "properties": { + "high": { + "description": "High is the high severity issues count.\n", + "type": "integer" + }, + "info": { + "description": "Info is the info severity issues count.\n", + "type": "integer" + }, + "low": { + "description": "Low is the low severity issues count.\n", + "type": "integer" + }, + "medium": { + "description": "Medium is the medium severity issues count.\n", + "type": "integer" + } + }, + "type": "object" + }, + "waas.OpenAPIScanSource": { + "description": "OpenAPIScanSource is the scan trigger source", + "enum": [ + [ + "app", + "cli", + "manual" + ] + ], + "type": "string" + }, + "waas.OpenAPISpecInfo": { + "description": "OpenAPISpecInfo is the OpenAPI spec info", + "properties": { + "content": { + "description": "Content is the OpenAPI spec content.\n", + "items": { + "$ref": "#/components/schemas/byte" + }, + "type": "array" + }, + "contentType": { + "description": "ContentType is the OpenAPI spec file content type.\n", + "type": "string" + }, + "fileName": { + "description": "FileName is the OpenAPI spec file name.\n", + "type": "string" + } + }, + "type": "object" + }, + "waas.OutOfBandMode": { + "description": "OutOfBandMode holds the app firewall out-of-band mode", + "enum": [ + [ + "", + "Observation", + "Protection" + ] + ], + "type": "string" + }, + "waas.OutOfBandRuleScope": { + "description": "OutOfBandRuleScope represents the Out-of-Band Rule Scope", + "enum": [ + [ + "container", + "host", + "" + ] + ], + "type": "string" + }, + "waas.Param": { + "description": "Param contains a parameter information", + "properties": { + "allowEmptyValue": { + "description": "Indicates if an empty value is allowed (true) or not (false).\n", + "type": "boolean" + }, + "array": { + "description": "Indicates if multiple values of the specified type are allowed (true) or not (false).\n", + "type": "boolean" + }, + "explode": { + "description": "Indicates if arrays should generate separate parameters for each array item or object property.\n", + "type": "boolean" + }, + "location": { + "$ref": "#/components/schemas/waas.ParamLocation" + }, + "max": { + "description": "Maximum allowable value for a numeric parameter.\n", + "format": "double", + "type": "number" + }, + "min": { + "description": "Minimum allowable value for a numeric parameter.\n", + "format": "double", + "type": "number" + }, + "name": { + "description": "Name of the parameter.\n", + "type": "string" + }, + "required": { + "description": "Indicates if the parameter is required (true) or not (false).\n", + "type": "boolean" + }, + "style": { + "$ref": "#/components/schemas/waas.ParamStyle" + }, + "type": { + "$ref": "#/components/schemas/waas.ParamType" + } + }, + "type": "object" + }, + "waas.ParamLocation": { + "description": "ParamLocation is the location of a parameter", + "enum": [ + [ + "path", + "query", + "cookie", + "header", + "body", + "json", + "xml", + "formData", + "multipart" + ] + ], + "type": "string" + }, + "waas.ParamStyle": { + "description": "ParamStyle is a param format style, defined by OpenAPI specification\nIt describes how the parameter value will be serialized depending on the type of the parameter value.\nRef: https://swagger.io/docs/specification/serialization/\nhttps://github.com/OAI/OpenAPI-Specification/blob/master/versions/3.0.0.md#style-examples", + "enum": [ + [ + "simple", + "spaceDelimited", + "tabDelimited", + "pipeDelimited", + "form", + "matrix", + "label" + ] + ], + "type": "string" + }, + "waas.ParamType": { + "description": "ParamType is the type of a parameter, defined by OpenAPI specification\nRef: https://github.com/OAI/OpenAPI-Specification/blob/master/versions/2.0.md#data-types", + "enum": [ + [ + "integer", + "number", + "string", + "boolean", + "array", + "object" + ] + ], + "type": "string" + }, + "waas.Path": { + "description": "Path is an API path information", + "properties": { + "methods": { + "description": "Supported operations for the path (e.g., PUT, GET, etc.).\n", + "items": { + "$ref": "#/components/schemas/waas.Method" + }, + "type": "array" + }, + "path": { + "description": "Relative path to an endpoint such as \\\"/pet/{petId}\\\".\n", + "type": "string" + } + }, + "type": "object" + }, + "waas.Policy": { + "description": "Policy represents the policy", + "properties": { + "_id": { + "description": "Unique internal ID.\n", + "type": "string" + }, + "maxPort": { + "description": "Maximum port number to use in the application firewall.\n", + "type": "integer" + }, + "minPort": { + "description": "Minimum port number to use in the application firewall.\n", + "type": "integer" + }, + "rules": { + "description": "Rules in the policy.\n", + "items": { + "$ref": "#/components/schemas/waas.Rule" + }, + "type": "array" + } + }, + "type": "object" + }, + "waas.PolicyStats": { + "description": "PolicyStats contains the WAAS policy statistics", + "properties": { + "appStats": { + "$ref": "#/components/schemas/waas.AppStats" + }, + "apps": { + "description": "Apps is the total amount of apps in the WAAS policies.\n", + "type": "integer" + }, + "rules": { + "description": "Rules is the total amount of rules in the WAAS policies.\n", + "type": "integer" + } + }, + "type": "object" + }, + "waas.Protection": { + "description": "Protection is the type of protection", + "enum": [ + [ + "firewall", + "dos", + "bot", + "custom", + "accessControl" + ] + ], + "type": "string" + }, + "waas.ProtectionConfig": { + "description": "ProtectionConfig represents a WAAS protection config", + "properties": { + "effect": { + "$ref": "#/components/schemas/waas.Effect" + }, + "exceptionFields": { + "description": "Exceptions.\n", + "items": { + "$ref": "#/components/schemas/waas.ExceptionField" + }, + "type": "array" + } + }, + "type": "object" + }, + "waas.ProtectionStatus": { + "description": "ProtectionStatus describes the status of the WAAS protection", + "properties": { + "enabled": { + "description": "Enabled indicates if WAAS proxy protection is enabled (true) or not (false).\n", + "type": "boolean" + }, + "outOfBandMode": { + "$ref": "#/components/schemas/waas.OutOfBandMode" + }, + "ports": { + "description": "Ports indicates http open ports associated with the container.\n", + "items": { + "$ref": "#/components/schemas/int" + }, + "type": "array" + }, + "supported": { + "description": "Supported indicates if WAAS protection is supported (true) or not (false).\n", + "type": "boolean" + }, + "tlsPorts": { + "description": "TLSPorts indicates https open ports associated with the container.\n", + "items": { + "$ref": "#/components/schemas/int" + }, + "type": "array" + }, + "unprotectedProcesses": { + "description": "UnprotectedProcesses holds the processes that support HTTP/HTTPS without WAAS protection.\n", + "items": { + "$ref": "#/components/schemas/waas.UnprotectedProcess" + }, + "type": "array" + } + }, + "type": "object" + }, + "waas.ReCAPTCHASpec": { + "description": "ReCAPTCHASpec is the reCAPTCHA spec", + "properties": { + "allSessions": { + "description": "Indicates if the reCAPTCHA page is served at the start of every new session (true) or not (false).\n", + "type": "boolean" + }, + "customPageSpec": { + "$ref": "#/components/schemas/waas.CustomReCAPTCHAPageSpec" + }, + "enabled": { + "description": "Indicates if reCAPTCHA integration is enabled (true) or not (false).\n", + "type": "boolean" + }, + "secretKey": { + "$ref": "#/components/schemas/common.Secret" + }, + "siteKey": { + "description": "ReCAPTCHA site key to use when invoking the reCAPTCHA service.\n", + "type": "string" + }, + "successExpirationHours": { + "description": "Duration for which the indication of reCAPTCHA success is kept. Maximum value is 30 days * 24 = 720 hours.\n", + "type": "integer" + }, + "type": { + "$ref": "#/components/schemas/waas.ReCAPTCHAType" + } + }, + "type": "object" + }, + "waas.ReCAPTCHAType": { + "description": "ReCAPTCHAType is the reCAPTCHA configured type", + "enum": [ + [ + "checkbox", + "invisible" + ] + ], + "type": "string" + }, + "waas.RemoteHostForwardingConfig": { + "description": "RemoteHostForwardingConfig defines a remote host to forward requests to", + "properties": { + "enabled": { + "description": "Indicates if remote host forwarding is enabled (true) or not (false).\n", + "type": "boolean" + }, + "target": { + "description": "Remote host to forward requests to.\n", + "type": "string" + } + }, + "type": "object" + }, + "waas.ReqErrorCtx": { + "description": "ReqErrorCtx is the request error context", + "properties": { + "defender": { + "description": "Defender is the defender name from which the error originated.\n", + "type": "string" + }, + "err": { + "description": "Err is the API error.\n", + "type": "string" + }, + "requestInspectionDuration": { + "description": "RequestInspectionDuration is the request inspection handling time by the WAAS plugins (time spent in WAAS before forwarding the request and handling the response).\n", + "format": "int64", + "type": "integer" + }, + "requestStart": { + "description": "RequestStart is the request start time.\n", + "format": "date-time", + "type": "string" + }, + "route": { + "description": "Route is the API route.\n", + "type": "string" + }, + "serveDuration": { + "description": "ServeDuration is the total request handling time including forwarding and response until the error.\n", + "format": "int64", + "type": "integer" + } + }, + "type": "object" + }, + "waas.RequestAnomalies": { + "description": "RequestAnomalies is the request anomalies spec", + "properties": { + "effect": { + "$ref": "#/components/schemas/waas.Effect" + }, + "threshold": { + "$ref": "#/components/schemas/waas.RequestAnomalyThreshold" + } + }, + "type": "object" + }, + "waas.RequestAnomalyThreshold": { + "description": "RequestAnomalyThreshold is the score threshold for which request anomaly violation is triggered", + "enum": [ + [ + "3", + "6", + "9" + ] + ], + "type": "integer" + }, + "waas.ResponseCodeStats": { + "description": "ResponseCodeStats holds counts of different response types\nCategories taken from: https://developer.mozilla.org/en-US/docs/Web/HTTP/Status", + "properties": { + "clientErrors": { + "description": "ClientErrors are the codes in the 400-499 range.\n", + "type": "integer" + }, + "informational": { + "description": "Informational are the codes in the 100-199 range.\n", + "type": "integer" + }, + "redirects": { + "description": "Redirects are the codes in the 300-399 range.\n", + "type": "integer" + }, + "serverErrors": { + "description": "ServerErrors are the codes in the 500-599 range.\n", + "type": "integer" + }, + "successful": { + "description": "Successful are the codes in the 200-299 range.\n", + "type": "integer" + } + }, + "type": "object" + }, + "waas.ResponseHeaderSpec": { + "description": "ResponseHeaderSpec is specification for a single response header to modify", + "properties": { + "name": { + "description": "Header name (will be canonicalized when possible).\n", + "type": "string" + }, + "override": { + "description": "Indicates whether to override existing values (true) or add to them (false).\n", + "type": "boolean" + }, + "values": { + "description": "New header values.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + "type": "object" + }, + "waas.Rule": { + "description": "Rule represents a single rule that is associated with an app firewall", + "properties": { + "allowMalformedHttpHeaderNames": { + "description": "AllowMalformedHTTPHeaderNames indicates if validation of http request header names should allow non-compliant characters.\n", + "type": "boolean" + }, + "applicationsSpec": { + "description": "List of API specifications in the rule.\n", + "items": { + "$ref": "#/components/schemas/waas.ApplicationSpec" + }, + "type": "array" + }, + "autoProtectPorts": { + "description": "AutoProtectPorts indicates if http ports should be automatically detected and protected.\n", + "type": "boolean" + }, + "collections": { + "description": "List of collections. Used to scope the rule.\n", + "items": { + "$ref": "#/components/schemas/collection.Collection" + }, + "type": "array" + }, + "disabled": { + "description": "Indicates if the rule is currently disabled (true) or not (false).\n", + "type": "boolean" + }, + "modified": { + "description": "Datetime when the rule was last modified.\n", + "format": "date-time", + "type": "string" + }, + "name": { + "description": "Name of the rule.\n", + "type": "string" + }, + "notes": { + "description": "Free-form text.\n", + "type": "string" + }, + "outOfBandScope": { + "$ref": "#/components/schemas/waas.OutOfBandRuleScope" + }, + "owner": { + "description": "User who created or last modified the rule.\n", + "type": "string" + }, + "previousName": { + "description": "Previous name of the rule. Required for rule renaming.\n", + "type": "string" + }, + "readTimeoutSeconds": { + "description": "ReadTimeout is the timeout of request reads in seconds, when no value is specified (0) the timeout is 5 seconds.\n", + "type": "integer" + }, + "skipAPILearning": { + "description": "SkipAPILearning indicates if API discovery is to be skipped (true) or not (false).\n", + "type": "boolean" + }, + "trafficMirroring": { + "$ref": "#/components/schemas/waas.TrafficMirroringConfig" + }, + "windows": { + "description": "Indicates whether the operating system of the app is windows, default is Linux.\n", + "type": "boolean" + } + }, + "type": "object" + }, + "waas.SameSite": { + "description": "SameSite allows a server to define a cookie attribute making it impossible for\nthe browser to send this cookie along with cross-site requests. The main\ngoal is to mitigate the risk of cross-origin information leakage, and provide\nsome protection against cross-site request forgery attacks.\n\nSee https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie/SameSite for details", + "enum": [ + [ + "Lax", + "Strict", + "None" + ] + ], + "type": "string" + }, + "waas.SensitiveDataSpec": { + "description": "SensitiveDataSpec defined a single sensitive data specification", + "properties": { + "disabled": { + "description": "Indicates if the rule is currently disabled (true) or not (false).\n", + "type": "boolean" + }, + "key": { + "description": "Field in HTTP request.\n", + "type": "string" + }, + "keyPattern": { + "description": "Match and scrub by keys, relevant when location is not defined.\n", + "type": "boolean" + }, + "location": { + "$ref": "#/components/schemas/waas.ExceptionLocation" + }, + "modified": { + "description": "Datetime when the rule was last modified.\n", + "format": "date-time", + "type": "string" + }, + "name": { + "description": "Name of the rule.\n", + "type": "string" + }, + "notes": { + "description": "Free-form text.\n", + "type": "string" + }, + "owner": { + "description": "User who created or last modified the rule.\n", + "type": "string" + }, + "placeholder": { + "description": "Placeholder is the placeholder text to replace the matched field content.\n", + "type": "string" + }, + "previousName": { + "description": "Previous name of the rule. Required for rule renaming.\n", + "type": "string" + }, + "response": { + "description": "Indicates that sensitive data should be checked in response, only relevant for pattern based sensitive data rule.\n", + "type": "boolean" + }, + "sensitiveData": { + "description": "SensitiveData indicates this spec is used for marking APIs as using sensitive data for API discovery.\n", + "type": "boolean" + }, + "skipLogScrubbing": { + "description": "SkipLogScrubbing indicates this spec is not used for log scrubbing.\n", + "type": "boolean" + }, + "valuePattern": { + "description": "Match and scrub by values, relevant when location is not defined.\n", + "type": "boolean" + } + }, + "type": "object" + }, + "waas.SensitiveDataSpecs": { + "description": "SensitiveDataSpecs is the sensitive data specifications", + "items": { + "$ref": "#/components/schemas/waas.SensitiveDataSpec" + }, + "type": "array" + }, + "waas.SizeRangeDistribution": { + "additionalProperties": { + "$ref": "#/components/schemas/int" + }, + "type": "object" + }, + "waas.StatusCodeDistribution": { + "additionalProperties": { + "$ref": "#/components/schemas/int" + }, + "type": "object" + }, + "waas.StatusCodeRange": { + "description": "StatusCodeRange represents a status code range", + "properties": { + "end": { + "description": "End of the range. Can be omitted if using a single status code.\n", + "type": "integer" + }, + "start": { + "description": "Start of the range. Can also be used for a single, non-range value.\n", + "type": "integer" + } + }, + "type": "object" + }, + "waas.TLSConfig": { + "description": "TLSConfig holds the user TLS configuration and the certificate data", + "properties": { + "HSTSConfig": { + "$ref": "#/components/schemas/waas.HSTSConfig" + }, + "metadata": { + "$ref": "#/components/schemas/waas.CertificateMeta" + }, + "minTLSVersion": { + "$ref": "#/components/schemas/waas.MinTLSVersion" + } + }, + "type": "object" + }, + "waas.TrafficMirroringConfig": { + "description": "TrafficMirroringConfig is the traffic mirroring configuration", + "properties": { + "enabled": { + "description": "TODO #41884 - remove traffic mirroring enabled flag when no longer needed for BC\nEnabled indicates if traffic mirroring is enabled.\n", + "type": "boolean" + }, + "vpcConfig": { + "$ref": "#/components/schemas/waas.VPCConfig" + } + }, + "type": "object" + }, + "waas.TrafficStats": { + "description": "TrafficStats are traffic stats", + "properties": { + "attacks": { + "description": ".\n", + "type": "integer" + }, + "requests": { + "description": ".\n", + "type": "integer" + } + }, + "type": "object" + }, + "waas.UnknownBotProtectionSpec": { + "description": "UnknownBotProtectionSpec is the unknown bot protection spec", + "properties": { + "apiLibraries": { + "$ref": "#/components/schemas/waas.Effect" + }, + "botImpersonation": { + "$ref": "#/components/schemas/waas.Effect" + }, + "browserImpersonation": { + "$ref": "#/components/schemas/waas.Effect" + }, + "generic": { + "$ref": "#/components/schemas/waas.Effect" + }, + "httpLibraries": { + "$ref": "#/components/schemas/waas.Effect" + }, + "requestAnomalies": { + "$ref": "#/components/schemas/waas.RequestAnomalies" + }, + "webAutomationTools": { + "$ref": "#/components/schemas/waas.Effect" + }, + "webScrapers": { + "$ref": "#/components/schemas/waas.Effect" + } + }, + "type": "object" + }, + "waas.UnprotectedAppsVulnStats": { + "description": "UnprotectedAppsVulnStats contains vulnerability statistics of unprotected web apps", + "properties": { + "critical": { + "description": ".\n", + "type": "integer" + }, + "high": { + "description": ".\n", + "type": "integer" + }, + "low": { + "description": ".\n", + "type": "integer" + }, + "medium": { + "description": ".\n", + "type": "integer" + }, + "none": { + "description": ".\n", + "type": "integer" + } + }, + "type": "object" + }, + "waas.UnprotectedContainersWebApps": { + "description": "UnprotectedContainersWebApps contains the result of scanning unprotected containers summary", + "properties": { + "_id": { + "description": "Image is the image name.\n", + "type": "string" + }, + "count": { + "description": "Count is the sum of containers using this image.\n", + "type": "integer" + }, + "ports": { + "description": "Ports is the open http ports on containers using this image.\n", + "items": { + "$ref": "#/components/schemas/int" + }, + "type": "array" + }, + "tlsPorts": { + "description": "TLSPorts is the open https ports on containers using this image.\n", + "items": { + "$ref": "#/components/schemas/int" + }, + "type": "array" + } + }, + "type": "object" + }, + "waas.UnprotectedHostsWebApps": { + "description": "UnprotectedHostsWebApps contains the result of scanning unprotected hosts summary", + "properties": { + "hostname": { + "description": "Hostname is the host name.\n", + "type": "string" + }, + "unprotectedProcesses": { + "description": "UnprotectedProcesses is processes that uses HTTP/HTTPs but are unprotected by WAAS.\n", + "items": { + "$ref": "#/components/schemas/waas.UnprotectedProcess" + }, + "type": "array" + } + }, + "type": "object" + }, + "waas.UnprotectedProcess": { + "description": "UnprotectedProcess holds unprotected processes alongside the port", + "properties": { + "port": { + "description": "Port is the process port.\n", + "type": "integer" + }, + "process": { + "description": "Process is the process name.\n", + "type": "string" + }, + "tls": { + "description": "TLS is the port TLS indication.\n", + "type": "boolean" + } + }, + "type": "object" + }, + "waas.UserDefinedBot": { + "description": "UserDefinedBot indicates a user-defined bot and its effect", + "properties": { + "effect": { + "$ref": "#/components/schemas/waas.Effect" + }, + "headerName": { + "description": "Header name which defines the bot.\n", + "type": "string" + }, + "headerValues": { + "description": "Header values corresponding to the header name. Can contain wildcards.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "name": { + "description": "Name of the bot.\n", + "type": "string" + }, + "subnets": { + "description": "Subnets where the bot originates. Specify using network lists.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + "type": "object" + }, + "waas.VPCConfig": { + "description": "VPCConfig is the VPC configuration (there is a 1-to-1 relation with the rule, only one configuration per rule)", + "properties": { + "autoScalingEnabled": { + "description": "AutoScalingEnabled indicates that the deployment is made with auto VPC observer instances scaling.\n", + "type": "boolean" + }, + "autoScalingMaxInstances": { + "description": "AutoScalingMaxInstances is the maximum deployed instances when auto scaling is enabled.\n", + "type": "integer" + }, + "configID": { + "description": "ConfigID is a unique ID for the configuration.\n", + "type": "string" + }, + "consoleHostname": { + "description": "ConsoleHostname represents the hostname of the console to connect to.\n", + "type": "string" + }, + "credentialID": { + "description": "CredentialID is the service provider authentication data.\n", + "type": "string" + }, + "instanceNames": { + "description": "InstanceNames are the names of the instances to mirror (can be wildcard).\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "instanceType": { + "description": "InstanceType is the instance type to use for the defender instance.\n", + "type": "string" + }, + "ports": { + "description": "Ports are the ports to mirror.\n", + "items": { + "$ref": "#/components/schemas/int" + }, + "type": "array" + }, + "region": { + "description": "Region is the AWS region the mirrored VMs are located in.\n", + "type": "string" + }, + "subnetID": { + "description": "SubnetID is the ID of the subnet the defender will be deployed in.\n", + "type": "string" + }, + "tags": { + "description": "Tags are the tags to filter for instances to mirror in Key:Value format or \"*\".\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + }, + "vpcID": { + "description": "VPCID is the ID of the VPC to look for instances to mirror and to deploy the defender in.\n", + "type": "string" + } + }, + "type": "object" + }, + "waas.VPCConfigMirroredVM": { + "description": "VPCConfigMirroredVM is a VM mirrored by a VPC configuration deployment", + "properties": { + "id": { + "description": "ID is the VM ID.\n", + "type": "string" + }, + "name": { + "description": "Name is the VM name.\n", + "type": "string" + }, + "networkInterfaceID": { + "description": "NetworkInterfaceID is the network interface ID for the VM.\n", + "type": "string" + } + }, + "type": "object" + }, + "waas.VPCConfigResource": { + "description": "VPCConfigResource is a resource created by a VPC configuration deployment", + "properties": { + "id": { + "description": "ID is the resource ID.\n", + "type": "string" + }, + "name": { + "description": "Name is the resource name.\n", + "type": "string" + }, + "type": { + "description": "Type is the resource type.\n", + "type": "string" + } + }, + "type": "object" + }, + "waas.VPCConfigState": { + "description": "VPCConfigState is the state of a VPC configuration\nThis includes only the state needed by the frontend\nbson bindings do not omit empty as the structure is updated using upsert and fields may need to be set to empty value", + "properties": { + "configID": { + "description": "ConfigID is the ID of the VPC configuration.\n", + "type": "string" + }, + "error": { + "description": "Error is the error received during deployment (on failure).\n", + "type": "string" + }, + "lastUpdate": { + "description": "LastUpdate is the time when the deployment was last updated.\n", + "format": "date-time", + "type": "string" + }, + "status": { + "$ref": "#/components/schemas/waas.VPCConfigStatus" + } + }, + "type": "object" + }, + "waas.VPCConfigStatus": { + "description": "VPCConfigStatus is the status of a VPC configuration deployment", + "enum": [ + [ + "inProcess", + "error", + "ready", + "deletionInProgress", + "deleteError" + ] + ], + "type": "string" + }, + "waas.WebAppsDiscoverySettings": { + "description": "WebAppsDiscoverySettings is the web apps discovery settings", + "properties": { + "disabled": { + "description": "Disabled indicates whether web apps discovery is disabled.\n", + "type": "boolean" + } + }, + "type": "object" + }, + "wildfire.Usage": { + "description": "Usage holds wildfire usage stats, period for the usage varies with context", + "properties": { + "bytes": { + "description": "Bytes is the total number of bytes uploaded to the WildFire API.\n", + "format": "int64", + "type": "integer" + }, + "queries": { + "description": "Queries is the number of queries to the WildFire API.\n", + "format": "int64", + "type": "integer" + }, + "uploads": { + "description": "Uploads is the number of uploads to the WildFire API.\n", + "format": "int64", + "type": "integer" + } + }, + "type": "object" + } + } + }, + "info": { + "title": "Prisma Cloud Compute API", + "version": "30.03.122" + }, + "openapi": "3.0.3", + "paths": { + "/api/v1/certs/ca.pem": { + "get": { + "description": { + "$ref": "https://raw.githubusercontent.com/PaloAltoNetworks/prisma-cloud-docs/master/api/descriptions/certs/capem_get.md" + }, + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Certs" + ], + "x-prisma-cloud-target-env": { + "permission": "accessUI", + "saas": true, + "self-hosted": true + }, + "operationId": "get-certs-ca.pem", + "summary": "Get CA PEM Certificate File" + } + }, + "/api/v1/certs/server-certs.sh": { + "get": { + "description": { + "$ref": "https://raw.githubusercontent.com/PaloAltoNetworks/prisma-cloud-docs/master/api/descriptions/certs/server-certs_get.md" + }, + "parameters": [ + { + "description": "OS is the target os.\n", + "in": "query", + "name": "os", + "schema": { + "type": "string" + } + }, + { + "description": "IPs is the list of addresses for which the certificates are generated.\n", + "in": "query", + "name": "ip", + "schema": { + "type": "string" + } + }, + { + "description": "Hostname is the target defender hostname.\n", + "in": "query", + "name": "hostname", + "schema": { + "type": "string" + } + } + ], + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/-_uint8" + } + } + }, + "description": "" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Certs" + ], + "x-prisma-cloud-target-env": { + "permission": "manageDefenders", + "saas": true, + "self-hosted": true + }, + "operationId": "get-certs-server-certs.sh", + "summary": "Get Server Certificates" + } + }, + "/api/v1/registry/webhook/webhook": { + "delete": { + "description": "RegistryWebhook listen to registry updates\n", + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Registry" + ], + "x-prisma-cloud-target-env": { + "permission": "none", + "saas": true, + "self-hosted": true + }, + "operationId": "delete-registry-webhook-webhook", + "summary": " Registry Webhook" + }, + "post": { + "description": "RegistryWebhook listen to registry updates\n", + "requestBody": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/types.RegistryWebhookRequest" + } + } + } + }, + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Registry" + ], + "x-prisma-cloud-target-env": { + "permission": "none", + "saas": true, + "self-hosted": true + }, + "operationId": "post-registry-webhook-webhook", + "summary": " Registry Webhook" + } + }, + "/api/v1/signup": { + "post": { + "description": { + "$ref": "https://raw.githubusercontent.com/PaloAltoNetworks/prisma-cloud-docs/master/api/descriptions/signup/post.md" + }, + "requestBody": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/api.AuthenticationRequest" + } + } + } + }, + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Signup" + ], + "x-prisma-cloud-target-env": { + "permission": "none", + "saas": false, + "self-hosted": true + }, + "operationId": "post-signup", + "summary": "Create Admin Account" + } + }, + "/api/v1/util/prisma-cloud-jenkins-plugin.hpi": { + "get": { + "description": { + "$ref": "https://raw.githubusercontent.com/PaloAltoNetworks/prisma-cloud-docs/master/api/descriptions/util/twistlock_jenkins_plugin_get.md" + }, + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Util" + ], + "x-prisma-cloud-target-env": { + "permission": "downloads", + "saas": true, + "self-hosted": true + }, + "operationId": "get-util-prisma-cloud-jenkins-plugin.hpi", + "summary": "Download Jenkins Plugin for Prisma Cloud Compute" + } + }, + "/api/v1/util/tas-tile": { + "get": { + "description": { + "$ref": "https://raw.githubusercontent.com/PaloAltoNetworks/prisma-cloud-docs/master/api/descriptions/util/twistlock_tas_tile_get.md" + }, + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Util" + ], + "x-prisma-cloud-target-env": { + "permission": "manageDefenders", + "saas": true, + "self-hosted": true + }, + "operationId": "get-util-tas-tile", + "summary": "Download VMware TAS Tile for Prisma Cloud Compute" + } + }, + "/api/v30.03/_ping": { + "get": { + "description": { + "$ref": "https://raw.githubusercontent.com/PaloAltoNetworks/prisma-cloud-docs/master/api/descriptions/_ping/get.md" + }, + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/-_uint8" + } + } + }, + "description": "" + }, + "default": { + "description": "" + } + }, + "tags": [ + "_Ping" + ], + "x-prisma-cloud-target-env": { + "permission": "none", + "saas": true, + "self-hosted": true + }, + "x-public": true, + "operationId": "get-_ping", + "summary": "Ping" + } + }, + "/api/v30.03/agentless/progress": { + "get": { + "description": { + "$ref": "https://raw.githubusercontent.com/PaloAltoNetworks/prisma-cloud-docs/master/api/descriptions/agentless/get_agentless_progress.md" + }, + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/-_shared.Progress" + } + } + }, + "description": "" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Agentless" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorHosts", + "saas": true, + "self-hosted": true + }, + "x-public": true, + "operationId": "get-agentless-progress", + "summary": "View the Agentless Scan Progress" + } + }, + "/api/v30.03/agentless/scan": { + "post": { + "description": { + "$ref": "https://raw.githubusercontent.com/PaloAltoNetworks/prisma-cloud-docs/master/api/descriptions/agentless/post_agentless_scan.md" + }, + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Agentless" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorHosts", + "saas": true, + "self-hosted": true + }, + "x-public": true, + "operationId": "post-agentless-scan", + "summary": "Start Agentless Scan" + } + }, + "/api/v30.03/agentless/stop": { + "post": { + "description": { + "$ref": "https://raw.githubusercontent.com/PaloAltoNetworks/prisma-cloud-docs/master/api/descriptions/agentless/post_agentless_stop.md" + }, + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Agentless" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorHosts", + "saas": true, + "self-hosted": true + }, + "x-public": true, + "operationId": "post-agentless-stop", + "summary": "Stop an Ongoing Scan" + } + }, + "/api/v30.03/agentless/templates": { + "post": { + "description": { + "$ref": "https://raw.githubusercontent.com/PaloAltoNetworks/prisma-cloud-docs/master/api/descriptions/agentless/post_agentless_templates.md" + }, + "requestBody": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/types.AgentlessResourceTemplatesRequest" + } + } + } + }, + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Agentless" + ], + "x-prisma-cloud-target-env": { + "permission": "manageCreds", + "saas": true, + "self-hosted": true + }, + "x-public": true, + "operationId": "post-agentless-templates", + "summary": "Download Agentless Permission Templates" + } + }, + "/api/v30.03/application-control/host": { + "get": { + "description": "HostApplicationControlRules returns the host application control rules\n", + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/-_applicationcontrol.Rule" + } + } + }, + "description": "" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Application-Control" + ], + "x-prisma-cloud-target-env": { + "permission": "policyHosts", + "saas": true, + "self-hosted": true + }, + "x-public": true, + "operationId": "get-application-control-host", + "summary": " Host Application Control Rules" + }, + "put": { + "description": "UpsertHostApplicationControlRule upserts the host application control rule to the db and returns the upserted rule\n", + "requestBody": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/applicationcontrol.Rule" + } + } + } + }, + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/applicationcontrol.Rule" + } + } + }, + "description": "Rule represents an application control policy rule" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Application-Control" + ], + "x-prisma-cloud-target-env": { + "permission": "policyHosts", + "saas": true, + "self-hosted": true + }, + "x-public": true, + "operationId": "put-application-control-host", + "summary": " Upsert Host Application Control Rule" + } + }, + "/api/v30.03/application-control/host/{id}": { + "delete": { + "description": "DeleteHostApplicationControlRule removes the given rule from the list of host application control rules\n", + "parameters": [ + { + "in": "path", + "name": "id", + "required": true, + "schema": { + "type": "string" + } + } + ], + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Application-Control" + ], + "x-prisma-cloud-target-env": { + "permission": "policyHosts", + "saas": true, + "self-hosted": true + }, + "x-public": true, + "operationId": "delete-application-control-host-id", + "summary": " Delete Host Application Control Rule" + } + }, + "/api/v30.03/audits/access": { + "get": { + "description": { + "$ref": "https://raw.githubusercontent.com/PaloAltoNetworks/prisma-cloud-docs/master/api/descriptions/audits/access_get.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Number of reports to retrieve in a page.\nFor PCCE, the maximum limit is 250.\nFor PCEE, the maximum limit is 50.\nThe default value is 50.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Retrieves the result for a search term.\n", + "in": "query", + "name": "search", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result using a key.\nRefer to the columns in the relevant Prisma Cloud Compute user interface to use them as sort keys.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": "Filters the result based on collection names that you have defined in Prisma Cloud Compute.\n", + "in": "query", + "name": "collections", + "schema": { + "description": "Filters the result based on collection names that you have defined in Prisma Cloud Compute.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Scopes the query by cloud provider.\n", + "in": "query", + "name": "provider", + "schema": { + "description": "Scopes the query by cloud provider.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters the result based on cloud account IDs.\n", + "in": "query", + "name": "accountIDs", + "schema": { + "description": "Filters the result based on cloud account IDs.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Scopes the query by resource ID.\n", + "in": "query", + "name": "resourceIDs", + "schema": { + "description": "Scopes the query by resource ID.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Scopes the query by cloud region.\n", + "in": "query", + "name": "region", + "schema": { + "description": "Scopes the query by cloud region.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Retrieves the fields that you need in a report.\nUse the list of fields you want to retrieve. By default, the result shows all fields of data.\n", + "in": "query", + "name": "fields", + "schema": { + "description": "Retrieves the fields that you need in a report.\nUse the list of fields you want to retrieve. By default, the result shows all fields of data.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "From is an optional minimum time constraints for the audit.\n", + "in": "query", + "name": "from", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "To is an optional maximum time constraints for the audit.\n", + "in": "query", + "name": "to", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "Type is the audit type.\n", + "in": "query", + "name": "type", + "schema": { + "type": "string" + } + }, + { + "description": "RuleNames are the rules names to filter by.\n", + "in": "query", + "name": "ruleName", + "schema": { + "description": "RuleNames are the rules names to filter by.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "APIs are apis to filter by.\n", + "in": "query", + "name": "api", + "schema": { + "description": "APIs are apis to filter by.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Hosts are hosts to filter by.\n", + "in": "query", + "name": "hostname", + "schema": { + "description": "Hosts are hosts to filter by.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Users are users to filter by.\n", + "in": "query", + "name": "user", + "schema": { + "description": "Users are users to filter by.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Allow indicated whether allowed requests should be shown.\n", + "in": "query", + "name": "allow", + "schema": { + "type": "string" + } + }, + { + "description": "Clusters is the cluster filter.\n", + "in": "query", + "name": "cluster", + "schema": { + "description": "Clusters is the cluster filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + } + ], + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/-_shared.Audit" + } + } + }, + "description": "" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Audits" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorAccessDocker", + "saas": true, + "self-hosted": true + }, + "x-public": true, + "operationId": "get-audits-access", + "summary": "Get Docker Access Audit Events" + } + }, + "/api/v30.03/audits/access/download": { + "get": { + "description": { + "$ref": "https://raw.githubusercontent.com/PaloAltoNetworks/prisma-cloud-docs/master/api/descriptions/audits/access_download_get.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Number of reports to retrieve in a page.\nFor PCCE, the maximum limit is 250.\nFor PCEE, the maximum limit is 50.\nThe default value is 50.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Retrieves the result for a search term.\n", + "in": "query", + "name": "search", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result using a key.\nRefer to the columns in the relevant Prisma Cloud Compute user interface to use them as sort keys.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": "Filters the result based on collection names that you have defined in Prisma Cloud Compute.\n", + "in": "query", + "name": "collections", + "schema": { + "description": "Filters the result based on collection names that you have defined in Prisma Cloud Compute.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Scopes the query by cloud provider.\n", + "in": "query", + "name": "provider", + "schema": { + "description": "Scopes the query by cloud provider.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters the result based on cloud account IDs.\n", + "in": "query", + "name": "accountIDs", + "schema": { + "description": "Filters the result based on cloud account IDs.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Scopes the query by resource ID.\n", + "in": "query", + "name": "resourceIDs", + "schema": { + "description": "Scopes the query by resource ID.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Scopes the query by cloud region.\n", + "in": "query", + "name": "region", + "schema": { + "description": "Scopes the query by cloud region.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Retrieves the fields that you need in a report.\nUse the list of fields you want to retrieve. By default, the result shows all fields of data.\n", + "in": "query", + "name": "fields", + "schema": { + "description": "Retrieves the fields that you need in a report.\nUse the list of fields you want to retrieve. By default, the result shows all fields of data.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "From is an optional minimum time constraints for the audit.\n", + "in": "query", + "name": "from", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "To is an optional maximum time constraints for the audit.\n", + "in": "query", + "name": "to", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "Type is the audit type.\n", + "in": "query", + "name": "type", + "schema": { + "type": "string" + } + }, + { + "description": "RuleNames are the rules names to filter by.\n", + "in": "query", + "name": "ruleName", + "schema": { + "description": "RuleNames are the rules names to filter by.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "APIs are apis to filter by.\n", + "in": "query", + "name": "api", + "schema": { + "description": "APIs are apis to filter by.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Hosts are hosts to filter by.\n", + "in": "query", + "name": "hostname", + "schema": { + "description": "Hosts are hosts to filter by.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Users are users to filter by.\n", + "in": "query", + "name": "user", + "schema": { + "description": "Users are users to filter by.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Allow indicated whether allowed requests should be shown.\n", + "in": "query", + "name": "allow", + "schema": { + "type": "string" + } + }, + { + "description": "Clusters is the cluster filter.\n", + "in": "query", + "name": "cluster", + "schema": { + "description": "Clusters is the cluster filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + } + ], + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Audits" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorAccessDocker", + "saas": true, + "self-hosted": true + }, + "x-public": true, + "operationId": "get-audits-access-download", + "summary": "Download Docker Access Audit Events" + } + }, + "/api/v30.03/audits/admission": { + "get": { + "description": { + "$ref": "https://raw.githubusercontent.com/PaloAltoNetworks/prisma-cloud-docs/master/api/descriptions/audits/admission_get.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Number of reports to retrieve in a page.\nFor PCCE, the maximum limit is 250.\nFor PCEE, the maximum limit is 50.\nThe default value is 50.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Retrieves the result for a search term.\n", + "in": "query", + "name": "search", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result using a key.\nRefer to the columns in the relevant Prisma Cloud Compute user interface to use them as sort keys.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": "Filters the result based on collection names that you have defined in Prisma Cloud Compute.\n", + "in": "query", + "name": "collections", + "schema": { + "description": "Filters the result based on collection names that you have defined in Prisma Cloud Compute.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Scopes the query by cloud provider.\n", + "in": "query", + "name": "provider", + "schema": { + "description": "Scopes the query by cloud provider.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters the result based on cloud account IDs.\n", + "in": "query", + "name": "accountIDs", + "schema": { + "description": "Filters the result based on cloud account IDs.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Scopes the query by resource ID.\n", + "in": "query", + "name": "resourceIDs", + "schema": { + "description": "Scopes the query by resource ID.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Scopes the query by cloud region.\n", + "in": "query", + "name": "region", + "schema": { + "description": "Scopes the query by cloud region.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Retrieves the fields that you need in a report.\nUse the list of fields you want to retrieve. By default, the result shows all fields of data.\n", + "in": "query", + "name": "fields", + "schema": { + "description": "Retrieves the fields that you need in a report.\nUse the list of fields you want to retrieve. By default, the result shows all fields of data.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "From is an optional minimum time constraints for the activity.\n", + "in": "query", + "name": "from", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "To is an optional maximum time constraints for the activity.\n", + "in": "query", + "name": "to", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "Namespaces is the list of namespaces to use for filtering.\n", + "in": "query", + "name": "namespace", + "schema": { + "description": "Namespaces is the list of namespaces to use for filtering.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Operations is the list of operations to use for filtering.\n", + "in": "query", + "name": "operation", + "schema": { + "description": "Operations is the list of operations to use for filtering.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Clusters is the cluster filter.\n", + "in": "query", + "name": "cluster", + "schema": { + "description": "Clusters is the cluster filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "AttackTechniques are the MITRE attack techniques.\n", + "in": "query", + "name": "attackTechniques", + "schema": { + "description": "AttackTechniques are the MITRE attack techniques.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + } + ], + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/-_admission.Audit" + } + } + }, + "description": "" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Audits" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorAccessKubernetes", + "saas": true, + "self-hosted": true + }, + "x-public": true, + "operationId": "get-audits-admission", + "summary": "Get Admission Audit Events" + } + }, + "/api/v30.03/audits/admission/download": { + "get": { + "description": { + "$ref": "https://raw.githubusercontent.com/PaloAltoNetworks/prisma-cloud-docs/master/api/descriptions/audits/admission_download_get.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Number of reports to retrieve in a page.\nFor PCCE, the maximum limit is 250.\nFor PCEE, the maximum limit is 50.\nThe default value is 50.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Retrieves the result for a search term.\n", + "in": "query", + "name": "search", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result using a key.\nRefer to the columns in the relevant Prisma Cloud Compute user interface to use them as sort keys.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": "Filters the result based on collection names that you have defined in Prisma Cloud Compute.\n", + "in": "query", + "name": "collections", + "schema": { + "description": "Filters the result based on collection names that you have defined in Prisma Cloud Compute.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Scopes the query by cloud provider.\n", + "in": "query", + "name": "provider", + "schema": { + "description": "Scopes the query by cloud provider.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters the result based on cloud account IDs.\n", + "in": "query", + "name": "accountIDs", + "schema": { + "description": "Filters the result based on cloud account IDs.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Scopes the query by resource ID.\n", + "in": "query", + "name": "resourceIDs", + "schema": { + "description": "Scopes the query by resource ID.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Scopes the query by cloud region.\n", + "in": "query", + "name": "region", + "schema": { + "description": "Scopes the query by cloud region.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Retrieves the fields that you need in a report.\nUse the list of fields you want to retrieve. By default, the result shows all fields of data.\n", + "in": "query", + "name": "fields", + "schema": { + "description": "Retrieves the fields that you need in a report.\nUse the list of fields you want to retrieve. By default, the result shows all fields of data.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "From is an optional minimum time constraints for the activity.\n", + "in": "query", + "name": "from", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "To is an optional maximum time constraints for the activity.\n", + "in": "query", + "name": "to", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "Namespaces is the list of namespaces to use for filtering.\n", + "in": "query", + "name": "namespace", + "schema": { + "description": "Namespaces is the list of namespaces to use for filtering.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Operations is the list of operations to use for filtering.\n", + "in": "query", + "name": "operation", + "schema": { + "description": "Operations is the list of operations to use for filtering.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Clusters is the cluster filter.\n", + "in": "query", + "name": "cluster", + "schema": { + "description": "Clusters is the cluster filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "AttackTechniques are the MITRE attack techniques.\n", + "in": "query", + "name": "attackTechniques", + "schema": { + "description": "AttackTechniques are the MITRE attack techniques.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + } + ], + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Audits" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorAccessKubernetes", + "saas": true, + "self-hosted": true + }, + "x-public": true, + "operationId": "get-audits-admission-download", + "summary": "Download Admission Audit Events" + } + }, + "/api/v30.03/audits/firewall/app/agentless": { + "get": { + "description": { + "$ref": "https://raw.githubusercontent.com/PaloAltoNetworks/prisma-cloud-docs/master/api/descriptions/audits/waas_agentless_get.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Number of reports to retrieve in a page.\nFor PCCE, the maximum limit is 250.\nFor PCEE, the maximum limit is 50.\nThe default value is 50.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Retrieves the result for a search term.\n", + "in": "query", + "name": "search", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result using a key.\nRefer to the columns in the relevant Prisma Cloud Compute user interface to use them as sort keys.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": "Filters the result based on collection names that you have defined in Prisma Cloud Compute.\n", + "in": "query", + "name": "collections", + "schema": { + "description": "Filters the result based on collection names that you have defined in Prisma Cloud Compute.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Scopes the query by cloud provider.\n", + "in": "query", + "name": "provider", + "schema": { + "description": "Scopes the query by cloud provider.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters the result based on cloud account IDs.\n", + "in": "query", + "name": "accountIDs", + "schema": { + "description": "Filters the result based on cloud account IDs.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Scopes the query by resource ID.\n", + "in": "query", + "name": "resourceIDs", + "schema": { + "description": "Scopes the query by resource ID.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Scopes the query by cloud region.\n", + "in": "query", + "name": "region", + "schema": { + "description": "Scopes the query by cloud region.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Retrieves the fields that you need in a report.\nUse the list of fields you want to retrieve. By default, the result shows all fields of data.\n", + "in": "query", + "name": "fields", + "schema": { + "description": "Retrieves the fields that you need in a report.\nUse the list of fields you want to retrieve. By default, the result shows all fields of data.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "From is an optional minimum time constraints for the audit.\n", + "in": "query", + "name": "from", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "To is an optional maximum time constraints for the audit.\n", + "in": "query", + "name": "to", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "Images is the image names filter.\n", + "in": "query", + "name": "imageName", + "schema": { + "description": "Images is the image names filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Containers is the container names filter.\n", + "in": "query", + "name": "containerName", + "schema": { + "description": "Containers is the container names filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Hosts is the hostnames filter.\n", + "in": "query", + "name": "hostname", + "schema": { + "description": "Hosts is the hostnames filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "RuleNames is the rule names filter.\n", + "in": "query", + "name": "ruleName", + "schema": { + "description": "RuleNames is the rule names filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Types is the firewall audit type filter.\n", + "in": "query", + "name": "type", + "schema": { + "description": "Types is the firewall audit type filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Effect is used to filter by runtime audit effect.\n", + "in": "query", + "name": "effect", + "schema": { + "type": "string" + } + }, + { + "description": "RuleAppIDs is the rule app IDs filter.\n", + "in": "query", + "name": "ruleAppID", + "schema": { + "description": "RuleAppIDs is the rule app IDs filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "FunctionName is used to filter by function name.\n", + "in": "query", + "name": "function", + "schema": { + "description": "FunctionName is used to filter by function name.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Runtime is used to filter by runtime.\n", + "in": "query", + "name": "runtime", + "schema": { + "description": "Runtime is used to filter by runtime.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Namespaces is the list of namespaces to use for filtering.\n", + "in": "query", + "name": "ns", + "schema": { + "description": "Namespaces is the list of namespaces to use for filtering.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "AppIDs is the app embedded appID filter.\n", + "in": "query", + "name": "appID", + "schema": { + "description": "AppIDs is the app embedded appID filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Subnets is the source IPs filter.\n", + "in": "query", + "name": "subnet", + "schema": { + "description": "Subnets is the source IPs filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "ConnectingIPs is the connecting IPs filter.\n", + "in": "query", + "name": "connectingIPs", + "schema": { + "description": "ConnectingIPs is the connecting IPs filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Countries is the source IP country filter.\n", + "in": "query", + "name": "country", + "schema": { + "description": "Countries is the source IP country filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "UserAgents is the user agent header filter.\n", + "in": "query", + "name": "userAgentHeader", + "schema": { + "description": "UserAgents is the user agent header filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "URLs is the URL filter.\n", + "in": "query", + "name": "url", + "schema": { + "description": "URLs is the URL filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "RequestHosts is the request host filter.\n", + "in": "query", + "name": "requestHost", + "schema": { + "description": "RequestHosts is the request host filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Paths is the URL path filter.\n", + "in": "query", + "name": "urlPath", + "schema": { + "description": "Paths is the URL path filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Queries is the URL query filter.\n", + "in": "query", + "name": "urlQuery", + "schema": { + "description": "Queries is the URL query filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Methods is the request method filter.\n", + "in": "query", + "name": "method", + "schema": { + "description": "Methods is the request method filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "RequestHeaderNames is the request header names filter.\n", + "in": "query", + "name": "requestHeaderNames", + "schema": { + "description": "RequestHeaderNames is the request header names filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "OS is the OS filter.\n", + "in": "query", + "name": "os", + "schema": { + "description": "OS is the OS filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Messages is the audit message text filter.\n", + "in": "query", + "name": "msg", + "schema": { + "description": "Messages is the audit message text filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Cluster is the audit cluster filter.\n", + "in": "query", + "name": "cluster", + "schema": { + "description": "Cluster is the audit cluster filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "AttackTechniques are the MITRE attack techniques.\n", + "in": "query", + "name": "attackTechniques", + "schema": { + "description": "AttackTechniques are the MITRE attack techniques.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Aggregate indicates whether the result audits should be aggregated according to the Select field.\n", + "in": "query", + "name": "aggregate", + "schema": { + "type": "boolean" + } + }, + { + "description": "Protections is the firewall audit protection type filter.\n", + "in": "query", + "name": "protection", + "schema": { + "description": "Protections is the firewall audit protection type filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "EventID is the event IDs filter.\n", + "in": "query", + "name": "eventID", + "schema": { + "description": "EventID is the event IDs filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "OWASPTop10 is the OWASP top 10 filter.\n", + "in": "query", + "name": "owaspTop10", + "schema": { + "description": "OWASPTop10 is the OWASP top 10 filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "OWASPAPITop10 is the OWASP API top 10 filter.\n", + "in": "query", + "name": "owaspAPITop10", + "schema": { + "description": "OWASPAPITop10 is the OWASP API top 10 filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + } + ], + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/-_shared.AppFirewallAudit" + } + } + }, + "description": "" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Audits" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorWAAS", + "saas": true, + "self-hosted": true + }, + "x-public": true, + "operationId": "get-audits-firewall-app-agentless", + "summary": "Get WAAS Agentless Audit Events" + } + }, + "/api/v30.03/audits/firewall/app/agentless/download": { + "get": { + "description": { + "$ref": "https://raw.githubusercontent.com/PaloAltoNetworks/prisma-cloud-docs/master/api/descriptions/audits/waas_agentless_download_get.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Number of reports to retrieve in a page.\nFor PCCE, the maximum limit is 250.\nFor PCEE, the maximum limit is 50.\nThe default value is 50.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Retrieves the result for a search term.\n", + "in": "query", + "name": "search", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result using a key.\nRefer to the columns in the relevant Prisma Cloud Compute user interface to use them as sort keys.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": "Filters the result based on collection names that you have defined in Prisma Cloud Compute.\n", + "in": "query", + "name": "collections", + "schema": { + "description": "Filters the result based on collection names that you have defined in Prisma Cloud Compute.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Scopes the query by cloud provider.\n", + "in": "query", + "name": "provider", + "schema": { + "description": "Scopes the query by cloud provider.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters the result based on cloud account IDs.\n", + "in": "query", + "name": "accountIDs", + "schema": { + "description": "Filters the result based on cloud account IDs.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Scopes the query by resource ID.\n", + "in": "query", + "name": "resourceIDs", + "schema": { + "description": "Scopes the query by resource ID.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Scopes the query by cloud region.\n", + "in": "query", + "name": "region", + "schema": { + "description": "Scopes the query by cloud region.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Retrieves the fields that you need in a report.\nUse the list of fields you want to retrieve. By default, the result shows all fields of data.\n", + "in": "query", + "name": "fields", + "schema": { + "description": "Retrieves the fields that you need in a report.\nUse the list of fields you want to retrieve. By default, the result shows all fields of data.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "From is an optional minimum time constraints for the audit.\n", + "in": "query", + "name": "from", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "To is an optional maximum time constraints for the audit.\n", + "in": "query", + "name": "to", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "Images is the image names filter.\n", + "in": "query", + "name": "imageName", + "schema": { + "description": "Images is the image names filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Containers is the container names filter.\n", + "in": "query", + "name": "containerName", + "schema": { + "description": "Containers is the container names filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Hosts is the hostnames filter.\n", + "in": "query", + "name": "hostname", + "schema": { + "description": "Hosts is the hostnames filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "RuleNames is the rule names filter.\n", + "in": "query", + "name": "ruleName", + "schema": { + "description": "RuleNames is the rule names filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Types is the firewall audit type filter.\n", + "in": "query", + "name": "type", + "schema": { + "description": "Types is the firewall audit type filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Effect is used to filter by runtime audit effect.\n", + "in": "query", + "name": "effect", + "schema": { + "type": "string" + } + }, + { + "description": "RuleAppIDs is the rule app IDs filter.\n", + "in": "query", + "name": "ruleAppID", + "schema": { + "description": "RuleAppIDs is the rule app IDs filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "FunctionName is used to filter by function name.\n", + "in": "query", + "name": "function", + "schema": { + "description": "FunctionName is used to filter by function name.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Runtime is used to filter by runtime.\n", + "in": "query", + "name": "runtime", + "schema": { + "description": "Runtime is used to filter by runtime.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Namespaces is the list of namespaces to use for filtering.\n", + "in": "query", + "name": "ns", + "schema": { + "description": "Namespaces is the list of namespaces to use for filtering.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "AppIDs is the app embedded appID filter.\n", + "in": "query", + "name": "appID", + "schema": { + "description": "AppIDs is the app embedded appID filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Subnets is the source IPs filter.\n", + "in": "query", + "name": "subnet", + "schema": { + "description": "Subnets is the source IPs filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "ConnectingIPs is the connecting IPs filter.\n", + "in": "query", + "name": "connectingIPs", + "schema": { + "description": "ConnectingIPs is the connecting IPs filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Countries is the source IP country filter.\n", + "in": "query", + "name": "country", + "schema": { + "description": "Countries is the source IP country filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "UserAgents is the user agent header filter.\n", + "in": "query", + "name": "userAgentHeader", + "schema": { + "description": "UserAgents is the user agent header filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "URLs is the URL filter.\n", + "in": "query", + "name": "url", + "schema": { + "description": "URLs is the URL filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "RequestHosts is the request host filter.\n", + "in": "query", + "name": "requestHost", + "schema": { + "description": "RequestHosts is the request host filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Paths is the URL path filter.\n", + "in": "query", + "name": "urlPath", + "schema": { + "description": "Paths is the URL path filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Queries is the URL query filter.\n", + "in": "query", + "name": "urlQuery", + "schema": { + "description": "Queries is the URL query filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Methods is the request method filter.\n", + "in": "query", + "name": "method", + "schema": { + "description": "Methods is the request method filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "RequestHeaderNames is the request header names filter.\n", + "in": "query", + "name": "requestHeaderNames", + "schema": { + "description": "RequestHeaderNames is the request header names filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "OS is the OS filter.\n", + "in": "query", + "name": "os", + "schema": { + "description": "OS is the OS filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Messages is the audit message text filter.\n", + "in": "query", + "name": "msg", + "schema": { + "description": "Messages is the audit message text filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Cluster is the audit cluster filter.\n", + "in": "query", + "name": "cluster", + "schema": { + "description": "Cluster is the audit cluster filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "AttackTechniques are the MITRE attack techniques.\n", + "in": "query", + "name": "attackTechniques", + "schema": { + "description": "AttackTechniques are the MITRE attack techniques.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Aggregate indicates whether the result audits should be aggregated according to the Select field.\n", + "in": "query", + "name": "aggregate", + "schema": { + "type": "boolean" + } + }, + { + "description": "Protections is the firewall audit protection type filter.\n", + "in": "query", + "name": "protection", + "schema": { + "description": "Protections is the firewall audit protection type filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "EventID is the event IDs filter.\n", + "in": "query", + "name": "eventID", + "schema": { + "description": "EventID is the event IDs filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "OWASPTop10 is the OWASP top 10 filter.\n", + "in": "query", + "name": "owaspTop10", + "schema": { + "description": "OWASPTop10 is the OWASP top 10 filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "OWASPAPITop10 is the OWASP API top 10 filter.\n", + "in": "query", + "name": "owaspAPITop10", + "schema": { + "description": "OWASPAPITop10 is the OWASP API top 10 filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + } + ], + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Audits" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorWAAS", + "saas": true, + "self-hosted": true + }, + "x-public": true, + "operationId": "get-audits-firewall-app-agentless-download", + "summary": "Download WAAS Agentless Audit Events" + } + }, + "/api/v30.03/audits/firewall/app/agentless/timeslice": { + "get": { + "description": { + "$ref": "https://raw.githubusercontent.com/PaloAltoNetworks/prisma-cloud-docs/master/api/descriptions/audits/waas_agentless_timeslice_get.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Number of reports to retrieve in a page.\nFor PCCE, the maximum limit is 250.\nFor PCEE, the maximum limit is 50.\nThe default value is 50.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Retrieves the result for a search term.\n", + "in": "query", + "name": "search", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result using a key.\nRefer to the columns in the relevant Prisma Cloud Compute user interface to use them as sort keys.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": "Filters the result based on collection names that you have defined in Prisma Cloud Compute.\n", + "in": "query", + "name": "collections", + "schema": { + "description": "Filters the result based on collection names that you have defined in Prisma Cloud Compute.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Scopes the query by cloud provider.\n", + "in": "query", + "name": "provider", + "schema": { + "description": "Scopes the query by cloud provider.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters the result based on cloud account IDs.\n", + "in": "query", + "name": "accountIDs", + "schema": { + "description": "Filters the result based on cloud account IDs.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Scopes the query by resource ID.\n", + "in": "query", + "name": "resourceIDs", + "schema": { + "description": "Scopes the query by resource ID.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Scopes the query by cloud region.\n", + "in": "query", + "name": "region", + "schema": { + "description": "Scopes the query by cloud region.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Retrieves the fields that you need in a report.\nUse the list of fields you want to retrieve. By default, the result shows all fields of data.\n", + "in": "query", + "name": "fields", + "schema": { + "description": "Retrieves the fields that you need in a report.\nUse the list of fields you want to retrieve. By default, the result shows all fields of data.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "From is an optional minimum time constraints for the audit.\n", + "in": "query", + "name": "from", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "To is an optional maximum time constraints for the audit.\n", + "in": "query", + "name": "to", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "Images is the image names filter.\n", + "in": "query", + "name": "imageName", + "schema": { + "description": "Images is the image names filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Containers is the container names filter.\n", + "in": "query", + "name": "containerName", + "schema": { + "description": "Containers is the container names filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Hosts is the hostnames filter.\n", + "in": "query", + "name": "hostname", + "schema": { + "description": "Hosts is the hostnames filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "RuleNames is the rule names filter.\n", + "in": "query", + "name": "ruleName", + "schema": { + "description": "RuleNames is the rule names filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Types is the firewall audit type filter.\n", + "in": "query", + "name": "type", + "schema": { + "description": "Types is the firewall audit type filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Effect is used to filter by runtime audit effect.\n", + "in": "query", + "name": "effect", + "schema": { + "type": "string" + } + }, + { + "description": "RuleAppIDs is the rule app IDs filter.\n", + "in": "query", + "name": "ruleAppID", + "schema": { + "description": "RuleAppIDs is the rule app IDs filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "FunctionName is used to filter by function name.\n", + "in": "query", + "name": "function", + "schema": { + "description": "FunctionName is used to filter by function name.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Runtime is used to filter by runtime.\n", + "in": "query", + "name": "runtime", + "schema": { + "description": "Runtime is used to filter by runtime.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Namespaces is the list of namespaces to use for filtering.\n", + "in": "query", + "name": "ns", + "schema": { + "description": "Namespaces is the list of namespaces to use for filtering.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "AppIDs is the app embedded appID filter.\n", + "in": "query", + "name": "appID", + "schema": { + "description": "AppIDs is the app embedded appID filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Subnets is the source IPs filter.\n", + "in": "query", + "name": "subnet", + "schema": { + "description": "Subnets is the source IPs filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "ConnectingIPs is the connecting IPs filter.\n", + "in": "query", + "name": "connectingIPs", + "schema": { + "description": "ConnectingIPs is the connecting IPs filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Countries is the source IP country filter.\n", + "in": "query", + "name": "country", + "schema": { + "description": "Countries is the source IP country filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "UserAgents is the user agent header filter.\n", + "in": "query", + "name": "userAgentHeader", + "schema": { + "description": "UserAgents is the user agent header filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "URLs is the URL filter.\n", + "in": "query", + "name": "url", + "schema": { + "description": "URLs is the URL filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "RequestHosts is the request host filter.\n", + "in": "query", + "name": "requestHost", + "schema": { + "description": "RequestHosts is the request host filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Paths is the URL path filter.\n", + "in": "query", + "name": "urlPath", + "schema": { + "description": "Paths is the URL path filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Queries is the URL query filter.\n", + "in": "query", + "name": "urlQuery", + "schema": { + "description": "Queries is the URL query filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Methods is the request method filter.\n", + "in": "query", + "name": "method", + "schema": { + "description": "Methods is the request method filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "RequestHeaderNames is the request header names filter.\n", + "in": "query", + "name": "requestHeaderNames", + "schema": { + "description": "RequestHeaderNames is the request header names filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "OS is the OS filter.\n", + "in": "query", + "name": "os", + "schema": { + "description": "OS is the OS filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Messages is the audit message text filter.\n", + "in": "query", + "name": "msg", + "schema": { + "description": "Messages is the audit message text filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Cluster is the audit cluster filter.\n", + "in": "query", + "name": "cluster", + "schema": { + "description": "Cluster is the audit cluster filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "AttackTechniques are the MITRE attack techniques.\n", + "in": "query", + "name": "attackTechniques", + "schema": { + "description": "AttackTechniques are the MITRE attack techniques.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Aggregate indicates whether the result audits should be aggregated according to the Select field.\n", + "in": "query", + "name": "aggregate", + "schema": { + "type": "boolean" + } + }, + { + "description": "Protections is the firewall audit protection type filter.\n", + "in": "query", + "name": "protection", + "schema": { + "description": "Protections is the firewall audit protection type filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "EventID is the event IDs filter.\n", + "in": "query", + "name": "eventID", + "schema": { + "description": "EventID is the event IDs filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "OWASPTop10 is the OWASP top 10 filter.\n", + "in": "query", + "name": "owaspTop10", + "schema": { + "description": "OWASPTop10 is the OWASP top 10 filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "OWASPAPITop10 is the OWASP API top 10 filter.\n", + "in": "query", + "name": "owaspAPITop10", + "schema": { + "description": "OWASPAPITop10 is the OWASP API top 10 filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Buckets is the number of buckets to return.\n", + "in": "query", + "name": "buckets", + "schema": { + "type": "integer" + } + } + ], + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/-_types.AuditTimeslice" + } + } + }, + "description": "" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Audits" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorWAAS", + "saas": true, + "self-hosted": true + }, + "x-public": true, + "operationId": "get-audits-firewall-app-agentless-timeslice", + "summary": "Get WAAS Agentless Audit Events for a Timeframe" + } + }, + "/api/v30.03/audits/firewall/app/app-embedded": { + "get": { + "description": { + "$ref": "https://raw.githubusercontent.com/PaloAltoNetworks/prisma-cloud-docs/master/api/descriptions/audits/waas_app_embedded_get.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Number of reports to retrieve in a page.\nFor PCCE, the maximum limit is 250.\nFor PCEE, the maximum limit is 50.\nThe default value is 50.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Retrieves the result for a search term.\n", + "in": "query", + "name": "search", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result using a key.\nRefer to the columns in the relevant Prisma Cloud Compute user interface to use them as sort keys.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": "Filters the result based on collection names that you have defined in Prisma Cloud Compute.\n", + "in": "query", + "name": "collections", + "schema": { + "description": "Filters the result based on collection names that you have defined in Prisma Cloud Compute.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Scopes the query by cloud provider.\n", + "in": "query", + "name": "provider", + "schema": { + "description": "Scopes the query by cloud provider.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters the result based on cloud account IDs.\n", + "in": "query", + "name": "accountIDs", + "schema": { + "description": "Filters the result based on cloud account IDs.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Scopes the query by resource ID.\n", + "in": "query", + "name": "resourceIDs", + "schema": { + "description": "Scopes the query by resource ID.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Scopes the query by cloud region.\n", + "in": "query", + "name": "region", + "schema": { + "description": "Scopes the query by cloud region.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Retrieves the fields that you need in a report.\nUse the list of fields you want to retrieve. By default, the result shows all fields of data.\n", + "in": "query", + "name": "fields", + "schema": { + "description": "Retrieves the fields that you need in a report.\nUse the list of fields you want to retrieve. By default, the result shows all fields of data.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "From is an optional minimum time constraints for the audit.\n", + "in": "query", + "name": "from", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "To is an optional maximum time constraints for the audit.\n", + "in": "query", + "name": "to", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "Images is the image names filter.\n", + "in": "query", + "name": "imageName", + "schema": { + "description": "Images is the image names filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Containers is the container names filter.\n", + "in": "query", + "name": "containerName", + "schema": { + "description": "Containers is the container names filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Hosts is the hostnames filter.\n", + "in": "query", + "name": "hostname", + "schema": { + "description": "Hosts is the hostnames filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "RuleNames is the rule names filter.\n", + "in": "query", + "name": "ruleName", + "schema": { + "description": "RuleNames is the rule names filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Types is the firewall audit type filter.\n", + "in": "query", + "name": "type", + "schema": { + "description": "Types is the firewall audit type filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Effect is used to filter by runtime audit effect.\n", + "in": "query", + "name": "effect", + "schema": { + "type": "string" + } + }, + { + "description": "RuleAppIDs is the rule app IDs filter.\n", + "in": "query", + "name": "ruleAppID", + "schema": { + "description": "RuleAppIDs is the rule app IDs filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "FunctionName is used to filter by function name.\n", + "in": "query", + "name": "function", + "schema": { + "description": "FunctionName is used to filter by function name.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Runtime is used to filter by runtime.\n", + "in": "query", + "name": "runtime", + "schema": { + "description": "Runtime is used to filter by runtime.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Namespaces is the list of namespaces to use for filtering.\n", + "in": "query", + "name": "ns", + "schema": { + "description": "Namespaces is the list of namespaces to use for filtering.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "AppIDs is the app embedded appID filter.\n", + "in": "query", + "name": "appID", + "schema": { + "description": "AppIDs is the app embedded appID filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Subnets is the source IPs filter.\n", + "in": "query", + "name": "subnet", + "schema": { + "description": "Subnets is the source IPs filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "ConnectingIPs is the connecting IPs filter.\n", + "in": "query", + "name": "connectingIPs", + "schema": { + "description": "ConnectingIPs is the connecting IPs filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Countries is the source IP country filter.\n", + "in": "query", + "name": "country", + "schema": { + "description": "Countries is the source IP country filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "UserAgents is the user agent header filter.\n", + "in": "query", + "name": "userAgentHeader", + "schema": { + "description": "UserAgents is the user agent header filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "URLs is the URL filter.\n", + "in": "query", + "name": "url", + "schema": { + "description": "URLs is the URL filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "RequestHosts is the request host filter.\n", + "in": "query", + "name": "requestHost", + "schema": { + "description": "RequestHosts is the request host filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Paths is the URL path filter.\n", + "in": "query", + "name": "urlPath", + "schema": { + "description": "Paths is the URL path filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Queries is the URL query filter.\n", + "in": "query", + "name": "urlQuery", + "schema": { + "description": "Queries is the URL query filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Methods is the request method filter.\n", + "in": "query", + "name": "method", + "schema": { + "description": "Methods is the request method filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "RequestHeaderNames is the request header names filter.\n", + "in": "query", + "name": "requestHeaderNames", + "schema": { + "description": "RequestHeaderNames is the request header names filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "OS is the OS filter.\n", + "in": "query", + "name": "os", + "schema": { + "description": "OS is the OS filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Messages is the audit message text filter.\n", + "in": "query", + "name": "msg", + "schema": { + "description": "Messages is the audit message text filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Cluster is the audit cluster filter.\n", + "in": "query", + "name": "cluster", + "schema": { + "description": "Cluster is the audit cluster filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "AttackTechniques are the MITRE attack techniques.\n", + "in": "query", + "name": "attackTechniques", + "schema": { + "description": "AttackTechniques are the MITRE attack techniques.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Aggregate indicates whether the result audits should be aggregated according to the Select field.\n", + "in": "query", + "name": "aggregate", + "schema": { + "type": "boolean" + } + }, + { + "description": "Protections is the firewall audit protection type filter.\n", + "in": "query", + "name": "protection", + "schema": { + "description": "Protections is the firewall audit protection type filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "EventID is the event IDs filter.\n", + "in": "query", + "name": "eventID", + "schema": { + "description": "EventID is the event IDs filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "OWASPTop10 is the OWASP top 10 filter.\n", + "in": "query", + "name": "owaspTop10", + "schema": { + "description": "OWASPTop10 is the OWASP top 10 filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "OWASPAPITop10 is the OWASP API top 10 filter.\n", + "in": "query", + "name": "owaspAPITop10", + "schema": { + "description": "OWASPAPITop10 is the OWASP API top 10 filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + } + ], + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/-_shared.AppFirewallAudit" + } + } + }, + "description": "" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Audits" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorWAAS", + "saas": true, + "self-hosted": true + }, + "x-public": true, + "operationId": "get-audits-firewall-app-app-embedded", + "summary": "Get WAAS App-embedded Audit Events" + } + }, + "/api/v30.03/audits/firewall/app/app-embedded/download": { + "get": { + "description": { + "$ref": "https://raw.githubusercontent.com/PaloAltoNetworks/prisma-cloud-docs/master/api/descriptions/audits/waas_app_embedded_download_get.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Number of reports to retrieve in a page.\nFor PCCE, the maximum limit is 250.\nFor PCEE, the maximum limit is 50.\nThe default value is 50.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Retrieves the result for a search term.\n", + "in": "query", + "name": "search", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result using a key.\nRefer to the columns in the relevant Prisma Cloud Compute user interface to use them as sort keys.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": "Filters the result based on collection names that you have defined in Prisma Cloud Compute.\n", + "in": "query", + "name": "collections", + "schema": { + "description": "Filters the result based on collection names that you have defined in Prisma Cloud Compute.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Scopes the query by cloud provider.\n", + "in": "query", + "name": "provider", + "schema": { + "description": "Scopes the query by cloud provider.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters the result based on cloud account IDs.\n", + "in": "query", + "name": "accountIDs", + "schema": { + "description": "Filters the result based on cloud account IDs.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Scopes the query by resource ID.\n", + "in": "query", + "name": "resourceIDs", + "schema": { + "description": "Scopes the query by resource ID.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Scopes the query by cloud region.\n", + "in": "query", + "name": "region", + "schema": { + "description": "Scopes the query by cloud region.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Retrieves the fields that you need in a report.\nUse the list of fields you want to retrieve. By default, the result shows all fields of data.\n", + "in": "query", + "name": "fields", + "schema": { + "description": "Retrieves the fields that you need in a report.\nUse the list of fields you want to retrieve. By default, the result shows all fields of data.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "From is an optional minimum time constraints for the audit.\n", + "in": "query", + "name": "from", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "To is an optional maximum time constraints for the audit.\n", + "in": "query", + "name": "to", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "Images is the image names filter.\n", + "in": "query", + "name": "imageName", + "schema": { + "description": "Images is the image names filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Containers is the container names filter.\n", + "in": "query", + "name": "containerName", + "schema": { + "description": "Containers is the container names filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Hosts is the hostnames filter.\n", + "in": "query", + "name": "hostname", + "schema": { + "description": "Hosts is the hostnames filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "RuleNames is the rule names filter.\n", + "in": "query", + "name": "ruleName", + "schema": { + "description": "RuleNames is the rule names filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Types is the firewall audit type filter.\n", + "in": "query", + "name": "type", + "schema": { + "description": "Types is the firewall audit type filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Effect is used to filter by runtime audit effect.\n", + "in": "query", + "name": "effect", + "schema": { + "type": "string" + } + }, + { + "description": "RuleAppIDs is the rule app IDs filter.\n", + "in": "query", + "name": "ruleAppID", + "schema": { + "description": "RuleAppIDs is the rule app IDs filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "FunctionName is used to filter by function name.\n", + "in": "query", + "name": "function", + "schema": { + "description": "FunctionName is used to filter by function name.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Runtime is used to filter by runtime.\n", + "in": "query", + "name": "runtime", + "schema": { + "description": "Runtime is used to filter by runtime.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Namespaces is the list of namespaces to use for filtering.\n", + "in": "query", + "name": "ns", + "schema": { + "description": "Namespaces is the list of namespaces to use for filtering.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "AppIDs is the app embedded appID filter.\n", + "in": "query", + "name": "appID", + "schema": { + "description": "AppIDs is the app embedded appID filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Subnets is the source IPs filter.\n", + "in": "query", + "name": "subnet", + "schema": { + "description": "Subnets is the source IPs filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "ConnectingIPs is the connecting IPs filter.\n", + "in": "query", + "name": "connectingIPs", + "schema": { + "description": "ConnectingIPs is the connecting IPs filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Countries is the source IP country filter.\n", + "in": "query", + "name": "country", + "schema": { + "description": "Countries is the source IP country filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "UserAgents is the user agent header filter.\n", + "in": "query", + "name": "userAgentHeader", + "schema": { + "description": "UserAgents is the user agent header filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "URLs is the URL filter.\n", + "in": "query", + "name": "url", + "schema": { + "description": "URLs is the URL filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "RequestHosts is the request host filter.\n", + "in": "query", + "name": "requestHost", + "schema": { + "description": "RequestHosts is the request host filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Paths is the URL path filter.\n", + "in": "query", + "name": "urlPath", + "schema": { + "description": "Paths is the URL path filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Queries is the URL query filter.\n", + "in": "query", + "name": "urlQuery", + "schema": { + "description": "Queries is the URL query filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Methods is the request method filter.\n", + "in": "query", + "name": "method", + "schema": { + "description": "Methods is the request method filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "RequestHeaderNames is the request header names filter.\n", + "in": "query", + "name": "requestHeaderNames", + "schema": { + "description": "RequestHeaderNames is the request header names filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "OS is the OS filter.\n", + "in": "query", + "name": "os", + "schema": { + "description": "OS is the OS filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Messages is the audit message text filter.\n", + "in": "query", + "name": "msg", + "schema": { + "description": "Messages is the audit message text filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Cluster is the audit cluster filter.\n", + "in": "query", + "name": "cluster", + "schema": { + "description": "Cluster is the audit cluster filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "AttackTechniques are the MITRE attack techniques.\n", + "in": "query", + "name": "attackTechniques", + "schema": { + "description": "AttackTechniques are the MITRE attack techniques.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Aggregate indicates whether the result audits should be aggregated according to the Select field.\n", + "in": "query", + "name": "aggregate", + "schema": { + "type": "boolean" + } + }, + { + "description": "Protections is the firewall audit protection type filter.\n", + "in": "query", + "name": "protection", + "schema": { + "description": "Protections is the firewall audit protection type filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "EventID is the event IDs filter.\n", + "in": "query", + "name": "eventID", + "schema": { + "description": "EventID is the event IDs filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "OWASPTop10 is the OWASP top 10 filter.\n", + "in": "query", + "name": "owaspTop10", + "schema": { + "description": "OWASPTop10 is the OWASP top 10 filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "OWASPAPITop10 is the OWASP API top 10 filter.\n", + "in": "query", + "name": "owaspAPITop10", + "schema": { + "description": "OWASPAPITop10 is the OWASP API top 10 filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + } + ], + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Audits" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorWAAS", + "saas": true, + "self-hosted": true + }, + "x-public": true, + "operationId": "get-audits-firewall-app-app-embedded-download", + "summary": "Download WAAS App-embedded Audit Events" + } + }, + "/api/v30.03/audits/firewall/app/app-embedded/timeslice": { + "get": { + "description": { + "$ref": "https://raw.githubusercontent.com/PaloAltoNetworks/prisma-cloud-docs/master/api/descriptions/audits/waas_app_embedded_timeslice_get.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Number of reports to retrieve in a page.\nFor PCCE, the maximum limit is 250.\nFor PCEE, the maximum limit is 50.\nThe default value is 50.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Retrieves the result for a search term.\n", + "in": "query", + "name": "search", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result using a key.\nRefer to the columns in the relevant Prisma Cloud Compute user interface to use them as sort keys.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": "Filters the result based on collection names that you have defined in Prisma Cloud Compute.\n", + "in": "query", + "name": "collections", + "schema": { + "description": "Filters the result based on collection names that you have defined in Prisma Cloud Compute.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Scopes the query by cloud provider.\n", + "in": "query", + "name": "provider", + "schema": { + "description": "Scopes the query by cloud provider.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters the result based on cloud account IDs.\n", + "in": "query", + "name": "accountIDs", + "schema": { + "description": "Filters the result based on cloud account IDs.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Scopes the query by resource ID.\n", + "in": "query", + "name": "resourceIDs", + "schema": { + "description": "Scopes the query by resource ID.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Scopes the query by cloud region.\n", + "in": "query", + "name": "region", + "schema": { + "description": "Scopes the query by cloud region.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Retrieves the fields that you need in a report.\nUse the list of fields you want to retrieve. By default, the result shows all fields of data.\n", + "in": "query", + "name": "fields", + "schema": { + "description": "Retrieves the fields that you need in a report.\nUse the list of fields you want to retrieve. By default, the result shows all fields of data.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "From is an optional minimum time constraints for the audit.\n", + "in": "query", + "name": "from", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "To is an optional maximum time constraints for the audit.\n", + "in": "query", + "name": "to", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "Images is the image names filter.\n", + "in": "query", + "name": "imageName", + "schema": { + "description": "Images is the image names filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Containers is the container names filter.\n", + "in": "query", + "name": "containerName", + "schema": { + "description": "Containers is the container names filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Hosts is the hostnames filter.\n", + "in": "query", + "name": "hostname", + "schema": { + "description": "Hosts is the hostnames filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "RuleNames is the rule names filter.\n", + "in": "query", + "name": "ruleName", + "schema": { + "description": "RuleNames is the rule names filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Types is the firewall audit type filter.\n", + "in": "query", + "name": "type", + "schema": { + "description": "Types is the firewall audit type filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Effect is used to filter by runtime audit effect.\n", + "in": "query", + "name": "effect", + "schema": { + "type": "string" + } + }, + { + "description": "RuleAppIDs is the rule app IDs filter.\n", + "in": "query", + "name": "ruleAppID", + "schema": { + "description": "RuleAppIDs is the rule app IDs filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "FunctionName is used to filter by function name.\n", + "in": "query", + "name": "function", + "schema": { + "description": "FunctionName is used to filter by function name.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Runtime is used to filter by runtime.\n", + "in": "query", + "name": "runtime", + "schema": { + "description": "Runtime is used to filter by runtime.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Namespaces is the list of namespaces to use for filtering.\n", + "in": "query", + "name": "ns", + "schema": { + "description": "Namespaces is the list of namespaces to use for filtering.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "AppIDs is the app embedded appID filter.\n", + "in": "query", + "name": "appID", + "schema": { + "description": "AppIDs is the app embedded appID filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Subnets is the source IPs filter.\n", + "in": "query", + "name": "subnet", + "schema": { + "description": "Subnets is the source IPs filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "ConnectingIPs is the connecting IPs filter.\n", + "in": "query", + "name": "connectingIPs", + "schema": { + "description": "ConnectingIPs is the connecting IPs filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Countries is the source IP country filter.\n", + "in": "query", + "name": "country", + "schema": { + "description": "Countries is the source IP country filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "UserAgents is the user agent header filter.\n", + "in": "query", + "name": "userAgentHeader", + "schema": { + "description": "UserAgents is the user agent header filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "URLs is the URL filter.\n", + "in": "query", + "name": "url", + "schema": { + "description": "URLs is the URL filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "RequestHosts is the request host filter.\n", + "in": "query", + "name": "requestHost", + "schema": { + "description": "RequestHosts is the request host filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Paths is the URL path filter.\n", + "in": "query", + "name": "urlPath", + "schema": { + "description": "Paths is the URL path filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Queries is the URL query filter.\n", + "in": "query", + "name": "urlQuery", + "schema": { + "description": "Queries is the URL query filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Methods is the request method filter.\n", + "in": "query", + "name": "method", + "schema": { + "description": "Methods is the request method filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "RequestHeaderNames is the request header names filter.\n", + "in": "query", + "name": "requestHeaderNames", + "schema": { + "description": "RequestHeaderNames is the request header names filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "OS is the OS filter.\n", + "in": "query", + "name": "os", + "schema": { + "description": "OS is the OS filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Messages is the audit message text filter.\n", + "in": "query", + "name": "msg", + "schema": { + "description": "Messages is the audit message text filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Cluster is the audit cluster filter.\n", + "in": "query", + "name": "cluster", + "schema": { + "description": "Cluster is the audit cluster filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "AttackTechniques are the MITRE attack techniques.\n", + "in": "query", + "name": "attackTechniques", + "schema": { + "description": "AttackTechniques are the MITRE attack techniques.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Aggregate indicates whether the result audits should be aggregated according to the Select field.\n", + "in": "query", + "name": "aggregate", + "schema": { + "type": "boolean" + } + }, + { + "description": "Protections is the firewall audit protection type filter.\n", + "in": "query", + "name": "protection", + "schema": { + "description": "Protections is the firewall audit protection type filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "EventID is the event IDs filter.\n", + "in": "query", + "name": "eventID", + "schema": { + "description": "EventID is the event IDs filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "OWASPTop10 is the OWASP top 10 filter.\n", + "in": "query", + "name": "owaspTop10", + "schema": { + "description": "OWASPTop10 is the OWASP top 10 filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "OWASPAPITop10 is the OWASP API top 10 filter.\n", + "in": "query", + "name": "owaspAPITop10", + "schema": { + "description": "OWASPAPITop10 is the OWASP API top 10 filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Buckets is the number of buckets to return.\n", + "in": "query", + "name": "buckets", + "schema": { + "type": "integer" + } + } + ], + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/-_types.AuditTimeslice" + } + } + }, + "description": "" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Audits" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorWAAS", + "saas": true, + "self-hosted": true + }, + "x-public": true, + "operationId": "get-audits-firewall-app-app-embedded-timeslice", + "summary": "Get WAAS App-embedded Audit Events for a Timeframe" + } + }, + "/api/v30.03/audits/firewall/app/container": { + "get": { + "description": { + "$ref": "https://raw.githubusercontent.com/PaloAltoNetworks/prisma-cloud-docs/master/api/descriptions/audits/waas_container_get.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Number of reports to retrieve in a page.\nFor PCCE, the maximum limit is 250.\nFor PCEE, the maximum limit is 50.\nThe default value is 50.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Retrieves the result for a search term.\n", + "in": "query", + "name": "search", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result using a key.\nRefer to the columns in the relevant Prisma Cloud Compute user interface to use them as sort keys.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": "Filters the result based on collection names that you have defined in Prisma Cloud Compute.\n", + "in": "query", + "name": "collections", + "schema": { + "description": "Filters the result based on collection names that you have defined in Prisma Cloud Compute.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Scopes the query by cloud provider.\n", + "in": "query", + "name": "provider", + "schema": { + "description": "Scopes the query by cloud provider.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters the result based on cloud account IDs.\n", + "in": "query", + "name": "accountIDs", + "schema": { + "description": "Filters the result based on cloud account IDs.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Scopes the query by resource ID.\n", + "in": "query", + "name": "resourceIDs", + "schema": { + "description": "Scopes the query by resource ID.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Scopes the query by cloud region.\n", + "in": "query", + "name": "region", + "schema": { + "description": "Scopes the query by cloud region.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Retrieves the fields that you need in a report.\nUse the list of fields you want to retrieve. By default, the result shows all fields of data.\n", + "in": "query", + "name": "fields", + "schema": { + "description": "Retrieves the fields that you need in a report.\nUse the list of fields you want to retrieve. By default, the result shows all fields of data.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "From is an optional minimum time constraints for the audit.\n", + "in": "query", + "name": "from", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "To is an optional maximum time constraints for the audit.\n", + "in": "query", + "name": "to", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "Images is the image names filter.\n", + "in": "query", + "name": "imageName", + "schema": { + "description": "Images is the image names filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Containers is the container names filter.\n", + "in": "query", + "name": "containerName", + "schema": { + "description": "Containers is the container names filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Hosts is the hostnames filter.\n", + "in": "query", + "name": "hostname", + "schema": { + "description": "Hosts is the hostnames filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "RuleNames is the rule names filter.\n", + "in": "query", + "name": "ruleName", + "schema": { + "description": "RuleNames is the rule names filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Types is the firewall audit type filter.\n", + "in": "query", + "name": "type", + "schema": { + "description": "Types is the firewall audit type filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Effect is used to filter by runtime audit effect.\n", + "in": "query", + "name": "effect", + "schema": { + "type": "string" + } + }, + { + "description": "RuleAppIDs is the rule app IDs filter.\n", + "in": "query", + "name": "ruleAppID", + "schema": { + "description": "RuleAppIDs is the rule app IDs filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "FunctionName is used to filter by function name.\n", + "in": "query", + "name": "function", + "schema": { + "description": "FunctionName is used to filter by function name.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Runtime is used to filter by runtime.\n", + "in": "query", + "name": "runtime", + "schema": { + "description": "Runtime is used to filter by runtime.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Namespaces is the list of namespaces to use for filtering.\n", + "in": "query", + "name": "ns", + "schema": { + "description": "Namespaces is the list of namespaces to use for filtering.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "AppIDs is the app embedded appID filter.\n", + "in": "query", + "name": "appID", + "schema": { + "description": "AppIDs is the app embedded appID filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Subnets is the source IPs filter.\n", + "in": "query", + "name": "subnet", + "schema": { + "description": "Subnets is the source IPs filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "ConnectingIPs is the connecting IPs filter.\n", + "in": "query", + "name": "connectingIPs", + "schema": { + "description": "ConnectingIPs is the connecting IPs filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Countries is the source IP country filter.\n", + "in": "query", + "name": "country", + "schema": { + "description": "Countries is the source IP country filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "UserAgents is the user agent header filter.\n", + "in": "query", + "name": "userAgentHeader", + "schema": { + "description": "UserAgents is the user agent header filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "URLs is the URL filter.\n", + "in": "query", + "name": "url", + "schema": { + "description": "URLs is the URL filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "RequestHosts is the request host filter.\n", + "in": "query", + "name": "requestHost", + "schema": { + "description": "RequestHosts is the request host filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Paths is the URL path filter.\n", + "in": "query", + "name": "urlPath", + "schema": { + "description": "Paths is the URL path filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Queries is the URL query filter.\n", + "in": "query", + "name": "urlQuery", + "schema": { + "description": "Queries is the URL query filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Methods is the request method filter.\n", + "in": "query", + "name": "method", + "schema": { + "description": "Methods is the request method filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "RequestHeaderNames is the request header names filter.\n", + "in": "query", + "name": "requestHeaderNames", + "schema": { + "description": "RequestHeaderNames is the request header names filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "OS is the OS filter.\n", + "in": "query", + "name": "os", + "schema": { + "description": "OS is the OS filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Messages is the audit message text filter.\n", + "in": "query", + "name": "msg", + "schema": { + "description": "Messages is the audit message text filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Cluster is the audit cluster filter.\n", + "in": "query", + "name": "cluster", + "schema": { + "description": "Cluster is the audit cluster filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "AttackTechniques are the MITRE attack techniques.\n", + "in": "query", + "name": "attackTechniques", + "schema": { + "description": "AttackTechniques are the MITRE attack techniques.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Aggregate indicates whether the result audits should be aggregated according to the Select field.\n", + "in": "query", + "name": "aggregate", + "schema": { + "type": "boolean" + } + }, + { + "description": "Protections is the firewall audit protection type filter.\n", + "in": "query", + "name": "protection", + "schema": { + "description": "Protections is the firewall audit protection type filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "EventID is the event IDs filter.\n", + "in": "query", + "name": "eventID", + "schema": { + "description": "EventID is the event IDs filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "OWASPTop10 is the OWASP top 10 filter.\n", + "in": "query", + "name": "owaspTop10", + "schema": { + "description": "OWASPTop10 is the OWASP top 10 filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "OWASPAPITop10 is the OWASP API top 10 filter.\n", + "in": "query", + "name": "owaspAPITop10", + "schema": { + "description": "OWASPAPITop10 is the OWASP API top 10 filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + } + ], + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/-_shared.AppFirewallAudit" + } + } + }, + "description": "" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Audits" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorWAAS", + "saas": true, + "self-hosted": true + }, + "x-public": true, + "operationId": "get-audits-firewall-app-container", + "summary": "Get WAAS Container Audit Events" + } + }, + "/api/v30.03/audits/firewall/app/container/download": { + "get": { + "description": { + "$ref": "https://raw.githubusercontent.com/PaloAltoNetworks/prisma-cloud-docs/master/api/descriptions/audits/waas_container_download_get.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Number of reports to retrieve in a page.\nFor PCCE, the maximum limit is 250.\nFor PCEE, the maximum limit is 50.\nThe default value is 50.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Retrieves the result for a search term.\n", + "in": "query", + "name": "search", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result using a key.\nRefer to the columns in the relevant Prisma Cloud Compute user interface to use them as sort keys.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": "Filters the result based on collection names that you have defined in Prisma Cloud Compute.\n", + "in": "query", + "name": "collections", + "schema": { + "description": "Filters the result based on collection names that you have defined in Prisma Cloud Compute.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Scopes the query by cloud provider.\n", + "in": "query", + "name": "provider", + "schema": { + "description": "Scopes the query by cloud provider.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters the result based on cloud account IDs.\n", + "in": "query", + "name": "accountIDs", + "schema": { + "description": "Filters the result based on cloud account IDs.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Scopes the query by resource ID.\n", + "in": "query", + "name": "resourceIDs", + "schema": { + "description": "Scopes the query by resource ID.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Scopes the query by cloud region.\n", + "in": "query", + "name": "region", + "schema": { + "description": "Scopes the query by cloud region.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Retrieves the fields that you need in a report.\nUse the list of fields you want to retrieve. By default, the result shows all fields of data.\n", + "in": "query", + "name": "fields", + "schema": { + "description": "Retrieves the fields that you need in a report.\nUse the list of fields you want to retrieve. By default, the result shows all fields of data.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "From is an optional minimum time constraints for the audit.\n", + "in": "query", + "name": "from", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "To is an optional maximum time constraints for the audit.\n", + "in": "query", + "name": "to", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "Images is the image names filter.\n", + "in": "query", + "name": "imageName", + "schema": { + "description": "Images is the image names filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Containers is the container names filter.\n", + "in": "query", + "name": "containerName", + "schema": { + "description": "Containers is the container names filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Hosts is the hostnames filter.\n", + "in": "query", + "name": "hostname", + "schema": { + "description": "Hosts is the hostnames filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "RuleNames is the rule names filter.\n", + "in": "query", + "name": "ruleName", + "schema": { + "description": "RuleNames is the rule names filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Types is the firewall audit type filter.\n", + "in": "query", + "name": "type", + "schema": { + "description": "Types is the firewall audit type filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Effect is used to filter by runtime audit effect.\n", + "in": "query", + "name": "effect", + "schema": { + "type": "string" + } + }, + { + "description": "RuleAppIDs is the rule app IDs filter.\n", + "in": "query", + "name": "ruleAppID", + "schema": { + "description": "RuleAppIDs is the rule app IDs filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "FunctionName is used to filter by function name.\n", + "in": "query", + "name": "function", + "schema": { + "description": "FunctionName is used to filter by function name.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Runtime is used to filter by runtime.\n", + "in": "query", + "name": "runtime", + "schema": { + "description": "Runtime is used to filter by runtime.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Namespaces is the list of namespaces to use for filtering.\n", + "in": "query", + "name": "ns", + "schema": { + "description": "Namespaces is the list of namespaces to use for filtering.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "AppIDs is the app embedded appID filter.\n", + "in": "query", + "name": "appID", + "schema": { + "description": "AppIDs is the app embedded appID filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Subnets is the source IPs filter.\n", + "in": "query", + "name": "subnet", + "schema": { + "description": "Subnets is the source IPs filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "ConnectingIPs is the connecting IPs filter.\n", + "in": "query", + "name": "connectingIPs", + "schema": { + "description": "ConnectingIPs is the connecting IPs filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Countries is the source IP country filter.\n", + "in": "query", + "name": "country", + "schema": { + "description": "Countries is the source IP country filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "UserAgents is the user agent header filter.\n", + "in": "query", + "name": "userAgentHeader", + "schema": { + "description": "UserAgents is the user agent header filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "URLs is the URL filter.\n", + "in": "query", + "name": "url", + "schema": { + "description": "URLs is the URL filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "RequestHosts is the request host filter.\n", + "in": "query", + "name": "requestHost", + "schema": { + "description": "RequestHosts is the request host filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Paths is the URL path filter.\n", + "in": "query", + "name": "urlPath", + "schema": { + "description": "Paths is the URL path filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Queries is the URL query filter.\n", + "in": "query", + "name": "urlQuery", + "schema": { + "description": "Queries is the URL query filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Methods is the request method filter.\n", + "in": "query", + "name": "method", + "schema": { + "description": "Methods is the request method filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "RequestHeaderNames is the request header names filter.\n", + "in": "query", + "name": "requestHeaderNames", + "schema": { + "description": "RequestHeaderNames is the request header names filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "OS is the OS filter.\n", + "in": "query", + "name": "os", + "schema": { + "description": "OS is the OS filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Messages is the audit message text filter.\n", + "in": "query", + "name": "msg", + "schema": { + "description": "Messages is the audit message text filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Cluster is the audit cluster filter.\n", + "in": "query", + "name": "cluster", + "schema": { + "description": "Cluster is the audit cluster filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "AttackTechniques are the MITRE attack techniques.\n", + "in": "query", + "name": "attackTechniques", + "schema": { + "description": "AttackTechniques are the MITRE attack techniques.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Aggregate indicates whether the result audits should be aggregated according to the Select field.\n", + "in": "query", + "name": "aggregate", + "schema": { + "type": "boolean" + } + }, + { + "description": "Protections is the firewall audit protection type filter.\n", + "in": "query", + "name": "protection", + "schema": { + "description": "Protections is the firewall audit protection type filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "EventID is the event IDs filter.\n", + "in": "query", + "name": "eventID", + "schema": { + "description": "EventID is the event IDs filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "OWASPTop10 is the OWASP top 10 filter.\n", + "in": "query", + "name": "owaspTop10", + "schema": { + "description": "OWASPTop10 is the OWASP top 10 filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "OWASPAPITop10 is the OWASP API top 10 filter.\n", + "in": "query", + "name": "owaspAPITop10", + "schema": { + "description": "OWASPAPITop10 is the OWASP API top 10 filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + } + ], + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Audits" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorWAAS", + "saas": true, + "self-hosted": true + }, + "x-public": true, + "operationId": "get-audits-firewall-app-container-download", + "summary": "Download WAAS Container Audit Events" + } + }, + "/api/v30.03/audits/firewall/app/container/timeslice": { + "get": { + "description": "ContainerAppFirewallAuditTimeslice returns container firewall audit buckets according to the query timeframe\n", + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Number of reports to retrieve in a page.\nFor PCCE, the maximum limit is 250.\nFor PCEE, the maximum limit is 50.\nThe default value is 50.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Retrieves the result for a search term.\n", + "in": "query", + "name": "search", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result using a key.\nRefer to the columns in the relevant Prisma Cloud Compute user interface to use them as sort keys.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": "Filters the result based on collection names that you have defined in Prisma Cloud Compute.\n", + "in": "query", + "name": "collections", + "schema": { + "description": "Filters the result based on collection names that you have defined in Prisma Cloud Compute.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Scopes the query by cloud provider.\n", + "in": "query", + "name": "provider", + "schema": { + "description": "Scopes the query by cloud provider.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters the result based on cloud account IDs.\n", + "in": "query", + "name": "accountIDs", + "schema": { + "description": "Filters the result based on cloud account IDs.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Scopes the query by resource ID.\n", + "in": "query", + "name": "resourceIDs", + "schema": { + "description": "Scopes the query by resource ID.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Scopes the query by cloud region.\n", + "in": "query", + "name": "region", + "schema": { + "description": "Scopes the query by cloud region.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Retrieves the fields that you need in a report.\nUse the list of fields you want to retrieve. By default, the result shows all fields of data.\n", + "in": "query", + "name": "fields", + "schema": { + "description": "Retrieves the fields that you need in a report.\nUse the list of fields you want to retrieve. By default, the result shows all fields of data.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "From is an optional minimum time constraints for the audit.\n", + "in": "query", + "name": "from", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "To is an optional maximum time constraints for the audit.\n", + "in": "query", + "name": "to", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "Images is the image names filter.\n", + "in": "query", + "name": "imageName", + "schema": { + "description": "Images is the image names filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Containers is the container names filter.\n", + "in": "query", + "name": "containerName", + "schema": { + "description": "Containers is the container names filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Hosts is the hostnames filter.\n", + "in": "query", + "name": "hostname", + "schema": { + "description": "Hosts is the hostnames filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "RuleNames is the rule names filter.\n", + "in": "query", + "name": "ruleName", + "schema": { + "description": "RuleNames is the rule names filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Types is the firewall audit type filter.\n", + "in": "query", + "name": "type", + "schema": { + "description": "Types is the firewall audit type filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Effect is used to filter by runtime audit effect.\n", + "in": "query", + "name": "effect", + "schema": { + "type": "string" + } + }, + { + "description": "RuleAppIDs is the rule app IDs filter.\n", + "in": "query", + "name": "ruleAppID", + "schema": { + "description": "RuleAppIDs is the rule app IDs filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "FunctionName is used to filter by function name.\n", + "in": "query", + "name": "function", + "schema": { + "description": "FunctionName is used to filter by function name.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Runtime is used to filter by runtime.\n", + "in": "query", + "name": "runtime", + "schema": { + "description": "Runtime is used to filter by runtime.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Namespaces is the list of namespaces to use for filtering.\n", + "in": "query", + "name": "ns", + "schema": { + "description": "Namespaces is the list of namespaces to use for filtering.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "AppIDs is the app embedded appID filter.\n", + "in": "query", + "name": "appID", + "schema": { + "description": "AppIDs is the app embedded appID filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Subnets is the source IPs filter.\n", + "in": "query", + "name": "subnet", + "schema": { + "description": "Subnets is the source IPs filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "ConnectingIPs is the connecting IPs filter.\n", + "in": "query", + "name": "connectingIPs", + "schema": { + "description": "ConnectingIPs is the connecting IPs filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Countries is the source IP country filter.\n", + "in": "query", + "name": "country", + "schema": { + "description": "Countries is the source IP country filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "UserAgents is the user agent header filter.\n", + "in": "query", + "name": "userAgentHeader", + "schema": { + "description": "UserAgents is the user agent header filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "URLs is the URL filter.\n", + "in": "query", + "name": "url", + "schema": { + "description": "URLs is the URL filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "RequestHosts is the request host filter.\n", + "in": "query", + "name": "requestHost", + "schema": { + "description": "RequestHosts is the request host filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Paths is the URL path filter.\n", + "in": "query", + "name": "urlPath", + "schema": { + "description": "Paths is the URL path filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Queries is the URL query filter.\n", + "in": "query", + "name": "urlQuery", + "schema": { + "description": "Queries is the URL query filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Methods is the request method filter.\n", + "in": "query", + "name": "method", + "schema": { + "description": "Methods is the request method filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "RequestHeaderNames is the request header names filter.\n", + "in": "query", + "name": "requestHeaderNames", + "schema": { + "description": "RequestHeaderNames is the request header names filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "OS is the OS filter.\n", + "in": "query", + "name": "os", + "schema": { + "description": "OS is the OS filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Messages is the audit message text filter.\n", + "in": "query", + "name": "msg", + "schema": { + "description": "Messages is the audit message text filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Cluster is the audit cluster filter.\n", + "in": "query", + "name": "cluster", + "schema": { + "description": "Cluster is the audit cluster filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "AttackTechniques are the MITRE attack techniques.\n", + "in": "query", + "name": "attackTechniques", + "schema": { + "description": "AttackTechniques are the MITRE attack techniques.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Aggregate indicates whether the result audits should be aggregated according to the Select field.\n", + "in": "query", + "name": "aggregate", + "schema": { + "type": "boolean" + } + }, + { + "description": "Protections is the firewall audit protection type filter.\n", + "in": "query", + "name": "protection", + "schema": { + "description": "Protections is the firewall audit protection type filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "EventID is the event IDs filter.\n", + "in": "query", + "name": "eventID", + "schema": { + "description": "EventID is the event IDs filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "OWASPTop10 is the OWASP top 10 filter.\n", + "in": "query", + "name": "owaspTop10", + "schema": { + "description": "OWASPTop10 is the OWASP top 10 filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "OWASPAPITop10 is the OWASP API top 10 filter.\n", + "in": "query", + "name": "owaspAPITop10", + "schema": { + "description": "OWASPAPITop10 is the OWASP API top 10 filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Buckets is the number of buckets to return.\n", + "in": "query", + "name": "buckets", + "schema": { + "type": "integer" + } + } + ], + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/-_types.AuditTimeslice" + } + } + }, + "description": "" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Audits" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorWAAS", + "saas": true, + "self-hosted": true + }, + "x-public": true, + "operationId": "get-audits-firewall-app-container-timeslice", + "summary": " Container App Firewall Audit Timeslice" + } + }, + "/api/v30.03/audits/firewall/app/host": { + "get": { + "description": { + "$ref": "https://raw.githubusercontent.com/PaloAltoNetworks/prisma-cloud-docs/master/api/descriptions/audits/waas_host_get.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Number of reports to retrieve in a page.\nFor PCCE, the maximum limit is 250.\nFor PCEE, the maximum limit is 50.\nThe default value is 50.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Retrieves the result for a search term.\n", + "in": "query", + "name": "search", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result using a key.\nRefer to the columns in the relevant Prisma Cloud Compute user interface to use them as sort keys.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": "Filters the result based on collection names that you have defined in Prisma Cloud Compute.\n", + "in": "query", + "name": "collections", + "schema": { + "description": "Filters the result based on collection names that you have defined in Prisma Cloud Compute.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Scopes the query by cloud provider.\n", + "in": "query", + "name": "provider", + "schema": { + "description": "Scopes the query by cloud provider.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters the result based on cloud account IDs.\n", + "in": "query", + "name": "accountIDs", + "schema": { + "description": "Filters the result based on cloud account IDs.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Scopes the query by resource ID.\n", + "in": "query", + "name": "resourceIDs", + "schema": { + "description": "Scopes the query by resource ID.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Scopes the query by cloud region.\n", + "in": "query", + "name": "region", + "schema": { + "description": "Scopes the query by cloud region.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Retrieves the fields that you need in a report.\nUse the list of fields you want to retrieve. By default, the result shows all fields of data.\n", + "in": "query", + "name": "fields", + "schema": { + "description": "Retrieves the fields that you need in a report.\nUse the list of fields you want to retrieve. By default, the result shows all fields of data.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "From is an optional minimum time constraints for the audit.\n", + "in": "query", + "name": "from", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "To is an optional maximum time constraints for the audit.\n", + "in": "query", + "name": "to", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "Images is the image names filter.\n", + "in": "query", + "name": "imageName", + "schema": { + "description": "Images is the image names filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Containers is the container names filter.\n", + "in": "query", + "name": "containerName", + "schema": { + "description": "Containers is the container names filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Hosts is the hostnames filter.\n", + "in": "query", + "name": "hostname", + "schema": { + "description": "Hosts is the hostnames filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "RuleNames is the rule names filter.\n", + "in": "query", + "name": "ruleName", + "schema": { + "description": "RuleNames is the rule names filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Types is the firewall audit type filter.\n", + "in": "query", + "name": "type", + "schema": { + "description": "Types is the firewall audit type filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Effect is used to filter by runtime audit effect.\n", + "in": "query", + "name": "effect", + "schema": { + "type": "string" + } + }, + { + "description": "RuleAppIDs is the rule app IDs filter.\n", + "in": "query", + "name": "ruleAppID", + "schema": { + "description": "RuleAppIDs is the rule app IDs filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "FunctionName is used to filter by function name.\n", + "in": "query", + "name": "function", + "schema": { + "description": "FunctionName is used to filter by function name.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Runtime is used to filter by runtime.\n", + "in": "query", + "name": "runtime", + "schema": { + "description": "Runtime is used to filter by runtime.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Namespaces is the list of namespaces to use for filtering.\n", + "in": "query", + "name": "ns", + "schema": { + "description": "Namespaces is the list of namespaces to use for filtering.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "AppIDs is the app embedded appID filter.\n", + "in": "query", + "name": "appID", + "schema": { + "description": "AppIDs is the app embedded appID filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Subnets is the source IPs filter.\n", + "in": "query", + "name": "subnet", + "schema": { + "description": "Subnets is the source IPs filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "ConnectingIPs is the connecting IPs filter.\n", + "in": "query", + "name": "connectingIPs", + "schema": { + "description": "ConnectingIPs is the connecting IPs filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Countries is the source IP country filter.\n", + "in": "query", + "name": "country", + "schema": { + "description": "Countries is the source IP country filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "UserAgents is the user agent header filter.\n", + "in": "query", + "name": "userAgentHeader", + "schema": { + "description": "UserAgents is the user agent header filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "URLs is the URL filter.\n", + "in": "query", + "name": "url", + "schema": { + "description": "URLs is the URL filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "RequestHosts is the request host filter.\n", + "in": "query", + "name": "requestHost", + "schema": { + "description": "RequestHosts is the request host filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Paths is the URL path filter.\n", + "in": "query", + "name": "urlPath", + "schema": { + "description": "Paths is the URL path filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Queries is the URL query filter.\n", + "in": "query", + "name": "urlQuery", + "schema": { + "description": "Queries is the URL query filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Methods is the request method filter.\n", + "in": "query", + "name": "method", + "schema": { + "description": "Methods is the request method filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "RequestHeaderNames is the request header names filter.\n", + "in": "query", + "name": "requestHeaderNames", + "schema": { + "description": "RequestHeaderNames is the request header names filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "OS is the OS filter.\n", + "in": "query", + "name": "os", + "schema": { + "description": "OS is the OS filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Messages is the audit message text filter.\n", + "in": "query", + "name": "msg", + "schema": { + "description": "Messages is the audit message text filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Cluster is the audit cluster filter.\n", + "in": "query", + "name": "cluster", + "schema": { + "description": "Cluster is the audit cluster filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "AttackTechniques are the MITRE attack techniques.\n", + "in": "query", + "name": "attackTechniques", + "schema": { + "description": "AttackTechniques are the MITRE attack techniques.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Aggregate indicates whether the result audits should be aggregated according to the Select field.\n", + "in": "query", + "name": "aggregate", + "schema": { + "type": "boolean" + } + }, + { + "description": "Protections is the firewall audit protection type filter.\n", + "in": "query", + "name": "protection", + "schema": { + "description": "Protections is the firewall audit protection type filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "EventID is the event IDs filter.\n", + "in": "query", + "name": "eventID", + "schema": { + "description": "EventID is the event IDs filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "OWASPTop10 is the OWASP top 10 filter.\n", + "in": "query", + "name": "owaspTop10", + "schema": { + "description": "OWASPTop10 is the OWASP top 10 filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "OWASPAPITop10 is the OWASP API top 10 filter.\n", + "in": "query", + "name": "owaspAPITop10", + "schema": { + "description": "OWASPAPITop10 is the OWASP API top 10 filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + } + ], + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/-_shared.AppFirewallAudit" + } + } + }, + "description": "" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Audits" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorWAAS", + "saas": true, + "self-hosted": true + }, + "x-public": true, + "operationId": "get-audits-firewall-app-host", + "summary": "Get WAAS Host Audit Events" + } + }, + "/api/v30.03/audits/firewall/app/host/download": { + "get": { + "description": { + "$ref": "https://raw.githubusercontent.com/PaloAltoNetworks/prisma-cloud-docs/master/api/descriptions/audits/waas_host_download_get.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Number of reports to retrieve in a page.\nFor PCCE, the maximum limit is 250.\nFor PCEE, the maximum limit is 50.\nThe default value is 50.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Retrieves the result for a search term.\n", + "in": "query", + "name": "search", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result using a key.\nRefer to the columns in the relevant Prisma Cloud Compute user interface to use them as sort keys.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": "Filters the result based on collection names that you have defined in Prisma Cloud Compute.\n", + "in": "query", + "name": "collections", + "schema": { + "description": "Filters the result based on collection names that you have defined in Prisma Cloud Compute.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Scopes the query by cloud provider.\n", + "in": "query", + "name": "provider", + "schema": { + "description": "Scopes the query by cloud provider.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters the result based on cloud account IDs.\n", + "in": "query", + "name": "accountIDs", + "schema": { + "description": "Filters the result based on cloud account IDs.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Scopes the query by resource ID.\n", + "in": "query", + "name": "resourceIDs", + "schema": { + "description": "Scopes the query by resource ID.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Scopes the query by cloud region.\n", + "in": "query", + "name": "region", + "schema": { + "description": "Scopes the query by cloud region.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Retrieves the fields that you need in a report.\nUse the list of fields you want to retrieve. By default, the result shows all fields of data.\n", + "in": "query", + "name": "fields", + "schema": { + "description": "Retrieves the fields that you need in a report.\nUse the list of fields you want to retrieve. By default, the result shows all fields of data.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "From is an optional minimum time constraints for the audit.\n", + "in": "query", + "name": "from", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "To is an optional maximum time constraints for the audit.\n", + "in": "query", + "name": "to", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "Images is the image names filter.\n", + "in": "query", + "name": "imageName", + "schema": { + "description": "Images is the image names filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Containers is the container names filter.\n", + "in": "query", + "name": "containerName", + "schema": { + "description": "Containers is the container names filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Hosts is the hostnames filter.\n", + "in": "query", + "name": "hostname", + "schema": { + "description": "Hosts is the hostnames filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "RuleNames is the rule names filter.\n", + "in": "query", + "name": "ruleName", + "schema": { + "description": "RuleNames is the rule names filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Types is the firewall audit type filter.\n", + "in": "query", + "name": "type", + "schema": { + "description": "Types is the firewall audit type filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Effect is used to filter by runtime audit effect.\n", + "in": "query", + "name": "effect", + "schema": { + "type": "string" + } + }, + { + "description": "RuleAppIDs is the rule app IDs filter.\n", + "in": "query", + "name": "ruleAppID", + "schema": { + "description": "RuleAppIDs is the rule app IDs filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "FunctionName is used to filter by function name.\n", + "in": "query", + "name": "function", + "schema": { + "description": "FunctionName is used to filter by function name.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Runtime is used to filter by runtime.\n", + "in": "query", + "name": "runtime", + "schema": { + "description": "Runtime is used to filter by runtime.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Namespaces is the list of namespaces to use for filtering.\n", + "in": "query", + "name": "ns", + "schema": { + "description": "Namespaces is the list of namespaces to use for filtering.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "AppIDs is the app embedded appID filter.\n", + "in": "query", + "name": "appID", + "schema": { + "description": "AppIDs is the app embedded appID filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Subnets is the source IPs filter.\n", + "in": "query", + "name": "subnet", + "schema": { + "description": "Subnets is the source IPs filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "ConnectingIPs is the connecting IPs filter.\n", + "in": "query", + "name": "connectingIPs", + "schema": { + "description": "ConnectingIPs is the connecting IPs filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Countries is the source IP country filter.\n", + "in": "query", + "name": "country", + "schema": { + "description": "Countries is the source IP country filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "UserAgents is the user agent header filter.\n", + "in": "query", + "name": "userAgentHeader", + "schema": { + "description": "UserAgents is the user agent header filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "URLs is the URL filter.\n", + "in": "query", + "name": "url", + "schema": { + "description": "URLs is the URL filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "RequestHosts is the request host filter.\n", + "in": "query", + "name": "requestHost", + "schema": { + "description": "RequestHosts is the request host filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Paths is the URL path filter.\n", + "in": "query", + "name": "urlPath", + "schema": { + "description": "Paths is the URL path filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Queries is the URL query filter.\n", + "in": "query", + "name": "urlQuery", + "schema": { + "description": "Queries is the URL query filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Methods is the request method filter.\n", + "in": "query", + "name": "method", + "schema": { + "description": "Methods is the request method filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "RequestHeaderNames is the request header names filter.\n", + "in": "query", + "name": "requestHeaderNames", + "schema": { + "description": "RequestHeaderNames is the request header names filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "OS is the OS filter.\n", + "in": "query", + "name": "os", + "schema": { + "description": "OS is the OS filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Messages is the audit message text filter.\n", + "in": "query", + "name": "msg", + "schema": { + "description": "Messages is the audit message text filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Cluster is the audit cluster filter.\n", + "in": "query", + "name": "cluster", + "schema": { + "description": "Cluster is the audit cluster filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "AttackTechniques are the MITRE attack techniques.\n", + "in": "query", + "name": "attackTechniques", + "schema": { + "description": "AttackTechniques are the MITRE attack techniques.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Aggregate indicates whether the result audits should be aggregated according to the Select field.\n", + "in": "query", + "name": "aggregate", + "schema": { + "type": "boolean" + } + }, + { + "description": "Protections is the firewall audit protection type filter.\n", + "in": "query", + "name": "protection", + "schema": { + "description": "Protections is the firewall audit protection type filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "EventID is the event IDs filter.\n", + "in": "query", + "name": "eventID", + "schema": { + "description": "EventID is the event IDs filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "OWASPTop10 is the OWASP top 10 filter.\n", + "in": "query", + "name": "owaspTop10", + "schema": { + "description": "OWASPTop10 is the OWASP top 10 filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "OWASPAPITop10 is the OWASP API top 10 filter.\n", + "in": "query", + "name": "owaspAPITop10", + "schema": { + "description": "OWASPAPITop10 is the OWASP API top 10 filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + } + ], + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Audits" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorWAAS", + "saas": true, + "self-hosted": true + }, + "x-public": true, + "operationId": "get-audits-firewall-app-host-download", + "summary": "Download WAAS Host Audit Events" + } + }, + "/api/v30.03/audits/firewall/app/host/timeslice": { + "get": { + "description": "HostAppFirewallAuditTimeslice returns host firewall audit buckets according to the query timeframe\n", + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Number of reports to retrieve in a page.\nFor PCCE, the maximum limit is 250.\nFor PCEE, the maximum limit is 50.\nThe default value is 50.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Retrieves the result for a search term.\n", + "in": "query", + "name": "search", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result using a key.\nRefer to the columns in the relevant Prisma Cloud Compute user interface to use them as sort keys.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": "Filters the result based on collection names that you have defined in Prisma Cloud Compute.\n", + "in": "query", + "name": "collections", + "schema": { + "description": "Filters the result based on collection names that you have defined in Prisma Cloud Compute.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Scopes the query by cloud provider.\n", + "in": "query", + "name": "provider", + "schema": { + "description": "Scopes the query by cloud provider.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters the result based on cloud account IDs.\n", + "in": "query", + "name": "accountIDs", + "schema": { + "description": "Filters the result based on cloud account IDs.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Scopes the query by resource ID.\n", + "in": "query", + "name": "resourceIDs", + "schema": { + "description": "Scopes the query by resource ID.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Scopes the query by cloud region.\n", + "in": "query", + "name": "region", + "schema": { + "description": "Scopes the query by cloud region.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Retrieves the fields that you need in a report.\nUse the list of fields you want to retrieve. By default, the result shows all fields of data.\n", + "in": "query", + "name": "fields", + "schema": { + "description": "Retrieves the fields that you need in a report.\nUse the list of fields you want to retrieve. By default, the result shows all fields of data.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "From is an optional minimum time constraints for the audit.\n", + "in": "query", + "name": "from", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "To is an optional maximum time constraints for the audit.\n", + "in": "query", + "name": "to", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "Images is the image names filter.\n", + "in": "query", + "name": "imageName", + "schema": { + "description": "Images is the image names filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Containers is the container names filter.\n", + "in": "query", + "name": "containerName", + "schema": { + "description": "Containers is the container names filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Hosts is the hostnames filter.\n", + "in": "query", + "name": "hostname", + "schema": { + "description": "Hosts is the hostnames filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "RuleNames is the rule names filter.\n", + "in": "query", + "name": "ruleName", + "schema": { + "description": "RuleNames is the rule names filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Types is the firewall audit type filter.\n", + "in": "query", + "name": "type", + "schema": { + "description": "Types is the firewall audit type filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Effect is used to filter by runtime audit effect.\n", + "in": "query", + "name": "effect", + "schema": { + "type": "string" + } + }, + { + "description": "RuleAppIDs is the rule app IDs filter.\n", + "in": "query", + "name": "ruleAppID", + "schema": { + "description": "RuleAppIDs is the rule app IDs filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "FunctionName is used to filter by function name.\n", + "in": "query", + "name": "function", + "schema": { + "description": "FunctionName is used to filter by function name.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Runtime is used to filter by runtime.\n", + "in": "query", + "name": "runtime", + "schema": { + "description": "Runtime is used to filter by runtime.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Namespaces is the list of namespaces to use for filtering.\n", + "in": "query", + "name": "ns", + "schema": { + "description": "Namespaces is the list of namespaces to use for filtering.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "AppIDs is the app embedded appID filter.\n", + "in": "query", + "name": "appID", + "schema": { + "description": "AppIDs is the app embedded appID filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Subnets is the source IPs filter.\n", + "in": "query", + "name": "subnet", + "schema": { + "description": "Subnets is the source IPs filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "ConnectingIPs is the connecting IPs filter.\n", + "in": "query", + "name": "connectingIPs", + "schema": { + "description": "ConnectingIPs is the connecting IPs filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Countries is the source IP country filter.\n", + "in": "query", + "name": "country", + "schema": { + "description": "Countries is the source IP country filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "UserAgents is the user agent header filter.\n", + "in": "query", + "name": "userAgentHeader", + "schema": { + "description": "UserAgents is the user agent header filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "URLs is the URL filter.\n", + "in": "query", + "name": "url", + "schema": { + "description": "URLs is the URL filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "RequestHosts is the request host filter.\n", + "in": "query", + "name": "requestHost", + "schema": { + "description": "RequestHosts is the request host filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Paths is the URL path filter.\n", + "in": "query", + "name": "urlPath", + "schema": { + "description": "Paths is the URL path filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Queries is the URL query filter.\n", + "in": "query", + "name": "urlQuery", + "schema": { + "description": "Queries is the URL query filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Methods is the request method filter.\n", + "in": "query", + "name": "method", + "schema": { + "description": "Methods is the request method filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "RequestHeaderNames is the request header names filter.\n", + "in": "query", + "name": "requestHeaderNames", + "schema": { + "description": "RequestHeaderNames is the request header names filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "OS is the OS filter.\n", + "in": "query", + "name": "os", + "schema": { + "description": "OS is the OS filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Messages is the audit message text filter.\n", + "in": "query", + "name": "msg", + "schema": { + "description": "Messages is the audit message text filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Cluster is the audit cluster filter.\n", + "in": "query", + "name": "cluster", + "schema": { + "description": "Cluster is the audit cluster filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "AttackTechniques are the MITRE attack techniques.\n", + "in": "query", + "name": "attackTechniques", + "schema": { + "description": "AttackTechniques are the MITRE attack techniques.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Aggregate indicates whether the result audits should be aggregated according to the Select field.\n", + "in": "query", + "name": "aggregate", + "schema": { + "type": "boolean" + } + }, + { + "description": "Protections is the firewall audit protection type filter.\n", + "in": "query", + "name": "protection", + "schema": { + "description": "Protections is the firewall audit protection type filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "EventID is the event IDs filter.\n", + "in": "query", + "name": "eventID", + "schema": { + "description": "EventID is the event IDs filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "OWASPTop10 is the OWASP top 10 filter.\n", + "in": "query", + "name": "owaspTop10", + "schema": { + "description": "OWASPTop10 is the OWASP top 10 filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "OWASPAPITop10 is the OWASP API top 10 filter.\n", + "in": "query", + "name": "owaspAPITop10", + "schema": { + "description": "OWASPAPITop10 is the OWASP API top 10 filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Buckets is the number of buckets to return.\n", + "in": "query", + "name": "buckets", + "schema": { + "type": "integer" + } + } + ], + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/-_types.AuditTimeslice" + } + } + }, + "description": "" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Audits" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorWAAS", + "saas": true, + "self-hosted": true + }, + "x-public": true, + "operationId": "get-audits-firewall-app-host-timeslice", + "summary": " Host App Firewall Audit Timeslice" + } + }, + "/api/v30.03/audits/firewall/app/serverless": { + "get": { + "description": { + "$ref": "https://raw.githubusercontent.com/PaloAltoNetworks/prisma-cloud-docs/master/api/descriptions/audits/waas_serverless_get.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Number of reports to retrieve in a page.\nFor PCCE, the maximum limit is 250.\nFor PCEE, the maximum limit is 50.\nThe default value is 50.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Retrieves the result for a search term.\n", + "in": "query", + "name": "search", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result using a key.\nRefer to the columns in the relevant Prisma Cloud Compute user interface to use them as sort keys.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": "Filters the result based on collection names that you have defined in Prisma Cloud Compute.\n", + "in": "query", + "name": "collections", + "schema": { + "description": "Filters the result based on collection names that you have defined in Prisma Cloud Compute.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Scopes the query by cloud provider.\n", + "in": "query", + "name": "provider", + "schema": { + "description": "Scopes the query by cloud provider.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters the result based on cloud account IDs.\n", + "in": "query", + "name": "accountIDs", + "schema": { + "description": "Filters the result based on cloud account IDs.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Scopes the query by resource ID.\n", + "in": "query", + "name": "resourceIDs", + "schema": { + "description": "Scopes the query by resource ID.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Scopes the query by cloud region.\n", + "in": "query", + "name": "region", + "schema": { + "description": "Scopes the query by cloud region.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Retrieves the fields that you need in a report.\nUse the list of fields you want to retrieve. By default, the result shows all fields of data.\n", + "in": "query", + "name": "fields", + "schema": { + "description": "Retrieves the fields that you need in a report.\nUse the list of fields you want to retrieve. By default, the result shows all fields of data.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "From is an optional minimum time constraints for the audit.\n", + "in": "query", + "name": "from", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "To is an optional maximum time constraints for the audit.\n", + "in": "query", + "name": "to", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "Images is the image names filter.\n", + "in": "query", + "name": "imageName", + "schema": { + "description": "Images is the image names filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Containers is the container names filter.\n", + "in": "query", + "name": "containerName", + "schema": { + "description": "Containers is the container names filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Hosts is the hostnames filter.\n", + "in": "query", + "name": "hostname", + "schema": { + "description": "Hosts is the hostnames filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "RuleNames is the rule names filter.\n", + "in": "query", + "name": "ruleName", + "schema": { + "description": "RuleNames is the rule names filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Types is the firewall audit type filter.\n", + "in": "query", + "name": "type", + "schema": { + "description": "Types is the firewall audit type filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Effect is used to filter by runtime audit effect.\n", + "in": "query", + "name": "effect", + "schema": { + "type": "string" + } + }, + { + "description": "RuleAppIDs is the rule app IDs filter.\n", + "in": "query", + "name": "ruleAppID", + "schema": { + "description": "RuleAppIDs is the rule app IDs filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "FunctionName is used to filter by function name.\n", + "in": "query", + "name": "function", + "schema": { + "description": "FunctionName is used to filter by function name.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Runtime is used to filter by runtime.\n", + "in": "query", + "name": "runtime", + "schema": { + "description": "Runtime is used to filter by runtime.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Namespaces is the list of namespaces to use for filtering.\n", + "in": "query", + "name": "ns", + "schema": { + "description": "Namespaces is the list of namespaces to use for filtering.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "AppIDs is the app embedded appID filter.\n", + "in": "query", + "name": "appID", + "schema": { + "description": "AppIDs is the app embedded appID filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Subnets is the source IPs filter.\n", + "in": "query", + "name": "subnet", + "schema": { + "description": "Subnets is the source IPs filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "ConnectingIPs is the connecting IPs filter.\n", + "in": "query", + "name": "connectingIPs", + "schema": { + "description": "ConnectingIPs is the connecting IPs filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Countries is the source IP country filter.\n", + "in": "query", + "name": "country", + "schema": { + "description": "Countries is the source IP country filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "UserAgents is the user agent header filter.\n", + "in": "query", + "name": "userAgentHeader", + "schema": { + "description": "UserAgents is the user agent header filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "URLs is the URL filter.\n", + "in": "query", + "name": "url", + "schema": { + "description": "URLs is the URL filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "RequestHosts is the request host filter.\n", + "in": "query", + "name": "requestHost", + "schema": { + "description": "RequestHosts is the request host filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Paths is the URL path filter.\n", + "in": "query", + "name": "urlPath", + "schema": { + "description": "Paths is the URL path filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Queries is the URL query filter.\n", + "in": "query", + "name": "urlQuery", + "schema": { + "description": "Queries is the URL query filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Methods is the request method filter.\n", + "in": "query", + "name": "method", + "schema": { + "description": "Methods is the request method filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "RequestHeaderNames is the request header names filter.\n", + "in": "query", + "name": "requestHeaderNames", + "schema": { + "description": "RequestHeaderNames is the request header names filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "OS is the OS filter.\n", + "in": "query", + "name": "os", + "schema": { + "description": "OS is the OS filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Messages is the audit message text filter.\n", + "in": "query", + "name": "msg", + "schema": { + "description": "Messages is the audit message text filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Cluster is the audit cluster filter.\n", + "in": "query", + "name": "cluster", + "schema": { + "description": "Cluster is the audit cluster filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "AttackTechniques are the MITRE attack techniques.\n", + "in": "query", + "name": "attackTechniques", + "schema": { + "description": "AttackTechniques are the MITRE attack techniques.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Aggregate indicates whether the result audits should be aggregated according to the Select field.\n", + "in": "query", + "name": "aggregate", + "schema": { + "type": "boolean" + } + }, + { + "description": "Protections is the firewall audit protection type filter.\n", + "in": "query", + "name": "protection", + "schema": { + "description": "Protections is the firewall audit protection type filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "EventID is the event IDs filter.\n", + "in": "query", + "name": "eventID", + "schema": { + "description": "EventID is the event IDs filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "OWASPTop10 is the OWASP top 10 filter.\n", + "in": "query", + "name": "owaspTop10", + "schema": { + "description": "OWASPTop10 is the OWASP top 10 filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "OWASPAPITop10 is the OWASP API top 10 filter.\n", + "in": "query", + "name": "owaspAPITop10", + "schema": { + "description": "OWASPAPITop10 is the OWASP API top 10 filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + } + ], + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/-_shared.AppFirewallAudit" + } + } + }, + "description": "" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Audits" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorWAAS", + "saas": true, + "self-hosted": true + }, + "x-public": true, + "operationId": "get-audits-firewall-app-serverless", + "summary": "Get WAAS Serverless Audit Events" + } + }, + "/api/v30.03/audits/firewall/app/serverless/download": { + "get": { + "description": { + "$ref": "https://raw.githubusercontent.com/PaloAltoNetworks/prisma-cloud-docs/master/api/descriptions/audits/waas_serverless_download_get.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Number of reports to retrieve in a page.\nFor PCCE, the maximum limit is 250.\nFor PCEE, the maximum limit is 50.\nThe default value is 50.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Retrieves the result for a search term.\n", + "in": "query", + "name": "search", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result using a key.\nRefer to the columns in the relevant Prisma Cloud Compute user interface to use them as sort keys.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": "Filters the result based on collection names that you have defined in Prisma Cloud Compute.\n", + "in": "query", + "name": "collections", + "schema": { + "description": "Filters the result based on collection names that you have defined in Prisma Cloud Compute.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Scopes the query by cloud provider.\n", + "in": "query", + "name": "provider", + "schema": { + "description": "Scopes the query by cloud provider.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters the result based on cloud account IDs.\n", + "in": "query", + "name": "accountIDs", + "schema": { + "description": "Filters the result based on cloud account IDs.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Scopes the query by resource ID.\n", + "in": "query", + "name": "resourceIDs", + "schema": { + "description": "Scopes the query by resource ID.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Scopes the query by cloud region.\n", + "in": "query", + "name": "region", + "schema": { + "description": "Scopes the query by cloud region.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Retrieves the fields that you need in a report.\nUse the list of fields you want to retrieve. By default, the result shows all fields of data.\n", + "in": "query", + "name": "fields", + "schema": { + "description": "Retrieves the fields that you need in a report.\nUse the list of fields you want to retrieve. By default, the result shows all fields of data.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "From is an optional minimum time constraints for the audit.\n", + "in": "query", + "name": "from", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "To is an optional maximum time constraints for the audit.\n", + "in": "query", + "name": "to", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "Images is the image names filter.\n", + "in": "query", + "name": "imageName", + "schema": { + "description": "Images is the image names filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Containers is the container names filter.\n", + "in": "query", + "name": "containerName", + "schema": { + "description": "Containers is the container names filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Hosts is the hostnames filter.\n", + "in": "query", + "name": "hostname", + "schema": { + "description": "Hosts is the hostnames filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "RuleNames is the rule names filter.\n", + "in": "query", + "name": "ruleName", + "schema": { + "description": "RuleNames is the rule names filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Types is the firewall audit type filter.\n", + "in": "query", + "name": "type", + "schema": { + "description": "Types is the firewall audit type filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Effect is used to filter by runtime audit effect.\n", + "in": "query", + "name": "effect", + "schema": { + "type": "string" + } + }, + { + "description": "RuleAppIDs is the rule app IDs filter.\n", + "in": "query", + "name": "ruleAppID", + "schema": { + "description": "RuleAppIDs is the rule app IDs filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "FunctionName is used to filter by function name.\n", + "in": "query", + "name": "function", + "schema": { + "description": "FunctionName is used to filter by function name.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Runtime is used to filter by runtime.\n", + "in": "query", + "name": "runtime", + "schema": { + "description": "Runtime is used to filter by runtime.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Namespaces is the list of namespaces to use for filtering.\n", + "in": "query", + "name": "ns", + "schema": { + "description": "Namespaces is the list of namespaces to use for filtering.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "AppIDs is the app embedded appID filter.\n", + "in": "query", + "name": "appID", + "schema": { + "description": "AppIDs is the app embedded appID filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Subnets is the source IPs filter.\n", + "in": "query", + "name": "subnet", + "schema": { + "description": "Subnets is the source IPs filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "ConnectingIPs is the connecting IPs filter.\n", + "in": "query", + "name": "connectingIPs", + "schema": { + "description": "ConnectingIPs is the connecting IPs filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Countries is the source IP country filter.\n", + "in": "query", + "name": "country", + "schema": { + "description": "Countries is the source IP country filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "UserAgents is the user agent header filter.\n", + "in": "query", + "name": "userAgentHeader", + "schema": { + "description": "UserAgents is the user agent header filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "URLs is the URL filter.\n", + "in": "query", + "name": "url", + "schema": { + "description": "URLs is the URL filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "RequestHosts is the request host filter.\n", + "in": "query", + "name": "requestHost", + "schema": { + "description": "RequestHosts is the request host filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Paths is the URL path filter.\n", + "in": "query", + "name": "urlPath", + "schema": { + "description": "Paths is the URL path filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Queries is the URL query filter.\n", + "in": "query", + "name": "urlQuery", + "schema": { + "description": "Queries is the URL query filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Methods is the request method filter.\n", + "in": "query", + "name": "method", + "schema": { + "description": "Methods is the request method filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "RequestHeaderNames is the request header names filter.\n", + "in": "query", + "name": "requestHeaderNames", + "schema": { + "description": "RequestHeaderNames is the request header names filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "OS is the OS filter.\n", + "in": "query", + "name": "os", + "schema": { + "description": "OS is the OS filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Messages is the audit message text filter.\n", + "in": "query", + "name": "msg", + "schema": { + "description": "Messages is the audit message text filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Cluster is the audit cluster filter.\n", + "in": "query", + "name": "cluster", + "schema": { + "description": "Cluster is the audit cluster filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "AttackTechniques are the MITRE attack techniques.\n", + "in": "query", + "name": "attackTechniques", + "schema": { + "description": "AttackTechniques are the MITRE attack techniques.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Aggregate indicates whether the result audits should be aggregated according to the Select field.\n", + "in": "query", + "name": "aggregate", + "schema": { + "type": "boolean" + } + }, + { + "description": "Protections is the firewall audit protection type filter.\n", + "in": "query", + "name": "protection", + "schema": { + "description": "Protections is the firewall audit protection type filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "EventID is the event IDs filter.\n", + "in": "query", + "name": "eventID", + "schema": { + "description": "EventID is the event IDs filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "OWASPTop10 is the OWASP top 10 filter.\n", + "in": "query", + "name": "owaspTop10", + "schema": { + "description": "OWASPTop10 is the OWASP top 10 filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "OWASPAPITop10 is the OWASP API top 10 filter.\n", + "in": "query", + "name": "owaspAPITop10", + "schema": { + "description": "OWASPAPITop10 is the OWASP API top 10 filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + } + ], + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Audits" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorWAAS", + "saas": true, + "self-hosted": true + }, + "x-public": true, + "operationId": "get-audits-firewall-app-serverless-download", + "summary": "Download WAAS Serverless Audit Events" + } + }, + "/api/v30.03/audits/firewall/app/serverless/timeslice": { + "get": { + "description": { + "$ref": "https://raw.githubusercontent.com/PaloAltoNetworks/prisma-cloud-docs/master/api/descriptions/audits/waas_serverless_timeslice_get.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Number of reports to retrieve in a page.\nFor PCCE, the maximum limit is 250.\nFor PCEE, the maximum limit is 50.\nThe default value is 50.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Retrieves the result for a search term.\n", + "in": "query", + "name": "search", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result using a key.\nRefer to the columns in the relevant Prisma Cloud Compute user interface to use them as sort keys.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": "Filters the result based on collection names that you have defined in Prisma Cloud Compute.\n", + "in": "query", + "name": "collections", + "schema": { + "description": "Filters the result based on collection names that you have defined in Prisma Cloud Compute.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Scopes the query by cloud provider.\n", + "in": "query", + "name": "provider", + "schema": { + "description": "Scopes the query by cloud provider.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters the result based on cloud account IDs.\n", + "in": "query", + "name": "accountIDs", + "schema": { + "description": "Filters the result based on cloud account IDs.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Scopes the query by resource ID.\n", + "in": "query", + "name": "resourceIDs", + "schema": { + "description": "Scopes the query by resource ID.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Scopes the query by cloud region.\n", + "in": "query", + "name": "region", + "schema": { + "description": "Scopes the query by cloud region.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Retrieves the fields that you need in a report.\nUse the list of fields you want to retrieve. By default, the result shows all fields of data.\n", + "in": "query", + "name": "fields", + "schema": { + "description": "Retrieves the fields that you need in a report.\nUse the list of fields you want to retrieve. By default, the result shows all fields of data.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "From is an optional minimum time constraints for the audit.\n", + "in": "query", + "name": "from", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "To is an optional maximum time constraints for the audit.\n", + "in": "query", + "name": "to", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "Images is the image names filter.\n", + "in": "query", + "name": "imageName", + "schema": { + "description": "Images is the image names filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Containers is the container names filter.\n", + "in": "query", + "name": "containerName", + "schema": { + "description": "Containers is the container names filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Hosts is the hostnames filter.\n", + "in": "query", + "name": "hostname", + "schema": { + "description": "Hosts is the hostnames filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "RuleNames is the rule names filter.\n", + "in": "query", + "name": "ruleName", + "schema": { + "description": "RuleNames is the rule names filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Types is the firewall audit type filter.\n", + "in": "query", + "name": "type", + "schema": { + "description": "Types is the firewall audit type filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Effect is used to filter by runtime audit effect.\n", + "in": "query", + "name": "effect", + "schema": { + "type": "string" + } + }, + { + "description": "RuleAppIDs is the rule app IDs filter.\n", + "in": "query", + "name": "ruleAppID", + "schema": { + "description": "RuleAppIDs is the rule app IDs filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "FunctionName is used to filter by function name.\n", + "in": "query", + "name": "function", + "schema": { + "description": "FunctionName is used to filter by function name.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Runtime is used to filter by runtime.\n", + "in": "query", + "name": "runtime", + "schema": { + "description": "Runtime is used to filter by runtime.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Namespaces is the list of namespaces to use for filtering.\n", + "in": "query", + "name": "ns", + "schema": { + "description": "Namespaces is the list of namespaces to use for filtering.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "AppIDs is the app embedded appID filter.\n", + "in": "query", + "name": "appID", + "schema": { + "description": "AppIDs is the app embedded appID filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Subnets is the source IPs filter.\n", + "in": "query", + "name": "subnet", + "schema": { + "description": "Subnets is the source IPs filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "ConnectingIPs is the connecting IPs filter.\n", + "in": "query", + "name": "connectingIPs", + "schema": { + "description": "ConnectingIPs is the connecting IPs filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Countries is the source IP country filter.\n", + "in": "query", + "name": "country", + "schema": { + "description": "Countries is the source IP country filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "UserAgents is the user agent header filter.\n", + "in": "query", + "name": "userAgentHeader", + "schema": { + "description": "UserAgents is the user agent header filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "URLs is the URL filter.\n", + "in": "query", + "name": "url", + "schema": { + "description": "URLs is the URL filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "RequestHosts is the request host filter.\n", + "in": "query", + "name": "requestHost", + "schema": { + "description": "RequestHosts is the request host filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Paths is the URL path filter.\n", + "in": "query", + "name": "urlPath", + "schema": { + "description": "Paths is the URL path filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Queries is the URL query filter.\n", + "in": "query", + "name": "urlQuery", + "schema": { + "description": "Queries is the URL query filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Methods is the request method filter.\n", + "in": "query", + "name": "method", + "schema": { + "description": "Methods is the request method filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "RequestHeaderNames is the request header names filter.\n", + "in": "query", + "name": "requestHeaderNames", + "schema": { + "description": "RequestHeaderNames is the request header names filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "OS is the OS filter.\n", + "in": "query", + "name": "os", + "schema": { + "description": "OS is the OS filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Messages is the audit message text filter.\n", + "in": "query", + "name": "msg", + "schema": { + "description": "Messages is the audit message text filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Cluster is the audit cluster filter.\n", + "in": "query", + "name": "cluster", + "schema": { + "description": "Cluster is the audit cluster filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "AttackTechniques are the MITRE attack techniques.\n", + "in": "query", + "name": "attackTechniques", + "schema": { + "description": "AttackTechniques are the MITRE attack techniques.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Aggregate indicates whether the result audits should be aggregated according to the Select field.\n", + "in": "query", + "name": "aggregate", + "schema": { + "type": "boolean" + } + }, + { + "description": "Protections is the firewall audit protection type filter.\n", + "in": "query", + "name": "protection", + "schema": { + "description": "Protections is the firewall audit protection type filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "EventID is the event IDs filter.\n", + "in": "query", + "name": "eventID", + "schema": { + "description": "EventID is the event IDs filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "OWASPTop10 is the OWASP top 10 filter.\n", + "in": "query", + "name": "owaspTop10", + "schema": { + "description": "OWASPTop10 is the OWASP top 10 filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "OWASPAPITop10 is the OWASP API top 10 filter.\n", + "in": "query", + "name": "owaspAPITop10", + "schema": { + "description": "OWASPAPITop10 is the OWASP API top 10 filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Buckets is the number of buckets to return.\n", + "in": "query", + "name": "buckets", + "schema": { + "type": "integer" + } + } + ], + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/-_types.AuditTimeslice" + } + } + }, + "description": "" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Audits" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorWAAS", + "saas": true, + "self-hosted": true + }, + "x-public": true, + "operationId": "get-audits-firewall-app-serverless-timeslice", + "summary": "Get WAAS Serverless Audit Events for a Timeframe" + } + }, + "/api/v30.03/audits/firewall/network/container": { + "get": { + "description": { + "$ref": "https://raw.githubusercontent.com/PaloAltoNetworks/prisma-cloud-docs/master/api/descriptions/audits/firewall_network_container_get.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Number of reports to retrieve in a page.\nFor PCCE, the maximum limit is 250.\nFor PCEE, the maximum limit is 50.\nThe default value is 50.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Retrieves the result for a search term.\n", + "in": "query", + "name": "search", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result using a key.\nRefer to the columns in the relevant Prisma Cloud Compute user interface to use them as sort keys.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": "Filters the result based on collection names that you have defined in Prisma Cloud Compute.\n", + "in": "query", + "name": "collections", + "schema": { + "description": "Filters the result based on collection names that you have defined in Prisma Cloud Compute.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Scopes the query by cloud provider.\n", + "in": "query", + "name": "provider", + "schema": { + "description": "Scopes the query by cloud provider.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters the result based on cloud account IDs.\n", + "in": "query", + "name": "accountIDs", + "schema": { + "description": "Filters the result based on cloud account IDs.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Scopes the query by resource ID.\n", + "in": "query", + "name": "resourceIDs", + "schema": { + "description": "Scopes the query by resource ID.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Scopes the query by cloud region.\n", + "in": "query", + "name": "region", + "schema": { + "description": "Scopes the query by cloud region.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Retrieves the fields that you need in a report.\nUse the list of fields you want to retrieve. By default, the result shows all fields of data.\n", + "in": "query", + "name": "fields", + "schema": { + "description": "Retrieves the fields that you need in a report.\nUse the list of fields you want to retrieve. By default, the result shows all fields of data.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "From is an optional minimum time constraints for the audits.\n", + "in": "query", + "name": "from", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "To is an optional maximum time constraints for the audits.\n", + "in": "query", + "name": "to", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "SrcImages are the source images filter.\n", + "in": "query", + "name": "srcImageName", + "schema": { + "description": "SrcImages are the source images filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "DstImages are the destination images filter.\n", + "in": "query", + "name": "dstImageName", + "schema": { + "description": "DstImages are the destination images filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Block is the block/audit filter.\n", + "in": "query", + "name": "block", + "schema": { + "type": "string" + } + } + ], + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/-_shared.ContainerNetworkFirewallProfileAudits" + } + } + }, + "description": "" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Audits" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorCNNF", + "saas": true, + "self-hosted": true + }, + "x-public": true, + "operationId": "get-audits-firewall-network-container", + "summary": "Get CNNS Container Audit Events" + } + }, + "/api/v30.03/audits/firewall/network/container/download": { + "get": { + "description": { + "$ref": "https://raw.githubusercontent.com/PaloAltoNetworks/prisma-cloud-docs/master/api/descriptions/audits/firewall_network_container_download_get.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Number of reports to retrieve in a page.\nFor PCCE, the maximum limit is 250.\nFor PCEE, the maximum limit is 50.\nThe default value is 50.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Retrieves the result for a search term.\n", + "in": "query", + "name": "search", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result using a key.\nRefer to the columns in the relevant Prisma Cloud Compute user interface to use them as sort keys.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": "Filters the result based on collection names that you have defined in Prisma Cloud Compute.\n", + "in": "query", + "name": "collections", + "schema": { + "description": "Filters the result based on collection names that you have defined in Prisma Cloud Compute.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Scopes the query by cloud provider.\n", + "in": "query", + "name": "provider", + "schema": { + "description": "Scopes the query by cloud provider.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters the result based on cloud account IDs.\n", + "in": "query", + "name": "accountIDs", + "schema": { + "description": "Filters the result based on cloud account IDs.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Scopes the query by resource ID.\n", + "in": "query", + "name": "resourceIDs", + "schema": { + "description": "Scopes the query by resource ID.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Scopes the query by cloud region.\n", + "in": "query", + "name": "region", + "schema": { + "description": "Scopes the query by cloud region.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Retrieves the fields that you need in a report.\nUse the list of fields you want to retrieve. By default, the result shows all fields of data.\n", + "in": "query", + "name": "fields", + "schema": { + "description": "Retrieves the fields that you need in a report.\nUse the list of fields you want to retrieve. By default, the result shows all fields of data.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "From is an optional minimum time constraints for the audits.\n", + "in": "query", + "name": "from", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "To is an optional maximum time constraints for the audits.\n", + "in": "query", + "name": "to", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "SrcImages are the source images filter.\n", + "in": "query", + "name": "srcImageName", + "schema": { + "description": "SrcImages are the source images filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "DstImages are the destination images filter.\n", + "in": "query", + "name": "dstImageName", + "schema": { + "description": "DstImages are the destination images filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Block is the block/audit filter.\n", + "in": "query", + "name": "block", + "schema": { + "type": "string" + } + } + ], + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Audits" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorCNNF", + "saas": true, + "self-hosted": true + }, + "x-public": true, + "operationId": "get-audits-firewall-network-container-download", + "summary": "Download CNNS Container Audit Events" + } + }, + "/api/v30.03/audits/firewall/network/host": { + "get": { + "description": { + "$ref": "https://raw.githubusercontent.com/PaloAltoNetworks/prisma-cloud-docs/master/api/descriptions/audits/firewall_network_host_get.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Number of reports to retrieve in a page.\nFor PCCE, the maximum limit is 250.\nFor PCEE, the maximum limit is 50.\nThe default value is 50.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Retrieves the result for a search term.\n", + "in": "query", + "name": "search", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result using a key.\nRefer to the columns in the relevant Prisma Cloud Compute user interface to use them as sort keys.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": "Filters the result based on collection names that you have defined in Prisma Cloud Compute.\n", + "in": "query", + "name": "collections", + "schema": { + "description": "Filters the result based on collection names that you have defined in Prisma Cloud Compute.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Scopes the query by cloud provider.\n", + "in": "query", + "name": "provider", + "schema": { + "description": "Scopes the query by cloud provider.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters the result based on cloud account IDs.\n", + "in": "query", + "name": "accountIDs", + "schema": { + "description": "Filters the result based on cloud account IDs.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Scopes the query by resource ID.\n", + "in": "query", + "name": "resourceIDs", + "schema": { + "description": "Scopes the query by resource ID.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Scopes the query by cloud region.\n", + "in": "query", + "name": "region", + "schema": { + "description": "Scopes the query by cloud region.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Retrieves the fields that you need in a report.\nUse the list of fields you want to retrieve. By default, the result shows all fields of data.\n", + "in": "query", + "name": "fields", + "schema": { + "description": "Retrieves the fields that you need in a report.\nUse the list of fields you want to retrieve. By default, the result shows all fields of data.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "From is an optional minimum time constraints for the audits.\n", + "in": "query", + "name": "from", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "To is an optional maximum time constraints for the audits.\n", + "in": "query", + "name": "to", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "SrcHostname are the source hostnames filter.\n", + "in": "query", + "name": "srcHostnames", + "schema": { + "description": "SrcHostname are the source hostnames filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "DstHostname are the destination hostnames filter.\n", + "in": "query", + "name": "dstHostnames", + "schema": { + "description": "DstHostname are the destination hostnames filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + } + ], + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/-_shared.HostNetworkFirewallProfileAudits" + } + } + }, + "description": "" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Audits" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorCNNF", + "saas": true, + "self-hosted": true + }, + "x-public": true, + "operationId": "get-audits-firewall-network-host", + "summary": "Get CNNS Host Audit Events" + } + }, + "/api/v30.03/audits/firewall/network/host/download": { + "get": { + "description": { + "$ref": "https://raw.githubusercontent.com/PaloAltoNetworks/prisma-cloud-docs/master/api/descriptions/audits/firewall_network_host_download_get.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Number of reports to retrieve in a page.\nFor PCCE, the maximum limit is 250.\nFor PCEE, the maximum limit is 50.\nThe default value is 50.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Retrieves the result for a search term.\n", + "in": "query", + "name": "search", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result using a key.\nRefer to the columns in the relevant Prisma Cloud Compute user interface to use them as sort keys.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": "Filters the result based on collection names that you have defined in Prisma Cloud Compute.\n", + "in": "query", + "name": "collections", + "schema": { + "description": "Filters the result based on collection names that you have defined in Prisma Cloud Compute.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Scopes the query by cloud provider.\n", + "in": "query", + "name": "provider", + "schema": { + "description": "Scopes the query by cloud provider.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters the result based on cloud account IDs.\n", + "in": "query", + "name": "accountIDs", + "schema": { + "description": "Filters the result based on cloud account IDs.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Scopes the query by resource ID.\n", + "in": "query", + "name": "resourceIDs", + "schema": { + "description": "Scopes the query by resource ID.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Scopes the query by cloud region.\n", + "in": "query", + "name": "region", + "schema": { + "description": "Scopes the query by cloud region.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Retrieves the fields that you need in a report.\nUse the list of fields you want to retrieve. By default, the result shows all fields of data.\n", + "in": "query", + "name": "fields", + "schema": { + "description": "Retrieves the fields that you need in a report.\nUse the list of fields you want to retrieve. By default, the result shows all fields of data.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "From is an optional minimum time constraints for the audits.\n", + "in": "query", + "name": "from", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "To is an optional maximum time constraints for the audits.\n", + "in": "query", + "name": "to", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "SrcHostname are the source hostnames filter.\n", + "in": "query", + "name": "srcHostnames", + "schema": { + "description": "SrcHostname are the source hostnames filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "DstHostname are the destination hostnames filter.\n", + "in": "query", + "name": "dstHostnames", + "schema": { + "description": "DstHostname are the destination hostnames filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + } + ], + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Audits" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorCNNF", + "saas": true, + "self-hosted": true + }, + "x-public": true, + "operationId": "get-audits-firewall-network-host-download", + "summary": "Download CNNS Host Audit Events" + } + }, + "/api/v30.03/audits/incidents": { + "get": { + "description": { + "$ref": "https://raw.githubusercontent.com/PaloAltoNetworks/prisma-cloud-docs/master/api/descriptions/audits/incidents_get.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Number of reports to retrieve in a page.\nFor PCCE, the maximum limit is 250.\nFor PCEE, the maximum limit is 50.\nThe default value is 50.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Retrieves the result for a search term.\n", + "in": "query", + "name": "search", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result using a key.\nRefer to the columns in the relevant Prisma Cloud Compute user interface to use them as sort keys.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": "Filters the result based on collection names that you have defined in Prisma Cloud Compute.\n", + "in": "query", + "name": "collections", + "schema": { + "description": "Filters the result based on collection names that you have defined in Prisma Cloud Compute.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Scopes the query by cloud provider.\n", + "in": "query", + "name": "provider", + "schema": { + "description": "Scopes the query by cloud provider.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters the result based on cloud account IDs.\n", + "in": "query", + "name": "accountIDs", + "schema": { + "description": "Filters the result based on cloud account IDs.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Scopes the query by resource ID.\n", + "in": "query", + "name": "resourceIDs", + "schema": { + "description": "Scopes the query by resource ID.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Scopes the query by cloud region.\n", + "in": "query", + "name": "region", + "schema": { + "description": "Scopes the query by cloud region.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Retrieves the fields that you need in a report.\nUse the list of fields you want to retrieve. By default, the result shows all fields of data.\n", + "in": "query", + "name": "fields", + "schema": { + "description": "Retrieves the fields that you need in a report.\nUse the list of fields you want to retrieve. By default, the result shows all fields of data.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters results from a start datetime.\n", + "in": "query", + "name": "from", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "Filters results from an end datetime.\n", + "in": "query", + "name": "to", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "Filters results by hostname where the incident occurred.\n", + "in": "query", + "name": "hostname", + "schema": { + "description": "Filters results by hostname where the incident occurred.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters results by incident category.\n", + "in": "query", + "name": "category", + "schema": { + "description": "Filters results by incident category.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters results by incident type.\n", + "in": "query", + "name": "type", + "schema": { + "description": "Filters results by incident type.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters results by runtime profile ID.\n", + "in": "query", + "name": "profileID", + "schema": { + "description": "Filters results by runtime profile ID.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters results by incidents that have been acknowledged.\n", + "in": "query", + "name": "acknowledged", + "schema": { + "type": "string" + } + }, + { + "description": "Filters results by region (for functions)\nFilters results by cluster name.\n", + "in": "query", + "name": "cluster", + "schema": { + "description": "Filters results by region (for functions)\nFilters results by cluster name.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters results by ID.\n", + "in": "query", + "name": "id", + "schema": { + "description": "Filters results by ID.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters results by app IDs.\n", + "in": "query", + "name": "appID", + "schema": { + "description": "Filters results by app IDs.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters results by container IDs.\n", + "in": "query", + "name": "containerID", + "schema": { + "description": "Filters results by container IDs.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters results by function IDs.\n", + "in": "query", + "name": "functionID", + "schema": { + "description": "Filters results by function IDs.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters results by custom rule names.\n", + "in": "query", + "name": "customRuleName", + "schema": { + "description": "Filters results by custom rule names.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + } + ], + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/-_shared.Incident" + } + } + }, + "description": "" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Audits" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorRuntimeIncidents", + "saas": true, + "self-hosted": true + }, + "x-public": true, + "operationId": "get-audits-incidents", + "summary": "Get Incident Audit Events" + } + }, + "/api/v30.03/audits/incidents/acknowledge/{id}": { + "patch": { + "description": { + "$ref": "https://raw.githubusercontent.com/PaloAltoNetworks/prisma-cloud-docs/master/api/descriptions/audits/incidents_archive_patch.md" + }, + "parameters": [ + { + "in": "path", + "name": "id", + "required": true, + "schema": { + "type": "string" + } + } + ], + "requestBody": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/shared.Incident" + } + } + } + }, + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Audits" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorRuntimeIncidents", + "saas": true, + "self-hosted": true + }, + "x-public": true, + "operationId": "patch-audits-incidents-acknowledge-id", + "summary": "Archive an Incident Audit Event" + } + }, + "/api/v30.03/audits/incidents/download": { + "get": { + "description": { + "$ref": "https://raw.githubusercontent.com/PaloAltoNetworks/prisma-cloud-docs/master/api/descriptions/audits/incidents_download_get.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Number of reports to retrieve in a page.\nFor PCCE, the maximum limit is 250.\nFor PCEE, the maximum limit is 50.\nThe default value is 50.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Retrieves the result for a search term.\n", + "in": "query", + "name": "search", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result using a key.\nRefer to the columns in the relevant Prisma Cloud Compute user interface to use them as sort keys.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": "Filters the result based on collection names that you have defined in Prisma Cloud Compute.\n", + "in": "query", + "name": "collections", + "schema": { + "description": "Filters the result based on collection names that you have defined in Prisma Cloud Compute.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Scopes the query by cloud provider.\n", + "in": "query", + "name": "provider", + "schema": { + "description": "Scopes the query by cloud provider.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters the result based on cloud account IDs.\n", + "in": "query", + "name": "accountIDs", + "schema": { + "description": "Filters the result based on cloud account IDs.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Scopes the query by resource ID.\n", + "in": "query", + "name": "resourceIDs", + "schema": { + "description": "Scopes the query by resource ID.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Scopes the query by cloud region.\n", + "in": "query", + "name": "region", + "schema": { + "description": "Scopes the query by cloud region.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Retrieves the fields that you need in a report.\nUse the list of fields you want to retrieve. By default, the result shows all fields of data.\n", + "in": "query", + "name": "fields", + "schema": { + "description": "Retrieves the fields that you need in a report.\nUse the list of fields you want to retrieve. By default, the result shows all fields of data.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters results from a start datetime.\n", + "in": "query", + "name": "from", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "Filters results from an end datetime.\n", + "in": "query", + "name": "to", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "Filters results by hostname where the incident occurred.\n", + "in": "query", + "name": "hostname", + "schema": { + "description": "Filters results by hostname where the incident occurred.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters results by incident category.\n", + "in": "query", + "name": "category", + "schema": { + "description": "Filters results by incident category.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters results by incident type.\n", + "in": "query", + "name": "type", + "schema": { + "description": "Filters results by incident type.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters results by runtime profile ID.\n", + "in": "query", + "name": "profileID", + "schema": { + "description": "Filters results by runtime profile ID.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters results by incidents that have been acknowledged.\n", + "in": "query", + "name": "acknowledged", + "schema": { + "type": "string" + } + }, + { + "description": "Filters results by region (for functions)\nFilters results by cluster name.\n", + "in": "query", + "name": "cluster", + "schema": { + "description": "Filters results by region (for functions)\nFilters results by cluster name.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters results by ID.\n", + "in": "query", + "name": "id", + "schema": { + "description": "Filters results by ID.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters results by app IDs.\n", + "in": "query", + "name": "appID", + "schema": { + "description": "Filters results by app IDs.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters results by container IDs.\n", + "in": "query", + "name": "containerID", + "schema": { + "description": "Filters results by container IDs.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters results by function IDs.\n", + "in": "query", + "name": "functionID", + "schema": { + "description": "Filters results by function IDs.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters results by custom rule names.\n", + "in": "query", + "name": "customRuleName", + "schema": { + "description": "Filters results by custom rule names.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + } + ], + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Audits" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorRuntimeIncidents", + "saas": true, + "self-hosted": true + }, + "x-public": true, + "operationId": "get-audits-incidents-download", + "summary": "Download Incident Audit Events" + } + }, + "/api/v30.03/audits/kubernetes": { + "get": { + "description": { + "$ref": "https://raw.githubusercontent.com/PaloAltoNetworks/prisma-cloud-docs/master/api/descriptions/audits/kubernetes_get.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Number of reports to retrieve in a page.\nFor PCCE, the maximum limit is 250.\nFor PCEE, the maximum limit is 50.\nThe default value is 50.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Retrieves the result for a search term.\n", + "in": "query", + "name": "search", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result using a key.\nRefer to the columns in the relevant Prisma Cloud Compute user interface to use them as sort keys.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": "Filters the result based on collection names that you have defined in Prisma Cloud Compute.\n", + "in": "query", + "name": "collections", + "schema": { + "description": "Filters the result based on collection names that you have defined in Prisma Cloud Compute.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Scopes the query by cloud provider.\n", + "in": "query", + "name": "provider", + "schema": { + "description": "Scopes the query by cloud provider.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters the result based on cloud account IDs.\n", + "in": "query", + "name": "accountIDs", + "schema": { + "description": "Filters the result based on cloud account IDs.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Scopes the query by resource ID.\n", + "in": "query", + "name": "resourceIDs", + "schema": { + "description": "Scopes the query by resource ID.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Scopes the query by cloud region.\n", + "in": "query", + "name": "region", + "schema": { + "description": "Scopes the query by cloud region.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Retrieves the fields that you need in a report.\nUse the list of fields you want to retrieve. By default, the result shows all fields of data.\n", + "in": "query", + "name": "fields", + "schema": { + "description": "Retrieves the fields that you need in a report.\nUse the list of fields you want to retrieve. By default, the result shows all fields of data.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "From is an optional minimum time constraints for the activity.\n", + "in": "query", + "name": "from", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "To is an optional maximum time constraints for the activity.\n", + "in": "query", + "name": "to", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "Users is the list of users to use for filtering.\n", + "in": "query", + "name": "user", + "schema": { + "description": "Users is the list of users to use for filtering.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "AttackTechniques are the MITRE attack techniques.\n", + "in": "query", + "name": "attackTechniques", + "schema": { + "description": "AttackTechniques are the MITRE attack techniques.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Clusters is the list of clusters for filtering.\n", + "in": "query", + "name": "cluster", + "schema": { + "description": "Clusters is the list of clusters for filtering.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + } + ], + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/-_kubeaudit.Audit" + } + } + }, + "description": "" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Audits" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorAccessKubernetes", + "saas": true, + "self-hosted": true + }, + "x-public": true, + "operationId": "get-audits-kubernetes", + "summary": "Get Kubernetes Audit Events" + } + }, + "/api/v30.03/audits/kubernetes/download": { + "get": { + "description": { + "$ref": "https://raw.githubusercontent.com/PaloAltoNetworks/prisma-cloud-docs/master/api/descriptions/audits/kubernetes_download_get.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Number of reports to retrieve in a page.\nFor PCCE, the maximum limit is 250.\nFor PCEE, the maximum limit is 50.\nThe default value is 50.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Retrieves the result for a search term.\n", + "in": "query", + "name": "search", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result using a key.\nRefer to the columns in the relevant Prisma Cloud Compute user interface to use them as sort keys.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": "Filters the result based on collection names that you have defined in Prisma Cloud Compute.\n", + "in": "query", + "name": "collections", + "schema": { + "description": "Filters the result based on collection names that you have defined in Prisma Cloud Compute.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Scopes the query by cloud provider.\n", + "in": "query", + "name": "provider", + "schema": { + "description": "Scopes the query by cloud provider.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters the result based on cloud account IDs.\n", + "in": "query", + "name": "accountIDs", + "schema": { + "description": "Filters the result based on cloud account IDs.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Scopes the query by resource ID.\n", + "in": "query", + "name": "resourceIDs", + "schema": { + "description": "Scopes the query by resource ID.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Scopes the query by cloud region.\n", + "in": "query", + "name": "region", + "schema": { + "description": "Scopes the query by cloud region.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Retrieves the fields that you need in a report.\nUse the list of fields you want to retrieve. By default, the result shows all fields of data.\n", + "in": "query", + "name": "fields", + "schema": { + "description": "Retrieves the fields that you need in a report.\nUse the list of fields you want to retrieve. By default, the result shows all fields of data.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "From is an optional minimum time constraints for the activity.\n", + "in": "query", + "name": "from", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "To is an optional maximum time constraints for the activity.\n", + "in": "query", + "name": "to", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "Users is the list of users to use for filtering.\n", + "in": "query", + "name": "user", + "schema": { + "description": "Users is the list of users to use for filtering.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "AttackTechniques are the MITRE attack techniques.\n", + "in": "query", + "name": "attackTechniques", + "schema": { + "description": "AttackTechniques are the MITRE attack techniques.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Clusters is the list of clusters for filtering.\n", + "in": "query", + "name": "cluster", + "schema": { + "description": "Clusters is the list of clusters for filtering.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + } + ], + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Audits" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorAccessKubernetes", + "saas": true, + "self-hosted": true + }, + "x-public": true, + "operationId": "get-audits-kubernetes-download", + "summary": "Download Kubernetes Audit Events" + } + }, + "/api/v30.03/audits/mgmt": { + "get": { + "description": { + "$ref": "https://raw.githubusercontent.com/PaloAltoNetworks/prisma-cloud-docs/master/api/descriptions/audits/mgmt_get.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Number of reports to retrieve in a page.\nFor PCCE, the maximum limit is 250.\nFor PCEE, the maximum limit is 50.\nThe default value is 50.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Retrieves the result for a search term.\n", + "in": "query", + "name": "search", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result using a key.\nRefer to the columns in the relevant Prisma Cloud Compute user interface to use them as sort keys.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": "Filters the result based on collection names that you have defined in Prisma Cloud Compute.\n", + "in": "query", + "name": "collections", + "schema": { + "description": "Filters the result based on collection names that you have defined in Prisma Cloud Compute.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Scopes the query by cloud provider.\n", + "in": "query", + "name": "provider", + "schema": { + "description": "Scopes the query by cloud provider.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters the result based on cloud account IDs.\n", + "in": "query", + "name": "accountIDs", + "schema": { + "description": "Filters the result based on cloud account IDs.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Scopes the query by resource ID.\n", + "in": "query", + "name": "resourceIDs", + "schema": { + "description": "Scopes the query by resource ID.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Scopes the query by cloud region.\n", + "in": "query", + "name": "region", + "schema": { + "description": "Scopes the query by cloud region.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Retrieves the fields that you need in a report.\nUse the list of fields you want to retrieve. By default, the result shows all fields of data.\n", + "in": "query", + "name": "fields", + "schema": { + "description": "Retrieves the fields that you need in a report.\nUse the list of fields you want to retrieve. By default, the result shows all fields of data.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "From is an optional minimum time constraints for the audit.\n", + "in": "query", + "name": "from", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "To is an optional maximum time constraints for the audit.\n", + "in": "query", + "name": "to", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "Types is the audit type filter.\n", + "in": "query", + "name": "type", + "schema": { + "description": "Types is the audit type filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Usernames is the username filter.\n", + "in": "query", + "name": "username", + "schema": { + "description": "Usernames is the username filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + } + ], + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/-_shared.MgmtAudit" + } + } + }, + "description": "" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Audits" + ], + "x-prisma-cloud-target-env": { + "permission": "systemLogs", + "saas": true, + "self-hosted": true + }, + "x-public": true, + "operationId": "get-audits-mgmt", + "summary": "Get Management Audit Events" + } + }, + "/api/v30.03/audits/mgmt/download": { + "get": { + "description": { + "$ref": "https://raw.githubusercontent.com/PaloAltoNetworks/prisma-cloud-docs/master/api/descriptions/audits/mgmt_download_get.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Number of reports to retrieve in a page.\nFor PCCE, the maximum limit is 250.\nFor PCEE, the maximum limit is 50.\nThe default value is 50.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Retrieves the result for a search term.\n", + "in": "query", + "name": "search", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result using a key.\nRefer to the columns in the relevant Prisma Cloud Compute user interface to use them as sort keys.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": "Filters the result based on collection names that you have defined in Prisma Cloud Compute.\n", + "in": "query", + "name": "collections", + "schema": { + "description": "Filters the result based on collection names that you have defined in Prisma Cloud Compute.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Scopes the query by cloud provider.\n", + "in": "query", + "name": "provider", + "schema": { + "description": "Scopes the query by cloud provider.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters the result based on cloud account IDs.\n", + "in": "query", + "name": "accountIDs", + "schema": { + "description": "Filters the result based on cloud account IDs.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Scopes the query by resource ID.\n", + "in": "query", + "name": "resourceIDs", + "schema": { + "description": "Scopes the query by resource ID.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Scopes the query by cloud region.\n", + "in": "query", + "name": "region", + "schema": { + "description": "Scopes the query by cloud region.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Retrieves the fields that you need in a report.\nUse the list of fields you want to retrieve. By default, the result shows all fields of data.\n", + "in": "query", + "name": "fields", + "schema": { + "description": "Retrieves the fields that you need in a report.\nUse the list of fields you want to retrieve. By default, the result shows all fields of data.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "From is an optional minimum time constraints for the audit.\n", + "in": "query", + "name": "from", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "To is an optional maximum time constraints for the audit.\n", + "in": "query", + "name": "to", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "Types is the audit type filter.\n", + "in": "query", + "name": "type", + "schema": { + "description": "Types is the audit type filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Usernames is the username filter.\n", + "in": "query", + "name": "username", + "schema": { + "description": "Usernames is the username filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + } + ], + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Audits" + ], + "x-prisma-cloud-target-env": { + "permission": "systemLogs", + "saas": true, + "self-hosted": true + }, + "x-public": true, + "operationId": "get-audits-mgmt-download", + "summary": "Download Management Audit Events" + } + }, + "/api/v30.03/audits/mgmt/filters": { + "get": { + "description": { + "$ref": "https://raw.githubusercontent.com/PaloAltoNetworks/prisma-cloud-docs/master/api/descriptions/audits/mgmt_filters_get.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Number of reports to retrieve in a page.\nFor PCCE, the maximum limit is 250.\nFor PCEE, the maximum limit is 50.\nThe default value is 50.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Retrieves the result for a search term.\n", + "in": "query", + "name": "search", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result using a key.\nRefer to the columns in the relevant Prisma Cloud Compute user interface to use them as sort keys.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": "Filters the result based on collection names that you have defined in Prisma Cloud Compute.\n", + "in": "query", + "name": "collections", + "schema": { + "description": "Filters the result based on collection names that you have defined in Prisma Cloud Compute.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Scopes the query by cloud provider.\n", + "in": "query", + "name": "provider", + "schema": { + "description": "Scopes the query by cloud provider.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters the result based on cloud account IDs.\n", + "in": "query", + "name": "accountIDs", + "schema": { + "description": "Filters the result based on cloud account IDs.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Scopes the query by resource ID.\n", + "in": "query", + "name": "resourceIDs", + "schema": { + "description": "Scopes the query by resource ID.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Scopes the query by cloud region.\n", + "in": "query", + "name": "region", + "schema": { + "description": "Scopes the query by cloud region.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Retrieves the fields that you need in a report.\nUse the list of fields you want to retrieve. By default, the result shows all fields of data.\n", + "in": "query", + "name": "fields", + "schema": { + "description": "Retrieves the fields that you need in a report.\nUse the list of fields you want to retrieve. By default, the result shows all fields of data.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "From is an optional minimum time constraints for the audit.\n", + "in": "query", + "name": "from", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "To is an optional maximum time constraints for the audit.\n", + "in": "query", + "name": "to", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "Types is the audit type filter.\n", + "in": "query", + "name": "type", + "schema": { + "description": "Types is the audit type filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Usernames is the username filter.\n", + "in": "query", + "name": "username", + "schema": { + "description": "Usernames is the username filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + } + ], + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/types.MgmtAuditFilters" + } + } + }, + "description": "MgmtAuditFilters are filters for management audit queries" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Audits" + ], + "x-prisma-cloud-target-env": { + "permission": "systemLogs", + "saas": true, + "self-hosted": true + }, + "x-public": true, + "operationId": "get-audits-mgmt-filters", + "summary": "Get Management Audit Event Filters" + } + }, + "/api/v30.03/audits/runtime/app-embedded": { + "get": { + "description": { + "$ref": "https://raw.githubusercontent.com/PaloAltoNetworks/prisma-cloud-docs/master/api/descriptions/audits/runtime_app_embedded_get.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Number of reports to retrieve in a page.\nFor PCCE, the maximum limit is 250.\nFor PCEE, the maximum limit is 50.\nThe default value is 50.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Retrieves the result for a search term.\n", + "in": "query", + "name": "search", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result using a key.\nRefer to the columns in the relevant Prisma Cloud Compute user interface to use them as sort keys.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": "Filters the result based on collection names that you have defined in Prisma Cloud Compute.\n", + "in": "query", + "name": "collections", + "schema": { + "description": "Filters the result based on collection names that you have defined in Prisma Cloud Compute.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Scopes the query by cloud provider.\n", + "in": "query", + "name": "provider", + "schema": { + "description": "Scopes the query by cloud provider.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters the result based on cloud account IDs.\n", + "in": "query", + "name": "accountIDs", + "schema": { + "description": "Filters the result based on cloud account IDs.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Scopes the query by resource ID.\n", + "in": "query", + "name": "resourceIDs", + "schema": { + "description": "Scopes the query by resource ID.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Scopes the query by cloud region.\n", + "in": "query", + "name": "region", + "schema": { + "description": "Scopes the query by cloud region.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Retrieves the fields that you need in a report.\nUse the list of fields you want to retrieve. By default, the result shows all fields of data.\n", + "in": "query", + "name": "fields", + "schema": { + "description": "Retrieves the fields that you need in a report.\nUse the list of fields you want to retrieve. By default, the result shows all fields of data.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "IDs are the audit IDs to filter.\n", + "in": "query", + "name": "id", + "schema": { + "description": "IDs are the audit IDs to filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "ProfileIDs are the profile IDs to filter.\n", + "in": "query", + "name": "profileID", + "schema": { + "description": "ProfileIDs are the profile IDs to filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "From is an optional minimum time constraints for the audit.\n", + "in": "query", + "name": "from", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "To is an optional maximum time constraints for the audit.\n", + "in": "query", + "name": "to", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "Time is used to filter by audit time.\n", + "in": "query", + "name": "time", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "ImageNames is the image name filter.\n", + "in": "query", + "name": "imageName", + "schema": { + "description": "ImageNames is the image name filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Containers is the container name filter.\n", + "in": "query", + "name": "container", + "schema": { + "description": "Containers is the container name filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "ContainerID is used to filter by container ID.\n", + "in": "query", + "name": "containerID", + "schema": { + "description": "ContainerID is used to filter by container ID.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "RuleNames is used to filter by rule name.\n", + "in": "query", + "name": "ruleName", + "schema": { + "description": "RuleNames is used to filter by rule name.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Types is used to filter by runtime audit type.\n", + "in": "query", + "name": "type", + "schema": { + "description": "Types is used to filter by runtime audit type.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Effect is used to filter by runtime audit effect (e.g., block/alert).\n", + "in": "query", + "name": "effect", + "schema": { + "description": "Effect is used to filter by runtime audit effect (e.g., block/alert).\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Users is used to filter by host users.\n", + "in": "query", + "name": "user", + "schema": { + "description": "Users is used to filter by host users.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "OS is the image OS distro filter.\n", + "in": "query", + "name": "os", + "schema": { + "description": "OS is the image OS distro filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Namespaces is the namespaces filter.\n", + "in": "query", + "name": "namespace", + "schema": { + "description": "Namespaces is the namespaces filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Clusters is the cluster filter.\n", + "in": "query", + "name": "cluster", + "schema": { + "description": "Clusters is the cluster filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "AttackTypes is used to filter by runtime audit attack type.\n", + "in": "query", + "name": "attackType", + "schema": { + "description": "AttackTypes is used to filter by runtime audit attack type.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Hostname is the hostname filter.\n", + "in": "query", + "name": "hostname", + "schema": { + "description": "Hostname is the hostname filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Message is the audit message text filter.\n", + "in": "query", + "name": "msg", + "schema": { + "description": "Message is the audit message text filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Interactive is the audit interactive filter.\n", + "in": "query", + "name": "interactive", + "schema": { + "description": "Interactive is the audit interactive filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Function is used to filter by function name.\n", + "in": "query", + "name": "function", + "schema": { + "description": "Function is used to filter by function name.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Runtime is used to filter by runtime.\n", + "in": "query", + "name": "runtime", + "schema": { + "description": "Runtime is used to filter by runtime.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "AttackTechniques are the MITRE attack techniques.\n", + "in": "query", + "name": "attackTechniques", + "schema": { + "description": "AttackTechniques are the MITRE attack techniques.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "App is the name constraint of the service that triggered the audit.\n", + "in": "query", + "name": "app", + "schema": { + "description": "App is the name constraint of the service that triggered the audit.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "ProcessPath is the path constraint of the process that triggered the audit.\n", + "in": "query", + "name": "processPath", + "schema": { + "description": "ProcessPath is the path constraint of the process that triggered the audit.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "RequestID is used to filter by request ID.\n", + "in": "query", + "name": "requestID", + "schema": { + "description": "RequestID is used to filter by request ID.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "FunctionID is used to filter by function ID.\n", + "in": "query", + "name": "functionID", + "schema": { + "description": "FunctionID is used to filter by function ID.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Aggregate indicates whether the result audits should be aggregated according to the Select field.\n", + "in": "query", + "name": "aggregate", + "schema": { + "type": "boolean" + } + }, + { + "description": "AppID is used to filter by embedded app or Fargate task that triggered the audit.\n", + "in": "query", + "name": "appID", + "schema": { + "description": "AppID is used to filter by embedded app or Fargate task that triggered the audit.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + } + ], + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/-_shared.RuntimeAudit" + } + } + }, + "description": "" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Audits" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorRuntimeServerless", + "saas": true, + "self-hosted": true + }, + "x-public": true, + "operationId": "get-audits-runtime-app-embedded", + "summary": "Get Runtime App-embedded Audit Events" + } + }, + "/api/v30.03/audits/runtime/app-embedded/download": { + "get": { + "description": { + "$ref": "https://raw.githubusercontent.com/PaloAltoNetworks/prisma-cloud-docs/master/api/descriptions/audits/runtime_app_embedded_download_get.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Number of reports to retrieve in a page.\nFor PCCE, the maximum limit is 250.\nFor PCEE, the maximum limit is 50.\nThe default value is 50.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Retrieves the result for a search term.\n", + "in": "query", + "name": "search", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result using a key.\nRefer to the columns in the relevant Prisma Cloud Compute user interface to use them as sort keys.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": "Filters the result based on collection names that you have defined in Prisma Cloud Compute.\n", + "in": "query", + "name": "collections", + "schema": { + "description": "Filters the result based on collection names that you have defined in Prisma Cloud Compute.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Scopes the query by cloud provider.\n", + "in": "query", + "name": "provider", + "schema": { + "description": "Scopes the query by cloud provider.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters the result based on cloud account IDs.\n", + "in": "query", + "name": "accountIDs", + "schema": { + "description": "Filters the result based on cloud account IDs.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Scopes the query by resource ID.\n", + "in": "query", + "name": "resourceIDs", + "schema": { + "description": "Scopes the query by resource ID.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Scopes the query by cloud region.\n", + "in": "query", + "name": "region", + "schema": { + "description": "Scopes the query by cloud region.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Retrieves the fields that you need in a report.\nUse the list of fields you want to retrieve. By default, the result shows all fields of data.\n", + "in": "query", + "name": "fields", + "schema": { + "description": "Retrieves the fields that you need in a report.\nUse the list of fields you want to retrieve. By default, the result shows all fields of data.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "IDs are the audit IDs to filter.\n", + "in": "query", + "name": "id", + "schema": { + "description": "IDs are the audit IDs to filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "ProfileIDs are the profile IDs to filter.\n", + "in": "query", + "name": "profileID", + "schema": { + "description": "ProfileIDs are the profile IDs to filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "From is an optional minimum time constraints for the audit.\n", + "in": "query", + "name": "from", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "To is an optional maximum time constraints for the audit.\n", + "in": "query", + "name": "to", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "Time is used to filter by audit time.\n", + "in": "query", + "name": "time", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "ImageNames is the image name filter.\n", + "in": "query", + "name": "imageName", + "schema": { + "description": "ImageNames is the image name filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Containers is the container name filter.\n", + "in": "query", + "name": "container", + "schema": { + "description": "Containers is the container name filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "ContainerID is used to filter by container ID.\n", + "in": "query", + "name": "containerID", + "schema": { + "description": "ContainerID is used to filter by container ID.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "RuleNames is used to filter by rule name.\n", + "in": "query", + "name": "ruleName", + "schema": { + "description": "RuleNames is used to filter by rule name.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Types is used to filter by runtime audit type.\n", + "in": "query", + "name": "type", + "schema": { + "description": "Types is used to filter by runtime audit type.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Effect is used to filter by runtime audit effect (e.g., block/alert).\n", + "in": "query", + "name": "effect", + "schema": { + "description": "Effect is used to filter by runtime audit effect (e.g., block/alert).\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Users is used to filter by host users.\n", + "in": "query", + "name": "user", + "schema": { + "description": "Users is used to filter by host users.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "OS is the image OS distro filter.\n", + "in": "query", + "name": "os", + "schema": { + "description": "OS is the image OS distro filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Namespaces is the namespaces filter.\n", + "in": "query", + "name": "namespace", + "schema": { + "description": "Namespaces is the namespaces filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Clusters is the cluster filter.\n", + "in": "query", + "name": "cluster", + "schema": { + "description": "Clusters is the cluster filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "AttackTypes is used to filter by runtime audit attack type.\n", + "in": "query", + "name": "attackType", + "schema": { + "description": "AttackTypes is used to filter by runtime audit attack type.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Hostname is the hostname filter.\n", + "in": "query", + "name": "hostname", + "schema": { + "description": "Hostname is the hostname filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Message is the audit message text filter.\n", + "in": "query", + "name": "msg", + "schema": { + "description": "Message is the audit message text filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Interactive is the audit interactive filter.\n", + "in": "query", + "name": "interactive", + "schema": { + "description": "Interactive is the audit interactive filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Function is used to filter by function name.\n", + "in": "query", + "name": "function", + "schema": { + "description": "Function is used to filter by function name.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Runtime is used to filter by runtime.\n", + "in": "query", + "name": "runtime", + "schema": { + "description": "Runtime is used to filter by runtime.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "AttackTechniques are the MITRE attack techniques.\n", + "in": "query", + "name": "attackTechniques", + "schema": { + "description": "AttackTechniques are the MITRE attack techniques.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "App is the name constraint of the service that triggered the audit.\n", + "in": "query", + "name": "app", + "schema": { + "description": "App is the name constraint of the service that triggered the audit.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "ProcessPath is the path constraint of the process that triggered the audit.\n", + "in": "query", + "name": "processPath", + "schema": { + "description": "ProcessPath is the path constraint of the process that triggered the audit.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "RequestID is used to filter by request ID.\n", + "in": "query", + "name": "requestID", + "schema": { + "description": "RequestID is used to filter by request ID.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "FunctionID is used to filter by function ID.\n", + "in": "query", + "name": "functionID", + "schema": { + "description": "FunctionID is used to filter by function ID.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Aggregate indicates whether the result audits should be aggregated according to the Select field.\n", + "in": "query", + "name": "aggregate", + "schema": { + "type": "boolean" + } + }, + { + "description": "AppID is used to filter by embedded app or Fargate task that triggered the audit.\n", + "in": "query", + "name": "appID", + "schema": { + "description": "AppID is used to filter by embedded app or Fargate task that triggered the audit.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + } + ], + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Audits" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorRuntimeServerless", + "saas": true, + "self-hosted": true + }, + "x-public": true, + "operationId": "get-audits-runtime-app-embedded-download", + "summary": "Download Runtime App-embedded Audit Events" + } + }, + "/api/v30.03/audits/runtime/container": { + "get": { + "description": { + "$ref": "https://raw.githubusercontent.com/PaloAltoNetworks/prisma-cloud-docs/master/api/descriptions/audits/runtime_container_get.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Number of reports to retrieve in a page.\nFor PCCE, the maximum limit is 250.\nFor PCEE, the maximum limit is 50.\nThe default value is 50.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Retrieves the result for a search term.\n", + "in": "query", + "name": "search", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result using a key.\nRefer to the columns in the relevant Prisma Cloud Compute user interface to use them as sort keys.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": "Filters the result based on collection names that you have defined in Prisma Cloud Compute.\n", + "in": "query", + "name": "collections", + "schema": { + "description": "Filters the result based on collection names that you have defined in Prisma Cloud Compute.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Scopes the query by cloud provider.\n", + "in": "query", + "name": "provider", + "schema": { + "description": "Scopes the query by cloud provider.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters the result based on cloud account IDs.\n", + "in": "query", + "name": "accountIDs", + "schema": { + "description": "Filters the result based on cloud account IDs.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Scopes the query by resource ID.\n", + "in": "query", + "name": "resourceIDs", + "schema": { + "description": "Scopes the query by resource ID.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Scopes the query by cloud region.\n", + "in": "query", + "name": "region", + "schema": { + "description": "Scopes the query by cloud region.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Retrieves the fields that you need in a report.\nUse the list of fields you want to retrieve. By default, the result shows all fields of data.\n", + "in": "query", + "name": "fields", + "schema": { + "description": "Retrieves the fields that you need in a report.\nUse the list of fields you want to retrieve. By default, the result shows all fields of data.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "IDs are the audit IDs to filter.\n", + "in": "query", + "name": "id", + "schema": { + "description": "IDs are the audit IDs to filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "ProfileIDs are the profile IDs to filter.\n", + "in": "query", + "name": "profileID", + "schema": { + "description": "ProfileIDs are the profile IDs to filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "From is an optional minimum time constraints for the audit.\n", + "in": "query", + "name": "from", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "To is an optional maximum time constraints for the audit.\n", + "in": "query", + "name": "to", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "Time is used to filter by audit time.\n", + "in": "query", + "name": "time", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "ImageNames is the image name filter.\n", + "in": "query", + "name": "imageName", + "schema": { + "description": "ImageNames is the image name filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Containers is the container name filter.\n", + "in": "query", + "name": "container", + "schema": { + "description": "Containers is the container name filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "ContainerID is used to filter by container ID.\n", + "in": "query", + "name": "containerID", + "schema": { + "description": "ContainerID is used to filter by container ID.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "RuleNames is used to filter by rule name.\n", + "in": "query", + "name": "ruleName", + "schema": { + "description": "RuleNames is used to filter by rule name.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Types is used to filter by runtime audit type.\n", + "in": "query", + "name": "type", + "schema": { + "description": "Types is used to filter by runtime audit type.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Effect is used to filter by runtime audit effect (e.g., block/alert).\n", + "in": "query", + "name": "effect", + "schema": { + "description": "Effect is used to filter by runtime audit effect (e.g., block/alert).\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Users is used to filter by host users.\n", + "in": "query", + "name": "user", + "schema": { + "description": "Users is used to filter by host users.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "OS is the image OS distro filter.\n", + "in": "query", + "name": "os", + "schema": { + "description": "OS is the image OS distro filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Namespaces is the namespaces filter.\n", + "in": "query", + "name": "namespace", + "schema": { + "description": "Namespaces is the namespaces filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Clusters is the cluster filter.\n", + "in": "query", + "name": "cluster", + "schema": { + "description": "Clusters is the cluster filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "AttackTypes is used to filter by runtime audit attack type.\n", + "in": "query", + "name": "attackType", + "schema": { + "description": "AttackTypes is used to filter by runtime audit attack type.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Hostname is the hostname filter.\n", + "in": "query", + "name": "hostname", + "schema": { + "description": "Hostname is the hostname filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Message is the audit message text filter.\n", + "in": "query", + "name": "msg", + "schema": { + "description": "Message is the audit message text filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Interactive is the audit interactive filter.\n", + "in": "query", + "name": "interactive", + "schema": { + "description": "Interactive is the audit interactive filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Function is used to filter by function name.\n", + "in": "query", + "name": "function", + "schema": { + "description": "Function is used to filter by function name.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Runtime is used to filter by runtime.\n", + "in": "query", + "name": "runtime", + "schema": { + "description": "Runtime is used to filter by runtime.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "AttackTechniques are the MITRE attack techniques.\n", + "in": "query", + "name": "attackTechniques", + "schema": { + "description": "AttackTechniques are the MITRE attack techniques.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "App is the name constraint of the service that triggered the audit.\n", + "in": "query", + "name": "app", + "schema": { + "description": "App is the name constraint of the service that triggered the audit.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "ProcessPath is the path constraint of the process that triggered the audit.\n", + "in": "query", + "name": "processPath", + "schema": { + "description": "ProcessPath is the path constraint of the process that triggered the audit.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "RequestID is used to filter by request ID.\n", + "in": "query", + "name": "requestID", + "schema": { + "description": "RequestID is used to filter by request ID.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "FunctionID is used to filter by function ID.\n", + "in": "query", + "name": "functionID", + "schema": { + "description": "FunctionID is used to filter by function ID.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Aggregate indicates whether the result audits should be aggregated according to the Select field.\n", + "in": "query", + "name": "aggregate", + "schema": { + "type": "boolean" + } + }, + { + "description": "AppID is used to filter by embedded app or Fargate task that triggered the audit.\n", + "in": "query", + "name": "appID", + "schema": { + "description": "AppID is used to filter by embedded app or Fargate task that triggered the audit.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + } + ], + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/-_shared.RuntimeAudit" + } + } + }, + "description": "" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Audits" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorRuntimeContainers", + "saas": true, + "self-hosted": true + }, + "x-public": true, + "operationId": "get-audits-runtime-container", + "summary": "Get Runtime Container Audit Events" + } + }, + "/api/v30.03/audits/runtime/container/download": { + "get": { + "description": { + "$ref": "https://raw.githubusercontent.com/PaloAltoNetworks/prisma-cloud-docs/master/api/descriptions/audits/runtime_container_download_get.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Number of reports to retrieve in a page.\nFor PCCE, the maximum limit is 250.\nFor PCEE, the maximum limit is 50.\nThe default value is 50.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Retrieves the result for a search term.\n", + "in": "query", + "name": "search", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result using a key.\nRefer to the columns in the relevant Prisma Cloud Compute user interface to use them as sort keys.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": "Filters the result based on collection names that you have defined in Prisma Cloud Compute.\n", + "in": "query", + "name": "collections", + "schema": { + "description": "Filters the result based on collection names that you have defined in Prisma Cloud Compute.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Scopes the query by cloud provider.\n", + "in": "query", + "name": "provider", + "schema": { + "description": "Scopes the query by cloud provider.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters the result based on cloud account IDs.\n", + "in": "query", + "name": "accountIDs", + "schema": { + "description": "Filters the result based on cloud account IDs.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Scopes the query by resource ID.\n", + "in": "query", + "name": "resourceIDs", + "schema": { + "description": "Scopes the query by resource ID.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Scopes the query by cloud region.\n", + "in": "query", + "name": "region", + "schema": { + "description": "Scopes the query by cloud region.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Retrieves the fields that you need in a report.\nUse the list of fields you want to retrieve. By default, the result shows all fields of data.\n", + "in": "query", + "name": "fields", + "schema": { + "description": "Retrieves the fields that you need in a report.\nUse the list of fields you want to retrieve. By default, the result shows all fields of data.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "IDs are the audit IDs to filter.\n", + "in": "query", + "name": "id", + "schema": { + "description": "IDs are the audit IDs to filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "ProfileIDs are the profile IDs to filter.\n", + "in": "query", + "name": "profileID", + "schema": { + "description": "ProfileIDs are the profile IDs to filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "From is an optional minimum time constraints for the audit.\n", + "in": "query", + "name": "from", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "To is an optional maximum time constraints for the audit.\n", + "in": "query", + "name": "to", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "Time is used to filter by audit time.\n", + "in": "query", + "name": "time", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "ImageNames is the image name filter.\n", + "in": "query", + "name": "imageName", + "schema": { + "description": "ImageNames is the image name filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Containers is the container name filter.\n", + "in": "query", + "name": "container", + "schema": { + "description": "Containers is the container name filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "ContainerID is used to filter by container ID.\n", + "in": "query", + "name": "containerID", + "schema": { + "description": "ContainerID is used to filter by container ID.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "RuleNames is used to filter by rule name.\n", + "in": "query", + "name": "ruleName", + "schema": { + "description": "RuleNames is used to filter by rule name.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Types is used to filter by runtime audit type.\n", + "in": "query", + "name": "type", + "schema": { + "description": "Types is used to filter by runtime audit type.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Effect is used to filter by runtime audit effect (e.g., block/alert).\n", + "in": "query", + "name": "effect", + "schema": { + "description": "Effect is used to filter by runtime audit effect (e.g., block/alert).\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Users is used to filter by host users.\n", + "in": "query", + "name": "user", + "schema": { + "description": "Users is used to filter by host users.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "OS is the image OS distro filter.\n", + "in": "query", + "name": "os", + "schema": { + "description": "OS is the image OS distro filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Namespaces is the namespaces filter.\n", + "in": "query", + "name": "namespace", + "schema": { + "description": "Namespaces is the namespaces filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Clusters is the cluster filter.\n", + "in": "query", + "name": "cluster", + "schema": { + "description": "Clusters is the cluster filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "AttackTypes is used to filter by runtime audit attack type.\n", + "in": "query", + "name": "attackType", + "schema": { + "description": "AttackTypes is used to filter by runtime audit attack type.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Hostname is the hostname filter.\n", + "in": "query", + "name": "hostname", + "schema": { + "description": "Hostname is the hostname filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Message is the audit message text filter.\n", + "in": "query", + "name": "msg", + "schema": { + "description": "Message is the audit message text filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Interactive is the audit interactive filter.\n", + "in": "query", + "name": "interactive", + "schema": { + "description": "Interactive is the audit interactive filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Function is used to filter by function name.\n", + "in": "query", + "name": "function", + "schema": { + "description": "Function is used to filter by function name.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Runtime is used to filter by runtime.\n", + "in": "query", + "name": "runtime", + "schema": { + "description": "Runtime is used to filter by runtime.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "AttackTechniques are the MITRE attack techniques.\n", + "in": "query", + "name": "attackTechniques", + "schema": { + "description": "AttackTechniques are the MITRE attack techniques.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "App is the name constraint of the service that triggered the audit.\n", + "in": "query", + "name": "app", + "schema": { + "description": "App is the name constraint of the service that triggered the audit.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "ProcessPath is the path constraint of the process that triggered the audit.\n", + "in": "query", + "name": "processPath", + "schema": { + "description": "ProcessPath is the path constraint of the process that triggered the audit.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "RequestID is used to filter by request ID.\n", + "in": "query", + "name": "requestID", + "schema": { + "description": "RequestID is used to filter by request ID.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "FunctionID is used to filter by function ID.\n", + "in": "query", + "name": "functionID", + "schema": { + "description": "FunctionID is used to filter by function ID.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Aggregate indicates whether the result audits should be aggregated according to the Select field.\n", + "in": "query", + "name": "aggregate", + "schema": { + "type": "boolean" + } + }, + { + "description": "AppID is used to filter by embedded app or Fargate task that triggered the audit.\n", + "in": "query", + "name": "appID", + "schema": { + "description": "AppID is used to filter by embedded app or Fargate task that triggered the audit.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + } + ], + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Audits" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorRuntimeContainers", + "saas": true, + "self-hosted": true + }, + "x-public": true, + "operationId": "get-audits-runtime-container-download", + "summary": "Download Runtime Container Audit Events" + } + }, + "/api/v30.03/audits/runtime/container/timeslice": { + "get": { + "description": { + "$ref": "https://raw.githubusercontent.com/PaloAltoNetworks/prisma-cloud-docs/master/api/descriptions/audits/runtime_container_timeslice_get.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Number of reports to retrieve in a page.\nFor PCCE, the maximum limit is 250.\nFor PCEE, the maximum limit is 50.\nThe default value is 50.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Retrieves the result for a search term.\n", + "in": "query", + "name": "search", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result using a key.\nRefer to the columns in the relevant Prisma Cloud Compute user interface to use them as sort keys.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": "Filters the result based on collection names that you have defined in Prisma Cloud Compute.\n", + "in": "query", + "name": "collections", + "schema": { + "description": "Filters the result based on collection names that you have defined in Prisma Cloud Compute.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Scopes the query by cloud provider.\n", + "in": "query", + "name": "provider", + "schema": { + "description": "Scopes the query by cloud provider.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters the result based on cloud account IDs.\n", + "in": "query", + "name": "accountIDs", + "schema": { + "description": "Filters the result based on cloud account IDs.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Scopes the query by resource ID.\n", + "in": "query", + "name": "resourceIDs", + "schema": { + "description": "Scopes the query by resource ID.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Scopes the query by cloud region.\n", + "in": "query", + "name": "region", + "schema": { + "description": "Scopes the query by cloud region.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Retrieves the fields that you need in a report.\nUse the list of fields you want to retrieve. By default, the result shows all fields of data.\n", + "in": "query", + "name": "fields", + "schema": { + "description": "Retrieves the fields that you need in a report.\nUse the list of fields you want to retrieve. By default, the result shows all fields of data.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "IDs are the audit IDs to filter.\n", + "in": "query", + "name": "id", + "schema": { + "description": "IDs are the audit IDs to filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "ProfileIDs are the profile IDs to filter.\n", + "in": "query", + "name": "profileID", + "schema": { + "description": "ProfileIDs are the profile IDs to filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "From is an optional minimum time constraints for the audit.\n", + "in": "query", + "name": "from", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "To is an optional maximum time constraints for the audit.\n", + "in": "query", + "name": "to", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "Time is used to filter by audit time.\n", + "in": "query", + "name": "time", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "ImageNames is the image name filter.\n", + "in": "query", + "name": "imageName", + "schema": { + "description": "ImageNames is the image name filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Containers is the container name filter.\n", + "in": "query", + "name": "container", + "schema": { + "description": "Containers is the container name filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "ContainerID is used to filter by container ID.\n", + "in": "query", + "name": "containerID", + "schema": { + "description": "ContainerID is used to filter by container ID.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "RuleNames is used to filter by rule name.\n", + "in": "query", + "name": "ruleName", + "schema": { + "description": "RuleNames is used to filter by rule name.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Types is used to filter by runtime audit type.\n", + "in": "query", + "name": "type", + "schema": { + "description": "Types is used to filter by runtime audit type.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Effect is used to filter by runtime audit effect (e.g., block/alert).\n", + "in": "query", + "name": "effect", + "schema": { + "description": "Effect is used to filter by runtime audit effect (e.g., block/alert).\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Users is used to filter by host users.\n", + "in": "query", + "name": "user", + "schema": { + "description": "Users is used to filter by host users.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "OS is the image OS distro filter.\n", + "in": "query", + "name": "os", + "schema": { + "description": "OS is the image OS distro filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Namespaces is the namespaces filter.\n", + "in": "query", + "name": "namespace", + "schema": { + "description": "Namespaces is the namespaces filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Clusters is the cluster filter.\n", + "in": "query", + "name": "cluster", + "schema": { + "description": "Clusters is the cluster filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "AttackTypes is used to filter by runtime audit attack type.\n", + "in": "query", + "name": "attackType", + "schema": { + "description": "AttackTypes is used to filter by runtime audit attack type.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Hostname is the hostname filter.\n", + "in": "query", + "name": "hostname", + "schema": { + "description": "Hostname is the hostname filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Message is the audit message text filter.\n", + "in": "query", + "name": "msg", + "schema": { + "description": "Message is the audit message text filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Interactive is the audit interactive filter.\n", + "in": "query", + "name": "interactive", + "schema": { + "description": "Interactive is the audit interactive filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Function is used to filter by function name.\n", + "in": "query", + "name": "function", + "schema": { + "description": "Function is used to filter by function name.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Runtime is used to filter by runtime.\n", + "in": "query", + "name": "runtime", + "schema": { + "description": "Runtime is used to filter by runtime.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "AttackTechniques are the MITRE attack techniques.\n", + "in": "query", + "name": "attackTechniques", + "schema": { + "description": "AttackTechniques are the MITRE attack techniques.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "App is the name constraint of the service that triggered the audit.\n", + "in": "query", + "name": "app", + "schema": { + "description": "App is the name constraint of the service that triggered the audit.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "ProcessPath is the path constraint of the process that triggered the audit.\n", + "in": "query", + "name": "processPath", + "schema": { + "description": "ProcessPath is the path constraint of the process that triggered the audit.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "RequestID is used to filter by request ID.\n", + "in": "query", + "name": "requestID", + "schema": { + "description": "RequestID is used to filter by request ID.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "FunctionID is used to filter by function ID.\n", + "in": "query", + "name": "functionID", + "schema": { + "description": "FunctionID is used to filter by function ID.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Aggregate indicates whether the result audits should be aggregated according to the Select field.\n", + "in": "query", + "name": "aggregate", + "schema": { + "type": "boolean" + } + }, + { + "description": "AppID is used to filter by embedded app or Fargate task that triggered the audit.\n", + "in": "query", + "name": "appID", + "schema": { + "description": "AppID is used to filter by embedded app or Fargate task that triggered the audit.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Buckets is the number of buckets to return.\n", + "in": "query", + "name": "buckets", + "schema": { + "type": "integer" + } + } + ], + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/-_types.AuditTimeslice" + } + } + }, + "description": "" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Audits" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorRuntimeContainers", + "saas": true, + "self-hosted": true + }, + "x-public": true, + "operationId": "get-audits-runtime-container-timeslice", + "summary": "Get Runtime Container Audit Events for a Timeframe" + } + }, + "/api/v30.03/audits/runtime/file-integrity": { + "get": { + "description": { + "$ref": "https://raw.githubusercontent.com/PaloAltoNetworks/prisma-cloud-docs/master/api/descriptions/audits/runtime_file-integrity_get.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Number of reports to retrieve in a page.\nFor PCCE, the maximum limit is 250.\nFor PCEE, the maximum limit is 50.\nThe default value is 50.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Retrieves the result for a search term.\n", + "in": "query", + "name": "search", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result using a key.\nRefer to the columns in the relevant Prisma Cloud Compute user interface to use them as sort keys.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": "Filters the result based on collection names that you have defined in Prisma Cloud Compute.\n", + "in": "query", + "name": "collections", + "schema": { + "description": "Filters the result based on collection names that you have defined in Prisma Cloud Compute.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Scopes the query by cloud provider.\n", + "in": "query", + "name": "provider", + "schema": { + "description": "Scopes the query by cloud provider.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters the result based on cloud account IDs.\n", + "in": "query", + "name": "accountIDs", + "schema": { + "description": "Filters the result based on cloud account IDs.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Scopes the query by resource ID.\n", + "in": "query", + "name": "resourceIDs", + "schema": { + "description": "Scopes the query by resource ID.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Scopes the query by cloud region.\n", + "in": "query", + "name": "region", + "schema": { + "description": "Scopes the query by cloud region.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Retrieves the fields that you need in a report.\nUse the list of fields you want to retrieve. By default, the result shows all fields of data.\n", + "in": "query", + "name": "fields", + "schema": { + "description": "Retrieves the fields that you need in a report.\nUse the list of fields you want to retrieve. By default, the result shows all fields of data.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "IDs is the list of IDs to use for filtering.\n", + "in": "query", + "name": "id", + "schema": { + "description": "IDs is the list of IDs to use for filtering.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "From is an optional minimum time constraints for the event.\n", + "in": "query", + "name": "from", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "To is an optional maximum time constraints for the event.\n", + "in": "query", + "name": "to", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "Hosts is the list of hosts to use for filtering.\n", + "in": "query", + "name": "hostname", + "schema": { + "description": "Hosts is the list of hosts to use for filtering.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Paths is the list of paths to use for filtering.\n", + "in": "query", + "name": "path", + "schema": { + "description": "Paths is the list of paths to use for filtering.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "EventTypes is the list of file intergrity events to use for filtering.\n", + "in": "query", + "name": "eventType", + "schema": { + "description": "EventTypes is the list of file intergrity events to use for filtering.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Clusters is the cluster filter.\n", + "in": "query", + "name": "cluster", + "schema": { + "description": "Clusters is the cluster filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + } + ], + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/-_shared.FileIntegrityEvent" + } + } + }, + "description": "" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Audits" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorRuntimeHosts", + "saas": true, + "self-hosted": true + }, + "x-public": true, + "operationId": "get-audits-runtime-file-integrity", + "summary": "Get Runtime File Integrity Audit Events" + } + }, + "/api/v30.03/audits/runtime/file-integrity/download": { + "get": { + "description": { + "$ref": "https://raw.githubusercontent.com/PaloAltoNetworks/prisma-cloud-docs/master/api/descriptions/audits/runtime_file-integrity_download_get.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Number of reports to retrieve in a page.\nFor PCCE, the maximum limit is 250.\nFor PCEE, the maximum limit is 50.\nThe default value is 50.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Retrieves the result for a search term.\n", + "in": "query", + "name": "search", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result using a key.\nRefer to the columns in the relevant Prisma Cloud Compute user interface to use them as sort keys.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": "Filters the result based on collection names that you have defined in Prisma Cloud Compute.\n", + "in": "query", + "name": "collections", + "schema": { + "description": "Filters the result based on collection names that you have defined in Prisma Cloud Compute.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Scopes the query by cloud provider.\n", + "in": "query", + "name": "provider", + "schema": { + "description": "Scopes the query by cloud provider.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters the result based on cloud account IDs.\n", + "in": "query", + "name": "accountIDs", + "schema": { + "description": "Filters the result based on cloud account IDs.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Scopes the query by resource ID.\n", + "in": "query", + "name": "resourceIDs", + "schema": { + "description": "Scopes the query by resource ID.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Scopes the query by cloud region.\n", + "in": "query", + "name": "region", + "schema": { + "description": "Scopes the query by cloud region.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Retrieves the fields that you need in a report.\nUse the list of fields you want to retrieve. By default, the result shows all fields of data.\n", + "in": "query", + "name": "fields", + "schema": { + "description": "Retrieves the fields that you need in a report.\nUse the list of fields you want to retrieve. By default, the result shows all fields of data.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "IDs is the list of IDs to use for filtering.\n", + "in": "query", + "name": "id", + "schema": { + "description": "IDs is the list of IDs to use for filtering.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "From is an optional minimum time constraints for the event.\n", + "in": "query", + "name": "from", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "To is an optional maximum time constraints for the event.\n", + "in": "query", + "name": "to", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "Hosts is the list of hosts to use for filtering.\n", + "in": "query", + "name": "hostname", + "schema": { + "description": "Hosts is the list of hosts to use for filtering.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Paths is the list of paths to use for filtering.\n", + "in": "query", + "name": "path", + "schema": { + "description": "Paths is the list of paths to use for filtering.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "EventTypes is the list of file intergrity events to use for filtering.\n", + "in": "query", + "name": "eventType", + "schema": { + "description": "EventTypes is the list of file intergrity events to use for filtering.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Clusters is the cluster filter.\n", + "in": "query", + "name": "cluster", + "schema": { + "description": "Clusters is the cluster filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + } + ], + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Audits" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorRuntimeHosts", + "saas": true, + "self-hosted": true + }, + "x-public": true, + "operationId": "get-audits-runtime-file-integrity-download", + "summary": "Download Runtime File Integrity Audit Events" + } + }, + "/api/v30.03/audits/runtime/host": { + "get": { + "description": { + "$ref": "https://raw.githubusercontent.com/PaloAltoNetworks/prisma-cloud-docs/master/api/descriptions/audits/runtime_host_get.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Number of reports to retrieve in a page.\nFor PCCE, the maximum limit is 250.\nFor PCEE, the maximum limit is 50.\nThe default value is 50.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Retrieves the result for a search term.\n", + "in": "query", + "name": "search", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result using a key.\nRefer to the columns in the relevant Prisma Cloud Compute user interface to use them as sort keys.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": "Filters the result based on collection names that you have defined in Prisma Cloud Compute.\n", + "in": "query", + "name": "collections", + "schema": { + "description": "Filters the result based on collection names that you have defined in Prisma Cloud Compute.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Scopes the query by cloud provider.\n", + "in": "query", + "name": "provider", + "schema": { + "description": "Scopes the query by cloud provider.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters the result based on cloud account IDs.\n", + "in": "query", + "name": "accountIDs", + "schema": { + "description": "Filters the result based on cloud account IDs.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Scopes the query by resource ID.\n", + "in": "query", + "name": "resourceIDs", + "schema": { + "description": "Scopes the query by resource ID.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Scopes the query by cloud region.\n", + "in": "query", + "name": "region", + "schema": { + "description": "Scopes the query by cloud region.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Retrieves the fields that you need in a report.\nUse the list of fields you want to retrieve. By default, the result shows all fields of data.\n", + "in": "query", + "name": "fields", + "schema": { + "description": "Retrieves the fields that you need in a report.\nUse the list of fields you want to retrieve. By default, the result shows all fields of data.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "IDs are the audit IDs to filter.\n", + "in": "query", + "name": "id", + "schema": { + "description": "IDs are the audit IDs to filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "ProfileIDs are the profile IDs to filter.\n", + "in": "query", + "name": "profileID", + "schema": { + "description": "ProfileIDs are the profile IDs to filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "From is an optional minimum time constraints for the audit.\n", + "in": "query", + "name": "from", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "To is an optional maximum time constraints for the audit.\n", + "in": "query", + "name": "to", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "Time is used to filter by audit time.\n", + "in": "query", + "name": "time", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "ImageNames is the image name filter.\n", + "in": "query", + "name": "imageName", + "schema": { + "description": "ImageNames is the image name filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Containers is the container name filter.\n", + "in": "query", + "name": "container", + "schema": { + "description": "Containers is the container name filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "ContainerID is used to filter by container ID.\n", + "in": "query", + "name": "containerID", + "schema": { + "description": "ContainerID is used to filter by container ID.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "RuleNames is used to filter by rule name.\n", + "in": "query", + "name": "ruleName", + "schema": { + "description": "RuleNames is used to filter by rule name.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Types is used to filter by runtime audit type.\n", + "in": "query", + "name": "type", + "schema": { + "description": "Types is used to filter by runtime audit type.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Effect is used to filter by runtime audit effect (e.g., block/alert).\n", + "in": "query", + "name": "effect", + "schema": { + "description": "Effect is used to filter by runtime audit effect (e.g., block/alert).\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Users is used to filter by host users.\n", + "in": "query", + "name": "user", + "schema": { + "description": "Users is used to filter by host users.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "OS is the image OS distro filter.\n", + "in": "query", + "name": "os", + "schema": { + "description": "OS is the image OS distro filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Namespaces is the namespaces filter.\n", + "in": "query", + "name": "namespace", + "schema": { + "description": "Namespaces is the namespaces filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Clusters is the cluster filter.\n", + "in": "query", + "name": "cluster", + "schema": { + "description": "Clusters is the cluster filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "AttackTypes is used to filter by runtime audit attack type.\n", + "in": "query", + "name": "attackType", + "schema": { + "description": "AttackTypes is used to filter by runtime audit attack type.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Hostname is the hostname filter.\n", + "in": "query", + "name": "hostname", + "schema": { + "description": "Hostname is the hostname filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Message is the audit message text filter.\n", + "in": "query", + "name": "msg", + "schema": { + "description": "Message is the audit message text filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Interactive is the audit interactive filter.\n", + "in": "query", + "name": "interactive", + "schema": { + "description": "Interactive is the audit interactive filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Function is used to filter by function name.\n", + "in": "query", + "name": "function", + "schema": { + "description": "Function is used to filter by function name.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Runtime is used to filter by runtime.\n", + "in": "query", + "name": "runtime", + "schema": { + "description": "Runtime is used to filter by runtime.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "AttackTechniques are the MITRE attack techniques.\n", + "in": "query", + "name": "attackTechniques", + "schema": { + "description": "AttackTechniques are the MITRE attack techniques.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "App is the name constraint of the service that triggered the audit.\n", + "in": "query", + "name": "app", + "schema": { + "description": "App is the name constraint of the service that triggered the audit.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "ProcessPath is the path constraint of the process that triggered the audit.\n", + "in": "query", + "name": "processPath", + "schema": { + "description": "ProcessPath is the path constraint of the process that triggered the audit.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "RequestID is used to filter by request ID.\n", + "in": "query", + "name": "requestID", + "schema": { + "description": "RequestID is used to filter by request ID.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "FunctionID is used to filter by function ID.\n", + "in": "query", + "name": "functionID", + "schema": { + "description": "FunctionID is used to filter by function ID.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Aggregate indicates whether the result audits should be aggregated according to the Select field.\n", + "in": "query", + "name": "aggregate", + "schema": { + "type": "boolean" + } + }, + { + "description": "AppID is used to filter by embedded app or Fargate task that triggered the audit.\n", + "in": "query", + "name": "appID", + "schema": { + "description": "AppID is used to filter by embedded app or Fargate task that triggered the audit.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + } + ], + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/-_shared.RuntimeAudit" + } + } + }, + "description": "" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Audits" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorRuntimeHosts", + "saas": true, + "self-hosted": true + }, + "x-public": true, + "operationId": "get-audits-runtime-host", + "summary": "Get Runtime Host Audit Events" + } + }, + "/api/v30.03/audits/runtime/host/download": { + "get": { + "description": { + "$ref": "https://raw.githubusercontent.com/PaloAltoNetworks/prisma-cloud-docs/master/api/descriptions/audits/runtime_host_download_get.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Number of reports to retrieve in a page.\nFor PCCE, the maximum limit is 250.\nFor PCEE, the maximum limit is 50.\nThe default value is 50.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Retrieves the result for a search term.\n", + "in": "query", + "name": "search", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result using a key.\nRefer to the columns in the relevant Prisma Cloud Compute user interface to use them as sort keys.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": "Filters the result based on collection names that you have defined in Prisma Cloud Compute.\n", + "in": "query", + "name": "collections", + "schema": { + "description": "Filters the result based on collection names that you have defined in Prisma Cloud Compute.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Scopes the query by cloud provider.\n", + "in": "query", + "name": "provider", + "schema": { + "description": "Scopes the query by cloud provider.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters the result based on cloud account IDs.\n", + "in": "query", + "name": "accountIDs", + "schema": { + "description": "Filters the result based on cloud account IDs.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Scopes the query by resource ID.\n", + "in": "query", + "name": "resourceIDs", + "schema": { + "description": "Scopes the query by resource ID.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Scopes the query by cloud region.\n", + "in": "query", + "name": "region", + "schema": { + "description": "Scopes the query by cloud region.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Retrieves the fields that you need in a report.\nUse the list of fields you want to retrieve. By default, the result shows all fields of data.\n", + "in": "query", + "name": "fields", + "schema": { + "description": "Retrieves the fields that you need in a report.\nUse the list of fields you want to retrieve. By default, the result shows all fields of data.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "IDs are the audit IDs to filter.\n", + "in": "query", + "name": "id", + "schema": { + "description": "IDs are the audit IDs to filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "ProfileIDs are the profile IDs to filter.\n", + "in": "query", + "name": "profileID", + "schema": { + "description": "ProfileIDs are the profile IDs to filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "From is an optional minimum time constraints for the audit.\n", + "in": "query", + "name": "from", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "To is an optional maximum time constraints for the audit.\n", + "in": "query", + "name": "to", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "Time is used to filter by audit time.\n", + "in": "query", + "name": "time", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "ImageNames is the image name filter.\n", + "in": "query", + "name": "imageName", + "schema": { + "description": "ImageNames is the image name filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Containers is the container name filter.\n", + "in": "query", + "name": "container", + "schema": { + "description": "Containers is the container name filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "ContainerID is used to filter by container ID.\n", + "in": "query", + "name": "containerID", + "schema": { + "description": "ContainerID is used to filter by container ID.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "RuleNames is used to filter by rule name.\n", + "in": "query", + "name": "ruleName", + "schema": { + "description": "RuleNames is used to filter by rule name.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Types is used to filter by runtime audit type.\n", + "in": "query", + "name": "type", + "schema": { + "description": "Types is used to filter by runtime audit type.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Effect is used to filter by runtime audit effect (e.g., block/alert).\n", + "in": "query", + "name": "effect", + "schema": { + "description": "Effect is used to filter by runtime audit effect (e.g., block/alert).\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Users is used to filter by host users.\n", + "in": "query", + "name": "user", + "schema": { + "description": "Users is used to filter by host users.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "OS is the image OS distro filter.\n", + "in": "query", + "name": "os", + "schema": { + "description": "OS is the image OS distro filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Namespaces is the namespaces filter.\n", + "in": "query", + "name": "namespace", + "schema": { + "description": "Namespaces is the namespaces filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Clusters is the cluster filter.\n", + "in": "query", + "name": "cluster", + "schema": { + "description": "Clusters is the cluster filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "AttackTypes is used to filter by runtime audit attack type.\n", + "in": "query", + "name": "attackType", + "schema": { + "description": "AttackTypes is used to filter by runtime audit attack type.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Hostname is the hostname filter.\n", + "in": "query", + "name": "hostname", + "schema": { + "description": "Hostname is the hostname filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Message is the audit message text filter.\n", + "in": "query", + "name": "msg", + "schema": { + "description": "Message is the audit message text filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Interactive is the audit interactive filter.\n", + "in": "query", + "name": "interactive", + "schema": { + "description": "Interactive is the audit interactive filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Function is used to filter by function name.\n", + "in": "query", + "name": "function", + "schema": { + "description": "Function is used to filter by function name.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Runtime is used to filter by runtime.\n", + "in": "query", + "name": "runtime", + "schema": { + "description": "Runtime is used to filter by runtime.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "AttackTechniques are the MITRE attack techniques.\n", + "in": "query", + "name": "attackTechniques", + "schema": { + "description": "AttackTechniques are the MITRE attack techniques.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "App is the name constraint of the service that triggered the audit.\n", + "in": "query", + "name": "app", + "schema": { + "description": "App is the name constraint of the service that triggered the audit.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "ProcessPath is the path constraint of the process that triggered the audit.\n", + "in": "query", + "name": "processPath", + "schema": { + "description": "ProcessPath is the path constraint of the process that triggered the audit.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "RequestID is used to filter by request ID.\n", + "in": "query", + "name": "requestID", + "schema": { + "description": "RequestID is used to filter by request ID.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "FunctionID is used to filter by function ID.\n", + "in": "query", + "name": "functionID", + "schema": { + "description": "FunctionID is used to filter by function ID.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Aggregate indicates whether the result audits should be aggregated according to the Select field.\n", + "in": "query", + "name": "aggregate", + "schema": { + "type": "boolean" + } + }, + { + "description": "AppID is used to filter by embedded app or Fargate task that triggered the audit.\n", + "in": "query", + "name": "appID", + "schema": { + "description": "AppID is used to filter by embedded app or Fargate task that triggered the audit.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + } + ], + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Audits" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorRuntimeHosts", + "saas": true, + "self-hosted": true + }, + "x-public": true, + "operationId": "get-audits-runtime-host-download", + "summary": "Download Runtime Host Audit Events" + } + }, + "/api/v30.03/audits/runtime/host/timeslice": { + "get": { + "description": { + "$ref": "https://raw.githubusercontent.com/PaloAltoNetworks/prisma-cloud-docs/master/api/descriptions/audits/runtime_host_timeslice_get.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Number of reports to retrieve in a page.\nFor PCCE, the maximum limit is 250.\nFor PCEE, the maximum limit is 50.\nThe default value is 50.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Retrieves the result for a search term.\n", + "in": "query", + "name": "search", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result using a key.\nRefer to the columns in the relevant Prisma Cloud Compute user interface to use them as sort keys.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": "Filters the result based on collection names that you have defined in Prisma Cloud Compute.\n", + "in": "query", + "name": "collections", + "schema": { + "description": "Filters the result based on collection names that you have defined in Prisma Cloud Compute.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Scopes the query by cloud provider.\n", + "in": "query", + "name": "provider", + "schema": { + "description": "Scopes the query by cloud provider.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters the result based on cloud account IDs.\n", + "in": "query", + "name": "accountIDs", + "schema": { + "description": "Filters the result based on cloud account IDs.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Scopes the query by resource ID.\n", + "in": "query", + "name": "resourceIDs", + "schema": { + "description": "Scopes the query by resource ID.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Scopes the query by cloud region.\n", + "in": "query", + "name": "region", + "schema": { + "description": "Scopes the query by cloud region.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Retrieves the fields that you need in a report.\nUse the list of fields you want to retrieve. By default, the result shows all fields of data.\n", + "in": "query", + "name": "fields", + "schema": { + "description": "Retrieves the fields that you need in a report.\nUse the list of fields you want to retrieve. By default, the result shows all fields of data.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "IDs are the audit IDs to filter.\n", + "in": "query", + "name": "id", + "schema": { + "description": "IDs are the audit IDs to filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "ProfileIDs are the profile IDs to filter.\n", + "in": "query", + "name": "profileID", + "schema": { + "description": "ProfileIDs are the profile IDs to filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "From is an optional minimum time constraints for the audit.\n", + "in": "query", + "name": "from", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "To is an optional maximum time constraints for the audit.\n", + "in": "query", + "name": "to", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "Time is used to filter by audit time.\n", + "in": "query", + "name": "time", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "ImageNames is the image name filter.\n", + "in": "query", + "name": "imageName", + "schema": { + "description": "ImageNames is the image name filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Containers is the container name filter.\n", + "in": "query", + "name": "container", + "schema": { + "description": "Containers is the container name filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "ContainerID is used to filter by container ID.\n", + "in": "query", + "name": "containerID", + "schema": { + "description": "ContainerID is used to filter by container ID.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "RuleNames is used to filter by rule name.\n", + "in": "query", + "name": "ruleName", + "schema": { + "description": "RuleNames is used to filter by rule name.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Types is used to filter by runtime audit type.\n", + "in": "query", + "name": "type", + "schema": { + "description": "Types is used to filter by runtime audit type.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Effect is used to filter by runtime audit effect (e.g., block/alert).\n", + "in": "query", + "name": "effect", + "schema": { + "description": "Effect is used to filter by runtime audit effect (e.g., block/alert).\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Users is used to filter by host users.\n", + "in": "query", + "name": "user", + "schema": { + "description": "Users is used to filter by host users.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "OS is the image OS distro filter.\n", + "in": "query", + "name": "os", + "schema": { + "description": "OS is the image OS distro filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Namespaces is the namespaces filter.\n", + "in": "query", + "name": "namespace", + "schema": { + "description": "Namespaces is the namespaces filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Clusters is the cluster filter.\n", + "in": "query", + "name": "cluster", + "schema": { + "description": "Clusters is the cluster filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "AttackTypes is used to filter by runtime audit attack type.\n", + "in": "query", + "name": "attackType", + "schema": { + "description": "AttackTypes is used to filter by runtime audit attack type.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Hostname is the hostname filter.\n", + "in": "query", + "name": "hostname", + "schema": { + "description": "Hostname is the hostname filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Message is the audit message text filter.\n", + "in": "query", + "name": "msg", + "schema": { + "description": "Message is the audit message text filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Interactive is the audit interactive filter.\n", + "in": "query", + "name": "interactive", + "schema": { + "description": "Interactive is the audit interactive filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Function is used to filter by function name.\n", + "in": "query", + "name": "function", + "schema": { + "description": "Function is used to filter by function name.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Runtime is used to filter by runtime.\n", + "in": "query", + "name": "runtime", + "schema": { + "description": "Runtime is used to filter by runtime.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "AttackTechniques are the MITRE attack techniques.\n", + "in": "query", + "name": "attackTechniques", + "schema": { + "description": "AttackTechniques are the MITRE attack techniques.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "App is the name constraint of the service that triggered the audit.\n", + "in": "query", + "name": "app", + "schema": { + "description": "App is the name constraint of the service that triggered the audit.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "ProcessPath is the path constraint of the process that triggered the audit.\n", + "in": "query", + "name": "processPath", + "schema": { + "description": "ProcessPath is the path constraint of the process that triggered the audit.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "RequestID is used to filter by request ID.\n", + "in": "query", + "name": "requestID", + "schema": { + "description": "RequestID is used to filter by request ID.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "FunctionID is used to filter by function ID.\n", + "in": "query", + "name": "functionID", + "schema": { + "description": "FunctionID is used to filter by function ID.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Aggregate indicates whether the result audits should be aggregated according to the Select field.\n", + "in": "query", + "name": "aggregate", + "schema": { + "type": "boolean" + } + }, + { + "description": "AppID is used to filter by embedded app or Fargate task that triggered the audit.\n", + "in": "query", + "name": "appID", + "schema": { + "description": "AppID is used to filter by embedded app or Fargate task that triggered the audit.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Buckets is the number of buckets to return.\n", + "in": "query", + "name": "buckets", + "schema": { + "type": "integer" + } + } + ], + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/-_types.AuditTimeslice" + } + } + }, + "description": "" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Audits" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorRuntimeHosts", + "saas": true, + "self-hosted": true + }, + "x-public": true, + "operationId": "get-audits-runtime-host-timeslice", + "summary": "Get Runtime Host Audit Events for a Timeframe" + } + }, + "/api/v30.03/audits/runtime/log-inspection": { + "get": { + "description": { + "$ref": "https://raw.githubusercontent.com/PaloAltoNetworks/prisma-cloud-docs/master/api/descriptions/audits/runtime_log-inspection_get.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Number of reports to retrieve in a page.\nFor PCCE, the maximum limit is 250.\nFor PCEE, the maximum limit is 50.\nThe default value is 50.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Retrieves the result for a search term.\n", + "in": "query", + "name": "search", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result using a key.\nRefer to the columns in the relevant Prisma Cloud Compute user interface to use them as sort keys.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": "Filters the result based on collection names that you have defined in Prisma Cloud Compute.\n", + "in": "query", + "name": "collections", + "schema": { + "description": "Filters the result based on collection names that you have defined in Prisma Cloud Compute.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Scopes the query by cloud provider.\n", + "in": "query", + "name": "provider", + "schema": { + "description": "Scopes the query by cloud provider.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters the result based on cloud account IDs.\n", + "in": "query", + "name": "accountIDs", + "schema": { + "description": "Filters the result based on cloud account IDs.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Scopes the query by resource ID.\n", + "in": "query", + "name": "resourceIDs", + "schema": { + "description": "Scopes the query by resource ID.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Scopes the query by cloud region.\n", + "in": "query", + "name": "region", + "schema": { + "description": "Scopes the query by cloud region.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Retrieves the fields that you need in a report.\nUse the list of fields you want to retrieve. By default, the result shows all fields of data.\n", + "in": "query", + "name": "fields", + "schema": { + "description": "Retrieves the fields that you need in a report.\nUse the list of fields you want to retrieve. By default, the result shows all fields of data.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "IDs is the list of IDs to use for filtering.\n", + "in": "query", + "name": "id", + "schema": { + "description": "IDs is the list of IDs to use for filtering.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "From is an optional minimum time constraints for the event.\n", + "in": "query", + "name": "from", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "To is an optional maximum time constraints for the event.\n", + "in": "query", + "name": "to", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "Hosts is the list of hosts to use for filtering.\n", + "in": "query", + "name": "hostname", + "schema": { + "description": "Hosts is the list of hosts to use for filtering.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Logfiles is the list of log files to use for filtering.\n", + "in": "query", + "name": "logfile", + "schema": { + "description": "Logfiles is the list of log files to use for filtering.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Clusters is the cluster filter.\n", + "in": "query", + "name": "cluster", + "schema": { + "description": "Clusters is the cluster filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + } + ], + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/-_shared.LogInspectionEvent" + } + } + }, + "description": "" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Audits" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorRuntimeHosts", + "saas": true, + "self-hosted": true + }, + "x-public": true, + "operationId": "get-audits-runtime-log-inspection", + "summary": "Get Runtime Log Inspection Audit Events" + } + }, + "/api/v30.03/audits/runtime/log-inspection/download": { + "get": { + "description": { + "$ref": "https://raw.githubusercontent.com/PaloAltoNetworks/prisma-cloud-docs/master/api/descriptions/audits/runtime_log-inspection_download_get.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Number of reports to retrieve in a page.\nFor PCCE, the maximum limit is 250.\nFor PCEE, the maximum limit is 50.\nThe default value is 50.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Retrieves the result for a search term.\n", + "in": "query", + "name": "search", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result using a key.\nRefer to the columns in the relevant Prisma Cloud Compute user interface to use them as sort keys.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": "Filters the result based on collection names that you have defined in Prisma Cloud Compute.\n", + "in": "query", + "name": "collections", + "schema": { + "description": "Filters the result based on collection names that you have defined in Prisma Cloud Compute.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Scopes the query by cloud provider.\n", + "in": "query", + "name": "provider", + "schema": { + "description": "Scopes the query by cloud provider.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters the result based on cloud account IDs.\n", + "in": "query", + "name": "accountIDs", + "schema": { + "description": "Filters the result based on cloud account IDs.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Scopes the query by resource ID.\n", + "in": "query", + "name": "resourceIDs", + "schema": { + "description": "Scopes the query by resource ID.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Scopes the query by cloud region.\n", + "in": "query", + "name": "region", + "schema": { + "description": "Scopes the query by cloud region.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Retrieves the fields that you need in a report.\nUse the list of fields you want to retrieve. By default, the result shows all fields of data.\n", + "in": "query", + "name": "fields", + "schema": { + "description": "Retrieves the fields that you need in a report.\nUse the list of fields you want to retrieve. By default, the result shows all fields of data.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "IDs is the list of IDs to use for filtering.\n", + "in": "query", + "name": "id", + "schema": { + "description": "IDs is the list of IDs to use for filtering.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "From is an optional minimum time constraints for the event.\n", + "in": "query", + "name": "from", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "To is an optional maximum time constraints for the event.\n", + "in": "query", + "name": "to", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "Hosts is the list of hosts to use for filtering.\n", + "in": "query", + "name": "hostname", + "schema": { + "description": "Hosts is the list of hosts to use for filtering.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Logfiles is the list of log files to use for filtering.\n", + "in": "query", + "name": "logfile", + "schema": { + "description": "Logfiles is the list of log files to use for filtering.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Clusters is the cluster filter.\n", + "in": "query", + "name": "cluster", + "schema": { + "description": "Clusters is the cluster filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + } + ], + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Audits" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorRuntimeHosts", + "saas": true, + "self-hosted": true + }, + "x-public": true, + "operationId": "get-audits-runtime-log-inspection-download", + "summary": "Download Runtime Log Inspection Audit Events" + } + }, + "/api/v30.03/audits/runtime/serverless": { + "get": { + "description": { + "$ref": "https://raw.githubusercontent.com/PaloAltoNetworks/prisma-cloud-docs/master/api/descriptions/audits/runtime_serverless_get.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Number of reports to retrieve in a page.\nFor PCCE, the maximum limit is 250.\nFor PCEE, the maximum limit is 50.\nThe default value is 50.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Retrieves the result for a search term.\n", + "in": "query", + "name": "search", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result using a key.\nRefer to the columns in the relevant Prisma Cloud Compute user interface to use them as sort keys.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": "Filters the result based on collection names that you have defined in Prisma Cloud Compute.\n", + "in": "query", + "name": "collections", + "schema": { + "description": "Filters the result based on collection names that you have defined in Prisma Cloud Compute.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Scopes the query by cloud provider.\n", + "in": "query", + "name": "provider", + "schema": { + "description": "Scopes the query by cloud provider.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters the result based on cloud account IDs.\n", + "in": "query", + "name": "accountIDs", + "schema": { + "description": "Filters the result based on cloud account IDs.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Scopes the query by resource ID.\n", + "in": "query", + "name": "resourceIDs", + "schema": { + "description": "Scopes the query by resource ID.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Scopes the query by cloud region.\n", + "in": "query", + "name": "region", + "schema": { + "description": "Scopes the query by cloud region.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Retrieves the fields that you need in a report.\nUse the list of fields you want to retrieve. By default, the result shows all fields of data.\n", + "in": "query", + "name": "fields", + "schema": { + "description": "Retrieves the fields that you need in a report.\nUse the list of fields you want to retrieve. By default, the result shows all fields of data.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "ProfileIDs are the profile ids to filter.\n", + "in": "query", + "name": "profileID", + "schema": { + "description": "ProfileIDs are the profile ids to filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "From is an optional minimum time constraints for the audit.\n", + "in": "query", + "name": "from", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "To is an optional maximum time constraints for the audit.\n", + "in": "query", + "name": "to", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "Time is an optional exact time constraint for the audit.\n", + "in": "query", + "name": "time", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "RuleNames is used to filter by rule name.\n", + "in": "query", + "name": "ruleName", + "schema": { + "description": "RuleNames is used to filter by rule name.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Types is a filter by runtime audit type.\n", + "in": "query", + "name": "type", + "schema": { + "description": "Types is a filter by runtime audit type.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Effect is used to filter by runtime audit effect (block/alert).\n", + "in": "query", + "name": "effect", + "schema": { + "description": "Effect is used to filter by runtime audit effect (block/alert).\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Function is used to filter by function name.\n", + "in": "query", + "name": "function", + "schema": { + "description": "Function is used to filter by function name.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Runtime is used to filter by runtime.\n", + "in": "query", + "name": "runtime", + "schema": { + "description": "Runtime is used to filter by runtime.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "AttackTechniques are the MITRE attack techniques.\n", + "in": "query", + "name": "attackTechniques", + "schema": { + "description": "AttackTechniques are the MITRE attack techniques.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "RequestID is used to filter by request id.\n", + "in": "query", + "name": "requestID", + "schema": { + "description": "RequestID is used to filter by request id.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Message is the audit message text filter.\n", + "in": "query", + "name": "msg", + "schema": { + "description": "Message is the audit message text filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "AttackTypes is used to filter by runtime audit attack type.\n", + "in": "query", + "name": "attackType", + "schema": { + "description": "AttackTypes is used to filter by runtime audit attack type.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Aggregate indicates whether the result audits should be aggregated according to the Select field.\n", + "in": "query", + "name": "aggregate", + "schema": { + "type": "boolean" + } + } + ], + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/-_shared.RuntimeAudit" + } + } + }, + "description": "" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Audits" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorRuntimeServerless", + "saas": true, + "self-hosted": true + }, + "x-public": true, + "operationId": "get-audits-runtime-serverless", + "summary": "Get Runtime Serverless Audit Events" + } + }, + "/api/v30.03/audits/runtime/serverless/download": { + "get": { + "description": { + "$ref": "https://raw.githubusercontent.com/PaloAltoNetworks/prisma-cloud-docs/master/api/descriptions/audits/runtime_serverless_download_get.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Number of reports to retrieve in a page.\nFor PCCE, the maximum limit is 250.\nFor PCEE, the maximum limit is 50.\nThe default value is 50.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Retrieves the result for a search term.\n", + "in": "query", + "name": "search", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result using a key.\nRefer to the columns in the relevant Prisma Cloud Compute user interface to use them as sort keys.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": "Filters the result based on collection names that you have defined in Prisma Cloud Compute.\n", + "in": "query", + "name": "collections", + "schema": { + "description": "Filters the result based on collection names that you have defined in Prisma Cloud Compute.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Scopes the query by cloud provider.\n", + "in": "query", + "name": "provider", + "schema": { + "description": "Scopes the query by cloud provider.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters the result based on cloud account IDs.\n", + "in": "query", + "name": "accountIDs", + "schema": { + "description": "Filters the result based on cloud account IDs.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Scopes the query by resource ID.\n", + "in": "query", + "name": "resourceIDs", + "schema": { + "description": "Scopes the query by resource ID.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Scopes the query by cloud region.\n", + "in": "query", + "name": "region", + "schema": { + "description": "Scopes the query by cloud region.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Retrieves the fields that you need in a report.\nUse the list of fields you want to retrieve. By default, the result shows all fields of data.\n", + "in": "query", + "name": "fields", + "schema": { + "description": "Retrieves the fields that you need in a report.\nUse the list of fields you want to retrieve. By default, the result shows all fields of data.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "IDs are the audit IDs to filter.\n", + "in": "query", + "name": "id", + "schema": { + "description": "IDs are the audit IDs to filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "ProfileIDs are the profile IDs to filter.\n", + "in": "query", + "name": "profileID", + "schema": { + "description": "ProfileIDs are the profile IDs to filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "From is an optional minimum time constraints for the audit.\n", + "in": "query", + "name": "from", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "To is an optional maximum time constraints for the audit.\n", + "in": "query", + "name": "to", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "Time is used to filter by audit time.\n", + "in": "query", + "name": "time", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "ImageNames is the image name filter.\n", + "in": "query", + "name": "imageName", + "schema": { + "description": "ImageNames is the image name filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Containers is the container name filter.\n", + "in": "query", + "name": "container", + "schema": { + "description": "Containers is the container name filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "ContainerID is used to filter by container ID.\n", + "in": "query", + "name": "containerID", + "schema": { + "description": "ContainerID is used to filter by container ID.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "RuleNames is used to filter by rule name.\n", + "in": "query", + "name": "ruleName", + "schema": { + "description": "RuleNames is used to filter by rule name.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Types is used to filter by runtime audit type.\n", + "in": "query", + "name": "type", + "schema": { + "description": "Types is used to filter by runtime audit type.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Effect is used to filter by runtime audit effect (e.g., block/alert).\n", + "in": "query", + "name": "effect", + "schema": { + "description": "Effect is used to filter by runtime audit effect (e.g., block/alert).\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Users is used to filter by host users.\n", + "in": "query", + "name": "user", + "schema": { + "description": "Users is used to filter by host users.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "OS is the image OS distro filter.\n", + "in": "query", + "name": "os", + "schema": { + "description": "OS is the image OS distro filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Namespaces is the namespaces filter.\n", + "in": "query", + "name": "namespace", + "schema": { + "description": "Namespaces is the namespaces filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Clusters is the cluster filter.\n", + "in": "query", + "name": "cluster", + "schema": { + "description": "Clusters is the cluster filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "AttackTypes is used to filter by runtime audit attack type.\n", + "in": "query", + "name": "attackType", + "schema": { + "description": "AttackTypes is used to filter by runtime audit attack type.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Hostname is the hostname filter.\n", + "in": "query", + "name": "hostname", + "schema": { + "description": "Hostname is the hostname filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Message is the audit message text filter.\n", + "in": "query", + "name": "msg", + "schema": { + "description": "Message is the audit message text filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Interactive is the audit interactive filter.\n", + "in": "query", + "name": "interactive", + "schema": { + "description": "Interactive is the audit interactive filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Function is used to filter by function name.\n", + "in": "query", + "name": "function", + "schema": { + "description": "Function is used to filter by function name.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Runtime is used to filter by runtime.\n", + "in": "query", + "name": "runtime", + "schema": { + "description": "Runtime is used to filter by runtime.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "AttackTechniques are the MITRE attack techniques.\n", + "in": "query", + "name": "attackTechniques", + "schema": { + "description": "AttackTechniques are the MITRE attack techniques.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "App is the name constraint of the service that triggered the audit.\n", + "in": "query", + "name": "app", + "schema": { + "description": "App is the name constraint of the service that triggered the audit.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "ProcessPath is the path constraint of the process that triggered the audit.\n", + "in": "query", + "name": "processPath", + "schema": { + "description": "ProcessPath is the path constraint of the process that triggered the audit.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "RequestID is used to filter by request ID.\n", + "in": "query", + "name": "requestID", + "schema": { + "description": "RequestID is used to filter by request ID.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "FunctionID is used to filter by function ID.\n", + "in": "query", + "name": "functionID", + "schema": { + "description": "FunctionID is used to filter by function ID.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Aggregate indicates whether the result audits should be aggregated according to the Select field.\n", + "in": "query", + "name": "aggregate", + "schema": { + "type": "boolean" + } + }, + { + "description": "AppID is used to filter by embedded app or Fargate task that triggered the audit.\n", + "in": "query", + "name": "appID", + "schema": { + "description": "AppID is used to filter by embedded app or Fargate task that triggered the audit.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + } + ], + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Audits" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorRuntimeServerless", + "saas": true, + "self-hosted": true + }, + "x-public": true, + "operationId": "get-audits-runtime-serverless-download", + "summary": "Download Serverless Audit Events" + } + }, + "/api/v30.03/audits/runtime/serverless/timeslice": { + "get": { + "description": { + "$ref": "https://raw.githubusercontent.com/PaloAltoNetworks/prisma-cloud-docs/master/api/descriptions/audits/runtime_serverless_timeslice_get.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Number of reports to retrieve in a page.\nFor PCCE, the maximum limit is 250.\nFor PCEE, the maximum limit is 50.\nThe default value is 50.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Retrieves the result for a search term.\n", + "in": "query", + "name": "search", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result using a key.\nRefer to the columns in the relevant Prisma Cloud Compute user interface to use them as sort keys.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": "Filters the result based on collection names that you have defined in Prisma Cloud Compute.\n", + "in": "query", + "name": "collections", + "schema": { + "description": "Filters the result based on collection names that you have defined in Prisma Cloud Compute.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Scopes the query by cloud provider.\n", + "in": "query", + "name": "provider", + "schema": { + "description": "Scopes the query by cloud provider.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters the result based on cloud account IDs.\n", + "in": "query", + "name": "accountIDs", + "schema": { + "description": "Filters the result based on cloud account IDs.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Scopes the query by resource ID.\n", + "in": "query", + "name": "resourceIDs", + "schema": { + "description": "Scopes the query by resource ID.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Scopes the query by cloud region.\n", + "in": "query", + "name": "region", + "schema": { + "description": "Scopes the query by cloud region.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Retrieves the fields that you need in a report.\nUse the list of fields you want to retrieve. By default, the result shows all fields of data.\n", + "in": "query", + "name": "fields", + "schema": { + "description": "Retrieves the fields that you need in a report.\nUse the list of fields you want to retrieve. By default, the result shows all fields of data.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "IDs are the audit IDs to filter.\n", + "in": "query", + "name": "id", + "schema": { + "description": "IDs are the audit IDs to filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "ProfileIDs are the profile IDs to filter.\n", + "in": "query", + "name": "profileID", + "schema": { + "description": "ProfileIDs are the profile IDs to filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "From is an optional minimum time constraints for the audit.\n", + "in": "query", + "name": "from", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "To is an optional maximum time constraints for the audit.\n", + "in": "query", + "name": "to", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "Time is used to filter by audit time.\n", + "in": "query", + "name": "time", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "ImageNames is the image name filter.\n", + "in": "query", + "name": "imageName", + "schema": { + "description": "ImageNames is the image name filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Containers is the container name filter.\n", + "in": "query", + "name": "container", + "schema": { + "description": "Containers is the container name filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "ContainerID is used to filter by container ID.\n", + "in": "query", + "name": "containerID", + "schema": { + "description": "ContainerID is used to filter by container ID.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "RuleNames is used to filter by rule name.\n", + "in": "query", + "name": "ruleName", + "schema": { + "description": "RuleNames is used to filter by rule name.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Types is used to filter by runtime audit type.\n", + "in": "query", + "name": "type", + "schema": { + "description": "Types is used to filter by runtime audit type.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Effect is used to filter by runtime audit effect (e.g., block/alert).\n", + "in": "query", + "name": "effect", + "schema": { + "description": "Effect is used to filter by runtime audit effect (e.g., block/alert).\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Users is used to filter by host users.\n", + "in": "query", + "name": "user", + "schema": { + "description": "Users is used to filter by host users.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "OS is the image OS distro filter.\n", + "in": "query", + "name": "os", + "schema": { + "description": "OS is the image OS distro filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Namespaces is the namespaces filter.\n", + "in": "query", + "name": "namespace", + "schema": { + "description": "Namespaces is the namespaces filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Clusters is the cluster filter.\n", + "in": "query", + "name": "cluster", + "schema": { + "description": "Clusters is the cluster filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "AttackTypes is used to filter by runtime audit attack type.\n", + "in": "query", + "name": "attackType", + "schema": { + "description": "AttackTypes is used to filter by runtime audit attack type.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Hostname is the hostname filter.\n", + "in": "query", + "name": "hostname", + "schema": { + "description": "Hostname is the hostname filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Message is the audit message text filter.\n", + "in": "query", + "name": "msg", + "schema": { + "description": "Message is the audit message text filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Interactive is the audit interactive filter.\n", + "in": "query", + "name": "interactive", + "schema": { + "description": "Interactive is the audit interactive filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Function is used to filter by function name.\n", + "in": "query", + "name": "function", + "schema": { + "description": "Function is used to filter by function name.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Runtime is used to filter by runtime.\n", + "in": "query", + "name": "runtime", + "schema": { + "description": "Runtime is used to filter by runtime.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "AttackTechniques are the MITRE attack techniques.\n", + "in": "query", + "name": "attackTechniques", + "schema": { + "description": "AttackTechniques are the MITRE attack techniques.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "App is the name constraint of the service that triggered the audit.\n", + "in": "query", + "name": "app", + "schema": { + "description": "App is the name constraint of the service that triggered the audit.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "ProcessPath is the path constraint of the process that triggered the audit.\n", + "in": "query", + "name": "processPath", + "schema": { + "description": "ProcessPath is the path constraint of the process that triggered the audit.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "RequestID is used to filter by request ID.\n", + "in": "query", + "name": "requestID", + "schema": { + "description": "RequestID is used to filter by request ID.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "FunctionID is used to filter by function ID.\n", + "in": "query", + "name": "functionID", + "schema": { + "description": "FunctionID is used to filter by function ID.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Aggregate indicates whether the result audits should be aggregated according to the Select field.\n", + "in": "query", + "name": "aggregate", + "schema": { + "type": "boolean" + } + }, + { + "description": "AppID is used to filter by embedded app or Fargate task that triggered the audit.\n", + "in": "query", + "name": "appID", + "schema": { + "description": "AppID is used to filter by embedded app or Fargate task that triggered the audit.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Buckets is the number of buckets to return.\n", + "in": "query", + "name": "buckets", + "schema": { + "type": "integer" + } + } + ], + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/-_types.AuditTimeslice" + } + } + }, + "description": "" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Audits" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorRuntimeServerless", + "saas": true, + "self-hosted": true + }, + "x-public": true, + "operationId": "get-audits-runtime-serverless-timeslice", + "summary": "Get Runtime Serverless Audit Events for a Timeframe" + } + }, + "/api/v30.03/audits/trust": { + "get": { + "description": { + "$ref": "https://raw.githubusercontent.com/PaloAltoNetworks/prisma-cloud-docs/master/api/descriptions/audits/trust_get.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Number of reports to retrieve in a page.\nFor PCCE, the maximum limit is 250.\nFor PCEE, the maximum limit is 50.\nThe default value is 50.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Retrieves the result for a search term.\n", + "in": "query", + "name": "search", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result using a key.\nRefer to the columns in the relevant Prisma Cloud Compute user interface to use them as sort keys.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": "Filters the result based on collection names that you have defined in Prisma Cloud Compute.\n", + "in": "query", + "name": "collections", + "schema": { + "description": "Filters the result based on collection names that you have defined in Prisma Cloud Compute.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Scopes the query by cloud provider.\n", + "in": "query", + "name": "provider", + "schema": { + "description": "Scopes the query by cloud provider.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters the result based on cloud account IDs.\n", + "in": "query", + "name": "accountIDs", + "schema": { + "description": "Filters the result based on cloud account IDs.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Scopes the query by resource ID.\n", + "in": "query", + "name": "resourceIDs", + "schema": { + "description": "Scopes the query by resource ID.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Scopes the query by cloud region.\n", + "in": "query", + "name": "region", + "schema": { + "description": "Scopes the query by cloud region.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Retrieves the fields that you need in a report.\nUse the list of fields you want to retrieve. By default, the result shows all fields of data.\n", + "in": "query", + "name": "fields", + "schema": { + "description": "Retrieves the fields that you need in a report.\nUse the list of fields you want to retrieve. By default, the result shows all fields of data.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "From is an optional minimum time constraints for the audit.\n", + "in": "query", + "name": "from", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "To is an optional maximum time constraints for the audit.\n", + "in": "query", + "name": "to", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "RuleNames is used to filter by rulename.\n", + "in": "query", + "name": "ruleName", + "schema": { + "description": "RuleNames is used to filter by rulename.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Effect is used to filter by runtime audit effect (block/alert).\n", + "in": "query", + "name": "effect", + "schema": { + "description": "Effect is used to filter by runtime audit effect (block/alert).\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "IDs is used to filter by registry/repo.\n", + "in": "query", + "name": "_id", + "schema": { + "description": "IDs is used to filter by registry/repo.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + } + ], + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/-_shared.TrustAudits" + } + } + }, + "description": "" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Audits" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorImages", + "saas": true, + "self-hosted": true + }, + "x-public": true, + "operationId": "get-audits-trust", + "summary": "Get Trust Audit Events" + } + }, + "/api/v30.03/audits/trust/download": { + "get": { + "description": { + "$ref": "https://raw.githubusercontent.com/PaloAltoNetworks/prisma-cloud-docs/master/api/descriptions/audits/trust_download_get.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Number of reports to retrieve in a page.\nFor PCCE, the maximum limit is 250.\nFor PCEE, the maximum limit is 50.\nThe default value is 50.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Retrieves the result for a search term.\n", + "in": "query", + "name": "search", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result using a key.\nRefer to the columns in the relevant Prisma Cloud Compute user interface to use them as sort keys.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": "Filters the result based on collection names that you have defined in Prisma Cloud Compute.\n", + "in": "query", + "name": "collections", + "schema": { + "description": "Filters the result based on collection names that you have defined in Prisma Cloud Compute.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Scopes the query by cloud provider.\n", + "in": "query", + "name": "provider", + "schema": { + "description": "Scopes the query by cloud provider.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters the result based on cloud account IDs.\n", + "in": "query", + "name": "accountIDs", + "schema": { + "description": "Filters the result based on cloud account IDs.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Scopes the query by resource ID.\n", + "in": "query", + "name": "resourceIDs", + "schema": { + "description": "Scopes the query by resource ID.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Scopes the query by cloud region.\n", + "in": "query", + "name": "region", + "schema": { + "description": "Scopes the query by cloud region.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Retrieves the fields that you need in a report.\nUse the list of fields you want to retrieve. By default, the result shows all fields of data.\n", + "in": "query", + "name": "fields", + "schema": { + "description": "Retrieves the fields that you need in a report.\nUse the list of fields you want to retrieve. By default, the result shows all fields of data.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "From is an optional minimum time constraints for the audit.\n", + "in": "query", + "name": "from", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "To is an optional maximum time constraints for the audit.\n", + "in": "query", + "name": "to", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "RuleNames is used to filter by rulename.\n", + "in": "query", + "name": "ruleName", + "schema": { + "description": "RuleNames is used to filter by rulename.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Effect is used to filter by runtime audit effect (block/alert).\n", + "in": "query", + "name": "effect", + "schema": { + "description": "Effect is used to filter by runtime audit effect (block/alert).\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "IDs is used to filter by registry/repo.\n", + "in": "query", + "name": "_id", + "schema": { + "description": "IDs is used to filter by registry/repo.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + } + ], + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Audits" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorImages", + "saas": true, + "self-hosted": true + }, + "x-public": true, + "operationId": "get-audits-trust-download", + "summary": "Download Trust Audit Events" + } + }, + "/api/v30.03/authenticate": { + "post": { + "description": { + "$ref": "https://raw.githubusercontent.com/PaloAltoNetworks/prisma-cloud-docs/master/api/descriptions/authenticate/post.md" + }, + "requestBody": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/api.AuthenticationRequest" + } + } + } + }, + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/api.AuthenticationResponse" + } + } + }, + "description": "AuthenticationResponse returns the result of calling the authentication endpoint" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Authenticate" + ], + "x-prisma-cloud-target-env": { + "permission": "none", + "saas": true, + "self-hosted": true + }, + "x-public": true, + "operationId": "post-authenticate", + "summary": "Get User Authentication Access Token" + } + }, + "/api/v30.03/authenticate-client": { + "post": { + "description": { + "$ref": "https://raw.githubusercontent.com/PaloAltoNetworks/prisma-cloud-docs/master/api/descriptions/authenticate-client/post.md" + }, + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/types.ConsoleAuthResponse" + } + } + }, + "description": "ConsoleAuthResponse represents the console certificates authentication response" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Authenticate-Client" + ], + "x-prisma-cloud-target-env": { + "permission": "none", + "saas": false, + "self-hosted": true + }, + "x-public": true, + "operationId": "post-authenticate-client", + "summary": "Get Client Authentication Access Token" + } + }, + "/api/v30.03/cloud/discovery": { + "get": { + "description": { + "$ref": "https://raw.githubusercontent.com/PaloAltoNetworks/prisma-cloud-docs/master/api/descriptions/cloud/discovery_get.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Number of reports to retrieve in a page.\nFor PCCE, the maximum limit is 250.\nFor PCEE, the maximum limit is 50.\nThe default value is 50.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Retrieves the result for a search term.\n", + "in": "query", + "name": "search", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result using a key.\nRefer to the columns in the relevant Prisma Cloud Compute user interface to use them as sort keys.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": "Filters the result based on collection names that you have defined in Prisma Cloud Compute.\n", + "in": "query", + "name": "collections", + "schema": { + "description": "Filters the result based on collection names that you have defined in Prisma Cloud Compute.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Scopes the query by cloud provider.\n", + "in": "query", + "name": "provider", + "schema": { + "description": "Scopes the query by cloud provider.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters the result based on cloud account IDs.\n", + "in": "query", + "name": "accountIDs", + "schema": { + "description": "Filters the result based on cloud account IDs.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Scopes the query by resource ID.\n", + "in": "query", + "name": "resourceIDs", + "schema": { + "description": "Scopes the query by resource ID.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Scopes the query by cloud region.\n", + "in": "query", + "name": "region", + "schema": { + "description": "Scopes the query by cloud region.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Retrieves the fields that you need in a report.\nUse the list of fields you want to retrieve. By default, the result shows all fields of data.\n", + "in": "query", + "name": "fields", + "schema": { + "description": "Retrieves the fields that you need in a report.\nUse the list of fields you want to retrieve. By default, the result shows all fields of data.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "CredentialID is the account filter.\n", + "in": "query", + "name": "credentialID", + "schema": { + "description": "CredentialID is the account filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "ServiceType is the service type filter.\n", + "in": "query", + "name": "serviceType", + "schema": { + "description": "ServiceType is the service type filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Registry is the registry filter.\n", + "in": "query", + "name": "registry", + "schema": { + "description": "Registry is the registry filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "AccountName is the account name filter.\n", + "in": "query", + "name": "accountName", + "schema": { + "description": "AccountName is the account name filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Agentless is the agentless filter.\n", + "in": "query", + "name": "agentless", + "schema": { + "type": "boolean" + } + } + ], + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/-_shared.CloudDiscoveryResult" + } + } + }, + "description": "" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Cloud" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorCloud", + "saas": true, + "self-hosted": true + }, + "x-public": true, + "operationId": "get-cloud-discovery", + "summary": "Get Cloud Discovery Scan Results" + } + }, + "/api/v30.03/cloud/discovery/download": { + "get": { + "description": { + "$ref": "https://raw.githubusercontent.com/PaloAltoNetworks/prisma-cloud-docs/master/api/descriptions/cloud/discovery_download_get.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Number of reports to retrieve in a page.\nFor PCCE, the maximum limit is 250.\nFor PCEE, the maximum limit is 50.\nThe default value is 50.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Retrieves the result for a search term.\n", + "in": "query", + "name": "search", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result using a key.\nRefer to the columns in the relevant Prisma Cloud Compute user interface to use them as sort keys.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": "Filters the result based on collection names that you have defined in Prisma Cloud Compute.\n", + "in": "query", + "name": "collections", + "schema": { + "description": "Filters the result based on collection names that you have defined in Prisma Cloud Compute.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Scopes the query by cloud provider.\n", + "in": "query", + "name": "provider", + "schema": { + "description": "Scopes the query by cloud provider.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters the result based on cloud account IDs.\n", + "in": "query", + "name": "accountIDs", + "schema": { + "description": "Filters the result based on cloud account IDs.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Scopes the query by resource ID.\n", + "in": "query", + "name": "resourceIDs", + "schema": { + "description": "Scopes the query by resource ID.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Scopes the query by cloud region.\n", + "in": "query", + "name": "region", + "schema": { + "description": "Scopes the query by cloud region.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Retrieves the fields that you need in a report.\nUse the list of fields you want to retrieve. By default, the result shows all fields of data.\n", + "in": "query", + "name": "fields", + "schema": { + "description": "Retrieves the fields that you need in a report.\nUse the list of fields you want to retrieve. By default, the result shows all fields of data.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "CredentialID is the account filter.\n", + "in": "query", + "name": "credentialID", + "schema": { + "description": "CredentialID is the account filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "ServiceType is the service type filter.\n", + "in": "query", + "name": "serviceType", + "schema": { + "description": "ServiceType is the service type filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Registry is the registry filter.\n", + "in": "query", + "name": "registry", + "schema": { + "description": "Registry is the registry filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "AccountName is the account name filter.\n", + "in": "query", + "name": "accountName", + "schema": { + "description": "AccountName is the account name filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Agentless is the agentless filter.\n", + "in": "query", + "name": "agentless", + "schema": { + "type": "boolean" + } + } + ], + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Cloud" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorCloud", + "saas": true, + "self-hosted": true + }, + "x-public": true, + "operationId": "get-cloud-discovery-download", + "summary": "Download Cloud Discovery Scan Results" + } + }, + "/api/v30.03/cloud/discovery/entities": { + "get": { + "description": { + "$ref": "https://raw.githubusercontent.com/PaloAltoNetworks/prisma-cloud-docs/master/api/descriptions/cloud/discovery_entities_get.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Number of reports to retrieve in a page.\nFor PCCE, the maximum limit is 250.\nFor PCEE, the maximum limit is 50.\nThe default value is 50.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Retrieves the result for a search term.\n", + "in": "query", + "name": "search", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result using a key.\nRefer to the columns in the relevant Prisma Cloud Compute user interface to use them as sort keys.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": "Filters the result based on collection names that you have defined in Prisma Cloud Compute.\n", + "in": "query", + "name": "collections", + "schema": { + "description": "Filters the result based on collection names that you have defined in Prisma Cloud Compute.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Scopes the query by cloud provider.\n", + "in": "query", + "name": "provider", + "schema": { + "description": "Scopes the query by cloud provider.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters the result based on cloud account IDs.\n", + "in": "query", + "name": "accountIDs", + "schema": { + "description": "Filters the result based on cloud account IDs.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Scopes the query by resource ID.\n", + "in": "query", + "name": "resourceIDs", + "schema": { + "description": "Scopes the query by resource ID.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Scopes the query by cloud region.\n", + "in": "query", + "name": "region", + "schema": { + "description": "Scopes the query by cloud region.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Retrieves the fields that you need in a report.\nUse the list of fields you want to retrieve. By default, the result shows all fields of data.\n", + "in": "query", + "name": "fields", + "schema": { + "description": "Retrieves the fields that you need in a report.\nUse the list of fields you want to retrieve. By default, the result shows all fields of data.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "CredentialID is the account filter.\n", + "in": "query", + "name": "credentialID", + "schema": { + "description": "CredentialID is the account filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "ServiceType is the service type filter.\n", + "in": "query", + "name": "serviceType", + "schema": { + "description": "ServiceType is the service type filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Registry is the registry filter.\n", + "in": "query", + "name": "registry", + "schema": { + "description": "Registry is the registry filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Zone is the zone filter.\n", + "in": "query", + "name": "zone", + "schema": { + "description": "Zone is the zone filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Defended is the defended filter.\n", + "in": "query", + "name": "defended", + "schema": { + "type": "boolean" + } + } + ], + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/-_shared.CloudDiscoveryEntity" + } + } + }, + "description": "" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Cloud" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorCloud", + "saas": true, + "self-hosted": true + }, + "x-public": true, + "operationId": "get-cloud-discovery-entities", + "summary": "Get Discovered Cloud Entities" + } + }, + "/api/v30.03/cloud/discovery/scan": { + "post": { + "description": { + "$ref": "https://raw.githubusercontent.com/PaloAltoNetworks/prisma-cloud-docs/master/api/descriptions/cloud/discovery_scan_post.md" + }, + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Cloud" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorCloud", + "saas": true, + "self-hosted": true + }, + "x-public": true, + "operationId": "post-cloud-discovery-scan", + "summary": "Start a Cloud Discovery Scan" + } + }, + "/api/v30.03/cloud/discovery/stop": { + "post": { + "description": { + "$ref": "https://raw.githubusercontent.com/PaloAltoNetworks/prisma-cloud-docs/master/api/descriptions/cloud/discovery_stop_post.md" + }, + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Cloud" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorCloud", + "saas": true, + "self-hosted": true + }, + "x-public": true, + "operationId": "post-cloud-discovery-stop", + "summary": "Stop a Cloud Discovery Scan" + } + }, + "/api/v30.03/cloud/discovery/vms": { + "get": { + "description": { + "$ref": "https://raw.githubusercontent.com/PaloAltoNetworks/prisma-cloud-docs/master/api/descriptions/cloud/discovery_vms_get.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Number of reports to retrieve in a page.\nFor PCCE, the maximum limit is 250.\nFor PCEE, the maximum limit is 50.\nThe default value is 50.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Retrieves the result for a search term.\n", + "in": "query", + "name": "search", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result using a key.\nRefer to the columns in the relevant Prisma Cloud Compute user interface to use them as sort keys.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": "Filters the result based on collection names that you have defined in Prisma Cloud Compute.\n", + "in": "query", + "name": "collections", + "schema": { + "description": "Filters the result based on collection names that you have defined in Prisma Cloud Compute.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Scopes the query by cloud provider.\n", + "in": "query", + "name": "provider", + "schema": { + "description": "Scopes the query by cloud provider.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters the result based on cloud account IDs.\n", + "in": "query", + "name": "accountIDs", + "schema": { + "description": "Filters the result based on cloud account IDs.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Scopes the query by resource ID.\n", + "in": "query", + "name": "resourceIDs", + "schema": { + "description": "Scopes the query by resource ID.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Scopes the query by cloud region.\n", + "in": "query", + "name": "region", + "schema": { + "description": "Scopes the query by cloud region.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Retrieves the fields that you need in a report.\nUse the list of fields you want to retrieve. By default, the result shows all fields of data.\n", + "in": "query", + "name": "fields", + "schema": { + "description": "Retrieves the fields that you need in a report.\nUse the list of fields you want to retrieve. By default, the result shows all fields of data.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "HasDefender indicates only VMs with or without a defender should return.\n", + "in": "query", + "name": "hasDefender", + "schema": { + "type": "boolean" + } + } + ], + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/-_types.DiscoveredVM" + } + } + }, + "description": "" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Cloud" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorCloud", + "saas": true, + "self-hosted": true + }, + "x-public": true, + "operationId": "get-cloud-discovery-vms", + "summary": "Get Discovered VMs" + } + }, + "/api/v30.03/coderepos-ci": { + "post": { + "description": "AddCICodeRepo adds a CI code repo scan result\n", + "requestBody": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/coderepos.ScanResult" + } + } + } + }, + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Coderepos-Ci" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorCI", + "saas": true, + "self-hosted": true + }, + "x-public": true, + "operationId": "post-coderepos-ci", + "summary": " Add CI Code Repo" + } + }, + "/api/v30.03/coderepos-ci/evaluate": { + "post": { + "description": "ResolveCodeRepos adds vulnerability data for the given code repo scan result\n", + "requestBody": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/coderepos.ScanResult" + } + } + } + }, + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/coderepos.ScanResult" + } + } + }, + "description": "ScanResult holds a specific repository data" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Coderepos-Ci" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorCI", + "saas": true, + "self-hosted": true + }, + "x-public": true, + "operationId": "post-coderepos-ci-evaluate", + "summary": " Resolve Code Repos" + } + }, + "/api/v30.03/collections": { + "get": { + "description": { + "$ref": "https://raw.githubusercontent.com/PaloAltoNetworks/prisma-cloud-docs/master/api/descriptions/collections/get.md" + }, + "parameters": [ + { + "description": "ExcludePrisma indicates to exclude Prisma collections.\n", + "in": "query", + "name": "excludePrisma", + "schema": { + "type": "boolean" + } + } + ], + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/-_collection.Collection" + } + } + }, + "description": "" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Collections" + ], + "x-prisma-cloud-target-env": { + "permission": "collections", + "saas": true, + "self-hosted": true + }, + "x-public": true, + "operationId": "get-collections", + "summary": "Get Collections" + }, + "post": { + "description": { + "$ref": "https://raw.githubusercontent.com/PaloAltoNetworks/prisma-cloud-docs/master/api/descriptions/collections/post.md" + }, + "requestBody": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/collection.Collection" + } + } + } + }, + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Collections" + ], + "x-prisma-cloud-target-env": { + "permission": "collections", + "saas": true, + "self-hosted": true + }, + "x-public": true, + "operationId": "post-collections", + "summary": "Add a New Collection" + } + }, + "/api/v30.03/collections/{id}": { + "delete": { + "description": { + "$ref": "https://raw.githubusercontent.com/PaloAltoNetworks/prisma-cloud-docs/master/api/descriptions/collections/name_delete.md" + }, + "parameters": [ + { + "in": "path", + "name": "id", + "required": true, + "schema": { + "type": "string" + } + } + ], + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Collections" + ], + "x-prisma-cloud-target-env": { + "permission": "collections", + "saas": true, + "self-hosted": true + }, + "x-public": true, + "operationId": "delete-collections-id", + "summary": "Delete an Existing Collection" + }, + "put": { + "description": { + "$ref": "https://raw.githubusercontent.com/PaloAltoNetworks/prisma-cloud-docs/master/api/descriptions/collections/name_put.md" + }, + "parameters": [ + { + "in": "path", + "name": "id", + "required": true, + "schema": { + "type": "string" + } + } + ], + "requestBody": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/collection.Collection" + } + } + } + }, + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Collections" + ], + "x-prisma-cloud-target-env": { + "permission": "collections", + "saas": true, + "self-hosted": true + }, + "x-public": true, + "operationId": "put-collections-id", + "summary": "Update an Existing Collection" + } + }, + "/api/v30.03/collections/{id}/usages": { + "get": { + "description": { + "$ref": "https://raw.githubusercontent.com/PaloAltoNetworks/prisma-cloud-docs/master/api/descriptions/collections/name_usages_get.md" + }, + "parameters": [ + { + "in": "path", + "name": "id", + "required": true, + "schema": { + "type": "string" + } + } + ], + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/-_collection.Usage" + } + } + }, + "description": "" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Collections" + ], + "x-prisma-cloud-target-env": { + "permission": "collections", + "saas": true, + "self-hosted": true + }, + "x-public": true, + "operationId": "get-collections-id-usages", + "summary": "Get Policies for a Collection" + } + }, + "/api/v30.03/containers": { + "get": { + "description": { + "$ref": "https://raw.githubusercontent.com/PaloAltoNetworks/prisma-cloud-docs/master/api/descriptions/containers/get.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Number of reports to retrieve in a page.\nFor PCCE, the maximum limit is 250.\nFor PCEE, the maximum limit is 50.\nThe default value is 50.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Retrieves the result for a search term.\n", + "in": "query", + "name": "search", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result using a key.\nRefer to the columns in the relevant Prisma Cloud Compute user interface to use them as sort keys.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": "Filters the result based on collection names that you have defined in Prisma Cloud Compute.\n", + "in": "query", + "name": "collections", + "schema": { + "description": "Filters the result based on collection names that you have defined in Prisma Cloud Compute.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Scopes the query by cloud provider.\n", + "in": "query", + "name": "provider", + "schema": { + "description": "Scopes the query by cloud provider.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters the result based on cloud account IDs.\n", + "in": "query", + "name": "accountIDs", + "schema": { + "description": "Filters the result based on cloud account IDs.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Scopes the query by resource ID.\n", + "in": "query", + "name": "resourceIDs", + "schema": { + "description": "Scopes the query by resource ID.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Scopes the query by cloud region.\n", + "in": "query", + "name": "region", + "schema": { + "description": "Scopes the query by cloud region.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Retrieves the fields that you need in a report.\nUse the list of fields you want to retrieve. By default, the result shows all fields of data.\n", + "in": "query", + "name": "fields", + "schema": { + "description": "Retrieves the fields that you need in a report.\nUse the list of fields you want to retrieve. By default, the result shows all fields of data.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Hosts is used to filter containers by host.\n", + "in": "query", + "name": "hostname", + "schema": { + "description": "Hosts is used to filter containers by host.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Images is used to filter containers by image name.\n", + "in": "query", + "name": "image", + "schema": { + "description": "Images is used to filter containers by image name.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "ImageIDs is used to filter containers by image ids.\n", + "in": "query", + "name": "imageId", + "schema": { + "description": "ImageIDs is used to filter containers by image ids.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "IDs is used to filter container by container ID.\n", + "in": "query", + "name": "id", + "schema": { + "description": "IDs is used to filter container by container ID.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "ProfileIDs is used to filter container by runtime profile ID.\n", + "in": "query", + "name": "profileId", + "schema": { + "description": "ProfileIDs is used to filter container by runtime profile ID.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Namespaces are the namespaces to filter.\n", + "in": "query", + "name": "namespaces", + "schema": { + "description": "Namespaces are the namespaces to filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "FirewallSupported is used to fetch containers with app firewall supported.\n", + "in": "query", + "name": "firewallSupported", + "schema": { + "type": "boolean" + } + }, + { + "description": "Clusters is used to filter containers by cluster name.\n", + "in": "query", + "name": "clusters", + "schema": { + "description": "Clusters is used to filter containers by cluster name.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "ComplianceIDs is used to filter containers by compliance IDs.\n", + "in": "query", + "name": "complianceIDs", + "schema": { + "description": "ComplianceIDs is used to filter containers by compliance IDs.\n", + "items": { + "$ref": "#/components/schemas/int" + }, + "type": "array" + } + }, + { + "description": "Agentless indicates that we should return only containers that were scanned by an agentless scanner.\n", + "in": "query", + "name": "agentless", + "schema": { + "type": "boolean" + } + } + ], + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/-_shared.ContainerScanResult" + } + } + }, + "description": "" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Containers" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorImages", + "saas": true, + "self-hosted": true + }, + "x-public": true, + "operationId": "get-containers", + "summary": "Get Container Scan Results" + } + }, + "/api/v30.03/containers/count": { + "get": { + "description": { + "$ref": "https://raw.githubusercontent.com/PaloAltoNetworks/prisma-cloud-docs/master/api/descriptions/containers/count_get.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Number of reports to retrieve in a page.\nFor PCCE, the maximum limit is 250.\nFor PCEE, the maximum limit is 50.\nThe default value is 50.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Retrieves the result for a search term.\n", + "in": "query", + "name": "search", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result using a key.\nRefer to the columns in the relevant Prisma Cloud Compute user interface to use them as sort keys.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": "Filters the result based on collection names that you have defined in Prisma Cloud Compute.\n", + "in": "query", + "name": "collections", + "schema": { + "description": "Filters the result based on collection names that you have defined in Prisma Cloud Compute.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Scopes the query by cloud provider.\n", + "in": "query", + "name": "provider", + "schema": { + "description": "Scopes the query by cloud provider.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters the result based on cloud account IDs.\n", + "in": "query", + "name": "accountIDs", + "schema": { + "description": "Filters the result based on cloud account IDs.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Scopes the query by resource ID.\n", + "in": "query", + "name": "resourceIDs", + "schema": { + "description": "Scopes the query by resource ID.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Scopes the query by cloud region.\n", + "in": "query", + "name": "region", + "schema": { + "description": "Scopes the query by cloud region.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Retrieves the fields that you need in a report.\nUse the list of fields you want to retrieve. By default, the result shows all fields of data.\n", + "in": "query", + "name": "fields", + "schema": { + "description": "Retrieves the fields that you need in a report.\nUse the list of fields you want to retrieve. By default, the result shows all fields of data.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Hosts is used to filter containers by host.\n", + "in": "query", + "name": "hostname", + "schema": { + "description": "Hosts is used to filter containers by host.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Images is used to filter containers by image name.\n", + "in": "query", + "name": "image", + "schema": { + "description": "Images is used to filter containers by image name.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "ImageIDs is used to filter containers by image ids.\n", + "in": "query", + "name": "imageId", + "schema": { + "description": "ImageIDs is used to filter containers by image ids.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "IDs is used to filter container by container ID.\n", + "in": "query", + "name": "id", + "schema": { + "description": "IDs is used to filter container by container ID.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "ProfileIDs is used to filter container by runtime profile ID.\n", + "in": "query", + "name": "profileId", + "schema": { + "description": "ProfileIDs is used to filter container by runtime profile ID.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Namespaces are the namespaces to filter.\n", + "in": "query", + "name": "namespaces", + "schema": { + "description": "Namespaces are the namespaces to filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "FirewallSupported is used to fetch containers with app firewall supported.\n", + "in": "query", + "name": "firewallSupported", + "schema": { + "type": "boolean" + } + }, + { + "description": "Clusters is used to filter containers by cluster name.\n", + "in": "query", + "name": "clusters", + "schema": { + "description": "Clusters is used to filter containers by cluster name.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "ComplianceIDs is used to filter containers by compliance IDs.\n", + "in": "query", + "name": "complianceIDs", + "schema": { + "description": "ComplianceIDs is used to filter containers by compliance IDs.\n", + "items": { + "$ref": "#/components/schemas/int" + }, + "type": "array" + } + }, + { + "description": "Agentless indicates that we should return only containers that were scanned by an agentless scanner.\n", + "in": "query", + "name": "agentless", + "schema": { + "type": "boolean" + } + } + ], + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/int" + } + } + }, + "description": "" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Containers" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorImages", + "saas": true, + "self-hosted": true + }, + "x-public": true, + "operationId": "get-containers-count", + "summary": "Get Containers Count" + } + }, + "/api/v30.03/containers/download": { + "get": { + "description": { + "$ref": "https://raw.githubusercontent.com/PaloAltoNetworks/prisma-cloud-docs/master/api/descriptions/containers/download_get.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Number of reports to retrieve in a page.\nFor PCCE, the maximum limit is 250.\nFor PCEE, the maximum limit is 50.\nThe default value is 50.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Retrieves the result for a search term.\n", + "in": "query", + "name": "search", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result using a key.\nRefer to the columns in the relevant Prisma Cloud Compute user interface to use them as sort keys.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": "Filters the result based on collection names that you have defined in Prisma Cloud Compute.\n", + "in": "query", + "name": "collections", + "schema": { + "description": "Filters the result based on collection names that you have defined in Prisma Cloud Compute.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Scopes the query by cloud provider.\n", + "in": "query", + "name": "provider", + "schema": { + "description": "Scopes the query by cloud provider.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters the result based on cloud account IDs.\n", + "in": "query", + "name": "accountIDs", + "schema": { + "description": "Filters the result based on cloud account IDs.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Scopes the query by resource ID.\n", + "in": "query", + "name": "resourceIDs", + "schema": { + "description": "Scopes the query by resource ID.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Scopes the query by cloud region.\n", + "in": "query", + "name": "region", + "schema": { + "description": "Scopes the query by cloud region.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Retrieves the fields that you need in a report.\nUse the list of fields you want to retrieve. By default, the result shows all fields of data.\n", + "in": "query", + "name": "fields", + "schema": { + "description": "Retrieves the fields that you need in a report.\nUse the list of fields you want to retrieve. By default, the result shows all fields of data.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Hosts is used to filter containers by host.\n", + "in": "query", + "name": "hostname", + "schema": { + "description": "Hosts is used to filter containers by host.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Images is used to filter containers by image name.\n", + "in": "query", + "name": "image", + "schema": { + "description": "Images is used to filter containers by image name.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "ImageIDs is used to filter containers by image ids.\n", + "in": "query", + "name": "imageId", + "schema": { + "description": "ImageIDs is used to filter containers by image ids.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "IDs is used to filter container by container ID.\n", + "in": "query", + "name": "id", + "schema": { + "description": "IDs is used to filter container by container ID.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "ProfileIDs is used to filter container by runtime profile ID.\n", + "in": "query", + "name": "profileId", + "schema": { + "description": "ProfileIDs is used to filter container by runtime profile ID.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Namespaces are the namespaces to filter.\n", + "in": "query", + "name": "namespaces", + "schema": { + "description": "Namespaces are the namespaces to filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "FirewallSupported is used to fetch containers with app firewall supported.\n", + "in": "query", + "name": "firewallSupported", + "schema": { + "type": "boolean" + } + }, + { + "description": "Clusters is used to filter containers by cluster name.\n", + "in": "query", + "name": "clusters", + "schema": { + "description": "Clusters is used to filter containers by cluster name.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "ComplianceIDs is used to filter containers by compliance IDs.\n", + "in": "query", + "name": "complianceIDs", + "schema": { + "description": "ComplianceIDs is used to filter containers by compliance IDs.\n", + "items": { + "$ref": "#/components/schemas/int" + }, + "type": "array" + } + }, + { + "description": "Agentless indicates that we should return only containers that were scanned by an agentless scanner.\n", + "in": "query", + "name": "agentless", + "schema": { + "type": "boolean" + } + } + ], + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Containers" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorImages", + "saas": true, + "self-hosted": true + }, + "x-public": true, + "operationId": "get-containers-download", + "summary": "Download Container Scan Results" + } + }, + "/api/v30.03/containers/names": { + "get": { + "description": { + "$ref": "https://raw.githubusercontent.com/PaloAltoNetworks/prisma-cloud-docs/master/api/descriptions/containers/names_get.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Number of reports to retrieve in a page.\nFor PCCE, the maximum limit is 250.\nFor PCEE, the maximum limit is 50.\nThe default value is 50.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Retrieves the result for a search term.\n", + "in": "query", + "name": "search", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result using a key.\nRefer to the columns in the relevant Prisma Cloud Compute user interface to use them as sort keys.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": "Filters the result based on collection names that you have defined in Prisma Cloud Compute.\n", + "in": "query", + "name": "collections", + "schema": { + "description": "Filters the result based on collection names that you have defined in Prisma Cloud Compute.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Scopes the query by cloud provider.\n", + "in": "query", + "name": "provider", + "schema": { + "description": "Scopes the query by cloud provider.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters the result based on cloud account IDs.\n", + "in": "query", + "name": "accountIDs", + "schema": { + "description": "Filters the result based on cloud account IDs.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Scopes the query by resource ID.\n", + "in": "query", + "name": "resourceIDs", + "schema": { + "description": "Scopes the query by resource ID.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Scopes the query by cloud region.\n", + "in": "query", + "name": "region", + "schema": { + "description": "Scopes the query by cloud region.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Retrieves the fields that you need in a report.\nUse the list of fields you want to retrieve. By default, the result shows all fields of data.\n", + "in": "query", + "name": "fields", + "schema": { + "description": "Retrieves the fields that you need in a report.\nUse the list of fields you want to retrieve. By default, the result shows all fields of data.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Hosts is used to filter containers by host.\n", + "in": "query", + "name": "hostname", + "schema": { + "description": "Hosts is used to filter containers by host.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Images is used to filter containers by image name.\n", + "in": "query", + "name": "image", + "schema": { + "description": "Images is used to filter containers by image name.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "ImageIDs is used to filter containers by image ids.\n", + "in": "query", + "name": "imageId", + "schema": { + "description": "ImageIDs is used to filter containers by image ids.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "IDs is used to filter container by container ID.\n", + "in": "query", + "name": "id", + "schema": { + "description": "IDs is used to filter container by container ID.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "ProfileIDs is used to filter container by runtime profile ID.\n", + "in": "query", + "name": "profileId", + "schema": { + "description": "ProfileIDs is used to filter container by runtime profile ID.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Namespaces are the namespaces to filter.\n", + "in": "query", + "name": "namespaces", + "schema": { + "description": "Namespaces are the namespaces to filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "FirewallSupported is used to fetch containers with app firewall supported.\n", + "in": "query", + "name": "firewallSupported", + "schema": { + "type": "boolean" + } + }, + { + "description": "Clusters is used to filter containers by cluster name.\n", + "in": "query", + "name": "clusters", + "schema": { + "description": "Clusters is used to filter containers by cluster name.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "ComplianceIDs is used to filter containers by compliance IDs.\n", + "in": "query", + "name": "complianceIDs", + "schema": { + "description": "ComplianceIDs is used to filter containers by compliance IDs.\n", + "items": { + "$ref": "#/components/schemas/int" + }, + "type": "array" + } + }, + { + "description": "Agentless indicates that we should return only containers that were scanned by an agentless scanner.\n", + "in": "query", + "name": "agentless", + "schema": { + "type": "boolean" + } + } + ], + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/-_string" + } + } + }, + "description": "" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Containers" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorImages", + "saas": true, + "self-hosted": true + }, + "x-public": true, + "operationId": "get-containers-names", + "summary": "Get Container Names" + } + }, + "/api/v30.03/containers/scan": { + "post": { + "description": { + "$ref": "https://raw.githubusercontent.com/PaloAltoNetworks/prisma-cloud-docs/master/api/descriptions/containers/scan_post.md" + }, + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Containers" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorImages", + "saas": true, + "self-hosted": true + }, + "x-public": true, + "operationId": "post-containers-scan", + "summary": "Start a Container Scan" + } + }, + "/api/v30.03/credentials": { + "get": { + "description": { + "$ref": "https://raw.githubusercontent.com/PaloAltoNetworks/prisma-cloud-docs/master/api/descriptions/credentials/get.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Number of reports to retrieve in a page.\nFor PCCE, the maximum limit is 250.\nFor PCEE, the maximum limit is 50.\nThe default value is 50.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Retrieves the result for a search term.\n", + "in": "query", + "name": "search", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result using a key.\nRefer to the columns in the relevant Prisma Cloud Compute user interface to use them as sort keys.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": "Filters the result based on collection names that you have defined in Prisma Cloud Compute.\n", + "in": "query", + "name": "collections", + "schema": { + "description": "Filters the result based on collection names that you have defined in Prisma Cloud Compute.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Scopes the query by cloud provider.\n", + "in": "query", + "name": "provider", + "schema": { + "description": "Scopes the query by cloud provider.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters the result based on cloud account IDs.\n", + "in": "query", + "name": "accountIDs", + "schema": { + "description": "Filters the result based on cloud account IDs.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Scopes the query by resource ID.\n", + "in": "query", + "name": "resourceIDs", + "schema": { + "description": "Scopes the query by resource ID.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Scopes the query by cloud region.\n", + "in": "query", + "name": "region", + "schema": { + "description": "Scopes the query by cloud region.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Retrieves the fields that you need in a report.\nUse the list of fields you want to retrieve. By default, the result shows all fields of data.\n", + "in": "query", + "name": "fields", + "schema": { + "description": "Retrieves the fields that you need in a report.\nUse the list of fields you want to retrieve. By default, the result shows all fields of data.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "IDs are the credential IDs to filter.\n", + "in": "query", + "name": "ids", + "schema": { + "description": "IDs are the credential IDs to filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Cloud indicates whether to fetch cloud credentials (AWS/GCP/OCI/Azure) or other types of credentials.\n", + "in": "query", + "name": "cloud", + "schema": { + "type": "boolean" + } + }, + { + "description": "External indicates whether to fetch credentials imported from Prisma.\n", + "in": "query", + "name": "external", + "schema": { + "type": "boolean" + } + }, + { + "description": "AutoImported indicates whether to fetch credentials imported from Prisma automatically.\n", + "in": "query", + "name": "autoImported", + "schema": { + "type": "boolean" + } + } + ], + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/-_cred.Credential" + } + } + }, + "description": "" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Credentials" + ], + "x-prisma-cloud-target-env": { + "permission": "manageCreds", + "saas": true, + "self-hosted": true + }, + "x-public": true, + "operationId": "get-credentials", + "summary": "Get All Credentials" + }, + "post": { + "description": { + "$ref": "https://raw.githubusercontent.com/PaloAltoNetworks/prisma-cloud-docs/master/api/descriptions/credentials/post.md" + }, + "requestBody": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/cred.Credential" + } + } + } + }, + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Credentials" + ], + "x-prisma-cloud-target-env": { + "permission": "manageCreds", + "saas": true, + "self-hosted": true + }, + "x-public": true, + "operationId": "post-credentials", + "summary": "Add Credentials" + } + }, + "/api/v30.03/credentials/{id}": { + "delete": { + "description": { + "$ref": "https://raw.githubusercontent.com/PaloAltoNetworks/prisma-cloud-docs/master/api/descriptions/credentials/id_delete.md" + }, + "parameters": [ + { + "in": "path", + "name": "id", + "required": true, + "schema": { + "type": "string" + } + } + ], + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Credentials" + ], + "x-prisma-cloud-target-env": { + "permission": "manageCreds", + "saas": true, + "self-hosted": true + }, + "x-public": true, + "operationId": "delete-credentials-id", + "summary": "Delete a Credential" + } + }, + "/api/v30.03/credentials/{id}/usages": { + "get": { + "description": { + "$ref": "https://raw.githubusercontent.com/PaloAltoNetworks/prisma-cloud-docs/master/api/descriptions/credentials/id_usages_get.md" + }, + "parameters": [ + { + "in": "path", + "name": "id", + "required": true, + "schema": { + "type": "string" + } + } + ], + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/-_types.CredentialUsage" + } + } + }, + "description": "" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Credentials" + ], + "x-prisma-cloud-target-env": { + "permission": "manageCreds", + "saas": true, + "self-hosted": true + }, + "x-public": true, + "operationId": "get-credentials-id-usages", + "summary": "Get Credential Usages" + } + }, + "/api/v30.03/current/collections": { + "get": { + "description": "UserCollections returns collections in the current project that the user has permission to access\n", + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/-_types.UserCollection" + } + } + }, + "description": "" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Current" + ], + "x-prisma-cloud-target-env": { + "permission": "accessUI", + "saas": true, + "self-hosted": true + }, + "x-public": true, + "operationId": "get-current-collections", + "summary": " User Collections" + } + }, + "/api/v30.03/current/projects": { + "get": { + "description": "UserProjects gets current user projects\n", + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/-_types.UserProject" + } + } + }, + "description": "" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Current" + ], + "x-prisma-cloud-target-env": { + "permission": "accessUI", + "saas": false, + "self-hosted": true + }, + "x-public": true, + "operationId": "get-current-projects", + "summary": " User Projects" + } + }, + "/api/v30.03/custom-compliance": { + "get": { + "description": { + "$ref": "https://raw.githubusercontent.com/PaloAltoNetworks/prisma-cloud-docs/master/api/descriptions/custom-compliance/get.md" + }, + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/-_shared.CustomComplianceCheck" + } + } + }, + "description": "" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Custom-Compliance" + ], + "x-prisma-cloud-target-env": { + "permission": "policyComplianceCustomRules", + "saas": true, + "self-hosted": true + }, + "x-public": true, + "operationId": "get-custom-compliance", + "summary": "Get Custom Compliance Checks" + }, + "put": { + "description": { + "$ref": "https://raw.githubusercontent.com/PaloAltoNetworks/prisma-cloud-docs/master/api/descriptions/custom-compliance/put.md" + }, + "requestBody": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/shared.CustomComplianceCheck" + } + } + } + }, + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/shared.CustomComplianceCheck" + } + } + }, + "description": "CustomComplianceCheck represents a custom compliance check entry" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Custom-Compliance" + ], + "x-prisma-cloud-target-env": { + "permission": "policyComplianceCustomRules", + "saas": true, + "self-hosted": true + }, + "x-public": true, + "operationId": "put-custom-compliance", + "summary": "Update Custom Compliance Checks" + } + }, + "/api/v30.03/custom-compliance/{id}": { + "delete": { + "description": { + "$ref": "https://raw.githubusercontent.com/PaloAltoNetworks/prisma-cloud-docs/master/api/descriptions/custom-compliance/id_delete.md" + }, + "parameters": [ + { + "in": "path", + "name": "id", + "required": true, + "schema": { + "type": "string" + } + } + ], + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Custom-Compliance" + ], + "x-prisma-cloud-target-env": { + "permission": "policyComplianceCustomRules", + "saas": true, + "self-hosted": true + }, + "x-public": true, + "operationId": "delete-custom-compliance-id", + "summary": "Delete a Custom Compliance Check" + } + }, + "/api/v30.03/custom-rules": { + "get": { + "description": { + "$ref": "https://raw.githubusercontent.com/PaloAltoNetworks/prisma-cloud-docs/master/api/descriptions/custom-rules/get.md" + }, + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/-_customrules.Rule" + } + } + }, + "description": "" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Custom-Rules" + ], + "x-prisma-cloud-target-env": { + "permission": "policyCustomRules", + "saas": true, + "self-hosted": true + }, + "x-public": true, + "operationId": "get-custom-rules", + "summary": "Get Custom Rules" + } + }, + "/api/v30.03/custom-rules/{id}": { + "delete": { + "description": { + "$ref": "https://raw.githubusercontent.com/PaloAltoNetworks/prisma-cloud-docs/master/api/descriptions/custom-rules/id_delete.md" + }, + "parameters": [ + { + "in": "path", + "name": "id", + "required": true, + "schema": { + "type": "string" + } + } + ], + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Custom-Rules" + ], + "x-prisma-cloud-target-env": { + "permission": "policyCustomRules", + "saas": true, + "self-hosted": true + }, + "x-public": true, + "operationId": "delete-custom-rules-id", + "summary": "Delete a Custom Rule" + }, + "put": { + "description": "UpdateCustomRule creates/edits a custom rule\n", + "parameters": [ + { + "in": "path", + "name": "id", + "required": true, + "schema": { + "type": "string" + } + } + ], + "requestBody": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/customrules.Rule" + } + } + } + }, + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Custom-Rules" + ], + "x-prisma-cloud-target-env": { + "permission": "policyCustomRules", + "saas": true, + "self-hosted": true + }, + "x-public": true, + "operationId": "put-custom-rules-id", + "summary": " Update Custom Rule" + } + }, + "/api/v30.03/defenders": { + "get": { + "description": { + "$ref": "https://raw.githubusercontent.com/PaloAltoNetworks/prisma-cloud-docs/master/api/descriptions/defenders/get.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Number of reports to retrieve in a page.\nFor PCCE, the maximum limit is 250.\nFor PCEE, the maximum limit is 50.\nThe default value is 50.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Retrieves the result for a search term.\n", + "in": "query", + "name": "search", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result using a key.\nRefer to the columns in the relevant Prisma Cloud Compute user interface to use them as sort keys.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": "Filters the result based on collection names that you have defined in Prisma Cloud Compute.\n", + "in": "query", + "name": "collections", + "schema": { + "description": "Filters the result based on collection names that you have defined in Prisma Cloud Compute.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Scopes the query by cloud provider.\n", + "in": "query", + "name": "provider", + "schema": { + "description": "Scopes the query by cloud provider.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters the result based on cloud account IDs.\n", + "in": "query", + "name": "accountIDs", + "schema": { + "description": "Filters the result based on cloud account IDs.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Scopes the query by resource ID.\n", + "in": "query", + "name": "resourceIDs", + "schema": { + "description": "Scopes the query by resource ID.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Scopes the query by cloud region.\n", + "in": "query", + "name": "region", + "schema": { + "description": "Scopes the query by cloud region.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Retrieves the fields that you need in a report.\nUse the list of fields you want to retrieve. By default, the result shows all fields of data.\n", + "in": "query", + "name": "fields", + "schema": { + "description": "Retrieves the fields that you need in a report.\nUse the list of fields you want to retrieve. By default, the result shows all fields of data.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Hostname is a name of a specific Defender to retrieve.\n", + "in": "query", + "name": "hostname", + "schema": { + "type": "string" + } + }, + { + "description": "Roles are the defender api.Roles to filter.\n", + "in": "query", + "name": "role", + "schema": { + "description": "Roles are the defender api.Roles to filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Indicates whether to return only connected Defenders (true) or disconnected Defenders (false).\n", + "in": "query", + "name": "connected", + "schema": { + "type": "boolean" + } + }, + { + "description": "Indicates the Defender types to return (e.g., docker, dockerWindows, cri, etc).\n", + "in": "query", + "name": "type", + "schema": { + "description": "Indicates the Defender types to return (e.g., docker, dockerWindows, cri, etc).\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Indicates whether to return a list of Defenders that are running the latest version of Prisma Cloud (true)\nor defenders with older versions (false).\n", + "in": "query", + "name": "latest", + "schema": { + "type": "boolean" + } + }, + { + "description": "SupportedVersion indicates only Defenders of supported versions should be fetched.\n", + "in": "query", + "name": "supportedVersion", + "schema": { + "type": "boolean" + } + }, + { + "description": "Scopes the query by cluster name.\n", + "in": "query", + "name": "cluster", + "schema": { + "description": "Scopes the query by cluster name.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Scopes the query by TAS cluster IDs.\n", + "in": "query", + "name": "tasClusterIDs", + "schema": { + "description": "Scopes the query by TAS cluster IDs.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Scopes the query by TAS blobstore scanning only Defenders (true) or TAS full coverage Defenders (false).\n", + "in": "query", + "name": "tasBlobstoreScanner", + "schema": { + "type": "boolean" + } + }, + { + "description": "Scopes the query by TAS foundations.\n", + "in": "query", + "name": "tasFoundations", + "schema": { + "description": "Scopes the query by TAS foundations.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Scopes the query to defenders which are using old certificate.\n", + "in": "query", + "name": "usingOldCA", + "schema": { + "type": "boolean" + } + }, + { + "description": "Scopes the query to defenders which are using expired certificate.\n", + "in": "query", + "name": "usingExpiredCA", + "schema": { + "type": "boolean" + } + }, + { + "description": "Scopes the query by provider type\nIndicates whether to return only defenders running on ARM64 architecture.\n", + "in": "query", + "name": "isARM64", + "schema": { + "type": "boolean" + } + }, + { + "description": "Indicates whether to return only defenders running as VPC Observer.\n", + "in": "query", + "name": "isVPCObserver", + "schema": { + "type": "boolean" + } + } + ], + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/-_defender.Defender" + } + } + }, + "description": "" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Defenders" + ], + "x-prisma-cloud-target-env": { + "permission": "manageDefenders", + "saas": true, + "self-hosted": true + }, + "x-public": true, + "operationId": "get-defenders", + "summary": "Get Deployed Defenders" + } + }, + "/api/v30.03/defenders/app-embedded": { + "post": { + "description": { + "$ref": "https://raw.githubusercontent.com/PaloAltoNetworks/prisma-cloud-docs/master/api/descriptions/defenders/app_embedded_post.md" + }, + "requestBody": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/shared.AppEmbeddedEmbedRequest" + } + } + } + }, + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Defenders" + ], + "x-prisma-cloud-target-env": { + "permission": "manageDefenders", + "saas": true, + "self-hosted": true + }, + "x-public": true, + "operationId": "post-defenders-app-embedded", + "summary": "Generate a Docker File for App-embedded Defender" + } + }, + "/api/v30.03/defenders/daemonset.yaml": { + "post": { + "description": { + "$ref": "https://raw.githubusercontent.com/PaloAltoNetworks/prisma-cloud-docs/master/api/descriptions/defenders/daemonset_yaml_post.md" + }, + "requestBody": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/common.DaemonSetOptions" + } + } + } + }, + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/-_uint8" + } + } + }, + "description": "" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Defenders" + ], + "x-prisma-cloud-target-env": { + "permission": "manageDefenders", + "saas": true, + "self-hosted": true + }, + "x-public": true, + "operationId": "post-defenders-daemonset.yaml", + "summary": "Generate Daemonset Deployment YAML File" + } + }, + "/api/v30.03/defenders/download": { + "get": { + "description": { + "$ref": "https://raw.githubusercontent.com/PaloAltoNetworks/prisma-cloud-docs/master/api/descriptions/defenders/download_get.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Number of reports to retrieve in a page.\nFor PCCE, the maximum limit is 250.\nFor PCEE, the maximum limit is 50.\nThe default value is 50.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Retrieves the result for a search term.\n", + "in": "query", + "name": "search", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result using a key.\nRefer to the columns in the relevant Prisma Cloud Compute user interface to use them as sort keys.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": "Filters the result based on collection names that you have defined in Prisma Cloud Compute.\n", + "in": "query", + "name": "collections", + "schema": { + "description": "Filters the result based on collection names that you have defined in Prisma Cloud Compute.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Scopes the query by cloud provider.\n", + "in": "query", + "name": "provider", + "schema": { + "description": "Scopes the query by cloud provider.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters the result based on cloud account IDs.\n", + "in": "query", + "name": "accountIDs", + "schema": { + "description": "Filters the result based on cloud account IDs.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Scopes the query by resource ID.\n", + "in": "query", + "name": "resourceIDs", + "schema": { + "description": "Scopes the query by resource ID.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Scopes the query by cloud region.\n", + "in": "query", + "name": "region", + "schema": { + "description": "Scopes the query by cloud region.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Retrieves the fields that you need in a report.\nUse the list of fields you want to retrieve. By default, the result shows all fields of data.\n", + "in": "query", + "name": "fields", + "schema": { + "description": "Retrieves the fields that you need in a report.\nUse the list of fields you want to retrieve. By default, the result shows all fields of data.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Hostname is a name of a specific Defender to retrieve.\n", + "in": "query", + "name": "hostname", + "schema": { + "type": "string" + } + }, + { + "description": "Roles are the defender api.Roles to filter.\n", + "in": "query", + "name": "role", + "schema": { + "description": "Roles are the defender api.Roles to filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Indicates whether to return only connected Defenders (true) or disconnected Defenders (false).\n", + "in": "query", + "name": "connected", + "schema": { + "type": "boolean" + } + }, + { + "description": "Indicates the Defender types to return (e.g., docker, dockerWindows, cri, etc).\n", + "in": "query", + "name": "type", + "schema": { + "description": "Indicates the Defender types to return (e.g., docker, dockerWindows, cri, etc).\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Indicates whether to return a list of Defenders that are running the latest version of Prisma Cloud (true)\nor defenders with older versions (false).\n", + "in": "query", + "name": "latest", + "schema": { + "type": "boolean" + } + }, + { + "description": "SupportedVersion indicates only Defenders of supported versions should be fetched.\n", + "in": "query", + "name": "supportedVersion", + "schema": { + "type": "boolean" + } + }, + { + "description": "Scopes the query by cluster name.\n", + "in": "query", + "name": "cluster", + "schema": { + "description": "Scopes the query by cluster name.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Scopes the query by TAS cluster IDs.\n", + "in": "query", + "name": "tasClusterIDs", + "schema": { + "description": "Scopes the query by TAS cluster IDs.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Scopes the query by TAS blobstore scanning only Defenders (true) or TAS full coverage Defenders (false).\n", + "in": "query", + "name": "tasBlobstoreScanner", + "schema": { + "type": "boolean" + } + }, + { + "description": "Scopes the query by TAS foundations.\n", + "in": "query", + "name": "tasFoundations", + "schema": { + "description": "Scopes the query by TAS foundations.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Scopes the query to defenders which are using old certificate.\n", + "in": "query", + "name": "usingOldCA", + "schema": { + "type": "boolean" + } + }, + { + "description": "Scopes the query to defenders which are using expired certificate.\n", + "in": "query", + "name": "usingExpiredCA", + "schema": { + "type": "boolean" + } + }, + { + "description": "Scopes the query by provider type\nIndicates whether to return only defenders running on ARM64 architecture.\n", + "in": "query", + "name": "isARM64", + "schema": { + "type": "boolean" + } + }, + { + "description": "Indicates whether to return only defenders running as VPC Observer.\n", + "in": "query", + "name": "isVPCObserver", + "schema": { + "type": "boolean" + } + } + ], + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Defenders" + ], + "x-prisma-cloud-target-env": { + "permission": "manageDefenders", + "saas": true, + "self-hosted": true + }, + "x-public": true, + "operationId": "get-defenders-download", + "summary": "Download Deployed Defenders" + } + }, + "/api/v30.03/defenders/fargate.json": { + "post": { + "description": { + "$ref": "https://raw.githubusercontent.com/PaloAltoNetworks/prisma-cloud-docs/master/api/descriptions/defenders/fargate_json_post.md" + }, + "parameters": [ + { + "description": "ConsoleAddr is the remote console address.\n", + "in": "query", + "name": "consoleaddr", + "schema": { + "type": "string" + } + }, + { + "description": "DefenderType is the type of the defender to create the install bundle for.\n", + "in": "query", + "name": "defenderType", + "schema": { + "description": "Type is the type to be given at startup", + "enum": [ + [ + "none", + "docker", + "dockerWindows", + "containerdWindows", + "swarm", + "daemonset", + "serverLinux", + "serverWindows", + "cri", + "fargate", + "appEmbedded", + "tas", + "tasWindows", + "serverless", + "ecs" + ] + ], + "type": "string" + } + }, + { + "description": "Interpreter is a custom interpreter set by the user to run the fargate defender entrypoint script.\n", + "in": "query", + "name": "interpreter", + "schema": { + "type": "string" + } + }, + { + "description": "CloudFormation indicates if the given fargate task definition is in Cloud Formation format.\n", + "in": "query", + "name": "cloudFormation", + "schema": { + "type": "boolean" + } + }, + { + "description": "FilesystemMonitoring is the filesystem monitoring flag.\n", + "in": "query", + "name": "filesystemMonitoring", + "schema": { + "type": "boolean" + } + }, + { + "description": "ExtractEntrypoint indicates if entrypoint will be extracted automatically.\n", + "in": "query", + "name": "extractEntrypoint", + "schema": { + "type": "boolean" + } + }, + { + "description": "RegistryType is the registry type for fetching image details needed to create fargate task definition (e.g., dockerhub).\n", + "in": "query", + "name": "registryType", + "schema": { + "type": "string" + } + }, + { + "description": "RegistryCredentialID of the credentials in the credentials store to use for authenticating with the registry.\n", + "in": "query", + "name": "registryCredentialID", + "schema": { + "type": "string" + } + }, + { + "description": "DefenderImage is the full path to the Defender image, if not specified Prisma's private registry is used.\n", + "in": "query", + "name": "defenderImage", + "schema": { + "type": "string" + } + }, + { + "description": "DefenderImagePullSecret is the name of the secret required to pull the Defender image from private registry.\n", + "in": "query", + "name": "defenderImagePullSecret", + "schema": { + "type": "string" + } + } + ], + "requestBody": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/appembedded.FargateTask" + } + } + } + }, + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/appembedded.FargateTask" + } + } + }, + "description": "FargateTask represents the generic fargate task AWS template" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Defenders" + ], + "x-prisma-cloud-target-env": { + "permission": "manageDefenders", + "saas": true, + "self-hosted": true + }, + "x-public": true, + "operationId": "post-defenders-fargate.json", + "summary": "Generate a Protected JSON Fargate Task Definition" + } + }, + "/api/v30.03/defenders/fargate.yaml": { + "post": { + "description": { + "$ref": "https://raw.githubusercontent.com/PaloAltoNetworks/prisma-cloud-docs/master/api/descriptions/defenders/fargate_yaml_post.md" + }, + "parameters": [ + { + "description": "ConsoleAddr is the remote console address.\n", + "in": "query", + "name": "consoleaddr", + "schema": { + "type": "string" + } + }, + { + "description": "DefenderType is the type of the defender to create the install bundle for.\n", + "in": "query", + "name": "defenderType", + "schema": { + "description": "Type is the type to be given at startup", + "enum": [ + [ + "none", + "docker", + "dockerWindows", + "containerdWindows", + "swarm", + "daemonset", + "serverLinux", + "serverWindows", + "cri", + "fargate", + "appEmbedded", + "tas", + "tasWindows", + "serverless", + "ecs" + ] + ], + "type": "string" + } + }, + { + "description": "Interpreter is a custom interpreter set by the user to run the fargate defender entrypoint script.\n", + "in": "query", + "name": "interpreter", + "schema": { + "type": "string" + } + }, + { + "description": "CloudFormation indicates if the given fargate task definition is in Cloud Formation format.\n", + "in": "query", + "name": "cloudFormation", + "schema": { + "type": "boolean" + } + }, + { + "description": "FilesystemMonitoring is the filesystem monitoring flag.\n", + "in": "query", + "name": "filesystemMonitoring", + "schema": { + "type": "boolean" + } + }, + { + "description": "ExtractEntrypoint indicates if entrypoint will be extracted automatically.\n", + "in": "query", + "name": "extractEntrypoint", + "schema": { + "type": "boolean" + } + }, + { + "description": "RegistryType is the registry type for fetching image details needed to create fargate task definition (e.g., dockerhub).\n", + "in": "query", + "name": "registryType", + "schema": { + "type": "string" + } + }, + { + "description": "RegistryCredentialID of the credentials in the credentials store to use for authenticating with the registry.\n", + "in": "query", + "name": "registryCredentialID", + "schema": { + "type": "string" + } + }, + { + "description": "DefenderImage is the full path to the Defender image, if not specified Prisma's private registry is used.\n", + "in": "query", + "name": "defenderImage", + "schema": { + "type": "string" + } + }, + { + "description": "DefenderImagePullSecret is the name of the secret required to pull the Defender image from private registry.\n", + "in": "query", + "name": "defenderImagePullSecret", + "schema": { + "type": "string" + } + } + ], + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/-_uint8" + } + } + }, + "description": "" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Defenders" + ], + "x-prisma-cloud-target-env": { + "permission": "manageDefenders", + "saas": true, + "self-hosted": true + }, + "x-public": true, + "operationId": "post-defenders-fargate.yaml", + "summary": "Generate a Protected YAML Fargate Task Definition" + } + }, + "/api/v30.03/defenders/helm/twistlock-defender-helm.tar.gz": { + "post": { + "description": { + "$ref": "https://raw.githubusercontent.com/PaloAltoNetworks/prisma-cloud-docs/master/api/descriptions/defenders/helm_post.md" + }, + "requestBody": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/common.DaemonSetOptions" + } + } + } + }, + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Defenders" + ], + "x-prisma-cloud-target-env": { + "permission": "manageDefenders", + "saas": true, + "self-hosted": true + }, + "x-public": true, + "operationId": "post-defenders-helm-twistlock-defender-helm.tar.gz", + "summary": "Generate a Helm Deployment Chart for Defender" + } + }, + "/api/v30.03/defenders/image-name": { + "get": { + "description": { + "$ref": "https://raw.githubusercontent.com/PaloAltoNetworks/prisma-cloud-docs/master/api/descriptions/defenders/image-name_get.md" + }, + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/string" + } + } + }, + "description": "" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Defenders" + ], + "x-prisma-cloud-target-env": { + "permission": "manageDefenders", + "saas": true, + "self-hosted": true + }, + "x-public": true, + "operationId": "get-defenders-image-name", + "summary": "Get Docker Image Name for Defender" + } + }, + "/api/v30.03/defenders/install-bundle": { + "get": { + "description": { + "$ref": "https://raw.githubusercontent.com/PaloAltoNetworks/prisma-cloud-docs/master/api/descriptions/defenders/install-bundle_get.md" + }, + "parameters": [ + { + "description": "ConsoleAddr is the remote console address.\n", + "in": "query", + "name": "consoleaddr", + "schema": { + "type": "string" + } + }, + { + "description": "DefenderType is the type of the defender to create the install bundle for.\n", + "in": "query", + "name": "defenderType", + "schema": { + "description": "Type is the type to be given at startup", + "enum": [ + [ + "none", + "docker", + "dockerWindows", + "containerdWindows", + "swarm", + "daemonset", + "serverLinux", + "serverWindows", + "cri", + "fargate", + "appEmbedded", + "tas", + "tasWindows", + "serverless", + "ecs" + ] + ], + "type": "string" + } + }, + { + "description": "Interpreter is a custom interpreter set by the user to run the fargate defender entrypoint script.\n", + "in": "query", + "name": "interpreter", + "schema": { + "type": "string" + } + }, + { + "description": "CloudFormation indicates if the given fargate task definition is in Cloud Formation format.\n", + "in": "query", + "name": "cloudFormation", + "schema": { + "type": "boolean" + } + }, + { + "description": "FilesystemMonitoring is the filesystem monitoring flag.\n", + "in": "query", + "name": "filesystemMonitoring", + "schema": { + "type": "boolean" + } + }, + { + "description": "ExtractEntrypoint indicates if entrypoint will be extracted automatically.\n", + "in": "query", + "name": "extractEntrypoint", + "schema": { + "type": "boolean" + } + }, + { + "description": "RegistryType is the registry type for fetching image details needed to create fargate task definition (e.g., dockerhub).\n", + "in": "query", + "name": "registryType", + "schema": { + "type": "string" + } + }, + { + "description": "RegistryCredentialID of the credentials in the credentials store to use for authenticating with the registry.\n", + "in": "query", + "name": "registryCredentialID", + "schema": { + "type": "string" + } + }, + { + "description": "DefenderImage is the full path to the Defender image, if not specified Prisma's private registry is used.\n", + "in": "query", + "name": "defenderImage", + "schema": { + "type": "string" + } + }, + { + "description": "DefenderImagePullSecret is the name of the secret required to pull the Defender image from private registry.\n", + "in": "query", + "name": "defenderImagePullSecret", + "schema": { + "type": "string" + } + } + ], + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/shared.DefenderInstallBundle" + } + } + }, + "description": "DefenderInstallBundle represents the install bundle for the defender" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Defenders" + ], + "x-prisma-cloud-target-env": { + "permission": "manageDefenders", + "saas": true, + "self-hosted": true + }, + "x-public": true, + "operationId": "get-defenders-install-bundle", + "summary": "Get Certificate Bundle for Defender" + } + }, + "/api/v30.03/defenders/names": { + "get": { + "description": { + "$ref": "https://raw.githubusercontent.com/PaloAltoNetworks/prisma-cloud-docs/master/api/descriptions/defenders/names_get.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Number of reports to retrieve in a page.\nFor PCCE, the maximum limit is 250.\nFor PCEE, the maximum limit is 50.\nThe default value is 50.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Retrieves the result for a search term.\n", + "in": "query", + "name": "search", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result using a key.\nRefer to the columns in the relevant Prisma Cloud Compute user interface to use them as sort keys.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": "Filters the result based on collection names that you have defined in Prisma Cloud Compute.\n", + "in": "query", + "name": "collections", + "schema": { + "description": "Filters the result based on collection names that you have defined in Prisma Cloud Compute.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Scopes the query by cloud provider.\n", + "in": "query", + "name": "provider", + "schema": { + "description": "Scopes the query by cloud provider.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters the result based on cloud account IDs.\n", + "in": "query", + "name": "accountIDs", + "schema": { + "description": "Filters the result based on cloud account IDs.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Scopes the query by resource ID.\n", + "in": "query", + "name": "resourceIDs", + "schema": { + "description": "Scopes the query by resource ID.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Scopes the query by cloud region.\n", + "in": "query", + "name": "region", + "schema": { + "description": "Scopes the query by cloud region.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Retrieves the fields that you need in a report.\nUse the list of fields you want to retrieve. By default, the result shows all fields of data.\n", + "in": "query", + "name": "fields", + "schema": { + "description": "Retrieves the fields that you need in a report.\nUse the list of fields you want to retrieve. By default, the result shows all fields of data.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Hostname is a name of a specific Defender to retrieve.\n", + "in": "query", + "name": "hostname", + "schema": { + "type": "string" + } + }, + { + "description": "Roles are the defender api.Roles to filter.\n", + "in": "query", + "name": "role", + "schema": { + "description": "Roles are the defender api.Roles to filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Indicates whether to return only connected Defenders (true) or disconnected Defenders (false).\n", + "in": "query", + "name": "connected", + "schema": { + "type": "boolean" + } + }, + { + "description": "Indicates the Defender types to return (e.g., docker, dockerWindows, cri, etc).\n", + "in": "query", + "name": "type", + "schema": { + "description": "Indicates the Defender types to return (e.g., docker, dockerWindows, cri, etc).\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Indicates whether to return a list of Defenders that are running the latest version of Prisma Cloud (true)\nor defenders with older versions (false).\n", + "in": "query", + "name": "latest", + "schema": { + "type": "boolean" + } + }, + { + "description": "SupportedVersion indicates only Defenders of supported versions should be fetched.\n", + "in": "query", + "name": "supportedVersion", + "schema": { + "type": "boolean" + } + }, + { + "description": "Scopes the query by cluster name.\n", + "in": "query", + "name": "cluster", + "schema": { + "description": "Scopes the query by cluster name.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Scopes the query by TAS cluster IDs.\n", + "in": "query", + "name": "tasClusterIDs", + "schema": { + "description": "Scopes the query by TAS cluster IDs.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Scopes the query by TAS blobstore scanning only Defenders (true) or TAS full coverage Defenders (false).\n", + "in": "query", + "name": "tasBlobstoreScanner", + "schema": { + "type": "boolean" + } + }, + { + "description": "Scopes the query by TAS foundations.\n", + "in": "query", + "name": "tasFoundations", + "schema": { + "description": "Scopes the query by TAS foundations.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Scopes the query to defenders which are using old certificate.\n", + "in": "query", + "name": "usingOldCA", + "schema": { + "type": "boolean" + } + }, + { + "description": "Scopes the query to defenders which are using expired certificate.\n", + "in": "query", + "name": "usingExpiredCA", + "schema": { + "type": "boolean" + } + }, + { + "description": "Scopes the query by provider type\nIndicates whether to return only defenders running on ARM64 architecture.\n", + "in": "query", + "name": "isARM64", + "schema": { + "type": "boolean" + } + }, + { + "description": "Indicates whether to return only defenders running as VPC Observer.\n", + "in": "query", + "name": "isVPCObserver", + "schema": { + "type": "boolean" + } + } + ], + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/-_string" + } + } + }, + "description": "" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Defenders" + ], + "x-prisma-cloud-target-env": { + "permission": "manageDefenders", + "saas": true, + "self-hosted": true + }, + "x-public": true, + "operationId": "get-defenders-names", + "summary": "Get Defender Names" + } + }, + "/api/v30.03/defenders/serverless/bundle": { + "post": { + "description": { + "$ref": "https://raw.githubusercontent.com/PaloAltoNetworks/prisma-cloud-docs/master/api/descriptions/defenders/serverless-bundle_post.md" + }, + "requestBody": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/shared.ServerlessBundleRequest" + } + } + } + }, + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Defenders" + ], + "x-prisma-cloud-target-env": { + "permission": "manageDefenders", + "saas": true, + "self-hosted": true + }, + "x-public": true, + "operationId": "post-defenders-serverless-bundle", + "summary": "Generate Serverless Bundle for Defender" + } + }, + "/api/v30.03/defenders/summary": { + "get": { + "description": { + "$ref": "https://raw.githubusercontent.com/PaloAltoNetworks/prisma-cloud-docs/master/api/descriptions/defenders/summary_get.md" + }, + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/-_types.DefenderSummary" + } + } + }, + "description": "" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Defenders" + ], + "x-prisma-cloud-target-env": { + "permission": "manageDefenders", + "saas": true, + "self-hosted": true + }, + "x-public": true, + "operationId": "get-defenders-summary", + "summary": "Get Defenders Summary" + } + }, + "/api/v30.03/defenders/upgrade": { + "post": { + "description": { + "$ref": "https://raw.githubusercontent.com/PaloAltoNetworks/prisma-cloud-docs/master/api/descriptions/defenders/upgrade_post.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Number of reports to retrieve in a page.\nFor PCCE, the maximum limit is 250.\nFor PCEE, the maximum limit is 50.\nThe default value is 50.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Retrieves the result for a search term.\n", + "in": "query", + "name": "search", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result using a key.\nRefer to the columns in the relevant Prisma Cloud Compute user interface to use them as sort keys.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": "Filters the result based on collection names that you have defined in Prisma Cloud Compute.\n", + "in": "query", + "name": "collections", + "schema": { + "description": "Filters the result based on collection names that you have defined in Prisma Cloud Compute.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Scopes the query by cloud provider.\n", + "in": "query", + "name": "provider", + "schema": { + "description": "Scopes the query by cloud provider.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters the result based on cloud account IDs.\n", + "in": "query", + "name": "accountIDs", + "schema": { + "description": "Filters the result based on cloud account IDs.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Scopes the query by resource ID.\n", + "in": "query", + "name": "resourceIDs", + "schema": { + "description": "Scopes the query by resource ID.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Scopes the query by cloud region.\n", + "in": "query", + "name": "region", + "schema": { + "description": "Scopes the query by cloud region.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Retrieves the fields that you need in a report.\nUse the list of fields you want to retrieve. By default, the result shows all fields of data.\n", + "in": "query", + "name": "fields", + "schema": { + "description": "Retrieves the fields that you need in a report.\nUse the list of fields you want to retrieve. By default, the result shows all fields of data.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Hostname is a name of a specific Defender to retrieve.\n", + "in": "query", + "name": "hostname", + "schema": { + "type": "string" + } + }, + { + "description": "Roles are the defender api.Roles to filter.\n", + "in": "query", + "name": "role", + "schema": { + "description": "Roles are the defender api.Roles to filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Indicates whether to return only connected Defenders (true) or disconnected Defenders (false).\n", + "in": "query", + "name": "connected", + "schema": { + "type": "boolean" + } + }, + { + "description": "Indicates the Defender types to return (e.g., docker, dockerWindows, cri, etc).\n", + "in": "query", + "name": "type", + "schema": { + "description": "Indicates the Defender types to return (e.g., docker, dockerWindows, cri, etc).\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Indicates whether to return a list of Defenders that are running the latest version of Prisma Cloud (true)\nor defenders with older versions (false).\n", + "in": "query", + "name": "latest", + "schema": { + "type": "boolean" + } + }, + { + "description": "SupportedVersion indicates only Defenders of supported versions should be fetched.\n", + "in": "query", + "name": "supportedVersion", + "schema": { + "type": "boolean" + } + }, + { + "description": "Scopes the query by cluster name.\n", + "in": "query", + "name": "cluster", + "schema": { + "description": "Scopes the query by cluster name.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Scopes the query by TAS cluster IDs.\n", + "in": "query", + "name": "tasClusterIDs", + "schema": { + "description": "Scopes the query by TAS cluster IDs.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Scopes the query by TAS blobstore scanning only Defenders (true) or TAS full coverage Defenders (false).\n", + "in": "query", + "name": "tasBlobstoreScanner", + "schema": { + "type": "boolean" + } + }, + { + "description": "Scopes the query by TAS foundations.\n", + "in": "query", + "name": "tasFoundations", + "schema": { + "description": "Scopes the query by TAS foundations.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Scopes the query to defenders which are using old certificate.\n", + "in": "query", + "name": "usingOldCA", + "schema": { + "type": "boolean" + } + }, + { + "description": "Scopes the query to defenders which are using expired certificate.\n", + "in": "query", + "name": "usingExpiredCA", + "schema": { + "type": "boolean" + } + }, + { + "description": "Scopes the query by provider type\nIndicates whether to return only defenders running on ARM64 architecture.\n", + "in": "query", + "name": "isARM64", + "schema": { + "type": "boolean" + } + }, + { + "description": "Indicates whether to return only defenders running as VPC Observer.\n", + "in": "query", + "name": "isVPCObserver", + "schema": { + "type": "boolean" + } + } + ], + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Defenders" + ], + "x-prisma-cloud-target-env": { + "permission": "manageDefenders", + "saas": true, + "self-hosted": true + }, + "x-public": true, + "operationId": "post-defenders-upgrade", + "summary": "Upgrade Connected Single Linux Defenders" + } + }, + "/api/v30.03/defenders/{id}": { + "delete": { + "description": { + "$ref": "https://raw.githubusercontent.com/PaloAltoNetworks/prisma-cloud-docs/master/api/descriptions/defenders/id_delete.md" + }, + "parameters": [ + { + "in": "path", + "name": "id", + "required": true, + "schema": { + "type": "string" + } + } + ], + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Defenders" + ], + "x-prisma-cloud-target-env": { + "permission": "manageDefenders", + "saas": true, + "self-hosted": true + }, + "x-public": true, + "operationId": "delete-defenders-id", + "summary": "Delete a Defender" + } + }, + "/api/v30.03/defenders/{id}/features": { + "post": { + "description": { + "$ref": "https://raw.githubusercontent.com/PaloAltoNetworks/prisma-cloud-docs/master/api/descriptions/defenders/id_features_post.md" + }, + "parameters": [ + { + "in": "path", + "name": "id", + "required": true, + "schema": { + "type": "string" + } + } + ], + "requestBody": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/defender.Features" + } + } + } + }, + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/defender.Defender" + } + } + }, + "description": "Defender is an update about an agent starting" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Defenders" + ], + "x-prisma-cloud-target-env": { + "permission": "manageDefenders", + "saas": true, + "self-hosted": true + }, + "x-public": true, + "operationId": "post-defenders-id-features", + "summary": "Update Defender Configuration" + } + }, + "/api/v30.03/defenders/{id}/restart": { + "post": { + "description": { + "$ref": "https://raw.githubusercontent.com/PaloAltoNetworks/prisma-cloud-docs/master/api/descriptions/defenders/id_restart_post.md" + }, + "parameters": [ + { + "in": "path", + "name": "id", + "required": true, + "schema": { + "type": "string" + } + } + ], + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Defenders" + ], + "x-prisma-cloud-target-env": { + "permission": "manageDefenders", + "saas": true, + "self-hosted": true + }, + "x-public": true, + "operationId": "post-defenders-id-restart", + "summary": "Restart a Defender" + } + }, + "/api/v30.03/defenders/{id}/upgrade": { + "post": { + "description": { + "$ref": "https://raw.githubusercontent.com/PaloAltoNetworks/prisma-cloud-docs/master/api/descriptions/defenders/id_upgrade_post.md" + }, + "parameters": [ + { + "in": "path", + "name": "id", + "required": true, + "schema": { + "type": "string" + } + } + ], + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Defenders" + ], + "x-prisma-cloud-target-env": { + "permission": "manageDefenders", + "saas": true, + "self-hosted": true + }, + "x-public": true, + "operationId": "post-defenders-id-upgrade", + "summary": "Upgrade a Defender" + } + }, + "/api/v30.03/feeds/custom/custom-vulnerabilities": { + "get": { + "description": "CustomVulnerabilities returns the custom vulnerabilities feed\n", + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/vuln.CustomVulnerabilities" + } + } + }, + "description": "CustomVulnerabilities is a collection of custom vulnerabilities\nTBD: this storage usage is not best practice, should be migrate to a 1 document per vulnerability" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Feeds" + ], + "x-prisma-cloud-target-env": { + "permission": "systemOperations", + "saas": true, + "self-hosted": true + }, + "x-public": true, + "operationId": "get-feeds-custom-custom-vulnerabilities", + "summary": " Custom Vulnerabilities" + }, + "put": { + "description": "SetCustomVulnerabilities sets the custom vulnerabilities feed\n", + "requestBody": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/vuln.CustomVulnerabilities" + } + } + } + }, + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Feeds" + ], + "x-prisma-cloud-target-env": { + "permission": "systemOperations", + "saas": true, + "self-hosted": true + }, + "x-public": true, + "operationId": "put-feeds-custom-custom-vulnerabilities", + "summary": " Set Custom Vulnerabilities" + } + }, + "/api/v30.03/feeds/custom/malware": { + "get": { + "description": "CustomMalwareFeed returns the custom malware feed\n", + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/shared.CustomMalwareFeed" + } + } + }, + "description": "CustomMalwareFeed represent the custom malware" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Feeds" + ], + "x-prisma-cloud-target-env": { + "permission": "user", + "saas": true, + "self-hosted": true + }, + "x-public": true, + "operationId": "get-feeds-custom-malware", + "summary": " Custom Malware Feed" + }, + "put": { + "description": "SetCustomMalwareFeed sets the custom malware feed\n", + "requestBody": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/shared.CustomMalwareFeed" + } + } + } + }, + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Feeds" + ], + "x-prisma-cloud-target-env": { + "permission": "systemOperations", + "saas": true, + "self-hosted": true + }, + "x-public": true, + "operationId": "put-feeds-custom-malware", + "summary": " Set Custom Malware Feed" + } + }, + "/api/v30.03/groups": { + "get": { + "description": { + "$ref": "https://raw.githubusercontent.com/PaloAltoNetworks/prisma-cloud-docs/master/api/descriptions/groups/get.md" + }, + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/types.Groups" + } + } + }, + "description": "Groups represents a list of groups" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Groups" + ], + "x-prisma-cloud-target-env": { + "permission": "userManagement", + "saas": true, + "self-hosted": true + }, + "x-public": true, + "operationId": "get-groups", + "summary": "Get Groups" + }, + "post": { + "description": { + "$ref": "https://raw.githubusercontent.com/PaloAltoNetworks/prisma-cloud-docs/master/api/descriptions/groups/post.md" + }, + "requestBody": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/types.Group" + } + } + } + }, + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Groups" + ], + "x-prisma-cloud-target-env": { + "permission": "userManagement", + "saas": false, + "self-hosted": true + }, + "x-public": true, + "operationId": "post-groups", + "summary": "Add a Group" + } + }, + "/api/v30.03/groups/names": { + "get": { + "description": { + "$ref": "https://raw.githubusercontent.com/PaloAltoNetworks/prisma-cloud-docs/master/api/descriptions/groups/names.md" + }, + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/-_string" + } + } + }, + "description": "" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Groups" + ], + "x-prisma-cloud-target-env": { + "permission": "userManagement", + "saas": true, + "self-hosted": true + }, + "x-public": true, + "operationId": "get-groups-names", + "summary": "Get Group Names" + } + }, + "/api/v30.03/groups/{id}": { + "delete": { + "description": { + "$ref": "https://raw.githubusercontent.com/PaloAltoNetworks/prisma-cloud-docs/master/api/descriptions/groups/id_delete.md" + }, + "parameters": [ + { + "in": "path", + "name": "id", + "required": true, + "schema": { + "type": "string" + } + } + ], + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Groups" + ], + "x-prisma-cloud-target-env": { + "permission": "userManagement", + "saas": false, + "self-hosted": true + }, + "x-public": true, + "operationId": "delete-groups-id", + "summary": "Delete a Group" + }, + "put": { + "description": { + "$ref": "https://raw.githubusercontent.com/PaloAltoNetworks/prisma-cloud-docs/master/api/descriptions/groups/id_put.md" + }, + "parameters": [ + { + "in": "path", + "name": "id", + "required": true, + "schema": { + "type": "string" + } + } + ], + "requestBody": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/types.Group" + } + } + } + }, + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Groups" + ], + "x-prisma-cloud-target-env": { + "permission": "userManagement", + "saas": false, + "self-hosted": true + }, + "x-public": true, + "operationId": "put-groups-id", + "summary": "Update a Group" + } + }, + "/api/v30.03/hosts": { + "get": { + "description": { + "$ref": "https://raw.githubusercontent.com/PaloAltoNetworks/prisma-cloud-docs/master/api/descriptions/hosts/get.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Number of reports to retrieve in a page.\nFor PCCE, the maximum limit is 250.\nFor PCEE, the maximum limit is 50.\nThe default value is 50.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Retrieves the result for a search term.\n", + "in": "query", + "name": "search", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result using a key.\nRefer to the columns in the relevant Prisma Cloud Compute user interface to use them as sort keys.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": "Filters the result based on collection names that you have defined in Prisma Cloud Compute.\n", + "in": "query", + "name": "collections", + "schema": { + "description": "Filters the result based on collection names that you have defined in Prisma Cloud Compute.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Scopes the query by cloud provider.\n", + "in": "query", + "name": "provider", + "schema": { + "description": "Scopes the query by cloud provider.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters the result based on cloud account IDs.\n", + "in": "query", + "name": "accountIDs", + "schema": { + "description": "Filters the result based on cloud account IDs.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Scopes the query by resource ID.\n", + "in": "query", + "name": "resourceIDs", + "schema": { + "description": "Scopes the query by resource ID.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Scopes the query by cloud region.\n", + "in": "query", + "name": "region", + "schema": { + "description": "Scopes the query by cloud region.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Retrieves the fields that you need in a report.\nUse the list of fields you want to retrieve. By default, the result shows all fields of data.\n", + "in": "query", + "name": "fields", + "schema": { + "description": "Retrieves the fields that you need in a report.\nUse the list of fields you want to retrieve. By default, the result shows all fields of data.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters the result based on hostnames.\n", + "in": "query", + "name": "hostname", + "schema": { + "description": "Filters the result based on hostnames.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters the result based on OS distribution names.\n", + "in": "query", + "name": "distro", + "schema": { + "description": "Filters the result based on OS distribution names.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Provides the minimal image data. Information about vulnerabilities, compliance, and extended image metadata are skipped.\nDefault is false.\n", + "in": "query", + "name": "compact", + "schema": { + "type": "boolean" + } + }, + { + "description": "Filters the result based on cluster names.\n", + "in": "query", + "name": "clusters", + "schema": { + "description": "Filters the result based on cluster names.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters the result based on compliance IDs.\n", + "in": "query", + "name": "complianceIDs", + "schema": { + "description": "Filters the result based on compliance IDs.\n", + "items": { + "$ref": "#/components/schemas/int" + }, + "type": "array" + } + }, + { + "description": "Retrieves the host names that were scanned by the agentless scanner.\n", + "in": "query", + "name": "agentless", + "schema": { + "type": "boolean" + } + }, + { + "description": "Retrieves the host names that were skipped during an agentless scan.\nDefault is false.\n", + "in": "query", + "name": "stopped", + "schema": { + "type": "boolean" + } + }, + { + "description": "Retrieves the result in the normalized form of low, medium, high, and critical based on vulnerability's severity level.\nDefault is false.\n", + "in": "query", + "name": "normalizedSeverity", + "schema": { + "type": "boolean" + } + } + ], + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/-_shared.ImageScanResult" + } + } + }, + "description": "" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Hosts" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorHosts", + "saas": true, + "self-hosted": true + }, + "x-public": true, + "operationId": "get-hosts", + "summary": "Get Host Scan Results" + } + }, + "/api/v30.03/hosts/download": { + "get": { + "description": { + "$ref": "https://raw.githubusercontent.com/PaloAltoNetworks/prisma-cloud-docs/master/api/descriptions/hosts/download_get.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Number of reports to retrieve in a page.\nFor PCCE, the maximum limit is 250.\nFor PCEE, the maximum limit is 50.\nThe default value is 50.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Retrieves the result for a search term.\n", + "in": "query", + "name": "search", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result using a key.\nRefer to the columns in the relevant Prisma Cloud Compute user interface to use them as sort keys.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": "Filters the result based on collection names that you have defined in Prisma Cloud Compute.\n", + "in": "query", + "name": "collections", + "schema": { + "description": "Filters the result based on collection names that you have defined in Prisma Cloud Compute.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Scopes the query by cloud provider.\n", + "in": "query", + "name": "provider", + "schema": { + "description": "Scopes the query by cloud provider.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters the result based on cloud account IDs.\n", + "in": "query", + "name": "accountIDs", + "schema": { + "description": "Filters the result based on cloud account IDs.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Scopes the query by resource ID.\n", + "in": "query", + "name": "resourceIDs", + "schema": { + "description": "Scopes the query by resource ID.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Scopes the query by cloud region.\n", + "in": "query", + "name": "region", + "schema": { + "description": "Scopes the query by cloud region.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Retrieves the fields that you need in a report.\nUse the list of fields you want to retrieve. By default, the result shows all fields of data.\n", + "in": "query", + "name": "fields", + "schema": { + "description": "Retrieves the fields that you need in a report.\nUse the list of fields you want to retrieve. By default, the result shows all fields of data.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters the result based on hostnames.\n", + "in": "query", + "name": "hostname", + "schema": { + "description": "Filters the result based on hostnames.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters the result based on OS distribution names.\n", + "in": "query", + "name": "distro", + "schema": { + "description": "Filters the result based on OS distribution names.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Provides the minimal image data. Information about vulnerabilities, compliance, and extended image metadata are skipped.\nDefault is false.\n", + "in": "query", + "name": "compact", + "schema": { + "type": "boolean" + } + }, + { + "description": "Filters the result based on cluster names.\n", + "in": "query", + "name": "clusters", + "schema": { + "description": "Filters the result based on cluster names.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters the result based on compliance IDs.\n", + "in": "query", + "name": "complianceIDs", + "schema": { + "description": "Filters the result based on compliance IDs.\n", + "items": { + "$ref": "#/components/schemas/int" + }, + "type": "array" + } + }, + { + "description": "Retrieves the host names that were scanned by the agentless scanner.\n", + "in": "query", + "name": "agentless", + "schema": { + "type": "boolean" + } + }, + { + "description": "Retrieves the host names that were skipped during an agentless scan.\nDefault is false.\n", + "in": "query", + "name": "stopped", + "schema": { + "type": "boolean" + } + }, + { + "description": "Retrieves the result in the normalized form of low, medium, high, and critical based on vulnerability's severity level.\nDefault is false.\n", + "in": "query", + "name": "normalizedSeverity", + "schema": { + "type": "boolean" + } + } + ], + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Hosts" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorHosts", + "saas": true, + "self-hosted": true + }, + "x-public": true, + "operationId": "get-hosts-download", + "summary": "Download Host Scan Results" + } + }, + "/api/v30.03/hosts/evaluate": { + "post": { + "description": "ResolveHosts adds vulnerability data for the given host\n", + "requestBody": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/api.ResolveImagesReq" + } + } + } + }, + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/api.ResolveImagesResp" + } + } + }, + "description": "ResolveImagesResp represents the images resolution API output" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Hosts" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorCI", + "saas": true, + "self-hosted": true + }, + "x-public": true, + "operationId": "post-hosts-evaluate", + "summary": " Resolve Hosts" + } + }, + "/api/v30.03/hosts/info": { + "get": { + "description": { + "$ref": "https://raw.githubusercontent.com/PaloAltoNetworks/prisma-cloud-docs/master/api/descriptions/hosts/info_get.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Number of reports to retrieve in a page.\nFor PCCE, the maximum limit is 250.\nFor PCEE, the maximum limit is 50.\nThe default value is 50.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Retrieves the result for a search term.\n", + "in": "query", + "name": "search", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result using a key.\nRefer to the columns in the relevant Prisma Cloud Compute user interface to use them as sort keys.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": "Filters the result based on collection names that you have defined in Prisma Cloud Compute.\n", + "in": "query", + "name": "collections", + "schema": { + "description": "Filters the result based on collection names that you have defined in Prisma Cloud Compute.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Scopes the query by cloud provider.\n", + "in": "query", + "name": "provider", + "schema": { + "description": "Scopes the query by cloud provider.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters the result based on cloud account IDs.\n", + "in": "query", + "name": "accountIDs", + "schema": { + "description": "Filters the result based on cloud account IDs.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Scopes the query by resource ID.\n", + "in": "query", + "name": "resourceIDs", + "schema": { + "description": "Scopes the query by resource ID.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Scopes the query by cloud region.\n", + "in": "query", + "name": "region", + "schema": { + "description": "Scopes the query by cloud region.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Retrieves the fields that you need in a report.\nUse the list of fields you want to retrieve. By default, the result shows all fields of data.\n", + "in": "query", + "name": "fields", + "schema": { + "description": "Retrieves the fields that you need in a report.\nUse the list of fields you want to retrieve. By default, the result shows all fields of data.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters the result based on hostnames.\n", + "in": "query", + "name": "hostname", + "schema": { + "description": "Filters the result based on hostnames.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters the result based on OS distribution names.\n", + "in": "query", + "name": "distro", + "schema": { + "description": "Filters the result based on OS distribution names.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Provides the minimal image data. Information about vulnerabilities, compliance, and extended image metadata are skipped.\nDefault is false.\n", + "in": "query", + "name": "compact", + "schema": { + "type": "boolean" + } + }, + { + "description": "Filters the result based on cluster names.\n", + "in": "query", + "name": "clusters", + "schema": { + "description": "Filters the result based on cluster names.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters the result based on compliance IDs.\n", + "in": "query", + "name": "complianceIDs", + "schema": { + "description": "Filters the result based on compliance IDs.\n", + "items": { + "$ref": "#/components/schemas/int" + }, + "type": "array" + } + }, + { + "description": "Retrieves the host names that were scanned by the agentless scanner.\n", + "in": "query", + "name": "agentless", + "schema": { + "type": "boolean" + } + }, + { + "description": "Retrieves the host names that were skipped during an agentless scan.\nDefault is false.\n", + "in": "query", + "name": "stopped", + "schema": { + "type": "boolean" + } + }, + { + "description": "Retrieves the result in the normalized form of low, medium, high, and critical based on vulnerability's severity level.\nDefault is false.\n", + "in": "query", + "name": "normalizedSeverity", + "schema": { + "type": "boolean" + } + } + ], + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/-_shared.HostInfo" + } + } + }, + "description": "" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Hosts" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorRuntimeHosts", + "saas": true, + "self-hosted": true + }, + "x-public": true, + "operationId": "get-hosts-info", + "summary": "Get Host Information" + } + }, + "/api/v30.03/hosts/scan": { + "post": { + "description": { + "$ref": "https://raw.githubusercontent.com/PaloAltoNetworks/prisma-cloud-docs/master/api/descriptions/hosts/scan_post.md" + }, + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Hosts" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorHosts", + "saas": true, + "self-hosted": true + }, + "x-public": true, + "operationId": "post-hosts-scan", + "summary": "Start a Host Scan" + } + }, + "/api/v30.03/images": { + "get": { + "description": { + "$ref": "https://raw.githubusercontent.com/PaloAltoNetworks/prisma-cloud-docs/master/api/descriptions/images/get.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Number of reports to retrieve in a page.\nFor PCCE, the maximum limit is 250.\nFor PCEE, the maximum limit is 50.\nThe default value is 50.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Retrieves the result for a search term.\n", + "in": "query", + "name": "search", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result using a key.\nRefer to the columns in the relevant Prisma Cloud Compute user interface to use them as sort keys.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": "Filters the result based on collection names that you have defined in Prisma Cloud Compute.\n", + "in": "query", + "name": "collections", + "schema": { + "description": "Filters the result based on collection names that you have defined in Prisma Cloud Compute.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Scopes the query by cloud provider.\n", + "in": "query", + "name": "provider", + "schema": { + "description": "Scopes the query by cloud provider.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters the result based on cloud account IDs.\n", + "in": "query", + "name": "accountIDs", + "schema": { + "description": "Filters the result based on cloud account IDs.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Scopes the query by resource ID.\n", + "in": "query", + "name": "resourceIDs", + "schema": { + "description": "Scopes the query by resource ID.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Scopes the query by cloud region.\n", + "in": "query", + "name": "region", + "schema": { + "description": "Scopes the query by cloud region.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Retrieves the fields that you need in a report.\nUse the list of fields you want to retrieve. By default, the result shows all fields of data.\n", + "in": "query", + "name": "fields", + "schema": { + "description": "Retrieves the fields that you need in a report.\nUse the list of fields you want to retrieve. By default, the result shows all fields of data.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters the result based on image IDs.\n", + "in": "query", + "name": "id", + "schema": { + "description": "Filters the result based on image IDs.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters the result based on hostnames.\n", + "in": "query", + "name": "hostname", + "schema": { + "description": "Filters the result based on hostnames.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters the result based on image repository names.\n", + "in": "query", + "name": "repository", + "schema": { + "description": "Filters the result based on image repository names.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters the result based on image registry names.\n", + "in": "query", + "name": "registry", + "schema": { + "description": "Filters the result based on image registry names.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters the result based on image names.\n", + "in": "query", + "name": "name", + "schema": { + "description": "Filters the result based on image names.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Indicates whether the CVEs are mapped to a specific image layer.\nDefault is false.\n", + "in": "query", + "name": "layers", + "schema": { + "type": "boolean" + } + }, + { + "description": "Indicates whether to filter the base image for vulnerabilities. Requires predefined base images that have already been scanned.\nDefault is false.\n", + "in": "query", + "name": "filterBaseImage", + "schema": { + "type": "boolean" + } + }, + { + "description": "Provides the minimal image data. Information about vulnerabilities, compliance, and extended image metadata are skipped.\nDefault is false.\n", + "in": "query", + "name": "compact", + "schema": { + "type": "boolean" + } + }, + { + "description": "Filters the result based on whether an image is trusted or not trusted by a trusted image policy.\nUse filters: trusted or untrusted.\n", + "in": "query", + "name": "trustStatuses", + "schema": { + "description": "Filters the result based on whether an image is trusted or not trusted by a trusted image policy.\nUse filters: trusted or untrusted.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters the result based on cluster names.\n", + "in": "query", + "name": "clusters", + "schema": { + "description": "Filters the result based on cluster names.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters the result by compliance IDs.\n", + "in": "query", + "name": "complianceIDs", + "schema": { + "description": "Filters the result by compliance IDs.\n", + "items": { + "$ref": "#/components/schemas/int" + }, + "type": "array" + } + }, + { + "description": "Filters the result based on whether the images are scanned by App-Embedded Defenders.\nDefault is false.\n", + "in": "query", + "name": "appEmbedded", + "schema": { + "type": "boolean" + } + }, + { + "description": "Retrieves the result in the normalized form of low, medium, high, and critical based on vulnerability's severity level.\nDefault is false.\n", + "in": "query", + "name": "normalizedSeverity", + "schema": { + "type": "boolean" + } + }, + { + "description": "Indicates whether to retrieve host names that are scanned by agentless scanner.\nDefault is false.\n", + "in": "query", + "name": "agentless", + "schema": { + "type": "boolean" + } + } + ], + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/-_shared.ImageScanResult" + } + } + }, + "description": "" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Images" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorImages", + "saas": true, + "self-hosted": true + }, + "x-public": true, + "operationId": "get-images", + "summary": "Get Image Scan Results" + } + }, + "/api/v30.03/images/download": { + "get": { + "description": { + "$ref": "https://raw.githubusercontent.com/PaloAltoNetworks/prisma-cloud-docs/master/api/descriptions/images/download_get.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Number of reports to retrieve in a page.\nFor PCCE, the maximum limit is 250.\nFor PCEE, the maximum limit is 50.\nThe default value is 50.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Retrieves the result for a search term.\n", + "in": "query", + "name": "search", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result using a key.\nRefer to the columns in the relevant Prisma Cloud Compute user interface to use them as sort keys.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": "Filters the result based on collection names that you have defined in Prisma Cloud Compute.\n", + "in": "query", + "name": "collections", + "schema": { + "description": "Filters the result based on collection names that you have defined in Prisma Cloud Compute.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Scopes the query by cloud provider.\n", + "in": "query", + "name": "provider", + "schema": { + "description": "Scopes the query by cloud provider.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters the result based on cloud account IDs.\n", + "in": "query", + "name": "accountIDs", + "schema": { + "description": "Filters the result based on cloud account IDs.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Scopes the query by resource ID.\n", + "in": "query", + "name": "resourceIDs", + "schema": { + "description": "Scopes the query by resource ID.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Scopes the query by cloud region.\n", + "in": "query", + "name": "region", + "schema": { + "description": "Scopes the query by cloud region.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Retrieves the fields that you need in a report.\nUse the list of fields you want to retrieve. By default, the result shows all fields of data.\n", + "in": "query", + "name": "fields", + "schema": { + "description": "Retrieves the fields that you need in a report.\nUse the list of fields you want to retrieve. By default, the result shows all fields of data.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters the result based on image IDs.\n", + "in": "query", + "name": "id", + "schema": { + "description": "Filters the result based on image IDs.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters the result based on hostnames.\n", + "in": "query", + "name": "hostname", + "schema": { + "description": "Filters the result based on hostnames.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters the result based on image repository names.\n", + "in": "query", + "name": "repository", + "schema": { + "description": "Filters the result based on image repository names.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters the result based on image registry names.\n", + "in": "query", + "name": "registry", + "schema": { + "description": "Filters the result based on image registry names.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters the result based on image names.\n", + "in": "query", + "name": "name", + "schema": { + "description": "Filters the result based on image names.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Indicates whether the CVEs are mapped to a specific image layer.\nDefault is false.\n", + "in": "query", + "name": "layers", + "schema": { + "type": "boolean" + } + }, + { + "description": "Indicates whether to filter the base image for vulnerabilities. Requires predefined base images that have already been scanned.\nDefault is false.\n", + "in": "query", + "name": "filterBaseImage", + "schema": { + "type": "boolean" + } + }, + { + "description": "Provides the minimal image data. Information about vulnerabilities, compliance, and extended image metadata are skipped.\nDefault is false.\n", + "in": "query", + "name": "compact", + "schema": { + "type": "boolean" + } + }, + { + "description": "Filters the result based on whether an image is trusted or not trusted by a trusted image policy.\nUse filters: trusted or untrusted.\n", + "in": "query", + "name": "trustStatuses", + "schema": { + "description": "Filters the result based on whether an image is trusted or not trusted by a trusted image policy.\nUse filters: trusted or untrusted.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters the result based on cluster names.\n", + "in": "query", + "name": "clusters", + "schema": { + "description": "Filters the result based on cluster names.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters the result by compliance IDs.\n", + "in": "query", + "name": "complianceIDs", + "schema": { + "description": "Filters the result by compliance IDs.\n", + "items": { + "$ref": "#/components/schemas/int" + }, + "type": "array" + } + }, + { + "description": "Filters the result based on whether the images are scanned by App-Embedded Defenders.\nDefault is false.\n", + "in": "query", + "name": "appEmbedded", + "schema": { + "type": "boolean" + } + }, + { + "description": "Retrieves the result in the normalized form of low, medium, high, and critical based on vulnerability's severity level.\nDefault is false.\n", + "in": "query", + "name": "normalizedSeverity", + "schema": { + "type": "boolean" + } + }, + { + "description": "Indicates whether to retrieve host names that are scanned by agentless scanner.\nDefault is false.\n", + "in": "query", + "name": "agentless", + "schema": { + "type": "boolean" + } + } + ], + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Images" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorImages", + "saas": true, + "self-hosted": true + }, + "x-public": true, + "operationId": "get-images-download", + "summary": "Download Image Scan Results" + } + }, + "/api/v30.03/images/evaluate": { + "post": { + "description": "ResolveImages adds vulnerability data for the given images\n", + "requestBody": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/api.ResolveImagesReq" + } + } + } + }, + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/api.ResolveImagesResp" + } + } + }, + "description": "ResolveImagesResp represents the images resolution API output" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Images" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorCI", + "saas": true, + "self-hosted": true + }, + "x-public": true, + "operationId": "post-images-evaluate", + "summary": " Resolve Images" + } + }, + "/api/v30.03/images/names": { + "get": { + "description": { + "$ref": "https://raw.githubusercontent.com/PaloAltoNetworks/prisma-cloud-docs/master/api/descriptions/images/names_get.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Number of reports to retrieve in a page.\nFor PCCE, the maximum limit is 250.\nFor PCEE, the maximum limit is 50.\nThe default value is 50.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Retrieves the result for a search term.\n", + "in": "query", + "name": "search", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result using a key.\nRefer to the columns in the relevant Prisma Cloud Compute user interface to use them as sort keys.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": "Filters the result based on collection names that you have defined in Prisma Cloud Compute.\n", + "in": "query", + "name": "collections", + "schema": { + "description": "Filters the result based on collection names that you have defined in Prisma Cloud Compute.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Scopes the query by cloud provider.\n", + "in": "query", + "name": "provider", + "schema": { + "description": "Scopes the query by cloud provider.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters the result based on cloud account IDs.\n", + "in": "query", + "name": "accountIDs", + "schema": { + "description": "Filters the result based on cloud account IDs.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Scopes the query by resource ID.\n", + "in": "query", + "name": "resourceIDs", + "schema": { + "description": "Scopes the query by resource ID.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Scopes the query by cloud region.\n", + "in": "query", + "name": "region", + "schema": { + "description": "Scopes the query by cloud region.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Retrieves the fields that you need in a report.\nUse the list of fields you want to retrieve. By default, the result shows all fields of data.\n", + "in": "query", + "name": "fields", + "schema": { + "description": "Retrieves the fields that you need in a report.\nUse the list of fields you want to retrieve. By default, the result shows all fields of data.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters the result based on image IDs.\n", + "in": "query", + "name": "id", + "schema": { + "description": "Filters the result based on image IDs.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters the result based on hostnames.\n", + "in": "query", + "name": "hostname", + "schema": { + "description": "Filters the result based on hostnames.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters the result based on image repository names.\n", + "in": "query", + "name": "repository", + "schema": { + "description": "Filters the result based on image repository names.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters the result based on image registry names.\n", + "in": "query", + "name": "registry", + "schema": { + "description": "Filters the result based on image registry names.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters the result based on image names.\n", + "in": "query", + "name": "name", + "schema": { + "description": "Filters the result based on image names.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Indicates whether the CVEs are mapped to a specific image layer.\nDefault is false.\n", + "in": "query", + "name": "layers", + "schema": { + "type": "boolean" + } + }, + { + "description": "Indicates whether to filter the base image for vulnerabilities. Requires predefined base images that have already been scanned.\nDefault is false.\n", + "in": "query", + "name": "filterBaseImage", + "schema": { + "type": "boolean" + } + }, + { + "description": "Provides the minimal image data. Information about vulnerabilities, compliance, and extended image metadata are skipped.\nDefault is false.\n", + "in": "query", + "name": "compact", + "schema": { + "type": "boolean" + } + }, + { + "description": "Filters the result based on whether an image is trusted or not trusted by a trusted image policy.\nUse filters: trusted or untrusted.\n", + "in": "query", + "name": "trustStatuses", + "schema": { + "description": "Filters the result based on whether an image is trusted or not trusted by a trusted image policy.\nUse filters: trusted or untrusted.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters the result based on cluster names.\n", + "in": "query", + "name": "clusters", + "schema": { + "description": "Filters the result based on cluster names.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters the result by compliance IDs.\n", + "in": "query", + "name": "complianceIDs", + "schema": { + "description": "Filters the result by compliance IDs.\n", + "items": { + "$ref": "#/components/schemas/int" + }, + "type": "array" + } + }, + { + "description": "Filters the result based on whether the images are scanned by App-Embedded Defenders.\nDefault is false.\n", + "in": "query", + "name": "appEmbedded", + "schema": { + "type": "boolean" + } + }, + { + "description": "Retrieves the result in the normalized form of low, medium, high, and critical based on vulnerability's severity level.\nDefault is false.\n", + "in": "query", + "name": "normalizedSeverity", + "schema": { + "type": "boolean" + } + }, + { + "description": "Indicates whether to retrieve host names that are scanned by agentless scanner.\nDefault is false.\n", + "in": "query", + "name": "agentless", + "schema": { + "type": "boolean" + } + } + ], + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/-_string" + } + } + }, + "description": "" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Images" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorImages", + "saas": true, + "self-hosted": true + }, + "x-public": true, + "operationId": "get-images-names", + "summary": "Get Image Names" + } + }, + "/api/v30.03/images/scan": { + "post": { + "description": { + "$ref": "https://raw.githubusercontent.com/PaloAltoNetworks/prisma-cloud-docs/master/api/descriptions/images/scan_post.md" + }, + "requestBody": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/types.ImageScanOptions" + } + } + } + }, + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Images" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorImages", + "saas": true, + "self-hosted": true + }, + "x-public": true, + "operationId": "post-images-scan", + "summary": "Start Image Scan" + } + }, + "/api/v30.03/images/twistlock_defender_app_embedded.tar.gz": { + "get": { + "description": "DownloadAppEmbeddedDefender generates the embedded defender bundle and serves it to the user\n", + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Images" + ], + "x-prisma-cloud-target-env": { + "permission": "manageDefenders", + "saas": true, + "self-hosted": true + }, + "x-public": true, + "operationId": "get-images-twistlock_defender_app_embedded.tar.gz", + "summary": " Download App-Embedded Defender" + } + }, + "/api/v30.03/images/twistlock_defender_layer.zip": { + "post": { + "description": "DownloadServerlessLayerBundle returns a ZIP file with a Lambda layer containing the Defender runtime\n", + "requestBody": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/shared.ServerlessBundleRequest" + } + } + } + }, + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Images" + ], + "x-prisma-cloud-target-env": { + "permission": "manageDefenders", + "saas": true, + "self-hosted": true + }, + "x-public": true, + "operationId": "post-images-twistlock_defender_layer.zip", + "summary": " Download Serverless Layer Bundle" + } + }, + "/api/v30.03/policies/compliance/ci/images": { + "get": { + "description": { + "$ref": "https://raw.githubusercontent.com/PaloAltoNetworks/prisma-cloud-docs/master/api/descriptions/policies/compliance_ci_images_get.md" + }, + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/shared.Policy" + } + } + }, + "description": "Policy represents a policy that should be enforced by the Auditor" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Policies" + ], + "x-prisma-cloud-target-env": { + "permission": "policyContainers", + "saas": true, + "self-hosted": true + }, + "x-public": true, + "operationId": "get-policies-compliance-ci-images", + "summary": "Get Continuous Integration (CI) Image Compliance Policy" + }, + "put": { + "description": { + "$ref": "https://raw.githubusercontent.com/PaloAltoNetworks/prisma-cloud-docs/master/api/descriptions/policies/compliance_ci_images_put.md" + }, + "requestBody": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/shared.Policy" + } + } + } + }, + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Policies" + ], + "x-prisma-cloud-target-env": { + "permission": "policyContainers", + "saas": true, + "self-hosted": true + }, + "x-public": true, + "operationId": "put-policies-compliance-ci-images", + "summary": "Update Continuous Integration (CI) Image Compliance Policy" + } + }, + "/api/v30.03/policies/compliance/ci/serverless": { + "get": { + "description": { + "$ref": "https://raw.githubusercontent.com/PaloAltoNetworks/prisma-cloud-docs/master/api/descriptions/policies/compliance_ci_serverless_get.md" + }, + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/shared.Policy" + } + } + }, + "description": "Policy represents a policy that should be enforced by the Auditor" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Policies" + ], + "x-prisma-cloud-target-env": { + "permission": "policyServerless", + "saas": true, + "self-hosted": true + }, + "x-public": true, + "operationId": "get-policies-compliance-ci-serverless", + "summary": "Get Continuous Integration (CI) Serverless Compliance Policy" + }, + "put": { + "description": { + "$ref": "https://raw.githubusercontent.com/PaloAltoNetworks/prisma-cloud-docs/master/api/descriptions/policies/compliance_ci_serverless_put.md" + }, + "requestBody": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/shared.Policy" + } + } + } + }, + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Policies" + ], + "x-prisma-cloud-target-env": { + "permission": "policyServerless", + "saas": true, + "self-hosted": true + }, + "x-public": true, + "operationId": "put-policies-compliance-ci-serverless", + "summary": "Update Continuous Integration (CI) Serverless Compliance Policy" + } + }, + "/api/v30.03/policies/compliance/container": { + "get": { + "description": { + "$ref": "https://raw.githubusercontent.com/PaloAltoNetworks/prisma-cloud-docs/master/api/descriptions/policies/compliance_container_get.md" + }, + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/shared.Policy" + } + } + }, + "description": "Policy represents a policy that should be enforced by the Auditor" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Policies" + ], + "x-prisma-cloud-target-env": { + "permission": "policyContainers", + "saas": true, + "self-hosted": true + }, + "x-public": true, + "operationId": "get-policies-compliance-container", + "summary": "Get Container Compliance Policy" + }, + "put": { + "description": { + "$ref": "https://raw.githubusercontent.com/PaloAltoNetworks/prisma-cloud-docs/master/api/descriptions/policies/compliance_container_put.md" + }, + "requestBody": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/shared.Policy" + } + } + } + }, + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Policies" + ], + "x-prisma-cloud-target-env": { + "permission": "policyContainers", + "saas": true, + "self-hosted": true + }, + "x-public": true, + "operationId": "put-policies-compliance-container", + "summary": "Update Container Compliance Policy" + } + }, + "/api/v30.03/policies/compliance/container/impacted": { + "get": { + "description": { + "$ref": "https://raw.githubusercontent.com/PaloAltoNetworks/prisma-cloud-docs/master/api/descriptions/policies/compliance_container_impacted_get.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Number of reports to retrieve in a page.\nFor PCCE, the maximum limit is 250.\nFor PCEE, the maximum limit is 50.\nThe default value is 50.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Retrieves the result for a search term.\n", + "in": "query", + "name": "search", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result using a key.\nRefer to the columns in the relevant Prisma Cloud Compute user interface to use them as sort keys.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": "Filters the result based on collection names that you have defined in Prisma Cloud Compute.\n", + "in": "query", + "name": "collections", + "schema": { + "description": "Filters the result based on collection names that you have defined in Prisma Cloud Compute.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Scopes the query by cloud provider.\n", + "in": "query", + "name": "provider", + "schema": { + "description": "Scopes the query by cloud provider.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters the result based on cloud account IDs.\n", + "in": "query", + "name": "accountIDs", + "schema": { + "description": "Filters the result based on cloud account IDs.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Scopes the query by resource ID.\n", + "in": "query", + "name": "resourceIDs", + "schema": { + "description": "Scopes the query by resource ID.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Scopes the query by cloud region.\n", + "in": "query", + "name": "region", + "schema": { + "description": "Scopes the query by cloud region.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Retrieves the fields that you need in a report.\nUse the list of fields you want to retrieve. By default, the result shows all fields of data.\n", + "in": "query", + "name": "fields", + "schema": { + "description": "Retrieves the fields that you need in a report.\nUse the list of fields you want to retrieve. By default, the result shows all fields of data.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "RuleName is the rule name to apply.\n", + "in": "query", + "name": "ruleName", + "schema": { + "type": "string" + } + } + ], + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/-_shared.ImageScanResult" + } + } + }, + "description": "" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Policies" + ], + "x-prisma-cloud-target-env": { + "permission": "policyContainers", + "saas": true, + "self-hosted": true + }, + "x-public": true, + "operationId": "get-policies-compliance-container-impacted", + "summary": "Get Impacted Container Compliance Policy" + } + }, + "/api/v30.03/policies/compliance/host": { + "get": { + "description": { + "$ref": "https://raw.githubusercontent.com/PaloAltoNetworks/prisma-cloud-docs/master/api/descriptions/policies/compliance_host_get.md" + }, + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/shared.Policy" + } + } + }, + "description": "Policy represents a policy that should be enforced by the Auditor" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Policies" + ], + "x-prisma-cloud-target-env": { + "permission": "policyHosts", + "saas": true, + "self-hosted": true + }, + "x-public": true, + "operationId": "get-policies-compliance-host", + "summary": "Get Host Compliance Policy" + }, + "put": { + "description": { + "$ref": "https://raw.githubusercontent.com/PaloAltoNetworks/prisma-cloud-docs/master/api/descriptions/policies/compliance_host_put.md" + }, + "requestBody": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/shared.Policy" + } + } + } + }, + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Policies" + ], + "x-prisma-cloud-target-env": { + "permission": "policyHosts", + "saas": true, + "self-hosted": true + }, + "x-public": true, + "operationId": "put-policies-compliance-host", + "summary": "Update Host Compliance Policy" + } + }, + "/api/v30.03/policies/compliance/serverless": { + "get": { + "description": { + "$ref": "https://raw.githubusercontent.com/PaloAltoNetworks/prisma-cloud-docs/master/api/descriptions/policies/compliance_serverless_get.md" + }, + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/shared.Policy" + } + } + }, + "description": "Policy represents a policy that should be enforced by the Auditor" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Policies" + ], + "x-prisma-cloud-target-env": { + "permission": "policyServerless", + "saas": true, + "self-hosted": true + }, + "x-public": true, + "operationId": "get-policies-compliance-serverless", + "summary": "Get Serverless Compliance Policy" + }, + "put": { + "description": { + "$ref": "https://raw.githubusercontent.com/PaloAltoNetworks/prisma-cloud-docs/master/api/descriptions/policies/compliance_serverless_put.md" + }, + "requestBody": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/shared.Policy" + } + } + } + }, + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Policies" + ], + "x-prisma-cloud-target-env": { + "permission": "policyServerless", + "saas": true, + "self-hosted": true + }, + "x-public": true, + "operationId": "put-policies-compliance-serverless", + "summary": "Update Serverless Compliance Policy" + } + }, + "/api/v30.03/policies/compliance/vms/impacted": { + "get": { + "description": { + "$ref": "https://raw.githubusercontent.com/PaloAltoNetworks/prisma-cloud-docs/master/api/descriptions/policies/compliance_vms_impacted_get.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Number of reports to retrieve in a page.\nFor PCCE, the maximum limit is 250.\nFor PCEE, the maximum limit is 50.\nThe default value is 50.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Retrieves the result for a search term.\n", + "in": "query", + "name": "search", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result using a key.\nRefer to the columns in the relevant Prisma Cloud Compute user interface to use them as sort keys.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": "Filters the result based on collection names that you have defined in Prisma Cloud Compute.\n", + "in": "query", + "name": "collections", + "schema": { + "description": "Filters the result based on collection names that you have defined in Prisma Cloud Compute.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Scopes the query by cloud provider.\n", + "in": "query", + "name": "provider", + "schema": { + "description": "Scopes the query by cloud provider.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters the result based on cloud account IDs.\n", + "in": "query", + "name": "accountIDs", + "schema": { + "description": "Filters the result based on cloud account IDs.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Scopes the query by resource ID.\n", + "in": "query", + "name": "resourceIDs", + "schema": { + "description": "Scopes the query by resource ID.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Scopes the query by cloud region.\n", + "in": "query", + "name": "region", + "schema": { + "description": "Scopes the query by cloud region.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Retrieves the fields that you need in a report.\nUse the list of fields you want to retrieve. By default, the result shows all fields of data.\n", + "in": "query", + "name": "fields", + "schema": { + "description": "Retrieves the fields that you need in a report.\nUse the list of fields you want to retrieve. By default, the result shows all fields of data.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "RuleName is the rule name to apply.\n", + "in": "query", + "name": "ruleName", + "schema": { + "type": "string" + } + } + ], + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/-_shared.ImageScanResult" + } + } + }, + "description": "" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Policies" + ], + "x-prisma-cloud-target-env": { + "permission": "policyHosts", + "saas": true, + "self-hosted": true + }, + "x-public": true, + "operationId": "get-policies-compliance-vms-impacted", + "summary": "Get Impacted VMs Compliance Policy" + } + }, + "/api/v30.03/policies/firewall/app/agentless": { + "get": { + "description": "AgentlessAppFirewallPolicy returns the agentless application firewall policy\n", + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/waas.Policy" + } + } + }, + "description": "Policy represents the policy" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Policies" + ], + "x-prisma-cloud-target-env": { + "permission": "policyWAAS", + "saas": true, + "self-hosted": true + }, + "x-public": true, + "operationId": "get-policies-firewall-app-agentless", + "summary": " Agentless App Firewall Policy" + }, + "put": { + "description": "SetAgentlessAppFirewallPolicy sets the agentless WAAS policy\n", + "requestBody": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/waas.Policy" + } + } + } + }, + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Policies" + ], + "x-prisma-cloud-target-env": { + "permission": "policyWAAS", + "saas": true, + "self-hosted": true + }, + "x-public": true, + "operationId": "put-policies-firewall-app-agentless", + "summary": " Set Agentless App Firewall Policy" + } + }, + "/api/v30.03/policies/firewall/app/agentless/impacted": { + "get": { + "description": "AgentlessAppFirewallPolicyImpacted returns a list of mirrored VMs for which the firewall policy rule applies to\n", + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Number of reports to retrieve in a page.\nFor PCCE, the maximum limit is 250.\nFor PCEE, the maximum limit is 50.\nThe default value is 50.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Retrieves the result for a search term.\n", + "in": "query", + "name": "search", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result using a key.\nRefer to the columns in the relevant Prisma Cloud Compute user interface to use them as sort keys.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": "Filters the result based on collection names that you have defined in Prisma Cloud Compute.\n", + "in": "query", + "name": "collections", + "schema": { + "description": "Filters the result based on collection names that you have defined in Prisma Cloud Compute.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Scopes the query by cloud provider.\n", + "in": "query", + "name": "provider", + "schema": { + "description": "Scopes the query by cloud provider.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters the result based on cloud account IDs.\n", + "in": "query", + "name": "accountIDs", + "schema": { + "description": "Filters the result based on cloud account IDs.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Scopes the query by resource ID.\n", + "in": "query", + "name": "resourceIDs", + "schema": { + "description": "Scopes the query by resource ID.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Scopes the query by cloud region.\n", + "in": "query", + "name": "region", + "schema": { + "description": "Scopes the query by cloud region.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Retrieves the fields that you need in a report.\nUse the list of fields you want to retrieve. By default, the result shows all fields of data.\n", + "in": "query", + "name": "fields", + "schema": { + "description": "Retrieves the fields that you need in a report.\nUse the list of fields you want to retrieve. By default, the result shows all fields of data.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "RuleName is the rule name to apply.\n", + "in": "query", + "name": "ruleName", + "schema": { + "type": "string" + } + } + ], + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/-_waas.VPCConfigMirroredVM" + } + } + }, + "description": "" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Policies" + ], + "x-prisma-cloud-target-env": { + "permission": "policyWAAS", + "saas": true, + "self-hosted": true + }, + "x-public": true, + "operationId": "get-policies-firewall-app-agentless-impacted", + "summary": " Agentless App Firewall Policy Impacted" + } + }, + "/api/v30.03/policies/firewall/app/agentless/resources": { + "get": { + "description": "AgentlessAppFirewallPolicyResources returns the WAAS VPC configuration resources\n", + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Number of reports to retrieve in a page.\nFor PCCE, the maximum limit is 250.\nFor PCEE, the maximum limit is 50.\nThe default value is 50.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Retrieves the result for a search term.\n", + "in": "query", + "name": "search", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result using a key.\nRefer to the columns in the relevant Prisma Cloud Compute user interface to use them as sort keys.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": "Filters the result based on collection names that you have defined in Prisma Cloud Compute.\n", + "in": "query", + "name": "collections", + "schema": { + "description": "Filters the result based on collection names that you have defined in Prisma Cloud Compute.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Scopes the query by cloud provider.\n", + "in": "query", + "name": "provider", + "schema": { + "description": "Scopes the query by cloud provider.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters the result based on cloud account IDs.\n", + "in": "query", + "name": "accountIDs", + "schema": { + "description": "Filters the result based on cloud account IDs.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Scopes the query by resource ID.\n", + "in": "query", + "name": "resourceIDs", + "schema": { + "description": "Scopes the query by resource ID.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Scopes the query by cloud region.\n", + "in": "query", + "name": "region", + "schema": { + "description": "Scopes the query by cloud region.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Retrieves the fields that you need in a report.\nUse the list of fields you want to retrieve. By default, the result shows all fields of data.\n", + "in": "query", + "name": "fields", + "schema": { + "description": "Retrieves the fields that you need in a report.\nUse the list of fields you want to retrieve. By default, the result shows all fields of data.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "ConfigID is the ID of the VPC configuration.\n", + "in": "query", + "name": "configID", + "schema": { + "type": "string" + } + } + ], + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/-_waas.VPCConfigResource" + } + } + }, + "description": "" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Policies" + ], + "x-prisma-cloud-target-env": { + "permission": "policyWAAS", + "saas": true, + "self-hosted": true + }, + "x-public": true, + "operationId": "get-policies-firewall-app-agentless-resources", + "summary": " Agentless App Firewall Policy Resources" + } + }, + "/api/v30.03/policies/firewall/app/agentless/state": { + "get": { + "description": "AgentlessAppFirewallPolicyState returns the state for the agentless app firewall policy\n", + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/waas.AgentlessPolicyState" + } + } + }, + "description": "AgentlessPolicyState is the state of the agentless policy" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Policies" + ], + "x-prisma-cloud-target-env": { + "permission": "policyWAAS", + "saas": true, + "self-hosted": true + }, + "x-public": true, + "operationId": "get-policies-firewall-app-agentless-state", + "summary": " Agentless App Firewall Policy State" + } + }, + "/api/v30.03/policies/firewall/app/apispec": { + "post": { + "description": { + "$ref": "https://raw.githubusercontent.com/PaloAltoNetworks/prisma-cloud-docs/master/api/descriptions/policies/firewall_app_apispec_post.md" + }, + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/waas.APISpec" + } + } + }, + "description": "APISpec is an API specification" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Policies" + ], + "x-prisma-cloud-target-env": { + "permission": "policyWAAS", + "saas": true, + "self-hosted": true + }, + "x-public": true, + "operationId": "post-policies-firewall-app-apispec", + "summary": "Generate a WAAS API Specification Object" + } + }, + "/api/v30.03/policies/firewall/app/app-embedded": { + "get": { + "description": { + "$ref": "https://raw.githubusercontent.com/PaloAltoNetworks/prisma-cloud-docs/master/api/descriptions/policies/firewall_app-embedded_get.md" + }, + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/waas.Policy" + } + } + }, + "description": "Policy represents the policy" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Policies" + ], + "x-prisma-cloud-target-env": { + "permission": "policyWAAS", + "saas": true, + "self-hosted": true + }, + "x-public": true, + "operationId": "get-policies-firewall-app-app-embedded", + "summary": "Get WAAS App-embedded Policy" + }, + "put": { + "description": { + "$ref": "https://raw.githubusercontent.com/PaloAltoNetworks/prisma-cloud-docs/master/api/descriptions/policies/firewall_app-embedded_put.md" + }, + "requestBody": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/waas.Policy" + } + } + } + }, + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Policies" + ], + "x-prisma-cloud-target-env": { + "permission": "policyWAAS", + "saas": true, + "self-hosted": true + }, + "x-public": true, + "operationId": "put-policies-firewall-app-app-embedded", + "summary": "Update WAAS App-embedded Policy" + } + }, + "/api/v30.03/policies/firewall/app/container": { + "get": { + "description": { + "$ref": "https://raw.githubusercontent.com/PaloAltoNetworks/prisma-cloud-docs/master/api/descriptions/policies/firewall_app_container_get.md" + }, + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/waas.Policy" + } + } + }, + "description": "Policy represents the policy" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Policies" + ], + "x-prisma-cloud-target-env": { + "permission": "policyWAAS", + "saas": true, + "self-hosted": true + }, + "x-public": true, + "operationId": "get-policies-firewall-app-container", + "summary": "Get WAAS Container Policy" + }, + "put": { + "description": { + "$ref": "https://raw.githubusercontent.com/PaloAltoNetworks/prisma-cloud-docs/master/api/descriptions/policies/firewall_app_container_put.md" + }, + "requestBody": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/waas.Policy" + } + } + } + }, + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Policies" + ], + "x-prisma-cloud-target-env": { + "permission": "policyWAAS", + "saas": true, + "self-hosted": true + }, + "x-public": true, + "operationId": "put-policies-firewall-app-container", + "summary": "Update WAAS Container Policy" + } + }, + "/api/v30.03/policies/firewall/app/container/impacted": { + "get": { + "description": "ContainerAppFirewallPolicyImpacted returns a list of containers for which the firewall policy rule applies to\n", + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Number of reports to retrieve in a page.\nFor PCCE, the maximum limit is 250.\nFor PCEE, the maximum limit is 50.\nThe default value is 50.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Retrieves the result for a search term.\n", + "in": "query", + "name": "search", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result using a key.\nRefer to the columns in the relevant Prisma Cloud Compute user interface to use them as sort keys.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": "Filters the result based on collection names that you have defined in Prisma Cloud Compute.\n", + "in": "query", + "name": "collections", + "schema": { + "description": "Filters the result based on collection names that you have defined in Prisma Cloud Compute.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Scopes the query by cloud provider.\n", + "in": "query", + "name": "provider", + "schema": { + "description": "Scopes the query by cloud provider.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters the result based on cloud account IDs.\n", + "in": "query", + "name": "accountIDs", + "schema": { + "description": "Filters the result based on cloud account IDs.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Scopes the query by resource ID.\n", + "in": "query", + "name": "resourceIDs", + "schema": { + "description": "Scopes the query by resource ID.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Scopes the query by cloud region.\n", + "in": "query", + "name": "region", + "schema": { + "description": "Scopes the query by cloud region.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Retrieves the fields that you need in a report.\nUse the list of fields you want to retrieve. By default, the result shows all fields of data.\n", + "in": "query", + "name": "fields", + "schema": { + "description": "Retrieves the fields that you need in a report.\nUse the list of fields you want to retrieve. By default, the result shows all fields of data.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "RuleName is the rule name to apply.\n", + "in": "query", + "name": "ruleName", + "schema": { + "type": "string" + } + } + ], + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/-_shared.ContainerScanResult" + } + } + }, + "description": "" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Policies" + ], + "x-prisma-cloud-target-env": { + "permission": "policyWAAS", + "saas": true, + "self-hosted": true + }, + "x-public": true, + "operationId": "get-policies-firewall-app-container-impacted", + "summary": " Container App Firewall Policy Impacted" + } + }, + "/api/v30.03/policies/firewall/app/host": { + "get": { + "description": { + "$ref": "https://raw.githubusercontent.com/PaloAltoNetworks/prisma-cloud-docs/master/api/descriptions/policies/firewall_app_host_get.md" + }, + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/waas.Policy" + } + } + }, + "description": "Policy represents the policy" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Policies" + ], + "x-prisma-cloud-target-env": { + "permission": "policyWAAS", + "saas": true, + "self-hosted": true + }, + "x-public": true, + "operationId": "get-policies-firewall-app-host", + "summary": "Get WAAS Host Policy" + }, + "put": { + "description": { + "$ref": "https://raw.githubusercontent.com/PaloAltoNetworks/prisma-cloud-docs/master/api/descriptions/policies/firewall_app_host_put.md" + }, + "requestBody": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/waas.Policy" + } + } + } + }, + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Policies" + ], + "x-prisma-cloud-target-env": { + "permission": "policyWAAS", + "saas": true, + "self-hosted": true + }, + "x-public": true, + "operationId": "put-policies-firewall-app-host", + "summary": "Update WAAS Host Policy" + } + }, + "/api/v30.03/policies/firewall/app/host/impacted": { + "get": { + "description": "HostAppFirewallPolicyImpacted returns a list of hosts for which the firewall policy rule applies to\n", + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Number of reports to retrieve in a page.\nFor PCCE, the maximum limit is 250.\nFor PCEE, the maximum limit is 50.\nThe default value is 50.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Retrieves the result for a search term.\n", + "in": "query", + "name": "search", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result using a key.\nRefer to the columns in the relevant Prisma Cloud Compute user interface to use them as sort keys.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": "Filters the result based on collection names that you have defined in Prisma Cloud Compute.\n", + "in": "query", + "name": "collections", + "schema": { + "description": "Filters the result based on collection names that you have defined in Prisma Cloud Compute.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Scopes the query by cloud provider.\n", + "in": "query", + "name": "provider", + "schema": { + "description": "Scopes the query by cloud provider.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters the result based on cloud account IDs.\n", + "in": "query", + "name": "accountIDs", + "schema": { + "description": "Filters the result based on cloud account IDs.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Scopes the query by resource ID.\n", + "in": "query", + "name": "resourceIDs", + "schema": { + "description": "Scopes the query by resource ID.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Scopes the query by cloud region.\n", + "in": "query", + "name": "region", + "schema": { + "description": "Scopes the query by cloud region.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Retrieves the fields that you need in a report.\nUse the list of fields you want to retrieve. By default, the result shows all fields of data.\n", + "in": "query", + "name": "fields", + "schema": { + "description": "Retrieves the fields that you need in a report.\nUse the list of fields you want to retrieve. By default, the result shows all fields of data.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "RuleName is the rule name to apply.\n", + "in": "query", + "name": "ruleName", + "schema": { + "type": "string" + } + } + ], + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/-_shared.ImageScanResult" + } + } + }, + "description": "" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Policies" + ], + "x-prisma-cloud-target-env": { + "permission": "policyWAAS", + "saas": true, + "self-hosted": true + }, + "x-public": true, + "operationId": "get-policies-firewall-app-host-impacted", + "summary": " Host App Firewall Policy Impacted" + } + }, + "/api/v30.03/policies/firewall/app/network-list": { + "get": { + "description": { + "$ref": "https://raw.githubusercontent.com/PaloAltoNetworks/prisma-cloud-docs/master/api/descriptions/policies/firewall_app_network_list_get.md" + }, + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/-_waas.NetworkList" + } + } + }, + "description": "" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Policies" + ], + "x-prisma-cloud-target-env": { + "permission": "policyWAAS", + "saas": true, + "self-hosted": true + }, + "x-public": true, + "operationId": "get-policies-firewall-app-network-list", + "summary": "Get WAAS Network List" + }, + "post": { + "description": { + "$ref": "https://raw.githubusercontent.com/PaloAltoNetworks/prisma-cloud-docs/master/api/descriptions/policies/firewall_app_network_list_post.md" + }, + "requestBody": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/waas.NetworkList" + } + } + } + }, + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Policies" + ], + "x-prisma-cloud-target-env": { + "permission": "policyWAAS", + "saas": true, + "self-hosted": true + }, + "x-public": true, + "operationId": "post-policies-firewall-app-network-list", + "summary": "Add WAAS Network List" + }, + "put": { + "description": { + "$ref": "https://raw.githubusercontent.com/PaloAltoNetworks/prisma-cloud-docs/master/api/descriptions/policies/firewall_app_network_list_put.md" + }, + "requestBody": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/waas.NetworkList" + } + } + } + }, + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Policies" + ], + "x-prisma-cloud-target-env": { + "permission": "policyWAAS", + "saas": true, + "self-hosted": true + }, + "x-public": true, + "operationId": "put-policies-firewall-app-network-list", + "summary": "Update WAAS Network List" + } + }, + "/api/v30.03/policies/firewall/app/network-list/{id}": { + "delete": { + "description": { + "$ref": "https://raw.githubusercontent.com/PaloAltoNetworks/prisma-cloud-docs/master/api/descriptions/policies/firewall_app_network_list_id_delete.md" + }, + "parameters": [ + { + "in": "path", + "name": "id", + "required": true, + "schema": { + "type": "string" + } + } + ], + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Policies" + ], + "x-prisma-cloud-target-env": { + "permission": "policyWAAS", + "saas": true, + "self-hosted": true + }, + "x-public": true, + "operationId": "delete-policies-firewall-app-network-list-id", + "summary": "Delete WAAS Network List" + } + }, + "/api/v30.03/policies/firewall/app/out-of-band": { + "get": { + "description": { + "$ref": "https://raw.githubusercontent.com/PaloAltoNetworks/prisma-cloud-docs/master/api/descriptions/policies/firewall_app_out-of-band_get.md" + }, + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/waas.Policy" + } + } + }, + "description": "Policy represents the policy" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Policies" + ], + "x-prisma-cloud-target-env": { + "permission": "policyWAAS", + "saas": true, + "self-hosted": true + }, + "x-public": true, + "operationId": "get-policies-firewall-app-out-of-band", + "summary": "Get Out-of-Band WAAS Policy" + }, + "put": { + "description": { + "$ref": "https://raw.githubusercontent.com/PaloAltoNetworks/prisma-cloud-docs/master/api/descriptions/policies/firewall_app_out-of-band_put.md" + }, + "requestBody": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/waas.Policy" + } + } + } + }, + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Policies" + ], + "x-prisma-cloud-target-env": { + "permission": "policyWAAS", + "saas": true, + "self-hosted": true + }, + "x-public": true, + "operationId": "put-policies-firewall-app-out-of-band", + "summary": "Update Out-of-Band WAAS Policy" + } + }, + "/api/v30.03/policies/firewall/app/out-of-band/impacted": { + "get": { + "description": { + "$ref": "https://raw.githubusercontent.com/PaloAltoNetworks/prisma-cloud-docs/master/api/descriptions/policies/firewall_app_out-of-band_impacted_get.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Number of reports to retrieve in a page.\nFor PCCE, the maximum limit is 250.\nFor PCEE, the maximum limit is 50.\nThe default value is 50.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Retrieves the result for a search term.\n", + "in": "query", + "name": "search", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result using a key.\nRefer to the columns in the relevant Prisma Cloud Compute user interface to use them as sort keys.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": "Filters the result based on collection names that you have defined in Prisma Cloud Compute.\n", + "in": "query", + "name": "collections", + "schema": { + "description": "Filters the result based on collection names that you have defined in Prisma Cloud Compute.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Scopes the query by cloud provider.\n", + "in": "query", + "name": "provider", + "schema": { + "description": "Scopes the query by cloud provider.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters the result based on cloud account IDs.\n", + "in": "query", + "name": "accountIDs", + "schema": { + "description": "Filters the result based on cloud account IDs.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Scopes the query by resource ID.\n", + "in": "query", + "name": "resourceIDs", + "schema": { + "description": "Scopes the query by resource ID.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Scopes the query by cloud region.\n", + "in": "query", + "name": "region", + "schema": { + "description": "Scopes the query by cloud region.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Retrieves the fields that you need in a report.\nUse the list of fields you want to retrieve. By default, the result shows all fields of data.\n", + "in": "query", + "name": "fields", + "schema": { + "description": "Retrieves the fields that you need in a report.\nUse the list of fields you want to retrieve. By default, the result shows all fields of data.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "RuleName is the rule name to apply.\n", + "in": "query", + "name": "ruleName", + "schema": { + "type": "string" + } + } + ], + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/-_types.ImpactedOutOfBandEntity" + } + } + }, + "description": "" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Policies" + ], + "x-prisma-cloud-target-env": { + "permission": "policyWAAS", + "saas": true, + "self-hosted": true + }, + "x-public": true, + "operationId": "get-policies-firewall-app-out-of-band-impacted", + "summary": "Get Impacted Resources for Out-of-Band WAAS Policy" + } + }, + "/api/v30.03/policies/firewall/app/serverless": { + "get": { + "description": { + "$ref": "https://raw.githubusercontent.com/PaloAltoNetworks/prisma-cloud-docs/master/api/descriptions/policies/firewall_app_serverless_get.md" + }, + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/waas.Policy" + } + } + }, + "description": "Policy represents the policy" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Policies" + ], + "x-prisma-cloud-target-env": { + "permission": "policyWAAS", + "saas": true, + "self-hosted": true + }, + "x-public": true, + "operationId": "get-policies-firewall-app-serverless", + "summary": "Get WAAS Serverless Policy" + }, + "put": { + "description": { + "$ref": "https://raw.githubusercontent.com/PaloAltoNetworks/prisma-cloud-docs/master/api/descriptions/policies/firewall_app_serverless_put.md" + }, + "requestBody": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/waas.Policy" + } + } + } + }, + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Policies" + ], + "x-prisma-cloud-target-env": { + "permission": "policyWAAS", + "saas": true, + "self-hosted": true + }, + "x-public": true, + "operationId": "put-policies-firewall-app-serverless", + "summary": "Update WAAS Serverless Policy" + } + }, + "/api/v30.03/policies/firewall/network": { + "get": { + "description": { + "$ref": "https://raw.githubusercontent.com/PaloAltoNetworks/prisma-cloud-docs/master/api/descriptions/policies/firewall_network_container_get.md" + }, + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/cnnf.Policy" + } + } + }, + "description": "Policy holds the data for firewall policies (host and container)" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Policies" + ], + "x-prisma-cloud-target-env": { + "permission": "policyCNNF", + "saas": true, + "self-hosted": true + }, + "x-public": true, + "operationId": "get-policies-firewall-network", + "summary": "Get CNNS Container and Host Policy" + }, + "put": { + "description": { + "$ref": "https://raw.githubusercontent.com/PaloAltoNetworks/prisma-cloud-docs/master/api/descriptions/policies/firewall_network_container_put.md" + }, + "requestBody": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/cnnf.Policy" + } + } + } + }, + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Policies" + ], + "x-prisma-cloud-target-env": { + "permission": "policyCNNF", + "saas": true, + "self-hosted": true + }, + "x-public": true, + "operationId": "put-policies-firewall-network", + "summary": "Update CNNS Container and Host Policy" + } + }, + "/api/v30.03/policies/runtime/app-embedded": { + "get": { + "description": { + "$ref": "https://raw.githubusercontent.com/PaloAltoNetworks/prisma-cloud-docs/master/api/descriptions/policies/runtime_app-embedded_get.md" + }, + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/runtime.AppEmbeddedPolicy" + } + } + }, + "description": "AppEmbeddedPolicy represents a runtime policy enforced for a given running resource" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Policies" + ], + "x-prisma-cloud-target-env": { + "permission": "policyRuntimeServerless", + "saas": true, + "self-hosted": true + }, + "x-public": true, + "operationId": "get-policies-runtime-app-embedded", + "summary": "Get Runtime App-embedded Policy" + }, + "post": { + "description": { + "$ref": "https://raw.githubusercontent.com/PaloAltoNetworks/prisma-cloud-docs/master/api/descriptions/policies/runtime_app-embedded_post.md" + }, + "requestBody": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/runtime.AppEmbeddedPolicyRule" + } + } + } + }, + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Policies" + ], + "x-prisma-cloud-target-env": { + "permission": "policyRuntimeServerless", + "saas": true, + "self-hosted": true + }, + "x-public": true, + "operationId": "post-policies-runtime-app-embedded", + "summary": "Add Runtime App-embedded Policy" + }, + "put": { + "description": { + "$ref": "https://raw.githubusercontent.com/PaloAltoNetworks/prisma-cloud-docs/master/api/descriptions/policies/runtime_app-embedded_put.md" + }, + "requestBody": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/runtime.AppEmbeddedPolicy" + } + } + } + }, + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Policies" + ], + "x-prisma-cloud-target-env": { + "permission": "policyRuntimeServerless", + "saas": true, + "self-hosted": true + }, + "x-public": true, + "operationId": "put-policies-runtime-app-embedded", + "summary": "Update Runtime App-embedded Policy" + } + }, + "/api/v30.03/policies/runtime/container": { + "get": { + "description": { + "$ref": "https://raw.githubusercontent.com/PaloAltoNetworks/prisma-cloud-docs/master/api/descriptions/policies/runtime_container_get.md" + }, + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/runtime.ContainerPolicy" + } + } + }, + "description": "ContainerPolicy represents a runtime policy enforced for a given running resource" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Policies" + ], + "x-prisma-cloud-target-env": { + "permission": "policyRuntimeContainer", + "saas": true, + "self-hosted": true + }, + "x-public": true, + "operationId": "get-policies-runtime-container", + "summary": "Get Runtime Container Policy" + }, + "post": { + "description": "SetContainerRuntimePolicyRule adds the given container runtime policy rule\n", + "requestBody": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/runtime.ContainerPolicyRule" + } + } + } + }, + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Policies" + ], + "x-prisma-cloud-target-env": { + "permission": "policyRuntimeContainer", + "saas": true, + "self-hosted": true + }, + "x-public": true, + "operationId": "post-policies-runtime-container", + "summary": " Set Container Runtime Policy Rule" + }, + "put": { + "description": { + "$ref": "https://raw.githubusercontent.com/PaloAltoNetworks/prisma-cloud-docs/master/api/descriptions/policies/runtime_container_put.md" + }, + "requestBody": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/runtime.ContainerPolicy" + } + } + } + }, + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Policies" + ], + "x-prisma-cloud-target-env": { + "permission": "policyRuntimeContainer", + "saas": true, + "self-hosted": true + }, + "x-public": true, + "operationId": "put-policies-runtime-container", + "summary": "Update Runtime Container Policy" + } + }, + "/api/v30.03/policies/runtime/container/impacted": { + "get": { + "description": { + "$ref": "https://raw.githubusercontent.com/PaloAltoNetworks/prisma-cloud-docs/master/api/descriptions/policies/runtime_container_impacted_get.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Number of reports to retrieve in a page.\nFor PCCE, the maximum limit is 250.\nFor PCEE, the maximum limit is 50.\nThe default value is 50.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Retrieves the result for a search term.\n", + "in": "query", + "name": "search", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result using a key.\nRefer to the columns in the relevant Prisma Cloud Compute user interface to use them as sort keys.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": "Filters the result based on collection names that you have defined in Prisma Cloud Compute.\n", + "in": "query", + "name": "collections", + "schema": { + "description": "Filters the result based on collection names that you have defined in Prisma Cloud Compute.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Scopes the query by cloud provider.\n", + "in": "query", + "name": "provider", + "schema": { + "description": "Scopes the query by cloud provider.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters the result based on cloud account IDs.\n", + "in": "query", + "name": "accountIDs", + "schema": { + "description": "Filters the result based on cloud account IDs.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Scopes the query by resource ID.\n", + "in": "query", + "name": "resourceIDs", + "schema": { + "description": "Scopes the query by resource ID.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Scopes the query by cloud region.\n", + "in": "query", + "name": "region", + "schema": { + "description": "Scopes the query by cloud region.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Retrieves the fields that you need in a report.\nUse the list of fields you want to retrieve. By default, the result shows all fields of data.\n", + "in": "query", + "name": "fields", + "schema": { + "description": "Retrieves the fields that you need in a report.\nUse the list of fields you want to retrieve. By default, the result shows all fields of data.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "RuleName is the rule name to apply.\n", + "in": "query", + "name": "ruleName", + "schema": { + "type": "string" + } + } + ], + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/-_shared.ContainerScanResult" + } + } + }, + "description": "" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Policies" + ], + "x-prisma-cloud-target-env": { + "permission": "policyRuntimeContainer", + "saas": true, + "self-hosted": true + }, + "x-public": true, + "operationId": "get-policies-runtime-container-impacted", + "summary": "Update Runtime Impacted Container Policy" + } + }, + "/api/v30.03/policies/runtime/host": { + "get": { + "description": { + "$ref": "https://raw.githubusercontent.com/PaloAltoNetworks/prisma-cloud-docs/master/api/descriptions/policies/runtime_host_get.md" + }, + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/runtime.HostPolicy" + } + } + }, + "description": "HostPolicy represents a host runtime policy enforced for a given running resource" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Policies" + ], + "x-prisma-cloud-target-env": { + "permission": "policyRuntimeHosts", + "saas": true, + "self-hosted": true + }, + "x-public": true, + "operationId": "get-policies-runtime-host", + "summary": "Get Runtime Host Policy" + }, + "post": { + "description": "SetHostRuntimePolicyRule set the specified rule first\n", + "requestBody": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/runtime.HostPolicyRule" + } + } + } + }, + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Policies" + ], + "x-prisma-cloud-target-env": { + "permission": "policyRuntimeHosts", + "saas": true, + "self-hosted": true + }, + "x-public": true, + "operationId": "post-policies-runtime-host", + "summary": " Set Host Runtime Policy Rule" + }, + "put": { + "description": { + "$ref": "https://raw.githubusercontent.com/PaloAltoNetworks/prisma-cloud-docs/master/api/descriptions/policies/runtime_host_put.md" + }, + "requestBody": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/runtime.HostPolicy" + } + } + } + }, + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Policies" + ], + "x-prisma-cloud-target-env": { + "permission": "policyRuntimeHosts", + "saas": true, + "self-hosted": true + }, + "x-public": true, + "operationId": "put-policies-runtime-host", + "summary": "Update Runtime Host Policy" + } + }, + "/api/v30.03/policies/runtime/serverless": { + "get": { + "description": { + "$ref": "https://raw.githubusercontent.com/PaloAltoNetworks/prisma-cloud-docs/master/api/descriptions/policies/runtime_serverless_get.md" + }, + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/runtime.ServerlessPolicy" + } + } + }, + "description": "ServerlessPolicy represents a serverless runtime policy enforced for a given running resource" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Policies" + ], + "x-prisma-cloud-target-env": { + "permission": "policyRuntimeServerless", + "saas": true, + "self-hosted": true + }, + "x-public": true, + "operationId": "get-policies-runtime-serverless", + "summary": "Get Runtime Serverless Policy" + }, + "post": { + "description": "SetServerlessRuntimePolicyRule adds the given serverless runtime policy rule\n", + "requestBody": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/runtime.ServerlessPolicyRule" + } + } + } + }, + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Policies" + ], + "x-prisma-cloud-target-env": { + "permission": "policyRuntimeServerless", + "saas": true, + "self-hosted": true + }, + "x-public": true, + "operationId": "post-policies-runtime-serverless", + "summary": " Set Serverless Runtime Policy Rule" + }, + "put": { + "description": { + "$ref": "https://raw.githubusercontent.com/PaloAltoNetworks/prisma-cloud-docs/master/api/descriptions/policies/runtime_serverless_put.md" + }, + "requestBody": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/runtime.ServerlessPolicy" + } + } + } + }, + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Policies" + ], + "x-prisma-cloud-target-env": { + "permission": "policyRuntimeServerless", + "saas": true, + "self-hosted": true + }, + "x-public": true, + "operationId": "put-policies-runtime-serverless", + "summary": "Update Runtime Serverless Policy" + } + }, + "/api/v30.03/policies/vulnerability/base-images": { + "get": { + "description": "BaseImagesRules returns all the base image scopes and the list of base images digests for each of them\n", + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/-_types.BaseImagesRule" + } + } + }, + "description": "" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Policies" + ], + "x-prisma-cloud-target-env": { + "permission": "policyContainers", + "saas": true, + "self-hosted": true + }, + "x-public": true, + "operationId": "get-policies-vulnerability-base-images", + "summary": " Base Images Rules" + }, + "post": { + "description": "AddBaseImagesRule adds the base images which match the given scope configuration\n", + "requestBody": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/types.BaseImagesRule" + } + } + } + }, + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Policies" + ], + "x-prisma-cloud-target-env": { + "permission": "policyContainers", + "saas": true, + "self-hosted": true + }, + "x-public": true, + "operationId": "post-policies-vulnerability-base-images", + "summary": " Add Base Images Rule" + } + }, + "/api/v30.03/policies/vulnerability/base-images/download": { + "get": { + "description": "DownloadBaseImagesRules downloads the base images rules data to CSV\n", + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Policies" + ], + "x-prisma-cloud-target-env": { + "permission": "policyContainers", + "saas": true, + "self-hosted": true + }, + "x-public": true, + "operationId": "get-policies-vulnerability-base-images-download", + "summary": " Download Base Images Rules" + } + }, + "/api/v30.03/policies/vulnerability/base-images/{id}": { + "delete": { + "description": "DeleteBaseImagesRule removes all base images under a given scope\n", + "parameters": [ + { + "in": "path", + "name": "id", + "required": true, + "schema": { + "type": "string" + } + } + ], + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Policies" + ], + "x-prisma-cloud-target-env": { + "permission": "policyContainers", + "saas": true, + "self-hosted": true + }, + "x-public": true, + "operationId": "delete-policies-vulnerability-base-images-id", + "summary": " Delete Base Images Rule" + } + }, + "/api/v30.03/policies/vulnerability/ci/images": { + "get": { + "description": { + "$ref": "https://raw.githubusercontent.com/PaloAltoNetworks/prisma-cloud-docs/master/api/descriptions/policies/vulnerability_ci_images_get.md" + }, + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/shared.Policy" + } + } + }, + "description": "Policy represents a policy that should be enforced by the Auditor" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Policies" + ], + "x-prisma-cloud-target-env": { + "permission": "policyContainers", + "saas": true, + "self-hosted": true + }, + "x-public": true, + "operationId": "get-policies-vulnerability-ci-images", + "summary": "Get CI Image Vulnerability Policy" + }, + "put": { + "description": { + "$ref": "https://raw.githubusercontent.com/PaloAltoNetworks/prisma-cloud-docs/master/api/descriptions/policies/vulnerability_ci_images_put.md" + }, + "requestBody": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/shared.Policy" + } + } + } + }, + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Policies" + ], + "x-prisma-cloud-target-env": { + "permission": "policyContainers", + "saas": true, + "self-hosted": true + }, + "x-public": true, + "operationId": "put-policies-vulnerability-ci-images", + "summary": "Update CI Image Vulnerability Policy" + } + }, + "/api/v30.03/policies/vulnerability/ci/serverless": { + "get": { + "description": { + "$ref": "https://raw.githubusercontent.com/PaloAltoNetworks/prisma-cloud-docs/master/api/descriptions/policies/vulnerability_ci_serverless_get.md" + }, + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/shared.Policy" + } + } + }, + "description": "Policy represents a policy that should be enforced by the Auditor" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Policies" + ], + "x-prisma-cloud-target-env": { + "permission": "policyServerless", + "saas": true, + "self-hosted": true + }, + "x-public": true, + "operationId": "get-policies-vulnerability-ci-serverless", + "summary": "Get CI Serverless Vulnerability Policy" + }, + "put": { + "description": { + "$ref": "https://raw.githubusercontent.com/PaloAltoNetworks/prisma-cloud-docs/master/api/descriptions/policies/vulnerability_ci_serverless_put.md" + }, + "requestBody": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/shared.Policy" + } + } + } + }, + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Policies" + ], + "x-prisma-cloud-target-env": { + "permission": "policyServerless", + "saas": true, + "self-hosted": true + }, + "x-public": true, + "operationId": "put-policies-vulnerability-ci-serverless", + "summary": "Update CI Serverless Vulnerability Policy" + } + }, + "/api/v30.03/policies/vulnerability/coderepos": { + "get": { + "description": { + "$ref": "https://raw.githubusercontent.com/PaloAltoNetworks/prisma-cloud-docs/master/api/descriptions/policies/vulnerability_coderepos_get.md" + }, + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/shared.Policy" + } + } + }, + "description": "Policy represents a policy that should be enforced by the Auditor" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Policies" + ], + "x-prisma-cloud-target-env": { + "permission": "policyCodeRepos", + "saas": true, + "self-hosted": true + }, + "x-public": true, + "operationId": "get-policies-vulnerability-coderepos", + "summary": "Get Code Repository Vulnerability Policy" + }, + "put": { + "description": { + "$ref": "https://raw.githubusercontent.com/PaloAltoNetworks/prisma-cloud-docs/master/api/descriptions/policies/vulnerability_coderepos_put.md" + }, + "requestBody": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/shared.Policy" + } + } + } + }, + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Policies" + ], + "x-prisma-cloud-target-env": { + "permission": "policyCodeRepos", + "saas": true, + "self-hosted": true + }, + "x-public": true, + "operationId": "put-policies-vulnerability-coderepos", + "summary": "Update Code Repository Vulnerability Policy" + } + }, + "/api/v30.03/policies/vulnerability/coderepos/impacted": { + "get": { + "description": { + "$ref": "https://raw.githubusercontent.com/PaloAltoNetworks/prisma-cloud-docs/master/api/descriptions/policies/vulnerability_coderepos_impacted_get.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Number of reports to retrieve in a page.\nFor PCCE, the maximum limit is 250.\nFor PCEE, the maximum limit is 50.\nThe default value is 50.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Retrieves the result for a search term.\n", + "in": "query", + "name": "search", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result using a key.\nRefer to the columns in the relevant Prisma Cloud Compute user interface to use them as sort keys.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": "Filters the result based on collection names that you have defined in Prisma Cloud Compute.\n", + "in": "query", + "name": "collections", + "schema": { + "description": "Filters the result based on collection names that you have defined in Prisma Cloud Compute.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Scopes the query by cloud provider.\n", + "in": "query", + "name": "provider", + "schema": { + "description": "Scopes the query by cloud provider.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters the result based on cloud account IDs.\n", + "in": "query", + "name": "accountIDs", + "schema": { + "description": "Filters the result based on cloud account IDs.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Scopes the query by resource ID.\n", + "in": "query", + "name": "resourceIDs", + "schema": { + "description": "Scopes the query by resource ID.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Scopes the query by cloud region.\n", + "in": "query", + "name": "region", + "schema": { + "description": "Scopes the query by cloud region.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Retrieves the fields that you need in a report.\nUse the list of fields you want to retrieve. By default, the result shows all fields of data.\n", + "in": "query", + "name": "fields", + "schema": { + "description": "Retrieves the fields that you need in a report.\nUse the list of fields you want to retrieve. By default, the result shows all fields of data.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "RuleName is the rule name to apply.\n", + "in": "query", + "name": "ruleName", + "schema": { + "type": "string" + } + } + ], + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/-_coderepos.ScanResult" + } + } + }, + "description": "" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Policies" + ], + "x-prisma-cloud-target-env": { + "permission": "policyCodeRepos", + "saas": true, + "self-hosted": true + }, + "x-public": true, + "operationId": "get-policies-vulnerability-coderepos-impacted", + "summary": "Get Impacted Code Repository Vulnerability Policy" + } + }, + "/api/v30.03/policies/vulnerability/host": { + "get": { + "description": { + "$ref": "https://raw.githubusercontent.com/PaloAltoNetworks/prisma-cloud-docs/master/api/descriptions/policies/vulnerability_host_get.md" + }, + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/shared.Policy" + } + } + }, + "description": "Policy represents a policy that should be enforced by the Auditor" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Policies" + ], + "x-prisma-cloud-target-env": { + "permission": "policyHosts", + "saas": true, + "self-hosted": true + }, + "x-public": true, + "operationId": "get-policies-vulnerability-host", + "summary": "Get Host Vulnerability Policy" + }, + "put": { + "description": { + "$ref": "https://raw.githubusercontent.com/PaloAltoNetworks/prisma-cloud-docs/master/api/descriptions/policies/vulnerability_host_put.md" + }, + "requestBody": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/shared.Policy" + } + } + } + }, + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Policies" + ], + "x-prisma-cloud-target-env": { + "permission": "policyHosts", + "saas": true, + "self-hosted": true + }, + "x-public": true, + "operationId": "put-policies-vulnerability-host", + "summary": "Update Host Vulnerability Policy" + } + }, + "/api/v30.03/policies/vulnerability/host/impacted": { + "get": { + "description": { + "$ref": "https://raw.githubusercontent.com/PaloAltoNetworks/prisma-cloud-docs/master/api/descriptions/policies/vulnerability_host_impacted_get.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Number of reports to retrieve in a page.\nFor PCCE, the maximum limit is 250.\nFor PCEE, the maximum limit is 50.\nThe default value is 50.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Retrieves the result for a search term.\n", + "in": "query", + "name": "search", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result using a key.\nRefer to the columns in the relevant Prisma Cloud Compute user interface to use them as sort keys.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": "Filters the result based on collection names that you have defined in Prisma Cloud Compute.\n", + "in": "query", + "name": "collections", + "schema": { + "description": "Filters the result based on collection names that you have defined in Prisma Cloud Compute.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Scopes the query by cloud provider.\n", + "in": "query", + "name": "provider", + "schema": { + "description": "Scopes the query by cloud provider.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters the result based on cloud account IDs.\n", + "in": "query", + "name": "accountIDs", + "schema": { + "description": "Filters the result based on cloud account IDs.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Scopes the query by resource ID.\n", + "in": "query", + "name": "resourceIDs", + "schema": { + "description": "Scopes the query by resource ID.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Scopes the query by cloud region.\n", + "in": "query", + "name": "region", + "schema": { + "description": "Scopes the query by cloud region.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Retrieves the fields that you need in a report.\nUse the list of fields you want to retrieve. By default, the result shows all fields of data.\n", + "in": "query", + "name": "fields", + "schema": { + "description": "Retrieves the fields that you need in a report.\nUse the list of fields you want to retrieve. By default, the result shows all fields of data.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "RuleName is the rule name to apply.\n", + "in": "query", + "name": "ruleName", + "schema": { + "type": "string" + } + } + ], + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/-_shared.ImageScanResult" + } + } + }, + "description": "" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Policies" + ], + "x-prisma-cloud-target-env": { + "permission": "policyHosts", + "saas": true, + "self-hosted": true + }, + "x-public": true, + "operationId": "get-policies-vulnerability-host-impacted", + "summary": "Get Impacted Host Vulnerability Policy" + } + }, + "/api/v30.03/policies/vulnerability/images": { + "get": { + "description": { + "$ref": "https://raw.githubusercontent.com/PaloAltoNetworks/prisma-cloud-docs/master/api/descriptions/policies/vulnerability_images_get.md" + }, + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/shared.Policy" + } + } + }, + "description": "Policy represents a policy that should be enforced by the Auditor" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Policies" + ], + "x-prisma-cloud-target-env": { + "permission": "policyContainers", + "saas": true, + "self-hosted": true + }, + "x-public": true, + "operationId": "get-policies-vulnerability-images", + "summary": "Get Image Vulnerability Policy" + }, + "put": { + "description": { + "$ref": "https://raw.githubusercontent.com/PaloAltoNetworks/prisma-cloud-docs/master/api/descriptions/policies/vulnerability_images_put.md" + }, + "requestBody": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/shared.Policy" + } + } + } + }, + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Policies" + ], + "x-prisma-cloud-target-env": { + "permission": "policyContainers", + "saas": true, + "self-hosted": true + }, + "x-public": true, + "operationId": "put-policies-vulnerability-images", + "summary": "Update Image Vulnerability Policy" + } + }, + "/api/v30.03/policies/vulnerability/images/impacted": { + "get": { + "description": { + "$ref": "https://raw.githubusercontent.com/PaloAltoNetworks/prisma-cloud-docs/master/api/descriptions/policies/vulnerability_images_impacted_get.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Number of reports to retrieve in a page.\nFor PCCE, the maximum limit is 250.\nFor PCEE, the maximum limit is 50.\nThe default value is 50.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Retrieves the result for a search term.\n", + "in": "query", + "name": "search", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result using a key.\nRefer to the columns in the relevant Prisma Cloud Compute user interface to use them as sort keys.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": "Filters the result based on collection names that you have defined in Prisma Cloud Compute.\n", + "in": "query", + "name": "collections", + "schema": { + "description": "Filters the result based on collection names that you have defined in Prisma Cloud Compute.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Scopes the query by cloud provider.\n", + "in": "query", + "name": "provider", + "schema": { + "description": "Scopes the query by cloud provider.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters the result based on cloud account IDs.\n", + "in": "query", + "name": "accountIDs", + "schema": { + "description": "Filters the result based on cloud account IDs.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Scopes the query by resource ID.\n", + "in": "query", + "name": "resourceIDs", + "schema": { + "description": "Scopes the query by resource ID.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Scopes the query by cloud region.\n", + "in": "query", + "name": "region", + "schema": { + "description": "Scopes the query by cloud region.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Retrieves the fields that you need in a report.\nUse the list of fields you want to retrieve. By default, the result shows all fields of data.\n", + "in": "query", + "name": "fields", + "schema": { + "description": "Retrieves the fields that you need in a report.\nUse the list of fields you want to retrieve. By default, the result shows all fields of data.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "RuleName is the rule name to apply.\n", + "in": "query", + "name": "ruleName", + "schema": { + "type": "string" + } + } + ], + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/-_shared.ImageScanResult" + } + } + }, + "description": "" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Policies" + ], + "x-prisma-cloud-target-env": { + "permission": "policyContainers", + "saas": true, + "self-hosted": true + }, + "x-public": true, + "operationId": "get-policies-vulnerability-images-impacted", + "summary": "Get Impacted Image Vulnerability Policy" + } + }, + "/api/v30.03/policies/vulnerability/serverless": { + "get": { + "description": { + "$ref": "https://raw.githubusercontent.com/PaloAltoNetworks/prisma-cloud-docs/master/api/descriptions/policies/vulnerability_serverless_get.md" + }, + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/shared.Policy" + } + } + }, + "description": "Policy represents a policy that should be enforced by the Auditor" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Policies" + ], + "x-prisma-cloud-target-env": { + "permission": "policyServerless", + "saas": true, + "self-hosted": true + }, + "x-public": true, + "operationId": "get-policies-vulnerability-serverless", + "summary": "Get Serverless Vulnerability Policy" + }, + "put": { + "description": { + "$ref": "https://raw.githubusercontent.com/PaloAltoNetworks/prisma-cloud-docs/master/api/descriptions/policies/vulnerability_serverless_put.md" + }, + "requestBody": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/shared.Policy" + } + } + } + }, + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Policies" + ], + "x-prisma-cloud-target-env": { + "permission": "policyServerless", + "saas": true, + "self-hosted": true + }, + "x-public": true, + "operationId": "put-policies-vulnerability-serverless", + "summary": "Update Serverless Vulnerability Policy" + } + }, + "/api/v30.03/profiles/app-embedded": { + "get": { + "description": { + "$ref": "https://raw.githubusercontent.com/PaloAltoNetworks/prisma-cloud-docs/master/api/descriptions/profiles/app-embedded_get.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Number of reports to retrieve in a page.\nFor PCCE, the maximum limit is 250.\nFor PCEE, the maximum limit is 50.\nThe default value is 50.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Retrieves the result for a search term.\n", + "in": "query", + "name": "search", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result using a key.\nRefer to the columns in the relevant Prisma Cloud Compute user interface to use them as sort keys.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": "Filters the result based on collection names that you have defined in Prisma Cloud Compute.\n", + "in": "query", + "name": "collections", + "schema": { + "description": "Filters the result based on collection names that you have defined in Prisma Cloud Compute.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Scopes the query by cloud provider.\n", + "in": "query", + "name": "provider", + "schema": { + "description": "Scopes the query by cloud provider.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters the result based on cloud account IDs.\n", + "in": "query", + "name": "accountIDs", + "schema": { + "description": "Filters the result based on cloud account IDs.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Scopes the query by resource ID.\n", + "in": "query", + "name": "resourceIDs", + "schema": { + "description": "Scopes the query by resource ID.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Scopes the query by cloud region.\n", + "in": "query", + "name": "region", + "schema": { + "description": "Scopes the query by cloud region.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Retrieves the fields that you need in a report.\nUse the list of fields you want to retrieve. By default, the result shows all fields of data.\n", + "in": "query", + "name": "fields", + "schema": { + "description": "Retrieves the fields that you need in a report.\nUse the list of fields you want to retrieve. By default, the result shows all fields of data.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "IDs is the runtime profile id filter.\n", + "in": "query", + "name": "id", + "schema": { + "description": "IDs is the runtime profile id filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "AppIDs is the app embedded profile app IDs filter.\n", + "in": "query", + "name": "appID", + "schema": { + "description": "AppIDs is the app embedded profile app IDs filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Containers is the app embedded container filter.\n", + "in": "query", + "name": "container", + "schema": { + "description": "Containers is the app embedded container filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Images is the app embedded images filter.\n", + "in": "query", + "name": "image", + "schema": { + "description": "Images is the app embedded images filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Clusters is the app embedded clusters filter.\n", + "in": "query", + "name": "cluster", + "schema": { + "description": "Clusters is the app embedded clusters filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "ImageIDs is the app embedded image IDs filter.\n", + "in": "query", + "name": "imageID", + "schema": { + "description": "ImageIDs is the app embedded image IDs filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + } + ], + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/-_shared.AppEmbeddedRuntimeProfile" + } + } + }, + "description": "" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Profiles" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorRuntimeServerless", + "saas": true, + "self-hosted": true + }, + "x-public": true, + "operationId": "get-profiles-app-embedded", + "summary": "Get App-embedded Profiles" + } + }, + "/api/v30.03/profiles/app-embedded/download": { + "get": { + "description": { + "$ref": "https://raw.githubusercontent.com/PaloAltoNetworks/prisma-cloud-docs/master/api/descriptions/profiles/app-embedded_download_get.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Number of reports to retrieve in a page.\nFor PCCE, the maximum limit is 250.\nFor PCEE, the maximum limit is 50.\nThe default value is 50.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Retrieves the result for a search term.\n", + "in": "query", + "name": "search", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result using a key.\nRefer to the columns in the relevant Prisma Cloud Compute user interface to use them as sort keys.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": "Filters the result based on collection names that you have defined in Prisma Cloud Compute.\n", + "in": "query", + "name": "collections", + "schema": { + "description": "Filters the result based on collection names that you have defined in Prisma Cloud Compute.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Scopes the query by cloud provider.\n", + "in": "query", + "name": "provider", + "schema": { + "description": "Scopes the query by cloud provider.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters the result based on cloud account IDs.\n", + "in": "query", + "name": "accountIDs", + "schema": { + "description": "Filters the result based on cloud account IDs.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Scopes the query by resource ID.\n", + "in": "query", + "name": "resourceIDs", + "schema": { + "description": "Scopes the query by resource ID.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Scopes the query by cloud region.\n", + "in": "query", + "name": "region", + "schema": { + "description": "Scopes the query by cloud region.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Retrieves the fields that you need in a report.\nUse the list of fields you want to retrieve. By default, the result shows all fields of data.\n", + "in": "query", + "name": "fields", + "schema": { + "description": "Retrieves the fields that you need in a report.\nUse the list of fields you want to retrieve. By default, the result shows all fields of data.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "IDs is the runtime profile id filter.\n", + "in": "query", + "name": "id", + "schema": { + "description": "IDs is the runtime profile id filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "AppIDs is the app embedded profile app IDs filter.\n", + "in": "query", + "name": "appID", + "schema": { + "description": "AppIDs is the app embedded profile app IDs filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Containers is the app embedded container filter.\n", + "in": "query", + "name": "container", + "schema": { + "description": "Containers is the app embedded container filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Images is the app embedded images filter.\n", + "in": "query", + "name": "image", + "schema": { + "description": "Images is the app embedded images filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Clusters is the app embedded clusters filter.\n", + "in": "query", + "name": "cluster", + "schema": { + "description": "Clusters is the app embedded clusters filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "ImageIDs is the app embedded image IDs filter.\n", + "in": "query", + "name": "imageID", + "schema": { + "description": "ImageIDs is the app embedded image IDs filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + } + ], + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Profiles" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorRuntimeServerless", + "saas": true, + "self-hosted": true + }, + "x-public": true, + "operationId": "get-profiles-app-embedded-download", + "summary": "Download App-embedded Profiles" + } + }, + "/api/v30.03/profiles/container": { + "get": { + "description": { + "$ref": "https://raw.githubusercontent.com/PaloAltoNetworks/prisma-cloud-docs/master/api/descriptions/profiles/container_get.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Number of reports to retrieve in a page.\nFor PCCE, the maximum limit is 250.\nFor PCEE, the maximum limit is 50.\nThe default value is 50.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Retrieves the result for a search term.\n", + "in": "query", + "name": "search", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result using a key.\nRefer to the columns in the relevant Prisma Cloud Compute user interface to use them as sort keys.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": "Filters the result based on collection names that you have defined in Prisma Cloud Compute.\n", + "in": "query", + "name": "collections", + "schema": { + "description": "Filters the result based on collection names that you have defined in Prisma Cloud Compute.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Scopes the query by cloud provider.\n", + "in": "query", + "name": "provider", + "schema": { + "description": "Scopes the query by cloud provider.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters the result based on cloud account IDs.\n", + "in": "query", + "name": "accountIDs", + "schema": { + "description": "Filters the result based on cloud account IDs.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Scopes the query by resource ID.\n", + "in": "query", + "name": "resourceIDs", + "schema": { + "description": "Scopes the query by resource ID.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Scopes the query by cloud region.\n", + "in": "query", + "name": "region", + "schema": { + "description": "Scopes the query by cloud region.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Retrieves the fields that you need in a report.\nUse the list of fields you want to retrieve. By default, the result shows all fields of data.\n", + "in": "query", + "name": "fields", + "schema": { + "description": "Retrieves the fields that you need in a report.\nUse the list of fields you want to retrieve. By default, the result shows all fields of data.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "IDs is the runtime profile id filter.\n", + "in": "query", + "name": "id", + "schema": { + "description": "IDs is the runtime profile id filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "OS is the service runtime profile OS filter.\n", + "in": "query", + "name": "os", + "schema": { + "description": "OS is the service runtime profile OS filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "States is the runtime profile state filter.\n", + "in": "query", + "name": "state", + "schema": { + "description": "States is the runtime profile state filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "ImageIDs is the runtime profile image id filter.\n", + "in": "query", + "name": "imageID", + "schema": { + "description": "ImageIDs is the runtime profile image id filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Images is the runtime profile image filter.\n", + "in": "query", + "name": "image", + "schema": { + "description": "Images is the runtime profile image filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Hosts is the runtime profile hostname filter.\n", + "in": "query", + "name": "hostName", + "schema": { + "description": "Hosts is the runtime profile hostname filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Namespaces is the runtime profile k8s namespace filter.\n", + "in": "query", + "name": "namespace", + "schema": { + "description": "Namespaces is the runtime profile k8s namespace filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Clusters is the runtime profile k8s cluster filter.\n", + "in": "query", + "name": "cluster", + "schema": { + "description": "Clusters is the runtime profile k8s cluster filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + } + ], + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/-_shared.ContainerRuntimeProfile" + } + } + }, + "description": "" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Profiles" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorRuntimeContainers", + "saas": true, + "self-hosted": true + }, + "x-public": true, + "operationId": "get-profiles-container", + "summary": "Get Runtime Container Profiles" + } + }, + "/api/v30.03/profiles/container/download": { + "get": { + "description": { + "$ref": "https://raw.githubusercontent.com/PaloAltoNetworks/prisma-cloud-docs/master/api/descriptions/profiles/container_download_get.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Number of reports to retrieve in a page.\nFor PCCE, the maximum limit is 250.\nFor PCEE, the maximum limit is 50.\nThe default value is 50.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Retrieves the result for a search term.\n", + "in": "query", + "name": "search", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result using a key.\nRefer to the columns in the relevant Prisma Cloud Compute user interface to use them as sort keys.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": "Filters the result based on collection names that you have defined in Prisma Cloud Compute.\n", + "in": "query", + "name": "collections", + "schema": { + "description": "Filters the result based on collection names that you have defined in Prisma Cloud Compute.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Scopes the query by cloud provider.\n", + "in": "query", + "name": "provider", + "schema": { + "description": "Scopes the query by cloud provider.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters the result based on cloud account IDs.\n", + "in": "query", + "name": "accountIDs", + "schema": { + "description": "Filters the result based on cloud account IDs.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Scopes the query by resource ID.\n", + "in": "query", + "name": "resourceIDs", + "schema": { + "description": "Scopes the query by resource ID.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Scopes the query by cloud region.\n", + "in": "query", + "name": "region", + "schema": { + "description": "Scopes the query by cloud region.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Retrieves the fields that you need in a report.\nUse the list of fields you want to retrieve. By default, the result shows all fields of data.\n", + "in": "query", + "name": "fields", + "schema": { + "description": "Retrieves the fields that you need in a report.\nUse the list of fields you want to retrieve. By default, the result shows all fields of data.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "IDs is the runtime profile id filter.\n", + "in": "query", + "name": "id", + "schema": { + "description": "IDs is the runtime profile id filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "OS is the service runtime profile OS filter.\n", + "in": "query", + "name": "os", + "schema": { + "description": "OS is the service runtime profile OS filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "States is the runtime profile state filter.\n", + "in": "query", + "name": "state", + "schema": { + "description": "States is the runtime profile state filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "ImageIDs is the runtime profile image id filter.\n", + "in": "query", + "name": "imageID", + "schema": { + "description": "ImageIDs is the runtime profile image id filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Images is the runtime profile image filter.\n", + "in": "query", + "name": "image", + "schema": { + "description": "Images is the runtime profile image filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Hosts is the runtime profile hostname filter.\n", + "in": "query", + "name": "hostName", + "schema": { + "description": "Hosts is the runtime profile hostname filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Namespaces is the runtime profile k8s namespace filter.\n", + "in": "query", + "name": "namespace", + "schema": { + "description": "Namespaces is the runtime profile k8s namespace filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Clusters is the runtime profile k8s cluster filter.\n", + "in": "query", + "name": "cluster", + "schema": { + "description": "Clusters is the runtime profile k8s cluster filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + } + ], + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Profiles" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorRuntimeContainers", + "saas": true, + "self-hosted": true + }, + "x-public": true, + "operationId": "get-profiles-container-download", + "summary": "Download Runtime Container Profiles" + } + }, + "/api/v30.03/profiles/container/learn": { + "post": { + "description": { + "$ref": "https://raw.githubusercontent.com/PaloAltoNetworks/prisma-cloud-docs/master/api/descriptions/profiles/container_learn_post.md" + }, + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Profiles" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorRuntimeContainers", + "saas": true, + "self-hosted": true + }, + "x-public": true, + "operationId": "post-profiles-container-learn", + "summary": "Relearn Runtime Container Profiles" + } + }, + "/api/v30.03/profiles/host": { + "get": { + "description": { + "$ref": "https://raw.githubusercontent.com/PaloAltoNetworks/prisma-cloud-docs/master/api/descriptions/profiles/host_get.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Number of reports to retrieve in a page.\nFor PCCE, the maximum limit is 250.\nFor PCEE, the maximum limit is 50.\nThe default value is 50.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Retrieves the result for a search term.\n", + "in": "query", + "name": "search", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result using a key.\nRefer to the columns in the relevant Prisma Cloud Compute user interface to use them as sort keys.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": "Filters the result based on collection names that you have defined in Prisma Cloud Compute.\n", + "in": "query", + "name": "collections", + "schema": { + "description": "Filters the result based on collection names that you have defined in Prisma Cloud Compute.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Scopes the query by cloud provider.\n", + "in": "query", + "name": "provider", + "schema": { + "description": "Scopes the query by cloud provider.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters the result based on cloud account IDs.\n", + "in": "query", + "name": "accountIDs", + "schema": { + "description": "Filters the result based on cloud account IDs.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Scopes the query by resource ID.\n", + "in": "query", + "name": "resourceIDs", + "schema": { + "description": "Scopes the query by resource ID.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Scopes the query by cloud region.\n", + "in": "query", + "name": "region", + "schema": { + "description": "Scopes the query by cloud region.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Retrieves the fields that you need in a report.\nUse the list of fields you want to retrieve. By default, the result shows all fields of data.\n", + "in": "query", + "name": "fields", + "schema": { + "description": "Retrieves the fields that you need in a report.\nUse the list of fields you want to retrieve. By default, the result shows all fields of data.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "IDs is the runtime profile id filter.\n", + "in": "query", + "name": "id", + "schema": { + "description": "IDs is the runtime profile id filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "OS is the service runtime profile OS filter.\n", + "in": "query", + "name": "os", + "schema": { + "description": "OS is the service runtime profile OS filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "States is the runtime profile state filter.\n", + "in": "query", + "name": "state", + "schema": { + "description": "States is the runtime profile state filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "ImageIDs is the runtime profile image id filter.\n", + "in": "query", + "name": "imageID", + "schema": { + "description": "ImageIDs is the runtime profile image id filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Images is the runtime profile image filter.\n", + "in": "query", + "name": "image", + "schema": { + "description": "Images is the runtime profile image filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Hosts is the runtime profile hostname filter.\n", + "in": "query", + "name": "hostName", + "schema": { + "description": "Hosts is the runtime profile hostname filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Namespaces is the runtime profile k8s namespace filter.\n", + "in": "query", + "name": "namespace", + "schema": { + "description": "Namespaces is the runtime profile k8s namespace filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Clusters is the runtime profile k8s cluster filter.\n", + "in": "query", + "name": "cluster", + "schema": { + "description": "Clusters is the runtime profile k8s cluster filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + } + ], + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/-_runtime.HostProfile" + } + } + }, + "description": "" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Profiles" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorRuntimeHosts", + "saas": true, + "self-hosted": true + }, + "x-public": true, + "operationId": "get-profiles-host", + "summary": "Get Runtime Host Profiles" + } + }, + "/api/v30.03/profiles/host/download": { + "get": { + "description": { + "$ref": "https://raw.githubusercontent.com/PaloAltoNetworks/prisma-cloud-docs/master/api/descriptions/profiles/host_download_get.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Number of reports to retrieve in a page.\nFor PCCE, the maximum limit is 250.\nFor PCEE, the maximum limit is 50.\nThe default value is 50.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Retrieves the result for a search term.\n", + "in": "query", + "name": "search", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result using a key.\nRefer to the columns in the relevant Prisma Cloud Compute user interface to use them as sort keys.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": "Filters the result based on collection names that you have defined in Prisma Cloud Compute.\n", + "in": "query", + "name": "collections", + "schema": { + "description": "Filters the result based on collection names that you have defined in Prisma Cloud Compute.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Scopes the query by cloud provider.\n", + "in": "query", + "name": "provider", + "schema": { + "description": "Scopes the query by cloud provider.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters the result based on cloud account IDs.\n", + "in": "query", + "name": "accountIDs", + "schema": { + "description": "Filters the result based on cloud account IDs.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Scopes the query by resource ID.\n", + "in": "query", + "name": "resourceIDs", + "schema": { + "description": "Scopes the query by resource ID.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Scopes the query by cloud region.\n", + "in": "query", + "name": "region", + "schema": { + "description": "Scopes the query by cloud region.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Retrieves the fields that you need in a report.\nUse the list of fields you want to retrieve. By default, the result shows all fields of data.\n", + "in": "query", + "name": "fields", + "schema": { + "description": "Retrieves the fields that you need in a report.\nUse the list of fields you want to retrieve. By default, the result shows all fields of data.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "IDs is the runtime profile id filter.\n", + "in": "query", + "name": "id", + "schema": { + "description": "IDs is the runtime profile id filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "OS is the service runtime profile OS filter.\n", + "in": "query", + "name": "os", + "schema": { + "description": "OS is the service runtime profile OS filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "States is the runtime profile state filter.\n", + "in": "query", + "name": "state", + "schema": { + "description": "States is the runtime profile state filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "ImageIDs is the runtime profile image id filter.\n", + "in": "query", + "name": "imageID", + "schema": { + "description": "ImageIDs is the runtime profile image id filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Images is the runtime profile image filter.\n", + "in": "query", + "name": "image", + "schema": { + "description": "Images is the runtime profile image filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Hosts is the runtime profile hostname filter.\n", + "in": "query", + "name": "hostName", + "schema": { + "description": "Hosts is the runtime profile hostname filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Namespaces is the runtime profile k8s namespace filter.\n", + "in": "query", + "name": "namespace", + "schema": { + "description": "Namespaces is the runtime profile k8s namespace filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Clusters is the runtime profile k8s cluster filter.\n", + "in": "query", + "name": "cluster", + "schema": { + "description": "Clusters is the runtime profile k8s cluster filter.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + } + ], + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Profiles" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorRuntimeHosts", + "saas": true, + "self-hosted": true + }, + "x-public": true, + "operationId": "get-profiles-host-download", + "summary": "Download Runtime Host Profiles" + } + }, + "/api/v30.03/registry": { + "get": { + "description": { + "$ref": "https://raw.githubusercontent.com/PaloAltoNetworks/prisma-cloud-docs/master/api/descriptions/registry/get.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Number of reports to retrieve in a page.\nFor PCCE, the maximum limit is 250.\nFor PCEE, the maximum limit is 50.\nThe default value is 50.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Retrieves the result for a search term.\n", + "in": "query", + "name": "search", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result using a key.\nRefer to the columns in the relevant Prisma Cloud Compute user interface to use them as sort keys.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": "Filters the result based on collection names that you have defined in Prisma Cloud Compute.\n", + "in": "query", + "name": "collections", + "schema": { + "description": "Filters the result based on collection names that you have defined in Prisma Cloud Compute.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Scopes the query by cloud provider.\n", + "in": "query", + "name": "provider", + "schema": { + "description": "Scopes the query by cloud provider.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters the result based on cloud account IDs.\n", + "in": "query", + "name": "accountIDs", + "schema": { + "description": "Filters the result based on cloud account IDs.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Scopes the query by resource ID.\n", + "in": "query", + "name": "resourceIDs", + "schema": { + "description": "Scopes the query by resource ID.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Scopes the query by cloud region.\n", + "in": "query", + "name": "region", + "schema": { + "description": "Scopes the query by cloud region.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Retrieves the fields that you need in a report.\nUse the list of fields you want to retrieve. By default, the result shows all fields of data.\n", + "in": "query", + "name": "fields", + "schema": { + "description": "Retrieves the fields that you need in a report.\nUse the list of fields you want to retrieve. By default, the result shows all fields of data.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters results by registry image.\n", + "in": "query", + "name": "id", + "schema": { + "description": "Filters results by registry image.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters the result by image IDs that are available in daemonset.\n", + "in": "query", + "name": "imageID", + "schema": { + "description": "Filters the result by image IDs that are available in daemonset.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters the result based on image repository names.\n", + "in": "query", + "name": "repository", + "schema": { + "description": "Filters the result based on image repository names.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters the result based on image registry names.\n", + "in": "query", + "name": "registry", + "schema": { + "description": "Filters the result based on image registry names.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters the result based on full image names.\n", + "in": "query", + "name": "name", + "schema": { + "description": "Filters the result based on full image names.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Indicates whether the CVEs are mapped to an image layer.\nDefault is false.\n", + "in": "query", + "name": "layers", + "schema": { + "type": "boolean" + } + }, + { + "description": "Provides the minimal image data. Information about vulnerabilities, compliance, and extended image metadata are skipped.\nDefault is false.\n", + "in": "query", + "name": "compact", + "schema": { + "type": "boolean" + } + }, + { + "description": "Indicates whether to filter the base image for vulnerabilities. Requires predefined base images that have already been scanned.\nDefault is false.\n", + "in": "query", + "name": "filterBaseImage", + "schema": { + "type": "boolean" + } + }, + { + "description": "Retrieves the result in the normalized form of low, medium, high, and critical based on vulnerability's severity level.\nDefault is false.\n", + "in": "query", + "name": "normalizedSeverity", + "schema": { + "type": "boolean" + } + } + ], + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/-_shared.ImageScanResult" + } + } + }, + "description": "" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Registry" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorImages", + "saas": true, + "self-hosted": true + }, + "x-public": true, + "operationId": "get-registry", + "summary": "Get Registry Scan Results" + } + }, + "/api/v30.03/registry/download": { + "get": { + "description": { + "$ref": "https://raw.githubusercontent.com/PaloAltoNetworks/prisma-cloud-docs/master/api/descriptions/registry/download_get.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Number of reports to retrieve in a page.\nFor PCCE, the maximum limit is 250.\nFor PCEE, the maximum limit is 50.\nThe default value is 50.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Retrieves the result for a search term.\n", + "in": "query", + "name": "search", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result using a key.\nRefer to the columns in the relevant Prisma Cloud Compute user interface to use them as sort keys.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": "Filters the result based on collection names that you have defined in Prisma Cloud Compute.\n", + "in": "query", + "name": "collections", + "schema": { + "description": "Filters the result based on collection names that you have defined in Prisma Cloud Compute.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Scopes the query by cloud provider.\n", + "in": "query", + "name": "provider", + "schema": { + "description": "Scopes the query by cloud provider.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters the result based on cloud account IDs.\n", + "in": "query", + "name": "accountIDs", + "schema": { + "description": "Filters the result based on cloud account IDs.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Scopes the query by resource ID.\n", + "in": "query", + "name": "resourceIDs", + "schema": { + "description": "Scopes the query by resource ID.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Scopes the query by cloud region.\n", + "in": "query", + "name": "region", + "schema": { + "description": "Scopes the query by cloud region.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Retrieves the fields that you need in a report.\nUse the list of fields you want to retrieve. By default, the result shows all fields of data.\n", + "in": "query", + "name": "fields", + "schema": { + "description": "Retrieves the fields that you need in a report.\nUse the list of fields you want to retrieve. By default, the result shows all fields of data.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters results by registry image.\n", + "in": "query", + "name": "id", + "schema": { + "description": "Filters results by registry image.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters the result by image IDs that are available in daemonset.\n", + "in": "query", + "name": "imageID", + "schema": { + "description": "Filters the result by image IDs that are available in daemonset.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters the result based on image repository names.\n", + "in": "query", + "name": "repository", + "schema": { + "description": "Filters the result based on image repository names.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters the result based on image registry names.\n", + "in": "query", + "name": "registry", + "schema": { + "description": "Filters the result based on image registry names.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters the result based on full image names.\n", + "in": "query", + "name": "name", + "schema": { + "description": "Filters the result based on full image names.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Indicates whether the CVEs are mapped to an image layer.\nDefault is false.\n", + "in": "query", + "name": "layers", + "schema": { + "type": "boolean" + } + }, + { + "description": "Provides the minimal image data. Information about vulnerabilities, compliance, and extended image metadata are skipped.\nDefault is false.\n", + "in": "query", + "name": "compact", + "schema": { + "type": "boolean" + } + }, + { + "description": "Indicates whether to filter the base image for vulnerabilities. Requires predefined base images that have already been scanned.\nDefault is false.\n", + "in": "query", + "name": "filterBaseImage", + "schema": { + "type": "boolean" + } + }, + { + "description": "Retrieves the result in the normalized form of low, medium, high, and critical based on vulnerability's severity level.\nDefault is false.\n", + "in": "query", + "name": "normalizedSeverity", + "schema": { + "type": "boolean" + } + } + ], + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Registry" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorImages", + "saas": true, + "self-hosted": true + }, + "x-public": true, + "operationId": "get-registry-download", + "summary": "Download Registry Scan Results" + } + }, + "/api/v30.03/registry/names": { + "get": { + "description": { + "$ref": "https://raw.githubusercontent.com/PaloAltoNetworks/prisma-cloud-docs/master/api/descriptions/registry/names_get.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Number of reports to retrieve in a page.\nFor PCCE, the maximum limit is 250.\nFor PCEE, the maximum limit is 50.\nThe default value is 50.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Retrieves the result for a search term.\n", + "in": "query", + "name": "search", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result using a key.\nRefer to the columns in the relevant Prisma Cloud Compute user interface to use them as sort keys.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": "Filters the result based on collection names that you have defined in Prisma Cloud Compute.\n", + "in": "query", + "name": "collections", + "schema": { + "description": "Filters the result based on collection names that you have defined in Prisma Cloud Compute.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Scopes the query by cloud provider.\n", + "in": "query", + "name": "provider", + "schema": { + "description": "Scopes the query by cloud provider.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters the result based on cloud account IDs.\n", + "in": "query", + "name": "accountIDs", + "schema": { + "description": "Filters the result based on cloud account IDs.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Scopes the query by resource ID.\n", + "in": "query", + "name": "resourceIDs", + "schema": { + "description": "Scopes the query by resource ID.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Scopes the query by cloud region.\n", + "in": "query", + "name": "region", + "schema": { + "description": "Scopes the query by cloud region.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Retrieves the fields that you need in a report.\nUse the list of fields you want to retrieve. By default, the result shows all fields of data.\n", + "in": "query", + "name": "fields", + "schema": { + "description": "Retrieves the fields that you need in a report.\nUse the list of fields you want to retrieve. By default, the result shows all fields of data.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters results by registry image.\n", + "in": "query", + "name": "id", + "schema": { + "description": "Filters results by registry image.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters the result by image IDs that are available in daemonset.\n", + "in": "query", + "name": "imageID", + "schema": { + "description": "Filters the result by image IDs that are available in daemonset.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters the result based on image repository names.\n", + "in": "query", + "name": "repository", + "schema": { + "description": "Filters the result based on image repository names.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters the result based on image registry names.\n", + "in": "query", + "name": "registry", + "schema": { + "description": "Filters the result based on image registry names.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters the result based on full image names.\n", + "in": "query", + "name": "name", + "schema": { + "description": "Filters the result based on full image names.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Indicates whether the CVEs are mapped to an image layer.\nDefault is false.\n", + "in": "query", + "name": "layers", + "schema": { + "type": "boolean" + } + }, + { + "description": "Provides the minimal image data. Information about vulnerabilities, compliance, and extended image metadata are skipped.\nDefault is false.\n", + "in": "query", + "name": "compact", + "schema": { + "type": "boolean" + } + }, + { + "description": "Indicates whether to filter the base image for vulnerabilities. Requires predefined base images that have already been scanned.\nDefault is false.\n", + "in": "query", + "name": "filterBaseImage", + "schema": { + "type": "boolean" + } + }, + { + "description": "Retrieves the result in the normalized form of low, medium, high, and critical based on vulnerability's severity level.\nDefault is false.\n", + "in": "query", + "name": "normalizedSeverity", + "schema": { + "type": "boolean" + } + } + ], + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/-_string" + } + } + }, + "description": "" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Registry" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorImages", + "saas": true, + "self-hosted": true + }, + "x-public": true, + "operationId": "get-registry-names", + "summary": "Get Registry Image Names" + } + }, + "/api/v30.03/registry/progress": { + "get": { + "description": { + "$ref": "https://raw.githubusercontent.com/PaloAltoNetworks/prisma-cloud-docs/master/api/descriptions/registry/get_registry_progress.md" + }, + "parameters": [ + { + "description": "OnDemand indicates the requested progress is for an on-demand scan.\n", + "in": "query", + "name": "onDemand", + "schema": { + "type": "boolean" + } + }, + { + "description": "Registry is the image's registry.\n", + "in": "query", + "name": "registry", + "schema": { + "type": "string" + } + }, + { + "description": "Repository is the image's repository.\n", + "in": "query", + "name": "repo", + "schema": { + "type": "string" + } + }, + { + "description": "Tag is the image's tag.\n", + "in": "query", + "name": "tag", + "schema": { + "type": "string" + } + }, + { + "description": "Digest is the image's digest.\n", + "in": "query", + "name": "digest", + "schema": { + "type": "string" + } + } + ], + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/-_shared.RegistryScanProgress" + } + } + }, + "description": "" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Registry" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorImages", + "saas": true, + "self-hosted": true + }, + "x-public": true, + "operationId": "get-registry-progress", + "summary": "View Registry Scan Progress" + } + }, + "/api/v30.03/registry/scan": { + "post": { + "description": { + "$ref": "https://raw.githubusercontent.com/PaloAltoNetworks/prisma-cloud-docs/master/api/descriptions/registry/scan_post.md" + }, + "requestBody": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/shared.RegistryScanRequest" + } + } + } + }, + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Registry" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorImages", + "saas": true, + "self-hosted": true + }, + "x-public": true, + "operationId": "post-registry-scan", + "summary": "Start a Registry Scan" + } + }, + "/api/v30.03/registry/stop": { + "post": { + "description": { + "$ref": "https://raw.githubusercontent.com/PaloAltoNetworks/prisma-cloud-docs/master/api/descriptions/registry/stop_post.md" + }, + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Registry" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorImages", + "saas": true, + "self-hosted": true + }, + "x-public": true, + "operationId": "post-registry-stop", + "summary": "Stop a Registry Scan" + } + }, + "/api/v30.03/sandbox": { + "post": { + "description": "AddSandboxScanResult adds a sandbox scan result, the scan is augmented with geolocation data and returned to the client\n", + "requestBody": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/sandbox.ScanResult" + } + } + } + }, + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/sandbox.ScanResult" + } + } + }, + "description": "ScanResult represents sandbox scan results" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Sandbox" + ], + "x-prisma-cloud-target-env": { + "permission": "sandbox", + "saas": true, + "self-hosted": true + }, + "x-public": true, + "operationId": "post-sandbox", + "summary": " Add Sandbox Scan Result" + } + }, + "/api/v30.03/scans": { + "get": { + "description": { + "$ref": "https://raw.githubusercontent.com/PaloAltoNetworks/prisma-cloud-docs/master/api/descriptions/scans/get.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Number of reports to retrieve in a page.\nFor PCCE, the maximum limit is 250.\nFor PCEE, the maximum limit is 50.\nThe default value is 50.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Retrieves the result for a search term.\n", + "in": "query", + "name": "search", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result using a key.\nRefer to the columns in the relevant Prisma Cloud Compute user interface to use them as sort keys.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": "Filters the result based on collection names that you have defined in Prisma Cloud Compute.\n", + "in": "query", + "name": "collections", + "schema": { + "description": "Filters the result based on collection names that you have defined in Prisma Cloud Compute.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Scopes the query by cloud provider.\n", + "in": "query", + "name": "provider", + "schema": { + "description": "Scopes the query by cloud provider.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters the result based on cloud account IDs.\n", + "in": "query", + "name": "accountIDs", + "schema": { + "description": "Filters the result based on cloud account IDs.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Scopes the query by resource ID.\n", + "in": "query", + "name": "resourceIDs", + "schema": { + "description": "Scopes the query by resource ID.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Scopes the query by cloud region.\n", + "in": "query", + "name": "region", + "schema": { + "description": "Scopes the query by cloud region.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Retrieves the fields that you need in a report.\nUse the list of fields you want to retrieve. By default, the result shows all fields of data.\n", + "in": "query", + "name": "fields", + "schema": { + "description": "Retrieves the fields that you need in a report.\nUse the list of fields you want to retrieve. By default, the result shows all fields of data.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Scan ID used in the image layers fetch.\n", + "in": "query", + "name": "_id", + "schema": { + "type": "string" + } + }, + { + "description": "Jenkins job name.\n", + "in": "query", + "name": "jobName", + "schema": { + "description": "Jenkins job name.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Scan type.\n", + "in": "query", + "name": "type", + "schema": { + "description": "Scan type.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Indicates whether to filter on passed scans (true) or not (false).\n", + "in": "query", + "name": "pass", + "schema": { + "type": "boolean" + } + }, + { + "description": "Build number.\n", + "in": "query", + "name": "build", + "schema": { + "type": "string" + } + }, + { + "description": "Image ID of scanned image.\n", + "in": "query", + "name": "imageID", + "schema": { + "type": "string" + } + }, + { + "description": "Indicates if CVEs are mapped to image layer (true) or not (false).\n", + "in": "query", + "name": "layers", + "schema": { + "type": "boolean" + } + }, + { + "description": "Filters results by start datetime. Based on scan time.\n", + "in": "query", + "name": "from", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "Filters results by end datetime. Based on scan time.\n", + "in": "query", + "name": "to", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "Indicates if base image vulnerabilities are to be filtered (true) or not (false). Requires predefined base images that have already been scanned.\n", + "in": "query", + "name": "filterBaseImage", + "schema": { + "type": "boolean" + } + } + ], + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/-_shared.CLIScanResult" + } + } + }, + "description": "" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Scans" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorCI", + "saas": true, + "self-hosted": true + }, + "x-public": true, + "operationId": "get-scans", + "summary": "Get All CI Image Scan Results" + }, + "post": { + "description": "AddCLIScanResult adds a CLI scan result\n", + "requestBody": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/shared.CLIScanResult" + } + } + } + }, + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Scans" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorCI", + "saas": true, + "self-hosted": true + }, + "x-public": true, + "operationId": "post-scans", + "summary": " Add CLI Scan Result" + } + }, + "/api/v30.03/scans/download": { + "get": { + "description": { + "$ref": "https://raw.githubusercontent.com/PaloAltoNetworks/prisma-cloud-docs/master/api/descriptions/scans/download_get.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Number of reports to retrieve in a page.\nFor PCCE, the maximum limit is 250.\nFor PCEE, the maximum limit is 50.\nThe default value is 50.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Retrieves the result for a search term.\n", + "in": "query", + "name": "search", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result using a key.\nRefer to the columns in the relevant Prisma Cloud Compute user interface to use them as sort keys.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": "Filters the result based on collection names that you have defined in Prisma Cloud Compute.\n", + "in": "query", + "name": "collections", + "schema": { + "description": "Filters the result based on collection names that you have defined in Prisma Cloud Compute.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Scopes the query by cloud provider.\n", + "in": "query", + "name": "provider", + "schema": { + "description": "Scopes the query by cloud provider.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters the result based on cloud account IDs.\n", + "in": "query", + "name": "accountIDs", + "schema": { + "description": "Filters the result based on cloud account IDs.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Scopes the query by resource ID.\n", + "in": "query", + "name": "resourceIDs", + "schema": { + "description": "Scopes the query by resource ID.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Scopes the query by cloud region.\n", + "in": "query", + "name": "region", + "schema": { + "description": "Scopes the query by cloud region.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Retrieves the fields that you need in a report.\nUse the list of fields you want to retrieve. By default, the result shows all fields of data.\n", + "in": "query", + "name": "fields", + "schema": { + "description": "Retrieves the fields that you need in a report.\nUse the list of fields you want to retrieve. By default, the result shows all fields of data.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Scan ID used in the image layers fetch.\n", + "in": "query", + "name": "_id", + "schema": { + "type": "string" + } + }, + { + "description": "Jenkins job name.\n", + "in": "query", + "name": "jobName", + "schema": { + "description": "Jenkins job name.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Scan type.\n", + "in": "query", + "name": "type", + "schema": { + "description": "Scan type.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Indicates whether to filter on passed scans (true) or not (false).\n", + "in": "query", + "name": "pass", + "schema": { + "type": "boolean" + } + }, + { + "description": "Build number.\n", + "in": "query", + "name": "build", + "schema": { + "type": "string" + } + }, + { + "description": "Image ID of scanned image.\n", + "in": "query", + "name": "imageID", + "schema": { + "type": "string" + } + }, + { + "description": "Indicates if CVEs are mapped to image layer (true) or not (false).\n", + "in": "query", + "name": "layers", + "schema": { + "type": "boolean" + } + }, + { + "description": "Filters results by start datetime. Based on scan time.\n", + "in": "query", + "name": "from", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "Filters results by end datetime. Based on scan time.\n", + "in": "query", + "name": "to", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "Indicates if base image vulnerabilities are to be filtered (true) or not (false). Requires predefined base images that have already been scanned.\n", + "in": "query", + "name": "filterBaseImage", + "schema": { + "type": "boolean" + } + } + ], + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Scans" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorCI", + "saas": true, + "self-hosted": true + }, + "x-public": true, + "operationId": "get-scans-download", + "summary": "Download CI Image Scan Results" + } + }, + "/api/v30.03/scans/{id}": { + "get": { + "description": { + "$ref": "https://raw.githubusercontent.com/PaloAltoNetworks/prisma-cloud-docs/master/api/descriptions/scans/id_get.md" + }, + "parameters": [ + { + "in": "path", + "name": "id", + "required": true, + "schema": { + "type": "string" + } + } + ], + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Scans" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorCI", + "saas": true, + "self-hosted": true + }, + "x-public": true, + "operationId": "get-scans-id", + "summary": "Get CI Image Scan Results" + } + }, + "/api/v30.03/serverless": { + "get": { + "description": { + "$ref": "https://raw.githubusercontent.com/PaloAltoNetworks/prisma-cloud-docs/master/api/descriptions/serverless/get.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Number of reports to retrieve in a page.\nFor PCCE, the maximum limit is 250.\nFor PCEE, the maximum limit is 50.\nThe default value is 50.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Retrieves the result for a search term.\n", + "in": "query", + "name": "search", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result using a key.\nRefer to the columns in the relevant Prisma Cloud Compute user interface to use them as sort keys.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": "Filters the result based on collection names that you have defined in Prisma Cloud Compute.\n", + "in": "query", + "name": "collections", + "schema": { + "description": "Filters the result based on collection names that you have defined in Prisma Cloud Compute.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Scopes the query by cloud provider.\n", + "in": "query", + "name": "provider", + "schema": { + "description": "Scopes the query by cloud provider.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters the result based on cloud account IDs.\n", + "in": "query", + "name": "accountIDs", + "schema": { + "description": "Filters the result based on cloud account IDs.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Scopes the query by resource ID.\n", + "in": "query", + "name": "resourceIDs", + "schema": { + "description": "Scopes the query by resource ID.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Scopes the query by cloud region.\n", + "in": "query", + "name": "region", + "schema": { + "description": "Scopes the query by cloud region.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Retrieves the fields that you need in a report.\nUse the list of fields you want to retrieve. By default, the result shows all fields of data.\n", + "in": "query", + "name": "fields", + "schema": { + "description": "Retrieves the fields that you need in a report.\nUse the list of fields you want to retrieve. By default, the result shows all fields of data.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Retrieves a list of cloud function IDs.\n", + "in": "query", + "name": "id", + "schema": { + "description": "Retrieves a list of cloud function IDs.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Retrieves a list of cloud controller addresses that contains the cloud functions.\n", + "in": "query", + "name": "cloudControllerAddresses", + "schema": { + "description": "Retrieves a list of cloud controller addresses that contains the cloud functions.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters the result based on cloud runtimes.\n", + "in": "query", + "name": "runtime", + "schema": { + "description": "Filters the result based on cloud runtimes.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters the result based on cloud function's versions.\n", + "in": "query", + "name": "version", + "schema": { + "description": "Filters the result based on cloud function's versions.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters the result based on AWS Lambda Layers.\n", + "in": "query", + "name": "functionLayers", + "schema": { + "description": "Filters the result based on AWS Lambda Layers.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters result based on cloud functions that are connected and protected by a Defender.\n", + "in": "query", + "name": "defended", + "schema": { + "type": "boolean" + } + }, + { + "description": "Filters result based on compliance IDs.\n", + "in": "query", + "name": "complianceIDs", + "schema": { + "description": "Filters result based on compliance IDs.\n", + "items": { + "$ref": "#/components/schemas/int" + }, + "type": "array" + } + }, + { + "description": "Filters result based on platforms (OS and architecture) such as Windows, Linux ARM x64, Linux x86, and so on.\n", + "in": "query", + "name": "platform", + "schema": { + "description": "Filters result based on platforms (OS and architecture) such as Windows, Linux ARM x64, Linux x86, and so on.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Retrieves the result in the normalized form of low, medium, high, and critical based on vulnerability's severity level.\nDefault is false.\n", + "in": "query", + "name": "normalizedSeverity", + "schema": { + "type": "boolean" + } + } + ], + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/-_serverless.FunctionInfo" + } + } + }, + "description": "" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Serverless" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorServerless", + "saas": true, + "self-hosted": true + }, + "x-public": true, + "operationId": "get-serverless", + "summary": "Get Serverless Function Scan Results" + } + }, + "/api/v30.03/serverless/download": { + "get": { + "description": { + "$ref": "https://raw.githubusercontent.com/PaloAltoNetworks/prisma-cloud-docs/master/api/descriptions/serverless/download_get.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Number of reports to retrieve in a page.\nFor PCCE, the maximum limit is 250.\nFor PCEE, the maximum limit is 50.\nThe default value is 50.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Retrieves the result for a search term.\n", + "in": "query", + "name": "search", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result using a key.\nRefer to the columns in the relevant Prisma Cloud Compute user interface to use them as sort keys.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": "Filters the result based on collection names that you have defined in Prisma Cloud Compute.\n", + "in": "query", + "name": "collections", + "schema": { + "description": "Filters the result based on collection names that you have defined in Prisma Cloud Compute.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Scopes the query by cloud provider.\n", + "in": "query", + "name": "provider", + "schema": { + "description": "Scopes the query by cloud provider.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters the result based on cloud account IDs.\n", + "in": "query", + "name": "accountIDs", + "schema": { + "description": "Filters the result based on cloud account IDs.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Scopes the query by resource ID.\n", + "in": "query", + "name": "resourceIDs", + "schema": { + "description": "Scopes the query by resource ID.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Scopes the query by cloud region.\n", + "in": "query", + "name": "region", + "schema": { + "description": "Scopes the query by cloud region.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Retrieves the fields that you need in a report.\nUse the list of fields you want to retrieve. By default, the result shows all fields of data.\n", + "in": "query", + "name": "fields", + "schema": { + "description": "Retrieves the fields that you need in a report.\nUse the list of fields you want to retrieve. By default, the result shows all fields of data.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Retrieves a list of cloud function IDs.\n", + "in": "query", + "name": "id", + "schema": { + "description": "Retrieves a list of cloud function IDs.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Retrieves a list of cloud controller addresses that contains the cloud functions.\n", + "in": "query", + "name": "cloudControllerAddresses", + "schema": { + "description": "Retrieves a list of cloud controller addresses that contains the cloud functions.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters the result based on cloud runtimes.\n", + "in": "query", + "name": "runtime", + "schema": { + "description": "Filters the result based on cloud runtimes.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters the result based on cloud function's versions.\n", + "in": "query", + "name": "version", + "schema": { + "description": "Filters the result based on cloud function's versions.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters the result based on AWS Lambda Layers.\n", + "in": "query", + "name": "functionLayers", + "schema": { + "description": "Filters the result based on AWS Lambda Layers.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters result based on cloud functions that are connected and protected by a Defender.\n", + "in": "query", + "name": "defended", + "schema": { + "type": "boolean" + } + }, + { + "description": "Filters result based on compliance IDs.\n", + "in": "query", + "name": "complianceIDs", + "schema": { + "description": "Filters result based on compliance IDs.\n", + "items": { + "$ref": "#/components/schemas/int" + }, + "type": "array" + } + }, + { + "description": "Filters result based on platforms (OS and architecture) such as Windows, Linux ARM x64, Linux x86, and so on.\n", + "in": "query", + "name": "platform", + "schema": { + "description": "Filters result based on platforms (OS and architecture) such as Windows, Linux ARM x64, Linux x86, and so on.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Retrieves the result in the normalized form of low, medium, high, and critical based on vulnerability's severity level.\nDefault is false.\n", + "in": "query", + "name": "normalizedSeverity", + "schema": { + "type": "boolean" + } + } + ], + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Serverless" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorServerless", + "saas": true, + "self-hosted": true + }, + "x-public": true, + "operationId": "get-serverless-download", + "summary": "Download Serverless Function Scan Results" + } + }, + "/api/v30.03/serverless/evaluate": { + "post": { + "description": "ResolveFunctions adds vulnerability data for the given functions\n", + "requestBody": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/api.ResolveFunctionsReq" + } + } + } + }, + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/api.ResolveFunctionsResp" + } + } + }, + "description": "ResolveFunctionsResp represents the functions resolution API output" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Serverless" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorCI", + "saas": true, + "self-hosted": true + }, + "x-public": true, + "operationId": "post-serverless-evaluate", + "summary": " Resolve Functions" + } + }, + "/api/v30.03/serverless/names": { + "get": { + "description": { + "$ref": "https://raw.githubusercontent.com/PaloAltoNetworks/prisma-cloud-docs/master/api/descriptions/serverless/names_get.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Number of reports to retrieve in a page.\nFor PCCE, the maximum limit is 250.\nFor PCEE, the maximum limit is 50.\nThe default value is 50.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Retrieves the result for a search term.\n", + "in": "query", + "name": "search", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result using a key.\nRefer to the columns in the relevant Prisma Cloud Compute user interface to use them as sort keys.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": "Filters the result based on collection names that you have defined in Prisma Cloud Compute.\n", + "in": "query", + "name": "collections", + "schema": { + "description": "Filters the result based on collection names that you have defined in Prisma Cloud Compute.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Scopes the query by cloud provider.\n", + "in": "query", + "name": "provider", + "schema": { + "description": "Scopes the query by cloud provider.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters the result based on cloud account IDs.\n", + "in": "query", + "name": "accountIDs", + "schema": { + "description": "Filters the result based on cloud account IDs.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Scopes the query by resource ID.\n", + "in": "query", + "name": "resourceIDs", + "schema": { + "description": "Scopes the query by resource ID.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Scopes the query by cloud region.\n", + "in": "query", + "name": "region", + "schema": { + "description": "Scopes the query by cloud region.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Retrieves the fields that you need in a report.\nUse the list of fields you want to retrieve. By default, the result shows all fields of data.\n", + "in": "query", + "name": "fields", + "schema": { + "description": "Retrieves the fields that you need in a report.\nUse the list of fields you want to retrieve. By default, the result shows all fields of data.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Retrieves a list of cloud function IDs.\n", + "in": "query", + "name": "id", + "schema": { + "description": "Retrieves a list of cloud function IDs.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Retrieves a list of cloud controller addresses that contains the cloud functions.\n", + "in": "query", + "name": "cloudControllerAddresses", + "schema": { + "description": "Retrieves a list of cloud controller addresses that contains the cloud functions.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters the result based on cloud runtimes.\n", + "in": "query", + "name": "runtime", + "schema": { + "description": "Filters the result based on cloud runtimes.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters the result based on cloud function's versions.\n", + "in": "query", + "name": "version", + "schema": { + "description": "Filters the result based on cloud function's versions.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters the result based on AWS Lambda Layers.\n", + "in": "query", + "name": "functionLayers", + "schema": { + "description": "Filters the result based on AWS Lambda Layers.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters result based on cloud functions that are connected and protected by a Defender.\n", + "in": "query", + "name": "defended", + "schema": { + "type": "boolean" + } + }, + { + "description": "Filters result based on compliance IDs.\n", + "in": "query", + "name": "complianceIDs", + "schema": { + "description": "Filters result based on compliance IDs.\n", + "items": { + "$ref": "#/components/schemas/int" + }, + "type": "array" + } + }, + { + "description": "Filters result based on platforms (OS and architecture) such as Windows, Linux ARM x64, Linux x86, and so on.\n", + "in": "query", + "name": "platform", + "schema": { + "description": "Filters result based on platforms (OS and architecture) such as Windows, Linux ARM x64, Linux x86, and so on.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Retrieves the result in the normalized form of low, medium, high, and critical based on vulnerability's severity level.\nDefault is false.\n", + "in": "query", + "name": "normalizedSeverity", + "schema": { + "type": "boolean" + } + } + ], + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/-_string" + } + } + }, + "description": "" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Serverless" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorServerless", + "saas": true, + "self-hosted": true + }, + "x-public": true, + "operationId": "get-serverless-names", + "summary": "Get Serverless Function Names" + } + }, + "/api/v30.03/serverless/scan": { + "post": { + "description": { + "$ref": "https://raw.githubusercontent.com/PaloAltoNetworks/prisma-cloud-docs/master/api/descriptions/serverless/scan_post.md" + }, + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Serverless" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorServerless", + "saas": true, + "self-hosted": true + }, + "x-public": true, + "operationId": "post-serverless-scan", + "summary": "Start Serverless Function Scan" + } + }, + "/api/v30.03/serverless/stop": { + "post": { + "description": { + "$ref": "https://raw.githubusercontent.com/PaloAltoNetworks/prisma-cloud-docs/master/api/descriptions/serverless/stop_post.md" + }, + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Serverless" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorServerless", + "saas": true, + "self-hosted": true + }, + "x-public": true, + "operationId": "post-serverless-stop", + "summary": "Stop Serverless Function Scan" + } + }, + "/api/v30.03/settings/certificates": { + "post": { + "description": { + "$ref": "https://raw.githubusercontent.com/PaloAltoNetworks/prisma-cloud-docs/master/api/descriptions/settings/certificates_post.md" + }, + "requestBody": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/types.CertificateSettings" + } + } + } + }, + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Settings" + ], + "x-prisma-cloud-target-env": { + "permission": "authConfiguration", + "saas": false, + "self-hosted": true + }, + "x-public": true, + "operationId": "post-settings-certificates", + "summary": "Add Certificate Settings for Clients Accessing a Custom CA" + } + }, + "/api/v30.03/settings/certs": { + "get": { + "description": { + "$ref": "https://raw.githubusercontent.com/PaloAltoNetworks/prisma-cloud-docs/master/api/descriptions/settings/certs_get.md" + }, + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/types.CertSettings" + } + } + }, + "description": "CertSettings are the certificates settings" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Settings" + ], + "x-prisma-cloud-target-env": { + "permission": "manageDefenders", + "saas": true, + "self-hosted": true + }, + "x-public": true, + "operationId": "get-settings-certs", + "summary": "Get Certificate Settings for Prisma Cloud Compute" + }, + "post": { + "description": { + "$ref": "https://raw.githubusercontent.com/PaloAltoNetworks/prisma-cloud-docs/master/api/descriptions/settings/certs_post.md" + }, + "requestBody": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/types.CertSettings" + } + } + } + }, + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Settings" + ], + "x-prisma-cloud-target-env": { + "permission": "manageDefenders", + "saas": false, + "self-hosted": true + }, + "x-public": true, + "operationId": "post-settings-certs", + "summary": "Add Certificate Settings for Prisma Cloud Compute" + } + }, + "/api/v30.03/settings/coderepos": { + "get": { + "description": { + "$ref": "https://raw.githubusercontent.com/PaloAltoNetworks/prisma-cloud-docs/master/api/descriptions/settings/coderepos_get.md" + }, + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/shared.CodeRepoSettings" + } + } + }, + "description": "CodeRepoSettings is the settings for scanning remote code repositories" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Settings" + ], + "x-prisma-cloud-target-env": { + "permission": "policyCodeRepos", + "saas": true, + "self-hosted": true + }, + "x-public": true, + "operationId": "get-settings-coderepos", + "summary": "Get Code Repository Settings" + }, + "put": { + "description": { + "$ref": "https://raw.githubusercontent.com/PaloAltoNetworks/prisma-cloud-docs/master/api/descriptions/settings/coderepos_put.md" + }, + "requestBody": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/-_shared.CodeRepoSpecification" + } + } + } + }, + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Settings" + ], + "x-prisma-cloud-target-env": { + "permission": "policyCodeRepos", + "saas": true, + "self-hosted": true + }, + "x-public": true, + "operationId": "put-settings-coderepos", + "summary": "Update Code Repository Settings" + } + }, + "/api/v30.03/settings/console-certificate": { + "post": { + "description": "SetConsoleCertificateSettings sets the console certificate settings\n", + "requestBody": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/types.ConsoleCertificateSettings" + } + } + } + }, + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Settings" + ], + "x-prisma-cloud-target-env": { + "permission": "authConfiguration", + "saas": false, + "self-hosted": true + }, + "x-public": true, + "operationId": "post-settings-console-certificate", + "summary": " Set Console Certificate Settings" + } + }, + "/api/v30.03/settings/custom-labels": { + "get": { + "description": { + "$ref": "https://raw.githubusercontent.com/PaloAltoNetworks/prisma-cloud-docs/master/api/descriptions/settings/custom-labels_get.md" + }, + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/shared.CustomLabelsSettings" + } + } + }, + "description": "CustomLabelsSettings are customized label names that are used to augment audit events\nThey can either be docker labels (which appears in the container label specification)\nor k8s/openshift labels (which appears in the pause container that monitors the target container)" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Settings" + ], + "x-prisma-cloud-target-env": { + "permission": "user", + "saas": true, + "self-hosted": true + }, + "x-public": true, + "operationId": "get-settings-custom-labels", + "summary": "Get Alert Labels" + }, + "post": { + "description": { + "$ref": "https://raw.githubusercontent.com/PaloAltoNetworks/prisma-cloud-docs/master/api/descriptions/settings/custom-labels_post.md" + }, + "requestBody": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/shared.CustomLabelsSettings" + } + } + } + }, + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Settings" + ], + "x-prisma-cloud-target-env": { + "permission": "manageAlerts", + "saas": true, + "self-hosted": true + }, + "x-public": true, + "operationId": "post-settings-custom-labels", + "summary": "Add Alert Labels" + } + }, + "/api/v30.03/settings/defender": { + "get": { + "description": { + "$ref": "https://raw.githubusercontent.com/PaloAltoNetworks/prisma-cloud-docs/master/api/descriptions/settings/defender_get.md" + }, + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/defender.Settings" + } + } + }, + "description": "Settings is the Defender settings" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Settings" + ], + "x-prisma-cloud-target-env": { + "permission": "manageDefenders", + "saas": true, + "self-hosted": true + }, + "x-public": true, + "operationId": "get-settings-defender", + "summary": "Get Advanced Defender Settings" + } + }, + "/api/v30.03/settings/intelligence": { + "get": { + "description": { + "$ref": "https://raw.githubusercontent.com/PaloAltoNetworks/prisma-cloud-docs/master/api/descriptions/settings/intelligence_get.md" + }, + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/intelligence.IntelligenceSettings" + } + } + }, + "description": "IntelligenceSettings are the intelligence service settings" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Settings" + ], + "x-prisma-cloud-target-env": { + "permission": "systemOperations", + "saas": true, + "self-hosted": true + }, + "x-public": true, + "operationId": "get-settings-intelligence", + "summary": "Get Intelligence Stream Settings" + }, + "post": { + "description": { + "$ref": "https://raw.githubusercontent.com/PaloAltoNetworks/prisma-cloud-docs/master/api/descriptions/settings/intelligence_post.md" + }, + "requestBody": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/intelligence.IntelligenceSettings" + } + } + } + }, + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Settings" + ], + "x-prisma-cloud-target-env": { + "permission": "systemOperations", + "saas": false, + "self-hosted": true + }, + "x-public": true, + "operationId": "post-settings-intelligence", + "summary": "Add Intelligence Stream Settings" + } + }, + "/api/v30.03/settings/ldap": { + "get": { + "description": { + "$ref": "https://raw.githubusercontent.com/PaloAltoNetworks/prisma-cloud-docs/master/api/descriptions/settings/ldap_get.md" + }, + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/identity.LdapSettings" + } + } + }, + "description": "LdapSettings are the ldap connectivity settings" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Settings" + ], + "x-prisma-cloud-target-env": { + "permission": "authConfiguration", + "saas": false, + "self-hosted": true + }, + "x-public": true, + "operationId": "get-settings-ldap", + "summary": "Get LDAP Integration Settings" + }, + "post": { + "description": { + "$ref": "https://raw.githubusercontent.com/PaloAltoNetworks/prisma-cloud-docs/master/api/descriptions/settings/ldap_post.md" + }, + "requestBody": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/identity.LdapSettings" + } + } + } + }, + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Settings" + ], + "x-prisma-cloud-target-env": { + "permission": "authConfiguration", + "saas": false, + "self-hosted": true + }, + "x-public": true, + "operationId": "post-settings-ldap", + "summary": "Add LDAP Integration Settings" + } + }, + "/api/v30.03/settings/license": { + "get": { + "description": { + "$ref": "https://raw.githubusercontent.com/PaloAltoNetworks/prisma-cloud-docs/master/api/descriptions/settings/license_get.md" + }, + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/shared.License" + } + } + }, + "description": "License represent the customer license" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Settings" + ], + "x-prisma-cloud-target-env": { + "permission": "accessUI", + "saas": true, + "self-hosted": true + }, + "x-public": true, + "operationId": "get-settings-license", + "summary": "Get Prisma Cloud Compute License" + }, + "post": { + "description": { + "$ref": "https://raw.githubusercontent.com/PaloAltoNetworks/prisma-cloud-docs/master/api/descriptions/settings/license_post.md" + }, + "requestBody": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/api.LicenseRequest" + } + } + } + }, + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Settings" + ], + "x-prisma-cloud-target-env": { + "permission": "privilegedOperations", + "saas": false, + "self-hosted": true + }, + "x-public": true, + "operationId": "post-settings-license", + "summary": "Add Prisma Cloud Compute License" + } + }, + "/api/v30.03/settings/logging": { + "get": { + "description": { + "$ref": "https://raw.githubusercontent.com/PaloAltoNetworks/prisma-cloud-docs/master/api/descriptions/settings/logging_get.md" + }, + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/shared.LoggingSettings" + } + } + }, + "description": "LoggingSettings are the logging settings" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Settings" + ], + "x-prisma-cloud-target-env": { + "permission": "manageAlerts", + "saas": true, + "self-hosted": true + }, + "x-public": true, + "operationId": "get-settings-logging", + "summary": "Get Logging Settings" + }, + "post": { + "description": { + "$ref": "https://raw.githubusercontent.com/PaloAltoNetworks/prisma-cloud-docs/master/api/descriptions/settings/logging_post.md" + }, + "requestBody": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/shared.LoggingSettings" + } + } + } + }, + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Settings" + ], + "x-prisma-cloud-target-env": { + "permission": "manageAlerts", + "saas": true, + "self-hosted": true + }, + "x-public": true, + "operationId": "post-settings-logging", + "summary": "Add Logging Settings" + } + }, + "/api/v30.03/settings/logon": { + "get": { + "description": { + "$ref": "https://raw.githubusercontent.com/PaloAltoNetworks/prisma-cloud-docs/master/api/descriptions/settings/logon_get.md" + }, + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/types.LogonSettings" + } + } + }, + "description": "LogonSettings are settings associated with the login properties" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Settings" + ], + "x-prisma-cloud-target-env": { + "permission": "authConfiguration", + "saas": true, + "self-hosted": true + }, + "x-public": true, + "operationId": "get-settings-logon", + "summary": "Get Logon Settings" + }, + "post": { + "description": { + "$ref": "https://raw.githubusercontent.com/PaloAltoNetworks/prisma-cloud-docs/master/api/descriptions/settings/logon_post.md" + }, + "requestBody": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/types.LogonSettings" + } + } + } + }, + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Settings" + ], + "x-prisma-cloud-target-env": { + "permission": "authConfiguration", + "saas": false, + "self-hosted": true + }, + "x-public": true, + "operationId": "post-settings-logon", + "summary": "Add Logon Settings" + } + }, + "/api/v30.03/settings/oauth": { + "get": { + "description": { + "$ref": "https://raw.githubusercontent.com/PaloAltoNetworks/prisma-cloud-docs/master/api/descriptions/settings/oauth_get.md" + }, + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/identity.ProviderSettings" + } + } + }, + "description": "ProviderSettings are the Oauth/ OpenID Connect connectivity settings" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Settings" + ], + "x-prisma-cloud-target-env": { + "permission": "authConfiguration", + "saas": false, + "self-hosted": true + }, + "x-public": true, + "operationId": "get-settings-oauth", + "summary": "Get OAuth Settings" + }, + "post": { + "description": { + "$ref": "https://raw.githubusercontent.com/PaloAltoNetworks/prisma-cloud-docs/master/api/descriptions/settings/oauth_post.md" + }, + "requestBody": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/identity.ProviderSettings" + } + } + } + }, + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Settings" + ], + "x-prisma-cloud-target-env": { + "permission": "authConfiguration", + "saas": false, + "self-hosted": true + }, + "x-public": true, + "operationId": "post-settings-oauth", + "summary": "Add OAuth Settings" + } + }, + "/api/v30.03/settings/oidc": { + "get": { + "description": { + "$ref": "https://raw.githubusercontent.com/PaloAltoNetworks/prisma-cloud-docs/master/api/descriptions/settings/oidc_get.md" + }, + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/identity.ProviderSettings" + } + } + }, + "description": "ProviderSettings are the Oauth/ OpenID Connect connectivity settings" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Settings" + ], + "x-prisma-cloud-target-env": { + "permission": "authConfiguration", + "saas": false, + "self-hosted": true + }, + "x-public": true, + "operationId": "get-settings-oidc", + "summary": "Get Open ID Connect Settings" + }, + "post": { + "description": { + "$ref": "https://raw.githubusercontent.com/PaloAltoNetworks/prisma-cloud-docs/master/api/descriptions/settings/oidc_post.md" + }, + "requestBody": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/identity.ProviderSettings" + } + } + } + }, + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Settings" + ], + "x-prisma-cloud-target-env": { + "permission": "authConfiguration", + "saas": false, + "self-hosted": true + }, + "x-public": true, + "operationId": "post-settings-oidc", + "summary": "Add Open ID Connect Settings" + } + }, + "/api/v30.03/settings/proxy": { + "get": { + "description": { + "$ref": "https://raw.githubusercontent.com/PaloAltoNetworks/prisma-cloud-docs/master/api/descriptions/settings/proxy_get.md" + }, + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/common.ProxySettings" + } + } + }, + "description": "ProxySettings are the http proxy settings" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Settings" + ], + "x-prisma-cloud-target-env": { + "permission": "systemOperations", + "saas": true, + "self-hosted": true + }, + "x-public": true, + "operationId": "get-settings-proxy", + "summary": "Get Proxy Settings of Prisma Cloud Compute" + }, + "post": { + "description": { + "$ref": "https://raw.githubusercontent.com/PaloAltoNetworks/prisma-cloud-docs/master/api/descriptions/settings/proxy_post.md" + }, + "requestBody": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/common.ProxySettings" + } + } + } + }, + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Settings" + ], + "x-prisma-cloud-target-env": { + "permission": "systemOperations", + "saas": true, + "self-hosted": true + }, + "x-public": true, + "operationId": "post-settings-proxy", + "summary": "Add Proxy Settings for Prisma Cloud Compute" + } + }, + "/api/v30.03/settings/registry": { + "get": { + "description": { + "$ref": "https://raw.githubusercontent.com/PaloAltoNetworks/prisma-cloud-docs/master/api/descriptions/settings/registry_get.md" + }, + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/shared.RegistrySettings" + } + } + }, + "description": "RegistrySettings contains each registry's unique settings" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Settings" + ], + "x-prisma-cloud-target-env": { + "permission": "policyContainers", + "saas": true, + "self-hosted": true + }, + "x-public": true, + "operationId": "get-settings-registry", + "summary": "Get Registry Settings" + }, + "post": { + "description": { + "$ref": "https://raw.githubusercontent.com/PaloAltoNetworks/prisma-cloud-docs/master/api/descriptions/settings/registry_post.md" + }, + "parameters": [ + { + "description": "ScanLater indicates to save the setting without starting a scan.\n", + "in": "query", + "name": "scanLater", + "schema": { + "type": "boolean" + } + } + ], + "requestBody": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/shared.RegistrySpecification" + } + } + } + }, + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Settings" + ], + "x-prisma-cloud-target-env": { + "permission": "policyContainers", + "saas": true, + "self-hosted": true + }, + "x-public": true, + "operationId": "post-settings-registry", + "summary": "Add Registry Settings" + }, + "put": { + "description": { + "$ref": "https://raw.githubusercontent.com/PaloAltoNetworks/prisma-cloud-docs/master/api/descriptions/settings/registry_put.md" + }, + "parameters": [ + { + "description": "ScanLater indicates to save the setting without starting a scan.\n", + "in": "query", + "name": "scanLater", + "schema": { + "type": "boolean" + } + } + ], + "requestBody": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/shared.RegistrySettings" + } + } + } + }, + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Settings" + ], + "x-prisma-cloud-target-env": { + "permission": "policyContainers", + "saas": true, + "self-hosted": true + }, + "x-public": true, + "operationId": "put-settings-registry", + "summary": "Update Registry Settings" + } + }, + "/api/v30.03/settings/saml": { + "get": { + "description": { + "$ref": "https://raw.githubusercontent.com/PaloAltoNetworks/prisma-cloud-docs/master/api/descriptions/settings/saml_get.md" + }, + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/identity.SamlSettings" + } + } + }, + "description": "SamlSettings are the saml connectivity settings" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Settings" + ], + "x-prisma-cloud-target-env": { + "permission": "authConfiguration", + "saas": true, + "self-hosted": true + }, + "x-public": true, + "operationId": "get-settings-saml", + "summary": "Get SAML Settings of Prisma Cloud Compute" + }, + "post": { + "description": { + "$ref": "https://raw.githubusercontent.com/PaloAltoNetworks/prisma-cloud-docs/master/api/descriptions/settings/saml_post.md" + }, + "requestBody": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/identity.SamlSettings" + } + } + } + }, + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Settings" + ], + "x-prisma-cloud-target-env": { + "permission": "authConfiguration", + "saas": false, + "self-hosted": true + }, + "x-public": true, + "operationId": "post-settings-saml", + "summary": "Add SAML Settings for Prisma Cloud Compute" + } + }, + "/api/v30.03/settings/scan": { + "get": { + "description": { + "$ref": "https://raw.githubusercontent.com/PaloAltoNetworks/prisma-cloud-docs/master/api/descriptions/settings/scan_get.md" + }, + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/shared.ScanSettings" + } + } + }, + "description": "ScanSettings are global settings for image/host/container and registry scanning" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Settings" + ], + "x-prisma-cloud-target-env": { + "permission": "systemOperations", + "saas": true, + "self-hosted": true + }, + "x-public": true, + "operationId": "get-settings-scan", + "summary": "Get Global Scan Settings" + }, + "post": { + "description": { + "$ref": "https://raw.githubusercontent.com/PaloAltoNetworks/prisma-cloud-docs/master/api/descriptions/settings/scan_post.md" + }, + "requestBody": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/shared.ScanSettings" + } + } + } + }, + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Settings" + ], + "x-prisma-cloud-target-env": { + "permission": "systemOperations", + "saas": true, + "self-hosted": true + }, + "x-public": true, + "operationId": "post-settings-scan", + "summary": "Add Global Scan Settings" + } + }, + "/api/v30.03/settings/tas": { + "get": { + "description": { + "$ref": "https://raw.githubusercontent.com/PaloAltoNetworks/prisma-cloud-docs/master/api/descriptions/settings/tas_get.md" + }, + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/-_shared.TASDropletSpecification" + } + } + }, + "description": "" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Settings" + ], + "x-prisma-cloud-target-env": { + "permission": "policyContainers", + "saas": true, + "self-hosted": true + }, + "x-public": true, + "operationId": "get-settings-tas", + "summary": "Get TAS Settings" + }, + "post": { + "description": { + "$ref": "https://raw.githubusercontent.com/PaloAltoNetworks/prisma-cloud-docs/master/api/descriptions/settings/tas_post.md" + }, + "requestBody": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/-_shared.TASDropletSpecification" + } + } + } + }, + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Settings" + ], + "x-prisma-cloud-target-env": { + "permission": "policyContainers", + "saas": true, + "self-hosted": true + }, + "x-public": true, + "operationId": "post-settings-tas", + "summary": "Download TAS Settings" + } + }, + "/api/v30.03/settings/telemetry": { + "get": { + "description": { + "$ref": "https://raw.githubusercontent.com/PaloAltoNetworks/prisma-cloud-docs/master/api/descriptions/settings/telemetry_get.md" + }, + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/types.TelemetrySettings" + } + } + }, + "description": "TelemetrySettings is the telemetry settings" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Settings" + ], + "x-prisma-cloud-target-env": { + "permission": "systemOperations", + "saas": false, + "self-hosted": true + }, + "x-public": true, + "operationId": "get-settings-telemetry", + "summary": "Get Telemetry Settings" + }, + "post": { + "description": { + "$ref": "https://raw.githubusercontent.com/PaloAltoNetworks/prisma-cloud-docs/master/api/descriptions/settings/telemetry_post.md" + }, + "requestBody": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/types.TelemetrySettings" + } + } + } + }, + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Settings" + ], + "x-prisma-cloud-target-env": { + "permission": "systemOperations", + "saas": false, + "self-hosted": true + }, + "x-public": true, + "operationId": "post-settings-telemetry", + "summary": "Enable or Disable Telemetry Settings" + } + }, + "/api/v30.03/settings/trusted-certificate": { + "post": { + "description": { + "$ref": "https://raw.githubusercontent.com/PaloAltoNetworks/prisma-cloud-docs/master/api/descriptions/settings/telemetry_get.md" + }, + "requestBody": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/types.CertData" + } + } + } + }, + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/shared.TrustedCertSignature" + } + } + }, + "description": "TrustedCertSignature represents a trusted cert settings" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Settings" + ], + "x-prisma-cloud-target-env": { + "permission": "authConfiguration", + "saas": false, + "self-hosted": true + }, + "x-public": true, + "operationId": "post-settings-trusted-certificate", + "summary": "Add a Certificate to a Trusted Certificate List" + } + }, + "/api/v30.03/settings/trusted-certificates": { + "post": { + "description": { + "$ref": "https://raw.githubusercontent.com/PaloAltoNetworks/prisma-cloud-docs/master/api/descriptions/settings/telemetry_post.md" + }, + "requestBody": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/shared.TrustedCertSettings" + } + } + } + }, + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Settings" + ], + "x-prisma-cloud-target-env": { + "permission": "authConfiguration", + "saas": false, + "self-hosted": true + }, + "x-public": true, + "operationId": "post-settings-trusted-certificates", + "summary": "Add Trusted Certificate Settings" + } + }, + "/api/v30.03/settings/vm": { + "get": { + "description": { + "$ref": "https://raw.githubusercontent.com/PaloAltoNetworks/prisma-cloud-docs/master/api/descriptions/settings/vm_get.md" + }, + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/-_shared.VMSpecification" + } + } + }, + "description": "" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Settings" + ], + "x-prisma-cloud-target-env": { + "permission": "policyHosts", + "saas": true, + "self-hosted": true + }, + "x-public": true, + "operationId": "get-settings-vm", + "summary": "Get VM Image Scan Settings" + }, + "put": { + "description": { + "$ref": "https://raw.githubusercontent.com/PaloAltoNetworks/prisma-cloud-docs/master/api/descriptions/settings/vm_put.md" + }, + "requestBody": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/-_shared.VMSpecification" + } + } + } + }, + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Settings" + ], + "x-prisma-cloud-target-env": { + "permission": "policyHosts", + "saas": true, + "self-hosted": true + }, + "x-public": true, + "operationId": "put-settings-vm", + "summary": "Update VM Image Scan Settings" + } + }, + "/api/v30.03/settings/wildfire": { + "get": { + "description": "WildFireSettings returns the wildfire settings\n", + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/shared.WildFireSettings" + } + } + }, + "description": "WildFireSettings are the settings for WildFire API requests" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Settings" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorCI", + "saas": true, + "self-hosted": true + }, + "x-public": true, + "operationId": "get-settings-wildfire", + "summary": " WildFire Settings" + } + }, + "/api/v30.03/stats/app-firewall/count": { + "get": { + "description": "AppFirewallCount returns the number of app firewalls in use\n", + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/int" + } + } + }, + "description": "" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Stats" + ], + "x-prisma-cloud-target-env": { + "permission": "systemOperations", + "saas": true, + "self-hosted": true + }, + "x-public": true, + "operationId": "get-stats-app-firewall-count", + "summary": " App Firewall Count" + } + }, + "/api/v30.03/stats/compliance": { + "get": { + "description": { + "$ref": "https://raw.githubusercontent.com/PaloAltoNetworks/prisma-cloud-docs/master/api/descriptions/stats/compliance_get.md" + }, + "parameters": [ + { + "description": "Scopes query by collection.\n", + "in": "query", + "name": "collections", + "schema": { + "description": "Scopes query by collection.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Scopes query by account ID.\n", + "in": "query", + "name": "accountIDs", + "schema": { + "description": "Scopes query by account ID.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters results by rule name.\n", + "in": "query", + "name": "ruleName", + "schema": { + "type": "string" + } + }, + { + "description": "Filters results by policy type. Used to further scope queries because rule names do not need to be unique between policies.\n", + "in": "query", + "name": "policyType", + "schema": { + "description": "PolicyType represents the type of the policy", + "enum": [ + [ + "docker", + "containerVulnerability", + "containerCompliance", + "ciImagesVulnerability", + "ciImagesCompliance", + "hostVulnerability", + "hostCompliance", + "vmVulnerability", + "vmCompliance", + "serverlessCompliance", + "ciServerlessCompliance", + "serverlessVulnerability", + "ciServerlessVulnerability", + "containerRuntime", + "appEmbeddedRuntime", + "containerAppFirewall", + "hostAppFirewall", + "outOfBandAppFirewall", + "agentlessAppFirewall", + "appEmbeddedAppFirewall", + "serverlessAppFirewall", + "networkFirewall", + "secrets", + "hostRuntime", + "serverlessRuntime", + "kubernetesAudit", + "trust", + "admission", + "codeRepoVulnerability", + "ciCodeRepoVulnerability", + "codeRepoCompliance", + "ciCodeRepoCompliance" + ] + ], + "type": "string" + } + }, + { + "description": "Filters results by category. For example, a benchmark or resource type.\n", + "in": "query", + "name": "category", + "schema": { + "description": "ComplianceCategory represents the compliance category", + "enum": [ + [ + "Docker", + "Docker (DISA STIG)", + "Twistlock Labs", + "Custom", + "Istio", + "Linux", + "Kubernetes", + "CRI", + "OpenShift", + "Application Control", + "Prisma Cloud Labs" + ] + ], + "type": "string" + } + }, + { + "description": "Filters results by compliance template.\n", + "in": "query", + "name": "template", + "schema": { + "description": "ComplianceTemplate represents the compliance template", + "enum": [ + [ + "PCI", + "HIPAA", + "NIST SP 800-190", + "GDPR", + "DISA STIG" + ] + ], + "type": "string" + } + } + ], + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/types.ComplianceStats" + } + } + }, + "description": "ComplianceStats holds compliance data" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Stats" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorCompliance", + "saas": true, + "self-hosted": true + }, + "x-public": true, + "operationId": "get-stats-compliance", + "summary": "Get Compliance Stats" + } + }, + "/api/v30.03/stats/compliance/download": { + "get": { + "description": "DownloadComplianceStats downloads the compliance stats\n", + "parameters": [ + { + "description": "Scopes query by collection.\n", + "in": "query", + "name": "collections", + "schema": { + "description": "Scopes query by collection.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Scopes query by account ID.\n", + "in": "query", + "name": "accountIDs", + "schema": { + "description": "Scopes query by account ID.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters results by rule name.\n", + "in": "query", + "name": "ruleName", + "schema": { + "type": "string" + } + }, + { + "description": "Filters results by policy type. Used to further scope queries because rule names do not need to be unique between policies.\n", + "in": "query", + "name": "policyType", + "schema": { + "description": "PolicyType represents the type of the policy", + "enum": [ + [ + "docker", + "containerVulnerability", + "containerCompliance", + "ciImagesVulnerability", + "ciImagesCompliance", + "hostVulnerability", + "hostCompliance", + "vmVulnerability", + "vmCompliance", + "serverlessCompliance", + "ciServerlessCompliance", + "serverlessVulnerability", + "ciServerlessVulnerability", + "containerRuntime", + "appEmbeddedRuntime", + "containerAppFirewall", + "hostAppFirewall", + "outOfBandAppFirewall", + "agentlessAppFirewall", + "appEmbeddedAppFirewall", + "serverlessAppFirewall", + "networkFirewall", + "secrets", + "hostRuntime", + "serverlessRuntime", + "kubernetesAudit", + "trust", + "admission", + "codeRepoVulnerability", + "ciCodeRepoVulnerability", + "codeRepoCompliance", + "ciCodeRepoCompliance" + ] + ], + "type": "string" + } + }, + { + "description": "Filters results by category. For example, a benchmark or resource type.\n", + "in": "query", + "name": "category", + "schema": { + "description": "ComplianceCategory represents the compliance category", + "enum": [ + [ + "Docker", + "Docker (DISA STIG)", + "Twistlock Labs", + "Custom", + "Istio", + "Linux", + "Kubernetes", + "CRI", + "OpenShift", + "Application Control", + "Prisma Cloud Labs" + ] + ], + "type": "string" + } + }, + { + "description": "Filters results by compliance template.\n", + "in": "query", + "name": "template", + "schema": { + "description": "ComplianceTemplate represents the compliance template", + "enum": [ + [ + "PCI", + "HIPAA", + "NIST SP 800-190", + "GDPR", + "DISA STIG" + ] + ], + "type": "string" + } + } + ], + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Stats" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorCompliance", + "saas": true, + "self-hosted": true + }, + "x-public": true, + "operationId": "get-stats-compliance-download", + "summary": " Download Compliance Stats" + } + }, + "/api/v30.03/stats/compliance/refresh": { + "post": { + "description": { + "$ref": "https://raw.githubusercontent.com/PaloAltoNetworks/prisma-cloud-docs/master/api/descriptions/stats/compliance_refresh_post.md" + }, + "parameters": [ + { + "description": "Scopes query by collection.\n", + "in": "query", + "name": "collections", + "schema": { + "description": "Scopes query by collection.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Scopes query by account ID.\n", + "in": "query", + "name": "accountIDs", + "schema": { + "description": "Scopes query by account ID.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters results by rule name.\n", + "in": "query", + "name": "ruleName", + "schema": { + "type": "string" + } + }, + { + "description": "Filters results by policy type. Used to further scope queries because rule names do not need to be unique between policies.\n", + "in": "query", + "name": "policyType", + "schema": { + "description": "PolicyType represents the type of the policy", + "enum": [ + [ + "docker", + "containerVulnerability", + "containerCompliance", + "ciImagesVulnerability", + "ciImagesCompliance", + "hostVulnerability", + "hostCompliance", + "vmVulnerability", + "vmCompliance", + "serverlessCompliance", + "ciServerlessCompliance", + "serverlessVulnerability", + "ciServerlessVulnerability", + "containerRuntime", + "appEmbeddedRuntime", + "containerAppFirewall", + "hostAppFirewall", + "outOfBandAppFirewall", + "agentlessAppFirewall", + "appEmbeddedAppFirewall", + "serverlessAppFirewall", + "networkFirewall", + "secrets", + "hostRuntime", + "serverlessRuntime", + "kubernetesAudit", + "trust", + "admission", + "codeRepoVulnerability", + "ciCodeRepoVulnerability", + "codeRepoCompliance", + "ciCodeRepoCompliance" + ] + ], + "type": "string" + } + }, + { + "description": "Filters results by category. For example, a benchmark or resource type.\n", + "in": "query", + "name": "category", + "schema": { + "description": "ComplianceCategory represents the compliance category", + "enum": [ + [ + "Docker", + "Docker (DISA STIG)", + "Twistlock Labs", + "Custom", + "Istio", + "Linux", + "Kubernetes", + "CRI", + "OpenShift", + "Application Control", + "Prisma Cloud Labs" + ] + ], + "type": "string" + } + }, + { + "description": "Filters results by compliance template.\n", + "in": "query", + "name": "template", + "schema": { + "description": "ComplianceTemplate represents the compliance template", + "enum": [ + [ + "PCI", + "HIPAA", + "NIST SP 800-190", + "GDPR", + "DISA STIG" + ] + ], + "type": "string" + } + } + ], + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/types.ComplianceStats" + } + } + }, + "description": "ComplianceStats holds compliance data" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Stats" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorCompliance", + "saas": true, + "self-hosted": true + }, + "x-public": true, + "operationId": "post-stats-compliance-refresh", + "summary": "Refresh Compliance Stats" + } + }, + "/api/v30.03/stats/daily": { + "get": { + "description": { + "$ref": "https://raw.githubusercontent.com/PaloAltoNetworks/prisma-cloud-docs/master/api/descriptions/stats/daily_get.md" + }, + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/-_types.Stats" + } + } + }, + "description": "" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Stats" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorRuntimeContainers", + "saas": true, + "self-hosted": true + }, + "x-public": true, + "operationId": "get-stats-daily", + "summary": "Get Daily Compliance Stats" + } + }, + "/api/v30.03/stats/dashboard": { + "get": { + "description": { + "$ref": "https://raw.githubusercontent.com/PaloAltoNetworks/prisma-cloud-docs/master/api/descriptions/stats/dashboard_get.md" + }, + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/types.Trends" + } + } + }, + "description": "Trends contains data on global trends in the system" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Stats" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorVuln", + "saas": true, + "self-hosted": true + }, + "x-public": true, + "operationId": "get-stats-dashboard", + "summary": "Get Dashboard Stats" + } + }, + "/api/v30.03/stats/events": { + "get": { + "description": { + "$ref": "https://raw.githubusercontent.com/PaloAltoNetworks/prisma-cloud-docs/master/api/descriptions/stats/events_get.md" + }, + "parameters": [ + { + "description": "Collections are collections scoping the query.\n", + "in": "query", + "name": "collections", + "schema": { + "description": "Collections are collections scoping the query.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "AccountIDs are the account IDs scoping the query.\n", + "in": "query", + "name": "accountIDs", + "schema": { + "description": "AccountIDs are the account IDs scoping the query.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "From is an optional minimum time constraints for the audit.\n", + "in": "query", + "name": "from", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "To is an optional maximum time constraints for the audit.\n", + "in": "query", + "name": "to", + "schema": { + "format": "date-time", + "type": "string" + } + }, + { + "description": "AttackTechniques are the MITRE attack techniques.\n", + "in": "query", + "name": "attackTechniques", + "schema": { + "description": "AttackTechniques are the MITRE attack techniques.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + } + ], + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/types.EventStats" + } + } + }, + "description": "EventStats holds counters for all event types" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Stats" + ], + "x-prisma-cloud-target-env": { + "permission": "accessUI", + "saas": true, + "self-hosted": true + }, + "x-public": true, + "operationId": "get-stats-events", + "summary": "Get Event Stats" + } + }, + "/api/v30.03/stats/license": { + "get": { + "description": "LicenseStats returns the license stats including the credit per defender\n", + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/types.LicenseStats" + } + } + }, + "description": "LicenseStats holds the console license stats" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Stats" + ], + "x-prisma-cloud-target-env": { + "permission": "systemOperations", + "saas": true, + "self-hosted": true + }, + "x-public": true, + "operationId": "get-stats-license", + "summary": " License Stats" + } + }, + "/api/v30.03/stats/vulnerabilities": { + "get": { + "description": { + "$ref": "https://raw.githubusercontent.com/PaloAltoNetworks/prisma-cloud-docs/master/api/descriptions/stats/vulnerabilities_get.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Number of reports to retrieve in a page.\nFor PCCE, the maximum limit is 250.\nFor PCEE, the maximum limit is 50.\nThe default value is 50.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Retrieves the result for a search term.\n", + "in": "query", + "name": "search", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result using a key.\nRefer to the columns in the relevant Prisma Cloud Compute user interface to use them as sort keys.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": "Filters the result based on collection names that you have defined in Prisma Cloud Compute.\n", + "in": "query", + "name": "collections", + "schema": { + "description": "Filters the result based on collection names that you have defined in Prisma Cloud Compute.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Scopes the query by cloud provider.\n", + "in": "query", + "name": "provider", + "schema": { + "description": "Scopes the query by cloud provider.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters the result based on cloud account IDs.\n", + "in": "query", + "name": "accountIDs", + "schema": { + "description": "Filters the result based on cloud account IDs.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Scopes the query by resource ID.\n", + "in": "query", + "name": "resourceIDs", + "schema": { + "description": "Scopes the query by resource ID.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Scopes the query by cloud region.\n", + "in": "query", + "name": "region", + "schema": { + "description": "Scopes the query by cloud region.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Retrieves the fields that you need in a report.\nUse the list of fields you want to retrieve. By default, the result shows all fields of data.\n", + "in": "query", + "name": "fields", + "schema": { + "description": "Retrieves the fields that you need in a report.\nUse the list of fields you want to retrieve. By default, the result shows all fields of data.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "CVE is the single CVE ID to return vulnerability data for.\n", + "in": "query", + "name": "cve", + "schema": { + "type": "string" + } + }, + { + "description": "SeverityThreshold is the minimum severity indicating that all retrieved CVEs severities are greater than or equal to the threshold.\n", + "in": "query", + "name": "severityThreshold", + "schema": { + "type": "string" + } + }, + { + "description": "CVSSThreshold is the minimum CVSS score indicating that all retrieved CVEs CVSS scores are greater than or equal to the threshold.\n", + "in": "query", + "name": "cvssThreshold", + "schema": { + "format": "float", + "type": "number" + } + }, + { + "description": "ResourceType is the single resource type to return vulnerability data for.\n", + "in": "query", + "name": "resourceType", + "schema": { + "description": "ResourceType represents the resource type", + "enum": [ + [ + "container", + "image", + "host", + "istio", + "vm", + "function", + "codeRepo", + "registryImage" + ] + ], + "type": "string" + } + }, + { + "description": "Agentless indicates whether to retrieve vulnerability data for agentless hosts/images.\n", + "in": "query", + "name": "agentless", + "schema": { + "type": "boolean" + } + }, + { + "description": "Stopped indicates whether to retrieve vulnerability data for hosts that were not running during agentless scan.\n", + "in": "query", + "name": "stopped", + "schema": { + "type": "boolean" + } + }, + { + "description": "Packages filter by impacted packages.\n", + "in": "query", + "name": "packages", + "schema": { + "description": "Packages filter by impacted packages.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "RiskFactors filter by CVE risk factors.\n", + "in": "query", + "name": "riskFactors", + "schema": { + "description": "RiskFactors filter by CVE risk factors.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "EnvRiskFactors filter by environmental risk factors.\n", + "in": "query", + "name": "envRiskFactors", + "schema": { + "description": "EnvRiskFactors filter by environmental risk factors.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + } + ], + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/-_types.VulnerabilityStats" + } + } + }, + "description": "" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Stats" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorVuln", + "saas": true, + "self-hosted": true + }, + "x-public": true, + "operationId": "get-stats-vulnerabilities", + "summary": "Get Vulnerability (CVEs) Stats" + } + }, + "/api/v30.03/stats/vulnerabilities/download": { + "get": { + "description": { + "$ref": "https://raw.githubusercontent.com/PaloAltoNetworks/prisma-cloud-docs/master/api/descriptions/stats/vulnerabilities_download_get.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Number of reports to retrieve in a page.\nFor PCCE, the maximum limit is 250.\nFor PCEE, the maximum limit is 50.\nThe default value is 50.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Retrieves the result for a search term.\n", + "in": "query", + "name": "search", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result using a key.\nRefer to the columns in the relevant Prisma Cloud Compute user interface to use them as sort keys.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": "Filters the result based on collection names that you have defined in Prisma Cloud Compute.\n", + "in": "query", + "name": "collections", + "schema": { + "description": "Filters the result based on collection names that you have defined in Prisma Cloud Compute.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Scopes the query by cloud provider.\n", + "in": "query", + "name": "provider", + "schema": { + "description": "Scopes the query by cloud provider.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters the result based on cloud account IDs.\n", + "in": "query", + "name": "accountIDs", + "schema": { + "description": "Filters the result based on cloud account IDs.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Scopes the query by resource ID.\n", + "in": "query", + "name": "resourceIDs", + "schema": { + "description": "Scopes the query by resource ID.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Scopes the query by cloud region.\n", + "in": "query", + "name": "region", + "schema": { + "description": "Scopes the query by cloud region.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Retrieves the fields that you need in a report.\nUse the list of fields you want to retrieve. By default, the result shows all fields of data.\n", + "in": "query", + "name": "fields", + "schema": { + "description": "Retrieves the fields that you need in a report.\nUse the list of fields you want to retrieve. By default, the result shows all fields of data.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "CVE is the single CVE ID to return vulnerability data for.\n", + "in": "query", + "name": "cve", + "schema": { + "type": "string" + } + }, + { + "description": "SeverityThreshold is the minimum severity indicating that all retrieved CVEs severities are greater than or equal to the threshold.\n", + "in": "query", + "name": "severityThreshold", + "schema": { + "type": "string" + } + }, + { + "description": "CVSSThreshold is the minimum CVSS score indicating that all retrieved CVEs CVSS scores are greater than or equal to the threshold.\n", + "in": "query", + "name": "cvssThreshold", + "schema": { + "format": "float", + "type": "number" + } + }, + { + "description": "ResourceType is the single resource type to return vulnerability data for.\n", + "in": "query", + "name": "resourceType", + "schema": { + "description": "ResourceType represents the resource type", + "enum": [ + [ + "container", + "image", + "host", + "istio", + "vm", + "function", + "codeRepo", + "registryImage" + ] + ], + "type": "string" + } + }, + { + "description": "Agentless indicates whether to retrieve vulnerability data for agentless hosts/images.\n", + "in": "query", + "name": "agentless", + "schema": { + "type": "boolean" + } + }, + { + "description": "Stopped indicates whether to retrieve vulnerability data for hosts that were not running during agentless scan.\n", + "in": "query", + "name": "stopped", + "schema": { + "type": "boolean" + } + }, + { + "description": "Packages filter by impacted packages.\n", + "in": "query", + "name": "packages", + "schema": { + "description": "Packages filter by impacted packages.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "RiskFactors filter by CVE risk factors.\n", + "in": "query", + "name": "riskFactors", + "schema": { + "description": "RiskFactors filter by CVE risk factors.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "EnvRiskFactors filter by environmental risk factors.\n", + "in": "query", + "name": "envRiskFactors", + "schema": { + "description": "EnvRiskFactors filter by environmental risk factors.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + } + ], + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Stats" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorVuln", + "saas": true, + "self-hosted": true + }, + "x-public": true, + "operationId": "get-stats-vulnerabilities-download", + "summary": "Download Vulnerability (CVEs) Stats" + } + }, + "/api/v30.03/stats/vulnerabilities/impacted-resources": { + "get": { + "description": { + "$ref": "https://raw.githubusercontent.com/PaloAltoNetworks/prisma-cloud-docs/master/api/descriptions/stats/vulnerabilities_impacted_resources_get.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Number of reports to retrieve in a page.\nFor PCCE, the maximum limit is 250.\nFor PCEE, the maximum limit is 50.\nThe default value is 50.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Retrieves the result for a search term.\n", + "in": "query", + "name": "search", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result using a key.\nRefer to the columns in the relevant Prisma Cloud Compute user interface to use them as sort keys.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": "Filters the result based on collection names that you have defined in Prisma Cloud Compute.\n", + "in": "query", + "name": "collections", + "schema": { + "description": "Filters the result based on collection names that you have defined in Prisma Cloud Compute.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Scopes the query by cloud provider.\n", + "in": "query", + "name": "provider", + "schema": { + "description": "Scopes the query by cloud provider.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters the result based on cloud account IDs.\n", + "in": "query", + "name": "accountIDs", + "schema": { + "description": "Filters the result based on cloud account IDs.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Scopes the query by resource ID.\n", + "in": "query", + "name": "resourceIDs", + "schema": { + "description": "Scopes the query by resource ID.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Scopes the query by cloud region.\n", + "in": "query", + "name": "region", + "schema": { + "description": "Scopes the query by cloud region.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Retrieves the fields that you need in a report.\nUse the list of fields you want to retrieve. By default, the result shows all fields of data.\n", + "in": "query", + "name": "fields", + "schema": { + "description": "Retrieves the fields that you need in a report.\nUse the list of fields you want to retrieve. By default, the result shows all fields of data.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "CVE is used to as a pivot for the impacted resource search.\n", + "in": "query", + "name": "cve", + "schema": { + "type": "string" + } + }, + { + "description": "SeverityThreshold is the minimum severity indicating that all retrieved CVEs severities are greater than or equal to the threshold.\n", + "in": "query", + "name": "severityThreshold", + "schema": { + "type": "string" + } + }, + { + "description": "CVSSThreshold is the minimum CVSS score indicating that all retrieved CVEs CVSS scores are greater than or equal to the threshold.\n", + "in": "query", + "name": "cvssThreshold", + "schema": { + "format": "float", + "type": "number" + } + }, + { + "description": "ResourceType is the single resource type to return vulnerability data for.\n", + "in": "query", + "name": "resourceType", + "schema": { + "description": "ResourceType represents the resource type", + "enum": [ + [ + "container", + "image", + "host", + "istio", + "vm", + "function", + "codeRepo", + "registryImage" + ] + ], + "type": "string" + } + }, + { + "description": "Agentless indicates whether to retrieve vulnerability data for agentless hosts/images.\n", + "in": "query", + "name": "agentless", + "schema": { + "type": "boolean" + } + }, + { + "description": "Stopped indicates whether to retrieve vulnerability data for hosts that were not running during agentless scan.\n", + "in": "query", + "name": "stopped", + "schema": { + "type": "boolean" + } + }, + { + "description": "Packages filter by impacted packages.\n", + "in": "query", + "name": "packages", + "schema": { + "description": "Packages filter by impacted packages.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "RiskFactors filter by CVE risk factors.\n", + "in": "query", + "name": "riskFactors", + "schema": { + "description": "RiskFactors filter by CVE risk factors.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "EnvRiskFactors filter by environmental risk factors.\n", + "in": "query", + "name": "envRiskFactors", + "schema": { + "description": "EnvRiskFactors filter by environmental risk factors.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + } + ], + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/types.VulnImpactedResources" + } + } + }, + "description": "VulnImpactedResources holds details about the resources impacted by vulnerability" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Stats" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorVuln", + "saas": true, + "self-hosted": true + }, + "x-public": true, + "operationId": "get-stats-vulnerabilities-impacted-resources", + "summary": "Get Impacted Resources Vulnerability (CVE) Stats" + } + }, + "/api/v30.03/stats/vulnerabilities/impacted-resources/download": { + "get": { + "description": { + "$ref": "https://raw.githubusercontent.com/PaloAltoNetworks/prisma-cloud-docs/master/api/descriptions/stats/vulnerabilities_impacted_resources_download_get.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Number of reports to retrieve in a page.\nFor PCCE, the maximum limit is 250.\nFor PCEE, the maximum limit is 50.\nThe default value is 50.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Retrieves the result for a search term.\n", + "in": "query", + "name": "search", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result using a key.\nRefer to the columns in the relevant Prisma Cloud Compute user interface to use them as sort keys.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": "Filters the result based on collection names that you have defined in Prisma Cloud Compute.\n", + "in": "query", + "name": "collections", + "schema": { + "description": "Filters the result based on collection names that you have defined in Prisma Cloud Compute.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Scopes the query by cloud provider.\n", + "in": "query", + "name": "provider", + "schema": { + "description": "Scopes the query by cloud provider.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters the result based on cloud account IDs.\n", + "in": "query", + "name": "accountIDs", + "schema": { + "description": "Filters the result based on cloud account IDs.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Scopes the query by resource ID.\n", + "in": "query", + "name": "resourceIDs", + "schema": { + "description": "Scopes the query by resource ID.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Scopes the query by cloud region.\n", + "in": "query", + "name": "region", + "schema": { + "description": "Scopes the query by cloud region.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Retrieves the fields that you need in a report.\nUse the list of fields you want to retrieve. By default, the result shows all fields of data.\n", + "in": "query", + "name": "fields", + "schema": { + "description": "Retrieves the fields that you need in a report.\nUse the list of fields you want to retrieve. By default, the result shows all fields of data.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "CVE is used to as a pivot for the impacted resource search.\n", + "in": "query", + "name": "cve", + "schema": { + "type": "string" + } + }, + { + "description": "SeverityThreshold is the minimum severity indicating that all retrieved CVEs severities are greater than or equal to the threshold.\n", + "in": "query", + "name": "severityThreshold", + "schema": { + "type": "string" + } + }, + { + "description": "CVSSThreshold is the minimum CVSS score indicating that all retrieved CVEs CVSS scores are greater than or equal to the threshold.\n", + "in": "query", + "name": "cvssThreshold", + "schema": { + "format": "float", + "type": "number" + } + }, + { + "description": "ResourceType is the single resource type to return vulnerability data for.\n", + "in": "query", + "name": "resourceType", + "schema": { + "description": "ResourceType represents the resource type", + "enum": [ + [ + "container", + "image", + "host", + "istio", + "vm", + "function", + "codeRepo", + "registryImage" + ] + ], + "type": "string" + } + }, + { + "description": "Agentless indicates whether to retrieve vulnerability data for agentless hosts/images.\n", + "in": "query", + "name": "agentless", + "schema": { + "type": "boolean" + } + }, + { + "description": "Stopped indicates whether to retrieve vulnerability data for hosts that were not running during agentless scan.\n", + "in": "query", + "name": "stopped", + "schema": { + "type": "boolean" + } + }, + { + "description": "Packages filter by impacted packages.\n", + "in": "query", + "name": "packages", + "schema": { + "description": "Packages filter by impacted packages.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "RiskFactors filter by CVE risk factors.\n", + "in": "query", + "name": "riskFactors", + "schema": { + "description": "RiskFactors filter by CVE risk factors.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "EnvRiskFactors filter by environmental risk factors.\n", + "in": "query", + "name": "envRiskFactors", + "schema": { + "description": "EnvRiskFactors filter by environmental risk factors.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + } + ], + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Stats" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorVuln", + "saas": true, + "self-hosted": true + }, + "x-public": true, + "operationId": "get-stats-vulnerabilities-impacted-resources-download", + "summary": "Download Impacted Resources Vulnerability (CVE) Stats" + } + }, + "/api/v30.03/stats/vulnerabilities/refresh": { + "post": { + "description": { + "$ref": "https://raw.githubusercontent.com/PaloAltoNetworks/prisma-cloud-docs/master/api/descriptions/stats/vulnerabilities_refresh_post.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Number of reports to retrieve in a page.\nFor PCCE, the maximum limit is 250.\nFor PCEE, the maximum limit is 50.\nThe default value is 50.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Retrieves the result for a search term.\n", + "in": "query", + "name": "search", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result using a key.\nRefer to the columns in the relevant Prisma Cloud Compute user interface to use them as sort keys.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": "Filters the result based on collection names that you have defined in Prisma Cloud Compute.\n", + "in": "query", + "name": "collections", + "schema": { + "description": "Filters the result based on collection names that you have defined in Prisma Cloud Compute.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Scopes the query by cloud provider.\n", + "in": "query", + "name": "provider", + "schema": { + "description": "Scopes the query by cloud provider.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters the result based on cloud account IDs.\n", + "in": "query", + "name": "accountIDs", + "schema": { + "description": "Filters the result based on cloud account IDs.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Scopes the query by resource ID.\n", + "in": "query", + "name": "resourceIDs", + "schema": { + "description": "Scopes the query by resource ID.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Scopes the query by cloud region.\n", + "in": "query", + "name": "region", + "schema": { + "description": "Scopes the query by cloud region.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Retrieves the fields that you need in a report.\nUse the list of fields you want to retrieve. By default, the result shows all fields of data.\n", + "in": "query", + "name": "fields", + "schema": { + "description": "Retrieves the fields that you need in a report.\nUse the list of fields you want to retrieve. By default, the result shows all fields of data.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + } + ], + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/-_types.VulnerabilityStats" + } + } + }, + "description": "" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Stats" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorVuln", + "saas": true, + "self-hosted": true + }, + "x-public": true, + "operationId": "post-stats-vulnerabilities-refresh", + "summary": "Refresh Vulnerability Stats" + } + }, + "/api/v30.03/statuses/registry": { + "get": { + "description": { + "$ref": "https://raw.githubusercontent.com/PaloAltoNetworks/prisma-cloud-docs/master/api/descriptions/statuses/registry_get.md" + }, + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/defender.ScanStatus" + } + } + }, + "description": "ScanStatus represents the status of current scan" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Statuses" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorImages", + "saas": true, + "self-hosted": true + }, + "x-public": true, + "operationId": "get-statuses-registry", + "summary": "Get Registry Scan Status" + } + }, + "/api/v30.03/tags": { + "get": { + "description": { + "$ref": "https://raw.githubusercontent.com/PaloAltoNetworks/prisma-cloud-docs/master/api/descriptions/tags/get.md" + }, + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/-_shared.Tag" + } + } + }, + "description": "" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Tags" + ], + "x-prisma-cloud-target-env": { + "permission": "collections", + "saas": true, + "self-hosted": true + }, + "x-public": true, + "operationId": "get-tags", + "summary": "Get Tags" + }, + "post": { + "description": { + "$ref": "https://raw.githubusercontent.com/PaloAltoNetworks/prisma-cloud-docs/master/api/descriptions/tags/post.md" + }, + "requestBody": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/shared.Tag" + } + } + } + }, + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Tags" + ], + "x-prisma-cloud-target-env": { + "permission": "collections", + "saas": true, + "self-hosted": true + }, + "x-public": true, + "operationId": "post-tags", + "summary": "Add Tags" + } + }, + "/api/v30.03/tags/{id}": { + "delete": { + "description": { + "$ref": "https://raw.githubusercontent.com/PaloAltoNetworks/prisma-cloud-docs/master/api/descriptions/tags/name_delete.md" + }, + "parameters": [ + { + "in": "path", + "name": "id", + "required": true, + "schema": { + "type": "string" + } + } + ], + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Tags" + ], + "x-prisma-cloud-target-env": { + "permission": "collections", + "saas": true, + "self-hosted": true + }, + "x-public": true, + "operationId": "delete-tags-id", + "summary": "Delete a Tag" + }, + "put": { + "description": { + "$ref": "https://raw.githubusercontent.com/PaloAltoNetworks/prisma-cloud-docs/master/api/descriptions/tags/name_put.md" + }, + "parameters": [ + { + "in": "path", + "name": "id", + "required": true, + "schema": { + "type": "string" + } + } + ], + "requestBody": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/shared.Tag" + } + } + } + }, + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Tags" + ], + "x-prisma-cloud-target-env": { + "permission": "collections", + "saas": true, + "self-hosted": true + }, + "x-public": true, + "operationId": "put-tags-id", + "summary": "Update a Tag" + } + }, + "/api/v30.03/tags/{id}/vuln": { + "delete": { + "description": { + "$ref": "https://raw.githubusercontent.com/PaloAltoNetworks/prisma-cloud-docs/master/api/descriptions/tags/tag_cve_delete.md" + }, + "parameters": [ + { + "in": "path", + "name": "id", + "required": true, + "schema": { + "type": "string" + } + } + ], + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Tags" + ], + "x-prisma-cloud-target-env": { + "permission": "collections", + "saas": true, + "self-hosted": true + }, + "x-public": true, + "operationId": "delete-tags-id-vuln", + "summary": "Delete Tag Vulnerability Metadata" + }, + "post": { + "description": { + "$ref": "https://raw.githubusercontent.com/PaloAltoNetworks/prisma-cloud-docs/master/api/descriptions/tags/tag_cve_post.md" + }, + "parameters": [ + { + "in": "path", + "name": "id", + "required": true, + "schema": { + "type": "string" + } + } + ], + "requestBody": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/shared.TagVulnMetadata" + } + } + } + }, + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Tags" + ], + "x-prisma-cloud-target-env": { + "permission": "collections", + "saas": true, + "self-hosted": true + }, + "x-public": true, + "operationId": "post-tags-id-vuln", + "summary": "Set Tag Vulnerability Metadata" + } + }, + "/api/v30.03/tas-droplets": { + "get": { + "description": { + "$ref": "https://raw.githubusercontent.com/PaloAltoNetworks/prisma-cloud-docs/master/api/descriptions/tas-droplets/get.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Number of reports to retrieve in a page.\nFor PCCE, the maximum limit is 250.\nFor PCEE, the maximum limit is 50.\nThe default value is 50.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Retrieves the result for a search term.\n", + "in": "query", + "name": "search", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result using a key.\nRefer to the columns in the relevant Prisma Cloud Compute user interface to use them as sort keys.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": "Filters the result based on collection names that you have defined in Prisma Cloud Compute.\n", + "in": "query", + "name": "collections", + "schema": { + "description": "Filters the result based on collection names that you have defined in Prisma Cloud Compute.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Scopes the query by cloud provider.\n", + "in": "query", + "name": "provider", + "schema": { + "description": "Scopes the query by cloud provider.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters the result based on cloud account IDs.\n", + "in": "query", + "name": "accountIDs", + "schema": { + "description": "Filters the result based on cloud account IDs.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Scopes the query by resource ID.\n", + "in": "query", + "name": "resourceIDs", + "schema": { + "description": "Scopes the query by resource ID.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Scopes the query by cloud region.\n", + "in": "query", + "name": "region", + "schema": { + "description": "Scopes the query by cloud region.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Retrieves the fields that you need in a report.\nUse the list of fields you want to retrieve. By default, the result shows all fields of data.\n", + "in": "query", + "name": "fields", + "schema": { + "description": "Retrieves the fields that you need in a report.\nUse the list of fields you want to retrieve. By default, the result shows all fields of data.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Retrieves a list of cloud function IDs.\n", + "in": "query", + "name": "id", + "schema": { + "description": "Retrieves a list of cloud function IDs.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Retrieves a list of cloud controller addresses that contains the cloud functions.\n", + "in": "query", + "name": "cloudControllerAddresses", + "schema": { + "description": "Retrieves a list of cloud controller addresses that contains the cloud functions.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters the result based on cloud runtimes.\n", + "in": "query", + "name": "runtime", + "schema": { + "description": "Filters the result based on cloud runtimes.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters the result based on cloud function's versions.\n", + "in": "query", + "name": "version", + "schema": { + "description": "Filters the result based on cloud function's versions.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters the result based on AWS Lambda Layers.\n", + "in": "query", + "name": "functionLayers", + "schema": { + "description": "Filters the result based on AWS Lambda Layers.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters result based on cloud functions that are connected and protected by a Defender.\n", + "in": "query", + "name": "defended", + "schema": { + "type": "boolean" + } + }, + { + "description": "Filters result based on compliance IDs.\n", + "in": "query", + "name": "complianceIDs", + "schema": { + "description": "Filters result based on compliance IDs.\n", + "items": { + "$ref": "#/components/schemas/int" + }, + "type": "array" + } + }, + { + "description": "Filters result based on platforms (OS and architecture) such as Windows, Linux ARM x64, Linux x86, and so on.\n", + "in": "query", + "name": "platform", + "schema": { + "description": "Filters result based on platforms (OS and architecture) such as Windows, Linux ARM x64, Linux x86, and so on.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Retrieves the result in the normalized form of low, medium, high, and critical based on vulnerability's severity level.\nDefault is false.\n", + "in": "query", + "name": "normalizedSeverity", + "schema": { + "type": "boolean" + } + } + ], + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/-_serverless.FunctionInfo" + } + } + }, + "description": "" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Tas-Droplets" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorImages", + "saas": true, + "self-hosted": true + }, + "x-public": true, + "operationId": "get-tas-droplets", + "summary": "Get TAS Droplets" + } + }, + "/api/v30.03/tas-droplets/download": { + "get": { + "description": { + "$ref": "https://raw.githubusercontent.com/PaloAltoNetworks/prisma-cloud-docs/master/api/descriptions/tas-droplets/download_get.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Number of reports to retrieve in a page.\nFor PCCE, the maximum limit is 250.\nFor PCEE, the maximum limit is 50.\nThe default value is 50.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Retrieves the result for a search term.\n", + "in": "query", + "name": "search", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result using a key.\nRefer to the columns in the relevant Prisma Cloud Compute user interface to use them as sort keys.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": "Filters the result based on collection names that you have defined in Prisma Cloud Compute.\n", + "in": "query", + "name": "collections", + "schema": { + "description": "Filters the result based on collection names that you have defined in Prisma Cloud Compute.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Scopes the query by cloud provider.\n", + "in": "query", + "name": "provider", + "schema": { + "description": "Scopes the query by cloud provider.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters the result based on cloud account IDs.\n", + "in": "query", + "name": "accountIDs", + "schema": { + "description": "Filters the result based on cloud account IDs.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Scopes the query by resource ID.\n", + "in": "query", + "name": "resourceIDs", + "schema": { + "description": "Scopes the query by resource ID.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Scopes the query by cloud region.\n", + "in": "query", + "name": "region", + "schema": { + "description": "Scopes the query by cloud region.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Retrieves the fields that you need in a report.\nUse the list of fields you want to retrieve. By default, the result shows all fields of data.\n", + "in": "query", + "name": "fields", + "schema": { + "description": "Retrieves the fields that you need in a report.\nUse the list of fields you want to retrieve. By default, the result shows all fields of data.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Retrieves a list of cloud function IDs.\n", + "in": "query", + "name": "id", + "schema": { + "description": "Retrieves a list of cloud function IDs.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Retrieves a list of cloud controller addresses that contains the cloud functions.\n", + "in": "query", + "name": "cloudControllerAddresses", + "schema": { + "description": "Retrieves a list of cloud controller addresses that contains the cloud functions.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters the result based on cloud runtimes.\n", + "in": "query", + "name": "runtime", + "schema": { + "description": "Filters the result based on cloud runtimes.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters the result based on cloud function's versions.\n", + "in": "query", + "name": "version", + "schema": { + "description": "Filters the result based on cloud function's versions.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters the result based on AWS Lambda Layers.\n", + "in": "query", + "name": "functionLayers", + "schema": { + "description": "Filters the result based on AWS Lambda Layers.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters result based on cloud functions that are connected and protected by a Defender.\n", + "in": "query", + "name": "defended", + "schema": { + "type": "boolean" + } + }, + { + "description": "Filters result based on compliance IDs.\n", + "in": "query", + "name": "complianceIDs", + "schema": { + "description": "Filters result based on compliance IDs.\n", + "items": { + "$ref": "#/components/schemas/int" + }, + "type": "array" + } + }, + { + "description": "Filters result based on platforms (OS and architecture) such as Windows, Linux ARM x64, Linux x86, and so on.\n", + "in": "query", + "name": "platform", + "schema": { + "description": "Filters result based on platforms (OS and architecture) such as Windows, Linux ARM x64, Linux x86, and so on.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Retrieves the result in the normalized form of low, medium, high, and critical based on vulnerability's severity level.\nDefault is false.\n", + "in": "query", + "name": "normalizedSeverity", + "schema": { + "type": "boolean" + } + } + ], + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Tas-Droplets" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorImages", + "saas": true, + "self-hosted": true + }, + "x-public": true, + "operationId": "get-tas-droplets-download", + "summary": "Download TAS Droplets" + } + }, + "/api/v30.03/tas-droplets/progress": { + "get": { + "description": { + "$ref": "https://raw.githubusercontent.com/PaloAltoNetworks/prisma-cloud-docs/master/api/descriptions/tas-droplets/progress_get.md" + }, + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/-_shared.Progress" + } + } + }, + "description": "" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Tas-Droplets" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorImages", + "saas": true, + "self-hosted": true + }, + "x-public": true, + "operationId": "get-tas-droplets-progress", + "summary": "View TAS Droplets Scan Progress" + } + }, + "/api/v30.03/tas-droplets/scan": { + "post": { + "description": { + "$ref": "https://raw.githubusercontent.com/PaloAltoNetworks/prisma-cloud-docs/master/api/descriptions/tas-droplets/scan_post.md" + }, + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Tas-Droplets" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorImages", + "saas": true, + "self-hosted": true + }, + "x-public": true, + "operationId": "post-tas-droplets-scan", + "summary": "Scan TAS Droplets" + } + }, + "/api/v30.03/tas-droplets/stop": { + "post": { + "description": { + "$ref": "https://raw.githubusercontent.com/PaloAltoNetworks/prisma-cloud-docs/master/api/descriptions/tas-droplets/stop_post.md" + }, + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Tas-Droplets" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorImages", + "saas": true, + "self-hosted": true + }, + "x-public": true, + "operationId": "post-tas-droplets-stop", + "summary": "Stop TAS Droplets Ongoing Scan" + } + }, + "/api/v30.03/trust/data": { + "get": { + "description": { + "$ref": "https://raw.githubusercontent.com/PaloAltoNetworks/prisma-cloud-docs/master/api/descriptions/trust/data_get.md" + }, + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/trust.Data" + } + } + }, + "description": "Data holds the image trust data" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Trust" + ], + "x-prisma-cloud-target-env": { + "permission": "policyContainers", + "saas": true, + "self-hosted": true + }, + "x-public": true, + "operationId": "get-trust-data", + "summary": "Get Trusted Repository, Image, and Registry" + }, + "put": { + "description": { + "$ref": "https://raw.githubusercontent.com/PaloAltoNetworks/prisma-cloud-docs/master/api/descriptions/trust/data_put.md" + }, + "requestBody": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/trust.Data" + } + } + } + }, + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Trust" + ], + "x-prisma-cloud-target-env": { + "permission": "policyContainers", + "saas": true, + "self-hosted": true + }, + "x-public": true, + "operationId": "put-trust-data", + "summary": "Update Trusted Repository, Image, and Registry" + } + }, + "/api/v30.03/users": { + "get": { + "description": { + "$ref": "https://raw.githubusercontent.com/PaloAltoNetworks/prisma-cloud-docs/master/api/descriptions/users/get.md" + }, + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/api.UserList" + } + } + }, + "description": "UserList represents a list of users" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Users" + ], + "x-prisma-cloud-target-env": { + "permission": "userManagement", + "saas": true, + "self-hosted": true + }, + "x-public": true, + "operationId": "get-users", + "summary": "Get Users" + }, + "post": { + "description": { + "$ref": "https://raw.githubusercontent.com/PaloAltoNetworks/prisma-cloud-docs/master/api/descriptions/users/post.md" + }, + "requestBody": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/api.User" + } + } + } + }, + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Users" + ], + "x-prisma-cloud-target-env": { + "permission": "userManagement", + "saas": false, + "self-hosted": true + }, + "x-public": true, + "operationId": "post-users", + "summary": "Add Users" + }, + "put": { + "description": { + "$ref": "https://raw.githubusercontent.com/PaloAltoNetworks/prisma-cloud-docs/master/api/descriptions/users/put.md" + }, + "requestBody": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/api.User" + } + } + } + }, + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Users" + ], + "x-prisma-cloud-target-env": { + "permission": "userManagement", + "saas": false, + "self-hosted": true + }, + "x-public": true, + "operationId": "put-users", + "summary": "Update Users" + } + }, + "/api/v30.03/users/password": { + "put": { + "description": { + "$ref": "https://raw.githubusercontent.com/PaloAltoNetworks/prisma-cloud-docs/master/api/descriptions/users/password_put.md" + }, + "requestBody": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/types.UserPassword" + } + } + } + }, + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Users" + ], + "x-prisma-cloud-target-env": { + "permission": "user", + "saas": false, + "self-hosted": true + }, + "x-public": true, + "operationId": "put-users-password", + "summary": "Update User Password" + } + }, + "/api/v30.03/users/{id}": { + "delete": { + "description": { + "$ref": "https://raw.githubusercontent.com/PaloAltoNetworks/prisma-cloud-docs/master/api/descriptions/users/id_delete.md" + }, + "parameters": [ + { + "in": "path", + "name": "id", + "required": true, + "schema": { + "type": "string" + } + } + ], + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Users" + ], + "x-prisma-cloud-target-env": { + "permission": "userManagement", + "saas": false, + "self-hosted": true + }, + "x-public": true, + "operationId": "delete-users-id", + "summary": "Delete Users" + } + }, + "/api/v30.03/util/arm64/twistcli": { + "get": { + "description": { + "$ref": "https://raw.githubusercontent.com/PaloAltoNetworks/prisma-cloud-docs/master/api/descriptions/util/twistcli_arm64_get.md" + }, + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Util" + ], + "x-prisma-cloud-target-env": { + "permission": "downloads", + "saas": true, + "self-hosted": true + }, + "x-public": true, + "operationId": "get-util-arm64-twistcli", + "summary": "Download ARM64 twistcli for Linux OS" + } + }, + "/api/v30.03/util/osx/arm64/twistcli": { + "get": { + "description": { + "$ref": "https://raw.githubusercontent.com/PaloAltoNetworks/prisma-cloud-docs/master/api/descriptions/util/osx_twistcli_arm64_get.md" + }, + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Util" + ], + "x-prisma-cloud-target-env": { + "permission": "downloads", + "saas": true, + "self-hosted": true + }, + "x-public": true, + "operationId": "get-util-osx-arm64-twistcli", + "summary": "Download ARM64 twistcli for MacOS" + } + }, + "/api/v30.03/util/osx/twistcli": { + "get": { + "description": { + "$ref": "https://raw.githubusercontent.com/PaloAltoNetworks/prisma-cloud-docs/master/api/descriptions/util/osx_twistcli_get.md" + }, + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Util" + ], + "x-prisma-cloud-target-env": { + "permission": "downloads", + "saas": true, + "self-hosted": true + }, + "x-public": true, + "operationId": "get-util-osx-twistcli", + "summary": "Download twistcli for MacOS" + } + }, + "/api/v30.03/util/twistcli": { + "get": { + "description": { + "$ref": "https://raw.githubusercontent.com/PaloAltoNetworks/prisma-cloud-docs/master/api/descriptions/util/twistcli_get.md" + }, + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Util" + ], + "x-prisma-cloud-target-env": { + "permission": "downloads", + "saas": true, + "self-hosted": true + }, + "x-public": true, + "operationId": "get-util-twistcli", + "summary": "Download twistcli for Linux OS" + } + }, + "/api/v30.03/util/windows/twistcli.exe": { + "get": { + "description": { + "$ref": "https://raw.githubusercontent.com/PaloAltoNetworks/prisma-cloud-docs/master/api/descriptions/util/windows_twistcli_get.md" + }, + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Util" + ], + "x-prisma-cloud-target-env": { + "permission": "downloads", + "saas": true, + "self-hosted": true + }, + "x-public": true, + "operationId": "get-util-windows-twistcli.exe", + "summary": "Download twistcli for Microsoft Windows" + } + }, + "/api/v30.03/version": { + "get": { + "description": { + "$ref": "https://raw.githubusercontent.com/PaloAltoNetworks/prisma-cloud-docs/master/api/descriptions/version/get.md" + }, + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/string" + } + } + }, + "description": "" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Version" + ], + "x-prisma-cloud-target-env": { + "permission": "user", + "saas": true, + "self-hosted": true + }, + "x-public": true, + "operationId": "get-version", + "summary": "Get Prisma Cloud Compute Version" + } + }, + "/api/v30.03/vms": { + "get": { + "description": { + "$ref": "https://raw.githubusercontent.com/PaloAltoNetworks/prisma-cloud-docs/master/api/descriptions/vms/get.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Number of reports to retrieve in a page.\nFor PCCE, the maximum limit is 250.\nFor PCEE, the maximum limit is 50.\nThe default value is 50.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Retrieves the result for a search term.\n", + "in": "query", + "name": "search", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result using a key.\nRefer to the columns in the relevant Prisma Cloud Compute user interface to use them as sort keys.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": "Filters the result based on collection names that you have defined in Prisma Cloud Compute.\n", + "in": "query", + "name": "collections", + "schema": { + "description": "Filters the result based on collection names that you have defined in Prisma Cloud Compute.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Scopes the query by cloud provider.\n", + "in": "query", + "name": "provider", + "schema": { + "description": "Scopes the query by cloud provider.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters the result based on cloud account IDs.\n", + "in": "query", + "name": "accountIDs", + "schema": { + "description": "Filters the result based on cloud account IDs.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Scopes the query by resource ID.\n", + "in": "query", + "name": "resourceIDs", + "schema": { + "description": "Scopes the query by resource ID.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Scopes the query by cloud region.\n", + "in": "query", + "name": "region", + "schema": { + "description": "Scopes the query by cloud region.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Retrieves the fields that you need in a report.\nUse the list of fields you want to retrieve. By default, the result shows all fields of data.\n", + "in": "query", + "name": "fields", + "schema": { + "description": "Retrieves the fields that you need in a report.\nUse the list of fields you want to retrieve. By default, the result shows all fields of data.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters the result based on VM IDs.\n", + "in": "query", + "name": "id", + "schema": { + "description": "Filters the result based on VM IDs.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters the result based on image names.\n", + "in": "query", + "name": "name", + "schema": { + "description": "Filters the result based on image names.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters the result based on cloud credentials.\n", + "in": "query", + "name": "credential", + "schema": { + "description": "Filters the result based on cloud credentials.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters the result based on OS distribution names.\n", + "in": "query", + "name": "distro", + "schema": { + "description": "Filters the result based on OS distribution names.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters the result based on release versions.\n", + "in": "query", + "name": "release", + "schema": { + "description": "Filters the result based on release versions.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters the result based on cloud image types. Example: Use marketplace, managed, or gallery for Microsoft Azure.\n", + "in": "query", + "name": "imageType", + "schema": { + "description": "Filters the result based on cloud image types. Example: Use marketplace, managed, or gallery for Microsoft Azure.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters the result based on compliance IDs.\n", + "in": "query", + "name": "complianceIDs", + "schema": { + "description": "Filters the result based on compliance IDs.\n", + "items": { + "$ref": "#/components/schemas/int" + }, + "type": "array" + } + }, + { + "description": "Retrieves the result in the normalized form of low, medium, high, and critical based on vulnerability's severity level.\nDefault is false.\n", + "in": "query", + "name": "normalizedSeverity", + "schema": { + "type": "boolean" + } + } + ], + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/-_shared.ImageScanResult" + } + } + }, + "description": "" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Vms" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorHosts", + "saas": true, + "self-hosted": true + }, + "x-public": true, + "operationId": "get-vms", + "summary": "Get VM Image Scan Results" + } + }, + "/api/v30.03/vms/download": { + "get": { + "description": { + "$ref": "https://raw.githubusercontent.com/PaloAltoNetworks/prisma-cloud-docs/master/api/descriptions/vms/download_get.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Number of reports to retrieve in a page.\nFor PCCE, the maximum limit is 250.\nFor PCEE, the maximum limit is 50.\nThe default value is 50.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Retrieves the result for a search term.\n", + "in": "query", + "name": "search", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result using a key.\nRefer to the columns in the relevant Prisma Cloud Compute user interface to use them as sort keys.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": "Filters the result based on collection names that you have defined in Prisma Cloud Compute.\n", + "in": "query", + "name": "collections", + "schema": { + "description": "Filters the result based on collection names that you have defined in Prisma Cloud Compute.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Scopes the query by cloud provider.\n", + "in": "query", + "name": "provider", + "schema": { + "description": "Scopes the query by cloud provider.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters the result based on cloud account IDs.\n", + "in": "query", + "name": "accountIDs", + "schema": { + "description": "Filters the result based on cloud account IDs.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Scopes the query by resource ID.\n", + "in": "query", + "name": "resourceIDs", + "schema": { + "description": "Scopes the query by resource ID.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Scopes the query by cloud region.\n", + "in": "query", + "name": "region", + "schema": { + "description": "Scopes the query by cloud region.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Retrieves the fields that you need in a report.\nUse the list of fields you want to retrieve. By default, the result shows all fields of data.\n", + "in": "query", + "name": "fields", + "schema": { + "description": "Retrieves the fields that you need in a report.\nUse the list of fields you want to retrieve. By default, the result shows all fields of data.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters the result based on VM IDs.\n", + "in": "query", + "name": "id", + "schema": { + "description": "Filters the result based on VM IDs.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters the result based on image names.\n", + "in": "query", + "name": "name", + "schema": { + "description": "Filters the result based on image names.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters the result based on cloud credentials.\n", + "in": "query", + "name": "credential", + "schema": { + "description": "Filters the result based on cloud credentials.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters the result based on OS distribution names.\n", + "in": "query", + "name": "distro", + "schema": { + "description": "Filters the result based on OS distribution names.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters the result based on release versions.\n", + "in": "query", + "name": "release", + "schema": { + "description": "Filters the result based on release versions.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters the result based on cloud image types. Example: Use marketplace, managed, or gallery for Microsoft Azure.\n", + "in": "query", + "name": "imageType", + "schema": { + "description": "Filters the result based on cloud image types. Example: Use marketplace, managed, or gallery for Microsoft Azure.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters the result based on compliance IDs.\n", + "in": "query", + "name": "complianceIDs", + "schema": { + "description": "Filters the result based on compliance IDs.\n", + "items": { + "$ref": "#/components/schemas/int" + }, + "type": "array" + } + }, + { + "description": "Retrieves the result in the normalized form of low, medium, high, and critical based on vulnerability's severity level.\nDefault is false.\n", + "in": "query", + "name": "normalizedSeverity", + "schema": { + "type": "boolean" + } + } + ], + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Vms" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorHosts", + "saas": true, + "self-hosted": true + }, + "x-public": true, + "operationId": "get-vms-download", + "summary": "Download VM Image Scan Results" + } + }, + "/api/v30.03/vms/labels": { + "get": { + "description": { + "$ref": "https://raw.githubusercontent.com/PaloAltoNetworks/prisma-cloud-docs/master/api/descriptions/vms/labels_get.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Number of reports to retrieve in a page.\nFor PCCE, the maximum limit is 250.\nFor PCEE, the maximum limit is 50.\nThe default value is 50.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Retrieves the result for a search term.\n", + "in": "query", + "name": "search", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result using a key.\nRefer to the columns in the relevant Prisma Cloud Compute user interface to use them as sort keys.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": "Filters the result based on collection names that you have defined in Prisma Cloud Compute.\n", + "in": "query", + "name": "collections", + "schema": { + "description": "Filters the result based on collection names that you have defined in Prisma Cloud Compute.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Scopes the query by cloud provider.\n", + "in": "query", + "name": "provider", + "schema": { + "description": "Scopes the query by cloud provider.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters the result based on cloud account IDs.\n", + "in": "query", + "name": "accountIDs", + "schema": { + "description": "Filters the result based on cloud account IDs.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Scopes the query by resource ID.\n", + "in": "query", + "name": "resourceIDs", + "schema": { + "description": "Scopes the query by resource ID.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Scopes the query by cloud region.\n", + "in": "query", + "name": "region", + "schema": { + "description": "Scopes the query by cloud region.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Retrieves the fields that you need in a report.\nUse the list of fields you want to retrieve. By default, the result shows all fields of data.\n", + "in": "query", + "name": "fields", + "schema": { + "description": "Retrieves the fields that you need in a report.\nUse the list of fields you want to retrieve. By default, the result shows all fields of data.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters the result based on VM IDs.\n", + "in": "query", + "name": "id", + "schema": { + "description": "Filters the result based on VM IDs.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters the result based on image names.\n", + "in": "query", + "name": "name", + "schema": { + "description": "Filters the result based on image names.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters the result based on cloud credentials.\n", + "in": "query", + "name": "credential", + "schema": { + "description": "Filters the result based on cloud credentials.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters the result based on OS distribution names.\n", + "in": "query", + "name": "distro", + "schema": { + "description": "Filters the result based on OS distribution names.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters the result based on release versions.\n", + "in": "query", + "name": "release", + "schema": { + "description": "Filters the result based on release versions.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters the result based on cloud image types. Example: Use marketplace, managed, or gallery for Microsoft Azure.\n", + "in": "query", + "name": "imageType", + "schema": { + "description": "Filters the result based on cloud image types. Example: Use marketplace, managed, or gallery for Microsoft Azure.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters the result based on compliance IDs.\n", + "in": "query", + "name": "complianceIDs", + "schema": { + "description": "Filters the result based on compliance IDs.\n", + "items": { + "$ref": "#/components/schemas/int" + }, + "type": "array" + } + }, + { + "description": "Retrieves the result in the normalized form of low, medium, high, and critical based on vulnerability's severity level.\nDefault is false.\n", + "in": "query", + "name": "normalizedSeverity", + "schema": { + "type": "boolean" + } + } + ], + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/-_string" + } + } + }, + "description": "" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Vms" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorHosts", + "saas": true, + "self-hosted": true + }, + "x-public": true, + "operationId": "get-vms-labels", + "summary": "Get VM Image Tags" + } + }, + "/api/v30.03/vms/names": { + "get": { + "description": { + "$ref": "https://raw.githubusercontent.com/PaloAltoNetworks/prisma-cloud-docs/master/api/descriptions/vms/names_get.md" + }, + "parameters": [ + { + "description": "Offsets the result to a specific report count. Offset starts from 0.\n", + "in": "query", + "name": "offset", + "schema": { + "type": "integer" + } + }, + { + "description": "Number of reports to retrieve in a page.\nFor PCCE, the maximum limit is 250.\nFor PCEE, the maximum limit is 50.\nThe default value is 50.\n", + "in": "query", + "name": "limit", + "schema": { + "type": "integer" + } + }, + { + "description": "Retrieves the result for a search term.\n", + "in": "query", + "name": "search", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result using a key.\nRefer to the columns in the relevant Prisma Cloud Compute user interface to use them as sort keys.\n", + "in": "query", + "name": "sort", + "schema": { + "type": "string" + } + }, + { + "description": "Sorts the result in reverse order.\n", + "in": "query", + "name": "reverse", + "schema": { + "type": "boolean" + } + }, + { + "description": "Filters the result based on collection names that you have defined in Prisma Cloud Compute.\n", + "in": "query", + "name": "collections", + "schema": { + "description": "Filters the result based on collection names that you have defined in Prisma Cloud Compute.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Scopes the query by cloud provider.\n", + "in": "query", + "name": "provider", + "schema": { + "description": "Scopes the query by cloud provider.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters the result based on cloud account IDs.\n", + "in": "query", + "name": "accountIDs", + "schema": { + "description": "Filters the result based on cloud account IDs.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Scopes the query by resource ID.\n", + "in": "query", + "name": "resourceIDs", + "schema": { + "description": "Scopes the query by resource ID.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Scopes the query by cloud region.\n", + "in": "query", + "name": "region", + "schema": { + "description": "Scopes the query by cloud region.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Retrieves the fields that you need in a report.\nUse the list of fields you want to retrieve. By default, the result shows all fields of data.\n", + "in": "query", + "name": "fields", + "schema": { + "description": "Retrieves the fields that you need in a report.\nUse the list of fields you want to retrieve. By default, the result shows all fields of data.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters the result based on VM IDs.\n", + "in": "query", + "name": "id", + "schema": { + "description": "Filters the result based on VM IDs.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters the result based on image names.\n", + "in": "query", + "name": "name", + "schema": { + "description": "Filters the result based on image names.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters the result based on cloud credentials.\n", + "in": "query", + "name": "credential", + "schema": { + "description": "Filters the result based on cloud credentials.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters the result based on OS distribution names.\n", + "in": "query", + "name": "distro", + "schema": { + "description": "Filters the result based on OS distribution names.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters the result based on release versions.\n", + "in": "query", + "name": "release", + "schema": { + "description": "Filters the result based on release versions.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters the result based on cloud image types. Example: Use marketplace, managed, or gallery for Microsoft Azure.\n", + "in": "query", + "name": "imageType", + "schema": { + "description": "Filters the result based on cloud image types. Example: Use marketplace, managed, or gallery for Microsoft Azure.\n", + "items": { + "$ref": "#/components/schemas/string" + }, + "type": "array" + } + }, + { + "description": "Filters the result based on compliance IDs.\n", + "in": "query", + "name": "complianceIDs", + "schema": { + "description": "Filters the result based on compliance IDs.\n", + "items": { + "$ref": "#/components/schemas/int" + }, + "type": "array" + } + }, + { + "description": "Retrieves the result in the normalized form of low, medium, high, and critical based on vulnerability's severity level.\nDefault is false.\n", + "in": "query", + "name": "normalizedSeverity", + "schema": { + "type": "boolean" + } + } + ], + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/-_string" + } + } + }, + "description": "" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Vms" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorHosts", + "saas": true, + "self-hosted": true + }, + "x-public": true, + "operationId": "get-vms-names", + "summary": "Get VM Image Names" + } + }, + "/api/v30.03/vms/scan": { + "post": { + "description": { + "$ref": "https://raw.githubusercontent.com/PaloAltoNetworks/prisma-cloud-docs/master/api/descriptions/vms/scan_post.md" + }, + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Vms" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorHosts", + "saas": true, + "self-hosted": true + }, + "x-public": true, + "operationId": "post-vms-scan", + "summary": "Start VM Image Scan" + } + }, + "/api/v30.03/vms/stop": { + "post": { + "description": { + "$ref": "https://raw.githubusercontent.com/PaloAltoNetworks/prisma-cloud-docs/master/api/descriptions/vms/stop_post.md" + }, + "responses": { + "200": { + "description": "OK" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Vms" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorHosts", + "saas": true, + "self-hosted": true + }, + "x-public": true, + "operationId": "post-vms-stop", + "summary": "Stop VM Image Scan" + } + }, + "/api/v30.03/waas/openapi-scans": { + "post": { + "description": { + "$ref": "https://raw.githubusercontent.com/PaloAltoNetworks/prisma-cloud-docs/master/api/descriptions/waas/openapi-scans_post.md" + }, + "responses": { + "200": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/waas.OpenAPIScan" + } + } + }, + "description": "OpenAPIScan represents the OpenAPI file scan" + }, + "default": { + "description": "" + } + }, + "tags": [ + "Waas" + ], + "x-prisma-cloud-target-env": { + "permission": "monitorWAAS", + "saas": true, + "self-hosted": true + }, + "x-public": true, + "operationId": "post-waas-openapi-scans", + "summary": "Scan OpenAPI Specification File for WAAS Observations" + } + } + }, + "tags": [ + { + "name": "Agentless", + "description": { + "$ref": "https://raw.githubusercontent.com/PaloAltoNetworks/prisma-cloud-docs/master/api/descriptions/agentless/agentless.md" + } + }, + { + "name": "Alert-Profiles" + }, + { + "name": "Application-Control" + }, + { + "name": "Audits", + "description": { + "$ref": "https://raw.githubusercontent.com/PaloAltoNetworks/prisma-cloud-docs/master/api/descriptions/audits/audits.md" + } + }, + { + "name": "Authenticate", + "description": { + "$ref": "https://raw.githubusercontent.com/PaloAltoNetworks/prisma-cloud-docs/master/api/descriptions/authenticate/authenticate.md" + } + }, + { + "name": "Authenticate-Client", + "description": { + "$ref": "https://raw.githubusercontent.com/PaloAltoNetworks/prisma-cloud-docs/master/api/descriptions/authenticate-client/authenticate-client.md" + } + }, + { + "name": "Backups" + }, + { + "name": "Ccs" + }, + { + "name": "Certs", + "description": { + "$ref": "https://raw.githubusercontent.com/PaloAltoNetworks/prisma-cloud-docs/master/api/descriptions/certs/certs.md" + } + }, + { + "name": "Cloud", + "description": { + "$ref": "https://raw.githubusercontent.com/PaloAltoNetworks/prisma-cloud-docs/master/api/descriptions/cloud/cloud.md" + } + }, + { + "name": "Cloud-Scan-Rules" + }, + { + "name": "Clustered-Db" + }, + { + "name": "Coderepos" + }, + { + "name": "Coderepos-CI" + }, + { + "name": "Collections", + "description": { + "$ref": "https://raw.githubusercontent.com/PaloAltoNetworks/prisma-cloud-docs/master/api/descriptions/collections/collections.md" + } + }, + { + "name": "Config" + }, + { + "name": "Containers", + "description": { + "$ref": "https://raw.githubusercontent.com/PaloAltoNetworks/prisma-cloud-docs/master/api/descriptions/containers/containers.md" + } + }, + { + "name": "Credentials", + "description": { + "$ref": "https://raw.githubusercontent.com/PaloAltoNetworks/prisma-cloud-docs/master/api/descriptions/credentials/credentials.md" + } + }, + { + "name": "Current" + }, + { + "name": "Custom-Compliance", + "description": { + "$ref": "https://raw.githubusercontent.com/PaloAltoNetworks/prisma-cloud-docs/master/api/descriptions/custom-compliance/custom-compliance.md" + } + }, + { + "name": "Custom-Rules", + "description": { + "$ref": "https://raw.githubusercontent.com/PaloAltoNetworks/prisma-cloud-docs/master/api/descriptions/custom-rules/custom-rules.md" + } + }, + { + "name": "Cves" + }, + { + "name": "Defenders", + "description": { + "$ref": "https://raw.githubusercontent.com/PaloAltoNetworks/prisma-cloud-docs/master/api/descriptions/defenders/defenders.md" + } + }, + { + "name": "Deployment" + }, + { + "name": "Feeds", + "description": { + "$ref": "https://raw.githubusercontent.com/PaloAltoNetworks/prisma-cloud-docs/master/api/descriptions/feeds/feeds.md" + } + }, + { + "name": "Forensic" + }, + { + "name": "Groups", + "description": { + "$ref": "https://raw.githubusercontent.com/PaloAltoNetworks/prisma-cloud-docs/master/api/descriptions/groups/groups.md" + } + }, + { + "name": "Harbor" + }, + { + "name": "Hosts", + "description": { + "$ref": "https://raw.githubusercontent.com/PaloAltoNetworks/prisma-cloud-docs/master/api/descriptions/hosts/hosts.md" + } + }, + { + "name": "Images", + "description": { + "$ref": "https://raw.githubusercontent.com/PaloAltoNetworks/prisma-cloud-docs/master/api/descriptions/images/images.md" + } + }, + { + "name": "Kubernetes" + }, + { + "name": "Logout" + }, + { + "name": "Logs" + }, + { + "name": "Policies", + "description": { + "$ref": "https://raw.githubusercontent.com/PaloAltoNetworks/prisma-cloud-docs/master/api/descriptions/policies/policies.md" + } + }, + { + "name": "Profiles", + "description": { + "$ref": "https://raw.githubusercontent.com/PaloAltoNetworks/prisma-cloud-docs/master/api/descriptions/profiles/profiles.md" + } + }, + { + "name": "Projects" + }, + { + "name": "Radar" + }, + { + "name": "Rbac" + }, + { + "name": "Registry", + "description": { + "$ref": "https://raw.githubusercontent.com/PaloAltoNetworks/prisma-cloud-docs/master/api/descriptions/registry/registry.md" + } + }, + { + "name": "Runtime" + }, + { + "name": "Sandbox" + }, + { + "name": "Scans", + "description": { + "$ref": "https://raw.githubusercontent.com/PaloAltoNetworks/prisma-cloud-docs/master/api/descriptions/scans/scans.md" + } + }, + { + "name": "Scripts" + }, + { + "name": "Security-Advisor" + }, + { + "name": "Serverless", + "description": { + "$ref": "https://raw.githubusercontent.com/PaloAltoNetworks/prisma-cloud-docs/master/api/descriptions/serverless/serverless.md" + } + }, + { + "name": "Settings", + "description": { + "$ref": "https://raw.githubusercontent.com/PaloAltoNetworks/prisma-cloud-docs/master/api/descriptions/settings/settings.md" + } + }, + { + "name": "Signup", + "description": { + "$ref": "https://raw.githubusercontent.com/PaloAltoNetworks/prisma-cloud-docs/master/api/descriptions/signup/signup.md" + } + }, + { + "name": "Static" + }, + { + "name": "Stats", + "description": { + "$ref": "https://raw.githubusercontent.com/PaloAltoNetworks/prisma-cloud-docs/master/api/descriptions/stats/stats.md" + } + }, + { + "name": "Statuses", + "description": { + "$ref": "https://raw.githubusercontent.com/PaloAltoNetworks/prisma-cloud-docs/master/api/descriptions/statuses/statuses.md" + } + }, + { + "description": "This API is an officially supported route", + "externalDocs": { + "url": "https://cdn.twistlock.com/docs/api/twistlock_api.html" + }, + "name": "Supported API" + }, + { + "name": "Tags", + "description": { + "$ref": "https://raw.githubusercontent.com/PaloAltoNetworks/prisma-cloud-docs/master/api/descriptions/tags/tags.md" + } + }, + { + "name": "Tas-Droplets" + }, + { + "name": "Trust", + "description": { + "$ref": "https://raw.githubusercontent.com/PaloAltoNetworks/prisma-cloud-docs/master/api/descriptions/trust/trust.md" + } + }, + { + "name": "Users", + "description": { + "$ref": "https://raw.githubusercontent.com/PaloAltoNetworks/prisma-cloud-docs/master/api/descriptions/users/users.md" + } + }, + { + "name": "Util", + "description": { + "$ref": "https://raw.githubusercontent.com/PaloAltoNetworks/prisma-cloud-docs/master/api/descriptions/util/util.md" + } + }, + { + "name": "Version", + "description": { + "$ref": "https://raw.githubusercontent.com/PaloAltoNetworks/prisma-cloud-docs/master/api/descriptions/version/version.md" + } + }, + { + "name": "VMs", + "description": { + "$ref": "https://raw.githubusercontent.com/PaloAltoNetworks/prisma-cloud-docs/master/api/descriptions/vms/vms.md" + } + }, + { + "name": "WAAS" + }, + { + "name": "Xsoar-Alerts" + }, + { + "name": "_Ping", + "description": { + "$ref": "https://raw.githubusercontent.com/PaloAltoNetworks/prisma-cloud-docs/master/api/descriptions/_ping/_ping.md" + } + } + ] +} \ No newline at end of file diff --git a/package.json b/package.json index 901ad00d3..95c3cc4ad 100644 --- a/package.json +++ b/package.json @@ -50,9 +50,9 @@ "@docusaurus/theme-mermaid": "^2.2.0", "algoliasearch": "^4.14.2", "clsx": "^1.2.1", - "docusaurus-plugin-openapi-docs": "1.7.2", + "docusaurus-plugin-openapi-docs": "0.0.0-616", "docusaurus-plugin-sass": "^0.2.2", - "docusaurus-theme-openapi-docs": "1.7.2", + "docusaurus-theme-openapi-docs": "0.0.0-616", "esbuild-loader": "^2.20.0", "fast-xml-parser": "^4.0.10", "firebase": "^9.14.0", diff --git a/products/compute/api/30-02/stable-endpoints.md b/products/compute/api/30-02/stable-endpoints.md new file mode 100644 index 000000000..40028f354 --- /dev/null +++ b/products/compute/api/30-02/stable-endpoints.md @@ -0,0 +1,104 @@ +--- +id: stable-endpoints +title: Supported Endpoints +sidebar_label: Supported Endpoints +slug: /compute/api/30-02 +--- + +With every release the Prisma Cloud Compute Edition APIs are versioned to indicate the release number to which they correspond. +The version-specific APIs are supported for the subsequent two major releases. + +With API versioning, as your Console is upgraded to newer versions, you can continue to use older versioned APIs with stability and migrate to newer version APIs at your convenience within the N-2 support lifecycle. + +The deployment scripts and Twistcli that you download from Console, uses the APIs associated with the specific version of Console. + +### Latest API Versions of Prisma Cloud Compute Edition + +If you're looking for latest version of Prisma Cloud Compute Edition, visit the following link: + +* [Prisma Cloud Compute Edition - Latest](/compute/api/) + +## Versioning + +The Compute API is versioned as follows: + +`/api/vX/route` + +Where: + +- `v1` - Always points to the latest API. This represents a larger set of APIs. Only the following v1 endpoints are supported and documented: + - api/v1/certs/ca.pem, get + - api/v1/certs/server-certs.sh, get + - api/v1/cloud/discovery/entities, get + - api/v1/registry/webhook/webhook, delete + - api/v1/registry/webhook/webhook, post + - api/v1/settings/license, post + - api/v1/signup, post + - api/v1/util/prisma-cloud-jenkins-plugin.hpi, get + - api/v1/util/tas-tile, get +- `vVersion` - Points to a version-specific API, where `Version` specifies the major and minor parts of a release's version string. + +As a best practice, update your scripts to use the version-specific API endpoints to ensure that your implementation is fully supported. +For the version-specific APIs, you will have access to the API Reference and Release Notes documentation for changes or updates that may impact you. + +When using the version-specific endpoints, you will need to update your automation scripts approximately once-a- year to stay in sync with the product [support lifecycle](https://docs.paloaltonetworks.com/prisma/prisma-cloud/prisma-cloud-admin-compute/upgrade/support_lifecycle.html). + +Starting with version 30.xx, each maintenance release (like 30.01, 30.02, and so on) may contain new features and improvements. As a result, the URLs for the APIs will be updated to reflect the version. + +You can use different .xx versions of the API at the same time for your automation requirements as we’ll continue to support backward compatibility for two major including minor (maintenance) release versions behind the current one (n-2). For example, while on build 30.01, you can continue to use the API paths such as api/v30.00, api/v22.12, and api/v22.06 due to backward compatibility. + +Though we recommend you to update scripts to use the current or new API paths, you won't need to worry about making changes to your code immediately when a new major or minor (maintenance) release is announced. + +**Note**: If you have a mixed environment of different version Defenders, then use the version of the API that matches the earliest version. + +If you use the /v1 APIs, Palo Alto Networks recommends that you consider revising your scripts to target the versioned API endpoints. +If you opt to continue using the v1 API endpoints, please adhere the to following guidelines: + +- Review the list of v1 endpoints you are using and make sure the corresponding versioned endpoints are available. +- If you are using an API that is only in the /v1 category and does not have a corresponding versioned API, you must review your implementation and update your scripts to adapt them to ensure that you do not experience a disruption. +- If you are using /v1 endpoints that are unsupported and not versioned, you can submit a feature request. + Your request for supporting the endpoint will be considered when planning the product roadmap for future releases. + +## Supported Endpoints + +The API Reference documentation includes the supported endpoints only. +From the Prisma Cloud Compute Console you can download a copy of the OpenAPI spec file. +This file lists all available endpoints, including unsupported endpoints. +Use the supported endpoints for ensuring stability. +Because the unsupported endpoints are not documented for use, they are subject to change, deprecation, or removal without notice. + +In the OpenAPI spec, supported endpoints are tagged as supported. +For example, the `POST /api/vX/authenticate` endpoint is tagged as follows: + +``` +"tags": [ + "Authenticate", + "Supported API" +] +``` + +## Supported Endpoint Categories + +Supported endpoints tend to fall in one of the following categories: + +- Reporting endpoints +- Config-as-code +- Deployment and config + +### Reporting Endpoints + +Reporting API calls are the ones used to download health or scan data such as vulnerabilities/compliance/runtime. +Access to the underlying data in JSON and CSV formats allows customers to easily access and transform data into business intelligence in the forms that meet their needs. +The output may be human-readable reports or, in other cases, the reporting data may feed automated decisions and processes. + +These are mostly under **Monitor** section in the Compute Console. + +### Config-as-Code + +Configuration as code is the formal migration of config between environments, backed by a version control system. +Customers who want to programmatically store and manage the configuration of infrastructure components, can utilize these to automate these components using the same approaches that they've used for production code and services. + +### Deployment and Config + +Deployment and config endpoints are essential for properly being able to automate the installation of Console, Defenders, as well as any configuration that deals with integrations. +These are useful to those who base their management of environments on automation, using tools such as Ansible, Puppet, Terraform etc to define desired configurations. diff --git a/products/compute/api/stable-endpoints.md b/products/compute/api/stable-endpoints.md index 67266df04..23ace58f0 100644 --- a/products/compute/api/stable-endpoints.md +++ b/products/compute/api/stable-endpoints.md @@ -14,6 +14,7 @@ The deployment scripts and Twistcli that you download from Console, uses the API All minor or maintainance versions (xx) of 30.xx release have n-2 support for backward compatibility. If you're looking for previous minor or maintenance release versions, visit the following link: +* [Prisma Cloud Compute Edition - 30.02](/compute/api/30-02/) * [Prisma Cloud Compute Edition - 30.01](/compute/api/30-01/) * [Prisma Cloud Compute Edition - 30.00](/compute/api/30-00/) ## Versioning diff --git a/products/compute/api/welcome-prisma-cloud-apis.md b/products/compute/api/welcome-prisma-cloud-apis.md index 12fa6b9af..6788e9fbf 100644 --- a/products/compute/api/welcome-prisma-cloud-apis.md +++ b/products/compute/api/welcome-prisma-cloud-apis.md @@ -23,6 +23,7 @@ Use the API to: All minor or maintainance versions (xx) of 30.xx release have n-2 support for backward compatibility. If you're looking for previous minor or maintenance release versions, visit the following link: +* [Prisma Cloud Compute Edition - 30.02](/compute/api/30-02/) * [Prisma Cloud Compute Edition - 30.01](/compute/api/30-01/) * [Prisma Cloud Compute Edition - 30.00](/compute/api/30-00/) diff --git a/products/compute/sidebars.js b/products/compute/sidebars.js index 5cae39ab3..997347dfd 100644 --- a/products/compute/sidebars.js +++ b/products/compute/sidebars.js @@ -5,7 +5,7 @@ const { } = require("docusaurus-plugin-openapi-docs/lib/sidebars/utils"); module.exports = { - compute_3002: [ + compute: [ { type: "html", defaultStyle: true, @@ -15,7 +15,7 @@ module.exports = { { type: "html", defaultStyle: true, - value: versionCrumb(`30-02`), + value: versionCrumb(`30-03`), }, "compute/api/compute-api-reference-home", "compute/api/access-api-self-hosted", @@ -59,7 +59,18 @@ module.exports = { "compute/api/22-06/stable-endpoints", require("./api/22-06/sidebar"), ], - compute_30: [ + compute_3002: [ + { + type: "category", + label: "Prisma Cloud Compute Edition - 30.02", + collapsed: true, + items: [ + "compute/api/30-02/stable-endpoints", + require("./api/30-02/sidebar"), + ], + }, + ], + compute_3001: [ { type: "category", label: "Prisma Cloud Compute Edition - 30.01", @@ -70,8 +81,7 @@ module.exports = { ], }, ], - - compute_3001: [ + compute_30: [ { type: "category", label: "Prisma Cloud Compute Edition - 30.00", diff --git a/yarn.lock b/yarn.lock index 8358eac88..6a3106958 100644 --- a/yarn.lock +++ b/yarn.lock @@ -4881,10 +4881,10 @@ dns-packet@^5.2.2: dependencies: "@leichtgewicht/ip-codec" "^2.0.1" -docusaurus-plugin-openapi-docs@1.7.2, docusaurus-plugin-openapi-docs@^1.7.2: - version "1.7.2" - resolved "https://registry.npmjs.org/docusaurus-plugin-openapi-docs/-/docusaurus-plugin-openapi-docs-1.7.2.tgz#4075fca1c37524031a678198c83b942b8919da73" - integrity sha512-8j5TViTptHIvDYGC6aWqZr3hcjlvZHCgmEUrf9wqao/pxc2N0aYSjMU8eVRf8f+Ln/6qseO75u+JxN5uS+53zA== +docusaurus-plugin-openapi-docs@0.0.0-616: + version "0.0.0-616" + resolved "https://registry.npmjs.org/docusaurus-plugin-openapi-docs/-/docusaurus-plugin-openapi-docs-0.0.0-616.tgz#0136be06ef4abc721581791b5a6a98c5d0e0ff07" + integrity sha512-UZYHV80aGg6pfdYkWM+x5BdyL3bBli+j8JrKMUsJfkA6Q6NmvwKckkHJKxEg/g8aQ16v/ydGN5V59h205U82Tg== dependencies: "@apidevtools/json-schema-ref-parser" "^10.1.0" "@docusaurus/mdx-loader" ">=2.0.1 <2.3.0" @@ -4916,10 +4916,10 @@ docusaurus-plugin-sass@^0.2.2: dependencies: sass-loader "^10.1.1" -docusaurus-theme-openapi-docs@1.7.2: - version "1.7.2" - resolved "https://registry.npmjs.org/docusaurus-theme-openapi-docs/-/docusaurus-theme-openapi-docs-1.7.2.tgz#b7f64bc5758c1c1ffbeb69517265e3657abc869b" - integrity sha512-LMbIzI4myG5PsDTcmrqlQtO9p16np93/nmwpJltqAn5PGuB0axH5ZzSyG0TdZcTeI8qlvgccHztfibjDPRAdCQ== +docusaurus-theme-openapi-docs@0.0.0-616: + version "0.0.0-616" + resolved "https://registry.npmjs.org/docusaurus-theme-openapi-docs/-/docusaurus-theme-openapi-docs-0.0.0-616.tgz#aeb35b0fdf6dd1200d38f4c4ae28334abc5da314" + integrity sha512-WhF3KLFb5CBUXbCWTEQI1cYh4ICjjsrIKF9X+A0phT2+ucQ9HwnQXR9HSAjcJis05+EXEQn1jWIt9HRtM42RJg== dependencies: "@docusaurus/theme-common" ">=2.0.1 <2.3.0" "@mdx-js/react" "^1.6.21" @@ -4929,7 +4929,7 @@ docusaurus-theme-openapi-docs@1.7.2: buffer "^6.0.3" clsx "^1.1.1" crypto-js "^4.1.1" - docusaurus-plugin-openapi-docs "^1.7.2" + docusaurus-plugin-openapi-docs "0.0.0-616" file-saver "^2.0.5" immer "^9.0.7" lodash "^4.17.20"