From d00ddf0d64908a6ddc955e9f66f5ba062365a8f1 Mon Sep 17 00:00:00 2001 From: Rashid Ma Date: Wed, 16 Aug 2023 01:37:28 -0700 Subject: [PATCH] updated rql service --- openapi-specs/cspm/Search.json | 4665 +++++++++++++++++++------------- 1 file changed, 2730 insertions(+), 1935 deletions(-) diff --git a/openapi-specs/cspm/Search.json b/openapi-specs/cspm/Search.json index c5a35b175..5e0f0aa79 100644 --- a/openapi-specs/cspm/Search.json +++ b/openapi-specs/cspm/Search.json @@ -1,316 +1,1217 @@ { - "components": { - "requestBodies": { - "AuditEventSearchParamsModel": { - "content": { - "application/json; charset=UTF-8": { - "schema": { - "$ref": "#/components/schemas/AuditEventSearchParamsModel" + "openapi": "3.0.0", + "info": { + "description": "Prisma Cloud REST APIs for external use.", + "version": "1.0.0-oas3", + "title": "Prisma Cloud RQL APIs", + "contact": {}, + "license": { + "name": "Public" + } + }, + "tags": [ + { + "name": "Search", + "description": "Prisma Cloud REST APIs for external use." + } + ], + "paths": { + "/search": { + "post": { + "tags": [ + "Search" + ], + "summary": "Perform Network Search", + "description": "Perform a search against flow logs with an RQL query.", + "operationId": "search-network", + "requestBody": { + "$ref": "#/components/requestBodies/SearchModel" + }, + "responses": { + "200": { + "description": "success", + "content": { + "application/json; charset=UTF-8": { + "schema": { + "$ref": "#/components/schemas/SearchResponseModel" + } + } } + }, + "400": { + "description": "invalid_parameter_value" + }, + "404": { + "description": "not_found" + }, + "500": { + "description": "internal_error" } }, - "description": "Audit event search parameters model", - "required": true - }, - "ConfigRuleSearchParams": { - "content": { - "application/json; charset=UTF-8": { + "security": [ + { + "x-redlock-auth": [] + } + ], + "x-public": "true" + } + }, + "/search/alert": { + "get": { + "tags": [ + "Search" + ], + "summary": "Search Alerts by ID", + "description": "Returns search data that can be used to investigate the alert with the specified ID. ", + "operationId": "search-for-alert-by-id", + "parameters": [ + { + "name": "alertId", + "in": "query", + "description": "Alert ID", + "required": true, "schema": { - "$ref": "#/components/schemas/ConfigRuleSearchParams" + "type": "string" } } - }, - "description": "Config rule search parameters model", - "required": true - }, - "SearchModel": { - "content": { - "application/json; charset=UTF-8": { - "schema": { - "$ref": "#/components/schemas/SearchModel" + ], + "responses": { + "200": { + "description": "success", + "content": { + "application/json; charset=UTF-8": { + "schema": { + "$ref": "#/components/schemas/SearchResponseModelListObject" + } + } } + }, + "404": { + "description": "not_found" + }, + "500": { + "description": "internal_error" } }, - "description": "Search model", - "required": true - } - }, - "securitySchemes": { - "x-redlock-auth": { - "description": "The x-redlock-auth value is a JSON Web Token (JWT).", - "in": "header", - "name": "x-redlock-auth", - "type": "apiKey" + "security": [ + { + "x-redlock-auth": [] + } + ], + "x-public": "true" } }, - "schemas": { - "AbsoluteTimeRangeConfigModel": { - "allOf": [ - { - "$ref": "#/components/schemas/TimeRangeConfigModel" + "/search/api/v1/config": { + "post": { + "tags": [ + "Search" + ], + "summary": "Perform Config Search", + "description": "Returns the results of an RQL config query. With config queries, you can retrieve resource information, identify misconfigurations, gain operational insights, and uncover policy and compliance violations.", + "operationId": "search-config-by-query", + "requestBody": { + "content": { + "application/json; charset=UTF-8": { + "schema": { + "$ref": "#/components/schemas/ConfigSearchByQueryV1Request" + } + } }, - { - "description": "Model for AbsoluteTimeRangeConfig", - "properties": { - "type": { - "example": "absolute", - "type": "string" - }, - "value": { - "allOf": [ - { - "$ref": "#/components/schemas/TimeModel" - }, - { - "description": "Time range object" - } - ] + "description": "Config rule search by query request parameters model", + "required": true + }, + "responses": { + "200": { + "description": "success", + "content": { + "application/json; charset=UTF-8": { + "schema": { + "$ref": "#/components/schemas/ConfigSearchV1ResponseResourceMetaModel" + } } - }, - "required": [ - "value" - ], - "type": "object" - } - ] - }, - "AggregateAuditEvent": { - "properties": { - "anomalies": { - "format": "int32", - "type": "integer" + } }, - "bruteForceAnomalies": { - "format": "int32", - "type": "integer" + "400": { + "description": "conflict_saved_search" }, - "cityId": { - "format": "int32", - "type": "integer" + "404": { + "description": "not_found" }, - "cityName": { - "type": "string" + "500": { + "description": "internal_error" + } + }, + "security": [ + { + "x-redlock-auth": [] + } + ], + "x-public": "true" + } + }, + "/search/api/v1/config/download": { + "post": { + "tags": [ + "Search" + ], + "summary": "Download Config Search in CSV format", + "description": "Returns the results of an RQL Config query as a CSV. With Config queries, you can retrieve resource information, identify misconfigurations, gain operational insights, and uncover policy and compliance violations.", + "operationId": "search-config-as-csv", + "requestBody": { + "content": { + "application/json; charset=UTF-8": { + "schema": { + "$ref": "#/components/schemas/ConfigSearchByQueryWithDownloadV1Request" + } + } }, - "countryId": { - "format": "int32", - "type": "integer" + "description": "Config rule search by query with download request parameters model", + "required": true + }, + "responses": { + "200": { + "description": "success", + "content": { + "text/csv": { + "schema": { + "$ref": "#/components/schemas/CsvMessageModel" + } + } + } }, - "countryName": { - "type": "string" + "400": { + "description": "invalid_parameter_value" }, - "description": { - "type": "string" + "403": { + "description": "unauthorized_access" }, - "deviceFingerprintLoginAnomalies": { - "format": "int32", - "type": "integer" + "404": { + "description": "not_found" }, - "distinctUsers": { - "format": "int32", - "type": "integer" + "500": { + "description": "internal_error" + } + }, + "security": [ + { + "x-redlock-auth": [] + } + ], + "x-public": "true" + } + }, + "/search/api/v1/config/{id}": { + "post": { + "tags": [ + "Search" + ], + "summary": "Perform Config Search by Search Id", + "description": "Returns the results of an RQL config query. With config search Id, you can retrieve resource information, identify misconfigurations, gain operational insights, and uncover policy and compliance violations.", + "operationId": "search-config-by-search-id", + "parameters": [ + { + "name": "id", + "in": "path", + "description": "Search ID", + "required": true, + "schema": { + "type": "string" + } + } + ], + "requestBody": { + "content": { + "application/json; charset=UTF-8": { + "schema": { + "$ref": "#/components/schemas/ConfigSearchBySearchIdV1Request" + } + } }, - "events": { - "format": "int32", - "type": "integer" + "description": "Config rule search by search id request parameters model", + "required": true + }, + "responses": { + "200": { + "description": "success", + "content": { + "application/json; charset=UTF-8": { + "schema": { + "$ref": "#/components/schemas/ConfigSearchV1ResponseResourceMetaModel" + } + } + } }, - "geoAnomalies": { - "format": "int32", - "type": "integer" + "400": { + "description": "conflict_saved_search" }, - "geoAnomaliesByAccessKey": { - "format": "int32", - "type": "integer" - }, - "geoAnomaliesByUser": { - "format": "int32", - "type": "integer" - }, - "latitude": { - "format": "double", - "type": "number" - }, - "longitude": { - "format": "double", - "type": "number" - }, - "service": { - "type": "string" - }, - "serviceAnomalies": { - "format": "int32", - "type": "integer" - }, - "serviceAnomaliesByAccessKey": { - "format": "int32", - "type": "integer" - }, - "serviceAnomaliesByUser": { - "format": "int32", - "type": "integer" - }, - "serviceHighlighted": { - "type": "boolean" + "404": { + "description": "not_found" }, - "serviceNGeoAnomalies": { - "format": "int32", - "type": "integer" + "500": { + "description": "internal_error" + } + }, + "security": [ + { + "x-redlock-auth": [] + } + ], + "x-public": "true" + } + }, + "/search/config": { + "post": { + "tags": [ + "Search" + ], + "summary": "Perform Config Search", + "description": "Returns the results of an RQL config query. With config queries, you can retrieve resource information, identify misconfigurations, gain operational insights, and uncover policy and compliance violations.", + "operationId": "search-config", + "requestBody": { + "$ref": "#/components/requestBodies/ConfigRuleSearchParams" + }, + "responses": { + "200": { + "description": "success", + "content": { + "application/json; charset=UTF-8": { + "schema": { + "$ref": "#/components/schemas/SearchResponseModelPagedResultsResourceMetaModel" + } + } + } }, - "serviceNGeoAnomaliesByAccessKey": { - "format": "int32", - "type": "integer" + "400": { + "description": "conflict_saved_search" }, - "serviceNGeoAnomaliesByUser": { - "format": "int32", - "type": "integer" + "404": { + "description": "not_found" }, - "stateId": { - "format": "int32", - "type": "integer" + "500": { + "description": "internal_error" + } + }, + "security": [ + { + "x-redlock-auth": [] + } + ], + "x-public": "true" + } + }, + "/search/config/count": { + "post": { + "tags": [ + "Search" + ], + "summary": "Perform Config Search Count", + "description": "Returns the results count of an RQL config query. With config queries, you can retrieve resource information, identify misconfigurations, gain operational insights, and uncover policy and compliance violations.", + "operationId": "search-config-count", + "requestBody": { + "$ref": "#/components/requestBodies/ConfigRuleSearchParams" + }, + "responses": { + "200": { + "description": "success", + "content": { + "application/json; charset=UTF-8": { + "schema": { + "$ref": "#/components/schemas/SearchResponseModelPagedResultsResourceMetaModel" + } + } + } }, - "stateName": { - "type": "string" + "400": { + "description": "conflict_saved_search" }, - "timeTravelAnomalies": { - "format": "int32", - "type": "integer" + "404": { + "description": "not_found" }, - "timestamp": { - "format": "int64", - "type": "integer" + "500": { + "description": "internal_error" + } + }, + "security": [ + { + "x-redlock-auth": [] + } + ], + "x-public": "true" + } + }, + "/search/config/page": { + "post": { + "tags": [ + "Search" + ], + "summary": "Get The Next Config Search Page", + "description": "Returns the next page of search results, using a token provided from the previous page. Used for when there are over 100 search results for a given RQL query.", + "operationId": "search-config-page", + "requestBody": { + "content": { + "application/json; charset=UTF-8": { + "schema": { + "$ref": "#/components/schemas/ConfigRulePageParams" + } + } }, - "unusualLocations": { - "type": "string" + "description": "Config rule page parameters model", + "required": true + }, + "responses": { + "200": { + "description": "success", + "content": { + "application/json; charset=UTF-8": { + "schema": { + "$ref": "#/components/schemas/PagedResultsResourceMetaModel" + } + } + } }, - "user": { - "type": "string" + "500": { + "description": "internal_error" } }, - "type": "object" - }, - "AuditEvent": { - "properties": { - "accessKey": { - "type": "string" - }, - "accessKeyUsed": { - "type": "boolean" + "security": [ + { + "x-redlock-auth": [] + } + ], + "x-public": "true" + } + }, + "/search/event": { + "post": { + "tags": [ + "Search" + ], + "summary": "Perform Event Search", + "description": "Returns the results of an RQL audit event query. You can use event queries to detect and investigate console and API access, monitor privileged activities, and detect account compromise and unusual user behavior in your cloud environment.", + "operationId": "search-events", + "requestBody": { + "$ref": "#/components/requestBodies/AuditEventSearchParamsModel" + }, + "responses": { + "200": { + "description": "success", + "content": { + "application/json; charset=UTF-8": { + "schema": { + "$ref": "#/components/schemas/SearchResponseModelPagedResultsAuditEvent" + } + } + } }, - "account": { - "type": "string" + "400": { + "description": "conflict_saved_search" }, - "accountName": { - "type": "string" + "404": { + "description": "not_found" }, - "anomalyId": { - "type": "string" + "500": { + "description": "internal_error" + } + }, + "security": [ + { + "x-redlock-auth": [] + } + ], + "x-public": "true" + } + }, + "/search/event/aggregate": { + "post": { + "tags": [ + "Search" + ], + "summary": "Aggregated Event Search", + "description": "Returns the results of an RQL aggregated audit events query. This RQL query is similar to an RQL event query, but the data returned includes location and service data.", + "operationId": "search-events-aggregated", + "requestBody": { + "$ref": "#/components/requestBodies/AuditEventSearchParamsModel" + }, + "responses": { + "200": { + "description": "success", + "content": { + "application/json; charset=UTF-8": { + "schema": { + "$ref": "#/components/schemas/SearchResponseModelListAggregateAuditEvent" + } + } + } }, - "browser": { - "type": "string" + "400": { + "description": "internal_error" + } + }, + "security": [ + { + "x-redlock-auth": [] + } + ], + "x-public": "true" + } + }, + "/search/event/count": { + "post": { + "tags": [ + "Search" + ], + "summary": "Perform Event Search Count", + "description": "Returns the results count of an RQL audit event query. You can use event queries to detect and investigate console and API access, monitor privileged activities, and detect account compromise and unusual user behavior in your cloud environment.", + "operationId": "search-events-count", + "requestBody": { + "$ref": "#/components/requestBodies/AuditEventSearchParamsModel" + }, + "responses": { + "200": { + "description": "success", + "content": { + "application/json; charset=UTF-8": { + "schema": { + "$ref": "#/components/schemas/SearchResponseModelPagedResultsAuditEvent" + } + } + } }, - "cityId": { - "format": "int32", - "type": "integer" + "400": { + "description": "conflict_saved_search" }, - "cityLatitude": { - "format": "double", - "type": "number" + "404": { + "description": "not_found" }, - "cityLongitude": { - "format": "double", - "type": "number" + "500": { + "description": "internal_error" + } + }, + "security": [ + { + "x-redlock-auth": [] + } + ], + "x-public": "true" + } + }, + "/search/event/filtered": { + "post": { + "tags": [ + "Search" + ], + "summary": "Filter Event Search Results", + "description": "Filters the results of an event log search according to the specified parameters. You can use this call to refine the results of an aggregated search.", + "operationId": "search-events-filtered", + "requestBody": { + "$ref": "#/components/requestBodies/AuditEventSearchParamsModel" + }, + "responses": { + "200": { + "description": "success", + "content": { + "application/json; charset=UTF-8": { + "schema": { + "$ref": "#/components/schemas/SearchResponseModelPagedResultsAuditEvent" + } + } + } + }, + "400": { + "description": "internal_error" + } + }, + "security": [ + { + "x-redlock-auth": [] + } + ], + "x-public": "true" + } + }, + "/search/event/page": { + "post": { + "tags": [ + "Search" + ], + "summary": "Get The Next Event Search Page", + "description": "Returns the next page of search results, using a token provided from the previous page. Used for when there are over 100 search results for a given RQL query.", + "operationId": "search-events-page", + "requestBody": { + "content": { + "application/json; charset=UTF-8": { + "schema": { + "$ref": "#/components/schemas/AuditEventPageParams" + } + } + }, + "description": "Audit event page parameters model", + "required": true + }, + "responses": { + "200": { + "description": "success", + "content": { + "application/json; charset=UTF-8": { + "schema": { + "$ref": "#/components/schemas/PagedResultsAuditEvent" + } + } + } + }, + "500": { + "description": "internal_error" + } + }, + "security": [ + { + "x-redlock-auth": [] + } + ], + "x-public": "true" + } + }, + "/search/event/raw/{id}": { + "get": { + "tags": [ + "Search" + ], + "summary": "Get Raw Event Data", + "description": "Returns the audit event data for the specified ID as raw metadata.", + "operationId": "search-events-raw", + "parameters": [ + { + "name": "id", + "in": "path", + "description": "Audit Event ID", + "required": true, + "schema": { + "type": "integer", + "format": "int64" + } + } + ], + "responses": { + "200": { + "description": "success", + "content": { + "application/json; charset=UTF-8": { + "schema": { + "$ref": "#/components/schemas/AuditEvent" + } + } + } + }, + "404": { + "description": "not_found" + }, + "500": { + "description": "internal_error" + } + }, + "security": [ + { + "x-redlock-auth": [] + } + ], + "x-public": "true" + } + }, + "/search/json/{apiName}": { + "get": { + "tags": [ + "Search" + ], + "summary": "JSON Model Builder", + "description": "Returns the JSON object formatted for the UI for a given JSON model", + "operationId": "search-json", + "parameters": [ + { + "name": "apiName", + "in": "path", + "description": "JSONPREVIEWTEST", + "required": true, + "schema": { + "type": "string" + } + } + ], + "responses": { + "200": { + "description": "success", + "content": { + "*/*": { + "schema": { + "type": "string" + } + } + } + } + }, + "security": [ + { + "x-redlock-auth": [] + } + ], + "x-public": "true" + } + }, + "/search/network/count": { + "post": { + "tags": [ + "Search" + ], + "summary": "Perform Network Search and returns size of the network graph", + "description": "Perform a search against flow logs with an RQL query and returns the count of network graph vertices ", + "operationId": "search-network-count", + "requestBody": { + "$ref": "#/components/requestBodies/SearchModel" + }, + "responses": { + "200": { + "description": "success", + "content": { + "application/json; charset=UTF-8": { + "schema": { + "$ref": "#/components/schemas/SearchResponseModel" + } + } + } + }, + "400": { + "description": "invalid_parameter_value" + }, + "404": { + "description": "not_found" + }, + "500": { + "description": "internal_error" + } + }, + "security": [ + { + "x-redlock-auth": [] + } + ], + "x-public": "true" + } + }, + "/search/suggest": { + "post": { + "tags": [ + "Search" + ], + "summary": "Autocomplete Search", + "description": "Returns the possible options—including expressions, values, and operators—to append to a partial RQL query.", + "operationId": "search-suggest", + "requestBody": { + "$ref": "#/components/requestBodies/SearchModel" + }, + "responses": { + "200": { + "description": "success", + "content": { + "application/json; charset=UTF-8": { + "schema": { + "$ref": "#/components/schemas/AutocompleteInfo" + } + } + } + } + }, + "security": [ + { + "x-redlock-auth": [] + } + ], + "x-public": "true" + } + } + }, + "servers": [ + { + "url": "https://api.prismacloud.io" + }, + { + "url": "https://api2.prismacloud.io" + }, + { + "url": "https://api3.prismacloud.io" + }, + { + "url": "https://api4.prismacloud.io" + }, + { + "url": "https://api.anz.prismacloud.io" + }, + { + "url": "https://api.eu.prismacloud.io" + }, + { + "url": "https://api2.eu.prismacloud.io" + }, + { + "url": "https://api.gov.prismacloud.io" + }, + { + "url": "https://api.prismacloud.cn" + }, + { + "url": "https://api.ca.prismacloud.io" + }, + { + "url": "https://api.sg.prismacloud.io" + }, + { + "url": "https://api.uk.prismacloud.io" + }, + { + "url": "https://api.ind.prismacloud.io" + }, + { + "url": "https://api.jp.prismacloud.io" + }, + { + "url": "https://api.fr.prismacloud.io" + } + ], + "components": { + "requestBodies": { + "SearchModel": { + "content": { + "application/json; charset=UTF-8": { + "schema": { + "$ref": "#/components/schemas/SearchModel" + } + } + }, + "description": "Search model", + "required": true + }, + "ConfigRuleSearchParams": { + "content": { + "application/json; charset=UTF-8": { + "schema": { + "$ref": "#/components/schemas/ConfigRuleSearchParams" + } + } + }, + "description": "Config rule search parameters model", + "required": true + }, + "AuditEventSearchParamsModel": { + "content": { + "application/json; charset=UTF-8": { + "schema": { + "$ref": "#/components/schemas/AuditEventSearchParamsModel" + } + } + }, + "description": "Audit event search parameters model", + "required": true + } + }, + "securitySchemes": { + "x-redlock-auth": { + "description": "The x-redlock-auth value is a JSON Web Token (JWT).", + "in": "header", + "name": "x-redlock-auth", + "type": "apiKey" + } + }, + "schemas": { + "AbsoluteTimeRangeConfigModel": { + "allOf": [ + { + "$ref": "#/components/schemas/TimeRangeConfigModel" + }, + { + "type": "object", + "required": [ + "value" + ], + "properties": { + "value": { + "$ref": "#/components/schemas/TimeModel" + } + }, + "description": "Model for AbsoluteTimeRangeConfig" + } + ] + }, + "AggregateAuditEvent": { + "type": "object", + "properties": { + "service": { + "type": "string" + }, + "user": { + "type": "string" + }, + "cityId": { + "type": "integer", + "format": "int32" + }, + "cityName": { + "type": "string" + }, + "stateId": { + "type": "integer", + "format": "int32" + }, + "stateName": { + "type": "string" + }, + "countryId": { + "type": "integer", + "format": "int32" + }, + "countryName": { + "type": "string" + }, + "timestamp": { + "type": "integer", + "format": "int64" + }, + "latitude": { + "type": "number", + "format": "double" + }, + "longitude": { + "type": "number", + "format": "double" + }, + "events": { + "type": "integer", + "format": "int32" + }, + "anomalies": { + "type": "integer", + "format": "int32" + }, + "serviceAnomalies": { + "type": "integer", + "format": "int32" + }, + "geoAnomalies": { + "type": "integer", + "format": "int32" + }, + "serviceNGeoAnomalies": { + "type": "integer", + "format": "int32" + }, + "bruteForceAnomalies": { + "type": "integer", + "format": "int32" + }, + "timeTravelAnomalies": { + "type": "integer", + "format": "int32" + }, + "deviceFingerprintLoginAnomalies": { + "type": "integer", + "format": "int32" + }, + "serviceAnomaliesByUser": { + "type": "integer", + "format": "int32" + }, + "geoAnomaliesByUser": { + "type": "integer", + "format": "int32" + }, + "serviceNGeoAnomaliesByUser": { + "type": "integer", + "format": "int32" + }, + "serviceAnomaliesByAccessKey": { + "type": "integer", + "format": "int32" + }, + "geoAnomaliesByAccessKey": { + "type": "integer", + "format": "int32" + }, + "serviceNGeoAnomaliesByAccessKey": { + "type": "integer", + "format": "int32" + }, + "distinctUsers": { + "type": "integer", + "format": "int32" + }, + "unusualLocations": { + "type": "string" + }, + "description": { + "type": "string" + }, + "serviceHighlighted": { + "type": "boolean" + } + } + }, + "AsyncRQLRequestWrapper": { + "type": "object", + "properties": { + "jobId": { + "type": "string" + }, + "s3BucketDetails": { + "$ref": "#/components/schemas/S3BucketDetails" + }, + "configRuleSearchParams": { + "$ref": "#/components/schemas/ConfigRuleSearchParams" + }, + "userContextFilterInfo": { + "$ref": "#/components/schemas/UserContextFilterInfoV1" + } + } + }, + "AuditEvent": { + "type": "object", + "properties": { + "account": { + "type": "string" + }, + "regionId": { + "type": "integer", + "format": "int32" + }, + "regionApiIdentifier": { + "type": "string" + }, + "eventTs": { + "type": "integer", + "format": "int64" + }, + "ingestionTs": { + "type": "integer", + "format": "int64" + }, + "subject": { + "type": "string" + }, + "type": { + "type": "string", + "enum": [ + "UNKNOWN", + "CREATE", + "READ", + "UPDATE", + "DELETE", + "LOGIN", + "TEST", + "AUDITD" + ] + }, + "source": { + "type": "string" + }, + "name": { + "type": "string" + }, + "id": { + "type": "integer", + "format": "int64" + }, + "rawEvent": { + "type": "object" + }, + "objects": { + "type": "array", + "items": { + "$ref": "#/components/schemas/ResourceIdBean" + } + }, + "ip": { + "type": "string" + }, + "accessKey": { + "type": "string" + }, + "anomalyId": { + "type": "string" + }, + "accessKeyUsed": { + "type": "boolean" + }, + "subjectType": { + "type": "string", + "enum": [ + "AWS_OTHER", + "AZURE_OTHER", + "GCP_OTHER", + "AWS_IAM_USER", + "AWS_ROOT", + "AWS_ASSUMED_ROLE", + "AWS_ROLE", + "GCP_USER", + "GCP_SERVICE_ACCOUNT", + "AZURE_AD_USER", + "AZURE_APPLICATION", + "AWS_ACCOUNT", + "AWS_SERVICE", + "AWS_FEDERATED_USER", + "AWS_SAML_USER", + "AWS_WEB_IDENTITY_USER", + "AWS_DIRECTORY" + ] + }, + "role": { + "type": "string" + }, + "reasonIds": { + "type": "array", + "items": { + "type": "integer", + "format": "int32" + } + }, + "flaggedFeature": { + "type": "string" + }, + "cityId": { + "type": "integer", + "format": "int32" + }, + "cityName": { + "type": "string" + }, + "stateId": { + "type": "integer", + "format": "int32" + }, + "stateName": { + "type": "string" + }, + "countryId": { + "type": "integer", + "format": "int32" + }, + "countryName": { + "type": "string" + }, + "cityLatitude": { + "type": "number", + "format": "double" + }, + "cityLongitude": { + "type": "number", + "format": "double" + }, + "timezone": { + "type": "string" + }, + "success": { + "type": "boolean" }, - "cityName": { - "type": "string" + "internal": { + "type": "boolean" }, - "countryId": { - "format": "int32", - "type": "integer" + "userAgentOs": { + "$ref": "#/components/schemas/UserAgentOs" }, - "countryName": { - "type": "string" + "userAgentBrowser": { + "$ref": "#/components/schemas/UserAgentBrowser" }, "dynamicData": { + "type": "object", "additionalProperties": { "type": "object" - }, - "type": "object" - }, - "eventTs": { - "format": "int64", - "type": "integer" + } }, - "flaggedFeature": { + "location": { "type": "string" }, - "id": { - "format": "int64", - "type": "integer" + "browser": { + "type": "string" }, - "ingestionTs": { - "format": "int64", - "type": "integer" + "os": { + "type": "string" }, - "internal": { + "notPersisted": { "type": "boolean" }, - "ip": { + "accountName": { "type": "string" }, - "location": { + "regionName": { "type": "string" - }, - "name": { + } + } + }, + "AuditEventBean": { + "type": "object", + "properties": { + "account": { "type": "string" }, - "notPersisted": { - "type": "boolean" - }, - "objects": { - "items": { - "$ref": "#/components/schemas/ResourceIdBean" - }, - "type": "array" + "regionId": { + "type": "integer", + "format": "int32" }, - "os": { + "regionApiIdentifier": { "type": "string" }, - "rawEvent": { - "type": "object" + "eventTs": { + "type": "integer", + "format": "int64" }, - "reasonIds": { - "items": { - "format": "int32", - "type": "integer" - }, - "type": "array" + "ingestionTs": { + "type": "integer", + "format": "int64" }, - "regionApiIdentifier": { + "subject": { "type": "string" }, - "regionId": { - "format": "int32", - "type": "integer" + "type": { + "type": "string", + "enum": [ + "UNKNOWN", + "CREATE", + "READ", + "UPDATE", + "DELETE", + "LOGIN", + "TEST", + "AUDITD" + ] }, - "regionName": { + "source": { "type": "string" }, - "role": { + "name": { "type": "string" }, - "source": { + "id": { + "type": "integer", + "format": "int64" + }, + "rawEvent": { "type": "string" }, - "stateId": { - "format": "int32", - "type": "integer" + "objects": { + "type": "array", + "items": { + "$ref": "#/components/schemas/ResourceIdBean" + } }, - "stateName": { + "ip": { "type": "string" }, - "subject": { + "accessKey": { + "type": "string" + }, + "anomalyId": { "type": "string" }, + "accessKeyUsed": { + "type": "boolean" + }, "subjectType": { + "type": "string", "enum": [ "AWS_OTHER", "AZURE_OTHER", @@ -329,1067 +1230,1094 @@ "AWS_SAML_USER", "AWS_WEB_IDENTITY_USER", "AWS_DIRECTORY" - ], - "type": "string" - }, - "success": { - "type": "boolean" - }, - "timezone": { - "type": "string" - }, - "type": { - "enum": [ - "UNKNOWN", - "CREATE", - "READ", - "UPDATE", - "DELETE", - "LOGIN", - "TEST", - "AUDITD" - ], - "type": "string" - }, - "userAgentBrowser": { - "$ref": "#/components/schemas/UserAgentBrowser" - }, - "userAgentOs": { - "$ref": "#/components/schemas/UserAgentOs" - } - }, - "type": "object" - }, - "AuditEventPageParams": { - "properties": { - "limit": { - "description": "Results per Page", - "format": "int32", - "type": "integer" + ] }, - "pageToken": { - "description": "Page Token", - "type": "string" - } - }, - "type": "object" - }, - "AuditEventSearchParamsModel": { - "description": "Audit event search parameters model", - "properties": { - "alertId": { - "description": "Alert ID", + "role": { "type": "string" }, - "filters": { - "description": "Filters", - "items": { - "$ref": "#/components/schemas/UIFilterModel" - }, - "type": "array" - }, - "groupBy": { - "description": "Group By parameters", + "reasonIds": { + "type": "array", "items": { - "type": "string" - }, - "type": "array" + "type": "integer", + "format": "int32" + } }, - "id": { - "description": "Search ID", + "flaggedFeature": { "type": "string" }, - "limit": { - "description": "Limit", - "format": "int32", - "type": "integer" + "cityId": { + "type": "integer", + "format": "int32" }, - "query": { - "description": "RQL query", + "cityName": { "type": "string" }, - "sort": { - "description": "Sort Fields", - "items": { - "$ref": "#/components/schemas/SortAuditEventSortField" - }, - "type": "array" + "stateId": { + "type": "integer", + "format": "int32" }, - "timeRange": { - "$ref": "#/components/schemas/TimeRangeConfigModel" - } - }, - "type": "object" - }, - "AutocompleteInfo": { - "description": "Model for AutocompleteInfo", - "properties": { - "links": { - "description": "JSON query builder links", + "stateName": { "type": "string" }, - "needsOffsetUpdate": { - "description": "Needs offset update (for internal use)", - "type": "boolean" - }, - "offset": { - "description": "Offset within query", - "format": "int32", - "type": "integer" - }, - "suggestions": { - "description": "List of suggestions", - "items": { - "type": "string" - }, - "type": "array" - }, - "translate": { - "description": "Translate (for internal use)", - "type": "boolean" + "countryId": { + "type": "integer", + "format": "int32" }, - "valid": { - "description": "Query is valid", - "type": "boolean" - } - }, - "type": "object" - }, - "ConfigCsvJobResponseModel": { - "description": " Response Model for CreateConfigRuleSearchCsvDownloadJob", - "properties": { - "createdBy": { - "description": "Job creator", - "readOnly": true, + "countryName": { "type": "string" }, - "createdOn": { - "description": "Creation timestamp", - "format": "int64", - "readOnly": true, - "type": "integer" + "cityLatitude": { + "type": "number", + "format": "double" }, - "getdownloadUri": { - "description": "Status URI", - "readOnly": true, - "type": "string" + "cityLongitude": { + "type": "number", + "format": "double" }, - "id": { - "description": "Job ID", - "readOnly": true, + "timezone": { "type": "string" - } - }, - "type": "object" - }, - "ConfigRulePageParams": { - "properties": { - "limit": { - "description": "Results per Page", - "format": "int32", - "type": "integer" }, - "pageToken": { - "description": "Page Token", - "type": "string" + "success": { + "type": "boolean" }, - "withResourceJson": { + "internal": { "type": "boolean" - } - }, - "type": "object" - }, - "ConfigRuleSearchParams": { - "properties": { - "id": { - "description": "Search ID", - "type": "string" }, - "limit": { - "description": "Results per page. Does not apply to asynchronous search jobs.", - "format": "int32", - "type": "integer" + "userAgentOs": { + "$ref": "#/components/schemas/UserAgentOs" }, - "query": { - "description": "RQL query", - "type": "string" + "userAgentBrowser": { + "$ref": "#/components/schemas/UserAgentBrowser" }, - "searchDescription": { - "description": "Search description. For asynchronouse search jobs only.", - "type": "string" + "dynamicData": { + "type": "object", + "additionalProperties": { + "type": "object" + } }, - "searchName": { - "description": "Search name. For asynchronouse search jobs only.", + "location": { "type": "string" }, - "sort": { - "description": "Sort field data", - "items": { - "$ref": "#/components/schemas/SortConfigRuleSortField" - }, - "type": "array" + "browser": { + "type": "string" }, - "timeRange": { - "allOf": [ - { - "$ref": "#/components/schemas/TimeRangeConfigModel" - }, - { - "description": "Time range" - } - ] + "os": { + "type": "string" }, - "withResourceJson": { - "description": "true = include resource JSON. Default is true.", + "notPersisted": { "type": "boolean" } - }, - "type": "object" + } }, - "PagedResultsAuditEvent": { + "AuditEventPageParams": { + "type": "object", "properties": { - "dynamicColumns": { + "limit": { + "type": "integer", + "format": "int32", + "description": "Results per Page" + }, + "pageToken": { + "type": "string", + "description": "Page Token" + } + } + }, + "AuditEventSearchParamsModel": { + "type": "object", + "properties": { + "timeRange": { + "$ref": "#/components/schemas/TimeRangeConfigModel" + }, + "groupBy": { + "type": "array", + "description": "Group By parameters", "items": { "type": "string" - }, + } + }, + "filters": { "type": "array", - "uniqueItems": true + "description": "Filters", + "items": { + "$ref": "#/components/schemas/UIFilterModel" + } }, - "infoMsg": { - "type": "string" + "alertId": { + "type": "string", + "description": "Alert ID" }, - "items": { + "sort": { + "type": "array", + "description": "Sort Fields", "items": { - "$ref": "#/components/schemas/AuditEvent" - }, - "type": "array" + "$ref": "#/components/schemas/SortAuditEventSortField" + } }, - "nextPageToken": { - "type": "string" + "limit": { + "type": "integer", + "format": "int32", + "description": "Limit" }, - "sortAllowedColumns": { - "items": { - "type": "string" - }, - "type": "array", - "uniqueItems": true + "id": { + "type": "string", + "description": "Search ID" }, - "totalRows": { - "format": "int64", - "type": "integer" + "query": { + "type": "string", + "description": "RQL query" } }, - "type": "object" + "description": "Audit event search parameters model" }, - "PagedResultsResourceMetaModel": { + "AutocompleteInfo": { + "type": "object", "properties": { - "dynamicColumns": { - "items": { - "type": "string" - }, - "type": "array", - "uniqueItems": true + "valid": { + "type": "boolean", + "description": "Query is valid" }, - "infoMsg": { - "type": "string" + "offset": { + "type": "integer", + "format": "int32", + "description": "Offset within query" }, - "items": { + "suggestions": { + "type": "array", + "description": "List of suggestions", "items": { - "$ref": "#/components/schemas/ResourceMetaModel" - }, - "type": "array" + "type": "string" + } }, - "nextPageToken": { - "type": "string" + "translate": { + "type": "boolean", + "description": "Translate (for internal use)" }, - "sortAllowedColumns": { - "items": { - "type": "string" - }, - "type": "array", - "uniqueItems": true + "needsOffsetUpdate": { + "type": "boolean", + "description": "Needs offset update (for internal use)" }, - "totalRows": { - "format": "int64", - "type": "integer" + "links": { + "type": "string", + "description": "JSON query builder links" } }, - "type": "object" + "description": "Model for AutocompleteInfo" }, - "RRNModel": { - "description": "Model for RRN", + "CloudAccountMetaVO": { + "type": "object", "properties": { "accountId": { - "description": "Account ID", - "readOnly": true, "type": "string" }, - "cloudType": { - "description": "Cloud type", - "enum": [ - "ALL", - "AWS", - "AZURE", - "GCP", - "ALIBABA_CLOUD", - "OCI", - "IBM" - ], - "readOnly": true, + "accountName": { "type": "string" }, - "idmapId": { - "description": "Hashed generated ID", - "readOnly": true, - "type": "string" + "enabled": { + "type": "boolean" }, - "regionId": { - "description": "Region ID", - "readOnly": true, + "cloudType": { "type": "string" }, - "resourceId": { - "description": "Resource ID", - "readOnly": true, - "type": "string" + "groupIds": { + "type": "array", + "uniqueItems": true, + "items": { + "type": "string" + } }, - "resourceType": { - "description": "Resource type", - "readOnly": true, - "type": "string" + "groupNames": { + "type": "array", + "uniqueItems": true, + "items": { + "type": "string" + } } - }, - "type": "object" + } }, - "RelativeTimeDurationModel": { - "description": "Model for RelativeTimeDuration", + "ConfigCsvJobResponseModel": { + "type": "object", "properties": { - "amount": { - "description": "Number of time units", - "format": "int32", - "type": "integer" + "id": { + "type": "string", + "description": "Job ID", + "readOnly": true }, - "unit": { - "description": "Time unit", - "enum": [ - "minute", - "hour", - "day", - "week", - "month", - "year" - ], - "type": "string" + "createdBy": { + "type": "string", + "description": "Job creator", + "readOnly": true + }, + "createdOn": { + "type": "integer", + "format": "int64", + "description": "Creation timestamp", + "readOnly": true + }, + "getdownloadUri": { + "type": "string", + "description": "Status URI", + "readOnly": true } }, - "type": "object" + "description": " Response Model for CreateConfigRuleSearchCsvDownloadJob" }, - "RelativeTimeRangeConfigModel": { - "allOf": [ - { - "$ref": "#/components/schemas/TimeRangeConfigModel" + "ConfigRulePageParams": { + "type": "object", + "properties": { + "limit": { + "type": "integer", + "format": "int32", + "description": "Results per Page" }, - { - "description": "Model for RelativeTimeRangeConfig", - "properties": { - "relativeTimeType": { - "description": "Direction in which to count time. Default = BACKWARD", - "enum": [ - "BACKWARD", - "FORWARD" - ], - "type": "string" - }, - "type": { - "example": "relative", - "type": "string" - }, - "value": { - "allOf": [ - { - "$ref": "#/components/schemas/RelativeTimeDurationModel" - }, - { - "description": "Time range object" - } - ] - } - }, - "required": [ - "value" - ], - "type": "object" + "withResourceJson": { + "type": "boolean" + }, + "pageToken": { + "type": "string", + "description": "Page Token" } - ] + } }, - "ResourceIdBean": { - "description": "Model for Resource ID Bean", + "ConfigRuleSearchParams": { + "type": "object", "properties": { - "account": { - "description": "Account", - "readOnly": true, - "type": "string" + "searchName": { + "type": "string", + "description": "Search name. For asynchronouse search jobs only." }, - "apiName": { - "description": "Resource API name", - "readOnly": true, - "type": "string" + "searchDescription": { + "type": "string", + "description": "Search description. For asynchronouse search jobs only." }, - "cloudType": { - "description": "Cloud type", - "enum": [ - "ALL", - "AWS", - "AZURE", - "GCP", - "ALIBABA_CLOUD", - "OCI", - "IBM" - ], - "readOnly": true, - "type": "string" + "withResourceJson": { + "type": "boolean", + "description": "true = include resource JSON. Default is true." }, - "insert_ts": { - "description": "Insertion timestamp", - "format": "int64", - "readOnly": true, - "type": "integer" + "timeRange": { + "$ref": "#/components/schemas/TimeRangeConfigModel" }, - "region": { - "description": "Region", - "readOnly": true, - "type": "string" + "sort": { + "type": "array", + "description": "Sort field data", + "items": { + "$ref": "#/components/schemas/SortConfigRuleSortField" + } }, - "resource": { - "description": "Resource", - "readOnly": true, - "type": "string" + "limit": { + "type": "integer", + "format": "int32", + "description": "Results per page. Does not apply to asynchronous search jobs." }, - "resourceApiId": { - "description": "Resource API ID", + "id": { + "type": "string", + "description": "Search ID" + }, + "query": { + "type": "string", + "description": "RQL query" + } + } + }, + "ConfigSearchByQueryV1Request": { + "type": "object", + "required": [ + "query" + ], + "properties": { + "skipSearchCreation": { + "type": "boolean", + "description": "Skip Search Creation", + "readOnly": true + }, + "limit": { + "type": "integer", "format": "int32", - "type": "integer" + "description": "Results per page" }, - "type": { - "description": "Resource type", - "readOnly": true, - "type": "string" + "withResourceJson": { + "type": "boolean", + "description": "true = include resource JSON. Default is false." }, - "vpc": { - "description": "VCP", - "readOnly": true, - "type": "string" + "timeRange": { + "$ref": "#/components/schemas/TimeRangeConfigModel" + }, + "sort": { + "type": "array", + "description": "Sort field data", + "items": { + "$ref": "#/components/schemas/SortConfigRuleSortField" + } + }, + "query": { + "type": "string", + "description": "RQL query" + }, + "nextPageToken": { + "type": "string", + "description": "Page Token" } - }, - "type": "object" + } }, - "ResourceMetaModel": { - "description": "Model containing resource metadata", + "ConfigSearchByQueryWithDownloadV1Request": { + "type": "object", + "required": [ + "query" + ], "properties": { - "accountGroupName": { - "description": "Account group name", - "type": "string" + "timeRange": { + "$ref": "#/components/schemas/TimeRangeConfigModel" }, - "accountId": { - "description": "Account ID", - "type": "string" + "sort": { + "type": "array", + "description": "Sort field data", + "items": { + "$ref": "#/components/schemas/SortConfigRuleSortField" + } }, - "accountName": { - "description": "Account name", - "type": "string" + "query": { + "type": "string", + "description": "RQL query" + } + } + }, + "ConfigSearchBySearchIdV1Request": { + "type": "object", + "properties": { + "limit": { + "type": "integer", + "format": "int32", + "description": "Results per page" }, - "allowDrillDown": { - "description": "allowDrillDown", - "type": "boolean" + "withResourceJson": { + "type": "boolean", + "description": "true = include resource JSON. Default is false." }, - "assetId": { - "description": "Asset ID", - "type": "string" + "timeRange": { + "$ref": "#/components/schemas/TimeRangeConfigModel" }, - "cloudType": { - "description": "Cloud Type", - "enum": [ - "ALL", - "AWS", - "AZURE", - "GCP", - "ALIBABA_CLOUD", - "OCI", - "IBM" - ], - "type": "string" + "sort": { + "type": "array", + "description": "Sort field data", + "items": { + "$ref": "#/components/schemas/SortConfigRuleSortField" + } }, - "createdTs": { - "description": "Creation timestamp", + "nextPageToken": { + "type": "string", + "description": "Page Token" + } + } + }, + "ConfigSearchV1Response": { + "type": "object", + "properties": { + "totalRows": { + "type": "integer", "format": "int64", - "type": "integer" - }, - "data": { - "description": "Raw JSON data for the resource", - "type": "object" - }, - "deleted": { - "description": "Deleted", - "type": "boolean" + "description": "The total number of matching resources" }, - "dynamicData": { - "additionalProperties": { + "items": { + "type": "array", + "description": "List of matching resources", + "items": { "type": "object" - }, - "description": "Dynamic data", - "type": "object" + } }, - "hasExtFindingRiskFactors": { - "description": "Has risk factors", - "type": "boolean" + "dynamicColumns": { + "type": "array", + "description": "Set of names of custom resource attributes", + "uniqueItems": true, + "items": { + "type": "string" + } }, - "hasExternalFinding": { - "description": "Has external finding", - "type": "boolean" + "nextPageToken": { + "type": "string", + "description": "Encoded page token to continue pagination" }, - "hasExternalIntegration": { - "description": "Has external integration", - "type": "boolean" + "infoMsg": { + "type": "string" }, - "hasNetwork": { - "description": "Has network", - "type": "boolean" + "sortAllowedColumns": { + "type": "array", + "uniqueItems": true, + "items": { + "type": "string" + } }, "id": { - "description": "ID", - "type": "string" - }, - "insertTs": { - "description": "Insertion timestamp", + "type": "string", + "description": "Search id" + } + } + }, + "ConfigSearchV1ResponseResourceMetaModel": { + "type": "object", + "properties": { + "totalRows": { + "type": "integer", "format": "int64", - "type": "integer" + "description": "The total number of matching resources" }, - "name": { - "description": "Name", - "type": "string" + "items": { + "type": "array", + "description": "List of matching resources", + "items": { + "$ref": "#/components/schemas/ResourceMetaModel" + } }, - "regionId": { - "description": "Region ID", - "type": "string" + "dynamicColumns": { + "type": "array", + "description": "Set of names of custom resource attributes", + "uniqueItems": true, + "items": { + "type": "string" + } }, - "regionName": { - "description": "Region name", + "nextPageToken": { + "type": "string", + "description": "Encoded page token to continue pagination" + }, + "infoMsg": { "type": "string" }, - "resourceConfigJsonAvailable": { - "description": "allowDrillDown", - "type": "boolean" + "sortAllowedColumns": { + "type": "array", + "uniqueItems": true, + "items": { + "type": "string" + } }, - "resourceType": { - "description": "Resource type", - "type": "string" + "id": { + "type": "string", + "description": "Search id" + } + } + }, + "CsvMessageModel": { + "type": "object", + "properties": { + "headerComments": { + "type": "array", + "description": "List of header comments", + "items": { + "type": "string" + } }, - "riskGrade": { - "description": "Risk grade", - "type": "string" + "headers": { + "type": "array", + "description": "List of headers", + "items": { + "type": "string" + } }, - "rrn": { - "allOf": [ - { - "$ref": "#/components/schemas/RRNModel" - }, - { - "description": "RRN" + "rows": { + "type": "array", + "description": "List of rows", + "items": { + "type": "array", + "items": { + "type": "string" + } + } + } + }, + "description": "Model for CsvMessage" + }, + "FromNowTimeRangeConfigModel": { + "allOf": [ + { + "$ref": "#/components/schemas/TimeRangeConfigModel" + }, + { + "type": "object", + "properties": { + "value": { + "type": "string", + "description": "Time range object", + "enum": [ + "MINUTE", + "HOUR", + "DAY", + "WEEK", + "MONTH", + "YEAR", + "EPOCH", + "LOGIN" + ] } + }, + "description": "Model for FromNowTimeRangeConfig" + } + ] + }, + "JsonNode": { + "type": "object", + "properties": { + "nodeType": { + "type": "string", + "enum": [ + "ARRAY", + "BINARY", + "BOOLEAN", + "MISSING", + "NULL", + "NUMBER", + "OBJECT", + "POJO", + "STRING" ] }, - "service": { - "description": "Service", - "type": "string" + "array": { + "type": "boolean" }, - "stateId": { - "description": "State ID", - "type": "string" + "null": { + "type": "boolean" }, - "tags": { - "additionalProperties": { - "type": "string" - }, - "description": "Tags", - "type": "object" + "short": { + "type": "boolean" }, - "url": { - "description": "URL", - "type": "string" + "float": { + "type": "boolean" }, - "vpcId": { - "description": "Virtual private cloud ID", - "type": "string" + "int": { + "type": "boolean" }, - "vpcName": { - "description": "Virtual private cloud name", - "type": "string" - } - }, - "type": "object" - }, - "SearchModel": { - "properties": { - "alertId": { - "description": "Alert ID", - "readOnly": true, - "type": "string" + "object": { + "type": "boolean" }, - "async": { - "description": "true = Is Async", - "readOnly": true, + "double": { "type": "boolean" }, - "asyncResultUrl": { - "description": "Async Result Url", - "example": "/search/config/jobs/2df49d4f72e842b582b123bc2b7826b3/download", - "readOnly": true, - "type": "string" + "pojo": { + "type": "boolean" }, - "cloudType": { - "description": "Cloud Type", - "enum": [ - "aws", - "azure", - "gcp", - "alibaba_cloud", - "oci" - ], - "type": "string" + "long": { + "type": "boolean" }, - "cursor": { - "description": "Cursor", - "format": "int32", - "readOnly": true, - "type": "integer" + "textual": { + "type": "boolean" }, - "default": { + "binary": { "type": "boolean" }, - "description": { - "description": "Search Description", - "type": "string" + "number": { + "type": "boolean" }, - "filters": { - "description": "View Order", - "items": { - "$ref": "#/components/schemas/UIFilterModel" - }, - "readOnly": true, - "type": "array" + "boolean": { + "type": "boolean" }, - "groupBy": { - "description": "Group By", - "items": { - "type": "string" - }, - "readOnly": true, - "type": "array" + "valueNode": { + "type": "boolean" }, - "id": { - "description": "Search ID", - "type": "string" + "containerNode": { + "type": "boolean" }, - "name": { - "description": "Search Name", - "type": "string" + "missingNode": { + "type": "boolean" }, - "query": { - "description": "RQL Query", - "type": "string" + "integralNumber": { + "type": "boolean" }, - "saved": { - "description": "Search Exists", + "floatingPointNumber": { "type": "boolean" }, - "searchType": { - "description": "Search Type", - "enum": [ - "network", - "audit_event", - "config", - "asset" - ], - "readOnly": true, + "bigDecimal": { + "type": "boolean" + }, + "bigInteger": { + "type": "boolean" + } + } + }, + "PagedResults": { + "type": "object", + "properties": { + "totalRows": { + "type": "integer", + "format": "int64" + }, + "items": { + "type": "array", + "items": { + "type": "object" + } + }, + "dynamicColumns": { + "type": "array", + "uniqueItems": true, + "items": { + "type": "string" + } + }, + "nextPageToken": { "type": "string" }, - "timeGranularity": { - "description": "Time Granularity", - "readOnly": true, + "infoMsg": { "type": "string" }, - "timeRange": { - "allOf": [ - { - "$ref": "#/components/schemas/TimeRangeConfigModel" - }, - { - "description": "Time Range" - } - ] + "sortAllowedColumns": { + "type": "array", + "uniqueItems": true, + "items": { + "type": "string" + } } - }, - "required": [ - "query", - "timeRange" - ], - "type": "object" + } }, - "SearchResponseModel": { + "PagedResultsAuditEvent": { + "type": "object", "properties": { - "alertId": { - "description": "Alert ID", - "readOnly": true, - "type": "string" + "totalRows": { + "type": "integer", + "format": "int64" }, - "async": { - "description": "true = Is Async", - "readOnly": true, - "type": "boolean" + "items": { + "type": "array", + "items": { + "$ref": "#/components/schemas/AuditEvent" + } }, - "asyncResultUrl": { - "description": "Async Result Url", - "example": "/search/config/jobs/2df49d4f72e842b582b123bc2b7826b3/download", - "readOnly": true, + "dynamicColumns": { + "type": "array", + "uniqueItems": true, + "items": { + "type": "string" + } + }, + "nextPageToken": { "type": "string" }, - "cloudType": { - "description": "Cloud Type", - "enum": [ - "aws", - "azure", - "gcp", - "alibaba_cloud", - "oci" - ], + "infoMsg": { "type": "string" }, - "cursor": { - "description": "Cursor", - "format": "int32", - "readOnly": true, - "type": "integer" + "sortAllowedColumns": { + "type": "array", + "uniqueItems": true, + "items": { + "type": "string" + } + } + } + }, + "PagedResultsResourceMetaModel": { + "type": "object", + "properties": { + "totalRows": { + "type": "integer", + "format": "int64" }, - "data": { - "type": "object" + "items": { + "type": "array", + "items": { + "$ref": "#/components/schemas/ResourceMetaModel" + } }, - "default": { - "type": "boolean" + "dynamicColumns": { + "type": "array", + "uniqueItems": true, + "items": { + "type": "string" + } }, - "description": { - "description": "Search Description", + "nextPageToken": { "type": "string" }, - "filters": { - "description": "View Order", - "items": { - "$ref": "#/components/schemas/UIFilterModel" - }, - "readOnly": true, - "type": "array" + "infoMsg": { + "type": "string" }, - "groupBy": { - "description": "Group By", + "sortAllowedColumns": { + "type": "array", + "uniqueItems": true, "items": { "type": "string" - }, + } + } + } + }, + "RRNModel": { + "type": "object", + "properties": { + "cloudType": { + "type": "string", + "description": "Cloud type", "readOnly": true, - "type": "array" + "enum": [ + "ALL", + "AWS", + "AZURE", + "GCP", + "ALIBABA_CLOUD", + "OCI", + "OTHER", + "IBM" + ] }, - "id": { - "description": "Search ID", - "type": "string" + "resourceType": { + "type": "string", + "description": "Resource type", + "readOnly": true }, - "name": { - "description": "Search Name", - "type": "string" + "regionId": { + "type": "string", + "description": "Region ID", + "readOnly": true }, - "query": { - "description": "RQL Query", - "type": "string" + "accountId": { + "type": "string", + "description": "Account ID", + "readOnly": true }, - "saved": { - "description": "Search Exists", - "type": "boolean" + "idmapId": { + "type": "string", + "description": "Hashed generated ID", + "readOnly": true }, - "searchType": { - "description": "Search Type", + "resourceId": { + "type": "string", + "description": "Resource ID", + "readOnly": true + } + }, + "description": "Model for RRN" + }, + "RelativeTimeDurationModel": { + "type": "object", + "properties": { + "unit": { + "type": "string", + "description": "Time unit", "enum": [ - "network", - "audit_event", - "config", - "asset" + "minute", + "hour", + "day", + "week", + "month", + "year" + ] + }, + "amount": { + "type": "integer", + "format": "int32", + "description": "Number of time units" + } + }, + "description": "Model for RelativeTimeDuration" + }, + "RelativeTimeRangeConfigModel": { + "allOf": [ + { + "$ref": "#/components/schemas/TimeRangeConfigModel" + }, + { + "type": "object", + "required": [ + "value" ], - "readOnly": true, - "type": "string" + "properties": { + "value": { + "$ref": "#/components/schemas/RelativeTimeDurationModel" + }, + "relativeTimeType": { + "type": "string", + "description": "Direction in which to count time. Default = BACKWARD", + "enum": [ + "BACKWARD", + "FORWARD" + ] + } + }, + "description": "Model for RelativeTimeRangeConfig" + } + ] + }, + "ResourceIdBean": { + "type": "object", + "properties": { + "account": { + "type": "string", + "description": "Account", + "readOnly": true + }, + "region": { + "type": "string", + "description": "Region", + "readOnly": true + }, + "vpc": { + "type": "string", + "description": "VCP", + "readOnly": true + }, + "resource": { + "type": "string", + "description": "Resource", + "readOnly": true + }, + "type": { + "type": "string", + "description": "Resource type", + "readOnly": true }, - "timeGranularity": { - "description": "Time Granularity", - "readOnly": true, - "type": "string" + "insert_ts": { + "type": "integer", + "format": "int64", + "description": "Insertion timestamp", + "readOnly": true }, - "timeRange": { - "allOf": [ - { - "$ref": "#/components/schemas/TimeRangeConfigModel" - }, - { - "description": "Time Range" - } + "cloudType": { + "type": "string", + "description": "Cloud type", + "readOnly": true, + "enum": [ + "ALL", + "AWS", + "AZURE", + "GCP", + "ALIBABA_CLOUD", + "OCI", + "OTHER", + "IBM" ] + }, + "apiName": { + "type": "string", + "description": "Resource API name", + "readOnly": true + }, + "resourceApiId": { + "type": "integer", + "format": "int32", + "description": "Resource API ID" } }, + "description": "Model for Resource ID Bean" + }, + "ResourceListVO": { + "type": "object", "required": [ - "query", - "timeRange" + "resourceListType" ], - "type": "object" - }, - "SearchResponseModelListAggregateAuditEvent": { "properties": { - "alertId": { - "description": "Alert ID", - "readOnly": true, + "id": { "type": "string" }, - "async": { - "description": "true = Is Async", - "readOnly": true, - "type": "boolean" - }, - "asyncResultUrl": { - "description": "Async Result Url", - "example": "/search/config/jobs/2df49d4f72e842b582b123bc2b7826b3/download", - "readOnly": true, + "name": { "type": "string" }, - "cloudType": { - "description": "Cloud Type", + "resourceListType": { + "type": "string", "enum": [ - "aws", - "azure", - "gcp", - "alibaba_cloud", - "oci" - ], - "type": "string" + "TAG", + "RESOURCE_ID", + "STRING", + "IP_ADDRESS", + "NUMBER", + "RESOURCE_GROUP", + "COMPUTE_ACCESS_GROUP" + ] }, - "cursor": { - "description": "Cursor", - "format": "int32", - "readOnly": true, - "type": "integer" + "description": { + "type": "string" }, - "data": { - "items": { - "$ref": "#/components/schemas/AggregateAuditEvent" - }, - "type": "array" + "lastModifiedBy": { + "type": "string" }, - "default": { - "type": "boolean" + "lastModifiedTs": { + "type": "integer", + "format": "int64" }, - "description": { - "description": "Search Description", - "type": "string" + "members": { + "$ref": "#/components/schemas/JsonNode" + } + } + }, + "ResourceMetaModel": { + "type": "object", + "properties": { + "rrn": { + "$ref": "#/components/schemas/RRNModel" }, - "filters": { - "description": "View Order", - "items": { - "$ref": "#/components/schemas/UIFilterModel" - }, - "readOnly": true, - "type": "array" + "stateId": { + "type": "string", + "description": "State ID" }, - "groupBy": { - "description": "Group By", - "items": { - "type": "string" - }, - "readOnly": true, - "type": "array" + "assetId": { + "type": "string", + "description": "Asset ID" }, "id": { - "description": "Search ID", - "type": "string" + "type": "string", + "description": "ID" }, "name": { - "description": "Search Name", - "type": "string" + "type": "string", + "description": "Name" }, - "query": { - "description": "RQL Query", - "type": "string" + "url": { + "type": "string", + "description": "URL" }, - "saved": { - "description": "Search Exists", - "type": "boolean" + "accountId": { + "type": "string", + "description": "Account ID" }, - "searchType": { - "description": "Search Type", - "enum": [ - "network", - "audit_event", - "config", - "asset" - ], - "readOnly": true, - "type": "string" + "accountName": { + "type": "string", + "description": "Account name" }, - "timeGranularity": { - "description": "Time Granularity", - "readOnly": true, - "type": "string" + "accountGroupName": { + "type": "string", + "description": "Account group name" }, - "timeRange": { - "allOf": [ - { - "$ref": "#/components/schemas/TimeRangeConfigModel" - }, - { - "description": "Time Range" - } + "cloudType": { + "type": "string", + "description": "Cloud Type", + "enum": [ + "ALL", + "AWS", + "AZURE", + "GCP", + "ALIBABA_CLOUD", + "OCI", + "OTHER", + "IBM" ] - } - }, - "required": [ - "query", - "timeRange" - ], - "type": "object" - }, - "SearchResponseModelListObject": { - "properties": { - "alertId": { - "description": "Alert ID", - "readOnly": true, - "type": "string" }, - "async": { - "description": "true = Is Async", - "readOnly": true, - "type": "boolean" + "regionId": { + "type": "string", + "description": "Region ID" }, - "asyncResultUrl": { - "description": "Async Result Url", - "example": "/search/config/jobs/2df49d4f72e842b582b123bc2b7826b3/download", - "readOnly": true, - "type": "string" + "regionName": { + "type": "string", + "description": "Region name" }, - "cloudType": { - "description": "Cloud Type", - "enum": [ - "aws", - "azure", - "gcp", - "alibaba_cloud", - "oci" - ], - "type": "string" + "service": { + "type": "string", + "description": "Service" }, - "cursor": { - "description": "Cursor", - "format": "int32", - "readOnly": true, - "type": "integer" + "resourceType": { + "type": "string", + "description": "Resource type" }, - "data": { - "items": { - "type": "object" - }, - "type": "array" + "insertTs": { + "type": "integer", + "format": "int64", + "description": "Insertion timestamp" }, - "default": { - "type": "boolean" + "createdTs": { + "type": "integer", + "format": "int64", + "description": "Creation timestamp" }, - "description": { - "description": "Search Description", - "type": "string" + "deleted": { + "type": "boolean", + "description": "Deleted" }, - "filters": { - "description": "View Order", - "items": { - "$ref": "#/components/schemas/UIFilterModel" - }, - "readOnly": true, - "type": "array" + "vpcId": { + "type": "string", + "description": "Virtual private cloud ID" }, - "groupBy": { - "description": "Group By", - "items": { + "vpcName": { + "type": "string", + "description": "Virtual private cloud name" + }, + "tags": { + "type": "object", + "description": "Tags", + "additionalProperties": { "type": "string" - }, - "readOnly": true, - "type": "array" + } }, - "id": { - "description": "Search ID", - "type": "string" + "riskGrade": { + "type": "string", + "description": "Risk grade" }, - "name": { - "description": "Search Name", - "type": "string" + "data": { + "type": "object", + "description": "Raw JSON data for the resource" }, - "query": { - "description": "RQL Query", - "type": "string" + "dynamicData": { + "type": "object", + "description": "Dynamic data", + "additionalProperties": { + "type": "object" + } }, - "saved": { - "description": "Search Exists", - "type": "boolean" + "hasNetwork": { + "type": "boolean", + "description": "Has network" }, - "searchType": { - "description": "Search Type", - "enum": [ - "network", - "audit_event", - "config", - "asset" - ], - "readOnly": true, - "type": "string" + "hasExternalFinding": { + "type": "boolean", + "description": "Has external finding" }, - "timeGranularity": { - "description": "Time Granularity", - "readOnly": true, - "type": "string" + "hasExternalIntegration": { + "type": "boolean", + "description": "Has external integration" }, - "timeRange": { - "allOf": [ - { - "$ref": "#/components/schemas/TimeRangeConfigModel" - }, - { - "description": "Time Range" - } - ] + "allowDrillDown": { + "type": "boolean", + "description": "allowDrillDown" + }, + "hasExtFindingRiskFactors": { + "type": "boolean", + "description": "Has risk factors" + }, + "resourceConfigJsonAvailable": { + "type": "boolean", + "description": "allowDrillDown" } }, + "description": "Model containing resource metadata" + }, + "S3BucketDetails": { + "type": "object", + "properties": { + "objectKey": { + "type": "string" + }, + "bucketName": { + "type": "string" + } + } + }, + "SearchModel": { + "type": "object", "required": [ "query", "timeRange" ], - "type": "object" - }, - "SearchResponseModelPagedResultsAuditEvent": { - "properties": { - "alertId": { - "description": "Alert ID", + "properties": { + "groupBy": { + "type": "array", + "description": "Group By", "readOnly": true, - "type": "string" + "items": { + "type": "string" + } }, - "async": { - "description": "true = Is Async", + "filters": { + "type": "array", + "description": "View Order", "readOnly": true, - "type": "boolean" + "items": { + "$ref": "#/components/schemas/UIFilterModel" + } }, - "asyncResultUrl": { - "description": "Async Result Url", - "example": "/search/config/jobs/2df49d4f72e842b582b123bc2b7826b3/download", - "readOnly": true, - "type": "string" + "timeGranularity": { + "type": "string", + "description": "Time Granularity", + "readOnly": true + }, + "alertId": { + "type": "string", + "description": "Alert ID", + "readOnly": true }, "cloudType": { + "type": "string", "description": "Cloud Type", "enum": [ "aws", @@ -1397,109 +2325,99 @@ "gcp", "alibaba_cloud", "oci" - ], - "type": "string" - }, - "cursor": { - "description": "Cursor", - "format": "int32", - "readOnly": true, - "type": "integer" - }, - "data": { - "$ref": "#/components/schemas/PagedResultsAuditEvent" - }, - "default": { - "type": "boolean" - }, - "description": { - "description": "Search Description", - "type": "string" - }, - "filters": { - "description": "View Order", - "items": { - "$ref": "#/components/schemas/UIFilterModel" - }, - "readOnly": true, - "type": "array" - }, - "groupBy": { - "description": "Group By", - "items": { - "type": "string" - }, - "readOnly": true, - "type": "array" + ] }, "id": { - "description": "Search ID", - "type": "string" + "type": "string", + "description": "Search ID" }, "name": { - "description": "Search Name", - "type": "string" - }, - "query": { - "description": "RQL Query", - "type": "string" + "type": "string", + "description": "Search Name" }, - "saved": { - "description": "Search Exists", - "type": "boolean" + "description": { + "type": "string", + "description": "Search Description" }, "searchType": { + "type": "string", "description": "Search Type", + "readOnly": true, "enum": [ "network", "audit_event", "config", "asset" - ], - "readOnly": true, - "type": "string" + ] }, - "timeGranularity": { - "description": "Time Granularity", - "readOnly": true, - "type": "string" + "asyncResultUrl": { + "type": "string", + "example": "/search/config/jobs/2df49d4f72e842b582b123bc2b7826b3/download", + "description": "Async Result Url", + "readOnly": true + }, + "saved": { + "type": "boolean", + "description": "Search Exists" }, "timeRange": { - "allOf": [ - { - "$ref": "#/components/schemas/TimeRangeConfigModel" - }, - { - "description": "Time Range" - } - ] + "$ref": "#/components/schemas/TimeRangeConfigModel" + }, + "query": { + "type": "string", + "description": "RQL Query" + }, + "cursor": { + "type": "integer", + "format": "int32", + "description": "Cursor", + "readOnly": true + }, + "default": { + "type": "boolean" + }, + "async": { + "type": "boolean", + "description": "true = Is Async", + "readOnly": true } - }, + } + }, + "SearchResponseModel": { + "type": "object", "required": [ "query", "timeRange" ], - "type": "object" - }, - "SearchResponseModelPagedResultsResourceMetaModel": { "properties": { - "alertId": { - "description": "Alert ID", + "groupBy": { + "type": "array", + "description": "Group By", "readOnly": true, - "type": "string" + "items": { + "type": "string" + } }, - "async": { - "description": "true = Is Async", + "filters": { + "type": "array", + "description": "View Order", "readOnly": true, - "type": "boolean" + "items": { + "$ref": "#/components/schemas/UIFilterModel" + } }, - "asyncResultUrl": { - "description": "Async Result Url", - "example": "/search/config/jobs/2df49d4f72e842b582b123bc2b7826b3/download", - "readOnly": true, - "type": "string" + "timeGranularity": { + "type": "string", + "description": "Time Granularity", + "readOnly": true + }, + "alertId": { + "type": "string", + "description": "Alert ID", + "readOnly": true }, "cloudType": { + "type": "string", "description": "Cloud Type", "enum": [ "aws", @@ -1507,890 +2425,767 @@ "gcp", "alibaba_cloud", "oci" - ], - "type": "string" - }, - "cursor": { - "description": "Cursor", - "format": "int32", - "readOnly": true, - "type": "integer" - }, - "data": { - "$ref": "#/components/schemas/PagedResultsResourceMetaModel" - }, - "default": { - "type": "boolean" - }, - "description": { - "description": "Search Description", - "type": "string" - }, - "filters": { - "description": "View Order", - "items": { - "$ref": "#/components/schemas/UIFilterModel" - }, - "readOnly": true, - "type": "array" - }, - "groupBy": { - "description": "Group By", - "items": { - "type": "string" - }, - "readOnly": true, - "type": "array" + ] }, "id": { - "description": "Search ID", - "type": "string" + "type": "string", + "description": "Search ID" }, "name": { - "description": "Search Name", - "type": "string" + "type": "string", + "description": "Search Name" }, - "query": { - "description": "RQL Query", - "type": "string" - }, - "saved": { - "description": "Search Exists", - "type": "boolean" + "description": { + "type": "string", + "description": "Search Description" }, "searchType": { + "type": "string", "description": "Search Type", + "readOnly": true, "enum": [ "network", "audit_event", "config", - "asset" - ], - "readOnly": true, - "type": "string" - }, - "timeGranularity": { - "description": "Time Granularity", - "readOnly": true, - "type": "string" - }, - "timeRange": { - "allOf": [ - { - "$ref": "#/components/schemas/TimeRangeConfigModel" - }, - { - "description": "Time Range" - } - ] - } - }, - "required": [ - "query", - "timeRange" - ], - "type": "object" - }, - "SortAuditEventSortField": { - "properties": { - "direction": { - "description": "Direction", - "enum": [ - "asc", - "desc" - ], - "type": "string" - }, - "field": { - "enum": [ - "ID", - "TIME", - "OPERATION", - "CLOUD_SERVICE", - "CRUD", - "USER", - "CLOUD_ACCOUNT", - "CLOUD_REGION", - "TIMESTAMP" - ], - "type": "string" - } - }, - "type": "object" - }, - "SortConfigRuleSortField": { - "properties": { - "direction": { - "description": "Direction", - "enum": [ - "asc", - "desc" - ], - "type": "string" - }, - "field": { - "enum": [ - "ID", - "TIME", - "API_NAME", - "CUSTOMER_ID", - "INSERT_TS", - "JSON", - "CLOUD_ACCOUNT", - "CLOUD_REGION", - "STATE_ID" - ], - "type": "string" - } - }, - "type": "object" - }, - "TimeModel": { - "description": "Model for Time", - "properties": { - "endTime": { - "description": "End timestamp", - "format": "int64", - "type": "integer" - }, - "startTime": { - "description": "Start timestamp", - "format": "int64", - "type": "integer" - } - }, - "type": "object" - }, - "TimeRangeConfigModel": { - "description": "See the [Time Range Model](/prisma-cloud/api/cspm/api-time-range-model) for details.\n", - "discriminator": { - "mapping": { - "absolute": "#/components/schemas/AbsoluteTimeRangeConfigModel", - "relative": "#/components/schemas/RelativeTimeRangeConfigModel", - "to_now": "#/components/schemas/ToNowTimeRangeConfigModel" + "asset" + ] }, - "propertyName": "type" - }, - "oneOf": [ - { - "$ref": "#/components/schemas/RelativeTimeRangeConfigModel" + "asyncResultUrl": { + "type": "string", + "example": "/search/config/jobs/2df49d4f72e842b582b123bc2b7826b3/download", + "description": "Async Result Url", + "readOnly": true }, - { - "$ref": "#/components/schemas/AbsoluteTimeRangeConfigModel" + "saved": { + "type": "boolean", + "description": "Search Exists" }, - { - "$ref": "#/components/schemas/ToNowTimeRangeConfigModel" - } - ], - "properties": { - "type": { - "description": "Time type", - "type": "string" - } - }, - "required": [ - "type" - ], - "type": "object" - }, - "ToNowTimeRangeConfigModel": { - "allOf": [ - { + "timeRange": { "$ref": "#/components/schemas/TimeRangeConfigModel" }, - { - "description": "Model for ToNowTimeRangeConfig", - "properties": { - "value": { - "description": "Time range object", - "enum": [ - "MINUTE", - "HOUR", - "DAY", - "WEEK", - "MONTH", - "YEAR", - "EPOCH", - "LOGIN" - ], - "type": "string" - } - }, + "query": { + "type": "string", + "description": "RQL Query" + }, + "cursor": { + "type": "integer", + "format": "int32", + "description": "Cursor", + "readOnly": true + }, + "data": { "type": "object" + }, + "default": { + "type": "boolean" + }, + "async": { + "type": "boolean", + "description": "true = Is Async", + "readOnly": true } - ] + } }, - "UIFilterModel": { - "description": "Model for UIFilter", + "SearchResponseModelListAggregateAuditEvent": { + "type": "object", + "required": [ + "query", + "timeRange" + ], "properties": { + "groupBy": { + "type": "array", + "description": "Group By", + "readOnly": true, + "items": { + "type": "string" + } + }, + "filters": { + "type": "array", + "description": "View Order", + "readOnly": true, + "items": { + "$ref": "#/components/schemas/UIFilterModel" + } + }, + "timeGranularity": { + "type": "string", + "description": "Time Granularity", + "readOnly": true + }, + "alertId": { + "type": "string", + "description": "Alert ID", + "readOnly": true + }, + "cloudType": { + "type": "string", + "description": "Cloud Type", + "enum": [ + "aws", + "azure", + "gcp", + "alibaba_cloud", + "oci" + ] + }, + "id": { + "type": "string", + "description": "Search ID" + }, "name": { - "description": "Name", - "type": "string" + "type": "string", + "description": "Search Name" }, - "operator": { - "description": "Operator", + "description": { + "type": "string", + "description": "Search Description" + }, + "searchType": { + "type": "string", + "description": "Search Type", + "readOnly": true, "enum": [ - "=" - ], - "type": "string" + "network", + "audit_event", + "config", + "asset" + ] }, - "value": { - "description": "Value", - "type": "string" - } - }, - "type": "object" - }, - "UserAgentBrowser": { - "properties": { - "hash": { - "format": "int32", - "type": "integer" + "asyncResultUrl": { + "type": "string", + "example": "/search/config/jobs/2df49d4f72e842b582b123bc2b7826b3/download", + "description": "Async Result Url", + "readOnly": true }, - "id": { + "saved": { + "type": "boolean", + "description": "Search Exists" + }, + "timeRange": { + "$ref": "#/components/schemas/TimeRangeConfigModel" + }, + "query": { + "type": "string", + "description": "RQL Query" + }, + "cursor": { + "type": "integer", "format": "int32", - "type": "integer" + "description": "Cursor", + "readOnly": true }, - "name": { - "type": "string" + "data": { + "type": "array", + "items": { + "$ref": "#/components/schemas/AggregateAuditEvent" + } + }, + "default": { + "type": "boolean" + }, + "async": { + "type": "boolean", + "description": "true = Is Async", + "readOnly": true } - }, - "type": "object" + } }, - "UserAgentOs": { + "SearchResponseModelListObject": { + "type": "object", + "required": [ + "query", + "timeRange" + ], "properties": { - "hash": { - "format": "int32", - "type": "integer" - }, - "id": { - "format": "int32", - "type": "integer" + "groupBy": { + "type": "array", + "description": "Group By", + "readOnly": true, + "items": { + "type": "string" + } }, - "name": { - "type": "string" - } - }, - "type": "object" - } - } - }, - "info": { - "contact": {}, - "description": "You can use the Resource Query Language (RQL) to perform configuration checks across cloud services as well as \ngain real-time insights into user and network events to gain security visibility and create policy guardrails \nin your cloud environment. See the [Prisma Cloud documentation](https://docs.paloaltonetworks.com/prisma/prisma-cloud.html) for more information.\n", - "title": "Prisma Cloud Search API Overview", - "version": "Latest" - }, - "openapi": "3.0.0", - "paths": { - "/search/config": { - "post": { - "description": "Returns the results of an RQL config query. With config queries, you can retrieve resource information, identify misconfigurations, gain operational insights, and uncover policy and compliance violations. \r\n\r\n### Download Config Search CSV \nIn addition to performing a config search, this endpoint can perform the config \nsearch and download the results as a CSV file. To download the config search CSV, \nadd the request HTTP header **Accept: text/csv**.\n\nAn example request body is:\n```json\n{\n \"query\":\"config where api.name = 'aws-iam-get-account-summary' \",\n \"timeRange\":{\n \"type\":\"relative\",\n \"value\":{\n \"unit\":\"hour\",\n \"amount\":24\n }\n }\n}\n```\n", - "operationId": "search-config", - "requestBody": { - "content": { - "application/json; charset=UTF-8": { - "schema": { - "$ref": "#/components/schemas/ConfigRuleSearchParams" - } + "filters": { + "type": "array", + "description": "View Order", + "readOnly": true, + "items": { + "$ref": "#/components/schemas/UIFilterModel" } }, - "description": "Config rule search parameters model", - "required": true - }, - "responses": { - "200": { - "content": { - "application/json; charset=UTF-8": { - "schema": { - "$ref": "#/components/schemas/SearchResponseModelPagedResultsResourceMetaModel" - } - } - }, - "description": "success" + "timeGranularity": { + "type": "string", + "description": "Time Granularity", + "readOnly": true }, - "400": { - "description": "conflict_saved_search" + "alertId": { + "type": "string", + "description": "Alert ID", + "readOnly": true }, - "404": { - "description": "not_found" + "cloudType": { + "type": "string", + "description": "Cloud Type", + "enum": [ + "aws", + "azure", + "gcp", + "alibaba_cloud", + "oci" + ] }, - "500": { - "description": "internal_error" - } - }, - "security": [ - { - "x-redlock-auth": [] - } - ], - "summary": "Perform Config Search", - "tags": [ - "Search" - ] - } - }, - "/search": { - "post": { - "description": "Perform a search against flow logs with an RQL query. \r\n\r\nThis endpoint ignores the body param **default**. \n\n### Download Network Search CSV \nIn addition to performing a network search, this API can perform the network \nsearch and download the results as a CSV file. To download the network search CSV, \nadd the request HTTP header **Accept: text/csv**.\n\nAn example request body is:\n```json\n{\n \"cloudType\": \"\",\n \"id\":\"\",\n \"name\":\"\",\n \"description:\"\",\n \"saved\":false,\n \"default\":false,\n \"query\": \"\",\n \"timeRange\": {\n \"type\": \"\",\n \"value\": \"\"\n }\n}\n```\n", - "operationId": "search-network", - "requestBody": { - "content": { - "application/json; charset=UTF-8": { - "schema": { - "$ref": "#/components/schemas/SearchModel" - } - } + "id": { + "type": "string", + "description": "Search ID" }, - "description": "Search model", - "required": true - }, - "responses": { - "200": { - "content": { - "application/json; charset=UTF-8": { - "schema": { - "$ref": "#/components/schemas/SearchResponseModel" - } - } - }, - "description": "success" + "name": { + "type": "string", + "description": "Search Name" }, - "400": { - "description": "invalid_parameter_value" + "description": { + "type": "string", + "description": "Search Description" }, - "404": { - "description": "not_found" + "searchType": { + "type": "string", + "description": "Search Type", + "readOnly": true, + "enum": [ + "network", + "audit_event", + "config", + "asset" + ] }, - "500": { - "description": "internal_error" - } - }, - "security": [ - { - "x-redlock-auth": [] - } - ], - "summary": "Perform Network Search", - "tags": [ - "Search" - ] - } - }, - "/search/event": { - "post": { - "description": "Returns the results of an RQL audit event query. You can use event queries to detect and investigate console and API access, monitor privileged activities, and detect account compromise and unusual user behavior in your cloud environment.", - "operationId": "search-events", - "requestBody": { - "content": { - "application/json; charset=UTF-8": { - "schema": { - "$ref": "#/components/schemas/AuditEventSearchParamsModel" - } - } + "asyncResultUrl": { + "type": "string", + "example": "/search/config/jobs/2df49d4f72e842b582b123bc2b7826b3/download", + "description": "Async Result Url", + "readOnly": true }, - "description": "Audit event search parameters model", - "required": true - }, - "responses": { - "200": { - "content": { - "application/json; charset=UTF-8": { - "schema": { - "$ref": "#/components/schemas/SearchResponseModelPagedResultsAuditEvent" - } - } - }, - "description": "success" + "saved": { + "type": "boolean", + "description": "Search Exists" }, - "400": { - "description": "conflict_saved_search" + "timeRange": { + "$ref": "#/components/schemas/TimeRangeConfigModel" }, - "404": { - "description": "not_found" + "query": { + "type": "string", + "description": "RQL Query" }, - "500": { - "description": "internal_error" - } - }, - "security": [ - { - "x-redlock-auth": [] - } - ], - "summary": "Perform Event Search", - "tags": [ - "Search" - ] - } - }, - "/search/event/aggregate": { - "post": { - "description": "Returns the results of an RQL aggregated audit events query. This RQL query is similar to an RQL event query, but the data returned includes location and service data.", - "operationId": "search-events-aggregated", - "requestBody": { - "content": { - "application/json; charset=UTF-8": { - "schema": { - "$ref": "#/components/schemas/AuditEventSearchParamsModel" - } + "cursor": { + "type": "integer", + "format": "int32", + "description": "Cursor", + "readOnly": true + }, + "data": { + "type": "array", + "items": { + "type": "object" } }, - "description": "Audit event search parameters model", - "required": true - }, - "responses": { - "200": { - "content": { - "application/json; charset=UTF-8": { - "schema": { - "$ref": "#/components/schemas/SearchResponseModelListAggregateAuditEvent" - } - } - }, - "description": "success" + "default": { + "type": "boolean" }, - "400": { - "description": "internal_error" - } - }, - "security": [ - { - "x-redlock-auth": [] + "async": { + "type": "boolean", + "description": "true = Is Async", + "readOnly": true } + } + }, + "SearchResponseModelPagedResultsAuditEvent": { + "type": "object", + "required": [ + "query", + "timeRange" ], - "summary": "Aggregated Event Search", - "tags": [ - "Search" - ] - } - }, - "/search/event/filtered": { - "post": { - "description": "Filters the results of an event log search according to the specified parameters. You can use this call to refine the results of an aggregated search.", - "operationId": "search-events-filtered", - "requestBody": { - "content": { - "application/json; charset=UTF-8": { - "schema": { - "$ref": "#/components/schemas/AuditEventSearchParamsModel" - } + "properties": { + "groupBy": { + "type": "array", + "description": "Group By", + "readOnly": true, + "items": { + "type": "string" } }, - "description": "Audit event search parameters model", - "required": true - }, - "responses": { - "200": { - "content": { - "application/json; charset=UTF-8": { - "schema": { - "$ref": "#/components/schemas/SearchResponseModelPagedResultsAuditEvent" - } - } - }, - "description": "success" - }, - "400": { - "description": "internal_error" - } - }, - "security": [ - { - "x-redlock-auth": [] - } - ], - "summary": "Filter Event Search Results", - "tags": [ - "Search" - ] - } - }, - "/search/event/page": { - "post": { - "description": "Returns the next page of search results, using a token provided from the previous page. Used for when there are over 100 search results for a given RQL query. \r\n\r\nAn initial request to perform an event search will return a **data.nextPageToken** that you \ncan use as the initial **pageToken**.\n", - "operationId": "search-events-page", - "requestBody": { - "content": { - "application/json; charset=UTF-8": { - "schema": { - "$ref": "#/components/schemas/AuditEventPageParams" - } + "filters": { + "type": "array", + "description": "View Order", + "readOnly": true, + "items": { + "$ref": "#/components/schemas/UIFilterModel" } }, - "description": "Audit event page parameters model", - "required": true - }, - "responses": { - "200": { - "content": { - "application/json; charset=UTF-8": { - "schema": { - "$ref": "#/components/schemas/PagedResultsAuditEvent" - } - } - }, - "description": "success" + "timeGranularity": { + "type": "string", + "description": "Time Granularity", + "readOnly": true }, - "500": { - "description": "internal_error" - } - }, - "security": [ - { - "x-redlock-auth": [] - } - ], - "summary": "Get The Next Event Search Page", - "tags": [ - "Search" - ] - } - }, - "/search/event/raw/{id}": { - "get": { - "description": "Returns the audit event data for the specified ID as raw metadata.", - "operationId": "search-events-raw", - "parameters": [ - { - "description": "Audit Event ID", - "in": "path", - "name": "id", - "required": true, - "schema": { - "format": "int64", - "type": "integer" - } - } - ], - "responses": { - "200": { - "content": { - "application/json; charset=UTF-8": { - "schema": { - "$ref": "#/components/schemas/AuditEvent" - } - } - }, - "description": "success" + "alertId": { + "type": "string", + "description": "Alert ID", + "readOnly": true + }, + "cloudType": { + "type": "string", + "description": "Cloud Type", + "enum": [ + "aws", + "azure", + "gcp", + "alibaba_cloud", + "oci" + ] + }, + "id": { + "type": "string", + "description": "Search ID" + }, + "name": { + "type": "string", + "description": "Search Name" + }, + "description": { + "type": "string", + "description": "Search Description" + }, + "searchType": { + "type": "string", + "description": "Search Type", + "readOnly": true, + "enum": [ + "network", + "audit_event", + "config", + "asset" + ] }, - "404": { - "description": "not_found" + "asyncResultUrl": { + "type": "string", + "example": "/search/config/jobs/2df49d4f72e842b582b123bc2b7826b3/download", + "description": "Async Result Url", + "readOnly": true }, - "500": { - "description": "internal_error" - } - }, - "security": [ - { - "x-redlock-auth": [] - } - ], - "summary": "Get Raw Event Data", - "tags": [ - "Search" - ] - } - }, - "/search/suggest": { - "post": { - "description": "Returns the possible options—including expressions, values, and operators—to append to a partial RQL query. \r\n\r\nSpecifying a partial RQL query in the query parameter will result in a list of suggested \noptions to append to your partial query. No other parameters are required.\n", - "operationId": "search-suggest", - "requestBody": { - "content": { - "application/json; charset=UTF-8": { - "schema": { - "$ref": "#/components/schemas/SearchModel" - } - } + "saved": { + "type": "boolean", + "description": "Search Exists" }, - "description": "Search model", - "required": true - }, - "responses": { - "200": { - "content": { - "application/json; charset=UTF-8": { - "schema": { - "$ref": "#/components/schemas/AutocompleteInfo" - } - } - }, - "description": "success" - } - }, - "security": [ - { - "x-redlock-auth": [] + "timeRange": { + "$ref": "#/components/schemas/TimeRangeConfigModel" + }, + "query": { + "type": "string", + "description": "RQL Query" + }, + "cursor": { + "type": "integer", + "format": "int32", + "description": "Cursor", + "readOnly": true + }, + "data": { + "$ref": "#/components/schemas/PagedResultsAuditEvent" + }, + "default": { + "type": "boolean" + }, + "async": { + "type": "boolean", + "description": "true = Is Async", + "readOnly": true } + } + }, + "SearchResponseModelPagedResultsResourceMetaModel": { + "type": "object", + "required": [ + "query", + "timeRange" ], - "summary": "Autocomplete Search", - "tags": [ - "Search" - ] - } - }, - "/search/alert": { - "get": { - "description": "Returns search data that can be used to investigate the alert with the specified ID. \r\n\r\nThis request returns data for only the following types of alerts:\n* Anomaly alerts\n* Network alerts \n", - "operationId": "search-for-alert-by-id", - "parameters": [ - { - "description": "Alert ID", - "in": "query", - "name": "alertId", - "required": true, - "schema": { + "properties": { + "groupBy": { + "type": "array", + "description": "Group By", + "readOnly": true, + "items": { "type": "string" } - } - ], - "responses": { - "200": { - "content": { - "application/json; charset=UTF-8": { - "schema": { - "$ref": "#/components/schemas/SearchResponseModelListObject" - } - } - }, - "description": "success" }, - "404": { - "description": "not_found" + "filters": { + "type": "array", + "description": "View Order", + "readOnly": true, + "items": { + "$ref": "#/components/schemas/UIFilterModel" + } }, - "500": { - "description": "internal_error" + "timeGranularity": { + "type": "string", + "description": "Time Granularity", + "readOnly": true + }, + "alertId": { + "type": "string", + "description": "Alert ID", + "readOnly": true + }, + "cloudType": { + "type": "string", + "description": "Cloud Type", + "enum": [ + "aws", + "azure", + "gcp", + "alibaba_cloud", + "oci" + ] + }, + "id": { + "type": "string", + "description": "Search ID" + }, + "name": { + "type": "string", + "description": "Search Name" + }, + "description": { + "type": "string", + "description": "Search Description" + }, + "searchType": { + "type": "string", + "description": "Search Type", + "readOnly": true, + "enum": [ + "network", + "audit_event", + "config", + "asset" + ] + }, + "asyncResultUrl": { + "type": "string", + "example": "/search/config/jobs/2df49d4f72e842b582b123bc2b7826b3/download", + "description": "Async Result Url", + "readOnly": true + }, + "saved": { + "type": "boolean", + "description": "Search Exists" + }, + "timeRange": { + "$ref": "#/components/schemas/TimeRangeConfigModel" + }, + "query": { + "type": "string", + "description": "RQL Query" + }, + "cursor": { + "type": "integer", + "format": "int32", + "description": "Cursor", + "readOnly": true + }, + "data": { + "$ref": "#/components/schemas/PagedResultsResourceMetaModel" + }, + "default": { + "type": "boolean" + }, + "async": { + "type": "boolean", + "description": "true = Is Async", + "readOnly": true } - }, - "security": [ - { - "x-redlock-auth": [] + } + }, + "Sort": { + "type": "object", + "properties": { + "field": { + "$ref": "#/components/schemas/SortField" + }, + "direction": { + "type": "string", + "description": "Direction", + "enum": [ + "asc", + "desc" + ] } - ], - "summary": "Search Alerts by ID", - "tags": [ - "Search" - ] - } - }, - "/search/config/page": { - "post": { - "description": "Returns the next page of search results, using a token provided from the previous page. Used for when there are over 100 search results for a given RQL query.", - "operationId": "search-config-page", - "requestBody": { - "content": { - "application/json; charset=UTF-8": { - "schema": { - "$ref": "#/components/schemas/ConfigRulePageParams" - } - } + } + }, + "SortAuditEventSortField": { + "type": "object", + "properties": { + "field": { + "type": "string", + "enum": [ + "ID", + "TIME", + "OPERATION", + "CLOUD_SERVICE", + "CRUD", + "USER", + "CLOUD_ACCOUNT", + "CLOUD_REGION", + "TIMESTAMP" + ] }, - "description": "Config rule page parameters model", - "required": true - }, - "responses": { - "200": { - "content": { - "application/json; charset=UTF-8": { - "schema": { - "$ref": "#/components/schemas/PagedResultsResourceMetaModel" - } - } - }, - "description": "success" + "direction": { + "type": "string", + "description": "Direction", + "enum": [ + "asc", + "desc" + ] + } + } + }, + "SortConfigRuleSortField": { + "type": "object", + "properties": { + "field": { + "type": "string", + "enum": [ + "ID", + "TIME", + "API_NAME", + "CUSTOMER_ID", + "INSERT_TS", + "JSON", + "CLOUD_ACCOUNT", + "CLOUD_REGION", + "STATE_ID" + ] }, - "500": { - "description": "internal_error" + "direction": { + "type": "string", + "description": "Direction", + "enum": [ + "asc", + "desc" + ] } - }, - "security": [ - { - "x-redlock-auth": [] + } + }, + "SortField": { + "type": "object", + "properties": { + "columnName": { + "type": "string" + }, + "tableAlias": { + "type": "string" + }, + "aliasedColumnName": { + "type": "string" } - ], - "summary": "Get The Next Config Search Page", - "tags": [ - "Search" - ] - } - }, - "/search/event/filtered/download": { - "post": { - "description": "Performs an event log search with an RQL query and downloads the result as a CSV file.", - "operationId": "search-events-csv", - "requestBody": { - "content": { - "application/json; charset=UTF-8": { - "schema": { - "$ref": "#/components/schemas/AuditEventSearchParamsModel" - } - } + } + }, + "TimeModel": { + "type": "object", + "properties": { + "startTime": { + "type": "integer", + "format": "int64", + "description": "Start timestamp" }, - "description": "Audit event search parameters model", - "required": true + "endTime": { + "type": "integer", + "format": "int64", + "description": "End timestamp" + } }, - "responses": { - "200": { - "description": "successful operation" + "description": "Model for Time" + }, + "TimeRangeConfigModel": { + "type": "object", + "discriminator": { + "propertyName": "type" + }, + "properties": { + "type": { + "type": "string", + "description": "Time type", + "enum": [ + "relative" + ] }, - "400": { - "description": "internal_error" + "value": { + "$ref": "#/components/schemas/RelativeTimeDurationModel" } }, - "security": [ + "description": "Model for TimeRangeConfig" + }, + "ToNowTimeRangeConfigModel": { + "allOf": [ { - "x-redlock-auth": [] - } - ], - "summary": "Download Event Search CSV", - "tags": [ - "Search" - ] - } - }, - "/search/config/jobs": { - "post": { - "description": "Submits a job to generate an RQL config query results list that matches the constraints in the body parameters and is downloadable as a CSV file. Returns the job ID and job submission status. \r\n\r\nTo identify your config query, specify either (1) a saved search **id**, (2) a recent search **id** plus a unique **searchName**, \nor (3) a **query** plus a unique **searchName**.\n\nIf you identify your search through a saved search **id**, the following request body parameters apply:\n* **id** - The search ID that corresponds to an existing saved search. You can [View Search History](//prisma-cloud/api/cspm/search-history) with a filter \nto get a list of your recent search IDs. (Required)\n* **searchName** - A unique name that identifies the search (Required)\n* **sort** - An array of sort field data (Optional)\n* **timeRange** - A time range filter. Default is the past seven days. (Optional) \n\nIf you identify your search through a **query** and **searchName**, the following request body parameters apply:\n* **query** - A valid RQL config query that defines your search (Required)\n* **searchName** - A unique name that identifies the search (Required)\n* **searchDescription** - A description for your search (Optional)\n* **sort** - An array of sort field data (Optional)\n* **timeRange** - A time range filter. Default is the past seven days. (Optional)\n", - "operationId": "submit-an-search-config-csv-download-job", - "requestBody": { - "content": { - "application/json; charset=UTF-8": { - "schema": { - "$ref": "#/components/schemas/ConfigRuleSearchParams" - } - } + "$ref": "#/components/schemas/TimeRangeConfigModel" }, - "description": "Config rule search parameters model", - "required": true - }, - "responses": { - "200": { - "content": { - "application/json; charset=UTF-8": { - "schema": { - "$ref": "#/components/schemas/ConfigCsvJobResponseModel" - } + { + "type": "object", + "properties": { + "value": { + "type": "string", + "description": "Time range object", + "enum": [ + "MINUTE", + "HOUR", + "DAY", + "WEEK", + "MONTH", + "YEAR", + "EPOCH", + "LOGIN" + ] } }, - "description": "success" - }, - "202": { - "description": "in_process" + "description": "Model for ToNowTimeRangeConfig" + } + ] + }, + "UIFilterModel": { + "type": "object", + "properties": { + "name": { + "type": "string", + "description": "Name" }, - "400": { - "description": "invalid_parameter_value" + "value": { + "type": "string", + "description": "Value" }, - "500": { - "description": "internal_error" + "operator": { + "type": "string", + "description": "Operator", + "enum": [ + "=" + ] } }, - "security": [ - { - "x-redlock-auth": [] + "description": "Model for UIFilter" + }, + "UserAgentBrowser": { + "type": "object", + "properties": { + "id": { + "type": "integer", + "format": "int32" + }, + "name": { + "type": "string" + }, + "hash": { + "type": "integer", + "format": "int32" } - ], - "summary": "Submit Search Config CSV Generation Job", - "tags": [ - "Search" - ] - } - }, - "/search/config/jobs/{id}/download": { - "get": { - "description": "Returns the results of an RQL Config query as a CSV. With Config queries, you can retrieve resource information, identify misconfigurations, gain operational insights, and uncover policy and compliance violations. \r\n\r\nThis request requires the HTTP header **Accept: text/csv**.\n", - "operationId": "async-search-config-csv", - "parameters": [ - { - "description": "Job ID", - "in": "path", - "name": "id", - "required": true, - "schema": { + } + }, + "UserAgentOs": { + "type": "object", + "properties": { + "id": { + "type": "integer", + "format": "int32" + }, + "name": { + "type": "string" + }, + "hash": { + "type": "integer", + "format": "int32" + } + } + }, + "UserContextFilterInfoV1": { + "type": "object", + "properties": { + "userMeta": { + "$ref": "#/components/schemas/UserMetaV1" + }, + "groupIdVsName": { + "type": "object", + "additionalProperties": { "type": "string" } + }, + "resourceLists": { + "type": "array", + "items": { + "$ref": "#/components/schemas/ResourceListVO" + } + }, + "accounts": { + "type": "array", + "items": { + "$ref": "#/components/schemas/CloudAccountMetaVO" + } + }, + "codeRepositoriesEntitlementUrl": { + "type": "string" } - ], - "responses": { - "200": { - "description": "successful operation" + } + }, + "UserMetaV1": { + "type": "object", + "properties": { + "username": { + "type": "string" }, - "202": { - "description": "in_process" + "roleType": { + "type": "string" }, - "400": { - "description": "conflict_saved_search" + "customerName": { + "type": "string" }, - "404": { - "description": "not_found" + "timeZone": { + "type": "string" }, - "500": { - "description": "internal_error" - } - }, - "security": [ - { - "x-redlock-auth": [] + "lastLoginTime": { + "type": "integer", + "format": "int64" + }, + "ssoSession": { + "type": "boolean" + }, + "customerCreatedTs": { + "type": "integer", + "format": "int64" + }, + "licenseType": { + "type": "string", + "enum": [ + "ENTERPRISE", + "BUSINESS" + ] + }, + "customerId": { + "type": "integer", + "format": "int32" + }, + "prismaId": { + "type": "string" + }, + "activeUserRoleId": { + "type": "string" + }, + "supportAccessLevel": { + "type": "string", + "enum": [ + "NONE", + "ADMIN", + "AGENT", + "LIGHT_AGENT" + ] } - ], - "summary": "Download Async Config Search CSV", - "tags": [ - "Search" - ] + } } } - }, - "servers": [ - { - "url": "https://api.prismacloud.io" - }, - { - "url": "https://api2.prismacloud.io" - }, - { - "url": "https://api3.prismacloud.io" - }, - { - "url": "https://api4.prismacloud.io" - }, - { - "url": "https://api.anz.prismacloud.io" - }, - { - "url": "https://api.eu.prismacloud.io" - }, - { - "url": "https://api2.eu.prismacloud.io" - }, - { - "url": "https://api.gov.prismacloud.io" - }, - { - "url": "https://api.prismacloud.cn" - }, - { - "url": "https://api.ca.prismacloud.io" - }, - { - "url": "https://api.sg.prismacloud.io" - }, - { - "url": "https://api.uk.prismacloud.io" - }, - { - "url": "https://api.ind.prismacloud.io" - }, - { - "url": "https://api.jp.prismacloud.io" - }, - { - "url": "https://api.fr.prismacloud.io" - } - ], - "tags": [ - { - "description": "You can use the Resource Query Language (RQL) to perform configuration checks across cloud services as well as \ngain real-time insights into user and network events to gain security visibility and create policy guardrails \nin your cloud environment. See the [Prisma Cloud documentation](https://docs.paloaltonetworks.com/prisma/prisma-cloud.html) for more information.\n", - "name": "Search" - } - ] + } }