Skip to main content

Netskope Help

View Security Assessment Violations

Use this endpoint to get the security assessment violations from the latest scan or as a snapshot of time. This endpoint also replicates the input and output shown at Cloud Infrastructure > Compliance > Raw Findings.

Request Endpoint

https://<tenant-name>.goskope.com/api/v1/security_assessment

Valid parameters are:

Key	Value	Description
`account_id`	URL-encoded string	The Iaas platform provider account ID.
`account_name`	URL-encoded string	The Iaas platform provider account name.
`cloud_provider`	`azure \| aws \| googlecloud`	The IaaS platform provider.
`policy_name`	URL-encoded string	The Security Assessment policy name.
`profile_name`	URL-encoded string	The Security Assessment profile name.
`rule_name`	URL-encoded string	The Security Assessment rule name.
`resource_category`	URL-encoded string	The asset category set by Netskope per account resource.
`resource_id`	URL-encoded string	The asset identifier created by the IaaS platform provider.
`resource_name`	URL-encoded string	The IaaS instance name.
`resource_type`	URL-encoded string	The resource type set by Netskope per account resource.
`tag_name`	URL-encoded string	The tag name set in the Iaas platform provider account resource. Must also supply tag value.
`tag_value`	URL-encoded string	The tag value set in the Iaas platform provider account resource. Must also supply tag name.
`remediated_by`	`AutoRemediation \| OnDemandRemediation`	How the policy violation was remediated.
`last_remediation_status`	`None \| Started \| Completed \| Errored`	Last remediation status. `None` means not any the other three options.
`as_of`	Integer	Epoch time of results at that time. Default is the time of the request when not supplied, and is GMT time.
`severity`	`Critical \| High \| Medium \| Low`	The Security Assessment rule severity.
`limit`	Positive integer less than 10000	Required. REST API responses can return up to 10000 events in a single response. You can use pagination to retrieve more results.
`skip`	Positive integer	Skip over some of the events (useful for pagination in combination with limit).
`status`	`Passed \| Failed`	The Security Assessment status.
`muted`	`Yes \| No`	Returns either muted or unmuted findings.
`compliance_standard`	URL-encoded string	The name of the compliance standard, like CIS-AWSFND-1.2.0, NIST-CSF, etc.
`region`	For Azure, some possible values are: `all` `global` `eastus` `northcentralus` `westus` `centralindia` `centralus` `australiacentral` For AWS, possible values are: `global` `ap-south-1` `ap-northeast-2` `ap-southeast-1` `ap-southeast-2` `ap-northeast-1` `ca-central-1` `eu-central-1` `eu-west-1` `eu-west-2` `eu-west-3` `eu-north-1` `me-south-1` `us-east-1` `us-east-2` `us-west-1` `us-west-2` For Google Cloud, some possible values are: `asia-east1` `asia-east2` `asia-northeast1` `asia-southeast1` `asia-south1` `europe-north1` `europe-west1` `europe-west2` `europe-west3` `europe-west4` `northamerica-northeast1` `southamerica-east1` `us-central1` `us-east1` `us-east4` `us-west1` `us-west2`	The location reference

Example Request with Response

curl -X GET 'https://<tenant-name>.goskope.com/api/v1/security_assessment?token=5f8a08f99d40d9b0130dd43798n5n5n&platform=aws&limit=1&skip=0’

{
    "status": "success",
    "msg": "",
    "data": [
        {
            "status": "Passed",
            "account_name": "Rel66AWS",
            "account_id": "215406114230",
            "rule_name": "BPR-AWS | Ensure no user has AdminAccess policy",
            "remediation_steps": "Not Available",
            "resource_name": "gauthami",
            "resource_id": "gauthami",
            "resource_type": "User",
            "resource_category": "Identity",
            "severity": "High",
            "failing_since": "2020-02-12 02:30:17AM", 
             // Will appear only if status = Failed    
            "mute": "true",
             // Will appear only if muted or has been muted in the past        
            "cloud_provider": "AWS",
            "profiles": [
                "AWS Best Practices v1.0.0"
            ],
            "mute_until": "2020-04-14 07:00:00AM",
            // Will appear only if muted or has been muted in the past
            "mute_time": "2020-04-01 06:30:46AM",
            // Will appear only if muted or has been muted in the past               
            "mute_by": "developer@netskope.com",
            // Will appear only if muted or has been muted in the past
            "auto_remediation_status": "errored",
            "remediation_action_name": "Ensure User does not have Admin Access Privilege",
            "remediated_by": "auto_remediation",
            "auto_remediation_time": "2019-08-01 06:54:45AM",
            "is_auto_remediation": "true",
            "policies": [
                "ak-ar-policy"
            ],
            "region_name": "global",
            "error_msg": "",
            "last_scan_time": "2019-08-01 06:54:45AM",
            "tags": [
                {
                    "name": "gautami",
                    "value": "1032"
            }],    
            "compliance_standards": [{ 
                "control": "1",
                "description": "Audit/log records are determined, documented, implemented, and reviewed in accordance with policy",           
                "section": "PR.PT",
                "standard": "NIST-CSF-1.1",
                "reference_url": "https://nvlpubs.nist.gov/nistpubs/CSWP/NIST.
CSWP.04162018.pdf"
                },
                {            
                "control": "9",            
                "description": "Ensure a log metric filter and alarm exist for AWS Config configuration changes",
                "appname": "aws",
                "section": "3",
                "standard": "CIS-AWSFND-1.2.0",            
                "reference_url": "https://www.cisecurity.org/benchmark/amazon_web_
services/"        
                }
           ]
}

In this section:

Would you like to provide feedback? Just click here to suggest edits.