openapi: 3.0.0
info:
version: 1.1.1
title: Sysdig Public API
description: |-
Sysdig Public API.
contact:
name: Sysdig
url: https://sysdig.com
email: info@sysdig.com
license:
name: Sysdig License
url: https://docs.sysdig.com/en/docs/administration/administration-settings/subscription/
security:
- bearerAuth: []
paths:
/monitor/cost-advisor/v1/pricing:
x-excluded-environments:
- OnPrem
get:
summary: List Pricing
description: |
Retrieve a paginated list of pricing.\
\
**Required permissions:** _cost-advisor.read_
operationId: getPricingV1
tags:
- Cost Advisor Custom Pricing
parameters:
- $ref: '#/components/parameters/Offset'
- $ref: '#/components/parameters/Limit'
- name: clusterName
in: query
description: |
The name of the Kubernetes cluster for which you want to retrive the pricing.
required: false
schema:
type: string
maxLength: 256
example: prod-us-1
- name: type
in: query
description: |
The type of pricing to find.
required: false
schema:
$ref: '#/components/schemas/PricingType'
responses:
'200':
description: The pricing page.
headers:
X-RateLimit-Limit:
description: Maximum number of allowed requests per minute.
schema:
type: integer
format: int32
minimum: 1
maximum: 4096
content:
application/json:
schema:
$ref: '#/components/schemas/GetPricingPaginatedResponseV1'
'400':
$ref: '#/components/responses/BadRequest'
'401':
$ref: '#/components/responses/Unauthorized'
'404':
$ref: '#/components/responses/NotFound'
'429':
$ref: '#/components/responses/TooManyRequests'
'500':
$ref: '#/components/responses/InternalServerError'
post:
summary: Create Pricing
description: |
Change a new pricing to use as default (for cloud providers that Cost Advisor doesn't automatically support) or for a specific Kubernetes cluster.\
\
You need to specify hourly costs for 1 CPU, 1GB of RAM and 1GB of storage. \
Different CPU and RAM costs can be specified for spot instances; to enable Cost Advisor to identify the spot node, a label and spot value must also be set. \
\
Cluster hourly cost = sum(node hourly costs) + (total storage * storage unit cost). \
Node hourly cost = (total CPUs * CPU unit cost) + (total RAM * RAM unit cost) \
\
**Required permissions:** _cost-advisor.edit_
operationId: createPricingV1
tags:
- Cost Advisor Custom Pricing
requestBody:
description: The payload to create pricing. Use the type field to create a default pricing or pricing for a specific Kubernetes cluster.
content:
application/json:
schema:
$ref: '#/components/schemas/CreatePricingRequestV1'
responses:
'201':
description: Pricing created.
headers:
X-RateLimit-Limit:
description: Maximum number of allowed requests per minute.
schema:
type: integer
format: int32
minimum: 1
maximum: 4096
content:
application/json:
schema:
$ref: '#/components/schemas/PricingResponseV1'
'400':
$ref: '#/components/responses/BadRequest'
'401':
$ref: '#/components/responses/Unauthorized'
'409':
$ref: '#/components/responses/Conflict'
'415':
$ref: '#/components/responses/UnsupportedMediaType'
'422':
$ref: '#/components/responses/UnprocessableEntity'
'429':
$ref: '#/components/responses/TooManyRequests'
'500':
$ref: '#/components/responses/InternalServerError'
/monitor/cost-advisor/v1/pricing/{pricingId}:
x-excluded-environments:
- OnPrem
get:
summary: Get Pricing
description: |
Retrieve a pricing by ID.\
\
**Required permissions:** _cost-advisor.read_
operationId: getPricingByIdV1
tags:
- Cost Advisor Custom Pricing
parameters:
- $ref: '#/components/parameters/PricingIdPath'
responses:
'200':
description: Pricing found.
headers:
X-RateLimit-Limit:
description: Maximum number of allowed requests per minute.
schema:
type: integer
format: int32
minimum: 1
maximum: 4096
content:
application/json:
schema:
$ref: '#/components/schemas/PricingResponseV1'
'400':
$ref: '#/components/responses/BadRequest'
'401':
$ref: '#/components/responses/Unauthorized'
'404':
$ref: '#/components/responses/NotFound'
'429':
$ref: '#/components/responses/TooManyRequests'
'500':
$ref: '#/components/responses/InternalServerError'
put:
summary: Update Pricing
description: |
The pricing payload containing the changes you want to apply to the pricing.\
\
**Required permissions:** _cost-advisor.edit_
operationId: updatePricingByIdV1
tags:
- Cost Advisor Custom Pricing
parameters:
- $ref: '#/components/parameters/PricingIdPath'
requestBody:
description: The payload required to create the pricing.
content:
application/json:
schema:
$ref: '#/components/schemas/UpdatePricingRequestV1'
responses:
'200':
description: Pricing updated.
headers:
X-RateLimit-Limit:
description: Maximum number of allowed requests per minute.
schema:
type: integer
format: int32
minimum: 1
maximum: 4096
content:
application/json:
schema:
$ref: '#/components/schemas/PricingResponseV1'
'400':
$ref: '#/components/responses/BadRequest'
'401':
$ref: '#/components/responses/Unauthorized'
'404':
$ref: '#/components/responses/NotFound'
'409':
$ref: '#/components/responses/Conflict'
'415':
$ref: '#/components/responses/UnsupportedMediaType'
'422':
$ref: '#/components/responses/UnprocessableEntity'
'429':
$ref: '#/components/responses/TooManyRequests'
'500':
$ref: '#/components/responses/InternalServerError'
delete:
summary: Delete Pricing
description: |
Delete a pricing by its ID. If the pricing deleted is the DEFAULT one. Cost Advisor will continue to compute costs for the unsupported Kubernetes cluster using the Sysdig default pricing.\
\
**Required permissions:** _cost-advisor.edit_
operationId: deletePricingByIdV1
tags:
- Cost Advisor Custom Pricing
parameters:
- $ref: '#/components/parameters/PricingIdPath'
responses:
'204':
description: Pricing deleted.
headers:
X-RateLimit-Limit:
description: Maximum number of allowed requests per minute.
schema:
type: integer
format: int32
minimum: 1
maximum: 4096
'400':
$ref: '#/components/responses/BadRequest'
'401':
$ref: '#/components/responses/Unauthorized'
'403':
$ref: '#/components/responses/Forbidden'
'404':
$ref: '#/components/responses/NotFound'
'422':
$ref: '#/components/responses/UnprocessableEntity'
'429':
$ref: '#/components/responses/TooManyRequests'
'500':
$ref: '#/components/responses/InternalServerError'
/monitor/cost-advisor/v1/pricing/{pricingId}/projected-costs:
x-excluded-environments:
- OnPrem
get:
summary: Get Pricing Projected Costs
description: |
Retrieve the monthly projected costs for the clusters using the specified pricing.\
The computation is done using the total CPU and RAM for the current cluster's nodes and the total storage used by the cluster.\
\
Projected monthly cost = 730 * (total CPUs * CPU unit cost) + (total RAM * RAM unit cost) + (total storage * storage unit cost). \
\
**Required permissions:** _cost-advisor.read_
operationId: getPricingProjectedCostsV1
tags:
- Cost Advisor Custom Pricing
parameters:
- $ref: '#/components/parameters/PricingIdPath'
- $ref: '#/components/parameters/Offset'
- $ref: '#/components/parameters/Limit'
responses:
'200':
description: Montlhy projected costs.
headers:
X-RateLimit-Limit:
description: Maximum number of allowed requests per minute.
schema:
type: integer
format: int32
minimum: 1
maximum: 4096
content:
application/json:
schema:
$ref: '#/components/schemas/GetPricingProjectedPaginatedResponseV1'
'400':
$ref: '#/components/responses/BadRequest'
'401':
$ref: '#/components/responses/Unauthorized'
'404':
$ref: '#/components/responses/NotFound'
'429':
$ref: '#/components/responses/TooManyRequests'
'500':
$ref: '#/components/responses/InternalServerError'
/monitor/cost-advisor/v1alpha1/data/workload-cost-trends:
x-excluded-environments:
- OnPrem
post:
summary: Workload Cost Trends Data
description: |
Returns workload cost trends data for a specified trend range, pivot date, optional scope,
and optional grouping. The response includes cost totals for both current
and previous periods, along with the date ranges for each period.
operationId: getWorkloadCostDataV1
tags:
- Cost Advisor Data
requestBody:
required: true
content:
application/json:
schema:
$ref: '#/components/schemas/WorkloadCostTrendsDataRequest'
responses:
'200':
description: Workload Cost Trend data
headers:
X-RateLimit-Limit:
description: Maximum number of allowed requests per minute.
schema:
type: integer
format: int32
minimum: 1
maximum: 4096
content:
application/json:
schema:
$ref: '#/components/schemas/WorkloadCostTrendsDataResponse'
'400':
$ref: '#/components/responses/BadRequest'
'401':
$ref: '#/components/responses/Unauthorized'
'429':
$ref: '#/components/responses/TooManyRequests'
'500':
$ref: '#/components/responses/InternalServerError'
/monitor/cost-advisor/v1alpha1/data/wasted-workload-spend:
x-excluded-environments:
- OnPrem
post:
summary: Wasted Workload Spend Data
description: |
Use this API to generate a report of Wasted Workload Spend data for a specified date range, scope,
and grouping. For details, see [Wasted Workload Spend Report](https://docs.sysdig.com/en/sysdig-monitor/cost-reports/#wasted-workload-spend-report).
operationId: getWastedWorkloadData
tags:
- Cost Advisor Data
requestBody:
required: true
content:
application/json:
schema:
$ref: '#/components/schemas/WastedWorkloadDataRequest'
responses:
'200':
description: Wasted Workload Spend data
headers:
X-RateLimit-Limit:
description: Maximum number of allowed requests per minute.
schema:
type: integer
format: int32
minimum: 1
maximum: 4096
content:
application/json:
schema:
$ref: '#/components/schemas/WastedWorkloadSpendDataResponse'
'400':
$ref: '#/components/responses/BadRequest'
'401':
$ref: '#/components/responses/Unauthorized'
'429':
$ref: '#/components/responses/TooManyRequests'
'500':
$ref: '#/components/responses/InternalServerError'
/monitor/cost-advisor/v1alpha1/data/workload-rightsizing:
x-excluded-environments:
- OnPrem
post:
summary: Workload Rightsizing Data
description: "Use this API to generate a Workload Rightsizing data for a specified date range, algorithm and optional scope. \nThe response is automatically grouped by the following Prometheus labels:\n - kube_cluster_name\n - kube_namespace_name\n - kube_workload_name\n - container_name\n"
operationId: getWorkloadRightsizingData
tags:
- Cost Advisor Data
requestBody:
required: true
content:
application/json:
schema:
$ref: '#/components/schemas/WorkloadRightsizingDataRequest'
responses:
'200':
description: Workload Rightsizing data
headers:
X-RateLimit-Limit:
description: Maximum number of allowed requests per minute.
schema:
type: integer
format: int32
minimum: 1
maximum: 4096
content:
application/json:
schema:
$ref: '#/components/schemas/WorkloadRightsizingDataResponse'
'400':
$ref: '#/components/responses/BadRequest'
'401':
$ref: '#/components/responses/Unauthorized'
'429':
$ref: '#/components/responses/TooManyRequests'
'500':
$ref: '#/components/responses/InternalServerError'
/monitor/alerts/v1/inhibition-rules:
get:
summary: List Inhibition Rules
description: |
Retrieve the list of inhibition rules.\
\
**Required permissions:** _inhibition-rules.read_ or _alerts.read_
operationId: getInhibitionRules
tags:
- Inhibition Rules
parameters:
- $ref: '#/components/parameters/Offset'
- $ref: '#/components/parameters/Limit'
responses:
'200':
description: The list of inhibition rules.
headers:
X-RateLimit-Limit:
description: Maximum number of allowed requests per minute.
schema:
type: integer
format: int32
minimum: 1
maximum: 4096
content:
application/json:
schema:
$ref: '#/components/schemas/GetInhibitionRulesPaginatedResponseV1'
'400':
$ref: '#/components/responses/BadRequest'
'401':
$ref: '#/components/responses/Unauthorized'
'429':
$ref: '#/components/responses/TooManyRequests'
'500':
$ref: '#/components/responses/InternalServerError'
post:
summary: Create Inhibition Rule
description: |
Create an inhibition rule.\
\
**Required permissions:** _inhibition-rules.edit_ or _alerts.edit_
operationId: createInhibitionRule
tags:
- Inhibition Rules
requestBody:
description: The inhibition rule to be created.
required: true
content:
application/json:
schema:
$ref: '#/components/schemas/CreateInhibitionRuleRequestV1'
responses:
'201':
description: Inhibition rule created.
headers:
X-RateLimit-Limit:
description: Maximum number of allowed requests per minute.
schema:
type: integer
format: int32
minimum: 1
maximum: 4096
content:
application/json:
schema:
$ref: '#/components/schemas/InhibitionRuleResponseV1'
'400':
$ref: '#/components/responses/BadRequest'
'401':
$ref: '#/components/responses/Unauthorized'
'403':
$ref: '#/components/responses/Forbidden'
'415':
$ref: '#/components/responses/UnsupportedMediaType'
'422':
$ref: '#/components/responses/UnprocessableEntity'
'429':
$ref: '#/components/responses/TooManyRequests'
'500':
$ref: '#/components/responses/InternalServerError'
/monitor/alerts/v1/inhibition-rules/{inhibitionRuleId}:
get:
summary: Get Inhibition Rule
description: |
Retrieve an inhibition rule by ID.\
\
**Required permissions:** _inhibition-rules.read_ or _alerts.read_
operationId: getInhibitionRuleById
tags:
- Inhibition Rules
parameters:
- $ref: '#/components/parameters/InhibitionRulePath'
responses:
'200':
description: Inhibition rule found.
headers:
X-RateLimit-Limit:
description: Maximum number of allowed requests per minute.
schema:
type: integer
format: int32
minimum: 1
maximum: 4096
content:
application/json:
schema:
$ref: '#/components/schemas/InhibitionRuleResponseV1'
'400':
$ref: '#/components/responses/BadRequest'
'401':
$ref: '#/components/responses/Unauthorized'
'404':
$ref: '#/components/responses/NotFound'
'429':
$ref: '#/components/responses/TooManyRequests'
'500':
$ref: '#/components/responses/InternalServerError'
put:
summary: Update Inhibition Rule
description: |
Update an inhibition rule.\
\
**Required permissions:** _inhibition-rules.edit_ or _alerts.edit_
operationId: updateInhibitionRule
tags:
- Inhibition Rules
parameters:
- $ref: '#/components/parameters/InhibitionRulePath'
requestBody:
description: The new version of the inhibition rule.
required: true
content:
application/json:
schema:
$ref: '#/components/schemas/UpdateInhibitionRuleRequestV1'
responses:
'200':
description: Inhibition rule updated.
headers:
X-RateLimit-Limit:
description: Maximum number of allowed requests per minute.
schema:
type: integer
format: int32
minimum: 1
maximum: 4096
content:
application/json:
schema:
$ref: '#/components/schemas/InhibitionRuleResponseV1'
'400':
$ref: '#/components/responses/BadRequest'
'401':
$ref: '#/components/responses/Unauthorized'
'404':
$ref: '#/components/responses/NotFound'
'409':
$ref: '#/components/responses/Conflict'
'415':
$ref: '#/components/responses/UnsupportedMediaType'
'422':
$ref: '#/components/responses/UnprocessableEntity'
'429':
$ref: '#/components/responses/TooManyRequests'
'500':
$ref: '#/components/responses/InternalServerError'
delete:
summary: Delete Inhibition Rule
description: |
Delete an inhibition rule by its ID.\
\
**Required permissions:** _inhibition-rules.edit_ or _alerts.edit_
operationId: deleteInhibitionRuleById
tags:
- Inhibition Rules
parameters:
- $ref: '#/components/parameters/InhibitionRulePath'
responses:
'204':
description: Inhibition rule deleted.
headers:
X-RateLimit-Limit:
description: Maximum number of allowed requests per minute.
schema:
type: integer
format: int32
minimum: 1
maximum: 4096
'400':
$ref: '#/components/responses/BadRequest'
'401':
$ref: '#/components/responses/Unauthorized'
'404':
$ref: '#/components/responses/NotFound'
'429':
$ref: '#/components/responses/TooManyRequests'
'500':
$ref: '#/components/responses/InternalServerError'
/monitor/events/v1/events:
get:
summary: Get Events
operationId: getMonitorEventsV1
description: "Retrieves the list of events matching the expressed search criteria.\nThe pair `from` and `to` and the `cursor` parameter are mutually exclusive. If you supply a `from` and `to` you must not supply a `cursor` and vice-versa.\nThe time criteria is required and can be specified in two different ways:\n- Using `from` and `to`, the list of events within the timeframe (max 2 weeks) will be returned, starting from the most recent ones.\n- Using a `cursor` the events returned will be in the before or after the event, depending on the cursor type. More details are available in the `cursor` attribute in the response.\\\n\\\n**Required permissions:** \n- _alert-events.read_ for alert events to be included in the response\n- _custom-events.read_ for custom events to be included in the response\n"
tags:
- Monitor Events
parameters:
- in: query
name: from
schema:
$ref: '#/components/schemas/MonitorEventsFrom'
- in: query
name: to
schema:
$ref: '#/components/schemas/MonitorEventsTo'
- in: query
name: cursor
schema:
$ref: '#/components/schemas/MonitorEventsCursor'
- in: query
name: filter
schema:
$ref: '#/components/schemas/MonitorEventsFilter'
- $ref: '#/components/parameters/Limit'
responses:
'200':
description: The list of events.
headers:
X-RateLimit-Limit:
description: Maximum number of allowed requests per minute.
schema:
type: integer
format: int32
minimum: 1
maximum: 4096
content:
application/json:
schema:
$ref: '#/components/schemas/ListMonitorEventsResponse'
'400':
description: Bad request
headers:
X-RateLimit-Limit:
description: Maximum number of allowed requests per minute.
schema:
type: integer
format: int32
minimum: 1
maximum: 4096
content:
application/json:
schema:
$ref: '#/components/schemas/Error'
'401':
$ref: '#/components/responses/Unauthorized'
'403':
$ref: '#/components/responses/Forbidden'
'404':
$ref: '#/components/responses/NotFound'
'429':
$ref: '#/components/responses/TooManyRequests'
'500':
$ref: '#/components/responses/InternalServerError'
/monitor/prometheus-jobs/v1/disabled-metrics:
get:
summary: List disabled metrics collection for Jobs.
description: |
List all disabled metrics per Job.\
\
**Required permissions:** Integrations Read
operationId: getDisabledMetricsByJobV1
tags:
- Metrics Collection
parameters:
- name: jobName
in: query
description: |
The name of the Prometheus Job whose excluded metrics are to be listed.
required: false
schema:
type: string
example: job-name-default
maxLength: 256
- name: metricName
in: query
description: |
The exact name of the metric to be filtered.
required: false
schema:
type: string
example: apache_accesses_total
maxLength: 256
responses:
'200':
description: The list of disabled metrics associated with the specified Job.
headers:
X-RateLimit-Limit:
description: Maximum number of allowed requests per minute.
schema:
type: integer
format: int32
minimum: 1
maximum: 4096
content:
application/json:
schema:
$ref: '#/components/schemas/ResponseListDisabledMetricsV1'
'400':
$ref: '#/components/responses/BadRequest'
'401':
$ref: '#/components/responses/Unauthorized'
'404':
$ref: '#/components/responses/NotFound'
'429':
$ref: '#/components/responses/TooManyRequests'
'500':
$ref: '#/components/responses/InternalServerError'
post:
summary: Disable or re-enable metrics collection for Jobs
description: |
Disable specific metric collection for a specified Job. \
This API supports specifying multiple Jobs, each with its own list of metrics to be disabled. \
Additionally, you can use the same API to re-enable metrics that were previously disabled.\
\
**Required permissions:** Integrations Full Access
operationId: postDisabledMetricsV1
tags:
- Metrics Collection
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/RequestBodyDisabledMetricsV1'
responses:
'200':
description: All Jobs and metrics have been disabled/re-enabled successfully.
headers:
X-RateLimit-Limit:
description: Maximum number of allowed requests per minute.
schema:
type: integer
format: int32
minimum: 1
maximum: 4096
content:
application/json:
schema:
$ref: '#/components/schemas/ResponseListDisabledMetricsV1'
'207':
description: Some metrics could not be disabled/re-enabled. Check the error information for further explanation.
headers:
X-RateLimit-Limit:
description: Maximum number of allowed requests per minute.
schema:
type: integer
format: int32
minimum: 1
maximum: 4096
content:
application/json:
schema:
$ref: '#/components/schemas/ResponseListDisabledMetricsAndErrorV1'
'400':
$ref: '#/components/responses/BadRequest'
'401':
$ref: '#/components/responses/Unauthorized'
'404':
$ref: '#/components/responses/NotFound'
'429':
$ref: '#/components/responses/TooManyRequests'
'500':
$ref: '#/components/responses/InternalServerError'
/monitor/prometheus-jobs/v1alpha1/custom-jobs:
get:
summary: List Custom Prometheus jobs
description: |
Retrieve a paginated list of custom Prometheus jobs.\
\
**Required permissions:** _promcat.integrations.read_
operationId: getCustomPrometheusJobsV1
tags:
- Metrics Collection
parameters:
- $ref: '#/components/parameters/Offset'
- $ref: '#/components/parameters/Limit'
responses:
'200':
description: The custom jobs page.
headers:
X-RateLimit-Limit:
description: Maximum number of allowed requests per minute.
schema:
type: integer
format: int32
minimum: 1
maximum: 4096
content:
application/json:
schema:
$ref: '#/components/schemas/GetCustomJobsPaginatedResponseV1'
'400':
$ref: '#/components/responses/BadRequest'
'401':
$ref: '#/components/responses/Unauthorized'
'404':
$ref: '#/components/responses/NotFound'
'429':
$ref: '#/components/responses/TooManyRequests'
'500':
$ref: '#/components/responses/InternalServerError'
/monitor/prometheus-jobs/v1alpha1/custom-jobs/{jobName}:
post:
summary: Create Custom Prometheus job
description: "Create a custom Prometheus job. \n\\\nThe body of the request must be a valid `scrape_config` as defined here: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#scrape_config\\\n\\\nThe custom job will be disabled by default and must be enabled with the `/monitor/prometheus-jobs/v1alpha1/custom-jobs/{jobName}/enablement` api.\n\\\nYou can override the standard Sysdig integration jobs using the same job name. The job names are available here: https://docs.sysdig.com/en/docs/sysdig-monitor/integrations/monitoring-integrations/configure-default-integrations/#supported-monitoring-integrations\n\\\n**CAUTION**: the content of the job must be validated according to the Prometheus Scrape Config job definition. Any misconfiguration here can lead the Agent to fail the job parsing and stop sending custom metrics for all jobs.\n\\\n**Required permissions:** _promcat.integrations.admin_\n"
operationId: createCustomPrometheusJobV1
tags:
- Metrics Collection
parameters:
- $ref: '#/components/parameters/JobNamePath'
requestBody:
description: The payload to create a custom job. Content must be a valid Prometheus `scrape_config`.
content:
application/yaml:
schema:
$ref: '#/components/schemas/CustomJobContentV1'
responses:
'201':
description: Custom Prometheus job created.
headers:
X-RateLimit-Limit:
description: Maximum number of allowed requests per minute.
schema:
type: integer
format: int32
minimum: 1
maximum: 4096
content:
application/yaml:
schema:
$ref: '#/components/schemas/CustomJobContentV1'
'400':
$ref: '#/components/responses/BadRequest'
'401':
$ref: '#/components/responses/Unauthorized'
'409':
$ref: '#/components/responses/Conflict'
'415':
$ref: '#/components/responses/UnsupportedMediaType'
'422':
$ref: '#/components/responses/UnprocessableEntity'
'429':
$ref: '#/components/responses/TooManyRequests'
'500':
$ref: '#/components/responses/InternalServerError'
get:
summary: Get Custom Prometheus Job
description: |
Retrieve a custom Prometheus job by its name.\
\
**Required permissions:** _promcat.integrations.read_
operationId: getCustomPrometheusJobByNameV1
tags:
- Metrics Collection
parameters:
- $ref: '#/components/parameters/JobNamePath'
responses:
'200':
description: Custom Prometheus Job found.
headers:
X-RateLimit-Limit:
description: Maximum number of allowed requests per minute.
schema:
type: integer
format: int32
minimum: 1
maximum: 4096
content:
application/yaml:
schema:
$ref: '#/components/schemas/CustomJobContentV1'
'400':
$ref: '#/components/responses/BadRequest'
'401':
$ref: '#/components/responses/Unauthorized'
'404':
$ref: '#/components/responses/NotFound'
'429':
$ref: '#/components/responses/TooManyRequests'
'500':
$ref: '#/components/responses/InternalServerError'
put:
summary: Update Custom Prometheus Job
description: "Update a custom Prometheus job. \n\\\nThe body of the request must be a valid `scrape_config` as defined here: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#scrape_config\\\n\\\nYou can override the standard Sysdig integration jobs using the same job name. The job names are available here: https://docs.sysdig.com/en/docs/sysdig-monitor/integrations/monitoring-integrations/configure-default-integrations/#supported-monitoring-integrations\n\\\n**CAUTION**: the content of the job must be validated according to the Prometheus Scrape Config job definition. Any misconfiguration here can lead the Agent to fail the job parsing and stop sending custom metrics for all jobs.\n\\\n**Required permissions:** _promcat.integrations.admin_\n"
operationId: updateCustomPrometheusJobByIdV1
tags:
- Metrics Collection
parameters:
- $ref: '#/components/parameters/JobNamePath'
requestBody:
description: The custom Prometheus job yaml content
content:
application/yaml:
schema:
$ref: '#/components/schemas/CustomJobContentV1'
responses:
'200':
description: Custom Prometheus job updated.
headers:
X-RateLimit-Limit:
description: Maximum number of allowed requests per minute.
schema:
type: integer
format: int32
minimum: 1
maximum: 4096
content:
application/yaml:
schema:
$ref: '#/components/schemas/CustomJobContentV1'
'400':
$ref: '#/components/responses/BadRequest'
'401':
$ref: '#/components/responses/Unauthorized'
'404':
$ref: '#/components/responses/NotFound'
'409':
$ref: '#/components/responses/Conflict'
'415':
$ref: '#/components/responses/UnsupportedMediaType'
'422':
$ref: '#/components/responses/UnprocessableEntity'
'429':
$ref: '#/components/responses/TooManyRequests'
'500':
$ref: '#/components/responses/InternalServerError'
delete:
summary: Delete Custom Prometheus job
description: |
Delete a custom Prometheus job by its name.\
\
**Required permissions:** _promcat.integrations.admin_
operationId: deleteCustomPrometheusJobByIdV1
tags:
- Metrics Collection
parameters:
- $ref: '#/components/parameters/JobNamePath'
responses:
'204':
description: Custom Prometheus job deleted.
headers:
X-RateLimit-Limit:
description: Maximum number of allowed requests per minute.
schema:
type: integer
format: int32
minimum: 1
maximum: 4096
'400':
$ref: '#/components/responses/BadRequest'
'401':
$ref: '#/components/responses/Unauthorized'
'403':
$ref: '#/components/responses/Forbidden'
'404':
$ref: '#/components/responses/NotFound'
'422':
$ref: '#/components/responses/UnprocessableEntity'
'429':
$ref: '#/components/responses/TooManyRequests'
'500':
$ref: '#/components/responses/InternalServerError'
/monitor/prometheus-jobs/v1alpha1/custom-jobs/{jobName}/enablement:
get:
summary: Get Custom Prometheus Job enablement
description: |
Retrieve the enablement state of a custom Prometheus job by its name.\
\
**Required permissions:** _promcat.integrations.admin_
operationId: getCustomPrometheusJobEnablementV1
tags:
- Metrics Collection
parameters:
- $ref: '#/components/parameters/JobNamePath'
responses:
'200':
description: Custom Prometheus job found.
headers:
X-RateLimit-Limit:
description: Maximum number of allowed requests per minute.
schema:
type: integer
format: int32
minimum: 1
maximum: 4096
content:
application/json:
schema:
$ref: '#/components/schemas/CustomJobsEnablementV1'
'400':
$ref: '#/components/responses/BadRequest'
'401':
$ref: '#/components/responses/Unauthorized'
'404':
$ref: '#/components/responses/NotFound'
'429':
$ref: '#/components/responses/TooManyRequests'
'500':
$ref: '#/components/responses/InternalServerError'
put:
summary: Update Custom Prometheus Job enablement
description: |
Update the enablement state of a custom Prometheus job by its name.\
\
**Required permissions:** _promcat.integrations.admin_
operationId: updateCustomPrometheusJobEnablementV1
tags:
- Metrics Collection
parameters:
- $ref: '#/components/parameters/JobNamePath'
requestBody:
description: The payload required to enable the custom Prometheus job.
content:
application/json:
schema:
$ref: '#/components/schemas/CustomJobsEnablementV1'
responses:
'200':
description: Custom Prometheus job enablement updated.
headers:
X-RateLimit-Limit:
description: Maximum number of allowed requests per minute.
schema:
type: integer
format: int32
minimum: 1
maximum: 4096
content:
application/json:
schema:
$ref: '#/components/schemas/CustomJobsEnablementV1'
'400':
$ref: '#/components/responses/BadRequest'
'401':
$ref: '#/components/responses/Unauthorized'
'404':
$ref: '#/components/responses/NotFound'
'409':
$ref: '#/components/responses/Conflict'
'415':
$ref: '#/components/responses/UnsupportedMediaType'
'422':
$ref: '#/components/responses/UnprocessableEntity'
'429':
$ref: '#/components/responses/TooManyRequests'
'500':
$ref: '#/components/responses/InternalServerError'
/prometheus/api/v1/query:
get:
summary: Instant Query
description: |
This endpoint evaluates an instant query at a single point in time.
\
**Required permissions:** _metrics-data.read_
operationId: getQueryV1
tags:
- Prometheus
parameters:
- $ref: '#/components/parameters/Query'
- $ref: '#/components/parameters/Time'
- $ref: '#/components/parameters/Timeout'
- $ref: '#/components/parameters/LimitQuery'
responses:
'200':
headers:
X-RateLimit-Limit:
description: Maximum number of allowed requests per minute.
schema:
type: integer
format: int32
minimum: 1
maximum: 4096
description: Instant query result.
content:
application/json:
schema:
$ref: '#/components/schemas/QueryResponseV1'
'400':
$ref: '#/components/responses/BadRequestPrometheus'
'401':
$ref: '#/components/responses/UnauthorizedPrometheus'
'404':
$ref: '#/components/responses/NotFoundPrometheus'
'429':
$ref: '#/components/responses/TooManyRequests'
'500':
$ref: '#/components/responses/InternalServerErrorPrometheus'
post:
summary: Instant Query
description: |
This endpoint evaluates an instant query at a single point in time.
\
**Required permissions:** _metrics-data.read_
operationId: postQueryV1
tags:
- Prometheus
parameters:
- $ref: '#/components/parameters/Query'
- $ref: '#/components/parameters/Time'
- $ref: '#/components/parameters/Timeout'
- $ref: '#/components/parameters/LimitQuery'
responses:
'200':
headers:
X-RateLimit-Limit:
description: Maximum number of allowed requests per minute.
schema:
type: integer
format: int32
minimum: 1
maximum: 4096
description: Instant query result.
content:
application/json:
schema:
$ref: '#/components/schemas/QueryResponseV1'
'400':
$ref: '#/components/responses/BadRequestPrometheus'
'401':
$ref: '#/components/responses/UnauthorizedPrometheus'
'404':
$ref: '#/components/responses/NotFoundPrometheus'
'429':
$ref: '#/components/responses/TooManyRequests'
'500':
$ref: '#/components/responses/InternalServerErrorPrometheus'
/prometheus/api/v1/query_range:
get:
summary: Range Query
description: |
This endpoint evaluates an expression query over a specified time range.
\
**Required permissions:** _metrics-data.read_
operationId: getQueryRangeV1
tags:
- Prometheus
parameters:
- $ref: '#/components/parameters/Query'
- $ref: '#/components/parameters/TimeStartQuery'
- $ref: '#/components/parameters/TimeEndQuery'
- $ref: '#/components/parameters/Step'
- $ref: '#/components/parameters/Timeout'
- $ref: '#/components/parameters/LimitQuery'
responses:
'200':
headers:
X-RateLimit-Limit:
description: Maximum number of allowed requests per minute.
schema:
type: integer
format: int32
minimum: 1
maximum: 4096
description: Range query result.
content:
application/json:
schema:
$ref: '#/components/schemas/QueryResponseV1'
'400':
$ref: '#/components/responses/BadRequestPrometheus'
'401':
$ref: '#/components/responses/UnauthorizedPrometheus'
'404':
$ref: '#/components/responses/NotFoundPrometheus'
'422':
$ref: '#/components/responses/UnprocessableEntityPrometheus'
'429':
$ref: '#/components/responses/TooManyRequests'
'500':
$ref: '#/components/responses/InternalServerErrorPrometheus'
post:
summary: Range Query
description: |
This endpoint evaluates an expression query over a specified time range.
\
**Required permissions:** _metrics-data.read_
operationId: postQueryRangeV1
tags:
- Prometheus
parameters:
- $ref: '#/components/parameters/Query'
- $ref: '#/components/parameters/TimeStartQuery'
- $ref: '#/components/parameters/TimeEndQuery'
- $ref: '#/components/parameters/Step'
- $ref: '#/components/parameters/Timeout'
- $ref: '#/components/parameters/LimitQuery'
responses:
'200':
headers:
X-RateLimit-Limit:
description: Maximum number of allowed requests per minute.
schema:
type: integer
format: int32
minimum: 1
maximum: 4096
description: Range query result.
content:
application/json:
schema:
$ref: '#/components/schemas/QueryResponseV1'
'400':
$ref: '#/components/responses/BadRequestPrometheus'
'401':
$ref: '#/components/responses/UnauthorizedPrometheus'
'404':
$ref: '#/components/responses/NotFoundPrometheus'
'422':
$ref: '#/components/responses/UnprocessableEntityPrometheus'
'429':
$ref: '#/components/responses/TooManyRequests'
'500':
$ref: '#/components/responses/InternalServerErrorPrometheus'
/prometheus/api/v1/series:
get:
summary: Series Query
description: |
The following endpoint returns the list of time series that match a specified label set.
\
**Required permissions:** _metrics-data.read_
operationId: getSeriesV1
tags:
- Prometheus
parameters:
- $ref: '#/components/parameters/MatchSeries'
- $ref: '#/components/parameters/TimeStartSeries'
- $ref: '#/components/parameters/TimeEndSeries'
- $ref: '#/components/parameters/LimitSeries'
responses:
'200':
headers:
X-RateLimit-Limit:
description: Maximum number of allowed requests per minute.
schema:
type: integer
format: int32
minimum: 1
maximum: 4096
description: List of time series.
content:
application/json:
schema:
$ref: '#/components/schemas/SeriesResponseV1'
'400':
$ref: '#/components/responses/BadRequestPrometheus'
'401':
$ref: '#/components/responses/UnauthorizedPrometheus'
'404':
$ref: '#/components/responses/NotFoundPrometheus'
'422':
$ref: '#/components/responses/UnprocessableEntityPrometheus'
'429':
$ref: '#/components/responses/TooManyRequests'
'500':
$ref: '#/components/responses/InternalServerErrorPrometheus'
post:
summary: Series Query
description: |
The following endpoint returns the list of time series that match a specified label set.
\
**Required permissions:** _metrics-data.read_
operationId: postSeriesV1
tags:
- Prometheus
parameters:
- $ref: '#/components/parameters/MatchSeries'
- $ref: '#/components/parameters/TimeStartSeries'
- $ref: '#/components/parameters/TimeEndSeries'
- $ref: '#/components/parameters/LimitSeries'
responses:
'200':
headers:
X-RateLimit-Limit:
description: Maximum number of allowed requests per minute.
schema:
type: integer
format: int32
minimum: 1
maximum: 4096
description: List of time series.
content:
application/json:
schema:
$ref: '#/components/schemas/SeriesResponseV1'
'400':
$ref: '#/components/responses/BadRequestPrometheus'
'401':
$ref: '#/components/responses/UnauthorizedPrometheus'
'404':
$ref: '#/components/responses/NotFoundPrometheus'
'422':
$ref: '#/components/responses/UnprocessableEntityPrometheus'
'429':
$ref: '#/components/responses/TooManyRequests'
'500':
$ref: '#/components/responses/InternalServerErrorPrometheus'
/prometheus/api/v1/labels:
get:
summary: Labels Query
description: |
The following endpoint returns a list of label names:
\
**Required permissions:** _metrics-data.read_
operationId: getLabelsV1
tags:
- Prometheus
parameters:
- $ref: '#/components/parameters/TimeStartUnsupported'
- $ref: '#/components/parameters/TimeEndUnsupported'
- $ref: '#/components/parameters/MatchLabelNames'
- $ref: '#/components/parameters/LimitSeries'
responses:
'200':
headers:
X-RateLimit-Limit:
description: Maximum number of allowed requests per minute.
schema:
type: integer
format: int32
minimum: 1
maximum: 4096
description: List of labels.
content:
application/json:
schema:
$ref: '#/components/schemas/LabelsResponseV1'
'400':
$ref: '#/components/responses/BadRequestPrometheus'
'401':
$ref: '#/components/responses/UnauthorizedPrometheus'
'404':
$ref: '#/components/responses/NotFoundPrometheus'
'429':
$ref: '#/components/responses/TooManyRequests'
'500':
$ref: '#/components/responses/InternalServerErrorPrometheus'
post:
summary: Labels Query
description: |
The following endpoint returns a list of label names:
\
**Required permissions:** _metrics-data.read_
operationId: postLabelsV1
tags:
- Prometheus
parameters:
- $ref: '#/components/parameters/TimeStartUnsupported'
- $ref: '#/components/parameters/TimeEndUnsupported'
- $ref: '#/components/parameters/MatchLabelNames'
- $ref: '#/components/parameters/LimitSeries'
responses:
'200':
headers:
X-RateLimit-Limit:
description: Maximum number of allowed requests per minute.
schema:
type: integer
format: int32
minimum: 1
maximum: 4096
description: List of labels.
content:
application/json:
schema:
$ref: '#/components/schemas/LabelsResponseV1'
'400':
$ref: '#/components/responses/BadRequestPrometheus'
'401':
$ref: '#/components/responses/UnauthorizedPrometheus'
'404':
$ref: '#/components/responses/NotFoundPrometheus'
'429':
$ref: '#/components/responses/TooManyRequests'
'500':
$ref: '#/components/responses/InternalServerErrorPrometheus'
/prometheus/api/v1/label/{labelName}/values:
get:
summary: Labels Values Query
description: |
The following endpoint returns a list of label names:
\
**Required permissions:** _metrics-data.read_
operationId: getLabelValuesV1
tags:
- Prometheus
parameters:
- $ref: '#/components/parameters/TimeStartUnsupported'
- $ref: '#/components/parameters/TimeEndUnsupported'
- $ref: '#/components/parameters/LabelNamePath'
- $ref: '#/components/parameters/MatchLabelValues'
- $ref: '#/components/parameters/LimitLabelValues'
responses:
'200':
headers:
X-RateLimit-Limit:
description: Maximum number of allowed requests per minute.
schema:
type: integer
format: int32
minimum: 1
maximum: 4096
description: List of labels.
content:
application/json:
schema:
$ref: '#/components/schemas/LabelValuesResponseV1'
'400':
$ref: '#/components/responses/BadRequestPrometheus'
'401':
$ref: '#/components/responses/UnauthorizedPrometheus'
'404':
$ref: '#/components/responses/NotFoundPrometheus'
'429':
$ref: '#/components/responses/TooManyRequests'
'500':
$ref: '#/components/responses/InternalServerErrorPrometheus'
/prometheus/api/v1/metadata:
get:
summary: Querying metric metadata
description: |
The following endpoint returns a list of label names:
\
**Required permissions:** _metrics-data.read_
operationId: getMetadataV1
tags:
- Prometheus
parameters:
- $ref: '#/components/parameters/LimitPerMetricUnsupported'
- $ref: '#/components/parameters/LimitMetrics'
- $ref: '#/components/parameters/MetricName'
responses:
'200':
headers:
X-RateLimit-Limit:
description: Maximum number of allowed requests per minute.
schema:
type: integer
format: int32
minimum: 1
maximum: 4096
description: Successful response.
content:
application/json:
schema:
$ref: '#/components/schemas/MetadataResponseV1'
'400':
$ref: '#/components/responses/BadRequestPrometheus'
'401':
$ref: '#/components/responses/UnauthorizedPrometheus'
'404':
$ref: '#/components/responses/NotFoundPrometheus'
'429':
$ref: '#/components/responses/TooManyRequests'
'500':
$ref: '#/components/responses/InternalServerErrorPrometheus'
/prometheus/api/v1/rules:
get:
summary: Rules
description: "The /rules API endpoint returns the list of alerting rules. It also returns the currently active alerts fired by the Prometheus instance of each alerting rule. \n\\\nSysdig currently does not support recording rules.\n\\\n**Required permissions:** _alerts.read_\n"
operationId: getRulesV1
tags:
- Prometheus
parameters:
- name: type
in: query
required: false
schema:
type: string
enum:
- alert
description: This endpoint only returns alerting rules (`type=alert`). When absent or empty, only alerting rules are returned.
- name: rule_name[]
in: query
required: false
schema:
type: array
maxItems: 100
items:
type: string
maxLength: 255
style: form
explode: true
description: Only return rules with the given rule name. If repeated, rules with any of the provided names are returned.
- name: rule_group[]
in: query
required: false
schema:
type: array
maxItems: 100
items:
type: string
maxLength: 255
style: form
explode: true
description: Only return rules with the given rule group name. If repeated, rules with any of the provided group names are returned.
- name: file[]
in: query
required: false
schema:
type: array
maxItems: 100
items:
type: string
maxLength: 255
style: form
explode: true
description: UNSUPPORTED - Sysdig does not support this parameter.
- name: exclude_alerts
in: query
required: false
schema:
type: boolean
description: This endpoint supports only returning alerting rules (`exclude_alerts=true`).
- name: match[]
in: query
required: false
schema:
type: array
maxItems: 100
items:
type: string
maxLength: 512
style: form
explode: true
description: Only return rules with configured labels that satisfy the label selectors.
- name: group_limit
in: query
required: false
schema:
$ref: '#/components/schemas/UnlimitedLong'
description: Limit the number of rule groups returned in a single response.
- name: group_next_token
in: query
required: false
schema:
type: string
maxLength: 255
description: UNSUPPORTED - This parameter is not supported due to the Sysdig's specific implementation.
responses:
'200':
headers:
X-RateLimit-Limit:
description: Maximum number of allowed requests per minute.
schema:
type: integer
format: int32
minimum: 1
maximum: 4096
description: List of rules.
content:
application/json:
schema:
$ref: '#/components/schemas/RulesResponseV1'
'400':
$ref: '#/components/responses/BadRequestPrometheus'
'401':
$ref: '#/components/responses/UnauthorizedPrometheus'
'404':
$ref: '#/components/responses/NotFoundPrometheus'
'429':
$ref: '#/components/responses/TooManyRequests'
'500':
$ref: '#/components/responses/InternalServerErrorPrometheus'
/prometheus/api/v1/alerts:
get:
summary: Alerts
description: |
Returns a list of active alerts that are currently firing in Prometheus.
\
**Required permissions:** _alerts.read_
operationId: getAlertsV1
tags:
- Prometheus
responses:
'200':
headers:
X-RateLimit-Limit:
description: Maximum number of allowed requests per minute.
schema:
type: integer
format: int32
minimum: 1
maximum: 4096
description: List of alerts.
content:
application/json:
schema:
$ref: '#/components/schemas/AlertsResponseV1'
'400':
$ref: '#/components/responses/BadRequestPrometheus'
'401':
$ref: '#/components/responses/UnauthorizedPrometheus'
'404':
$ref: '#/components/responses/NotFoundPrometheus'
'429':
$ref: '#/components/responses/TooManyRequests'
'500':
$ref: '#/components/responses/InternalServerErrorPrometheus'
/prometheus/api/v1/write:
post:
summary: Ingest metric data (remote write)
description: |
Accepts a Protobuf-encoded Snappy-compressed request containing time series data. Used for remote write integrations.
\
**Required permissions:** _ingest.prws_
operationId: remoteWriteV1
tags:
- Prometheus
requestBody:
required: true
content:
application/x-protobuf:
schema:
type: string
format: binary
description: Protobuf-encoded and Snappy-compressed WriteRequest message.
responses:
'200':
headers:
X-RateLimit-Limit:
description: Maximum number of allowed requests per minute.
schema:
type: integer
format: int32
minimum: 1
maximum: 4096
description: Confirmation message.
content:
text/plain:
schema:
type: string
maxLength: 10000
example: ''
'400':
$ref: '#/components/responses/BadRequestPrometheus'
'401':
$ref: '#/components/responses/UnauthorizedPrometheus'
'404':
$ref: '#/components/responses/NotFoundPrometheus'
'429':
$ref: '#/components/responses/TooManyRequests'
'500':
$ref: '#/components/responses/InternalServerErrorPrometheus'
/prometheus/api/v1/format_query:
get:
summary: Format Query
description: |
This endpoint is NOT SUPPORTED.
operationId: getFormatQueryV1
tags:
- Prometheus
responses:
'410':
$ref: '#/components/responses/GonePrometheus'
post:
summary: Format Query
description: |
This endpoint is NOT SUPPORTED.
operationId: postFormatQueryV1
tags:
- Prometheus
responses:
'410':
$ref: '#/components/responses/GonePrometheus'
/prometheus/api/v1/parse_query:
get:
summary: Parse Query
description: |
This endpoint is NOT SUPPORTED.
operationId: getParseQueryV1
tags:
- Prometheus
responses:
'410':
$ref: '#/components/responses/GonePrometheus'
post:
summary: Parse Query
description: |
This endpoint is NOT SUPPORTED.
operationId: postParseQueryV1
tags:
- Prometheus
responses:
'410':
$ref: '#/components/responses/GonePrometheus'
/prometheus/api/v1/query_exemplars:
get:
summary: Query Exemplars
description: |
This endpoint is NOT SUPPORTED.
operationId: getExemplarsV1
tags:
- Prometheus
responses:
'410':
$ref: '#/components/responses/GonePrometheus'
post:
summary: Query Exemplars
description: |
This endpoint is NOT SUPPORTED.
operationId: postExemplarsV1
tags:
- Prometheus
responses:
'410':
$ref: '#/components/responses/GonePrometheus'
/prometheus/api/v1/targets:
get:
summary: Targets
description: |
This endpoint is NOT SUPPORTED.
operationId: getTargetsV1
tags:
- Prometheus
responses:
'410':
$ref: '#/components/responses/GonePrometheus'
/prometheus/api/v1/targets/metadata:
get:
summary: Querying target metadata
description: |
This endpoint is NOT SUPPORTED.
operationId: getTargetsMetadataV1
tags:
- Prometheus
responses:
'410':
$ref: '#/components/responses/GonePrometheus'
/prometheus/api/v1//alertmanagers:
get:
summary: Alertmanagers
description: |
This endpoint is NOT SUPPORTED.
operationId: getAlertManagersV1
tags:
- Prometheus
responses:
'410':
$ref: '#/components/responses/GonePrometheus'
/prometheus/api/v1/status/config:
get:
summary: Config
description: |
This endpoint is NOT SUPPORTED.
operationId: getStatusConfigV1
tags:
- Prometheus
responses:
'410':
$ref: '#/components/responses/GonePrometheus'
/prometheus/api/v1/status/flags:
get:
summary: Flags
description: |
This endpoint is NOT SUPPORTED.
operationId: getStatusFlagsV1
tags:
- Prometheus
responses:
'410':
$ref: '#/components/responses/GonePrometheus'
/prometheus/api/v1/status/runtimeinfo:
get:
summary: Runtime Information
description: |
This endpoint is NOT SUPPORTED.
operationId: getStatusRuntimeInfoV1
tags:
- Prometheus
responses:
'410':
$ref: '#/components/responses/GonePrometheus'
/prometheus/api/v1/status/buildinfo:
get:
summary: Build Information
description: |
This endpoint is NOT SUPPORTED.
operationId: getStatusBuildInfoV1
tags:
- Prometheus
responses:
'410':
$ref: '#/components/responses/GonePrometheus'
/prometheus/api/v1/status/tsdb:
get:
summary: TSDB Stats
description: |
This endpoint is NOT SUPPORTED.
operationId: getStatusTsdbV1
tags:
- Prometheus
responses:
'410':
$ref: '#/components/responses/GonePrometheus'
/prometheus/api/v1/status/walreplay:
get:
summary: WAL Replay
description: |
This endpoint is NOT SUPPORTED.
operationId: getStatusWalReplayV1
tags:
- Prometheus
responses:
'410':
$ref: '#/components/responses/GonePrometheus'
/prometheus/api/v1/admin/tsdb/snapshot:
post:
summary: Snapshot
description: |
This endpoint is NOT SUPPORTED.
operationId: getAdminTsdbSnapshotV1
tags:
- Prometheus
responses:
'410':
$ref: '#/components/responses/GonePrometheus'
put:
summary: Snapshot
description: |
This endpoint is NOT SUPPORTED.
operationId: postAdminTsdbSnapshotV1
tags:
- Prometheus
responses:
'410':
$ref: '#/components/responses/GonePrometheus'
/prometheus/api/v1/admin/tsdb/delete_series:
post:
summary: Delete Series
description: |
This endpoint is NOT SUPPORTED.
operationId: getAdminTsdbDeleteSeriesV1
tags:
- Prometheus
responses:
'410':
$ref: '#/components/responses/GonePrometheus'
put:
summary: Delete Series
description: |
This endpoint is NOT SUPPORTED.
operationId: postAdminTsdbDeleteSeriesV1
tags:
- Prometheus
responses:
'410':
$ref: '#/components/responses/GonePrometheus'
/prometheus/api/v1/admin/tsdb/clean_tombstones:
post:
summary: Clean Tombstones
description: |
This endpoint is NOT SUPPORTED.
operationId: getAdminTsdbCleanTombstonesV1
tags:
- Prometheus
responses:
'410':
$ref: '#/components/responses/GonePrometheus'
put:
summary: Clean Tombstones
description: |
This endpoint is NOT SUPPORTED.
operationId: postAdminTsdbCleanTombstonesV1
tags:
- Prometheus
responses:
'410':
$ref: '#/components/responses/GonePrometheus'
/prometheus/api/v1/notifications:
get:
summary: Active Notifications
description: |
This endpoint is NOT SUPPORTED.
operationId: getNotificationsV1
tags:
- Prometheus
responses:
'410':
$ref: '#/components/responses/GonePrometheus'
/prometheus/api/v1/notifications/live:
get:
summary: Live Notifications
description: |
This endpoint is NOT SUPPORTED.
operationId: getLiveNotificationsV1
tags:
- Prometheus
responses:
'410':
$ref: '#/components/responses/GonePrometheus'
/platform/v1/platform-audit-events:
x-excluded-environments:
- IBM
get:
summary: Get Platform Audit Events
description: |
Retrieve a paginated list of Platform Audit Events.\
\
**Required permissions:** _audit-trail-events.read_
operationId: getPlatformAuditEventsV1
tags:
- Platform Audit
parameters:
- in: query
name: from
schema:
$ref: '#/components/schemas/From'
- in: query
name: to
schema:
$ref: '#/components/schemas/To'
- in: query
name: cursor
schema:
$ref: '#/components/schemas/Cursor'
- in: query
name: filter
schema:
$ref: '#/components/schemas/AuditEventsFeedFilter'
- in: query
name: limit
schema:
$ref: '#/components/schemas/AuditEventsFeedLimit'
responses:
'200':
description: List of Platform Audit Events.
headers:
X-RateLimit-Limit:
description: Maximum number of allowed requests per minute.
schema:
type: integer
format: int32
minimum: 1
maximum: 4096
content:
application/json:
schema:
$ref: '#/components/schemas/ListAuditEventsResponse'
'400':
$ref: '#/components/responses/BadRequest'
'401':
$ref: '#/components/responses/Unauthorized'
'429':
$ref: '#/components/responses/TooManyRequests'
'500':
$ref: '#/components/responses/InternalServerError'
/platform/jira/v1/integrations:
summary: The following are the operations applicable to the Jira integrations.
get:
summary: List Jira integrations
description: |
This operation returns a paginated list of Jira integrations from the Sysdig platform.
**Required permissions:** *ticketing-integration.read*
operationId: getJiraIntegrationsV1
tags:
- Jira integrations
parameters:
- $ref: '#/components/parameters/Limit'
- $ref: '#/components/parameters/Offset'
- $ref: '#/components/parameters/Enabled'
responses:
'200':
description: List of Jira integrations
headers:
X-RateLimit-Limit:
description: Maximum number of allowed requests per minute.
schema:
type: integer
format: int32
minimum: 1
maximum: 4096
content:
application/json:
schema:
$ref: '#/components/schemas/PaginatedIntegrationsResponseV1'
'400':
$ref: '#/components/responses/BadRequest'
'401':
$ref: '#/components/responses/Unauthorized'
'403':
$ref: '#/components/responses/Forbidden'
'429':
$ref: '#/components/responses/TooManyRequests'
'500':
$ref: '#/components/responses/InternalServerError'
post:
summary: Create Jira integration
description: |
This operation creates a Jira integration on the Sysdig platform.
**Required permissions:** *ticketing-integration.write*
operationId: createJiraIntegrationV1
tags:
- Jira integrations
requestBody:
description: A Jira integration to create
content:
application/json:
schema:
$ref: '#/components/schemas/CreateIntegrationRequestV1'
required: true
responses:
'201':
description: Created Jira integration
headers:
X-RateLimit-Limit:
description: Maximum number of allowed requests per minute.
schema:
type: integer
format: int32
minimum: 1
maximum: 4096
content:
application/json:
schema:
$ref: '#/components/schemas/IntegrationResponseV1'
'400':
$ref: '#/components/responses/BadRequest'
'401':
$ref: '#/components/responses/Unauthorized'
'403':
$ref: '#/components/responses/Forbidden'
'429':
$ref: '#/components/responses/TooManyRequests'
'500':
$ref: '#/components/responses/InternalServerError'
/platform/jira/v1/integrations/{integrationId}:
summary: The following are the operations applicable to the specific Jira integration.
get:
summary: Get Jira integration
description: |
This operation returns a specific Jira integration from the Sysdig platform.
**Required permissions:** *ticketing-integration.read*
operationId: getJiraIntegrationV1
tags:
- Jira integrations
parameters:
- $ref: '#/components/parameters/JiraIntegrationId'
responses:
'200':
description: Specific Jira integration
headers:
X-RateLimit-Limit:
description: Maximum number of allowed requests per minute.
schema:
type: integer
format: int32
minimum: 1
maximum: 4096
content:
application/json:
schema:
$ref: '#/components/schemas/IntegrationResponseV1'
'400':
$ref: '#/components/responses/BadRequest'
'401':
$ref: '#/components/responses/Unauthorized'
'403':
$ref: '#/components/responses/Forbidden'
'404':
$ref: '#/components/responses/NotFound'
'429':
$ref: '#/components/responses/TooManyRequests'
'500':
$ref: '#/components/responses/InternalServerError'
put:
summary: Update Jira integration
description: |
This operation updates a specific Jira integration on the Sysdig platform.
**Required permissions:** *ticketing-integration.write*
operationId: updateJiraIntegrationV1
tags:
- Jira integrations
parameters:
- $ref: '#/components/parameters/JiraIntegrationId'
requestBody:
description: The Jira integration to update
content:
application/json:
schema:
$ref: '#/components/schemas/UpdateIntegrationRequestV1'
responses:
'200':
description: Updated Jira integration
headers:
X-RateLimit-Limit:
description: Maximum number of allowed requests per minute.
schema:
type: integer
format: int32
minimum: 1
maximum: 4096
content:
application/json:
schema:
$ref: '#/components/schemas/IntegrationResponseV1'
'400':
$ref: '#/components/responses/BadRequest'
'401':
$ref: '#/components/responses/Unauthorized'
'403':
$ref: '#/components/responses/Forbidden'
'404':
$ref: '#/components/responses/NotFound'
'429':
$ref: '#/components/responses/TooManyRequests'
'500':
$ref: '#/components/responses/InternalServerError'
delete:
summary: Delete Jira integration
description: |
This operation deletes a specific Jira integration on the Sysdig platform.
**Required permissions:** *ticketing-integration.write*
operationId: deleteJiraIntegrationV1
tags:
- Jira integrations
parameters:
- $ref: '#/components/parameters/JiraIntegrationId'
responses:
'204':
description: Jira integration deleted successfully
headers:
X-RateLimit-Limit:
description: Maximum number of allowed requests per minute.
schema:
type: integer
format: int32
minimum: 1
maximum: 4096
'400':
$ref: '#/components/responses/BadRequest'
'401':
$ref: '#/components/responses/Unauthorized'
'403':
$ref: '#/components/responses/Forbidden'
'404':
$ref: '#/components/responses/NotFound'
'409':
$ref: '#/components/responses/Conflict'
'429':
$ref: '#/components/responses/TooManyRequests'
'500':
$ref: '#/components/responses/InternalServerError'
/platform/jira/v1/integrations/{integrationId}/issue-types:
summary: The following are the operations applicable to the Jira issue types.
get:
summary: List Jira issue types
description: |
This operation returns a list of Jira issue types from the Sysdig platform, associated with a particular Jira integration.
**Required permissions:** *ticketing-integration.read*
operationId: getJiraIssueTypesV1
tags:
- Jira integrations
parameters:
- $ref: '#/components/parameters/JiraIntegrationId'
responses:
'200':
description: List of Jira issue types for the particular Jira integration
headers:
X-RateLimit-Limit:
description: Maximum number of allowed requests per minute.
schema:
type: integer
format: int32
minimum: 1
maximum: 4096
content:
application/json:
schema:
$ref: '#/components/schemas/IssueTypesResponseV1'
'400':
$ref: '#/components/responses/BadRequest'
'401':
$ref: '#/components/responses/Unauthorized'
'403':
$ref: '#/components/responses/Forbidden'
'429':
$ref: '#/components/responses/TooManyRequests'
'500':
$ref: '#/components/responses/InternalServerError'
post:
summary: Create Jira issue type
description: |
This operation creates a Jira issue type on the Sysdig platform for the particular Jira integration.
**Required permissions:** *ticketing-integration.write*
operationId: createJiraIssueTypeV1
tags:
- Jira integrations
parameters:
- $ref: '#/components/parameters/JiraIntegrationId'
requestBody:
description: A Jira issue type to create
content:
application/json:
schema:
$ref: '#/components/schemas/CreateIssueTypeRequestV1'
required: true
responses:
'201':
description: Created Jira issue type
headers:
X-RateLimit-Limit:
description: Maximum number of allowed requests per minute.
schema:
type: integer
format: int32
minimum: 1
maximum: 4096
content:
application/json:
schema:
$ref: '#/components/schemas/IssueTypeResponseV1'
'400':
$ref: '#/components/responses/BadRequest'
'401':
$ref: '#/components/responses/Unauthorized'
'403':
$ref: '#/components/responses/Forbidden'
'404':
$ref: '#/components/responses/NotFound'
'429':
$ref: '#/components/responses/TooManyRequests'
'500':
$ref: '#/components/responses/InternalServerError'
/platform/jira/v1/integrations/{integrationId}/issue-types/{issueTypeId}:
summary: The following are the operations applicable to the specific Jira issue type.
get:
summary: Get Jira issue type
description: |
This operation returns a specific Jira issue type from the Sysdig platform.
**Required permissions:** *ticketing-integration.read*
operationId: getJiraIssueTypeV1
tags:
- Jira integrations
parameters:
- $ref: '#/components/parameters/JiraIntegrationId'
- $ref: '#/components/parameters/IssueTypeId'
responses:
'200':
description: Specific Jira issue type
headers:
X-RateLimit-Limit:
description: Maximum number of allowed requests per minute.
schema:
type: integer
format: int32
minimum: 1
maximum: 4096
content:
application/json:
schema:
$ref: '#/components/schemas/IssueTypeResponseV1'
'400':
$ref: '#/components/responses/BadRequest'
'401':
$ref: '#/components/responses/Unauthorized'
'403':
$ref: '#/components/responses/Forbidden'
'404':
$ref: '#/components/responses/NotFound'
'429':
$ref: '#/components/responses/TooManyRequests'
'500':
$ref: '#/components/responses/InternalServerError'
put:
summary: Update Jira issue type
description: |
This operation updates a specific Jira issue type on the Sysdig platform.
**Required permissions:** *ticketing-integration.write*
operationId: updateJiraIssueTypeV1
tags:
- Jira integrations
parameters:
- $ref: '#/components/parameters/JiraIntegrationId'
- $ref: '#/components/parameters/IssueTypeId'
requestBody:
description: A Jira issue type to update
content:
application/json:
schema:
$ref: '#/components/schemas/UpdateIssueTypeRequestV1'
responses:
'200':
description: Updated Jira issue type
headers:
X-RateLimit-Limit:
description: Maximum number of allowed requests per minute.
schema:
type: integer
format: int32
minimum: 1
maximum: 4096
content:
application/json:
schema:
$ref: '#/components/schemas/IssueTypeResponseV1'
'400':
$ref: '#/components/responses/BadRequest'
'401':
$ref: '#/components/responses/Unauthorized'
'403':
$ref: '#/components/responses/Forbidden'
'404':
$ref: '#/components/responses/NotFound'
'429':
$ref: '#/components/responses/TooManyRequests'
'500':
$ref: '#/components/responses/InternalServerError'
delete:
summary: Delete Jira issue type
description: |
This operation deletes a specific Jira issue type on the Sysdig platform.
**Required permissions:** *ticketing-integration.write*
operationId: deleteJiraIssueTypeV1
tags:
- Jira integrations
parameters:
- $ref: '#/components/parameters/JiraIntegrationId'
- $ref: '#/components/parameters/IssueTypeId'
responses:
'204':
description: Jira issue type deleted successfully
headers:
X-RateLimit-Limit:
description: Maximum number of allowed requests per minute.
schema:
type: integer
format: int32
minimum: 1
maximum: 4096
'400':
$ref: '#/components/responses/BadRequest'
'401':
$ref: '#/components/responses/Unauthorized'
'403':
$ref: '#/components/responses/Forbidden'
'404':
$ref: '#/components/responses/NotFound'
'429':
$ref: '#/components/responses/TooManyRequests'
'500':
$ref: '#/components/responses/InternalServerError'
/platform/v1/notification-channels:
get:
summary: List Notification Channels
description: |
Retrieve a paginated list of notification channels.\
\
**Required permissions:** _notification-channels.read_
operationId: getNotificationChannels
tags:
- Notification Channels
parameters:
- $ref: '#/components/parameters/Offset'
- $ref: '#/components/parameters/Limit'
responses:
'200':
description: A page of notification channels.
headers:
X-RateLimit-Limit:
description: Maximum number of allowed requests per minute.
schema:
type: integer
format: int32
minimum: 1
maximum: 4096
content:
application/json:
schema:
$ref: '#/components/schemas/GetNotificationChannelsPaginatedResponseV1'
'400':
$ref: '#/components/responses/BadRequest'
'401':
$ref: '#/components/responses/Unauthorized'
'429':
$ref: '#/components/responses/TooManyRequests'
'500':
$ref: '#/components/responses/InternalServerError'
post:
summary: Create Notification Channel
description: |
Create a notification channel.\
\
**Required permissions:** _notification-channels.edit_
operationId: createNotificationChannel
tags:
- Notification Channels
requestBody:
description: The payload required to create a notification channel
required: true
content:
application/json:
schema:
$ref: '#/components/schemas/CreateNotificationChannelRequestV1'
responses:
'201':
description: Notification Channel created.
headers:
X-RateLimit-Limit:
description: Maximum number of allowed requests per minute.
schema:
type: integer
format: int32
minimum: 1
maximum: 4096
content:
application/json:
schema:
$ref: '#/components/schemas/NotificationChannelResponseV1'
'400':
$ref: '#/components/responses/BadRequest'
'401':
$ref: '#/components/responses/Unauthorized'
'403':
$ref: '#/components/responses/Forbidden'
'415':
$ref: '#/components/responses/UnsupportedMediaType'
'422':
$ref: '#/components/responses/UnprocessableEntity'
'429':
$ref: '#/components/responses/TooManyRequests'
'500':
$ref: '#/components/responses/InternalServerError'
/platform/v1/notification-channels/{notificationChannelId}:
summary: The following are the operations applicable to a specific notification channel.
get:
summary: Get Notification Channel
description: |
Returns a specific notification channel by its ID.\
\
**Required permissions:** _notification-channels.read_
operationId: getNotificationChannelById
tags:
- Notification Channels
parameters:
- $ref: '#/components/parameters/NotificationChannelIdPath'
responses:
'200':
description: Notification Channel found.
headers:
X-RateLimit-Limit:
description: Maximum number of allowed requests per minute.
schema:
type: integer
format: int32
minimum: 1
maximum: 4096
content:
application/json:
schema:
$ref: '#/components/schemas/NotificationChannelResponseV1'
'400':
$ref: '#/components/responses/BadRequest'
'401':
$ref: '#/components/responses/Unauthorized'
'403':
$ref: '#/components/responses/Forbidden'
'404':
$ref: '#/components/responses/NotFound'
'429':
$ref: '#/components/responses/TooManyRequests'
'500':
$ref: '#/components/responses/InternalServerError'
put:
summary: Update Notification Channel
description: |
Update a notification channel by its ID.\
\
**Required permissions:** _notification-channels.edit_
operationId: updateNotificationChannelById
tags:
- Notification Channels
parameters:
- $ref: '#/components/parameters/NotificationChannelIdPath'
requestBody:
description: The payload required to update the notification channel
required: true
content:
application/json:
schema:
$ref: '#/components/schemas/UpdateNotificationChannelRequestV1'
responses:
'200':
description: Notification channel updated.
headers:
X-RateLimit-Limit:
description: Maximum number of allowed requests per minute.
schema:
type: integer
format: int32
minimum: 1
maximum: 4096
content:
application/json:
schema:
$ref: '#/components/schemas/NotificationChannelResponseV1'
'400':
$ref: '#/components/responses/BadRequest'
'401':
$ref: '#/components/responses/Unauthorized'
'404':
$ref: '#/components/responses/NotFound'
'409':
$ref: '#/components/responses/Conflict'
'415':
$ref: '#/components/responses/UnsupportedMediaType'
'422':
$ref: '#/components/responses/UnprocessableEntity'
'429':
$ref: '#/components/responses/TooManyRequests'
'500':
$ref: '#/components/responses/InternalServerError'
delete:
summary: Delete Notification Channel
description: |
Delete a notification channel by its ID.\
\
**Required permissions:** _notification-channels.edit_
operationId: deleteNotificationChannelById
tags:
- Notification Channels
parameters:
- $ref: '#/components/parameters/NotificationChannelIdPath'
responses:
'204':
description: Notification Channel deleted.
headers:
X-RateLimit-Limit:
description: Maximum number of allowed requests per minute.
schema:
type: integer
format: int32
minimum: 1
maximum: 4096
'400':
$ref: '#/components/responses/BadRequest'
'401':
$ref: '#/components/responses/Unauthorized'
'404':
$ref: '#/components/responses/NotFound'
'429':
$ref: '#/components/responses/TooManyRequests'
'500':
$ref: '#/components/responses/InternalServerError'
/platform/v1/teams:
get:
summary: List Teams
description: |
Retrieve a paginated list of teams.\
\
**Required permissions:** _customer-teams.read_
operationId: getTeamsV1
tags:
- Teams
parameters:
- $ref: '#/components/parameters/Offset'
- $ref: '#/components/parameters/Limit'
- $ref: '#/components/parameters/OrderBy'
- $ref: '#/components/parameters/Filter'
responses:
'200':
description: The teams page.
headers:
X-RateLimit-Limit:
description: Maximum number of allowed requests per minute.
schema:
type: integer
format: int32
minimum: 1
maximum: 4096
content:
application/json:
schema:
$ref: '#/components/schemas/GetTeamsPaginatedResponseV1'
'400':
$ref: '#/components/responses/BadRequest'
'401':
$ref: '#/components/responses/Unauthorized'
'429':
$ref: '#/components/responses/TooManyRequests'
'500':
$ref: '#/components/responses/InternalServerError'
post:
summary: Create Team
description: |
Create a new team.\
\
**Required permissions:** _teams.create_
operationId: createTeamV1
tags:
- Teams
requestBody:
description: The payload required to create a new team.
content:
application/json:
schema:
$ref: '#/components/schemas/CreateTeamRequestV1'
responses:
'201':
description: Team created.
headers:
X-RateLimit-Limit:
description: Maximum number of allowed requests per minute.
schema:
type: integer
format: int32
minimum: 1
maximum: 4096
content:
application/json:
schema:
$ref: '#/components/schemas/TeamResponseV1'
'400':
$ref: '#/components/responses/BadRequest'
'401':
$ref: '#/components/responses/Unauthorized'
'409':
$ref: '#/components/responses/Conflict'
'415':
$ref: '#/components/responses/UnsupportedMediaType'
'422':
$ref: '#/components/responses/UnprocessableEntity'
'429':
$ref: '#/components/responses/TooManyRequests'
'500':
$ref: '#/components/responses/InternalServerError'
/platform/v1/teams/{teamId}:
get:
summary: Get Team
description: |
Return a team by ID.\
\
**Required permissions:** _customer-teams.read_
operationId: getTeamByIdV1
tags:
- Teams
parameters:
- $ref: '#/components/parameters/TeamIdPath'
responses:
'200':
description: Team found.
headers:
X-RateLimit-Limit:
description: Maximum number of allowed requests per minute.
schema:
type: integer
format: int32
minimum: 1
maximum: 4096
content:
application/json:
schema:
$ref: '#/components/schemas/TeamResponseV1'
'400':
$ref: '#/components/responses/BadRequest'
'401':
$ref: '#/components/responses/Unauthorized'
'404':
$ref: '#/components/responses/NotFound'
'429':
$ref: '#/components/responses/TooManyRequests'
'500':
$ref: '#/components/responses/InternalServerError'
put:
summary: Update Team
description: |
Update a team by its ID.\
\
**Required permissions:** _teams.edit_
operationId: updateTeamByIdV1
tags:
- Teams
parameters:
- $ref: '#/components/parameters/TeamIdPath'
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/UpdateTeamRequestV1'
responses:
'200':
description: Team updated.
headers:
X-RateLimit-Limit:
description: Maximum number of allowed requests per minute.
schema:
type: integer
format: int32
minimum: 1
maximum: 4096
content:
application/json:
schema:
$ref: '#/components/schemas/TeamResponseV1'
'400':
$ref: '#/components/responses/BadRequest'
'401':
$ref: '#/components/responses/Unauthorized'
'403':
$ref: '#/components/responses/Forbidden'
'404':
$ref: '#/components/responses/NotFound'
'409':
$ref: '#/components/responses/Conflict'
'415':
$ref: '#/components/responses/UnsupportedMediaType'
'422':
$ref: '#/components/responses/UnprocessableEntity'
'429':
$ref: '#/components/responses/TooManyRequests'
'500':
$ref: '#/components/responses/InternalServerError'
delete:
summary: Delete Team
description: |
Delete a team by its ID.\
\
**Required permissions:** _teams.edit_
operationId: deleteTeamByIdV1
tags:
- Teams
parameters:
- $ref: '#/components/parameters/TeamIdPath'
responses:
'204':
description: Team deleted.
headers:
X-RateLimit-Limit:
description: Maximum number of allowed requests per minute.
schema:
type: integer
format: int32
minimum: 1
maximum: 4096
'400':
$ref: '#/components/responses/BadRequest'
'401':
$ref: '#/components/responses/Unauthorized'
'403':
$ref: '#/components/responses/Forbidden'
'404':
$ref: '#/components/responses/NotFound'
'422':
$ref: '#/components/responses/UnprocessableEntity'
'429':
$ref: '#/components/responses/TooManyRequests'
'500':
$ref: '#/components/responses/InternalServerError'
/platform/v1/teams/{teamId}/users:
get:
summary: List Memberships
description: |
Retrieve a paginated list of memberships in a given team ID.\
\
**Required permissions:** _memberships.read_
operationId: getTeamUsersV1
tags:
- Teams
parameters:
- $ref: '#/components/parameters/TeamIdPath'
- $ref: '#/components/parameters/Offset'
- $ref: '#/components/parameters/Limit'
- name: withAdminUsers
in: query
description: Include admin users in the response.
required: false
schema:
default: false
type: boolean
responses:
'200':
description: The memberships page.
headers:
X-RateLimit-Limit:
description: Maximum number of allowed requests per minute.
schema:
type: integer
format: int32
minimum: 1
maximum: 4096
content:
application/json:
schema:
$ref: '#/components/schemas/GetTeamUsersPaginatedResponseV1'
'400':
$ref: '#/components/responses/BadRequest'
'401':
$ref: '#/components/responses/Unauthorized'
'404':
$ref: '#/components/responses/NotFound'
'429':
$ref: '#/components/responses/TooManyRequests'
'500':
$ref: '#/components/responses/InternalServerError'
/platform/v1/teams/{teamId}/users/{userId}:
get:
summary: Get Membership
description: |
Return a membership by its ID.\
\
**Required permissions:** _memberships.read_
operationId: getTeamUserByIdV1
tags:
- Teams
parameters:
- $ref: '#/components/parameters/TeamIdPath'
- $ref: '#/components/parameters/UserIdPath'
responses:
'200':
description: Membership found.
headers:
X-RateLimit-Limit:
description: Maximum number of allowed requests per minute.
schema:
type: integer
format: int32
minimum: 1
maximum: 4096
content:
application/json:
schema:
$ref: '#/components/schemas/TeamUserResponseV1'
'400':
$ref: '#/components/responses/BadRequest'
'401':
$ref: '#/components/responses/Unauthorized'
'404':
$ref: '#/components/responses/NotFound'
'429':
$ref: '#/components/responses/TooManyRequests'
'500':
$ref: '#/components/responses/InternalServerError'
put:
summary: Save Membership
description: |
Add or update a membership.
| Permission | Description |
| -----------------------| --------------------------------------------------------------------------------------------------------|
| memberships.edit | Required to create a new membership. |
| memberships-roles.edit | Required to change roles of an existing membership or to create a new membership with a specific role. |
operationId: saveTeamUserV1
tags:
- Teams
parameters:
- $ref: '#/components/parameters/TeamIdPath'
- $ref: '#/components/parameters/UserIdPath'
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/SaveTeamUserRequestV1'
responses:
'200':
description: Membership updated.
headers:
X-RateLimit-Limit:
description: Maximum number of allowed requests per minute.
schema:
type: integer
format: int32
minimum: 1
maximum: 4096
content:
application/json:
schema:
$ref: '#/components/schemas/TeamUserResponseV1'
'201':
description: Membership created.
headers:
X-RateLimit-Limit:
description: Maximum number of allowed requests per minute.
schema:
type: integer
format: int32
minimum: 1
maximum: 4096
content:
application/json:
schema:
$ref: '#/components/schemas/TeamUserResponseV1'
'400':
$ref: '#/components/responses/BadRequest'
'401':
$ref: '#/components/responses/Unauthorized'
'403':
$ref: '#/components/responses/Forbidden'
'404':
$ref: '#/components/responses/NotFound'
'415':
$ref: '#/components/responses/UnsupportedMediaType'
'429':
$ref: '#/components/responses/TooManyRequests'
'500':
$ref: '#/components/responses/InternalServerError'
delete:
summary: Delete Membership
description: |
Delete a membership defined by its ID.\
\
**Required permissions:** _memberships.edit_
operationId: deleteTeamUserByIdV1
tags:
- Teams
parameters:
- $ref: '#/components/parameters/TeamIdPath'
- $ref: '#/components/parameters/UserIdPath'
responses:
'204':
description: Membership deleted.
headers:
X-RateLimit-Limit:
description: Maximum number of allowed requests per minute.
schema:
type: integer
format: int32
minimum: 1
maximum: 4096
'400':
$ref: '#/components/responses/BadRequest'
'401':
$ref: '#/components/responses/Unauthorized'
'403':
$ref: '#/components/responses/Forbidden'
'404':
$ref: '#/components/responses/NotFound'
'429':
$ref: '#/components/responses/TooManyRequests'
'500':
$ref: '#/components/responses/InternalServerError'
/platform/v1/users:
get:
summary: List Users
description: |
Retrieve a paginated list of users.\
\
**Required permissions:** _users.read_
operationId: getUsersV1
tags:
- Users
parameters:
- $ref: '#/components/parameters/Offset'
- $ref: '#/components/parameters/Limit'
- $ref: '#/components/parameters/OrderBy'
- $ref: '#/components/parameters/Filter'
responses:
'200':
description: The users page.
headers:
X-RateLimit-Limit:
description: Maximum number of allowed requests per minute.
schema:
type: integer
format: int32
minimum: 1
maximum: 4096
content:
application/json:
schema:
$ref: '#/components/schemas/GetUsersPaginatedResponseV1'
'400':
$ref: '#/components/responses/BadRequest'
'401':
$ref: '#/components/responses/Unauthorized'
'429':
$ref: '#/components/responses/TooManyRequests'
'500':
$ref: '#/components/responses/InternalServerError'
post:
summary: Create User
description: |
Create a new user.\
\
**Required permissions:** _users.create_
operationId: createUserV1
tags:
- Users
parameters:
- name: activationFlow
in: query
description: |
The activation flow is used to send an invitation email to the user that is being created.\
\
**NOTE: it is required to set at least one product in the payload in order to send the appropriate email.**
required: false
schema:
type: boolean
default: false
example: true
requestBody:
description: The payload required to create a new user.
content:
application/json:
schema:
$ref: '#/components/schemas/CreateUserRequestV1'
required: true
responses:
'201':
description: User created.
headers:
X-RateLimit-Limit:
description: Maximum number of allowed requests per minute.
schema:
type: integer
format: int32
minimum: 1
maximum: 4096
content:
application/json:
schema:
$ref: '#/components/schemas/UserResponseV1'
'400':
$ref: '#/components/responses/BadRequest'
'401':
$ref: '#/components/responses/Unauthorized'
'409':
$ref: '#/components/responses/Conflict'
'422':
$ref: '#/components/responses/UnprocessableEntity'
'429':
$ref: '#/components/responses/TooManyRequests'
'500':
$ref: '#/components/responses/InternalServerError'
/platform/v1/users/{userId}:
get:
summary: Get User
description: |
Display a user by ID.\
\
**Required permissions:** _users.read_
operationId: getUserByIdV1
tags:
- Users
parameters:
- $ref: '#/components/parameters/UserIdPath'
responses:
'200':
description: User found.
headers:
X-RateLimit-Limit:
description: Maximum number of allowed requests per minute.
schema:
type: integer
format: int32
minimum: 1
maximum: 4096
content:
application/json:
schema:
$ref: '#/components/schemas/UserResponseV1'
'400':
$ref: '#/components/responses/BadRequest'
'401':
$ref: '#/components/responses/Unauthorized'
'404':
$ref: '#/components/responses/NotFound'
'429':
$ref: '#/components/responses/TooManyRequests'
'500':
$ref: '#/components/responses/InternalServerError'
put:
summary: Update User
description: |
Update a user by its ID. \
\
**Required permissions:** _users.edit_
operationId: updateUserV1
tags:
- Users
parameters:
- $ref: '#/components/parameters/UserIdPath'
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/UpdateUserRequestV1'
required: true
responses:
'200':
description: User updated.
headers:
X-RateLimit-Limit:
description: Maximum number of allowed requests per minute.
schema:
type: integer
format: int32
minimum: 1
maximum: 4096
content:
application/json:
schema:
$ref: '#/components/schemas/UserResponseV1'
'400':
$ref: '#/components/responses/BadRequest'
'401':
$ref: '#/components/responses/Unauthorized'
'403':
$ref: '#/components/responses/Forbidden'
'404':
$ref: '#/components/responses/NotFound'
'409':
$ref: '#/components/responses/Conflict'
'429':
$ref: '#/components/responses/TooManyRequests'
'500':
$ref: '#/components/responses/InternalServerError'
delete:
summary: Delete User
description: |
Delete a user by its ID.\
\
**Required permissions:** _users.edit_
operationId: deleteUserByIdV1
tags:
- Users
parameters:
- $ref: '#/components/parameters/UserIdPath'
responses:
'204':
description: User deleted.
headers:
X-RateLimit-Limit:
description: Maximum number of allowed requests per minute.
schema:
type: integer
format: int32
minimum: 1
maximum: 4096
'400':
$ref: '#/components/responses/BadRequest'
'401':
$ref: '#/components/responses/Unauthorized'
'403':
$ref: '#/components/responses/Forbidden'
'404':
$ref: '#/components/responses/NotFound'
'429':
$ref: '#/components/responses/TooManyRequests'
'500':
$ref: '#/components/responses/InternalServerError'
/platform/v1/configuration/user-deactivation:
get:
summary: Get User Deactivation Configuration
description: |
Retrieve the user deactivation configuration.\
\
**Required permissions:** _customer-user-deactivation-configuration.read_
operationId: getUserDeactivationConfigurationV1
tags:
- User Deactivation
responses:
'200':
description: Display the User Deactivation Configuration.
headers:
X-RateLimit-Limit:
description: Maximum number of allowed requests per minute.
schema:
type: integer
format: int32
minimum: 1
maximum: 4096
content:
application/json:
schema:
$ref: '#/components/schemas/UserDeactivationConfigurationResponseV1'
'400':
$ref: '#/components/responses/BadRequest'
'401':
$ref: '#/components/responses/Unauthorized'
'404':
$ref: '#/components/responses/NotFound'
'429':
$ref: '#/components/responses/TooManyRequests'
'500':
$ref: '#/components/responses/InternalServerError'
put:
summary: Update or Create User Deactivation Configuration
description: |
Update or Create User deactivation configuration.\
\
**Required permissions:** _customer-user-deactivation-configuration.edit_
operationId: updateUserDeactivationConfigurationByIdV1
tags:
- User Deactivation
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/UpdateUserDeactivationConfigurationRequestV1'
responses:
'200':
description: User Configuration updated.
headers:
X-RateLimit-Limit:
description: Maximum number of allowed requests per minute.
schema:
type: integer
format: int32
minimum: 1
maximum: 4096
content:
application/json:
schema:
$ref: '#/components/schemas/UserDeactivationConfigurationResponseV1'
'400':
$ref: '#/components/responses/BadRequest'
'401':
$ref: '#/components/responses/Unauthorized'
'404':
$ref: '#/components/responses/NotFound'
'415':
$ref: '#/components/responses/UnsupportedMediaType'
'429':
$ref: '#/components/responses/TooManyRequests'
'500':
$ref: '#/components/responses/InternalServerError'
/platform/v1/configuration/capture-storage:
get:
summary: Get Capture Storage Configuration
description: |
Retrieve the capture storage configuration.\
\
**Required permissions:** _sysdig-storage.read_
operationId: getCaptureStorageConfigurationV1
tags:
- Capture Storage
responses:
'200':
description: Display the Capture Storage Configuration.
headers:
X-RateLimit-Limit:
description: Maximum number of allowed requests per minute.
schema:
type: integer
format: int32
minimum: 1
maximum: 4096
content:
application/json:
schema:
$ref: '#/components/schemas/CaptureStorageConfigurationResponseV1'
'400':
$ref: '#/components/responses/BadRequest'
'401':
$ref: '#/components/responses/Unauthorized'
'429':
$ref: '#/components/responses/TooManyRequests'
'500':
$ref: '#/components/responses/InternalServerError'
put:
summary: Update or Create Capture Storage Configuration
description: |
Update or Create Capture Storage configuration.\
\
**Required permissions:** _sysdig-storage.edit_
operationId: updateCaptureStorageConfigurationV1
tags:
- Capture Storage
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/SaveCaptureStorageConfigurationRequestV1'
responses:
'200':
description: Capture Storage updated.
headers:
X-RateLimit-Limit:
description: Maximum number of allowed requests per minute.
schema:
type: integer
format: int32
minimum: 1
maximum: 4096
content:
application/json:
schema:
$ref: '#/components/schemas/CaptureStorageConfigurationResponseV1'
'400':
$ref: '#/components/responses/BadRequest'
'401':
$ref: '#/components/responses/Unauthorized'
'404':
$ref: '#/components/responses/NotFound'
'415':
$ref: '#/components/responses/UnsupportedMediaType'
'422':
$ref: '#/components/responses/UnprocessableEntity'
'429':
$ref: '#/components/responses/TooManyRequests'
'500':
$ref: '#/components/responses/InternalServerError'
/platform/v1/access-keys:
get:
summary: List Access Keys
description: |
Retrieve a paginated list of access keys.\
\
**Required permissions:** _customer-access-keys.read_
operationId: getAccessKeysV1
tags:
- Access Keys
parameters:
- $ref: '#/components/parameters/Offset'
- $ref: '#/components/parameters/Limit'
- $ref: '#/components/parameters/OrderBy'
- $ref: '#/components/parameters/MultiFilter'
responses:
'200':
description: The access keys page.
headers:
X-RateLimit-Limit:
description: Maximum number of allowed requests per minute.
schema:
type: integer
format: int32
minimum: 1
maximum: 4096
content:
application/json:
schema:
$ref: '#/components/schemas/GetAccessKeysPaginatedResponseV1'
'400':
$ref: '#/components/responses/BadRequest'
'401':
$ref: '#/components/responses/Unauthorized'
'429':
$ref: '#/components/responses/TooManyRequests'
'500':
$ref: '#/components/responses/InternalServerError'
post:
summary: Create Access Key
description: |
Create a new access key.\
\
**Required permissions:** _customer-access-keys.edit_
operationId: createAccessKeyV1
tags:
- Access Keys
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/CreateAccessKeyRequestV1'
responses:
'201':
description: Access key created.
headers:
X-RateLimit-Limit:
description: Maximum number of allowed requests per minute.
schema:
type: integer
format: int32
minimum: 1
maximum: 4096
content:
application/json:
schema:
$ref: '#/components/schemas/AccessKeyResponseV1'
'400':
$ref: '#/components/responses/BadRequest'
'401':
$ref: '#/components/responses/Unauthorized'
'403':
$ref: '#/components/responses/Forbidden'
'409':
$ref: '#/components/responses/Conflict'
'415':
$ref: '#/components/responses/UnsupportedMediaType'
'422':
$ref: '#/components/responses/UnprocessableEntity'
'429':
$ref: '#/components/responses/TooManyRequests'
'500':
$ref: '#/components/responses/InternalServerError'
/platform/v1/access-keys/{accessKeyId}:
get:
summary: Get Access Key
description: |
Return an access key by id.\
\
**Required permissions:** _customer-access-keys.read_
operationId: getAccessKeyByIdV1
tags:
- Access Keys
parameters:
- $ref: '#/components/parameters/AccessKeyIdPath'
responses:
'200':
description: Access key found.
headers:
X-RateLimit-Limit:
description: Maximum number of allowed requests per minute.
schema:
type: integer
format: int32
minimum: 1
maximum: 4096
content:
application/json:
schema:
$ref: '#/components/schemas/AccessKeyResponseV1'
'400':
$ref: '#/components/responses/BadRequest'
'401':
$ref: '#/components/responses/Unauthorized'
'404':
$ref: '#/components/responses/NotFound'
'429':
$ref: '#/components/responses/TooManyRequests'
'500':
$ref: '#/components/responses/InternalServerError'
put:
summary: Update Access Key
description: |
Update an access key by id.\
\
**Required permissions:** _customer-access-keys.edit_
operationId: updateAccessKeyByIdV1
tags:
- Access Keys
parameters:
- $ref: '#/components/parameters/AccessKeyIdPath'
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/UpdateAccessKeyRequestV1'
responses:
'200':
description: Access key updated.
headers:
X-RateLimit-Limit:
description: Maximum number of allowed requests per minute.
schema:
type: integer
format: int32
minimum: 1
maximum: 4096
content:
application/json:
schema:
$ref: '#/components/schemas/AccessKeyResponseV1'
'400':
$ref: '#/components/responses/BadRequest'
'401':
$ref: '#/components/responses/Unauthorized'
'403':
$ref: '#/components/responses/Forbidden'
'404':
$ref: '#/components/responses/NotFound'
'409':
$ref: '#/components/responses/Conflict'
'415':
$ref: '#/components/responses/UnsupportedMediaType'
'422':
$ref: '#/components/responses/UnprocessableEntity'
'429':
$ref: '#/components/responses/TooManyRequests'
'500':
$ref: '#/components/responses/InternalServerError'
delete:
summary: Delete Access Key
description: |
Delete an access key by id.\
\
**Required permissions:** customer-access-keys.edit_
operationId: deleteAccessKeyByIdV1
tags:
- Access Keys
parameters:
- $ref: '#/components/parameters/AccessKeyIdPath'
responses:
'204':
description: Access key deleted.
headers:
X-RateLimit-Limit:
description: Maximum number of allowed requests per minute.
schema:
type: integer
format: int32
minimum: 1
maximum: 4096
'400':
$ref: '#/components/responses/BadRequest'
'401':
$ref: '#/components/responses/Unauthorized'
'403':
$ref: '#/components/responses/Forbidden'
'404':
$ref: '#/components/responses/NotFound'
'422':
$ref: '#/components/responses/UnprocessableEntity'
'429':
$ref: '#/components/responses/TooManyRequests'
'500':
$ref: '#/components/responses/InternalServerError'
/platform/v1/group-mappings:
get:
summary: List Group Mappings
description: |
Retrieve a paginated list of group mappings.\
\
**Required permissions:** _group-mappings.read_
operationId: getGroupMappingsV1
tags:
- Group Mappings
parameters:
- $ref: '#/components/parameters/Offset'
- $ref: '#/components/parameters/Limit'
- $ref: '#/components/parameters/OrderBy'
- $ref: '#/components/parameters/Filter'
responses:
'200':
description: Group mappings paginated response.
headers:
X-RateLimit-Limit:
description: Maximum number of allowed requests per minute.
schema:
type: integer
format: int32
minimum: 1
maximum: 4096
content:
application/json:
schema:
$ref: '#/components/schemas/GroupMappingsPaginatedResponseV1'
'400':
$ref: '#/components/responses/BadRequest'
'401':
$ref: '#/components/responses/Unauthorized'
'429':
$ref: '#/components/responses/TooManyRequests'
'500':
$ref: '#/components/responses/InternalServerError'
post:
summary: Create Group Mapping
description: |
Create a new group mapping.\
\
**Required permissions:** _group-mappings.edit_
operationId: createGroupMappingV1
tags:
- Group Mappings
requestBody:
description: The payload required to create group mapping.
content:
application/json:
schema:
$ref: '#/components/schemas/CreateGroupMappingRequestV1'
responses:
'201':
description: Group Mapping created.
headers:
X-RateLimit-Limit:
description: Maximum number of allowed requests per minute.
schema:
type: integer
format: int32
minimum: 1
maximum: 4096
content:
application/json:
schema:
$ref: '#/components/schemas/GroupMappingResponseV1'
'400':
$ref: '#/components/responses/BadRequest'
'401':
$ref: '#/components/responses/Unauthorized'
'409':
$ref: '#/components/responses/Conflict'
'415':
$ref: '#/components/responses/UnsupportedMediaType'
'422':
$ref: '#/components/responses/UnprocessableEntity'
'429':
$ref: '#/components/responses/TooManyRequests'
'500':
$ref: '#/components/responses/InternalServerError'
/platform/v1/group-mappings/{groupMappingId}:
get:
summary: Get Group Mapping
description: |
Return a group mapping by its ID.\
\
**Required permissions:** _group-mappings.read_
operationId: getGroupMappingByIdV1
tags:
- Group Mappings
parameters:
- $ref: '#/components/parameters/GroupMappingIdPath'
responses:
'200':
description: Group Mapping found.
headers:
X-RateLimit-Limit:
description: Maximum number of allowed requests per minute.
schema:
type: integer
format: int32
minimum: 1
maximum: 4096
content:
application/json:
schema:
$ref: '#/components/schemas/GroupMappingResponseV1'
'400':
$ref: '#/components/responses/BadRequest'
'401':
$ref: '#/components/responses/Unauthorized'
'404':
$ref: '#/components/responses/NotFound'
'429':
$ref: '#/components/responses/TooManyRequests'
'500':
$ref: '#/components/responses/InternalServerError'
put:
summary: Update Group Mapping
description: |
Update a group mapping by its ID.\
\
**Required permissions:** _group-mappings.edit_
operationId: updateGroupMappingByIdV1
tags:
- Group Mappings
parameters:
- $ref: '#/components/parameters/GroupMappingIdPath'
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/UpdateGroupMappingRequestV1'
responses:
'200':
description: Group Mapping updated.
headers:
X-RateLimit-Limit:
description: Maximum number of allowed requests per minute.
schema:
type: integer
format: int32
minimum: 1
maximum: 4096
content:
application/json:
schema:
$ref: '#/components/schemas/GroupMappingResponseV1'
'400':
$ref: '#/components/responses/BadRequest'
'401':
$ref: '#/components/responses/Unauthorized'
'403':
$ref: '#/components/responses/Forbidden'
'404':
$ref: '#/components/responses/NotFound'
'415':
$ref: '#/components/responses/UnsupportedMediaType'
'422':
$ref: '#/components/responses/UnprocessableEntity'
'429':
$ref: '#/components/responses/TooManyRequests'
'500':
$ref: '#/components/responses/InternalServerError'
delete:
summary: Delete Group Mapping
description: |
Delete a group mapping by its ID.\
\
**Required permissions:** _group-mappings.edit_
operationId: deleteGroupMappingByIdV1
tags:
- Group Mappings
parameters:
- $ref: '#/components/parameters/GroupMappingIdPath'
responses:
'204':
description: Group mapping deleted.
headers:
X-RateLimit-Limit:
description: Maximum number of allowed requests per minute.
schema:
type: integer
format: int32
minimum: 1
maximum: 4096
'400':
$ref: '#/components/responses/BadRequest'
'401':
$ref: '#/components/responses/Unauthorized'
'403':
$ref: '#/components/responses/Forbidden'
'404':
$ref: '#/components/responses/NotFound'
'429':
$ref: '#/components/responses/TooManyRequests'
'500':
$ref: '#/components/responses/InternalServerError'
/platform/v1/group-mappings-settings:
get:
summary: Get Group Mappings Settings
description: |
Retrieves your group mapping settings.\
\
**Required permissions:** _group-mappings.read_
operationId: getGroupMappingSettingsV1
tags:
- Group Mappings
responses:
'200':
description: Group mappings page.
headers:
X-RateLimit-Limit:
description: Maximum number of allowed requests per minute.
schema:
type: integer
format: int32
minimum: 1
maximum: 4096
content:
application/json:
schema:
$ref: '#/components/schemas/GroupMappingSettingsV1'
'401':
$ref: '#/components/responses/Unauthorized'
'429':
$ref: '#/components/responses/TooManyRequests'
'500':
$ref: '#/components/responses/InternalServerError'
put:
summary: Save Group Mapping settings
description: |
Saves your group mapping settings.\
\
**Required permissions:** _group-mappings.edit_
operationId: saveGroupMappingSettingsV1
tags:
- Group Mappings
requestBody:
description: The payload required to save group mapping settings.
content:
application/json:
schema:
$ref: '#/components/schemas/GroupMappingSettingsV1'
responses:
'200':
description: Group Mapping settings saved.
headers:
X-RateLimit-Limit:
description: Maximum number of allowed requests per minute.
schema:
type: integer
format: int32
minimum: 1
maximum: 4096
content:
application/json:
schema:
$ref: '#/components/schemas/GroupMappingSettingsV1'
'400':
$ref: '#/components/responses/BadRequest'
'401':
$ref: '#/components/responses/Unauthorized'
'404':
$ref: '#/components/responses/NotFound'
'415':
$ref: '#/components/responses/UnsupportedMediaType'
'422':
$ref: '#/components/responses/UnprocessableEntity'
'429':
$ref: '#/components/responses/TooManyRequests'
'500':
$ref: '#/components/responses/InternalServerError'
/platform/v1/sso-settings:
get:
summary: List SSO Settings
description: |
Retrieve a paginated list of SSO settings.\
\
**Required permissions:** _sso-settings.read_
operationId: getSsoSettingsV1
tags:
- SSO Settings
parameters:
- $ref: '#/components/parameters/Filter'
responses:
'200':
description: List all SSO settings response.
headers:
X-RateLimit-Limit:
description: Maximum number of allowed requests per minute.
schema:
type: integer
format: int32
minimum: 1
maximum: 4096
content:
application/json:
schema:
$ref: '#/components/schemas/AllSsoSettingsResponseV1'
'400':
$ref: '#/components/responses/BadRequest'
'401':
$ref: '#/components/responses/Unauthorized'
'429':
$ref: '#/components/responses/TooManyRequests'
'500':
$ref: '#/components/responses/InternalServerError'
post:
summary: Create SSO Settings
description: |
Create a new SSO settings.\
\
**Required permissions:** _sso-setting.edit_
operationId: createSsoSettingsV1
tags:
- SSO Settings
requestBody:
description: The payload required to create SSO settings.
content:
application/json:
schema:
$ref: '#/components/schemas/CreateSsoSettingsRequestV1'
responses:
'201':
description: SSO settings created.
headers:
X-RateLimit-Limit:
description: Maximum number of allowed requests per minute.
schema:
type: integer
format: int32
minimum: 1
maximum: 4096
content:
application/json:
schema:
$ref: '#/components/schemas/SsoSettingsResponseV1'
'400':
$ref: '#/components/responses/BadRequest'
'401':
$ref: '#/components/responses/Unauthorized'
'415':
$ref: '#/components/responses/UnsupportedMediaType'
'422':
$ref: '#/components/responses/UnprocessableEntity'
'429':
$ref: '#/components/responses/TooManyRequests'
'500':
$ref: '#/components/responses/InternalServerError'
/platform/v1/sso-settings/{ssoSettingsId}:
get:
summary: Get SSO Settings
description: |
Return SSO settings by ID.\
\
**Required permissions:** _sso-settings.read_
operationId: getSsoSettingsByIdV1
tags:
- SSO Settings
parameters:
- $ref: '#/components/parameters/SsoSettingsIdPath'
responses:
'200':
description: SSO settings found.
headers:
X-RateLimit-Limit:
description: Maximum number of allowed requests per minute.
schema:
type: integer
format: int32
minimum: 1
maximum: 4096
content:
application/json:
schema:
$ref: '#/components/schemas/SsoSettingsResponseV1'
'400':
$ref: '#/components/responses/BadRequest'
'401':
$ref: '#/components/responses/Unauthorized'
'404':
$ref: '#/components/responses/NotFound'
'429':
$ref: '#/components/responses/TooManyRequests'
'500':
$ref: '#/components/responses/InternalServerError'
put:
summary: Update SSO Settings
description: |
Update SSO settings by its ID.\
\
**Required permissions:** _sso-settings.edit_
operationId: updateSsoSettingsByIdV1
tags:
- SSO Settings
parameters:
- $ref: '#/components/parameters/SsoSettingsIdPath'
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/UpdateSsoSettingsRequestV1'
responses:
'200':
description: SSO setting updated.
headers:
X-RateLimit-Limit:
description: Maximum number of allowed requests per minute.
schema:
type: integer
format: int32
minimum: 1
maximum: 4096
content:
application/json:
schema:
$ref: '#/components/schemas/SsoSettingsResponseV1'
'400':
$ref: '#/components/responses/BadRequest'
'401':
$ref: '#/components/responses/Unauthorized'
'403':
$ref: '#/components/responses/Forbidden'
'404':
$ref: '#/components/responses/NotFound'
'415':
$ref: '#/components/responses/UnsupportedMediaType'
'429':
$ref: '#/components/responses/TooManyRequests'
'500':
$ref: '#/components/responses/InternalServerError'
delete:
summary: Delete SSO Settings
description: |
Delete SSO settings by its ID.\
\
**Required permissions:** _sso-settings.edit_
operationId: deleteSsoSettingsByIdV1
tags:
- SSO Settings
parameters:
- $ref: '#/components/parameters/SsoSettingsIdPath'
responses:
'204':
description: SSO settings deleted.
headers:
X-RateLimit-Limit:
description: Maximum number of allowed requests per minute.
schema:
type: integer
format: int32
minimum: 1
maximum: 4096
'400':
$ref: '#/components/responses/BadRequest'
'401':
$ref: '#/components/responses/Unauthorized'
'403':
$ref: '#/components/responses/Forbidden'
'404':
$ref: '#/components/responses/NotFound'
'429':
$ref: '#/components/responses/TooManyRequests'
'500':
$ref: '#/components/responses/InternalServerError'
/platform/v1/global-sso-settings/{ssoProductId}:
get:
summary: Get Global SSO Settings
description: |
Get Global SSO Settings.\
\
**Required permissions:** _sso-settings.read_
operationId: getGlobaSsoSettingsV1
tags:
- SSO Settings
parameters:
- $ref: '#/components/parameters/SsoProductIdPath'
responses:
'200':
description: Global SSO Settings.
headers:
X-RateLimit-Limit:
description: Maximum number of allowed requests per minute.
schema:
type: integer
format: int32
minimum: 1
maximum: 4096
content:
application/json:
schema:
$ref: '#/components/schemas/GlobalSsoSettingsResponseV1'
'401':
$ref: '#/components/responses/Unauthorized'
'429':
$ref: '#/components/responses/TooManyRequests'
'500':
$ref: '#/components/responses/InternalServerError'
put:
summary: Update Global SSO Settings
description: |
Update Global SSO Settings.\
\
**Required permissions:** _sso-setting.edit_
operationId: updateGlobalSsoSettingsV1
tags:
- SSO Settings
parameters:
- $ref: '#/components/parameters/SsoProductIdPath'
requestBody:
description: The payload required to update the Global SSO Settigs.
content:
application/json:
schema:
$ref: '#/components/schemas/GlobalSsoSettingsRequestV1'
required: true
responses:
'200':
description: Global SSO Settings updated successfully.
headers:
X-RateLimit-Limit:
description: Maximum number of allowed requests per minute.
schema:
type: integer
format: int32
minimum: 1
maximum: 4096
content:
application/json:
schema:
$ref: '#/components/schemas/GlobalSsoSettingsResponseV1'
'400':
$ref: '#/components/responses/BadRequest'
'401':
$ref: '#/components/responses/Unauthorized'
'422':
$ref: '#/components/responses/UnprocessableEntity'
'429':
$ref: '#/components/responses/TooManyRequests'
'500':
$ref: '#/components/responses/InternalServerError'
/platform/v1/teams/{teamId}/service-accounts/notification-settings:
x-excluded-environments:
- IBM
post:
summary: Create Service Accounts Notification Settings
description: |
Create a new Notification Settings for Service Accounts which belong to a specific team.\
\
**Required permissions:** _service-accounts-notification-settings.edit_
operationId: createServiceAccountsNotificationSettingsV1
tags:
- Service Accounts Notification Settings
parameters:
- $ref: '#/components/parameters/TeamIdPath'
requestBody:
description: The payload required to create Service Accounts Notification Settings.
content:
application/json:
schema:
$ref: '#/components/schemas/CreateServiceAccountsNotificationSettingsRequestV1'
responses:
'201':
description: Service Accounts Notification Settings created.
headers:
X-RateLimit-Limit:
description: Maximum number of allowed requests per minute.
schema:
type: integer
format: int32
minimum: 1
maximum: 4096
content:
application/json:
schema:
$ref: '#/components/schemas/ServiceAccountsNotificationSettingsResponseV1'
'400':
$ref: '#/components/responses/BadRequest'
'401':
$ref: '#/components/responses/Unauthorized'
'404':
$ref: '#/components/responses/NotFound'
'415':
$ref: '#/components/responses/UnsupportedMediaType'
'422':
$ref: '#/components/responses/UnprocessableEntity'
'429':
$ref: '#/components/responses/TooManyRequests'
'500':
$ref: '#/components/responses/InternalServerError'
get:
summary: Get Service Accounts Notification Settings
description: |
Return Service Accounts Notification Settings for a given team.\
\
**Required permissions:** _service-accounts-notification-settings.read_
operationId: getServiceAccountsNotificationSettingsV1
tags:
- Service Accounts Notification Settings
parameters:
- $ref: '#/components/parameters/TeamIdPath'
responses:
'200':
description: Service Accounts Notification Settings found.
headers:
X-RateLimit-Limit:
description: Maximum number of allowed requests per minute.
schema:
type: integer
format: int32
minimum: 1
maximum: 4096
content:
application/json:
schema:
$ref: '#/components/schemas/ServiceAccountsNotificationSettingsResponseV1'
'400':
$ref: '#/components/responses/BadRequest'
'401':
$ref: '#/components/responses/Unauthorized'
'404':
$ref: '#/components/responses/NotFound'
'429':
$ref: '#/components/responses/TooManyRequests'
'500':
$ref: '#/components/responses/InternalServerError'
put:
summary: Update Service Accounts Notification Settings
description: |
Update Service Accounts Notification Settings for a given team.\
\
**Required permissions:** _service-accounts-notification-settings.edit_
operationId: updateServiceAccountsNotificationSettingsV1
tags:
- Service Accounts Notification Settings
parameters:
- $ref: '#/components/parameters/TeamIdPath'
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/UpdateServiceAccountsNotificationSettingsRequestV1'
responses:
'200':
description: Service Accounts Notification Settings updated.
headers:
X-RateLimit-Limit:
description: Maximum number of allowed requests per minute.
schema:
type: integer
format: int32
minimum: 1
maximum: 4096
content:
application/json:
schema:
$ref: '#/components/schemas/ServiceAccountsNotificationSettingsResponseV1'
'400':
$ref: '#/components/responses/BadRequest'
'401':
$ref: '#/components/responses/Unauthorized'
'403':
$ref: '#/components/responses/Forbidden'
'404':
$ref: '#/components/responses/NotFound'
'415':
$ref: '#/components/responses/UnsupportedMediaType'
'429':
$ref: '#/components/responses/TooManyRequests'
'500':
$ref: '#/components/responses/InternalServerError'
delete:
summary: Delete Service Accounts Notification Settings
description: |
Delete Service Accounts Notification Settings for a given team.\
\
**Required permissions:** _service-accounts-notification-settings.edit_
operationId: deleteServiceAccountsNotificationSettingsV1
tags:
- Service Accounts Notification Settings
parameters:
- $ref: '#/components/parameters/TeamIdPath'
responses:
'204':
description: Service Accounts Notification Settings deleted.
headers:
X-RateLimit-Limit:
description: Maximum number of allowed requests per minute.
schema:
type: integer
format: int32
minimum: 1
maximum: 4096
'400':
$ref: '#/components/responses/BadRequest'
'401':
$ref: '#/components/responses/Unauthorized'
'403':
$ref: '#/components/responses/Forbidden'
'404':
$ref: '#/components/responses/NotFound'
'429':
$ref: '#/components/responses/TooManyRequests'
'500':
$ref: '#/components/responses/InternalServerError'
/platform/v1/service-accounts/notification-settings:
x-excluded-environments:
- IBM
post:
summary: Create Global Service Accounts Notification Settings
description: |
Create a new Notification Settings for Global Service Accounts.\
\
**Required permissions:** _global-service-accounts-notification-settings.edit_
operationId: createGlobalServiceAccountsNotificationSettingsV1
tags:
- Service Accounts Notification Settings
requestBody:
description: The payload required to create Service Accounts Notification Settings.
content:
application/json:
schema:
$ref: '#/components/schemas/CreateServiceAccountsNotificationSettingsRequestV1'
responses:
'201':
description: Service Accounts Notification Settings created.
headers:
X-RateLimit-Limit:
description: Maximum number of allowed requests per minute.
schema:
type: integer
format: int32
minimum: 1
maximum: 4096
content:
application/json:
schema:
$ref: '#/components/schemas/ServiceAccountsNotificationSettingsResponseV1'
'400':
$ref: '#/components/responses/BadRequest'
'401':
$ref: '#/components/responses/Unauthorized'
'404':
$ref: '#/components/responses/NotFound'
'415':
$ref: '#/components/responses/UnsupportedMediaType'
'422':
$ref: '#/components/responses/UnprocessableEntity'
'429':
$ref: '#/components/responses/TooManyRequests'
'500':
$ref: '#/components/responses/InternalServerError'
get:
summary: Get Global Service Accounts Notification Settings
description: |
Return Notification Settings for Global Service Accounts.\
\
**Required permissions:** _global-service-accounts-notification-settings.read_
operationId: getGlobalServiceAccountsNotificationSettingsV1
tags:
- Service Accounts Notification Settings
responses:
'200':
description: Service Accounts Notification Settings found.
headers:
X-RateLimit-Limit:
description: Maximum number of allowed requests per minute.
schema:
type: integer
format: int32
minimum: 1
maximum: 4096
content:
application/json:
schema:
$ref: '#/components/schemas/ServiceAccountsNotificationSettingsResponseV1'
'400':
$ref: '#/components/responses/BadRequest'
'401':
$ref: '#/components/responses/Unauthorized'
'404':
$ref: '#/components/responses/NotFound'
'429':
$ref: '#/components/responses/TooManyRequests'
'500':
$ref: '#/components/responses/InternalServerError'
put:
summary: Update Global Service Accounts Notification Settings
description: |
Update Notification Settings for Global Service Accounts.\
\
**Required permissions:** _global-service-accounts-notification-settings.edit_
operationId: updateGlobalServiceAccountsNotificationSettingsV1
tags:
- Service Accounts Notification Settings
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/UpdateServiceAccountsNotificationSettingsRequestV1'
responses:
'200':
description: Service Accounts Notification Settings updated.
headers:
X-RateLimit-Limit:
description: Maximum number of allowed requests per minute.
schema:
type: integer
format: int32
minimum: 1
maximum: 4096
content:
application/json:
schema:
$ref: '#/components/schemas/ServiceAccountsNotificationSettingsResponseV1'
'400':
$ref: '#/components/responses/BadRequest'
'401':
$ref: '#/components/responses/Unauthorized'
'403':
$ref: '#/components/responses/Forbidden'
'404':
$ref: '#/components/responses/NotFound'
'415':
$ref: '#/components/responses/UnsupportedMediaType'
'429':
$ref: '#/components/responses/TooManyRequests'
'500':
$ref: '#/components/responses/InternalServerError'
delete:
summary: Delete Global Service Accounts Notification Settings
description: |
Delete Notification Settings for Global Service Accounts.\
\
**Required permissions:** _global-service-accounts-notification-settings.edit_
operationId: deleteGlobalServiceAccountsNotificationSettingsV1
tags:
- Service Accounts Notification Settings
responses:
'204':
description: Service Accounts Notification Settings deleted.
headers:
X-RateLimit-Limit:
description: Maximum number of allowed requests per minute.
schema:
type: integer
format: int32
minimum: 1
maximum: 4096
'400':
$ref: '#/components/responses/BadRequest'
'401':
$ref: '#/components/responses/Unauthorized'
'403':
$ref: '#/components/responses/Forbidden'
'404':
$ref: '#/components/responses/NotFound'
'429':
$ref: '#/components/responses/TooManyRequests'
'500':
$ref: '#/components/responses/InternalServerError'
/platform/v1/ip-filters:
x-excluded-environments:
- OnPrem
get:
summary: List IP Filters
description: |
Retrieve a paginated list of IP filters.\
\
**Required permissions:** _ip-filters.read_
operationId: getIpFiltersV1
tags:
- IP Filtering
parameters:
- $ref: '#/components/parameters/Offset'
- $ref: '#/components/parameters/Limit'
- $ref: '#/components/parameters/Filter'
responses:
'200':
description: List all IP filters response.
headers:
X-RateLimit-Limit:
description: Maximum number of allowed requests per minute.
schema:
type: integer
format: int32
minimum: 1
maximum: 4096
content:
application/json:
schema:
$ref: '#/components/schemas/IpFiltersPaginatedResponseV1'
'400':
$ref: '#/components/responses/BadRequest'
'401':
$ref: '#/components/responses/Unauthorized'
'429':
$ref: '#/components/responses/TooManyRequests'
'500':
$ref: '#/components/responses/InternalServerError'
post:
summary: Create IP Filter
description: |
Create a new IP filter.\
\
**Required permissions:** _ip-filters.edit_
operationId: createIpFilterV1
tags:
- IP Filtering
requestBody:
description: The payload required to create IP filter.
content:
application/json:
schema:
$ref: '#/components/schemas/CreateIpFilterV1'
responses:
'201':
description: IP filter created.
headers:
X-RateLimit-Limit:
description: Maximum number of allowed requests per minute.
schema:
type: integer
format: int32
minimum: 1
maximum: 4096
content:
application/json:
schema:
$ref: '#/components/schemas/IpFilterResponseV1'
'400':
$ref: '#/components/responses/BadRequest'
'401':
$ref: '#/components/responses/Unauthorized'
'409':
$ref: '#/components/responses/Conflict'
'415':
$ref: '#/components/responses/UnsupportedMediaType'
'422':
$ref: '#/components/responses/UnprocessableEntity'
'429':
$ref: '#/components/responses/TooManyRequests'
'500':
$ref: '#/components/responses/InternalServerError'
/platform/v1/ip-filters/{ipFilterId}:
x-excluded-environments:
- OnPrem
get:
summary: Get IP Filter by ID
description: |
Get IP Filter by ID.\
\
**Required permissions:** _ip-filters.read_
operationId: getIpFilterByIdV1
tags:
- IP Filtering
parameters:
- $ref: '#/components/parameters/IpFilterIdPath'
responses:
'200':
description: IP filter found.
headers:
X-RateLimit-Limit:
description: Maximum number of allowed requests per minute.
schema:
type: integer
format: int32
minimum: 1
maximum: 4096
content:
application/json:
schema:
$ref: '#/components/schemas/IpFilterResponseV1'
'400':
$ref: '#/components/responses/BadRequest'
'401':
$ref: '#/components/responses/Unauthorized'
'404':
$ref: '#/components/responses/NotFound'
'429':
$ref: '#/components/responses/TooManyRequests'
'500':
$ref: '#/components/responses/InternalServerError'
put:
summary: Update IP Filter
description: |
Update IP filter by its ID. \
\
**Required permissions:** _ip-filters.edit_
operationId: updateIpFilterV1
tags:
- IP Filtering
parameters:
- $ref: '#/components/parameters/IpFilterIdPath'
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/UpdateIpFilterV1'
required: true
responses:
'200':
description: IP filter updated.
headers:
X-RateLimit-Limit:
description: Maximum number of allowed requests per minute.
schema:
type: integer
format: int32
minimum: 1
maximum: 4096
content:
application/json:
schema:
$ref: '#/components/schemas/IpFilterResponseV1'
'400':
$ref: '#/components/responses/BadRequest'
'401':
$ref: '#/components/responses/Unauthorized'
'403':
$ref: '#/components/responses/Forbidden'
'404':
$ref: '#/components/responses/NotFound'
'409':
$ref: '#/components/responses/Conflict'
'429':
$ref: '#/components/responses/TooManyRequests'
'500':
$ref: '#/components/responses/InternalServerError'
delete:
summary: Delete IP Filter
description: |
Delete IP filter by its ID.\
\
**Required permissions:** _ip-filters.edit_
operationId: deleteIpFilterByIdV1
tags:
- IP Filtering
parameters:
- $ref: '#/components/parameters/IpFilterIdPath'
responses:
'204':
description: IP filter deleted.
headers:
X-RateLimit-Limit:
description: Maximum number of allowed requests per minute.
schema:
type: integer
format: int32
minimum: 1
maximum: 4096
'400':
$ref: '#/components/responses/BadRequest'
'401':
$ref: '#/components/responses/Unauthorized'
'403':
$ref: '#/components/responses/Forbidden'
'404':
$ref: '#/components/responses/NotFound'
'409':
$ref: '#/components/responses/Conflict'
'429':
$ref: '#/components/responses/TooManyRequests'
'500':
$ref: '#/components/responses/InternalServerError'
/platform/v1/ip-filters-settings:
x-excluded-environments:
- OnPrem
get:
summary: Get IP Filters Settings
description: |
Retrieves your IP filters settings.\
\
**Required permissions:** _ip-filters.read_
operationId: getIpFiltersSettingsV1
tags:
- IP Filtering
responses:
'200':
description: IP filters settings.
headers:
X-RateLimit-Limit:
description: Maximum number of allowed requests per minute.
schema:
type: integer
format: int32
minimum: 1
maximum: 4096
content:
application/json:
schema:
$ref: '#/components/schemas/IpFiltersSettingsV1'
'401':
$ref: '#/components/responses/Unauthorized'
'429':
$ref: '#/components/responses/TooManyRequests'
'500':
$ref: '#/components/responses/InternalServerError'
put:
summary: Save IP Filters settings
description: |
Saves your IP filters settings.\
\
**Required permissions:** _ip-filters.edit_
operationId: saveIpFiltersSettingsV1
tags:
- IP Filtering
requestBody:
description: The payload required to save IP filters settings.
content:
application/json:
schema:
$ref: '#/components/schemas/IpFiltersSettingsV1'
responses:
'200':
description: IP filters settings saved.
headers:
X-RateLimit-Limit:
description: Maximum number of allowed requests per minute.
schema:
type: integer
format: int32
minimum: 1
maximum: 4096
content:
application/json:
schema:
$ref: '#/components/schemas/IpFiltersSettingsV1'
'400':
$ref: '#/components/responses/BadRequest'
'401':
$ref: '#/components/responses/Unauthorized'
'404':
$ref: '#/components/responses/NotFound'
'409':
$ref: '#/components/responses/Conflict'
'415':
$ref: '#/components/responses/UnsupportedMediaType'
'422':
$ref: '#/components/responses/UnprocessableEntity'
'429':
$ref: '#/components/responses/TooManyRequests'
'500':
$ref: '#/components/responses/InternalServerError'
/platform/v1/permissions:
get:
summary: Get Customer Permissions
description: |
Retrieve a list of permissions that are used in custom roles.\
\
**Required permissions:** _permissions.read_
operationId: getPermissionsV1
tags:
- Permissions
parameters:
- $ref: '#/components/parameters/PermissionsFilter'
responses:
'200':
description: Display Permissions.
headers:
X-RateLimit-Limit:
description: Maximum number of allowed requests per minute.
schema:
type: integer
format: int32
minimum: 1
maximum: 4096
content:
application/json:
schema:
$ref: '#/components/schemas/GetPermissionsResponseV1'
'400':
$ref: '#/components/responses/BadRequest'
'401':
$ref: '#/components/responses/Unauthorized'
'429':
$ref: '#/components/responses/TooManyRequests'
'500':
$ref: '#/components/responses/InternalServerError'
/platform/v1/roles:
x-excluded-environments:
- IBM
get:
summary: List Roles
description: |
Retrieve a paginated list of roles.\
\
**Required permissions:** _roles.read_
operationId: getRolesV1
tags:
- Roles
parameters:
- $ref: '#/components/parameters/Offset'
- $ref: '#/components/parameters/Limit'
- $ref: '#/components/parameters/OrderBy'
- $ref: '#/components/parameters/Filter'
responses:
'200':
description: The roles page.
headers:
X-RateLimit-Limit:
description: Maximum number of allowed requests per minute.
schema:
type: integer
format: int32
minimum: 1
maximum: 4096
content:
application/json:
schema:
$ref: '#/components/schemas/GetRolesPaginatedResponseV1'
'400':
$ref: '#/components/responses/BadRequest'
'401':
$ref: '#/components/responses/Unauthorized'
'429':
$ref: '#/components/responses/TooManyRequests'
'500':
$ref: '#/components/responses/InternalServerError'
post:
summary: Create Role
description: |
Create a new role.\
\
**Required permissions:** _roles.edit_
operationId: createRoleV1
tags:
- Roles
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/RoleRequestV1'
responses:
'201':
description: Role created.
headers:
X-RateLimit-Limit:
description: Maximum number of allowed requests per minute.
schema:
type: integer
format: int32
minimum: 1
maximum: 4096
content:
application/json:
schema:
$ref: '#/components/schemas/RoleResponseV1'
'400':
$ref: '#/components/responses/BadRequest'
'401':
$ref: '#/components/responses/Unauthorized'
'403':
$ref: '#/components/responses/Forbidden'
'409':
$ref: '#/components/responses/Conflict'
'415':
$ref: '#/components/responses/UnsupportedMediaType'
'422':
$ref: '#/components/responses/UnprocessableEntity'
'429':
$ref: '#/components/responses/TooManyRequests'
'500':
$ref: '#/components/responses/InternalServerError'
/platform/v1/roles/{roleId}:
x-excluded-environments:
- IBM
get:
summary: Get Role
description: |
Return a role by its ID.\
\
**Required permissions:** _roles.read_
operationId: getRoleByIdV1
tags:
- Roles
parameters:
- $ref: '#/components/parameters/RoleIdPath'
responses:
'200':
description: Role found.
headers:
X-RateLimit-Limit:
description: Maximum number of allowed requests per minute.
schema:
type: integer
format: int32
minimum: 1
maximum: 4096
content:
application/json:
schema:
$ref: '#/components/schemas/RoleResponseV1'
'400':
$ref: '#/components/responses/BadRequest'
'401':
$ref: '#/components/responses/Unauthorized'
'404':
$ref: '#/components/responses/NotFound'
'429':
$ref: '#/components/responses/TooManyRequests'
'500':
$ref: '#/components/responses/InternalServerError'
put:
summary: Update Role
description: |
Update a role by its ID.\
\
**Required permissions:** _roles.edit_
operationId: updateRoleByIdV1
tags:
- Roles
parameters:
- $ref: '#/components/parameters/RoleIdPath'
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/RoleRequestV1'
responses:
'200':
description: Role updated.
headers:
X-RateLimit-Limit:
description: Maximum number of allowed requests per minute.
schema:
type: integer
format: int32
minimum: 1
maximum: 4096
content:
application/json:
schema:
$ref: '#/components/schemas/RoleResponseV1'
'400':
$ref: '#/components/responses/BadRequest'
'401':
$ref: '#/components/responses/Unauthorized'
'403':
$ref: '#/components/responses/Forbidden'
'404':
$ref: '#/components/responses/NotFound'
'409':
$ref: '#/components/responses/Conflict'
'415':
$ref: '#/components/responses/UnsupportedMediaType'
'422':
$ref: '#/components/responses/UnprocessableEntity'
'429':
$ref: '#/components/responses/TooManyRequests'
'500':
$ref: '#/components/responses/InternalServerError'
delete:
summary: Delete Role
description: |
Delete a role by its ID.\
\
**Required permissions:** _roles.edit_
operationId: deleteRoleByIdV1
tags:
- Roles
parameters:
- $ref: '#/components/parameters/RoleIdPath'
responses:
'204':
description: Role deleted.
headers:
X-RateLimit-Limit:
description: Maximum number of allowed requests per minute.
schema:
type: integer
format: int32
minimum: 1
maximum: 4096
'400':
$ref: '#/components/responses/BadRequest'
'401':
$ref: '#/components/responses/Unauthorized'
'403':
$ref: '#/components/responses/Forbidden'
'404':
$ref: '#/components/responses/NotFound'
'422':
$ref: '#/components/responses/UnprocessableEntity'
'429':
$ref: '#/components/responses/TooManyRequests'
'500':
$ref: '#/components/responses/InternalServerError'
/platform/v1/service-accounts:
x-excluded-environments:
- IBM
get:
summary: List Global Service Accounts
description: |
Retrieve a paginated list of all service accounts.\
\
**Required permissions:** _global-service-accounts.read_
operationId: getGlobalServiceAccountsV1
tags:
- Service Accounts
parameters:
- $ref: '#/components/parameters/Offset'
- $ref: '#/components/parameters/Limit'
- $ref: '#/components/parameters/OrderBy'
- $ref: '#/components/parameters/MultiFilter'
responses:
'200':
description: Service accounts page.
headers:
X-RateLimit-Limit:
description: Maximum number of allowed requests per minute.
schema:
type: integer
format: int32
minimum: 1
maximum: 4096
content:
application/json:
schema:
$ref: '#/components/schemas/GetServiceAccountsPaginatedResponseV1'
'400':
$ref: '#/components/responses/BadRequest'
'401':
$ref: '#/components/responses/Unauthorized'
'429':
$ref: '#/components/responses/TooManyRequests'
'500':
$ref: '#/components/responses/InternalServerError'
post:
summary: Create a Global Service Account
description: |
Create a new global service account.\
\
**Required permissions:** _global-service-accounts.edit_
operationId: createGlobalServiceAccountV1
tags:
- Service Accounts
requestBody:
description: The payload required to create a new global service account.
content:
application/json:
schema:
$ref: '#/components/schemas/CreateGlobalServiceAccountRequestV1'
responses:
'201':
description: Global service account created.
headers:
X-RateLimit-Limit:
description: Maximum number of allowed requests per minute.
schema:
type: integer
format: int32
minimum: 1
maximum: 4096
content:
application/json:
schema:
$ref: '#/components/schemas/ServiceAccountWithKeyResponseV1'
'400':
$ref: '#/components/responses/BadRequest'
'401':
$ref: '#/components/responses/Unauthorized'
'409':
$ref: '#/components/responses/Conflict'
'415':
$ref: '#/components/responses/UnsupportedMediaType'
'422':
$ref: '#/components/responses/UnprocessableEntity'
'429':
$ref: '#/components/responses/TooManyRequests'
'500':
$ref: '#/components/responses/InternalServerError'
/platform/v1/teams/{teamId}/service-accounts:
x-excluded-environments:
- IBM
get:
summary: List Team Service Accounts
description: |
Retrieve a paginated list of team service accounts.\
\
**Required permissions:** _team-service-accounts.read_
operationId: getTeamServiceAccountsV1
tags:
- Service Accounts
parameters:
- $ref: '#/components/parameters/TeamIdPath'
- $ref: '#/components/parameters/Offset'
- $ref: '#/components/parameters/Limit'
- $ref: '#/components/parameters/OrderBy'
- $ref: '#/components/parameters/MultiFilter'
responses:
'200':
description: The team service accounts page.
headers:
X-RateLimit-Limit:
description: Maximum number of allowed requests per minute.
schema:
type: integer
format: int32
minimum: 1
maximum: 4096
content:
application/json:
schema:
$ref: '#/components/schemas/GetServiceAccountsPaginatedResponseV1'
'400':
$ref: '#/components/responses/BadRequest'
'401':
$ref: '#/components/responses/Unauthorized'
'429':
$ref: '#/components/responses/TooManyRequests'
'500':
$ref: '#/components/responses/InternalServerError'
post:
summary: Create a Team Service Account
description: |
Create a new team service account.\
\
**Required permissions:** _team-service-accounts.edit_
operationId: createTeamServiceAccountV1
tags:
- Service Accounts
parameters:
- $ref: '#/components/parameters/TeamIdPath'
requestBody:
description: The payload required to create a new team service account.
content:
application/json:
schema:
$ref: '#/components/schemas/CreateTeamServiceAccountRequestV1'
responses:
'201':
description: Team service account created.
headers:
X-RateLimit-Limit:
description: Maximum number of allowed requests per minute.
schema:
type: integer
format: int32
minimum: 1
maximum: 4096
content:
application/json:
schema:
$ref: '#/components/schemas/ServiceAccountWithKeyResponseV1'
'400':
$ref: '#/components/responses/BadRequest'
'401':
$ref: '#/components/responses/Unauthorized'
'409':
$ref: '#/components/responses/Conflict'
'415':
$ref: '#/components/responses/UnsupportedMediaType'
'422':
$ref: '#/components/responses/UnprocessableEntity'
'429':
$ref: '#/components/responses/TooManyRequests'
'500':
$ref: '#/components/responses/InternalServerError'
/platform/v1/service-accounts/{serviceAccountId}:
x-excluded-environments:
- IBM
get:
summary: Get a Global Service Account
description: |
Return a global service account by ID.\
\
**Required permissions:** _global-service-accounts.read_
operationId: getGlobalServiceAccountByIdV1
tags:
- Service Accounts
parameters:
- $ref: '#/components/parameters/ServiceAccountIdPath'
responses:
'200':
description: Global service account found.
headers:
X-RateLimit-Limit:
description: Maximum number of allowed requests per minute.
schema:
type: integer
format: int32
minimum: 1
maximum: 4096
content:
application/json:
schema:
$ref: '#/components/schemas/ServiceAccountResponseV1'
'400':
$ref: '#/components/responses/BadRequest'
'401':
$ref: '#/components/responses/Unauthorized'
'404':
$ref: '#/components/responses/NotFound'
'429':
$ref: '#/components/responses/TooManyRequests'
'500':
$ref: '#/components/responses/InternalServerError'
delete:
summary: Delete a Global Service Account
description: |
Delete a global service account by ID.\
\
**Required permissions:** _global-service-accounts.edit_
operationId: deleteGlobalServiceAccountByIdV1
tags:
- Service Accounts
parameters:
- $ref: '#/components/parameters/ServiceAccountIdPath'
responses:
'204':
description: Global service account deleted.
headers:
X-RateLimit-Limit:
description: Maximum number of allowed requests per minute.
schema:
type: integer
format: int32
minimum: 1
maximum: 4096
'400':
$ref: '#/components/responses/BadRequest'
'401':
$ref: '#/components/responses/Unauthorized'
'403':
$ref: '#/components/responses/Forbidden'
'404':
$ref: '#/components/responses/NotFound'
'422':
$ref: '#/components/responses/UnprocessableEntity'
'429':
$ref: '#/components/responses/TooManyRequests'
'500':
$ref: '#/components/responses/InternalServerError'
/platform/v1/teams/{teamId}/service-accounts/{serviceAccountId}:
x-excluded-environments:
- IBM
get:
summary: Get a Team Service Account
description: |
Return a team service account by ID.\
\
**Required permissions:** _team-service-accounts.read_
operationId: getTeamServiceAccountByIdV1
tags:
- Service Accounts
parameters:
- $ref: '#/components/parameters/TeamIdPath'
- $ref: '#/components/parameters/ServiceAccountIdPath'
responses:
'200':
description: Team service account found.
headers:
X-RateLimit-Limit:
description: Maximum number of allowed requests per minute.
schema:
type: integer
format: int32
minimum: 1
maximum: 4096
content:
application/json:
schema:
$ref: '#/components/schemas/ServiceAccountResponseV1'
'400':
$ref: '#/components/responses/BadRequest'
'401':
$ref: '#/components/responses/Unauthorized'
'404':
$ref: '#/components/responses/NotFound'
'429':
$ref: '#/components/responses/TooManyRequests'
'500':
$ref: '#/components/responses/InternalServerError'
delete:
summary: Delete a Team Service Account
description: |
Delete a team service account by ID.\
\
**Required permissions:** _team-service-accounts.edit_
operationId: deleteTeamServiceAccountByIdV1
tags:
- Service Accounts
parameters:
- $ref: '#/components/parameters/TeamIdPath'
- $ref: '#/components/parameters/ServiceAccountIdPath'
responses:
'204':
description: Team service account deleted.
headers:
X-RateLimit-Limit:
description: Maximum number of allowed requests per minute.
schema:
type: integer
format: int32
minimum: 1
maximum: 4096
'400':
$ref: '#/components/responses/BadRequest'
'401':
$ref: '#/components/responses/Unauthorized'
'403':
$ref: '#/components/responses/Forbidden'
'404':
$ref: '#/components/responses/NotFound'
'422':
$ref: '#/components/responses/UnprocessableEntity'
'429':
$ref: '#/components/responses/TooManyRequests'
'500':
$ref: '#/components/responses/InternalServerError'
/platform/reporting/v1/schedules:
get:
summary: List Report Schedules
description: |
Retrieve a paginated list of Report Schedules.\
\
**Required permissions:** platform.reporting.schedules.read
operationId: listSchedulesV1
tags:
- Reporting
responses:
'200':
description: List of Report schedules
headers:
X-RateLimit-Limit:
description: Maximum number of allowed requests per minute.
schema:
type: integer
format: int32
minimum: 1
maximum: 4096
content:
application/json:
schema:
$ref: '#/components/schemas/ListSchedules'
'400':
$ref: '#/components/responses/BadRequest'
'401':
$ref: '#/components/responses/Unauthorized'
'422':
$ref: '#/components/responses/UnprocessableEntity'
'429':
$ref: '#/components/responses/TooManyRequests'
'500':
$ref: '#/components/responses/InternalServerError'
/platform/reporting/v1/jobs:
get:
summary: List Report Job Runs
description: |
Retrieve a list of Report Job runs.\
\
**Required permissions:** platform.reporting.report-downloads.read
operationId: listJobsV1
tags:
- Reporting
parameters:
- name: scheduleId
in: query
description: ID of the Schedule
required: true
schema:
type: string
maxLength: 512
example: 2pUnGeLvrOo5qoWuvXg5H9nEH2g
- name: reportId
in: query
description: ID of the Report
required: false
schema:
type: integer
format: int64
minimum: 0
maximum: 1000000
example: 1
- name: isReportTemplate
in: query
description: Indicates whether the report is a template.
required: false
schema:
type: string
enum:
- 'true'
- 'false'
example: 'true'
- name: completedOn
in: query
description: Date the job was completed in epoch milliseconds.
required: false
schema:
$ref: '#/components/schemas/UnlimitedLong'
- name: jobType
in: query
description: Type of the job.
required: false
schema:
type: string
enum:
- ON_DEMAND
- SCHEDULED
example: SCHEDULED
- name: status
in: query
description: Status of the job.
required: false
schema:
type: string
enum:
- RUNNING
- COMPLETED
- FAILED
- CREATED
example: COMPLETED
- name: kind
in: query
description: Kind of the report.
required: false
schema:
type: string
enum:
- compliance_readiness
- vulnerability_management
example: compliance_readiness
- name: policies
in: query
description: List of policy IDs in string format.
required: false
schema:
type: string
maxLength: 8192
example: '[1,2,3]'
- name: zones
in: query
description: List of zone IDs in string format.
required: false
schema:
type: string
maxLength: 8192
example: '[1,2,3]'
responses:
'200':
description: List of Report job runs.
headers:
X-RateLimit-Limit:
description: Maximum number of allowed requests per minute.
schema:
type: integer
format: int32
minimum: 1
maximum: 4096
content:
application/json:
schema:
$ref: '#/components/schemas/ListJobs'
'400':
$ref: '#/components/responses/BadRequest'
'401':
$ref: '#/components/responses/Unauthorized'
'422':
$ref: '#/components/responses/UnprocessableEntity'
'429':
$ref: '#/components/responses/TooManyRequests'
'500':
$ref: '#/components/responses/InternalServerError'
/secure/activity-audit/v1/entries:
get:
summary: List entries
description: |
Retrieves the list of entries matching the expressed search criteria.
The pair `from` and `to` and the `cursor` parameter are mutually exclusive. If you supply a `from` and `to` you must not supply a `cursor` and vice-versa.
The time criteria is required and can be specified in two different ways:
- Using `from` and `to`, the list of entries within the timeframe (max 2 weeks) will be returned, starting from the most recent ones.
- Using a `cursor` the entries returned will be in the before, after or around the entry, depending on the entry the cursor is taken from and the cursor type. More details are available in the `cursor` attribute in the response.
The entry content can be filtered using `zones`, to select one or more zones, or with the filter, directly expressing a condition on fields and labels.
**Required permissions:** _commands.read_ | _connections.read_ | _fileaccesses.read_ | _kubernetes.read_
operationId: GetActivityAuditEntriesV1
tags:
- Activity Audit
parameters:
- in: query
name: from
schema:
$ref: '#/components/schemas/From'
- in: query
name: to
schema:
$ref: '#/components/schemas/To'
- in: query
name: cursor
schema:
$ref: '#/components/schemas/Cursor'
- in: query
name: zones
schema:
type: array
items:
$ref: '#/components/schemas/ZoneId'
maxItems: 100
- in: query
name: filter
schema:
$ref: '#/components/schemas/SysdigQueryLanguageFilter'
- $ref: '#/components/parameters/Limit'
- in: query
name: types
schema:
$ref: '#/components/schemas/Types'
responses:
'200':
description: The list of entries.
headers:
X-RateLimit-Limit:
description: Maximum number of allowed requests per minute.
schema:
type: integer
format: int32
minimum: 1
maximum: 4096
content:
application/json:
schema:
$ref: '#/components/schemas/EntriesResponse'
'400':
description: Bad Request
headers:
X-RateLimit-Limit:
description: Maximum number of allowed requests per minute.
schema:
type: integer
format: int32
minimum: 1
maximum: 4096
content:
application/json:
schema:
$ref: '#/components/schemas/Error'
'401':
$ref: '#/components/responses/Unauthorized'
'403':
$ref: '#/components/responses/Forbidden'
'404':
$ref: '#/components/responses/NotFound'
'429':
$ref: '#/components/responses/TooManyRequests'
'500':
$ref: '#/components/responses/InternalServerError'
/secure/activity-audit/v1/entries/{entryId}:
get:
summary: Get entry
description: |
Retrieves an Actvity Audit entry given its id.
**Required permissions:** _commands.read_ | _connections.read_ | _fileaccesses.read_ | _kubernetes.read_
operationId: GetActivityAuditEntryV1
tags:
- Activity Audit
parameters:
- in: path
name: entryId
required: true
schema:
$ref: '#/components/schemas/EntryId'
responses:
'200':
description: The Activity Audit entry.
headers:
X-RateLimit-Limit:
description: Maximum number of allowed requests per minute.
schema:
type: integer
format: int32
minimum: 1
maximum: 4096
content:
application/json:
schema:
$ref: '#/components/schemas/EntryResponse'
'400':
description: Bad Request
headers:
X-RateLimit-Limit:
description: Maximum number of allowed requests per minute.
schema:
type: integer
format: int32
minimum: 1
maximum: 4096
content:
application/json:
schema:
$ref: '#/components/schemas/Error'
'401':
$ref: '#/components/responses/Unauthorized'
'403':
$ref: '#/components/responses/Forbidden'
'404':
$ref: '#/components/responses/NotFound'
'429':
$ref: '#/components/responses/TooManyRequests'
'500':
$ref: '#/components/responses/InternalServerError'
/secure/activity-audit/v1/supported-filters:
get:
summary: Get available filters
description: |
Activity Audit entries can be filtered by a set of attributes. This endpoint returns the list of those for which filtering is supported.
operationId: GetActivityAuditEntriesSupportedFiltersV1
tags:
- Activity Audit
responses:
'200':
description: The list of supported attributes for filtering Activity Audit entries.
headers:
X-RateLimit-Limit:
description: Maximum number of allowed requests per minute.
schema:
type: integer
format: int32
minimum: 1
maximum: 4096
content:
application/json:
schema:
$ref: '#/components/schemas/AuditSupportedFiltersResponse'
'400':
description: Bad request
headers:
X-RateLimit-Limit:
description: Maximum number of allowed requests per minute.
schema:
type: integer
format: int32
minimum: 1
maximum: 4096
content:
application/json:
schema:
$ref: '#/components/schemas/Error'
'401':
$ref: '#/components/responses/Unauthorized'
'403':
$ref: '#/components/responses/Forbidden'
'404':
$ref: '#/components/responses/NotFound'
'429':
$ref: '#/components/responses/TooManyRequests'
'500':
$ref: '#/components/responses/InternalServerError'
/secure/certman/v1/csr:
post:
summary: Create CSR
operationId: createCSRV1
description: |
Creates a Certificate Signing Request generated from the customer unique
private key. The CSR is generated on the fly.\
\
**Required permissions:** _certman.read_
tags:
- Certificates
responses:
'200':
description: The Certificate Signing Request plaintext content
headers:
X-RateLimit-Limit:
description: Maximum number of allowed requests per minute.
schema:
type: integer
format: int32
minimum: 1
maximum: 4096
content:
text/plain:
schema:
type: string
maxLength: 10000
'401':
$ref: '#/components/responses/Unauthorized'
'403':
$ref: '#/components/responses/Forbidden'
'429':
$ref: '#/components/responses/TooManyRequests'
'500':
$ref: '#/components/responses/InternalServerError'
/secure/certman/v1/certificates:
post:
summary: Upload Certificate
operationId: uploadCertificateV1
description: |
Uploads a certificate that has been created by signing a CSR obtained
via Certificates Management.\
\
**Required permissions:** _certman.edit_
tags:
- Certificates
requestBody:
description: The content of the upload certificate request.
required: true
content:
multipart/form-data:
schema:
$ref: '#/components/schemas/UploadCertificateRequest'
responses:
'201':
description: The certificate has been upload correctly.
headers:
X-RateLimit-Limit:
description: Maximum number of allowed requests per minute.
schema:
type: integer
format: int32
minimum: 1
maximum: 4096
content:
application/json:
schema:
$ref: '#/components/schemas/Certificate'
'400':
description: Operation failed due to invalid certificate
headers:
X-RateLimit-Limit:
description: Maximum number of allowed requests per minute.
schema:
type: integer
format: int32
minimum: 1
maximum: 4096
content:
application/json:
schema:
type: object
title: Invalid certificate
required:
- type
- message
properties:
type:
type: string
example: parsing_error
enum:
- parsing_error
message:
type: string
enum:
- could not parse the provided certificate
example: could not parse the provided certificate
details:
type: array
items: {}
maxItems: 1
'401':
$ref: '#/components/responses/Unauthorized'
'403':
$ref: '#/components/responses/Forbidden'
'429':
$ref: '#/components/responses/TooManyRequests'
'500':
$ref: '#/components/responses/InternalServerError'
get:
summary: List Certificates
description: |
Returns the list of certificates.\
\
**Required permissions:** _certman.read_
operationId: getCertificatesV1
tags:
- Certificates
responses:
'200':
description: List of certificates.
headers:
X-RateLimit-Limit:
description: Maximum number of allowed requests per minute.
schema:
type: integer
format: int32
minimum: 1
maximum: 4096
content:
application/json:
schema:
$ref: '#/components/schemas/CertificatesResponse'
'401':
$ref: '#/components/responses/Unauthorized'
'403':
$ref: '#/components/responses/Forbidden'
'429':
$ref: '#/components/responses/TooManyRequests'
'500':
$ref: '#/components/responses/InternalServerError'
/secure/certman/v1/certificates/{certId}:
get:
summary: Get Certificate
description: |
Get a single certificate.\
\
**Required permissions:** _certman.read_
operationId: getCertificateV1
tags:
- Certificates
parameters:
- $ref: '#/components/parameters/PathCertificateId'
responses:
'200':
description: The certificate.
headers:
X-RateLimit-Limit:
description: Maximum number of allowed requests per minute.
schema:
type: integer
format: int32
minimum: 1
maximum: 4096
content:
application/json:
schema:
$ref: '#/components/schemas/Certificate'
'400':
description: Invalid certificate ID
headers:
X-RateLimit-Limit:
description: Maximum number of allowed requests per minute.
schema:
type: integer
format: int32
minimum: 1
maximum: 4096
content:
application/json:
schema:
$ref: '#/components/schemas/Error'
'401':
$ref: '#/components/responses/Unauthorized'
'403':
$ref: '#/components/responses/Forbidden'
'404':
$ref: '#/components/responses/NotFound'
'429':
$ref: '#/components/responses/TooManyRequests'
'500':
$ref: '#/components/responses/InternalServerError'
delete:
summary: Delete Certificate
description: |
Deletes a certificate given its id.
A certificate cannot be deleted if
it's being used (i.e. by the events forwarder to connect to third
parties).\
\
**Required permissions:** _certman.edit_
operationId: deleteCertificateV1
tags:
- Certificates
parameters:
- $ref: '#/components/parameters/PathCertificateId'
responses:
'204':
description: The certificate has been deleted successfully.
headers:
X-RateLimit-Limit:
description: Maximum number of allowed requests per minute.
schema:
type: integer
format: int32
minimum: 1
maximum: 4096
'400':
$ref: '#/components/responses/BadRequest'
'401':
$ref: '#/components/responses/Unauthorized'
'403':
$ref: '#/components/responses/Forbidden'
'404':
$ref: '#/components/responses/NotFound'
'409':
description: |
The certificate cannot be deleted because it's currently being used.
headers:
X-RateLimit-Limit:
description: Maximum number of allowed requests per minute.
schema:
type: integer
format: int32
minimum: 1
maximum: 4096
content:
application/json:
schema:
$ref: '#/components/schemas/Error'
'429':
$ref: '#/components/responses/TooManyRequests'
'500':
$ref: '#/components/responses/InternalServerError'
/secure/certman/v1/certificates/{certId}/services:
get:
summary: List Services
description: |
Returns he list of integrations using this certificate.\
\
**Required permissions:** _certman.read_
operationId: GetCertificateRegistrationV1
tags:
- Certificates
parameters:
- $ref: '#/components/parameters/PathCertificateId'
responses:
'200':
description: List of certificates registrations.
headers:
X-RateLimit-Limit:
description: Maximum number of allowed requests per minute.
schema:
type: integer
format: int32
minimum: 1
maximum: 4096
content:
application/json:
schema:
$ref: '#/components/schemas/ServicesResponse'
'400':
description: Invalid certificate ID
headers:
X-RateLimit-Limit:
description: Maximum number of allowed requests per minute.
schema:
type: integer
format: int32
minimum: 1
maximum: 4096
content:
application/json:
schema:
$ref: '#/components/schemas/Error'
'401':
$ref: '#/components/responses/Unauthorized'
'403':
$ref: '#/components/responses/Forbidden'
'404':
$ref: '#/components/responses/NotFound'
'429':
$ref: '#/components/responses/TooManyRequests'
'500':
$ref: '#/components/responses/InternalServerError'
/secure/events/v1/events:
get:
summary: List events
operationId: getEventsV1
description: "Retrieves the list of events matching the expressed search criteria.\nThe pair `from` and `to` and the `cursor` parameter are mutually exclusive. If you supply a `from` and `to` you must not supply a `cursor` and vice-versa.\nThe time criteria is required and can be specified in two different ways:\n- Using `from` and `to`, the list of events within the timeframe (max 2 weeks) will be returned, starting from the most recent ones.\n- Using a `cursor` the events returned will be in the before, after or around the event, depending on the event the cursor is taken from and the cursor type. More details are available in the `cursor` attribute in the response. \nThe event content can be filtered using `zones`, to select one or more zones, or with the filter, directly expressing a condition on fields and labels.\n"
tags:
- Secure Events
parameters:
- in: query
name: from
schema:
$ref: '#/components/schemas/From'
- in: query
name: to
schema:
$ref: '#/components/schemas/To'
- in: query
name: cursor
schema:
$ref: '#/components/schemas/Cursor'
- in: query
name: zones
schema:
type: array
items:
$ref: '#/components/schemas/ZoneId'
maxItems: 100
- in: query
name: filter
schema:
$ref: '#/components/schemas/EventsFeedFilter'
- in: query
name: limit
schema:
$ref: '#/components/schemas/EventsFeedLimit'
responses:
'200':
description: The list of events.
headers:
X-RateLimit-Limit:
description: Maximum number of allowed requests per minute.
schema:
type: integer
format: int32
minimum: 1
maximum: 4096
content:
application/json:
schema:
$ref: '#/components/schemas/ListEventsResponse'
'400':
description: Bad request
headers:
X-RateLimit-Limit:
description: Maximum number of allowed requests per minute.
schema:
type: integer
format: int32
minimum: 1
maximum: 4096
content:
application/json:
schema:
$ref: '#/components/schemas/Error'
'401':
$ref: '#/components/responses/Unauthorized'
'403':
$ref: '#/components/responses/Forbidden'
'404':
$ref: '#/components/responses/NotFound'
'429':
$ref: '#/components/responses/TooManyRequests'
'500':
$ref: '#/components/responses/InternalServerError'
/secure/events/v1/events/{eventId}:
get:
summary: Get event
description: |
Retrieves an event given its id.
operationId: getEventV1
tags:
- Secure Events
parameters:
- $ref: '#/components/parameters/EventId'
responses:
'200':
description: The secure event.
headers:
X-RateLimit-Limit:
description: Maximum number of allowed requests per minute.
schema:
type: integer
format: int32
minimum: 1
maximum: 4096
content:
application/json:
schema:
$ref: '#/components/schemas/Event'
'400':
description: Bad request
headers:
X-RateLimit-Limit:
description: Maximum number of allowed requests per minute.
schema:
type: integer
format: int32
minimum: 1
maximum: 4096
content:
application/json:
schema:
$ref: '#/components/schemas/Error'
'401':
$ref: '#/components/responses/Unauthorized'
'403':
$ref: '#/components/responses/Forbidden'
'404':
$ref: '#/components/responses/NotFound'
'429':
$ref: '#/components/responses/TooManyRequests'
'500':
$ref: '#/components/responses/InternalServerError'
/secure/events/v1/supported-filters:
get:
summary: Get available filters
operationId: getEventsSupportedFiltersV1
description: |
Events can be filtered by a set of attributes. This endpoint returns the list of those for which filtering is supported.
tags:
- Secure Events
responses:
'200':
description: The list of supported attributes for filtering events.
headers:
X-RateLimit-Limit:
description: Maximum number of allowed requests per minute.
schema:
type: integer
format: int32
minimum: 1
maximum: 4096
content:
application/json:
schema:
$ref: '#/components/schemas/SupportedFiltersResponse'
'400':
description: Bad request
headers:
X-RateLimit-Limit:
description: Maximum number of allowed requests per minute.
schema:
type: integer
format: int32
minimum: 1
maximum: 4096
content:
application/json:
schema:
$ref: '#/components/schemas/Error'
'401':
$ref: '#/components/responses/Unauthorized'
'403':
$ref: '#/components/responses/Forbidden'
'404':
$ref: '#/components/responses/NotFound'
'429':
$ref: '#/components/responses/TooManyRequests'
'500':
$ref: '#/components/responses/InternalServerError'
/secure/events-forwarder/v1/types:
get:
summary: List Integrations types
description: Returns the list of supported integrations, to which Events Forwarder can send data
operationId: listEFOIntegrationsTypesV1
tags:
- Events Forwarder
responses:
'200':
description: The list of supported Events Forwarder integrations in Sysdig Secure
headers:
X-RateLimit-Limit:
description: Maximum number of allowed requests per minute.
schema:
type: integer
format: int32
minimum: 1
maximum: 4096
content:
application/json:
schema:
$ref: '#/components/schemas/IntegrationTypesResponse'
'401':
$ref: '#/components/responses/Unauthorized'
'429':
$ref: '#/components/responses/TooManyRequests'
'500':
$ref: '#/components/responses/InternalServerError'
/secure/events-forwarder/v1/channels:
get:
summary: List Channels
description: Returns the list of supported Channels (Data types) for a given integration type
operationId: listEFOChannelsByIntegrationV1
tags:
- Events Forwarder
parameters:
- name: type
in: query
description: the Events Forwarder Integration Type
required: true
schema:
$ref: '#/components/schemas/IntegrationType'
responses:
'200':
description: A list of supported Events Forwarder integrations channels in Sysdig Secure
headers:
X-RateLimit-Limit:
description: Maximum number of allowed requests per minute.
schema:
type: integer
format: int32
minimum: 1
maximum: 4096
content:
application/json:
schema:
$ref: '#/components/schemas/IntegrationChannelsResponse'
'401':
$ref: '#/components/responses/Unauthorized'
'429':
$ref: '#/components/responses/TooManyRequests'
'500':
$ref: '#/components/responses/InternalServerError'
/secure/events-forwarder/v1/integrations:
get:
summary: List Integrations
description: Returns the Events Forwarder integrations set up
operationId: listEFOIntegrationsV1
tags:
- Events Forwarder
responses:
'200':
description: The list of Events Forwarder Integrations
headers:
X-RateLimit-Limit:
description: Maximum number of allowed requests per minute.
schema:
type: integer
format: int32
minimum: 1
maximum: 4096
content:
application/json:
schema:
$ref: '#/components/schemas/ListIntegrationsResponse'
'401':
$ref: '#/components/responses/Unauthorized'
'429':
$ref: '#/components/responses/TooManyRequests'
'500':
$ref: '#/components/responses/InternalServerError'
post:
summary: Create Integration
description: Configures a new integration to forward a data type to a destination, given the specified connection parameters
operationId: createEFOInegrationV1
tags:
- Events Forwarder
requestBody:
description: Configuration for the new integration
content:
application/json:
schema:
$ref: '#/components/schemas/CreateIntegrationRequest'
required: true
responses:
'201':
description: Integration created successfully
headers:
X-RateLimit-Limit:
description: Maximum number of allowed requests per minute.
schema:
type: integer
format: int32
minimum: 1
maximum: 4096
content:
application/json:
schema:
$ref: '#/components/schemas/IntegrationResponse'
'400':
$ref: '#/components/responses/BadRequest'
'401':
$ref: '#/components/responses/Unauthorized'
'403':
$ref: '#/components/responses/Forbidden'
'409':
$ref: '#/components/responses/Conflict'
'429':
$ref: '#/components/responses/TooManyRequests'
'500':
$ref: '#/components/responses/InternalServerError'
/secure/events-forwarder/v1/integrations/{integrationId}:
get:
summary: Get Integration
description: Returns the configuration for an integration
operationId: getEFOIntegrationByIdV1
tags:
- Events Forwarder
parameters:
- $ref: '#/components/parameters/IntegrationId'
responses:
'200':
description: An integration is returned
headers:
X-RateLimit-Limit:
description: Maximum number of allowed requests per minute.
schema:
type: integer
format: int32
minimum: 1
maximum: 4096
content:
application/json:
schema:
$ref: '#/components/schemas/IntegrationResponse'
'400':
$ref: '#/components/responses/BadRequest'
'401':
$ref: '#/components/responses/Unauthorized'
'404':
description: Integration not found with the specified ID
headers:
X-RateLimit-Limit:
description: Maximum number of allowed requests per minute.
schema:
type: integer
format: int32
minimum: 1
maximum: 4096
'429':
$ref: '#/components/responses/TooManyRequests'
'500':
$ref: '#/components/responses/InternalServerError'
delete:
summary: Delete Integration
description: Delete an integration
operationId: deleteEFOIntegrationByIDV1
tags:
- Events Forwarder
parameters:
- $ref: '#/components/parameters/IntegrationId'
responses:
'204':
description: Integration deleted successfully
headers:
X-RateLimit-Limit:
description: Maximum number of allowed requests per minute.
schema:
type: integer
format: int32
minimum: 1
maximum: 4096
'400':
$ref: '#/components/responses/BadRequest'
'401':
$ref: '#/components/responses/Unauthorized'
'403':
$ref: '#/components/responses/Forbidden'
'404':
description: Integration not found
headers:
X-RateLimit-Limit:
description: Maximum number of allowed requests per minute.
schema:
type: integer
format: int32
minimum: 1
maximum: 4096
'429':
$ref: '#/components/responses/TooManyRequests'
'500':
$ref: '#/components/responses/InternalServerError'
put:
summary: Update Integration
description: Updates an integration, replacing its configuration
operationId: updateEFOIntegrationByIdV1
tags:
- Events Forwarder
parameters:
- $ref: '#/components/parameters/IntegrationId'
requestBody:
description: Update an events forwarder integration in Sysdig Secure
content:
application/json:
schema:
$ref: '#/components/schemas/UpdateIntegrationRequest'
required: true
responses:
'200':
description: Integration updated successfully
headers:
X-RateLimit-Limit:
description: Maximum number of allowed requests per minute.
schema:
type: integer
format: int32
minimum: 1
maximum: 4096
content:
application/json:
schema:
$ref: '#/components/schemas/IntegrationResponse'
'400':
$ref: '#/components/responses/BadRequest'
'401':
$ref: '#/components/responses/Unauthorized'
'403':
$ref: '#/components/responses/Forbidden'
'404':
description: Integration not found
headers:
X-RateLimit-Limit:
description: Maximum number of allowed requests per minute.
schema:
type: integer
format: int32
minimum: 1
maximum: 4096
'429':
$ref: '#/components/responses/TooManyRequests'
'500':
$ref: '#/components/responses/InternalServerError'
/secure/inventory/v1/resources:
x-excluded-environments:
- OnPrem
get:
tags:
- Inventory
summary: List Resources
description: Search for Inventory Resources based on the given filter.
operationId: getResources
parameters:
- name: filter
in: query
description: |
Query language expression for filtering results.
Operators:
- `and` and `not` logical operators
- `=`, `!=`
- `in`
- `contains` and `startsWith` to check partial values of attributes
- `exists` to check if a field exists and not empty
List of supported fields:
- `account`
- Type: string
- Example: `account in ("285211435247")`
- Description: DEPRECATED. The account that will be included in the results.
- `accountName`
- Type: string
- Example: `accountName in ("some-account-name")`
- Description: The account name that will be included in the results.
- `accountId`
- Type: string
- Example: `accountId in ("345224567")`
- Description: The account id that will be included in the results.
- `cluster`
- Type: string
- Example: `cluster in ("cluster1")`
- Description: The kubernetes cluster that will be included in the results.
- `externalDNS`
- Type: string
- Example: `externalDNS in ("ec2-102-34-15-23.compute-1.amazonaws.com")`
- Description: The external DNS that will be included in the results.
- `distribution`
- Type: string
- Example: `distribution in ("gke", "vanilla")`
- Description: The kubernetes distribution that will be included in the results.
- `integrationName`
- Type: string
- Example: `integrationName = "github-integration"`
- Description: The name of the integration an IaC resource belongs to.
- `labels`
- Type: string
- Example: `not labels exists`
- Description: The resource labels that will be included in the results.
- `location`
- Type: string
- Example: `location starts with "https://bitbucket.org/organizations-workspace/teams-repository/src"`
- Description: The web address of an IaC Manifest.
- `name`
- Type: string
- Example: `name starts with "acl"`
- Description: The names that will be included in the results.
- `namespace`
- Type: string
- Example: `namespace contains "production"`
- Description: The namespace that will be included in the results.
- `nodeType`
- Type: string
- Example: `nodeType="Worker"`
- Description: The nodeType that will be included in the results.
- `osName`
- Type: string
- Example: `osName != "linux"`
- Description: The operating system that will be included in the results.
- `osImage`
- Type: string
- Example: `osImage = "Ubuntu 18.04.6 LTS"`
- Description: The operating system image that will be included in the results.
- `organization`
- Type: string
- Example: `organization = "s-xqe92dwe61"`
- Description: The organization that will be included in the results.
- `platform`
- Type: string
- Example: `platform = "AWS"`
- Description: The platform that will be included in the results.
- `control.accepted`
- Type: boolean
- Example: `control.accepted exists`
- Description: Include (or Exclude) only resources with accepted results. Supported operators: exists and not exists.
- `policy`
- Type: string
- Example: `policy in ("CIS Docker Benchmark")`
- Description: Include resources that applied the selected policies. Supported operators: in, not in, exists, not exists.
- `control.severity`
- Type: string
- Example: `control.severity in ("High")`
- Description: Include resources that have violated risks in the selected severities. Supported operators: in, not in.
- `control.failed`
- Type: string
- Example: `control.failed in ("/etc/default/docker owned by root:root")`
- Description: Include resources that have violated the selected risks. Supported operators: in, not in, exists, not exists.
- `policy.failed`
- Type: string
- Example: `policy.failed in ("PCI DSS (Payment Card Industry Data Security Standard) v3.2.1")`
- Description: Include resources that failed the selected policies. Supported operators: in, not in, exists, not exists.
- `policy.passed` in ("CIS Kubernetes V1.20 Benchmark")
- Type: string
- Example: `policy.passed in ("CIS Kubernetes V1.20 Benchmark")`
- Description: Include resources that passed the selected policies. Supported operators: in, not in, exists, not exists.
- `project`
- Type: string
- Example: `project = "project1"`
- Description: DEPRECATED. The project that will be included in the results.
- `projectName`
- Type: string
- Example: `projectName = "project123"`
- Description: The project name that will be included in the results.
- `projectId`
- Type: string
- Example: `projectId = "1235495521"`
- Description: The project id that will be included in the results.
- `region`
- Type: string
- Example: `region in ("europe-west1")`
- Description: The regions that will be included in the results.
- `repository`
- Type: string
- Example: `repository in ("e2e-repo")`
- Description: The Repository an IaC resource belongs to.
- `resourceOrigin`
- Type: string
- Example: `resourceOrigin = "Code"`
- Description: Origin of the resource. Supported values: Code, Deployed.
- `type`
- Type: string
- Example: `type = "Account"`
- Description: The resource types that will be included in the results.
- `subscription`
- Type: string
- Example: `subscription = "Azure subscription 1"`
- Description: DEPRECATED. The Azure subscription that will be included in the results.
- `subscriptionName`
- Type: string
- Example: `subscriptionName = "subscription abc"`
- Description: The Azure subscription name that will be included in the results.
- `subscriptionId`
- Type: string
- Example: `subscriptionId = "568634664353"`
- Description: The Azure subscription id that will be included in the results.
- `sourceType`
- Type: string
- Example: `sourceType = "YAML"`
- Description: The source type of an IaC resource. Supported values: YAML, Kustomize, Terraform, Helm.
- `version`
- Type: string
- Example: `version = "1.1"`
- Description: OCP Cluster versions that will be included in the results.
- `zone`
- Type: string
- Example: `zone in ("zone1")`
- Description: The zones that will be included in the results.
- `category`
- Type: string
- Example: `category in ("Compute", "IAM")`
- Description: The category that will be included in the results. Supported operators: in, not in.
- `isExposed`
- Type: boolean
- Example: `isExposed exists`
- Description - Specifies whether the resource to return is exposed to the internet. Supported operators: exists and not exists.
- `validatedExposure`
- Type: boolean
- Example: `validatedExposure exists`
- Description - Specifies whether the resource to return is exposed to the internet and could be reach by our network exposure validator. Supported operators: exists and not exists.
- `arn`
- Type: string
- Example: `arn in ("arn:aws:ec2:eu-central-1:843232641625:instance/i-0c1dedd325e71138d")`
- Description - The AWS ARN of the resource.
- `resourceId`
- Type: string
- Example: `resourceId = "//compute.googleapis.com/projects/project1/global/routes/default-route-192ae83214caddd"`
- Description - The Azure or GCP Resource Identifier of the resource.
- `container.name`
- Type: string
- Example: `container.name in ("sysdig-container")`
- Description - Filters the resource by a container.
- `architecture`
- Type: string
- Example: `architecture = "arm64"`
- Description - Image architecture.
- `baseOS`
- Type: string
- Example: `baseOS = "debian 11.6"`
- Description - Image Base OS.
- `digest`
- Type: string
- Example: `digest = "sha256:21829f4f033ac2805aa43a412bcdf60e98eee4124d565a06dee184c97efff6091"`
- Description - Image Digest.
- `imageId`
- Type: string
- Example: `imageId in ("sha256:3768ff6176e29a35ce1354622977a1e5c013045cbc4f30754ef3459218be8ac")`
- Description - Image Id.
- `os`
- Type: string
- Example: `os = "linux"`
- Description - Image OS.
- `container.imageName`
- Type: string
- Example: `container.imageName in ("registry.k8s.io/kube-image:v1.2.4")`
- Description - Image Pullstring.
- `image.registry`
- Type: string
- Example: `image.registry = "quay.io"`
- Description - Image Registry.
- `image.tag`
- Type: string
- Example: `image.tag in ("tag1")`
- Description - Image tag.
- `package.inUse`
- Type: boolean
- Example: `package.inUse exists`
- Description - Package in use filter. Supported operators: exists and not exists.
- `package.info`
- Type: string
- Example: `package.info in ("github.com/golang/protobuf - v1.5.2")`
- Description - Filters by a package using the format [packge name] - [version].
- `package.path`
- Type: string
- Example: `package.path in ("/app")`
- Description - Filters by package path.
- `package.type`
- Type: string
- Example: `package.type in ("Golang")`
- Description - Package type.
- `vuln.cvssScore`
- Type: string
- Example: `vuln.cvssScore >= "3"`
- Description - Filter by vulnerability CVSS. Supported operators: `=` and `>=`.
- `vuln.hasExploit`
- Type: boolean
- Example: `vuln.hasExploit exists`
- Description - Filters resources by the existence of vulnerabilities with exploits. Supported operators: exists and not exists.
- `vuln.hasFix`
- Type: boolean
- Example: `vuln.hasFix exists`
- Description - Filters resources by the existence of vulnerabilities with fixes. Supported operators: exists and not exists.
- `vuln.name`
- Type: string
- Example: `vuln.name in ("CVE-2023-0049")`
- Description - Filter by vulnerability name.
- `vuln.severity`
- Type: string
- Example: `vuln.severity in ("Critical")`
- Description - Filter by vulnerability severity. Supported operators: in, not in, exists and not exists.
- `machineImage`
- Type: string
- Example: `machineImage = "ami-0b22b359fdfabe1b5"`
- Description - Filter by host machine image.
**Note**: Whenever you filter for values with special characters, ensure that you encode the values.
If the special characters are " or \, use the escape character \ and then encode the values.
required: false
example: platform = "AWS" and policy.failed in ("CIS Amazon Web Services Foundations Benchmark")
schema:
type: string
maxLength: 8192
- name: pageNumber
in: query
required: false
schema:
type: integer
format: int32
minimum: 1
maximum: 2147483647
example: 1
description: Page number. Defaults to 1.
- name: pageSize
in: query
required: false
schema:
type: integer
format: int32
minimum: 1
maximum: 1000
example: 20
description: Page size. Defaults to 20.
- name: withEnrichedContainers
in: query
required: false
schema:
type: boolean
description: If true then for kubernetes workload resources additional container information will be included.
responses:
'200':
description: Successfully returned Inventory v1 resources.
headers:
X-RateLimit-Limit:
description: Maximum number of allowed requests per minute.
schema:
type: integer
format: int32
minimum: 1
maximum: 4096
content:
application/json:
schema:
$ref: '#/components/schemas/InventoryResourceResponse'
'400':
$ref: '#/components/responses/BadRequest'
'401':
$ref: '#/components/responses/Unauthorized'
'403':
$ref: '#/components/responses/Forbidden'
'429':
$ref: '#/components/responses/TooManyRequests'
'500':
$ref: '#/components/responses/InternalServerError'
/secure/inventory/v1/resources/{hash}:
x-excluded-environments:
- OnPrem
get:
tags:
- Inventory
summary: Get Resource
description: Retrieve an Inventory Resource by its unique hash value.
operationId: getResource
parameters:
- in: path
name: hash
schema:
type: string
maxLength: 64
required: true
description: resource hash
responses:
'200':
description: Successfully returned an Inventory v1 resource.
headers:
X-RateLimit-Limit:
description: Maximum number of allowed requests per minute.
schema:
type: integer
format: int32
minimum: 1
maximum: 4096
content:
application/json:
schema:
$ref: '#/components/schemas/InventoryResourceExtended'
'400':
$ref: '#/components/responses/BadRequest'
'401':
$ref: '#/components/responses/Unauthorized'
'403':
$ref: '#/components/responses/Forbidden'
'429':
$ref: '#/components/responses/TooManyRequests'
'500':
$ref: '#/components/responses/InternalServerError'
/secure/vulnerability/v1/registry-results:
get:
tags:
- Vulnerability Management
summary: Get a list of registry scan results
description: Retrieves a list of registry scan results discovered by the registry scanner that match a filter given a specified cursor.
operationId: ScannerAPIService_ListRegistryResults
parameters:
- $ref: '#/components/parameters/vulnerabilityCursor'
- name: limit
in: query
description: Limit for pagination
schema:
type: integer
format: int64
default: 1000
minimum: 1
maximum: 1000
- name: filter
in: query
schema:
type: string
description: query filter expression
example: freeText = "alpine:latest" and vendor = "docker"
maxLength: 1024
description: "Query language expression for filtering results. It is a subset of\nthe full metrics query language used in monitoring.\n\nOperators:\n- `and`, `or` logical operators (i.e.\n`freeText = \"alpine:latest\" and vendor = \"docker\"`)\n\n- `=` and `!=` comparison operators (i.e.\n`vendor = \"ecr\"`)\n\nThis query language does not support the full set of metrics\nsupported in the monitor query language, but instead supports a set of fields\nproper to each Scan Result type.\n \nThe supported fields are: `freeText`, `vendor`. \n- `vendor` as string value \n- `freeText` as string value (note that it will search on the full image name)"
responses:
'200':
description: A successful response
content:
application/json:
schema:
$ref: '#/components/schemas/RegistryResultsResponse'
headers:
X-RateLimit-Limit:
description: Maximum number of allowed requests per minute.
schema:
type: integer
format: int32
minimum: 1
maximum: 4096
'400':
$ref: '#/components/responses/BadRequest'
'401':
$ref: '#/components/responses/Unauthorized'
'403':
$ref: '#/components/responses/Forbidden'
'409':
$ref: '#/components/responses/Conflict'
'429':
$ref: '#/components/responses/TooManyRequests'
'500':
$ref: '#/components/responses/InternalServerError'
/secure/response-actions/v1alpha1/action-executions:
post:
summary: Submit the execution of an action
operationId: submitActionExecutionv1
description: |
Submits the execution of an action. The action will be executed asynchronously and the response will contain the action execution ID.\
**Required permissions:** _containment-response-actions.exec_ or _data-gathering-response-actions.exec_, depending on the action type.
tags:
- Response actions
requestBody:
description: Configuration for the new integration
content:
application/json:
schema:
$ref: '#/components/schemas/SubmitActionExecutionRequest'
required: true
responses:
'201':
description: The Response Action execution request has been submitted correctly.
headers:
X-RateLimit-Limit:
description: Maximum number of allowed requests per minute.
schema:
type: integer
format: int32
minimum: 1
maximum: 4096
content:
application/json:
schema:
$ref: '#/components/schemas/ActionExecution'
'400':
description: Operation failed due to invalid or inconsistent parameters
headers:
X-RateLimit-Limit:
description: Maximum number of allowed requests per minute.
schema:
type: integer
format: int32
minimum: 1
maximum: 4096
content:
application/json:
schema:
type: object
title: Invalid request
required:
- type
- message
properties:
type:
type: string
example: missing_required_parameter
maxLength: 256
message:
type: string
example: Missing required parameter
maxLength: 256
details:
type: array
items: {}
maxItems: 1
'401':
$ref: '#/components/responses/Unauthorized'
'403':
$ref: '#/components/responses/Forbidden'
'429':
$ref: '#/components/responses/TooManyRequests'
'500':
$ref: '#/components/responses/InternalServerError'
get:
summary: Returns the list of Response Actions executions. You can filter them with the available query parameters.
operationId: getActionExecutionsv1
description: |
Returns a list of action executions.
**Required permissions:** _containment-response-actions.read_ or _data-gathering-response-actions.read_, depending on the action type.
tags:
- Response actions
parameters:
- in: query
name: callerId
schema:
$ref: '#/components/schemas/CallerId'
- in: query
name: filter
schema:
$ref: '#/components/schemas/SysdigQueryLanguageFilter'
- $ref: '#/components/parameters/Limit'
- $ref: '#/components/parameters/Offset'
- in: query
name: from
schema:
$ref: '#/components/schemas/From'
- in: query
name: to
schema:
$ref: '#/components/schemas/To'
responses:
'200':
description: The executions list has been returned correctly.
headers:
X-RateLimit-Limit:
description: Maximum number of allowed requests per minute.
schema:
type: integer
format: int32
minimum: 1
maximum: 4096
content:
application/json:
schema:
$ref: '#/components/schemas/ActionExecutions'
'400':
description: Operation failed due to invalid or inconsistent parameters.
headers:
X-RateLimit-Limit:
description: Maximum number of allowed requests per minute.
schema:
type: integer
format: int32
minimum: 1
maximum: 4096
content:
application/json:
schema:
type: object
title: Invalid request
required:
- type
- message
properties:
type:
type: string
example: parsing_error
enum:
- parsing_error
message:
type: string
enum:
- could not parse the provided certificate
example: could not parse the provided certificate
details:
type: array
items: {}
maxItems: 1
'401':
$ref: '#/components/responses/Unauthorized'
'403':
$ref: '#/components/responses/Forbidden'
'429':
$ref: '#/components/responses/TooManyRequests'
'500':
$ref: '#/components/responses/InternalServerError'
/secure/response-actions/v1alpha1/action-executions/{actionExecutionId}:
get:
summary: Get Action Execution
description: |
Get an action execution.\
\
**Required permissions:** _containment-response-actions.read_ or _data-gathering-response-actions.read_, depending on the action type. Results will include the executions of the Response Actions you are allowed to see.
operationId: getActionExecutionV1
tags:
- Response actions
parameters:
- $ref: '#/components/parameters/ActionExecutionId'
responses:
'200':
description: The action execution.
headers:
X-RateLimit-Limit:
description: Maximum number of allowed requests per minute.
schema:
type: integer
format: int32
minimum: 1
maximum: 4096
content:
application/json:
schema:
$ref: '#/components/schemas/ActionExecution'
'401':
$ref: '#/components/responses/Unauthorized'
'403':
$ref: '#/components/responses/Forbidden'
'404':
$ref: '#/components/responses/NotFound'
'429':
$ref: '#/components/responses/TooManyRequests'
'500':
$ref: '#/components/responses/InternalServerError'
delete:
summary: Undoes an Action Execution
description: |
Undoes an action execution.\
\
**Required permissions:** _containment-response-actions.exec_ or _data-gathering-response-actions.exec_, depending on the action type.
operationId: undoActionExecutionV1
tags:
- Response actions
parameters:
- $ref: '#/components/parameters/ActionExecutionId'
- name: callerId
in: query
schema:
$ref: '#/components/schemas/CallerId'
responses:
'200':
description: The undo action execution.
headers:
X-RateLimit-Limit:
description: Maximum number of allowed requests per minute.
schema:
type: integer
format: int32
minimum: 1
maximum: 4096
content:
application/json:
schema:
$ref: '#/components/schemas/ActionExecution'
'400':
$ref: '#/components/responses/BadRequest'
'401':
$ref: '#/components/responses/Unauthorized'
'403':
$ref: '#/components/responses/Forbidden'
'404':
$ref: '#/components/responses/NotFound'
'429':
$ref: '#/components/responses/TooManyRequests'
'500':
$ref: '#/components/responses/InternalServerError'
/secure/response-actions/v1alpha1/action-executions/{actionExecutionId}/acquired-file:
get:
summary: Get Acquired File
description: |
Download a Capture file created by an executed "File Acquire" Response Action.\
\
**Required permissions:** _data-gathering-response-actions.read_
operationId: getActionExecutionFileAcquireV1
tags:
- Response actions
parameters:
- $ref: '#/components/parameters/ActionExecutionId'
responses:
'200':
description: The content of the capture file created by a "File Acquire" response action.
headers:
X-RateLimit-Limit:
description: Maximum number of allowed requests per minute.
schema:
type: integer
format: int32
minimum: 1
maximum: 4096
content:
application/octet-stream:
schema:
type: string
format: binary
maxLength: 5497558138880
'400':
$ref: '#/components/responses/BadRequest'
'401':
$ref: '#/components/responses/Unauthorized'
'403':
$ref: '#/components/responses/Forbidden'
'404':
$ref: '#/components/responses/NotFound'
'429':
$ref: '#/components/responses/TooManyRequests'
'500':
$ref: '#/components/responses/InternalServerError'
/secure/response-actions/v1alpha1/actions:
get:
summary: Get All Response Actions
description: |
Get the list of available executable Response Actions.\
\
**Required permissions:** _containment-response-actions.exec_ or _data-gathering-response-actions.exec_, depending on the action type.
operationId: getActionsV1
tags:
- Response actions
parameters:
- in: query
name: context
required: false
schema:
$ref: '#/components/schemas/ExecutionContext'
responses:
'200':
description: The action execution.
headers:
X-RateLimit-Limit:
description: Maximum number of allowed requests per minute.
schema:
type: integer
format: int32
minimum: 1
maximum: 4096
content:
application/json:
schema:
$ref: '#/components/schemas/Actions'
'401':
$ref: '#/components/responses/Unauthorized'
'403':
$ref: '#/components/responses/Forbidden'
'404':
$ref: '#/components/responses/NotFound'
'429':
$ref: '#/components/responses/TooManyRequests'
'500':
$ref: '#/components/responses/InternalServerError'
/secure/vulnerability/v1/runtime-results:
get:
tags:
- Vulnerability Management
summary: Get a list of runtime scan results
description: Retrieves a list of runtime scan results discovered by the runtime scanner that match a filter given a specified cursor.
operationId: ScannerAPIService_ListRuntimeResults
parameters:
- $ref: '#/components/parameters/vulnerabilityCursor'
- name: limit
in: query
description: Limit for pagination
schema:
type: integer
format: int64
default: 1000
minimum: 1
maximum: 1000
- name: filter
in: query
schema:
type: string
description: query filter expression
example: kubernetes.cluster.name="staging" and kubernetes.pod.container.name="docker.internal.sysdig.tools"
maxLength: 1024
description: |-
Query language expression for filtering results. It is a subset of
the full metrics query language used in monitoring.
Operators:
- `and`, `or` logical operators (i.e.
`kubernetes.cluster.name="production" and kubernetes.pod.container.name = "docker.internal.sysdig.tools"`)
- `=` and `!=` comparison operators (i.e.
`kubernetes.cluster.name="staging"`)
This query language does not support the full set of metrics
supported in the monitor query language, but instead supports a set of fields
proper to each Scan Result type.
The supported fields are the all the fields of the `Scope`, plus: `freeText`, `hasRunningVulns` and `hasRunningVulns`.
- name: sort
in: query
description: |-
Field used to sort the results
vulnTotalBySeverity: sort by total number of running vulnerabilities weighted by severity
runningVulnTotalBySeverity: sort by total number of running vulnerabilities weighted by severity for running assets
schema:
type: string
example: runningVulnTotalBySeverity
default: vulnTotalBySeverity
enum:
- vulnTotalBySeverity
- runningVulnTotalBySeverity
- name: order
in: query
description: Ordering of the results for the sort field
schema:
type: string
example: asc
default: desc
enum:
- desc
- asc
responses:
'200':
description: A successful response
content:
application/json:
schema:
$ref: '#/components/schemas/RuntimeResultsResponse'
headers:
X-RateLimit-Limit:
description: Maximum number of allowed requests per minute.
schema:
type: integer
format: int32
minimum: 1
maximum: 4096
'400':
$ref: '#/components/responses/BadRequest'
'401':
$ref: '#/components/responses/Unauthorized'
'403':
$ref: '#/components/responses/Forbidden'
'409':
$ref: '#/components/responses/Conflict'
'429':
$ref: '#/components/responses/TooManyRequests'
'500':
$ref: '#/components/responses/InternalServerError'
/secure/vulnerability/v1/pipeline-results:
get:
tags:
- Vulnerability Management
summary: Get a list of pipeline scan results
description: Retrieves a list of scan results produced by pipelines that match a filter given a specified cursor. No sorting is supported, the items are sorted in a stable way by their ID.
parameters:
- $ref: '#/components/parameters/vulnerabilityCursor'
- name: limit
in: query
description: Limit for pagination
schema:
type: integer
format: int64
default: 1000
minimum: 1
maximum: 1000
- name: filter
in: query
description: |-
Query language expression for filtering results. It is a subset of
the full metrics query language used in monitoring.
Only the freeText parameter is supported:
- `freeText` as string value (note that it will search on the full image name)
schema:
type: string
maxLength: 1024
example: freeText in ("nginx")
responses:
'200':
description: A successful response
content:
application/json:
schema:
$ref: '#/components/schemas/PipelineResultsResponse'
headers:
X-RateLimit-Limit:
description: Maximum number of allowed requests per minute.
schema:
type: integer
format: int32
minimum: 1
maximum: 4096
'400':
$ref: '#/components/responses/BadRequest'
'401':
$ref: '#/components/responses/Unauthorized'
'403':
$ref: '#/components/responses/Forbidden'
'409':
$ref: '#/components/responses/Conflict'
'429':
$ref: '#/components/responses/TooManyRequests'
'500':
$ref: '#/components/responses/InternalServerError'
/secure/vulnerability/v1/results/{resultId}:
get:
tags:
- Vulnerability Management
summary: Get full scan result
description: Retrieve a full scan result produced by any scanner that match a given ID
parameters:
- name: resultId
in: path
description: The ID of a single scan result. Could be retrieved by one of the listing endpoints.
required: true
schema:
type: string
example: 176c77d16ee6bdd2f7482d4ec0fd0542
maxLength: 255
responses:
'200':
description: A successful response
content:
application/json:
schema:
$ref: '#/components/schemas/ScanResultResponse'
headers:
X-RateLimit-Limit:
description: Maximum number of allowed requests per minute.
schema:
type: integer
format: int32
minimum: 1
maximum: 4096
'400':
$ref: '#/components/responses/BadRequest'
'401':
$ref: '#/components/responses/Unauthorized'
'403':
$ref: '#/components/responses/Forbidden'
'409':
$ref: '#/components/responses/Conflict'
'429':
$ref: '#/components/responses/TooManyRequests'
'500':
$ref: '#/components/responses/InternalServerError'
/api/sysql/v2/query:
x-excluded-environments:
- OnPrem
get:
deprecated: true
tags:
- SysQL
summary: Execute SysQL query via GET
description: |
[DEPRECATED] Retrieve resources from the graph datastore using the GET method.
> The GET method for this endpoint is deprecated and will be removed in future versions.
> Please use the POST method instead, which provides better support for complex queries.
operationId: querySysqlGet
parameters:
- in: query
name: q
schema:
type: string
required: true
description: The SysQL statement.
example: MATCH IAMUser AS a WHERE a.customerId = 1234567890 RETURN a.name AS name, a.arn AS arn;
- in: query
name: limit
required: false
schema:
type: integer
format: int32
default: 50
minimum: 1
maximum: 1000
description: "The limit parameter defines the maximum number of items returned in the result set, specifically within \nthe items array in the response.\n\nThis parameter is optional. The recommended approach is to define the limit directly in the SysQL statement \nusing the LIMIT clause. If specified in the request URL, it will override the limit set in the statement. \nIf not specified, a default limit of 50 will be applied.\n"
title: Pagination Limit
example: 100
- in: query
name: offset
required: false
schema:
type: integer
format: int32
default: 0
minimum: 0
maximum: 10000
description: "The offset parameter specifies how many result set objects to skip in a MATCH statement. Use it when you \nwant to ignore the first few items in the result set.\n\nThis parameter is optional. The recommended approach is to set the offset directly in the SysQL statement \nusing the OFFSET clause. If specified in the request URL, it will override the offset in the statement. \nIf not specified, a default offset of 0 will be applied.\n\nUse limit and offset together in SysQL to paginate results, splitting them into pages with a defined number \nof items for display.\n"
title: Pagination Offset
example: 0
- in: query
name: deterministic_order
required: false
schema:
type: boolean
default: false
description: "The deterministic_order parameter controls whether consistent ordering is enforced in the result set. \nOrdering is implicitly applied when pagination options, such as limit and offset, are specified in the \nrequest. This is an optional parameter.\n"
title: Deterministic Order Control
example: true
responses:
'200':
description: |
Successfully retrieved resources from the graph database using the provided SysQL statement.
headers:
X-RateLimit-Limit:
description: Maximum number of allowed requests per minute.
schema:
type: integer
format: int32
minimum: 1
maximum: 4096
content:
application/json:
schema:
$ref: '#/components/schemas/QueryResponse'
'400':
$ref: '#/components/responses/BadRequest'
'401':
$ref: '#/components/responses/Unauthorized'
'403':
$ref: '#/components/responses/Forbidden'
'429':
$ref: '#/components/responses/TooManyRequests'
'500':
$ref: '#/components/responses/InternalServerError'
post:
tags:
- SysQL
summary: Execute SysQL query via POST
description: Retrieve resources from the graph datastore using the POST method.
operationId: querySysqlPost
requestBody:
required: true
content:
application/json:
schema:
type: object
required:
- q
properties:
q:
type: string
description: The SysQL statement.
example: MATCH IAMUser AS a WHERE a.customerId = 1234567890 RETURN a.name AS name, a.arn AS arn;
limit:
type: integer
format: int32
default: 50
minimum: 1
maximum: 1000
description: "The limit parameter defines the maximum number of items returned in the result set, specifically \nwithin the items array in the response. \n\nThis parameter is optional. The recommended approach is to define the limit directly in the SysQL \nstatement using the LIMIT clause. If specified in the request body, it will override the limit set \nin the statement. If not specified, a default limit of 50 will be applied.\n"
title: Pagination Limit
example: 100
offset:
type: integer
format: int32
default: 0
minimum: 0
maximum: 10000
description: "The offset parameter specifies how many result set objects to skip in a MATCH statement. Use it when \nyou want to ignore the first few items in the result set. \n\nThis parameter is optional. The recommended approach is to set the offset directly in the SysQL \nstatement using the OFFSET clause. If specified in the request body, it will override the offset \nin the statement. If not specified, a default offset of 0 will be applied.\n\nUse limit and offset together in SysQL to paginate results, splitting them into pages with a defined \nnumber of items for display.\n"
title: Pagination Offset
example: 0
deterministic_order:
type: boolean
default: false
description: "The deterministic_order parameter controls whether consistent ordering is enforced in the result set. \nOrdering is implicitly applied when pagination options, such as limit and offset, are specified in the \nrequest. This is an optional parameter.\n"
title: Deterministic Order Control
example: true
responses:
'200':
description: |
Successfully retrieved resources from the graph database using the provided SysQL statement.
headers:
X-RateLimit-Limit:
description: Maximum number of allowed requests per minute.
schema:
type: integer
format: int32
minimum: 1
maximum: 4096
content:
application/json:
schema:
$ref: '#/components/schemas/QueryResponse'
'400':
$ref: '#/components/responses/BadRequest'
'401':
$ref: '#/components/responses/Unauthorized'
'403':
$ref: '#/components/responses/Forbidden'
'429':
$ref: '#/components/responses/TooManyRequests'
'500':
$ref: '#/components/responses/InternalServerError'
/api/sysql/v2/schema:
x-excluded-environments:
- OnPrem
get:
tags:
- SysQL
summary: Get SysQL Schema
description: |
Retrieve the schema information for all entities and their relationships in YAML format.
This endpoint returns the graph schema definition that describes available entities,
their fields, and relationships.
operationId: getSysqlSchema
responses:
'200':
description: Successfully retrieved the schema information.
headers:
X-RateLimit-Limit:
description: Maximum number of allowed requests per minute.
schema:
type: integer
format: int32
minimum: 1
maximum: 4096
content:
application/json:
schema:
type: string
description: YAML formatted schema definition.
maxLength: 1000000
example: |
index:
- type: Entity
name: KubeNode
category: Kubernetes
provider: Kubernetes
description: A KubeNode represents a node in a Kubernetes cluster.
fields:
- name: category
type: String
description: The category of the node.
- name: clusterName
type: String
description: The name of the cluster.
relationships:
zones:
entity: Zone
relationship_name: IN
display_name: With
direction: out
# ... More entities and their definitions omitted for brevity.
'400':
$ref: '#/components/responses/BadRequest'
'401':
$ref: '#/components/responses/Unauthorized'
'403':
$ref: '#/components/responses/Forbidden'
'429':
$ref: '#/components/responses/TooManyRequests'
'500':
$ref: '#/components/responses/InternalServerError'
/secure/vulnerability/v1/policies:
get:
tags:
- Vulnerability Management
summary: List Policies
description: Retrieves all Policy definitions
parameters:
- $ref: '#/components/parameters/vulnerabilityCursor'
- name: limit
in: query
description: Limit for pagination
schema:
type: integer
format: int64
default: 1000
minimum: 1
maximum: 1000
- name: name
in: query
schema:
type: string
maxLength: 1024
description: Filter policies by name
example: policy-test
- name: stages
in: query
schema:
type: array
maxItems: 4
items:
type: string
enum:
- registry
- pipeline
- runtime
- admission_control
description: Filter policies by applied stages
example:
- pipeline
responses:
'200':
description: List of Policy definitions
content:
application/json:
schema:
$ref: '#/components/schemas/ListPoliciesResponse'
headers:
X-RateLimit-Limit:
description: Maximum number of allowed requests per minute.
schema:
type: integer
format: int32
minimum: 1
maximum: 4096
'400':
$ref: '#/components/responses/BadRequest'
'401':
$ref: '#/components/responses/Unauthorized'
'403':
$ref: '#/components/responses/Forbidden'
'409':
$ref: '#/components/responses/Conflict'
'429':
$ref: '#/components/responses/TooManyRequests'
'500':
$ref: '#/components/responses/InternalServerError'
post:
tags:
- Vulnerability Management
summary: Create a new Policy
description: |
Creates a Policy definition.
The Policy definition is validated for structural correctness
and partially for semantic correctness. However, semantic
correctness cannot be fully guaranteed, and checks will be performed
on a best-effort basis.
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/CreatePolicyRequest'
responses:
'201':
description: Policy definition
content:
application/json:
schema:
$ref: '#/components/schemas/GetPolicyResponse'
headers:
X-RateLimit-Limit:
description: Maximum number of allowed requests per minute.
schema:
type: integer
format: int32
minimum: 1
maximum: 4096
'400':
$ref: '#/components/responses/BadRequest'
'401':
$ref: '#/components/responses/Unauthorized'
'403':
$ref: '#/components/responses/Forbidden'
'409':
$ref: '#/components/responses/Conflict'
'429':
$ref: '#/components/responses/TooManyRequests'
'500':
$ref: '#/components/responses/InternalServerError'
/secure/vulnerability/v1/policies/{policyId}:
get:
summary: Get a Policy
description: Retrieves a specific Policy definition
tags:
- Vulnerability Management
parameters:
- name: policyId
description: The Policy ID
in: path
required: true
schema:
type: integer
format: int64
example: 1234
minimum: 0
maximum: 9223372036854776000
responses:
'200':
headers:
X-RateLimit-Limit:
description: Maximum number of allowed requests per minute.
schema:
type: integer
format: int32
minimum: 1
maximum: 4096
description: Policy definition
content:
application/json:
schema:
$ref: '#/components/schemas/GetPolicyResponse'
'400':
$ref: '#/components/responses/BadRequest'
'401':
$ref: '#/components/responses/Unauthorized'
'403':
$ref: '#/components/responses/Forbidden'
'409':
$ref: '#/components/responses/Conflict'
'429':
$ref: '#/components/responses/TooManyRequests'
'500':
$ref: '#/components/responses/InternalServerError'
put:
summary: Edit a Policy
description: |
Edits a specific Policy definition. The Policy definition is validated for both
structural and partial semantic correctness. However, semantic
correctness cannot be fully guaranteed, and checks will be performed
on a best-effort basis.
tags:
- Vulnerability Management
parameters:
- name: policyId
description: The Policy ID
in: path
required: true
schema:
type: integer
format: int64
example: 1234
minimum: 0
maximum: 9223372036854776000
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/CreatePolicyRequest'
responses:
'200':
headers:
X-RateLimit-Limit:
description: Maximum number of allowed requests per minute.
schema:
type: integer
format: int32
minimum: 1
maximum: 4096
description: Policy definition
content:
application/json:
schema:
$ref: '#/components/schemas/GetPolicyResponse'
'400':
$ref: '#/components/responses/BadRequest'
'401':
$ref: '#/components/responses/Unauthorized'
'403':
$ref: '#/components/responses/Forbidden'
'409':
$ref: '#/components/responses/Conflict'
'429':
$ref: '#/components/responses/TooManyRequests'
'500':
$ref: '#/components/responses/InternalServerError'
delete:
summary: Delete a Policy
description: |
Deletes an existing Policy definition. Subsequent calls to the service
will not return that Policy anymore. However, some instances of the Inline
Scanner might be running concurrently and may have already downloaded the
Policy.
tags:
- Vulnerability Management
parameters:
- name: policyId
description: The Policy ID
in: path
required: true
schema:
type: integer
format: int64
example: 1234
minimum: 0
maximum: 9223372036854776000
responses:
'200':
description: Policy deleted successfully
headers:
X-RateLimit-Limit:
description: Maximum number of allowed requests per minute.
schema:
type: integer
format: int32
minimum: 1
maximum: 4096
'400':
$ref: '#/components/responses/BadRequest'
'401':
$ref: '#/components/responses/Unauthorized'
'403':
$ref: '#/components/responses/Forbidden'
'429':
$ref: '#/components/responses/TooManyRequests'
'500':
$ref: '#/components/responses/InternalServerError'
/secure/vulnerability/v1/bundles:
get:
summary: List Bundles
description: |
Retrieves all bundles, including those defined by users and those defined by Sysdig.
tags:
- Vulnerability Management
parameters:
- $ref: '#/components/parameters/vulnerabilityCursor'
- name: limit
in: query
description: Limit for pagination
schema:
type: integer
format: int64
default: 1000
minimum: 1
maximum: 1000
responses:
'200':
description: List of Bundle definitions
headers:
X-RateLimit-Limit:
description: Maximum number of allowed requests per minute.
schema:
type: integer
format: int32
minimum: 1
maximum: 4096
content:
application/json:
schema:
$ref: '#/components/schemas/ListBundlesResponse'
'400':
$ref: '#/components/responses/BadRequest'
'401':
$ref: '#/components/responses/Unauthorized'
'403':
$ref: '#/components/responses/Forbidden'
'429':
$ref: '#/components/responses/TooManyRequests'
'500':
$ref: '#/components/responses/InternalServerError'
post:
summary: Create a new Bundle
description: |
Creates a new Bundle definition.
The Bundle definition is tested for structural correctness.
tags:
- Vulnerability Management
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/CreateBundleRequest'
responses:
'201':
description: Bundle definition
headers:
X-RateLimit-Limit:
description: Maximum number of allowed requests per minute.
schema:
type: integer
format: int32
minimum: 1
maximum: 4096
content:
application/json:
schema:
$ref: '#/components/schemas/GetBundleResponse'
'400':
$ref: '#/components/responses/BadRequest'
'401':
$ref: '#/components/responses/Unauthorized'
'403':
$ref: '#/components/responses/Forbidden'
'409':
$ref: '#/components/responses/Conflict'
'429':
$ref: '#/components/responses/TooManyRequests'
'500':
$ref: '#/components/responses/InternalServerError'
/secure/vulnerability/v1/bundles/{bundleId}:
get:
summary: Get a Bundle
description: |
Retrieves a specific rule bundle.
tags:
- Vulnerability Management
parameters:
- name: bundleId
description: The Policy Bundle ID
in: path
required: true
schema:
type: integer
format: int64
example: 1234
minimum: 0
maximum: 9223372036854776000
responses:
'200':
headers:
X-RateLimit-Limit:
description: Maximum number of allowed requests per minute.
schema:
type: integer
format: int32
minimum: 1
maximum: 4096
description: Bundle definition
content:
application/json:
schema:
$ref: '#/components/schemas/GetBundleResponse'
'400':
$ref: '#/components/responses/BadRequest'
'401':
$ref: '#/components/responses/Unauthorized'
'403':
$ref: '#/components/responses/Forbidden'
'429':
$ref: '#/components/responses/TooManyRequests'
'500':
$ref: '#/components/responses/InternalServerError'
put:
summary: Edit Bundle
description: |
Edits a specific Rule Bundle definition. The Bundle definition is
tested for structural correctness. If the Bundle being edited is a
Sysdig predefined one, no modifications are applied, and an HTTP error is
returned.
tags:
- Vulnerability Management
parameters:
- name: bundleId
description: The Policy Bundle ID
in: path
required: true
schema:
type: integer
format: int64
example: 1234
minimum: 0
maximum: 9223372036854776000
requestBody:
content:
application/json:
schema:
$ref: '#/components/schemas/CreateBundleRequest'
responses:
'200':
headers:
X-RateLimit-Limit:
description: Maximum number of allowed requests per minute.
schema:
type: integer
format: int32
minimum: 1
maximum: 4096
description: Bundle definition
content:
application/json:
schema:
$ref: '#/components/schemas/GetBundleResponse'
'400':
$ref: '#/components/responses/BadRequest'
'401':
$ref: '#/components/responses/Unauthorized'
'403':
$ref: '#/components/responses/Forbidden'
'429':
$ref: '#/components/responses/TooManyRequests'
'500':
$ref: '#/components/responses/InternalServerError'
delete:
summary: Delete Bundle
description: |
Deletes an existing Rule Bundle only if it is not used by any Policy.
An HTTP error is returned if the Bundle being deleted is the only one currently attached to any Policy.
Once deleted, subsequent calls to the Service will not return that Bundle anymore.
However, some instances of the Inline Scanner might be running concurrently and may have already downloaded a Policy containing that Bundle.
tags:
- Vulnerability Management
parameters:
- name: bundleId
description: The Policy Bundle ID
in: path
required: true
schema:
type: integer
format: int64
example: 1234
minimum: 0
maximum: 9223372036854776000
responses:
'200':
description: Bundle deleted successfully
headers:
X-RateLimit-Limit:
description: Maximum number of allowed requests per minute.
schema:
type: integer
format: int32
minimum: 1
maximum: 4096
'400':
$ref: '#/components/responses/BadRequest'
'401':
$ref: '#/components/responses/Unauthorized'
'403':
$ref: '#/components/responses/Forbidden'
'429':
$ref: '#/components/responses/TooManyRequests'
'500':
$ref: '#/components/responses/InternalServerError'
/secure/vulnerability/v1beta1/sboms:
get:
tags:
- SBOM
summary: Get SBOM
description: Retrieve a SBOM (Software Bill Of Material) in CycloneDX format.
operationId: GetSBOMV1beta1
parameters:
- name: assetId
in: query
description: |
The ID of the asset for which we want to retrieve the SBOM. It's the imageId for container-image and the hostId for hosts
Provide this with assetType if not providing bomIdentifier
schema:
type: string
example: sha256:6147d53c2a3a4d99b8343665430e5d420eb7ee65cb89995b6bea1af2595be53a
maxLength: 512
- name: assetType
in: query
description: The type of the asset for which we want to retrieve the SBOM. Provide this with assetId if not providing bomIdentifier
schema:
type: string
enum:
- container-image
- host
- name: bomIdentifier
in: query
description: The ID of a single SBOM. Either provide this or both assetId and assetType
schema:
type: string
example: urn:uuid:6536eeee-b8f2-4865-b996-adc991c28202
maxLength: 512
responses:
'200':
description: A successful response, contains the requested SBOM.
content:
application/json:
schema:
$ref: '#/components/schemas/SbomResultResponse'
headers:
Content-Type:
schema:
type: string
maxLength: 512
example: application/vnd.cyclonedx+json; version=1.5
X-RateLimit-Limit:
description: Maximum number of allowed requests per minute.
schema:
type: integer
format: int32
minimum: 1
maximum: 4096
'400':
$ref: '#/components/responses/BadRequest'
'401':
$ref: '#/components/responses/Unauthorized'
'403':
$ref: '#/components/responses/Forbidden'
'404':
$ref: '#/components/responses/NotFound'
'406':
description: Server can't produce a response in the content-type requested by the client
content:
application/json:
schema:
type: string
maxLength: 512
example: application/vnd.cyclonedx+xml; version=1.4, application/vnd.cyclonedx+xml; version=1.3
headers:
X-RateLimit-Limit:
description: Maximum number of allowed requests per minute.
schema:
type: integer
format: int32
minimum: 1
maximum: 4096
'429':
$ref: '#/components/responses/TooManyRequests'
'500':
$ref: '#/components/responses/InternalServerError'
/secure/vulnerability/v1beta1/accepted-risks:
post:
summary: Create Accepted Risk
description: Creates an Accepted Risk
operationId: postAcceptedRiskV1
tags:
- Vulnerability Management
requestBody:
description: The Accepted Risk definition
required: true
content:
application/json:
schema:
$ref: '#/components/schemas/CreateRiskAcceptedRequest'
responses:
'201':
description: Accepted Risk created successfully
headers:
X-RateLimit-Limit:
description: Maximum number of allowed requests per minute.
schema:
type: integer
format: int32
minimum: 1
maximum: 4096
content:
application/json:
schema:
$ref: '#/components/schemas/RiskAcceptedResponse'
'400':
$ref: '#/components/responses/BadRequest'
'401':
$ref: '#/components/responses/Unauthorized'
'403':
$ref: '#/components/responses/Forbidden'
'409':
$ref: '#/components/responses/Conflict'
'429':
$ref: '#/components/responses/TooManyRequests'
'500':
$ref: '#/components/responses/InternalServerError'
get:
summary: List all Accepted Risks
description: List all Accepted Risks for a given account
operationId: getAcceptedRisksV1
tags:
- Vulnerability Management
parameters:
- $ref: '#/components/parameters/vulnerabilityFilter'
- $ref: '#/components/parameters/order'
- $ref: '#/components/parameters/vulnerabilityCursor'
- $ref: '#/components/parameters/Limit'
- name: sort
in: query
description: The sorting string
required: false
schema:
type: string
enum:
- expirationDate
- acceptanceDate
example: acceptanceDate
responses:
'200':
description: The list of Accepted Risks
headers:
X-RateLimit-Limit:
description: Maximum number of allowed requests per minute.
schema:
type: integer
format: int32
minimum: 1
maximum: 4096
content:
application/json:
schema:
$ref: '#/components/schemas/ListRiskAcceptedResponse'
'400':
$ref: '#/components/responses/BadRequest'
'401':
$ref: '#/components/responses/Unauthorized'
'403':
$ref: '#/components/responses/Forbidden'
'409':
$ref: '#/components/responses/Conflict'
'429':
$ref: '#/components/responses/TooManyRequests'
'500':
$ref: '#/components/responses/InternalServerError'
/secure/vulnerability/v1beta1/accepted-risks/{acceptedRiskID}:
get:
summary: Get Accepted Risk
description: Get the Accepted Risk given the ID
operationId: getAcceptedRiskV1
tags:
- Vulnerability Management
parameters:
- $ref: '#/components/parameters/acceptedRiskID'
responses:
'200':
description: The Accepted Risk
headers:
X-RateLimit-Limit:
description: Maximum number of allowed requests per minute.
schema:
type: integer
format: int32
minimum: 1
maximum: 4096
content:
application/json:
schema:
$ref: '#/components/schemas/RiskAcceptedResponse'
'400':
$ref: '#/components/responses/BadRequest'
'401':
$ref: '#/components/responses/Unauthorized'
'403':
$ref: '#/components/responses/Forbidden'
'404':
$ref: '#/components/responses/NotFound'
'429':
$ref: '#/components/responses/TooManyRequests'
'500':
$ref: '#/components/responses/InternalServerError'
delete:
summary: Delete an Accepted Risk
description: Delete an Accepted Risk
operationId: deleteAcceptedRiskV1
tags:
- Vulnerability Management
parameters:
- $ref: '#/components/parameters/acceptedRiskID'
responses:
'204':
description: Accepted Risk deleted successfully
headers:
X-RateLimit-Limit:
description: Maximum number of allowed requests per minute.
schema:
type: integer
format: int32
minimum: 1
maximum: 4096
'400':
$ref: '#/components/responses/BadRequest'
'401':
$ref: '#/components/responses/Unauthorized'
'403':
$ref: '#/components/responses/Forbidden'
'404':
$ref: '#/components/responses/NotFound'
'429':
$ref: '#/components/responses/TooManyRequests'
'500':
$ref: '#/components/responses/InternalServerError'
put:
summary: Update an Accepted Risk
description: Update an Accepted Risk by changing the expirationDate, reason, or description.
operationId: updateAcceptedRiskV1
tags:
- Vulnerability Management
parameters:
- $ref: '#/components/parameters/acceptedRiskID'
requestBody:
description: Update an Accepted Risk expirationDate, reason, or description.
content:
application/json:
schema:
$ref: '#/components/schemas/UpdateRiskAccepted'
required: true
responses:
'200':
description: Integration updated successfully
headers:
X-RateLimit-Limit:
description: Maximum number of allowed requests per minute.
schema:
type: integer
format: int32
minimum: 1
maximum: 4096
content:
application/json:
schema:
$ref: '#/components/schemas/RiskAcceptedResponse'
'400':
$ref: '#/components/responses/BadRequest'
'401':
$ref: '#/components/responses/Unauthorized'
'403':
$ref: '#/components/responses/Forbidden'
'404':
$ref: '#/components/responses/NotFound'
'429':
$ref: '#/components/responses/TooManyRequests'
'500':
$ref: '#/components/responses/InternalServerError'
/platform/v1/zones:
get:
summary: List Zones
description: |
Retrieve a paginated list of Zones.\
\
**Required permissions:** zones.read or teams.edit
operationId: listZonesV1
tags:
- Zones
parameters:
- $ref: '#/components/parameters/MultiFilter'
- $ref: '#/components/parameters/Limit'
- $ref: '#/components/parameters/Offset'
- $ref: '#/components/parameters/MultiOrderBy'
responses:
'200':
description: A list of Zones
headers:
X-RateLimit-Limit:
description: Maximum number of allowed requests per minute.
schema:
type: integer
format: int32
minimum: 1
maximum: 4096
content:
application/json:
schema:
$ref: '#/components/schemas/ListZonesResponseV1'
'400':
$ref: '#/components/responses/BadRequest'
'401':
$ref: '#/components/responses/Unauthorized'
'403':
$ref: '#/components/responses/Forbidden'
'422':
$ref: '#/components/responses/UnprocessableEntity'
'429':
$ref: '#/components/responses/TooManyRequests'
'500':
$ref: '#/components/responses/InternalServerError'
post:
summary: Create Zone
description: |
Create a new Zone.\
\
**Required permissions:** zones.edit
operationId: createZoneV1
tags:
- Zones
requestBody:
description: Request body for creating a new Zone
content:
application/json:
schema:
$ref: '#/components/schemas/CreateZoneRequestV1'
required: true
responses:
'200':
description: A Single Zone
headers:
X-RateLimit-Limit:
description: Maximum number of allowed requests per minute.
schema:
type: integer
format: int32
minimum: 1
maximum: 4096
content:
application/json:
schema:
$ref: '#/components/schemas/ZoneResponseV1'
'400':
$ref: '#/components/responses/BadRequest'
'401':
$ref: '#/components/responses/Unauthorized'
'403':
$ref: '#/components/responses/Forbidden'
'409':
$ref: '#/components/responses/Conflict'
'422':
$ref: '#/components/responses/UnprocessableEntity'
'429':
$ref: '#/components/responses/TooManyRequests'
'500':
$ref: '#/components/responses/InternalServerError'
/platform/v1/zones/{zoneId}:
get:
summary: Get Zone
description: |
Retrieve a single Zone by ID.\
\
**Required permissions:** zones.read
operationId: getZoneByIdV1
tags:
- Zones
parameters:
- name: zoneId
required: true
in: path
schema:
$ref: '#/components/schemas/ZoneId'
responses:
'200':
description: A Single Zone
headers:
X-RateLimit-Limit:
description: Maximum number of allowed requests per minute.
schema:
type: integer
format: int32
minimum: 1
maximum: 4096
content:
application/json:
schema:
$ref: '#/components/schemas/ZoneResponseV1'
'400':
$ref: '#/components/responses/BadRequest'
'401':
$ref: '#/components/responses/Unauthorized'
'403':
$ref: '#/components/responses/Forbidden'
'404':
$ref: '#/components/responses/NotFound'
'422':
$ref: '#/components/responses/UnprocessableEntity'
'429':
$ref: '#/components/responses/TooManyRequests'
'500':
$ref: '#/components/responses/InternalServerError'
put:
summary: Update Zone
description: |
Update an existing Zone by its ID.\
\
**Required permissions:** zones.edit
operationId: editZoneV1
tags:
- Zones
parameters:
- name: zoneId
required: true
in: path
schema:
$ref: '#/components/schemas/ZoneId'
requestBody:
description: Request body for editing an existing zone
content:
application/json:
schema:
$ref: '#/components/schemas/CreateZoneRequestV1'
required: true
responses:
'200':
description: A Single Zone
headers:
X-RateLimit-Limit:
description: Maximum number of allowed requests per minute.
schema:
type: integer
format: int32
minimum: 1
maximum: 4096
content:
application/json:
schema:
$ref: '#/components/schemas/ZoneResponseV1'
'400':
$ref: '#/components/responses/BadRequest'
'401':
$ref: '#/components/responses/Unauthorized'
'403':
$ref: '#/components/responses/Forbidden'
'404':
$ref: '#/components/responses/NotFound'
'422':
$ref: '#/components/responses/UnprocessableEntity'
'429':
$ref: '#/components/responses/TooManyRequests'
'500':
$ref: '#/components/responses/InternalServerError'
delete:
summary: Delete Zone
description: |
Delete a Zone by its ID.\
\
**Required permissions:** zones.edit
operationId: deleteZoneV1
tags:
- Zones
parameters:
- name: zoneId
required: true
in: path
schema:
$ref: '#/components/schemas/ZoneId'
responses:
'204':
description: Zone successfully deleted
headers:
X-RateLimit-Limit:
description: Maximum number of allowed requests per minute.
schema:
type: integer
format: int32
minimum: 1
maximum: 4096
'400':
$ref: '#/components/responses/BadRequest'
'401':
$ref: '#/components/responses/Unauthorized'
'403':
$ref: '#/components/responses/Forbidden'
'404':
$ref: '#/components/responses/NotFound'
'409':
$ref: '#/components/responses/Conflict'
'422':
$ref: '#/components/responses/UnprocessableEntity'
'429':
$ref: '#/components/responses/TooManyRequests'
'500':
$ref: '#/components/responses/InternalServerError'
components:
securitySchemes:
bearerAuth:
type: http
scheme: bearer
parameters:
Offset:
name: offset
in: query
description: The offset number of items to start with
required: false
schema:
type: integer
format: int32
minimum: 0
maximum: 2147483647
default: 0
example: 30
Limit:
name: limit
in: query
description: The number of items to return
required: false
schema:
type: integer
format: int32
minimum: 1
maximum: 200
default: 25
example: 25
PricingIdPath:
name: pricingId
in: path
description: The pricing ID.
required: true
schema:
$ref: '#/components/schemas/UnlimitedLong'
InhibitionRulePath:
name: inhibitionRuleId
in: path
description: The inhibition rule ID.
required: true
schema:
$ref: '#/components/schemas/UnlimitedLong'
JobNamePath:
name: jobName
in: path
description: The custom Prometheus job name.
required: true
schema:
type: string
maxLength: 256
minLength: 1
example: my-custom-job
Query:
name: query
in: query
description: The Prometheus expression query string.
required: true
schema:
type: string
maxLength: 50000
example: up
Time:
name: time
in: query
description: The evaluation timestamp as RFC3339 or a unix timestamp. If omitted, the current server time is used.
required: false
schema:
$ref: '#/components/schemas/QueryTime'
example: '2023-03-21T14:30:00Z'
Timeout:
name: timeout
in: query
description: The evaluation timeout. The default is 2 minutes.
required: false
schema:
$ref: '#/components/schemas/Duration'
LimitQuery:
name: limit
in: query
description: The maximum number of returned series. To disable the limit, set the value to 0.
required: false
schema:
$ref: '#/components/schemas/UnlimitedLong'
TimeStartQuery:
name: start
in: query
description: The inclusive start timestamp of the query range as RFC3339 or a unix timestamp.
required: true
schema:
$ref: '#/components/schemas/QueryTime'
example: '2023-03-21T14:30:00Z'
TimeEndQuery:
name: end
in: query
description: The inclusive end timestamp of the query range as RFC3339 or a unix timestamp.
required: true
schema:
$ref: '#/components/schemas/QueryTime'
example: '2023-03-30T14:30:00Z'
Step:
name: step
in: query
description: The query resolution step width, specified as a duration or a floating-point number of seconds.
required: true
schema:
oneOf:
- $ref: '#/components/schemas/Duration'
- $ref: '#/components/schemas/UnlimitedLong'
MatchSeries:
name: match[]
in: query
description: A repeated series selector argument that specifies the series to return. You must provide at least one match[] parameter.
required: true
schema:
type: array
maxItems: 100
items:
type: string
maxLength: 255
style: form
explode: true
example:
- up
- process_start_time_seconds{job="prometheus"}
TimeStartSeries:
name: start
in: query
description: The inclusive start timestamp of the series query as RFC3339 or a unix timestamp.
required: false
schema:
$ref: '#/components/schemas/QueryTime'
example: '2023-03-21T14:30:00Z'
TimeEndSeries:
name: end
in: query
description: The inclusive end timestamp of the series query as RFC3339 or a unix timestamp.
required: false
schema:
$ref: '#/components/schemas/QueryTime'
example: '2023-03-30T14:30:00Z'
LimitSeries:
name: limit
in: query
description: The maximum number of returned series. The limit is capped at 10,000. To disable the limit, set the value to 0.
required: false
schema:
$ref: '#/components/schemas/UnlimitedLong'
TimeStartUnsupported:
name: start
in: query
description: UNSUPPORTED - This parameter is not supported due to the Sysdig's specific implementation.
required: false
schema:
$ref: '#/components/schemas/QueryTime'
example: '2023-03-21T14:30:00Z'
TimeEndUnsupported:
name: end
in: query
description: UNSUPPORTED - Sysdig does not support this parameter.
required: false
schema:
$ref: '#/components/schemas/QueryTime'
example: '2023-03-30T14:30:00Z'
MatchLabelNames:
name: match[]
in: query
description: A repeated series selector argument that specifies the series from which to read the label names.
required: false
schema:
type: array
maxItems: 100
items:
type: string
maxLength: 255
style: form
explode: true
example:
- '{job="prometheus"}'
LabelNamePath:
name: labelName
in: path
required: true
description: The name of the label to retrieve values for.
schema:
type: string
maxLength: 10000
example: job
MatchLabelValues:
name: match[]
in: query
description: A repeated series selector argument that specifies the series from which to read the label values.
required: false
schema:
type: array
maxItems: 100
items:
type: string
maxLength: 255
style: form
explode: true
example:
- '{job="prometheus"}'
LimitLabelValues:
name: limit
in: query
description: The maximum number of returned labels. This is 5,000 by default. To disable the limit, set the value to 0.
required: false
schema:
$ref: '#/components/schemas/UnlimitedLong'
LimitPerMetricUnsupported:
name: limit_per_metric
in: query
description: UNSUPPORTED - Sysdig does not support this parameter.
required: false
schema:
$ref: '#/components/schemas/UnlimitedLong'
LimitMetrics:
name: limit
in: query
description: The maximum number of metrics to return. To disable the limit, set the value to 0.
required: false
schema:
$ref: '#/components/schemas/UnlimitedLong'
MetricName:
name: metric
in: query
required: false
description: A specific metric name to filter metadata for. If omitted, metadata for all metrics is retrieved.
schema:
type: string
maxLength: 255
example: up
Enabled:
name: enabled
in: query
description: Enabled status of the integration
required: false
schema:
type: boolean
example: false
JiraIntegrationId:
name: integrationId
in: path
description: Jira integration identifier
required: true
x-go-name: IntegrationID
schema:
$ref: '#/components/schemas/UnlimitedLong'
IssueTypeId:
name: issueTypeId
in: path
description: Jira issue type identifier
required: true
x-go-name: IssueTypeID
schema:
$ref: '#/components/schemas/UnlimitedLong'
NotificationChannelIdPath:
name: notificationChannelId
in: path
description: The Notification Channel Identifier
required: true
x-go-name: NotificationChannelID
schema:
$ref: '#/components/schemas/UnlimitedLong'
OrderBy:
name: orderby
in: query
description: The order by field separated by a colon for the direction
required: false
schema:
type: string
maxLength: 256
default: ''
example: name:asc
Filter:
name: filter
in: query
description: The filter by field separated by a colon for the filter value
required: false
schema:
type: string
maxLength: 8192
default: ''
example: name:filter
TeamIdPath:
name: teamId
in: path
description: The team ID.
required: true
schema:
$ref: '#/components/schemas/UnlimitedLong'
UserIdPath:
name: userId
in: path
description: The user ID.
required: true
schema:
$ref: '#/components/schemas/UnlimitedLong'
MultiFilter:
name: filter
in: query
description: |
Filters to apply in the form of `key:value`.\
Multiple filters can be applied by repeating the `filter` parameter:\
`&filter=key1:value1&filter=key2:value2`
required: false
style: form
schema:
type: array
maxItems: 4
default: []
items:
type: string
maxLength: 512
default: ''
example: first_name:john
AccessKeyIdPath:
name: accessKeyId
in: path
description: The access key id.
required: true
schema:
$ref: '#/components/schemas/UnlimitedLong'
GroupMappingIdPath:
name: groupMappingId
in: path
description: The group mapping ID.
required: true
schema:
$ref: '#/components/schemas/UnlimitedLong'
SsoSettingsIdPath:
name: ssoSettingsId
in: path
description: SSO settings ID.
required: true
schema:
$ref: '#/components/schemas/UnlimitedLong'
SsoProductIdPath:
name: ssoProductId
in: path
description: Sysdig Product.
required: true
schema:
type: string
example: secure
enum:
- monitor
- secure
IpFilterIdPath:
name: ipFilterId
in: path
description: IP Filter ID.
required: true
schema:
$ref: '#/components/schemas/UnlimitedLong'
PermissionsFilter:
name: filter
description: |
Filter by products when getting permissions for custom roles.\
Avaliable products are: SDS, SDC.\
You can specify a single product or a list of products separated by commas.\
Product names are case-sensitive.\
If not specified, all permissions are returned.
in: query
required: false
schema:
type: string
maxLength: 8192
default: ''
example: products:SDS
RoleIdPath:
name: roleId
in: path
description: The role id.
required: true
schema:
$ref: '#/components/schemas/UnlimitedLong'
ServiceAccountIdPath:
name: serviceAccountId
in: path
description: The service account ID.
required: true
schema:
$ref: '#/components/schemas/UnlimitedLong'
PathCertificateId:
name: certId
in: path
description: ID of the certificate
required: true
schema:
type: string
maxLength: 20
EventId:
name: eventId
description: The event id.
required: true
in: path
schema:
type: string
example: 179854fbe16a1279f2ebeb558f1ebe99
maxLength: 32
IntegrationId:
name: integrationId
in: path
description: ID of the integration to return
required: true
schema:
type: integer
format: int64
minimum: 1
maximum: 9223372036854776000
vulnerabilityCursor:
name: cursor
in: query
required: false
description: Cursor is a string used to retrieve a particular page of data. It is an opaque structure, and should not be mangled. It could be retrieved in the body of each request. If a response does not contain a cursor, it means that it's the last page.
schema:
type: string
maxLength: 300
example: MTI0MjM0Cg==
ActionExecutionId:
name: actionExecutionId
in: path
description: ID of the action execution
required: true
schema:
type: string
maxLength: 64
example: '1234567890123456789012345678901234567890123456789012345678901234'
vulnerabilityFilter:
name: filter
in: query
description: The filtering string in secure-querylang syntax.
required: false
schema:
type: string
maxLength: 200
example: freeText in ("postgres") and status = "expired"
order:
name: order
in: query
description: The sorting order
required: false
schema:
type: string
enum:
- asc
- desc
default: desc
example: asc
acceptedRiskID:
name: acceptedRiskID
in: path
description: The Accepted Risk ID
required: true
schema:
type: string
maxLength: 32
example: 17af8bade67c9a208e632df001fcea2c
MultiOrderBy:
name: orderby
in: query
description: |
Ordering to apply in the form of `field:direction` where `direction` can either be `asc` or `desc`.\
Multiple orderings can be applied by repeating the `orderby` parameter:\
`&orderby=key1:direction1&orderby=key2:direction2`
required: false
style: form
schema:
type: array
maxItems: 4
default:
- id:desc
items:
type: string
maxLength: 256
example: name:desc
schemas:
PricingType:
title: Pricing type
description: The type of the pricing.
type: string
enum:
- DEFAULT
- CLUSTER
example: CLUSTER
OffsetPaginatedResponse:
type: object
title: Offset Paginated Response
properties:
page:
description: Page information.
type: object
properties:
previous:
type: string
maxLength: 8192
nullable: true
example: '10'
next:
type: string
maxLength: 8192
nullable: true
example: '30'
total:
type: integer
format: int64
minimum: 0
example: 1
data:
description: Paginated data.
type: array
maxItems: 200
items: {}
UnlimitedLong:
description: ' '
type: integer
format: int64
minimum: 0
example: 1
UnitPricingV1:
type: object
title: Unit Pricing V1
description: The unit pricing configuration used to compute costs.
required:
- cpu
- ram
- storage
properties:
cpu:
description: Hourly cost of one CPU.
type: number
example: 0.031611
ram:
description: Hourly cost of one GB of RAM.
type: number
example: 0.004237
storage:
description: Hourly cost of one GB of storage.
type: number
example: 0.00005479452
spotCpu:
description: Hourly cost of one CPU for a spot node.
type: number
nullable: true
spotRam:
description: Hourly cost of one GB of RAM for a spot node.
type: number
nullable: true
PricingResponseV1:
type: object
title: Pricing Response V1
description: The pricing configuration used to compute costs.
properties:
id:
$ref: '#/components/schemas/UnlimitedLong'
type:
$ref: '#/components/schemas/PricingType'
clusterName:
description: The name of the cluster. Required when `type` is `CLUSTER`.
type: string
maxLength: 256
nullable: true
example: My pricing
name:
description: The name of the pricing profile.
type: string
maxLength: 256
example: My pricing
unitPricing:
description: The unit pricing configuration used to compute costs.
allOf:
- $ref: '#/components/schemas/UnitPricingV1'
spotLabel:
description: The name of a node label that is used to identify the node as a spot node.
type: string
maxLength: 256
nullable: true
example: cost-advisor-spot-node
spotLabelValue:
description: The value of the spot node label.
type: string
maxLength: 256
nullable: true
example: 'true'
version:
allOf:
- $ref: '#/components/schemas/UnlimitedLong'
description: |
The current version of the resource.
GetPricingPaginatedResponseV1:
title: Get Paginated Pricing Response V1
allOf:
- $ref: '#/components/schemas/OffsetPaginatedResponse'
- type: object
properties:
data:
type: array
items:
$ref: '#/components/schemas/PricingResponseV1'
maxItems: 200
Error:
title: Error
type: object
properties:
type:
description: The error code.
type: string
maxLength: 512
example: resource_not_found
message:
description: A human readable error message.
type: string
maxLength: 8192
example: Error message
details:
description: A list of details related to the error.
type: array
maxItems: 512
items: {}
CreatePricingRequestV1:
title: Create Pricing Request
type: object
required:
- type
- name
- unitPricing
properties:
type:
$ref: '#/components/schemas/PricingType'
clusterName:
description: The name of the cluster. Required when `type` is `CLUSTER`.
type: string
maxLength: 256
nullable: true
example: My pricing
name:
description: The name of the pricing configuration.
type: string
maxLength: 256
example: My pricing
unitPricing:
description: The unit pricing configuration used to compute costs.
allOf:
- $ref: '#/components/schemas/UnitPricingV1'
spotLabel:
description: The name of a node label that is used to identify the node as a spot node.
type: string
maxLength: 256
nullable: true
example: cost-advisor-spot-node
spotLabelValue:
description: The value of the spot node label.
type: string
maxLength: 256
nullable: true
example: 'true'
UpdatePricingRequestV1:
title: Update Pricing Request
type: object
required:
- version
- type
- name
- unitPricing
properties:
type:
$ref: '#/components/schemas/PricingType'
clusterName:
description: The name of the cluster. Required when `type` is `CLUSTER`.
type: string
maxLength: 256
nullable: true
example: My pricing
name:
description: The name of the pricing profile.
type: string
maxLength: 256
example: My pricing
unitPricing:
description: The unit pricing configuration used to compute costs.
allOf:
- $ref: '#/components/schemas/UnitPricingV1'
spotLabel:
description: The name of a node label that is used to identify the node as a spot node.
type: string
maxLength: 256
nullable: true
example: cost-advisor-spot-node
spotLabelValue:
description: The value of the spot node label.
type: string
maxLength: 256
nullable: true
example: 'true'
version:
allOf:
- $ref: '#/components/schemas/UnlimitedLong'
description: |
The current version of the resource.
PricingProjectedResponseV1:
type: object
title: Pricing Projected Response V1
description: The monthly projected cost for a specific cluster.
properties:
clusterName:
description: The name of the cluster.
type: string
maxLength: 256
example: My pricing
monthlyProjectedCost:
description: Monthly projected cost.
type: number
example: 113114.72
GetPricingProjectedPaginatedResponseV1:
title: Get Paginated Pricing Projected Response V1
allOf:
- $ref: '#/components/schemas/OffsetPaginatedResponse'
- type: object
properties:
data:
type: array
items:
$ref: '#/components/schemas/PricingProjectedResponseV1'
maxItems: 200
PrometheusLabel:
title: PrometheusLabel
type: string
description: A valid Prometheus label name. Must match ^[a-zA-Z_][a-zA-Z0-9_]*$
minLength: 1
maxLength: 1024
pattern: ^[a-zA-Z_][a-zA-Z0-9_]*$
example: kube_cluster_name
PromqlMatcher:
title: PromQL Matcher
type: object
description: |
A PromQL-style filter that narrows the dataset to resources
matching specific labels. If not provided, no additional filtering
is applied.
required:
- label
- operator
- value
properties:
label:
$ref: '#/components/schemas/PrometheusLabel'
operator:
type: string
enum:
- EQUAL
- NOT_EQUAL
- REGEX_MATCH
- REGEX_NOT_MATCH
description: |
The operator to use in the filter:
- `EQUAL` (`=`): Exact match
- `NOT_EQUAL` (`!=`): Exclude exact match
- `REGEX_MATCH` (`=~`): Regular expression match
- `REGEX_NOT_MATCH` (`!~`): Regular expression mismatch
example: REGEX_MATCH
value:
type: string
description: The value to match against.
example: my_service.*
minLength: 1
maxLength: 1024
WorkloadCostTrendsDataRequest:
title: Workload Cost Trends Data Request
required:
- trendRangeInDays
- date
properties:
trendRangeInDays:
description: |
Specifies the number of days used to calculate and extract cost data.
Must be a positive integer.
type: number
minimum: 1
maximum: 30
example: 10
date:
description: "The reference date used to define the time window for cost trend calculation.\nWhen combined with `trendRangeInDays`, this date represents the inclusive upper bound\nof the time range — the trend is calculated from (`date - trendRangeInDays`).\nFor example, if `date` is 2025-02-12 and `trendRangeInDays` is 10, the time range\nused for calculation is from 2025-02-03 to 2025-02-12 (inclusive). \nMust be in YYYY-MM-DD format.\n"
type: string
format: date
example: '2025-02-12'
scope:
description: A list of PromQL-style filters
type: array
items:
$ref: '#/components/schemas/PromqlMatcher'
maxItems: 512
groupBy:
type: array
items:
$ref: '#/components/schemas/PrometheusLabel'
maxItems: 10
DateRange:
title: DateRange
type: object
description: A date range with inclusive start and end dates.
required:
- startDate
- endDate
properties:
startDate:
description: The beginning of the date range.
type: string
format: date
example: '2025-02-17'
x-field-extra-annotation: '@com.fasterxml.jackson.annotation.JsonFormat(shape = com.fasterxml.jackson.annotation.JsonFormat.Shape.STRING, pattern = "yyyy-MM-dd")'
endDate:
description: The end of the date range.
type: string
format: date
example: '2025-02-19'
x-field-extra-annotation: '@com.fasterxml.jackson.annotation.JsonFormat(shape = com.fasterxml.jackson.annotation.JsonFormat.Shape.STRING, pattern = "yyyy-MM-dd")'
WorkloadCostTrendsDataResponse:
type: object
title: Workload Cost Trends Data Response
description: Cost trends observed between two consecutive time periods in the past.
properties:
currentRange:
allOf:
- description: |
The date range for the current cost data.
It represents the most recent time window used for cost calculation.
This range starts `trendRangeInDays` days before the requested `date`,
and ends on the `date`. Both `startDate` and `endDate` are inclusive.
For example, if `date` is 2025-02-12 and `trendRangeInDays` is 10,
the current range will be from 2025-02-03 to 2025-02-12.
- $ref: '#/components/schemas/DateRange'
previousRange:
allOf:
- description: |
The date range for the previous cost data used for comparison.
This range immediately precedes the current range, with the same duration.
It ends one day before `currentRange.startDate`, and both `startDate`
and `endDate` are inclusive.
For example, if the current range is from 2025-02-03 to 2025-02-12,
the previous range will be from 2025-01-24 to 2025-02-02.
- $ref: '#/components/schemas/DateRange'
total:
description: Aggregated cost values for the current and previous ranges.
type: object
properties:
current:
description: The total cost for the current range.
type: number
format: double
example: 33.754530610617486
previous:
description: The total cost for the previous range.
type: number
format: double
example: 34.36367482352418
change:
description: The difference between the current and the previous cost periods expressed in percentages.
type: number
format: double
example: -1.77
groupByData:
type: array
description: Grouped cost data for each combination of label values.
items:
type: object
properties:
group:
description: Key-value pairs representing the grouping labels.
type: object
additionalProperties:
type: string
example: kube_cluster_name:test-k8s-cluster
maxLength: 1024
current:
description: The cost for the current range within this group.
type: number
format: double
example: 33.754530610617486
previous:
description: The cost for the previous range within this group.
type: number
format: double
example: 34.36367482352418
change:
description: The difference in cost between current and previous ranges for this group.
type: number
format: double
example: -0.6091442129
maxItems: 10000
WastedWorkloadDataRequest:
title: Wasted Workload Spend Data Request
required:
- dateRange
properties:
dateRange:
allOf:
- description: |
The date range used to calculate the Wasted Workload Spend report. Both `startDate` and `endDate` are inclusive.
- $ref: '#/components/schemas/DateRange'
scope:
description: A list of PromQL-style filters
type: array
items:
$ref: '#/components/schemas/PromqlMatcher'
maxItems: 512
groupBy:
description: |
Specifies Prometheus labels to group the report data by.
By default, the following labels will always be included:
- kube_cluster_name
- kube_namespace_name
- kube_workload_name
A maximum of 7 additional custom labels can be specified.
type: array
items:
$ref: '#/components/schemas/PrometheusLabel'
maxItems: 7
WastedWorkloadSpendDataResponse:
type: object
title: Wasted Workload Spend Data Response
description: Aggregated and grouped cost data representing Wasted Workload Spend over a specific date range.
properties:
total:
type: object
description: Aggregated cost values for the specified time range.
properties:
accrued:
type: number
format: double
description: Total cost accrued during the reporting period.
example: 31.59
estimated:
type: number
format: double
description: Estimated efficient cost during the reporting period.
example: 5.6
wasted:
type: number
format: double
description: Difference between accrued and estimated cost.
example: 25.73
groupByData:
type: array
description: Grouped cost data for each combination of Prometheus label values.
items:
type: object
example:
group:
kube_cluster_name: test-k8s-cluster
accrued: 26.59
estimated: 3.6
wasted: 22.99
properties:
group:
type: object
description: Key-value pairs representing grouping labels.
additionalProperties:
type: string
example: kube_cluster_name:test-k8s-cluster
maxLength: 1024
accrued:
type: number
format: double
description: Accrued cost for this group.
example: 26.59
estimated:
type: number
format: double
description: Estimated cost for this group.
example: 3.6
wasted:
type: number
format: double
description: Wasted cost for this group.
example: 22.99
maxItems: 10000
WorkloadRightsizingDataRequest:
title: Workload Rightsizing Data Request
required:
- dateRange
- algorithm
properties:
dateRange:
allOf:
- description: |
The date range used to calculate the Workload Rightsizing report. Both `startDate` and `endDate` are inclusive.
- $ref: '#/components/schemas/DateRange'
algorithm:
description: "Aggregation algorithm used for rightsizing analysis. Currently supported values are:\n- AVG \n- P95 \n- MAX\nThis field is case-sensitive and may support more values in the future.\n"
type: string
maxLength: 64
scope:
description: A list of PromQL-style filters
type: array
items:
$ref: '#/components/schemas/PromqlMatcher'
maxItems: 512
WorkloadRightsizingDataResponse:
type: object
title: Workload Rightsizing Data Response
description: Cost data representing Workload Rightsizing over a specific date range.
properties:
groupByData:
type: array
description: Grouped workload rightsizing data by cluster, namespace, workload, and container.
items:
type: object
properties:
group:
type: object
description: |
Key-value pairs representing the logical grouping keys.
The data is grouped by the following dimensions:
- cluster
- namespace
- workload
- container
example:
cluster: test-cluster
namespace: prod
workload: web-api
container: web-api-container
additionalProperties:
type: string
example: cluster:test-cluster
maxLength: 1024
suggestedCpu:
type: number
format: double
description: Suggested CPU allocation (in milicores).
example: 100
suggestedMemory:
type: number
format: double
description: Suggested memory allocation (in MiB).
example: 1024
monthlyCost:
type: number
format: double
description: Estimated current monthly cost in USD.
example: 10.02
monthlyPotentialSavings:
type: number
format: double
description: Estimated potential monthly savings in USD.
example: 2
workloadType:
type: string
example: Deployment
description: |
Type of Kubernetes workload.
Possible values include:
- Deployment
- StatefulSet
- DaemonSet
- Job
- CronJob
- ReplicaSet
- ReplicationController
maxLength: 64
numberOfPods:
type: integer
format: int32
description: Number of pods currently running in the workload.
example: 1
minimum: 0
maximum: 2147483647
requestedCpu:
type: number
format: double
description: CPU requested by the container (in milicores).
example: 120
requestedMemory:
type: number
format: double
description: Memory requested by the container (in MiB).
example: 2048
maxItems: 10000
LabelMatcherV1:
type: object
title: Label matcher v1
description: Matcher to match alerts to inhibition rules.
required:
- labelName
- operator
- value
properties:
labelName:
type: string
description: Label to match.
minLength: 1
maxLength: 1024
example: myLabel
operator:
type: string
description: Match operator.
enum:
- EQUALS
- NOT_EQUALS
- REGEXP_MATCHES
- NOT_REGEXP_MATCHES
example: EQUALS
value:
type: string
description: Label value to match in case operator is of type equality, or regular expression in case of operator is of type regex.
minLength: 0
maxLength: 1024
example: regexExample[s]?
InhibitionRuleResponseV1:
title: Inhibition Rule Response v1
properties:
id:
description: Unique ID of the resource.
allOf:
- $ref: '#/components/schemas/UnlimitedLong'
version:
description: The current version of the resource.
allOf:
- $ref: '#/components/schemas/UnlimitedLong'
createdOn:
description: Creation date.
type: string
format: date-time
example: '2017-07-21T17:32:28Z'
maxLength: 64
modifiedOn:
description: Last modification date.
type: string
format: date-time
example: '2017-07-21T17:32:28Z'
maxLength: 64
customerId:
description: ID of customer that owns the inhibition rule.
type: integer
format: int32
minimum: 0
maximum: 2147483647
example: 12
teamId:
description: ID of team that owns the inhibition rule.
type: integer
format: int32
minimum: 0
maximum: 2147483647
example: 13
isEnabled:
type: boolean
default: true
description: Indicates if the inhibition rule is enabled or not.
example: false
name:
type: string
description: Name of the inhibition rule.
example: this is an example name
maxLength: 255
nullable: true
description:
type: string
description: Description of the inhibition rule.
example: this is an example description
maxLength: 8192
nullable: true
sourceMatchers:
type: array
description: List of source matchers for which one or more alerts have to exist for the inhibition to take effect.
minItems: 1
maxItems: 100
items:
$ref: '#/components/schemas/LabelMatcherV1'
targetMatchers:
type: array
description: List of target matchers that have to be fulfilled by the target alerts to be muted.
minItems: 1
maxItems: 100
items:
$ref: '#/components/schemas/LabelMatcherV1'
equal:
type: array
description: List of labels that must have an equal value in the source and target alert for the inhibition to take effect.
minItems: 1
maxItems: 100
nullable: true
items:
type: string
description: Name of a label.
example: myLabel
minLength: 1
maxLength: 1024
GetInhibitionRulesPaginatedResponseV1:
title: Get Inhibition Rules Response v1
allOf:
- $ref: '#/components/schemas/OffsetPaginatedResponse'
- type: object
properties:
data:
type: array
items:
$ref: '#/components/schemas/InhibitionRuleResponseV1'
maxItems: 200
CreateInhibitionRuleRequestV1:
title: Create Inhibition Rule Request v1
required:
- sourceMatchers
- targetMatchers
properties:
isEnabled:
type: boolean
default: true
description: Indicates if the inhibition rule is enabled or not.
example: false
name:
type: string
description: Name of the inhibition rule. If provided, must be unique.
example: this is an example name
maxLength: 255
nullable: true
description:
type: string
description: Description of the inhibition rule.
example: this is an example description
maxLength: 8192
nullable: true
sourceMatchers:
type: array
description: List of source matchers for which one or more alerts have to exist for the inhibition to take effect.
minItems: 1
maxItems: 100
items:
$ref: '#/components/schemas/LabelMatcherV1'
targetMatchers:
type: array
description: List of target matchers that have to be fulfilled by the target alerts to be muted.
minItems: 1
maxItems: 100
items:
$ref: '#/components/schemas/LabelMatcherV1'
equal:
type: array
description: List of labels that must have an equal value in the source and target alert for the inhibition to take effect.
minItems: 1
maxItems: 100
nullable: true
items:
type: string
description: Name of a label.
example: myLabel
minLength: 1
maxLength: 1024
UpdateInhibitionRuleRequestV1:
title: Update Inhibition Rule Request v1
required:
- sourceMatchers
- targetMatchers
- version
properties:
isEnabled:
type: boolean
default: true
description: Indicates if the inhibition rule is enabled or not.
example: false
name:
type: string
description: Name of the inhibition rule. If provided, must be unique.
example: this is an example name
maxLength: 255
nullable: true
description:
type: string
description: Description of the inhibition rule.
example: this is an example description
maxLength: 8192
nullable: true
sourceMatchers:
type: array
description: List of source matchers for which one or more alerts have to exist for the inhibition to take effect.
minItems: 1
maxItems: 100
items:
$ref: '#/components/schemas/LabelMatcherV1'
targetMatchers:
type: array
description: List of target matchers that have to be fulfilled by the target alerts to be muted.
minItems: 1
maxItems: 100
items:
$ref: '#/components/schemas/LabelMatcherV1'
equal:
type: array
description: List of labels that must have an equal value in the source and target alert for the inhibition to take effect.
minItems: 1
maxItems: 100
nullable: true
items:
type: string
description: Name of a label.
example: myLabel
minLength: 1
maxLength: 1024
version:
description: The current version of the resource.
allOf:
- $ref: '#/components/schemas/UnlimitedLong'
MonitorEventsFrom:
description: |
From, expressed in Unix nanoseconds timestamp. The difference between `from` and `to`
cannot be greater than 30 days. If defined, `cursor` cannot be used.
type: integer
format: int64
minimum: 0
example: 1546300800000000000
maximum: 4133980799000000000
MonitorEventsTo:
description: |
To, expressed in Unix nanoseconds timestamp. The difference between `from` and `to`
cannot be greater than 30 days. If defined, `cursor` cannot be used.
type: integer
format: int64
minimum: 0
example: 1546300800000000000
maximum: 4133980799000000000
MonitorEventsCursor:
description: |
Cursor is a string used to retrieve paginated data. It acts as a pointer to a page of data. When a cursor is defined, the `from` and `to` parameters must not be used.
type: string
example: LTltNGUybXIwdWkzZThhMjE1bjRn
maxLength: 512
MonitorEventsFilter:
description: |
Query language expression for filtering results.
The filter is the result of logical concatenations,
using "and" and "or" binary operators and the "not" unary prefix operator (i.e. `pid = 1 and not ppid = 2`),
of attribute comparisons. Attribute comparisons can be:
- scalar, using `=`, `!=`
- scalar for string values, using `starts with`, `contains`, operators
- vector, using `in` to check the equality among one of the values provided between parenthesis (i.e. `pid in (1, 2)`)
Depending on the attribute, only some operators can be available.
Values containing double-quotes `"` need escaping using backslash `\`, i.e. name = "sample \"quoted\" value".
Supported attributes are:
* `id` - the event id, using `=`, `!=`, `starts with`, `contains`, `in`
* `type` - the event type, using `=`, `!=`
* `source` - the event source, using `=`, `!=`, `starts with`, `contains`
* `severity` - the event severity, using `=`, `!=`, `in`
* `labels.` - the event scope label, using `=`, `!=`, `starts with`, `contains`, `in`
type: string
example: type = 'ALERT' and severity in (3,4,5) and labels.kube_cluster_name = 'my-cluster'
maxLength: 2048
MonitorEventsPage:
type: object
description: Pagination information.
required:
- total
properties:
total:
type: integer
format: int64
description: |
The number of events matching the search criteria. This number is always major or equal to the number of events returned.
example: 10
minimum: 0
maximum: 9223372036854776000
prev:
type: string
description: |
`prev` is a string pointing to the previous page of data.
Use this as the `cursor` to get the previous page of data.
example: LTltNGUybXIwdWkzZThhMjE1bjRn
maxLength: 512
next:
type: string
description: "`next` is a string pointing to the next page of data.\nUse this as the `cursor` to scroll paginated results and get the next page of data. \nIf not included, the current response is the last page.\n"
example: KzltNGUybXIwdWkzZThhMjE1bjRn
maxLength: 512
MonitorScopeLabel:
type: object
title: Scope Label v1
description: Scope Label.
properties:
key:
type: string
description: The label key.
minLength: 1
maxLength: 1024
example: kube_cluster_name
value:
description: The scope label value(s)
type: array
minItems: 0
maxItems: 1024
items:
type: string
example: myCluster
minLength: 1
maxLength: 1024
BaseMonitorEvent:
description: Base Monitor Event
required:
- id
- createdOn
- occurredAt
- name
- severity
- type
properties:
id:
type: string
description: The event id.
example: 15cbf54e34df95404caad1c988cf7c42
maxLength: 32
createdOn:
type: string
format: date-time
maxLength: 64
description: Timestamp when the event was created in the system
example: '2024-11-21T20:29:01.415528Z'
occurredAt:
type: string
format: date-time
maxLength: 64
description: Event logical timestamp (when the event occurred). For alert events, this is the time when the alert was triggered.
example: '2024-11-21T20:29:01.415528Z'
name:
type: string
description: The event name
example: Launch Privileged Container
maxLength: 64
description:
type: string
description: Description of the event.
example: |
Back-off restarting failed container
maxLength: 1024
severity:
type: integer
format: int32
description: The event severity. A lower value means more severe, with 0 being the highest severity and 7 being the lowest.
minimum: 0
maximum: 7
example: 4
scopeLabels:
type: array
description: List of scope labels, including those from initial scope and those coming from the enrichment process.
nullable: true
minItems: 1
maxItems: 1024
items:
$ref: '#/components/schemas/MonitorScopeLabel'
scope:
type: string
description: Initial event scope
maxLength: 50000
example: kube_namespace_name = 'test'
MonitorEvent:
type: object
description: |
Monitor Event
properties:
type:
$ref: '#/components/schemas/MonitorEventType'
discriminator:
propertyName: type
mapping:
ALERT: '#/components/schemas/AlertMonitorEvent'
CUSTOM: '#/components/schemas/CustomMonitorEvent'
AlertId:
type: integer
format: int64
description: ID of the alert that generated the event
example: 2
maximum: 9223372036854776000
minimum: 1
AlertMonitorEvent:
description: Monitor Alert Event
allOf:
- $ref: '#/components/schemas/BaseMonitorEvent'
- $ref: '#/components/schemas/MonitorEvent'
- type: object
properties:
alertId:
$ref: '#/components/schemas/AlertId'
endedAt:
type: string
format: date-time
maxLength: 64
description: Timestamp when the alert resolved
example: '2024-11-21T20:29:01.415528Z'
alertState:
type: string
description: The alert state. Current supported values are TRIGGERED, RESOLVED.
maxLength: 32
example: TRIGGERED
acknowledged:
type: boolean
description: Whether the alert has been acknowledged.
example: false
manuallyResolved:
type: boolean
description: Whether the alert has been manually resolved.
example: false
silenced:
type: boolean
description: Whether the alert has been silenced.
example: false
CustomMonitorEvent:
description: Monitor Custom Event
allOf:
- $ref: '#/components/schemas/BaseMonitorEvent'
- $ref: '#/components/schemas/MonitorEvent'
- type: object
properties:
source:
type: string
description: The event source. Well known sources include kubernetes, docker, containerd. User created events have a value of api for this field, unless specifically overwritten at creation time
example: kubernetes
maxLength: 32
MonitorEventType:
type: string
description: The type of the event. Current supported values are ALERT, CUSTOM. As the list of supported event types may change in the future, clients should handle unknown event types gracefully.
example: ALERT
maxLength: 50
ListMonitorEventsResponse:
type: object
description: The list of events matching a search criteria.
required:
- page
- data
properties:
page:
$ref: '#/components/schemas/MonitorEventsPage'
data:
description: The list of events
type: array
items:
$ref: '#/components/schemas/MonitorEvent'
maxItems: 20000
MetricV1:
type: object
description: Get Disabled Metrics by Job name Response
properties:
metricName:
description: |
Specifies the name of the disabled metric.
type: string
example: apache_accesses_total
maxLength: 256
modifiedDate:
description: |
The timestamp during which the metric was disabled
type: string
format: date-time
example: '2017-07-21T17:32:28Z'
maxLength: 64
userId:
description: |
The UserId responsible for disabling the metric
type: integer
format: int64
minimum: 0
maximum: 99999999999999
example: 1234
userName:
description: |
User name of the person who disabled the metric
type: string
example: John Smith
maxLength: 256
ListJobAndDisabledMetricsV1:
type: object
description: Get Disabled Metrics by Job name Response.
properties:
jobName:
description: |
The name of the Job reporting the metric.
type: string
example: k8s-pods
maxLength: 256
metrics:
type: array
description: |
List of metrics that are disabled for the Job.
maxItems: 1000
items:
$ref: '#/components/schemas/MetricV1'
MetricErrorV1:
type: object
description: Get Disabled Metrics by Job name Response
properties:
metricName:
description: |
The metric name which could not be disabled or enabled.
type: string
example: apache_accesses_total
maxLength: 256
jobName:
description: |
Specifies the name of the job that caused the error.
type: string
example: k8s-pods
maxLength: 256
message:
description: |
Describes the job and metric error.
type: string
example: This is not a valid metric name.
maxLength: 256
ResponseListDisabledMetricsV1:
type: object
description: Get Disabled Metrics by Job name Response
required:
- data
properties:
data:
type: array
maxItems: 1000
items:
$ref: '#/components/schemas/ListJobAndDisabledMetricsV1'
errors:
type: array
maxItems: 0
items:
$ref: '#/components/schemas/MetricErrorV1'
DisableMetricV1:
type: object
description: Get Disabled Metrics by Job name Response.
properties:
metricName:
description: |
The name of the metric to be disabled or re-enabled.
type: string
example: apache_accesses_total
maxLength: 256
isDisabled:
description: |
Set as `true` to disable a metric. \
Set as `false` to re-enable a metric.
type: boolean
example: true
DisableJobsAndMetricsV1:
type: object
description: Get Disabled Metrics by Job name Response
properties:
jobName:
description: |
The Prometheus Job for which the collection of one or more metrics is disabled.
type: string
example: k8s-pods
maxLength: 256
metrics:
type: array
description: |
List of metrics to be disabled.
maxItems: 1000
items:
$ref: '#/components/schemas/DisableMetricV1'
RequestBodyDisabledMetricsV1:
type: object
description: Change Disabled Metrics per JobName
required:
- data
properties:
data:
type: array
maxItems: 1000
items:
$ref: '#/components/schemas/DisableJobsAndMetricsV1'
ResponseListDisabledMetricsAndErrorV1:
type: object
description: Get Disabled Metrics by Job name Response
required:
- data
- errors
properties:
data:
type: array
maxItems: 1000
items:
$ref: '#/components/schemas/ListJobAndDisabledMetricsV1'
errors:
type: array
maxItems: 1000
items:
$ref: '#/components/schemas/MetricErrorV1'
CustomJobV1:
type: object
title: Custom Prometheus Job V1
description: Custom Prometheus job name and enablement status
properties:
name:
description: Job name
type: string
maxLength: 256
example: my-custom-job
enabled:
description: Enablement status
type: boolean
example: false
enablementByCluster:
description: Enablement overrides by cluster
type: object
example:
my-cluster: true
additionalProperties:
type: boolean
example: true
GetCustomJobsPaginatedResponseV1:
title: Get Paginated Custom Prometheus Job Response V1
allOf:
- $ref: '#/components/schemas/OffsetPaginatedResponse'
- type: object
properties:
data:
type: array
items:
$ref: '#/components/schemas/CustomJobV1'
maxItems: 200
CustomJobContentV1:
type: string
title: Custom Prometheus Job Content
description: |
The yaml content of a custom Prometheus job. Must be a valid `scrape_config` as defined here: https://prometheus.io/docs/prometheus/latest/configuration/configuration/#scrape_config
example: |
job_name: apache-exporter-default
tls_config:
insecure_skip_verify: true
kubernetes_sd_configs:
- role: pod
relabel_configs:
- action: keep
source_labels: [__meta_kubernetes_pod_host_ip]
regex: __HOSTIPS__
CustomJobsEnablementV1:
type: object
title: Custom Prometheus Job Enablement V1
description: The enablement status of a custom Prometheus job
required:
- enabled
properties:
enabled:
description: Enablement status
type: boolean
example: false
enablementByCluster:
description: Enablement overrides by cluster
type: object
example:
my-cluster: true
additionalProperties:
type: boolean
example: true
QueryTime:
description: Time defined as RFC3339 or a unix timestamp
oneOf:
- type: string
format: date-time
maxLength: 30
- type: integer
format: int64
minimum: 0
maximum: 4102444800
Duration:
description: Time defined as a Golang-style duration type
type: string
maxLength: 50
example: 1m30s
QueryResponseV1:
type: object
title: Query Response V1
properties:
status:
description: Query status.
type: string
enum:
- success
- error
example: success
data:
type: object
description: The result of the query.
properties:
resultType:
type: string
enum:
- vector
- scalar
- matrix
- string
description: Type of the result set.
example: vector
result:
anyOf:
- description: Scalar result
type: array
minItems: 2
maxItems: 2
items:
anyOf:
- type: number
example: 1750075945
- type: string
example: +Inf
example:
- 1750075945
- +Inf
- description: Vector result
type: array
minItems: 0
items:
type: object
required:
- metric
- value
properties:
metric:
type: object
additionalProperties:
type: string
maxLength: 100
example: '1749637260'
example:
instance: minikube
maxProperties: 50
value:
type: array
minItems: 2
maxItems: 2
items:
type: string
maxLength: 100
example: '1'
example:
- '1749637701'
- '1'
example:
- metric:
instance: minikube
value:
- '1749637701'
- '1'
- description: Matrix result
type: array
minItems: 0
items:
type: object
required:
- metric
- values
properties:
metric:
type: object
additionalProperties:
type: string
maxLength: 100
example: '1749637260'
example:
instance: minikube
values:
type: array
items:
type: array
minItems: 2
maxItems: 2
items:
type: string
maxLength: 100
example: '0'
example:
- '1749636900'
- '0'
example:
- metric: {}
values:
- - '1749636900'
- '0'
- - '1749636910'
- '0'
warnings:
description: A set of warning messages attached to the response.
type: array
items:
type: string
example: ''
example: []
infos:
description: A set of information messages attached to the response.
type: array
items:
type: string
example: ''
example: []
PrometheusError:
title: PrometheusError
type: object
properties:
status:
type: string
enum:
- error
description: Indicates an error response.
example: error
errorType:
type: string
description: Type of error encountered.
maxLength: 255
example: gone
error:
type: string
description: Error message describing the issue.
maxLength: 1024
example: This API endpoint is not supported.
SeriesResponseV1:
type: object
title: Series Response V1
properties:
status:
description: Query status.
type: string
enum:
- success
- error
example: success
data:
type: array
description: List of matching time series, each represented as a set of labels.
items:
type: object
example:
- __name__: up
instance: localhost:9090
job: prometheus
- __name__: process_start_time_seconds
instance: localhost:9090
job: prometheus
warnings:
description: A set of warning messages attached to the response.
type: array
items:
type: string
example: ''
example: []
infos:
description: A set of information messages attached to the response.
type: array
items:
type: string
example: ''
example: []
LabelsResponseV1:
type: object
title: Labels Response V1
properties:
status:
description: Query status.
type: string
enum:
- success
- error
example: success
data:
type: array
description: List of label names.
items:
type: string
maxLength: 255
example: __name__
example:
- __name__
- instance
- job
warnings:
description: A set of warning messages attached to the response.
type: array
items:
type: string
example: ''
example: []
infos:
description: A set of information messages attached to the response.
type: array
items:
type: string
example: ''
example: []
LabelValuesResponseV1:
type: object
title: Label Values Response V1
properties:
status:
description: Query status.
type: string
enum:
- success
- error
example: success
data:
type: array
description: List of values associated with the specified label.
items:
type: string
maxLength: 255
example: prometheus
example:
- prometheus
- node-exporter
warnings:
description: A set of warning messages attached to the response.
type: array
items:
type: string
example: ''
example: []
infos:
description: A set of information messages attached to the response.
type: array
items:
type: string
example: ''
example: []
MetadataResponseV1:
type: object
title: Metadata Response V1
properties:
status:
description: Query status.
type: string
enum:
- success
- error
example: success
data:
type: object
description: Metric metadata indexed by metric name.
additionalProperties:
type: array
description: Metadata details for a specific metric.
items:
type: object
required:
- type
- help
- unit
properties:
type:
type: string
enum:
- counter
- gauge
- histogram
- summary
- unknown
description: The type of the metric.
example: counter
help:
type: string
maxLength: 1024
description: A brief description of the metric.
example: Number of HTTP requests
unit:
type: string
maxLength: 255
description: The unit of measurement for the metric.
example: ''
warnings:
description: A set of warning messages attached to the response.
type: array
items:
type: string
example: ''
example: []
infos:
description: A set of information messages attached to the response.
type: array
items:
type: string
example: ''
example: []
RulesResponseV1:
type: object
title: Rules Response V1
properties:
status:
description: Request status.
type: string
enum:
- success
- error
example: success
data:
type: object
description: Response payload containing rule groups.
properties:
groups:
type: array
description: List of rule groups.
items:
type: object
required:
- name
- file
- rules
- interval
properties:
name:
type: string
maxLength: 255
description: Name of the rule group.
example: HTTP Alerts
interval:
type: string
maxLength: 30
description: Evaluation interval of the rule group.
example: 30s
rules:
type: array
description: List of rules in the group.
items:
type: object
required:
- type
- name
- query
- health
properties:
type:
type: string
enum:
- alerting
- recording
description: Type of rule (alerting or recording).
example: alerting
name:
type: string
maxLength: 255
description: Name of the rule.
example: HighCPUUsage
query:
type: string
maxLength: 5000
description: PromQL query associated with the rule.
example: avg by(instance) (rate(cpu_usage[5m])) > 0.9
duration:
type: string
maxLength: 30
description: Duration for which the rule must be active before triggering.
example: 5m
labels:
type: object
description: Labels assigned to the rule.
additionalProperties:
type: string
maxLength: 255
example: critical
example:
severity: critical
annotations:
type: object
description: Annotations providing additional information about the rule.
additionalProperties:
type: string
maxLength: 1024
example: CPU usage is high
example:
description: CPU usage is above 90% for more than 5 minutes.
alerts:
type: array
description: List of active alerts for this rule (only for alerting rules).
items:
type: object
required:
- state
- activeAt
- value
properties:
state:
type: string
enum:
- pending
- firing
description: Current state of the alert.
example: firing
activeAt:
type: string
format: date-time
maxLength: 30
description: Timestamp when the alert became active.
example: '2023-10-05T14:30:00Z'
value:
type: string
maxLength: 20
description: The numerical value that triggered the alert.
example: '1e+00'
additionalProperties: false
warnings:
description: A set of warning messages attached to the response.
type: array
items:
type: string
example: ''
example: []
infos:
description: A set of information messages attached to the response.
type: array
items:
type: string
example: ''
example: []
AlertsResponseV1:
type: object
title: Alerts Response V1
properties:
status:
description: Request status.
type: string
enum:
- success
- error
example: success
data:
type: object
description: Response payload containing active alerts.
properties:
alerts:
type: array
description: List of currently active alerts.
items:
type: object
required:
- labels
- state
- activeAt
- annotations
- value
properties:
activeAt:
type: string
format: date-time
maxLength: 30
description: Timestamp when the alert became active.
example: '2024-10-07T10:17:02Z'
annotations:
type: object
description: Additional metadata about the alert.
additionalProperties:
type: string
maxLength: 1024
example: application
example: {}
labels:
type: object
description: Key-value pairs identifying the alert.
additionalProperties:
type: string
maxLength: 255
example: my-alert
example:
alertname: High request latency alert
state:
type: string
enum:
- pending
- firing
description: Current state of the alert.
example: firing
value:
type: string
maxLength: 20
description: The numerical value that triggered the alert.
example: '1e+00'
additionalProperties: false
warnings:
description: A set of warning messages attached to the response.
type: array
items:
type: string
example: ''
example: []
infos:
description: A set of information messages attached to the response.
type: array
items:
type: string
example: ''
example: []
From:
description: |
From, expressed in Unix nanoseconds timestamp. The difference between `from` and `to`
cannot be greater than 2 weeks.
If defined, `cursor` cannot be used.
type: integer
format: int64
minimum: 0
example: 1546300800000000000
maximum: 9223372036854776000
To:
description: |
To, expressed in Unix nanoseconds timestamp. The difference between `from` and `to` cannot be greater than 2 weeks.
If defined, `cursor` cannot be used.
type: integer
format: int64
minimum: 0
example: 1546300800000000000
maximum: 9223372036854776000
Cursor:
description: |
Cursor is a string used to retrieve paginated data. It acts as a pointer to the next page of data. When a cursor is defined, the `from` and `to` parameters must not be used.
type: string
example: LTltNGUybXIwdWkzZThhMjE1bjRn
maxLength: 512
AuditEventsFeedFilter:
description: |
Query language expression for filtering results.
The filter is the result of logical concatenations,
using "and" and "or" binary operators and the "not" unary prefix operator (i.e. `auditTrail.requestMethod = 'GET' and auditTrail.entityType = 'user'`),
of attribute comparisons. Attribute comparisons can be:
- scalar, using `=`, `!=` comparison operators (i.e. `auditTrail.teamName = 'Test team'`)
type: string
example: auditTrail.requestMethod = 'GET' and auditTrail.entityType = 'user'
maxLength: 2048
AuditEventsFeedLimit:
description: The number of items to return
type: integer
format: int32
minimum: 1
maximum: 999
default: 100
example: 50
AuditPage:
type: object
description: Pagination information.
required:
- total
properties:
total:
type: integer
format: int64
description: |
The number of events matching the search criteria. This number is always major or equal to the number of events returned.
example: 10
minimum: 0
maximum: 9223372036854776000
prev:
type: string
description: |
`prev` is a string pointing to the previous page of data.
Use this as the `cursor` to get the previous page of data.
example: LTltNGUybXIwdWkzZThhMjE1bjRn
maxLength: 512
next:
type: string
description: "`next` is a string pointing to the next page of data.\nUse this as the `cursor` to scroll paginated results and get the next page of data. \nIf not included, the current response is the last page.\n"
example: KzltNGUybXIwdWkzZThhMjE1bjRn
maxLength: 512
AuditTrailContent:
description: Content object for Platform Audit Event.
properties:
timestampNs:
type: integer
format: int64
description: The event timestamp in nanoseconds.
example: 1617220000000000000
maximum: 9223372036854776000
minimum: 0
userId:
type: integer
description: ID of user that was preforming some action.
format: int32
minimum: 0
maximum: 2147483647
example: 122
username:
type: string
description: Username of the user that was preforming some action.
maxLength: 64
example: joendoe
teamId:
type: integer
description: Team ID, that user who preformed some action was logged in.
format: int32
minimum: 0
maximum: 2147483647
example: 13
teamName:
type: string
description: Name of the team, that user who preformed action was logged in.
maxLength: 256
example: Security Operations
requestMethod:
type: string
description: HTTP request method that was used to preform action.
enum:
- GET
- POST
- PUT
- DELETE
- PATCH
example: GET
requestUri:
type: string
description: URI of the request that was used to preform action.
maxLength: 4096
example: /api/v1/audit
userOriginIP:
type: string
description: IP address of the user that was preforming action.
format: ipv4 or ipv6
maxLength: 43
example: 22.220.145.219
queryString:
type: string
description: Query string of the request that was used to preform action.
maxLength: 8192
example: controlId=1&resourceKind=workload
responseStatusCode:
type: integer
description: HTTP response status code of the request that was used to preform action.
format: int32
minimum: 0
maximum: 2147483647
example: 200
entityType:
type: string
description: |
Type of entity that was affected by the action. Full list of possible values can be found in the our documentation
https://docs.sysdig.com/en/docs/administration/administration-settings/app-status-and-audit/sysdig-platform-audit/#sysdig-monitor-and-sysdig-platform.
maxLength: 64
example: policy
entityId:
type: string
description: ID of the entity that was affected by the action.
maxLength: 64
example: ''
entityPayload:
type: string
description: Payload of the entity that was affected by the action.
maxLength: 1024
example: SAMLResponse=***&RelayState=%23%2F%26customer%3D5
serviceAccountId:
type: integer
description: ID of the service account that was used to preform action.
format: int32
minimum: 0
maximum: 2147483647
example: 123
serviceAccountName:
type: string
description: Name of the service account that was used to preform action.
maxLength: 256
example: service-account-1
AuditEvent:
description: Platform Audit Event
properties:
id:
type: string
description: The event id.
example: 15cbf54e34df95404caad1c988cf7c42
maxLength: 32
cursor:
type: string
description: |
The cursor that can be used to fetch a set of events surrounding
this same event. By providing this value as `cursor` in a GET
request, you will get the set of events surrounding
this current event.
example: LTltNGUybXIwdWkzZThhMjE1bjRn
maxLength: 64
timestamp:
type: integer
format: int64
description: The event timestamp in nanoseconds.
example: 1617220000000000000
maximum: 9223372036854776000
minimum: 0
content:
$ref: '#/components/schemas/AuditTrailContent'
labels:
type: object
description: |
Key value pairs of values, represents entityType where the Audit Event was generated.
additionalProperties:
type: string
maxLength: 256
example: entityType:auth
example:
entityType: auth
ListAuditEventsResponse:
type: object
description: The list of events matching a search criteria.
required:
- page
- data
properties:
page:
$ref: '#/components/schemas/AuditPage'
data:
description: The list of Audit events.
type: array
items:
$ref: '#/components/schemas/AuditEvent'
maxItems: 999
CheckboxFieldValueV1:
title: Jira Checkbox Field Value V1
type: object
required:
- id
- value
properties:
id:
description: Jira checkbox field id.
type: string
maxLength: 512
example: id
x-go-name: ID
x-order: 1
value:
description: Jira checkbox field value.
type: string
maxLength: 512
example: value
x-order: 2
IssueTypeFieldResponseV1:
title: Jira Issue Type Field Response V1
type: object
required:
- id
- jiraId
- jiraName
- type
- isRequired
- hasDefaultValue
properties:
id:
description: Issue type field id.
allOf:
- $ref: '#/components/schemas/UnlimitedLong'
x-go-name: ID
x-order: 1
jiraId:
description: Issue type field id on Jira.
type: string
maxLength: 512
example: jira-id
x-go-name: JiraID
x-order: 2
jiraName:
description: Jira issue type field name.
type: string
maxLength: 512
example: jira-name
x-order: 3
type:
description: Issue type field type.
type: string
enum:
- user
- checkbox
- number
- label
- text
- document
example: checkbox
x-order: 4
isRequired:
description: Indicates if the field is required.
type: boolean
example: true
x-order: 5
hasDefaultValue:
description: Indicates if the field has a default value.
type: boolean
example: false
x-order: 6
allowedValues:
description: Allowed values for the field.
type: array
maxItems: 500
x-order: 7
items:
oneOf:
- $ref: '#/components/schemas/CheckboxFieldValueV1'
IssueTypeResponseV1:
title: Jira Issue Type Response V1
type: object
required:
- id
- jiraId
- jiraName
- jiraHierarchyLevel
- jiraOpenStatusId
- jiraInProgressStatusId
- jiraClosedStatusId
- standardFields
properties:
id:
description: Issue type ID.
allOf:
- $ref: '#/components/schemas/UnlimitedLong'
x-go-name: ID
x-order: 1
jiraId:
description: Issue type ID on Jira.
type: string
maxLength: 512
example: '1'
x-go-name: JiraID
x-order: 2
jiraName:
description: Jira issue type name.
type: string
maxLength: 512
example: jira-name
x-order: 3
jiraHierarchyLevel:
description: Issue type hierarchy level on Jira.
type: integer
format: int32
minimum: 1
maximum: 2147483647
example: 1
x-order: 4
jiraOpenStatusId:
description: Jira status ID mapped to open status.
type: string
maxLength: 512
example: '1000'
x-go-name: JiraOpenStatusID
x-order: 5
jiraInProgressStatusId:
description: Jira status ID mapped to in progress status.
type: string
maxLength: 512
example: '1001'
x-go-name: JiraInProgressStatusID
x-order: 6
jiraClosedStatusId:
description: Jira status ID mapped to closed status.
type: string
maxLength: 512
example: '1002'
x-go-name: JiraClosedStatusID
x-order: 7
standardFields:
description: Standard fields for the issue type.
type: array
maxItems: 500
x-order: 8
items:
$ref: '#/components/schemas/IssueTypeFieldResponseV1'
customFields:
description: Custom fields for the issue type.
type: array
maxItems: 500
x-order: 9
items:
$ref: '#/components/schemas/IssueTypeFieldResponseV1'
IntegrationResponseV1:
title: Jira Integration Response V1
type: object
required:
- id
- name
- createdAt
- modifiedAt
- customerId
- isEnabled
- isValid
- isAllTeams
- jiraProjectId
- jiraUrl
- jiraEmail
properties:
id:
description: Integration id.
allOf:
- $ref: '#/components/schemas/UnlimitedLong'
x-go-name: ID
x-order: 1
name:
description: Integration name.
type: string
maxLength: 512
example: name
x-order: 2
createdAt:
description: Integration creation date.
type: string
format: date-time
maxLength: 64
example: '2023-09-06T12:30:45Z'
x-order: 3
modifiedAt:
description: Integration modification date.
type: string
format: date-time
maxLength: 64
example: '2023-09-06T12:30:45Z'
x-order: 4
deletedAt:
description: Integration deletion date.
type: string
format: date-time
maxLength: 64
example: '2023-09-06T12:30:45Z'
x-order: 5
customerId:
description: Customer identifier for which the integration was created.
allOf:
- $ref: '#/components/schemas/UnlimitedLong'
x-go-name: CustomerID
x-order: 6
isEnabled:
description: Integration enabled status.
type: boolean
example: false
x-order: 7
isValid:
description: Integration valid status.
type: boolean
example: false
x-order: 8
isAllTeams:
description: |
**True** if the integration is enabled for all teams, **false** otherwise and the *teamIds* for which is accessible will be defined.
type: boolean
example: false
x-order: 9
teamIds:
description: The list of internal Sysdig team ids that the integration is enabled for.
type: array
maxItems: 500
x-go-name: TeamIDs
x-order: 10
items:
$ref: '#/components/schemas/UnlimitedLong'
jiraProjectId:
description: Jira project id.
type: string
maxLength: 512
example: '10000'
x-go-name: JiraProjectID
x-order: 11
jiraProjectName:
description: Jira project name.
type: string
maxLength: 512
example: jira-project-name
x-order: 12
jiraUrl:
description: Customer's Jira URL.
type: string
format: url
maxLength: 512
example: https://atlassian-url.com
x-go-name: JiraURL
x-order: 13
jiraEmail:
description: User's Jira email.
type: string
format: email
maxLength: 512
example: jira.user@email.com
x-order: 14
jiraAssignee:
description: The default assignee account id for this integration.
type: string
maxLength: 512
example: 5b10ac8d82e05b22cc7d4ef5
x-order: 15
jiraLabels:
description: The list of labels available for this integration.
type: array
maxItems: 500
x-order: 16
items:
type: string
maxLength: 512
example: label
parentIssueType:
description: Parent issue type for the integration.
allOf:
- $ref: '#/components/schemas/IssueTypeResponseV1'
x-order: 17
childIssueType:
description: Child issue type for the integration.
allOf:
- $ref: '#/components/schemas/IssueTypeResponseV1'
x-order: 18
PaginatedIntegrationsResponseV1:
title: Jira Integrations Response V1
allOf:
- $ref: '#/components/schemas/OffsetPaginatedResponse'
- type: object
properties:
data:
type: array
maxItems: 500
items:
$ref: '#/components/schemas/IntegrationResponseV1'
CreateIntegrationRequestV1:
title: Create Jira Integration Request V1
type: object
required:
- name
- jiraProject
- jiraUrl
- jiraEmail
- jiraAccessToken
properties:
name:
description: Integration name.
type: string
maxLength: 512
example: name
x-order: 1
isAllTeams:
description: |
If **true**, the integration will be enabled for all teams.
If **false**, the integration will be enabled for the teams specified in the *teamIds* field.
type: boolean
example: false
x-order: 2
teamIds:
description: |
List of Sysdig's internal team ids for which the integration will be enabled.
This field is required if *isAllTeams* is **false**.
type: array
maxItems: 500
x-go-name: TeamIDs
x-order: 3
items:
$ref: '#/components/schemas/UnlimitedLong'
jiraProject:
description: |
Associated Jira project id.
Please refer to the [Jira documentation](https://developer.atlassian.com/cloud/jira/platform/rest/v3/api-group-projects#api-group-projects "Jira project documentation") for more info.
type: string
maxLength: 512
example: '10000'
x-order: 4
jiraUrl:
description: Customer's Jira URL.
type: string
format: url
maxLength: 512
example: https://atlassian-url.com
x-go-name: JiraURL
x-order: 5
jiraEmail:
description: User's email associated with the Jira account.
type: string
format: email
maxLength: 512
example: jira.user@email.com
x-order: 6
jiraAccessToken:
description: Jira access token for the provided Jira account.
type: string
maxLength: 512
example: jira-access-token
x-order: 7
jiraAssignee:
description: |
The default assignee Jira account id for this integration.
Please refer to the [Jira documentation](https://developer.atlassian.com/cloud/jira/platform/rest/v3/api-group-user-search/#api-group-user-search "Jira user documentation") for more info.
type: string
maxLength: 512
example: 5b10ac8d82e05b22cc7d4ef5
x-order: 8
jiraLabels:
description: |
The list of Jira labels available for this integration.
Please refer to the [Jira documentation](https://developer.atlassian.com/cloud/jira/platform/rest/v3/api-group-labels/#api-group-labels "Jira labels documentation") for more info.
type: array
maxItems: 500
x-order: 9
items:
type: string
maxLength: 512
example: label
UpdateIntegrationRequestV1:
title: Update Jira Integration Request V1
type: object
required:
- name
- isEnabled
- isAllTeams
- teamIds
- jiraUrl
- jiraEmail
- jiraAccessToken
- jiraAssignee
- jiraLabels
- parentIssueTypeId
- childIssueTypeId
properties:
name:
description: Integration name.
type: string
maxLength: 512
example: name
x-order: 1
isEnabled:
description: Integration enabled status.
type: boolean
x-go-type: '*bool'
example: false
x-order: 2
isAllTeams:
description: |
If **true**, the integration will be enabled for all teams.
If **false**, the integration will be enabled for the teams specified in the *teamIds* field.
type: boolean
x-go-type: '*bool'
example: false
x-order: 3
teamIds:
description: |
List of Sysdig's internal team ids for which the integration will be enabled.
This field is required if *isAllTeams* is **false**.
type: array
maxItems: 500
x-go-name: TeamIDs
x-order: 4
items:
$ref: '#/components/schemas/UnlimitedLong'
jiraUrl:
description: Customer's Jira URL.
type: string
format: url
maxLength: 512
example: https://atlassian-url.com
x-go-name: JiraURL
x-order: 5
jiraEmail:
description: The user email associated with the Jira account.
type: string
format: email
maxLength: 512
example: jira.user@email.com
x-order: 6
jiraAccessToken:
description: Jira access token for the provided Jira account.
type: string
maxLength: 512
example: jira-access-token
x-order: 7
jiraAssignee:
description: |
The default assignee Jira account ID for this integration.
Please refer to the [Jira documentation](https://developer.atlassian.com/cloud/jira/platform/rest/v3/api-group-user-search/#api-group-user-search "Jira user documentation") for more info.
type: string
nullable: true
maxLength: 512
example: 5b10ac8d82e05b22cc7d4ef5
x-order: 8
jiraLabels:
description: |
The list of Jira labels available for this integration.
Please refer to the [Jira documentation](https://developer.atlassian.com/cloud/jira/platform/rest/v3/api-group-labels/#api-group-labels "Jira labels documentation") for more info.
type: array
maxItems: 500
x-order: 9
items:
type: string
maxLength: 512
example: label
parentIssueTypeId:
description: |
Internal Sysdig's issue type id, which will act as a parent issue type for the integration.
nullable: true
allOf:
- $ref: '#/components/schemas/UnlimitedLong'
x-go-name: ParentIssueTypeID
x-order: 10
childIssueTypeId:
description: |
Internal Sysdig's issue type id, which will act as a child issue type for the integration.
nullable: true
allOf:
- $ref: '#/components/schemas/UnlimitedLong'
x-go-name: ChildIssueTypeID
x-order: 11
IssueTypesResponseV1:
title: Jira Issue Types Response V1
type: object
properties:
data:
description: List of issue types.
type: array
maxItems: 500
items:
$ref: '#/components/schemas/IssueTypeResponseV1'
CreateIssueTypeRequestV1:
title: Create Jira Issue Type Request V1
type: object
required:
- jiraId
- jiraOpenStatusId
- jiraInProgressStatusId
- jiraClosedStatusId
properties:
jiraId:
description: |
Jira issue type id.
Please refer to the [Jira documentation](https://developer.atlassian.com/cloud/jira/platform/rest/v3/api-group-issue-types/#api-group-issue-types "Jira issue types documentation") for more info.
type: string
maxLength: 512
example: '1'
x-go-name: JiraID
x-order: 1
jiraOpenStatusId:
description: |
Jira status id mapped to open status.
Please refer to the [Jira documentation](https://developer.atlassian.com/cloud/jira/platform/rest/v3/api-group-status/#api-group-status "Jira status documentation") for more info.
type: string
maxLength: 512
example: '1000'
x-go-name: JiraOpenStatusID
x-order: 2
jiraInProgressStatusId:
description: |
Jira status id mapped to in progress status.
Please refer to the [Jira documentation](https://developer.atlassian.com/cloud/jira/platform/rest/v3/api-group-status/#api-group-status "Jira status documentation") for more info.
type: string
maxLength: 512
example: '1001'
x-go-name: JiraInProgressStatusID
x-order: 3
jiraClosedStatusId:
description: |
Jira status id mapped to closed status.
Please refer to the [Jira documentation](https://developer.atlassian.com/cloud/jira/platform/rest/v3/api-group-status/#api-group-status "Jira status documentation") for more info.
type: string
maxLength: 512
example: '1002'
x-go-name: JiraClosedStatusID
x-order: 4
customFieldIds:
description: |
List of supported custom field ids for the issue type.
Please refer to the [Jira documentation](https://developer.atlassian.com/cloud/jira/platform/rest/v3/api-group-issues/#api-rest-api-3-issue-createmeta-get "Jira issue type fields documentation") for more info.
type: array
maxItems: 500
x-go-name: CustomFieldIDs
x-order: 5
items:
type: string
maxLength: 512
example: custom-field-id
UpdateIssueTypeRequestV1:
title: Update Jira Issue Type Request V1
type: object
required:
- jiraOpenStatusId
- jiraInProgressStatusId
- jiraClosedStatusId
- customFieldIds
properties:
jiraOpenStatusId:
description: |
Jira status id mapped to open status.
Please refer to the [Jira documentation](https://developer.atlassian.com/cloud/jira/platform/rest/v3/api-group-status/#api-group-status "Jira status documentation") for more info.
type: string
maxLength: 512
example: '1000'
x-go-name: JiraOpenStatusID
x-order: 1
jiraInProgressStatusId:
description: |
Jira status id mapped to in progress status.
Please refer to the [Jira documentation](https://developer.atlassian.com/cloud/jira/platform/rest/v3/api-group-status/#api-group-status "Jira status documentation") for more info.
type: string
maxLength: 512
example: '1001'
x-go-name: JiraInProgressStatusID
x-order: 2
jiraClosedStatusId:
description: |
Jira status id mapped to closed status.
Please refer to the [Jira documentation](https://developer.atlassian.com/cloud/jira/platform/rest/v3/api-group-status/#api-group-status "Jira status documentation") for more info.
type: string
maxLength: 512
example: '1002'
x-go-name: JiraClosedStatusID
x-order: 3
customFieldIds:
description: |
List of supported custom field ids for the issue type.
Please refer to the [Jira documentation](https://developer.atlassian.com/cloud/jira/platform/rest/v3/api-group-issues/#api-rest-api-3-issue-createmeta-get "Jira issue type fields documentation") for more info.
type: array
maxItems: 500
x-go-name: CustomFieldIDs
x-order: 4
items:
type: string
maxLength: 512
example: custom-field-id
NotificationChannelResponseV1:
title: Notification Channel Response v1
allOf:
- type: object
description: Notification Channel Response Base Schema
required:
- type
properties:
type:
type: string
maxLength: 50
example: EMAIL
customerId:
description: ID of customer that owns the notification channel.
type: integer
format: int32
minimum: 0
maximum: 2147483647
example: 12
id:
description: Unique ID of the resource.
allOf:
- $ref: '#/components/schemas/UnlimitedLong'
version:
description: The current version of the resource.
allOf:
- $ref: '#/components/schemas/UnlimitedLong'
createdOn:
description: Creation date.
type: string
format: date-time
example: '2017-07-21T17:32:28Z'
maxLength: 64
modifiedOn:
description: Last modification date.
type: string
format: date-time
example: '2017-07-21T17:32:28Z'
maxLength: 64
discriminator:
propertyName: type
mapping:
CUSTOM_WEBHOOK: '#/components/schemas/CustomWebhookNotificationChannelResponseV1'
EMAIL: '#/components/schemas/EmailNotificationChannelResponseV1'
GCHAT: '#/components/schemas/GchatNotificationChannelResponseV1'
IBM_EVENT_NOTIFICATIONS: '#/components/schemas/IbmEventNotificationsNotificationChannelResponseV1'
MS_TEAMS: '#/components/schemas/MsTeamsNotificationChannelResponseV1'
OPSGENIE: '#/components/schemas/OpsgenieNotificationChannelResponseV1'
PAGER_DUTY: '#/components/schemas/PagerDutyNotificationChannelResponseV1'
PROMETHEUS_ALERT_MANAGER: '#/components/schemas/PrometheusAlertManagerNotificationChannelResponseV1'
SLACK: '#/components/schemas/SlackNotificationChannelResponseV1'
SNS: '#/components/schemas/SnsNotificationChannelResponseV1'
TEAM_EMAIL: '#/components/schemas/TeamEmailNotificationChannelResponseV1'
VICTOROPS: '#/components/schemas/VictorOpsNotificationChannelResponseV1'
WEBHOOK: '#/components/schemas/WebhookNotificationChannelResponseV1'
NotificationChannelV1:
title: Notification Channel V1
type: object
required:
- name
properties:
teamId:
description: ID of team that owns the notification channel. If null, this will be a global notification channel
type: integer
format: int32
minimum: 0
maximum: 2147483647
example: 13
nullable: true
isEnabled:
type: boolean
default: false
description: Indicates if the notification channel is enabled or not.
example: false
name:
type: string
description: Name of the notification channel. It must be unique.
example: Sample Notification Channel Name
maxLength: 255
hasTestNotificationEnabled:
type: boolean
description: Indicates whether or not a test notification should be sent upon creation or update of this notification channel resource
example: false
default: false
NotificationChannelOptionsV1:
title: Notification Channel Options V1
type: object
properties:
hasHidingOfSensitiveInfo:
description: Whether the notification info should be hidden when notifications are sent to this notification channel
type: boolean
example: true
CustomWebhookNotificationChannelOptionsV1:
title: Custom Webhook Notification Channel Options V1
description: The custom webhook notification channel options
allOf:
- $ref: '#/components/schemas/NotificationChannelOptionsV1'
- type: object
required:
- url
- template
properties:
url:
description: The url to which the request should be sent
type: string
maxLength: 255
example: http://some-website/some-path
template:
description: The custom template used by this webhook, currently a JSON potentially enriched by Sysdig Templating Language
type: string
maxLength: 16384
example: '{"test" : "notification"}'
httpMethod:
description: The HTTP method to use when doing the request to the target url
type: string
default: POST
example: PUT
enum:
- GET
- POST
- PUT
- DELETE
- PATCH
isAllowsInsecureConnections:
description: Specifies if the channel allows insecure connections (e.g. plain http, self-signed https)
type: boolean
example: false
additionalHeaders:
description: Additional headers to send as part of the request to the target url
type: object
additionalProperties:
type: string
maxLength: 255
example: CUSTOM_HEADER
maxProperties: 10
CustomWebhookNotificationChannelResponseV1:
type: object
title: Custom Webhook Notification Channel Response V1
allOf:
- $ref: '#/components/schemas/NotificationChannelResponseV1'
- $ref: '#/components/schemas/NotificationChannelV1'
- type: object
required:
- options
properties:
options:
$ref: '#/components/schemas/CustomWebhookNotificationChannelOptionsV1'
EmailNotificationChannelOptionsV1:
title: Email Notification Channel Options V1
description: The email notification channel options
allOf:
- $ref: '#/components/schemas/NotificationChannelOptionsV1'
- type: object
properties:
emailRecipients:
type: array
description: List of email recipients to which notifications should be sent
minItems: 1
maxItems: 100
uniqueItems: true
items:
type: string
format: email
maxLength: 255
example: test@sysdig.com
required:
- emailRecipients
EmailNotificationChannelResponseV1:
type: object
title: Email Notification Channel Response V1
allOf:
- $ref: '#/components/schemas/NotificationChannelV1'
- $ref: '#/components/schemas/NotificationChannelResponseV1'
- type: object
required:
- options
properties:
options:
$ref: '#/components/schemas/EmailNotificationChannelOptionsV1'
GchatNotificationChannelOptionsV1:
title: Google Chat Notification Channel Options V1
description: The Google Chat notification channel options
allOf:
- $ref: '#/components/schemas/NotificationChannelOptionsV1'
- type: object
required:
- url
properties:
url:
type: string
description: Google Chat Webhook URL
maxLength: 255
example: https://chat.googleapis.com/v1/spaces/SPACE_ID/messages?key=KEY&token=TOKEN
GchatNotificationChannelResponseV1:
type: object
title: Google Chat Notification Channel Response V1
allOf:
- $ref: '#/components/schemas/NotificationChannelV1'
- $ref: '#/components/schemas/NotificationChannelResponseV1'
- type: object
required:
- options
properties:
options:
$ref: '#/components/schemas/GchatNotificationChannelOptionsV1'
IbmEventNotificationsNotificationChannelOptionsV1:
title: IBM Event Notifications Notification Channel Options V1
description: The IBM Event Notifications notification channel options
allOf:
- $ref: '#/components/schemas/NotificationChannelOptionsV1'
- type: object
required:
- instanceId
properties:
instanceId:
description: The IBM Event Notification Service Instance Id
type: string
maxLength: 255
example: service-instance-id
IbmEventNotificationsNotificationChannelResponseV1:
type: object
title: IBM Event Notifications Notification Channel Response V1
allOf:
- $ref: '#/components/schemas/NotificationChannelV1'
- $ref: '#/components/schemas/NotificationChannelResponseV1'
- type: object
required:
- options
properties:
options:
$ref: '#/components/schemas/IbmEventNotificationsNotificationChannelOptionsV1'
MsTeamsNotificationChannelOptionsV1:
title: Microsoft Teams Notification Channel Options V1
description: The Microsoft Teams notification channel options
allOf:
- $ref: '#/components/schemas/NotificationChannelOptionsV1'
- type: object
required:
- url
properties:
url:
type: string
description: Microsoft Teams Webhook URL
maxLength: 255
example: https://xxxxxx.webhook.office.com/webhookb2/00000000-0000-0000-0000-000000000000@11111111-1111-1111-1111-111111111111/IncomingWebhook/00000000000000000000000000000000/22222222-2222-2222-2222-222222222222
MsTeamsNotificationChannelResponseV1:
type: object
title: Microsoft Teams Notification Channel Response V1
allOf:
- $ref: '#/components/schemas/NotificationChannelV1'
- $ref: '#/components/schemas/NotificationChannelResponseV1'
- type: object
required:
- options
properties:
options:
$ref: '#/components/schemas/MsTeamsNotificationChannelOptionsV1'
OpsgenieNotificationChannelOptionsV1:
title: Opsgenie Notification Channel Options V1
description: The Opsgenie notification channel options
allOf:
- $ref: '#/components/schemas/NotificationChannelOptionsV1'
- type: object
required:
- apiKey
properties:
region:
description: The Opsgenie region to use
type: string
example: US
enum:
- US
- EU
apiKey:
description: The Opsgenie api key
type: string
maxLength: 255
example: opsgenie-api-key
OpsgenieNotificationChannelResponseV1:
type: object
title: Opsgenie Notification Channel Response V1
allOf:
- $ref: '#/components/schemas/NotificationChannelV1'
- $ref: '#/components/schemas/NotificationChannelResponseV1'
- type: object
required:
- options
properties:
options:
$ref: '#/components/schemas/OpsgenieNotificationChannelOptionsV1'
PagerDutyNotificationChannelOptionsV1:
title: PagerDuty Notification Channel Options V1
description: The PagerDuty notification channel options
allOf:
- $ref: '#/components/schemas/NotificationChannelOptionsV1'
- type: object
required:
- account
- serviceKey
- serviceName
properties:
account:
description: The PagerDuty account used for the integration
type: string
maxLength: 255
example: myPagerDutyUser
serviceKey:
description: The PagerDuty service integration key
type: string
maxLength: 255
example: myPagerDutyServiceKey
serviceName:
description: The PagerDuty service name
type: string
maxLength: 255
example: myPagerDutyService
PagerDutyNotificationChannelResponseV1:
type: object
title: PagerDuty Notification Channel Response V1
allOf:
- $ref: '#/components/schemas/NotificationChannelV1'
- $ref: '#/components/schemas/NotificationChannelResponseV1'
- type: object
required:
- options
properties:
options:
$ref: '#/components/schemas/PagerDutyNotificationChannelOptionsV1'
PrometheusAlertManagerNotificationChannelOptionsV1:
title: Prometheus Alert Manager Notification Channel Options V1
description: The Prometheus Alert Manager notification channel options
allOf:
- $ref: '#/components/schemas/NotificationChannelOptionsV1'
- type: object
required:
- url
properties:
url:
description: The prometheus alert manager url to which the request should be posted
type: string
maxLength: 255
example: http://some-website/some-path
isAllowsInsecureConnections:
description: Specifies if the channel allows insecure connections (e.g. plain http, self-signed https)
type: boolean
example: false
additionalHeaders:
description: Additional headers to send in the request to the alert manager url
type: object
additionalProperties:
type: string
example: CUSTOM_HEADER
maxLength: 255
maxProperties: 10
PrometheusAlertManagerNotificationChannelResponseV1:
type: object
title: Prometheus Alert Manager Notification Channel Response V1
allOf:
- $ref: '#/components/schemas/NotificationChannelV1'
- $ref: '#/components/schemas/NotificationChannelResponseV1'
- type: object
required:
- options
properties:
options:
$ref: '#/components/schemas/PrometheusAlertManagerNotificationChannelOptionsV1'
SlackBaseNotificationChannelOptionsV1:
title: Slack Base Notification Channel Options V1
description: The Slack base notification channel options
type: object
required:
- url
properties:
channel:
description: The name of the Slack channel the user selected as a destination for messages.
type: string
maxLength: 255
example: \@some.user
url:
description: The Slack webhook URL
type: string
maxLength: 255
example: https://hooks.slack.com/TXXXXX/BXXXXX/XXXXXXXXXX
SlackCreateNotificationChannelOptionsV1:
title: Slack Create Notification Channel Options V1
description: The Slack create notification channel options
allOf:
- $ref: '#/components/schemas/NotificationChannelOptionsV1'
- $ref: '#/components/schemas/SlackBaseNotificationChannelOptionsV1'
- type: object
properties:
isPrivateChannel:
description: Whether the Slack channel is private or not
type: boolean
example: false
privateChannelUrl:
description: The channel URL, if channel is private
type: string
example: https://app.slack.com/client/TXXXXXXXX/CXXXXXXXXXX
maxLength: 255
SlackReadNotificationChannelOptionsV1:
title: Slack Read Notification Channel Options V1
description: The Slack read notification channel options
allOf:
- $ref: '#/components/schemas/NotificationChannelOptionsV1'
- $ref: '#/components/schemas/SlackCreateNotificationChannelOptionsV1'
- type: object
properties:
channelCreatorUserId:
description: The ID of the user that created the channel.
type: integer
format: int64
minimum: 0
maximum: 99999999999999
example: 1234
SlackNotificationChannelResponseV1:
type: object
title: Slack Notification Channel Response V1
allOf:
- $ref: '#/components/schemas/NotificationChannelV1'
- $ref: '#/components/schemas/NotificationChannelResponseV1'
- type: object
required:
- options
properties:
options:
$ref: '#/components/schemas/SlackReadNotificationChannelOptionsV1'
SnsNotificationChannelOptionsV1:
title: Amazon SNS Notification Channel Options V1
description: The Amazon SNS notification channel options
allOf:
- $ref: '#/components/schemas/NotificationChannelOptionsV1'
- type: object
properties:
snsTopicArns:
type: array
description: List of sns topic ARNs (Amazon Resource Names) to which notifications should be sent
maxItems: 100
uniqueItems: true
items:
type: string
maxLength: 256
example: arn:aws:sns:us-east-1:123456789012:mytopic-ABCDEFGHIJ01.
SnsNotificationChannelResponseV1:
type: object
title: Amazon SNS Notification Channel Response V1
allOf:
- $ref: '#/components/schemas/NotificationChannelV1'
- $ref: '#/components/schemas/NotificationChannelResponseV1'
- type: object
required:
- options
properties:
options:
$ref: '#/components/schemas/SnsNotificationChannelOptionsV1'
TeamEmailNotificationChannelOptionsV1:
title: Team Email Notification Channel Options V1
description: The Team Email notification channel options
allOf:
- $ref: '#/components/schemas/NotificationChannelOptionsV1'
- type: object
properties:
teamId:
description: ID of team to notify
type: integer
format: int32
minimum: 0
maximum: 2147483647
example: 13
isIncludeAdminUsers:
description: Whether the admin users of the team should be notified or not
type: boolean
example: false
TeamEmailNotificationChannelResponseV1:
type: object
title: Team Email Notification Channel Response V1
allOf:
- $ref: '#/components/schemas/NotificationChannelV1'
- $ref: '#/components/schemas/NotificationChannelResponseV1'
- type: object
required:
- options
properties:
options:
$ref: '#/components/schemas/TeamEmailNotificationChannelOptionsV1'
VictorOpsNotificationChannelOptionsV1:
title: VictorOps Notification Channel Options V1
description: The VictorOps notification channel options
allOf:
- $ref: '#/components/schemas/NotificationChannelOptionsV1'
- type: object
properties:
apiKey:
description: The VictorOps api key
type: string
maxLength: 255
example: my-api-key
routingKey:
description: The VictorOps routing key
type: string
maxLength: 255
example: my-routing-key
VictorOpsNotificationChannelResponseV1:
type: object
title: VictorOps Notification Channel Response V1
allOf:
- $ref: '#/components/schemas/NotificationChannelV1'
- $ref: '#/components/schemas/NotificationChannelResponseV1'
- type: object
required:
- options
properties:
options:
$ref: '#/components/schemas/VictorOpsNotificationChannelOptionsV1'
WebhookNotificationChannelOptionsV1:
title: Webhook Notification Channel Options V1
description: The Webhook notification channel options
allOf:
- $ref: '#/components/schemas/NotificationChannelOptionsV1'
- type: object
properties:
url:
description: The url to which the request should be posted
type: string
maxLength: 255
example: http://some-website/some-path
isAllowsInsecureConnections:
description: Specifies if the channel allows insecure connections (e.g. plain http, self-signed https)
type: boolean
example: false
additionalHeaders:
description: Additional headers to send in the request to the target url
type: object
additionalProperties:
type: string
example: CUSTOM_HEADER
maxLength: 255
maxProperties: 10
customData:
description: Additional data to be added to the template rendering context
type: object
additionalProperties:
type: object
example:
testField: testValue
maxProperties: 50
WebhookNotificationChannelResponseV1:
type: object
title: Webhook Notification Channel Response V1
allOf:
- $ref: '#/components/schemas/NotificationChannelV1'
- $ref: '#/components/schemas/NotificationChannelResponseV1'
- type: object
required:
- options
properties:
options:
$ref: '#/components/schemas/WebhookNotificationChannelOptionsV1'
GetNotificationChannelsPaginatedResponseV1:
title: Get Notification Channels Response v1
allOf:
- $ref: '#/components/schemas/OffsetPaginatedResponse'
- type: object
properties:
data:
type: array
items:
$ref: '#/components/schemas/NotificationChannelResponseV1'
maxItems: 200
CreateNotificationChannelRequestV1:
title: Create Notification Channel Request V1
allOf:
- type: object
required:
- type
properties:
type:
$ref: '#/components/schemas/NotificationChannelTypeV1'
discriminator:
propertyName: type
mapping:
CUSTOM_WEBHOOK: '#/components/schemas/CreateCustomWebhookNotificationChannelRequestV1'
EMAIL: '#/components/schemas/CreateEmailNotificationChannelRequestV1'
GCHAT: '#/components/schemas/CreateGchatNotificationChannelRequestV1'
IBM_EVENT_NOTIFICATIONS: '#/components/schemas/CreateIbmEventNotificationsNotificationChannelRequestV1'
MS_TEAMS: '#/components/schemas/CreateMsTeamsNotificationChannelRequestV1'
OPSGENIE: '#/components/schemas/CreateOpsgenieNotificationChannelRequestV1'
PAGER_DUTY: '#/components/schemas/CreatePagerDutyNotificationChannelRequestV1'
PROMETHEUS_ALERT_MANAGER: '#/components/schemas/CreatePrometheusAlertManagerNotificationChannelRequestV1'
SLACK: '#/components/schemas/CreateSlackNotificationChannelRequestV1'
SNS: '#/components/schemas/CreateSnsNotificationChannelRequestV1'
TEAM_EMAIL: '#/components/schemas/CreateTeamEmailNotificationChannelRequestV1'
VICTOROPS: '#/components/schemas/CreateVictorOpsNotificationChannelRequestV1'
WEBHOOK: '#/components/schemas/CreateWebhookNotificationChannelRequestV1'
CreateCustomWebhookNotificationChannelRequestV1:
type: object
title: Create Custom Webhook Notification Channel Request V1
allOf:
- $ref: '#/components/schemas/CreateNotificationChannelRequestV1'
- $ref: '#/components/schemas/NotificationChannelV1'
- type: object
required:
- options
properties:
options:
$ref: '#/components/schemas/CustomWebhookNotificationChannelOptionsV1'
CreateEmailNotificationChannelRequestV1:
type: object
title: Create Email Notification Channel Request V1
allOf:
- $ref: '#/components/schemas/CreateNotificationChannelRequestV1'
- $ref: '#/components/schemas/NotificationChannelV1'
- type: object
required:
- options
properties:
options:
$ref: '#/components/schemas/EmailNotificationChannelOptionsV1'
CreateGchatNotificationChannelRequestV1:
type: object
title: Create Google Chat Notification Channel Request V1
allOf:
- $ref: '#/components/schemas/NotificationChannelV1'
- $ref: '#/components/schemas/CreateNotificationChannelRequestV1'
- type: object
required:
- options
properties:
options:
$ref: '#/components/schemas/GchatNotificationChannelOptionsV1'
CreateIbmEventNotificationsNotificationChannelRequestV1:
type: object
title: Create IBM Event Notifications Notification Channel Request V1
description: This channel is only available in IBM Cloud
allOf:
- $ref: '#/components/schemas/NotificationChannelV1'
- $ref: '#/components/schemas/CreateNotificationChannelRequestV1'
- type: object
required:
- options
properties:
options:
$ref: '#/components/schemas/IbmEventNotificationsNotificationChannelOptionsV1'
CreateMsTeamsNotificationChannelRequestV1:
type: object
title: Create Microsoft Teams Notification Channel Request V1
allOf:
- $ref: '#/components/schemas/NotificationChannelV1'
- $ref: '#/components/schemas/CreateNotificationChannelRequestV1'
- type: object
required:
- options
properties:
options:
$ref: '#/components/schemas/MsTeamsNotificationChannelOptionsV1'
CreateOpsgenieNotificationChannelRequestV1:
type: object
title: Create Opsgenie Notification Channel Request V1
allOf:
- $ref: '#/components/schemas/NotificationChannelV1'
- $ref: '#/components/schemas/CreateNotificationChannelRequestV1'
- type: object
required:
- options
properties:
options:
$ref: '#/components/schemas/OpsgenieNotificationChannelOptionsV1'
CreatePagerDutyNotificationChannelRequestV1:
type: object
title: Create PagerDuty Notification Channel Request V1
allOf:
- $ref: '#/components/schemas/NotificationChannelV1'
- $ref: '#/components/schemas/CreateNotificationChannelRequestV1'
- type: object
required:
- options
properties:
options:
$ref: '#/components/schemas/PagerDutyNotificationChannelOptionsV1'
CreatePrometheusAlertManagerNotificationChannelRequestV1:
type: object
title: Create Prometheus Alert Manager Notification Channel Request V1
allOf:
- $ref: '#/components/schemas/NotificationChannelV1'
- $ref: '#/components/schemas/CreateNotificationChannelRequestV1'
- type: object
required:
- options
properties:
options:
$ref: '#/components/schemas/PrometheusAlertManagerNotificationChannelOptionsV1'
CreateSlackNotificationChannelRequestV1:
type: object
title: Create Slack Notification Channel Request V1
allOf:
- $ref: '#/components/schemas/NotificationChannelV1'
- $ref: '#/components/schemas/CreateNotificationChannelRequestV1'
- type: object
required:
- options
properties:
options:
$ref: '#/components/schemas/SlackCreateNotificationChannelOptionsV1'
CreateSnsNotificationChannelRequestV1:
type: object
title: Create Amazon SNS Notification Channel Request V1
allOf:
- $ref: '#/components/schemas/NotificationChannelV1'
- $ref: '#/components/schemas/CreateNotificationChannelRequestV1'
- type: object
required:
- options
properties:
options:
$ref: '#/components/schemas/SnsNotificationChannelOptionsV1'
CreateTeamEmailNotificationChannelRequestV1:
type: object
title: Create Team Email Notification Channel Request V1
allOf:
- $ref: '#/components/schemas/NotificationChannelV1'
- $ref: '#/components/schemas/CreateNotificationChannelRequestV1'
- type: object
required:
- options
properties:
options:
$ref: '#/components/schemas/TeamEmailNotificationChannelOptionsV1'
CreateVictorOpsNotificationChannelRequestV1:
type: object
title: Create VictorOps Notification Channel Request V1
allOf:
- $ref: '#/components/schemas/NotificationChannelV1'
- $ref: '#/components/schemas/CreateNotificationChannelRequestV1'
- type: object
required:
- options
properties:
options:
$ref: '#/components/schemas/VictorOpsNotificationChannelOptionsV1'
CreateWebhookNotificationChannelRequestV1:
type: object
title: Create Webhook Notification Channel Request V1
allOf:
- $ref: '#/components/schemas/NotificationChannelV1'
- $ref: '#/components/schemas/CreateNotificationChannelRequestV1'
- type: object
required:
- options
properties:
options:
$ref: '#/components/schemas/WebhookNotificationChannelOptionsV1'
NotificationChannelTypeV1:
title: Notification Channel Type
description: The type of the notification channel
type: string
example: EMAIL
enum:
- EMAIL
- SNS
- SLACK
- PAGER_DUTY
- VICTOROPS
- OPSGENIE
- WEBHOOK
- CUSTOM_WEBHOOK
- MS_TEAMS
- TEAM_EMAIL
- IBM_EVENT_NOTIFICATIONS
- PROMETHEUS_ALERT_MANAGER
- GCHAT
UpdateNotificationChannelRequestV1:
title: Update Notification Channel Request V1
allOf:
- type: object
required:
- type
properties:
type:
$ref: '#/components/schemas/NotificationChannelTypeV1'
version:
description: The current version of the resource.
allOf:
- $ref: '#/components/schemas/UnlimitedLong'
discriminator:
propertyName: type
mapping:
CUSTOM_WEBHOOK: '#/components/schemas/UpdateCustomWebhookNotificationChannelRequestV1'
EMAIL: '#/components/schemas/UpdateEmailNotificationChannelRequestV1'
GCHAT: '#/components/schemas/UpdateGchatNotificationChannelRequestV1'
IBM_EVENT_NOTIFICATIONS: '#/components/schemas/UpdateIbmEventNotificationsNotificationChannelRequestV1'
MS_TEAMS: '#/components/schemas/UpdateMsTeamsNotificationChannelRequestV1'
OPSGENIE: '#/components/schemas/UpdateOpsgenieNotificationChannelRequestV1'
PAGER_DUTY: '#/components/schemas/UpdatePagerDutyNotificationChannelRequestV1'
PROMETHEUS_ALERT_MANAGER: '#/components/schemas/UpdatePrometheusAlertManagerNotificationChannelRequestV1'
SLACK: '#/components/schemas/UpdateSlackNotificationChannelRequestV1'
SNS: '#/components/schemas/UpdateSnsNotificationChannelRequestV1'
TEAM_EMAIL: '#/components/schemas/UpdateTeamEmailNotificationChannelRequestV1'
VICTOROPS: '#/components/schemas/UpdateVictorOpsNotificationChannelRequestV1'
WEBHOOK: '#/components/schemas/UpdateWebhookNotificationChannelRequestV1'
UpdateCustomWebhookNotificationChannelRequestV1:
type: object
title: Update Custom Webhook Notification Channel Request V1
allOf:
- $ref: '#/components/schemas/UpdateNotificationChannelRequestV1'
- $ref: '#/components/schemas/NotificationChannelV1'
- type: object
required:
- options
properties:
options:
$ref: '#/components/schemas/CustomWebhookNotificationChannelOptionsV1'
UpdateEmailNotificationChannelRequestV1:
type: object
title: Update Email Notification Channel Request V1
allOf:
- $ref: '#/components/schemas/NotificationChannelV1'
- $ref: '#/components/schemas/UpdateNotificationChannelRequestV1'
- type: object
required:
- options
properties:
options:
$ref: '#/components/schemas/EmailNotificationChannelOptionsV1'
UpdateGchatNotificationChannelRequestV1:
type: object
title: Update Google Chat Notification Channel Request V1
allOf:
- $ref: '#/components/schemas/NotificationChannelV1'
- $ref: '#/components/schemas/UpdateNotificationChannelRequestV1'
- type: object
required:
- options
properties:
options:
$ref: '#/components/schemas/GchatNotificationChannelOptionsV1'
UpdateIbmEventNotificationsNotificationChannelRequestV1:
type: object
title: Update IBM Event Notifications Notification Channel Request V1
allOf:
- $ref: '#/components/schemas/NotificationChannelV1'
- $ref: '#/components/schemas/UpdateNotificationChannelRequestV1'
- type: object
required:
- options
properties:
options:
$ref: '#/components/schemas/IbmEventNotificationsNotificationChannelOptionsV1'
UpdateMsTeamsNotificationChannelRequestV1:
type: object
title: Update Microsoft Teams Notification Channel Request V1
allOf:
- $ref: '#/components/schemas/NotificationChannelV1'
- $ref: '#/components/schemas/UpdateNotificationChannelRequestV1'
- type: object
required:
- options
properties:
options:
$ref: '#/components/schemas/MsTeamsNotificationChannelOptionsV1'
UpdateOpsgenieNotificationChannelRequestV1:
type: object
title: Update Opsgenie Notification Channel Request V1
allOf:
- $ref: '#/components/schemas/NotificationChannelV1'
- $ref: '#/components/schemas/UpdateNotificationChannelRequestV1'
- type: object
required:
- options
properties:
options:
$ref: '#/components/schemas/OpsgenieNotificationChannelOptionsV1'
UpdatePagerDutyNotificationChannelRequestV1:
type: object
title: Update PagerDuty Notification Channel Request V1
allOf:
- $ref: '#/components/schemas/NotificationChannelV1'
- $ref: '#/components/schemas/UpdateNotificationChannelRequestV1'
- type: object
required:
- options
properties:
options:
$ref: '#/components/schemas/PagerDutyNotificationChannelOptionsV1'
UpdatePrometheusAlertManagerNotificationChannelRequestV1:
type: object
title: Update Prometheus Alert Manager Notification Channel Request V1
allOf:
- $ref: '#/components/schemas/NotificationChannelV1'
- $ref: '#/components/schemas/UpdateNotificationChannelRequestV1'
- type: object
required:
- options
properties:
options:
$ref: '#/components/schemas/PrometheusAlertManagerNotificationChannelOptionsV1'
SlackUpdateNotificationChannelOptionsV1:
title: Slack Update Notification Channel Options V1
description: The Slack update notification channel options
allOf:
- $ref: '#/components/schemas/NotificationChannelOptionsV1'
- $ref: '#/components/schemas/SlackBaseNotificationChannelOptionsV1'
UpdateSlackNotificationChannelRequestV1:
type: object
title: Update Slack Notification Channel Request V1
allOf:
- $ref: '#/components/schemas/NotificationChannelV1'
- $ref: '#/components/schemas/UpdateNotificationChannelRequestV1'
- type: object
required:
- options
properties:
options:
$ref: '#/components/schemas/SlackUpdateNotificationChannelOptionsV1'
UpdateSnsNotificationChannelRequestV1:
type: object
title: Update Amazon SNS Notification Channel Request V1
allOf:
- $ref: '#/components/schemas/NotificationChannelV1'
- $ref: '#/components/schemas/UpdateNotificationChannelRequestV1'
- type: object
required:
- options
properties:
options:
$ref: '#/components/schemas/SnsNotificationChannelOptionsV1'
UpdateTeamEmailNotificationChannelRequestV1:
type: object
title: Update Team Email Notification Channel Request V1
allOf:
- $ref: '#/components/schemas/NotificationChannelV1'
- $ref: '#/components/schemas/UpdateNotificationChannelRequestV1'
- type: object
required:
- options
properties:
options:
$ref: '#/components/schemas/TeamEmailNotificationChannelOptionsV1'
UpdateVictorOpsNotificationChannelRequestV1:
type: object
title: Update VictorOps Notification Channel Request V1
allOf:
- $ref: '#/components/schemas/NotificationChannelV1'
- $ref: '#/components/schemas/UpdateNotificationChannelRequestV1'
- type: object
required:
- options
properties:
options:
$ref: '#/components/schemas/VictorOpsNotificationChannelOptionsV1'
UpdateWebhookNotificationChannelRequestV1:
type: object
title: Update Webhook Notification Channel Request V1
allOf:
- $ref: '#/components/schemas/NotificationChannelV1'
- $ref: '#/components/schemas/UpdateNotificationChannelRequestV1'
- type: object
required:
- options
properties:
options:
$ref: '#/components/schemas/WebhookNotificationChannelOptionsV1'
TeamRoleV1:
title: Team Role
description: The standard team role provided by Sysdig.
type: string
example: ROLE_TEAM_READ
enum:
- ROLE_TEAM_NONE
- ROLE_TEAM_READ
- ROLE_TEAM_SERVICE_MANAGER
- ROLE_TEAM_STANDARD
- ROLE_TEAM_EDIT
- ROLE_TEAM_MANAGER
Product:
title: Sysdig Product
description: The Sysdig product
type: string
example: secure
enum:
- monitor
- secure
EntryPointModuleV1:
title: Entry Point Module
type: string
description: The Module is the area in Sysdig Monitor.
example: Alerts
enum:
- Alerts
- Dashboards
- Events
- Explore
- Overview
- Settings
- DashboardTemplates
EntryPointV1:
title: Entry Point
type: object
description: |
The page you see after logging into Sysdig UI. It is defined by a Module and a Selection.
**The Entry Point is not supported in Sysdig Secure.**
properties:
module:
$ref: '#/components/schemas/EntryPointModuleV1'
selection:
type: string
description: |
The selection is the specific page within the Module, usually defined by the resource ID.
It is supported only supported by **Dashboards** and **DashboardTemplates** Modules.
example: '2231245'
maxLength: 128
nullable: true
UiSettingsV1:
title: UiSettings
type: object
description: UI related settings.
properties:
entryPoint:
$ref: '#/components/schemas/EntryPointV1'
theme:
type: string
description: The color assigned to the team.
example: '#112233'
maxLength: 7
ScopeTypeV1:
title: Scope Type
type: string
example: PROMETHEUS_REMOTE_WRITE
enum:
- AGENT
- AWS_CLOUD_WATCH
- HOST_CONTAINER
- IBM_PLATFORM_METRICS
- PROMETHEUS_REMOTE_WRITE
ScopeV1:
title: Scope
type: object
required:
- type
- expression
properties:
type:
$ref: '#/components/schemas/ScopeTypeV1'
expression:
type: string
maxLength: 65356
example: kubernetes.cluster.name in ("test-env")
AdditionalTeamPermissionsV1:
title: Additional Team Permissions
type: object
description: Additional permissions available to the users of the team.
properties:
hasSysdigCaptures:
description: Enable the Sysdig captures feature for this team.
type: boolean
default: false
example: false
hasInfrastructureEvents:
type: boolean
default: false
example: false
hasAwsData:
type: boolean
default: false
example: false
hasRapidResponse:
type: boolean
default: false
example: false
hasAgentCli:
type: boolean
default: false
example: false
hasBeaconMetrics:
type: boolean
default: false
example: false
TeamResponseV1:
type: object
title: Team Response V1
properties:
id:
$ref: '#/components/schemas/UnlimitedLong'
name:
description: The name of the team. It must be unique.
type: string
example: Scanning operations
maxLength: 256
description:
description: A description of the team explaining what is it used for.
type: string
maxLength: 2048
example: This team has access to scanning results
nullable: true
isImmutableTeam:
description: Specifies if the team is immutable. This is true if the team was created by the system with full access. It cannot be modified.
type: boolean
example: false
isDefaultTeam:
description: Specifies if the team is the default team. The default team is used to automatically assign new users to a team.
type: boolean
example: false
standardTeamRole:
allOf:
- $ref: '#/components/schemas/TeamRoleV1'
description: |
The standard team role assigned by default to users added to this team. Mutually exclusive with 'customTeamRoleId'.
nullable: true
customTeamRoleId:
allOf:
- $ref: '#/components/schemas/UnlimitedLong'
description: |
The custom team role assigned by default to users added to this team. Mutually exclusive with 'standardTeamRoleId'.
nullable: true
product:
allOf:
- $ref: '#/components/schemas/Product'
description: The product to which the team is assigned to.
uiSettings:
$ref: '#/components/schemas/UiSettingsV1'
isAllZones:
description: |
'True' if the users belonging to this team have access to all zones. Mutually exclusive with 'zoneIds'.
type: boolean
example: false
zoneIds:
description: |
The list of zones that users assigned to this team will have access to. Mutually exclusive with 'allZones'.
type: array
items:
$ref: '#/components/schemas/UnlimitedLong'
maxItems: 8192
scopes:
description: The scopes available to the users of this team.
type: array
items:
$ref: '#/components/schemas/ScopeV1'
maxItems: 512
additionalTeamPermissions:
$ref: '#/components/schemas/AdditionalTeamPermissionsV1'
dateCreated:
description: The date (in ISO 8601 format) when this team was created.
type: string
format: date-time
example: '2017-07-21T17:32:28Z'
maxLength: 64
lastUpdated:
description: The date (in ISO 8601 format) when this team was last updated.
type: string
format: date-time
example: '2017-07-21T17:32:28Z'
maxLength: 64
version:
$ref: '#/components/schemas/UnlimitedLong'
GetTeamsPaginatedResponseV1:
title: Get Paginated Teams Response V1
allOf:
- $ref: '#/components/schemas/OffsetPaginatedResponse'
- type: object
properties:
data:
type: array
items:
$ref: '#/components/schemas/TeamResponseV1'
maxItems: 200
CreateTeamRequestV1:
title: Create Team Request
type: object
required:
- name
- product
properties:
name:
description: The name of the team. It must be unique.
type: string
minLength: 1
maxLength: 256
example: Team name
description:
description: A longer description of the team explaining what is it used for.
type: string
maxLength: 2048
example: Longer team description
isDefaultTeam:
description: Specifies if the team is the default team. The default team is used to automatically assign new users to a team.
type: boolean
example: false
standardTeamRole:
allOf:
- $ref: '#/components/schemas/TeamRoleV1'
description: |
The standard team role assigned by default to users added to this team. **Mutually exclusive with customTeamRoleId**.\
\
*ROLE_TEAM_SERVICE_MANAGER is only supported in Secure.*
customTeamRoleId:
allOf:
- $ref: '#/components/schemas/UnlimitedLong'
description: |
The custom team role assigned by default to users added to this team. **Mutually exclusive with standardTeamRoleId**.
product:
allOf:
- $ref: '#/components/schemas/Product'
description: The product to which the team is assigned to. Teams can only be part of a single product at a time.
uiSettings:
$ref: '#/components/schemas/UiSettingsV1'
isAllZones:
description: |
**True** if the users that are members of this team have access to all zones. **Mutually exclusive with zoneIds**.\
\
_Only supported in Secure features._
type: boolean
example: false
zoneIds:
description: |
The list of zones that users assigned to this team will have access to. **Mutually exclusive with allZones**.\
\
_Only supported in Secure features._
type: array
items:
$ref: '#/components/schemas/UnlimitedLong'
maxItems: 20
scopes:
description: |
Scopes is a list of different scope types and filter values that will be applied to resources
when accessed through the team.
type: array
items:
$ref: '#/components/schemas/ScopeV1'
maxItems: 512
additionalTeamPermissions:
$ref: '#/components/schemas/AdditionalTeamPermissionsV1'
UpdateTeamRequestV1:
type: object
title: Update Team Request V1
required:
- version
- name
- isDefaultTeam
- uiSettings
- scopes
- additionalTeamPermissions
properties:
version:
$ref: '#/components/schemas/UnlimitedLong'
name:
description: The name of the team.
type: string
example: User Team
maxLength: 256
description:
description: A description of the team explaining what is it used for.
type: string
example: User Team description
maxLength: 2048
isDefaultTeam:
description: Specifies if this is the default team. The default team is used to automatically assign new users to a team.
type: boolean
example: false
standardTeamRole:
allOf:
- $ref: '#/components/schemas/TeamRoleV1'
description: |
The standard team role assigned by default to users added to this team.
customTeamRoleId:
allOf:
- $ref: '#/components/schemas/UnlimitedLong'
description: |
The custom team role assigned by default to users added to this team.
uiSettings:
$ref: '#/components/schemas/UiSettingsV1'
isAllZones:
description: |
**True** if the users that are members of this team have access to all zones. **Mutually exclusive with zoneIds**.\
\
_Only supported in Secure features._
type: boolean
example: false
zoneIds:
description: |
The list of zones that users assigned to this team will have access to. **Mutually exclusive with allZones**.\
\
_Only supported in Secure features._
type: array
items:
$ref: '#/components/schemas/UnlimitedLong'
maxItems: 20
scopes:
description: |
Scopes is a list of different scope types and filter values that will be applied to resources
when accessed through the team.
type: array
items:
$ref: '#/components/schemas/ScopeV1'
maxItems: 512
minItems: 1
additionalTeamPermissions:
$ref: '#/components/schemas/AdditionalTeamPermissionsV1'
TeamUserResponseV1:
type: object
title: Team User Response V1
properties:
teamId:
$ref: '#/components/schemas/UnlimitedLong'
userId:
$ref: '#/components/schemas/UnlimitedLong'
standardTeamRole:
allOf:
- $ref: '#/components/schemas/TeamRoleV1'
nullable: true
customTeamRoleId:
allOf:
- $ref: '#/components/schemas/UnlimitedLong'
nullable: true
GetTeamUsersPaginatedResponseV1:
title: Get Paginated Team Users Response V1
allOf:
- $ref: '#/components/schemas/OffsetPaginatedResponse'
- type: object
properties:
data:
type: array
items:
$ref: '#/components/schemas/TeamUserResponseV1'
maxItems: 200
SaveTeamUserRequestV1:
type: object
title: Create or Update Membership Request V1
properties:
standardTeamRole:
description: |
The standard team role assigned for the user in this team. **Mutually exclusive with customTeamRoleId**.\
\
*ROLE_TEAM_SERVICE_MANAGER is only supported in Secure.*
allOf:
- $ref: '#/components/schemas/TeamRoleV1'
customTeamRoleId:
description: |
The custom team role ID assigned for the user in this team. **Mutually exclusive with standardTeamRole**.
allOf:
- $ref: '#/components/schemas/UnlimitedLong'
UserResponseV1:
type: object
title: User Response V1
properties:
id:
$ref: '#/components/schemas/UnlimitedLong'
email:
description: |
The email address of the user.
type: string
example: john.doe@nomail.cc
maxLength: 512
firstName:
description: |
The name of the user.
type: string
example: john
maxLength: 256
nullable: true
lastName:
description: |
The last name of the user.
type: string
example: doe
maxLength: 256
nullable: true
isAdmin:
description: |
**True** if the user has Administration permissions.
type: boolean
example: false
isEnabled:
description: |
**True** if the user is enabled.
type: boolean
example: true
activationStatus:
description: |
The current activation status of the user.
type: string
example: confirmed
maxLength: 256
dateCreated:
description: |
The date and time when the user was created.
type: string
format: date-time
example: '2017-07-21T17:32:28Z'
maxLength: 64
lastUpdated:
description: |
The date and time when the user was last updated.
type: string
format: date-time
example: '2017-07-21T17:32:28Z'
maxLength: 64
nullable: true
version:
allOf:
- $ref: '#/components/schemas/UnlimitedLong'
description: |
The current version of the resource.
bypassSsoEnforcement:
description: |
When **True**, the user can bypass SSO enforcement.
**Warning:** This allows the user to log in without SSO even when username and password login is disabled.
type: boolean
example: false
GetUsersPaginatedResponseV1:
title: Get Paginated Users Response V1
allOf:
- $ref: '#/components/schemas/OffsetPaginatedResponse'
- type: object
properties:
data:
type: array
items:
$ref: '#/components/schemas/UserResponseV1'
maxItems: 200
CreateUserRequestV1:
type: object
title: Create User Request V1
description: Request to create the User
required:
- email
properties:
email:
description: |
The email address of the user. If the activation flow is set, this address will
be used to send the activation email.
type: string
format: email
example: john.doe@nomail.cc
maxLength: 512
firstName:
description: |
The name of the user.
type: string
example: John
maxLength: 256
lastName:
description: |
The surname of the user.
type: string
example: Doe
maxLength: 256
isAdmin:
description: |
**True** if the user has Administration permissions.
type: boolean
default: false
example: false
bypassSsoEnforcement:
description: |
When **True**, the user can bypass SSO enforcement.
**Warning:** This allows the user to log in without SSO even when username and password login is disabled.
type: boolean
default: false
example: false
products:
description: The user will be added to the default teams specified by this field.
type: array
items:
$ref: '#/components/schemas/Product'
maxItems: 2
example:
- secure
- monitor
UpdateUserRequestV1:
type: object
title: Update User Request V1
required:
- version
properties:
firstName:
description: |
The name of the user.
type: string
example: john
maxLength: 256
lastName:
description: |
The surname of the user.
type: string
example: doe
maxLength: 256
isAdmin:
description: |
**True** if the user has Administration permissions.
type: boolean
example: false
isEnabled:
description: |
When **True**, the user can bypass SSO enforcement.
**Warning:** This allows the user to log in without SSO even when username and password login is disabled.
type: boolean
example: true
version:
allOf:
- $ref: '#/components/schemas/UnlimitedLong'
description: |
The current version of the resource.
bypassSsoEnforcement:
description: |
When **True**, the user can bypass SSO enforcement.
**Warning:** This allows the user to log in without SSO even when username and password login is disabled.
If a field is omitted, its value will be left unchanged.
type: boolean
example: false
DaysInYearInt:
description: Number of days in a year
type: integer
format: int32
minimum: 1
maximum: 365
example: 90
UserDeactivationConfigurationResponseV1:
type: object
title: User Deactivation Configuration Response V1
properties:
customerId:
allOf:
- $ref: '#/components/schemas/UnlimitedLong'
description: |
The customer Id.
isEnabled:
description: Specifies if user deactivation is enabled for this customer.
type: boolean
example: false
numberDaysBeforeDeactivation:
allOf:
- $ref: '#/components/schemas/DaysInYearInt'
description: |
Number of days before inactive users are deactivated.
UpdateUserDeactivationConfigurationRequestV1:
type: object
title: Update User Deactivation Configuration Request V1
required:
- isEnabled
- numberDaysBeforeDeactivation
properties:
isEnabled:
description: Specifies if user deactivation is enabled for this customer.
type: boolean
example: false
numberDaysBeforeDeactivation:
allOf:
- $ref: '#/components/schemas/DaysInYearInt'
description: |
Number of days before inactive users are deactivated.
BucketConfigurationV1:
type: object
title: Bucket Configuration V1
required:
- name
properties:
name:
description: The name of the bucket.
type: string
maxLength: 255
example: my-bucket
folder:
description: The folder in the bucket where the captures are stored. Name of the folder without any prefix slashes ("test-folder" and not "/test-folder").
type: string
maxLength: 255
example: my-folder
description:
description: The description of the bucket.
type: string
maxLength: 255
example: My bucket description
nullable: true
providerKeyId:
description: Id of the configured cloud provider account. Could be fetched with /api/providers endpoint.
type: string
maxLength: 255
example: my-provider-key-id
nullable: true
endpoint:
description: The endpoint of the bucket. ***Required for S3 compatible storage.***
type: string
maxLength: 255
example: https://my-bucket.s3.amazonaws.com
nullable: true
region:
description: The region of the bucket.
maxLength: 255
type: string
example: us-east-1
nullable: true
pathStyleAccess:
description: Specifies if the bucket uses path-style access.
type: boolean
default: false
example: false
CaptureStorageConfigurationResponseV1:
type: object
title: Capture Storage Configuration Response V1
properties:
isEnabled:
description: Specifies if capture storage is enabled.
type: boolean
example: false
isEncryptionWithProvidedKeyEnabled:
description: Specifies if server-side encryption with provided encryption key (SSE-C) is enabled.
type: boolean
example: false
buckets:
type: array
maxItems: 1
nullable: true
description: |
The list of buckets where the captures are stored. Currently only one bucket is supported.
items:
$ref: '#/components/schemas/BucketConfigurationV1'
SaveCaptureStorageConfigurationRequestV1:
type: object
title: Update Capture Storage Configuration Request V1
required:
- isEnabled
properties:
isEnabled:
description: Specifies if capture storage is enabled.
type: boolean
example: false
isEncryptionWithProvidedKeyEnabled:
description: Specifies if server-side encryption with provided encryption key (SSE-C) is enabled.
type: boolean
default: false
example: false
encryptionKey:
description: AES-256 encryption key to be used for server-side encryption (base64 encoded).
maxLength: 255
type: string
example: 23kA/KCxPktKXLijIIt91uB+sJ652w/ES9hZ3+eWadM=
buckets:
type: array
maxItems: 1
description: |
The list of buckets where the captures are stored. Currently only one bucket is supported.
items:
$ref: '#/components/schemas/BucketConfigurationV1'
AccessKeyResponseV1:
title: Access Key Response V1
description: Access key response
type: object
properties:
id:
$ref: '#/components/schemas/UnlimitedLong'
isEnabled:
description: Indicates if the access key is enabled
type: boolean
example: true
accessKey:
description: Displays the access key value
type: string
maxLength: 256
example: f97af7c5-dac3-49b1-b5e0-710871d34a15
dateCreated:
description: |
Date and time when access key was created
type: string
format: date-time
nullable: true
example: '2022-01-31T22:15:28Z'
maxLength: 64
dateDisabled:
description: |
Date and time when access key was disabled
type: string
format: date-time
nullable: true
example: '2022-01-31T22:15:28Z'
maxLength: 64
agentLimit:
description: Maximum number of agents that can be connected with the access key
type: integer
nullable: true
format: int32
minimum: 0
maximum: 2147483647
example: 100
agentReservation:
description: Number of agents that are guaranteed to be available for the access key
type: integer
nullable: true
format: int32
minimum: 0
maximum: 2147483647
example: 5
teamId:
description: ID of team that owns the access key
type: integer
nullable: true
format: int32
minimum: 0
maximum: 2147483647
example: 13
metadata:
description: Access key metadata (maximum of 20 key-value pairs where key can be up to 25 characters long and value can be up to 50 characters long)
maxItems: 20
type: object
additionalProperties:
type: string
maxLength: 76
example: metaKey1:metaValue1
GetAccessKeysPaginatedResponseV1:
title: Get Paginated Access Keys Response V1
allOf:
- $ref: '#/components/schemas/OffsetPaginatedResponse'
- type: object
properties:
data:
type: array
items:
$ref: '#/components/schemas/AccessKeyResponseV1'
maxItems: 200
CreateAccessKeyRequestV1:
title: Create Access Key Request
description: Create access key request
type: object
properties:
agentLimit:
description: Maximum number of agents that can be connected with the access key
type: integer
format: int32
minimum: 0
maximum: 2147483647
example: 100
agentReservation:
description: Number of agents that are guaranteed to be available for the access key
type: integer
format: int32
minimum: 0
maximum: 2147483647
example: 5
teamId:
description: ID of team that owns the access key
type: integer
format: int32
minimum: 0
maximum: 2147483647
example: 13
metadata:
description: Access key metadata (maximum of 20 key-value pairs where key can be up to 25 characters long and value can be up to 50 characters long)
maxItems: 20
type: object
additionalProperties:
type: string
maxLength: 76
example: metaKey1:metaValue1
UpdateAccessKeyRequestV1:
title: Update Access Key Request
description: Update access key request
type: object
required:
- isEnabled
properties:
agentLimit:
description: Maximum number of agents that can be connected with the access key
type: integer
format: int32
minimum: 0
maximum: 2147483647
example: 100
agentReservation:
description: Number of agents that are guaranteed to be available for the access key
type: integer
format: int32
minimum: 0
maximum: 2147483647
example: 5
teamId:
description: ID of team that owns the access key
type: integer
format: int32
minimum: 0
maximum: 2147483647
example: 13
isEnabled:
description: Flag that indicates if the access key should be disabled or enabled
type: boolean
example: true
metadata:
description: Access key metadata (maximum of 20 key-value pairs where key can be up to 25 characters long and value can be up to 50 characters long)
maxItems: 20
type: object
additionalProperties:
type: string
maxLength: 76
example: metaKey1:metaValue1
TeamMapV1:
type: object
title: Team Map
description: Determines the teams to which a group is mapped.
properties:
isForAllTeams:
description: |
If true, the group is mapped to all teams.
type: boolean
example: false
teamIds:
description: |
The list of teams to which group is mapped. It is empty when 'isForAllTeams' is true, otherwise it should have at least 1 element.
type: array
example:
- 154
- 187
items:
$ref: '#/components/schemas/UnlimitedLong'
maxItems: 8192
GroupMappingResponseV1:
type: object
title: Group Mapping Response V1
properties:
id:
$ref: '#/components/schemas/UnlimitedLong'
groupName:
description: The group name matching the external provider name.
type: string
example: Admins_Mapped_Group
maxLength: 256
standardTeamRole:
description: |
The standard team role assigned for the user in this team. **Mutually exclusive with customTeamRoleId**.
allOf:
- $ref: '#/components/schemas/TeamRoleV1'
nullable: true
customTeamRoleId:
description: |
The custom team role ID assigned for the user in this team. **Mutually exclusive with standardTeamRole**.
allOf:
- $ref: '#/components/schemas/UnlimitedLong'
nullable: true
isAdmin:
description: Flag that indicates if the group is an admin group.
type: boolean
example: false
teamMap:
$ref: '#/components/schemas/TeamMapV1'
weight:
description: The weight of the group mapping that is used to determine the priority - a lower number has higher priority.
type: integer
format: int16
minimum: 1
maximum: 32767
example: 2
dateCreated:
description: The date in which this group mapping was created in ISO 8601 format.
type: string
format: date-time
example: '2017-07-21T17:32:28Z'
maxLength: 64
lastUpdated:
description: The date in which this group mapping was last updated in ISO 8601 format.
type: string
format: date-time
example: '2017-07-21T17:32:28Z'
maxLength: 64
GroupMappingsPaginatedResponseV1:
title: Get Group Mappings Paginated Response V1
allOf:
- $ref: '#/components/schemas/OffsetPaginatedResponse'
- type: object
properties:
data:
type: array
items:
$ref: '#/components/schemas/GroupMappingResponseV1'
maxItems: 8192
CreateGroupMappingRequestV1:
type: object
title: Create Group Mapping Request V1
properties:
groupName:
description: The group name matching the external provider name.
type: string
example: Admins_Mapped_Group
maxLength: 256
standardTeamRole:
description: |
The standard team role assigned for the user in this team. **Mutually exclusive with customTeamRoleId**.
allOf:
- $ref: '#/components/schemas/TeamRoleV1'
nullable: true
customTeamRoleId:
description: |
The custom team role ID assigned for the user in this team. **Mutually exclusive with standardTeamRole**.
allOf:
- $ref: '#/components/schemas/UnlimitedLong'
nullable: true
isAdmin:
description: Flag that indicates if the group is an admin group.
type: boolean
example: false
teamMap:
$ref: '#/components/schemas/TeamMapV1'
weight:
description: The weight of the group mapping is used to determine the priority - a lower number has higher priority.
type: integer
format: int16
minimum: 1
maximum: 32767
default: 32767
example: 2
required:
- groupName
- teamMap
UpdateGroupMappingRequestV1:
type: object
title: Update Group Mapping Request V1
properties:
groupName:
description: The group name matching the external provider name.
type: string
example: Admins_Mapped_Group
maxLength: 256
standardTeamRole:
description: |
The standard team role assigned for the user in this team. **Mutually exclusive with customTeamRoleId**.
allOf:
- $ref: '#/components/schemas/TeamRoleV1'
nullable: true
customTeamRoleId:
description: |
The custom team role ID assigned for the user in this team. **Mutually exclusive with standardTeamRole**.
allOf:
- $ref: '#/components/schemas/UnlimitedLong'
nullable: true
isAdmin:
description: Flag that indicates if the group is an admin group.
type: boolean
example: false
teamMap:
$ref: '#/components/schemas/TeamMapV1'
weight:
description: The weight of the group mapping that is used to determine the priority - a lower number has higher priority.
type: integer
format: int16
minimum: 1
maximum: 32767
default: 32767
example: 2
required:
- groupName
- teamMap
- isAdmin
- weight
GroupMappingSettingsV1:
type: object
title: Group Mapping Settings Request V1
description: |
The request to save group mapping settings.
Currently settings for conflict resolution strategies are supported.
properties:
noMappingStrategy:
description: |
Strategy for handling no mappings.
type: string
example: UNAUTHORIZED
enum:
- UNAUTHORIZED
- DEFAULT_TEAM_DEFAULT_ROLE
- NO_MAPPINGS_ERROR_REDIRECT
differentRolesSameTeamStrategy:
description: |
Strategy for handling different roles on the same team.
type: string
example: UNAUTHORIZED
enum:
- UNAUTHORIZED
- FIRST_MATCH
- WEIGHTED
- WEIGHTED_BY_TEAM
noMappingsErrorRedirectUrl:
description: |
Redirect URL when NO_MAPPINGS_ERROR_REDIRECT is selected.
type: string
example: https://www.example.com
maxLength: 2048
nullable: true
required:
- noMappingStrategy
- differentRolesSameTeamStrategy
SsoSettingsBaseSchemaV1:
type: object
title: SSO Settings Base Schema V1
properties:
product:
allOf:
- $ref: '#/components/schemas/Product'
description: The product to which SSO settings is applied to. SSO settings are configured per specific product.
isActive:
type: boolean
description: Flag to indicate if the SSO settings is active.
example: true
createUserOnLogin:
type: boolean
description: Flag to indicate if the user will be created automatically if not found in the system.
example: true
isPasswordLoginEnabled:
type: boolean
description: 'Flag to indicate if the user will be able to login with password. Deprecated: use the API endpoint `/platform/v1/global-sso-settings` for this functionality. This is now a global setting: if this flag is defined here and this SSO setting is set to be active, the setting will be applied at global level.'
example: true
deprecated: true
isSingleLogoutEnabled:
type: boolean
description: Flag to indicate if the single logout support is enabled.
example: true
isGroupMappingEnabled:
type: boolean
description: Flag to indicate if group mapping support is enabled.
example: true
groupMappingAttributeName:
type: string
description: The group mapping attribute name.
example: groups
maxLength: 64
nullable: true
SsoSettingsResponseBaseV1:
title: SSO Settings Write Base Response V1
type: object
description: Response SSO Settings Base Schema
required:
- type
properties:
type:
$ref: '#/components/schemas/SsoTypeV1'
discriminator:
propertyName: type
mapping:
SAML: '#/components/schemas/SamlResponseV1'
OPENID: '#/components/schemas/OpenIdConfigResponseV1'
SamlBaseV1:
type: object
title: SAML SSO Settings Base Schema V1
properties:
metadataUrl:
type: string
description: The metadata URL of the SAML provider. **Mutually exclusive with metadata*
example: https://accounts.example.com/metadata
maxLength: 2048
metadataXml:
type: string
description: The metadata XML of the SAML provider. **Mutually exclusive with metadataUrl*
maxLength: 65356
example: |
emailParameter:
type: string
description: The email parameter of the SAML provider.
example: email
maxLength: 2048
isSignatureValidationEnabled:
type: boolean
description: Flag that indicates if the signature validation is enabled.
example: true
default: true
isSignedAssertionEnabled:
type: boolean
description: Flag that indicates if the signed assertion is enabled.
example: true
default: true
isDestinationVerificationEnabled:
type: boolean
description: Flag that indicates if the destination verification is enabled.
example: true
isEncryptionSupportEnabled:
type: boolean
description: Flag that indicates if the encryption support is enabled.
example: true
SamlResponseV1:
type: object
title: SAML Settings Response V1
allOf:
- $ref: '#/components/schemas/SsoSettingsResponseBaseV1'
- $ref: '#/components/schemas/SamlBaseV1'
OpenIdMetadataV1:
type: object
title: The metadata of the OpenID Connect provider
properties:
issuer:
type: string
description: The base issuer URL of the OpenID Connect provider.
example: https://accounts.example.com
maxLength: 2048
authorizationEndpoint:
type: string
description: The authorization endpoint of the OpenID Connect provider.
example: https://accounts.example.com/oauth2/authorize
maxLength: 2048
tokenEndpoint:
type: string
description: The token endpoint of the OpenID Connect provider.
example: https://accounts.example.com/oauth2/token
maxLength: 2048
jwksUri:
type: string
description: The JSON Web Key Set URI of the OpenID Connect provider.
example: https://accounts.example.com/oauth2/jwks
maxLength: 2048
endSessionEndpoint:
type: string
description: Single sign-out endpoint of the OpenID Connect provider.
example: https://accounts.example.com/oauth2/logout
maxLength: 2048
userInfoEndpoint:
type: string
description: The user info endpoint of the OpenID Connect provider.
example: https://accounts.example.com/oauth2/userinfo
maxLength: 2048
tokenAuthMethod:
type: string
enum:
- CLIENT_SECRET_BASIC
- CLIENT_SECRET_POST
description: The token authentication method of the OpenID Connect provider.
example: CLIENT_SECRET_BASIC
required:
- issuer
- authorizationEndpoint
- tokenEndpoint
- jwksUri
- tokenAuthMethod
OpenIdBaseV1:
type: object
title: OpenID Settings Base Schema
properties:
issuerUrl:
type: string
description: The issuer URL of the OpenID Connect provider.
example: https://accounts.example.com
maxLength: 2048
clientId:
type: string
description: The client ID of the OpenID Connect provider.
example: client-id
maxLength: 2048
isMetadataDiscoveryEnabled:
type: boolean
description: Flag to indicate if the metadata discovery is enabled.
example: true
metadata:
allOf:
- $ref: '#/components/schemas/OpenIdMetadataV1'
description: The metadata of the OpenID Connect provider.
groupAttributeName:
type: string
description: The group attribute name of the OpenID Connect provider.
example: groups
maxLength: 64
isAdditionalScopesCheckEnabled:
type: boolean
description: Flag to indicate if the additional scopes verification on login.
example: true
additionalScopes:
type: array
description: List of additional scopes to be verified on login.
items:
type: string
description: The scope to be verified on login.
maxLength: 64
example: scope 1
example:
- scope 1
- scope 2
maxItems: 64
OpenIdConfigResponseV1:
type: object
title: OpenID Connect SSO Settings Response V1
allOf:
- $ref: '#/components/schemas/SsoSettingsResponseBaseV1'
- $ref: '#/components/schemas/OpenIdBaseV1'
SsoTypeV1:
title: SSO Type
description: Supported SSO types
type: string
example: SAML
enum:
- SAML
- OPENID
SsoSettingsResponseV1:
type: object
title: SSO Settings Write Response V1
allOf:
- $ref: '#/components/schemas/SsoSettingsBaseSchemaV1'
- type: object
properties:
id:
$ref: '#/components/schemas/UnlimitedLong'
config:
$ref: '#/components/schemas/SsoSettingsResponseBaseV1'
dateCreated:
description: The date (in ISO 8601 format) when this SSO config was created.
type: string
format: date-time
example: '2017-07-21T17:32:28Z'
maxLength: 64
lastUpdated:
description: The date (in ISO 8601 format) when this SSO config was last updated.
type: string
format: date-time
example: '2017-07-21T17:32:28Z'
maxLength: 64
version:
$ref: '#/components/schemas/UnlimitedLong'
AllSsoSettingsResponseV1:
title: Get All SSO Settings Response V1
type: object
properties:
data:
description: The list of SSO settings.
type: array
items:
$ref: '#/components/schemas/SsoSettingsResponseV1'
maxItems: 250
SsoSettingsCreateRequestBaseV1:
title: SSO Settings Create Request Base V1
type: object
description: Create Request SSO Settings Base Schema
required:
- type
properties:
type:
$ref: '#/components/schemas/SsoTypeV1'
discriminator:
propertyName: type
mapping:
SAML: '#/components/schemas/SamlCreateRequestV1'
OPENID: '#/components/schemas/OpenIdCreateRequestV1'
SamlCreateRequestV1:
type: object
title: SAML Settings Create Request V1
allOf:
- $ref: '#/components/schemas/SsoSettingsCreateRequestBaseV1'
- $ref: '#/components/schemas/SamlBaseV1'
required:
- emailParameter
OpenIdRequestBaseV1:
type: object
title: OpenID Settings Base Write Request V1
allOf:
- $ref: '#/components/schemas/OpenIdBaseV1'
- type: object
properties:
clientSecret:
type: string
description: The client secret of the OpenID Connect provider.
example: client-secret
maxLength: 2048
OpenIdCreateRequestV1:
type: object
title: OpenID Connect SSO Settings Create Request V1
allOf:
- $ref: '#/components/schemas/SsoSettingsCreateRequestBaseV1'
- $ref: '#/components/schemas/OpenIdRequestBaseV1'
required:
- issuerUrl
- clientId
- clientSecret
CreateSsoSettingsRequestV1:
type: object
title: Create SSO settings Request V1
allOf:
- $ref: '#/components/schemas/SsoSettingsBaseSchemaV1'
- type: object
properties:
config:
$ref: '#/components/schemas/SsoSettingsCreateRequestBaseV1'
required:
- product
- config
SsoSettingsUpdateRequestBaseV1:
title: SSO Settings Update Request Base V1
type: object
description: Update Request SSO Settings Base Schema
required:
- type
properties:
type:
$ref: '#/components/schemas/SsoTypeV1'
discriminator:
propertyName: type
mapping:
SAML: '#/components/schemas/SamlUpdateRequestV1'
OPENID: '#/components/schemas/OpenIdUpdateRequestV1'
SamlUpdateRequestV1:
type: object
title: SAML Settings Update Request V1
allOf:
- $ref: '#/components/schemas/SsoSettingsUpdateRequestBaseV1'
- $ref: '#/components/schemas/SamlBaseV1'
required:
- emailParameter
- isSignatureValidationEnabled
- isSignedAssertionEnabled
- isDestinationVerificationEnabled
- isEncryptionSupportEnabled
OpenIdUpdateRequestV1:
type: object
title: OpenID Connect SSO Settings Update Request V1
allOf:
- $ref: '#/components/schemas/SsoSettingsUpdateRequestBaseV1'
- $ref: '#/components/schemas/OpenIdRequestBaseV1'
required:
- issuerUrl
- clientId
- clientSecret
- isAdditionalScopesCheckEnabled
- isMetadataDiscoveryEnabled
UpdateSsoSettingsRequestV1:
type: object
title: Update SSO settings Request V1
allOf:
- $ref: '#/components/schemas/SsoSettingsBaseSchemaV1'
- type: object
properties:
version:
$ref: '#/components/schemas/UnlimitedLong'
config:
$ref: '#/components/schemas/SsoSettingsUpdateRequestBaseV1'
required:
- version
- product
- config
- isActive
- createUserOnLogin
- isSingleLogoutEnabled
- isGroupMappingEnabled
GlobalSsoSettingsResponseV1:
type: object
title: Global SSO Settings Response V1
properties:
isPasswordLoginEnabled:
type: boolean
description: Indicates whether password login is enabled.
example: true
GlobalSsoSettingsRequestV1:
type: object
title: Global SSO Settings Request V1
properties:
isPasswordLoginEnabled:
type: boolean
description: Set to `true` to enable password login when SSO is enabled, or `false` to disable it.
example: true
required:
- isPasswordLoginEnabled
ServiceAccountsNotificationSettinsBase:
type: object
description: The base schema for the service accounts notification settings.
properties:
isEnabled:
description: Whether the notification settings are enabled or not.
type: boolean
example: true
notificationChannelIds:
description: |
The list of notification channel IDs to which the notifications are to be sent.\
\
Supported types are **EMAIL** and **SLACK**.
type: array
items:
allOf:
- $ref: '#/components/schemas/UnlimitedLong'
maxItems: 10
daysBeforeExpiry:
description: The number of days before the expiry of the service account when the notifications are to be sent.
type: array
minimum: 1
maximum: 60
maxItems: 5
default:
- 30
- 7
- 1
items:
type: integer
format: int32
minimum: 1
maximum: 60
example: 3
ServiceAccountsNotificationSettingsResponseV1:
type: object
title: Service Accounts Notification Settings Response V1
allOf:
- $ref: '#/components/schemas/ServiceAccountsNotificationSettinsBase'
UpdateServiceAccountsNotificationSettingsRequestV1:
type: object
title: Update Service Accounts Notification Settings Request V1
required:
- isEnabled
- notificationChannelIds
- daysBeforeExpiry
allOf:
- $ref: '#/components/schemas/ServiceAccountsNotificationSettinsBase'
CreateServiceAccountsNotificationSettingsRequestV1:
type: object
title: Create Service Accounts Notification Settings Request V1
required:
- isEnabled
- notificationChannelIds
allOf:
- $ref: '#/components/schemas/ServiceAccountsNotificationSettinsBase'
IpFilterResponseV1:
type: object
title: IP Filter Response V1
properties:
id:
$ref: '#/components/schemas/UnlimitedLong'
ipRange:
type: string
description: IP range in CIDR notation
maxLength: 43
example: 192.168.0.0/24
note:
type: string
maxLength: 128
example: London Office
nullable: true
isEnabled:
type: boolean
example: true
isAllowed:
description: Whether the IP range is allowed or not.
type: boolean
example: true
lastUpdated:
description: The date when IP filter was last updated.
type: string
format: date-time
example: '2017-07-21T17:32:28Z'
maxLength: 64
IpFiltersPaginatedResponseV1:
title: Get Paginated IP Filters Response V1
allOf:
- $ref: '#/components/schemas/OffsetPaginatedResponse'
- type: object
properties:
data:
type: array
items:
$ref: '#/components/schemas/IpFilterResponseV1'
maxItems: 200
CreateIpFilterV1:
type: object
title: Create IP Filter Request V1
description: Request to create IP filter.
required:
- ipRange
- isEnabled
properties:
ipRange:
description: IP range in CIDR notation
type: string
maxLength: 43
example: 192.168.0.0/24
note:
type: string
maxLength: 128
example: London Office
isEnabled:
type: boolean
example: true
UpdateIpFilterV1:
type: object
title: Update IP Filter Request V1
description: Request to update IP filter.
required:
- ipRange
- isEnabled
- note
properties:
ipRange:
description: IP range in CIDR notation
type: string
maxLength: 43
example: 192.168.0.0/24
note:
type: string
maxLength: 128
example: London Office
isEnabled:
type: boolean
example: true
IpFiltersSettingsV1:
type: object
title: Ip Filters Settings V1
description: |
Used to configure IP filters settings.
properties:
isFilteringEnabled:
type: boolean
description: Specifies if IP filtering is enabled.
example: false
PermissionV1:
type: object
description: Permission to perform an action on the Sysdig platform.
properties:
id:
description: |
Permission Authority.
type: string
example: cspm-results.read
maxLength: 256
description:
description: |
Permission description.
type: string
example: Access CSPM results
maxLength: 512
products:
description: |
Specifies the Sysdig product the permission applies to (Secure = SDS; Monitor = SDC).
type: array
uniqueItems: true
items:
type: string
description: |
Sysdig Monitor Product - SDC\
Sysdig Secure Product - SDS
example: SDS
maxLength: 3
maxItems: 2
dependencies:
description: |
List of permissions that this permission depends on.
type: array
uniqueItems: true
items:
type: string
maxLength: 256
example: cspm-results.read
maxItems: 100
GetPermissionsResponseV1:
title: Permissions Response V1
description: Permissions response
type: object
properties:
permissions:
type: array
uniqueItems: true
description: |
Set of permissions
items:
$ref: '#/components/schemas/PermissionV1'
maxItems: 1000
total:
description: Total number of permissions
type: integer
format: int32
minimum: 0
maximum: 2147483647
example: 135
RoleResponseV1:
title: Create Role Response
description: Create role response
type: object
properties:
id:
$ref: '#/components/schemas/UnlimitedLong'
description:
description: Describes the role
type: string
maxLength: 255
example: Enables access to Dashboards section
monitorPermissions:
description: "Set of Monitor permissions assigned to the role. \nCheck GET /platform/v1/permissions to obtain the list of available values.\n"
type: array
uniqueItems: true
items:
type: string
maxLength: 255
example: alerts.read
maxItems: 100
securePermissions:
description: "Set of Secure permissions assigned to the role. \nCheck GET /platform/v1/permissions to obtain the list of available values.\n"
type: array
uniqueItems: true
items:
type: string
maxLength: 255
example: scanning.read
maxItems: 100
name:
description: The display name of the role
type: string
maxLength: 255
example: Dashboard Viewer
GetRolesPaginatedResponseV1:
title: Get Paginated Roles Response V1
allOf:
- $ref: '#/components/schemas/OffsetPaginatedResponse'
- type: object
properties:
data:
type: array
items:
$ref: '#/components/schemas/RoleResponseV1'
maxItems: 200
RoleRequestV1:
title: Role Request
description: Create or update role request
type: object
required:
- name
properties:
description:
description: Describes the role
type: string
maxLength: 255
example: Enables access to Dashboards section
monitorPermissions:
description: "Set of Monitor permissions assigned to the role. \nCheck GET /platform/v1/permissions to obtain the list of available values.\n"
type: array
uniqueItems: true
items:
type: string
maxLength: 255
example: alerts.read
maxItems: 100
securePermissions:
description: "Set of Secure permissions assigned to the role. \nCheck GET /platform/v1/permissions to obtain the list of available values.\n"
type: array
uniqueItems: true
items:
type: string
maxLength: 255
example: scanning.read
maxItems: 100
name:
description: The display name of the role
type: string
maxLength: 255
example: Dashboard Viewer
ServiceAccountResponseV1:
title: Service Account Response V1
type: object
properties:
id:
$ref: '#/components/schemas/UnlimitedLong'
name:
description: Service Account display name.
type: string
example: CI/CD service api key
maxLength: 256
dateCreated:
description: Date and time when the Service Account was created.
type: string
format: date-time
maxLength: 64
example: '2024-08-23T17:32:28Z'
lastUpdated:
description: Date and time when the Service Account was last updated.
type: string
format: date-time
maxLength: 64
example: '2024-04-11T17:32:28Z'
lastUsed:
description: Date and time when the Service Account API key was last used.
type: string
format: date-time
maxLength: 64
example: '2024-06-15T17:32:28Z'
expirationDate:
description: Date and time when the Service Account API key expires.
type: string
format: date-time
maxLength: 64
example: '2024-06-15T17:32:28Z'
teamId:
description: Team ID of the team the service account is associated with.
type: integer
format: int64
minimum: 1
maximum: 9223372036854776000
example: 32
teamRole:
description: The predefined team role for a Service Account, or an ID of a custom role.
type: string
maxLength: 256
example: ROLE_TEAM_STANDARD
systemRoles:
description: Array of System roles assigned to the global service account.
type: array
minItems: 1
maxItems: 20
items:
type: string
maxLength: 128
example: ROLE_SERVICE_ACCOUNT
GetServiceAccountsPaginatedResponseV1:
title: Get Service Accounts Paginated Response V1
allOf:
- $ref: '#/components/schemas/OffsetPaginatedResponse'
- type: object
properties:
data:
type: array
items:
$ref: '#/components/schemas/ServiceAccountResponseV1'
maxItems: 200
CreateServiceAccountRequestV1:
title: Create Service Account Request V1
type: object
properties:
name:
description: The display name of the Service Account.
type: string
example: CI/CD service api key
maxLength: 256
expirationDate:
description: Time when the Service Account API key expires, | in number of milliseconds since January 1, 1970, 00:00:00 GMT
type: integer
format: int64
minimum: 0
maximum: 9223372036854775000
example: 1630326638135
CreateGlobalServiceAccountRequestV1:
title: Create Global Service Account Request V1
type: object
required:
- name
- systemRoles
allOf:
- $ref: '#/components/schemas/CreateServiceAccountRequestV1'
- type: object
properties:
systemRoles:
description: Array of System roles assigned to the global service account.
type: array
minItems: 1
maxItems: 20
items:
type: string
maxLength: 128
example: ROLE_SERVICE_ACCOUNT
ServiceAccountWithKeyResponseV1:
title: Service Account With Key Response V1
type: object
allOf:
- $ref: '#/components/schemas/ServiceAccountResponseV1'
- type: object
properties:
apiKey:
description: Service Account API key
type: string
maxLength: 256
example: 123ab45c-d67e-89fg-0hij-1k23456l7890-n1MO
CreateTeamServiceAccountRequestV1:
title: Create Team Service Account Request V1
type: object
required:
- name
- teamRole
allOf:
- $ref: '#/components/schemas/CreateServiceAccountRequestV1'
- type: object
properties:
teamRole:
description: Team role to be assigned to the team service account. | It can be a string for predefined roles or an id of a custom role.
type: string
maxLength: 128
example: CICD_SCANNING
NotificationChannel:
type: object
description: Schema for a notification channel object
properties:
id:
type: integer
format: int64
description: Notification channel Id
example: 2678526
minimum: 0
maximum: 2147483647000
type:
type: string
description: Notification channel type
example: Email
maxLength: 256
ScheduleResponse:
type: object
title: Schedule
description: Schema for a scheduled report
required:
- id
- userId
- teamId
- customerId
- reportId
- isReportTemplate
- reportFormat
- zones
- schedule
- enabled
- createdBy
- createdOn
properties:
id:
type: string
description: Unique identifier for the schedule
example: 2pAtvxUMOXjoZlA1WJkkoCL6SeS
maxLength: 512
userId:
type: integer
format: int64
description: ID of the user who created the schedule
example: 2678526
minimum: 0
maximum: 2147483647
teamId:
type: integer
format: int64
description: ID of the team associated with the schedule
example: 2074112
minimum: 0
maximum: 2147483647
customerId:
type: integer
format: int64
description: ID of the customer associated with the schedule
example: 121517
minimum: 0
maximum: 2147483647
name:
type: string
description: Name of the schedule
example: test schedule password 1
maxLength: 512
description:
type: string
description: Description of the schedule
example: ''
maxLength: 2048
reportId:
type: integer
format: int64
description: ID of the report
example: 26
minimum: 0
maximum: 2147483647
reportName:
type: string
description: Name of the report
example: Compliance Readiness Report
maxLength: 512
isReportTemplate:
type: boolean
description: Indicates if the report is a template
example: true
reportFormat:
type: string
description: Format of the report
example: pdf
maxLength: 512
zones:
type: array
description: List of zone IDs
maxItems: 100
items:
type: integer
format: int64
example: 239
minimum: 0
maximum: 2147483647
policies:
type: array
description: List of policy IDs
maxItems: 100
items:
type: integer
format: int64
example: 52
minimum: 0
maximum: 2147483647
timezone:
type: string
description: Timezone for the schedule
example: America/Chicago
maxLength: 512
schedule:
type: string
description: Cron expression for the schedule
example: 00 30 06 * * *
maxLength: 512
enabled:
type: boolean
description: Indicates if the schedule is enabled
example: true
notificationChannels:
type: array
description: List of notification channels
maxItems: 100
items:
allOf:
- $ref: '#/components/schemas/NotificationChannel'
iacTaskId:
type: integer
format: int64
description: ID of the IaC task
example: 647423
minimum: 0
maximum: 2147483647
passwordEnabled:
type: boolean
description: Indicates if password protection is enabled
example: true
compression:
type: string
description: Compression format
example: zip
maxLength: 512
createdBy:
type: string
description: Email of the user who created the schedule
example: user@sysdig.com
maxLength: 512
updatedBy:
type: string
description: Email of the user who last updated the schedule
example: user@sysdig.com
maxLength: 512
createdOn:
type: string
format: date-time
description: Timestamp when the schedule was created
example: '2024-11-21T20:29:01.415528Z'
maxLength: 512
modifiedOn:
type: string
format: date-time
description: Timestamp when the schedule was last modified
example: '2024-11-22T04:40:17.3083Z'
maxLength: 512
lastScheduledOn:
type: string
format: date-time
description: Timestamp when the schedule was last run
example: '2024-12-10T06:30:05.472079Z'
maxLength: 512
lastStartedOn:
type: string
format: date-time
description: Timestamp when the schedule was last started
example: '2024-12-10T06:30:05.472079Z'
maxLength: 512
lastCompletedOn:
type: string
format: date-time
description: Timestamp when the schedule was last completed
example: '2024-12-10T06:30:36.194531Z'
maxLength: 512
ListSchedules:
type: object
title: List Schedules Response V1
required:
- data
properties:
data:
type: array
description: List of Schedules.
maxItems: 10000
items:
$ref: '#/components/schemas/ScheduleResponse'
TimeFrame:
type: object
description: The start and end time of the request
properties:
from:
$ref: '#/components/schemas/UnlimitedLong'
to:
$ref: '#/components/schemas/UnlimitedLong'
JobResponse:
type: object
title: Job Response
description: Schema for a job response
required:
- id
- userId
- teamId
- customerId
- reportId
- isReportTemplate
- reportFormat
- jobType
- zones
- status
- createdBy
- scheduledOn
properties:
id:
type: string
description: Unique identifier for the job.
example: 2pUnGeLvrOo5qoWuvXg5H9nEH2g
maxLength: 512
userId:
type: integer
format: int64
description: ID of the user who created the job.
example: 0
minimum: 0
maximum: 2147483647
teamId:
type: integer
format: int64
description: ID of the team the job was created under.
example: 2074112
minimum: 0
maximum: 2147483647
customerId:
type: integer
format: int64
description: ID of the user associated with the job.
example: 121517
minimum: 0
maximum: 2147483647
iacTaskId:
type: integer
format: int64
description: ID of the IAC scheduled task.
example: 151514
minimum: 0
maximum: 2147483647
scheduleId:
type: string
description: ID of the schedule associated with the job
example: 2otw7opjilXpl0JRJIetx5Y6SHM
maxLength: 512
reportId:
type: integer
format: int64
description: ID of the report
example: 26
minimum: 0
maximum: 2147483647
isReportTemplate:
type: boolean
description: Indicates if the report is a template
example: true
reportFormat:
type: string
description: Format of the report
example: pdf
maxLength: 512
jobType:
type: string
description: Type of the job
example: SCHEDULED
maxLength: 512
jobName:
type: string
description: Name of the job
example: weekly-report
maxLength: 512
zones:
type: array
description: List of zone IDs
maxItems: 10000
items:
type: integer
format: int64
example: 239
minimum: 0
maximum: 2147483647
policies:
type: array
description: List of policy IDs
maxItems: 10000
items:
type: integer
format: int64
example: 12
minimum: 0
maximum: 2147483647
status:
type: string
description: Status of the job
example: COMPLETED
maxLength: 512
timezone:
type: string
description: Timezone of the request time frame
example: America/Los_Angeles
maxLength: 1024
timeFrame:
$ref: '#/components/schemas/TimeFrame'
fileName:
type: string
description: File name of the report
example: filename.zip
maxLength: 2048
filePath:
type: string
description: File path of the report
example: https://sysdig.com/api/platform/reporting_files/v1/filename.zip?token=token
maxLength: 4096
createdBy:
type: string
description: Email of the user who created the job
example: user@sysdig.com
maxLength: 512
scheduledOn:
type: string
format: date-time
description: Timestamp when the job was scheduled
example: '2024-11-28T21:30:26.53174Z'
maxLength: 512
startedOn:
type: string
format: date-time
description: Timestamp when the job was started
example: '2024-11-28T21:30:26.53174Z'
maxLength: 512
completedOn:
type: string
format: date-time
description: Timestamp when the job was completed
example: '2024-11-28T21:31:08.647529Z'
maxLength: 512
ListJobs:
type: object
title: List Jobs Response V1
required:
- data
properties:
data:
type: array
description: List of Jobs.
maxItems: 10000
items:
$ref: '#/components/schemas/JobResponse'
ZoneId:
type: integer
format: int64
description: Zone ID
minimum: 1
maximum: 9223372036854776000
example: 1234
SysdigQueryLanguageFilter:
description: |
Query language expression for filtering results.
The filter is the result of logical concatenations,
using "and" and "or" binary operators and the "not" unary prefix operator (i.e. `pid = 1 and not ppid = 2`),
of attribute comparisons. Attribute comparisons can be:
- Scalar: Using `=`, `!=`, `>`, `>=`, `<` and `<=` comparison operators. For example, `pid = 1`.
- Vector: Using `in` to check the equality among the values provided between parenthesis. For example, `pid in (1, 2)`.
The operators available depends on the attribute.
Values containing double-quotes `"` need escaping using backslash `\`, i.e. name = "sample \"quoted\" value".
EBNF:
- attribute = ? all available attributes ?;
- value = ? attribute value ?;
- quoted_value = "\"", value, "\"";
- bin_operator = "and" | "or";
- cmp_scalar_operator = "=" | "!=" | ">" | ">=" | "<" | "<=";
- cmp_vector_operator = "in";
- cmp_scalar_operation = attribute, [" "], cmp_scalar_operator, [" "], quoted_value;
- values_list = "(", quoted_value, { [" "], ",", quoted_value }, ")";
- cmp_vector_operator = attribute, " ", cmp_vectorial_operator, [" "], values_list;
- element = ["not "], (cmp_scalar_operation | cmp_vectorial_operator);
- filter = element, {" ", bin_operator, " ", element};
type: string
example: container.id='abc123'
maxLength: 2048
Types:
type: string
description: |
The entry types to filter. This query parameter can be set multiple times
to filter for different entry types.
example: commands
enum:
- commands
- connections
- kubernetes
- fileaccesses
Page:
type: object
description: Pagination information.
required:
- total
properties:
total:
type: integer
format: int64
description: |
The number of events matching the search criteria. This number is always major or equal to the number of events returned.
example: 10
minimum: 0
maximum: 9223372036854776000
prev:
type: string
description: |
The cursor that can be used to fetch a set of events before the
first event returned in the `data` array.
If this value is unset, then there are no events before the first
event returned in the `data` array.
By providing this value as `cursor`
you will get the events preceding the first event returned
in the `data` array.
example: LTltNGUybXIwdWkzZThhMjE1bjRn
maxLength: 64
next:
type: string
description: |
The cursor that can be used to fetch a set of events after the last
event returned in the `data` array.
If this value is unset, then there are no events after the last
event returned in the `data` array.
By providing this value as `cursor`
you will get the events following last event returned in the
`data` array.
example: KzltNGUybXIwdWkzZThhMjE1bjRn
maxLength: 64
Id:
type: string
description: The audit event id.
example: 15cbf54e34df95404caad1c988cf7c42
maxLength: 32
Timestamp:
type: integer
format: int64
description: Timestamp the audit event occured, expressed in nanoseconds.
example: 1546300800000000000
minimum: 0
maximum: 9223372036854776000
Entry:
description: |
The base structure of an Activity Audit entry
type: object
required:
- id
- timestamp
properties:
id:
$ref: '#/components/schemas/Id'
timestamp:
$ref: '#/components/schemas/Timestamp'
ContainerId:
type: string
description: |
The container id. `containerId` is present only if the audit event was
collected in a container context.
example: f8d4f71ab80b
maxLength: 200
Hostname:
type: string
description: The Kubernetes hostname.
example: ip-127-0-0-1
maxLength: 200
Command:
description: Represents a command execution.
type: object
allOf:
- $ref: '#/components/schemas/Entry'
- type: object
required:
- cmdline
- cwd
- comm
- hostname
- pcomm
- pid
- ppid
- uid
- loginShellId
- loginShellDistance
- tty
- type
- userLoginUid
- userLoginName
- procExepath
properties:
type:
description: The entry type
type: string
enum:
- command
example: command
containerId:
$ref: '#/components/schemas/ContainerId'
cmdline:
type: string
description: Full command line
example: pg_isready --host 10.32.0.8
maxLength: 4096
comm:
type: string
description: The name of the command.
example: pg_isready
maxLength: 20
pcomm:
type: string
description: The name of the parent command.
example: sshd
maxLength: 20
pid:
type: integer
format: int64
minimum: 0
maximum: 9223372036854776000
description: Process ID.
example: 31135
ppid:
type: integer
format: int64
minimum: 0
maximum: 9223372036854776000
description: Parent process ID.
example: 31132
uid:
type: integer
format: int64
minimum: 0
maximum: 9223372036854776000
description: User ID
example: 1234
username:
type: string
description: Username
example: foo
maxLength: 20
cwd:
type: string
description: Command working directory.
example: /
maxLength: 50
loginShellId:
type: integer
format: int64
minimum: 0
maximum: 9223372036854776000
description: Process id of the shell.
example: 11640
loginShellDistance:
type: integer
format: int64
minimum: 0
maximum: 9223372036854776000
example: 5
description: Level of nesting from the parent shell.
hostname:
$ref: '#/components/schemas/Hostname'
tty:
type: integer
format: int64
minimum: 0
maximum: 9223372036854776000
description: TTY number.
example: 12345
userLoginUid:
type: integer
format: int64
minimum: 0
maximum: 9223372036854776000
description: User login UID.
example: 1234
userLoginName:
type: string
description: User login name.
example: foo
maxLength: 20
procExepath:
type: string
description: Process executable path.
example: /usr/bin/pg_isready
maxLength: 4096
labels:
type: object
description: Key value pairs of labels.
additionalProperties:
type: string
maxLength: 200
example: foo
maxProperties: 100
Connection:
description: Represents a connection.
type: object
allOf:
- $ref: '#/components/schemas/Entry'
- type: object
required:
- clientIpv4
- clientPort
- cmdline
- comm
- containerId
- direction
- dnsDomains
- hostname
- l4protocol
- pid
- processName
- serverIpv4
- serverPort
- tty
- type
properties:
type:
description: The entry type
type: string
enum:
- connection
example: connection
cmdline:
type: string
description: Full command line
example: pg_isready --host 10.32.0.8
maxLength: 4096
comm:
type: string
description: The name of the command.
example: pg_isready
maxLength: 20
dnsDomains:
type: array
description: DNS information for the connection event.
maxItems: 1000
minItems: 0
uniqueItems: false
default: []
example:
- sysdig.com
items:
type: string
maxLength: 512
default: ''
example: sysdig.com
containerId:
$ref: '#/components/schemas/ContainerId'
pid:
type: integer
format: int64
minimum: 0
maximum: 9223372036854776000
description: Id of the process owning the connection.
example: 123
processName:
description: Name of the process owning the connection.
type: string
example: curl
maxLength: 200
clientIpv4:
type: string
description: The IPv4 dotted notation of the client address.
example: 127.0.0.1
maxLength: 15
clientPort:
type: integer
format: int64
minimum: 0
maximum: 9223372036854776000
description: The client port.
example: 31234
serverIpv4:
type: string
description: The IPv4 dotted notation of the server address.
example: 127.0.0.1
maxLength: 15
serverPort:
type: integer
format: int64
minimum: 0
maximum: 9223372036854776000
description: The server port.
example: 80
direction:
type: string
description: The direction of the connection.
enum:
- in
- out
example: in
l4protocol:
type: string
description: The layer 4 protocol.
example: tcp
maxLength: 10
hostname:
$ref: '#/components/schemas/Hostname'
tty:
type: integer
format: int64
minimum: 0
maximum: 9223372036854776000
example: 32444
description: TTY number.
labels:
type: object
description: Key value pairs of labels.
additionalProperties:
type: string
maxLength: 200
example: foo
maxProperties: 100
Fileaccess:
description: Represents a file access operation.
allOf:
- $ref: '#/components/schemas/Entry'
- type: object
required:
- comm
- directory
- filename
- permissions
- hostname
- pid
- type
properties:
type:
description: The entry type
type: string
enum:
- fileaccess
example: fileaccess
hostname:
$ref: '#/components/schemas/Hostname'
containerId:
$ref: '#/components/schemas/ContainerId'
comm:
type: string
description: The name of the command.
example: pg_isready
maxLength: 20
pid:
type: integer
format: int64
minimum: 0
maximum: 9223372036854776000
description: Id of the process owning the connection.
example: 123
directory:
type: string
description: The Directory for the file access.
example: /home/sysdig/
maxLength: 200
filename:
type: string
description: The Filename involved in file access.
example: malicious_file.txt
maxLength: 50
permissions:
type: string
description: The Permissions of the file access.
example: rw
maxLength: 3
tty:
type: integer
format: int64
minimum: 0
maximum: 9223372036854776000
description: TTY number.
example: 12345
labels:
type: object
description: Key value pairs of labels.
additionalProperties:
type: string
maxLength: 200
example: foo
maxProperties: 100
User:
type: object
description: The full representation of a User
properties:
username:
type: string
description: The username of the User
example: kubernetes-admin
maxLength: 20
groups:
type: array
items:
type: string
maxLength: 20
example: system:masters
example:
- system:masters
- system:authenticated
maxItems: 100
Kubernetes:
description: Represents a kubernetes audit event.
allOf:
- $ref: '#/components/schemas/Entry'
- type: object
required:
- args
- containerId
- hostname
- name
- namespace
- resource
- sourceAddresses
- subResource
- user
- userAgent
- type
properties:
type:
description: The entry type
type: string
enum:
- kubernetes
example: kubernetes
hostname:
$ref: '#/components/schemas/Hostname'
containerId:
$ref: '#/components/schemas/ContainerId'
resource:
type: string
description: The Kubernetes resource.
example: pods
maxLength: 20
subResource:
type: string
description: The Kubernetes subresource.
example: exec
maxLength: 20
namespace:
type: string
description: The Kubernetes namespace.
example: sysdigcloud
maxLength: 50
name:
type: string
description: The name of the resource.
example: sysdigcloud-redis-75675f5897-7ci7o
maxLength: 50
sourceAddresses:
type: array
items:
type: string
maxLength: 15
example: 127.0.0.1
example:
- 127.0.0.1
- 192.168.0.1
maxItems: 100
user:
$ref: '#/components/schemas/User'
userAgent:
type: string
description: The user agent of the client
example: kubectl/v1.13.5 (linux/amd64) kubernetes/2166946
maxLength: 100
args:
type: object
description: |
Arguments specific for the different types of Kubernetes audit
entries. In case of `pods:exec`, `args` will contain the fields
`command` and `container` representing the command called and
the name of the container in the pod where the command was
executed respectively.
example:
command: bash
container: redis
labels:
type: object
description: Key value pairs of labels.
additionalProperties:
type: string
maxLength: 200
example: foo
maxProperties: 100
EntriesResponse:
description: |
The response to a GET entries call
type: object
properties:
page:
$ref: '#/components/schemas/Page'
data:
description: The actual data contained in one of the supported types of entry
type: array
items:
anyOf:
- $ref: '#/components/schemas/Command'
- $ref: '#/components/schemas/Connection'
- $ref: '#/components/schemas/Fileaccess'
- $ref: '#/components/schemas/Kubernetes'
maxItems: 200
EntryId:
type: string
description: The event id.
example: 179854fbe16a1279f2ebeb558f1ebe99
maxLength: 32
EntryResponse:
description: |
The response to a GET entry call
oneOf:
- $ref: '#/components/schemas/Command'
- $ref: '#/components/schemas/Connection'
- $ref: '#/components/schemas/Fileaccess'
- $ref: '#/components/schemas/Kubernetes'
SupportedFilterType:
type: string
enum:
- string
- ip
- number
- date
example: string
description: Data type for the attribute values.
Operand:
type: string
description: A supported operand for filtering events.
enum:
- '='
- '!='
- exists
- not exists
- starts with
- contains
- in
- not in
example: '='
AuditSupportedFilter:
type: object
description: A supported field for filtering Activity Audit events.
properties:
id:
type: string
description: Attribute onto which filtering is supported.
example: container.image.id
maxLength: 64
type:
$ref: '#/components/schemas/SupportedFilterType'
operands:
type: array
items:
$ref: '#/components/schemas/Operand'
description: The list of supported operands for filtering events.
maxItems: 8
minItems: 0
uniqueItems: true
required:
- id
- type
AuditSupportedFiltersResponse:
type: object
description: The list of supported attributes for filtering Activity Audit entries.
properties:
data:
type: array
items:
$ref: '#/components/schemas/AuditSupportedFilter'
description: The list of supported attributes for filtering Activity Audit entries.
maxItems: 1000
required:
- data
Certificate:
type: object
description: An X-509 certificate
required:
- id
- certificateName
- created
- issuer
- validity
- fingerprint
- usage
properties:
id:
type: integer
format: int64
description: The certificate ID.
minimum: 0
maximum: 9223372036854776000
example: 12345
certificateName:
type: string
description: The certificate Name.
maxLength: 200
example: foo
created:
type: string
format: date-time
description: The timestamp the certificate was created.
example: '1970-01-01T00:00:00.000000000Z'
maxLength: 30
issuer:
type: string
example: C = US, ST = , L = San Francisco, O = Foobar Inc
maxLength: 2000
description: The Distinguished Name of the certificate issuer.
validity:
type: object
description: The certificate validity interval.
properties:
after:
type: string
format: date-time
description: The beginning of the certificate validity period.
example: '1970-01-01T00:00:00.000000000Z'
maxLength: 30
before:
type: string
format: date-time
description: The end of the certificate validity period.
example: '1970-01-01T00:00:00.000000000Z'
maxLength: 30
usage:
type: integer
format: int32
minimum: 0
maximum: 2147483647
example: 0
description: The number of services that currently use that certificate.
fingerprint:
type: string
description: The certificate fingerprint
example: sha1:72:6E:1A:34:27:DD:7C:5C:C6:F3:7D:FB:EC:DC:62:48:F4:A0:C8:B7
maxLength: 256
CertificatesResponse:
type: object
description: Customer certificates
required:
- data
properties:
data:
type: array
items:
$ref: '#/components/schemas/Certificate'
maxItems: 1000
UploadCertificateRequest:
description: Certificate to be uploaded
type: object
required:
- certificateFileName
- name
properties:
certificateFileName:
type: string
format: binary
maxLength: 10000
description: The certificate file to be uploaded
example: |
Content-Disposition: form-data; name="certificateFileName"; filename="cert.pem"
-----BEGIN CERTIFICATE-----
MIIDXTCCAkWgAwIBAgIJAJC1HiIAZAiIMA0GCSqGSIb3DQEBCwUAMEUxCzAJBgNV
BAYTAkFUMRMwEQYDVQQIDApTb21lLVN0YXRlMSEwHwYDVQQKDBhJbnRlcm5ldCBX
aWRnaXRzIFB0eSBMdGQwHhcNMTYxMjMxMTQ3NDI4WhcNNDgwNjMxMTQ3NDI4WjBF
MQswCQYDVQQGEwJBVzERMAsGA1UECAwESmFuaTETMBEGA1UECgwKRGFuaWVsIENv
LjEYMBYGA1UEAwwPd3d3LmV4YW1wbGUuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOC
AQ8AMIIBCgKCAQEAr0Ij7X2VeAn7vqqzq+5rSHZD2G5YjsMm0gtF8gfdG0h7om6D
5sbY18UWoVgF8Zp8v4+yzFP+YHqQa0S3pJI5p2hbiT2GhRwaUpT+0Lg+SIa+Gt5k
sjuZb2GKZ47QnqMtKuT3aNRmJIJ0I3eJ8P3hvs+BUjxY3O9y8JxW1j3hLhF+n2Im
klP8xuhpYtagLy6qxFhoSqzM9wQbHOlC4qCF76x8djC0Bg+ROe3Wkb8bV5ZElgvZ
r64Ny7ffOQdc/zUi+J9j2ijJAgMBAAGjUDBOMB0GA1UdDgQWBBQxL9aji2MKEMD+
Rm9eJiEH4M0a/DAfBgNVHSMEGDAWgBQxL9aji2MKEMD+Rm9eJiEH4M0a/DAMBgNV
HRMEBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IBAQB1hUK75CdDtJeLsQe08Lw0M9kP
5wqzj4HAnfKy29G/BJaGcYc4G7qnvl6hdC4jFPm9HXYEa7xQp6kt2e5R4t4OZSKg
Ai5p5MeCh2ecdPN7otrF8+iO9XJEeuOQrqC6OVAKgLNCIVnXLPXp9i9b7gjFJeTT
BNwE3rDJAkSnhk6Bhep4+JL1TyQ72DQ3HW4d/27To4v7NjP6r+K2eK5smVz9HSPD
A8qJ31+ajNQMYWXFCR+HA4C/v1uYfY2/WMy2nw2/X7gJ0iAf3GtWPo/jYH6jhkDO
i+3hFh9SIN2evhZV/BY6Uj+W3O3hLJA0ZgTXkZfMMz4/w9f3TyJ3oXxZqvzS
-----END CERTIFICATE-----
name:
type: string
maxLength: 200
example: foo
description: The name of the certificate that is being uploaded
Services:
type: object
description: Certificate registrations
required:
- certificateId
- serviceType
- serviceId
- registeredAt
properties:
certificateId:
type: integer
format: int64
description: The certificate ID.
minimum: 0
maximum: 9223372036854776000
example: 12345
serviceType:
type: string
description: The service type.
enum:
- EVENTS_FORWARDER
example: EVENTS_FORWARDER
registeredAt:
type: string
format: date-time
description: The timestamp the service was configured to use this certificate.
example: '1970-01-01T00:00:00.000000000Z'
maxLength: 30
serviceId:
type: string
description: The integration ID for the service owning the integration that uses the certificate.
maxLength: 20
example: '12345'
ServicesResponse:
type: object
description: LedgersResponse
required:
- data
properties:
data:
type: array
items:
$ref: '#/components/schemas/Services'
maxItems: 1000
EventsFeedFilter:
description: |
Query language expression for filtering results.
The filter is the result of logical concatenations,
using "and" and "or" binary operators and the "not" unary prefix operator (i.e. `pid = 1 and not ppid = 2`),
of attribute comparisons. Attribute comparisons can be:
- scalar, using `=`, `!=`, `>`, `>=`, `<` and `<=` comparison operators (i.e. `pid = 1`)
- vector, using `in` to check the equality among one of the values provided between parenthesis (i.e. `pid in (1, 2)`)
Depending on the attribute, only some operators can be available.
Values containing double-quotes `"` need escaping using backslash `\`, i.e. name = "sample \"quoted\" value".
The list of supported attributes and related operators supported can be retrieved through the
`/secure/events/v1/supported-filters` endpoint.
EBNF:
- attribute = ? all available attributes ?;
- value = ? attribute value ?;
- quoted_value = "\"", value, "\"";
- bin_operator = "and" | "or";
- cmp_scalar_operator = "=" | "!=" | ">" | ">=" | "<" | "<=";
- cmp_vector_operator = "in";
- cmp_scalar_operation = attribute, [" "], cmp_scalar_operator, [" "], quoted_value;
- values_list = "(", quoted_value, { [" "], ",", quoted_value }, ")";
- cmp_vector_operator = attribute, " ", cmp_vectorial_operator, [" "], values_list;
- element = ["not "], (cmp_scalar_operation | cmp_vectorial_operator);
- filter = element, {" ", bin_operator, " ", element};
type: string
example: agent.id=1
maxLength: 2048
EventsFeedLimit:
description: The number of items to return
type: integer
format: int32
minimum: 1
maximum: 200
default: 25
example: 25
EventsFeedPage:
type: object
description: Pagination information.
required:
- total
properties:
total:
type: integer
format: int64
description: |
The number of events matching the search criteria. This number is always major or equal to the number of events returned.
example: 10
minimum: 0
maximum: 9223372036854776000
prev:
type: string
description: |
`prev` is a string pointing to the previous page of data.
Use this as the `cursor` to get the previous page of data.
example: LTltNGUybXIwdWkzZThhMjE1bjRn
maxLength: 512
next:
type: string
description: "`next` is a string pointing to the next page of data.\nUse this as the `cursor` to scroll paginated results and get the next page of data. \nIf not included, the current response is the last page.\n"
example: KzltNGUybXIwdWkzZThhMjE1bjRn
maxLength: 512
Originator:
type: string
description: |
Type of event:
- policy - Agent-based runtime threat detection events
- profilingDetection - Workload ML detections
- falcocloud - Agentless threat detections
- admissionController - Kubernetes admission control based posture events
enum:
- policy
- profilingDetection
- falcocloud
- admissionController
example: policy
Category:
type: string
description: |
The event category:
- `runtime` - Agent-based threat detection events
- `remote` - Kubernetes admission requests and CloudConnector events
- `admissionController` - Kubernetes admission requests-posture checks
- `cloudtrail` - Agentless CloudTrail CDR events
- `okta` - Agentless Okta CDR events
- `github` - Agentless Github CDR events
- `falcocloud` - Agentless CDR events (excluded CloudTrail, Okta, Github)
- `miner` - Workload ML Crypto events
enum:
- runtime
- remote
- admissionController
- cloudtrail
- okta
- github
- falcocloud
- miner
example: runtime
Source:
type: string
description: |
Source of the event:
- `syscall` - a syscall within a workload
- `windows` - Windows event log
- `profiling` - ML workload threat detections
- `K8SAdmissionController` - Admission control request coming from the Kubernetes admission controller
- `k8s_audit` - Kubernetes audit logs, if the category is `runtime`, otherwise Admission control request
- `aws_cloudtrail` - AWS CloudTrail log, from CloudConnector
- `awscloudtrail` - AWS CloudTrail log, agentless only
- `agentless-aws-ml` - ML threat detections for AWS
- `gcp_auditlog` - GCP Audit log
- `azure_platformlogs` - Azure platform logs
- `okta` - Okta System Logs
- `agentless-okta-ml` - ML threat detections for Okta
- `github` - Github organization logs
enum:
- syscall
- windows
- profiling
- K8SAdmissionController
- k8s_audit
- aws_cloudtrail
- awscloudtrail
- agentless-aws-ml
- gcp_auditlog
- azure_platformlogs
- okta
- agentless-okta-ml
- github
example: k8s_audit
SourceDetails:
type: object
description: Additional details related to the Event source.
required:
- type
properties:
type:
type: string
description: |
The type of component that generated the raw event:
- `cloud` - Cloud platform
- `git` - Git platform
- `iam` - Identity and Access Management platform
- `kubernetes` - Kubernetes control plane
- `workload` - Workload (from bare metal to *aaS compute)
example: cloud
maxLength: 32
subType:
type: string
description: |
A deeper particularization for the type of component that generated the raw event:
- `auditlogs` - Audit logs of platforms/apps
- `auditWebhooks` - Kubernetes Audit
- `caas` - Container As A Service workload
- `dynamicAdmissionControl` - Dynamic admission control
- `host` - Non-containerized host
- `container` - Container
- `workforce` - Workforce type IAM
example: host
maxLength: 32
RawEventOriginator:
type: string
description: |
The agent type, hosting the `engine`, that generated the event after the raw event
- `admissionController` - Admission Controller, part of the Cluster Shield
- `agentless` - Agentless
- `cloudConnector` - Cloud Connector
- `linuxAgent` - Linux Host Agent
- `serverlessAgent` - Serverless workloads Agent (CaaS) generated events
- `windowsAgent` - Windows Host Agent
example: admissionController
maxLength: 32
RawEventCategory:
type: string
description: |
The semantic category (area) of the event in the Sysdig product:
- `kspm` - Kubernetes Security Posture Management events
- `runtime` - Threat detection events
example: runtime
maxLength: 32
Engine:
type: string
description: "The engine used to generate the event out of the raw signal:\n- `drift` - engine to detect container drifts \n- `falco` - Falco open source engine\n- `list` - list matching engine for list matching rules\n- `machineLearning` - ML engine\n- `malware` - malware detection engine\n"
example: drift
maxLength: 32
ActionType:
type: string
description: Action type.
enum:
- capture
- container_killed
- container_paused
- container_stopped
- drift_prevented
- malware_prevented
- process_killed
example: capture
BaseAction:
title: Generic Action
type: object
properties:
type:
$ref: '#/components/schemas/ActionType'
required:
- type
CaptureAction:
title: Capture
description: Outcome of the Take Capture action configured in the policy.
allOf:
- $ref: '#/components/schemas/BaseAction'
- type: object
properties:
isSuccessful:
type: boolean
description: Whether or not the Capture was taken successfully.
example: true
errMsg:
description: |
When `isSuccessful` is `false`, details on why the action failed.
type: string
maxLength: 256
example: maximum number of outstanding captures (1) reached
token:
type: string
description: Token to retrieve the related capture.
example: 4f24c92e-48f5-45ab-84a5-c394f07e855e
maxLength: 36
afterEventNs:
type: integer
format: int64
description: |
Amount of nanoseconds after the event the Capture spans.
example: 18000000000
minimum: 0
maximum: 9223372036854776000
beforeEventNs:
type: integer
format: int64
description: |
Amount of nanoseconds before the event the Capture spans.
example: 5000000000
minimum: 0
maximum: 9223372036854776000
ContainerPausedAction:
title: Container paused
description: Container paused automatic action.
allOf:
- $ref: '#/components/schemas/BaseAction'
- type: object
properties:
isSuccessful:
type: boolean
description: Whether or not the action was completed successfully.
example: true
errMsg:
description: |
When `isSuccessful` is `false`, details on why the action failed.
type: string
maxLength: 256
example: 'Could not perform cri-o command: could not get pid for container 9566c6966932'
ContainerStoppedAction:
title: Container stopped
description: Container stop automatic action.
allOf:
- $ref: '#/components/schemas/BaseAction'
- type: object
properties:
isSuccessful:
type: boolean
description: Whether or not the action was completed successfully.
example: true
errMsg:
description: |
When `isSuccessful` is `false`, details on why the action failed.
type: string
maxLength: 256
example: 'Could not perform cri-o command: could not get pid for container 9566c6966932'
ContainerKilledAction:
title: Container killed
description: Container kill automatic action.
allOf:
- $ref: '#/components/schemas/BaseAction'
- type: object
properties:
isSuccessful:
type: boolean
description: Whether or not the action was completed successfully.
example: true
errMsg:
description: |
When `isSuccessful` is `false`, details on why the action failed.
type: string
maxLength: 256
example: 'Could not perform cri-o command: could not get pid for container 9566c6966932'
DriftPreventedAction:
title: Drift prevented
description: Automatic action preventing the execution of a file not present in the original container image.
allOf:
- $ref: '#/components/schemas/BaseAction'
- type: object
properties:
isSuccessful:
type: boolean
description: Whether or not the action was completed successfully.
example: true
errMsg:
description: |
When `isSuccessful` is `false`, details on why the action failed.
type: string
maxLength: 256
example: 'Prevention action failed on container 9566c6966932 due to a system error: ...'
MalwarePreventedAction:
title: Malware prevented
description: Malware execution prevention
allOf:
- $ref: '#/components/schemas/BaseAction'
- type: object
properties:
isSuccessful:
type: boolean
description: Whether or not the action was completed successfully.
example: true
errMsg:
description: |
When `isSuccessful` is `false`, details on why the action failed.
type: string
maxLength: 256
example: 'Prevention action failed on container 9566c6966932 due to a system error: ...'
ProcessKilledAction:
title: Process killed
description: Process kill automatic action.
allOf:
- $ref: '#/components/schemas/BaseAction'
- type: object
properties:
isSuccessful:
type: boolean
description: Whether or not the action was completed successfully.
example: true
errMsg:
description: |
When `isSuccessful` is `false`, details on why the action failed.
type: string
maxLength: 256
example: Rule with name non_existent refers to a rule that does not exist
Action:
description: Action performed when the event happened.
oneOf:
- $ref: '#/components/schemas/CaptureAction'
- $ref: '#/components/schemas/ContainerPausedAction'
- $ref: '#/components/schemas/ContainerStoppedAction'
- $ref: '#/components/schemas/ContainerKilledAction'
- $ref: '#/components/schemas/DriftPreventedAction'
- $ref: '#/components/schemas/MalwarePreventedAction'
- $ref: '#/components/schemas/ProcessKilledAction'
discriminator:
propertyName: type
mapping:
capture: '#/components/schemas/CaptureAction'
container_paused: '#/components/schemas/ContainerPausedAction'
container_stopped: '#/components/schemas/ContainerStoppedAction'
container_killed: '#/components/schemas/ContainerKilledAction'
drift_prevented: '#/components/schemas/DriftPreventedAction'
malware_prevented: '#/components/schemas/MalwarePreventedAction'
process_killed: '#/components/schemas/ProcessKilledAction'
EventContentType:
type: string
description: The type of the event content.
enum:
- workloadRuntimeDetection
- workloadMLRuntimeDetection
- agentlessMLRuntimeDetection
- k8sAdmissionReview
- agentlessRuntimeDetection
- statefulDetections
example: workloadRuntimeDetection
BaseContent:
description: Base content for all events
type: object
properties:
type:
$ref: '#/components/schemas/EventContentType'
required:
- type
Zone:
type: object
description: A collection of scopes representing business areas.
properties:
zoneName:
type: string
description: Zone name
example: Zone example
maxLength: 256
zoneId:
$ref: '#/components/schemas/ZoneId'
required:
- zoneName
ArbitraryMapOfStrings:
type: object
description: Key value pairs of values.
additionalProperties:
type: string
maxLength: 256
example: foo:bar
example:
foo: bar
baz: qux
K8sAdmissionReviewContent:
description: Kubernetes admission requests-posture checks event content
allOf:
- $ref: '#/components/schemas/BaseContent'
- type: object
properties:
namespace:
type: string
example: hub
description: Kubernetes namespace
maxLength: 253
clusterName:
type: string
example: prod5
description: Kubernetes cluster name
maxLength: 256
resourceName:
type: string
example: sfdc-bulk-updates-12345678
description: Kubernetes resource name
maxLength: 253
resourceKind:
type: string
example: Job
description: Kubernetes resource kind
maxLength: 63
zones:
type: array
items:
$ref: '#/components/schemas/Zone'
maxItems: 1000
description: List of zones that match the scope of the resource.
scanResult:
allOf:
- $ref: '#/components/schemas/ArbitraryMapOfStrings'
- description: Scan result
required:
- scanResult
RuleName:
type: string
description: Name of the rule the event is generated after
example: Create Security Group Rule Allowing SSH Ingress
maxLength: 1024
RuleType:
type: integer
format: int32
description: |
Rule type:
- 1 - List matching - process
- 2 - List matching - container
- 3 - List matching - file
- 4 - List matching - network
- 5 - List matching - syscall
- 6 - Falco
- 7 - Drift detection
- 8 - Malware detection
- 11 - ML - Cryptominer detection
- 13 - ML - AWS anomalous login
- 14 - ML - Okta anomalous login
example: 6
maximum: 14
minimum: 1
RuleTags:
type: array
description: The tags attached to the rule
items:
type: string
example: AWS_IAM
maxLength: 64
maxItems: 1000
PolicyId:
type: integer
format: int64
description: ID of the policy that generated the event
example: 2
maximum: 9223372036854776000
minimum: 1
PolicyOrigin:
type: string
example: Sysdig
enum:
- Sysdig
- Secure UI
- Tuner
description: |
The policy author:
- `Sysdig` - default and managed policies
- `Sysdig UI` - users interacting with Sysdig
- `Tuner` - the automated tuner
PolicyNotificationChannelIds:
type: array
description: |
The list of notification channels where an alert is sent after event is generated.
Doesn't account for aggregations and eventual thresholds.
items:
type: integer
format: int64
minimum: 1
maximum: 9223372036854776000
example: 123
description: The id of the notification channel
maxItems: 100
AgentlessRuntimeDetectionContent:
description: Agentless CDR event content
allOf:
- $ref: '#/components/schemas/BaseContent'
- type: object
properties:
integrationId:
type: string
example: 2U98T7RVNpAfveU6t9U6JoKVuZb
maxLength: 32
description: The unique identifier of the integration that generated the event.
integrationType:
type: string
example: cloudtrail
description: The type of integration that generated the event.
enum:
- cloudtrail
- okta
- github
- gcp
- azure
ruleName:
$ref: '#/components/schemas/RuleName'
ruleType:
$ref: '#/components/schemas/RuleType'
ruleTags:
$ref: '#/components/schemas/RuleTags'
policyId:
$ref: '#/components/schemas/PolicyId'
policyOrigin:
$ref: '#/components/schemas/PolicyOrigin'
policyNotificationChannelIds:
$ref: '#/components/schemas/PolicyNotificationChannelIds'
priority:
description: Rule priority
type: string
enum:
- emergency
- alert
- critical
- error
- warning
- informational
- notice
- debug
example: error
output:
type: string
description: Event output, generated after the configured rule
example: Error Detected creation of security group rule allowing SSH ingress (requesting user=github-actions-ansible-molecule-role, requesting IP=1.2.3.4, account ID=123456789012, AWS region=us-east-1, arn=arn:aws:sts::0123456789012:assumed-role/github-actions-ansible-molecule-role/GitHubActions, security group=sg-121364e586677869e)
maxLength: 2048
fields:
allOf:
- description: List of fields populated based on the engine defaults, the rule output and the configuration
- $ref: '#/components/schemas/ArbitraryMapOfStrings'
required:
- integrationId
- integrationType
- ruleName
- ruleType
- policyId
- policyType
- policyOrigin
RuleSubType:
type: integer
format: int32
description: |
Rule subtype:
- 1 - List matching - network - inbound
- 2 - List matching - network - outbound
- 3 - List matching - network - listening
- 4 - List matching - file - readwrite
- 5 - List matching - file - read only
example: 1
minimum: 1
maximum: 5
WorkloadRuntimeDetectionContent:
description: Policy Event
allOf:
- $ref: '#/components/schemas/BaseContent'
- type: object
properties:
policyId:
$ref: '#/components/schemas/PolicyId'
ruleName:
$ref: '#/components/schemas/RuleName'
ruleType:
$ref: '#/components/schemas/RuleType'
ruleSubType:
$ref: '#/components/schemas/RuleSubType'
ruleTags:
$ref: '#/components/schemas/RuleTags'
output:
type: string
description: Event output, generated after the configured rule
example: |
File below a known binary directory opened for writing...
maxLength: 2048
fields:
allOf:
- $ref: '#/components/schemas/ArbitraryMapOfStrings'
- description: List of fields populated based on the engine defaults, the rule output and the configuration
runBook:
type: string
description: The runbook URL as configured in the policy.
example: https://www.mycompany.com/our-runbook-link
maxLength: 2048
origin:
$ref: '#/components/schemas/PolicyOrigin'
required:
- policyId
- ruleName
- ruleType
- ruleSubType
- ruleTags
- output
- fields
WorkloadMlRuntimeDetectionContent:
description: Workload ML event content
allOf:
- $ref: '#/components/schemas/BaseContent'
- type: object
required:
- command
- exe
- detectedClassProbability
- policyId
properties:
command:
type: string
description: The command name
example: bash
maxLength: 1024
exe:
type: string
description: The command path
example: /bin/bash
maxLength: 1024
detectedClassProbability:
type: number
format: float
description: The detected class probability (confidence score)
minimum: 0
maximum: 1
example: 0.8
policyId:
$ref: '#/components/schemas/PolicyId'
AgentlessMlRuntimeDetectionContent:
description: Agentless ML event content
allOf:
- $ref: '#/components/schemas/BaseContent'
- type: object
properties:
policyId:
$ref: '#/components/schemas/PolicyId'
policyOrigin:
$ref: '#/components/schemas/PolicyOrigin'
policyNotificationChannelIds:
$ref: '#/components/schemas/PolicyNotificationChannelIds'
ruleName:
$ref: '#/components/schemas/RuleName'
ruleType:
$ref: '#/components/schemas/RuleType'
fields:
allOf:
- $ref: '#/components/schemas/ArbitraryMapOfStrings'
- description: |
The fields of the event. The fields are specific to the event type.
The fields are arbitrary and are meant to be used for the event type.
required:
- policyOrigin
- ruleName
- ruleType
- fields
Stats:
type: array
description: |
An array representing the relevant APIs and how often they were called in the time window.
items:
type: object
properties:
api:
type: string
example: DescribeInternetGateways
maxLength: 64
count:
type: integer
format: int32
example: 1
minimum: 1
maximum: 2147483647
maxItems: 1000
Sequence:
type: object
description: |
The sequence of events that occurred to trigger the event.
The sequence is represented as a list of events, where each event is a map of key-value pairs.
items:
type: object
properties:
eventId:
type: string
description: The unique identifier of the log event.
example: 9aca10ca-481a-4ab7-b8fa-929c1ebf4c18
maxLength: 36
eventName:
type: string
description: The name of the event.
example: CreateUser
maxLength: 64
eventTime:
type: string
format: date-time
description: The time when the event occurred.
example: '2024-08-11T23:48:40Z'
maxLength: 64
ingestionId:
type: string
description: The unique identifier of the ingestion.
example: '41157131027'
maxLength: 32
region:
type: string
description: The region where the event occurred.
example: us-east-1
maxLength: 64
source:
type: string
description: The source of the event.
example: aws
maxLength: 64
sourceIpAddress:
type: string
description: The IP address of the source.
example: 1.1.1.1
maxLength: 64
subIngestionId:
type: string
description: The unique identifier of the sub ingestion.
example: us-east-1
maxLength: 32
required:
- eventId
- eventName
- eventTime
- ingestionId
- region
- source
- sourceIpAddress
- subIngestionId
StatefulDetectionsContent:
description: |
Stateful detections event content
allOf:
- $ref: '#/components/schemas/BaseContent'
- type: object
properties:
ruleName:
$ref: '#/components/schemas/RuleName'
ruleType:
$ref: '#/components/schemas/RuleType'
ruleTags:
$ref: '#/components/schemas/RuleTags'
policyId:
$ref: '#/components/schemas/PolicyId'
policyOrigin:
$ref: '#/components/schemas/PolicyOrigin'
policyNotificationChannelIds:
$ref: '#/components/schemas/PolicyNotificationChannelIds'
output:
type: string
description: Event output, generated after the configured rule
example: ''
maxLength: 2048
stats:
$ref: '#/components/schemas/Stats'
sequence:
$ref: '#/components/schemas/Sequence'
fields:
allOf:
- description: List of fields populated based on the engine defaults, the rule output and the configuration
- $ref: '#/components/schemas/ArbitraryMapOfStrings'
required:
- ruleName
- ruleType
- policyId
- policyOrigin
- policyNotificationChannelIds
- output
- fields
- ruleTags
EventContent:
type: object
description: |
Event data. It contains fields from the original event and attributes generated at the engine level.
oneOf:
- $ref: '#/components/schemas/K8sAdmissionReviewContent'
- $ref: '#/components/schemas/AgentlessRuntimeDetectionContent'
- $ref: '#/components/schemas/WorkloadRuntimeDetectionContent'
- $ref: '#/components/schemas/WorkloadMlRuntimeDetectionContent'
- $ref: '#/components/schemas/AgentlessMlRuntimeDetectionContent'
- $ref: '#/components/schemas/StatefulDetectionsContent'
discriminator:
propertyName: type
mapping:
k8sAdmissionReview: '#/components/schemas/K8sAdmissionReviewContent'
agentlessRuntimeDetection: '#/components/schemas/AgentlessRuntimeDetectionContent'
workloadRuntimeDetection: '#/components/schemas/WorkloadRuntimeDetectionContent'
workloadMLRuntimeDetection: '#/components/schemas/WorkloadMlRuntimeDetectionContent'
agentlessMLRuntimeDetection: '#/components/schemas/AgentlessMlRuntimeDetectionContent'
statefulDetections: '#/components/schemas/StatefulDetectionsContent'
Event:
description: Event feed
required:
- id
- timestamp
- originator
- source
- category
- name
- description
- severity
- contentType
properties:
id:
type: string
description: The event id.
example: 15cbf54e34df95404caad1c988cf7c42
maxLength: 32
cursor:
type: string
description: |
The cursor that can be used to fetch a set of events surrounding
this same event. By providing this value as `cursor` in a GET
`secureEvents` request, you will get the set of events surrounding
this current event.
example: LTltNGUybXIwdWkzZThhMjE1bjRn
maxLength: 64
timestamp:
type: integer
format: int64
description: The event timestamp in nanoseconds.
example: 1617220000000000000
maximum: 9223372036854776000
minimum: 0
originator:
$ref: '#/components/schemas/Originator'
category:
$ref: '#/components/schemas/Category'
source:
$ref: '#/components/schemas/Source'
sourceDetails:
$ref: '#/components/schemas/SourceDetails'
rawEventOriginator:
$ref: '#/components/schemas/RawEventOriginator'
rawEventCategory:
$ref: '#/components/schemas/RawEventCategory'
engine:
$ref: '#/components/schemas/Engine'
name:
type: string
description: Name of the policy the event is generated after.
example: Launch Privileged Container
maxLength: 64
description:
type: string
description: Description of the policy the event is generated after.
example: |
Identify a container being created with privileged=true
maxLength: 1024
severity:
type: integer
format: int32
description: |
The policy severity:
- `0-3` - High
- `4-5` - Medium
- `6` - Low
- `7` - Info
minimum: 0
maximum: 7
example: 4
actions:
description: actions that have been triggered by the event
type: array
items:
$ref: '#/components/schemas/Action'
maxItems: 1000
content:
$ref: '#/components/schemas/EventContent'
labels:
$ref: '#/components/schemas/ArbitraryMapOfStrings'
ListEventsResponse:
type: object
description: The list of events matching a search criteria.
required:
- page
- data
properties:
page:
$ref: '#/components/schemas/EventsFeedPage'
data:
description: The list of events
type: array
items:
$ref: '#/components/schemas/Event'
maxItems: 20000
SupportedFilter:
type: object
description: A supported field for filtering events.
properties:
id:
type: string
description: Attribute onto which filtering is supported.
example: container.image.id
maxLength: 64
type:
$ref: '#/components/schemas/SupportedFilterType'
operands:
type: array
items:
$ref: '#/components/schemas/Operand'
description: The list of supported operands for filtering events.
maxItems: 10
minItems: 0
uniqueItems: true
required:
- id
- type
SupportedFiltersResponse:
type: object
description: The list of supported attributes for filtering events.
properties:
data:
type: array
items:
$ref: '#/components/schemas/SupportedFilter'
description: The list of supported attributes for filtering events.
maxItems: 1000
required:
- data
IntegrationType:
type: string
description: The platform to which data will be forwarded
enum:
- SYSLOG
- SPLUNK
- MCM
- QRADAR
- WEBHOOK
- KAFKA
- CHRONICLE
- SENTINEL
- SQS
- PUBSUB
- SCC
- ELASTIC
example: SYSLOG
IntegrationTypesResponse:
type: object
title: Integration types
description: The list of supported integration types
required:
- data
properties:
data:
type: array
maxItems: 32
items:
$ref: '#/components/schemas/IntegrationType'
IntegrationChannel:
type: string
description: Type of data to forward
enum:
- SECURE_EVENTS_POLICIES
- ACTIVITY_AUDIT
- MONITOR_EVENTS
- PLATFORM_AUDIT
example: ACTIVITY_AUDIT
IntegrationChannels:
type: array
description: Data types to forward. Must be compatible with the specified Integration type
maxItems: 32
items:
$ref: '#/components/schemas/IntegrationChannel'
example:
- SECURE_EVENTS_POLICIES
- ACTIVITY_AUDIT
IntegrationChannelsResponse:
type: object
title: List Integrations Channels V1
description: Integration Channels Response
required:
- data
properties:
data:
$ref: '#/components/schemas/IntegrationChannels'
BaseIntegrationPayload:
type: object
title: Integration
required:
- name
- type
properties:
name:
description: A descriptive name to give to the integration
type: string
maxLength: 512
example: name
isEnabled:
description: If the forwarding should be enabled or not
type: boolean
default: true
example: true
type:
$ref: '#/components/schemas/IntegrationType'
channels:
$ref: '#/components/schemas/IntegrationChannels'
KeyValueObject:
type: object
title: Key-value object representation
required:
- key
- value
properties:
key:
type: string
description: The key
maxLength: 512
example: mykey
value:
type: string
description: The value
maxLength: 512
example: myvalue
BaseConnectionInfoAmazonSqs:
type: object
title: Amazon SQS
required:
- region
- queue
properties:
ownerAccount:
type: string
description: The AWS account ID of the account that created the queue
maxLength: 256
example: '123456789012'
region:
type: string
description: Region in which the SQS queue is hosted
maxLength: 16
example: us-east
queue:
type: string
description: Queue name
maxLength: 16
example: sysdig-efo-queue
delay:
type: integer
description: Delay, in seconds, applied to the data
format: int64
minimum: 0
maximum: 9223372036854776000
example: 1
headers:
type: array
description: 'Extra headers to add to the payload. Each header mapping requires 2 keys: ''key'' for the header key and ''value'' for its value'
maxItems: 256
items:
$ref: '#/components/schemas/KeyValueObject'
GetAmazonSqsIntegrationResponse:
description: Get Amazon SQS Integration Response
allOf:
- $ref: '#/components/schemas/BaseIntegrationPayload'
- type: object
required:
- id
- name
- isEnabled
- type
- channels
- connectionInfo
properties:
id:
type: integer
format: int64
description: The ID of the integration
minimum: 1
maximum: 9223372036854776000
example: 1
connectionInfo:
$ref: '#/components/schemas/BaseConnectionInfoAmazonSqs'
BaseConnectionInfoChronicle:
type: object
title: Google Chronicle
properties:
region:
type: string
description: The target region
enum:
- us
- europe
- asia-southeast1
default: us
example: europe
BaseConnectionInfoChronicleV2:
type: object
title: Google Chronicle V2
properties:
region:
type: string
description: The target region
enum:
- us
- europe
- europe-west2
- europe-west3
- europe-west6
- asia-southeast1
- asia-south1
- asia-northeast1
- me-west1
- me-central2
- australia-southeast1
default: us
example: europe
chronicleCustomerId:
type: string
description: Unique identifier (UUID) corresponding to a particular Chronicle instance
example: 12345678-1234-1234-1234-123456789012
maxLength: 64
namespace:
type: string
description: User-configured environment namespace to identify the data domain the logs originated from
example: test
maxLength: 64
required:
- chronicleCustomerId
- namespace
GetChronicleIntegrationResponse:
description: Get Google Chronicle Integration Response
allOf:
- $ref: '#/components/schemas/BaseIntegrationPayload'
- type: object
required:
- id
- name
- isEnabled
- type
- channels
- connectionInfo
properties:
id:
type: integer
format: int64
description: The ID of the integration
minimum: 1
maximum: 9223372036854776000
example: 1
connectionInfo:
oneOf:
- $ref: '#/components/schemas/BaseConnectionInfoChronicle'
- $ref: '#/components/schemas/BaseConnectionInfoChronicleV2'
BaseConnectionInfoElasticsearch:
type: object
title: Connection Info Elasticsearch
required:
- endpoint
- index
properties:
endpoint:
type: string
description: Elasticsearch instance endpoint URL
maxLength: 256
example: https://elastic.mydomain.com
index:
type: string
description: Name of the index to store the data in
maxLength: 256
example: main
isInsecure:
type: boolean
description: Don't verify TLS certificate
default: false
example: false
auth:
type: string
description: Authentication method
enum:
- BASIC_AUTH
- BEARER_TOKEN
example: BASIC_AUTH
format:
type: string
description: |
If specified, transforms `content.fields` and `labels`
* `KV_PAIRS` - from objects (i.e. `{"foo": "bar", ...}`) to arrays of objects with "key" and "value" properties {i.e. `[{"key" : "foo", "value": "bar"}, ...]`)
enum:
- KV_PAIRS
example: KV_PAIRS
GetElasticsearchIntegrationResponse:
description: Get Elastic Search Integration Response
allOf:
- $ref: '#/components/schemas/BaseIntegrationPayload'
- type: object
required:
- id
- name
- isEnabled
- type
- channels
- connectionInfo
properties:
id:
type: integer
format: int64
description: The ID of the integration
minimum: 1
maximum: 9223372036854776000
example: 1
connectionInfo:
$ref: '#/components/schemas/BaseConnectionInfoElasticsearch'
BaseConnectionInfoGooglePubSub:
type: object
title: Google Pub/Sub
required:
- project
- topic
properties:
project:
type: string
description: GCP project ID hosting the target pub/sub
maxLength: 16
example: myproject
topic:
type: string
description: pub/sub topic onto which publish the data
maxLength: 16
example: mytopic
orderingKey:
type: string
description: The key to use to order the messages. Required to enable ordered delivery
maxLength: 16
example: key
attributes:
type: array
description: 'Extra headers to add to the request. Each header mapping requires 2 keys: "key" for the header key and "value" for its value'
maxItems: 128
items:
$ref: '#/components/schemas/KeyValueObject'
GetGooglePubSubIntegrationResponse:
description: Get Google Pub/Sub Integration Response
allOf:
- $ref: '#/components/schemas/BaseIntegrationPayload'
- type: object
required:
- id
- name
- isEnabled
- type
- channels
- connectionInfo
properties:
id:
type: integer
format: int64
description: The ID of the integration
minimum: 1
maximum: 9223372036854776000
example: 1
connectionInfo:
$ref: '#/components/schemas/BaseConnectionInfoGooglePubSub'
BaseConnectionInfoGoogleScc:
type: object
title: Google SCC
required:
- organization
properties:
organization:
type: string
description: ID of your GCP organization
maxLength: 16
example: myorg
securityMarks:
type: array
description: additional annotations to add to assets or findings as they get forwarded to Security Command Center
maxItems: 256
items:
$ref: '#/components/schemas/KeyValueObject'
GetGoogleSccIntegrationResponse:
description: Get Google SCC Integration Response
allOf:
- $ref: '#/components/schemas/BaseIntegrationPayload'
- type: object
required:
- id
- name
- isEnabled
- type
- channels
- connectionInfo
properties:
id:
type: integer
format: int64
description: The ID of the integration
minimum: 1
maximum: 9223372036854776000
example: 1
connectionInfo:
$ref: '#/components/schemas/BaseConnectionInfoGoogleScc'
KafkaPlaintext:
title: Plaintext
properties:
isTlsEnabled:
type: boolean
enum:
- false
example: false
KafkaTlsEncrypted:
title: TLS encrypted
properties:
isTlsEnabled:
type: boolean
enum:
- true
example: true
isInsecure:
type: boolean
description: Skip TLS certificate verification
default: false
example: false
BaseConnectionInfoKafka:
type: object
title: Kafka
required:
- brokers
- topic
properties:
brokers:
type: array
description: 'Kafka server endpoint. A Kafka cluster may provide several brokers; it follows the ''hostname: port'' (without protocol scheme).'
maxItems: 32
items:
type: string
maxLength: 256
example: kafka.mydomain.com:9091
topic:
type: string
description: Kafka topic where you want to store the forwarded data
maxLength: 256
example: mytopic
balancer:
type: string
description: Algorithm that the client uses to multiplex data between the multiple Brokers. For compatibility with the Java client, Murmur2 is used as the default partitioner
enum:
- roundrobin
- leastbytes
- hash
- crc32
- murmur2
default: murmur2
example: roundrobin
compression:
type: string
description: Compression standard used for the data
enum:
- lz4
- snappy
- zstd
- gzip
example: gzip
oneOf:
- $ref: '#/components/schemas/KafkaPlaintext'
- $ref: '#/components/schemas/KafkaTlsEncrypted'
GssapiConnectionInfoKafka:
type: object
title: Kerberos (GSSAPI) authentication
required:
- auth
- principal
- realm
- service
- krb5
properties:
auth:
type: string
description: The authentication method to optionally use. Currently supporting only GSSAPI
enum:
- gssapi
example: gssapi
principal:
type: string
description: GSSAPI principal
maxLength: 256
example: myprincipal
realm:
type: string
description: GSSAPI realm
maxLength: 256
example: myrealm
service:
type: string
description: GSSAPI Service name
maxLength: 256
example: myservice
krb5:
type: string
description: Kerberos krb5.conf file content for GSSAPI
maxLength: 1048576
example: '[libdefaults] default_realm = SYSDIG.COM default_tkt_enctypes = des3-hmac-sha1 des-cbc-crc default_tgs_enctypes = des3-hmac-sha1 des-cbc-crc dns_lookup_kdc = true dns_lookup_realm = false [realms] SYSDIG.COM = { kdc = kerberos.sysdig.com kdc = kerberos-1.sysdig.com kdc = kerberos-2.sysdig.com:750 admin_server = kerberos.sysdig.com master_kdc = kerberos.sysdig.com default_domain = sysdig.com } [domain_realm] .sysdig.com = SYSDIG.COM sysdig.com = SYSDIG.COM [logging] kdc = SYSLOG:INFO admin_server = FILE=/var/kadm5.log'
GetKafkaIntegrationResponse:
description: Get Kafka Integration Response
allOf:
- $ref: '#/components/schemas/BaseIntegrationPayload'
- type: object
required:
- id
- name
- isEnabled
- type
- channels
- connectionInfo
properties:
id:
type: integer
format: int64
description: The ID of the integration
minimum: 1
maximum: 9223372036854776000
example: 1
connectionInfo:
allOf:
- $ref: '#/components/schemas/BaseConnectionInfoKafka'
- $ref: '#/components/schemas/GssapiConnectionInfoKafka'
BaseConnectionInfoMcm:
type: object
title: IBM Multicloud Manager
required:
- endpoint
properties:
endpoint:
type: string
description: The URL, including protocol and port (if non standard), to your IBM Cloud Pak for Multicloud Management API endpoint
maxLength: 256
example: https://mcm.mydomain.com:8443
accountId:
type: string
description: IBM Account ID
maxLength: 256
default: id-mycluster-account
example: id-mycluster-account
providerId:
type: string
description: The provider the findings will be associated to
maxLength: 256
default: sysdig-secure
example: provider-id
noteName:
type: string
description: The note to use. If unspecified, a note with `policy-event` ID will be created and used
maxLength: 256
example: note-name
isInsecure:
type: boolean
description: Skip TLS certificate verification
default: false
example: false
GetMcmIntegrationResponse:
description: Get IBM Multicloud Manager Integration Response
allOf:
- $ref: '#/components/schemas/BaseIntegrationPayload'
- type: object
required:
- id
- name
- isEnabled
- type
- channels
- connectionInfo
properties:
id:
type: integer
format: int64
description: The ID of the integration
minimum: 1
maximum: 9223372036854776000
example: 1
connectionInfo:
$ref: '#/components/schemas/BaseConnectionInfoMcm'
BaseConnectionInfoMicrosoftSentinel:
type: object
title: Microsoft Sentinel
required:
- workspaceId
properties:
workspaceId:
type: string
description: Log Analytics workspace ID
maxLength: 63
example: 578aef60-81be-4d38-a278-ec77925edcf0
GetMicrosoftSentinelIntegrationResponse:
description: Get Microsoft Sentinel Integration Response
allOf:
- $ref: '#/components/schemas/BaseIntegrationPayload'
- type: object
required:
- id
- name
- isEnabled
- type
- channels
- connectionInfo
properties:
id:
type: integer
format: int64
description: The ID of the integration
minimum: 1
maximum: 9223372036854776000
example: 1
connectionInfo:
$ref: '#/components/schemas/BaseConnectionInfoMicrosoftSentinel'
BaseConnectionInfoQradar:
type: object
title: IBM QRadar
required:
- address
- port
properties:
address:
type: string
description: DNS name or IP of the QRadar instance
maxLength: 256
example: qradar.mydomain.com
port:
type: integer
description: QRadar Management Port
format: int64
minimum: 1
maximum: 65535
example: 514
isInsecure:
type: boolean
description: Don't verify TLS certificate
example: false
isTls:
type: boolean
description: Use TLS encryption
default: false
example: true
GetQradarIntegrationResponse:
description: Get IBM QRadar Integration Response
allOf:
- $ref: '#/components/schemas/BaseIntegrationPayload'
- type: object
required:
- id
- name
- isEnabled
- type
- channels
- connectionInfo
properties:
id:
type: integer
format: int64
description: The ID of the integration
minimum: 1
maximum: 9223372036854776000
example: 1
connectionInfo:
$ref: '#/components/schemas/BaseConnectionInfoQradar'
BaseConnectionInfoSplunk:
type: object
title: Splunk
required:
- endpoint
properties:
endpoint:
type: string
description: URL of the Splunk instance
maxLength: 256
example: https://splunk.mydomain.com:443/services/collector/event
sourceType:
type: string
description: Source type to override [Sysdig standard data type to source type mapping](https://docs.sysdig.com/en/forward-splunk#reference-data-categories-mapped-to-source-types)
maxLength: 256
example: cisco_syslog
index:
type: string
description: index to send data to. If unspecified, it will be used the index specified on the HTTP Event Collector configuration on Splunk
maxLength: 256
example: main
isInsecure:
type: boolean
description: Skip TLS certificate verification
example: false
certificateId:
type: integer
description: ID of a certificate stored in Sysdig's [Certificates Management tool](#tag/Certificates). Note that the RFC 5425 (TLS) protocol is required for you to see this field
format: int64
minimum: 1
maximum: 9223372036854776000
example: 1
GetSplunkIntegrationResponse:
description: Get Splunk Response
allOf:
- $ref: '#/components/schemas/BaseIntegrationPayload'
- type: object
required:
- id
- name
- isEnabled
- type
- channels
- connectionInfo
properties:
id:
type: integer
format: int64
description: The ID of the integration
minimum: 1
maximum: 9223372036854776000
example: 1
connectionInfo:
$ref: '#/components/schemas/BaseConnectionInfoSplunk'
BaseConnectionInfoSyslog:
type: object
title: Syslog
required:
- address
- port
- messageFormat
properties:
address:
type: string
description: Address of the Syslog server
maxLength: 256
example: syslog.mydomain.com
port:
type: integer
description: port of the syslog server
format: int64
minimum: 1
maximum: 65535
example: 514
messageFormat:
type: string
description: The syslog message format. RFC_5425 is TLS only
enum:
- RFC_3164
- RFC_5424
- RFC_5425
example: RFC_5424
type:
type: string
description: protocol, tcp or udp (case insensitive)
enum:
- tcp
- udp
- tls
default: tcp
example: udp
isInsecure:
type: boolean
description: Skip TLS certificate verification
default: false
example: false
formatter:
type: string
description: The message content format
enum:
- CEF
- LEEF
- JSON
default: JSON
example: JSON
certificateId:
type: integer
description: ID of a certificate stored in Sysdig's [Certificates Management tool](#tag/Certificates). Note that the RFC 5425 (TLS) protocol is required for you to see this field
format: int64
minimum: 1
maximum: 9223372036854776000
example: 1
GetSyslogIntegrationResponse:
description: Get Syslog Integration Response
allOf:
- $ref: '#/components/schemas/BaseIntegrationPayload'
- type: object
required:
- id
- name
- isEnabled
- type
- channels
- connectionInfo
properties:
id:
type: integer
format: int64
description: The ID of the integration
minimum: 1
maximum: 9223372036854776000
example: 1
connectionInfo:
$ref: '#/components/schemas/BaseConnectionInfoSyslog'
BaseConnectionInfoWebhook:
type: object
title: Webhook
required:
- endpoint
properties:
endpoint:
type: string
description: Webhook endpoint following the schema protocol
maxLength: 128
example: https://endpoint.mydomain.com
isInsecure:
type: boolean
description: Skip TLS certificate verification
default: false
example: false
headers:
type: array
description: 'Extra headers to add to the request. Each header mapping requires 2 keys: ''key'' for the header key and ''value'' for its value'
maxItems: 256
items:
$ref: '#/components/schemas/KeyValueObject'
output:
type: string
description: Payload format
enum:
- json
- ndjson
default: json
example: ndjson
timestampFormat:
type: string
description: The resolution of the "timestamp" field in the payload
enum:
- seconds
- milliseconds
- microseconds
- nanoseconds
default: nanoseconds
example: seconds
auth:
type: string
description: Authentication method
enum:
- BASIC_AUTH
- BEARER_TOKEN
- SIGNATURE
- CERTIFICATE
example: BASIC_AUTH
certificateId:
description: ID of a certificate stored in Sysdig's [Certificates Management tool](#tag/Certificates). Note that the RFC 5425 (TLS) protocol is required for you to see this field
type: integer
format: int64
minimum: 1
maximum: 9223372036854776000
example: 1
GetWebhookIntegrationResponse:
description: Get Webhook Integration Response
allOf:
- $ref: '#/components/schemas/BaseIntegrationPayload'
- type: object
required:
- id
- name
- isEnabled
- type
- channels
- connectionInfo
properties:
id:
type: integer
format: int64
description: The ID of the integration
minimum: 1
maximum: 9223372036854776000
example: 1
connectionInfo:
$ref: '#/components/schemas/BaseConnectionInfoWebhook'
IntegrationResponse:
description: Get Integration Response
oneOf:
- $ref: '#/components/schemas/GetAmazonSqsIntegrationResponse'
- $ref: '#/components/schemas/GetChronicleIntegrationResponse'
- $ref: '#/components/schemas/GetElasticsearchIntegrationResponse'
- $ref: '#/components/schemas/GetGooglePubSubIntegrationResponse'
- $ref: '#/components/schemas/GetGoogleSccIntegrationResponse'
- $ref: '#/components/schemas/GetKafkaIntegrationResponse'
- $ref: '#/components/schemas/GetMcmIntegrationResponse'
- $ref: '#/components/schemas/GetMicrosoftSentinelIntegrationResponse'
- $ref: '#/components/schemas/GetQradarIntegrationResponse'
- $ref: '#/components/schemas/GetSplunkIntegrationResponse'
- $ref: '#/components/schemas/GetSyslogIntegrationResponse'
- $ref: '#/components/schemas/GetWebhookIntegrationResponse'
discriminator:
propertyName: type
mapping:
SQS: '#/components/schemas/GetAmazonSqsIntegrationResponse'
CHRONICLE: '#/components/schemas/GetChronicleIntegrationResponse'
ELASTIC: '#/components/schemas/GetElasticsearchIntegrationResponse'
PUBSUB: '#/components/schemas/GetGooglePubSubIntegrationResponse'
SCC: '#/components/schemas/GetGoogleSccIntegrationResponse'
KAFKA: '#/components/schemas/GetKafkaIntegrationResponse'
MCM: '#/components/schemas/GetMcmIntegrationResponse'
SENTINEL: '#/components/schemas/GetMicrosoftSentinelIntegrationResponse'
QRADAR: '#/components/schemas/GetQradarIntegrationResponse'
SPLUNK: '#/components/schemas/GetSplunkIntegrationResponse'
SYSLOG: '#/components/schemas/GetSyslogIntegrationResponse'
WEBHOOK: '#/components/schemas/GetWebhookIntegrationResponse'
ListIntegrationsResponse:
type: object
title: List Integrations Response V1
required:
- data
properties:
data:
type: array
maxItems: 512
items:
$ref: '#/components/schemas/IntegrationResponse'
PrivateConnectionInfoChronicleV2:
title: Private Google Chronicle V2 Connection Info
properties:
credentialsOAuth2:
type: string
description: The Chronicle v2 OAuth2 credentials
maxLength: 1048576
example: '{ "type": "service_account", "project_id": "malachite", "client_id": "1234567", }'
CreateChronicleIntegrationConnInfoV2:
description: Create Chronicle Integration Connection V2 Info
allOf:
- $ref: '#/components/schemas/BaseConnectionInfoChronicleV2'
- type: object
required:
- credentialsOAuth2
- $ref: '#/components/schemas/PrivateConnectionInfoChronicleV2'
PrivateConnectionInfoChronicle:
title: Private Google Chronicle Connection Info
properties:
apiKey:
type: string
description: The Chronicle v1 API key
maxLength: 64
example: jeequiedahtaiSh2uM0chigheekaego8
CreateChronicleIntegrationConnInfo:
description: Create Chronicle Integration Connection Info
allOf:
- $ref: '#/components/schemas/BaseConnectionInfoChronicle'
- type: object
required:
- apiKey
deprecated: true
- $ref: '#/components/schemas/PrivateConnectionInfoChronicle'
CreateChronicleIntegrationRequest:
description: Create Chronicle Integration Request
allOf:
- $ref: '#/components/schemas/BaseIntegrationPayload'
- type: object
required:
- name
- type
- connectionInfo
properties:
connectionInfo:
title: Chronicle Create Connection Info
oneOf:
- $ref: '#/components/schemas/CreateChronicleIntegrationConnInfoV2'
- $ref: '#/components/schemas/CreateChronicleIntegrationConnInfo'
PrivateConnectionInfoElasticsearch:
title: Private ConnectionInfo Elasticsearch
properties:
auth:
type: string
description: Authentication method
enum:
- BASIC_AUTH
- BEARER_TOKEN
example: BASIC_AUTH
secret:
description: Authentication secret. To be set if auth is specified
type: string
maxLength: 256
example: Zm9vOiRhcHIxJE9GRzNYeWJwJGNrTDBGSERBa29YWUlsSDkuY3lzVDAK
AuthenticatedConnectionInfoElasticsearch:
title: Elasticsearch Authenticated Connection Info
required:
- secret
- auth
allOf:
- $ref: '#/components/schemas/BaseConnectionInfoElasticsearch'
- $ref: '#/components/schemas/PrivateConnectionInfoElasticsearch'
CreateElasticsearchIntegrationRequest:
description: Create Elasticsearch Integration Request
allOf:
- $ref: '#/components/schemas/BaseIntegrationPayload'
- type: object
required:
- name
- type
- connectionInfo
properties:
connectionInfo:
anyOf:
- $ref: '#/components/schemas/BaseConnectionInfoElasticsearch'
- $ref: '#/components/schemas/AuthenticatedConnectionInfoElasticsearch'
PrivateConnectionInfoGooglePubSub:
title: Private Google Pub/Sub Connection Info
properties:
credentialsJson:
type: string
description: JSON credentials for the service account Sysdig will use to send data
maxLength: 256
example: '{"key":"value"}'
CreateGooglePubSubIntegrationRequest:
description: Create Google Pub/Sub Integration Request
allOf:
- $ref: '#/components/schemas/BaseIntegrationPayload'
- type: object
required:
- name
- type
- connectionInfo
properties:
connectionInfo:
title: Google Pub/Sub Create Connection Info
allOf:
- $ref: '#/components/schemas/BaseConnectionInfoGooglePubSub'
- $ref: '#/components/schemas/PrivateConnectionInfoGooglePubSub'
- type: object
required:
- credentialsJson
PrivateConnectionInfoKafka:
title: Private Kafka Connection Info
properties:
keytab:
type: string
description: base64 encoded Kerberos keytab
maxLength: 1048576
example: BQIAAAA3AAEAClNZU0RJRy5DT00ABnN5c2RpZwAAAAFlhdTkAQAXABCIRvfq7o+xF60Gvdgwt1hsAAAAAQ==
AuthenticatedConnectionInfoKafka:
title: Kafka Create Authenticated Connection Info
required:
- keytab
allOf:
- $ref: '#/components/schemas/BaseConnectionInfoKafka'
- $ref: '#/components/schemas/GssapiConnectionInfoKafka'
- $ref: '#/components/schemas/PrivateConnectionInfoKafka'
CreateKafkaIntegrationRequest:
description: Create Kafka Integration Request
allOf:
- $ref: '#/components/schemas/BaseIntegrationPayload'
- type: object
required:
- name
- type
- connectionInfo
properties:
connectionInfo:
oneOf:
- $ref: '#/components/schemas/BaseConnectionInfoKafka'
- $ref: '#/components/schemas/AuthenticatedConnectionInfoKafka'
PrivateConnectionInfoMcm:
title: Private IBM Multicloud Manager Connection Info
properties:
apiKey:
type: string
description: IBM Cloud API Key
maxLength: 256
example: dohch1OhPaewoo2edaifaefahphaoMee
CreateMcmIntegrationRequest:
description: Create IBM Multicloud Manager Integration Request
allOf:
- $ref: '#/components/schemas/BaseIntegrationPayload'
- type: object
required:
- name
- type
- connectionInfo
properties:
connectionInfo:
title: IBM Multicloud Cloud Create Connection Info
allOf:
- $ref: '#/components/schemas/BaseConnectionInfoMcm'
- $ref: '#/components/schemas/PrivateConnectionInfoMcm'
- type: object
required:
- apiKey
CreateQradarIntegrationRequest:
description: Create IBM QRadar Integration Request
allOf:
- $ref: '#/components/schemas/BaseIntegrationPayload'
- type: object
required:
- name
- type
- connectionInfo
properties:
connectionInfo:
$ref: '#/components/schemas/BaseConnectionInfoQradar'
PrivateConnectionInfoGoogleScc:
title: Private Google SCC Connection Info
type: object
properties:
credentialsJson:
type: string
description: JSON credentials for the service account Sysdig will use to send data
maxLength: 256
example: '{"key":"value"}'
CreateGoogleSccIntegrationRequest:
description: Create Google SCC Integration Request
allOf:
- $ref: '#/components/schemas/BaseIntegrationPayload'
- type: object
required:
- name
- type
- connectionInfo
properties:
connectionInfo:
title: Google SCC Create Connection Info
allOf:
- $ref: '#/components/schemas/BaseConnectionInfoGoogleScc'
- $ref: '#/components/schemas/PrivateConnectionInfoGoogleScc'
- type: object
required:
- credentialsJson
PrivateConnectionInfoMicrosoftSentinel:
title: Private Microsoft Sentinel Connection Info
properties:
secret:
type: string
description: Log analytics primary key
maxLength: 256
example: b29qb29jdWIyd2F5N0FoWThzYWhuZzZhaWdoMWVlcmFoM3BoZXRvZURpZTdlaWJhCg==
CreateMicrosoftSentinelIntegrationRequest:
description: Save Microsoft Sentinel Integration Request
allOf:
- $ref: '#/components/schemas/BaseIntegrationPayload'
- type: object
required:
- name
- type
- connectionInfo
properties:
connectionInfo:
title: Microsoft Sentinel Create Connection Info
allOf:
- $ref: '#/components/schemas/BaseConnectionInfoMicrosoftSentinel'
- $ref: '#/components/schemas/PrivateConnectionInfoMicrosoftSentinel'
- type: object
required:
- secret
PrivateConnectionInfoSplunk:
title: Private Splunk Connection Info
properties:
token:
type: string
description: HTTP Event Collector Token
maxLength: 1024
example: eyJraWQiOiJzcGx1bmsuc2VjcmV0IiwiYWxnIjoiSFM1MTIiLCJ2ZXIiOiJ2MSIsInR0eXAiOiJzdGF0aWMifQ.eyJpc3MiOiJhZG1pbiBmcm9tIHNvMSIsInN1YiI6ImFkbWluIiwiYXVkIjoiVG9rZW50b3duIiwiaWRwIjoic3BsdW5rIiwianRpIjoiY2EwOGE2ODQyZDNlYzIxYjRkMTg1NDk3NTRlOGU4ZDc3YTM5MmQ3ZTE3ZGUyOGNmZGM3MWI3ODAwNWExNmU3OCIsImlhdCI6MTU1MTk5OTM0NiwiZXhwIjowLCJuYnIiOjE1NTE5OTkzNDZ9.RrZxe89qchfEtrEnG1PjTmJzO_JTtPX8xqSiSunYGylupG114KujO3-E88TtM-Tf51qtVpJydR3JSJpPfaf17w
CreateSplunkIntegrationRequest:
description: Save Splunk Integration Request
allOf:
- $ref: '#/components/schemas/BaseIntegrationPayload'
- type: object
required:
- name
- type
- connectionInfo
properties:
connectionInfo:
title: Splunk Create Connection Info
allOf:
- $ref: '#/components/schemas/BaseConnectionInfoSplunk'
- $ref: '#/components/schemas/PrivateConnectionInfoSplunk'
- type: object
required:
- token
PrivateConnectionInfoAmazonSqs:
title: Private Amazon SQS Connection Info
properties:
accessKey:
type: string
description: Access Key for authenticating on AWS to send data on the queue
maxLength: 32
example: myaccesskey
accessSecret:
type: string
description: Access Secret for authenticating on AWS to send data on the queue
maxLength: 256
example: wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY
CreateAmazonSqsIntegrationRequest:
description: Create Amazon SQS Integration Request
allOf:
- $ref: '#/components/schemas/BaseIntegrationPayload'
- type: object
required:
- name
- type
- connectionInfo
properties:
connectionInfo:
title: Amazon SQS Create Connection Info
allOf:
- $ref: '#/components/schemas/BaseConnectionInfoAmazonSqs'
- $ref: '#/components/schemas/PrivateConnectionInfoAmazonSqs'
- type: object
required:
- accessKey
- accessSecret
CreateSyslogIntegrationRequest:
description: Create Syslog Integration Request
allOf:
- $ref: '#/components/schemas/BaseIntegrationPayload'
- type: object
required:
- name
- type
- connectionInfo
properties:
connectionInfo:
$ref: '#/components/schemas/BaseConnectionInfoSyslog'
PrivateConnectionInfoWebhook:
title: Private Webhook Connection Info
properties:
secret:
type: string
description: Secret to use, according to the "auth" value.
maxLength: 128
example: eiMaimiYohrahbaeS6iaNgo8iu
AuthenticatedConnectionInfoWebhook:
title: WEBHOOK Create Authenticated Connection Info
required:
- secret
- auth
allOf:
- $ref: '#/components/schemas/BaseConnectionInfoWebhook'
- $ref: '#/components/schemas/PrivateConnectionInfoWebhook'
CreateWebhookIntegrationRequest:
title: Create Webhook Integration Request
allOf:
- $ref: '#/components/schemas/BaseIntegrationPayload'
- type: object
required:
- name
- type
- connectionInfo
properties:
connectionInfo:
anyOf:
- $ref: '#/components/schemas/BaseConnectionInfoWebhook'
- $ref: '#/components/schemas/AuthenticatedConnectionInfoWebhook'
CreateIntegrationRequest:
description: Create Integration Request
oneOf:
- $ref: '#/components/schemas/CreateChronicleIntegrationRequest'
- $ref: '#/components/schemas/CreateElasticsearchIntegrationRequest'
- $ref: '#/components/schemas/CreateGooglePubSubIntegrationRequest'
- $ref: '#/components/schemas/CreateKafkaIntegrationRequest'
- $ref: '#/components/schemas/CreateMcmIntegrationRequest'
- $ref: '#/components/schemas/CreateQradarIntegrationRequest'
- $ref: '#/components/schemas/CreateGoogleSccIntegrationRequest'
- $ref: '#/components/schemas/CreateMicrosoftSentinelIntegrationRequest'
- $ref: '#/components/schemas/CreateSplunkIntegrationRequest'
- $ref: '#/components/schemas/CreateSyslogIntegrationRequest'
- $ref: '#/components/schemas/CreateAmazonSqsIntegrationRequest'
- $ref: '#/components/schemas/CreateWebhookIntegrationRequest'
discriminator:
propertyName: type
mapping:
CHRONICLE: '#/components/schemas/CreateChronicleIntegrationRequest'
ELASTIC: '#/components/schemas/CreateElasticsearchIntegrationRequest'
PUBSUB: '#/components/schemas/CreateGooglePubSubIntegrationRequest'
KAFKA: '#/components/schemas/CreateKafkaIntegrationRequest'
MCM: '#/components/schemas/CreateMcmIntegrationRequest'
QRADAR: '#/components/schemas/CreateQradarIntegrationRequest'
SCC: '#/components/schemas/CreateGoogleSccIntegrationRequest'
SENTINEL: '#/components/schemas/CreateMicrosoftSentinelIntegrationRequest'
SPLUNK: '#/components/schemas/CreateSplunkIntegrationRequest'
SQS: '#/components/schemas/CreateAmazonSqsIntegrationRequest'
SYSLOG: '#/components/schemas/CreateSyslogIntegrationRequest'
WEBHOOK: '#/components/schemas/CreateWebhookIntegrationRequest'
UpdateChronicleIntegrationConnInfoV2:
description: Update Chronicle Integration Connection V2 Info
allOf:
- $ref: '#/components/schemas/BaseConnectionInfoChronicleV2'
- $ref: '#/components/schemas/PrivateConnectionInfoChronicleV2'
UpdateChronicleIntegrationConnInfo:
description: Update Chronicle Integration Connection Info
allOf:
- $ref: '#/components/schemas/BaseConnectionInfoChronicle'
- $ref: '#/components/schemas/PrivateConnectionInfoChronicle'
UpdateChronicleIntegrationRequest:
description: Update Chronicle Integration Request
allOf:
- $ref: '#/components/schemas/BaseIntegrationPayload'
- type: object
required:
- name
- type
- connectionInfo
properties:
connectionInfo:
title: Chronicle Update Connection Info
anyOf:
- $ref: '#/components/schemas/UpdateChronicleIntegrationConnInfoV2'
- $ref: '#/components/schemas/UpdateChronicleIntegrationConnInfo'
UpdateElasticsearchIntegrationRequest:
description: Update Elasticsearch Integration Request
allOf:
- $ref: '#/components/schemas/BaseIntegrationPayload'
- type: object
required:
- name
- type
- connectionInfo
properties:
connectionInfo:
allOf:
- $ref: '#/components/schemas/BaseConnectionInfoElasticsearch'
- $ref: '#/components/schemas/PrivateConnectionInfoElasticsearch'
UpdateGooglePubSubIntegrationRequest:
description: Update Google Pub/Sub Integration Request
allOf:
- $ref: '#/components/schemas/BaseIntegrationPayload'
- type: object
required:
- name
- type
- connectionInfo
properties:
connectionInfo:
title: Google Pub/Sub Create Connection Info
allOf:
- $ref: '#/components/schemas/BaseConnectionInfoGooglePubSub'
- $ref: '#/components/schemas/PrivateConnectionInfoGooglePubSub'
UpdateKafkaIntegrationRequest:
description: Update Kafka Integration Request
allOf:
- $ref: '#/components/schemas/BaseIntegrationPayload'
- type: object
required:
- name
- type
- connectionInfo
properties:
connectionInfo:
allOf:
- $ref: '#/components/schemas/BaseConnectionInfoKafka'
- $ref: '#/components/schemas/GssapiConnectionInfoKafka'
- $ref: '#/components/schemas/PrivateConnectionInfoKafka'
UpdateMcmIntegrationRequest:
description: Update IBM Multicloud Manager Integration Request
allOf:
- $ref: '#/components/schemas/BaseIntegrationPayload'
- type: object
required:
- name
- type
- connectionInfo
properties:
connectionInfo:
title: IBM Multicloud Cloud Create Connection Info
allOf:
- $ref: '#/components/schemas/BaseConnectionInfoMcm'
- $ref: '#/components/schemas/PrivateConnectionInfoMcm'
UpdateQradarIntegrationRequest:
description: Save IBM QRadar Integration Request
allOf:
- $ref: '#/components/schemas/BaseIntegrationPayload'
- type: object
required:
- name
- type
- connectionInfo
properties:
connectionInfo:
$ref: '#/components/schemas/BaseConnectionInfoQradar'
UpdateGoogleSccIntegrationRequest:
description: Update Google SCC Integration Request
allOf:
- $ref: '#/components/schemas/BaseIntegrationPayload'
- type: object
required:
- name
- type
- connectionInfo
properties:
connectionInfo:
title: Google SCC Create Connection Info
allOf:
- $ref: '#/components/schemas/BaseConnectionInfoGoogleScc'
- $ref: '#/components/schemas/PrivateConnectionInfoGoogleScc'
UpdateMicrosoftSentinelIntegrationRequest:
description: Update Microsoft Sentinel Integration Request
allOf:
- $ref: '#/components/schemas/BaseIntegrationPayload'
- type: object
required:
- name
- type
- connectionInfo
properties:
connectionInfo:
title: Microsoft Sentinel Update Connection Info
allOf:
- $ref: '#/components/schemas/BaseConnectionInfoMicrosoftSentinel'
- $ref: '#/components/schemas/PrivateConnectionInfoMicrosoftSentinel'
UpdateSplunkIntegrationRequest:
description: Update Splunk Integration Request
allOf:
- $ref: '#/components/schemas/BaseIntegrationPayload'
- type: object
required:
- name
- type
- connectionInfo
properties:
connectionInfo:
title: Splunk Update Connection Info
allOf:
- $ref: '#/components/schemas/BaseConnectionInfoSplunk'
- $ref: '#/components/schemas/PrivateConnectionInfoSplunk'
UpdateAmazonSqsIntegrationRequest:
description: Update Amazon SQS Integration Request
allOf:
- $ref: '#/components/schemas/BaseIntegrationPayload'
- type: object
required:
- name
- type
- connectionInfo
properties:
connectionInfo:
title: Amazon SQS Update Connection Info
allOf:
- $ref: '#/components/schemas/BaseConnectionInfoAmazonSqs'
- $ref: '#/components/schemas/PrivateConnectionInfoAmazonSqs'
UpdateSyslogIntegrationRequest:
description: Update Syslog Integration Request
allOf:
- $ref: '#/components/schemas/BaseIntegrationPayload'
- type: object
required:
- name
- type
- connectionInfo
properties:
connectionInfo:
$ref: '#/components/schemas/BaseConnectionInfoSyslog'
UpdateWebhookIntegrationRequest:
description: Update Webhook Integration Request
allOf:
- $ref: '#/components/schemas/BaseIntegrationPayload'
- type: object
required:
- name
- type
- connectionInfo
properties:
connectionInfo:
allOf:
- $ref: '#/components/schemas/BaseConnectionInfoWebhook'
- $ref: '#/components/schemas/PrivateConnectionInfoWebhook'
UpdateIntegrationRequest:
description: Update Integration Request
oneOf:
- $ref: '#/components/schemas/UpdateChronicleIntegrationRequest'
- $ref: '#/components/schemas/UpdateElasticsearchIntegrationRequest'
- $ref: '#/components/schemas/UpdateGooglePubSubIntegrationRequest'
- $ref: '#/components/schemas/UpdateKafkaIntegrationRequest'
- $ref: '#/components/schemas/UpdateMcmIntegrationRequest'
- $ref: '#/components/schemas/UpdateQradarIntegrationRequest'
- $ref: '#/components/schemas/UpdateGoogleSccIntegrationRequest'
- $ref: '#/components/schemas/UpdateMicrosoftSentinelIntegrationRequest'
- $ref: '#/components/schemas/UpdateSplunkIntegrationRequest'
- $ref: '#/components/schemas/UpdateAmazonSqsIntegrationRequest'
- $ref: '#/components/schemas/UpdateSyslogIntegrationRequest'
- $ref: '#/components/schemas/UpdateWebhookIntegrationRequest'
discriminator:
propertyName: type
mapping:
CHRONICLE: '#/components/schemas/UpdateChronicleIntegrationRequest'
ELASTIC: '#/components/schemas/UpdateElasticsearchIntegrationRequest'
PUBSUB: '#/components/schemas/UpdateGooglePubSubIntegrationRequest'
KAFKA: '#/components/schemas/UpdateKafkaIntegrationRequest'
MCM: '#/components/schemas/UpdateMcmIntegrationRequest'
QRADAR: '#/components/schemas/UpdateQradarIntegrationRequest'
SCC: '#/components/schemas/UpdateGoogleSccIntegrationRequest'
SENTINEL: '#/components/schemas/UpdateMicrosoftSentinelIntegrationRequest'
SPLUNK: '#/components/schemas/UpdateSplunkIntegrationRequest'
SQS: '#/components/schemas/UpdateAmazonSqsIntegrationRequest'
SYSLOG: '#/components/schemas/UpdateSyslogIntegrationRequest'
WEBHOOK: '#/components/schemas/UpdateWebhookIntegrationRequest'
PoliciesSummaryEntry:
type: object
description: A Policy summary that indicates whether a policy failed or passed.
required:
- id
- name
- isPassed
properties:
id:
type: integer
description: Policy Id
example: 2
format: int64
minimum: 1
maximum: 9223372036854776000
name:
type: string
description: Policy Name
example: Sysdig Kubernetes
maxLength: 256
isPassed:
type: boolean
description: True for passed, false for failed
example: false
PosturePolicySummary:
type: object
description: The posture policy summary
required:
- passPercentage
- policies
properties:
passPercentage:
type: integer
description: Percentage of policies passing
format: int32
example: 0
minimum: 0
maximum: 100
policies:
type: array
description: The policies list
items:
$ref: '#/components/schemas/PoliciesSummaryEntry'
maxItems: 10000
VulnerabilitySummary:
required:
- criticalSeverityCount
- highSeverityCount
- mediumSeverityCount
- lowSeverityCount
- negligibleSeverityCount
- hasExploit
properties:
criticalSeverityCount:
format: int32
type: integer
example: 1
minimum: 0
maximum: 2147483647
description: Number of critical severity vulnerabilities
highSeverityCount:
format: int32
type: integer
example: 2
minimum: 0
maximum: 2147483647
description: Number of high severity vulnerabilities
mediumSeverityCount:
format: int32
type: integer
example: 3
minimum: 0
maximum: 2147483647
description: Number of medium severity vulnerabilities
lowSeverityCount:
format: int32
type: integer
example: 4
minimum: 0
maximum: 2147483647
description: Number of low severity vulnerabilities
negligibleSeverityCount:
format: int32
type: integer
example: 5
minimum: 0
maximum: 2147483647
description: Number of negligible severity vulnerabilities
hasExploit:
type: boolean
example: true
description: Indicates if a resource has an exploit
type: object
description: Vulnerability summary of a resource
InventoryZone:
type: object
description: a Zone
required:
- id
- name
properties:
id:
type: integer
description: The zone identifier
example: 1
format: int64
minimum: 1
maximum: 9223372036854776000
name:
type: string
description: The zone name
example: Entire Infrastructure
maxLength: 256
ContainerInfo:
required:
- podName
- containerId
- containerName
description: Kubernetes container information.
properties:
podName:
type: string
description: Pod name
example: nginx
maxLength: 63
containerId:
type: string
description: Container id.
example: 1b883a5d-06c7-4e90-9973-d42d9889de27
maxLength: 64
containerName:
type: string
description: Container name.
example: my-app
maxLength: 253
pullString:
type: string
description: Pull string for image used for the container.
example: redis/redis:1.0.0
maxLength: 1024
InventoryResource:
required:
- hash
- name
- platform
- type
- category
- lastSeen
- labels
- metadata
- resourceOrigin
- zones
description: An Inventory Resource
properties:
hash:
type: string
description: Resource unique identifier
example: 62e348b71acd7be14a4bdfcc
maxLength: 64
name:
type: string
description: Resource name
example: kube-proxy
maxLength: 8192
platform:
type: string
description: The resource platform (such as AWS, GCP, Kubernetes, or Azure)
example: Kubernetes
maxLength: 256
type:
type: string
description: The resource type
example: DaemonSet
maxLength: 256
category:
type: string
example: Compute
description: The resource category
maxLength: 256
lastSeen:
type: integer
description: Last scan date as unix timestamp
example: 1660742138
format: int64
minimum: 0
maximum: 9223372036854776000
isExposed:
type: boolean
description: Indicates if a resource is exposed to the internet
example: true
validatedExposure:
type: boolean
description: Indicates if a resource which is exposed to the internet could be reach by our network exposure validator
example: true
labels:
type: array
items:
type: string
example: env:Prod
maxLength: 8192
description: The resource labels
maxItems: 10000
metadata:
type: object
description: The resource metadata
example:
cluster: risks-aws-eks-liverisks
containerNames:
- kube-proxy
distribution: EKS
distributionVersion: '1.29'
imagesCount: '1'
namespace: kube-system
pullStrings:
- 602401143452.dkr.ecr.us-east-1.amazonaws.com/eks/kube-proxy:v1.29.0-minimal-eksbuild.1
resourceOrigin:
type: string
description: Where a resource was collected (Code, Deployed)
example: Deployed
maxLength: 256
posturePolicySummary:
$ref: '#/components/schemas/PosturePolicySummary'
vulnerabilitySummary:
$ref: '#/components/schemas/VulnerabilitySummary'
inUseVulnerabilitySummary:
$ref: '#/components/schemas/VulnerabilitySummary'
zones:
type: array
description: Resource zones
items:
$ref: '#/components/schemas/InventoryZone'
maxItems: 10000
configApiEndpoint:
type: string
example: /api/cspm/v1/kube/resource?resourceHash=62e348b71acd7be14a4bdfcc&resourceKind=DaemonSet
maxLength: 512
description: A link that provides the resource configuration.
postureControlSummaryApiEndpoint:
type: string
description: A link that provides the posture control summary.
example: /api/cspm/v1/kube/resource?fields=posturecontrolsummary%2Chash%2Cname%2Cplatform%2Ctype%2Cmetadata%2Cresourceorigin%2Ccategory%2Clastseen&resourceHash=62e348b71acd7be14a4bdfcc&resourceKind=DaemonSet
maxLength: 512
vmApiEndpoint:
type: string
description: A link that provides vulnerability management information about an image (Images only).
example: /api/scanning/runtime/v2/workflows/results?cursor&filter=freeText%20in%20%28%222cfced35cf83d6cdcdcd2f4ac103ab620976cb507be8779a53224d31d2a1f227%22%29&limit=100&order=desc&sort=runningVulnsBySev&zones
maxLength: 512
containerInfo:
type: array
description: List of containers (with some of kubernetes metadata) belonging to this kubernetes workload. If resource is not kubernetes workload this fild will be empty.
items:
$ref: '#/components/schemas/ContainerInfo'
maxItems: 10000
type: object
InventoryPage:
description: The total number of pages the matched the filter, and the next and previous page numbers.
required:
- total
properties:
next:
format: int32
type: integer
example: 3
description: The next page
minimum: 2
maximum: 2147483647
previous:
format: int32
type: integer
example: 1
description: The previous page
minimum: 1
maximum: 2147483646
total:
format: int32
type: integer
example: 5
description: Total page count
minimum: 0
maximum: 2147483647
type: object
InventoryResourceResponse:
description: A paged response of resources that match the filter.
required:
- data
- page
properties:
data:
items:
$ref: '#/components/schemas/InventoryResource'
maxItems: 10000
type: array
description: The resources that matches the filter
page:
$ref: '#/components/schemas/InventoryPage'
type: object
Image:
description: An Image resource that returns as part of of the image summary.
required:
- hash
- name
- type
- pullString
- vulnerabilitySummary
- inUseVulnerabilitySummary
- vmApiEndpoint
properties:
hash:
type: string
description: Resource unique identifier
example: 62e348b71acd7be14a4bdfcc
maxLength: 64
name:
type: string
description: Resource name
example: prometheus-server
maxLength: 8192
type:
type: string
description: The resource type
example: Container
maxLength: 256
pullString:
type: string
description: The pull string for the image.
example: quay.io/prometheus/prometheus:v2.49.1
maxLength: 8192
vulnerabilitySummary:
$ref: '#/components/schemas/VulnerabilitySummary'
inUseVulnerabilitySummary:
$ref: '#/components/schemas/VulnerabilitySummary'
vmApiEndpoint:
type: string
description: A link that provides vulnerability management information about an image (Images only).
example: /api/scanning/runtime/v2/workflows/results?cursor&filter=freeText%20in%20%28%222cfced35cf83d6cdcdcd2f4ac103ab620976cb507be8779a53224d31d2a1f227%22%29&limit=100&order=desc&sort=runningVulnsBySev&zones
maxLength: 512
InventoryResourceExtended:
description: Extended information about an Inventory Resource
allOf:
- $ref: '#/components/schemas/InventoryResource'
- type: object
properties:
imageSummary:
type: array
description: Images used by the workload (Workloads only)
items:
$ref: '#/components/schemas/Image'
maxItems: 10000
VulnerabilityManagementPage:
type: object
description: API paging response
properties:
total:
type: integer
format: int
description: Total of scans
example: 1
minimum: 0
maximum: 2147483647
next:
type: string
description: Next cursor for pagination
example: MTI0MjM0Cg==
maxLength: 300
VulnTotalBySeverity:
type: object
description: total vulnerabilities by severity
properties:
critical:
type: integer
format: int
description: number of critical vulnerabilities
minimum: 0
maximum: 9223372036854776000
example: 12345
high:
type: integer
format: int
description: number of high severity vulnerabilities
minimum: 0
maximum: 9223372036854776000
example: 12345
medium:
type: integer
format: int
description: number of medium severity vulnerabilities
minimum: 0
maximum: 9223372036854776000
example: 12345
low:
type: integer
format: int
description: number of low severity vulnerabilities
minimum: 0
maximum: 9223372036854776000
example: 12345
negligible:
type: integer
format: int
description: number of negligible severity vulnerabilities
minimum: 0
maximum: 9223372036854776000
example: 12345
CreatedAt:
type: string
format: string
example: '2024-01-22T08:51:46.016464Z'
description: datetime of creation
maxLength: 100
RegistryResult:
type: object
title: RegistryResult
description: Registry result
properties:
resultId:
type: string
description: Identifier of the scan result
example: scan-1234
maxLength: 255
imageId:
type: string
description: Identifier of the image (hash).
example: sha256:a1b2c3d4e5f6g7h8i9j0k1l2m3n4o5p6q7r8s9t0u1v2w3x4y5z6
maxLength: 255
vendor:
type: string
description: Identifier the vendor of the image
example: dockerv2
maxLength: 255
pullString:
type: string
description: Name of the scanned asset
example: index.docker.io/nginx:latest
maxLength: 2048
vulnTotalBySeverity:
$ref: '#/components/schemas/VulnTotalBySeverity'
createdAt:
$ref: '#/components/schemas/CreatedAt'
RegistryResultsResponse:
type: object
description: registry results response
properties:
page:
$ref: '#/components/schemas/VulnerabilityManagementPage'
data:
type: array
minItems: 0
maxItems: 1000
items:
$ref: '#/components/schemas/RegistryResult'
CallerId:
type: string
description: The ID of the user that executed the Response action.
example: Mary-Response
maxLength: 128
ResponseActionType:
description: |
The name of the Response Action to execute.
It may be one of the following:
- KILL_PROCESS
- KILL_CONTAINER
- STOP_CONTAINER
- PAUSE_CONTAINER
- FILE_QUARANTINE
- FILE_ACQUIRE
- UNPAUSE_CONTAINER
- FILE_UNQUARANTINE
- START_CONTAINER
- DELETE_POD
- ROLLOUT_RESTART
- KUBERNETES_VOLUME_SNAPSHOT
- KUBERNETES_DELETE_VOLUME_SNAPSHOT
- GET_LOGS
- ISOLATE_NETWORK
- DELETE_NETWORK_POLICY
The following actions serve as the undo for previous actions:
- START_CONTAINER: undo for STOP_CONTAINER\
- UNPAUSE_CONTAINER: undo for PAUSE_CONTAINER\
- FILE_UNQUARANTINE: undo for FILE_QUARANTINE\
- KUBERNETES_DELETE_VOLUME_SNAPSHOT: undo for KUBERNETES_VOLUME_SNAPSHOT\
- DELETE_NETWORK_POLICY: undo for ISOLATE_NETWORK\
Do not use undo actions in [submitActionExecutionv1](#tag/Response-actions/operation/submitActionExecutionv1).
You can execute an undo actions using the service [undoActionExecutionV1](#tag/Response-actions/operation/undoActionExecutionV1).
type: string
example: KILL_PROCESS
maxLength: 64
ResponderType:
description: The type of Responder executing an action.
type: string
enum:
- HOST
- CLUSTER
- CLOUD
example: HOST
ExecutionContext:
description: |
The context in which the Response Action is executed.\
It may contain additional information on the Response Action being executed, such as the host name or the MAC address.\
For example:\
```json
{
"host.hostName": "my-host",
"host.mac": "00:00:00:00:00:00",
"host.id": "abc123"
}
```
additionalProperties:
type: string
maxLength: 1024
ActionExecutionStringParameterValue:
type: string
maxLength: 512
description: The value of a string parameter.
example: https://qa-automation-custom-bucket-foo-bar.a0.xx-yyy-3.baz.com/responseactions/121517/8745b945-7e47-4641-9ed6-1bf7088350e3/foo2?X-Amz-Algorithm=ABC1-DEFG-HIJ123&X-Ywz-Date=12345678T123456Z&X-Ywz-FooBarBaz=xxx&X-Zyx-Qwerty=12345&X-Ywz-FooBar=FOOBARFOOBAR%2F12345678%2Fxx-yyyy-3%2Fs3%2Fabc4_request&X-Xyz-Foobar=6bb3e135165186c148efee4b6c81866b39213b3476499a1f9e303e744f51c7e1
pattern: ^[\x20-\x7E]*$
ActionExecutionIntParameterValue:
type: integer
format: int64
maximum: 9223372036854776000
minimum: -9223372036854776000
description: The value of an int parameter.
example: -1
ActionExecutionParameterValue:
description: The value of a parameter.
oneOf:
- $ref: '#/components/schemas/ActionExecutionStringParameterValue'
- $ref: '#/components/schemas/ActionExecutionIntParameterValue'
- type: boolean
description: The value of a boolean parameter.
example: true
ActionExecutionParameters:
description: The parameters used to request the Response Action execution.
additionalProperties:
$ref: '#/components/schemas/ActionExecutionParameterValue'
ActionExecutionOutputs:
description: The parameters used to request the Response Action execution.
additionalProperties:
$ref: '#/components/schemas/ActionExecutionParameterValue'
Failure:
description: The reason a Response Action failed to execute.
required:
- failureReason
- logMessage
properties:
failureReason:
type: string
description: The reason for the failure.
example: forbidden
maxLength: 64
logMessage:
type: string
description: The log message of the action failure.
example: Could not execute the action.
maxLength: 1024
ActionExecutionStatus:
description: The status of the action execution.
type: string
enum:
- ENQUEUED
- IN_PROGRESS
- COMPLETED
- FAILED
example: COMPLETED
ActionExecution:
description: The submitted Response Action.
required:
- id
- actionType
- responderType
- executionContext
- parameters
- status
- createdAt
properties:
id:
type: string
description: The ID of the Response Action.
example: b137bf86-399f-43f7-8d2b-53060af4da9f
maxLength: 64
callerId:
$ref: '#/components/schemas/CallerId'
actionType:
$ref: '#/components/schemas/ResponseActionType'
responderType:
$ref: '#/components/schemas/ResponderType'
executionContext:
$ref: '#/components/schemas/ExecutionContext'
parameters:
$ref: '#/components/schemas/ActionExecutionParameters'
outputs:
$ref: '#/components/schemas/ActionExecutionOutputs'
failure:
$ref: '#/components/schemas/Failure'
status:
$ref: '#/components/schemas/ActionExecutionStatus'
userId:
type: integer
description: The ID of the user that submitted the Response Action.
example: 1234
format: int64
minimum: 0
maximum: 9223372036854776000
createdAt:
type: string
format: date-time
description: The date and time the Response Action was submitted.
example: '2020-01-01T00:00:00Z'
maxLength: 64
updatedAt:
type: string
format: date-time
description: The date and time the Response Action was last updated.
example: '2020-01-01T00:00:00Z'
maxLength: 64
actionExecutionIdBeingUndone:
type: string
description: The ID of the Response Action being undone.
example: b137bf86-399f-43f7-8d2b-53060af4da9f
maxLength: 64
ActionExecutions:
description: A list of Response Action executions.
required:
- data
properties:
data:
type: array
items:
$ref: '#/components/schemas/ActionExecution'
maxItems: 1000
description: The list of Response Actions.
SubmitActionExecutionRequest:
description: The request for the execution of a Response Action.
required:
- actionType
- parameters
properties:
actionType:
$ref: '#/components/schemas/ResponseActionType'
callerId:
$ref: '#/components/schemas/CallerId'
parameters:
$ref: '#/components/schemas/ActionExecutionParameters'
ActionParameterName:
type: string
maxLength: 200
description: The name of the parameter.
example: container.id
pattern: ^[a-zA-Z\._]*$
ParameterType:
description: |
The type of an Response Action parameter.\
It may assume the following values:\
* string\
* integer\
* boolean\
This list of possible values may grow in the future.
type: string
example: integer
maxLength: 20
ActionParameterMetadata:
description: Metadata that describes a parameter to be submitted for a Response Action execution.
required:
- name
- description
- type
- required
properties:
name:
$ref: '#/components/schemas/ActionParameterName'
description:
type: string
maxLength: 1024
description: The description of the parameter.
example: A container id
type:
$ref: '#/components/schemas/ParameterType'
required:
type: boolean
description: If `true`, the parameter is mandatory.
example: true
OutputParameterName:
type: string
maxLength: 200
description: The name of the output parameter.
example: quarantined_file_path
pattern: ^[a-zA-Z\._]*$
ActionOutputsMetadata:
description: Metadata that describes a parameter returned by a Response Action execution.
required:
- name
- description
- type
- required
properties:
name:
$ref: '#/components/schemas/OutputParameterName'
description:
type: string
maxLength: 1024
description: The description of the output parameter.
example: An absolute path
type:
$ref: '#/components/schemas/ParameterType'
required:
type: boolean
description: If `true`, the parameter is mandatory.
example: true
ResponseAction:
description: The action metadata
required:
- type
- responderType
- parameters
- description
- isUndoable
properties:
type:
$ref: '#/components/schemas/ResponseActionType'
responderType:
$ref: '#/components/schemas/ResponderType'
parameters:
type: array
items:
$ref: '#/components/schemas/ActionParameterMetadata'
maxItems: 100
description: the list of parameters that the action supports
outputs:
type: array
items:
$ref: '#/components/schemas/ActionOutputsMetadata'
maxItems: 100
description:
type: string
description: The description of the action.
maxLength: 1024
example: Kill a container
isUndoable:
type: boolean
description: Whether the action is undoable.
example: true
Actions:
description: A list of Response Actions
required:
- data
properties:
data:
type: array
items:
$ref: '#/components/schemas/ResponseAction'
maxItems: 1000
description: The list of Response Actions.
Scope:
type: object
description: Scope labels that define the asset
example:
asset.type: workload
kubernetes.cluster.name: prod-cluster-00
kubernetes.namespace.name: foo
kubernetes.workload.name: bar
kubernetes.workload.type: deployment
PolicyEvaluationResult:
type: string
description: Policy evaluation result
example: passed
enum:
- passed
- failed
- accepted
- noPolicy
- notApplicable
RuntimeResult:
type: object
title: RuntimeResult
description: Runtime result
properties:
scope:
$ref: '#/components/schemas/Scope'
resultId:
type: string
description: Identifier of the scan result
example: scan-1234
maxLength: 255
resourceId:
type: string
description: 'Identifier of the scanned resource: it will be the image ID for container images or the host ID for hosts.'
example: sha256:a1b2c3d4e5f6g7h8i9j0k1l2m3n4o5p6q7r8s9t0u1v2w3x4y5z6
maxLength: 255
sbomId:
type: string
nullable: true
description: Identifier of the sbom
example: sbom-1234
maxLength: 255
mainAssetName:
type: string
description: Name of the scanned asset
example: nginx:latest
maxLength: 255
runningVulnTotalBySeverity:
$ref: '#/components/schemas/VulnTotalBySeverity'
vulnTotalBySeverity:
$ref: '#/components/schemas/VulnTotalBySeverity'
policyEvaluationResult:
$ref: '#/components/schemas/PolicyEvaluationResult'
isRiskSpotlightEnabled:
type: boolean
description: Whether risk spotlight is enabled or not
example: true
RuntimeResultsResponse:
type: object
description: runtime results response
properties:
page:
$ref: '#/components/schemas/VulnerabilityManagementPage'
data:
type: array
minItems: 0
maxItems: 1000
items:
$ref: '#/components/schemas/RuntimeResult'
PipelineResult:
type: object
description: pipeline result
properties:
policyEvaluationResult:
$ref: '#/components/schemas/PolicyEvaluationResult'
resultId:
type: string
description: Identifier of the scan result
example: scan-1234
maxLength: 255
pullString:
type: string
maxLength: 2048
description: image pull string
example: nginx:latest
vulnTotalBySeverity:
$ref: '#/components/schemas/VulnTotalBySeverity'
imageId:
type: string
description: Identifier of the image (hash).
example: sha256:a1b2c3d4e5f6g7h8i9j0k1l2m3n4o5p6q7r8s9t0u1v2w3x4y5z6
maxLength: 255
createdAt:
$ref: '#/components/schemas/CreatedAt'
PipelineResultsResponse:
type: object
description: pipeline results
properties:
page:
$ref: '#/components/schemas/VulnerabilityManagementPage'
data:
type: array
minItems: 0
maxItems: 1000
items:
$ref: '#/components/schemas/PipelineResult'
ImageMetadata:
title: ImageMetadata
properties:
pullString:
type: string
maxLength: 2048
description: image pull string
example: nginx:latest
imageId:
type: string
maxLength: 255
description: image id
example: sha256:77af4d6b9913e693e8d0b4b294fa62ade6054e6b2f1ffb617ac955dd63fb0182
digest:
type: string
maxLength: 255
description: image digest
example: sha256:77af4d6b9913e693e8d0b4b294fa62ade6054e6b2f1ffb617ac955dd63fb0182
baseOs:
type: string
maxLength: 255
description: image base os
example: debian
size:
type: integer
format: int64
description: image size in bytes
minimum: 0
maximum: 9223372036854776000
example: 10240
os:
type: string
description: image os
maxLength: 255
example: debian
architecture:
type: string
description: image architecture
example: arm64
enum:
- ppc64
- '386'
- amd64
- arm
- arm64
- wasm
- loong64
- mips
- mipsle
- mips64
- mips64le
- ppc64le
- riscv64
- s390x
labels:
type: object
example:
key: value
description: image labels
author:
type: string
description: image author
example: sysdig
maxLength: 255
createdAt:
$ref: '#/components/schemas/CreatedAt'
additionalProperties: false
type: object
required:
- pullString
- imageId
- baseOs
- size
- os
- createdAt
HostMetadata:
title: HostMetadata
type: object
required:
- hostId
- hostName
- os
additionalProperties: false
properties:
architecture:
type: string
maxLength: 128
description: host architecture
example: x86_64
hostId:
type: string
maxLength: 1024
description: host id
example: fa71009b1b1b4b1b9b1b1b1b1b1b1b1b
hostName:
type: string
maxLength: 1024
description: host name
example: ip-xxx-xx-x-x.ec2.internal
os:
type: string
maxLength: 1024
description: host os
example: debian
Package:
title: Package
properties:
type:
type: string
maxLength: 255
example: os
description: |-
scan result package type, example values are:
- os
- rust
- java
- ruby
- javascript
- python
- php
- golang
- C#
name:
type: string
maxLength: 255
description: name of the package
example: openssl
isRunning:
type: boolean
description: whether the package is used by a running process
example: true
isRemoved:
type: boolean
description: whether the package has been removed
example: true
version:
type: string
example: 1.2.3
description: version of the affected package
maxLength: 255
license:
type: string
description: license of the package
example: MIT
maxLength: 255
path:
type: string
description: path of the package
example: /usr/local/bin/openssl
maxLength: 1024
suggestedFix:
type: string
description: suggested fix for the package
maxLength: 1024
example: 1.2.3
layerRef:
type: string
description: reference to layer
maxLength: 1024
example: l-123124
riskAcceptRefs:
nullable: true
description: Reference to the accepted risk.
items:
type: string
maxLength: 255
example: e6b4b0d3255bfef
type: array
minItems: 0
maxItems: 2147483647
vulnerabilitiesRefs:
type: array
nullable: true
description: reference to vulnerabilities of the package
minItems: 0
maxItems: 8192
items:
type: string
maxLength: 1024
example: 71af37c6a8f2772
additionalProperties: false
type: object
required:
- type
- name
- version
CvssScore:
title: CvssScore
properties:
version:
type: string
example: 3.0.0
maxLength: 255
score:
type: number
format: float
example: 1
description: CVSS score
vector:
type: string
maxLength: 1024
description: attack vector
example: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
additionalProperties: false
type: object
required:
- version
- score
Exploit:
title: Exploit
properties:
publicationDate:
type: string
format: date-time
description: exploit publication date
example: '2024-01-22T08:51:46.00Z'
maxLength: 255
links:
items:
type: string
maxLength: 8192
description: link to exploit
example: https://sysdig.com/exploits/12345
type: array
minItems: 0
maxItems: 8192
additionalProperties: false
type: object
required:
- links
Vulnerability:
title: Vulnerability
properties:
name:
type: string
example: CVE-2021-1234
maxLength: 255
severity:
type: string
example: critical
enum:
- critical
- high
- medium
- low
- negligible
cvssScore:
$ref: '#/components/schemas/CvssScore'
disclosureDate:
type: string
format: date
maxLength: 10
example: '2021-01-02'
solutionDate:
type: string
format: date
maxLength: 10
example: '2021-01-02'
exploitable:
type: boolean
example: true
exploit:
$ref: '#/components/schemas/Exploit'
fixVersion:
type: string
maxLength: 255
example: 1.2.3
mainProvider:
type: string
maxLength: 255
example: vulndb
packageRef:
type: string
maxLength: 255
description: reference to the affected package
example: 2772f8a6c73fa17
riskAcceptRefs:
nullable: true
items:
type: string
description: reference to the accepted risk
maxLength: 255
example: e6b4b0d3255bfef
type: array
minItems: 0
maxItems: 2147483647
providersMetadata:
type: object
nullable: true
example:
first.org:
epssScore:
score: 0.00042
percentile: 0.05089
timestamp: '2024-12-04T00:00:00Z'
nvd:
cvssScore:
version: '3.1'
vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
score: 5.5
publicationDate: '2024-09-04T19:15:30.77Z'
severity: medium
rhel:
cvssScore:
version: '3.1'
vector: AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
score: 5.5
severity: medium
cisaKev:
type: object
example:
publishDate: '2023-12-06'
dueDate: '2023-10-31'
knownRansomwareCampaignUse: 'false'
additionalProperties: false
type: object
required:
- name
- severity
- cvssScore
- exploitable
Layer:
title: Layer
properties:
index:
type: integer
format: int64
example: 50
description: layer's index
minimum: 0
maximum: 2147483647
digest:
type: string
example: sha256:55f2611539bc5c771a4848183bb3d29af95aa9ae66563e7e808b7501659f5c50
description: sha256 digest of the layer
maxLength: 255
size:
type: integer
nullable: true
format: int64
example: 50
description: size of the layer in bytes
minimum: 0
maximum: 9223372036854776000
command:
type: string
nullable: true
example: COPY docker-entrypoint.sh
description: layer command
maxLength: 65535
baseImagesRef:
type: array
description: base images refs
minItems: 0
maxItems: 1024
items:
type: string
example: a3ee5e6b4b0d3255bf
maxLength: 255
additionalProperties: false
type: object
required:
- digest
BaseImage:
title: Base Image
type: object
additionalProperties: false
properties:
pullStrings:
type: array
minItems: 0
maxItems: 2048
items:
type: string
maxLength: 2048
example: alpine:latest
Predicate:
title: Predicate
type: object
properties:
type:
type: string
description: predicate type
maxLength: 255
example: vulnIsFixable
extra:
type: object
nullable: true
ImageConfigFailure:
title: Image Configuration Failure
properties:
description:
type: string
maxLength: 255
description: image configuration failure description
example: failure description
remediation:
type: string
maxLength: 255
description: image configuration failure remediation
example: update image
arguments:
type: object
example:
version: '1.0'
packageRef:
type: string
maxLength: 255
description: reference to the affected package
example: p-1234123
vulnerabilityRef:
type: string
maxLength: 255
description: reference to the vulnerability
example: vuln-12031024120910259
riskAcceptRefs:
description: list of accepted risks for the failure
items:
type: string
description: reference to the accepted risk
maxLength: 255
example: ra-1234123
type: array
minItems: 0
maxItems: 2147483647
additionalProperties: false
type: object
required:
- remediation
- arguments
PkgVulnFailure:
title: Package Vulnerability Failure
properties:
description:
type: string
description: description of the failure
maxLength: 1024
example: description
packageRef:
type: string
maxLength: 255
description: reference to the affected package
example: 2772f8a6c73fa17
vulnerabilityRef:
type: string
maxLength: 255
description: reference to the vulnerability
example: 71af37c6a8f2772
riskAcceptRefs:
description: list of accepted risks for the failure
items:
type: string
description: reference to the accepted risk
maxLength: 255
example: e6b4b0d3255bfef
type: array
minItems: 0
maxItems: 2147483647
additionalProperties: false
type: object
required:
- description
Rule:
title: Rule
properties:
ruleId:
type: string
description: rule's id
maxLength: 255
example: 1234A
ruleType:
type: string
description: rule type
maxLength: 255
example: vulnDenyList
evaluationResult:
type: string
description: result of rule evaluation
enum:
- passed
- failed
- notApplicable
- accepted
example: passed
predicates:
description: list of rule's predicates
nullable: true
items:
$ref: '#/components/schemas/Predicate'
type: array
minItems: 0
maxItems: 2147483647
failureType:
type: string
example: pkgVulnFailure
description: rule failure type
enum:
- pkgVulnFailure
- imageConfigFailure
description:
type: string
description: rule description
example: rule description
maxLength: 255
failures:
description: list of rule failures
items:
anyOf:
- $ref: '#/components/schemas/ImageConfigFailure'
- $ref: '#/components/schemas/PkgVulnFailure'
type: array
minItems: 0
maxItems: 2147483647
additionalProperties: false
type: object
required:
- ruleType
- failureType
- description
Bundle:
title: Bundle
type: object
properties:
name:
type: string
description: Name of the bundle
maxLength: 255
example: Severe vulnerabilities with a Fix
identifier:
type: string
maxLength: 1024
description: Identifier of the bundle
example: severe_vulnerabilities_with_a_fix
type:
type: string
example: predefined
enum:
- predefined
- custom
rules:
items:
$ref: '#/components/schemas/Rule'
type: array
minItems: 0
maxItems: 2147483647
UpdatedAt:
type: string
format: string
example: '2024-01-22T08:51:46.016464Z'
description: datetime of last update
maxLength: 255
PolicyEvaluation:
title: Policy Evaluation
properties:
name:
type: string
description: policy evaluation name
maxLength: 255
example: policy-0
identifier:
type: string
maxLength: 1024
description: policy evaluation id
example: 550e8400-e29b
description:
type: string
description: policy evaluation description
maxLength: 1024
example: description
bundles:
items:
$ref: '#/components/schemas/Bundle'
type: array
minItems: 0
maxItems: 2147483647
evaluation:
type: string
example: passed
enum:
- passed
- failed
- accepted
- noPolicy
createdAt:
$ref: '#/components/schemas/CreatedAt'
updatedAt:
$ref: '#/components/schemas/UpdatedAt'
additionalProperties: false
type: object
required:
- name
- identifier
- evaluation
- createdAt
- updatedAt
Policies:
title: Bundle
properties:
globalEvaluation:
type: string
example: passed
enum:
- passed
- failed
- accepted
- noPolicy
evaluations:
items:
$ref: '#/components/schemas/PolicyEvaluation'
type: array
minItems: 0
maxItems: 2048
Context:
title: Context
properties:
type:
type: string
example: imageName
description: Type for the context entry
maxLength: 255
value:
type: string
description: Value for the context entry
example: nginx:latest
maxLength: 255
additionalProperties: false
type: object
required:
- type
- value
RiskAcceptanceDefinition:
title: Risk Acceptance Definition
properties:
id:
type: string
description: id of the risk acceptance
example: 550e8400-e29b
maxLength: 255
entityType:
type: string
description: entity type for the risk
example: imageName
maxLength: 255
entityValue:
type: string
maxLength: 1024
example: nginx:latest
description: entity value relative to the the entity type
context:
items:
$ref: '#/components/schemas/Context'
type: array
minItems: 0
maxItems: 2147483647
status:
type: string
example: active
enum:
- active
- expired
reason:
type: string
description: risk acceptance reason
maxLength: 255
example: RiskMitigated
description:
type: string
description: risk acceptance description
maxLength: 1024
example: description
expirationDate:
type: string
format: date
example: '2021-07-01'
maxLength: 10
nullable: true
createdAt:
$ref: '#/components/schemas/CreatedAt'
updatedAt:
$ref: '#/components/schemas/UpdatedAt'
additionalProperties: false
type: object
required:
- id
- entityType
- entityValue
- context
- status
- expirationDate
- createdAt
- updatedAt
Producer:
title: Producer
properties:
producedAt:
type: string
format: date-time
description: time of result production
example: '2024-01-22T08:51:46.00Z'
maxLength: 64
ScanResultResponse:
title: Scanresult
properties:
assetType:
type: string
description: scan result asset type
example: containerImage
enum:
- containerImage
- host
stage:
type: string
description: scan result stage
example: pipeline
enum:
- pipeline
- runtime
- registry
metadata:
description: metadata of the scan result
oneOf:
- $ref: '#/components/schemas/ImageMetadata'
- $ref: '#/components/schemas/HostMetadata'
packages:
type: object
additionalProperties:
$ref: '#/components/schemas/Package'
example:
2772f8a6c73fa17:
type: os
name: openssl
isRunning: true
isRemoved: true
version: 1.2.3
license: MIT
path: /usr/local/bin/openssl
suggestedFix: 1.2.3
layerRef: f95aa9ae66563e7e808b
vulnerabilitiesRefs:
- 71af37c6a8f2772
riskAcceptRefs:
- acb4b0d2565bfef
vulnerabilities:
type: object
additionalProperties:
$ref: '#/components/schemas/Vulnerability'
example:
71af37c6a8f2772:
name: CVE-2021-1234
severity: high
cvssScore:
version: '3.0'
score: 1
vector: AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
disclosureDate: '2021-01-02'
solutionDate: '2021-01-02'
exploitable: true
exploit:
publicationDate: '2024-01-22T08:51:46.00Z'
links:
- https://sysdig.com/exploits/12345
fixVersion: 1.2.3
mainProvider: vulndb
packageRef: 2772f8a6c73fa17
riskAcceptRefs:
- e6b4b0d3255bfef
providersMetadata:
nvd: {}
cisaKev:
publishDate: '2023-12-06'
dueDate: '2023-10-31'
knownRansomwareCampaignUse: 'false'
layers:
type: object
additionalProperties:
$ref: '#/components/schemas/Layer'
example:
f95aa9ae66563e7e808b:
digest: sha256:9f86d081884c7d659a2feaa0c55ad015a3bf4f1b2b0b822cd15d6c15b0f00a08
size: 50
command: COPY docker-entrypoint.sh
baseImagesRef:
- a3ee5e6b4b0d3255bf
baseImages:
type: object
nullable: true
additionalProperties:
$ref: '#/components/schemas/BaseImage'
example:
a3ee5e6b4b0d3255bf:
pullStrings:
- alpine:latest
policies:
$ref: '#/components/schemas/Policies'
riskAccepts:
type: object
additionalProperties:
$ref: '#/components/schemas/RiskAcceptanceDefinition'
example:
e6b4b0d3255bfef:
id: 550e8400-e29b
entityType: imageName
entityValue: nginx:latest
context:
- type: imageName
value: nginx:latest
status: active
reason: RiskMitigated
description: description
expirationDate: '2021-07-01'
createdAt: '2024-01-22T08:51:46.016464Z'
updatedAt: '2024-01-22T08:51:46.016464Z'
producer:
$ref: '#/components/schemas/Producer'
additionalProperties: false
type: object
required:
- assetType
- stage
- metadata
- packages
EntityDefinition:
type: object
description: Defines the structure and metadata of a field in the query result.
properties:
type:
type: string
description: Type of the entity.
maxLength: 128
example: Field
alias:
type: string
description: The alias used in the query.
maxLength: 128
example: name
definition:
type: object
description: Detailed definition of the field.
properties:
def_type:
type: string
description: Type of the definition.
enum:
- Entity
- Field
- Function
- Query
- Relationship
- Union
example: Field
name:
type: string
description: Name of the field.
maxLength: 128
example: name
type:
type: string
description: Data type of the field.
enum:
- String
- BigInt
- Integer
- DateTime
- Float
- Boolean
- Enum
- List
example: String
hidden:
type: boolean
description: Indicates if the field is hidden from view.
example: false
required:
- def_type
- name
- type
required:
- type
- definition
QuerySummary:
type: object
description: Summary of query execution metrics and timing information.
properties:
available_after:
type: integer
format: int64
description: Time taken for results to become available in milliseconds.
example: 23
consumed_after:
type: integer
format: int64
description: Time taken to consume results in milliseconds.
example: 100
total_time:
type: integer
format: int64
description: Total query execution time in milliseconds.
example: 25
required:
- available_after
- consumed_after
- total_time
QueryResponse:
type: object
description: Response object containing query results and metadata.
properties:
entities:
type: object
description: Metadata about the returned fields.
additionalProperties: true
properties:
fields:
$ref: '#/components/schemas/EntityDefinition'
items:
type: array
description: Array of query results based on the query fields.
maxItems: 1000
items:
type: object
description: Dynamic object containing queried fields.
additionalProperties: true
example:
name: CVE-2024-45491
cvssScore: 7.5
severity: Medium
id:
type: string
format: uuid
minLength: 36
maxLength: 36
description: Unique identifier for the query execution.
example: 4b1d2442-739a-4957-bf27-20b563e46c3a
summary:
$ref: '#/components/schemas/QuerySummary'
required:
- entities
- items
- id
- summary
PoliciesPage:
type: object
description: |
Page details, providing both returned and total count of matched elements.
required:
- returned
- matched
properties:
returned:
type: integer
format: int32
description: |
The number returned elements: always less or equal the limit specified in the request.
example: 1
minimum: 0
maximum: 1000
matched:
type: integer
format: int64
description: |
Total count of elements matched the provided filter.
example: 10
minimum: 0
maximum: 2147483647
next:
description: Cursor used to retrieve the next page of results.
type: string
maxLength: 1024
example: MA==
nullable: true
PolicySummary:
title: Policy summary definition
type: object
description: Policy summary definition.
required:
- id
- name
- identifier
- stages
properties:
id:
type: integer
format: int64
description: The Policy ID
minimum: 0
maximum: 9223372036854776000
example: 1
name:
type: string
description: human readable policy name.
minLength: 1
maxLength: 1024
example: Sysdig policy
identifier:
type: string
description: policy identifier generated from the name.
minLength: 1
maxLength: 1024
example: sysdig-policy
description:
type: string
description: policy description
minLength: 0
maxLength: 1024
example: Sysdig policy
stages:
type: array
minItems: 0
maxItems: 3
description: |
array of stages for the policy.
An empty array means the policy is applied only when specifically requested by its identifier.
It may be one of the following:
- runtime
- pipeline
- registry
items:
type: string
example: runtime
minLength: 0
maxLength: 1024
ListPoliciesResponse:
title: List Policies Response
type: object
required:
- data
- page
properties:
page:
$ref: '#/components/schemas/PoliciesPage'
data:
type: array
maxItems: 1024
minItems: 0
description: Policies collection
items:
$ref: '#/components/schemas/PolicySummary'
BundleRef:
title: policy bundle reference
type: object
required:
- id
properties:
id:
type: integer
format: int
description: The Bundle ID.
example: 42
minimum: 0
maximum: 2147483647
name:
type: string
description: The human readable Bundle name.
minLength: 0
maxLength: 1024
example: My Bundle
StageConfiguration:
title: stage configuration
type: object
properties:
scope:
type: string
minLength: 0
maxLength: 1024
description: |
Scope to apply the policies for the given stage. An empty string or missing property implies the policies are always active.
The scope is defined using a query language expression, which is a subset of the full metrics query language used in monitoring.
example: kubernetes.cluster.name = "my-cluster" and kubernetes.namespace.name = "my-namespace"
NewStage:
title: Stage definition
type: object
required:
- name
properties:
name:
type: string
description: stage name.
nullable: false
enum:
- runtime
- pipeline
- registry
example: runtime
configuration:
type: array
minItems: 0
maxItems: 1000
description: Configurations for the stage
items:
$ref: '#/components/schemas/StageConfiguration'
CreatePolicyRequest:
title: Create Policy
type: object
description: A Policy definition
required:
- name
- bundles
properties:
name:
type: string
description: human readable policy name
minLength: 0
maxLength: 1024
example: Sysdig policy
description:
type: string
description: policy description
minLength: 0
maxLength: 4096
example: Sysdig policy
bundles:
type: array
description: bundles defining this policy
minItems: 0
maxItems: 1024
items:
$ref: '#/components/schemas/BundleRef'
stages:
type: array
minItems: 0
maxItems: 1024
description: "array of stages for the policy. \nAn empty array means the policy is applied only when specifically requested by its identifier.\n"
items:
$ref: '#/components/schemas/NewStage'
Stage:
title: Stage definition
type: object
required:
- name
properties:
name:
type: string
description: stage name.
nullable: false
minLength: 0
maxLength: 1024
example: runtime
configuration:
type: array
minItems: 0
maxItems: 1000
description: Configurations for the stage.
items:
$ref: '#/components/schemas/StageConfiguration'
GetPolicyResponse:
title: Policy definition
type: object
description: A Policy definition
required:
- id
- name
- identifier
- bundles
- stages
properties:
id:
type: integer
format: int
description: the Policy ID
example: 50
minimum: 0
maximum: 2147483647
name:
type: string
description: human readable policy name
example: My Policy
minLength: 1
maxLength: 1024
identifier:
type: string
description: policy identifier generated from the name
example: my-policy
minLength: 1
maxLength: 1024
description:
type: string
description: policy description
example: This is a policy description
minLength: 0
maxLength: 1024
bundles:
type: array
description: bundles defining this policy
minItems: 0
maxItems: 1000
items:
$ref: '#/components/schemas/BundleRef'
stages:
type: array
minItems: 0
maxItems: 1000
description: "array of stages for the policy. \nAn empty array means the policy is applied only when specifically requested by its identifier.\n"
items:
$ref: '#/components/schemas/Stage'
BundleRule:
type: object
description: A Rule definition
required:
- ruleId
- ruleType
- predicates
properties:
ruleType:
type: string
example: vulnDenyList
minLength: 1
maxLength: 1024
description: |
The type of the rule.
It may be one of the following:
- vulnSeverityAndThreats
- vulnDenyList
- imageConfigDefaultUser
- imageConfigLabel
- imageConfigEnvVariable
- imageConfigInstructionNotRecommended
- imageConfigInstructionIsPkgManager
- imageConfigCreationDate
- imageConfigSensitiveInformationAndSecrets
- pkgDenyList
predicates:
type: array
description: The Predicates defining this Rule
maxItems: 1000
minItems: 1
items:
type: object
required:
- type
properties:
type:
type: string
example: vulnIsFixable
maxLength: 1000
minLength: 1
extra:
type: object
example:
- type: vulnSeverity
extra:
level: high
ruleId:
type: string
minLength: 1
maxLength: 1024
example: '42'
GetBundleResponse:
type: object
description: Bundle definition
required:
- id
- name
- identifier
- bundleType
- rules
properties:
id:
type: integer
format: int64
description: The Bundle ID
example: 1
minimum: 0
maximum: 9223372036854776000
name:
type: string
description: The human readable Bundle name
example: Sysdig Bundle
minLength: 1
maxLength: 1024
identifier:
type: string
description: The Policy identifier generated from the name
example: sysdig-bundle
minLength: 1
maxLength: 1024
description:
type: string
description: The Bundle description
example: Default Sysdig Bundle
minLength: 0
maxLength: 4096
bundleType:
type: string
enum:
- predefined
- custom
description: Specifies whether the Bundle was defined by the Customer or by Sysdig
example: custom
rules:
type: array
minItems: 1
maxItems: 1024
description: The Rules defining this Bundle
items:
$ref: '#/components/schemas/BundleRule'
ListBundlesResponse:
title: Bundles list
type: object
required:
- data
- page
description: Bundles list response
properties:
page:
$ref: '#/components/schemas/PoliciesPage'
data:
type: array
description: Bundles collection
minItems: 0
maxItems: 1024
items:
$ref: '#/components/schemas/GetBundleResponse'
VulnSeverity:
title: Vulnerability Severity
description: |
Predicate expressing "the Vulnerability Severity is or higher".
type: object
required:
- type
- extra
properties:
type:
type: string
enum:
- vulnSeverity
example: vulnSeverity
extra:
type: object
properties:
level:
type: string
enum:
- critical
- high
- medium
- low
- negligible
example: critical
VulnSeverityEquals:
title: Vulnerability Severity Equals
description: |
Predicate expressing "the Vulnerability Severity is exactly ".
type: object
required:
- type
- extra
properties:
type:
type: string
enum:
- vulnSeverityEquals
example: vulnSeverityEquals
extra:
type: object
properties:
level:
type: string
enum:
- critical
- high
- medium
- low
- negligible
example: critical
VulnIsFixable:
title: Fixable Vuln
description: |
Predicate expressing "the Vulnerability is Fixable".
type: object
required:
- type
properties:
type:
type: string
enum:
- vulnIsFixable
example: vulnIsFixable
VulnIsFixableWithAge:
title: Fixable Vulnerability Older Than X Days
description: |
Predicate expressing "the Vulnerability is Fixable and its fix is older than days".
type: object
required:
- type
- extra
properties:
type:
type: string
enum:
- vulnIsFixableWithAge
example: vulnIsFixableWithAge
extra:
type: object
properties:
age:
type: integer
format: int32
description: The age of the fix in days
example: 30
minimum: 0
maximum: 36500
VulnAge:
title: Vulnerability Older Than X Days
description: |
Predicate expressing "the Vulnerability is older than days"
type: object
required:
- type
- extra
properties:
type:
type: string
enum:
- vulnAge
example: vulnAge
extra:
type: object
properties:
age:
type: integer
format: int32
description: The age of the vulnerability in days.
example: 30
minimum: 0
maximum: 36500
VulnPkgType:
title: Vulnerability Package Type
description: |
Predicate expressing "the Vulnerability is related to a package of ".
type: object
required:
- type
- extra
properties:
type:
type: string
enum:
- vulnPkgType
example: vulnPkgType
extra:
type: object
required:
- pkgType
properties:
pkgType:
type: string
enum:
- os
- nonOs
description: |
The package type, either OS or non-OS. There is no enforcement on the value for future extensibility.
example: os
VulnCvss:
title: Vulnerability CVSS Score
description: |
Predicate expressing "the Vulnerability CVSS Score is higher than "
type: object
required:
- type
- extra
properties:
type:
type: string
enum:
- vulnCVSS
example: vulnCVSS
extra:
type: object
properties:
value:
type: number
format: float
description: The threshold for greater-than-or-equal comparison with CVSS Score.
minimum: 0
maximum: 10
example: 4
VulnCvssEquals:
title: Vulnerability CVSS Score Equals
description: |
Predicate expressing "the Vulnerability CVSS Score is exactly equal to "
type: object
required:
- type
- extra
properties:
type:
type: string
enum:
- vulnCVSSEquals
example: vulnCVSSEquals
extra:
type: object
properties:
value:
type: number
format: float
description: The threshold for equality comparison with the CVSS Score.
minimum: 0
maximum: 10
example: 4
VulnExploitable:
title: Exploitable Vuln
description: |
Predicate expressing "the Vulnerability is exploitable".
type: object
required:
- type
properties:
type:
type: string
enum:
- vulnExploitable
example: vulnExploitable
VulnExploitableWithAge:
title: Exploitable Vulnerability Older Than X Days
description: |
Predicate expressing "the Vulnerability is exploitable and the exploit is older. than days"
type: object
required:
- type
- extra
properties:
type:
type: string
enum:
- vulnExploitableWithAge
example: vulnExploitableWithAge
extra:
type: object
properties:
age:
type: integer
format: int32
description: The age of the exploit in days
example: 30
minimum: 0
maximum: 36500
VulnExploitableNoAdmin:
title: Exploitable Vulnerability No Admin
description: |
Predicate expressing "the Vulnerability is exploitable and the exploit does not. require admin privileges"
type: object
required:
- type
properties:
type:
type: string
enum:
- vulnExploitableNoAdmin
example: vulnExploitableNoAdmin
VulnExploitableNoUser:
title: Exploitable Vulnerability No User
description: |
Predicate expressing "the Vulnerability is exploitable and the exploit does not. require user interaction"
type: object
required:
- type
properties:
type:
type: string
enum:
- vulnExploitableNoUser
example: vulnExploitableNoUser
VulnExploitableViaNetwork:
title: Exploitable Vulnerability Via Network
description: |
Predicate expressing "the Vulnerability is exploitable via network".
type: object
required:
- type
properties:
type:
type: string
enum:
- vulnExploitableViaNetwork
example: vulnExploitableViaNetwork
VulnDisclosureRange:
title: Vulnerabilities disclosure date range
description: The start and end dates (inclusive) when vulnerabilities were disclosed.
type: object
required:
- type
- extra
properties:
type:
type: string
enum:
- vulnDisclosureRange
example: vulnDisclosureRange
extra:
type: object
properties:
startDate:
description: The start date (inclusive) of disclosed vulnerabilities.
type: string
format: date
maxLength: 10
example: '2024-02-27'
endDate:
description: The end date (inclusive) of disclosed vulnerabilities.
type: string
format: date
maxLength: 10
example: '2024-05-22'
VulnIsInUse:
title: Vulnerable resource in use
description: The vulnerable resources currently in use.
type: object
required:
- type
properties:
type:
type: string
enum:
- vulnIsInUse
example: vulnIsInUse
VulnEpssScoreGte:
title: Vulnerability EPSS score threshold
description: The EPSS score that meets or exceeds the specified threshold value.
type: object
required:
- type
- extra
properties:
type:
type: string
enum:
- vulnEpssScoreGte
example: vulnEpssScoreGte
extra:
type: object
properties:
score:
description: Score value to compare.
type: integer
format: int32
minimum: 0
maximum: 100
example: 30
VulnEpssPercentileGte:
title: Vulnerability EPSS percentile threshold
description: The EPSS percentile score that is greater than or equal to the specified value.
type: object
required:
- type
- extra
properties:
type:
type: string
enum:
- vulnEpssPercentileGte
example: vulnEpssPercentileGte
extra:
type: object
properties:
percentile:
description: Percentile value to compare.
type: integer
format: int32
minimum: 0
maximum: 100
example: 30
CisaKevPublishDate:
title: Vulnerability CISA KEV fix due in
description: Number of days remaining until the CISA KEV-listed vulnerability is fixed.
type: object
required:
- type
- extra
properties:
type:
type: string
enum:
- cisaKevDueDateIn
example: cisaKevDueDateIn
extra:
type: object
properties:
days:
description: Number of days.
type: integer
format: int32
example: 3
minimum: 1
maximum: 3650
CisaKevKnownRansomwareCampaignUse:
title: Vulnerability CISAKEVKnown Ransomware Campaign Use
description: |
The vulnerability listed in CISA's KEV catalog as actively exploited in ransomware campaigns.
type: object
required:
- type
properties:
type:
type: string
enum:
- cisaKevKnownRansomwareCampaignUse
example: cisaKevKnownRansomwareCampaignUse
CisaKevAvailableSince:
title: Vulnerability CISAKEV Available Since
description: |
Number of days since the vulnerability was added to CISA's Known Exploited Vulnerabilities (KEV) catalog. Calculated from initial inclusion date to current date.
type: object
required:
- type
- extra
properties:
type:
type: string
enum:
- cisaKevAvailableSince
example: cisaKevAvailableSince
extra:
type: object
properties:
days:
description: Number of days.
type: integer
format: int32
example: 3
minimum: 1
maximum: 3650
DenyCve:
title: Deny CVE
description: |
Predicate expressing "any of these CVEs is present".
type: object
required:
- type
- extra
properties:
type:
type: string
enum:
- denyCVE
example: denyCVE
extra:
type: object
properties:
vulnIds:
type: array
minItems: 1
maxItems: 1024
items:
type: string
maxLength: 1024
description: CVE Ids
example: CVE-2019-1234
DenyPkg:
title: Deny Package
description: |
Predicate expressing "any of these packages is present".
type: object
required:
- type
- extra
properties:
type:
type: string
enum:
- denyPkg
example: denyPkg
extra:
type: object
required:
- packages
properties:
packages:
type: array
minItems: 1
maxItems: 1024
items:
type: object
required:
- name
properties:
name:
type: string
description: Package name
example: curl
maxLength: 512
version:
type: string
description: Package version
example: 1.0.0
maxLength: 128
ImageConfigDefaultUserList:
title: Image default user
description: Configuration to set the default user for the specified image.
type: object
required:
- type
- extra
properties:
type:
type: string
enum:
- imageConfigDefaultUserList
example: imageConfigDefaultUserList
extra:
type: object
required:
- users
- operator
properties:
operator:
type: string
enum:
- IN
- NOT_IN
example: IN
users:
type: array
minItems: 0
maxItems: 1024
items:
type: string
minLength: 1
maxLength: 256
example: root
example:
- root
- admin
ImageConfigDefaultUserIsRoot:
title: Default User Is Root
description: |
Predicate expressing "the container user defaults to root user".
type: object
required:
- type
properties:
type:
type: string
enum:
- imageConfigDefaultUserIsRoot
example: imageConfigDefaultUserIsRoot
ImageConfigDefaultUserIsNot:
title: Default User Is Not
description: |
Predicate expressing "the container user does not default to the specified user".
type: object
required:
- type
- extra
properties:
type:
type: string
enum:
- imageConfigDefaultUserIsNot
example: imageConfigDefaultUserIsNot
extra:
type: object
required:
- user
properties:
user:
type: string
maxLength: 1024
example: root
ImageConfigLabelExists:
title: Image Label Exists
description: |
Predicate expressing "the image has the specified label".
type: object
required:
- type
- extra
properties:
type:
type: string
enum:
- imageConfigLabelExists
example: imageConfigLabelExists
extra:
type: object
required:
- key
properties:
key:
type: string
maxLength: 1024
example: test
ImageConfigLabelNotExists:
title: Image Label Does Not Exist
description: |
Predicate expressing "the image does not have the specified label".
type: object
required:
- type
- extra
properties:
type:
type: string
enum:
- imageConfigLabelNotExists
example: imageConfigLabelNotExists
extra:
type: object
required:
- key
properties:
key:
type: string
maxLength: 1024
example: label name
ImageConfigLabelNotContains:
title: Image Label Contains
description: |
Predicate expressing "the image has the specified label and value".
type: object
required:
- type
- extra
properties:
type:
type: string
enum:
- imageConfigLabelNotContains
example: imageConfigLabelNotContains
extra:
type: object
required:
- key
- value
properties:
key:
type: string
maxLength: 1024
example: label name
value:
type: string
maxLength: 1024
example: label value
ImageConfigEnvVariableExists:
title: Environment Variable Exists
description: |
Predicate expressing "the container has the specified environment variable".
type: object
required:
- type
- extra
properties:
type:
type: string
enum:
- imageConfigEnvVariableExists
example: imageConfigEnvVariableExists
extra:
type: object
required:
- key
properties:
key:
type: string
maxLength: 1024
example: ENV_VAR
ImageConfigEnvVariableNotExists:
title: Environment Variable Does Not Exist
description: |
Predicate expressing "the container does not have the specified environment variable".
type: object
required:
- type
- extra
properties:
type:
type: string
enum:
- imageConfigEnvVariableNotExists
example: imageConfigEnvVariableNotExists
extra:
type: object
required:
- key
properties:
key:
type: string
maxLength: 1024
example: ENV_VAR
ImageConfigEnvVariableContains:
title: Environment Variable Contains
description: |
Predicate expressing "the container has the specified environment variable and value".
type: object
required:
- type
- extra
properties:
type:
type: string
enum:
- imageConfigEnvVariableContains
example: imageConfigEnvVariableContains
extra:
type: object
required:
- key
properties:
key:
type: string
maxLength: 1024
example: ENV_VAR
value:
type: string
maxLength: 1024
example: VALUE
ImageConfigInstructionNotRecommended:
title: Instruction Not Recommended
description: |
Predicate expressing "the image history contains not recommended instruction (ADD, ...)".
type: object
required:
- type
properties:
type:
type: string
enum:
- imageConfigInstructionNotRecommended
example: imageConfigInstructionNotRecommended
ImageConfigInstructionIsPkgManager:
title: Instruction Is PkgManager
description: |
Predicate expressing "the image history contains a package manager command (eg. apk, npm, rpm, etc)".
type: object
required:
- type
properties:
type:
type: string
enum:
- imageConfigInstructionIsPkgManager
example: imageConfigInstructionIsPkgManager
ImageConfigCreationDateWithAge:
title: Image Creation Date
description: |
Predicate expressing "the image has been created before the specified amount of days".
type: object
required:
- type
- extra
properties:
type:
type: string
enum:
- imageConfigCreationDateWithAge
example: imageConfigCreationDateWithAge
extra:
type: object
required:
- age
properties:
key:
type: integer
format: int32
example: 1
minimum: 1
maximum: 2147483647
ImageConfigSensitiveInformationAndSecrets:
title: Sensitive Data
description: |
Predicate expressing "the image contains sensitive information and secrets".
type: object
required:
- type
properties:
type:
type: string
enum:
- imageConfigSensitiveInformationAndSecrets
example: imageConfigSensitiveInformationAndSecrets
Predicates:
type: array
description: The Predicates defining this Rule
maxItems: 1000
minItems: 1
items:
anyOf:
- $ref: '#/components/schemas/VulnSeverity'
- $ref: '#/components/schemas/VulnSeverityEquals'
- $ref: '#/components/schemas/VulnIsFixable'
- $ref: '#/components/schemas/VulnIsFixableWithAge'
- $ref: '#/components/schemas/VulnAge'
- $ref: '#/components/schemas/VulnPkgType'
- $ref: '#/components/schemas/VulnCvss'
- $ref: '#/components/schemas/VulnCvssEquals'
- $ref: '#/components/schemas/VulnExploitable'
- $ref: '#/components/schemas/VulnExploitableWithAge'
- $ref: '#/components/schemas/VulnExploitableNoAdmin'
- $ref: '#/components/schemas/VulnExploitableNoUser'
- $ref: '#/components/schemas/VulnExploitableViaNetwork'
- $ref: '#/components/schemas/VulnDisclosureRange'
- $ref: '#/components/schemas/VulnIsInUse'
- $ref: '#/components/schemas/VulnEpssScoreGte'
- $ref: '#/components/schemas/VulnEpssPercentileGte'
- $ref: '#/components/schemas/CisaKevPublishDate'
- $ref: '#/components/schemas/CisaKevKnownRansomwareCampaignUse'
- $ref: '#/components/schemas/CisaKevAvailableSince'
- $ref: '#/components/schemas/DenyCve'
- $ref: '#/components/schemas/DenyPkg'
- $ref: '#/components/schemas/ImageConfigDefaultUserList'
- $ref: '#/components/schemas/ImageConfigDefaultUserIsRoot'
- $ref: '#/components/schemas/ImageConfigDefaultUserIsNot'
- $ref: '#/components/schemas/ImageConfigLabelExists'
- $ref: '#/components/schemas/ImageConfigLabelNotExists'
- $ref: '#/components/schemas/ImageConfigLabelNotContains'
- $ref: '#/components/schemas/ImageConfigEnvVariableExists'
- $ref: '#/components/schemas/ImageConfigEnvVariableNotExists'
- $ref: '#/components/schemas/ImageConfigEnvVariableContains'
- $ref: '#/components/schemas/ImageConfigInstructionNotRecommended'
- $ref: '#/components/schemas/ImageConfigInstructionIsPkgManager'
- $ref: '#/components/schemas/ImageConfigCreationDateWithAge'
- $ref: '#/components/schemas/ImageConfigSensitiveInformationAndSecrets'
example:
- type: vulnSeverity
extra:
level: high
- type: vulnIsFixable
- type: denyCVE
extra:
vulnIds:
- CVE-2021-12345
- CVE-2021-67890
NewRule:
type: object
description: A Rule definition
required:
- ruleType
- predicates
properties:
ruleType:
type: string
enum:
- vulnSeverityAndThreats
- vulnDenyList
- imageConfigDefaultUser
- imageConfigLabel
- imageConfigEnvVariable
- imageConfigInstructionNotRecommended
- imageConfigInstructionIsPkgManager
- imageConfigCreationDate
- imageConfigSensitiveInformationAndSecrets
- pkgDenyList
example: vulnDenyList
predicates:
$ref: '#/components/schemas/Predicates'
CreateBundleRequest:
type: object
description: Bundle definition
required:
- name
- rules
properties:
name:
type: string
description: The human readable Bundle name
minLength: 1
maxLength: 1024
example: sysdig bundle
description:
type: string
description: Human readable description of this Bundle
minLength: 0
maxLength: 4096
example: default sysdig bundle
rules:
type: array
minItems: 1
maxItems: 1024
description: The Rules defining this Bundle
items:
$ref: '#/components/schemas/NewRule'
SbomComponent:
title: SBOM component schema
type: object
required:
- type
- name
properties:
type:
type: string
title: Component Type
description: |-
Specifies the type of component. For software components, classify as application if no more specific appropriate classification is available or cannot be determined for the component. Types include:
* __application__ = A software application. Refer to [https://en.wikipedia.org/wiki/Application_software](https://en.wikipedia.org/wiki/Application_software) for information about applications.
* __framework__ = A software framework. Refer to [https://en.wikipedia.org/wiki/Software_framework](https://en.wikipedia.org/wiki/Software_framework) for information on how frameworks vary slightly from libraries.
* __library__ = A software library. Refer to [https://en.wikipedia.org/wiki/Library_(computing)](https://en.wikipedia.org/wiki/Library_(computing))
for information about libraries. All third-party and open source reusable components will likely be a library. If the library also has key features of a framework, then it should be classified as a framework. If not, or is unknown, then specifying library is RECOMMENDED.
* __container__ = A packaging and/or runtime format, not specific to any particular technology, which isolates software inside the container from software outside of a container through virtualization technology. Refer to [https://en.wikipedia.org/wiki/OS-level_virtualization](https://en.wikipedia.org/wiki/OS-level_virtualization)
* __platform__ = A runtime environment which interprets or executes software. This may include runtimes such as those that execute bytecode or low-code/no-code application platforms.
* __operating-system__ = A software operating system without regard to deployment model (i.e. installed on physical hardware, virtual machine, image, etc) Refer to [https://en.wikipedia.org/wiki/Operating_system](https://en.wikipedia.org/wiki/Operating_system)
* __device__ = A hardware device such as a processor, or chip-set. A hardware device containing firmware SHOULD include a component for the physical hardware itself, and another component of type 'firmware' or 'operating-system' (whichever is relevant), describing information about the software running on the device.
See also the list of [known device properties](https://github.com/CycloneDX/cyclonedx-property-taxonomy/blob/main/cdx/device.md).
* __device-driver__ = A special type of software that operates or controls a particular type of device. Refer to [https://en.wikipedia.org/wiki/Device_driver](https://en.wikipedia.org/wiki/Device_driver)
* __firmware__ = A special type of software that provides low-level control over a devices hardware. Refer to [https://en.wikipedia.org/wiki/Firmware](https://en.wikipedia.org/wiki/Firmware)
* __file__ = A computer file. Refer to [https://en.wikipedia.org/wiki/Computer_file](https://en.wikipedia.org/wiki/Computer_file) for information about files.
* __machine-learning-model__ = A model based on training data that can make predictions or decisions without being explicitly programmed to do so.
* __data__ = A collection of discrete values that convey information.
example: library
maxLength: 512
name:
type: string
title: Component Name
description: 'The name of the component. This will often be a shortened, single name of the component. Examples: commons-lang3 and jquery'
example: tomcat-catalina
maxLength: 512
bom-ref:
type: string
title: BOM Reference
description: An optional identifier which can be used to reference the component elsewhere in the BOM. Every bom-ref MUST be unique within the BOM.
example: 5581fa94-9052-4e55-8b28-750f16e183be
maxLength: 512
version:
type: string
title: Component Version
description: The component version. The version should ideally comply with semantic versioning but is not enforced.
example: 9.0.14
maxLength: 512
group:
type: string
title: Component Group
description: 'The grouping name or identifier. This will often be a shortened, single name of the company or project that produced the component, or the source package or domain name. Whitespace and special characters should be avoided. Examples include: apache, org.apache.commons, and apache.org.'
example: com.acme
maxLength: 512
purl:
type: string
title: Component Package URL (purl)
description: 'Specifies the package-url (purl). The purl, if specified, MUST be valid and conform to the specification defined at: [https://github.com/package-url/purl-spec](https://github.com/package-url/purl-spec)'
example: pkg:maven/com.acme/tomcat-catalina@9.0.14?packaging=jar
maxLength: 512
SbomResultResponse:
type: object
title: SBOM schema
description: SBOM of the requested asset
required:
- bomFormat
- specVersion
properties:
bomFormat:
type: string
title: BOM Format
description: Specifies the format of the BOM. This helps to identify the file as CycloneDX since BOMs do not have a filename convention nor does JSON schema support namespaces. This value MUST be "CycloneDX".
enum:
- CycloneDX
example: CycloneDX
specVersion:
type: string
title: CycloneDX Specification Version
description: The version of the CycloneDX specification a BOM conforms to (starting at version 1.2).
example: '1.5'
maxLength: 512
serialNumber:
type: string
title: BOM Serial Number
description: Every BOM generated SHOULD have a unique serial number, even if the contents of the BOM have not changed over time. If specified, the serial number MUST conform to RFC-4122. Use of serial numbers are RECOMMENDED.
example: urn:uuid:3e671687-395b-41f5-a30f-a58921a69b79
maxLength: 512
version:
type: integer
format: int32
title: BOM Version
description: Whenever an existing BOM is modified, either manually or through automated processes, the version of the BOM SHOULD be incremented by 1. When a system is presented with multiple BOMs with identical serial numbers, the system SHOULD use the most recent version of the BOM. The default version is '1'.
minimum: 1
maximum: 2147483647
default: 1
example: 1
metadata:
type: object
title: BOM Metadata
description: Provides additional information about a BOM.
properties:
timestamp:
type: string
title: Timestamp
description: The date and time (timestamp) when the BOM was created.
format: date-time
example: '2018-03-20T09:12:28Z'
maxLength: 512
lifecycle:
type: string
title: Lifecycle
description: The product lifecycle(s) that this BOM represents.
enum:
- post-build
- operations
example: post-build
tools:
type: object
title: Creation Tools
description: The tool(s) used in the creation of the BOM.
component:
$ref: '#/components/schemas/SbomComponent'
components:
type: array
maxItems: 1000000
title: Components
description: A list of software and hardware components.
items:
$ref: '#/components/schemas/SbomComponent'
dependencies:
type: array
maxItems: 1000000
title: Dependencies
description: Provides the ability to document dependency relationships.
items:
type: object
title: Dependency
description: Defines the direct dependencies of a component or service. Components or services that do not have their own dependencies MUST be declared as empty elements within the graph. Components or services that are not represented in the dependency graph MAY have unknown dependencies. It is RECOMMENDED that implementations assume this to be opaque and not an indicator of a object being dependency-free. It is RECOMMENDED to leverage compositions to indicate unknown dependency graphs.
properties:
ref:
type: string
title: Reference
description: References a component or service by its bom-ref attribute
example: 5581fa94-9052-4e55-8b28-750f16e183be
maxLength: 512
dependsOn:
type: array
maxItems: 1000000
title: Depends On
description: The bom-ref identifiers of the components or services that are dependencies of this dependency object.
items:
type: string
description: Identifier for referable and therefore interlink-able elements.
example: 5581fa94-9052-4e55-8b28-750f16e183be
maxLength: 512
required:
- ref
compositions:
type: array
maxItems: 1000000
title: Compositions
description: Compositions describe constituent parts (including components, services, and dependency relationships) and their completeness. The completeness of vulnerabilities expressed in a BOM may also be described.
items:
type: object
properties:
aggregate:
type: string
title: Aggregate
description: |
Specifies an aggregate type that describe how complete a relationship is.
* __complete__ = The relationship is complete. No further relationships including constituent components, services, or dependencies are known to exist.
* __incomplete__ = The relationship is incomplete. Additional relationships exist and may include constituent components, services, or dependencies.
* __incomplete_first_party_only__ = The relationship is incomplete. Only relationships for first-party components, services, or their dependencies are represented.
* __incomplete_first_party_proprietary_only__ = The relationship is incomplete. Only relationships for first-party components, services, or their dependencies are represented, limited specifically to those that are proprietary.
* __incomplete_first_party_opensource_only__ = The relationship is incomplete. Only relationships for first-party components, services, or their dependencies are represented, limited specifically to those that are opensource.
* __incomplete_third_party_only__ = The relationship is incomplete. Only relationships for third-party components, services, or their dependencies are represented.
* __incomplete_third_party_proprietary_only__ = The relationship is incomplete. Only relationships for third-party components, services, or their dependencies are represented, limited specifically to those that are proprietary.
* __incomplete_third_party_opensource_only__ = The relationship is incomplete. Only relationships for third-party components, services, or their dependencies are represented, limited specifically to those that are opensource.
* __unknown__ = The relationship may be complete or incomplete. This usually signifies a 'best-effort' to obtain constituent components, services, or dependencies but the completeness is inconclusive.
* __not_specified__ = The relationship completeness is not specified.
enum:
- complete
- incomplete
- unknown
- not_specified
example: complete
assemblies:
type: array
maxItems: 1000000
title: BOM references
description: The bom-ref identifiers of the components or services being described. Assemblies refer to nested relationships whereby a constituent part may include other constituent parts. References do not cascade to child parts. References are explicit for the specified constituent part only.
items:
type: string
description: Identifier for referable and therefore interlink-able elements.
example: 5581fa94-9052-4e55-8b28-750f16e183be
maxLength: 512
dependencies:
type: array
maxItems: 1000000
title: BOM references
description: The bom-ref identifiers of the components or services being described. Assemblies refer to nested relationships whereby a constituent part may include other constituent parts. References do not cascade to child parts. References are explicit for the specified constituent part only.
items:
type: string
description: Identifier for referable and therefore interlink-able elements.
example: 5581fa94-9052-4e55-8b28-750f16e183be
maxLength: 512
required:
- aggregate
ContextEmpty:
type: array
title: Empty matcher
description: To be used when `entityType` is not `vulnerability` or `policyRule`.
maxItems: 0
items:
type: object
example: []
ImageName:
type: object
title: Image Name
properties:
contextType:
type: string
description: Matcher type to apply
enum:
- imageName
example: imageName
contextValue:
type: string
description: Value to match
maxLength: 512
example: latest
ContextImageName:
type: array
title: Image name matcher
description: Context to apply
maxItems: 1
minItems: 1
items:
$ref: '#/components/schemas/ImageName'
ImageSuffix:
type: object
title: Image suffix.
properties:
contextType:
type: string
description: Matcher type to apply
enum:
- imageSuffix
example: imageSuffix
contextValue:
type: string
description: Value to match
maxLength: 512
example: test:latest
ContextImageSuffix:
type: array
title: Image name suffix matcher
description: Context to apply
maxItems: 1
minItems: 1
items:
$ref: '#/components/schemas/ImageSuffix'
ImagePrefix:
type: object
title: Image Prefix
properties:
contextType:
type: string
description: Matcher type to apply
enum:
- imagePrefix
example: imagePrefix
contextValue:
type: string
description: Value to match
maxLength: 512
example: quay.io/testedImages
ContextImagePrefix:
type: array
title: Image name prefix matcher
description: Context to apply
maxItems: 1
minItems: 1
items:
$ref: '#/components/schemas/ImagePrefix'
ImageNameContains:
type: object
title: Image Name Contains
properties:
contextType:
type: string
description: Matcher type to apply
enum:
- imageNameContains
example: imageNameContains
contextValue:
type: string
description: Value to match
maxLength: 512
example: .io/test
ContextImageContains:
type: array
title: Image name contains matcher
description: Context to apply
maxItems: 1
minItems: 1
items:
$ref: '#/components/schemas/ImageNameContains'
PackageName:
type: object
title: Package Name
properties:
contextType:
type: string
description: Matcher type to apply
enum:
- packageName
example: packageName
contextValue:
type: string
description: Value to match
maxLength: 512
example: github.com/prometheus/common
ContextPackageName:
type: array
title: Package Name matcher
description: Context to apply
maxItems: 1
minItems: 1
items:
$ref: '#/components/schemas/PackageName'
PackageNameVersion:
type: object
title: Package Name and Version
properties:
contextType:
type: string
description: Matcher type to apply
enum:
- packageVersion
- packageName
example: packageVersion
contextValue:
type: string
description: Value to match
maxLength: 512
example: github.com/prometheus/common
ContextPackageNameVersion:
type: array
title: Package Name and Version matcher
description: Context to apply
maxItems: 2
minItems: 2
items:
$ref: '#/components/schemas/PackageNameVersion'
HostName:
type: object
title: Host Name
properties:
contextType:
type: string
description: Matcher type to apply
enum:
- hostName
example: hostName
contextValue:
type: string
description: Value to match
maxLength: 512
example: ip-10-0-1-105.ec2.internal
ContextHostName:
type: array
title: Host name matcher
description: Context host name
maxItems: 1
minItems: 1
items:
$ref: '#/components/schemas/HostName'
HostNameContains:
type: object
title: Host Name Contains
properties:
contextType:
type: string
description: Matcher type to apply
enum:
- hostNameContains
example: hostNameContains
contextValue:
type: string
description: Value to match
maxLength: 512
example: ec2.internal
ContextHostContains:
type: array
title: Host name contains matcher
description: Context to apply
maxItems: 1
minItems: 1
items:
$ref: '#/components/schemas/HostNameContains'
PackagePath:
type: object
title: Package Path
properties:
contextType:
type: string
description: Matcher type to apply
enum:
- packagePath
example: packagePath
contextValue:
type: string
description: Value to match
maxLength: 512
example: /var/lib
ContextPackagePath:
type: array
title: Package Path matcher
description: Context to apply
maxItems: 1
minItems: 1
items:
$ref: '#/components/schemas/PackagePath'
PackageVersion:
type: object
title: Package Version
properties:
contextType:
type: string
description: Matcher type to apply
enum:
- packageVersion
example: packageVersion
contextValue:
type: string
description: Value to match
maxLength: 512
example: v0.50.0
ContextPackageVersion:
type: array
title: Package Version matcher
description: Context to apply
maxItems: 1
minItems: 1
items:
$ref: '#/components/schemas/PackageVersion'
PackagePathVersion:
type: object
title: Package Path and Version
properties:
contextType:
type: string
description: Matcher type to apply
enum:
- packageVersion
- packagePath
example: packageVersion
contextValue:
type: string
description: Value to match
maxLength: 512
example: v0.50.0
ContextPackagePathVersion:
type: array
title: Package Path and Version matcher
description: Context to apply
maxItems: 2
minItems: 2
items:
$ref: '#/components/schemas/PackagePathVersion'
BaseRiskAcceptedResponsePayload:
type: object
title: Base Response Accepted Risk Payload
properties:
id:
type: string
maxLength: 512
description: The Accepted Risk ID
example: 17af8bade67c9a208e632df001fcea2c
expirationDate:
description: Date when the accepted risk will expire (in YYYY-MM-DD format)
type: string
format: date
maxLength: 10
example: '2024-02-27'
createdAt:
type: string
maxLength: 100
format: date-time
description: Date when the Accepted Risk was created
example: '2024-01-22T08:51:46.016464Z'
updatedAt:
type: string
maxLength: 100
format: date-time
description: Date when the Accepted Risk was updated
example: '2024-02-22T08:51:46.016464Z'
status:
type: string
description: Specifies whether the Accepted Risk is enabled or expired
enum:
- active
- expired
example: active
createdBy:
type: string
maxLength: 100
description: User who created the risk acceptance
example: user@sysdig.com
updatedBy:
type: string
maxLength: 100
description: User who last updated the risk acceptance
example: user@sysdig.com
BaseRiskAcceptedPayload:
type: object
title: Base Accepted Risk Payload
properties:
entityValue:
description: A value to match with the entityType
type: string
maxLength: 512
minLength: 1
example: CVE-1234-56789
expirationDate:
description: Date when the accepted risk will expire (in YYYY-MM-DD format)
type: string
format: date
maxLength: 10
example: '2024-02-27'
reason:
description: Reason for acceptance
type: string
enum:
- RiskTransferred
- RiskAvoided
- RiskMitigated
- RiskOwned
- RiskNotRelevant
- Custom
example: RiskTransferred
description:
description: Description of why the accepted risk was created
type: string
maxLength: 512
example: vulnerability cannot be removed manually
stages:
description: List of stages where the risk acceptance is applied, empty list enables risk acceptance for all the stages
type: array
minItems: 0
maxItems: 3
nullable: true
items:
type: string
enum:
- runtime
- pipeline
- registry
example: runtime
example:
- runtime
- pipeline
- registry
RiskAcceptedResponse:
type: object
title: Accepted Risk Response
allOf:
- type: object
required:
- id
- entityType
- entityValue
- context
- reason
- description
- status
properties:
entityType:
type: string
description: The entity where the Accepted Risk will be applied.
enum:
- imageName
- imagePrefix
- imageSuffix
- vulnerability
- hostName
- hostNameContains
- imageNameContains
- policyRule
- package
example: imageName
context:
description: If entityType is not `vulnerability`, `policyRule` or `package`, you should use `Empty Matcher` in the context.
oneOf:
- $ref: '#/components/schemas/ContextEmpty'
- $ref: '#/components/schemas/ContextImageName'
- $ref: '#/components/schemas/ContextImageSuffix'
- $ref: '#/components/schemas/ContextImagePrefix'
- $ref: '#/components/schemas/ContextImageContains'
- $ref: '#/components/schemas/ContextPackageName'
- $ref: '#/components/schemas/ContextPackageNameVersion'
- $ref: '#/components/schemas/ContextHostName'
- $ref: '#/components/schemas/ContextHostContains'
- $ref: '#/components/schemas/ContextPackagePath'
- $ref: '#/components/schemas/ContextPackageVersion'
- $ref: '#/components/schemas/ContextPackagePathVersion'
- $ref: '#/components/schemas/BaseRiskAcceptedResponsePayload'
- $ref: '#/components/schemas/BaseRiskAcceptedPayload'
example:
id: 17ac9f4b9fa70c801868930109997bbc
entityType: imageName
entityValue: alpine:3.16
expirationDate: '2025-02-01'
context: []
reason: Custom
description: My description
status: active
createdAt: '2024-01-22T08:51:46.016464Z'
updatedAt: '2024-01-22T08:51:46.016464Z'
createdBy: user@sysdig.com
updatedBy: user@sysdig.com
ListRiskAcceptedResponse:
title: Accepted Risk Response List
type: object
required:
- data
allOf:
- $ref: '#/components/schemas/OffsetPaginatedResponse'
- type: object
required:
- data
properties:
data:
type: array
maxItems: 200
description: List of Accepted Risks
items:
allOf:
- $ref: '#/components/schemas/RiskAcceptedResponse'
CreateRiskAcceptedRequest:
title: Accepted Risk Request
type: object
allOf:
- type: object
required:
- entityType
- entityValue
- reason
- description
- context
properties:
entityType:
type: string
description: The entity where the Accepted Risk will be applied.
enum:
- imageName
- imagePrefix
- imageSuffix
- vulnerability
- hostName
- hostNameContains
- imageNameContains
- policyRule
- package
example: imageName
context:
description: If entityType is not `vulnerability`, `policyRule` or `package`, you should use `Empty Matcher` in the context.
oneOf:
- $ref: '#/components/schemas/ContextEmpty'
- $ref: '#/components/schemas/ContextImageName'
- $ref: '#/components/schemas/ContextImageSuffix'
- $ref: '#/components/schemas/ContextImagePrefix'
- $ref: '#/components/schemas/ContextImageContains'
- $ref: '#/components/schemas/ContextPackageName'
- $ref: '#/components/schemas/ContextPackageNameVersion'
- $ref: '#/components/schemas/ContextHostName'
- $ref: '#/components/schemas/ContextHostContains'
- $ref: '#/components/schemas/ContextPackagePath'
- $ref: '#/components/schemas/ContextPackageVersion'
- $ref: '#/components/schemas/ContextPackagePathVersion'
- $ref: '#/components/schemas/BaseRiskAcceptedPayload'
example:
entityType: vulnerability
entityValue: CVE-2023-39325
expirationDate: '2025-02-01'
context: []
reason: RiskTransferred
description: Accept Risk everywhere for CVE-2023-39325
UpdateRiskAccepted:
title: Update Risk Accepted
type: object
properties:
expirationDate:
description: |
Date when the accepted risk expires. Setting this to null will make the accepted risk never expire.
type: string
maxLength: 10
example: '2024-02-27'
nullable: true
reason:
description: Reason for acceptance
type: string
enum:
- RiskTransferred
- RiskAvoided
- RiskMitigated
- RiskOwned
- RiskNotRelevant
- Custom
example: RiskTransferred
description:
description: Description of why the accepted risk was created
type: string
maxLength: 512
example: vulnerability cannot be removed manually
ZoneScope:
title: Zone Scope
type: object
required:
- targetType
properties:
id:
$ref: '#/components/schemas/UnlimitedLong'
targetType:
type: string
format: string
example: target
maxLength: 512
description: The target type of the Scope
rules:
type: string
format: string
example: clusterId in ( "test" )
maxLength: 2048
description: Scoping rules to be applied
ZoneResponseV1:
title: Zone Response V1
type: object
properties:
id:
$ref: '#/components/schemas/UnlimitedLong'
name:
type: string
example: Production
maxLength: 512
description: The name of the Zone
description:
type: string
format: string
example: Production Environment
maxLength: 8192
description: The description of the Zone
author:
type: string
format: string
example: Sysdig
maxLength: 512
description: Email of the user who created this Zone
lastModifiedBy:
type: string
format: string
example: john_doe@sysdig.com
maxLength: 512
description: Email of the user who last modified the Zone
lastUpdated:
allOf:
- $ref: '#/components/schemas/UnlimitedLong'
description: |
Timestamp indicating the moment the Zone has been last updated.\
It is expressed in milliseconds elapsed since January 1, 1970 UTC.
isSystem:
type: boolean
example: false
description: Boolean value indicating if the Zone is a *System* one
scopes:
type: array
maxItems: 8192
items:
$ref: '#/components/schemas/ZoneScope'
description: Attached Zone Scopes
ListZonesResponseV1:
title: Zones List Response V1
allOf:
- $ref: '#/components/schemas/OffsetPaginatedResponse'
- type: object
properties:
data:
type: array
maxItems: 200
items:
allOf:
- $ref: '#/components/schemas/ZoneResponseV1'
description: A paged list of Zones
CreateZoneScopeRequestV1:
title: Zone Scope
type: object
required:
- targetType
properties:
targetType:
type: string
format: string
example: aws
maxLength: 512
description: The target type of the Scope
rules:
type: string
format: string
example: clusterId in ( "test" )
maxLength: 2048
description: Scoping rules to be applied
CreateZoneRequestV1:
type: object
title: Zone Request V1
required:
- name
- scopes
properties:
name:
type: string
example: Production
maxLength: 255
description: The name of the Zone. It must be unique
description:
type: string
format: string
example: Production environment
maxLength: 1024
description: The Zone description. It can be useful for adding extra information
scopes:
type: array
minItems: 1
maxItems: 512
items:
$ref: '#/components/schemas/CreateZoneScopeRequestV1'
description: Zone attached scopes
responses:
BadRequest:
description: Operation failed due to invalid payload.
headers:
X-RateLimit-Limit:
description: Maximum number of allowed requests per minute.
schema:
type: integer
format: int32
minimum: 1
maximum: 4096
content:
application/json:
schema:
$ref: '#/components/schemas/Error'
example:
type: bad_request
message: Bad request
details: []
Unauthorized:
description: Access denied.
headers:
X-RateLimit-Limit:
description: Maximum number of allowed requests per minute.
schema:
type: integer
format: int32
minimum: 1
maximum: 4096
content:
application/json:
schema:
$ref: '#/components/schemas/Error'
example:
type: unauthorized
message: Unauthorized
details: []
NotFound:
description: Not found.
headers:
X-RateLimit-Limit:
description: Maximum number of allowed requests per minute.
schema:
type: integer
format: int32
minimum: 1
maximum: 4096
content:
application/json:
schema:
$ref: '#/components/schemas/Error'
example:
type: resource_not_found
message: Resource not found
details: []
TooManyRequests:
description: Too many requests.
headers:
Retry-After:
schema:
type: integer
format: int32
minimum: 1
maximum: 14400
description: Retry after X seconds.
required: false
X-RateLimit-Limit:
description: Maximum number of allowed requests per minute.
schema:
type: integer
format: int32
minimum: 1
maximum: 4096
content:
application/json:
schema:
$ref: '#/components/schemas/Error'
example:
type: too_many_requests
message: Too many requests
details: []
InternalServerError:
description: Internal server error.
content:
application/json:
schema:
$ref: '#/components/schemas/Error'
example:
type: internal_server_error
message: Internal server error
details: []
Conflict:
description: Conflict.
headers:
X-RateLimit-Limit:
description: Maximum number of allowed requests per minute.
schema:
type: integer
format: int32
minimum: 1
maximum: 4096
content:
application/json:
schema:
$ref: '#/components/schemas/Error'
example:
type: conflict
message: Conflict
details: []
UnsupportedMediaType:
description: Server cannot accept content of type specified in Content-Type header.
headers:
X-RateLimit-Limit:
description: Maximum number of allowed requests per minute.
schema:
type: integer
format: int32
minimum: 1
maximum: 4096
content:
application/json:
schema:
$ref: '#/components/schemas/Error'
example:
type: unsupported_media_type
message: Unsupported media type
details: []
UnprocessableEntity:
description: Server was unable to process the request.
headers:
X-RateLimit-Limit:
description: Maximum number of allowed requests per minute.
schema:
type: integer
format: int32
minimum: 1
maximum: 4096
content:
application/json:
schema:
$ref: '#/components/schemas/Error'
example:
type: unprocessable_content
message: Unprocessable content
details: []
Forbidden:
description: Not enough privileges to complete the action.
headers:
X-RateLimit-Limit:
description: Maximum number of allowed requests per minute.
schema:
type: integer
format: int32
minimum: 1
maximum: 4096
content:
application/json:
schema:
$ref: '#/components/schemas/Error'
example:
type: forbidden
message: Forbidden
details: []
BadRequestPrometheus:
description: Operation failed due to invalid payload.
headers:
X-RateLimit-Limit:
description: Maximum number of allowed requests per minute.
schema:
type: integer
format: int32
minimum: 1
maximum: 4096
content:
application/json:
schema:
$ref: '#/components/schemas/PrometheusError'
example:
status: error
errorType: bad_data
error: 'unknown position: parse error: no expression found in input'
UnauthorizedPrometheus:
description: Access denied.
headers:
X-RateLimit-Limit:
description: Maximum number of allowed requests per minute.
schema:
type: integer
format: int32
minimum: 1
maximum: 4096
content:
application/json:
schema:
type: object
properties:
timestamp:
type: integer
format: int64
description: Epoch timestamp (milliseconds) when the error occurred.
minimum: 0
maximum: 9999999999999
example: 1743154268491
status:
type: integer
format: int32
description: HTTP status code of the response.
enum:
- 401
minimum: 401
maximum: 401
example: 401
error:
type: string
description: A human-readable error message.
maxLength: 1024
example: Unauthorized
path:
type: string
description: The requested endpoint path that triggered the error.
maxLength: 1024
example: /ext/auth/prometheus/api/v1/query
required:
- timestamp
- status
- error
- path
NotFoundPrometheus:
description: Not found.
headers:
X-RateLimit-Limit:
description: Maximum number of allowed requests per minute.
schema:
type: integer
format: int32
minimum: 1
maximum: 4096
content:
application/json:
schema:
type: string
description: Error message indicating that the requested page was not found.
maxLength: 1024
example: 404 page not found
InternalServerErrorPrometheus:
description: Internal server error.
content:
application/json:
schema:
$ref: '#/components/schemas/PrometheusError'
example:
status: error
errorType: server_error
error: error writing response
UnprocessableEntityPrometheus:
description: Operation failed due to unprocessable entity.
headers:
X-RateLimit-Limit:
description: Maximum number of allowed requests per minute.
schema:
type: integer
format: int32
minimum: 1
maximum: 4096
content:
application/json:
schema:
$ref: '#/components/schemas/PrometheusError'
example:
status: error
errorType: execution
error: Invalid time range
GonePrometheus:
description: Gone
headers:
X-RateLimit-Limit:
description: Maximum number of allowed requests per minute.
schema:
type: integer
format: int32
minimum: 1
maximum: 4096
content:
application/json:
schema:
$ref: '#/components/schemas/PrometheusError'
example:
status: error
errorType: gone
error: This API endpoint is not supported.