{
"components": {
"requestBodies": {
"FilterModel": {
"content": {
"application/json; charset=UTF-8": {
"schema": {
"$ref": "#/components/schemas/FilterModel"
}
}
}
},
"FilterModel2": {
"content": {
"application/json; charset=UTF-8": {
"schema": {
"$ref": "#/components/schemas/FilterModel"
}
}
},
"description": "Model for Filter",
"required": true
},
"FilterSuggestionModel": {
"content": {
"application/json; charset=UTF-8": {
"schema": {
"$ref": "#/components/schemas/FilterSuggestionModel"
}
}
}
}
},
"securitySchemes": {
"x-redlock-auth": {
"description": "The x-redlock-auth value is a JSON Web Token (JWT).",
"in": "header",
"name": "x-redlock-auth",
"type": "apiKey"
}
},
"schemas": {
"AbsoluteTimeRangeConfigModel": {
"allOf": [
{
"$ref": "#/components/schemas/TimeRangeConfigModel"
},
{
"description": "Model for AbsoluteTimeRangeConfig",
"properties": {
"type": {
"example": "absolute",
"type": "string"
},
"value": {
"allOf": [
{
"$ref": "#/components/schemas/TimeModel"
},
{
"description": "Time range object"
}
]
}
},
"required": [
"value"
],
"type": "object"
}
]
},
"AlertAttributionModel": {
"description": "Model for AlertAttribution",
"properties": {
"attributionEventList": {
"items": {
"$ref": "#/components/schemas/AttributionEventModel"
},
"type": "array"
},
"resourceCreatedBy": {
"description": "Resource Created By",
"type": "string"
},
"resourceCreatedOn": {
"description": "Resource Created On",
"format": "int64",
"type": "integer"
}
},
"type": "object"
},
"AlertFilterSuggestion": {
"description": "Model for AlertFilterSuggestion",
"properties": {
"account.group": {
"$ref": "#/components/schemas/FilterSuggestion"
},
"alert.id": {
"allOf": [
{
"$ref": "#/components/schemas/FilterSuggestion"
},
{
"readOnly": true
}
]
},
"alert.status": {
"allOf": [
{
"$ref": "#/components/schemas/FilterSuggestion"
},
{
"readOnly": true
}
]
},
"alertRule.name": {
"$ref": "#/components/schemas/FilterSuggestion"
},
"asset.class": {
"$ref": "#/components/schemas/FilterSuggestion"
},
"buildtime.resourceName": {
"$ref": "#/components/schemas/FilterSuggestion"
},
"cloud.account": {
"$ref": "#/components/schemas/FilterSuggestion"
},
"cloud.accountId": {
"$ref": "#/components/schemas/FilterSuggestion"
},
"cloud.region": {
"$ref": "#/components/schemas/FilterSuggestion"
},
"cloud.service": {
"$ref": "#/components/schemas/FilterSuggestion"
},
"cloud.type": {
"allOf": [
{
"$ref": "#/components/schemas/FilterSuggestion"
},
{
"readOnly": true
}
]
},
"git.filename": {
"$ref": "#/components/schemas/FilterSuggestion"
},
"git.provider": {
"$ref": "#/components/schemas/FilterSuggestion"
},
"git.repository": {
"$ref": "#/components/schemas/FilterSuggestion"
},
"iac.framework": {
"$ref": "#/components/schemas/FilterSuggestion"
},
"malware": {
"$ref": "#/components/schemas/FilterSuggestion"
},
"object.classification": {
"$ref": "#/components/schemas/FilterSuggestion"
},
"object.exposure": {
"$ref": "#/components/schemas/FilterSuggestion"
},
"object.identifier": {
"$ref": "#/components/schemas/FilterSuggestion"
},
"policy.complianceRequirement": {
"$ref": "#/components/schemas/FilterSuggestion"
},
"policy.complianceSection": {
"$ref": "#/components/schemas/FilterSuggestion"
},
"policy.complianceStandard": {
"$ref": "#/components/schemas/FilterSuggestion"
},
"policy.label": {
"$ref": "#/components/schemas/FilterSuggestion"
},
"policy.name": {
"$ref": "#/components/schemas/FilterSuggestion"
},
"policy.remediable": {
"allOf": [
{
"$ref": "#/components/schemas/FilterSuggestion"
},
{
"readOnly": true
}
]
},
"policy.severity": {
"$ref": "#/components/schemas/FilterSuggestion"
},
"policy.subtype": {
"allOf": [
{
"$ref": "#/components/schemas/FilterSuggestion"
},
{
"readOnly": true
}
]
},
"policy.type": {
"$ref": "#/components/schemas/FilterSuggestion"
},
"resource.group": {
"$ref": "#/components/schemas/FilterSuggestion"
},
"resource.id": {
"$ref": "#/components/schemas/FilterSuggestion"
},
"resource.name": {
"$ref": "#/components/schemas/FilterSuggestion"
},
"resource.tagv2": {
"$ref": "#/components/schemas/FilterSuggestion"
},
"resource.type": {
"$ref": "#/components/schemas/FilterSuggestion"
},
"risk.grade": {
"allOf": [
{
"$ref": "#/components/schemas/FilterSuggestion"
},
{
"readOnly": true
}
]
},
"timeRange.type": {
"$ref": "#/components/schemas/FilterSuggestion"
},
"vulnerability.severity": {
"$ref": "#/components/schemas/FilterSuggestion"
}
},
"type": "object"
},
"AlertModel": {
"description": "Model for Alert",
"properties": {
"alertAdditionalInfo": {
"additionalProperties": {
"type": "string"
},
"type": "object"
},
"alertAttribution": {
"$ref": "#/components/schemas/AlertAttributionModel"
},
"alertCount": {
"format": "int64",
"type": "integer"
},
"alertRules": {
"items": {
"$ref": "#/components/schemas/PolicyScanConfigModel"
},
"type": "array"
},
"alertTime": {
"description": "Timestamp when alert was last reopened for resource update, or the same as **firstSeen** if there are no status changes.",
"format": "int64",
"type": "integer"
},
"appMetadata": {
"description": "Application Metadata from AppDna",
"items": {
"additionalProperties": {
"type": "string"
},
"type": "object"
},
"type": "array"
},
"connectionDetails": {
"description": "ConnectionDetails for network_event alerts",
"items": {
"$ref": "#/components/schemas/ConnectionDetail"
},
"type": "array"
},
"dismissalDuration": {
"description": "Dismissal Duration",
"type": "string"
},
"dismissalNote": {
"description": "Dismissal note",
"type": "string"
},
"dismissalUntilTs": {
"description": "Dismiss until this timestamp",
"format": "int64",
"type": "integer"
},
"dismissedBy": {
"description": "Dismissed by",
"type": "string"
},
"eventOccurred": {
"description": "Timestamp when the event occurred. Set only for Audit Event policies.",
"format": "int64",
"type": "integer"
},
"firstSeen": {
"description": "Timestamp of the first policy violation for the alert resource (i.e. the alert creation timestamp)",
"format": "int64",
"type": "integer"
},
"history": {
"items": {
"$ref": "#/components/schemas/HistoryModel"
},
"type": "array"
},
"id": {
"description": "Alert ID",
"type": "string"
},
"investigateOptions": {
"allOf": [
{
"$ref": "#/components/schemas/InvestigateOptions"
},
{
"description": "Investigate Options for search using RQL"
}
]
},
"lastSeen": {
"description": "Timestamp when alert status was last updated.",
"format": "int64",
"type": "integer"
},
"lastUpdated": {
"description": "Timestamp when alert was last updated. Updates include but are not limited to resource updates, policy updates, alert rule updates, and alert status changes.",
"format": "int64",
"type": "integer"
},
"metadata": {
"description": "Raw JSON metadata for the alert",
"type": "object"
},
"policy": {
"$ref": "#/components/schemas/PolicyModel"
},
"policyId": {
"description": "Policy ID",
"type": "string"
},
"reason": {
"description": "The reason for an alert's status. For more information on Alert reasons see [View and Respond to Prisma Cloud Alerts](https://docs.prismacloud.io/en/enterprise-edition/content-collections/alerts/view-respond-to-prisma-cloud-alerts) and [Prisma Cloud Alert Resolution Reasons](https://docs.prismacloud.io/en/enterprise-edition/content-collections/alerts/prisma-cloud-alert-resolution-reasons)",
"readOnly": true,
"type": "string"
},
"resource": {
"$ref": "#/components/schemas/CloudResourceModel"
},
"riskDetail": {
"allOf": [
{
"$ref": "#/components/schemas/RiskDetailModel"
},
{
"description": "Risk detail (Deprecated)"
}
]
},
"saveSearchId": {
"description": "Saved Search ID",
"type": "string"
},
"status": {
"description": "Status",
"enum": [
"open",
"dismissed",
"snoozed",
"resolved",
"pending_resolution"
],
"readOnly": true,
"type": "string"
},
"triggeredBy": {
"description": "Triggered By",
"type": "string"
}
},
"type": "object"
},
"AlertRuleNotificationConfigModel": {
"description": "Model for Alert Rule Notification Config",
"properties": {
"dayOfMonth": {
"description": "Day of month",
"format": "int32",
"readOnly": true,
"type": "integer"
},
"daysOfWeek": {
"description": "Days of week",
"items": {
"$ref": "#/components/schemas/WeekDay"
},
"readOnly": true,
"type": "array"
},
"detailedReport": {
"description": "Provide csv detailed report",
"type": "boolean"
},
"enabled": {
"description": "Scan enabled",
"type": "boolean"
},
"frequency": {
"enum": [
"as_it_happens",
"daily",
"weekly",
"monthly"
],
"type": "string"
},
"frequencyFromRRule": {
"description": "Frequency from RRule",
"readOnly": true,
"type": "string"
},
"hourOfDay": {
"description": "Hour of day",
"format": "int32",
"readOnly": true,
"type": "integer"
},
"id": {
"description": "Alert rule notification config ID",
"type": "string"
},
"includeRemediation": {
"description": "Include remediation in detailed report",
"type": "boolean"
},
"lastUpdated": {
"description": "Last Updated",
"format": "int64",
"type": "integer"
},
"last_sent_ts": {
"description": "Time of last notification in milliseconds",
"format": "int64",
"type": "integer"
},
"recipients": {
"description": "* For email notifications: List of unique email addresses to notify\n* For integrations without notification templates: List of integration ids\n* For integrations with notification templates: List of notification template ids\n",
"items": {
"type": "string"
},
"type": "array",
"uniqueItems": true
},
"rruleSchedule": {
"type": "string"
},
"templateId": {
"description": "Template ID",
"type": "string"
},
"timezone": {
"description": "Java time zone ID (e.g. America/Los_Angeles) ",
"readOnly": true,
"type": "string"
},
"type": {
"description": "Integration type",
"enum": [
"email",
"slack",
"splunk",
"amazon_sqs",
"jira",
"microsoft_teams",
"webhook",
"aws_security_hub",
"google_cscc",
"service_now",
"pager_duty",
"azure_service_bus_queue",
"demisto",
"aws_s3",
"snowflake"
],
"type": "string"
},
"withCompression": {
"description": "Compress detailed report",
"type": "boolean"
}
},
"type": "object"
},
"AlertRulePolicyFilter": {
"description": "Model for Alert Rule Policy Filter",
"properties": {
"availablePolicyFilters": {
"description": "List of available Alert Rule Policy Filters",
"items": {
"type": "string"
},
"type": "array",
"uniqueItems": true
},
"cloud.type": {
"description": "Cloud Type Filter",
"items": {
"enum": [
"ALL",
"AWS",
"AZURE",
"GCP",
"ALIBABA_CLOUD",
"OCI",
"IBM"
],
"type": "string"
},
"type": "array",
"uniqueItems": true
},
"policy.complianceStandard": {
"description": "Compliance Standard Filter",
"items": {
"type": "string"
},
"type": "array",
"uniqueItems": true
},
"policy.label": {
"description": "Policy Label Filter",
"items": {
"type": "string"
},
"type": "array",
"uniqueItems": true
},
"policy.severity": {
"description": "Policy Severity Filter",
"items": {
"type": "string"
},
"type": "array",
"uniqueItems": true
}
},
"type": "object"
},
"AlertStatusChangeRequestModel": {
"description": "Model for Alert Status Change Request",
"properties": {
"alerts": {
"description": "Alert IDs",
"items": {
"type": "string"
},
"type": "array"
},
"dismissalNote": {
"description": "Reason for dismissal (this only applies to the dismiss alerts endpoint)",
"type": "string"
},
"dismissalTimeRange": {
"allOf": [
{
"$ref": "#/components/schemas/TimeRangeConfigModel"
},
{
"description": "Dismissal Time Range"
}
]
},
"filter": {
"allOf": [
{
"$ref": "#/components/schemas/FilterModel"
},
{
"description": "Filter"
}
]
},
"policies": {
"description": "Policy IDs",
"items": {
"type": "string"
},
"type": "array"
}
},
"required": [
"filter"
],
"type": "object"
},
"AlertsLookupKeyModel": {
"description": "Model for AlertsLookupKey",
"properties": {
"alerts": {
"description": "List of alert IDs. One or more alert IDs associated with a single policy are required if no policies are specified. If a policy is specified, then all the alerts specified must belong to that policy.",
"items": {
"type": "string"
},
"type": "array"
},
"filter": {
"allOf": [
{
"$ref": "#/components/schemas/FilterModel"
},
{
"description": "Filter to narrow or manage the search"
}
]
},
"policies": {
"description": "List of policy IDs. A single policy ID is required if no alerts are specified.",
"items": {
"type": "string"
},
"type": "array"
}
},
"required": [
"filter"
],
"type": "object"
},
"AsyncJob": {
"description": "Model for AsyncJob",
"properties": {
"createdBy": {
"description": "Job creator",
"readOnly": true,
"type": "string"
},
"createdOn": {
"description": "Creation timestamp",
"format": "int64",
"readOnly": true,
"type": "integer"
},
"downloadUri": {
"description": "Download URI",
"readOnly": true,
"type": "string"
},
"id": {
"description": "Job ID",
"readOnly": true,
"type": "string"
},
"lastModified": {
"description": "Timestamp for last modified",
"format": "int64",
"readOnly": true,
"type": "integer"
},
"recordCount": {
"description": "Record Count",
"format": "int32",
"readOnly": true,
"type": "integer"
},
"status": {
"description": "Job status",
"enum": [
"COMPLETED",
"FAILED",
"IN_PROGRESS",
"READY_TO_DOWNLOAD",
"SUBMITTED"
],
"readOnly": true,
"type": "string"
},
"statusUri": {
"description": "Status URI",
"readOnly": true,
"type": "string"
},
"timeTaken": {
"description": "Time taken to complete the job",
"format": "int64",
"readOnly": true,
"type": "integer"
}
},
"type": "object"
},
"AttributionEventModel": {
"description": "Model for AttributionEvent",
"properties": {
"event": {
"description": "Event",
"type": "string"
},
"event_ts": {
"description": "Event Timestamp",
"format": "int64",
"type": "integer"
},
"username": {
"description": "Username",
"type": "string"
}
},
"type": "object"
},
"BaseFilterModel": {
"description": "Model for Filter",
"discriminator": {
"propertyName": "type"
},
"properties": {
"detailed": {
"description": "Detailed",
"type": "boolean"
},
"fields": {
"description": "Array of specific fields to return",
"items": {
"type": "string"
},
"type": "array"
},
"filters": {
"description": "Filtering parameters. \n\nFor filter names, refer to List Filters API. \n\nFor filter values, refer to List filter suggestions. \n\nThe only exception is **resource.tagv2** filter name, provide filter value for it in the following format: \"{\"key\":\"'CustomerTagKey'\",\"value\":\"'CustomerTagValue'\"}\"",
"items": {
"$ref": "#/components/schemas/UIFilterModel"
},
"type": "array"
},
"groupBy": {
"description": "For asset or data inventory only. Group returned items by **cloud.type**, **cloud.service**, **cloud.region**, **cloud.account**, and/or **resource.type**",
"items": {
"type": "string"
},
"type": "array"
},
"limit": {
"description": "Maximum number of items to return. When data is paginated, maximum number of items per page.The maximum cannot exceed 10,000. The default is 10,000.",
"type": "number"
},
"offset": {
"description": "The number of items to skip before selecting items to return. Default is zero",
"type": "number"
},
"pageToken": {
"description": "Setting this pagination Token to the **nextPageToken** from a response object returns the next page of data ",
"type": "string"
},
"sortBy": {
"description": "Array of sort properties. Append **:asc** or **:desc** to the key to sort by ascending or descending order respectively. Example sort properties are **id:asc** and **timestamp:desc**",
"items": {
"type": "string"
},
"type": "array"
}
},
"type": "object"
},
"CloudResourceModel": {
"description": "Model for Cloud Resource",
"properties": {
"account": {
"description": "Account",
"type": "string"
},
"accountId": {
"description": "Account ID",
"type": "string"
},
"additionalInfo": {
"allOf": [
{
"$ref": "#/components/schemas/JsonNode"
},
{
"description": "Additional info"
}
]
},
"cloudAccountAncestors": {
"description": "Cloud account ancestors. For GCP.",
"items": {
"type": "string"
},
"readOnly": true,
"type": "array"
},
"cloudAccountGroups": {
"description": "Cloud account groups",
"items": {
"type": "string"
},
"type": "array",
"uniqueItems": true
},
"cloudAccountOwners": {
"description": "Cloud account owners. For Azure and GCP.",
"items": {
"type": "string"
},
"readOnly": true,
"type": "array"
},
"cloudServiceName": {
"description": "Cloud service name",
"readOnly": true,
"type": "string"
},
"cloudType": {
"description": "Cloud type",
"enum": [
"ALL",
"AWS",
"AZURE",
"GCP",
"ALIBABA_CLOUD",
"OCI",
"IBM"
],
"type": "string"
},
"data": {
"description": "Raw JSON data for the resource",
"readOnly": true,
"type": "object"
},
"id": {
"description": "Id",
"type": "string"
},
"name": {
"description": "Name",
"type": "string"
},
"region": {
"description": "Region name",
"type": "string"
},
"regionId": {
"description": "Region API identifier",
"type": "string"
},
"resourceApiName": {
"description": "Resource API name",
"readOnly": true,
"type": "string"
},
"resourceConfigJsonAvailable": {
"type": "boolean"
},
"resourceDetailsAvailable": {
"type": "boolean"
},
"resourceTags": {
"additionalProperties": {
"type": "string"
},
"description": "Resource tags",
"type": "object"
},
"resourceType": {
"description": "Resource type",
"readOnly": true,
"type": "string"
},
"rrn": {
"description": "RRN",
"type": "string"
},
"unifiedAssetId": {
"type": "string"
},
"url": {
"description": "URL",
"type": "string"
}
},
"type": "object"
},
"ComplianceMetadataModel": {
"description": "Model for ComplianceMetadata",
"properties": {
"complianceId": {
"description": "Compliance Section UUID",
"type": "string"
},
"customAssigned": {
"type": "boolean"
},
"policyId": {
"description": "Policy ID",
"type": "string"
},
"requirementDescription": {
"description": "Requirement description",
"type": "string"
},
"requirementId": {
"description": "Requirement ID",
"type": "string"
},
"requirementName": {
"description": "Requirement name",
"type": "string"
},
"sectionDescription": {
"description": "Section name",
"type": "string"
},
"sectionId": {
"description": "Section Id",
"type": "string"
},
"sectionLabel": {
"description": "Section Label",
"type": "string"
},
"standardDescription": {
"description": "Compliance standard description",
"type": "string"
},
"standardId": {
"type": "string"
},
"standardName": {
"description": "Compliance standard name",
"type": "string"
}
},
"type": "object"
},
"ConnectionDetail": {
"properties": {
"accepted": {
"type": "string"
},
"accountName": {
"type": "string"
},
"classification": {
"type": "string"
},
"destIp": {
"type": "string"
},
"destIsp": {
"type": "string"
},
"feedSource": {
"type": "string"
},
"id": {
"format": "int32",
"type": "integer"
},
"inboundTrafficVolume": {
"format": "int64",
"type": "integer"
},
"markedThreatTs": {
"format": "int64",
"type": "integer"
},
"outboundTrafficVolume": {
"format": "int64",
"type": "integer"
},
"packets": {
"format": "int64",
"type": "integer"
},
"srcIp": {
"type": "string"
},
"srcIsp": {
"type": "string"
},
"threatDescription": {
"type": "string"
},
"timestamp": {
"format": "int64",
"type": "integer"
},
"trafficOverTime": {
"items": {
"additionalProperties": {
"format": "int64",
"type": "integer"
},
"type": "object"
},
"type": "array"
},
"trafficVolume": {
"format": "int64",
"type": "integer"
}
},
"type": "object"
},
"CountModel": {
"description": "Model used for just count",
"properties": {
"count": {
"description": "Count",
"format": "int64",
"type": "integer"
}
},
"type": "object"
},
"FilterModel": {
"allOf": [
{
"$ref": "#/components/schemas/BaseFilterModel"
},
{
"description": "Model for Filter",
"properties": {
"timeRange": {
"allOf": [
{
"$ref": "#/components/schemas/TimeRangeConfigModel"
},
{
"description": "Time range"
}
]
}
},
"type": "object"
}
]
},
"FilterSuggestion": {
"description": "Model for FilterSuggestion",
"properties": {
"nameValue": {
"description": "Filter options",
"items": {
"$ref": "#/components/schemas/NameValueIntegerString"
},
"type": "array"
},
"options": {
"description": "Filter options, which lists all the default options for static filters or all the recent options, if any, for non-static filters",
"items": {
"type": "string"
},
"type": "array",
"uniqueItems": true
},
"staticFilter": {
"description": "Filter is a static filter",
"type": "boolean"
}
},
"type": "object"
},
"FilterSuggestionModel": {
"description": "Model for Filter Suggestions",
"properties": {
"filterName": {
"description": "Filter name",
"type": "string"
},
"query": {
"description": "Case-insensitive fuzzy search autocomplete filter. Includes only items that contain the query as a substring.",
"type": "string"
}
},
"required": [
"filterName"
],
"type": "object"
},
"HistoryModel": {
"description": "Model for History",
"properties": {
"reason": {
"description": "Reason",
"readOnly": true,
"type": "string"
},
"status": {
"description": "Status",
"enum": [
"OPEN",
"DISMISSED",
"SNOOZED",
"PENDING_RESOLUTION",
"RESOLVED"
],
"readOnly": true,
"type": "string"
}
},
"type": "object"
},
"InvestigateOptions": {
"description": "Model for InvestigateOptions",
"properties": {
"alertId": {
"description": "alert id",
"type": "string"
},
"hasSearchExecutionSupport": {
"description": "The flag indicates if the policy has RQL execution support",
"type": "boolean"
},
"searchId": {
"description": "searchId for the policy RQL",
"type": "string"
}
},
"type": "object"
},
"JsonNode": {
"properties": {
"array": {
"type": "boolean"
},
"bigDecimal": {
"type": "boolean"
},
"bigInteger": {
"type": "boolean"
},
"binary": {
"type": "boolean"
},
"boolean": {
"type": "boolean"
},
"containerNode": {
"type": "boolean"
},
"double": {
"type": "boolean"
},
"float": {
"type": "boolean"
},
"floatingPointNumber": {
"type": "boolean"
},
"int": {
"type": "boolean"
},
"integralNumber": {
"type": "boolean"
},
"long": {
"type": "boolean"
},
"missingNode": {
"type": "boolean"
},
"nodeType": {
"enum": [
"ARRAY",
"BINARY",
"BOOLEAN",
"MISSING",
"NULL",
"NUMBER",
"OBJECT",
"POJO",
"STRING"
],
"type": "string"
},
"null": {
"type": "boolean"
},
"number": {
"type": "boolean"
},
"object": {
"type": "boolean"
},
"pojo": {
"type": "boolean"
},
"short": {
"type": "boolean"
},
"textual": {
"type": "boolean"
},
"valueNode": {
"type": "boolean"
}
},
"type": "object"
},
"NameValueIntegerString": {
"properties": {
"id": {
"format": "int32",
"type": "integer"
},
"name": {
"type": "string"
}
},
"type": "object"
},
"PagedResultsAlertModel": {
"properties": {
"dynamicColumns": {
"items": {
"type": "string"
},
"type": "array",
"uniqueItems": true
},
"infoMsg": {
"type": "string"
},
"items": {
"items": {
"$ref": "#/components/schemas/AlertModel"
},
"type": "array"
},
"nextPageToken": {
"type": "string"
},
"sortAllowedColumns": {
"items": {
"type": "string"
},
"type": "array",
"uniqueItems": true
},
"totalRows": {
"format": "int64",
"type": "integer"
}
},
"type": "object"
},
"ParsedTableFilter": {
"description": "Model for parsed table filter",
"properties": {
"completeParameters": {
"items": {
"$ref": "#/components/schemas/UIFilterModel"
},
"type": "array"
},
"links": {
"description": "JSON query builder links",
"type": "string"
},
"needsOffsetUpdate": {
"description": "Needs offset update (for internal use)",
"type": "boolean"
},
"offset": {
"description": "Offset within query",
"format": "int32",
"type": "integer"
},
"queryRemainder": {
"description": "Query remainder",
"type": "string"
},
"suggestions": {
"description": "List of suggestions",
"items": {
"type": "string"
},
"type": "array"
},
"translate": {
"description": "Translate (for internal use)",
"type": "boolean"
},
"valid": {
"description": "Query is valid",
"type": "boolean"
}
},
"type": "object"
},
"PolicyModel": {
"description": "Model for Policy",
"properties": {
"cloudType": {
"description": "Cloud type (Required for config policies). Not case-sensitive. Default is **ALL**.",
"enum": [
"ALL",
"AWS",
"AZURE",
"GCP",
"ALIBABA_CLOUD",
"OCI",
"IBM"
],
"type": "string"
},
"complianceMetadata": {
"description": "List of compliance data. Each item has compliance standard, requirement, and/or section information.",
"items": {
"$ref": "#/components/schemas/ComplianceMetadataModel"
},
"type": "array"
},
"createdBy": {
"description": "Created by",
"readOnly": true,
"type": "string"
},
"createdOn": {
"description": "Created on this timestamp",
"format": "int64",
"readOnly": true,
"type": "integer"
},
"deleted": {
"description": "Deleted",
"readOnly": true,
"type": "boolean"
},
"description": {
"description": "Policy description",
"type": "string"
},
"enabled": {
"description": "true=enabled. false=disabled.",
"type": "boolean"
},
"findingTypes": {
"description": "Finding Type",
"items": {
"type": "string"
},
"type": "array"
},
"labels": {
"description": "Labels",
"items": {
"type": "string"
},
"type": "array",
"uniqueItems": true
},
"lastModifiedBy": {
"description": "Last modified by",
"readOnly": true,
"type": "string"
},
"lastModifiedOn": {
"description": "Last modified on this timestamp",
"format": "int64",
"readOnly": true,
"type": "integer"
},
"name": {
"description": "Policy name",
"type": "string"
},
"overridden": {
"description": "Overridden",
"readOnly": true,
"type": "boolean"
},
"policyId": {
"description": "Policy ID",
"readOnly": true,
"type": "string"
},
"policySubTypes": {
"description": "Policy subtype",
"items": {
"enum": [
"run",
"build",
"run_and_build",
"audit",
"data_classification",
"dns",
"malware",
"network_event",
"network",
"ueba",
"permissions",
"network_config",
"identity",
"sensitive_data_exposure",
"internet_exposure",
"injections",
"vulnerability_scanning",
"shellshock",
"known_bots",
"unknown_bots",
"virtual_patches",
"event",
"misconfig_and_event",
"misconfig",
"host",
"container_image"
],
"type": "string"
},
"readOnly": true,
"type": "array",
"uniqueItems": true
},
"policyType": {
"description": "Policy type. Policy type **anomaly** is read-only.",
"enum": [
"config",
"network",
"audit_event",
"anomaly",
"data",
"iam",
"workload_vulnerability",
"workload_incident",
"api",
"attack_path",
"malware",
"grayware"
],
"type": "string"
},
"policyUpi": {
"description": "Policy UPI",
"readOnly": true,
"type": "string"
},
"recommendation": {
"description": "Remediation recommendation",
"type": "string"
},
"remediable": {
"description": "isRemediable",
"readOnly": true,
"type": "boolean"
},
"remediation": {
"allOf": [
{
"$ref": "#/components/schemas/RemediationModel"
},
{
"description": "Auto remediation info. Available only if policy is remediable."
}
]
},
"restrictAlertDismissal": {
"description": "Restrict alert dismissal",
"readOnly": true,
"type": "boolean"
},
"rule": {
"allOf": [
{
"$ref": "#/components/schemas/RuleModel"
},
{
"description": "Policy rule (Contains RQL search query or saved search)"
}
]
},
"ruleLastModifiedOn": {
"description": "Rule last modified on",
"format": "int64",
"readOnly": true,
"type": "integer"
},
"severity": {
"description": "Severity",
"enum": [
"high",
"medium",
"low"
],
"type": "string"
},
"systemDefault": {
"description": "true = Policy is a Prisma Cloud system default policy",
"readOnly": true,
"type": "boolean"
}
},
"required": [
"name",
"policyType",
"rule",
"severity"
],
"type": "object"
},
"PolicyRiskScoreModel": {
"description": "Model for Policy Risk Score",
"properties": {
"cloudType": {
"description": "Cloud type (Required for config policies). Not case-sensitive. Default is **ALL**.",
"enum": [
"ALL",
"AWS",
"AZURE",
"GCP",
"ALIBABA_CLOUD",
"OCI",
"IBM"
],
"type": "string"
},
"complianceMetadata": {
"description": "List of compliance data. Each item has compliance standard, requirement, and/or section information.",
"items": {
"$ref": "#/components/schemas/ComplianceMetadataModel"
},
"type": "array"
},
"createdBy": {
"description": "Created by",
"readOnly": true,
"type": "string"
},
"createdOn": {
"description": "Created on this timestamp",
"format": "int64",
"readOnly": true,
"type": "integer"
},
"deleted": {
"description": "Deleted",
"readOnly": true,
"type": "boolean"
},
"description": {
"description": "Policy description",
"type": "string"
},
"enabled": {
"description": "true=enabled. false=disabled.",
"type": "boolean"
},
"findingTypes": {
"description": "Finding Type",
"items": {
"type": "string"
},
"type": "array"
},
"labels": {
"description": "Labels",
"items": {
"type": "string"
},
"type": "array",
"uniqueItems": true
},
"lastModifiedBy": {
"description": "Last modified by",
"readOnly": true,
"type": "string"
},
"lastModifiedOn": {
"description": "Last modified on this timestamp",
"format": "int64",
"readOnly": true,
"type": "integer"
},
"name": {
"description": "Policy name",
"type": "string"
},
"overridden": {
"description": "Overridden",
"readOnly": true,
"type": "boolean"
},
"points": {
"description": "Points",
"type": "string"
},
"policyId": {
"description": "Policy ID",
"readOnly": true,
"type": "string"
},
"policySubTypes": {
"description": "Policy subtype",
"items": {
"enum": [
"run",
"build",
"run_and_build",
"audit",
"data_classification",
"dns",
"malware",
"network_event",
"network",
"ueba",
"permissions",
"network_config",
"identity",
"sensitive_data_exposure",
"internet_exposure",
"injections",
"vulnerability_scanning",
"shellshock",
"known_bots",
"unknown_bots",
"virtual_patches",
"event",
"misconfig_and_event",
"misconfig",
"host",
"container_image"
],
"type": "string"
},
"readOnly": true,
"type": "array",
"uniqueItems": true
},
"policyType": {
"description": "Policy type. Policy type **anomaly** is read-only.",
"enum": [
"config",
"network",
"audit_event",
"anomaly",
"data",
"iam",
"workload_vulnerability",
"workload_incident",
"api",
"attack_path",
"malware",
"grayware"
],
"type": "string"
},
"policyUpi": {
"description": "Policy UPI",
"readOnly": true,
"type": "string"
},
"recommendation": {
"description": "Remediation recommendation",
"type": "string"
},
"remediable": {
"description": "isRemediable",
"readOnly": true,
"type": "boolean"
},
"remediation": {
"allOf": [
{
"$ref": "#/components/schemas/RemediationModel"
},
{
"description": "Auto remediation info. Available only if policy is remediable."
}
]
},
"restrictAlertDismissal": {
"description": "Restrict alert dismissal",
"readOnly": true,
"type": "boolean"
},
"riskScore": {
"$ref": "#/components/schemas/ScoreModel"
},
"rule": {
"allOf": [
{
"$ref": "#/components/schemas/RuleModel"
},
{
"description": "Policy rule (Contains RQL search query or saved search)"
}
]
},
"ruleLastModifiedOn": {
"description": "Rule last modified on",
"format": "int64",
"readOnly": true,
"type": "integer"
},
"severity": {
"description": "Severity",
"enum": [
"high",
"medium",
"low"
],
"type": "string"
},
"systemDefault": {
"description": "true = Policy is a Prisma Cloud system default policy",
"readOnly": true,
"type": "boolean"
}
},
"required": [
"name",
"policyType",
"rule",
"severity"
],
"type": "object"
},
"PolicyScanConfigModel": {
"description": "Model for Policy Scan Config",
"properties": {
"alertRuleNotificationConfig": {
"description": "List of data for notifications to third-party tools",
"items": {
"$ref": "#/components/schemas/AlertRuleNotificationConfigModel"
},
"type": "array"
},
"allowAutoRemediate": {
"description": "Allow Auto-Remediation",
"type": "boolean"
},
"delayNotificationMs": {
"description": "Delay notifications by the specified milliseconds",
"format": "int64",
"type": "integer"
},
"description": {
"description": "Rule/Scan description",
"type": "string"
},
"enabled": {
"description": "Rule/Scan is enabled",
"type": "boolean"
},
"lastModifiedBy": {
"description": "Last modified by",
"readOnly": true,
"type": "string"
},
"lastModifiedOn": {
"description": "Last modified on this date/time in milliseconds",
"format": "int64",
"readOnly": true,
"type": "integer"
},
"name": {
"description": "Rule/Scan name",
"type": "string"
},
"notifyOnDismissed": {
"description": "include dismissed alerts in notification",
"type": "boolean"
},
"notifyOnOpen": {
"description": "include open alerts in notification",
"type": "boolean"
},
"notifyOnResolved": {
"description": "include resolved alerts in notification",
"type": "boolean"
},
"notifyOnSnoozed": {
"description": "include snoozed alerts in notification",
"type": "boolean"
},
"policies": {
"description": "List of specific policies to scan",
"items": {
"type": "string"
},
"type": "array"
},
"policyLabels": {
"description": "Policy labels",
"items": {
"type": "string"
},
"type": "array"
},
"policyScanConfigId": {
"description": "Policy Scan Config ID",
"type": "string"
},
"scanAll": {
"description": "Scan all policies",
"type": "boolean"
},
"target": {
"allOf": [
{
"$ref": "#/components/schemas/TargetFilterModel"
},
{
"description": "TargetFilter model (target accounts)"
}
]
}
},
"required": [
"name",
"target"
],
"type": "object"
},
"RelativeTimeDurationModel": {
"description": "Model for RelativeTimeDuration",
"properties": {
"amount": {
"description": "Number of time units",
"format": "int32",
"type": "integer"
},
"unit": {
"description": "Time unit",
"enum": [
"minute",
"hour",
"day",
"week",
"month",
"year"
],
"type": "string"
}
},
"type": "object"
},
"RelativeTimeRangeConfigModel": {
"allOf": [
{
"$ref": "#/components/schemas/TimeRangeConfigModel"
},
{
"description": "Model for RelativeTimeRangeConfig",
"properties": {
"relativeTimeType": {
"description": "Direction in which to count time. Default = BACKWARD",
"enum": [
"BACKWARD",
"FORWARD"
],
"type": "string"
},
"type": {
"example": "relative",
"type": "string"
},
"value": {
"allOf": [
{
"$ref": "#/components/schemas/RelativeTimeDurationModel"
},
{
"description": "Time range object"
}
]
}
},
"required": [
"value"
],
"type": "object"
}
]
},
"RemediationAction": {
"description": "Action for remediation for data policy.",
"properties": {
"operation": {
"type": "string"
},
"payload": {
"type": "string"
}
},
"type": "object"
},
"RemediationCliModel": {
"description": "Model for Remediation Command",
"properties": {
"alertIdVsCliScript": {
"additionalProperties": {
"type": "string"
},
"description": "Map of alert ID to CLI script",
"type": "object"
},
"cliDescription": {
"description": "CLI script description",
"type": "string"
},
"cliScript": {
"description": "CLI script to resolve an alert",
"type": "string"
},
"scriptImpact": {
"description": "CLI script impact",
"type": "string"
}
},
"type": "object"
},
"RemediationModel": {
"description": "Model for Remediation",
"properties": {
"actions": {
"description": "Policy Action",
"items": {
"$ref": "#/components/schemas/RemediationAction"
},
"type": "array"
},
"cliScriptTemplate": {
"description": "CLI Script Template",
"type": "string"
},
"description": {
"description": "Description",
"type": "string"
}
},
"type": "object"
},
"RequireDismissalNoteConfigModel": {
"description": "Model for Require Dismissal Note Config",
"properties": {
"requireDismissalNote": {
"description": "Require Dismissal Note",
"type": "boolean"
}
},
"type": "object"
},
"ResourceListIdsCollection": {
"description": "Model for holding the lists resource list ids by resource list type",
"properties": {
"computeAccessGroupIds": {
"items": {
"type": "string"
},
"type": "array"
}
},
"type": "object"
},
"RiskDetailModel": {
"description": "Model for Risk Detail",
"properties": {
"policyScores": {
"items": {
"$ref": "#/components/schemas/PolicyRiskScoreModel"
},
"type": "array"
},
"rating": {
"description": "Rating",
"type": "string"
},
"riskScore": {
"$ref": "#/components/schemas/ScoreModel"
},
"score": {
"description": "Score",
"type": "string"
}
},
"type": "object"
},
"RuleCriteria": {
"description": "Criteria for Rule",
"properties": {
"classificationResult": {
"description": "Data policy. Required for DLP rule criteria.",
"type": "string"
},
"exposure": {
"description": "File exposure",
"enum": [
"private",
"public",
"conditional"
],
"type": "string"
},
"extension": {
"description": "File extensions",
"items": {
"type": "string"
},
"type": "array",
"uniqueItems": true
}
},
"type": "object"
},
"RuleModel": {
"description": "Model for Rule",
"properties": {
"apiName": {
"description": "API name",
"readOnly": true,
"type": "string"
},
"cloudAccount": {
"description": "Cloud account",
"readOnly": true,
"type": "string"
},
"cloudType": {
"description": "Cloud type",
"readOnly": true,
"type": "string"
},
"criteria": {
"description": "Saved search ID that defines the rule criteria.",
"type": "string"
},
"dataCriteria": {
"allOf": [
{
"$ref": "#/components/schemas/RuleCriteria"
},
{
"description": "Rule criteria for DLP data policy"
}
]
},
"name": {
"description": "Name",
"type": "string"
},
"parameters": {
"additionalProperties": {
"type": "string"
},
"description": "Parameters (e.g. {\"savedSearch\": \"true\"})",
"type": "object"
},
"resourceIdPath": {
"description": "Resource ID path",
"readOnly": true,
"type": "string"
},
"resourceType": {
"description": "Resource type",
"readOnly": true,
"type": "string"
},
"type": {
"description": "Type of rule or RQL query",
"enum": [
"Config",
"Network",
"AuditEvent",
"DLP",
"IAM",
"NetworkConfig"
],
"type": "string"
}
},
"required": [
"criteria",
"name",
"parameters",
"type"
],
"type": "object"
},
"ScoreModel": {
"description": "Model for Score",
"properties": {
"maxScore": {
"description": "Max Score",
"format": "int64",
"type": "integer"
},
"score": {
"description": "Score",
"format": "int64",
"type": "integer"
}
},
"type": "object"
},
"TargetFilterModel": {
"description": "Model for Target Filter",
"properties": {
"accountGroups": {
"description": "List of Account group(s)",
"items": {
"type": "string"
},
"type": "array"
},
"alertRulePolicyFilter": {
"allOf": [
{
"$ref": "#/components/schemas/AlertRulePolicyFilter"
},
{
"description": "Policy Filters for the Alert Rule"
}
]
},
"excludedAccounts": {
"description": "List of excluded accounts",
"items": {
"type": "string"
},
"type": "array"
},
"includedResourceLists": {
"allOf": [
{
"$ref": "#/components/schemas/ResourceListIdsCollection"
},
{
"description": "List of resource lists included which the resource has to match on."
}
]
},
"regions": {
"description": "List of regions for which alerts will be triggered for account groups. Alerts not associated with specific regions will be triggered regardless of listed regions. If no regions are specified, then the alerts will be triggered for all regions.",
"items": {
"type": "string"
},
"type": "array"
},
"tags": {
"description": "List of TargetTag models (resource tags) for which alerts should be triggered",
"items": {
"$ref": "#/components/schemas/TargetTagModel"
},
"type": "array"
}
},
"type": "object"
},
"TargetTagModel": {
"description": "Model for Target Tag",
"properties": {
"key": {
"description": "Resource tag target",
"type": "string"
},
"values": {
"description": "List of value(s) for resource tag key",
"items": {
"type": "string"
},
"type": "array"
}
},
"type": "object"
},
"TimeModel": {
"description": "Model for Time",
"properties": {
"endTime": {
"description": "End timestamp",
"format": "int64",
"type": "integer"
},
"startTime": {
"description": "Start timestamp",
"format": "int64",
"type": "integer"
}
},
"type": "object"
},
"TimeRangeConfigModel": {
"description": "See the [Time Range Model](/prisma-cloud/api/cspm/api-time-range-model) for details.\n",
"discriminator": {
"mapping": {
"absolute": "#/components/schemas/AbsoluteTimeRangeConfigModel",
"relative": "#/components/schemas/RelativeTimeRangeConfigModel",
"to_now": "#/components/schemas/ToNowTimeRangeConfigModel"
},
"propertyName": "type"
},
"oneOf": [
{
"$ref": "#/components/schemas/RelativeTimeRangeConfigModel"
},
{
"$ref": "#/components/schemas/AbsoluteTimeRangeConfigModel"
},
{
"$ref": "#/components/schemas/ToNowTimeRangeConfigModel"
}
],
"properties": {
"type": {
"description": "Time type",
"type": "string"
}
},
"required": [
"type"
],
"type": "object"
},
"ToNowTimeRangeConfigModel": {
"allOf": [
{
"$ref": "#/components/schemas/TimeRangeConfigModel"
},
{
"description": "Model for ToNowTimeRangeConfig",
"properties": {
"value": {
"description": "Time range object",
"enum": [
"MINUTE",
"HOUR",
"DAY",
"WEEK",
"MONTH",
"YEAR",
"EPOCH",
"LOGIN"
],
"type": "string"
}
},
"type": "object"
}
]
},
"UIFilterModel": {
"description": "Model for UIFilter",
"properties": {
"name": {
"description": "Name",
"type": "string"
},
"operator": {
"description": "Operator",
"enum": [
"="
],
"type": "string"
},
"value": {
"description": "Value",
"type": "string"
}
},
"type": "object"
},
"WeekDay": {
"properties": {
"day": {
"enum": [
"SU",
"MO",
"TU",
"WE",
"TH",
"FR",
"SA"
],
"type": "string"
},
"offset": {
"format": "int32",
"type": "integer"
}
},
"type": "object"
}
}
},
"info": {
"contact": {},
"description": "Prisma Cloud generates an alert when it detects a violation in a policy that is included in an active alert rule. \nYou can use the API requests to manage alerts, including listing or viewing, snoozing or dismissing, reopening, \nor remediating alerts.\n\nWhen retrieving a list of alerts through an API request, you can set filters, time range parameters, or pagination parameters.\n\n### Pagination\n\nYou can limit the number of items in a response list from API resources that support pagination. Version 2 (V2) of the API \nrequests to list alerts supports pagination and will accept the following request parameters.\n\nRequest Parameter | Description \n-----------| -------\n**limit** | Maximum number of items to return per page. Without pagination, maximum number of items to return in a response.\n**offset** | Number of items to skip before selecting items to return. Default is zero.\n**pageToken** | Set to the **nextPageToken** value from the previous response object to return the next page of data.\n\n### Filters\n\nAPI requests that use POST methods to request a list of alerts have filter parameters that enable you to narrow your request \nto alerts that meet a certain criteria.The [List Alert Filters](/prisma-cloud/api/cspm/get-alert-filter-options) \nrequests return the available filters. \n",
"title": "Prisma Cloud Alerts API Overview",
"version": "Latest"
},
"openapi": "3.0.0",
"paths": {
"/filter/alert/suggest": {
"get": {
"description": "Returns an object whose keys are the available policy filters. The corresponding values are default or recently set filter options",
"operationId": "get-alert-filter-and-options",
"responses": {
"200": {
"content": {
"application/json; charset=UTF-8": {
"schema": {
"$ref": "#/components/schemas/AlertFilterSuggestion"
}
}
},
"description": "success"
}
},
"security": [
{
"x-redlock-auth": []
}
],
"summary": "List Alert Filters",
"tags": [
"Alerts"
]
},
"post": {
"description": "Returns available options for an alert filter key. Supports fuzzy autocomplete search. If you specify a **query** value in the request body parameters, the response includes only items that contain the **query** string.",
"operationId": "get-alert-filter-options",
"requestBody": {
"content": {
"application/json; charset=UTF-8": {
"schema": {
"$ref": "#/components/schemas/FilterSuggestionModel"
}
}
}
},
"responses": {
"200": {
"content": {
"*/*": {
"schema": {
"$ref": "#/components/schemas/ParsedTableFilter"
}
}
},
"description": "successful operation"
}
},
"security": [
{
"x-redlock-auth": []
}
],
"summary": "List Alert Filter Autocomplete Suggestions",
"tags": [
"Alerts"
]
}
},
"/alert": {
"get": {
"description": "Returns a list of alerts that match the constraints specified in the query parameters. Max 10k results. To get more, use **List Alerts V2 - GET**. \r\n\r\nData in the response object does not include alert rules.\n\nAlso, in the response object:\n\n* Property **riskDetail** is deprecated.\n* Property **resource.cloudServiceName** is populated only for alerts whose resources belong to a cloud service.\n\nWhen `detailed` flag is set to **true**, following fields will be returned within the policy response object:\n\n- `complianceMetadata`\n- `name`\n- `description`\n- `labels`\n- `deleted`\n- `recommendation`\n- `lastModifiedBy`\n- `lastModifiedOn`\n- `severity`\n\n#### Rate Limits ####\n\nThe following rate limits apply:\n* Request rate limit: 2/sec \n* Burst limit: 10/sec \n",
"operationId": "get-alerts",
"parameters": [
{
"description": "Time Type",
"in": "query",
"name": "timeType",
"required": true,
"schema": {
"enum": [
"relative"
],
"type": "string"
}
},
{
"description": "Number of **timeUnits**",
"in": "query",
"name": "timeAmount",
"required": true,
"schema": {
"type": "string"
}
},
{
"description": "Time Unit",
"in": "query",
"name": "timeUnit",
"required": true,
"schema": {
"enum": [
"minute",
"hour",
"day",
"week",
"month",
"year"
],
"type": "string"
}
},
{
"description": "true = Return detailed alert data.",
"in": "query",
"name": "detailed",
"required": true,
"schema": {
"type": "boolean"
}
},
{
"description": "Comma-separated list of specific fields to retrieve. Allowed values: alert.id, alert.status, alert.time, cloud.accountId, cloud.account, cloud.region, resource.id, resource.name, policy.name, policy.type, policy.severity",
"in": "query",
"name": "fields",
"required": false,
"schema": {
"type": "string"
}
},
{
"description": "The maximum number of items that will be returned in one response. The maximum cannot exceed 10,000. The default is 10,000.",
"in": "query",
"name": "limit",
"required": false,
"schema": {
"type": "number"
}
},
{
"description": "Alert ID",
"in": "query",
"name": "alert.id",
"required": false,
"schema": {
"type": "string"
}
},
{
"description": "Alert status",
"in": "query",
"name": "alert.status",
"required": false,
"schema": {
"enum": [
"open",
"dismissed",
"snoozed",
"resolved",
"pending_resolution"
],
"type": "string"
}
},
{
"description": "Cloud account",
"in": "query",
"name": "cloud.account",
"required": false,
"schema": {
"type": "string"
}
},
{
"description": "Cloud account Id",
"in": "query",
"name": "cloud.accountId",
"required": false,
"schema": {
"type": "string"
}
},
{
"description": "Account group",
"in": "query",
"name": "account.group",
"required": false,
"schema": {
"type": "string"
}
},
{
"description": "Cloud type",
"in": "query",
"name": "cloud.type",
"required": false,
"schema": {
"type": "string"
}
},
{
"description": "Cloud region",
"in": "query",
"name": "cloud.region",
"required": false,
"schema": {
"type": "string"
}
},
{
"description": "Cloud service",
"in": "query",
"name": "cloud.service",
"required": false,
"schema": {
"type": "string"
}
},
{
"description": "Policy ID",
"in": "query",
"name": "policy.id",
"required": false,
"schema": {
"type": "string"
}
},
{
"description": "Policy name",
"in": "query",
"name": "policy.name",
"required": false,
"schema": {
"type": "string"
}
},
{
"description": "Policy severity",
"in": "query",
"name": "policy.severity",
"required": false,
"schema": {
"enum": [
"critical",
"high",
"medium",
"low",
"informational"
],
"type": "string"
}
},
{
"description": "Policy label",
"in": "query",
"name": "policy.label",
"required": false,
"schema": {
"type": "string"
}
},
{
"description": "Policy type",
"in": "query",
"name": "policy.type",
"required": false,
"schema": {
"enum": [
"config",
"network",
"audit_event"
],
"type": "string"
}
},
{
"description": "Policy compliance standard name",
"in": "query",
"name": "policy.complianceStandard",
"required": false,
"schema": {
"type": "string"
}
},
{
"description": "Policy compliance requirement name",
"in": "query",
"name": "policy.complianceRequirement",
"required": false,
"schema": {
"type": "string"
}
},
{
"description": "Policy compliance section ID",
"in": "query",
"name": "policy.complianceSection",
"required": false,
"schema": {
"type": "string"
}
},
{
"description": "Policy is remediable",
"in": "query",
"name": "policy.remediable",
"required": false,
"schema": {
"enum": [
"true",
"false"
],
"type": "string"
}
},
{
"description": "Alert rule name",
"in": "query",
"name": "alertRule.name",
"required": false,
"schema": {
"type": "string"
}
},
{
"description": "Resource ID",
"in": "query",
"name": "resource.id",
"required": false,
"schema": {
"type": "string"
}
},
{
"description": "Resource name",
"in": "query",
"name": "resource.name",
"required": false,
"schema": {
"type": "string"
}
},
{
"description": "Resource TYPE",
"in": "query",
"name": "resource.type",
"required": false,
"schema": {
"type": "string"
}
}
],
"responses": {
"200": {
"content": {
"*/*": {
"schema": {
"items": {
"$ref": "#/components/schemas/AlertModel"
},
"type": "array"
}
}
},
"description": "successful operation"
},
"400": {
"description": "internal_error"
},
"429": {
"description": "Too Many Requests"
}
},
"security": [
{
"x-redlock-auth": []
}
],
"summary": "List Alerts - GET",
"tags": [
"Alerts"
]
},
"post": {
"description": "Returns a list of alerts that matches the constraints specified in the body parameters. Max 10k results. To get more, use **List Alerts V2 - POST**. \r\n\r\nThe **fields** body parameter allows you to request specific fields from the alert payload. These fields\nare separate from the filters you specify. The following are valid **fields** items.\n\n* alert.id\n* alert.status\n* alert.time\n* cloud.account\n* cloud.accountId\n* cloud.region\n* resource.id\n* resource.name\n* policy.name\n* policy.type\n* policy.severity\n\nThe **filters** body parameter enables you to narrow your request for alerts. See \n[List Alert Filters](/prisma-cloud/api/cspm/get-alert-filter-and-options) \nfor an API request to list all the valid filters.\n\nData in the response object does not include alert rules.\n\nAlso, in the response object:\n\n* Property **riskDetail** is deprecated.\n* Property **resource.cloudServiceName** is populated only for alerts whose resources belong to a cloud service.\n\nWhen `detailed` flag is set to **true**, following fields will be returned within the policy response object:\n\n- `complianceMetadata`\n- `name`\n- `description`\n- `labels`\n- `deleted`\n- `recommendation`\n- `lastModifiedBy`\n- `lastModifiedOn`\n- `severity`\n\n#### Rate Limits ####\n\nThe following rate limits apply:\n* Request rate limit: 2/sec \n* Burst limit: 10/sec \n",
"operationId": "post-alerts",
"parameters": [
{
"description": "true = Return detailed alert data. Default is false. Overrides **detailed** in body param.",
"in": "query",
"name": "detailed",
"required": false,
"schema": {
"type": "boolean"
}
}
],
"requestBody": {
"content": {
"application/json; charset=UTF-8": {
"schema": {
"$ref": "#/components/schemas/FilterModel"
}
}
}
},
"responses": {
"200": {
"content": {
"*/*": {
"schema": {
"items": {
"$ref": "#/components/schemas/AlertModel"
},
"type": "array"
}
}
},
"description": "successful operation"
},
"400": {
"description": "internal_error"
},
"429": {
"description": "Too Many Requests"
}
},
"security": [
{
"x-redlock-auth": []
}
],
"summary": "List Alerts - POST",
"tags": [
"Alerts"
]
}
},
"/v2/alert": {
"get": {
"description": "Returns a paginated list of alerts from the Prisma Cloud platform. \r\n\r\nData in the response object does not include alert rules.\n\nAlso, in the response object:\n\n* Property **riskDetail** is deprecated.\n* Property **items[].resource.cloudServiceName** is populated only for alerts whose resources belong to a cloud service.\n\nWhen `detailed` flag is set to **true**, following fields will be returned within the policy response object:\n\n- `complianceMetadata`\n- `name`\n- `description`\n- `labels`\n- `deleted`\n- `recommendation`\n- `lastModifiedBy`\n- `lastModifiedOn`\n- `severity`\n\n#### Rate Limits ####\n\nThe following rate limits apply:\n* Request rate limit: 2/sec \n* Burst limit: 10/sec \n",
"operationId": "get-alerts-v2",
"parameters": [
{
"description": "Time Type",
"in": "query",
"name": "timeType",
"required": true,
"schema": {
"enum": [
"relative"
],
"type": "string"
}
},
{
"description": "Number of **timeUnits**",
"in": "query",
"name": "timeAmount",
"required": true,
"schema": {
"type": "string"
}
},
{
"description": "Time Unit",
"in": "query",
"name": "timeUnit",
"required": true,
"schema": {
"enum": [
"minute",
"hour",
"day",
"week",
"month",
"year"
],
"type": "string"
}
},
{
"description": "true = Return detailed alert data.",
"in": "query",
"name": "detailed",
"required": true,
"schema": {
"type": "boolean"
}
},
{
"description": "Array of specific fields to return. Allowed fields: alert.id, alert.status, alert.time, cloud.accountId, cloud.account, cloud.region, resource.id, resource.name, policy.name, policy.type, policy.severity",
"in": "query",
"name": "fields",
"required": false,
"schema": {
"type": "string"
}
},
{
"description": "Response object property by which to sort response list. The valid values are in the response object attribute **sortAllowedColumns**. The format is **property:asc** for ascending and **property:desc** for descending sort ",
"example": "sortBy=id:desc&sortBy=firstseen:asc,lastseen:desc",
"in": "query",
"name": "sortBy",
"required": false,
"schema": {
"type": "string"
}
},
{
"description": "The maximum number of items that will be returned in one response. The maximum cannot exceed 10,000. The default is 10,000.",
"in": "query",
"name": "limit",
"required": false,
"schema": {
"type": "number"
}
},
{
"description": "Token that identifies the required page of data. When there are multiple pages of data in the response, set **pageToken** to the **nextPageToken** value from the previous API response to retrieve the next page of data.",
"in": "query",
"name": "pageToken",
"required": false,
"schema": {
"type": "string"
}
},
{
"description": "Alert ID",
"in": "query",
"name": "alert.id",
"required": false,
"schema": {
"type": "string"
}
},
{
"description": "Alert status",
"in": "query",
"name": "alert.status",
"required": false,
"schema": {
"enum": [
"open",
"dismissed",
"snoozed",
"resolved",
"pending_resolution"
],
"type": "string"
}
},
{
"description": "Cloud account",
"in": "query",
"name": "cloud.account",
"required": false,
"schema": {
"type": "string"
}
},
{
"description": "Cloud account Id",
"in": "query",
"name": "cloud.accountId",
"required": false,
"schema": {
"type": "string"
}
},
{
"description": "Account group",
"in": "query",
"name": "account.group",
"required": false,
"schema": {
"type": "string"
}
},
{
"description": "Cloud type",
"in": "query",
"name": "cloud.type",
"required": false,
"schema": {
"type": "string"
}
},
{
"description": "Cloud region",
"in": "query",
"name": "cloud.region",
"required": false,
"schema": {
"type": "string"
}
},
{
"description": "Cloud service",
"in": "query",
"name": "cloud.service",
"required": false,
"schema": {
"type": "string"
}
},
{
"description": "Policy ID",
"in": "query",
"name": "policy.id",
"required": false,
"schema": {
"type": "string"
}
},
{
"description": "Policy name",
"in": "query",
"name": "policy.name",
"required": false,
"schema": {
"type": "string"
}
},
{
"description": "Policy severity",
"in": "query",
"name": "policy.severity",
"required": false,
"schema": {
"enum": [
"critical",
"high",
"medium",
"low",
"informational"
],
"type": "string"
}
},
{
"description": "Policy label",
"in": "query",
"name": "policy.label",
"required": false,
"schema": {
"type": "string"
}
},
{
"description": "Policy type",
"in": "query",
"name": "policy.type",
"required": false,
"schema": {
"enum": [
"config",
"network",
"audit_event"
],
"type": "string"
}
},
{
"description": "Policy compliance standard name",
"in": "query",
"name": "policy.complianceStandard",
"required": false,
"schema": {
"type": "string"
}
},
{
"description": "Policy compliance requirement name",
"in": "query",
"name": "policy.complianceRequirement",
"required": false,
"schema": {
"type": "string"
}
},
{
"description": "Policy compliance section ID",
"in": "query",
"name": "policy.complianceSection",
"required": false,
"schema": {
"type": "string"
}
},
{
"description": "Policy is remediable",
"in": "query",
"name": "policy.remediable",
"required": false,
"schema": {
"enum": [
"true",
"false"
],
"type": "string"
}
},
{
"description": "Alert rule name",
"in": "query",
"name": "alertRule.name",
"required": false,
"schema": {
"type": "string"
}
},
{
"description": "Resource ID",
"in": "query",
"name": "resource.id",
"required": false,
"schema": {
"type": "string"
}
},
{
"description": "Resource name",
"in": "query",
"name": "resource.name",
"required": false,
"schema": {
"type": "string"
}
},
{
"description": "Resource TYPE",
"in": "query",
"name": "resource.type",
"required": false,
"schema": {
"type": "string"
}
}
],
"responses": {
"200": {
"content": {
"*/*": {
"schema": {
"$ref": "#/components/schemas/PagedResultsAlertModel"
}
}
},
"description": "successful operation"
},
"400": {
"description": "internal_error"
},
"429": {
"description": "Too Many Requests"
}
},
"security": [
{
"x-redlock-auth": []
}
],
"summary": "List Alerts V2 - GET",
"tags": [
"Alerts"
]
},
"post": {
"description": "Returns a paginated list of alerts that matches the constraints specified in the body parameters. \r\n\r\nThe **fields** request body parameter allows you to request specific fields from the alert payload. \nThese fields are separate from the filters you specify. The following are valid **fields** items.\n\n* alert.id\n* alert.status\n* alert.time\n* cloud.account\n* cloud.accountId\n* cloud.region\n* resource.id\n* resource.name\n* policy.name\n* policy.type\n* policy.severity\n\nThe **filters** request body parameter enables you to narrow your request for alerts. See \n[List Alert Filters](/prisma-cloud/api/cspm/get-alert-filter-and-options) \nfor an API request to list all the valid filters.\n\nYou can find the valid values for the **sortBy** request body parameter in the response \nobject attribute **sortAllowedColumns**.\n\nData in the response object does not include alert rules.\n\nAlso, in the response object:\n\n* Property **riskDetail** is deprecated.\n* Property **items[].resource.cloudServiceName** is populated only for alerts whose resources belong to a cloud service.\n\nWhen `detailed` flag is set to **true**, following fields will be returned within the policy response object:\n\n- `complianceMetadata`\n- `name`\n- `description`\n- `labels`\n- `deleted`\n- `recommendation`\n- `lastModifiedBy`\n- `lastModifiedOn`\n- `severity`\n\n#### Rate Limits ####\n\nThe following rate limits apply:\n* Request rate limit: 2/sec \n* Burst limit: 10/sec \n",
"operationId": "post-alerts-v2",
"parameters": [
{
"description": "true = Return detailed alert data. Default is false. Overrides **detailed** in body param.",
"in": "query",
"name": "detailed",
"required": false,
"schema": {
"type": "boolean"
}
}
],
"requestBody": {
"content": {
"application/json; charset=UTF-8": {
"schema": {
"$ref": "#/components/schemas/FilterModel"
}
}
}
},
"responses": {
"200": {
"content": {
"*/*": {
"schema": {
"$ref": "#/components/schemas/PagedResultsAlertModel"
}
}
},
"description": "successful operation"
},
"400": {
"description": "internal_error"
},
"429": {
"description": "Too Many Requests"
}
},
"security": [
{
"x-redlock-auth": []
}
],
"summary": "List Alerts V2 - POST",
"tags": [
"Alerts"
]
}
},
"/alert/policy": {
"get": {
"description": "Returns alert counts grouped by policy. You can use query parameters to narrow the response. \r\n\r\nIn the response object:\n\n* Property **alertRules** is not populated. \n* Property **riskDetail** is deprecated.\n* Property **resource.cloudServiceName** is not populated.\n\n#### Rate Limits ####\n\nThe following rate limits apply:\n* Request rate limit: 1/sec \n* Burst limit: 5/sec \n",
"operationId": "get-alerts-grouped",
"parameters": [
{
"description": "Alert ID",
"in": "query",
"name": "alert.id",
"required": false,
"schema": {
"type": "string"
}
},
{
"description": "Alert status",
"in": "query",
"name": "alert.status",
"required": false,
"schema": {
"enum": [
"open",
"dismissed",
"snoozed",
"resolved",
"pending_resolution"
],
"type": "string"
}
},
{
"description": "Cloud account",
"in": "query",
"name": "cloud.account",
"required": false,
"schema": {
"type": "string"
}
},
{
"description": "Cloud account Id",
"in": "query",
"name": "cloud.accountId",
"required": false,
"schema": {
"type": "string"
}
},
{
"description": "Account group",
"in": "query",
"name": "account.group",
"required": false,
"schema": {
"type": "string"
}
},
{
"description": "Cloud type",
"in": "query",
"name": "cloud.type",
"required": false,
"schema": {
"type": "string"
}
},
{
"description": "Cloud region",
"in": "query",
"name": "cloud.region",
"required": false,
"schema": {
"type": "string"
}
},
{
"description": "Cloud service",
"in": "query",
"name": "cloud.service",
"required": false,
"schema": {
"type": "string"
}
},
{
"description": "Policy ID",
"in": "query",
"name": "policy.id",
"required": false,
"schema": {
"type": "string"
}
},
{
"description": "Policy name",
"in": "query",
"name": "policy.name",
"required": false,
"schema": {
"type": "string"
}
},
{
"description": "Policy severity",
"in": "query",
"name": "policy.severity",
"required": false,
"schema": {
"enum": [
"critical",
"high",
"medium",
"low",
"informational"
],
"type": "string"
}
},
{
"description": "Policy label",
"in": "query",
"name": "policy.label",
"required": false,
"schema": {
"type": "string"
}
},
{
"description": "Policy type",
"in": "query",
"name": "policy.type",
"required": false,
"schema": {
"enum": [
"config",
"network",
"audit_event"
],
"type": "string"
}
},
{
"description": "Policy compliance standard name",
"in": "query",
"name": "policy.complianceStandard",
"required": false,
"schema": {
"type": "string"
}
},
{
"description": "Policy compliance requirement name",
"in": "query",
"name": "policy.complianceRequirement",
"required": false,
"schema": {
"type": "string"
}
},
{
"description": "Policy compliance section ID",
"in": "query",
"name": "policy.complianceSection",
"required": false,
"schema": {
"type": "string"
}
},
{
"description": "Policy is remediable",
"in": "query",
"name": "policy.remediable",
"required": false,
"schema": {
"enum": [
"true",
"false"
],
"type": "string"
}
},
{
"description": "Alert rule name",
"in": "query",
"name": "alertRule.name",
"required": false,
"schema": {
"type": "string"
}
},
{
"description": "Resource ID",
"in": "query",
"name": "resource.id",
"required": false,
"schema": {
"type": "string"
}
},
{
"description": "Resource name",
"in": "query",
"name": "resource.name",
"required": false,
"schema": {
"type": "string"
}
},
{
"description": "Resource TYPE",
"in": "query",
"name": "resource.type",
"required": false,
"schema": {
"type": "string"
}
}
],
"responses": {
"200": {
"content": {
"*/*": {
"schema": {
"items": {
"$ref": "#/components/schemas/AlertModel"
},
"type": "array"
}
}
},
"description": "successful operation"
},
"400": {
"description": "internal_error"
},
"429": {
"description": "Too Many Requests"
}
},
"security": [
{
"x-redlock-auth": []
}
],
"summary": "List Alert Counts By Policy - GET",
"tags": [
"Alerts"
]
},
"post": {
"description": "Returns alert counts grouped by policy. You can use body parameters to narrow the response. \r\n\r\nIn the response object:\n\n* Property **alertRules** is not populated. \n* Property **riskDetail** is deprecated.\n* Property **resource.cloudServiceName** is not populated.\n\n#### Rate Limits ####\n\nThe following rate limits apply:\n* Request rate limit: 1/sec \n* Burst limit: 5/sec \n",
"operationId": "post-alerts-grouped",
"parameters": [
{
"description": "true = Return detailed alert data. Default is false. Overrides **detailed** in body param.",
"in": "query",
"name": "detailed",
"required": false,
"schema": {
"type": "boolean"
}
}
],
"requestBody": {
"content": {
"application/json; charset=UTF-8": {
"schema": {
"$ref": "#/components/schemas/FilterModel"
}
}
},
"description": "Model for Filter",
"required": true
},
"responses": {
"200": {
"content": {
"*/*": {
"schema": {
"items": {
"$ref": "#/components/schemas/AlertModel"
},
"type": "array"
}
}
},
"description": "successful operation"
},
"400": {
"description": "internal_error"
},
"429": {
"description": "Too Many Requests"
}
},
"security": [
{
"x-redlock-auth": []
}
],
"summary": "List Alert Counts By Policy - POST",
"tags": [
"Alerts"
]
}
},
"/alert/{id}": {
"get": {
"description": "Returns information about an alert for the specified ID. \r\n\r\nIn the response object, field **riskDetail** is deprecated.\n\nWhen `detailed` flag is set to **true**, following fields will be returned within the policy and response object:\n\n- `complianceMetadata`\n- `name`\n- `description`\n- `labels`\n- `deleted`\n- `recommendation`\n- `lastModifiedBy`\n- `lastModifiedOn`\n- `severity`\n\nThe `resource` response object will include `cloudAccountGroups` field when `detailed` is set to **true**\n\n#### Rate Limits ####\n\nThe following rate limits apply:\n* Request rate limit: 5/sec \n* Burst limit: 10/sec \n",
"operationId": "get-alert",
"parameters": [
{
"description": "Alert ID",
"in": "path",
"name": "id",
"required": true,
"schema": {
"type": "string"
}
},
{
"description": "true = Return detailed alert data. Default is false.",
"in": "query",
"name": "detailed",
"required": false,
"schema": {
"type": "boolean"
}
}
],
"responses": {
"200": {
"content": {
"*/*": {
"schema": {
"$ref": "#/components/schemas/AlertModel"
}
}
},
"description": "successful operation"
},
"400": {
"description": "internal_error/invalid_alert_id"
},
"404": {
"description": "not_found"
},
"429": {
"description": "Too Many Requests"
}
},
"security": [
{
"x-redlock-auth": []
}
],
"summary": "Alert Info",
"tags": [
"Alerts"
]
}
},
"/alert/dismiss": {
"post": {
"description": "Dismisses one or more alerts on the Prisma Cloud platform. If the caller specifies a dismissal time range, then alerts will snooze for that time period rather than be dismissed.",
"operationId": "dismiss-alerts",
"requestBody": {
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/AlertStatusChangeRequestModel"
}
}
},
"description": "Model for Alert Status Change Request",
"required": true
},
"responses": {
"200": {
"description": "successful operation"
},
"400": {
"description": "missing_required_parameter / invalid_parameter_value / internal_error / violates_minimum_alert_dismiss_duration_time"
},
"403": {
"description": "permission_error"
},
"404": {
"description": "alert_no_longer_in_expected_state"
}
},
"security": [
{
"x-redlock-auth": []
}
],
"summary": "Dismiss Alerts",
"tags": [
"Alerts"
]
}
},
"/alert/dismiss/require_dismissal_note": {
"get": {
"description": "Indicates whether or not the user is required to specify a reason (dismissal note) when dismissing an alert.",
"operationId": "is-dismissal-note-required",
"responses": {
"200": {
"content": {
"*/*": {
"schema": {
"$ref": "#/components/schemas/RequireDismissalNoteConfigModel"
}
}
},
"description": "successful operation"
},
"403": {
"description": "permission_error"
}
},
"security": [
{
"x-redlock-auth": []
}
],
"summary": "Is Dismissal Note Required",
"tags": [
"Alerts"
]
},
"put": {
"description": "Manages whether or not a user must provide a reason (dismissal note) when dismissing an alert on the Prisma Cloud platform.",
"operationId": "set-dismissal-note-required",
"requestBody": {
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/RequireDismissalNoteConfigModel"
}
}
},
"description": "Model for Require Dismissal Note Config"
},
"responses": {
"200": {
"description": "successful operation"
},
"400": {
"description": "missing_required_parameter"
},
"403": {
"description": "permission_error"
}
},
"security": [
{
"x-redlock-auth": []
}
],
"summary": "Update Dismissal Note Requirement",
"tags": [
"Alerts"
]
}
},
"/alert/reopen": {
"post": {
"description": "Sets the status of one or more dismissed or snoozed alerts on the Prisma Cloud platform to **open**.",
"operationId": "reopen-alerts",
"requestBody": {
"content": {
"application/json": {
"schema": {
"$ref": "#/components/schemas/AlertStatusChangeRequestModel"
}
}
},
"description": "Model for Alert Status Change Request"
},
"responses": {
"200": {
"description": "successful operation"
},
"400": {
"description": "missing_required_parameter / invalid_parameter_value / internal_error"
},
"403": {
"description": "permission_error"
}
},
"security": [
{
"x-redlock-auth": []
}
],
"summary": "Reopen Alerts",
"tags": [
"Alerts"
]
}
},
"/alert/count/{status}": {
"get": {
"description": "Returns an alert count for the specified status. \r\n\r\n#### Rate Limits ####\n\nThe following rate limits apply:\n* Request rate limit: 2/sec \n* Burst limit: 10/sec\n",
"operationId": "get-alert-count",
"parameters": [
{
"description": "Alert Status",
"in": "path",
"name": "status",
"required": true,
"schema": {
"enum": [
"open",
"dismissed",
"snoozed",
"resolved",
"pending_resolution"
],
"type": "string"
}
}
],
"responses": {
"200": {
"content": {
"*/*": {
"schema": {
"$ref": "#/components/schemas/CountModel"
}
}
},
"description": "successful operation"
},
"400": {
"description": "invalid_parameter_value"
},
"429": {
"description": "Too Many Requests"
}
},
"security": [
{
"x-redlock-auth": []
}
],
"summary": "Get Alerts Count By Status",
"tags": [
"Alerts"
]
}
},
"/alert/jobs": {
"post": {
"description": "Submits a job to generate an alerts list that matches the constraints in the body parameters and is downloadable in JSON format. Returns the job ID and job submission status. \r\n\r\nFilter model fields specific to pagination (**sortBy**, **limit**, and **pageToken**) do not apply to this request, \neven though the body parameters include them.\n\nThe **fields** body parameter allows you to request specific fields from the alert payload. These \nfields are separate from the filters you specify. The following are valid **fields** items.\n\n* alert.id\n* alert.status\n* alert.time\n* cloud.account\n* cloud.accountId\n* cloud.region\n* resource.id\n* resource.name\n* policy.name\n* policy.type\n* policy.severity\n\n The **filters** body parameter enables you to narrow your request for alerts. See \n [List Alert Filters](/prisma-cloud/api/cspm/get-alert-filter-and-options) \n for an API request to list all the valid filters.\n\n #### Rate Limits ####\n\nThe following rate limits apply:\n* Request rate limit: 2/sec \n* Burst limit: 10/sec \n",
"operationId": "submit-job-for-listing-alerts",
"requestBody": {
"content": {
"application/json; charset=UTF-8": {
"schema": {
"$ref": "#/components/schemas/FilterModel"
}
}
},
"description": "Model for Filter",
"required": true
},
"responses": {
"200": {
"content": {
"application/json; charset=UTF-8": {
"schema": {
"$ref": "#/components/schemas/AsyncJob"
}
}
},
"description": "successful operation"
},
"400": {
"description": "internal_error"
},
"429": {
"description": "Too Many Requests"
}
},
"security": [
{
"x-redlock-auth": []
}
],
"summary": "Submit Job to List Alerts",
"tags": [
"Alerts"
]
}
},
"/alert/jobs/{id}/status": {
"get": {
"description": "Get the status of the alerts list job with the specified job ID",
"operationId": "get-alerts-job-status",
"parameters": [
{
"in": "path",
"name": "id",
"required": true,
"schema": {
"type": "string"
}
}
],
"responses": {
"200": {
"content": {
"application/json; charset=UTF-8": {
"schema": {
"$ref": "#/components/schemas/AsyncJob"
}
}
},
"description": "successful operation"
},
"404": {
"description": "Job Id `<id>` not found"
}
},
"security": [
{
"x-redlock-auth": []
}
],
"summary": "Get Alerts List Job Status",
"tags": [
"Alerts"
]
}
},
"/alert/jobs/{id}/download": {
"get": {
"description": "Downloads the generated alerts list in JSON format for the specified job ID.",
"operationId": "download-alerts-list-json",
"parameters": [
{
"description": "Job ID",
"in": "path",
"name": "id",
"required": true,
"schema": {
"type": "string"
}
}
],
"responses": {
"200": {
"description": "successful operation"
},
"400": {
"description": "internal_error"
}
},
"security": [
{
"x-redlock-auth": []
}
],
"summary": "Download Alerts List JSON",
"tags": [
"Alerts"
]
}
},
"/alert/csv": {
"post": {
"description": "Submits a job to generate an alerts list that matches the constraints in the body parameters and is downloadable as a CSV file. Returns the job ID and job submission status. \r\n\r\nFilter model fields specific to pagination (**sortBy**, **limit**, and **pageToken**) do not apply to this request, \neven though the body parameters include them.\n\nThe **fields** request body parameter is ignored!\n\nThe **filters** body parameter enables you to narrow your request for alerts. See [List Alert Filters](/prisma-cloud/api/cspm/get-alert-filter-and-options) \nfor an API request to list all the valid filters.\n",
"operationId": "submit-an-alert-csv-download-job",
"parameters": [
{
"description": "true = Return detailed alert data. Default is false. Overrides **detailed** in body param.",
"in": "query",
"name": "detailed",
"required": false,
"schema": {
"type": "boolean"
}
}
],
"requestBody": {
"content": {
"application/json; charset=UTF-8": {
"schema": {
"$ref": "#/components/schemas/FilterModel"
}
}
},
"required": true
},
"responses": {
"200": {
"content": {
"application/json; charset=UTF-8": {
"schema": {
"$ref": "#/components/schemas/AsyncJob"
}
}
},
"description": "successful operation"
},
"400": {
"description": "internal_error"
}
},
"security": [
{
"x-redlock-auth": []
}
],
"summary": "Submit Alert CSV Generation Job",
"tags": [
"Alerts"
]
}
},
"/alert/csv/{id}/status": {
"get": {
"description": "Returns the status of an alert CSV generation job with the specified job ID.",
"operationId": "get-alert-csv-job-status",
"parameters": [
{
"in": "path",
"name": "id",
"required": true,
"schema": {
"type": "string"
}
}
],
"responses": {
"200": {
"content": {
"application/json; charset=UTF-8": {
"schema": {
"$ref": "#/components/schemas/AsyncJob"
}
}
},
"description": "successful operation"
},
"404": {
"description": "not_found"
}
},
"security": [
{
"x-redlock-auth": []
}
],
"summary": "Get Alert CSV Job Status",
"tags": [
"Alerts"
]
}
},
"/alert/csv/{id}/download": {
"get": {
"description": "Downloads the alert list that Prisma Cloud generated for the specified job ID, in CSV format.",
"operationId": "download-alert-csv",
"parameters": [
{
"description": "Job ID",
"in": "path",
"name": "id",
"required": true,
"schema": {
"type": "string"
}
}
],
"responses": {
"200": {
"description": "successful operation"
},
"400": {
"description": "internal_error"
},
"404": {
"description": "Job Id `<id>` not found"
}
},
"security": [
{
"x-redlock-auth": []
}
],
"summary": "Download Alert CSV",
"tags": [
"Alerts"
]
}
},
"/alert/policy/jobs": {
"post": {
"description": "Submits a job to generate a list of alerts grouped by the policy they violated. Returns the job ID and job submission status. \r\n\r\nFilter model fields specific to pagination (**sortBy**, **limit**, and **pageToken**) do not apply to this request, \neven though the body parameters include them.\n\nThe **fields** body parameter allows you to request specific fields from the alert payload. These \nfields are separate from the filters you specify. The following are valid **fields** items.\n\n* alert.id\n* alert.status\n* alert.time\n* cloud.account\n* cloud.accountId\n* cloud.region\n* resource.id\n* resource.name\n* policy.name\n* policy.type\n* policy.severity\n\nThe **filters*8 body parameter enables you to narrow your request for alerts. \nSee [List Alert Filters](/prisma-cloud/api/cspm/get-alert-filter-and-options)\nfor an API request to list all the valid filters.\n\n#### Rate Limits ####\n\nThe following rate limits apply:\n* Request rate limit: 1/sec \n* Burst limit: 5/sec \n",
"operationId": "submit-a-job-for-listing-alerts-grouped-by-policy",
"requestBody": {
"content": {
"application/json; charset=UTF-8": {
"schema": {
"$ref": "#/components/schemas/FilterModel"
}
}
}
},
"responses": {
"200": {
"content": {
"*/*": {
"schema": {
"$ref": "#/components/schemas/AsyncJob"
}
}
},
"description": "successful operation"
},
"400": {
"description": "internal_error"
},
"429": {
"description": "Too Many Requests"
}
},
"security": [
{
"x-redlock-auth": []
}
],
"summary": "Submit Job to List Alerts By Policy",
"tags": [
"Alerts"
]
}
},
"/alert/policy/jobs/{id}/status": {
"get": {
"description": "Returns the status of a job submitted to list alerts by policy. Uses the specified job ID to identify the job.",
"operationId": "get-async-policy-alert-job-status",
"parameters": [
{
"description": "Job ID",
"in": "path",
"name": "id",
"required": true,
"schema": {
"type": "string"
}
}
],
"responses": {
"200": {
"content": {
"application/json; charset=UTF-8": {
"schema": {
"$ref": "#/components/schemas/AsyncJob"
}
}
},
"description": "successful operation"
}
},
"security": [
{
"x-redlock-auth": []
}
],
"summary": "Get Policy Alert Job Status",
"tags": [
"Alerts"
]
}
},
"/alert/policy/jobs/{id}/download": {
"get": {
"description": "Downloads the policy alerts results in JSON format for the specified job ID.",
"operationId": "download-policy-alerts-json",
"parameters": [
{
"description": "Job ID",
"in": "path",
"name": "id",
"required": true,
"schema": {
"type": "string"
}
}
],
"responses": {
"200": {
"description": "successful operation"
}
},
"security": [
{
"x-redlock-auth": []
}
],
"summary": "Download Policy Alerts JSON",
"tags": [
"Alerts"
]
}
},
"/alert/remediation": {
"post": {
"description": "Generates and returns a list of remediation commands for the specified alerts and policies. Data returned for a successful call include fully constructed commands for remediation. \r\n\r\nThis request requires the following filter request body parameters:\n\n* filter.timeRange.type\n* filter.timeRange.value\n\nThe rest of the filter parameters are ignored.\n",
"operationId": "get-alerts-remediation",
"requestBody": {
"content": {
"application/json; charset=UTF-8": {
"schema": {
"$ref": "#/components/schemas/AlertsLookupKeyModel"
}
}
},
"description": "Model for AlertsLookupKey",
"required": true
},
"responses": {
"200": {
"content": {
"application/json; charset=UTF-8": {
"schema": {
"$ref": "#/components/schemas/RemediationCliModel"
}
}
},
"description": "successful operation"
},
"400": {
"description": "invalid_parameter_value / bad_request / cannot_remediate_multiple_policy_alerts"
},
"405": {
"description": "remediation_unavailable"
}
},
"security": [
{
"x-redlock-auth": []
}
],
"summary": "List Alert Remediation Commands",
"tags": [
"Alerts"
]
}
},
"/alert/remediation/{id}": {
"patch": {
"description": "Remediates the alert with the specified ID if that alert is associated with a remediable policy. ",
"operationId": "perform-remediation-for-alert",
"parameters": [
{
"description": "Alert ID",
"in": "path",
"name": "id",
"required": true,
"schema": {
"type": "string"
}
},
{
"in": "query",
"name": "findingId",
"required": false,
"schema": {
"type": "string"
}
}
],
"responses": {
"200": {
"description": "successful operation"
},
"400": {
"description": "invalid_parameter_value / bad_request / cannot_remediate_multiple_policy_alerts"
},
"405": {
"description": "remediation_unavailable"
}
},
"security": [
{
"x-redlock-auth": []
}
],
"summary": "Remediate Alert",
"tags": [
"Alerts"
]
}
}
},
"servers": [
{
"url": "https://api.prismacloud.io"
},
{
"url": "https://api2.prismacloud.io"
},
{
"url": "https://api3.prismacloud.io"
},
{
"url": "https://api4.prismacloud.io"
},
{
"url": "https://api.anz.prismacloud.io"
},
{
"url": "https://api.eu.prismacloud.io"
},
{
"url": "https://api2.eu.prismacloud.io"
},
{
"url": "https://api.gov.prismacloud.io"
},
{
"url": "https://api.prismacloud.cn"
},
{
"url": "https://api.ca.prismacloud.io"
},
{
"url": "https://api.sg.prismacloud.io"
},
{
"url": "https://api.uk.prismacloud.io"
},
{
"url": "https://api.ind.prismacloud.io"
},
{
"url": "https://api.jp.prismacloud.io"
},
{
"url": "https://api.fr.prismacloud.io"
}
],
"tags": [
{
"description": "Prisma Cloud generates an alert when it detects a violation in a policy that is included in an active alert rule. \nYou can use the API requests to manage alerts, including listing or viewing, snoozing or dismissing, reopening, \nor remediating alerts.\n\nWhen retrieving a list of alerts through an API request, you can set filters, time range parameters, or pagination parameters.\n\n### Pagination\n\nYou can limit the number of items in a response list from API resources that support pagination. Version 2 (V2) of the API \nrequests to list alerts supports pagination and will accept the following request parameters.\n\nRequest Parameter | Description \n-----------| -------\n**limit** | Maximum number of items to return per page. Without pagination, maximum number of items to return in a response.\n**offset** | Number of items to skip before selecting items to return. Default is zero.\n**pageToken** | Set to the **nextPageToken** value from the previous response object to return the next page of data.\n\n### Filters\n\nAPI requests that use POST methods to request a list of alerts have filter parameters that enable you to narrow your request \nto alerts that meet a certain criteria.The [List Alert Filters](/prisma-cloud/api/cspm/get-alert-filter-options) \nrequests return the available filters. \n",
"name": "Alerts"
}
]
}