openapi: 3.1.0 info: title: Palo Alto Networks Prisma Cloud CSPM API description: >- REST API for Prisma Cloud Security Posture Management providing programmatic access to cloud security monitoring across AWS, Azure, GCP, and Oracle Cloud. The API supports managing security alerts, compliance policies, cloud account onboarding, asset inventories, and resource queries using RQL (Resource Query Language). Authentication uses JWT tokens obtained from the /login endpoint with access key credentials. Tokens are valid for 10 minutes and must be refreshed for long-running operations. version: '1.0' contact: name: Palo Alto Networks Developer Support url: https://pan.dev/ license: name: Proprietary url: https://www.paloaltonetworks.com/legal servers: - url: https://api.prismacloud.io description: Prisma Cloud API (US region 1). - url: https://api2.prismacloud.io description: Prisma Cloud API (US region 2). - url: https://api3.prismacloud.io description: Prisma Cloud API (US region 3). - url: https://api.eu.prismacloud.io description: Prisma Cloud API (EU). - url: https://api.anz.prismacloud.io description: Prisma Cloud API (ANZ). - url: https://api.sg.prismacloud.io description: Prisma Cloud API (Singapore). - url: https://api.ca.prismacloud.io description: Prisma Cloud API (Canada). security: - bearerAuth: [] tags: - name: Alerts description: Security alert management. - name: Authentication description: Login and token management. - name: CloudAccounts description: Cloud account onboarding and management. - name: Compliance description: Compliance posture and reporting. - name: Policies description: Security policy management. - name: Reports description: Report management. - name: Search description: RQL-based resource and configuration search. paths: /login: post: operationId: login summary: Palo Alto Networks Authenticate and Get JWT Token description: >- Authenticates with Prisma Cloud access key credentials and returns a JWT token for subsequent API calls. Tokens are valid for 10 minutes. tags: - Authentication security: [] requestBody: required: true content: application/json: schema: type: object required: - username - password properties: username: type: string description: Access Key ID from Prisma Cloud Settings. password: type: string description: Secret Key associated with the Access Key. customerName: type: string description: Customer name (required for multi-tenant accounts). examples: LoginRequestExample: summary: Default login request x-microcks-default: true value: username: jsmith password: example-password customerName: Branch Gateway 17 responses: '200': description: Authentication successful. content: application/json: schema: type: object properties: token: type: string description: JWT bearer token for API authorization. message: type: string customerNames: type: array items: type: object properties: customerName: type: string tosAccepted: type: boolean examples: Login200Example: summary: Default login 200 response x-microcks-default: true value: token: b92f25f9d9ca270185936012ae9c8b4a message: Threat network traffic violation alert threat violation policy alert suspicious traffic. customerNames: - customerName: Corporate Firewall 06 tosAccepted: false '401': description: Invalid credentials. x-microcks-operation: delay: 0 dispatcher: FALLBACK /alert: get: operationId: getAlerts summary: Palo Alto Networks List Alerts description: >- Returns security alerts matching the specified filters. Supports filtering by status, severity, policy, time range, cloud type, and account. The timeType, timeAmount, and timeUnit parameters control the time range filter for relative time windows. tags: - Alerts parameters: - name: timeType in: query description: Time filter type. schema: type: string enum: - relative - absolute - to_now example: relative - name: timeAmount in: query description: Time amount for relative time type. schema: type: integer example: 629 - name: timeUnit in: query description: Time unit for relative time type. schema: type: string enum: - minute - hour - day - week - month - year example: month - name: startTime in: query description: Start time in epoch milliseconds for absolute time type. schema: type: integer example: 1730951626179 - name: endTime in: query description: End time in epoch milliseconds for absolute time type. schema: type: integer example: 1722147834745 - name: limit in: query description: Maximum number of alerts to return. schema: type: integer default: 10000 example: 10000 - name: offset in: query description: Pagination offset. schema: type: integer default: 0 example: 0 - name: severity in: query description: Filter by alert severity. schema: type: string enum: - critical - high - medium - low - informational example: critical - name: policy.id in: query description: Filter alerts by policy identifier. schema: type: string example: '750350' - name: detailed in: query description: Include full alert details. schema: type: boolean default: false example: false responses: '200': description: Alerts returned successfully. content: application/json: schema: type: object properties: totalRows: type: integer description: Total number of alerts matching filters. items: type: array items: $ref: '#/components/schemas/Alert' examples: GetAlerts200Example: summary: Default getAlerts 200 response x-microcks-default: true value: totalRows: 424 items: - id: example-id status: open reason: Firewall detected monitoring incident activity traffic blocked endpoint incident alert. firstSeen: 725 lastSeen: 266 alertTime: 684 policy: &id001 policyId: '936608' policyType: custom name: Primary Gateway 71 severity: high recommendation: example-recommendation resource: &id002 rrn: example-rrn id: example-id name: Staging Agent 24 cloudType: custom accountId: '699331' accountName: Staging Policy 89 regionId: '252983' resourceType: custom riskDetail: &id003 score: 776 rating: example-rating '400': $ref: '#/components/responses/BadRequest' '401': $ref: '#/components/responses/Unauthorized' '403': $ref: '#/components/responses/Forbidden' '500': $ref: '#/components/responses/InternalServerError' x-microcks-operation: delay: 0 dispatcher: FALLBACK /alert/{id}: get: operationId: getAlert summary: Palo Alto Networks Get Alert Details description: Returns full details for a specific security alert. tags: - Alerts parameters: - name: id in: path required: true description: Unique alert identifier. schema: type: string example: example-id responses: '200': description: Alert details returned successfully. content: application/json: schema: $ref: '#/components/schemas/Alert' examples: GetAlert200Example: summary: Default getAlert 200 response x-microcks-default: true value: id: example-id status: open reason: Firewall detected monitoring incident activity traffic blocked endpoint incident alert. firstSeen: 725 lastSeen: 266 alertTime: 684 policy: *id001 resource: *id002 riskDetail: *id003 '401': $ref: '#/components/responses/Unauthorized' '403': $ref: '#/components/responses/Forbidden' '404': $ref: '#/components/responses/NotFound' '500': $ref: '#/components/responses/InternalServerError' x-microcks-operation: delay: 0 dispatcher: FALLBACK /alert/dismiss: post: operationId: dismissAlerts summary: Palo Alto Networks Dismiss Alerts description: Dismisses one or more security alerts with a reason and optional note. tags: - Alerts requestBody: required: true content: application/json: schema: type: object required: - alerts - dismissalNote properties: alerts: type: array items: type: object properties: id: type: string description: List of alert IDs to dismiss. dismissalNote: type: string description: Reason for dismissal. dismissalTimeRange: $ref: '#/components/schemas/TimeRange' filter: type: object properties: timeRange: $ref: '#/components/schemas/TimeRange' filters: type: array items: $ref: '#/components/schemas/AlertFilter' examples: DismissAlertsRequestExample: summary: Default dismissAlerts request x-microcks-default: true value: alerts: - id: example-id dismissalNote: example-dismissalNote dismissalTimeRange: type: to_now value: &id004 amount: 301 unit: year filter: timeRange: type: to_now value: *id004 filters: - name: Staging Agent 23 operator: '=' value: example-value - name: Staging Agent 23 operator: '=' value: example-value responses: '200': description: Alerts dismissed successfully. '400': $ref: '#/components/responses/BadRequest' '401': $ref: '#/components/responses/Unauthorized' '403': $ref: '#/components/responses/Forbidden' '500': $ref: '#/components/responses/InternalServerError' x-microcks-operation: delay: 0 dispatcher: FALLBACK /alert/reopen: post: operationId: reopenAlerts summary: Palo Alto Networks Reopen Dismissed Alerts description: >- Reopens one or more previously dismissed alerts, restoring them to open status for active review. tags: - Alerts requestBody: required: true content: application/json: schema: type: object required: - alerts properties: alerts: type: array items: type: object properties: id: type: string description: List of dismissed alert IDs to reopen. examples: ReopenAlertsRequestExample: summary: Default reopenAlerts request x-microcks-default: true value: alerts: - id: example-id responses: '200': description: Alerts reopened successfully. '400': $ref: '#/components/responses/BadRequest' '401': $ref: '#/components/responses/Unauthorized' '403': $ref: '#/components/responses/Forbidden' '500': $ref: '#/components/responses/InternalServerError' x-microcks-operation: delay: 0 dispatcher: FALLBACK /policy: get: operationId: listPolicies summary: Palo Alto Networks List Policies description: >- Returns all security policies including built-in and custom policies with their severity, cloud type, and compliance mappings. tags: - Policies responses: '200': description: Policies returned successfully. content: application/json: schema: type: array items: $ref: '#/components/schemas/Policy' examples: ListPolicies200Example: summary: Default listPolicies 200 response x-microcks-default: true value: - policyId: '167432' name: Production Sensor 48 policyType: audit_event severity: high description: Malware malware violation activity blocked detected malware malware suspicious suspicious. recommendation: example-recommendation cloudType: custom enabled: false systemDefault: false rule: &id005 name: Staging Policy 35 criteria: example-criteria type: standard complianceMetadata: &id006 - standardName: Corporate Agent 39 requirementId: '465802' requirementName: Production Agent 65 sectionId: '568679' - standardName: Branch Sensor 82 requirementId: '690794' requirementName: Primary Gateway 49 sectionId: '340660' '401': $ref: '#/components/responses/Unauthorized' '403': $ref: '#/components/responses/Forbidden' '500': $ref: '#/components/responses/InternalServerError' x-microcks-operation: delay: 0 dispatcher: FALLBACK post: operationId: createPolicy summary: Palo Alto Networks Create a Custom Policy description: Creates a new custom security policy with an RQL query. tags: - Policies requestBody: required: true content: application/json: schema: $ref: '#/components/schemas/PolicyInput' examples: CreatePolicyRequestExample: summary: Default createPolicy request x-microcks-default: true value: name: Production Policy 14 policyType: standard severity: high description: Investigation endpoint incident detected on suspicious configured endpoint firewall. recommendation: example-recommendation cloudType: custom enabled: true rule: &id007 name: Primary Policy 53 criteria: example-criteria type: standard responses: '200': description: Policy created successfully. content: application/json: schema: $ref: '#/components/schemas/Policy' examples: CreatePolicy200Example: summary: Default createPolicy 200 response x-microcks-default: true value: policyId: '167432' name: Production Sensor 48 policyType: audit_event severity: high description: Malware malware violation activity blocked detected malware malware suspicious suspicious. recommendation: example-recommendation cloudType: custom enabled: false systemDefault: false rule: *id005 complianceMetadata: *id006 '400': $ref: '#/components/responses/BadRequest' '401': $ref: '#/components/responses/Unauthorized' '403': $ref: '#/components/responses/Forbidden' '500': $ref: '#/components/responses/InternalServerError' x-microcks-operation: delay: 0 dispatcher: FALLBACK /policy/{policyId}: get: operationId: getPolicy summary: Palo Alto Networks Get Policy Details description: Returns details of a specific policy. tags: - Policies parameters: - name: policyId in: path required: true description: Unique policy identifier. schema: type: string example: '397286' responses: '200': description: Policy returned successfully. content: application/json: schema: $ref: '#/components/schemas/Policy' examples: GetPolicy200Example: summary: Default getPolicy 200 response x-microcks-default: true value: policyId: '167432' name: Production Sensor 48 policyType: audit_event severity: high description: Malware malware violation activity blocked detected malware malware suspicious suspicious. recommendation: example-recommendation cloudType: custom enabled: false systemDefault: false rule: *id005 complianceMetadata: *id006 '401': $ref: '#/components/responses/Unauthorized' '403': $ref: '#/components/responses/Forbidden' '404': $ref: '#/components/responses/NotFound' '500': $ref: '#/components/responses/InternalServerError' x-microcks-operation: delay: 0 dispatcher: FALLBACK put: operationId: updatePolicy summary: Palo Alto Networks Update a Policy description: Updates an existing security policy. tags: - Policies parameters: - name: policyId in: path required: true description: Unique policy identifier. schema: type: string example: '874390' requestBody: required: true content: application/json: schema: $ref: '#/components/schemas/PolicyInput' examples: UpdatePolicyRequestExample: summary: Default updatePolicy request x-microcks-default: true value: name: Production Policy 14 policyType: standard severity: high description: Investigation endpoint incident detected on suspicious configured endpoint firewall. recommendation: example-recommendation cloudType: custom enabled: true rule: *id007 responses: '200': description: Policy updated successfully. content: application/json: schema: $ref: '#/components/schemas/Policy' examples: UpdatePolicy200Example: summary: Default updatePolicy 200 response x-microcks-default: true value: policyId: '167432' name: Production Sensor 48 policyType: audit_event severity: high description: Malware malware violation activity blocked detected malware malware suspicious suspicious. recommendation: example-recommendation cloudType: custom enabled: false systemDefault: false rule: *id005 complianceMetadata: *id006 '400': $ref: '#/components/responses/BadRequest' '401': $ref: '#/components/responses/Unauthorized' '403': $ref: '#/components/responses/Forbidden' '404': $ref: '#/components/responses/NotFound' '500': $ref: '#/components/responses/InternalServerError' x-microcks-operation: delay: 0 dispatcher: FALLBACK /cloud: get: operationId: listCloudAccounts summary: Palo Alto Networks List Cloud Accounts description: >- Returns a list of all cloud accounts onboarded to Prisma Cloud for security monitoring. tags: - CloudAccounts responses: '200': description: Cloud accounts returned successfully. content: application/json: schema: type: array items: $ref: '#/components/schemas/CloudAccount' examples: ListCloudAccounts200Example: summary: Default listCloudAccounts 200 response x-microcks-default: true value: - accountId: '166602' name: Branch Policy 85 cloudType: aws enabled: true numberOfPolicies: 638 lastModifiedTs: 347 '401': $ref: '#/components/responses/Unauthorized' '403': $ref: '#/components/responses/Forbidden' '500': $ref: '#/components/responses/InternalServerError' x-microcks-operation: delay: 0 dispatcher: FALLBACK /cloud/{cloudType}: post: operationId: addCloudAccount summary: Palo Alto Networks Add a Cloud Account description: >- Onboards a cloud account (AWS, Azure, GCP, or OCI) for security monitoring. Requires appropriate cloud credentials and permissions. tags: - CloudAccounts parameters: - name: cloudType in: path required: true description: Cloud provider type to onboard. schema: type: string enum: - aws - azure - gcp - oci example: azure requestBody: required: true content: application/json: schema: type: object required: - accountId - name properties: accountId: type: string description: Cloud provider account identifier. enabled: type: boolean default: true description: Whether monitoring is enabled for this account. name: type: string description: Display name for the account. groupIds: type: array items: type: string description: Account group IDs to associate. examples: AddCloudAccountRequestExample: summary: Default addCloudAccount request x-microcks-default: true value: accountId: '207427' enabled: true name: Primary Sensor 81 groupIds: - example-groupIds_item - example-groupIds_item responses: '200': description: Cloud account onboarded successfully. '400': $ref: '#/components/responses/BadRequest' '401': $ref: '#/components/responses/Unauthorized' '403': $ref: '#/components/responses/Forbidden' '500': $ref: '#/components/responses/InternalServerError' x-microcks-operation: delay: 0 dispatcher: FALLBACK /cloud/{cloudType}/{id}: delete: operationId: removeCloudAccount summary: Palo Alto Networks Remove a Cloud Account description: >- Removes a cloud account from Prisma Cloud monitoring. All associated alerts and data are retained for historical analysis. tags: - CloudAccounts parameters: - name: cloudType in: path required: true description: Cloud provider type. schema: type: string enum: - aws - azure - gcp - oci example: azure - name: id in: path required: true description: Cloud account identifier. schema: type: string example: example-id responses: '200': description: Cloud account removed successfully. '401': $ref: '#/components/responses/Unauthorized' '403': $ref: '#/components/responses/Forbidden' '404': $ref: '#/components/responses/NotFound' '500': $ref: '#/components/responses/InternalServerError' x-microcks-operation: delay: 0 dispatcher: FALLBACK /search/asset: post: operationId: searchAsset summary: Palo Alto Networks Search Assets with RQL description: >- Executes an RQL (Resource Query Language) asset query against cloud resource configurations and returns matching resources. Supports config, network, and event query types. tags: - Search requestBody: required: true content: application/json: schema: type: object required: - query - timeRange properties: query: type: string description: >- RQL query string (e.g., "config from cloud.resource where cloud.type = 'aws'"). timeRange: $ref: '#/components/schemas/TimeRange' limit: type: integer default: 100 withResourceJson: type: boolean default: false examples: SearchAssetRequestExample: summary: Default searchAsset request x-microcks-default: true value: query: example-query timeRange: type: to_now value: *id004 limit: 100 withResourceJson: false responses: '200': description: Asset search results returned successfully. content: application/json: schema: $ref: '#/components/schemas/SearchResult' examples: SearchAsset200Example: summary: Default searchAsset 200 response x-microcks-default: true value: cloudType: advanced query: example-query data: &id008 totalRows: 728 items: - id: example-id name: Branch Sensor 66 cloudType: standard accountId: '697058' accountName: Production Agent 91 regionId: '906120' resourceType: advanced overallPassed: false - id: example-id name: Branch Firewall 11 cloudType: advanced accountId: '226442' accountName: Corporate Agent 48 regionId: '307869' resourceType: standard overallPassed: false '400': $ref: '#/components/responses/BadRequest' '401': $ref: '#/components/responses/Unauthorized' '403': $ref: '#/components/responses/Forbidden' '500': $ref: '#/components/responses/InternalServerError' x-microcks-operation: delay: 0 dispatcher: FALLBACK /search/config: post: operationId: searchConfig summary: Palo Alto Networks Search Cloud Resource Configurations description: >- Executes an RQL config query against cloud resource configurations. Returns resources matching the query criteria with their configuration details. tags: - Search requestBody: required: true content: application/json: schema: type: object required: - query - timeRange properties: query: type: string description: RQL config query string. timeRange: $ref: '#/components/schemas/TimeRange' limit: type: integer default: 100 withResourceJson: type: boolean default: false examples: SearchConfigRequestExample: summary: Default searchConfig request x-microcks-default: true value: query: example-query timeRange: type: to_now value: *id004 limit: 100 withResourceJson: false responses: '200': description: Config search results returned successfully. content: application/json: schema: $ref: '#/components/schemas/SearchResult' examples: SearchConfig200Example: summary: Default searchConfig 200 response x-microcks-default: true value: cloudType: advanced query: example-query data: *id008 '400': $ref: '#/components/responses/BadRequest' '401': $ref: '#/components/responses/Unauthorized' '403': $ref: '#/components/responses/Forbidden' '500': $ref: '#/components/responses/InternalServerError' x-microcks-operation: delay: 0 dispatcher: FALLBACK /compliance: get: operationId: listComplianceStandards summary: Palo Alto Networks List Compliance Standards description: >- Returns a list of compliance standards available in Prisma Cloud, including built-in standards (CIS, NIST, PCI-DSS, HIPAA, SOC 2) and custom standards. tags: - Compliance responses: '200': description: Compliance standards returned successfully. content: application/json: schema: type: array items: $ref: '#/components/schemas/ComplianceStandard' examples: ListComplianceStandards200Example: summary: Default listComplianceStandards 200 response x-microcks-default: true value: - id: example-id name: Staging Policy 79 description: Incident activity activity monitoring monitoring activity detected alert configured monitoring. cloudType: &id009 - custom systemDefault: true policiesAssigned: 146 createdBy: example-createdBy lastModifiedTs: 756 '401': $ref: '#/components/responses/Unauthorized' '403': $ref: '#/components/responses/Forbidden' '500': $ref: '#/components/responses/InternalServerError' x-microcks-operation: delay: 0 dispatcher: FALLBACK /report: get: operationId: listReports summary: Palo Alto Networks List Reports description: >- Returns a list of configured reports including scheduled and on-demand reports for compliance, asset inventory, and alert summaries. tags: - Reports responses: '200': description: Reports returned successfully. content: application/json: schema: type: array items: $ref: '#/components/schemas/Report' examples: ListReports200Example: summary: Default listReports 200 response x-microcks-default: true value: - id: example-id name: Production Agent 34 type: COMPLIANCE status: failed createdOn: 972 lastModifiedOn: 196 downloadUrl: example-downloadUrl '401': $ref: '#/components/responses/Unauthorized' '403': $ref: '#/components/responses/Forbidden' '500': $ref: '#/components/responses/InternalServerError' x-microcks-operation: delay: 0 dispatcher: FALLBACK components: securitySchemes: bearerAuth: type: http scheme: bearer bearerFormat: JWT description: >- JWT token obtained from the /login endpoint. Valid for 10 minutes. Include as Authorization: Bearer in request headers. responses: BadRequest: description: Invalid request parameters or body. content: application/json: schema: $ref: '#/components/schemas/ErrorResponse' Unauthorized: description: Invalid or expired JWT token. content: application/json: schema: $ref: '#/components/schemas/ErrorResponse' Forbidden: description: Insufficient permissions for this operation. content: application/json: schema: $ref: '#/components/schemas/ErrorResponse' NotFound: description: The requested resource was not found. content: application/json: schema: $ref: '#/components/schemas/ErrorResponse' InternalServerError: description: Internal server error. content: application/json: schema: $ref: '#/components/schemas/ErrorResponse' schemas: Alert: type: object properties: id: type: string description: Unique alert identifier. example: example-id status: type: string enum: - open - dismissed - snoozed - resolved description: Current alert status. example: open reason: type: string description: Reason for the current alert status. example: Firewall detected monitoring incident activity traffic blocked endpoint incident alert. firstSeen: type: integer description: Epoch timestamp in milliseconds when the alert was first generated. example: 725 lastSeen: type: integer description: Epoch timestamp in milliseconds when the alert was last seen. example: 266 alertTime: type: integer description: Epoch timestamp in milliseconds of the alert. example: 684 policy: type: object properties: policyId: type: string example: '803871' policyType: type: string example: custom name: type: string example: Branch Firewall 19 severity: type: string enum: - critical - high - medium - low - informational example: informational recommendation: type: string example: example-recommendation description: Policy that generated this alert. example: *id001 resource: type: object properties: rrn: type: string description: Prisma Cloud Resource RRN. example: example-rrn id: type: string example: example-id name: type: string example: Primary Sensor 65 cloudType: type: string example: advanced accountId: type: string example: '336404' accountName: type: string example: Corporate Agent 04 regionId: type: string example: '751072' resourceType: type: string example: custom description: Cloud resource associated with the alert. example: *id002 riskDetail: type: object properties: score: type: integer example: 270 rating: type: string example: example-rating example: *id003 AlertFilter: type: object properties: name: type: string description: >- Filter field name (e.g., alert.status, cloud.type, policy.severity, cloud.accountId). example: Staging Agent 23 operator: type: string enum: - '=' example: '=' value: type: string example: example-value TimeRange: type: object properties: type: type: string enum: - relative - absolute - to_now example: to_now value: type: object properties: amount: type: integer example: 810 unit: type: string enum: - minute - hour - day - week - month - year example: week example: *id004 Policy: type: object properties: policyId: type: string description: Unique policy identifier. example: '167432' name: type: string description: Policy name. example: Production Sensor 48 policyType: type: string enum: - config - network - audit_event - anomaly - data - iam description: Type of policy check. example: audit_event severity: type: string enum: - critical - high - medium - low - informational description: Policy severity level. example: high description: type: string description: Policy description. example: Malware malware violation activity blocked detected malware malware suspicious suspicious. recommendation: type: string description: Recommended remediation for policy violations. example: example-recommendation cloudType: type: string description: Cloud provider the policy applies to. example: custom enabled: type: boolean description: Whether the policy is active. example: false systemDefault: type: boolean description: Whether this is a built-in policy. example: false rule: type: object properties: name: type: string example: Primary Sensor 97 criteria: type: string description: RQL query string. example: example-criteria type: type: string example: standard example: *id005 complianceMetadata: type: array items: type: object properties: standardName: type: string example: Production Firewall 29 requirementId: type: string example: '838655' requirementName: type: string example: Branch Gateway 38 sectionId: type: string example: '312470' example: *id006 PolicyInput: type: object required: - name - policyType - severity - rule properties: name: type: string example: Production Policy 14 policyType: type: string example: standard severity: type: string example: high description: type: string example: Investigation endpoint incident detected on suspicious configured endpoint firewall. recommendation: type: string example: example-recommendation cloudType: type: string example: custom enabled: type: boolean default: true example: true rule: type: object required: - name - criteria - type properties: name: type: string example: Primary Firewall 90 criteria: type: string description: RQL query for the policy rule. example: example-criteria type: type: string example: advanced example: *id007 CloudAccount: type: object properties: accountId: type: string description: Cloud provider account identifier. example: '166602' name: type: string description: Display name of the account. example: Branch Policy 85 cloudType: type: string enum: - aws - azure - gcp - oci description: Cloud provider type. example: aws enabled: type: boolean description: Whether monitoring is enabled. example: true numberOfPolicies: type: integer description: Number of policies applied to this account. example: 638 lastModifiedTs: type: integer description: Epoch timestamp of last modification. example: 347 SearchResult: type: object properties: cloudType: type: string description: Cloud provider type for the search results. example: advanced query: type: string description: RQL query that was executed. example: example-query data: type: object properties: totalRows: type: integer description: Total number of matching resources. example: 912 items: type: array items: type: object properties: id: type: string example: example-id name: type: string example: Primary Policy 16 cloudType: type: string example: custom accountId: type: string example: '747806' accountName: type: string example: Staging Gateway 41 regionId: type: string example: '650238' resourceType: type: string example: standard overallPassed: type: boolean example: true example: - id: example-id name: Branch Firewall 48 cloudType: custom accountId: '245566' accountName: Staging Policy 24 regionId: '477008' resourceType: custom overallPassed: true - id: example-id name: Staging Firewall 71 cloudType: custom accountId: '996140' accountName: Staging Gateway 36 regionId: '333526' resourceType: custom overallPassed: true example: *id008 ComplianceStandard: type: object properties: id: type: string description: Unique compliance standard identifier. example: example-id name: type: string description: Name of the compliance standard. example: Staging Policy 79 description: type: string description: Standard description. example: Incident activity activity monitoring monitoring activity detected alert configured monitoring. cloudType: type: array items: type: string description: Cloud providers the standard applies to. example: *id009 systemDefault: type: boolean description: Whether this is a built-in compliance standard. example: true policiesAssigned: type: integer description: Number of policies mapped to this standard. example: 146 createdBy: type: string description: User who created the standard. example: example-createdBy lastModifiedTs: type: integer description: Epoch timestamp of last modification. example: 756 Report: type: object properties: id: type: string description: Unique report identifier. example: example-id name: type: string description: Report name. example: Production Agent 34 type: type: string description: Report type. enum: - RIS - COMPLIANCE - ALERT example: COMPLIANCE status: type: string enum: - pending - processing - completed - failed description: Current report generation status. example: failed createdOn: type: integer description: Epoch timestamp when the report was created. example: 972 lastModifiedOn: type: integer description: Epoch timestamp of last modification. example: 196 downloadUrl: type: string description: URL for downloading the completed report. example: example-downloadUrl ErrorResponse: type: object properties: status: type: integer description: HTTP status code. example: 747 message: type: string description: Human-readable error message. example: Traffic violation investigation monitoring policy incident applied threat monitoring alert. error: type: string description: Error code. example: example-error