openapi: 3.1.0 info: title: Palo Alto Networks SaaS Security Posture Management API description: >- SaaS Security Posture Management (SSPM) API for assessing and improving the security posture of connected SaaS applications. Enables onboarding of SaaS applications, retrieval of posture check results, management of remediation status, browsing the SaaS application catalog, and configuration of Jira integrations for ticketing workflows. Part of the Palo Alto Networks SASE platform. version: '1.0' contact: name: Palo Alto Networks Developer Support url: https://pan.dev/ license: name: Proprietary url: https://www.paloaltonetworks.com/legal servers: - url: https://api.sase.paloaltonetworks.com/sspm description: SASE SSPM API production server. security: - oauth2Bearer: [] tags: - name: App Catalog description: SaaS application catalog and metadata. - name: Apps description: SaaS application onboarding and management. - name: Integrations description: Third-party integrations including Jira ticketing. - name: Posture Checks description: Security posture check results and remediation status. paths: /v1/apps: get: operationId: listOnboardedApps summary: Palo Alto Networks List Onboarded SaaS Applications description: >- Returns the list of SaaS applications that have been onboarded to SSPM for posture assessment. Each entry includes the application type, connection status, and summary counts of posture check results by severity. tags: - Apps parameters: - name: status in: query description: Filter applications by connection status. schema: type: string enum: - connected - disconnected - pending - error example: disconnected - name: offset in: query description: Number of results to skip for pagination. schema: type: integer default: 0 example: 0 - name: limit in: query description: Maximum number of applications to return. schema: type: integer default: 50 maximum: 200 example: 50 responses: '200': description: Onboarded applications returned. content: application/json: schema: type: object properties: total: type: integer offset: type: integer limit: type: integer items: type: array items: $ref: '#/components/schemas/OnboardedApp' examples: ListOnboardedApps200Example: summary: Default listOnboardedApps 200 response x-microcks-default: true value: total: 694 offset: 752 limit: 416 items: - app_id: '621838' app_type: standard display_name: Sarah Doe status: error tenant_id: tenant-34be8834 check_summary: &id001 critical: 904 high: 463 medium: 193 low: 762 pass: 336 last_scanned_at: '2026-06-23T07:17:30Z' onboarded_at: '2026-07-05T03:34:39Z' - app_id: '621838' app_type: standard display_name: Sarah Doe status: error tenant_id: tenant-34be8834 check_summary: *id001 last_scanned_at: '2026-06-23T07:17:30Z' onboarded_at: '2026-07-05T03:34:39Z' '400': description: Invalid query parameters. content: application/json: schema: $ref: '#/components/schemas/ErrorResponse' examples: ListOnboardedApps400Example: summary: Default listOnboardedApps 400 response x-microcks-default: true value: error: example-error message: Malware violation rule blocked detected endpoint policy detected. request_id: f7942ddd-4571-4f6e-a8a1-00c0f9d7dfb4 '401': description: Invalid or missing Bearer token. content: application/json: schema: $ref: '#/components/schemas/ErrorResponse' examples: ListOnboardedApps401Example: summary: Default listOnboardedApps 401 response x-microcks-default: true value: error: example-error message: Malware violation rule blocked detected endpoint policy detected. request_id: f7942ddd-4571-4f6e-a8a1-00c0f9d7dfb4 '403': description: Insufficient permissions. content: application/json: schema: $ref: '#/components/schemas/ErrorResponse' examples: ListOnboardedApps403Example: summary: Default listOnboardedApps 403 response x-microcks-default: true value: error: example-error message: Malware violation rule blocked detected endpoint policy detected. request_id: f7942ddd-4571-4f6e-a8a1-00c0f9d7dfb4 '500': description: Internal server error. content: application/json: schema: $ref: '#/components/schemas/ErrorResponse' examples: ListOnboardedApps500Example: summary: Default listOnboardedApps 500 response x-microcks-default: true value: error: example-error message: Malware violation rule blocked detected endpoint policy detected. request_id: f7942ddd-4571-4f6e-a8a1-00c0f9d7dfb4 x-microcks-operation: delay: 0 dispatcher: FALLBACK post: operationId: onboardApp summary: Palo Alto Networks Onboard New Application description: >- Onboards a new SaaS application to SSPM for posture assessment. Requires specifying the application type and providing the OAuth consent or API credentials needed to connect to the application. After onboarding, SSPM performs an initial posture scan. tags: - Apps requestBody: required: true content: application/json: schema: $ref: '#/components/schemas/OnboardAppRequest' examples: OnboardAppRequestExample: summary: Default onboardApp request x-microcks-default: true value: app_type: standard display_name: Alex Garcia credentials: &id004 {} responses: '201': description: Application onboarded successfully. content: application/json: schema: $ref: '#/components/schemas/OnboardedApp' examples: OnboardApp201Example: summary: Default onboardApp 201 response x-microcks-default: true value: app_id: '621838' app_type: standard display_name: Sarah Doe status: error tenant_id: tenant-34be8834 check_summary: *id001 last_scanned_at: '2026-06-23T07:17:30Z' onboarded_at: '2026-07-05T03:34:39Z' '400': description: Invalid request body or unsupported application type. content: application/json: schema: $ref: '#/components/schemas/ErrorResponse' examples: OnboardApp400Example: summary: Default onboardApp 400 response x-microcks-default: true value: error: example-error message: Malware violation rule blocked detected endpoint policy detected. request_id: f7942ddd-4571-4f6e-a8a1-00c0f9d7dfb4 '401': description: Invalid or missing Bearer token. content: application/json: schema: $ref: '#/components/schemas/ErrorResponse' examples: OnboardApp401Example: summary: Default onboardApp 401 response x-microcks-default: true value: error: example-error message: Malware violation rule blocked detected endpoint policy detected. request_id: f7942ddd-4571-4f6e-a8a1-00c0f9d7dfb4 '403': description: Insufficient permissions. content: application/json: schema: $ref: '#/components/schemas/ErrorResponse' examples: OnboardApp403Example: summary: Default onboardApp 403 response x-microcks-default: true value: error: example-error message: Malware violation rule blocked detected endpoint policy detected. request_id: f7942ddd-4571-4f6e-a8a1-00c0f9d7dfb4 '409': description: Application of this type is already onboarded. content: application/json: schema: $ref: '#/components/schemas/ErrorResponse' examples: OnboardApp409Example: summary: Default onboardApp 409 response x-microcks-default: true value: error: example-error message: Malware violation rule blocked detected endpoint policy detected. request_id: f7942ddd-4571-4f6e-a8a1-00c0f9d7dfb4 '500': description: Internal server error. content: application/json: schema: $ref: '#/components/schemas/ErrorResponse' examples: OnboardApp500Example: summary: Default onboardApp 500 response x-microcks-default: true value: error: example-error message: Malware violation rule blocked detected endpoint policy detected. request_id: f7942ddd-4571-4f6e-a8a1-00c0f9d7dfb4 x-microcks-operation: delay: 0 dispatcher: FALLBACK /v1/apps/{app_id}: delete: operationId: removeApp summary: Palo Alto Networks Remove Onboarded Application description: >- Removes a previously onboarded SaaS application from SSPM. This stops posture scanning for the application and removes all associated check results. This action cannot be undone. tags: - Apps parameters: - name: app_id in: path required: true description: Unique identifier of the onboarded application. schema: type: string example: '293827' responses: '204': description: Application removed successfully. '401': description: Invalid or missing Bearer token. content: application/json: schema: $ref: '#/components/schemas/ErrorResponse' examples: RemoveApp401Example: summary: Default removeApp 401 response x-microcks-default: true value: error: example-error message: Malware violation rule blocked detected endpoint policy detected. request_id: f7942ddd-4571-4f6e-a8a1-00c0f9d7dfb4 '403': description: Insufficient permissions. content: application/json: schema: $ref: '#/components/schemas/ErrorResponse' examples: RemoveApp403Example: summary: Default removeApp 403 response x-microcks-default: true value: error: example-error message: Malware violation rule blocked detected endpoint policy detected. request_id: f7942ddd-4571-4f6e-a8a1-00c0f9d7dfb4 '404': description: Application not found. content: application/json: schema: $ref: '#/components/schemas/ErrorResponse' examples: RemoveApp404Example: summary: Default removeApp 404 response x-microcks-default: true value: error: example-error message: Malware violation rule blocked detected endpoint policy detected. request_id: f7942ddd-4571-4f6e-a8a1-00c0f9d7dfb4 '500': description: Internal server error. content: application/json: schema: $ref: '#/components/schemas/ErrorResponse' examples: RemoveApp500Example: summary: Default removeApp 500 response x-microcks-default: true value: error: example-error message: Malware violation rule blocked detected endpoint policy detected. request_id: f7942ddd-4571-4f6e-a8a1-00c0f9d7dfb4 x-microcks-operation: delay: 0 dispatcher: FALLBACK /v1/posture-checks: get: operationId: listPostureChecks summary: Palo Alto Networks List Posture Check Results description: >- Returns posture check results across all onboarded SaaS applications. Supports filtering by application, check type, severity, and remediation status. Each check result indicates whether a specific security best practice is implemented in the connected application. tags: - Posture Checks parameters: - name: app_id in: query description: Filter checks by onboarded application ID. schema: type: string example: '131412' - name: check_type in: query description: Filter by check category type. schema: type: string enum: - access_control - authentication - data_protection - logging - network_security - configuration example: logging - name: severity in: query description: Filter by check severity level. schema: type: string enum: - informational - low - medium - high - critical example: critical - name: status in: query description: Filter by remediation status. schema: type: string enum: - pass - fail - error - suppressed example: fail - name: offset in: query description: Number of results to skip for pagination. schema: type: integer default: 0 example: 0 - name: limit in: query description: Maximum number of check results to return. schema: type: integer default: 50 maximum: 200 example: 50 responses: '200': description: Posture check results returned. content: application/json: schema: type: object properties: total: type: integer offset: type: integer limit: type: integer items: type: array items: $ref: '#/components/schemas/PostureCheck' examples: ListPostureChecks200Example: summary: Default listPostureChecks 200 response x-microcks-default: true value: total: 887 offset: 835 limit: 673 items: - check_id: '841281' app_id: '849318' check_name: Primary Policy 44 check_type: authentication severity: low status: suppressed description: Configured network on activity configured incident alert monitoring. remediation: example-remediation compliance_frameworks: &id002 - example-compliance_frameworks_item last_evaluated_at: '2026-09-01T23:02:10Z' suppression_justification: example-suppression_justification - check_id: '841281' app_id: '849318' check_name: Primary Policy 44 check_type: authentication severity: low status: suppressed description: Configured network on activity configured incident alert monitoring. remediation: example-remediation compliance_frameworks: *id002 last_evaluated_at: '2026-09-01T23:02:10Z' suppression_justification: example-suppression_justification '400': description: Invalid query parameters. content: application/json: schema: $ref: '#/components/schemas/ErrorResponse' examples: ListPostureChecks400Example: summary: Default listPostureChecks 400 response x-microcks-default: true value: error: example-error message: Malware violation rule blocked detected endpoint policy detected. request_id: f7942ddd-4571-4f6e-a8a1-00c0f9d7dfb4 '401': description: Invalid or missing Bearer token. content: application/json: schema: $ref: '#/components/schemas/ErrorResponse' examples: ListPostureChecks401Example: summary: Default listPostureChecks 401 response x-microcks-default: true value: error: example-error message: Malware violation rule blocked detected endpoint policy detected. request_id: f7942ddd-4571-4f6e-a8a1-00c0f9d7dfb4 '403': description: Insufficient permissions. content: application/json: schema: $ref: '#/components/schemas/ErrorResponse' examples: ListPostureChecks403Example: summary: Default listPostureChecks 403 response x-microcks-default: true value: error: example-error message: Malware violation rule blocked detected endpoint policy detected. request_id: f7942ddd-4571-4f6e-a8a1-00c0f9d7dfb4 '500': description: Internal server error. content: application/json: schema: $ref: '#/components/schemas/ErrorResponse' examples: ListPostureChecks500Example: summary: Default listPostureChecks 500 response x-microcks-default: true value: error: example-error message: Malware violation rule blocked detected endpoint policy detected. request_id: f7942ddd-4571-4f6e-a8a1-00c0f9d7dfb4 x-microcks-operation: delay: 0 dispatcher: FALLBACK /v1/posture-checks/{check_id}: get: operationId: getPostureCheck summary: Palo Alto Networks Get Posture Check Details description: >- Returns full details for a specific posture check result including the check description, affected configuration, remediation guidance, and compliance framework mappings. tags: - Posture Checks parameters: - name: check_id in: path required: true description: Unique identifier of the posture check result. schema: type: string example: '461435' responses: '200': description: Posture check details returned. content: application/json: schema: $ref: '#/components/schemas/PostureCheck' examples: GetPostureCheck200Example: summary: Default getPostureCheck 200 response x-microcks-default: true value: check_id: '841281' app_id: '849318' check_name: Primary Policy 44 check_type: authentication severity: low status: suppressed description: Configured network on activity configured incident alert monitoring. remediation: example-remediation compliance_frameworks: *id002 last_evaluated_at: '2026-09-01T23:02:10Z' suppression_justification: example-suppression_justification '401': description: Invalid or missing Bearer token. content: application/json: schema: $ref: '#/components/schemas/ErrorResponse' examples: GetPostureCheck401Example: summary: Default getPostureCheck 401 response x-microcks-default: true value: error: example-error message: Malware violation rule blocked detected endpoint policy detected. request_id: f7942ddd-4571-4f6e-a8a1-00c0f9d7dfb4 '403': description: Insufficient permissions. content: application/json: schema: $ref: '#/components/schemas/ErrorResponse' examples: GetPostureCheck403Example: summary: Default getPostureCheck 403 response x-microcks-default: true value: error: example-error message: Malware violation rule blocked detected endpoint policy detected. request_id: f7942ddd-4571-4f6e-a8a1-00c0f9d7dfb4 '404': description: Posture check not found. content: application/json: schema: $ref: '#/components/schemas/ErrorResponse' examples: GetPostureCheck404Example: summary: Default getPostureCheck 404 response x-microcks-default: true value: error: example-error message: Malware violation rule blocked detected endpoint policy detected. request_id: f7942ddd-4571-4f6e-a8a1-00c0f9d7dfb4 '500': description: Internal server error. content: application/json: schema: $ref: '#/components/schemas/ErrorResponse' examples: GetPostureCheck500Example: summary: Default getPostureCheck 500 response x-microcks-default: true value: error: example-error message: Malware violation rule blocked detected endpoint policy detected. request_id: f7942ddd-4571-4f6e-a8a1-00c0f9d7dfb4 x-microcks-operation: delay: 0 dispatcher: FALLBACK /v1/posture-checks/{check_id}/status: put: operationId: updatePostureCheckStatus summary: Palo Alto Networks Update Posture Check Status description: >- Updates the remediation status of a posture check result. Use this endpoint to mark checks as suppressed with a justification, or to mark remediated checks for re-evaluation. tags: - Posture Checks parameters: - name: check_id in: path required: true description: Unique identifier of the posture check result. schema: type: string example: '258568' requestBody: required: true content: application/json: schema: type: object required: - status properties: status: type: string enum: - suppressed - pending_remediation description: New status to set for the check. justification: type: string description: >- Reason for suppressing the check. Required when setting status to suppressed. maxLength: 1024 examples: UpdatePostureCheckStatusRequestExample: summary: Default updatePostureCheckStatus request x-microcks-default: true value: status: pending_remediation justification: example-justification responses: '200': description: Check status updated successfully. content: application/json: schema: $ref: '#/components/schemas/PostureCheck' examples: UpdatePostureCheckStatus200Example: summary: Default updatePostureCheckStatus 200 response x-microcks-default: true value: check_id: '841281' app_id: '849318' check_name: Primary Policy 44 check_type: authentication severity: low status: suppressed description: Configured network on activity configured incident alert monitoring. remediation: example-remediation compliance_frameworks: *id002 last_evaluated_at: '2026-09-01T23:02:10Z' suppression_justification: example-suppression_justification '400': description: Invalid request body. content: application/json: schema: $ref: '#/components/schemas/ErrorResponse' examples: UpdatePostureCheckStatus400Example: summary: Default updatePostureCheckStatus 400 response x-microcks-default: true value: error: example-error message: Malware violation rule blocked detected endpoint policy detected. request_id: f7942ddd-4571-4f6e-a8a1-00c0f9d7dfb4 '401': description: Invalid or missing Bearer token. content: application/json: schema: $ref: '#/components/schemas/ErrorResponse' examples: UpdatePostureCheckStatus401Example: summary: Default updatePostureCheckStatus 401 response x-microcks-default: true value: error: example-error message: Malware violation rule blocked detected endpoint policy detected. request_id: f7942ddd-4571-4f6e-a8a1-00c0f9d7dfb4 '403': description: Insufficient permissions. content: application/json: schema: $ref: '#/components/schemas/ErrorResponse' examples: UpdatePostureCheckStatus403Example: summary: Default updatePostureCheckStatus 403 response x-microcks-default: true value: error: example-error message: Malware violation rule blocked detected endpoint policy detected. request_id: f7942ddd-4571-4f6e-a8a1-00c0f9d7dfb4 '404': description: Posture check not found. content: application/json: schema: $ref: '#/components/schemas/ErrorResponse' examples: UpdatePostureCheckStatus404Example: summary: Default updatePostureCheckStatus 404 response x-microcks-default: true value: error: example-error message: Malware violation rule blocked detected endpoint policy detected. request_id: f7942ddd-4571-4f6e-a8a1-00c0f9d7dfb4 '500': description: Internal server error. content: application/json: schema: $ref: '#/components/schemas/ErrorResponse' examples: UpdatePostureCheckStatus500Example: summary: Default updatePostureCheckStatus 500 response x-microcks-default: true value: error: example-error message: Malware violation rule blocked detected endpoint policy detected. request_id: f7942ddd-4571-4f6e-a8a1-00c0f9d7dfb4 x-microcks-operation: delay: 0 dispatcher: FALLBACK /v1/app-catalog: get: operationId: listAppCatalog summary: Palo Alto Networks List SaaS Application Catalog description: >- Returns the catalog of SaaS applications supported for SSPM posture assessment. Each entry describes the application, the number of available posture checks, and supported compliance frameworks. tags: - App Catalog parameters: - name: category in: query description: Filter by application category. schema: type: string example: advanced - name: offset in: query description: Number of results to skip for pagination. schema: type: integer default: 0 example: 0 - name: limit in: query description: Maximum number of catalog entries to return. schema: type: integer default: 50 maximum: 200 example: 50 responses: '200': description: Application catalog returned. content: application/json: schema: type: object properties: total: type: integer items: type: array items: $ref: '#/components/schemas/CatalogApp' examples: ListAppCatalog200Example: summary: Default listAppCatalog 200 response x-microcks-default: true value: total: 731 items: - app_type: standard display_name: John Wilson category: custom check_count: 923 compliance_frameworks: &id003 - example-compliance_frameworks_item - example-compliance_frameworks_item logo_url: https://login.acme-systems.org/083bb0 - app_type: standard display_name: John Wilson category: custom check_count: 923 compliance_frameworks: *id003 logo_url: https://login.acme-systems.org/083bb0 '401': description: Invalid or missing Bearer token. content: application/json: schema: $ref: '#/components/schemas/ErrorResponse' examples: ListAppCatalog401Example: summary: Default listAppCatalog 401 response x-microcks-default: true value: error: example-error message: Malware violation rule blocked detected endpoint policy detected. request_id: f7942ddd-4571-4f6e-a8a1-00c0f9d7dfb4 '403': description: Insufficient permissions. content: application/json: schema: $ref: '#/components/schemas/ErrorResponse' examples: ListAppCatalog403Example: summary: Default listAppCatalog 403 response x-microcks-default: true value: error: example-error message: Malware violation rule blocked detected endpoint policy detected. request_id: f7942ddd-4571-4f6e-a8a1-00c0f9d7dfb4 '500': description: Internal server error. content: application/json: schema: $ref: '#/components/schemas/ErrorResponse' examples: ListAppCatalog500Example: summary: Default listAppCatalog 500 response x-microcks-default: true value: error: example-error message: Malware violation rule blocked detected endpoint policy detected. request_id: f7942ddd-4571-4f6e-a8a1-00c0f9d7dfb4 x-microcks-operation: delay: 0 dispatcher: FALLBACK /v1/jira-integrations: get: operationId: listJiraIntegrations summary: Palo Alto Networks List Jira Integrations description: >- Returns the configured Jira integrations for automatically creating tickets when posture check failures are detected. Each integration specifies the Jira project, issue type, and mapping from check severity to ticket priority. tags: - Integrations responses: '200': description: Jira integrations returned. content: application/json: schema: type: object properties: total: type: integer items: type: array items: $ref: '#/components/schemas/JiraIntegration' examples: ListJiraIntegrations200Example: summary: Default listJiraIntegrations 200 response x-microcks-default: true value: total: 286 items: - id: example-id name: Staging Agent 91 jira_url: https://portal.acme-systems.org/e51406 project_key: example-project_key issue_type: custom enabled: true created_at: '2026-08-06T08:43:39Z' - id: example-id name: Staging Agent 91 jira_url: https://portal.acme-systems.org/e51406 project_key: example-project_key issue_type: custom enabled: true created_at: '2026-08-06T08:43:39Z' '401': description: Invalid or missing Bearer token. content: application/json: schema: $ref: '#/components/schemas/ErrorResponse' examples: ListJiraIntegrations401Example: summary: Default listJiraIntegrations 401 response x-microcks-default: true value: error: example-error message: Malware violation rule blocked detected endpoint policy detected. request_id: f7942ddd-4571-4f6e-a8a1-00c0f9d7dfb4 '403': description: Insufficient permissions. content: application/json: schema: $ref: '#/components/schemas/ErrorResponse' examples: ListJiraIntegrations403Example: summary: Default listJiraIntegrations 403 response x-microcks-default: true value: error: example-error message: Malware violation rule blocked detected endpoint policy detected. request_id: f7942ddd-4571-4f6e-a8a1-00c0f9d7dfb4 '500': description: Internal server error. content: application/json: schema: $ref: '#/components/schemas/ErrorResponse' examples: ListJiraIntegrations500Example: summary: Default listJiraIntegrations 500 response x-microcks-default: true value: error: example-error message: Malware violation rule blocked detected endpoint policy detected. request_id: f7942ddd-4571-4f6e-a8a1-00c0f9d7dfb4 x-microcks-operation: delay: 0 dispatcher: FALLBACK post: operationId: createJiraIntegration summary: Palo Alto Networks Create Jira Integration description: >- Creates a new Jira integration for automatic ticket creation when SSPM posture check failures are detected. Requires a valid Jira server URL, API token, and project configuration. tags: - Integrations requestBody: required: true content: application/json: schema: $ref: '#/components/schemas/JiraIntegrationRequest' examples: CreateJiraIntegrationRequestExample: summary: Default createJiraIntegration request x-microcks-default: true value: name: Primary Sensor 29 jira_url: https://mail.example.com/95ba91 project_key: example-project_key issue_type: Bug api_token: example-api_token email: security-ops@example.com severity_mapping: &id005 {} responses: '201': description: Jira integration created successfully. content: application/json: schema: $ref: '#/components/schemas/JiraIntegration' examples: CreateJiraIntegration201Example: summary: Default createJiraIntegration 201 response x-microcks-default: true value: id: example-id name: Staging Agent 91 jira_url: https://portal.acme-systems.org/e51406 project_key: example-project_key issue_type: custom enabled: true created_at: '2026-08-06T08:43:39Z' '400': description: Invalid request body or Jira configuration. content: application/json: schema: $ref: '#/components/schemas/ErrorResponse' examples: CreateJiraIntegration400Example: summary: Default createJiraIntegration 400 response x-microcks-default: true value: error: example-error message: Malware violation rule blocked detected endpoint policy detected. request_id: f7942ddd-4571-4f6e-a8a1-00c0f9d7dfb4 '401': description: Invalid or missing Bearer token. content: application/json: schema: $ref: '#/components/schemas/ErrorResponse' examples: CreateJiraIntegration401Example: summary: Default createJiraIntegration 401 response x-microcks-default: true value: error: example-error message: Malware violation rule blocked detected endpoint policy detected. request_id: f7942ddd-4571-4f6e-a8a1-00c0f9d7dfb4 '403': description: Insufficient permissions. content: application/json: schema: $ref: '#/components/schemas/ErrorResponse' examples: CreateJiraIntegration403Example: summary: Default createJiraIntegration 403 response x-microcks-default: true value: error: example-error message: Malware violation rule blocked detected endpoint policy detected. request_id: f7942ddd-4571-4f6e-a8a1-00c0f9d7dfb4 '500': description: Internal server error. content: application/json: schema: $ref: '#/components/schemas/ErrorResponse' examples: CreateJiraIntegration500Example: summary: Default createJiraIntegration 500 response x-microcks-default: true value: error: example-error message: Malware violation rule blocked detected endpoint policy detected. request_id: f7942ddd-4571-4f6e-a8a1-00c0f9d7dfb4 x-microcks-operation: delay: 0 dispatcher: FALLBACK components: securitySchemes: oauth2Bearer: type: http scheme: bearer bearerFormat: JWT description: >- OAuth 2.0 Bearer token for SASE platform authentication. Obtain using the client_credentials grant with your SASE service account client ID and client secret. schemas: OnboardedApp: type: object properties: app_id: type: string description: Unique identifier for the onboarded application. example: '621838' app_type: type: string description: Application type identifier (e.g., google_workspace, microsoft_365). example: standard display_name: type: string description: Human-readable name for the onboarded application instance. example: Sarah Doe status: type: string enum: - connected - disconnected - pending - error description: Current connection status. example: error tenant_id: type: string description: Tenant or domain identifier within the SaaS application. example: tenant-34be8834 check_summary: type: object description: Summary counts of posture check results by severity. properties: critical: type: integer example: 195 high: type: integer example: 699 medium: type: integer example: 127 low: type: integer example: 223 pass: type: integer example: 442 example: *id001 last_scanned_at: type: string format: date-time description: Timestamp of the most recent posture scan. example: '2026-06-23T07:17:30Z' onboarded_at: type: string format: date-time description: Timestamp when the application was onboarded. example: '2026-07-05T03:34:39Z' OnboardAppRequest: type: object required: - app_type properties: app_type: type: string description: Application type to onboard (e.g., google_workspace, microsoft_365, salesforce). example: standard display_name: type: string description: Optional display name for this application instance. example: Alex Garcia credentials: type: object description: Authentication credentials required to connect to the application. additionalProperties: true example: *id004 PostureCheck: type: object properties: check_id: type: string description: Unique identifier of the posture check result. example: '841281' app_id: type: string description: ID of the onboarded application this check applies to. example: '849318' check_name: type: string description: Name of the security posture check. example: Primary Policy 44 check_type: type: string enum: - access_control - authentication - data_protection - logging - network_security - configuration description: Category of the posture check. example: authentication severity: type: string enum: - informational - low - medium - high - critical description: Severity level if the check fails. example: low status: type: string enum: - pass - fail - error - suppressed description: Current result status of the check. example: suppressed description: type: string description: Description of what the check evaluates. example: Configured network on activity configured incident alert monitoring. remediation: type: string description: Step-by-step remediation guidance for failed checks. example: example-remediation compliance_frameworks: type: array items: type: string description: Compliance frameworks this check maps to (e.g., CIS, SOC2, ISO27001). example: *id002 last_evaluated_at: type: string format: date-time description: Timestamp when the check was last evaluated. example: '2026-09-01T23:02:10Z' suppression_justification: type: string description: Justification text if the check is suppressed. example: example-suppression_justification CatalogApp: type: object properties: app_type: type: string description: Application type identifier used for onboarding. example: standard display_name: type: string description: Human-readable application name. example: John Wilson category: type: string description: Application category (e.g., collaboration, crm, storage). example: custom check_count: type: integer description: Number of posture checks available for this application. example: 923 compliance_frameworks: type: array items: type: string description: Compliance frameworks covered by checks for this application. example: *id003 logo_url: type: string format: uri description: URL to the application logo. example: https://login.acme-systems.org/083bb0 JiraIntegration: type: object properties: id: type: string description: Unique identifier of the Jira integration. example: example-id name: type: string description: Display name for the integration. example: Staging Agent 91 jira_url: type: string format: uri description: Base URL of the Jira server or cloud instance. example: https://portal.acme-systems.org/e51406 project_key: type: string description: Jira project key where tickets are created. example: example-project_key issue_type: type: string description: Jira issue type for created tickets (e.g., Bug, Task). example: custom enabled: type: boolean description: Whether the integration is actively creating tickets. example: true created_at: type: string format: date-time example: '2026-08-06T08:43:39Z' JiraIntegrationRequest: type: object required: - name - jira_url - project_key - api_token - email properties: name: type: string description: Display name for this integration. example: Primary Sensor 29 jira_url: type: string format: uri description: Base URL of the Jira server or cloud instance. example: https://mail.example.com/95ba91 project_key: type: string description: Jira project key where tickets will be created. example: example-project_key issue_type: type: string description: Jira issue type (e.g., Bug, Task, Story). default: Bug example: Bug api_token: type: string description: Jira API token for authentication. writeOnly: true example: example-api_token email: type: string format: email description: Email address associated with the Jira API token. example: security-ops@example.com severity_mapping: type: object description: Mapping from SSPM severity levels to Jira priorities. additionalProperties: type: string example: *id005 ErrorResponse: type: object properties: error: type: string description: Error code identifying the error type. example: example-error message: type: string description: Human-readable description of the error. example: Malware violation rule blocked detected endpoint policy detected. request_id: type: string description: Request identifier for support correlation. example: f7942ddd-4571-4f6e-a8a1-00c0f9d7dfb4