diff --git a/openapi-specs/cspm/CDEMMicroServices.json b/openapi-specs/cspm/CDEMMicroServices.json new file mode 100644 index 000000000..7c906eb3a --- /dev/null +++ b/openapi-specs/cspm/CDEMMicroServices.json @@ -0,0 +1,1413 @@ +{ + "openapi": "3.0.1", + "info": { + "title": "OpenAPI definition", + "version": "v0" + }, + "servers": [ + { + "url": "https://api.prismacloud.io" + }, + { + "url": "https://api2.prismacloud.io" + }, + { + "url": "https://api3.prismacloud.io" + }, + { + "url": "https://api4.prismacloud.io" + }, + { + "url": "https://api.anz.prismacloud.io" + }, + { + "url": "https://api.eu.prismacloud.io" + }, + { + "url": "https://api2.eu.prismacloud.io" + }, + { + "url": "https://api.gov.prismacloud.io" + }, + { + "url": "https://api.prismacloud.cn" + }, + { + "url": "https://api.ca.prismacloud.io" + }, + { + "url": "https://api.sg.prismacloud.io" + }, + { + "url": "https://api.uk.prismacloud.io" + }, + { + "url": "https://api.ind.prismacloud.io" + }, + { + "url": "https://api.jp.prismacloud.io" + }, + { + "url": "https://api.fr.prismacloud.io" + } + ], + "tags": [ + { + "name": "Cloud Discovery and Exposure Management", + "description": "Discovery and Exposure Management(CDEM) APIs help you in identifying unmanaged or exposed assets that must be secured." + } + ], + "paths": { + "/asm/api/v1/convert-cloud-account": { + "post": { + "tags": [ + "Cloud Discovery and Exposure Management" + ], + "summary": "Onboard Cloud Accounts", + "description": "Onboard the cloud accounts to CSPM in order to secure the unmanaged assets identified by the CDEM dashboard.", + "operationId": "onboardCloudAccounts", + "requestBody": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/CloudAccountsList" + } + } + } + }, + "responses": { + "200": { + "description": "OK", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/AccountConversionResponseList" + } + } + } + } + }, + "x-public": "true", + "security": [ + { + "x-redlock-auth": [] + } + ] + } + }, + "/asm/api/v1/asset": { + "post": { + "tags": [ + "Cloud Discovery and Exposure Management" + ], + "summary": "Get Assets List", + "description": "Get the list of assets based on cloud-type, asset-type, manage-type, and service-type.", + "operationId": "asset-inventory-for-l3", + "requestBody": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/AssetInventoryRequest" + } + } + } + }, + "responses": { + "200": { + "description": "OK", + "content": { + "application/json": { + "schema": { + "type": "object" + } + } + } + } + }, + "x-public": "true", + "security": [ + { + "x-redlock-auth": [] + } + ] + } + }, + "/asm/api/v1/asset/{asset_id}/finding": { + "post": { + "tags": [ + "Cloud Discovery and Exposure Management" + ], + "summary": "Get Findings of an Asset ", + "description": "Get the list of findings of an asset by asset id. Findings are security issues, including vulnerabilities discovered on the asset. ", + "operationId": "getAssetFindings", + "parameters": [ + { + "name": "asset_id", + "in": "path", + "description": "ID of asset", + "required": true, + "schema": { + "type": "string", + "format": "uuid" + } + } + ], + "requestBody": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/FindingRequest" + } + } + } + }, + "responses": { + "200": { + "description": "OK", + "content": { + "application/json": { + "schema": { + "type": "object" + } + } + } + } + }, + "x-public": "true", + "security": [ + { + "x-redlock-auth": [] + } + ] + } + }, + "/asm/api/v1/asset/{asset_id}/finding/filters": { + "post": { + "tags": [ + "Cloud Discovery and Exposure Management" + ], + "summary": "Get Asset Findings Filter", + "description": "Get the list of filters and their possible values based on which you can retrieve the findings of an asset.", + "operationId": "getFindingFilters", + "parameters": [ + { + "name": "asset_id", + "in": "path", + "description": "ID of asset", + "required": true, + "schema": { + "type": "string", + "format": "uuid" + } + } + ], + "requestBody": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/FindingRequest" + } + } + } + }, + "responses": { + "200": { + "description": "OK", + "content": { + "application/json": { + "schema": { + "type": "object" + } + } + } + } + }, + "x-public": "true", + "security": [ + { + "x-redlock-auth": [] + } + ] + } + }, + "/asm/api/v1/asset/email": { + "post": { + "tags": [ + "Cloud Discovery and Exposure Management" + ], + "summary": "Send Asset Details via Email", + "description": "Sends email with details of assets.", + "operationId": "send-asset-detail-email-from-sidecar", + "requestBody": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/SidecarOverview" + } + } + } + }, + "responses": { + "200": { + "description": "OK", + "content": { + "application/json": { + "schema": { + "type": "string" + } + } + } + } + }, + "x-public": "true", + "security": [ + { + "x-redlock-auth": [] + } + ] + } + }, + "/asm/api/v1/asset/aggregation-by-resource-type": { + "post": { + "tags": [ + "Cloud Discovery and Exposure Management" + ], + "summary": "Get Aggregated Asset Count by Asset Type", + "description": "Get count of assets aggregated by asset type based on cloud provider,service type,asset-type, and manage-type.", + "operationId": "get-asset-count-by-asset-type-for-l2", + "requestBody": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/ResourceTypeAggregation" + } + } + } + }, + "responses": { + "200": { + "description": "OK", + "content": { + "application/json": { + "schema": { + "type": "object" + } + } + } + } + }, + "x-public": "true", + "security": [ + { + "x-redlock-auth": [] + } + ] + } + }, + "/asm/api/v1/asset/aggregation-by-cloud-type": { + "post": { + "tags": [ + "Cloud Discovery and Exposure Management" + ], + "summary": "Get Aggregated Asset Count by Cloud Type", + "description": "Get count of assets aggregated by cloud service provider.", + "operationId": "get-assets-aggregated-by-provider-for-l1", + "requestBody": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/CloudTypeAggregation" + } + } + } + }, + "responses": { + "200": { + "description": "OK", + "content": { + "application/json": { + "schema": { + "type": "object" + } + } + } + } + }, + "x-public": "true", + "security": [ + { + "x-redlock-auth": [] + } + ] + } + }, + "/asm/api/v1/service": { + "get": { + "tags": [ + "Cloud Discovery and Exposure Management" + ], + "summary": "Get Services", + "description": "Get the list of services.", + "operationId": "listServices", + "parameters": [ + { + "name": "snapshot_date", + "in": "query", + "description": "Snapshot date", + "required": false, + "schema": { + "type": "integer", + "format": "int64" + } + }, + { + "name": "next_page_token", + "in": "query", + "description": "Next page token", + "required": false, + "schema": { + "type": "string" + } + } + ], + "responses": { + "200": { + "description": "OK", + "content": { + "application/json": { + "schema": { + "type": "object" + } + } + } + } + }, + "x-public": "true", + "security": [ + { + "x-redlock-auth": [] + } + ] + } + }, + "/asm/api/v1/service/{serviceId}": { + "get": { + "tags": [ + "Cloud Discovery and Exposure Management" + ], + "summary": "Get Service Details", + "description": "Get details of a service by service id", + "operationId": "fetchAsmServiceDetails", + "parameters": [ + { + "name": "serviceId", + "in": "path", + "description": "ID of the service", + "required": true, + "schema": { + "type": "string" + } + }, + { + "name": "snapshot_date", + "in": "query", + "description": "Snapshot date", + "required": false, + "schema": { + "type": "string" + } + }, + { + "name": "all_service_detail", + "in": "query", + "description": "Expand service details input", + "required": false, + "schema": { + "type": "string" + }, + "example": true + } + ], + "responses": { + "200": { + "description": "OK", + "content": { + "application/json": { + "schema": { + "type": "object" + } + } + } + } + }, + "x-public": "true", + "security": [ + { + "x-redlock-auth": [] + } + ] + } + }, + "/asm/api/v1/industry-benchmarks": { + "get": { + "tags": [ + "Cloud Discovery and Exposure Management" + ], + "summary": "Get Industry Benchmark Data", + "description": "Get industry benchmark data which is used to identify the vulnerabilities and security risks.", + "operationId": "getIndustryBenchmarks", + "responses": { + "200": { + "description": "OK", + "content": { + "application/json": { + "schema": { + "type": "object" + } + } + } + } + }, + "x-public": "true", + "security": [ + { + "x-redlock-auth": [] + } + ] + } + }, + "/asm/api/v1/dashboard/convertible-accounts": { + "get": { + "tags": [ + "Cloud Discovery and Exposure Management" + ], + "summary": "Get Convertible Accounts", + "description": "Get the list of accounts that are not managed by CSPM but can be onboarded to CSPM.", + "operationId": "getConvertibleCloudAccounts", + "parameters": [ + { + "name": "alert_categories", + "in": "query", + "description": "Category of alerts", + "required": false, + "schema": { + "type": "string" + } + }, + { + "name": "country_code", + "in": "query", + "description": "Country code", + "required": false, + "schema": { + "type": "string" + } + }, + { + "name": "next_page_token", + "in": "query", + "description": "Next page token", + "required": false, + "schema": { + "type": "string" + } + } + ], + "responses": { + "200": { + "description": "OK", + "content": { + "application/json": { + "schema": { + "type": "object" + } + } + } + } + }, + "x-public": "true", + "security": [ + { + "x-redlock-auth": [] + } + ] + } + }, + "/asm/api/v1/dashboard/asset": { + "get": { + "tags": [ + "Cloud Discovery and Exposure Management" + ], + "summary": "Get Convertible Assets", + "description": "Get the list of unmanaged assets that can be onboarded to CSPM.", + "operationId": "listAssets", + "parameters": [ + { + "name": "convertible", + "in": "query", + "description": "Convertible input", + "required": false, + "schema": { + "type": "string" + } + }, + { + "name": "cloud_account_id", + "in": "query", + "description": "Cloud account ID", + "required": false, + "schema": { + "type": "string" + } + }, + { + "name": "alert_categories", + "in": "query", + "description": "Category of alerts", + "required": false, + "schema": { + "type": "string" + } + }, + { + "name": "country_code", + "in": "query", + "description": "Country codes", + "required": false, + "schema": { + "type": "string" + } + }, + { + "name": "next_page_token", + "in": "query", + "description": "Next page token", + "required": false, + "schema": { + "type": "string" + } + } + ], + "responses": { + "200": { + "description": "OK", + "content": { + "application/json": { + "schema": { + "type": "object" + } + } + } + } + }, + "x-public": "true", + "security": [ + { + "x-redlock-auth": [] + } + ] + } + }, + "/asm/api/v1/dashboard/asset/trend": { + "get": { + "tags": [ + "Cloud Discovery and Exposure Management" + ], + "summary": "Get Asset Trend for last 90 days", + "description": "Get asset trend for managed, unmanaged, and remediated assets.", + "operationId": "fetch-assets-by-manage-type-and-remediation", + "parameters": [ + { + "name": "timestamp", + "in": "query", + "description": "Timestamp", + "required": true, + "schema": { + "type": "integer", + "format": "int64" + } + } + ], + "responses": { + "200": { + "description": "OK", + "content": { + "application/json": { + "schema": { + "type": "array", + "items": { + "$ref": "#/components/schemas/AssetTrend" + } + } + } + } + } + }, + "x-public": "true", + "security": [ + { + "x-redlock-auth": [] + } + ] + } + }, + "/asm/api/v1/dashboard/asset/top-risk": { + "get": { + "tags": [ + "Cloud Discovery and Exposure Management" + ], + "summary": "Get Asset Top Risks", + "description": "Get the list of top risks for assets.", + "operationId": "getTopRisks", + "responses": { + "200": { + "description": "OK", + "content": { + "application/json": { + "schema": { + "type": "object" + } + } + } + } + }, + "x-public": "true", + "security": [ + { + "x-redlock-auth": [] + } + ] + } + }, + "/asm/api/v1/dashboard/asset/internet-exposure-risk": { + "get": { + "tags": [ + "Cloud Discovery and Exposure Management" + ], + "summary": "Get Internet Exposure Risk Distribution", + "description": "Get the internet exposure risk statistics of every asset type for last 24 hours", + "operationId": "fetch-internet-exposure-asm-assets", + "responses": { + "200": { + "description": "OK", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/AsmInternetExposureRisk" + } + } + } + } + }, + "x-public": "true", + "security": [ + { + "x-redlock-auth": [] + } + ] + } + }, + "/asm/api/v1/dashboard/asset/geolocation": { + "get": { + "tags": [ + "Cloud Discovery and Exposure Management" + ], + "summary": "Get Assets Count Across Location", + "operationId": "fetch-asset-by-geo-location", + "responses": { + "200": { + "description": "OK", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/AssetsByGeoLocation" + } + } + } + } + }, + "x-public": "true", + "security": [ + { + "x-redlock-auth": [] + } + ] + } + }, + "/asm/api/v1/dashboard/asset/count": { + "get": { + "tags": [ + "Cloud Discovery and Exposure Management" + ], + "summary": "Get Convertible Assets Count", + "description": "Get the total number of convertible assets.", + "operationId": "getAssetCounts", + "responses": { + "200": { + "description": "OK", + "content": { + "application/json": { + "schema": { + "type": "object" + } + } + } + } + }, + "x-public": "true", + "security": [ + { + "x-redlock-auth": [] + } + ] + } + }, + "/asm/api/v1/asset/{asset_id}": { + "get": { + "tags": [ + "Cloud Discovery and Exposure Management" + ], + "summary": "Get Asset Details by ID", + "description": "Get asset overview or details by asset id.", + "operationId": "get-asset-details", + "parameters": [ + { + "name": "asset_id", + "in": "path", + "description": "Asset ID", + "required": true, + "schema": { + "type": "string", + "format": "uuid" + } + }, + { + "name": "snapshot_date", + "in": "query", + "description": "Snapshot date", + "required": true, + "schema": { + "type": "integer", + "format": "int64" + } + }, + { + "name": "asset_type", + "in": "query", + "description": "Asset type", + "required": false, + "schema": { + "type": "string" + } + }, + { + "name": "manage_type", + "in": "query", + "description": "Manage type", + "required": false, + "schema": { + "type": "string", + "default": "UNMANAGED" + } + }, + { + "name": "all_asset_details", + "in": "query", + "description": "Set it true to fetch all asset details.", + "required": false, + "schema": { + "type": "boolean", + "default": false + } + } + ], + "responses": { + "200": { + "description": "OK", + "content": { + "application/json": { + "schema": { + "type": "object" + } + } + } + } + }, + "x-public": "true", + "security": [ + { + "x-redlock-auth": [] + } + ] + } + }, + "/asm/api/v1/asset/{asmAssetId}/service": { + "get": { + "tags": [ + "Cloud Discovery and Exposure Management" + ], + "summary": "Get List of Service for an Asset", + "description": "Get the list of services for assets by asset-id.", + "operationId": "fetchAsmServicesLinkedToAsset", + "parameters": [ + { + "name": "asmAssetId", + "in": "path", + "required": true, + "schema": { + "type": "string" + } + }, + { + "name": "snapshot_date", + "in": "query", + "description": "Snapshot date", + "required": true, + "schema": { + "type": "string" + } + }, + { + "name": "next_page_token", + "in": "query", + "description": "Next page token", + "required": false, + "schema": { + "type": "string" + } + } + ], + "responses": { + "200": { + "description": "OK", + "content": { + "application/json": { + "schema": { + "type": "object" + } + } + } + } + }, + "x-public": "true", + "security": [ + { + "x-redlock-auth": [] + } + ] + } + }, + "/asm/api/v1/asset/filters": { + "get": { + "tags": [ + "Cloud Discovery and Exposure Management" + ], + "summary": "Get Asset Filters", + "description": "Gets the list of supported asset filters and their values based on which you can fetch asset details.", + "operationId": "getAssetFilters", + "responses": { + "200": { + "description": "OK", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/AssetFilterResponse" + } + } + } + } + }, + "x-public": "true", + "security": [ + { + "x-redlock-auth": [] + } + ] + } + } + }, + "components": { + "schemas": { + "CloudAccountDetails": { + "type": "object", + "properties": { + "accountId": { + "title": "Account ID", + "type": "string" + }, + "accountName": { + "title": "Account name", + "type": "string" + }, + "cloudType": { + "title": "Cloud types", + "type": "string", + "enum": [ + "AWS", + "GCP", + "AZURE", + "ALIBABA_CLOUD" + ] + } + } + }, + "CloudAccountsList": { + "type": "object", + "properties": { + "cloudAccounts": { + "uniqueItems": true, + "type": "array", + "items": { + "$ref": "#/components/schemas/CloudAccountDetails" + } + } + } + }, + "AccountConversionResponse": { + "type": "object", + "properties": { + "status": { + "type": "integer", + "format": "int32" + }, + "error": { + "type": "string" + }, + "conversionStatus": { + "type": "string" + }, + "message": { + "type": "string" + }, + "path": { + "type": "string" + } + } + }, + "AccountConversionResponseList": { + "type": "object", + "properties": { + "value": { + "type": "array", + "items": { + "$ref": "#/components/schemas/AccountConversionResponse" + } + } + } + }, + "AssetInventoryRequest": { + "type": "object", + "properties": { + "snapshotDate": { + "title": "Snapshot date", + "type": "integer", + "format": "int64" + }, + "cloudTypes": { + "title": "Cloud types", + "uniqueItems": true, + "type": "array", + "items": { + "title": "Cloud types", + "type": "string", + "enum": [ + "AWS", + "GCP", + "AZURE", + "ALIBABA_CLOUD" + ] + }, + "enum": [ + "AWS", + "GCP", + "AZURE", + "ALIBABA_CLOUD" + ] + }, + "assetTypes": { + "title": "Asset types", + "uniqueItems": true, + "type": "array", + "items": { + "title": "Asset types", + "type": "string", + "default": "['Domain', 'ResponsiveIP']" + }, + "default": "['Domain', 'ResponsiveIP']" + }, + "manageType": { + "title": "Manage type", + "type": "string", + "enum": [ + "MANAGED", + "UNMANAGED" + ], + "default": "UNMANAGED" + }, + "serviceTypes": { + "title": "Service types", + "uniqueItems": true, + "type": "array", + "items": { + "title": "Service types", + "type": "string" + } + }, + "nextPageToken": { + "title": "Next page token", + "type": "string" + }, + "searchText": { + "title": "Seach text", + "type": "string" + } + } + }, + "FindingRequest": { + "type": "object", + "properties": { + "snapshotDate": { + "title": "Snapshot date in ms", + "type": "integer", + "format": "int64" + }, + "types": { + "title": "List of types", + "type": "array", + "items": { + "title": "List of types", + "type": "string" + } + }, + "severities": { + "title": "List of severities", + "type": "array", + "items": { + "title": "List of severities", + "type": "string", + "enum": [ + "High", + "Critical", + "Medium", + "Low" + ] + }, + "enum": [ + "High", + "Critical", + "Medium", + "Low" + ] + } + } + }, + "SidecarOverview": { + "type": "object", + "properties": { + "pcAssetId": { + "title": "Prisma Cloud asset ID", + "type": "string" + }, + "asmAssetId": { + "title": "CDEM asset ID", + "type": "string", + "format": "uuid" + }, + "name": { + "title": "Name", + "type": "string" + }, + "cloudTypes": { + "title": "Set of cloud types", + "uniqueItems": true, + "type": "array", + "items": { + "title": "Set of cloud types", + "type": "string", + "enum": [ + "AWS", + "AZURE", + "GCP", + "ALIBABA_CLOUD" + ] + } + }, + "cloudAccountId": { + "title": "Cloud account ID", + "type": "string" + }, + "cloudAccountName": { + "title": "Cloud account name", + "type": "string" + }, + "conversionStatus": { + "title": "Conversion status", + "type": "string", + "enum": [ + "DISCOVERED", + "IN_PROGRESS", + "UNABLE_TO_CONVERT", + "FAILED", + "CONVERTED" + ] + }, + "type": { + "title": "Type", + "type": "string" + } + } + }, + "ResourceTypeAggregation": { + "type": "object", + "properties": { + "cloudTypes": { + "title": "Cloud types", + "uniqueItems": true, + "type": "array", + "items": { + "title": "Cloud types", + "type": "string", + "enum": [ + "AWS", + "GCP", + "AZURE", + "ALIBABA_CLOUD" + ] + }, + "enum": [ + "AWS", + "GCP", + "AZURE", + "ALIBABA_CLOUD" + ] + }, + "snapshotDate": { + "title": "Snapshot date", + "type": "integer", + "format": "int64" + }, + "serviceTypes": { + "title": "Service types", + "uniqueItems": true, + "type": "array", + "items": { + "title": "Service types", + "type": "string" + } + }, + "assetTypes": { + "title": "Asset types", + "uniqueItems": true, + "type": "array", + "items": { + "title": "Asset types", + "type": "string", + "default": "['Domain', 'ResponsiveIP']" + }, + "default": "['Domain', 'ResponsiveIP']" + }, + "manageType": { + "title": "Manage type", + "type": "string", + "enum": [ + "MANAGED", + "UNMANAGED" + ], + "default": "UNMANAGED" + } + } + }, + "CloudTypeAggregation": { + "type": "object", + "properties": { + "snapshotDate": { + "title": "Snapshot Date in ms", + "type": "integer", + "format": "int64" + }, + "assetTypes": { + "title": "Asset types", + "uniqueItems": true, + "type": "array", + "items": { + "title": "Asset types", + "type": "string", + "default": "['Domain', 'ResponsiveIP']" + }, + "default": "['Domain', 'ResponsiveIP']" + }, + "manageType": { + "title": "Manage type", + "type": "string", + "enum": [ + "MANAGED", + "UNMANAGED" + ], + "default": "UNMANAGED" + }, + "serviceTypes": { + "title": "Service types", + "uniqueItems": true, + "type": "array", + "items": { + "title": "Service types", + "type": "string" + } + }, + "cloudTypes": { + "title": "Cloud types", + "uniqueItems": true, + "type": "array", + "items": { + "title": "Cloud types", + "type": "string", + "enum": [ + "AWS", + "GCP", + "AZURE", + "ALIBABA_CLOUD" + ] + }, + "enum": [ + "AWS", + "GCP", + "AZURE", + "ALIBABA_CLOUD" + ] + } + } + }, + "AssetTrend": { + "type": "object", + "properties": { + "ts": { + "type": "integer", + "format": "int64" + }, + "managedAssetCount": { + "type": "integer", + "format": "int64" + }, + "unmanagedAssetCount": { + "type": "integer", + "format": "int64" + }, + "remediatedAssetCount": { + "type": "integer", + "format": "int64" + } + } + }, + "AsmInternetExposureRisk": { + "type": "object", + "properties": { + "lastScanTs": { + "type": "integer", + "format": "int64" + }, + "managedAsset": { + "$ref": "#/components/schemas/Assets" + }, + "unManagedAsset": { + "$ref": "#/components/schemas/Assets" + }, + "remediatedAsset": { + "$ref": "#/components/schemas/Assets" + }, + "unmanagedAssetsRatio": { + "$ref": "#/components/schemas/AssetsRatio" + } + } + }, + "Assets": { + "type": "object", + "properties": { + "count": { + "type": "integer", + "format": "int64" + }, + "delta": { + "type": "number", + "format": "double" + } + } + }, + "AssetsRatio": { + "type": "object", + "properties": { + "value": { + "type": "number", + "format": "double" + }, + "delta": { + "type": "number", + "format": "double" + } + } + }, + "AssetsByGeoLocation": { + "type": "object", + "properties": { + "value": { + "type": "array", + "items": { + "$ref": "#/components/schemas/GeoLocation" + } + } + } + }, + "GeoLocation": { + "type": "object", + "properties": { + "country": { + "type": "string" + }, + "count": { + "type": "integer", + "format": "int32" + }, + "convertible": { + "type": "integer", + "format": "int32" + }, + "nonConvertible": { + "type": "integer", + "format": "int32" + } + } + }, + "AssetFilterResponse": { + "type": "object", + "properties": { + "serviceTypes": { + "type": "array", + "items": { + "type": "string" + } + }, + "cloudTypes": { + "uniqueItems": true, + "type": "array", + "items": { + "type": "string" + } + }, + "assetTypes": { + "type": "array", + "items": { + "type": "string" + } + } + } + } + }, + "securitySchemes": { + "x-redlock-auth": { + "description": "The x-redlock-auth value is a JSON Web Token (JWT).", + "in": "header", + "name": "x-redlock-auth", + "type": "apiKey" + } + } + } +} diff --git a/openapi-specs/cspm/CloudAccounts(AWS).json b/openapi-specs/cspm/CloudAccounts(AWS).json index 2078963ef..e11de57ec 100644 --- a/openapi-specs/cspm/CloudAccounts(AWS).json +++ b/openapi-specs/cspm/CloudAccounts(AWS).json @@ -514,6 +514,14 @@ "Feature": { "description": "Model for Feature", "properties": { + "defaultMemberState": { + "description": "Enable or disable the feature for all the member accounts linked to this organization. You can enable or disable the defaultMemberState only if the feature state is enabled for the organization. Applicable only for ```Serverless Function Scanning``` and ```Agentless Workload Scanning``` features.", + "enum": [ + "enabled", + "disabled" + ], + "type": "string" + }, "name": { "description": "Feature name obtained from **[Fetch Supported Features endpoint](/prisma-cloud/api/cspm/fetch-supported-features)**", "example": "Remediation", diff --git a/openapi-specs/cspm/CloudAccounts(All).json b/openapi-specs/cspm/CloudAccounts(All).json index efb8cba3f..220542058 100644 --- a/openapi-specs/cspm/CloudAccounts(All).json +++ b/openapi-specs/cspm/CloudAccounts(All).json @@ -177,6 +177,9 @@ "format": "int32", "type": "integer" }, + "autoConsent": { + "type": "string" + }, "cloudAccountOwner": { "description": "Cloud account owner", "type": "string" @@ -332,6 +335,9 @@ "readOnly": true, "type": "string" }, + "autoConsent": { + "type": "string" + }, "cloudAccountOwner": { "description": "Cloud account owner", "type": "string" @@ -501,6 +507,9 @@ "readOnly": true, "type": "string" }, + "autoConsent": { + "type": "string" + }, "cloudAccountOwner": { "description": "Cloud account owner", "type": "string" @@ -525,6 +534,9 @@ "readOnly": true, "type": "string" }, + "customMemberRoleNameEnabled": { + "type": "boolean" + }, "defaultAccountGroupId": { "description": "Default Account Group", "type": "string" @@ -630,6 +642,9 @@ "description": "Role ARN", "type": "string" }, + "skipOverrideMemberRoleName": { + "type": "boolean" + }, "storageScanConfig": { "allOf": [ { @@ -647,6 +662,9 @@ "storageUUID": { "description": "Storage UUID", "type": "string" + }, + "unifiedCftDisabled": { + "type": "boolean" } }, "type": "object" @@ -688,6 +706,9 @@ "format": "int32", "type": "integer" }, + "autoConsent": { + "type": "string" + }, "cloudAccountOwner": { "description": "Cloud account owner", "type": "string" @@ -829,6 +850,9 @@ "format": "int32", "type": "integer" }, + "autoConsent": { + "type": "string" + }, "cloudAccountOwner": { "description": "Cloud account owner", "type": "string" @@ -1055,6 +1079,9 @@ "format": "int32", "type": "integer" }, + "autoConsent": { + "type": "string" + }, "cloudAccountOwner": { "description": "Cloud account owner", "type": "string" @@ -1162,6 +1189,13 @@ "CloudAccountPatchModel": { "description": "Model for Account Group View", "properties": { + "autoConsent": { + "description": "Auto Consent State", + "enum": [ + "enabled/disabled" + ], + "type": "string" + }, "enabled": { "description": "Cloud Account Status", "enum": [ @@ -1349,6 +1383,14 @@ "Feature": { "description": "Model for Feature", "properties": { + "defaultMemberState": { + "description": "Enable or disable the feature for all the member accounts linked to this organization. You can enable or disable the defaultMemberState only if the feature state is enabled for the organization. Applicable only for Serverless Function Scanning and Agentless Workload Scanning features.", + "enum": [ + "enabled", + "disabled" + ], + "type": "string" + }, "name": { "description": "Feature name obtained from **[Fetch Supported Features endpoint](/prisma-cloud/api/cspm/fetch-supported-features)**", "example": "Remediation", @@ -1402,6 +1444,9 @@ "format": "int32", "type": "integer" }, + "autoConsent": { + "type": "string" + }, "cloudAccountOwner": { "description": "Cloud account owner", "type": "string" @@ -1543,6 +1588,9 @@ "format": "int32", "type": "integer" }, + "autoConsent": { + "type": "string" + }, "cloudAccountOwner": { "description": "Cloud account owner", "type": "string" @@ -1723,6 +1771,9 @@ "format": "int32", "type": "integer" }, + "autoConsent": { + "type": "string" + }, "cloudAccountOwner": { "description": "Cloud account owner", "type": "string" diff --git a/openapi-specs/cspm/CloudAccounts(Azure).json b/openapi-specs/cspm/CloudAccounts(Azure).json index 9e167c0a1..b32559a16 100644 --- a/openapi-specs/cspm/CloudAccounts(Azure).json +++ b/openapi-specs/cspm/CloudAccounts(Azure).json @@ -64,6 +64,14 @@ "AzureCloudAccountRequestModel": { "description": "Model containing the request for Azure Standalone and Tenant Cloud Account", "properties": { + "accountGroupMode": { + "description": "*Applicable only for role: **System Admin** and account type: **tenant** when ```rootSyncEnabled``` is set to ```true```.*\n\n* **MANUAL** - Create account groups manually in Prisma Cloud.\n\n* **AUTOMAP** - Automatically creates the account groups in Prisma Cloud replicating the hierarchy in Azure Cloud.", + "enum": [ + "MANUAL", + "AUTOMAP" + ], + "type": "string" + }, "clientId": { "description": "Application (Client) ID", "type": "string" @@ -222,6 +230,14 @@ "Feature": { "description": "Model for Feature", "properties": { + "defaultMemberState": { + "description": "Enable or disable the feature for all the member accounts linked to this organization. You can enable or disable the defaultMemberState only if the feature state is enabled for the organization. Applicable only for ```Serverless Function Scanning``` and ```Agentless Workload Scanning``` features.", + "enum": [ + "enabled", + "disabled" + ], + "type": "string" + }, "name": { "description": "Feature name obtained from **[Fetch Supported Features endpoint](/prisma-cloud/api/cspm/fetch-supported-features)**", "example": "Remediation", diff --git a/openapi-specs/cspm/CloudAccounts(GCP).json b/openapi-specs/cspm/CloudAccounts(GCP).json index 907332068..449270acf 100644 --- a/openapi-specs/cspm/CloudAccounts(GCP).json +++ b/openapi-specs/cspm/CloudAccounts(GCP).json @@ -153,6 +153,14 @@ "Feature": { "description": "Model for Feature", "properties": { + "defaultMemberState": { + "description": "Enable or disable the feature for all the member accounts linked to this organization. You can enable or disable the defaultMemberState only if the feature state is enabled for the organization. Applicable only for ```Serverless Function Scanning``` and ```Agentless Workload Scanning``` features.", + "enum": [ + "enabled", + "disabled" + ], + "type": "string" + }, "name": { "description": "Feature name obtained from **[Fetch Supported Features endpoint](/prisma-cloud/api/cspm/fetch-supported-features)**", "example": "Remediation", @@ -356,6 +364,23 @@ } }, "type": "object" + }, + "RestApiResponseModel": { + "description": "Model for RestApiResponse", + "properties": { + "nextPageToken": { + "description": "Next page token", + "type": "string" + }, + "response": { + "description": "Response", + "items": { + "$ref": "#/components/schemas/GcpNodeModel" + }, + "type": "array" + } + }, + "type": "object" } } }, diff --git a/openapi-specs/cspm/CloudAccounts(OCIandAlibaba).json b/openapi-specs/cspm/CloudAccounts(OCIandAlibaba).json index d37931c15..ed2be6ef4 100644 --- a/openapi-specs/cspm/CloudAccounts(OCIandAlibaba).json +++ b/openapi-specs/cspm/CloudAccounts(OCIandAlibaba).json @@ -1102,6 +1102,14 @@ "Feature": { "description": "Model for Feature", "properties": { + "defaultMemberState": { + "description": "Enable or disable the feature for all the member accounts linked to this organization. You can enable or disable the defaultMemberState only if the feature state is enabled for the organization. Applicable only for Serverless Function Scanning and Agentless Workload Scanning features.", + "enum": [ + "enabled", + "disabled" + ], + "type": "string" + }, "name": { "description": "Feature name obtained from **[Fetch Supported Features endpoint](/prisma-cloud/api/cspm/fetch-supported-features)**", "example": "Remediation", @@ -1701,6 +1709,9 @@ "required": true, "schema": { "enum": [ + "aws", + "azure", + "gcp", "alibaba_cloud", "oci" ], @@ -1778,6 +1789,9 @@ "required": true, "schema": { "enum": [ + "aws", + "azure", + "gcp", "alibaba_cloud", "oci" ], @@ -1845,6 +1859,9 @@ "required": true, "schema": { "enum": [ + "aws", + "azure", + "gcp", "alibaba_cloud", "oci" ], diff --git a/openapi-specs/cspm/CollectionsMicroservice.json b/openapi-specs/cspm/CollectionsMicroservice.json new file mode 100644 index 000000000..8159d8edd --- /dev/null +++ b/openapi-specs/cspm/CollectionsMicroservice.json @@ -0,0 +1,1322 @@ +{ + "openapi": "3.0.1", + "info": { + "title": "Platform: Entitlement Service.", + "contact": { + "name": "Slack Us", + "url": "https://panw-rnd.slack.com/archives/G01PXHBT074" + }, + "version": "1.0" + }, + "externalDocs": { + "description": "Platform Wiki Documentation", + "url": "https://redlock.atlassian.net/wiki/spaces/RED/pages/3211854036/Entitlement+service" + }, + "servers": [ + { + "url": "https://api.prismacloud.io" + }, + { + "url": "https://api2.prismacloud.io" + }, + { + "url": "https://api3.prismacloud.io" + }, + { + "url": "https://api4.prismacloud.io" + }, + { + "url": "https://api.anz.prismacloud.io" + }, + { + "url": "https://api.eu.prismacloud.io" + }, + { + "url": "https://api2.eu.prismacloud.io" + }, + { + "url": "https://api.gov.prismacloud.io" + }, + { + "url": "https://api.prismacloud.cn" + }, + { + "url": "https://api.ca.prismacloud.io" + }, + { + "url": "https://api.sg.prismacloud.io" + }, + { + "url": "https://api.uk.prismacloud.io" + }, + { + "url": "https://api.ind.prismacloud.io" + }, + { + "url": "https://api.jp.prismacloud.io" + }, + { + "url": "https://api.fr.prismacloud.io" + } + ], + "tags": [ + { + "name": "Collections", + "description": "Prisma Cloud Collections allow you to define logical groups of assets within Prisma Cloud which are meaningful to the stakeholders in your cloud environments. You can create Collections to represent applications and services, organize your cloud estate by business units, or maintain focused visibility on the security posture of critical components of your cloud infrastructure." + } + ], + "paths": { + "/entitlement/api/v1/collection/{id}": { + "get": { + "tags": [ + "Collections" + ], + "summary": "Get Collection by ID", + "description": "Returns all details of a Collection.\n:::info\nThis endpoint is available on the Prisma Cloud Darwin release only.\n:::\n", + "externalDocs": { + "url": "entitlement/api/v1/collection/#id", + "x-ga": "false" + }, + "operationId": "get-collection-by-id", + "parameters": [ + { + "name": "id", + "in": "path", + "description": "Collection Id", + "required": true, + "schema": { + "type": "string", + "format": "uuid" + } + } + ], + "responses": { + "500": { + "description": "Internal Server Error", + "content": { + "*/*": { + "schema": { + "type": "object" + } + } + } + }, + "503": { + "description": "Service Unavailable", + "content": { + "*/*": { + "schema": { + "type": "object" + } + } + } + }, + "403": { + "description": "Forbidden", + "content": { + "*/*": { + "schema": { + "type": "object" + } + } + } + }, + "400": { + "description": "Bad Request", + "content": { + "*/*": { + "schema": { + "type": "object" + } + } + } + }, + "200": { + "description": "Successful operation", + "content": { + "application/json; charset=UTF-8": { + "schema": { + "$ref": "#/components/schemas/Collection" + } + } + } + }, + "4XX": { + "description": "Client error", + "content": { + "application/json; charset=UTF-8": { + "schema": { + "$ref": "#/components/schemas/SpringErrorResponse" + } + } + } + }, + "429": { + "description": "API is rate limited", + "content": { + "application/json; charset=UTF-8": { + "schema": { + "$ref": "#/components/schemas/SpringErrorResponse" + } + } + } + } + }, + "security": [ + { + "x-redlock-auth": [] + } + ], + "x-ga": "23.10.2-darwin", + "x-public": "true" + }, + "put": { + "tags": [ + "Collections" + ], + "summary": "Update Collection", + "description": "Update Collection or Asset Groups details.\n:::info\nThis endpoint is available on the Prisma Cloud Darwin release only.\n:::\n", + "externalDocs": { + "url": "entitlement/api/v1/collection/#id", + "x-ga": "false" + }, + "operationId": "update-collection-by-id", + "parameters": [ + { + "name": "id", + "in": "path", + "description": "Collection Id", + "required": true, + "schema": { + "type": "string" + } + } + ], + "requestBody": { + "description": "Collections Data Model", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/Collection" + } + } + }, + "required": true + }, + "responses": { + "500": { + "description": "Internal Server Error", + "content": { + "*/*": { + "schema": { + "type": "object" + } + } + } + }, + "503": { + "description": "Service Unavailable", + "content": { + "*/*": { + "schema": { + "type": "object" + } + } + } + }, + "403": { + "description": "Forbidden", + "content": { + "*/*": { + "schema": { + "type": "object" + } + } + } + }, + "400": { + "description": "Bad Request", + "content": { + "*/*": { + "schema": { + "type": "object" + } + } + } + }, + "200": { + "description": "Successful operation", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/Collection" + } + } + } + }, + "4XX": { + "description": "Client error", + "content": { + "application/json; charset=UTF-8": { + "schema": { + "$ref": "#/components/schemas/SpringErrorResponse" + } + } + } + }, + "429": { + "description": "API is rate limited", + "content": { + "application/json; charset=UTF-8": { + "schema": { + "$ref": "#/components/schemas/SpringErrorResponse" + } + } + } + } + }, + "security": [ + { + "x-redlock-auth": [] + } + ], + "x-ga": "23.10.2-darwin", + "x-public": "true" + }, + "delete": { + "tags": [ + "Collections" + ], + "summary": "Delete Collection", + "description": "Deletes a Collection with the specified ID.\n:::info\nThis endpoint is available on the Prisma Cloud Darwin release only.\n:::\n", + "externalDocs": { + "url": "entitlement/api/v1/collection/#id", + "x-ga": "false" + }, + "operationId": "delete-collection-by-id", + "parameters": [ + { + "name": "id", + "in": "path", + "description": "Collection Id", + "required": true, + "schema": { + "type": "string", + "format": "uuid" + } + } + ], + "responses": { + "500": { + "description": "Internal Server Error", + "content": { + "*/*": { + "schema": { + "type": "object" + } + } + } + }, + "503": { + "description": "Service Unavailable", + "content": { + "*/*": { + "schema": { + "type": "object" + } + } + } + }, + "403": { + "description": "Forbidden", + "content": { + "*/*": { + "schema": { + "type": "object" + } + } + } + }, + "400": { + "description": "Bad Request", + "content": { + "*/*": { + "schema": { + "type": "object" + } + } + } + }, + "204": { + "description": "Successful operation" + }, + "4XX": { + "description": "Client error", + "content": { + "*/*": { + "schema": { + "$ref": "#/components/schemas/SpringErrorResponse" + } + } + } + }, + "429": { + "description": "API is rate limited", + "content": { + "*/*": { + "schema": { + "$ref": "#/components/schemas/SpringErrorResponse" + } + } + } + } + }, + "security": [ + { + "x-redlock-auth": [] + } + ], + "x-ga": "23.10.2-darwin", + "x-public": "true" + } + }, + "/entitlement/api/v1/collection": { + "get": { + "tags": [ + "Collections" + ], + "summary": "Get All Collections", + "description": "Returns all Collections in a paginated format, sorted by ID desc.\n:::info\nThis endpoint is available on the Prisma Cloud Darwin release only.\n:::\n", + "externalDocs": { + "url": "entitlement/api/v1/collection", + "x-ga": "false" + }, + "operationId": "get-all-collections", + "parameters": [ + { + "name": "exclude_asset_group", + "in": "query", + "description": "Exclude AssetGroup from response.", + "required": false, + "schema": { + "type": "boolean" + } + }, + { + "name": "page_size", + "in": "query", + "description": "Number of records per page. Default is 50 and max is 500.", + "required": false, + "schema": { + "type": "integer", + "format": "int32" + } + }, + { + "name": "order_by", + "in": "query", + "description": "Order by records based of ID, NAME, LAST_MODIFIED_TS.", + "required": false, + "schema": { + "type": "string" + } + }, + { + "name": "next_page_token", + "in": "query", + "description": "Token to fetch next page Collections.", + "required": false, + "schema": { + "type": "string" + } + } + ], + "responses": { + "500": { + "description": "Internal Server Error", + "content": { + "*/*": { + "schema": { + "type": "object" + } + } + } + }, + "503": { + "description": "Service Unavailable", + "content": { + "*/*": { + "schema": { + "type": "object" + } + } + } + }, + "403": { + "description": "Forbidden", + "content": { + "*/*": { + "schema": { + "type": "object" + } + } + } + }, + "400": { + "description": "Bad Request", + "content": { + "*/*": { + "schema": { + "type": "object" + } + } + } + }, + "200": { + "description": "Successful operation", + "content": { + "application/json; charset=UTF-8": { + "schema": { + "$ref": "#/components/schemas/PrismaCollectionView" + } + } + } + }, + "4XX": { + "description": "Client error", + "content": { + "application/json; charset=UTF-8": { + "schema": { + "$ref": "#/components/schemas/SpringErrorResponse" + } + } + } + }, + "429": { + "description": "API is rate limited", + "content": { + "application/json; charset=UTF-8": { + "schema": { + "$ref": "#/components/schemas/SpringErrorResponse" + } + } + } + } + }, + "security": [ + { + "x-redlock-auth": [] + } + ], + "x-ga": "23.10.2-darwin", + "x-public": "true" + }, + "post": { + "tags": [ + "Collections" + ], + "summary": "Create Collection", + "description": "Create a new Collection comprising of Asset Group Types. You can use '*' to include all Ids for a given assetGroupType.\n:::info\nThis endpoint is available on the Prisma Cloud Darwin release only.\n:::\n", + "externalDocs": { + "url": "entitlement/api/v1/collection", + "x-ga": "false" + }, + "operationId": "create-collection", + "requestBody": { + "description": "Collections Data Model", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/Collection" + }, + "examples": { + "CREATE COLLECTION": { + "description": "Create a new Collection comprising of Asset Group Types. You can use '*' to include all Ids for a given assetGroupType. \nIn the below examples all accountIds will be included.", + "value": { + "name": "test-collection", + "description": "test description", + "assetGroups": { + "accountGroupIds": [ + "ag1", + "ag2" + ], + "repositoryIds": [ + "r1", + "r2" + ], + "accountIds": [ + "*" + ] + } + } + } + } + } + }, + "required": true + }, + "responses": { + "500": { + "description": "Internal Server Error", + "content": { + "*/*": { + "schema": { + "type": "object" + } + } + } + }, + "503": { + "description": "Service Unavailable", + "content": { + "*/*": { + "schema": { + "type": "object" + } + } + } + }, + "403": { + "description": "Forbidden", + "content": { + "*/*": { + "schema": { + "type": "object" + } + } + } + }, + "400": { + "description": "Bad Request", + "content": { + "*/*": { + "schema": { + "type": "object" + } + } + } + }, + "201": { + "description": "Successful operation", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/Collection" + } + } + } + }, + "4XX": { + "description": "Client error", + "content": { + "application/json; charset=UTF-8": { + "schema": { + "$ref": "#/components/schemas/SpringErrorResponse" + } + } + } + }, + "429": { + "description": "API is rate limited", + "content": { + "application/json; charset=UTF-8": { + "schema": { + "$ref": "#/components/schemas/SpringErrorResponse" + } + } + } + } + }, + "security": [ + { + "x-redlock-auth": [] + } + ], + "x-ga": "23.10.2-darwin", + "x-public": "true" + } + } + }, + "components": { + "schemas": { + "JsonNode": { + "type": "object", + "description": "Resource list members. Each member is raw JSON. The content depends on the resource list type. For example, if the resource list type is TAG, then the member is a JSON array of TAG key/name pairs." + }, + "ResourceListModel": { + "required": [ + "members", + "name", + "resourceListType" + ], + "type": "object", + "properties": { + "id": { + "type": "string", + "description": "Resource list id", + "readOnly": true + }, + "name": { + "maxLength": 256, + "minLength": 0, + "type": "string", + "description": "Name" + }, + "resourceListType": { + "$ref": "#/components/schemas/ResourceListType" + }, + "description": { + "type": "string", + "description": "Description" + }, + "lastModifiedBy": { + "type": "string", + "description": "Last modified by", + "readOnly": true + }, + "lastModifiedTs": { + "type": "integer", + "description": "Last modified time", + "format": "int64", + "readOnly": true, + "example": 1652910398 + }, + "members": { + "$ref": "#/components/schemas/JsonNode" + } + }, + "description": "Model for Resource List" + }, + "ResourceListType": { + "type": "string", + "description": "Resource List Type", + "externalDocs": { + "description": "TAG, RESOURCE_GROUP, COMPUTE_ACCESS_GROUP are only GA values", + "url": "NOT_IMPLEMENTED" + }, + "enum": [ + "TAG", + "RESOURCE_ID", + "STRING", + "IP_ADDRESS", + "NUMBER", + "RESOURCE_GROUP", + "COMPUTE_ACCESS_GROUP" + ] + }, + "ErrorDetails": { + "required": [ + "message", + "name" + ], + "type": "object", + "properties": { + "name": { + "type": "string" + }, + "message": { + "type": "string" + } + } + }, + "SpringErrorResponse": { + "required": [ + "error", + "httpStatus", + "message", + "path", + "timestamp" + ], + "type": "object", + "properties": { + "timestamp": { + "type": "string" + }, + "httpStatus": { + "type": "integer", + "format": "int32" + }, + "error": { + "type": "string" + }, + "errorDetails": { + "type": "array", + "items": { + "$ref": "#/components/schemas/ErrorDetails" + } + }, + "message": { + "type": "string" + }, + "path": { + "type": "string" + } + } + }, + "AccountGroupModel": { + "required": [ + "accountIds", + "name" + ], + "type": "object", + "properties": { + "id": { + "type": "string", + "description": "Account Group ID", + "readOnly": true + }, + "name": { + "type": "string", + "description": "Name" + }, + "description": { + "type": "string", + "description": "Description" + }, + "lastModifiedBy": { + "type": "string", + "description": "Last Modified By", + "readOnly": true + }, + "lastModifiedTs": { + "type": "integer", + "description": "Last Modified Time", + "format": "int64", + "readOnly": true + }, + "accountIds": { + "type": "array", + "description": "Cloud Account IDs", + "items": { + "type": "string", + "description": "Cloud Account IDs" + } + }, + "autoCreated": { + "type": "boolean", + "description": "Boolean read-only attribute to indicate if account group is automatically created", + "readOnly": true + }, + "cloudAccountCount": { + "type": "integer", + "description": "Number of cloud accounts associated with this account group", + "format": "int32", + "readOnly": true + }, + "cloudAccountInfos": { + "type": "array", + "description": "Cloud account details of account associated with this account group", + "readOnly": true, + "items": { + "$ref": "#/components/schemas/CloudAccountInfo" + } + }, + "parentGroupId": { + "type": "string", + "description": "Parent Group ID", + "readOnly": true + }, + "childGroupIds": { + "type": "array", + "description": "Child Group IDs", + "items": { + "type": "string", + "description": "Child Group IDs" + } + } + }, + "description": "Model for Account Group" + }, + "CloudAccountInfo": { + "type": "object", + "properties": { + "accountId": { + "type": "string", + "description": "Account ID" + }, + "cloudType": { + "type": "string", + "description": "Cloud Type", + "readOnly": true + }, + "lastModifiedBy": { + "type": "string", + "description": "Last Modified By", + "readOnly": true + } + }, + "description": "Cloud account info linked to an account group", + "readOnly": true + }, + "AssetGroup": { + "type": "object", + "properties": { + "accountGroupIds": { + "maxItems": 5, + "type": "array", + "items": { + "type": "string" + } + }, + "accountIds": { + "maxItems": 1000, + "type": "array", + "items": { + "type": "string" + } + }, + "repositoryIds": { + "maxItems": 1000, + "type": "array", + "items": { + "type": "string" + } + } + }, + "description": "AssetGroup that are part of Collection" + }, + "Collection": { + "type": "object", + "properties": { + "id": { + "type": "string", + "description": "Collection id", + "readOnly": true + }, + "name": { + "type": "string", + "description": "Collection name" + }, + "description": { + "type": "string", + "description": "Collection description" + }, + "createdBy": { + "type": "string", + "description": "User who created the collection", + "readOnly": true + }, + "lastModifiedBy": { + "type": "string", + "description": "User who last updated the collection ", + "readOnly": true + }, + "createdTs": { + "type": "integer", + "description": "Collection created date", + "format": "int64", + "readOnly": true + }, + "lastModifiedTs": { + "type": "integer", + "description": "Collection last updated date", + "format": "int64", + "readOnly": true + }, + "assetGroups": { + "$ref": "#/components/schemas/AssetGroup" + } + }, + "description": "Collections Data Model" + }, + "AccountGroupPage": { + "type": "object", + "properties": { + "content": { + "type": "array", + "items": { + "$ref": "#/components/schemas/AccountGroupV1" + } + }, + "nextPageToken": { + "type": "string" + }, + "nextPageUrl": { + "type": "string" + } + } + }, + "AccountGroupV1": { + "required": [ + "accountIds", + "name" + ], + "type": "object", + "properties": { + "id": { + "type": "string", + "description": "Account Group ID", + "readOnly": true + }, + "name": { + "type": "string", + "description": "Name" + }, + "description": { + "type": "string", + "description": "Description" + }, + "lastModifiedBy": { + "type": "string", + "description": "Last Modified By", + "readOnly": true + }, + "lastModifiedTs": { + "type": "integer", + "description": "Last Modified Time", + "format": "int64", + "readOnly": true + }, + "accountIds": { + "uniqueItems": true, + "type": "array", + "description": "Cloud Account IDs", + "items": { + "type": "string", + "description": "Cloud Account IDs" + } + }, + "nonOnboardedCloudAccountIds": { + "title": "This field specifies accounts which have not been on-boarded on PC but have Compute defender deployed", + "uniqueItems": true, + "type": "array", + "description": "Non Onboarded Cloud Account IDs", + "externalDocs": { + "description": "Not GAed", + "url": "NOT_IMPLEMENTED" + }, + "items": { + "title": "This field specifies accounts which have not been on-boarded on PC but have Compute defender deployed", + "type": "string", + "description": "Non Onboarded Cloud Account IDs", + "externalDocs": { + "description": "Not GAed", + "url": "NOT_IMPLEMENTED" + } + } + }, + "autoCreated": { + "type": "boolean", + "description": "Boolean read-only attribute to indicate if account group is automatically created", + "readOnly": true + }, + "cloudAccountCount": { + "type": "integer", + "description": "Number of cloud accounts associated with this account group", + "format": "int32", + "readOnly": true + }, + "parentGroupId": { + "type": "string", + "description": "Parent Group ID", + "readOnly": true, + "externalDocs": { + "description": "Not GAed", + "url": "NOT_IMPLEMENTED" + } + } + }, + "description": "Model for Account Group" + }, + "AccountGroupCriteria": { + "title": "AccountGroup Search Request Filter", + "type": "object", + "properties": { + "accountGroupIds": { + "uniqueItems": true, + "type": "array", + "description": "AccountGroup Ids. Search returns only matching records in the response ", + "items": { + "type": "string" + } + }, + "includeChildAccountGroups": { + "type": "boolean", + "description": "Fetch child account groups for the parent account group ids defined in #accountGroupIds filter. ", + "default": false + }, + "excludeAutoCreated": { + "type": "boolean", + "description": "Exclude auto created account groups. Note that if excludeAutoCreated is set to true AUTO_CREATED field will always be included in the response irrespective of the #includefields criteria ", + "default": false + } + } + }, + "Entity": { + "type": "object", + "properties": { + "name": { + "type": "string" + }, + "parentId": { + "type": "string" + }, + "id": { + "type": "string" + }, + "type": { + "type": "string", + "enum": [ + "FOLDER", + "ACCOUNT", + "ORG" + ] + }, + "onboarded": { + "type": "boolean" + } + } + }, + "OnboardRequest": { + "type": "object", + "properties": { + "accountId": { + "type": "string" + }, + "entities": { + "type": "array", + "items": { + "$ref": "#/components/schemas/Entity" + } + } + }, + "description": "Model for Account Group" + }, + "CustomerSupportFilter": { + "type": "object", + "properties": { + "customerName": { + "type": "string" + }, + "customerId": { + "type": "integer", + "format": "int32" + } + } + }, + "ResourceListNames": { + "required": [ + "resourceListType" + ], + "type": "object", + "properties": { + "id": { + "type": "string", + "description": "Resource List id" + }, + "name": { + "type": "string", + "description": "Name" + }, + "resourceListType": { + "$ref": "#/components/schemas/ResourceListType" + } + } + }, + "AccountGroupMetadataViewModel": { + "required": [ + "name" + ], + "type": "object", + "properties": { + "id": { + "type": "string", + "description": "Account Group ID", + "readOnly": true + }, + "name": { + "type": "string", + "description": "Name" + }, + "autoCreated": { + "type": "boolean", + "description": "Boolean to indicate if account group is automatically created", + "readOnly": true + } + } + }, + "AccountGroupViewModel": { + "required": [ + "accountIds", + "name" + ], + "type": "object", + "properties": { + "id": { + "type": "string", + "description": "Account Group ID", + "readOnly": true + }, + "name": { + "type": "string", + "description": "Name" + }, + "description": { + "type": "string", + "description": "Description" + }, + "lastModifiedBy": { + "type": "string", + "description": "Last Modified By", + "readOnly": true + }, + "lastModifiedTs": { + "type": "integer", + "description": "Last Modified Time", + "format": "int64", + "readOnly": true + }, + "accountIds": { + "type": "array", + "description": "Cloud Account IDs", + "items": { + "type": "string", + "description": "Cloud Account IDs" + } + }, + "autoCreated": { + "type": "boolean", + "description": "Boolean read-only attribute to indicate if account group is automatically created", + "readOnly": true + }, + "cloudAccountCount": { + "type": "integer", + "description": "Number of cloud accounts associated with this account group", + "format": "int32", + "readOnly": true + }, + "cloudAccountInfos": { + "type": "array", + "description": "Cloud account details of account associated with this account group", + "readOnly": true, + "items": { + "$ref": "#/components/schemas/CloudAccountInfo" + } + }, + "parentGroupId": { + "type": "string", + "description": "Parent Group ID", + "readOnly": true + }, + "childGroupIds": { + "type": "array", + "description": "Child Group IDs", + "items": { + "type": "string", + "description": "Child Group IDs" + } + }, + "accounts": { + "type": "array", + "description": "Associated Cloud Accounts", + "readOnly": true, + "items": { + "type": "object", + "additionalProperties": { + "type": "string", + "description": "Associated Cloud Accounts", + "readOnly": true + }, + "description": "Associated Cloud Accounts", + "readOnly": true + } + }, + "alertRules": { + "type": "array", + "description": "Singly associated alert rules which cannot exist in the system without the account group", + "readOnly": true, + "items": { + "$ref": "#/components/schemas/CustomAlertRule" + } + }, + "parentInfo": { + "$ref": "#/components/schemas/AccountGroupMetadataViewModel" + } + }, + "description": "Model for Account Group View" + }, + "CustomAlertRule": { + "type": "object", + "properties": { + "alertId": { + "type": "string" + }, + "alertName": { + "type": "string" + } + }, + "description": "Singly associated alert rules which cannot exist in the system without the account group", + "readOnly": true + }, + "PrismaCollectionView": { + "type": "object", + "properties": { + "value": { + "type": "array", + "items": { + "$ref": "#/components/schemas/Collection" + } + }, + "nextPageToken": { + "type": "string" + } + } + }, + "AccountGroupV1Page": { + "type": "object", + "properties": { + "value": { + "type": "array", + "items": { + "$ref": "#/components/schemas/AccountGroupV1" + } + }, + "nextPageToken": { + "type": "string" + } + } + } + }, + "headers": { + "prismaId": { + "description": "x-prisma-tenant-id", + "style": "simple", + "schema": { + "type": "string" + } + } + }, + "securitySchemes": { + "x-redlock-auth": { + "description": "The x-redlock-auth value is a JSON Web Token (JWT).", + "in": "header", + "name": "x-redlock-auth", + "type": "apiKey" + } + } + }, + "x-tagGroups": [ + { + "tags": [ + "ResourceLists", + "AccountGroups", + "Collections" + ], + "name": "public" + }, + { + "tags": [ + "ResourceLists Service", + "AccountGroups Service", + "Collections Service" + ], + "name": "service" + }, + { + "tags": [ + "ResourceLists Support" + ], + "name": "support" + } + ] +} diff --git a/openapi-specs/cspm/CommandCenterMicroService.json b/openapi-specs/cspm/CommandCenterMicroService.json index 70f86395a..ba5662e4b 100644 --- a/openapi-specs/cspm/CommandCenterMicroService.json +++ b/openapi-specs/cspm/CommandCenterMicroService.json @@ -1,18 +1,310 @@ { "openapi": "3.0.3", "info": { - "title": "Command Center Vulnerability Swim Lane APIs", - "version": "1.0.0" + "title": "pcs-command-center API", + "version": "1.0.0-SNAPSHOT" }, "tags": [ { "name": "Command Center", - "description": "Command Center Vulnerability Swim Lane APIs", + "description": "The Command Center dashboard provides you with a unified view of the top cloud security incidents and risks uncovered across the assets monitored by Prisma™ Cloud. Use the following APIs to fetch the Command Center Dashboard details." + }, + { + "name": "Command Center Download Report APIs", + "description": "Command Center Download Report APIs for downloading reports" + }, + { + "name": "Command Center Swimlane APIs", "x-public": "true" } ], "paths": { - "/commandcenter/v1/top-vulnerabilities": { + "/api/v1/summary/{swimlane-type}": { + "post": { + "tags": [ + "Command Center" + ], + "summary": "List Total Alerts by Severity", + "description": "Gets the alert count summary based on the severity for the request time, accounts, account groups and swimlane type. Maximum time range supported is last 30 days.", + "operationId": "command-center-list-total-alerts-by-severity", + "parameters": [ + { + "name": "swimlane-type", + "in": "path", + "description": "Type of the swimlane. Allowed values: [misconfigurations, incidents, exposures, iam, data-security, attack-path]", + "required": true, + "schema": { + "type": "string" + } + }, + { + "name": "x-redlock-auth", + "in": "header", + "schema": { + "type": "string" + } + } + ], + "requestBody": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/SwimlaneApiRequest" + } + } + }, + "required": true + }, + "responses": { + "200": { + "description": "OK", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/SummaryResponse" + } + } + } + }, + "400": { + "description": "Bad Request", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/ErrorResponse" + } + } + } + }, + "401": { + "description": "Unauthorized" + }, + "403": { + "description": "Forbidden" + }, + "429": { + "description": "Too Many Requests" + }, + "500": { + "description": "Internal Server Error", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/ErrorResponse" + } + } + } + }, + "503": { + "description": "Service unavailable", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/ErrorResponse" + } + } + } + } + }, + "security": [ + { + "x-redlock-auth": [] + } + ], + "x-public": "true" + } + }, + "/api/v1/top-assets/{swimlane-type}": { + "post": { + "tags": [ + "Command Center" + ], + "summary": "List Top N Assets", + "description": "Gets the data for the top N assets with highest alerts, based on the type for the request time, accounts account groups and swimlane type. Maximum time range supported is last 30 days.", + "operationId": "command-center-list-top-assets", + "parameters": [ + { + "name": "swimlane-type", + "in": "path", + "description": "Type of the swimlane. Allowed values: [misconfigurations, incidents, exposures, iam, data-security, attack-path]", + "required": true, + "schema": { + "type": "string" + } + }, + { + "name": "x-redlock-auth", + "in": "header", + "schema": { + "type": "string" + } + } + ], + "requestBody": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/TopResourcesApiRequest" + } + } + }, + "required": true + }, + "responses": { + "200": { + "description": "OK", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/TopAssetsResponse" + } + } + } + }, + "400": { + "description": "Bad Request", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/ErrorResponse" + } + } + } + }, + "401": { + "description": "Unauthorized" + }, + "403": { + "description": "Forbidden" + }, + "429": { + "description": "Too Many Requests" + }, + "500": { + "description": "Internal Server Error", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/ErrorResponse" + } + } + } + }, + "503": { + "description": "Service unavailable", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/ErrorResponse" + } + } + } + } + }, + "security": [ + { + "x-redlock-auth": [] + } + ], + "x-public": "true" + } + }, + "/api/v1/top-policies/{swimlane-type}": { + "post": { + "tags": [ + "Command Center" + ], + "summary": "List Top Policies", + "description": "Gets the data for the top N policies with most alerts, based on the type for the request time, accounts, account groups and swimlane type. Maximum time range supported is last 30 days.", + "operationId": "command-center-list-top-policies", + "parameters": [ + { + "name": "swimlane-type", + "in": "path", + "description": "Type of the swimlane. Allowed values: [misconfigurations, incidents, exposures, iam, data-security, attack-path]", + "required": true, + "schema": { + "type": "string" + } + }, + { + "name": "x-redlock-auth", + "in": "header", + "schema": { + "type": "string" + } + } + ], + "requestBody": { + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/TopResourcesApiRequest" + } + } + }, + "required": true + }, + "responses": { + "200": { + "description": "OK", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/TopPoliciesResponse" + } + } + } + }, + "400": { + "description": "Bad Request", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/ErrorResponse" + } + } + } + }, + "401": { + "description": "Unauthorized" + }, + "403": { + "description": "Forbidden" + }, + "429": { + "description": "Too Many Requests" + }, + "500": { + "description": "Internal Server Error", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/ErrorResponse" + } + } + } + }, + "503": { + "description": "Service unavailable", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/ErrorResponse" + } + } + } + } + }, + "security": [ + { + "x-redlock-auth": [] + } + ], + "x-public": "true" + } + }, + "/v1/top-vulnerabilities": { "post": { "tags": [ "Command Center" @@ -112,7 +404,7 @@ "x-public": "true" } }, - "/commandcenter/v1/vulnerabilities/summary": { + "/v1/vulnerabilities/summary": { "post": { "tags": [ "Command Center" @@ -200,6 +492,39 @@ }, "components": { "schemas": { + "AbsoluteTimeRangeConfig": { + "type": "object", + "properties": { + "type": { + "description": "Type of time ranges supported: [absolute, relative]", + "type": "string" + }, + "value": { + "description": "Absolute Time containing start and end time. Maximum time range supported is last 30 days.", + "type": "object", + "allOf": [ + { + "$ref": "#/components/schemas/Time" + } + ] + } + } + }, + "AlertsCounts": { + "type": "object", + "properties": { + "totalCriticalAlerts": { + "format": "int64", + "description": "Total number of alerts with critical severity", + "type": "integer" + }, + "totalHighAlerts": { + "format": "int64", + "description": "Total number of alerts with high severity", + "type": "integer" + } + } + }, "Error": { "type": "object", "properties": { @@ -226,12 +551,20 @@ "type": "object", "properties": { "name": { - "$ref": "#/components/schemas/FilterType" + "description": "Name of the allowed Filter types. Allowed names: [account.group, cloud.account]", + "type": "string", + "allOf": [ + { + "$ref": "#/components/schemas/FilterType" + } + ] }, "operator": { + "description": "Only allowed operator for the filter is '='", "type": "string" }, "value": { + "description": "Value for the applied filter", "type": "string" } } @@ -243,15 +576,296 @@ ], "type": "string" }, + "RelativeTimeDuration": { + "type": "object", + "properties": { + "unit": { + "$ref": "#/components/schemas/TimeUnit" + }, + "amount": { + "format": "int32", + "type": "integer" + } + } + }, + "RelativeTimeRangeConfig": { + "type": "object", + "properties": { + "type": { + "description": "Type of time ranges supported: [absolute, relative]", + "type": "string" + }, + "value": { + "description": "Relative time supporting past hour, week and month. Maximum time range supported is 1 month", + "type": "object", + "allOf": [ + { + "$ref": "#/components/schemas/RelativeTimeDuration" + } + ] + } + } + }, + "SummaryResponse": { + "type": "object", + "properties": { + "value": { + "description": "Alert count details", + "type": "object", + "allOf": [ + { + "$ref": "#/components/schemas/AlertsCounts" + } + ] + }, + "startTime": { + "format": "int64", + "description": "Start time of the time range", + "type": "integer" + }, + "endTime": { + "format": "int64", + "description": "End time of the time range", + "type": "integer" + }, + "swimlaneType": { + "description": "Type of the swimlane", + "type": "string" + }, + "lastScanTs": { + "format": "int64", + "description": "Last scan time of the backend aggregation job", + "type": "integer" + } + } + }, + "SwimlaneApiRequest": { + "required": [ + "timeRange" + ], + "type": "object", + "properties": { + "filters": { + "description": "List of filters that can be applied for the API", + "type": "array", + "items": { + "$ref": "#/components/schemas/Filter" + } + }, + "timeRange": { + "description": "Time range for which the API is requested", + "type": "object", + "allOf": [ + { + "$ref": "#/components/schemas/TimeRangeConfig" + } + ] + } + } + }, + "Time": { + "type": "object", + "properties": { + "startTime": { + "format": "int64", + "type": "integer" + }, + "endTime": { + "format": "int64", + "type": "integer" + } + } + }, "TimeRangeConfig": { "type": "object", "properties": { "type": { + "description": "Type of time ranges supported: [absolute, relative]", "type": "string" }, "value": { "type": "object" } + }, + "oneOf": [ + { + "$ref": "#/components/schemas/AbsoluteTimeRangeConfig" + }, + { + "$ref": "#/components/schemas/RelativeTimeRangeConfig" + } + ] + }, + "TimeUnit": { + "enum": [ + "hour", + "week", + "month" + ], + "type": "string" + }, + "TopAssetInfo": { + "type": "object", + "properties": { + "externalResourceId": { + "description": "Id of the asset", + "type": "string" + }, + "resourceName": { + "description": "Name of the asset", + "type": "string" + }, + "cloudName": { + "description": "Cloud type name of the asset", + "type": "string" + }, + "serviceName": { + "description": "Service name of the asset", + "type": "string" + }, + "accountName": { + "description": "Account name of the asset", + "type": "string" + }, + "alertCount": { + "format": "int64", + "description": "Total number of alerts associated with the asset", + "type": "integer" + }, + "criticalAlertCount": { + "format": "int64", + "description": "Total number of critical severity alerts associated with the asset", + "type": "integer" + }, + "highAlertCount": { + "format": "int64", + "description": "Total number of high severity alerts associated with the asset", + "type": "integer" + } + } + }, + "TopAssetsResponse": { + "type": "object", + "properties": { + "value": { + "description": "List of top asset details", + "type": "array", + "items": { + "$ref": "#/components/schemas/TopAssetInfo" + } + }, + "startTime": { + "format": "int64", + "description": "Start time of the time range", + "type": "integer" + }, + "endTime": { + "format": "int64", + "description": "End time of the time range", + "type": "integer" + }, + "swimlaneType": { + "description": "Type of the swimlane", + "type": "string" + }, + "lastScanTs": { + "format": "int64", + "description": "Last scan time of the backend aggregation job", + "type": "integer" + } + } + }, + "TopPoliciesResponse": { + "type": "object", + "properties": { + "value": { + "description": "List of top policies details", + "type": "array", + "items": { + "$ref": "#/components/schemas/TopPolicyInfo" + } + }, + "startTime": { + "format": "int64", + "description": "Start time of the time range", + "type": "integer" + }, + "endTime": { + "format": "int64", + "description": "End time of the time range", + "type": "integer" + }, + "swimlaneType": { + "description": "Type of the swimlane", + "type": "string" + }, + "lastScanTs": { + "format": "int64", + "description": "Last scan time of the backend aggregation job", + "type": "integer" + } + } + }, + "TopPolicyInfo": { + "type": "object", + "properties": { + "policyId": { + "description": "Id of the policy", + "type": "string" + }, + "policyName": { + "description": "Name of the policy", + "type": "string" + }, + "policyType": { + "description": "Type of the policy", + "type": "string" + }, + "severity": { + "description": "Severity of the policy", + "type": "string" + }, + "alertCount": { + "format": "int64", + "description": "Total number of alerts associated with the policy", + "type": "integer" + }, + "policyDescription": { + "description": "Description of the policy", + "type": "string" + } + } + }, + "TopResourcesApiRequest": { + "required": [ + "timeRange" + ], + "type": "object", + "properties": { + "filters": { + "description": "List of filters that can be applied for the API", + "type": "array", + "items": { + "$ref": "#/components/schemas/Filter" + } + }, + "timeRange": { + "description": "Time range for which the API is requested", + "type": "object", + "allOf": [ + { + "$ref": "#/components/schemas/TimeRangeConfig" + } + ] + }, + "limit": { + "format": "int32", + "description": "Limit on the number of resources requested", + "default": 5, + "maximum": 10, + "minimum": 1, + "type": "integer" + } } }, "TotalVulnerabilitiesByType": { @@ -280,6 +894,10 @@ "ts": { "format": "int64", "type": "integer" + }, + "lastScanTs": { + "format": "int64", + "type": "integer" } } }, @@ -325,6 +943,10 @@ "ts": { "format": "int64", "type": "integer" + }, + "lastScanTs": { + "format": "int64", + "type": "integer" } } }, diff --git a/openapi-specs/cspm/DataSecurityDashboard.json b/openapi-specs/cspm/DataSecurityDashboard.json index b297195c3..9682b11f7 100644 --- a/openapi-specs/cspm/DataSecurityDashboard.json +++ b/openapi-specs/cspm/DataSecurityDashboard.json @@ -406,7 +406,7 @@ }, "info": { "contact": {}, - "description": "The Data Security capabilities on Prisma Cloud enable you to discover and classify data stored \nin AWS S3 buckets and protect accidental exposure, misuse, or sharing of sensitive data. The \ndata dashboard provides visibility into your S3 storage. \n\nTo get started with data security, see \n[Prisma Cloud Data Security](https://docs.paloaltonetworks.com/prisma/prisma-cloud/prisma-cloud-admin/prisma-cloud-data-security.html).\n", + "description": "The Data Security capabilities on Prisma Cloud enable you to discover and classify data stored \nin AWS S3 buckets and protect accidental exposure, misuse, or sharing of sensitive data. The \ndata dashboard provides visibility into your S3 storage. \n\nTo get started with data security, see \n[Prisma Cloud Data Security](https://docs.prismacloud.io/en/classic/cspm-admin-guide/prisma-cloud-data-security/prisma-cloud-data-security). \nIf you are upgraded to the Darwin release, \nsee [Prisma Cloud Data Security](https://docs.prismacloud.io/en/enterprise-edition/content-collections/administration/configure-data-security/configure-data-security).\n", "title": "Prisma Cloud Data Security Dashboard API Overview", "version": "Latest" }, @@ -750,7 +750,7 @@ ], "tags": [ { - "description": "The Data Security capabilities on Prisma Cloud enable you to discover and classify data stored \nin AWS S3 buckets and protect accidental exposure, misuse, or sharing of sensitive data. The \ndata dashboard provides visibility into your S3 storage. \n\nTo get started with data security, see \n[Prisma Cloud Data Security](https://docs.paloaltonetworks.com/prisma/prisma-cloud/prisma-cloud-admin/prisma-cloud-data-security.html).\n", + "description": "The Data Security capabilities on Prisma Cloud enable you to discover and classify data stored \nin AWS S3 buckets and protect accidental exposure, misuse, or sharing of sensitive data. The \ndata dashboard provides visibility into your S3 storage. \n\nTo get started with data security, see \n[Prisma Cloud Data Security](https://docs.prismacloud.io/en/classic/cspm-admin-guide/prisma-cloud-data-security/prisma-cloud-data-security). \nIf you are upgraded to the Darwin release, \nsee [Prisma Cloud Data Security](https://docs.prismacloud.io/en/enterprise-edition/content-collections/administration/configure-data-security/configure-data-security).\n", "name": "Data Security Dashboard" } ] diff --git a/openapi-specs/cspm/DataSecurityInventory.json b/openapi-specs/cspm/DataSecurityInventory.json index 8c3252986..5eb21436e 100644 --- a/openapi-specs/cspm/DataSecurityInventory.json +++ b/openapi-specs/cspm/DataSecurityInventory.json @@ -1036,7 +1036,7 @@ "operator": { "description": "Operator", "enum": [ - "=" + "tag:yaml.org,2002:value =" ], "type": "string" }, @@ -1051,7 +1051,7 @@ }, "info": { "contact": {}, - "description": "The Data Security capabilities on Prisma Cloud enable you to discover and classify data stored \nin AWS S3 buckets and protect accidental exposure, misuse, or sharing of sensitive data. The\ndata inventory provides information about the number of S3 storage buckets being monitored and\nabout how objects are exposed—public, sensitive, or malware.\n\n To get started with data security, see \n[Prisma Cloud Data Security](https://docs.paloaltonetworks.com/prisma/prisma-cloud/prisma-cloud-admin/prisma-cloud-data-security.html). \n", + "description": "The Data Security capabilities on Prisma Cloud enable you to discover and classify data stored \nin AWS S3 buckets and protect accidental exposure, misuse, or sharing of sensitive data. The\ndata inventory provides information about the number of S3 storage buckets being monitored and\nabout how objects are exposed—public, sensitive, or malware.\n\n To get started with data security, see \n [Prisma Cloud Data Security](https://docs.prismacloud.io/en/classic/cspm-admin-guide/prisma-cloud-data-security/prisma-cloud-data-security). \n If you are upgraded to the Darwin release, \n see [Prisma Cloud Data Security](https://docs.prismacloud.io/en/enterprise-edition/content-collections/administration/configure-data-security/configure-data-security). \n", "title": "Prisma Cloud Data Security Inventory API Overview", "version": "Latest" }, @@ -1700,7 +1700,7 @@ ], "tags": [ { - "description": "The Data Security capabilities on Prisma Cloud enable you to discover and classify data stored \nin AWS S3 buckets and protect accidental exposure, misuse, or sharing of sensitive data. The\ndata inventory provides information about the number of S3 storage buckets being monitored and\nabout how objects are exposed—public, sensitive, or malware.\n\n To get started with data security, see \n[Prisma Cloud Data Security](https://docs.paloaltonetworks.com/prisma/prisma-cloud/prisma-cloud-admin/prisma-cloud-data-security.html). \n", + "description": "The Data Security capabilities on Prisma Cloud enable you to discover and classify data stored \nin AWS S3 buckets and protect accidental exposure, misuse, or sharing of sensitive data. The\ndata inventory provides information about the number of S3 storage buckets being monitored and\nabout how objects are exposed—public, sensitive, or malware.\n\n To get started with data security, see \n [Prisma Cloud Data Security](https://docs.prismacloud.io/en/classic/cspm-admin-guide/prisma-cloud-data-security/prisma-cloud-data-security). \n If you are upgraded to the Darwin release, \n see [Prisma Cloud Data Security](https://docs.prismacloud.io/en/enterprise-edition/content-collections/administration/configure-data-security/configure-data-security). \n", "name": "Data Security Inventory" } ] diff --git a/openapi-specs/cspm/DataSecuritySettings.json b/openapi-specs/cspm/DataSecuritySettings.json index c5bef60e6..cc88c88b1 100644 --- a/openapi-specs/cspm/DataSecuritySettings.json +++ b/openapi-specs/cspm/DataSecuritySettings.json @@ -1010,7 +1010,7 @@ }, "info": { "contact": {}, - "description": "Prisma Cloud Data Security enables you to discover and classify data stored \nin AWS S3 buckets and protect accidental exposure, misuse, or sharing of sensitive data. You can use\nthe data security settings APIs to manage data profiles, data patterns, and snippets.\n\n### Error Handling\n\nAs with other Prisma Cloud public API requests, Data Security Settings API requests return standard \nHTTP response codes. When more details are available, the error response includes the following:\n\nProperty | Type | Description \n-----------| ---- | ----------- \nmessage | string | Error message\nname | string | Exception name\ndetail | string | Exception details \n\nTo get started with data security, see \n[Prisma Cloud Data Security](https://docs.paloaltonetworks.com/prisma/prisma-cloud/prisma-cloud-admin/prisma-cloud-data-security.html).\n", + "description": "Prisma Cloud Data Security enables you to discover and classify data stored \nin AWS S3 buckets and protect accidental exposure, misuse, or sharing of sensitive data. You can use\nthe data security settings APIs to manage data profiles, data patterns, and snippets.\n\n### Error Handling\n\nAs with other Prisma Cloud public API requests, Data Security Settings API requests return standard \nHTTP response codes. When more details are available, the error response includes the following:\n\nProperty | Type | Description \n-----------| ---- | ----------- \nmessage | string | Error message\nname | string | Exception name\ndetail | string | Exception details \n\nTo get started with data security, see \n[Prisma Cloud Data Security](https://docs.prismacloud.io/en/classic/cspm-admin-guide/prisma-cloud-data-security/prisma-cloud-data-security). \nIf you are upgraded to the Darwin release, \nsee [Prisma Cloud Data Security](https://docs.prismacloud.io/en/enterprise-edition/content-collections/administration/configure-data-security/configure-data-security).\n", "title": "Prisma Cloud Data Security Settings API Overview", "version": "Latest" }, @@ -1887,7 +1887,7 @@ ], "tags": [ { - "description": "Prisma Cloud Data Security enables you to discover and classify data stored \nin AWS S3 buckets and protect accidental exposure, misuse, or sharing of sensitive data. You can use\nthe data security settings APIs to manage data profiles, data patterns, and snippets.\n\n### Error Handling\n\nAs with other Prisma Cloud public API requests, Data Security Settings API requests return standard \nHTTP response codes. When more details are available, the error response includes the following:\n\nProperty | Type | Description \n-----------| ---- | ----------- \nmessage | string | Error message\nname | string | Exception name\ndetail | string | Exception details \n\nTo get started with data security, see \n[Prisma Cloud Data Security](https://docs.paloaltonetworks.com/prisma/prisma-cloud/prisma-cloud-admin/prisma-cloud-data-security.html).\n", + "description": "Prisma Cloud Data Security enables you to discover and classify data stored \nin AWS S3 buckets and protect accidental exposure, misuse, or sharing of sensitive data. You can use\nthe data security settings APIs to manage data profiles, data patterns, and snippets.\n\n### Error Handling\n\nAs with other Prisma Cloud public API requests, Data Security Settings API requests return standard \nHTTP response codes. When more details are available, the error response includes the following:\n\nProperty | Type | Description \n-----------| ---- | ----------- \nmessage | string | Error message\nname | string | Exception name\ndetail | string | Exception details \n\nTo get started with data security, see \n[Prisma Cloud Data Security](https://docs.prismacloud.io/en/classic/cspm-admin-guide/prisma-cloud-data-security/prisma-cloud-data-security). \nIf you are upgraded to the Darwin release, \nsee [Prisma Cloud Data Security](https://docs.prismacloud.io/en/enterprise-edition/content-collections/administration/configure-data-security/configure-data-security).\n", "name": "Data Security Settings" } ] diff --git a/openapi-specs/cspm/IAMIdpMicroService.json b/openapi-specs/cspm/IAMIdpMicroService.json index e844a37e5..98ffed1c2 100644 --- a/openapi-specs/cspm/IAMIdpMicroService.json +++ b/openapi-specs/cspm/IAMIdpMicroService.json @@ -2,7 +2,7 @@ "openapi": "3.0.1", "info": { "title": "IAM IDP Security API Overview", - "description": "Prisma Cloud identity and access management (IAM) security integrates with the identity \nprovider (IdP) service Okta to ingest single sign-on (SSO) data for the effective permissions \ncalculation in the IAM Security module.\n\n\nSee [Integrate Prisma Cloud with Okta](https://docs.paloaltonetworks.com/prisma/prisma-cloud/prisma-cloud-admin/prisma-cloud-iam-security/integrate-prisma-cloud-with-okta.html#id2990b78d-1bdc-4090-a716-d899e62db060)\nfor more information.\n", + "description": "Prisma Cloud identity and access management (IAM) security integrates with the identity \nprovider (IdP) service Okta to ingest single sign-on (SSO) data for the effective permissions \ncalculation in the IAM Security module.\n\n\nFor more information, see [Integrate Prisma Cloud with Okta](https://docs.prismacloud.io/en/classic/cspm-admin-guide/prisma-cloud-iam-security/integrate-prisma-cloud-with-okta). If you are upgraded to the Darwin release, see [Integrate Prisma Cloud with Okta](https://docs.prismacloud.io/en/enterprise-edition/content-collections/administration/configure-iam-security/integrate-prisma-cloud-with-okta)\n.", "version": "Latest", "contact": {} }, @@ -56,7 +56,7 @@ "tags": [ { "name": "IAM IDP", - "description": "Prisma Cloud identity and access management (IAM) security integrates with the identity \nprovider (IdP) service Okta to ingest single sign-on (SSO) data for the effective permissions \ncalculation in the IAM Security module.\n\n\nSee [Integrate Prisma Cloud with Okta](https://docs.paloaltonetworks.com/prisma/prisma-cloud/prisma-cloud-admin/prisma-cloud-iam-security/integrate-prisma-cloud-with-okta.html#id2990b78d-1bdc-4090-a716-d899e62db060)\nfor more information.\n" + "description": "Prisma Cloud identity and access management (IAM) security integrates with the identity \nprovider (IdP) service Okta to ingest single sign-on (SSO) data for the effective permissions \ncalculation in the IAM Security module.\n\n\nFor more information, see [Integrate Prisma Cloud with Okta](https://docs.prismacloud.io/en/classic/cspm-admin-guide/prisma-cloud-iam-security/integrate-prisma-cloud-with-okta). If you are upgraded to the Darwin release, see [Integrate Prisma Cloud with Okta](https://docs.prismacloud.io/en/enterprise-edition/content-collections/administration/configure-iam-security/integrate-prisma-cloud-with-okta)\n." } ], "paths": { diff --git a/openapi-specs/cspm/IAMMicroService.json b/openapi-specs/cspm/IAMMicroService.json index 1b3a7dce4..c422a50d0 100644 --- a/openapi-specs/cspm/IAMMicroService.json +++ b/openapi-specs/cspm/IAMMicroService.json @@ -2,7 +2,7 @@ "openapi": "3.0.1", "info": { "title": "IAM Security API Overview", - "description": "Prisma Cloud identity and access management (IAM) security provides:\n* Visiblity—Query all relevant IAM entities\n* Gonvernance—Monitor your cloud environment for overly-used permissions\n* Response—Automatically remediate permissions\n\nThe IAM security endpoints enable you to investigate IAM data programmatically.\n\nSee [Primsa Cloud IAM Security](https://docs.paloaltonetworks.com/prisma/prisma-cloud/prisma-cloud-admin/prisma-cloud-iam-security/what-is-prisma-cloud-iam-security.html)\nfor more information.\n\n\n### Error Handling\n\nLike other Prisma Cloud public API requests, the IAM security API requests return standard HTTP response codes. \nUnlike most other CSPM API error handling, IAM security API error responses do not include an [x-redlock-status](//prisma-cloud/api/cspm/api-errors)\nin the response header.\n\n\n### Pagination\n\nYou can control the number of items in a response for endpoints that support pagination. \nUse request parameter **limit** to control the maximum number of items in a response. If the response includes\n**data.nextPageToken**, use **data.nextPageToken** as the request parameter **pageToken** in a request for\nthe next page of data. \n\nThe following table summarizes the request parameters for pagination:\n\nRequest Parameter | Description \n-----------| -------\n**limit** | Maximum number of items to return in a page.\n**pageToken** | Use the **data.nextPageToken** value from the previous response object to return the next page of data.\n", + "description": "Prisma Cloud identity and access management (IAM) security provides:\n* Visiblity—Query all relevant IAM entities\n* Gonvernance—Monitor your cloud environment for overly-used permissions\n* Response—Automatically remediate permissions\n\nThe IAM security endpoints enable you to investigate IAM data programmatically.\n\nFor more information, see [Primsa Cloud IAM Security](https://docs.prismacloud.io/en/classic/cspm-admin-guide/prisma-cloud-iam-security/what-is-prisma-cloud-iam-security)\n. If you are upgraded to the Darwin release, see [Primsa Cloud IAM Security]https://docs.prismacloud.io/en/enterprise-edition/content-collections/administration/configure-iam-security/what-is-prisma-cloud-iam-security\n \n\n\n### Error Handling\n\nLike other Prisma Cloud public API requests, the IAM security API requests return standard HTTP response codes. \nUnlike most other CSPM API error handling, IAM security API error responses do not include an [x-redlock-status](//prisma-cloud/api/cspm/api-errors)\nin the response header.\n\n\n### Pagination\n\nYou can control the number of items in a response for endpoints that support pagination. \nUse request parameter **limit** to control the maximum number of items in a response. If the response includes\n**data.nextPageToken**, use **data.nextPageToken** as the request parameter **pageToken** in a request for\nthe next page of data. \n\nThe following table summarizes the request parameters for pagination:\n\nRequest Parameter | Description \n-----------| -------\n**limit** | Maximum number of items to return in a page.\n**pageToken** | Use the **data.nextPageToken** value from the previous response object to return the next page of data.\n", "version": "Latest", "contact": {} }, @@ -56,7 +56,7 @@ "tags": [ { "name": "IAM", - "description": "Prisma Cloud identity and access management (IAM) security provides:\n* Visiblity—Query all relevant IAM entities\n* Gonvernance—Monitor your cloud environment for overly-used permissions\n* Response—Automatically remediate permissions\n\nThe IAM security endpoints enable you to investigate IAM data programmatically.\n\nSee [Primsa Cloud IAM Security](https://docs.paloaltonetworks.com/prisma/prisma-cloud/prisma-cloud-admin/prisma-cloud-iam-security/what-is-prisma-cloud-iam-security.html)\nfor more information.\n\n\n### Error Handling\n\nLike other Prisma Cloud public API requests, the IAM security API requests return standard HTTP response codes. \nUnlike most other CSPM API error handling, IAM security API error responses do not include an [x-redlock-status](//prisma-cloud/api/cspm/api-errors)\nin the response header.\n\n\n### Pagination\n\nYou can control the number of items in a response for endpoints that support pagination. \nUse request parameter **limit** to control the maximum number of items in a response. If the response includes\n**data.nextPageToken**, use **data.nextPageToken** as the request parameter **pageToken** in a request for\nthe next page of data. \n\nThe following table summarizes the request parameters for pagination:\n\nRequest Parameter | Description \n-----------| -------\n**limit** | Maximum number of items to return in a page.\n**pageToken** | Use the **data.nextPageToken** value from the previous response object to return the next page of data.\n" + "description": "Prisma Cloud identity and access management (IAM) security provides:\n* Visiblity—Query all relevant IAM entities\n* Gonvernance—Monitor your cloud environment for overly-used permissions\n* Response—Automatically remediate permissions\n\nThe IAM security endpoints enable you to investigate IAM data programmatically.\n\nFor more information, see [Primsa Cloud IAM Security](https://docs.prismacloud.io/en/classic/cspm-admin-guide/prisma-cloud-iam-security/what-is-prisma-cloud-iam-security)\n. If you are upgraded to the Darwin release, see [Primsa Cloud IAM Security]https://docs.prismacloud.io/en/enterprise-edition/content-collections/administration/configure-iam-security/what-is-prisma-cloud-iam-security\n \n\n\n### Error Handling\n\nLike other Prisma Cloud public API requests, the IAM security API requests return standard HTTP response codes. \nUnlike most other CSPM API error handling, IAM security API error responses do not include an [x-redlock-status](//prisma-cloud/api/cspm/api-errors)\nin the response header.\n\n\n### Pagination\n\nYou can control the number of items in a response for endpoints that support pagination. \nUse request parameter **limit** to control the maximum number of items in a response. If the response includes\n**data.nextPageToken**, use **data.nextPageToken** as the request parameter **pageToken** in a request for\nthe next page of data. \n\nThe following table summarizes the request parameters for pagination:\n\nRequest Parameter | Description \n-----------| -------\n**limit** | Maximum number of items to return in a page.\n**pageToken** | Use the **data.nextPageToken** value from the previous response object to return the next page of data.\n" } ], "paths": { diff --git a/openapi-specs/cspm/SearchMicroService.json b/openapi-specs/cspm/SearchMicroService.json index 8aa33909a..79359bcb3 100644 --- a/openapi-specs/cspm/SearchMicroService.json +++ b/openapi-specs/cspm/SearchMicroService.json @@ -2,7 +2,7 @@ "openapi": "3.0.1", "info": { "title": "Prisma Cloud RQL APIs", - "description": "You can use the Resource Query Language (RQL) to perform configuration checks across cloud services as well as \ngain real-time insights into user and network events to gain security visibility and create policy guardrails \nin your cloud environment. See the [Prisma Cloud documentation](https://docs.paloaltonetworks.com/prisma/prisma-cloud.html) for more information.\n", + "description": "You can use the Resource Query Language (RQL) to perform configuration checks across cloud services as well as \ngain real-time insights into user and network events to gain security visibility and create policy guardrails \nin your cloud environment. For more information, see [Prisma Cloud documentation](https://docs.prismacloud.io/en/classic/cspm-admin-guide/get-started-with-prisma-cloud/get-started-with-prisma-cloud). If you are upgraded to the Darwin release, see [Prisma Cloud documentation](https://docs.prismacloud.io/en/enterprise-edition/content-collections/get-started/get-started).\n", "contact": {}, "license": { "name": "Public" @@ -59,7 +59,7 @@ "tags": [ { "name": "Search", - "description": "You can use the Resource Query Language (RQL) to perform configuration checks across cloud services as well as \ngain real-time insights into user and network events to gain security visibility and create policy guardrails \nin your cloud environment. See the [Prisma Cloud documentation](https://docs.paloaltonetworks.com/prisma/prisma-cloud.html) for more information.\n" + "description": "You can use the Resource Query Language (RQL) to perform configuration checks across cloud services as well as \ngain real-time insights into user and network events to gain security visibility and create policy guardrails \nin your cloud environment. For more information, see [Prisma Cloud documentation](https://docs.prismacloud.io/en/classic/cspm-admin-guide/get-started-with-prisma-cloud/get-started-with-prisma-cloud). If you are upgraded to the Darwin release, see [Prisma Cloud documentation](https://docs.prismacloud.io/en/enterprise-edition/content-collections/get-started/get-started).\n" } ], "paths": { diff --git a/openapi-specs/cspm/UserRoles.json b/openapi-specs/cspm/UserRoles.json index 4e60d96f6..2917bc522 100644 --- a/openapi-specs/cspm/UserRoles.json +++ b/openapi-specs/cspm/UserRoles.json @@ -279,7 +279,7 @@ ] }, "post": { - "description": "Creates a new user role. \r\n\r\nSee [Prisma Cloud Administrator Permissions](https://docs.paloaltonetworks.com/prisma/prisma-cloud/prisma-cloud-admin/manage-prisma-cloud-administrators/prisma-cloud-admin-permissions.html) \nfor the permissions associated with each role.\n\nNote that the request body parameter **accountGroupIds** is required but can be an empty array.\n", + "description": "Creates a new user role. \r\n\r\nFor the permissions associated with each role, see [Prisma Cloud Administrator Permissions](https://docs.prismacloud.io/en/classic/cspm-admin-guide/manage-prisma-cloud-administrators/prisma-cloud-admin-permissions).\nIf you are upgraded to the Darwin release, see [Prisma Cloud Administrator Permissions](https://docs.prismacloud.io/en/enterprise-edition/content-collections/administration/prisma-cloud-admin-permissions). \n\n\nNote that the request body parameter **accountGroupIds** is required but can be an empty array.\n", "operationId": "add-user-role", "requestBody": { "content": { @@ -385,7 +385,8 @@ "COMPUTE_ACCOUNT_READ_ONLY", "JIT_ADMIN", "APPSEC_ADMIN", - "JIT_REQUESTER" + "JIT_REQUESTER", + "SYSTEM_AUDITOR" ], "type": "string" }, diff --git a/openapi-specs/cspm/adjustSpecFilesForPanDev.sh b/openapi-specs/cspm/adjustSpecFilesForPanDev.sh index 1550fcd32..e40da9e68 100755 --- a/openapi-specs/cspm/adjustSpecFilesForPanDev.sh +++ b/openapi-specs/cspm/adjustSpecFilesForPanDev.sh @@ -6,7 +6,7 @@ if [ -f "Anomalies.json" ]; then jq '.tags |= [{"name":"Anomalies", "description":"temporary description - will be overwritten anyway!"}] | .paths[][].tags[] = "Anomalies"' Anomalies.json > "$tmp" && mv "$tmp" Anomalies.json # TEMPORARILY change the operationId getPolicies -> get-policies-anomalies - sed -i "" "s/getPolicies/get-policies-anomalies/g" Anomalies.json + sed -i "s/getPolicies/get-policies-anomalies/g" Anomalies.json fi # replace the global tags in the IAM file @@ -26,29 +26,37 @@ if [ -f "IAMIdp.json" ]; then fi for file in *.json; do - sed -i "" "s/\/api\/cloud\/cspm\/iam#operation\/get-permissions-access/\/prisma-cloud\/api\/cspm\/get-permissions-access-with-post/g" $file - sed -i "" "s/\/api\/cloud\/cspm\/iam#operation\/get-permissions/\/prisma-cloud\/api\/cspm\/get-permissions-with-post/g" $file + sed -i "s/\/api\/cloud\/cspm\/iam#operation\/get-permissions-access/\/prisma-cloud\/api\/cspm\/get-permissions-access-with-post/g" $file + sed -i "s/\/api\/cloud\/cspm\/iam#operation\/get-permissions/\/prisma-cloud\/api\/cspm\/get-permissions-with-post/g" $file - sed -i "" "s/\/api\/cloud\/cspm\/.*#operation\//\/prisma-cloud\/api\/cspm\//g" $file + sed -i "s/\/api\/cloud\/cspm\/.*#operation\//\/prisma-cloud\/api\/cspm\//g" $file # https://prisma.pan.dev/docs/cloud/cspm -> /prisma-cloud/docs/cspm/cspm-gs/#use-curl-to-generate-jwt-tokens-in-prisma-cloud - sed -i "" "s/https:\/\/prisma.pan.dev\/docs\/cloud/\/prisma-cloud\/docs/g" $file + sed -i "s/https:\/\/prisma.pan.dev\/docs\/cloud/\/prisma-cloud\/docs/g" $file # turn to relative links - sed -i "" "s/https:\/\/prisma.pan.dev/\//g" $file + sed -i "s/https:\/\/prisma.pan.dev/\//g" $file # /api/cloud/cspm/ - sed -i "" "s/\/api\/cloud\/cspm/\/prisma-cloud\/api\/cspm/g" $file + sed -i "s/\/api\/cloud\/cspm/\/prisma-cloud\/api\/cspm/g" $file # /api/cloud -> /prisma-cloud/api/cspm - sed -i "" "s/\/api\/cloud/\/prisma-cloud\/api\/cspm/g" $file + sed -i "s/\/api\/cloud/\/prisma-cloud\/api\/cspm/g" $file # add hyphen (i.e. v2 -> v-2) - sed -i "" "s/\/get-asset-inventory-v2-dashboard-filter-options/\/get-asset-inventory-v-2-dashboard-filter-options/g" $file + sed -i "s/\/get-asset-inventory-v2-dashboard-filter-options/\/get-asset-inventory-v-2-dashboard-filter-options/g" $file # rewrite the GLOBAL tag description when it is coming from the monolith file tmp=$(mktemp) - jq '.info.description as $tag_desc| if($tag_desc!=null) then .tags[]?.description |= $tag_desc else . end' $file | \ + jq '.info.description as $tag_desc| if($tag_desc!=null) then .tags[]?.description |= $tag_desc else . end' $file | \ + + # Add note for darwin-only APIs + #jq '.paths[][] |= if(."x-ga" and (."x-ga"|contains("darwin")) and (.description | contains("Darwin release only") | not)) then .description+="\n:::info\nThis endpoint is available on the Prisma Cloud Darwin release only.\n:::\n" else . end' | \ + + jq '.paths[][] |= if(."x-ga" and (."x-ga" |contains("darwin")) and (.description | test("Darwin release only") | not)) then .description+="\n:::info\nThis endpoint is available on the Prisma Cloud Darwin release only.\n:::\n" else . end' | \ + + # remove S2S headers or parameters if any + jq '.paths |= del(.[][].parameters[]? | select(.description!=null ) | select (.description | contains("S2S")))' | \ # delete code snippets jq '.paths |= del(.[][]."x-codeSamples")' | \ @@ -80,9 +88,12 @@ for file in *.json; do }}' | \ # add security field to every endpoint - jq '.paths[][].security |= [ { "x-redlock-auth": [] } ]' > "$tmp" && mv "$tmp" $file + jq '.paths[][].security |= [ { "x-redlock-auth": [] } ]' > "$tmp" && mv "$tmp" $file + done + + # app-login endpoint isn't supposed to be protected tmp=$(mktemp) jq '.paths |= del(.["/login"][].security)' Login.json > "$tmp" && mv "$tmp" Login.json diff --git a/openapi-specs/cspm/code2cloudMicroService.json b/openapi-specs/cspm/code2cloudMicroService.json new file mode 100644 index 000000000..69e2af546 --- /dev/null +++ b/openapi-specs/cspm/code2cloudMicroService.json @@ -0,0 +1,454 @@ +{ + "openapi": "3.0.3", + "info": { + "title": "pcs-code-to-cloud API", + "version": "1.0.0-SNAPSHOT" + }, + "tags": [ + { + "name": "Code to Cloud", + "description": "Use code to cloud dashboard to get a continuously updated snapshot view into the security posture of your cloud environment, streamline tracking and reporting. You can use the following APIs to get the trendline datapoints for deploytime and runtime respectively." + } + ], + "paths": { + "/c2c/api/v1/deploy/trend": { + "get": { + "tags": [ + "Code to Cloud" + ], + "summary": "List Deploy Trend", + "description": "Get the last 30 day trend of open deployment vulnerabilities with 1 data point for each day. The API will return the critical and high severity vulnerability count for Container Registry Image, ECR Image, Azure Registry Image, Google Container Registry Image and Google Artifact Image. The timestamp values are in epoch format and in milliseconds.\n\n**Note:** You need System Admin or System Admin Read Only role to access this API.\n:::info\nThis endpoint is available on the Prisma Cloud Darwin release only.\n:::\n", + "operationId": "code-to-cloud-list-deploy-trend", + "parameters": [ + { + "in": "header", + "name": "x-redlock-auth", + "schema": { + "type": "string" + }, + "required": true + } + ], + "responses": { + "200": { + "description": "OK", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/DeployTrendResponse" + } + } + } + }, + "400": { + "description": "Bad Request", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/ErrorResponse" + } + } + } + }, + "401": { + "description": "Unauthorized" + }, + "403": { + "description": "Forbidden" + }, + "429": { + "description": "Too Many Requests" + }, + "500": { + "description": "Internal Server Error", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/ErrorResponse" + } + } + } + }, + "503": { + "description": "Service unavailable" + } + }, + "security": [ + { + "x-redlock-auth": [] + } + ], + "x-public": "true", + "x-ga": "23.10.2-darwin" + } + }, + "/c2c/api/v1/runtime/trend": { + "get": { + "tags": [ + "Code to Cloud" + ], + "summary": "List Runtime Trend", + "description": "Get the last 30 days runtime trend of open alerts with 1 data point for each day. The API returns the open alert count of critical and high severity incidents for Policy Category and Attack Path policies. The timestamp values are in epoch format and in milliseconds. \n\n**Note:** You need System Admin or System Admin Read Only role to access this API.\n:::info\nThis endpoint is available on the Prisma Cloud Darwin release only.\n:::\n", + "operationId": "code-to-cloud-list-runtime-trend", + "parameters": [ + { + "in": "header", + "name": "x-redlock-auth", + "schema": { + "type": "string" + }, + "required": true + } + ], + "responses": { + "200": { + "description": "OK", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/RuntimeTrendResponse" + } + } + } + }, + "400": { + "description": "Bad Request", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/ErrorResponse" + } + } + } + }, + "401": { + "description": "Unauthorized" + }, + "403": { + "description": "Forbidden" + }, + "429": { + "description": "Too Many Requests" + }, + "500": { + "description": "Internal Server Error", + "content": { + "application/json": { + "schema": { + "$ref": "#/components/schemas/ErrorResponse" + } + } + } + }, + "503": { + "description": "Service unavailable" + } + }, + "security": [ + { + "x-redlock-auth": [] + } + ], + "x-public": "true", + "x-ga": "23.10.2-darwin" + } + } + }, + "components": { + "schemas": { + "AssetGroups": { + "type": "object", + "properties": { + "accountGroupIds": { + "type": "array", + "items": { + "type": "string" + } + }, + "accountIds": { + "type": "array", + "items": { + "type": "string" + } + }, + "repositoryIds": { + "type": "array", + "items": { + "type": "string" + } + } + } + }, + "C2CRow": { + "type": "object", + "properties": { + "owner": { + "type": "string" + }, + "color": { + "$ref": "#/components/schemas/Color" + }, + "collectionId": { + "type": "string" + } + } + }, + "C2CRowResponse": { + "type": "object", + "properties": { + "id": { + "type": "string" + }, + "name": { + "type": "string" + }, + "owner": { + "type": "string" + }, + "color": { + "$ref": "#/components/schemas/Color" + }, + "createdBy": { + "type": "string" + }, + "lastModifiedBy": { + "type": "string" + }, + "createdTs": { + "type": "number" + }, + "lastModifiedTs": { + "type": "number" + }, + "collectionId": { + "type": "string" + }, + "assetGroups": { + "$ref": "#/components/schemas/AssetGroups" + }, + "metrics": { + "type": "array", + "items": { + "$ref": "#/components/schemas/C2CRowMetric" + } + } + } + }, + "C2CRowsResponse": { + "type": "object", + "properties": { + "count": { + "type": "number" + }, + "value": { + "type": "array", + "items": { + "$ref": "#/components/schemas/C2CRowResponse" + } + } + } + }, + "C2CRowMetric": { + "type": "object", + "properties": { + "timestamp": { + "type": "long" + }, + "urgentVulns": { + "type": "number" + }, + "runtimeAlerts": { + "type": "number" + }, + "scopeUpdated": { + "type": "array", + "enum": [ + "buildTimeErrors", + "urgentVulns", + "runtimeAlerts" + ], + "items": { + "type": "string" + } + } + } + }, + "Color": { + "type": "string", + "enum": [ + "purple", + "blue", + "green", + "yellow", + "red" + ] + }, + "Error": { + "type": "object", + "properties": { + "code": { + "type": "string" + }, + "message": { + "type": "string" + }, + "target": { + "type": "string" + } + } + }, + "ErrorResponse": { + "type": "object", + "properties": { + "error": { + "$ref": "#/components/schemas/Error" + } + } + }, + "InventoryDeployResponse": { + "type": "object", + "properties": { + "images": { + "type": "number" + } + } + }, + "InventoryRuntimeResponse": { + "type": "object", + "properties": { + "cloudProviders": { + "type": "number" + }, + "cloudAssets": { + "type": "number" + }, + "protectedByAgent": { + "type": "number" + } + } + }, + "LiveEventsResponse": { + "type": "object", + "properties": { + "count": { + "type": "number" + }, + "value": { + "type": "array", + "items": { + "type": "object", + "properties": { + "type": { + "type": "string" + }, + "identifier": { + "type": "string" + } + } + } + } + } + }, + "BuildTrendResponse": { + "type": "array", + "items": { + "type": "object", + "properties": { + "timestamp": { + "type": "long" + }, + "buildErrors": { + "type": "number" + }, + "repositories": { + "type": "number" + } + } + } + }, + "DeployTrendResponse": { + "type": "array", + "items": { + "type": "object", + "properties": { + "timestamp": { + "type": "long" + }, + "vulnerabilities": { + "type": "number" + } + } + } + }, + "RuntimeTrendResponse": { + "type": "array", + "items": { + "type": "object", + "properties": { + "timestamp": { + "type": "long" + }, + "alerts": { + "type": "number" + } + } + } + } + }, + "securitySchemes": { + "x-redlock-auth": { + "description": "The x-redlock-auth value is a JSON Web Token (JWT).", + "in": "header", + "name": "x-redlock-auth", + "type": "apiKey" + } + } + }, + "servers": [ + { + "url": "https://api.prismacloud.io" + }, + { + "url": "https://api2.prismacloud.io" + }, + { + "url": "https://api3.prismacloud.io" + }, + { + "url": "https://api4.prismacloud.io" + }, + { + "url": "https://api.anz.prismacloud.io" + }, + { + "url": "https://api.eu.prismacloud.io" + }, + { + "url": "https://api2.eu.prismacloud.io" + }, + { + "url": "https://api.gov.prismacloud.io" + }, + { + "url": "https://api.prismacloud.cn" + }, + { + "url": "https://api.ca.prismacloud.io" + }, + { + "url": "https://api.sg.prismacloud.io" + }, + { + "url": "https://api.uk.prismacloud.io" + }, + { + "url": "https://api.ind.prismacloud.io" + }, + { + "url": "https://api.jp.prismacloud.io" + }, + { + "url": "https://api.fr.prismacloud.io" + } + ] +} diff --git a/openapi-specs/cspm/consolidated_spec/all_endpoints.csv b/openapi-specs/cspm/consolidated_spec/all_endpoints.csv index 79070875e..ca092758f 100644 --- a/openapi-specs/cspm/consolidated_spec/all_endpoints.csv +++ b/openapi-specs/cspm/consolidated_spec/all_endpoints.csv @@ -77,6 +77,26 @@ "get","/v2/inventory/trend","Asset Inventory Trend View V2 - GET","asset-inventory-trend-v2","Asset Inventory","Monolith" "post","/v2/inventory/trend","Asset Inventory Trend View V2 - POST","post-method-asset-inventory-trend-v2","Asset Inventory","Monolith" "get","/audit/redlock","Prisma Cloud Audit Logs","rl-audit-logs","Audit Logs","Monolith" +"post","/asm/api/v1/convert-cloud-account","Onboard Cloud Accounts","onboardCloudAccounts","Cloud Discovery and Exposure Management","CDEMMicroServices.json" +"post","/asm/api/v1/asset","Get Assets List","asset-inventory-for-l3","Cloud Discovery and Exposure Management","CDEMMicroServices.json" +"post","/asm/api/v1/asset/{asset_id}/finding","Get Findings of an Asset ","getAssetFindings","Cloud Discovery and Exposure Management","CDEMMicroServices.json" +"post","/asm/api/v1/asset/{asset_id}/finding/filters","Get Asset Findings Filter","getFindingFilters","Cloud Discovery and Exposure Management","CDEMMicroServices.json" +"post","/asm/api/v1/asset/email","Send Asset Details via Email","send-asset-detail-email-from-sidecar","Cloud Discovery and Exposure Management","CDEMMicroServices.json" +"post","/asm/api/v1/asset/aggregation-by-resource-type","Get Aggregated Asset Count by Asset Type","get-asset-count-by-asset-type-for-l2","Cloud Discovery and Exposure Management","CDEMMicroServices.json" +"post","/asm/api/v1/asset/aggregation-by-cloud-type","Get Aggregated Asset Count by Cloud Type","get-assets-aggregated-by-provider-for-l1","Cloud Discovery and Exposure Management","CDEMMicroServices.json" +"get","/asm/api/v1/service","Get Services","listServices","Cloud Discovery and Exposure Management","CDEMMicroServices.json" +"get","/asm/api/v1/service/{serviceId}","Get Service Details","fetchAsmServiceDetails","Cloud Discovery and Exposure Management","CDEMMicroServices.json" +"get","/asm/api/v1/industry-benchmarks","Get Industry Benchmark Data","getIndustryBenchmarks","Cloud Discovery and Exposure Management","CDEMMicroServices.json" +"get","/asm/api/v1/dashboard/convertible-accounts","Get Convertible Accounts","getConvertibleCloudAccounts","Cloud Discovery and Exposure Management","CDEMMicroServices.json" +"get","/asm/api/v1/dashboard/asset","Get Convertible Assets","listAssets","Cloud Discovery and Exposure Management","CDEMMicroServices.json" +"get","/asm/api/v1/dashboard/asset/trend","Get Asset Trend for last 90 days","fetch-assets-by-manage-type-and-remediation","Cloud Discovery and Exposure Management","CDEMMicroServices.json" +"get","/asm/api/v1/dashboard/asset/top-risk","Get Asset Top Risks","getTopRisks","Cloud Discovery and Exposure Management","CDEMMicroServices.json" +"get","/asm/api/v1/dashboard/asset/internet-exposure-risk","Get Internet Exposure Risk Distribution","fetch-internet-exposure-asm-assets","Cloud Discovery and Exposure Management","CDEMMicroServices.json" +"get","/asm/api/v1/dashboard/asset/geolocation","Get Assets Count Across Location","fetch-asset-by-geo-location","Cloud Discovery and Exposure Management","CDEMMicroServices.json" +"get","/asm/api/v1/dashboard/asset/count","Get Convertible Assets Count","getAssetCounts","Cloud Discovery and Exposure Management","CDEMMicroServices.json" +"get","/asm/api/v1/asset/{asset_id}","Get Asset Details by ID","get-asset-details","Cloud Discovery and Exposure Management","CDEMMicroServices.json" +"get","/asm/api/v1/asset/{asmAssetId}/service","Get List of Service for an Asset","fetchAsmServicesLinkedToAsset","Cloud Discovery and Exposure Management","CDEMMicroServices.json" +"get","/asm/api/v1/asset/filters","Get Asset Filters","getAssetFilters","Cloud Discovery and Exposure Management","CDEMMicroServices.json" "post","/cas/v1/aws_account","Add Cloud Account (AWS)","add-aws-cloud-account","Cloud Accounts (AWS)","Monolith" "put","/cas/v1/aws_account/{id}","Update Cloud Account (AWS)","update-aws-cloud-account","Cloud Accounts (AWS)","Monolith" "post","/cas/v1/cloud_account/status/aws","Get Cloud Account Status (AWS)","get-aws-cloud-account-status","Cloud Accounts (AWS)","Monolith" @@ -122,8 +142,16 @@ "post","/cas/v1/aws_template/presigned_url","Generate the CFT Template Link (AWS)","generate-cft-template-link-aws","Cloud Accounts (AWS)","CloudAccountsMicroService.json" "post","/cas/v1/gcp_template","Generate and Download the Terraform Template (GCP)","generate-template-link-gcp-gcp","Cloud Accounts (GCP)","CloudAccountsMicroService.json" "post","/cas/v1/azure_template","Generate and Download the Terraform template (Azure)","generate-template-link","Cloud Accounts (Azure)","CloudAccountsMicroService.json" -"post","/commandcenter/v1/top-vulnerabilities","List Top Vulnerabilities","command-center-list-top-vulnerabilities","Command Center","CommandCenterMicroService.json" -"post","/commandcenter/v1/vulnerabilities/summary","List Total Vulnerable Images and Hosts","command-center-list-total-vulnerable-images-hosts","Command Center","CommandCenterMicroService.json" +"get","/entitlement/api/v1/collection/{id}","Get Collection by ID","get-collection-by-id","Collections","Monolith" +"put","/entitlement/api/v1/collection/{id}","Update Collection","update-collection-by-id","Collections","Monolith" +"delete","/entitlement/api/v1/collection/{id}","Delete Collection","delete-collection-by-id","Collections","Monolith" +"get","/entitlement/api/v1/collection","Get All Collections","get-all-collections","Collections","Monolith" +"post","/entitlement/api/v1/collection","Create Collection","create-collection","Collections","Monolith" +"post","/api/v1/summary/{swimlane-type}","List Total Alerts by Severity","command-center-list-total-alerts-by-severity","Command Center","CommandCenterMicroService.json" +"post","/api/v1/top-assets/{swimlane-type}","List Top N Assets","command-center-list-top-assets","Command Center","CommandCenterMicroService.json" +"post","/api/v1/top-policies/{swimlane-type}","List Top Policies","command-center-list-top-policies","Command Center","CommandCenterMicroService.json" +"post","/v1/top-vulnerabilities","List Top Vulnerabilities","command-center-list-top-vulnerabilities","Command Center","CommandCenterMicroService.json" +"post","/v1/vulnerabilities/summary","List Total Vulnerable Images and Hosts","command-center-list-total-vulnerable-images-hosts","Command Center","CommandCenterMicroService.json" "get","/compliance/posture","Get Compliance Statistics Breakdown - GET","get-compliance-posture","Compliance Posture","Monolith" "post","/compliance/posture","Get Compliance Statistics Breakdown - POST","post-compliance-posture","Compliance Posture","Monolith" "get","/compliance/posture/{complianceId}","Get Compliance Statistics for Standard ID - GET","get-compliance-posture-for-standard","Compliance Posture","Monolith" @@ -379,3 +407,5 @@ "get","/user/role/{id}","User Role Info","get-user-role","User Roles","Monolith" "put","/user/role/{id}","Update User Role","update-user-role","User Roles","Monolith" "delete","/user/role/{id}","Delete User Role","delete-user-role","User Roles","Monolith" +"get","/c2c/api/v1/deploy/trend","List Deploy Trend","code-to-cloud-list-deploy-trend","Code to Cloud","code2cloudMicroService.json" +"get","/c2c/api/v1/runtime/trend","List Runtime Trend","code-to-cloud-list-runtime-trend","Code to Cloud","code2cloudMicroService.json" diff --git a/products/prisma-cloud/api/cspm/api-integration-config.md b/products/prisma-cloud/api/cspm/api-integration-config.md index 44c49bf15..f518a8156 100644 --- a/products/prisma-cloud/api/cspm/api-integration-config.md +++ b/products/prisma-cloud/api/cspm/api-integration-config.md @@ -8,7 +8,7 @@ The Prisma Cloud integration API endpoints enable you to receive Prisma Cloud al The request body for some of the endpoints includes an `integrationConfig` parameter that is a map of key/value pairs. The type of integration defines the content of these key/value pairs. The information below provides the details for this `integrationConfig` parameter for each listed technology. -Note that most external systems require some configuration before you can use the Prisma Cloud API endpoints to add an integration to that system. See [Prisma Cloud Integrations](https://docs.paloaltonetworks.com/prisma/prisma-cloud/prisma-cloud-admin/configure-external-integrations-on-prisma-cloud/prisma-cloud-integrations.html) for details. +Note that most external systems require some configuration before you can use the Prisma Cloud API endpoints to add an integration to that system. For more details, see [Prisma Cloud Integrations](https://docs-preview.prismacloud.io/en/classic/cspm-admin-guide/configure-external-integrations-on-prisma-cloud/prisma-cloud-integrations). If you are upgraded to the Darwin release, see [Prisma Cloud Integrations](https://docs.prismacloud.io/en/enterprise-edition/content-collections/administration/configure-external-integrations-on-prisma-cloud/prisma-cloud-integrations). ### Amazon S3 @@ -71,7 +71,7 @@ To test an Amazon S3 integration, make your request as described in ### Amazon SQS -Prisma Cloud can send alerts to Amazon Simple Queue Service (SQS). Customers can consume these alerts through a Splunk add-on or through the AWS CloudFormation service. Once you [configure Amazon SQS to receive Prisma Cloud alerts](https://docs.paloaltonetworks.com/prisma/prisma-cloud/prisma-cloud-admin/configure-external-integrations-on-prisma-cloud/integrate-prisma-cloud-with-amazon-sqs.html), you can use an API request to add the Amazon SQS integration to Prisma Cloud. +Prisma Cloud can send alerts to Amazon Simple Queue Service (SQS). Customers can consume these alerts through a Splunk add-on or through the AWS CloudFormation service. Once you [configure Amazon SQS to receive Prisma Cloud alerts](https://docs-preview.prismacloud.io/en/classic/cspm-admin-guide/configure-external-integrations-on-prisma-cloud/integrate-prisma-cloud-with-amazon-sqs), you can use an API request to add the Amazon SQS integration to Prisma Cloud. If you are upgraded to Darwin, see [configure Amazon SQS to receive Prisma Cloud alerts](https://docs.prismacloud.io/en/enterprise-edition/content-collections/administration/configure-external-integrations-on-prisma-cloud/integrate-prisma-cloud-with-amazon-sqs). #### Add, Update, or Test an Amazon SQS Integration @@ -135,7 +135,7 @@ To test an Amazon SQS integration, make the request with the corresponding reque ### Azure Service Bus Queue -Prisma Cloud can send alerts to an Azure Service Bus messaging service. To authorize access, you can either (1) use a shared access signature to limit access permissions to the Service Bus namespace or queue or (2) use the service principal credentials associated with the Azure Cloud account you've on-boarded to Prisma Cloud. If you plan to use the service principal that uses Azure Active Directory to authorize requests, you must include the additional role _Azure Service Bus Data Sender_ and enable _send_ access to the Service Bus namespace and queues. See [Integrate Prisma Cloud with Azure Service Bus](https://docs.paloaltonetworks.com/prisma/prisma-cloud/prisma-cloud-admin/configure-external-integrations-on-prisma-cloud/integrate-prisma-cloud-with-azure-service-bus-queue.html) for details about these prerequisites. +Prisma Cloud can send alerts to an Azure Service Bus messaging service. To authorize access, you can either (1) use a shared access signature to limit access permissions to the Service Bus namespace or queue or (2) use the service principal credentials associated with the Azure Cloud account you've on-boarded to Prisma Cloud. If you plan to use the service principal that uses Azure Active Directory to authorize requests, you must include the additional role _Azure Service Bus Data Sender_ and enable _send_ access to the Service Bus namespace and queues. For details about these prerequisites, see [Integrate Prisma Cloud with Azure Service Bus](https://docs-preview.prismacloud.io/en/classic/cspm-admin-guide/configure-external-integrations-on-prisma-cloud/integrate-prisma-cloud-with-azure-service-bus-queue). If you are upgraded to the Darwin release, see [Integrate Prisma Cloud with Azure Service Bus](https://docs.prismacloud.io/en/enterprise-edition/content-collections/administration/configure-external-integrations-on-prisma-cloud/integrate-prisma-cloud-with-azure-service-bus-queue). #### Add, Update, or Test an Azure Service Bus Queue Integration diff --git a/products/prisma-cloud/api/cspm/cspm-api.md b/products/prisma-cloud/api/cspm/cspm-api.md index 823f995bd..638a84e4e 100644 --- a/products/prisma-cloud/api/cspm/cspm-api.md +++ b/products/prisma-cloud/api/cspm/cspm-api.md @@ -14,13 +14,14 @@ CSPM API requests require right privileges ### CSPM User Roles -To have the right privileges for a CSPM API request, you must have a [Prisma Cloud user role](https://docs.paloaltonetworks.com/prisma/prisma-cloud/prisma-cloud-admin/manage-prisma-cloud-administrators/prisma-cloud-administrator-roles.html) with sufficient permissions. See [Prisma Cloud Administrator Permissions](https://docs.paloaltonetworks.com/prisma/prisma-cloud/prisma-cloud-admin/manage-prisma-cloud-administrators/prisma-cloud-admin-permissions.html) for the permissions associated with each role. +To have the right privileges for a CSPM API request, you must have a [Prisma Cloud user role](https://docs-preview.prismacloud.io/en/classic/cspm-admin-guide/manage-prisma-cloud-administrators/prisma-cloud-administrator-roles) with sufficient permissions. If you are upgraded to the Darwin release, see [Prisma Cloud user role](https://docs.prismacloud.io/en/enterprise-edition/content-collections/administration/prisma-cloud-administrator-roles). +For the permissions associated with each role, see [Prisma Cloud Administrator Permissions](https://docs.prismacloud.io/en/classic/cspm-admin-guide/manage-prisma-cloud-administrators/prisma-cloud-admin-permissions). If you are upgraded to the Darwin release, see [Prisma Cloud Administrator Permissions](https://docs.prismacloud.io/en/enterprise-edition/content-collections/administration/prisma-cloud-admin-permissions). ### CSPM API Authorization To have the right authorization for a CSPM API request, follow the high-level steps below: -1. [Obtain an access key](https://docs.paloaltonetworks.com/prisma/prisma-cloud/prisma-cloud-admin/manage-prisma-cloud-administrators/create-access-keys.html) from your Prisma Cloud system administrator. +1. [Obtain an access key](https://docs-preview.prismacloud.io/en/classic/cspm-admin-guide/manage-prisma-cloud-administrators/create-access-keys) from your Prisma Cloud system administrator. If you are upgraded to the Darwin release, see [Obtain an access key](https://docs.prismacloud.io/en/enterprise-edition/content-collections/administration/create-access-keys). 2. Make a CSPM API request to [log in](/prisma-cloud/api/cspm/app-login) . A successful request returns a JSON Web Token (JWT). Almost all CSPM API requests use this JWT for authorization. diff --git a/products/prisma-cloud/docs/cspm/cspm-gs.md b/products/prisma-cloud/docs/cspm/cspm-gs.md index 8e83e0acc..9dd7c82c8 100644 --- a/products/prisma-cloud/docs/cspm/cspm-gs.md +++ b/products/prisma-cloud/docs/cspm/cspm-gs.md @@ -35,7 +35,7 @@ cURL is a command line tool for transferring data with URLS and has been in deve ## Use cURL to Generate JWT Tokens in Prisma Cloud -The first step is to generate access keys which are a secure way for enabling programmatic access to the Prisma Cloud REST API. Access keys have two components; Access Key ID and Secret Key which should be copied and saved in a secure location for later reuse as they’re not stored in Prisma Cloud. Refer to the Prisma Cloud documentation for instructions on [how to create an access key](https://docs.paloaltonetworks.com/prisma/prisma-cloud/prisma-cloud-admin/manage-prisma-cloud-administrators/create-access-keys.html#idb225a52a-85ea-4b0c-9d69-d2dfca250e16). You can then use cURL to generate your x-redlock-auth JWT token with the following command: +The first step is to generate access keys which are a secure way for enabling programmatic access to the Prisma Cloud REST API. Access keys have two components; Access Key ID and Secret Key which should be copied and saved in a secure location for later reuse as they’re not stored in Prisma Cloud. Refer to the Prisma Cloud documentation for instructions on [how to create an access key](https://docs.prismacloud.io/en/classic/cspm-admin-guide/manage-prisma-cloud-administrators/create-access-keys). If you are upgraded to Darwin, see [how to create an access key](https://docs.prismacloud.io/en/enterprise-edition/content-collections/administration/create-access-keys). You can then use cURL to generate your x-redlock-auth JWT token with the following command: curl -X POST \