Assets_query¶
Table of Contents
Client¶
-
class
Assets_query.
Client
¶ A client object representing ‘Assets_query’ Service:
import almdrlib client = almdrlib.client('assets_query')
Available methods:
-
asset_group
(**kwargs)¶ Creates, renames, updates, or deletes an
asset-group
asset. On deletion, deletes any references in linked groups. If a linked group has only a single reference in it, and would be emptied as a result it will also be deleted. On rename, linked groups (that reference the renamed group) also have their reference updated.Request Syntax
response = client.asset_group( account_id='string' data='dict' return_all_properties='False|True' )
- Parameters
account_id (string) –
[REQUIRED]
The AIMS account ID whose assets are being accessed. Only valid account IDs are acceptable. Invalid account IDs result in an
HTTP 404 Not Found
orHTTP 403 Forbidden
, depending on the client’s access level.data (dict) –
return_all_properties (boolean) –
When true, causes the inclusion of all asset properties in the response. By default, the assets in the response only includes summary properties.
Default:
False
- Return type
dict
- Returns
Response Syntax
{ 'dry_run': 'False|True', 'operations': [ { 'code': 'integer', 'name': 'string', 'operation': 'string' } ] }
Response Definitions
dry_run (boolean) –
operations (list) –
(dict) –
code (integer) –
name (string) –
operation (string) –
-
asset_type_schema
(**kwargs)¶ fetch the schema of an asset type
Request Syntax
response = client.asset_type_schema( asset_type='string' )
- Parameters
asset_type (string) – [REQUIRED]
- Return type
dict
- Returns
Response Syntax
{}
Response Definitions
-
asset_types_schemas
(**kwargs)¶ Fetches the
"schema"
for asset types. The schema describes the structure for asset types.Request Syntax
response = client.asset_types_schemas( fields='string' filter='string' format='list'|'topology' )
- Parameters
fields (string) – A csv string of the fields that should be returned for an asset type. Note: if the asset type does not contain that field it will not be in the return value.
filter (string) – Filters that asset types must match to be included eg.
groupable
,taggable
,vulnerable
, etc…format (string) –
Returns the asset types as a list of schema objects (list) or as a list of topological schemas
Valid values:
list
,topology
- Return type
dict
- Returns
Response Syntax
{ 'assetTypes': 'dict|list', 'count': 'number' }
Response Definitions
assetTypes (dict) –
count (number) –
-
config_topology
(**kwargs)¶ Retrieve the given deployment’s configuration topology. Each row in the
assets
response is a set of relatedregion
,vpc
, andsubnet
asset strings that can be cross-referenced as JSON keys in thedata
map.Request Syntax
response = client.config_topology( account_id='string' deployment_id='string' )
- Parameters
account_id (string) –
[REQUIRED]
The AIMS account ID whose assets are being accessed. Only valid account IDs are acceptable. Invalid account IDs result in an
HTTP 404 Not Found
orHTTP 403 Forbidden
, depending on the client’s access level.deployment_id (string) –
[REQUIRED]
The ID of the deployment source as represented in the deployments service (uppercase UUID).
- Return type
dict
- Returns
Response Syntax
{ 'topology': { 'assets': [ 'string' ], 'data': {}, 'rows': 'integer' } }
Response Definitions
topology (dict) –
assets (list) –
An array of list of asset
keys
for eachsubnet
in the deployment. Contains the keys for thesubnet
itself, itsvpc
and itsregion
.(string) –
data (dict) –
A map containing all referenced asset objects in
assets
keyed by asset key.rows (integer) –
Number of assets.
-
dispose_conclude_remediations
(**kwargs)¶ dispose_remediations
disposes the vulnerability instances ("vinstances"
) associated with a set ofremediations
orvulnerabilities
(by ID). A set ofremediation-item
s is created, 1 per deployment/remediation_id/vulnerability_id, with the state set to"disposed"
and all vulnerability instances associated to that"remediation_id"
or"vulnerability_id"
on assets described by the given"filters"
have their"disposed"
property set totrue
.Note that, if the
"expires"
property is set on a"disposed"
remediation-item, that item will be undisposed when the"expires"
timestamp is in the past, and all associated vulnerability instances will have their"disposed"
property set back tofalse
.conclude_remediations
concludes the vulnerability instances ("vinstances"
) associated with a set ofremediations
orvulnerabilities
(by ID). A set ofremediation-item
s is created, 1 per deployment/remediation_id/vulnerability_id, with the state set to"concluded"
and all vulnerability instances associated to that"remediation_id"
or"vulnerability_id"
on assets described by the given"filters"
have their"concluded"
property set totrue
.Note that once all associated vulnerabilities are resolved,
"concluded"
remediation-item
s will be cleared from the system (resolved). Any matching vulnerability instance that is created or modified after the"concluded"
remediation-item
’smodified_on
timestamp will be unconcluded (their"concluded"
property will be set tofalse
). If all existing vulnerability instances are newer than theremediation-item
, then theremediation-item
will be cleared (deleted).Request Syntax
response = client.dispose_conclude_remediations( account_id='string' data='dict' )
- Parameters
account_id (string) –
[REQUIRED]
The AIMS account ID whose assets are being accessed. Only valid account IDs are acceptable. Invalid account IDs result in an
HTTP 404 Not Found
orHTTP 403 Forbidden
, depending on the client’s access level.data (dict) –
- Return type
dict
- Returns
Response Syntax
'dict'
Response Definitions
-
find_asset
(**kwargs)¶ Finds an asset quickly using known identifiers. The query string parameters for different find operations are grouped together:
To find a collector by type and UUID, specify the following query parameters:
collector_type
(default:any
)return_type
(default:collector
)uuid
To find a host by its associated appliance UUID and host parameters, specify the following query parameters:
collector_type
(must be set toappliance
)ip_address
uuid
To get the metadata for a host, specify the following query parameters:
collector_type
(default:any
)return_type
(must be set tohost_metadata
)uuid
To find a host by network UUID and host parameters, specify the following query parameters:
ip_address
network_uuid
return_type
(must be set tohost
)
Request Syntax
response = client.find_asset( account_id='string' collector_type='string' ip_address='string' network_uuid='string' return_type='collector'|'host_metadata'|'host' uuid='string' )
- Parameters
account_id (string) –
[REQUIRED]
The AIMS account ID whose assets are being accessed. Only valid account IDs are acceptable. Invalid account IDs result in an
HTTP 404 Not Found
orHTTP 403 Forbidden
, depending on the client’s access level.collector_type (string) –
Type of collector to find by UUID. A comma-separated list of values can be provided and each type will be checked.
any
will only be expanded if it is the only type provided. Allowed values:any
agent
appliance
collector
remote-source
ip_address (string) – The IP address of the host to find, in text representation. Must be used in conjunction with the
collector_type=appliance
parameter.network_uuid (string) – The value of the
network_uuid
property on the network/vpc/vnet asset that contains the host to find.return_type (string) –
The return for this find operation. The default is
collector
, and note thathost
andhost_metadata
are not compatible with thecollector_type=collector
, because it has no associated host.Valid values:
collector
,host_metadata
,host
uuid (string) – The UUID of the collector asset
- Return type
dict
- Returns
Response Syntax
{ 'deployment_id': 'string', 'host_key': 'string', 'key': 'string', 'type': 'string' }
Response Definitions
deployment_id (string) –
Deployment ID
host_key (string) –
key (string) –
type (string) –
-
find_assets
(**kwargs)¶ Finds a list of assets quickly using known identifiers. This endpoint is limited to specific asset types, currently: agents, appliances, hosts and remote sources. If the asset is found, the response will contain the asset details, keyed by the identifiers in the request parameters. If the asset is not found, the response will contain a
null
value, keyed by the identifiers in the request parameters.Collector results are keyed by the
uuid
property in the request parameters.When a host is found by appliance, results are keyed by the
uuid
andip_address
request parameters, separated by,
.When a host is found by network, results are keyed by the
network_uuid
andip_address
request parameters, separated by,
.Request Syntax
response = client.find_assets( account_id='string' parameters=[ { 'collector_type': 'string', 'ip_address': 'string', 'network_uuid': 'string', 'return_type': 'collector'|'host_metadata'|'host', 'uuid': 'string' } ] )
- Parameters
account_id (string) –
[REQUIRED]
The AIMS account ID whose assets are being accessed. Only valid account IDs are acceptable. Invalid account IDs result in an
HTTP 404 Not Found
orHTTP 403 Forbidden
, depending on the client’s access level.parameters (list) –
The list of request objects, each containing parameters of a find asset operation (see description for full details).
(dict) –
A complete set of find asset parameters (see description for full details).
collector_type (string) –
Type of collector to find by UUID. A comma-separated list of values can be provided and each type will be checked.
any
will only be expanded if it is the only type provided. Allowed values:any
agent
appliance
collector
remote-source
ip_address (string) –
The IP address of the host to find, in text representation. Must be used in conjunction with the
collector_type=appliance
parameter.network_uuid (string) –
The value of the
network_uuid
property on the network/vpc/vnet asset that contains the host to find.return_type (string) –
The return for this find operation. The default is
collector
, and note thathost
andhost_metadata
are not compatible with thecollector_type=collector
, because it has no associated host.Valid values:
collector
,host_metadata
,host
uuid (string) –
The UUID of the collector asset
- Return type
dict
- Returns
Response Syntax
{ 'assets': { '{key}': { 'deployment_id': 'string', 'host_key': 'string', 'key': 'string', 'type': 'string' } } }
Response Definitions
assets (dict) –
{key} (dict) –
deployment_id (string) –
Deployment ID
host_key (string) –
key (string) –
type (string) –
-
get_asset_details
(**kwargs)¶ Fetches details and elaborations about individual assets and their surroundings, such as complete asset details or an asset’s network neighborhood or connectivity. The query string parameters for different details operations are grouped together:
To get details of an asset by
type
,key
,deployment
, andregion
, specify the following query parameters:type
(must behost
)key
deployment
region
To get details of an asset by
type
anddeployment
, specify the following query parameters:type
(must bedeployment
)deployment
To get details of an asset by
appliance_uuid
andip_address
, specify the following query parameters:appliance_uuid
ip_address
port
(optional, always provide if available)
To get details of an asset by
type
anduuid
, specify the following query parameters:type
(default:any
)uuid
To get details of an asset by
deployment
,ip addresses
andnetwork
, specify the following query parameters:deployment
ip_address
network
To get details of an asset by
user_id
, specify the following query parameters:user_id
(note that this query will execute an exact match and will not normalize the input while searching)
To get details of an asset by
deployment
anduser_id
, specify the following query parameters:deployment
user_id
(note that this query will execute an exact match and will not normalize the input while searching)
To get details of an asset by
user_name
, specify the following query parameters:user_name
(note that this query will execute an exact match and will not normalize the input while searching)
To get details of an asset by
deployment
anduser_id
, specify the following query parameters:deployment
user_name
(note that this query will execute an exact match and will not normalize the input while searching)
Note that when calling this endpoint with query options
deployment
,network
andip_address
set, if a host is found, any subnet that the host isn’t related to but it could be (the IP address matches the subnet mask) the additional unrelated subnet(s) will be returned under thesubnet
key in the response.Request Syntax
response = client.get_asset_details( account_id='string' appliance_uuid='string' deployment='string' ip_address='string' key='string' network='string' port='string' region='string' type='string' user_id='string' user_name='string' uuid='string' )
- Parameters
account_id (string) –
[REQUIRED]
The AIMS account ID whose assets are being accessed. Only valid account IDs are acceptable. Invalid account IDs result in an
HTTP 404 Not Found
orHTTP 403 Forbidden
, depending on the client’s access level.appliance_uuid (string) – The UUID of the appliance protecting the host to elaborate, which will be the source of any IDS events generated for the host. The appliance UUID is the UUID issued to the appliance agent and contained in its agent certificate.
deployment (string) – The native AWS account ID or Azure subscription ID (prefixed by kind), or the internal deployment UUID. Deployment is either the deployment’s Alert Logic UUID, or the native deployment ID prefixed by kind (either
aws:
orazure:
). The expected value is eitheraws:{AWSAccountId}
orazure:{AzureSubscriptionId}
(e.g.,aws:1234567890
orazure:713CEFBB-E37E-4119-A1AA-458840BFD878
).ip_address (string) – A CSV of the IP address(es) of the target protected host. The IP address is the target IP, i.e. the IP of a protected asset (being defined as any IP address in the set of protected subnets, itself known as “home net”). If more than one IP address is given, all of them must be target IPs of the protected asset.
key (string) – The native AWS ID (prefixed by kind) or the full asset key of the target asset. Key is either a full asset key, or must be prefixed by
id:
, followed by the asset’s native ID (e.g. instance ID of a host in AWS). Initially, the expected value isid:AWSInstanceId
, e.g.id:i-0fa67ce21528409bc
. *Note: If you useid:AWSInstanceId
thenregion
must be defined as region IDid:AWSRegionId
*network (string) – The network asset key, e.g. a vpc key:
/aws/us-east-1/vpc/vpc-12345678
.port (string) – The TCP or UDP port on the target protected host
region (string) – The AWS region ID (prefixed by kind) or the full asset key. Region is either a full asset key, or must be prefixed by
id:
, followed by the asset’s nativeID
(e.g., region ID in AWS). Initially, the expected value is id:AWSRegionId, e.g.,id:us-east-2
.type (string) –
The asset type(s) to look up, separated by commas. Note that multiple values are only supported by some flavors (see description) — sometimes only
host
ordeployment
are acceptable.When passing the
uuid
parameter, the order provided is the order that the types will be looked up; if you setagent
/appliance
prior tohost
, the host will be detailed as arelated
asset to the associatedagent
/appliance
asset.Allowed values:
any
deployment
agent
appliance
collector
host
remote-source
user_id (string) – The user ID of the user asset being elaborated.
user_name (string) – The user name of the user asset being elaborated.
uuid (string) – The UUID of the asset
type
being elaborated. The host UUID for ahost
is the UUID issued to its associated agent or appliance, and contained in its agent certificate.
- Return type
dict
- Returns
Response Syntax
{ 'deployment': {}, 'key': 'string', 'type': 'string', '{type}': { '{key}': { 'asset': {}, 'related': {} } } }
Response Definitions
deployment (dict) –
key (string) –
type (string) –
{type} (dict) –
{key} (dict) –
asset (dict) –
related (dict) –
-
get_asset_details_post
(**kwargs)¶ Fetches details and elaborations about individual assets and their surroundings, such as complete asset details or an asset’s network neighborhood or connectivity. The request body json for different details operations are grouped together:
To get details of an asset by
type
,key
,deployment
, andregion
, specify the following request body fields:type
(must behost
)key
deployment
region
To get details of an asset by
type
anddeployment
, specify the following request body fields:type
(must bedeployment
)deployment
To get details of an asset by
appliance_uuid
andip_address
, specify the following request body fields:appliance_uuid
ip_address
port
(optional, always provide if available)
To get details of an asset by
type
anduuid
, specify the following request body fields:type
(default:any
)uuid
To get details of an asset by
deployment
,ip address
andnetwork
, specify the following request body fields:deployment
ip_address
network
To get details of an asset by
user_id
, specify the following request body fields:user_id
(note that this query will execute an exact match and will not normalize the input while searching)
To get details of an asset by
deployment
anduser_id
, specify the following request body fields:deployment
user_id
(note that this query will execute an exact match and will not normalize the input while searching)
To get details of an asset by
user_name
, specify the following request body fields:user_name
(note that this query will execute an exact match and will not normalize the input while searching)
To get details of an asset by
deployment
anduser_id
, specify the following request body fields:deployment
user_name
(note that this query will execute an exact match and will not normalize the input while searching)
Note that when calling this endpoint with query options
deployment
,network
andip_address
set, if a host is found, any subnet that the host isn’t related to but it could be (the IP address matches the subnet mask) the additional unrelated subnet(s) will be returned under thesubnet
key in the response.Request Syntax
response = client.get_asset_details_post( account_id='string' data='dict' )
- Parameters
account_id (string) –
[REQUIRED]
The AIMS account ID whose assets are being accessed. Only valid account IDs are acceptable. Invalid account IDs result in an
HTTP 404 Not Found
orHTTP 403 Forbidden
, depending on the client’s access level.data (dict) –
- Return type
dict
- Returns
Response Syntax
{ 'deployment': {}, 'key': 'string', 'type': 'string', '{type}': { '{key}': { 'asset': {}, 'related': {} } } }
Response Definitions
deployment (dict) –
key (string) –
type (string) –
{type} (dict) –
{key} (dict) –
asset (dict) –
related (dict) –
-
get_deployment_exposures_summary
(**kwargs)¶ Get a summary of exposures by asset type for the given account and deployment ID.
Request Syntax
response = client.get_deployment_exposures_summary( account_id='string' asset_type='string' deployment_id='string' disposed='true'|'false'|'all' filter=[ 'None' ] scope='False|True' )
- Parameters
account_id (string) –
[REQUIRED]
The AIMS account ID whose assets are being accessed. Only valid account IDs are acceptable. Invalid account IDs result in an
HTTP 404 Not Found
orHTTP 403 Forbidden
, depending on the client’s access level.asset_type (string) –
[REQUIRED]
A valid asset type, e.g.
deployment
,vpc
,host
.deployment_id (string) –
[REQUIRED]
The ID of the deployment source as represented in the deployments service (uppercase UUID).
disposed (string) –
Filters remediations included in the summary based on the state of vulnerabilities. Possible values are:
true
- only disposedfalse
- only not disposedall
- both
Valid values:
true
,false
,all
Default:
false
filter (list) – Filters that assets/vulnerabilities must match to be included in the exposures summary.
filter
s can be chained together (applied usingAND
). Generally, any remediation filters should work, butcategory
andseverity
are the most likely useful filters for this view.scope (boolean) –
Whether to apply scope when gathering assets to include in the report.
Default:
True
- Return type
dict
- Returns
Response Syntax
{ 'exposures': [ 'None' ], 'summary': { 'all': 'integer', 'high': 'integer', 'info': 'integer', 'low': 'integer', 'medium': 'integer' } }
Response Definitions
exposures (list) –
Array of summarized exposures objects.
summary (dict) –
all (integer) –
high (integer) –
info (integer) –
low (integer) –
medium (integer) –
-
get_exposures_summary
(**kwargs)¶ Get a summary of exposures by asset type for the given account, across all deployments.
Request Syntax
response = client.get_exposures_summary( account_id='string' asset_type='string' disposed='true'|'false'|'all' filter=[ 'None' ] scope='False|True' )
- Parameters
account_id (string) –
[REQUIRED]
The AIMS account ID whose assets are being accessed. Only valid account IDs are acceptable. Invalid account IDs result in an
HTTP 404 Not Found
orHTTP 403 Forbidden
, depending on the client’s access level.asset_type (string) –
[REQUIRED]
A valid asset type, e.g.
deployment
,vpc
,host
.disposed (string) –
Filters remediations included in the summary based on the state of vulnerabilities. Possible values are:
true
- only disposedfalse
- only not disposedall
- both
Valid values:
true
,false
,all
Default:
false
filter (list) –
Filters that assets/vulnerabilities must match to be included in the exposures summary.
filter
s can be chained together (applied usingAND
). Generally, any remediation filters should work, butcategory
andseverity
are the most likely useful filters for this view.scope (boolean) –
Whether to apply scope when gathering assets to include in the report.
Default:
True
- Return type
dict
- Returns
Response Syntax
{ 'exposures': [ 'None' ], 'summary': { 'all': 'integer', 'high': 'integer', 'info': 'integer', 'low': 'integer', 'medium': 'integer' } }
Response Definitions
exposures (list) –
Array of summarized exposures objects.
summary (dict) –
all (integer) –
high (integer) –
info (integer) –
low (integer) –
medium (integer) –
Get a summary of all tags, with normalized keys, across all deployments. This endpoint should be preferred for use-cases that span deployments, like asset groups.
Request Syntax
response = client.get_tags_summary( account_id='string' include_tagged_assets='False|True' )
- Parameters
account_id (string) –
[REQUIRED]
The AIMS account ID whose assets are being accessed. Only valid account IDs are acceptable. Invalid account IDs result in an
HTTP 404 Not Found
orHTTP 403 Forbidden
, depending on the client’s access level.include_tagged_assets (boolean) –
When true, causes the inclusion of tagged assets in the result. The single-column rows become two-column rows and the data map includes tagged assets with keys in the form
deployment_id:type:key
.Default:
False
- Return type
dict
- Returns
Response Syntax
{ 'tags': [ { 'deployment_id': 'string', 'key': 'string', 'tags': {}, 'type': 'string' } ] }
Response Definitions
tags (list) –
Array of summarized tags objects.
(dict) –
deployment_id (string) –
Deployment ID
key (string) –
Asset Key
tags (dict) –
Object containing the tag name as keys and their descriptions as values.
type (string) –
Asset Type
Get a summary of all tags in a deployment. Returns a list of (minimal) assets with their tags.
Request Syntax
response = client.get_tags_summary_deprecated( account_id='string' deployment_id='string' )
- Parameters
account_id (string) –
[REQUIRED]
The AIMS account ID whose assets are being accessed. Only valid account IDs are acceptable. Invalid account IDs result in an
HTTP 404 Not Found
orHTTP 403 Forbidden
, depending on the client’s access level.deployment_id (string) –
[REQUIRED]
The ID of the deployment source as represented in the deployments service (uppercase UUID).
- Return type
dict
- Returns
Response Syntax
{ 'tags': [ { 'deployment_id': 'string', 'key': 'string', 'tags': {}, 'type': 'string' } ] }
Response Definitions
tags (list) –
Array of summarized tags objects.
(dict) –
deployment_id (string) –
Deployment ID
key (string) –
Asset Key
tags (dict) –
Object containing the tag name as keys and their descriptions as values.
type (string) –
Asset Type
-
list_asset_groups
(**kwargs)¶ Disclaimer: This endpoint is currently under development. The request parameters, response format or the endpoint itself may be changed or removed at any time without notice.
List asset groups for given account.
Request Syntax
response = client.list_asset_groups( account_id='string' return_all_properties='False|True' )
- Parameters
account_id (string) –
[REQUIRED]
The AIMS account ID whose assets are being accessed. Only valid account IDs are acceptable. Invalid account IDs result in an
HTTP 404 Not Found
orHTTP 403 Forbidden
, depending on the client’s access level.return_all_properties (boolean) –
When true, causes the inclusion of all asset properties in the response. By default, the assets in the response only includes summary properties.
Default:
False
- Return type
dict
- Returns
Response Syntax
{ 'count': 'integer', 'groups': [ { 'membership_counts': { 'all': 'integer' } } ] }
Response Definitions
count (integer) –
The count of
groups
in the response.groups (list) –
An array group objects. Each element in the array is an asset group.
(dict) –
Group object.
membership_counts (dict) –
An object of counts keyed by asset type, as well as an
all
sum of the counts for all types.all (integer) –
A sum of all asset type counts.
-
overview_topology
(**kwargs)¶ Render overview topology data for the given account and deployment.
Request Syntax
response = client.overview_topology( account_id='string' category='string' deployment_id='string' disposed='true'|'false'|'all' extras='string' scope='False|True' )
- Parameters
account_id (string) –
[REQUIRED]
The AIMS account ID whose assets are being accessed. Only valid account IDs are acceptable. Invalid account IDs result in an
HTTP 404 Not Found
orHTTP 403 Forbidden
, depending on the client’s access level.category (string) – When computing threatiness, only include vulnerabilities related to assets if those vulnerabilities include the given category.
deployment_id (string) –
[REQUIRED]
The ID of the deployment source as represented in the deployments service (uppercase UUID).
disposed (string) –
Filters remediations included in the summary based on the state of vulnerabilities. Possible values are:
true
- only disposedfalse
- only not disposedall
- both
Valid values:
true
,false
,all
Default:
false
extras (string) – A comma-delimited list of asset types to fetch in addition to the base topology.
scope (boolean) –
Whether to apply scope when gathering assets to include in the report.
Default:
True
- Return type
dict
- Returns
Response Syntax
{ 'topology': { 'asset_counts_by_type': { 'host': { 'agent': 'integer', 'all': 'integer', 'appliance': 'integer', 'running': 'integer' }, 'subnet': { 'all': 'integer', 'security': 'integer', 'standard': 'integer' } }, 'assets': [ 'None' ], 'data': {}, 'extras': 'string', 'rows': 'integer' } }
Response Definitions
topology (dict) –
asset_counts_by_type (dict) –
A map of asset counts by asset type. The special key
all
is always present and includes the counts of all assets. Note that while the value for most asset types is an integer, some asset types (such ashost
) contain an object with further broken down counts. In that case, the special sub-propertyall
is always present, and will contain the total number of all assets of that type.host (dict) –
The host count data, keyed by host properties.
agent (integer) –
The total count of all hosts that have the
alertlogic_agent
property set, which indicates that the host has an Alert Logic agent installed on it.all (integer) –
The total count of all unique host assets in the response.
appliance (integer) –
The total count of all hosts that have the
alertlogic_appliance
property set, which indicates that the host is an Alert Logic appliance.running (integer) –
The total count of all running hosts in the response (excluding appliances). This is extrapolated from the
state
property of each host. Assets are considered “running” if their state is equal torunning
,succeeded
, orok
.
subnet (dict) –
The subnet count data, keyed by subnet properties.
all (integer) –
The total count of all unique subnet assets in the response.
security (integer) –
The total count of all subnet that have the
alertlogic_security
property set, which indicates that the subnet is an Alert Logic security subnet (which contains Alert Logic appliances).standard (integer) –
The total count of all subnet that do not have the
alertlogic_security
property set, which indicates that the subnet is a standard customer subnet.
assets (list) –
An array of arrays of asset references. Each element in the array is an array of asset references (that can be resolved by looking up the reference in the
topology.data
object) that describe relationship sequences:region
,vpc
,subnet
,host
. Partial rows containnull
entries.data (dict) –
An object containing all of the asset details for asset references in the
topology.assets
andtopology.extras
properties. The object keys are asset references produced by colon-joining asset type and asset key, e.g.,region:/aws/us-east-1
.extras (string) –
An array of arrays of asset references. Each element in the array is an array of asset references (that can be resolved by looking up the reference in the
topology.data
object) that describe relationship sequences:host
,<extra>
. The first element is always a host reference, and the second entry is a reference to an extra asset related to that host.rows (integer) –
The count of rows in the
topology.assets
array.
-
preview_topology
(**kwargs)¶ Disclaimer: This endpoint is currently under development. The request parameters, response format or the endpoint itself may be changed or removed at any time without notice.
Render asset group topology data for the given account. The asset group can be defined by either a list of scopes that include/exclude assets, or a union or intersection of the set of assets in a list of existing nested groups. The response body shares the same format for both types of asset groups.
In either case, a
return_asset_types
property can be provided that limits the previewed asset group results to the types in the list and all topological ancestor types of the listed types. Although the preview can be limited using thereturn_asset_types
property, the actual asset group that is created using the other parameters will not have be limited to that list of types.Note that some assets in the
topology.data
object contain references to non-topologically related assets in the asset model that may be filtered on. For example, ahost
asset814C2911-09BB-1005-9916-7831C1BAC182:host:/aws/us-east-1/host/web-1a-1
might contain animage
property with an array of keys, like/aws/us-east-1/image/ami-1
. These properties indicate that the assets can be filtered (viainclude
/exclude
inscopes
), for example, placing the filterhost.image:/aws/us-east-1/image/ami-1
in theinclude
of an asset-group scope would result in all hosts related to that image being included in the asset-group. These related assets are also included in thetopology.data
object, and can be found by constructing their data key, e.g.,814C2911-09BB-1005-9916-7831C1BAC182:image:/aws/us-east-1/image/ami-1
. Here are the non-topological filters by asset type:Asset Type
Filter Label
Note
cloud-trail
s3-bucket
external-dns-name
deployment
external-dns-name
region
external-dns-name
vpc
external-dns-name
host
external-dns-name
load-balancer
external-ip
deployment
external-ip
region
external-ip
vpc
external-ip
host
external-ip
load-balancer
host
application
applications are not in the data object
host
auto-scaling-group
host
image
host
instance-profile
host
launch-config
host
load-balancer
host
sg
instance-profile
role
load-balancer
subnet
load-balancer
sg
role
s3-bucket
user
group
volume
host
Request Syntax
response = client.preview_topology( account_id='string' groups=[ 'None' ] groups_match='all'|'any' return_asset_types=[ 'string' ] scopes=[ { 'asset_types': [ 'None' ], 'exclude': [ 'None' ], 'include': [ 'None' ] } ] )
- Parameters
account_id (string) –
[REQUIRED]
The AIMS account ID whose assets are being accessed. Only valid account IDs are acceptable. Invalid account IDs result in an
HTTP 404 Not Found
orHTTP 403 Forbidden
, depending on the client’s access level.groups (list) – A list of nested groups that make up the group. These groups can have disjoint or intersecting sets of assets. The groups can also include other groups with nested groups.
groups_match (string) –
The criteria for inclusion of nested group assets in the previewed group. If the value is
any
, any asset in ANY of the nested groups will be included in the previewed group. If the value isall
, any asset in common to ALL of the nested groups will be included in the previewed group.Valid values:
all
,any
return_asset_types (list) –
A list of groupable asset types that limits the exploration of the asset model. The types specified in this list, as well as their topological ancestor types, are the only ones that will be returned in the resulting topology.assets rows.
(string) –
scopes (list) –
The list of request scopes, each containing a scope definition that will be
OR
ed together.(dict) –
asset_types (list) –
A list of asset types that determines the assets included in the individual scope. If an asset would be included in multiple scopes, the scopes’ allowed asset types are unioned together.
exclude (list) –
A list of scope filters,
AND
ed together, that determine if an asset should NOT be included in the resulting asset group.include (list) –
A list of scope filters,
AND
ed together, that determine if an asset should be included in the resulting asset group.
- Return type
dict
- Returns
Response Syntax
{ 'topology': { 'assets': [ 'None' ], 'data': {}, 'rows': 'integer' } }
Response Definitions
topology (dict) –
The primary key of the API response.
assets (list) –
An array of arrays of asset references. Each element in the array is an array of asset references (that can be resolved by looking up the reference in the
topology.data
object) that describe topological relationship sequences. Note that all groupable assets are returned in the rows, but thetopology.data
object must be consulted for each asset to determine its inclusion or exclusion from the group. Intermediate topology assets do not have their own row in the result (a VPC with subnets would not have an entry, but a VPC without subnets would have an entry).data (dict) –
An object containing all of the asset details for asset references in the
topology.assets
. The object keys are asset references produced by colon-joining deployment ID, asset type and asset key, e.g.,814C2911-09BB-1005-9916-7831C1BAC182:region:/aws/us-east-1
.All assets are decorated with a few additional properties:
A
group_membership
property that must be consulted to determine membership in the group. Possible values are described below:
EXPLICIT_IN
- The asset is included in the group by scope definition. This status is returned for the first assets in the asset topology that match all of the inclusion filters for scope in scoped groups, and the onlyIN
membership type for groups with nested groups.INHERIT_IN
- The asset is included in the group by scope definition. This status is returned for any topological successor asset of an asset with theEXPLICIT_IN
group membership that meets the exclusion criteria. This membership type is not returned for assets in a group with nested groups.CONTAINS
- The asset does not meet the full criteria for inclusion in the group, but contains at least one successor asset in the group.CAN_CONTAIN
- The asset does not meet the full criteria for inclusion in the group. The scope definition does allow this asset to potentially include future successors in the group.EXPLICIT_EXCLUDED
- The asset is excluded from the group by scope definition. This status is returned for the first assets in the asset topology that match any exclusion filters for scope in scoped groups.INHERIT_EXCLUDED
- The asset is excluded from the group by scope definition. This status is returned for any topological successor asset of an asset with theEXPLICIT_EXCLUDED
group membership. This membership type is not returned for assets in a group with nested groups.NOT_IN
- The asset does not meet all criteria for inclusion in the group by scope definition, but is not explicitly excluded.A
membership_counts
object containing keys of asset types and an object value ofin
andnot_in
counts for topological child types. If an asset has no topological children but is of a type that could have topological children (e.g. a region that currently does not have any declared vpcs yet), the membership_counts object may be an empty object{}
.
rows (integer) –
The count of rows in the
topology.assets
array.
-
query_assets
(**kwargs)¶ Return a list of related assets.
Request Syntax
response = client.query_assets( account_id='string' asset_types='string' filter={} filter_relationships={} include_alertlogic_security='False|True' qfields='string' query_format='v1'|'v2' reduce='False|True' return_count='False|True' return_types='string' scope='False|True' topo_chain='False|True' )
- Parameters
account_id (string) –
[REQUIRED]
The AIMS account ID whose assets are being accessed. Only valid account IDs are acceptable. Invalid account IDs result in an
HTTP 404 Not Found
orHTTP 403 Forbidden
, depending on the client’s access level.asset_types (string) – A query string parameter representing the types of assets to retrieve, as described in Typed queries.
tag
asset type is handled specially and, if used, may only be the last asset type.]filter (dict) – Filters and variables, as described in Filtering assets.
filter_relationships (dict) – A constraint on the existence of a relationship between the given asset types. The lefthand asset_type must be present in the
asset_types
parameter. If set totrue
, only rows with an asset of the givenasset_type
that is related to one or more assets of therelated_asset_type
will be returned. If set tofalse
, only rows with an asset of the givenasset_type
that is not related to one or more assets of therelated_asset_type
will be returned.include_alertlogic_security (boolean) –
Flag that determines whether to include hosts with the
alertlogic_security
property set totrue
(that is, hosts that are Alert Logic appliances) whenscope
is set totrue
. By default, these appliances are not returned in query results whenscope
is set totrue
. Ifinclude_alertlogic_security
is set totrue
andscope
is set totrue
, then the default behavior will be overridden, and Alert Logic appliance hosts will be included in scope (if they are in scope).Default:
False
qfields (string) – Optional comma-separated list of fields to be returned as part of the objects.
key
,type
anddeployment_id
are always returned. Both&qfields=object.field
and&qfields=field
are acceptable; in the latter case all objects will be filtered.query_format (string) –
A query string parameter that defines what query syntax is used. (default:
v1
)Valid values:
v1
,v2
reduce (boolean) – Callers should pass
reduce=true
to reduce repeated assets in the return data when possible. (default:false
)return_count (boolean) – Execute the query and return a single matching row count instead of the assets data itself. (default:
false
)return_types (string) – A query string parameter representing the names of assets in
asset_types
to retrieve. The types are a comma-separated list of asset names that must be a subset of the names inasset_types
. Whenreturn_types
is provided, only the specified subset ofasset_types
is returned in each row. For example, ifasset_types
ish:host,s:subnet,v:vpc
andreturn_types
ish,s
, assets will query for rows matchinghost,subnet,vpc
but will only return the first two columns of each row in the result. This can be used to require relationships and provide filters around them without actually requiring that the data be returned.scope (boolean) –
Flag that determines whether to apply deployment scope when gathering assets for the query. If set to
true
, only assets in the deployment scope will be returned in the query results.Default:
False
topo_chain (boolean) –
Flag designed to modify the behavior of the Assets Query finder. If set to
true
(default), it will find the assets by its topological path (deployment -> region -> vpc -> …). If set tofalse
, it will retrieve all matching assets regardless of their topology path. Note thattopo_chain=false
may include assets with broken path to the response (e.g. a host without a relationship to a subnet).Default:
True
- Return type
dict
- Returns
Response Syntax
{ 'assets': [ [ { 'account_id': 'string', 'created_on': 'number', 'deployment_id': 'string', 'key': 'string', 'modified_on': 'number', 'name': 'string', 'type': 'string', 'version': 'number' } ] ], 'rows': 'integer' }
Response Definitions
assets (list) –
(list) –
(dict) –
account_id (string) –
AIMS account ID
created_on (number) –
Milliseconds since Unix Epoch
deployment_id (string) –
Deployment ID
key (string) –
Asset Key
modified_on (number) –
Milliseconds since Unix Epoch
name (string) –
Asset Name
type (string) –
Asset Type
version (number) –
Object Version
rows (integer) –
-
query_deployment_assets
(**kwargs)¶ Return a list of related assets in a single deployment.
Request Syntax
response = client.query_deployment_assets( account_id='string' asset_types='string' deployment_id='string' filter={} filter_relationships={} include_alertlogic_security='False|True' qfields='string' query_format='v1'|'v2' reduce='False|True' return_count='False|True' return_types='string' scope='False|True' topo_chain='False|True' )
- Parameters
account_id (string) –
[REQUIRED]
The AIMS account ID whose assets are being accessed. Only valid account IDs are acceptable. Invalid account IDs result in an
HTTP 404 Not Found
orHTTP 403 Forbidden
, depending on the client’s access level.asset_types (string) –
A query string parameter representing the types of assets to retrieve, as described in Typed queries.
tag
asset type is handled specially and, if used, may only be the last asset type.]deployment_id (string) –
[REQUIRED]
The ID of the deployment source as represented in the deployments service (uppercase UUID).
filter (dict) –
Filters and variables, as described in Filtering assets.
filter_relationships (dict) – A constraint on the existence of a relationship between the given asset types. The lefthand asset_type must be present in the
asset_types
parameter. If set totrue
, only rows with an asset of the givenasset_type
that is related to one or more assets of therelated_asset_type
will be returned. If set tofalse
, only rows with an asset of the givenasset_type
that is not related to one or more assets of therelated_asset_type
will be returned.include_alertlogic_security (boolean) –
Flag that determines whether to include hosts with the
alertlogic_security
property set totrue
(that is, hosts that are Alert Logic appliances) whenscope
is set totrue
. By default, these appliances are not returned in query results whenscope
is set totrue
. Ifinclude_alertlogic_security
is set totrue
andscope
is set totrue
, then the default behavior will be overridden, and Alert Logic appliance hosts will be included in scope (if they are in scope).Default:
False
qfields (string) – Optional comma-separated list of fields to be returned as part of the objects.
key
,type
anddeployment_id
are always returned. Both&qfields=object.field
and&qfields=field
are acceptable; in the latter case all objects will be filtered.query_format (string) –
A query string parameter that defines what query syntax is used. (default:
v1
)Valid values:
v1
,v2
reduce (boolean) – Callers should pass
reduce=true
to reduce repeated assets in the return data when possible. (default:false
)return_count (boolean) – Execute the query and return a single matching row count instead of the assets data itself. (default:
false
)return_types (string) – A query string parameter representing the names of assets in
asset_types
to retrieve. The types are a comma-separated list of asset names that must be a subset of the names inasset_types
. Whenreturn_types
is provided, only the specified subset ofasset_types
is returned in each row. For example, ifasset_types
ish:host,s:subnet,v:vpc
andreturn_types
ish,s
, assets will query for rows matchinghost,subnet,vpc
but will only return the first two columns of each row in the result. This can be used to require relationships and provide filters around them without actually requiring that the data be returned.scope (boolean) –
Flag that determines whether to apply deployment scope when gathering assets for the query. If set to
true
, only assets in the deployment scope will be returned in the query results.Default:
False
topo_chain (boolean) –
Flag designed to modify the behavior of the Assets Query finder. If set to
true
(default), it will find the assets by its topological path (deployment -> region -> vpc -> …). If set tofalse
, it will retrieve all matching assets regardless of their topology path. Note thattopo_chain=false
may include assets with broken path to the response (e.g. a host without a relationship to a subnet).Default:
True
- Return type
dict
- Returns
Response Syntax
{ 'assets': [ [ { 'account_id': 'string', 'created_on': 'number', 'deployment_id': 'string', 'key': 'string', 'modified_on': 'number', 'name': 'string', 'type': 'string', 'version': 'number' } ] ], 'rows': 'integer' }
Response Definitions
assets (list) –
(list) –
(dict) –
account_id (string) –
AIMS account ID
created_on (number) –
Milliseconds since Unix Epoch
deployment_id (string) –
Deployment ID
key (string) –
Asset Key
modified_on (number) –
Milliseconds since Unix Epoch
name (string) –
Asset Name
type (string) –
Asset Type
version (number) –
Object Version
rows (integer) –
-
query_exposures
(**kwargs)¶ Groups vulnerabilities for an account by exposure (by default), remediation, or vulnerable asset. In combination with filtering, it’s easy to view vulnerabilities across your account in the manner most appropriate.
Note: exposures uses a
threatiness
property which is an internal measurement used for relative comparison and is not considered useful to customers.Vulnerabilities can be filtered using the
filter
parameter in the query string. Thefilter
param can be used multiple times. The remediation filters documented above are allowed.Request Syntax
response = client.query_exposures( account_id='string' concluded='true'|'false'|'all' details='False|True' disposed='true'|'false'|'all' filter=[ 'None' ] group='asset'|'exposure'|'remediation' include_exposures='False|True' include_filters='False|True' include_remediation_items='False|True' include_remediations='False|True' limit='integer' scope='False|True' sort='asset_count'|'exposures_count'|'severity'|'threatiness'|'vinstances_count' )
- Parameters
account_id (string) –
[REQUIRED]
The AIMS account ID whose assets are being accessed. Only valid account IDs are acceptable. Invalid account IDs result in an
HTTP 404 Not Found
orHTTP 403 Forbidden
, depending on the client’s access level.concluded (string) –
Filters remediations included in the summary based on the state of vulnerabilities. Possible values are:
true
- only concludedfalse
- only not concludedall
- both
Valid values:
true
,false
,all
Default:
false
details (boolean) –
Controls whether
vinstances
are returned in the response body. Only valid ifgroup
is notasset
.Default:
False
disposed (string) –
Filters remediations included in the summary based on the state of vulnerabilities. Possible values are:
true
- only disposedfalse
- only not disposedall
- both
Valid values:
true
,false
,all
Default:
false
filter (list) –
A filter to apply to the assets for which remediations and vulnerabilities are being requested. Multiple filter parameters may be supplied. The section on remediation filters above covers them in detail. Note: hosts may be used as filters (e.g.
filter=host:/aws/us-east-1/host/i-1234567
), which will restrict the scope of the remediations return to just the single host key provided. However, hosts will not be returned as filters in remediations responses (returning all hosts as filters would be untenable in a deployment of significant size).group (string) –
The object type to arrange the vulnerabilities in the response by. Allowed values are:
asset
: group vulnerabilities by vulnerable assetexposure
: group vulnerabilities by exposureremediation
: group vulnerabilities by remediation
Valid values:
asset
,exposure
,remediation
Default:
remediation
include_exposures (boolean) –
Controls whether
exposures
are returned in the response body. Only valid ifgroup
isexposure
orasset
.Default:
True
include_filters (boolean) –
Controls whether
filters
are returned.Default:
True
include_remediation_items (boolean) –
Controls whether
remediation_items
are returned in the response body.Default:
False
include_remediations (boolean) –
Controls whether
remediations
are returned.Default:
True
limit (integer) – If given, limit the returned results to the first N items. The summary and filters, if returned, will be computed exclusively from the limited results (not the full result set). Note that it limits the number of exposures/remediations returned, but that the summary counts are generated based on the full data set before applying the limit.
scope (boolean) –
Whether to apply scope when gathering assets to include in the report.
Default:
True
sort (string) –
Controls how to order the exposures/remediations. Must be a CSV of at least one of the allowed values. Note that
asset_count
will not work withgroup=asset
.Valid values:
asset_count
,exposures_count
,severity
,threatiness
,vinstances_count
Default:
severity,threatiness
- Return type
dict
- Returns
Response Syntax
{ 'exposures': { 'assets': [ {} ], 'rows': 'integer' }, 'exposures_count': 'integer', 'filters': [ {} ], 'remediations': { 'assets': [ {} ], 'rows': 'integer' }, 'summary': { 'severities': { 'high': 'integer', 'info': 'integer', 'low': 'integer', 'medium': 'integer' } } }
Response Definitions
exposures (dict) –
In the response when
group
isexposures
or not set.assets (list) –
List of exposures assets.
(dict) –
rows (integer) –
Count of exposures assets returned.
exposures_count (integer) –
Count of exposures. Not present when
group
is notexposures
.filters (list) –
(dict) –
Filter item.
remediations (dict) –
In the response when
group
isremediations
.assets (list) –
List of remediation assets.
(dict) –
rows (integer) –
Count of remediation assets returned.
summary (dict) –
severities (dict) –
high (integer) –
info (integer) –
low (integer) –
medium (integer) –
-
query_exposures_post
(**kwargs)¶ Groups vulnerabilities for an account by exposure (by default), remediation, or vulnerable asset. In combination with filtering, it’s easy to view vulnerabilities across your account in the manner most appropriate.
Note: exposures uses a
threatiness
property which is an internal measurement used for relative comparison and is not considered useful for external purposes.Vulnerabilities can be filtered using the
filter
parameter in the query string. Thefilter
param can be used multiple times. The remediation filters documented above are allowed.Request Syntax
response = client.query_exposures_post( account_id='string' concluded='true'|'false'|'all' details='False|True' disposed='true'|'false'|'all' filters=[ 'string' ] group='asset'|'exposure'|'remediation' include_exposures='False|True' include_remediation_items='False|True' included_filters='False|True' included_remediations='False|True' limit='integer' scope='False|True' sort='asset_count'|'exposures_count'|'severity'|'threatiness'|'vinstances_count' )
- Parameters
account_id (string) –
[REQUIRED]
The AIMS account ID whose assets are being accessed. Only valid account IDs are acceptable. Invalid account IDs result in an
HTTP 404 Not Found
orHTTP 403 Forbidden
, depending on the client’s access level.concluded (string) –
Filters remediations included in the summary based on the state of vulnerabilities. Possible values are:
true
- only concludedfalse
- only not concludedall
- both
Valid values:
true
,false
,all
Default:
false
details (boolean) –
Controls whether
vinstances
are returned in the response body. Only valid ifgroup
is notasset
.Default:
False
disposed (string) –
Filters remediations included in the summary based on the state of vulnerabilities. Possible values are:
true
- only disposedfalse
- only not disposedall
- both
Valid values:
true
,false
,all
Default:
false
filters (list) –
A filter to apply to the assets for which remediations and vulnerabilities are being requested. Multiple filter parameters may be supplied. The section on remediation filters above covers them in detail. Note: hosts may be used as filters (e.g.
filter=host:/aws/us-east-1/host/i-1234567
), which will restrict the scope of the remediations return to just the single host key provided. However, hosts will not be returned as filters in remediations responses (returning all hosts as filters would be untenable in a deployment of significant size).(string) –
group (string) –
The object type to arrange the vulnerabilities in the response by. Allowed values are:
asset
: group vulnerabilities by vulnerable assetexposure
: group vulnerabilities by exposureremediation
: group vulnerabilities by remediation
Valid values:
asset
,exposure
,remediation
Default:
remediation
include_exposures (boolean) –
Controls whether
exposures
are returned in the response body. Only valid ifgroup
isexposure
orasset
.Default:
True
include_remediation_items (boolean) –
Controls whether
remediation_items
are returned in the response body.Default:
False
included_filters (boolean) –
Controls whether
filters
are returned.Default:
True
included_remediations (boolean) –
Controls whether
remediations
are returned.Default:
True
limit (integer) – If given, limit the returned results to the first N items. The summary and filters, if returned, will be computed exclusively from the limited results (not the full result set). Note that it limits the number of exposures/remediations returned, but that the summary counts are generated based on the full data set before applying the limit.
scope (boolean) –
Whether to apply scope when gathering assets to include in the report.
Default:
True
sort (string) –
Controls how to order the exposures/remediations. Must be a CSV of at least one of the allowed values. Note that
asset_count
will not work withgroup=asset
.Valid values:
asset_count
,exposures_count
,severity
,threatiness
,vinstances_count
Default:
severity,threatiness
- Return type
dict
- Returns
Response Syntax
{ 'exposures': { 'assets': [ {} ], 'rows': 'integer' }, 'exposures_count': 'integer', 'filters': [ {} ], 'remediations': { 'assets': [ {} ], 'rows': 'integer' }, 'summary': { 'severities': { 'high': 'integer', 'info': 'integer', 'low': 'integer', 'medium': 'integer' } } }
Response Definitions
exposures (dict) –
In the response when
group
isexposures
or not set.assets (list) –
List of exposures assets.
(dict) –
rows (integer) –
Count of exposures assets returned.
exposures_count (integer) –
Count of exposures. Not present when
group
is notexposures
.filters (list) –
(dict) –
Filter item.
remediations (dict) –
In the response when
group
isremediations
.assets (list) –
List of remediation assets.
(dict) –
rows (integer) –
Count of remediation assets returned.
summary (dict) –
severities (dict) –
high (integer) –
info (integer) –
low (integer) –
medium (integer) –
-
query_remediation_items
(**kwargs)¶ Gets a list of remediation-items and an aggregation of filters associated with those remediation items. Filters similar to those in the Query Assets endpoint can be used with an item named
remediation-item
. Thefilters
field in the output is the union of allfilters
fields in all the returned remediation items.Note that the returned
remediation-item
can also be filtered by various direct properties:audit_id
: If theaudit_ids
param is passed, return onlyremediation-items
that match one of the givenaudit_id
s.deployment_id
: If thedeployment_ids
param is passed, return onlyremediation-items
that match one of the givendeployment_id
s.remediation_id
: If theremediation_ids
param is passed, return onlyremediation-items
that match one of the givenremediation_id
s.item_id
: If theremediation_item_ids
param is passed, return onlyremediation-items
that match one of the givenitem_id
s.vulnerability_id
: If thevulnerability_ids
param is passed, return onlyremediation-items
that match one of the givenvulnerability_id
s.The associated
remediation_item_id
is rendered on vinstances. Note:details=true
is required to see vinstances on exposures.
Request Syntax
response = client.query_remediation_items( account_id='string' audit_ids='string' deployment_ids='string' details='False|True' filter=[ 'None' ] group_by_audit_id='False|True' include_exposures='False|True' include_filters='False|True' remediation_ids='string' remediation_item_ids='string' state='string' vulnerability_ids='string' )
- Parameters
account_id (string) –
[REQUIRED]
The AIMS account ID whose assets are being accessed. Only valid account IDs are acceptable. Invalid account IDs result in an
HTTP 404 Not Found
orHTTP 403 Forbidden
, depending on the client’s access level.audit_ids (string) – A comma-separated list of
audit_id
s.deployment_ids (string) – A comma-separated list of deployment IDs.
details (boolean) –
Controls whether
vinstances
are returned in the response (inside eachexposure
in theexposures
property of eachremediation-item
. In order to work,include_exposures
must be set totrue
.Default:
False
filter (list) –
A filter to apply to the
remediation-items
in the account. Multiple filter parameters may be supplied. These filters are matched against thefilters
property of theremediation-item
asset; all given filters must match). Note that thecategory
filter is applied toexposures
associated with eachremediation-item
, not applied to theremediation-item
asset directly; theremediation-item
will be included in the result if the combinedcategories
of all exposures attached to theremediation-item
match the category filter. See the section on remediation filters which covers filters in detail.group_by_audit_id (boolean) –
Group returned
remediation-item
s by theiraudit_id
and uniquevulnerability_id
/remediation_id
. That is, if multipleremediation-item
s were disposed or concluded in a single request across distinctdeployment_id
s andfilters sets
, display these as a single record. Note that when this option is set totrue
, the following changes are applied to the response elements:All unique
deployment_id
attributes are stored in adeployment_ids
array.All
item_id
attributes are stored in anitem_ids
array.All
key
attributes are stored in akeys
array.categories
is rendered as the union of all the categories for all theremediation-item
s in each group.filters
is rendered as the union of all the filters for all theremediation-item
s in each group.exposures
from allremediation-items
are appended together.asset_count
,exposures_count
,severities
, andvinstances_count
are all summed across all groupedremediation-item
s.
Default:
False
include_exposures (boolean) –
Controls whether
exposures
are returned in eachremediation-item
in the response.Default:
True
include_filters (boolean) –
Controls whether
filters
are returned.Default:
True
remediation_ids (string) – A comma-separated list of remediation IDs.
remediation_item_ids (string) – A comma-separated list of remediation-item IDs.
state (string) – A comma-separated list of
remediation-item
states. If provided, only includeremediation-items
in any of the given states in the response.vulnerability_ids (string) – A comma-separated list of vulnerability IDs.
- Return type
dict
- Returns
Response Syntax
{ 'filters': [ 'None' ], 'remediation-items': { 'assets': { 'asset_count': 'integer', 'exposures': [ { 'asset_count': 'integer', 'vinstances': [ 'None' ], 'vinstances_count': 'integer', 'vulnerability_id': 'string' } ], 'filters': [ 'None' ], 'remediation': {}, 'remediation_id': 'string', 'vinstances_count': 'integer', 'vulnerability': {} } }, 'rows': 'integer', 'summary': { 'severities': {} } }
Response Definitions
filters (list) –
An array of filter strings. This is the union of all filters in the
remediation-items
returned in theremediation-items.assets
field. See the filters documentation.remediation-items (dict) –
An object containing the
remediation-items
in the response and their count.assets (dict) –
A list of objects representing
remediation-item
assets. Each asset represents a singleremediation-item
.asset_count (integer) –
The number of unique assets with an exposure associated to the
remediation-item
.exposures (list) –
A list of exposures associated to the
remediation-item
by remediation ID or vulnerability ID.(dict) –
asset_count (integer) –
The number of unique assets with an exposure associated to the
exposure
.vinstances (list) –
A list of
vinstance
objects associated to theexposure
which describe the vulnerable asset. Only present when thedetails
query parameter is set totrue
.vinstances_count (integer) –
The total number of vulnerable assets associated to the
exposure
.vulnerability_id (string) –
The vulnerability ID of the
exposure
.
filters (list) –
An array of filter strings applied to the
remediation-item
. See the filters documentation.remediation (dict) –
The remediation that the
remediation-item
is associated to. This is present regardless of whether theremediation-item
disposes exposures by remediation ID or vulnerability ID.remediation_id (string) –
The remediation ID that the
remediation-item
is associated to. This is only present if theremediation-item
disposes exposures by remediation ID.vinstances_count (integer) –
The total number of vulnerable assets associated to the
remediation-item
.vulnerability (dict) –
The vulnerability that the
remediation-item
is associated to. This is only present if theremediation-item
disposes exposures by vulnerability ID.
rows (integer) –
The number of rows in the
assets
list.summary (dict) –
A summary of the exposures included in the response
severities (dict) –
A summary of the total count of all exposures (
vinstances
) in allremediation-items
returned in the response, counted by severity (theall
sub-property contains the full count of all the other severities combined)
-
query_topology
(**kwargs)¶ Query given deployment assets topology.
Request Syntax
response = client.query_topology( account_id='string' deployment_id='string' disposed='true'|'false'|'all' extras='string' include_filters='False|True' include_remediations='False|True' )
- Parameters
account_id (string) –
[REQUIRED]
The AIMS account ID whose assets are being accessed. Only valid account IDs are acceptable. Invalid account IDs result in an
HTTP 404 Not Found
orHTTP 403 Forbidden
, depending on the client’s access level.deployment_id (string) –
[REQUIRED]
The ID of the deployment source as represented in the deployments service (uppercase UUID).
disposed (string) –
Filters remediations included in the summary based on the state of vulnerabilities. Possible values are:
true
- only disposedfalse
- only not disposedall
- both
Valid values:
true
,false
,all
Default:
false
extras (string) – A comma-delimited list of asset types to fetch in addition to the base topology.
include_filters (boolean) –
Controls whether
filters
are returned.Default:
True
include_remediations (boolean) –
Controls whether
remediations
are returned.Default:
True
- Return type
dict
- Returns
Response Syntax
{ 'extras': {}, 'topology': { 'assets': [ 'None' ] } }
Response Definitions
extras (dict) –
Extra assets are returned here if
extras
query param was set and such assets were found.topology (dict) –
assets (list) –
An array of assets objects containing
key
,type
,created_on
,threatiness
andthreatiness_level
.
-
undispose_remediations
(**kwargs)¶ Undispose (or unconclude) the given
remediation-item
(s) in the given deployment(s). Theremediation-items
, if they exist, are deleted immediately. Any vulnerability instances that were concluded or disposed by the remediation-item will be accordingly unconcluded and undisposed (that is, theirconcluded
anddisposed
properties will be set tofalse
). Note that ifdeployment_ids
query parameter is not set, the remediation item(s) will be removed from all deployments where they exist.Note that exactly one of
remediation_item_ids
oraudit_ids
may be provided. Ifaudit_ids
is passed, allremediation-item
s with any of the givenaudit_id
s will be undisposed/unconcluded. Additionally, ifaudit_ids
is passed, eitherremediation_ids
orvulnerability_ids
may be passed. If one of those is also given,remediation-item
s with one of the givenaudit_id
s and one of the givenremediation_id
s orvulnerability_id
s will be undisposed/unconcluded.Request Syntax
response = client.undispose_remediations( account_id='string' audit_ids='string' deployment_ids='string' remediation_ids='string' remediation_item_ids='string' vulnerability_ids='string' )
- Parameters
account_id (string) –
[REQUIRED]
The AIMS account ID whose assets are being accessed. Only valid account IDs are acceptable. Invalid account IDs result in an
HTTP 404 Not Found
orHTTP 403 Forbidden
, depending on the client’s access level.audit_ids (string) – A comma-separated list of
audit_id
s.deployment_ids (string) – A comma-separated list of deployment IDs.
remediation_ids (string) – A comma-separated list of remediation IDs.
remediation_item_ids (string) – A comma-separated list of remediation-item IDs.
vulnerability_ids (string) – A comma-separated list of vulnerability IDs.
- Returns
None