Fugue API (0.0.1)

Welcome to the Fugue API reference. For an interactive reference, see the Swagger UI.

Additional documentation:

See the API User Guide for more information.

Last updated 2022.03.17

Authentication

CustomerApiAuthorizer

Security Scheme Type API Key
Header parameter name: Authorization

environments

Lists details for all environments.

Lists details for all environments. Example API request here.

Authorizations:
query Parameters
offset
integer >= 0
Default: 0

Number of items to skip before returning. This parameter is used when the number of items spans multiple pages.

max_items
integer [ 1 .. 100 ]
Default: 100

Maximum number of items to return.

order_by
string
Default: "created_at"
Enum: "created_at" "name" "last_scan_at"

Field to sort the items by. Values - created_at, name, last_scan_at

order_direction
string
Default: "desc"
Enum: "asc" "desc"

Direction to sort the items in. Values - asc, desc

query
string [ 2 .. 1800 ] characters

A stringified JSON array of search parameters. Alternatively, you can use individual query parameter for the following filters - q.id, q.rule_id, q.resource_type, q.resource_provider, q.resource_id, q.name, and q.search. q.search looks across id, name, and rule_id

Responses

Response Schema: application/json
Array of objects (Environment) [ items ]

Paginated list of environments.

is_truncated
boolean

Indicates whether there are more items at the next offset.

next_offset
integer

Next offset to use to get the next page of items.

count
integer

Total number of items.

Response samples

Content type
application/json
{
  • "items": [
    • {
      • "id": "0f14323e-9e18-4167-bfcf-fa3a627a8f44",
      • "name": "Example CI/CD - All Regions",
      • "provider": "aws",
      • "tenant_id": "239cd8aa-aa1e-45cd-860d-f54772d43fb9",
      • "provider_options": {
        • "aws": {
          • "regions": [
            • "*"
            ],
          • "role_arn": "arn:aws:iam::123456789012:role/FugueRiskManager"
          }
        },
      • "compliance_families": [
        • "CIS-AWS_v1.3.0",
        • "Custom"
        ],
      • "baseline_id": null,
      • "drift": false,
      • "remediation": false,
      • "scan_status": "IN_PROGRESS",
      • "scan_interval": 86400,
      • "last_scan_at": null,
      • "next_scan_at": 1594369046,
      • "survey_resource_types": [
        • "AWS.EC2.SecurityGroup",
        • "AWS.EC2.Subnet",
        • "AWS.EC2.Vpc"
        ],
      • "remediate_resource_types": [
        • "AWS.EC2.SecurityGroup"
        ],
      • "scan_schedule_enabled": true
      },
    • {
      • "id": "fb578bdf-ed81-4782-a615-121212121212",
      • "name": "Azure Dev",
      • "provider": "azure",
      • "tenant_id": "239cd8aa-aa1e-45cd-860d-f54772d43fb9",
      • "provider_options": {
        • "azure": {
          • "tenant_id": "fa9764dc-0a50-4b7f-b5ed-767fc2033f48",
          • "subscription_id": "1327bd25-1546-4469-b2b6-b9844a100cb4",
          • "application_id": "76496035-1191-4b86-94ba-a470f8fabe16",
          • "survey_resource_groups": [
            • "rg-azure-testing",
            • "dev-centralus",
            • "dev-eastus",
            • "NetworkWatcherRG"
            ],
          • "remediate_resource_groups": [
            • "dev-centralus",
            • "dev-eastus",
            • "NetworkWatcherRG"
            ]
          }
        },
      • "compliance_families": [
        • "CIS-Azure_v1.1.0",
        • "CIS-Controls_v7.1",
        • "CSA-CCM_v3.0.1",
        • "GDPR_v2016",
        • "HIPAA_v2013",
        • "ISO-27001_v2013",
        • "NIST-800-53_vRev4",
        • "PCI-DSS_v3.2.1",
        • "SOC-2_v2017",
        • "Custom"
        ],
      • "baseline_id": "8fe8e761-f6c0-453e-ba05-987654321098",
      • "drift": true,
      • "remediation": false,
      • "scan_status": "SUCCESS",
      • "scan_interval": 86400,
      • "last_scan_at": 1594249387,
      • "next_scan_at": 1594335787,
      • "scan_schedule_enabled": true
      }
    ],
  • "count": 2,
  • "is_truncated": false,
  • "next_offset": null
}

Creates a new environment.

Creates a new environment. Example API request here.

Authorizations:
Request Body schema: application/json

Configuration options for the new environment.

name
string

Name of the environment.

provider
string
Enum: "aws" "aws_govcloud" "azure" "google" "repository"

Name of the service provider for the environment. Values - aws, aws_govcloud, azure, google, repository. (For Azure Government, use azure.)

object (ProviderOptions)

Provider options.

compliance_families
Array of strings

List of compliance families validated against the environment. Values - AWS-Well-Architected_v2020-07-02, CIS-AWS_v1.2.0, CIS-AWS_v1.3.0, CIS-AWS_v1.4.0, CIS-Azure_v1.1.0, CIS-Azure_v1.3.0, CIS-Docker_v1.2.0, CIS-Google_v1.1.0, CIS-Google_v1.2.0, CIS-Controls_v7.1, CSA-CCM_v3.0.1, GDPR_v2016, HIPAA_v2013, ISO-27001_v2013, NIST-800-53_vRev4, PCI-DSS_v3.2.1, SOC-2_v2017, FBP (AWS & AWS GovCloud only), Custom. The following values are deprecated - CIS, CISAZURE, CISCONTROLS, CISCONTROLSAZURE, CSACCM, GDPR, GDPRAZURE, HIPAA, HIPAAAZURE, ISO27001, ISO27001AZURE, NIST, NISTAZURE, PCI, PCIAZURE, SOC2, SOC2AZURE

survey_resource_types
Array of strings

List of resource types to be surveyed (aws and aws_govcloud only -- for azure, see ProviderOptionsAzure). Find resource types with GET /metadata/{provider}/resource_types or see Service Coverage.

remediate_resource_types
Array of strings

List of resource types to be enforced if enforcement is enabled (aws and aws_govcloud only). Find resource types with GET /metadata/{provider}/resource_types or see Service Coverage.

scan_schedule_enabled
boolean

Indicates if the new environment should have scans run on a schedule upon creation. Learn more about scan intervals.

scan_interval
integer >= 300

Time in seconds between the end of one scan to the start of the next. Must also set scan_schedule_enabled to true. Learn more about scan intervals.

Responses

Response Schema: application/json
id
string

ID of the environment.

tenant_id
string

ID of the tenant that owns the environment.

name
string

Name of the environment.

provider
string
Enum: "aws" "aws_govcloud" "azure" "google" "repository"

Name of the service provider for the environment. Values - aws, aws_govcloud, azure, google, repository. (For Azure Government, use azure.)

object (ProviderOptions)

Provider options.

compliance_families
Array of strings

List of compliance families validated against the environment. Values - AWS-Well-Architected_v2020-07-02, CIS-AWS_v1.2.0, CIS-AWS_v1.3.0, CIS-AWS_v1.4.0, CIS-Azure_v1.1.0, CIS-Azure_v1.3.0, CIS-Docker_v1.2.0, CIS-Google_v1.1.0, CIS-Google_v1.2.0, CIS-Controls_v7.1, CSA-CCM_v3.0.1, GDPR_v2016, HIPAA_v2013, ISO-27001_v2013, NIST-800-53_vRev4, PCI-DSS_v3.2.1, SOC-2_v2017, FBP (AWS & AWS GovCloud only), Custom. The following values are deprecated - CIS, CISAZURE, CISCONTROLS, CISCONTROLSAZURE, CSACCM, GDPR, GDPRAZURE, HIPAA, HIPAAAZURE, ISO27001, ISO27001AZURE, NIST, NISTAZURE, PCI, PCIAZURE, SOC2, SOC2AZURE

baseline_id
string

Scan ID of the baseline if baseline is enabled. Learn how to find a scan ID. Learn more about baselines, drift detection, and enforcement.

drift
boolean

Indicates whether drift detection is enabled for the environment. Learn more about baselines, drift detection, and enforcement.

remediation
boolean

Indicates whether enforcement is enabled for the environment. Enforcement is supported for AWS & AWS GovCloud. Learn more about baselines, drift detection, and enforcement.

scan_status
string
Enum: "CREATED" "QUEUED" "IN_PROGRESS" "ERROR" "SUCCESS" "CANCELED"

Status of the current or most recently completed scan for the environment. Values - CREATED, QUEUED, IN_PROGRESS, ERROR, SUCCESS, CANCELED

scan_interval
integer

Time in seconds between the end of one scan to the start of the next. Learn more about scan intervals.

last_scan_at
integer

When the current or most recently completed scan for the environment started, Unix time. Learn how to convert to or from Unix time in the API User Guide.

next_scan_at
integer

When the next scan will start, Unix time. Learn how to convert to or from Unix time in the API User Guide.

survey_resource_types
Array of strings

List of resource types surveyed for the environment(aws and aws_govcloud only -- for azure, see ProviderOptionsAzure). Find resource types with GET /metadata/{provider}/resource_types or see Service Coverage.

remediate_resource_types
Array of strings

List of resource types enforced for the environment if enforcement is enabled (aws and aws_govcloud only). Find resource types with GET /metadata/{provider}/resource_types or see Service Coverage.

scan_schedule_enabled
boolean

Indicates whether the environment should have scans run on a schedule. Learn more about scan intervals.

Request samples

Content type
application/json
{
  • "name": "Example CI/CD - All Regions",
  • "provider": "aws",
  • "provider_options": {
    • "aws": {
      • "regions": [
        • "*"
        ],
      • "role_arn": "arn:aws:iam::123456789012:role/FugueRiskManager"
      }
    },
  • "compliance_families": [
    • "CIS-AWS_v1.3.0"
    ],
  • "survey_resource_types": [
    • "AWS.EC2.SecurityGroup",
    • "AWS.EC2.Subnet",
    • "AWS.EC2.Vpc"
    ],
  • "remediate_resource_types": [
    • "AWS.EC2.SecurityGroup"
    ],
  • "scan_schedule_enabled": true,
  • "scan_interval": 86400
}

Response samples

Content type
application/json
{
  • "id": "0f14323e-9e18-4167-bfcf-fa3a627a8f44",
  • "name": "Example CI/CD - All Regions",
  • "provider": "aws",
  • "tenant_id": "239cd8aa-aa1e-45cd-860d-f54772d43fb9",
  • "provider_options": {
    • "aws": {
      • "regions": [
        • "*"
        ],
      • "role_arn": "arn:aws:iam::123456789012:role/FugueRiskManager"
      }
    },
  • "compliance_families": [
    • "CIS-AWS_v1.3.0",
    • "Custom"
    ],
  • "baseline_id": null,
  • "drift": false,
  • "remediation": false,
  • "scan_status": "IN_PROGRESS",
  • "scan_interval": 86400,
  • "last_scan_at": null,
  • "next_scan_at": 1594369046,
  • "survey_resource_types": [
    • "AWS.EC2.SecurityGroup",
    • "AWS.EC2.Subnet",
    • "AWS.EC2.Vpc"
    ],
  • "remediate_resource_types": [
    • "AWS.EC2.SecurityGroup"
    ],
  • "scan_schedule_enabled": true
}

Retrieves details and resource summary for an environment.

Retrieves details and resource summary for an environment. Example API request here.

Authorizations:
path Parameters
environment_id
required
string

Environment ID. Learn how to find your environment ID.

Responses

Response Schema: application/json
id
string

ID of the environment.

tenant_id
string

ID of the tenant that owns the environment.

name
string

Name of the environment.

provider
string
Enum: "aws" "aws_govcloud" "azure" "google" "repository"

Name of the service provider for the environment. Values - aws, aws_govcloud, azure, google, repository. (For Azure Government, use azure.)

object (ProviderOptions)

Provider options.

compliance_families
Array of strings

List of compliance families validated against the environment. Values - AWS-Well-Architected_v2020-07-02, CIS-AWS_v1.2.0, CIS-AWS_v1.3.0, CIS-AWS_v1.4.0, CIS-Azure_v1.1.0, CIS-Azure_v1.3.0, CIS-Docker_v1.2.0, CIS-Google_v1.1.0, CIS-Google_v1.2.0, CIS-Controls_v7.1, CSA-CCM_v3.0.1, GDPR_v2016, HIPAA_v2013, ISO-27001_v2013, NIST-800-53_vRev4, PCI-DSS_v3.2.1, SOC-2_v2017, FBP (AWS & AWS GovCloud only), Custom. The following values are deprecated - CIS, CISAZURE, CISCONTROLS, CISCONTROLSAZURE, CSACCM, GDPR, GDPRAZURE, HIPAA, HIPAAAZURE, ISO27001, ISO27001AZURE, NIST, NISTAZURE, PCI, PCIAZURE, SOC2, SOC2AZURE

baseline_id
string

Scan ID of the baseline if baseline is enabled. Learn how to find a scan ID. Learn more about baselines, drift detection, and enforcement.

drift
boolean

Indicates whether drift detection is enabled for the environment. Learn more about baselines, drift detection, and enforcement.

remediation
boolean

Indicates whether enforcement is enabled for the environment. Enforcement is supported for AWS & AWS GovCloud. Learn more about baselines, drift detection, and enforcement.

scan_status
string
Enum: "CREATED" "QUEUED" "IN_PROGRESS" "ERROR" "SUCCESS" "CANCELED"

Status of the current or most recently completed scan for the environment. Values - CREATED, QUEUED, IN_PROGRESS, ERROR, SUCCESS, CANCELED

scan_interval
integer

Time in seconds between the end of one scan to the start of the next. Learn more about scan intervals.

last_scan_at
integer

When the current or most recently completed scan for the environment started, Unix time. Learn how to convert to or from Unix time in the API User Guide.

next_scan_at
integer

When the next scan will start, Unix time. Learn how to convert to or from Unix time in the API User Guide.

survey_resource_types
Array of strings

List of resource types surveyed for the environment(aws and aws_govcloud only -- for azure, see ProviderOptionsAzure). Find resource types with GET /metadata/{provider}/resource_types or see Service Coverage.

remediate_resource_types
Array of strings

List of resource types enforced for the environment if enforcement is enabled (aws and aws_govcloud only). Find resource types with GET /metadata/{provider}/resource_types or see Service Coverage.

scan_schedule_enabled
boolean

Indicates whether the environment should have scans run on a schedule. Learn more about scan intervals.

object (ResourceSummary)

Summary of resources for a scan.

Response samples

Content type
application/json
{
  • "id": "0f14323e-9e18-4167-bfcf-fa3a627a8f44",
  • "name": "Example CI/CD - All Regions",
  • "provider": "aws",
  • "tenant_id": "239cd8aa-aa1e-45cd-860d-f54772d43fb9",
  • "provider_options": {
    • "aws": {
      • "regions": [
        • "*"
        ],
      • "role_arn": "arn:aws:iam::123456789012:role/FugueRiskManager"
      }
    },
  • "compliance_families": [
    • "CIS-AWS_v1.3.0",
    • "Custom"
    ],
  • "baseline_id": null,
  • "drift": false,
  • "remediation": false,
  • "scan_status": "SUCCESS",
  • "scan_interval": 86400,
  • "last_scan_at": 1594369180,
  • "next_scan_at": 1594455580,
  • "survey_resource_types": [
    • "AWS.EC2.SecurityGroup",
    • "AWS.EC2.Subnet",
    • "AWS.EC2.Vpc"
    ],
  • "remediate_resource_types": [
    • "AWS.EC2.SecurityGroup"
    ],
  • "scan_schedule_enabled": true,
  • "resource_summary": {
    • "total": 139,
    • "compliant": 121,
    • "noncompliant": 18,
    • "rules_passed": 46,
    • "rules_failed": 1,
    • "resource_types": 3,
    • "families": [
      • {
        • "family": "CIS-AWS_v1.3.0",
        • "compliant": 58,
        • "noncompliant": 18,
        • "rules_passed": 42,
        • "rules_failed": 1
        },
      • {
        • "family": "Custom",
        • "compliant": 52,
        • "noncompliant": 0,
        • "rules_passed": 4,
        • "rules_failed": 0
        }
      ]
    }
}

Updates an environment.

Updates an environment. Example API request here.

Authorizations:
path Parameters
environment_id
required
string

Environment ID. Learn how to find your environment ID.

Request Body schema: application/json

Environment details to update.

name
string

Name of the environment.

provider
string
Enum: "aws" "aws_govcloud" "azure" "google" "repository"

Name of the service provider for the environment. Values - aws, aws_govcloud, azure, google, repository. (For Azure Government, use azure.)

object (ProviderOptionsUpdateInput)

Mutable provider options.

compliance_families
Array of strings

List of compliance families validated against the environment. Values - AWS-Well-Architected_v2020-07-02, CIS-AWS_v1.2.0, CIS-AWS_v1.3.0, CIS-AWS_v1.4.0, CIS-Azure_v1.1.0, CIS-Azure_v1.3.0, CIS-Docker_v1.2.0, CIS-Google_v1.1.0, CIS-Google_v1.2.0, CIS-Controls_v7.1, CSA-CCM_v3.0.1, GDPR_v2016, HIPAA_v2013, ISO-27001_v2013, NIST-800-53_vRev4, PCI-DSS_v3.2.1, SOC-2_v2017, FBP (AWS & AWS GovCloud only), Custom. The following values are deprecated - CIS, CISAZURE, CISCONTROLS, CISCONTROLSAZURE, CSACCM, GDPR, GDPRAZURE, HIPAA, HIPAAAZURE, ISO27001, ISO27001AZURE, NIST, NISTAZURE, PCI, PCIAZURE, SOC2, SOC2AZURE

baseline_id
string

Scan ID of the baseline if baseline is enabled. Learn how to find a scan ID. Learn more about baselines, drift detection, and enforcement.

remediation
boolean

Indicates whether enforcement is enabled for the environment. Enforcement is supported for AWS & AWS GovCloud. Learn more about baselines, drift detection, and enforcement.

survey_resource_types
Array of strings

List of resource types surveyed for the environment (aws and aws_govcloud only -- for azure, see ProviderOptionsAzureUpdateInput). Find resource types with GET /metadata/{provider}/resource_types or see Service Coverage.

remediate_resource_types
Array of strings

List of resource types enforced for the environment if enforcement is enabled (aws and aws_govcloud only). Find resource types with GET /metadata/{provider}/resource_types or see Service Coverage. Learn more about baselines, drift detection, and enforcement.

scan_schedule_enabled
boolean

Indicates whether an environment is scanned on a schedule. Learn more about scan intervals.

scan_interval
integer >= 300

Time in seconds between the end of one scan to the start of the next. Must also set scan_schedule_enabled to true. Learn more about scan intervals.

Responses

Response Schema: application/json
id
string

ID of the environment.

tenant_id
string

ID of the tenant that owns the environment.

name
string

Name of the environment.

provider
string
Enum: "aws" "aws_govcloud" "azure" "google" "repository"

Name of the service provider for the environment. Values - aws, aws_govcloud, azure, google, repository. (For Azure Government, use azure.)

object (ProviderOptions)

Provider options.

compliance_families
Array of strings

List of compliance families validated against the environment. Values - AWS-Well-Architected_v2020-07-02, CIS-AWS_v1.2.0, CIS-AWS_v1.3.0, CIS-AWS_v1.4.0, CIS-Azure_v1.1.0, CIS-Azure_v1.3.0, CIS-Docker_v1.2.0, CIS-Google_v1.1.0, CIS-Google_v1.2.0, CIS-Controls_v7.1, CSA-CCM_v3.0.1, GDPR_v2016, HIPAA_v2013, ISO-27001_v2013, NIST-800-53_vRev4, PCI-DSS_v3.2.1, SOC-2_v2017, FBP (AWS & AWS GovCloud only), Custom. The following values are deprecated - CIS, CISAZURE, CISCONTROLS, CISCONTROLSAZURE, CSACCM, GDPR, GDPRAZURE, HIPAA, HIPAAAZURE, ISO27001, ISO27001AZURE, NIST, NISTAZURE, PCI, PCIAZURE, SOC2, SOC2AZURE

baseline_id
string

Scan ID of the baseline if baseline is enabled. Learn how to find a scan ID. Learn more about baselines, drift detection, and enforcement.

drift
boolean

Indicates whether drift detection is enabled for the environment. Learn more about baselines, drift detection, and enforcement.

remediation
boolean

Indicates whether enforcement is enabled for the environment. Enforcement is supported for AWS & AWS GovCloud. Learn more about baselines, drift detection, and enforcement.

scan_status
string
Enum: "CREATED" "QUEUED" "IN_PROGRESS" "ERROR" "SUCCESS" "CANCELED"

Status of the current or most recently completed scan for the environment. Values - CREATED, QUEUED, IN_PROGRESS, ERROR, SUCCESS, CANCELED

scan_interval
integer

Time in seconds between the end of one scan to the start of the next. Learn more about scan intervals.

last_scan_at
integer

When the current or most recently completed scan for the environment started, Unix time. Learn how to convert to or from Unix time in the API User Guide.

next_scan_at
integer

When the next scan will start, Unix time. Learn how to convert to or from Unix time in the API User Guide.

survey_resource_types
Array of strings

List of resource types surveyed for the environment(aws and aws_govcloud only -- for azure, see ProviderOptionsAzure). Find resource types with GET /metadata/{provider}/resource_types or see Service Coverage.

remediate_resource_types
Array of strings

List of resource types enforced for the environment