Welcome to the Fugue API reference. For an interactive reference, see the Swagger UI.
Additional documentation:
See the API User Guide for more information.
Last updated 2022.03.17
Lists details for all environments. Example API request here.
offset | integer >= 0 Default: 0 Number of items to skip before returning. This parameter is used when the number of items spans multiple pages. |
max_items | integer [ 1 .. 100 ] Default: 100 Maximum number of items to return. |
order_by | string Default: "created_at" Enum: "created_at" "name" "last_scan_at" Field to sort the items by. Values - created_at, name, last_scan_at |
order_direction | string Default: "desc" Enum: "asc" "desc" Direction to sort the items in. Values - asc, desc |
query | string [ 2 .. 1800 ] characters A stringified JSON array of search parameters. Alternatively, you can use individual query parameter for the following filters - q.id, q.rule_id, q.resource_type, q.resource_provider, q.resource_id, q.name, and q.search. q.search looks across id, name, and rule_id |
Array of objects (Environment) [ items ] Paginated list of environments. | |
is_truncated | boolean Indicates whether there are more items at the next offset. |
next_offset | integer Next offset to use to get the next page of items. |
count | integer Total number of items. |
{- "items": [
- {
- "id": "0f14323e-9e18-4167-bfcf-fa3a627a8f44",
- "name": "Example CI/CD - All Regions",
- "provider": "aws",
- "tenant_id": "239cd8aa-aa1e-45cd-860d-f54772d43fb9",
- "provider_options": {
- "aws": {
- "regions": [
- "*"
], - "role_arn": "arn:aws:iam::123456789012:role/FugueRiskManager"
}
}, - "compliance_families": [
- "CIS-AWS_v1.3.0",
- "Custom"
], - "baseline_id": null,
- "drift": false,
- "remediation": false,
- "scan_status": "IN_PROGRESS",
- "scan_interval": 86400,
- "last_scan_at": null,
- "next_scan_at": 1594369046,
- "survey_resource_types": [
- "AWS.EC2.SecurityGroup",
- "AWS.EC2.Subnet",
- "AWS.EC2.Vpc"
], - "remediate_resource_types": [
- "AWS.EC2.SecurityGroup"
], - "scan_schedule_enabled": true
}, - {
- "id": "fb578bdf-ed81-4782-a615-121212121212",
- "name": "Azure Dev",
- "provider": "azure",
- "tenant_id": "239cd8aa-aa1e-45cd-860d-f54772d43fb9",
- "provider_options": {
- "azure": {
- "tenant_id": "fa9764dc-0a50-4b7f-b5ed-767fc2033f48",
- "subscription_id": "1327bd25-1546-4469-b2b6-b9844a100cb4",
- "application_id": "76496035-1191-4b86-94ba-a470f8fabe16",
- "survey_resource_groups": [
- "rg-azure-testing",
- "dev-centralus",
- "dev-eastus",
- "NetworkWatcherRG"
], - "remediate_resource_groups": [
- "dev-centralus",
- "dev-eastus",
- "NetworkWatcherRG"
]
}
}, - "compliance_families": [
- "CIS-Azure_v1.1.0",
- "CIS-Controls_v7.1",
- "CSA-CCM_v3.0.1",
- "GDPR_v2016",
- "HIPAA_v2013",
- "ISO-27001_v2013",
- "NIST-800-53_vRev4",
- "PCI-DSS_v3.2.1",
- "SOC-2_v2017",
- "Custom"
], - "baseline_id": "8fe8e761-f6c0-453e-ba05-987654321098",
- "drift": true,
- "remediation": false,
- "scan_status": "SUCCESS",
- "scan_interval": 86400,
- "last_scan_at": 1594249387,
- "next_scan_at": 1594335787,
- "scan_schedule_enabled": true
}
], - "count": 2,
- "is_truncated": false,
- "next_offset": null
}
Creates a new environment. Example API request here.
Configuration options for the new environment.
name | string Name of the environment. |
provider | string Enum: "aws" "aws_govcloud" "azure" "google" "repository" Name of the service provider for the environment. Values - |
object (ProviderOptions) Provider options. | |
compliance_families | Array of strings List of compliance families validated against the environment. Values - AWS-Well-Architected_v2020-07-02, CIS-AWS_v1.2.0, CIS-AWS_v1.3.0, CIS-AWS_v1.4.0, CIS-Azure_v1.1.0, CIS-Azure_v1.3.0, CIS-Docker_v1.2.0, CIS-Google_v1.1.0, CIS-Google_v1.2.0, CIS-Controls_v7.1, CSA-CCM_v3.0.1, GDPR_v2016, HIPAA_v2013, ISO-27001_v2013, NIST-800-53_vRev4, PCI-DSS_v3.2.1, SOC-2_v2017, FBP (AWS & AWS GovCloud only), Custom. The following values are deprecated - CIS, CISAZURE, CISCONTROLS, CISCONTROLSAZURE, CSACCM, GDPR, GDPRAZURE, HIPAA, HIPAAAZURE, ISO27001, ISO27001AZURE, NIST, NISTAZURE, PCI, PCIAZURE, SOC2, SOC2AZURE |
survey_resource_types | Array of strings List of resource types to be surveyed ( |
remediate_resource_types | Array of strings List of resource types to be enforced if enforcement is enabled ( |
scan_schedule_enabled | boolean Indicates if the new environment should have scans run on a schedule upon creation. Learn more about scan intervals. |
scan_interval | integer >= 300 Time in seconds between the end of one scan to the start of the next. Must also set scan_schedule_enabled to true. Learn more about scan intervals. |
id | string ID of the environment. |
tenant_id | string ID of the tenant that owns the environment. |
name | string Name of the environment. |
provider | string Enum: "aws" "aws_govcloud" "azure" "google" "repository" Name of the service provider for the environment. Values - |
object (ProviderOptions) Provider options. | |
compliance_families | Array of strings List of compliance families validated against the environment. Values - AWS-Well-Architected_v2020-07-02, CIS-AWS_v1.2.0, CIS-AWS_v1.3.0, CIS-AWS_v1.4.0, CIS-Azure_v1.1.0, CIS-Azure_v1.3.0, CIS-Docker_v1.2.0, CIS-Google_v1.1.0, CIS-Google_v1.2.0, CIS-Controls_v7.1, CSA-CCM_v3.0.1, GDPR_v2016, HIPAA_v2013, ISO-27001_v2013, NIST-800-53_vRev4, PCI-DSS_v3.2.1, SOC-2_v2017, FBP (AWS & AWS GovCloud only), Custom. The following values are deprecated - CIS, CISAZURE, CISCONTROLS, CISCONTROLSAZURE, CSACCM, GDPR, GDPRAZURE, HIPAA, HIPAAAZURE, ISO27001, ISO27001AZURE, NIST, NISTAZURE, PCI, PCIAZURE, SOC2, SOC2AZURE |
baseline_id | string Scan ID of the baseline if baseline is enabled. Learn how to find a scan ID. Learn more about baselines, drift detection, and enforcement. |
drift | boolean Indicates whether drift detection is enabled for the environment. Learn more about baselines, drift detection, and enforcement. |
remediation | boolean Indicates whether enforcement is enabled for the environment. Enforcement is supported for AWS & AWS GovCloud. Learn more about baselines, drift detection, and enforcement. |
scan_status | string Enum: "CREATED" "QUEUED" "IN_PROGRESS" "ERROR" "SUCCESS" "CANCELED" Status of the current or most recently completed scan for the environment. Values - CREATED, QUEUED, IN_PROGRESS, ERROR, SUCCESS, CANCELED |
scan_interval | integer Time in seconds between the end of one scan to the start of the next. Learn more about scan intervals. |
last_scan_at | integer When the current or most recently completed scan for the environment started, Unix time. Learn how to convert to or from Unix time in the API User Guide. |
next_scan_at | integer When the next scan will start, Unix time. Learn how to convert to or from Unix time in the API User Guide. |
survey_resource_types | Array of strings List of resource types surveyed for the environment( |
remediate_resource_types | Array of strings List of resource types enforced for the environment if enforcement is enabled ( |
scan_schedule_enabled | boolean Indicates whether the environment should have scans run on a schedule. Learn more about scan intervals. |
{- "name": "Example CI/CD - All Regions",
- "provider": "aws",
- "provider_options": {
- "aws": {
- "regions": [
- "*"
], - "role_arn": "arn:aws:iam::123456789012:role/FugueRiskManager"
}
}, - "compliance_families": [
- "CIS-AWS_v1.3.0"
], - "survey_resource_types": [
- "AWS.EC2.SecurityGroup",
- "AWS.EC2.Subnet",
- "AWS.EC2.Vpc"
], - "remediate_resource_types": [
- "AWS.EC2.SecurityGroup"
], - "scan_schedule_enabled": true,
- "scan_interval": 86400
}
{- "id": "0f14323e-9e18-4167-bfcf-fa3a627a8f44",
- "name": "Example CI/CD - All Regions",
- "provider": "aws",
- "tenant_id": "239cd8aa-aa1e-45cd-860d-f54772d43fb9",
- "provider_options": {
- "aws": {
- "regions": [
- "*"
], - "role_arn": "arn:aws:iam::123456789012:role/FugueRiskManager"
}
}, - "compliance_families": [
- "CIS-AWS_v1.3.0",
- "Custom"
], - "baseline_id": null,
- "drift": false,
- "remediation": false,
- "scan_status": "IN_PROGRESS",
- "scan_interval": 86400,
- "last_scan_at": null,
- "next_scan_at": 1594369046,
- "survey_resource_types": [
- "AWS.EC2.SecurityGroup",
- "AWS.EC2.Subnet",
- "AWS.EC2.Vpc"
], - "remediate_resource_types": [
- "AWS.EC2.SecurityGroup"
], - "scan_schedule_enabled": true
}
Retrieves details and resource summary for an environment. Example API request here.
environment_id required | string Environment ID. Learn how to find your environment ID. |
id | string ID of the environment. |
tenant_id | string ID of the tenant that owns the environment. |
name | string Name of the environment. |
provider | string Enum: "aws" "aws_govcloud" "azure" "google" "repository" Name of the service provider for the environment. Values - |
object (ProviderOptions) Provider options. | |
compliance_families | Array of strings List of compliance families validated against the environment. Values - AWS-Well-Architected_v2020-07-02, CIS-AWS_v1.2.0, CIS-AWS_v1.3.0, CIS-AWS_v1.4.0, CIS-Azure_v1.1.0, CIS-Azure_v1.3.0, CIS-Docker_v1.2.0, CIS-Google_v1.1.0, CIS-Google_v1.2.0, CIS-Controls_v7.1, CSA-CCM_v3.0.1, GDPR_v2016, HIPAA_v2013, ISO-27001_v2013, NIST-800-53_vRev4, PCI-DSS_v3.2.1, SOC-2_v2017, FBP (AWS & AWS GovCloud only), Custom. The following values are deprecated - CIS, CISAZURE, CISCONTROLS, CISCONTROLSAZURE, CSACCM, GDPR, GDPRAZURE, HIPAA, HIPAAAZURE, ISO27001, ISO27001AZURE, NIST, NISTAZURE, PCI, PCIAZURE, SOC2, SOC2AZURE |
baseline_id | string Scan ID of the baseline if baseline is enabled. Learn how to find a scan ID. Learn more about baselines, drift detection, and enforcement. |
drift | boolean Indicates whether drift detection is enabled for the environment. Learn more about baselines, drift detection, and enforcement. |
remediation | boolean Indicates whether enforcement is enabled for the environment. Enforcement is supported for AWS & AWS GovCloud. Learn more about baselines, drift detection, and enforcement. |
scan_status | string Enum: "CREATED" "QUEUED" "IN_PROGRESS" "ERROR" "SUCCESS" "CANCELED" Status of the current or most recently completed scan for the environment. Values - CREATED, QUEUED, IN_PROGRESS, ERROR, SUCCESS, CANCELED |
scan_interval | integer Time in seconds between the end of one scan to the start of the next. Learn more about scan intervals. |
last_scan_at | integer When the current or most recently completed scan for the environment started, Unix time. Learn how to convert to or from Unix time in the API User Guide. |
next_scan_at | integer When the next scan will start, Unix time. Learn how to convert to or from Unix time in the API User Guide. |
survey_resource_types | Array of strings List of resource types surveyed for the environment( |
remediate_resource_types | Array of strings List of resource types enforced for the environment if enforcement is enabled ( |
scan_schedule_enabled | boolean Indicates whether the environment should have scans run on a schedule. Learn more about scan intervals. |
object (ResourceSummary) Summary of resources for a scan. |
{- "id": "0f14323e-9e18-4167-bfcf-fa3a627a8f44",
- "name": "Example CI/CD - All Regions",
- "provider": "aws",
- "tenant_id": "239cd8aa-aa1e-45cd-860d-f54772d43fb9",
- "provider_options": {
- "aws": {
- "regions": [
- "*"
], - "role_arn": "arn:aws:iam::123456789012:role/FugueRiskManager"
}
}, - "compliance_families": [
- "CIS-AWS_v1.3.0",
- "Custom"
], - "baseline_id": null,
- "drift": false,
- "remediation": false,
- "scan_status": "SUCCESS",
- "scan_interval": 86400,
- "last_scan_at": 1594369180,
- "next_scan_at": 1594455580,
- "survey_resource_types": [
- "AWS.EC2.SecurityGroup",
- "AWS.EC2.Subnet",
- "AWS.EC2.Vpc"
], - "remediate_resource_types": [
- "AWS.EC2.SecurityGroup"
], - "scan_schedule_enabled": true,
- "resource_summary": {
- "total": 139,
- "compliant": 121,
- "noncompliant": 18,
- "rules_passed": 46,
- "rules_failed": 1,
- "resource_types": 3,
- "families": [
- {
- "family": "CIS-AWS_v1.3.0",
- "compliant": 58,
- "noncompliant": 18,
- "rules_passed": 42,
- "rules_failed": 1
}, - {
- "family": "Custom",
- "compliant": 52,
- "noncompliant": 0,
- "rules_passed": 4,
- "rules_failed": 0
}
]
}
}
Updates an environment. Example API request here.
environment_id required | string Environment ID. Learn how to find your environment ID. |
Environment details to update.
name | string Name of the environment. |
provider | string Enum: "aws" "aws_govcloud" "azure" "google" "repository" Name of the service provider for the environment. Values - |
object (ProviderOptionsUpdateInput) Mutable provider options. | |
compliance_families | Array of strings List of compliance families validated against the environment. Values - AWS-Well-Architected_v2020-07-02, CIS-AWS_v1.2.0, CIS-AWS_v1.3.0, CIS-AWS_v1.4.0, CIS-Azure_v1.1.0, CIS-Azure_v1.3.0, CIS-Docker_v1.2.0, CIS-Google_v1.1.0, CIS-Google_v1.2.0, CIS-Controls_v7.1, CSA-CCM_v3.0.1, GDPR_v2016, HIPAA_v2013, ISO-27001_v2013, NIST-800-53_vRev4, PCI-DSS_v3.2.1, SOC-2_v2017, FBP (AWS & AWS GovCloud only), Custom. The following values are deprecated - CIS, CISAZURE, CISCONTROLS, CISCONTROLSAZURE, CSACCM, GDPR, GDPRAZURE, HIPAA, HIPAAAZURE, ISO27001, ISO27001AZURE, NIST, NISTAZURE, PCI, PCIAZURE, SOC2, SOC2AZURE |
baseline_id | string Scan ID of the baseline if baseline is enabled. Learn how to find a scan ID. Learn more about baselines, drift detection, and enforcement. |
remediation | boolean Indicates whether enforcement is enabled for the environment. Enforcement is supported for AWS & AWS GovCloud. Learn more about baselines, drift detection, and enforcement. |
survey_resource_types | Array of strings List of resource types surveyed for the environment ( |
remediate_resource_types | Array of strings List of resource types enforced for the environment if enforcement is enabled ( |
scan_schedule_enabled | boolean Indicates whether an environment is scanned on a schedule. Learn more about scan intervals. |
scan_interval | integer >= 300 Time in seconds between the end of one scan to the start of the next. Must also set scan_schedule_enabled to true. Learn more about scan intervals. |
id | string ID of the environment. |
tenant_id | string ID of the tenant that owns the environment. |
name | string Name of the environment. |
provider | string Enum: "aws" "aws_govcloud" "azure" "google" "repository" Name of the service provider for the environment. Values - |
object (ProviderOptions) Provider options. | |
compliance_families | Array of strings List of compliance families validated against the environment. Values - AWS-Well-Architected_v2020-07-02, CIS-AWS_v1.2.0, CIS-AWS_v1.3.0, CIS-AWS_v1.4.0, CIS-Azure_v1.1.0, CIS-Azure_v1.3.0, CIS-Docker_v1.2.0, CIS-Google_v1.1.0, CIS-Google_v1.2.0, CIS-Controls_v7.1, CSA-CCM_v3.0.1, GDPR_v2016, HIPAA_v2013, ISO-27001_v2013, NIST-800-53_vRev4, PCI-DSS_v3.2.1, SOC-2_v2017, FBP (AWS & AWS GovCloud only), Custom. The following values are deprecated - CIS, CISAZURE, CISCONTROLS, CISCONTROLSAZURE, CSACCM, GDPR, GDPRAZURE, HIPAA, HIPAAAZURE, ISO27001, ISO27001AZURE, NIST, NISTAZURE, PCI, PCIAZURE, SOC2, SOC2AZURE |
baseline_id | string Scan ID of the baseline if baseline is enabled. Learn how to find a scan ID. Learn more about baselines, drift detection, and enforcement. |
drift | boolean Indicates whether drift detection is enabled for the environment. Learn more about baselines, drift detection, and enforcement. |
remediation | boolean Indicates whether enforcement is enabled for the environment. Enforcement is supported for AWS & AWS GovCloud. Learn more about baselines, drift detection, and enforcement. |
scan_status | string Enum: "CREATED" "QUEUED" "IN_PROGRESS" "ERROR" "SUCCESS" "CANCELED" Status of the current or most recently completed scan for the environment. Values - CREATED, QUEUED, IN_PROGRESS, ERROR, SUCCESS, CANCELED |
scan_interval | integer Time in seconds between the end of one scan to the start of the next. Learn more about scan intervals. |
last_scan_at | integer When the current or most recently completed scan for the environment started, Unix time. Learn how to convert to or from Unix time in the API User Guide. |
next_scan_at | integer When the next scan will start, Unix time. Learn how to convert to or from Unix time in the API User Guide. |
survey_resource_types | Array of strings List of resource types surveyed for the environment( |
remediate_resource_types | Array of strings List of resource types enforced for the environment if enforcement is enabled ( |
scan_schedule_enabled | boolean Indicates whether the environment should have scans run on a schedule. Learn more about scan intervals. |
{- "name": "Example CI/CD - All Regions",
- "provider": "aws",
- "provider_options": {
- "aws": {
- "regions": [
- "*"
], - "role_arn": "arn:aws:iam::123456789012:role/FugueRiskManager"
}
}, - "remediation": false,
- "survey_resource_types": [
- "AWS.EC2.SecurityGroup",
- "AWS.EC2.Subnet",
- "AWS.EC2.Vpc"
], - "remediate_resource_types": [
- "AWS.EC2.SecurityGroup"
], - "scan_schedule_enabled": true,
- "scan_interval": 86400
}
{- "id": "0f14323e-9e18-4167-bfcf-fa3a627a8f44",
- "name": "Example CI/CD - All Regions",
- "provider": "aws",
- "tenant_id": "239cd8aa-aa1e-45cd-860d-f54772d43fb9",
- "provider_options": {
- "aws": {
- "regions": [
- "*"
], - "role_arn": "arn:aws:iam::123456789012:role/FugueRiskManager"
}
}, - "compliance_families": [
- "CIS-AWS_v1.3.0",
- "Custom"
], - "baseline_id": null,
- "drift": false,
- "remediation": false,
- "scan_status": "IN_PROGRESS",
- "scan_interval": 86400,
- "last_scan_at": null,
- "next_scan_at": 1594369046,
- "survey_resource_types": [
- "AWS.EC2.SecurityGroup",
- "AWS.EC2.Subnet",
- "AWS.EC2.Vpc"
], - "remediate_resource_types": [
- "AWS.EC2.SecurityGroup"
], - "scan_schedule_enabled": true
}
Deletes an environment. Example API request here.
environment_id required | string Environment ID. Learn how to find your environment ID. |
{- "type": "InvalidParameterValue",
- "message": "order_direction must be one of ['asc', 'desc']",
- "code": 400
}
Returns the rules that would be applied to this environment according to its current environment settings. Example API request here.
environment_id required | string Environment ID. |
required | Array of objects (EnvironmentRulesRule) [ items ] |
{- "items": [
- {
- "id": "FG_R00034"
}, - {
- "id": "FG_R00375"
}, - {
- "id": "FG_R00014"
}
]
}
Lists scans for an environment. Example API request here.
environment_id required | string ID of the environment to retrieve scans for. Learn how to find your environment ID. |
offset | integer >= 0 Default: 0 Number of items to skip before returning. This parameter is used when the number of items spans multiple pages. |
max_items | integer [ 1 .. 100 ] Default: 100 Maximum number of items to return. |
order_by | string Default: "created_at" Enum: "created_at" "finished_at" "updated_at" Field to sort the items by. Values - created_at, finished_at, updated_at |
order_direction | string Default: "desc" Enum: "asc" "desc" Direction to sort the items in. Values - asc, desc |
status | Array of strings Items Enum: "CREATED" "QUEUED" "IN_PROGRESS" "ERROR" "SUCCESS" "CANCELED" Status to filter by. When not specified, all statuses will be returned. Values - CREATED, QUEUED, IN_PROGRESS, ERROR, SUCCESS, CANCELED |
range_from | integer >= 0 Earliest created_at time to return scans from, Unix time. Learn how to convert to or from Unix time in the API User Guide. |
range_to | integer >= 0 Latest created_at time to return scans from, Unix time. Learn how to convert to or from Unix time in the API User Guide. |
Array of objects (Scan) [ items ] Paginated list of scans. | |
is_truncated | boolean Indicates whether there are more items at the next offset. |
next_offset | integer Next offset to use to get the next page of items. |
count | integer Total number of items. |
{- "count": 2,
- "is_truncated": false,
- "items": [
- {
- "created_at": 1594382127,
- "environment_id": "0f14323e-9e18-4167-bfcf-fa3a627a8f44",
- "finished_at": 1594382333,
- "id": "174944e3-80ca-4e1a-1234-123456789012",
- "message": null,
- "remediation_error": false,
- "status": "SUCCESS",
- "updated_at": 1594382333
}, - {
- "created_at": 1594369046,
- "environment_id": "0f14323e-9e18-4167-bfcf-fa3a627a8f44",
- "finished_at": 1594369180,
- "id": "05b0c732-7da6-49e2-1234-123456789012",
- "message": null,
- "remediation_error": false,
- "status": "SUCCESS",
- "updated_at": 1594369180
}
], - "next_offset": null
}
Creates and triggers a new environment scan. Example API request here. Learn more about manually initiating a scan.
environment_id required | string ID of the environment to scan. Learn how to find your environment ID. |
id | string ID of the scan. |
environment_id | string ID of the environment the scan belongs to. |
created_at | integer When the scan was created, Unix time. Learn how to convert to or from Unix time in the API User Guide. |
updated_at | integer When the scan was last updated, Unix time. Learn how to convert to or from Unix time in the API User Guide. |
finished_at | integer When the scan was finished, Unix time. Learn how to convert to or from Unix time in the API User Guide. |
status | string Enum: "CREATED" "QUEUED" "IN_PROGRESS" "ERROR" "SUCCESS" "CANCELED" Status of the scan. Values - CREATED, QUEUED, IN_PROGRESS, ERROR, SUCCESS, CANCELED |
message | string Message related to the scan. |
remediation_error | boolean Indicates whether there were any enforcement errors on the scan. |
{- "created_at": 1594382127,
- "environment_id": "0f14323e-9e18-4167-bfcf-fa3a627a8f44",
- "finished_at": null,
- "id": "174944e3-80ca-4e1a-1234-123456789012",
- "message": null,
- "remediation_error": false,
- "status": "IN_PROGRESS",
- "updated_at": 1594382129
}
Retrieves details for a scan. Example API request here.
scan_id required | string Scan ID. Learn how to find your scan ID. |
id | string ID of the scan. |
environment_id | string ID of the environment the scan belongs to. |
created_at | integer When the scan was created, Unix time. Learn how to convert to or from Unix time in the API User Guide. |
updated_at | integer When the scan was last updated, Unix time. Learn how to convert to or from Unix time in the API User Guide. |
finished_at | integer When the scan was finished, Unix time. Learn how to convert to or from Unix time in the API User Guide. |
status | string Enum: "CREATED" "QUEUED" "IN_PROGRESS" "ERROR" "SUCCESS" "CANCELED" Status of the scan. Values - CREATED, QUEUED, IN_PROGRESS, ERROR, SUCCESS, CANCELED |
message | string Message related to the scan. |
remediation_error | boolean Indicates whether there were any enforcement errors on the scan. |
object (ResourceSummary) Summary of resources for a scan. | |
Array of objects[ items ] |
{- "created_at": 1594382127,
- "environment_id": "0f14323e-9e18-4167-bfcf-fa3a627a8f44",
- "finished_at": 1594382333,
- "id": "174944e3-80ca-4e1a-1234-123456789012",
- "message": null,
- "remediation_error": false,
- "resource_summary": {
- "compliant": 121,
- "families": [
- {
- "compliant": 58,
- "family": "CIS-AWS_v1.3.0",
- "noncompliant": 18,
- "rules_failed": 1,
- "rules_passed": 42
}, - {
- "compliant": 52,
- "family": "Custom",
- "noncompliant": 0,
- "rules_failed": 0,
- "rules_passed": 4
}
], - "noncompliant": 18,
- "resource_types": 3,
- "rules_failed": 1,
- "rules_passed": 46,
- "total": 139
}, - "resource_type_errors": [ ],
- "status": "SUCCESS",
- "updated_at": 1594382333
}
Lists compliance results by control for a scan. Example API request here. Learn about rules and controls here.
scan_id required | string Scan ID. Learn how to find your scan ID. |
offset | integer >= 0 Default: 0 Number of items to skip before returning. This parameter is used when the number of items spans multiple pages. |
max_items | integer [ 1 .. 100 ] Default: 100 Maximum number of items to return. |
family | Array of strings Compliance family to filter by. When not specified, all compliance families will be returned. Values - AWS-Well-Architected_v2020-07-02, CIS-AWS_v1.2.0, CIS-AWS_v1.3.0, CIS-AWS_v1.4.0, CIS-Azure_v1.1.0, CIS-Azure_v1.3.0, CIS-Docker_v1.2.0, CIS-Google_v1.1.0, CIS-Google_v1.2.0, CIS-Controls_v7.1, CSA-CCM_v3.0.1, GDPR_v2016, HIPAA_v2013, ISO-27001_v2013, NIST-800-53_vRev4, PCI-DSS_v3.2.1, SOC-2_v2017, FBP (AWS & AWS GovCloud only), Custom. The following values are deprecated - CIS, CISAZURE, CISCONTROLS, CISCONTROLSAZURE, CSACCM, GDPR, GDPRAZURE, HIPAA, HIPAAAZURE, ISO27001, ISO27001AZURE, NIST, NISTAZURE, PCI, PCIAZURE, SOC2, SOC2AZURE |
result | Array of strings Items Enum: "PASS" "FAIL" "UNKNOWN" Control result to filter by. When not specified, all results will be returned. Note that in the API, a MISSING DATA state is referred to as UNKNOWN. Values - PASS, FAIL, UNKNOWN |
Array of objects (ComplianceByRule) [ items ] Paginated list of compliance controls and results for a scan. | |
is_truncated | boolean Indicates whether there are more items at the next offset. |
next_offset | integer Next offset to use to get the next page of items. |
count | integer Total number of items. |
{- "count": 3,
- "is_truncated": false,
- "items": [
- {
- "failed_resource_types": [ ],
- "failed_resources": [ ],
- "family": "CIS-AWS_v1.3.0",
- "result": "UNKNOWN",
- "rule": "CIS-AWS_v1.3.0_3.9",
- "unsurveyed_resource_types": [
- "AWS.EC2.FlowLog"
]
}, - {
- "failed_resource_types": [ ],
- "failed_resources": [
- {
- "messages": [
- "VPC default security group should restrict all traffic. Configuring all VPC default security groups to restrict all traffic encourages least privilege security group development and mindful placement of AWS resources into security groups which in turn reduces the exposure of those resources."
], - "resource": {
- "resource_id": "vpc-3bd7abcd",
- "resource_type": "AWS.EC2.Vpc"
}
}
], - "family": "CIS-AWS_v1.3.0",
- "result": "FAIL",
- "rule": "CIS-AWS_v1.3.0_5.3",
- "unsurveyed_resource_types": [ ]
}, - {
- "failed_resource_types": [ ],
- "failed_resources": [ ],
- "family": "CUSTOM",
- "result": "PASS",
- "rule": "AWS.EC2.SecurityGroup-NoIngressPort9200",
- "unsurveyed_resource_types": [ ]
}
], - "next_offset": null
}
Lists compliance results by resource type for a scan. Example API request here.
scan_id required | string Scan ID. Learn how to find your scan ID. |
offset | integer >= 0 Default: 0 Number of items to skip before returning. This parameter is used when the number of items spans multiple pages. |
max_items | integer [ 1 .. 100 ] Default: 100 Maximum number of items to return. |
resource_type | Array of strings Resource types to filter by. When not specified, all resource types will be returned. Find resource types with GET /metadata/{provider}/resource_types or see our service coverage pages for AWS & AWS GovCloud and Azure & Azure Government. |
family | Array of strings Compliance family to filter by. When not specified, all compliance families will be returned. Values - AWS-Well-Architected_v2020-07-02, CIS-AWS_v1.2.0, CIS-AWS_v1.3.0, CIS-AWS_v1.4.0, CIS-Azure_v1.1.0, CIS-Azure_v1.3.0, CIS-Docker_v1.2.0, CIS-Google_v1.1.0, CIS-Google_v1.2.0, CIS-Controls_v7.1, CSA-CCM_v3.0.1, GDPR_v2016, HIPAA_v2013, ISO-27001_v2013, NIST-800-53_vRev4, PCI-DSS_v3.2.1, SOC-2_v2017, FBP (AWS & AWS GovCloud only), Custom. The following values are deprecated - CIS, CISAZURE, CISCONTROLS, CISCONTROLSAZURE, CSACCM, GDPR, GDPRAZURE, HIPAA, HIPAAAZURE, ISO27001, ISO27001AZURE, NIST, NISTAZURE, PCI, PCIAZURE, SOC2, SOC2AZURE |
Array of objects (ComplianceByResourceType) [ items ] Paginated list of compliance results grouped by resource type. | |
is_truncated | boolean Indicates whether there are more items at the next offset. |
next_offset | integer Next offset to use to get the next page of items. |
count | integer Total number of items. |
{- "items": [
- {
- "resource_type": "AWS.EC2.SecurityGroup",
- "total": 4,
- "compliant": 0,
- "noncompliant": [
- {
- "resource_id": "sg-01da649ce15071b15",
- "failed_rules": [
- {
- "family": "HIPAA",
- "rule": "§164.308(a)(1)(ii)(D)",
- "messages": [
- "Ingress from 0.0.0.0/0 cannot include port 22."
]
}
]
}
]
}
], - "is_truncated": true,
- "next_offset": 10,
- "count": 40
}
Lists drift, enforcement, and compliance events for an environment. Example API request here.
environment_id required | string Environment ID. Learn how to find your environment ID. |
offset | integer >= 0 Default: 0 Number of items to skip before returning. This parameter is used when the number of items spans multiple pages. |
max_items | integer [ 1 .. 100 ] Default: 100 Maximum number of items to return. |
range_from | integer Earliest created_at time to return events from, Unix time. Learn how to convert to or from Unix time in the API User Guide. Supports relative time offsets in seconds; for example, to retrieve events from the last 24 hours, enter -86400. |
range_to | integer Latest created_at time to return events from, Unix time. Learn how to convert to or from Unix time in the API User Guide. Supports relative time offsets in seconds; for example, to retrieve events between one and two hours ago, set |
event_type | Array of strings Items Enum: "DRIFT" "REMEDIATION" "COMPLIANCE" Event type to filter by. When not specified, all event types will be returned. Values - DRIFT, REMEDIATION, COMPLIANCE |
change | Array of strings Items Enum: "ADDED" "MODIFIED" "REMOVED" Filter drift or enforcement results for an event by type of change. When not specified, all change types will be returned. Values - ADDED, MODIFIED, REMOVED |
remediated | Array of strings Items Enum: "SUCCESS" "FAIL" Filter enforcement results for an event by SUCCESS or FAIL. When not specified, all enforcement results will be returned. |
resource_type | Array of strings Resource types in the event to filter by. When not specified, all resource types will be returned. Find resource types with GET /metadata/{provider}/resource_types or see our service coverage pages for AWS & AWS GovCloud and Azure & Azure Government. |
Array of objects (Event) [ items ] Paginated list of events. | |
is_truncated | boolean Indicates whether there are more items at the next offset. |
next_offset | integer Next offset to use to get the next page of items. |
count | integer Total number of items. DEPRECATED: This property no longer returns accurate counts when filters are applied and will be removed in future API versions |
{- "count": 3,
- "is_truncated": true,
- "items": [
- {
- "created_at": 1593069638,
- "error": null,
- "event_type": "DRIFT",
- "id": "5a0e133a-a50f-419c-ba6b-71a6a0479857-0",
- "resource_diff": {
- "attributes": [ ],
- "change": "REMOVED",
- "resource_id": "sg-00e9eb384fe29abcd",
- "resource_type": "AWS.EC2.SecurityGroup"
}
}, - {
- "compliance_diff": {
- "new_state": "NONCOMPLIANT",
- "old_state": null,
- "resource_id": "vpc-6b8eabcd",
- "resource_type": "AWS.EC2.Vpc",
- "rules": [
- {
- "compliance_families": [
- "CIS-AWS_v1.3.0"
], - "controls": [
- "CIS-AWS_v1.3.0_5.3"
], - "new_message": "VPC default security group should restrict all traffic. Configuring all VPC default security groups to restrict all traffic encourages least privilege security group development and mindful placement of AWS resources into security groups which in turn reduces the exposure of those resources.",
- "new_state": "FAIL",
- "new_waived": false,
- "old_message": "",
- "old_state": null,
- "old_waived": false,
- "summary": "VPC default security group should restrict all traffic. Configuring all VPC default security groups to restrict all traffic encourages least privilege security group development and mindful placement of AWS resources into security groups which in turn reduces the exposure of those resources."
}, - {
- "compliance_families": [
- "CIS-AWS_v1.3.0"
], - "controls": [
- "CIS-AWS_v1.3.0_3.9"
], - "new_message": "",
- "new_state": "UNKNOWN",
- "new_waived": false,
- "old_message": "",
- "old_state": null,
- "old_waived": false,
- "summary": "VPC flow logging should be enabled. AWS VPC Flow Logs provide visibility into network traffic that traverses the AWS VPC. Users can use the flow logs to detect anomalous traffic or insight during security workflows."
}
]
}, - "created_at": 1587093899,
- "error": null,
- "event_type": "COMPLIANCE",
- "id": "dc0a21a9-ba5b-47a3-1234-123456789012-10"
}, - {
- "created_at": 1583630501,
- "error": null,
- "event_type": "DRIFT",
- "id": "82adf420-5546-4812-1234-123456789012-0",
- "resource_diff": {
- "attributes": [
- {
- "attr_type": "UNKNOWN",
- "name": "tags.Name",
- "new": "my-fugue-cicd-vpc-1",
- "old": "my-fugue-cicd-vpc",
- "removed": null,
- "requires_new": null,
- "sensitive": null
}
], - "change": "MODIFIED",
- "resource_id": "vpc-0da1f0c0e8a3eabcd",
- "resource_type": "AWS.EC2.Vpc"
}
}
], - "next_offset": 0
}
Returns the OpenAPI 2.0 specification for this API. Example API request here.
{ }
Returns a user-friendly interface for the OpenAPI 2.0 specification for this API. Note - Users should visit the Swagger UI instead.
Access-Control-Allow-Headers | string |
Access-Control-Allow-Methods | string |
Access-Control-Allow-Origin | string |
Content-Type | string |
Returns the permissions required to survey and enforce resources (aws and aws_govcloud only). Example API request here.
provider required | string Enum: "aws" "aws_govcloud" Name of the cloud provider. Values - aws, aws_govcloud |
List of resource types to be able to survey and enforce. Find resource types with GET /metadata/{provider}/resource_types or see Service Coverage.
survey_resource_types | Array of strings List of resource types to be able to survey. Find resource types with GET /metadata/{provider}/resource_types or see Service Coverage. |
remediate_resource_types | Array of strings List of resource types to be able to enforce. Find resource types with GET /metadata/{provider}/resource_types or see Service Coverage. |
object (PermissionsAws) AWS and AWS GovCloud IAM policy required for surveying and enforcing the desired resource types. |
{- "survey_resource_types": [
- "AWS.DynamoDB.Table",
- "AWS.EC2.SecurityGroup",
- "AWS.EC2.Vpc",
- "AWS.S3.Bucket"
], - "remediate_resource_types": [
- "AWS.EC2.SecurityGroup",
- "AWS.S3.Bucket"
]
}
{- "aws": {
- "policy": {
- "Statement": [
- {
- "Action": [
- "dynamodb:DescribeContinuousBackups",
- "dynamodb:DescribeTable",
- "dynamodb:DescribeTimeToLive",
- "dynamodb:ListTables",
- "dynamodb:ListTagsOfResource",
- "ec2:AuthorizeSecurityGroupEgress",
- "ec2:AuthorizeSecurityGroupIngress",
- "ec2:CreateTags",
- "ec2:DeleteTags",
- "ec2:DescribeNetworkAcls",
- "ec2:DescribeRouteTables",
- "ec2:DescribeSecurityGroups",
- "ec2:DescribeVpcAttribute",
- "ec2:DescribeVpcClassicLink",
- "ec2:DescribeVpcClassicLinkDnsSupport",
- "ec2:DescribeVpcs",
- "ec2:RevokeSecurityGroupEgress",
- "ec2:RevokeSecurityGroupIngress",
- "s3:DeleteBucketPolicy",
- "s3:DeleteBucketWebsite",
- "s3:GetAccelerateConfiguration",
- "s3:GetBucketACL",
- "s3:GetBucketCors",
- "s3:GetBucketLocation",
- "s3:GetBucketLogging",
- "s3:GetBucketObjectLockConfiguration",
- "s3:GetBucketPolicy",
- "s3:GetBucketRequestPayment",
- "s3:GetBucketTagging",
- "s3:GetBucketVersioning",
- "s3:GetBucketWebsite",
- "s3:GetEncryptionConfiguration",
- "s3:GetLifecycleConfiguration",
- "s3:GetReplicationConfiguration",
- "s3:ListAllMyBuckets",
- "s3:PutAccelerateConfiguration",
- "s3:PutBucketAcl",
- "s3:PutBucketCors",
- "s3:PutBucketLogging",
- "s3:PutBucketPolicy",
- "s3:PutBucketRequestPayment",
- "s3:PutBucketTagging",
- "s3:PutBucketVersioning",
- "s3:PutBucketWebsite",
- "s3:PutEncryptionConfiguration",
- "s3:PutLifecycleConfiguration",
- "s3:PutReplicationConfiguration"
], - "Effect": "Allow",
- "Resource": "*",
- "Sid": "0"
}
], - "Version": "2012-10-17"
}, - "trust_relationship": {
- "Statement": [
- {
- "Action": "sts:AssumeRole",
- "Condition": {
- "StringEquals": {
- "sts:ExternalId": "83425ef2a965eaeaa8951650d156612ed24108f1234567890123456789012345"
}
}, - "Effect": "Allow",
- "Principal": {
- "AWS": "arn:aws:iam::370134896156:role/generate-credentials"
}
}
], - "Version": "2012-10-17"
}
}
}
Lists the resource types supported by Fugue. Example API request here.
provider required | string Enum: "aws" "aws_govcloud" "azure" "google" Name of the cloud provider. Values - |
region | string The AWS region for which to return resource types. Required if provider is aws or aws_govcloud. Values - see API User Guide |
beta_resources | boolean Indicates whether resource types in beta will be returned. |
resource_types | Array of strings List of resource types supported by Fugue. |
recommended_types | Array of strings List of Fugue-recommended resource types (aws and aws_govcloud only) |
{- "resource_types": [
- "Azure.Automation.Account",
- "Azure.Automation.Credential",
- "Azure.Automation.Schedule",
- "Azure.Cdn.Profile",
- "Azure.Compute.AvailabilitySet",
- "Azure.Compute.Image",
- "Azure.Compute.ManagedDisk",
- "Azure.Compute.SharedImageGallery",
- "Azure.Compute.Snapshot",
- "Azure.Compute.VirtualMachine",
- "Azure.Compute.VirtualMachineScaleSet",
- "Azure.Container.Group",
- "Azure.Container.Registry",
- "Azure.Databricks.Workspace",
- "Azure.KeyVault.Vault",
- "Azure.MySQL.Database",
- "Azure.MySQL.FirewallRule",
- "Azure.MySQL.Server",
- "Azure.MySQL.VirtualNetworkRule",
- "Azure.Network.ApplicationGateway",
- "Azure.Network.ApplicationSecurityGroup",
- "Azure.Network.DDoSProtectionPlan",
- "Azure.Network.DNSZone",
- "Azure.Network.Firewall",
- "Azure.Network.LoadBalancer",
- "Azure.Network.LocalNetworkGateway",
- "Azure.Network.NetworkInterface",
- "Azure.Network.NetworkSecurityGroup",
- "Azure.Network.NetworkSecurityRule",
- "Azure.Network.NetworkWatcher",
- "Azure.Network.PublicIPAddress",
- "Azure.Network.RouteTable",
- "Azure.Network.Subnet",
- "Azure.Network.VirtualNetwork",
- "Azure.Network.VirtualNetworkGateway",
- "Azure.Network.VirtualNetworkGatewayConnection",
- "Azure.PostgreSQL.Database",
- "Azure.PostgreSQL.FirewallRule",
- "Azure.PostgreSQL.Server",
- "Azure.PostgreSQL.VirtualNetworkRule",
- "Azure.Resources.ResourceGroup",
- "Azure.SQL.Database",
- "Azure.SQL.ElasticPool",
- "Azure.SQL.FirewallRule",
- "Azure.SQL.Server",
- "Azure.SQL.VirtualNetworkRule",
- "Azure.Storage.Account"
], - "recommended_types": [ ]
}
Lists details for all notifications. Example API request here. Learn more about notifications.
offset | integer >= 0 Default: 0 Number of items to skip before returning. This parameter is used when the number of items spans multiple pages. |
max_items | integer [ 1 .. 100 ] Default: 100 Maximum number of items to return. |
count | integer Count of all found notifications. |
next_offset | integer Next offset to use to get the next page of items. |
is_truncated | boolean Indicates whether there are more items at the next offset. |
Array of objects (Notification) [ items ] List of notification configurations. |
{- "count": 2,
- "next_offset": 0,
- "is_truncated": false,
- "items": [
- {
- "created_at": 1594393043.564002,
- "created_by": "api_client:61ae1bed-1b6f-4829-1234-123456789012",
- "emails": [
- "email1@example.com",
- "email2@example.com"
], - "environments": {
- "0f14323e-9e18-4167-bfcf-fa3a627a8f44": "Example CI/CD - All Regions",
- "fb578bdf-ed81-4782-1234-123456789012": "Azure Dev Test"
}, - "events": [
- "drift"
], - "last_error": null,
- "name": "Drift - Dev Environments",
- "notification_id": "d045aea7-a628-4a1c-1234-123456789012",
- "topic_arn": "arn:aws:sns:us-east-1:123456789012:FugueProdTopic",
- "updated_at": null,
- "updated_by": null
}, - {
- "created_at": 1574290424,
- "created_by": "owner:c4471a5a-52b4-4121-1234-123456789012",
- "emails": [
- "email@example.com"
], - "environments": {
- "2d19968b-e527-4672-1234-123456789012": "AWS GovCloud Dev",
- "d66a951b-3c2b-4a92-1234-123456789012": "All AWS Regions - Prod",
- "f144531c-45e1-4442-1234-123456789012": "Example Azure"
}, - "events": [
- "drift",
- "compliance",
- "remediation"
], - "last_error": null,
- "name": "NOTIFY ALL THE THINGS",
- "notification_id": "c29c89c3-035f-4403-1234-123456789012",
- "topic_arn": "arn:aws:sns:us-west-2:123456789012:FugueSNSTopic",
- "updated_at": 1590530333,
- "updated_by": "owner:c4471a5a-52b4-4121-1234-123456789012"
}
]
}
Creates a new notification. Example API request here. If you want the notification to use a manually created SNS topic, update the topic's access policy with the access policy here and replace the variables with your own region, account ID, and topic name. Learn more about notifications.
Configuration options for the new notification.
name | string Human readable name of the notification. |
events | Array of strings List of events the notification is triggered on. Values - compliance, drift, remediation |
environments | Array of strings List of environment IDs the notification is attached to. Learn how to find environment IDs. |
emails | Array of strings List of email addresses the notification is delivered to. |
topic_arn | string AWS SNS topic ARN the notification is delivered to. Copy the SNS topic access policy here and replace the variables with your own region, account ID, and topic name. |
notification_id | string ID of the notification. |
name | string Human readable name of the notification. |
events | Array of strings List of events the notification is triggered on. Values - compliance, drift, remediation |
Array of objects[ items ] The corresponding environment IDs and names the notification is attached to. | |
emails | Array of strings List of email addresses the notification is delivered to. |
topic_arn | string AWS SNS topic ARN the notification is delivered to. Learn about the SNS topic and its access policy here. |
last_error | string Last error recorded while processing notification. If the last notification processed had no error this field will be empty. |
created_by | string Internal ID of the principal that created the notification. |
created_at | integer When the notification was created, Unix time. Learn how to convert to or from Unix time in the API User Guide. |
updated_by | string Internal ID of the principal that last updated the notification. |
updated_at | integer When the notification was last updated, Unix time. Learn how to convert to or from Unix time in the API User Guide. |
{- "name": "Drift - Dev Environments",
- "events": [
- "drift"
], - "environments": [
- "0f14323e-9e18-4167-bfcf-fa3a627a8f44",
- "fb578bdf-ed81-4782-1234-123456789012"
], - "emails": [
- "email1@example.com",
- "email2@example.com"
], - "topic_arn": "arn:aws:sns:us-east-1:123456789012:FugueProdTopic"
}
{- "created_at": 1594393043.564002,
- "created_by": "api_client:61ae1bed-1b6f-4829-1234-123456789012",
- "emails": [
- "email1@example.com",
- "email2@example.com"
], - "environments": {
- "0f14323e-9e18-4167-bfcf-fa3a627a8f44": "Example CI/CD - All Regions",
- "fb578bdf-ed81-4782-1234-123456789012": "Azure Dev Test"
}, - "events": [
- "drift"
], - "last_error": null,
- "name": "Drift - Dev Environments",
- "notification_id": "d045aea7-a628-4a1c-1234-123456789012",
- "topic_arn": "arn:aws:sns:us-east-1:123456789012:FugueProdTopic",
- "updated_at": null,
- "updated_by": null
}
Updates an existing notification. Example API request here. If you want the notification to use a manually created SNS topic, update the topic's access policy with the access policy here and replace the variables with your own region, account ID, and topic name. Learn more about notifications.
notification_id required | string Notification ID. Find your notification ID via GET /notifications. |
New configuration options for the notification.
name | string Human readable name of the notification. |
events | Array of strings List of events the notification is triggered on. Values - compliance, drift, remediation |
environments | Array of strings List of environment IDs the notification is attached to. Learn how to find environment IDs. |
emails | Array of strings List of email addresses the notification is delivered to. |
topic_arn | string AWS SNS topic ARN the notification is delivered to. Copy the SNS topic access policy here and replace the variables with your own region, account ID, and topic name. |
notification_id | string ID of the notification. |
name | string Human readable name of the notification. |
events | Array of strings List of events the notification is triggered on. Values - compliance, drift, remediation |
Array of objects[ items ] The corresponding environment IDs and names the notification is attached to. | |
emails | Array of strings List of email addresses the notification is delivered to. |
topic_arn | string AWS SNS topic ARN the notification is delivered to. Learn about the SNS topic and its access policy here. |
last_error | string Last error recorded while processing notification. If the last notification processed had no error this field will be empty. |
created_by | string Internal ID of the principal that created the notification. |
created_at | integer When the notification was created, Unix time. Learn how to convert to or from Unix time in the API User Guide. |
updated_by | string Internal ID of the principal that last updated the notification. |
updated_at | integer When the notification was last updated, Unix time. Learn how to convert to or from Unix time in the API User Guide. |
{- "name": "Drift - Dev Environments",
- "events": [
- "drift"
], - "environments": [
- "0f14323e-9e18-4167-bfcf-fa3a627a8f44",
- "fb578bdf-ed81-4782-1234-123456789012"
], - "emails": [
- "email1@example.com",
- "email2@example.com"
], - "topic_arn": "arn:aws:sns:us-east-1:123456789012:FugueProdTopic"
}
{- "created_at": 1594393043.564002,
- "created_by": "api_client:61ae1bed-1b6f-4829-1234-123456789012",
- "emails": [
- "email1@example.com",
- "email2@example.com"
], - "environments": {
- "0f14323e-9e18-4167-bfcf-fa3a627a8f44": "Example CI/CD - All Regions",
- "fb578bdf-ed81-4782-1234-123456789012": "Azure Dev Test"
}, - "events": [
- "drift"
], - "last_error": null,
- "name": "Drift - Dev Environments",
- "notification_id": "d045aea7-a628-4a1c-1234-123456789012",
- "topic_arn": "arn:aws:sns:us-east-1:123456789012:FugueProdTopic",
- "updated_at": null,
- "updated_by": null
}
Deletes a notification. Example API request here. Learn more about notifications.
notification_id required | string Notification ID. Find your notification ID via GET /notifications. |
{- "type": "InvalidParameterValue",
- "message": "order_direction must be one of ['asc', 'desc']",
- "code": 400
}
Create a new custom rule. Example API request here. Learn more about custom rules.
Configuration options for the new custom rule.
name | string Human readable name of the custom rule. |
source | string Enum: "FUGUE" "CUSTOM" The origin of this rule. Values - CUSTOM (the FUGUE value is for internal use only) |
description | string Description of the custom rule |
provider | string Enum: "AWS" "AWS_GOVCLOUD" "AZURE" "GOOGLE" Provider of the custom rule. Deprecated; please use "providers" |
providers | Array of strings Items Enum: "AWS" "AWS_GOVCLOUD" "AZURE" "GOOGLE" "REPOSITORY" Providers for the custom rule. Values - |
severity | string Enum: "Informational" "Low" "Medium" "High" "Critical" Severity level of the custom rule. See Rule Severity Definitions. Default - High. Values - Informational, Low, Medium, High, Critical |
resource_type | string Resource type to which the custom rule applies. Find resource types with GET /metadata/{provider}/resource_types or see our service coverage pages for AWS & AWS GovCloud and Azure & Azure Government. Advanced rules must use the value |
rule_text | string The Rego source code for the rule. |
id | string ID of the custom rule. |
name | string Human readable name of the custom rule. |
source | string Value: "CUSTOM" The origin of this rule. Values - CUSTOM |
description | string Description of the custom rule. |
provider | string Enum: "AWS" "AWS_GOVCLOUD" "AZURE" "GOOGLE" Provider of the custom rule. Deprecated; please use "providers" |
providers | Array of strings Items Enum: "AWS" "AWS_GOVCLOUD" "AZURE" "GOOGLE" "REPOSITORY" Providers for the custom rule. Values - |
resource_type | string Resource type to which the custom rule applies. Find resource types with GET /metadata/{provider}/resource_types or see our service coverage pages for AWS & AWS GovCloud and Azure & Azure Government. |
tf_resource_type | string Terraform resource type corresponding to resource_type. |
severity | string Enum: "Informational" "Low" "Medium" "High" "Critical" Severity level of the custom rule. See Rule Severity Definitions. Values - Informational, Low, Medium, High, Critical |
compliance_controls | Array of strings Compliance controls to which the custom rule belongs. |
families | Array of strings Families to which the custom rule belongs. |
status | string Enum: "ENABLED" "DISABLED" "INVALID" The current status of the rule. Values - ENABLED, DISABLED, INVALID |
rule_text | string The Rego source code for the rule. |
created_by | string Principal that created the rule. |
created_by_display_name | string Display name of the user that created the rule. |
created_at | integer The date and time the rule was created, Unix time. Learn how to convert to or from Unix time in the API User Guide. |
updated_by | string Principal that last updated the rule. |
updated_by_display_name | string Display name of the user that last updated the rule. |
updated_at | integer The date and time the rule was last updated, Unix time. Learn how to convert to or from Unix time in the API User Guide. |
Array of objects (CustomRuleError) [ items ] Syntax errors in the rego source code. |
{- "name": "Azure VMs should be in availability sets",
- "source": "CUSTOM",
- "description": "Azure Virtual Machines should be in availability sets. Deploying VMs in availability sets promotes redundancy of data.",
- "providers": [
- "AZURE"
], - "resource_type": "Azure.Compute.VirtualMachine",
- "rule_text": "allow { startswith(input.availability_set_id, '/') }",
- "severity": "High"
}
{- "compliance_controls": [
- "6377b798-2eee-4456-1234-123456789012"
], - "created_at": 1594402088,
- "created_by": "api_client:61ae1bed-1b6f-4829-1234-123456789012",
- "created_by_display_name": null,
- "description": "Azure Virtual Machines should be in availability sets. Deploying VMs in availability sets promotes redundancy of data.",
- "errors": null,
- "id": "1851db33-1afb-4934-1234-123456789012",
- "name": "Azure VMs should be in availability sets",
- "provider": "AZURE",
- "providers": [
- "AZURE"
], - "resource_type": "Azure.Compute.VirtualMachine",
- "rule_text": "allow { startswith(input.availability_set_id, '/') }",
- "severity": "High",
- "source": "CUSTOM",
- "status": "ENABLED",
- "tf_resource_type": "azurerm_virtual_machine",
- "updated_at": null,
- "updated_by": null,
- "updated_by_display_name": null
}
Returns a list of custom rules. Example API request here. Learn more about custom rules.
offset | integer >= 0 Default: 0 Number of items to skip before returning. This parameter is used when the number of items spans multiple pages. |
max_items | integer [ 1 .. 100 ] Default: 100 Maximum number of items to return. |
status | string Enum: "ENABLED" "DISABLED" "INVALID" Filter on rule status. |
query | string [ 2 .. 1800 ] characters A stringified JSON array of search parameters. |
count | integer Total number of custom rules. |
next_offset | integer Next offset to use to get the next page of items. |
is_truncated | boolean Indicates whether there are more items at the next offset. |
Array of objects (CustomRule) [ items ] List of custom rules. |
{- "count": 2,
- "is_truncated": false,
- "items": [
- {
- "compliance_controls": [
- "6377b798-2eee-4456-1234-123456789012"
], - "created_at": 1594402091,
- "created_by": "api_client:61ae1bed-1b6f-4829-1234-123456789012",
- "created_by_display_name": null,
- "description": "Azure Virtual Machines should be in availability sets. Deploying VMs in availability sets promotes redundancy of data.",
- "id": "1851db33-1afb-4934-1234-123456789012",
- "families": [
- "3bf3c24b-7859-431a-b1aa-395d896e8bce",
- "Custom"
], - "name": "Azure VMs should be in availability sets",
- "provider": "AZURE",
- "providers": [
- "AZURE"
], - "resource_type": "Azure.Compute.VirtualMachine",
- "rule_text": "allow { startswith(input.availability_set_id, '/') }",
- "severity": "Medium",
- "source": "CUSTOM",
- "status": "ENABLED",
- "tf_resource_type": "azurerm_virtual_machine",
- "updated_at": null,
- "updated_by": null,
- "updated_by_display_name": null
}, - {
- "compliance_controls": [
- "e66674ae-3d81-428e-1234-123456789012"
], - "created_at": 1588103281,
- "created_by": "api_client:61ae1bed-1b6f-4829-1234-123456789012",
- "created_by_display_name": null,
- "description": "All Google projects are required to have a default audit log configuration",
- "id": "2e0895e3-1f4d-4a90-1234-123456789012",
- "families": [
- "Custom"
], - "name": "Google projects should have a default audit log config",
- "provider": "GOOGLE",
- "providers": [
- "GOOGLE",
- "REPOSITORY"
], - "resource_type": "DEFINED_IN_CODE",
- "rule_text": "package rules.google_default_audit_log_config\nimport data.fugue\n\ninput_type = \"tf\"\n\nresource_type = \"MULTIPLE\"\n\nconfigs = fugue.resources(\"google_project_iam_audit_config\")\n\npolicy[r] {\n config = configs[_]\n r = fugue.allow_resource(config)\n} {\n count(configs) == 0\n r = fugue.missing_resource(\"google_project_iam_audit_config\")\n}",
- "severity": "High",
- "source": "CUSTOM",
- "status": "ENABLED",
- "tf_resource_type": null,
- "updated_at": null,
- "updated_by": null,
- "updated_by_display_name": null
}
], - "next_offset": null
}
Retrieves details on a single custom rule. Example API request here. Learn more about custom rules.
rule_id required | string The ID of the rule to get. |
id | string ID of the custom rule. |
name | string Human readable name of the custom rule. |
source | string Value: "CUSTOM" The origin of this rule. Values - CUSTOM |
description | string Description of the custom rule. |
provider | string Enum: "AWS" "AWS_GOVCLOUD" "AZURE" "GOOGLE" Provider of the custom rule. Deprecated; please use "providers" |
providers | Array of strings Items Enum: "AWS" "AWS_GOVCLOUD" "AZURE" "GOOGLE" "REPOSITORY" Providers for the custom rule. Values - |
resource_type | string Resource type to which the custom rule applies. Find resource types with GET /metadata/{provider}/resource_types or see our service coverage pages for AWS & AWS GovCloud and Azure & Azure Government. |
tf_resource_type | string Terraform resource type corresponding to resource_type. |
severity | string Enum: "Informational" "Low" "Medium" "High" "Critical" Severity level of the custom rule. See Rule Severity Definitions. Values - Informational, Low, Medium, High, Critical |
compliance_controls | Array of strings Compliance controls to which the custom rule belongs. |
families | Array of strings Families to which the custom rule belongs. |
status | string Enum: "ENABLED" "DISABLED" "INVALID" The current status of the rule. Values - ENABLED, DISABLED, INVALID |
rule_text | string The Rego source code for the rule. |
created_by | string Principal that created the rule. |
created_by_display_name | string Display name of the user that created the rule. |
created_at | integer The date and time the rule was created, Unix time. Learn how to convert to or from Unix time in the API User Guide. |
updated_by | string Principal that last updated the rule. |
updated_by_display_name | string Display name of the user that last updated the rule. |
updated_at | integer The date and time the rule was last updated, Unix time. Learn how to convert to or from Unix time in the API User Guide. |
{- "compliance_controls": [
- "6377b798-2eee-4456-1234-123456789012"
], - "created_at": 1594402091,
- "created_by": "api_client:61ae1bed-1b6f-4829-1234-123456789012",
- "created_by_display_name": null,
- "description": "Azure Virtual Machines should be in availability sets. Deploying VMs in availability sets promotes redundancy of data.",
- "id": "1851db33-1afb-4934-1234-123456789012",
- "families": [
- "3bf3c24b-7859-431a-b1aa-395d896e8bce",
- "Custom"
], - "name": "Azure VMs should be in availability sets",
- "provider": "AZURE",
- "providers": [
- "AZURE"
], - "resource_type": "Azure.Compute.VirtualMachine",
- "rule_text": "allow { startswith(input.availability_set_id, '/') }",
- "severity": "High",
- "source": "CUSTOM",
- "status": "ENABLED",
- "tf_resource_type": "azurerm_virtual_machine",
- "updated_at": null,
- "updated_by": null,
- "updated_by_display_name": null
}
Updates configuration of a custom rule. Example API request here. Learn more about custom rules.
rule_id required | string The ID of the rule to update. |
New configuration options for the custom rule.
name | string Human readable name of the custom rule. |
description | string Description of the custom rule. |
providers | Array of strings Items Enum: "AWS" "AWS_GOVCLOUD" "AZURE" "GOOGLE" "REPOSITORY" Providers for the custom rule. Values - |
status | string Enum: "ENABLED" "DISABLED" Status of the custom rule. Values - ENABLED, DISABLED |
resource_type required | string REQUIRED. Resource type to which the custom rule applies. Find resource types with GET /metadata/{provider}/resource_types or see our service coverage pages for AWS & AWS GovCloud and Azure & Azure Government. Advanced rules must use the value |
rule_text required | string REQUIRED. Rego code used by the rule. |
severity | string Enum: "Informational" "Low" "Medium" "High" "Critical" Severity level of the custom rule. See Rule Severity Definitions. Values - Informational, Low, Medium, High, Critical |
families | Array of strings Families to which the custom rule belongs |
id | string ID of the custom rule. |
name | string Human readable name of the custom rule. |
source | string Value: "CUSTOM" The origin of this rule. Values - CUSTOM |
description | string Description of the custom rule. |
provider | string Enum: "AWS" "AWS_GOVCLOUD" "AZURE" "GOOGLE" Provider of the custom rule. Deprecated; please use "providers" |
providers | Array of strings Items Enum: "AWS" "AWS_GOVCLOUD" "AZURE" "GOOGLE" "REPOSITORY" Providers for the custom rule. Values - |
resource_type | string Resource type to which the custom rule applies. Find resource types with GET /metadata/{provider}/resource_types or see our service coverage pages for AWS & AWS GovCloud and Azure & Azure Government. |
tf_resource_type | string Terraform resource type corresponding to resource_type. |
severity | string Enum: "Informational" "Low" "Medium" "High" "Critical" Severity level of the custom rule. See Rule Severity Definitions. Values - Informational, Low, Medium, High, Critical |
compliance_controls | Array of strings Compliance controls to which the custom rule belongs. |
families | Array of strings Families to which the custom rule belongs. |
status | string Enum: "ENABLED" "DISABLED" "INVALID" The current status of the rule. Values - ENABLED, DISABLED, INVALID |
rule_text | string The Rego source code for the rule. |
created_by | string Principal that created the rule. |
created_by_display_name | string Display name of the user that created the rule. |
created_at | integer The date and time the rule was created, Unix time. Learn how to convert to or from Unix time in the API User Guide. |
updated_by | string Principal that last updated the rule. |
updated_by_display_name | string Display name of the user that last updated the rule. |
updated_at | integer The date and time the rule was last updated, Unix time. Learn how to convert to or from Unix time in the API User Guide. |
Array of objects (CustomRuleError) [ items ] Syntax errors in the rego source code. |
{- "name": "Azure VMs should be in availability sets",
- "description": "Azure Virtual Machines should be in availability sets. Deploying VMs in availability sets promotes redundancy of data.",
- "providers": [
- "AZURE"
], - "status": "ENABLED",
- "resource_type": "Azure.Compute.VirtualMachine",
- "rule_text": "allow { startswith(input.availability_set_id, '/') }",
- "severity": "Medium",
- "families": [
- "3bf3c24b-7859-431a-b1aa-395d896e8bce",
- "Custom"
]
}
{- "compliance_controls": [
- "6377b798-2eee-4456-1234-123456789012"
], - "created_at": 1594402088,
- "created_by": "api_client:61ae1bed-1b6f-4829-1234-123456789012",
- "created_by_display_name": null,
- "description": "Azure Virtual Machines should be in availability sets. Deploying VMs in availability sets promotes redundancy of data.",
- "errors": null,
- "id": "1851db33-1afb-4934-1234-123456789012",
- "name": "Azure VMs should be in availability sets",
- "provider": "AZURE",
- "providers": [
- "AZURE"
], - "resource_type": "Azure.Compute.VirtualMachine",
- "rule_text": "allow { startswith(input.availability_set_id, '/') }",
- "severity": "High",
- "source": "CUSTOM",
- "status": "ENABLED",
- "tf_resource_type": "azurerm_virtual_machine",
- "updated_at": null,
- "updated_by": null,
- "updated_by_display_name": null
}
Deletes a specified custom rule. Example API request here. Learn more about custom rules.
rule_id required | string The ID of the rule to delete. |
{- "type": "InvalidParameterValue",
- "message": "order_direction must be one of ['asc', 'desc']",
- "code": 400
}
Tests a custom rule using state from an scan. Example API request here. Learn more about custom rules.
via_download | boolean Force output to be downloadable. The API returns a presigned link to download a JSON document containing test results. Useful when testing a very large number of resources. |
Information about the custom rule to be tested.
resource_type | string Resource type to which the custom rule applies. Find resource types with GET /metadata/{provider}/resource_types or see our service coverage pages for AWS & AWS GovCloud and Azure & Azure Government. |
rule_text required | string The rego source code for the rule. |
scan_id required | string Scan to test the custom rule with. Learn how to find your scan ID. |
Array of objects (CustomRuleError) [ items ] | |
result | string Enum: "PASS" "FAIL" "UNKNOWN" Result of testing custom rule. Values - PASS, FAIL, UNKNOWN |
Array of objects (TestCustomRuleOutputResource) [ items ] | |
object A presigned link to a downloadable JSON document containing test results. |
{- "resource_type": "AWS.RDS.Instance",
- "rule_text": "allow { input.multi_az == true }",
- "scan_id": "d9f39aac-eea2-45bd-1234-123456789012"
}
{- "errors": [ ],
- "links": { },
- "resources": [
- {
- "id": "terraform-202006251452349548",
- "result": "FAIL",
- "type": "aws_db_instance"
}, - {
- "id": "terraform-202006251453376120",
- "result": "PASS",
- "type": "aws_db_instance"
}
], - "result": "FAIL"
}
Get the input against which a custom rule would be tested. Example API request here. Learn more about custom rules.
via_download | boolean Force output to be downloadable. The API returns a presigned link to download a JSON document containing test input. Useful when testing a very large number of resources. |
scan_id required | string Scan ID for the custom rule test input. |
resources | object |
object A presigned link to a downloadable JSON document containing test results. |
{- "resources": {
- "aws_db_instance.ZGF0YWJhc21234": {
- "_skeleton": {
- "depends_on": null,
- "deposed": [ ],
- "primary": {
- "id": "database-1",
- "meta": null,
- "tainted": false
}, - "provider": "provider.aws.us-east-1",
- "type": "aws_db_instance"
}, - "_type": "AWS.RDS.Instance",
- "address": "database-1.cvos3nciabcd.us-east-1.rds.amazonaws.com",
- "allocated_storage": 20,
- "arn": "arn:aws:rds:us-east-1:123456789012:db:database-1",
- "auto_minor_version_upgrade": true,
- "availability_zone": "us-east-1a",
- "backup_retention_period": 0,
- "backup_window": "05:04-05:34",
- "ca_cert_identifier": "rds-ca-2015",
- "copy_tags_to_snapshot": true,
- "db_subnet_group_name": "default-vpc-76f2abcd",
- "enabled_cloudwatch_logs_exports": [ ],
- "endpoint": "database-1.cvos3nciabcd.us-east-1.rds.amazonaws.com:3306",
- "engine": "mysql",
- "engine_version": "5.7.22",
- "hosted_zone_id": "Z2R2ITUGPMABCD",
- "iam_database_authentication_enabled": false,
- "id": "database-1",
- "identifier": "database-1",
- "instance_class": "db.t2.micro",
- "iops": 0,
- "license_model": "general-public-license",
- "maintenance_window": "wed:07:39-wed:08:09",
- "monitoring_interval": 0,
- "multi_az": false,
- "option_group_name": "default:mysql-5-7",
- "parameter_group_name": "default.mysql5.7",
- "port": 3306,
- "publicly_accessible": false,
- "replicas": [ ],
- "resource_id": "db-P4PGY3SSOZ6VNTP3FLVVZHABCD",
- "security_group_names": [ ],
- "skip_final_snapshot": false,
- "status": "available",
- "storage_encrypted": false,
- "storage_type": "gp2",
- "tags": { },
- "username": "webadmin",
- "vpc_security_group_ids": [
- "sg-59551234"
]
}
}, - "links": { }
}
Create a new custom compliance family.
Configuration options for the new custom compliance family.
name | string Human readable name of the family |
description | string Description of the family |
recommended | boolean If the family is recommended for all new environments |
always_enabled | boolean If the family will automatically be enabled on all environments within the tenant |
rule_ids | Array of strings List of rule ids to associate with family |
id | string ID of the family |
tenant_id | string ID of the tenant |
name | string Human readable name of the family |
source | string Enum: "FUGUE" "CUSTOM" The origin of this family |
description | string Description of the family |
providers | Array of strings Provider the families applies to |
recommended | boolean If the family is recommended for all new environments |
always_enabled | boolean If the family will automatically be enabled on all environments within the tenant |
rule_ids | Array of strings List of rule ids associated with family |
created_by | string Principal that created the rule. |
created_by_display_name | string Display name of the user that created the rule |
created_at | integer The date and time the rule was created. |
updated_by | string Principal that last updated the rule. |
updated_by_display_name | string Display name of the user that last updated the rule |
updated_at | integer The date and time the rule was last updated. |
{- "name": "MegaBank High and Critical",
- "description": "High and critical rules for the MegaBank organization",
- "recommended": true,
- "always_enabled": true,
- "rule_ids": [
- "9cd1fc10-76ca-4675-adeb-929dbc8fa8f8",
- "1b3b81b5-694b-44be-be5a-4228eb05e50e",
- "FG_R00437"
]
}
{- "id": "535fd330-54f4-4f73-a009-07708360533f",
- "tenant_id": "0c1d4192-aec7-414c-1234-1234abcd1234",
- "name": "Critical, High CIS AWS v1.3.0 and Google v1.1.0",
- "source": "CUSTOM",
- "description": "High and critical rules for CIS AWS v1.3.0 and CIS Google v1.1.0",
- "providers": [
- "AWS",
- "GOOGLE"
], - "recommended": true,
- "always_enabled": true,
- "rule_ids": [
- "9cd1fc10-76ca-4675-adeb-929dbc8fa8f8",
- "1b3b81b5-694b-44be-be5a-4228eb05e50e",
- "FG_R00437"
], - "created_by": "user:b8e52141-f9ce-43b8-8ee5-933bc4ccf4ad",
- "created_by_display_name": "John Smith",
- "created_at": 1627325052,
- "updated_by": null,
- "updated_by_display_name": null,
- "updated_at": null
}
Return a list of compliance families.
offset | integer >= 0 Default: 0 Number of items to skip before returning. This parameter is used when the number of items spans multiple pages. |
max_items | integer [ 1 .. 100 ] Default: 10 Maximum number of items to return. |
order_by | string Default: "name" Enum: "name" "policy" Attribute to order families by |
order_direction | string Default: "asc" Enum: "asc" "desc" Order families in an ascending or descending fashion |
query | string [ 2 .. 1800 ] characters A stringified JSON array of search parameters. |
Array of objects (Family) [ items ] | |
count | integer |
is_truncated | boolean |
next_offset | integer |
{- "items": [
- {
- "id": "535fd330-54f4-4f73-a009-07708360533f",
- "tenant_id": "0c1d4192-aec7-414c-1234-1234abcd1234",
- "name": "Critical, High CIS AWS v1.3.0 and Google v1.1.0",
- "source": "CUSTOM",
- "description": "High and critical rules for CIS AWS v1.3.0 and CIS Google v1.1.0",
- "providers": [
- "AWS",
- "GOOGLE"
], - "recommended": true,
- "always_enabled": true,
- "created_by": "user:b8e52141-f9ce-43b8-8ee5-933bc4ccf4ad",
- "created_by_display_name": "John Smith",
- "created_at": 1627325052,
- "updated_by": null,
- "updated_by_display_name": null,
- "updated_at": null
}, - {
- "id": "CIS-AWS_v1.3.0",
- "tenant_id": "0c1d4192-aec7-414c-1234-1234abcd1234",
- "name": "CIS AWS Foundations Benchmark (v1.3.0)",
- "source": "FUGUE",
- "description": "CIS AWS Foundations Benchmark is a set of configuration guidelines created by the Center for Internet Security (CIS) to help organizations safeguard their AWS infrastructure against today’s evolving cyber threats. This is the latest version of the Benchmark.",
- "providers": [
- "AWS",
- "AWS_GOVCLOUD"
], - "recommended": true,
- "always_enabled": true,
- "created_by": null,
- "created_by_display_name": null,
- "created_at": null,
- "updated_by": null,
- "updated_by_display_name": null,
- "updated_at": null
}
]
}
Return a specific Family.
family_id required | string The id of the Family to look up. |
id | string ID of the family |
tenant_id | string ID of the tenant |
name | string Human readable name of the family |
source | string Enum: "FUGUE" "CUSTOM" The origin of this family |
description | string Description of the family |
providers | Array of strings Provider the families applies to |
recommended | boolean If the family is recommended for all new environments |
always_enabled | boolean If the family will automatically be enabled on all environments within the tenant |
rule_ids | Array of strings List of rule ids associated with family |
created_by | string Principal that created the rule. |
created_by_display_name | string Display name of the user that created the rule |
created_at | integer The date and time the rule was created. |
updated_by | string Principal that last updated the rule. |
updated_by_display_name | string Display name of the user that last updated the rule |
updated_at | integer The date and time the rule was last updated. |
{- "id": "535fd330-54f4-4f73-a009-07708360533f",
- "tenant_id": "0c1d4192-aec7-414c-1234-1234abcd1234",
- "name": "Critical, High CIS AWS v1.3.0 and Google v1.1.0",
- "source": "CUSTOM",
- "description": "High and critical rules for CIS AWS v1.3.0 and CIS Google v1.1.0",
- "providers": [
- "AWS",
- "GOOGLE"
], - "recommended": true,
- "always_enabled": true,
- "rule_ids": [
- "9cd1fc10-76ca-4675-adeb-929dbc8fa8f8",
- "1b3b81b5-694b-44be-be5a-4228eb05e50e",
- "FG_R00437"
], - "created_by": "user:b8e52141-f9ce-43b8-8ee5-933bc4ccf4ad",
- "created_by_display_name": "John Smith",
- "created_at": 1627325052,
- "updated_by": null,
- "updated_by_display_name": null,
- "updated_at": null
}
Edit an existing user Family.
family_id required | string The id of the Family to update. |
New configuration options for the Family.
name | string Human readable name of the family |
description | string Description of the family |
recommended | boolean If the family is recommended for all new environments |
always_enabled | boolean If the family will automatically be enabled on all environments within the tenant |
rule_ids | Array of strings List of rule ids to associate with family |
id | string ID of the family |
tenant_id | string ID of the tenant |
name | string Human readable name of the family |
source | string Enum: "FUGUE" "CUSTOM" The origin of this family |
description | string Description of the family |
providers | Array of strings Provider the families applies to |
recommended | boolean If the family is recommended for all new environments |
always_enabled | boolean If the family will automatically be enabled on all environments within the tenant |
rule_ids | Array of strings List of rule ids associated with family |
created_by | string Principal that created the rule. |
created_by_display_name | string Display name of the user that created the rule |
created_at | integer The date and time the rule was created. |
updated_by | string Principal that last updated the rule. |
updated_by_display_name | string Display name of the user that last updated the rule |
updated_at | integer The date and time the rule was last updated. |
{- "name": "MegaBank High and Critical",
- "description": "High and critical rules for the MegaBank organization",
- "recommended": true,
- "always_enabled": true,
- "rule_ids": [
- "9cd1fc10-76ca-4675-adeb-929dbc8fa8f8",
- "1b3b81b5-694b-44be-be5a-4228eb05e50e",
- "FG_R00437"
]
}
{- "id": "535fd330-54f4-4f73-a009-07708360533f",
- "tenant_id": "0c1d4192-aec7-414c-1234-1234abcd1234",
- "name": "Critical, High CIS AWS v1.3.0 and Google v1.1.0",
- "source": "CUSTOM",
- "description": "High and critical rules for CIS AWS v1.3.0 and CIS Google v1.1.0",
- "providers": [
- "AWS",
- "GOOGLE"
], - "recommended": true,
- "always_enabled": true,
- "rule_ids": [
- "9cd1fc10-76ca-4675-adeb-929dbc8fa8f8",
- "1b3b81b5-694b-44be-be5a-4228eb05e50e",
- "FG_R00437"
], - "created_by": "user:b8e52141-f9ce-43b8-8ee5-933bc4ccf4ad",
- "created_by_display_name": "John Smith",
- "created_at": 1627325052,
- "updated_by": null,
- "updated_by_display_name": null,
- "updated_at": null
}
List details for all invites.
offset | integer >= 0 Default: 0 Number of items to skip before returning. This parameter is used when the number of items spans multiple pages. |
max_items | integer [ 1 .. 100 ] Default: 100 Maximum number of items to return. |
order_direction | string Default: "desc" Enum: "asc" "desc" Direction to sort the items in. |
string Used to filter list to a single invite by email. |
Array of objects (Invite) [ items ] Paginated list of invites. | |
is_truncated | boolean Indicates whether there are more items at the next offset. |
next_offset | integer Next offset to use to get the next page of items. |
count | integer Total number of items. |
{- "items": [
- {
- "id": "919cb55a-45f8-4bf1-bc77-123456789052",
- "resource_type": "INVITE",
- "status": "INVITE_EXPIRED",
- "email": "smith@fugue.co",
- "groups": {
- "default-admin-group": "Admin"
}, - "created_at": 1573769498,
- "updated_at": null,
- "expires_at": 1574374298
}, - {
- "id": "5726952f-7360-4b46-8a7e-444444444444",
- "resource_type": "INVITE",
- "status": "INVITE_PENDING",
- "email": "jones@fugue.co",
- "groups": {
- "762a8d73-c8b4-4676-b2b9-123444899900": "Auditors"
}, - "created_at": 1611079892,
- "updated_at": null,
- "expires_at": null
}
], - "count": 4,
- "is_truncated": false,
- "next_offset": null
}
Creates a new invite.
Configuration options for the new invite.
email required | string |
group_ids required | Array of strings |
expires | boolean Default: true |
id required | string |
resource_type | string |
email required | string |
status required | string |
created_at required | integer |
updated_at | integer |
expires_at required | integer |
object Map from group id to name. |
{- "email": "smith@fugue.co",
- "group_ids": [
- "762a8d73-c8b4-4676-b2b9-122222222222"
], - "expires": false
}
{- "id": "5726952f-7360-4b46-8a7e-123456789102",
- "resource_type": "INVITE",
- "status": "INVITE_PENDING",
- "email": "smith@fugue.co",
- "groups": {
- "762a8d73-c8b4-4676-b2b9-122222222222": "Auditors"
}, - "created_at": 1611079892,
- "updated_at": null,
- "expires_at": null
}
Fetch an invite by id.
invite_id required | string id of the invite |
id required | string |
resource_type | string |
email required | string |
status required | string |
created_at required | integer |
updated_at | integer |
expires_at required | integer |
object Map from group id to name. |
{- "id": "5726952f-7360-4b46-8a7e-123456789102",
- "resource_type": "INVITE",
- "status": "INVITE_PENDING",
- "email": "smith@fugue.co",
- "groups": {
- "762a8d73-c8b4-4676-b2b9-122222222222": "Auditors"
}, - "created_at": 1611079892,
- "updated_at": null,
- "expires_at": null
}
Return a list of groups.
offset | integer >= 0 Default: 0 Number of items to skip before returning. This parameter is used when the number of items spans multiple pages. |
max_items | integer [ 1 .. 100 ] Default: 10 Maximum number of items to return. |
order_by | string Default: "name" Enum: "name" "policy" Attribute to order groups by |
order_direction | string Default: "asc" Enum: "asc" "desc" Order groups in an ascending or descending fashion |
Array of objects (Group) [ items ] | |
count | integer |
is_truncated | boolean |
next_offset | integer |
{- "items": [
- {
- "id": "default-admin-group",
- "name": "Admin",
- "environments": { },
- "users": {
- "099fe2d4-6a5f-441e-9e9f-123456789012": "Leslie Knope",
- "29acf40e-8831-4299-8dfa-999999999999": "Ron Swanson",
- "31e8b5f3-2562-471c-b25e-888888888888": "John Smith"
}, - "api_clients": {
- "b7e92479-33c1-4d16-b20b-5fdb6efc2358": "CircleCI Client"
}, - "policy": "fugue:ADMIN"
}, - {
- "id": "9ab86fb7-c0ab-43d4-a8a7-888999111674",
- "name": "Azure Developers",
- "environments": {
- "5f1b431b-bc42-4652-b628-123467890456": "Staging",
- "ce1abc55-1f1b-4f13-8299-000001111876": "Production"
}, - "users": {
- "64ac35d0-386c-4418-a21c-92975fcf59b7": "Matt Smith"
}, - "api_clients": {
- "f579689a-0a1e-4f07-997c-54958533b8a1": "CircleCI Client",
- "7e95cf7e-8705-4a6e-9802-a97a40c9d418": "Postman"
}, - "policy": "fugue:AUDITOR"
}
], - "count": 2,
- "is_truncated": false,
- "next_offset": 10
}
Creates a new group.
Configuration options for the new group.
name | string |
policy | string Enum: "fugue:READONLY" "fugue:AUDITOR" "fugue:EDITOR" "fugue:CONTRIBUTOR" "fugue:MANAGER" "fugue:ORGANIZATION_REPORT_VIEWER" "fugue:IAC_SCANNER" |
environment_ids | Array of strings List of environment IDs to grant the group access to. Use |
id | string |
name | string |
object Map from environment id to name. | |
policy | string |
object Map from user_id to name. | |
object Map from api_client_id to name. |
{- "name": "Compliance",
- "policy": "fugue:AUDITOR",
- "environment_ids": [
- "de5bef2d-21e7-4ade-b18a-123987654321",
- "9804011a-b6bd-4f58-ba74-999888567812"
]
}
{- "id": "9ab86fb7-c0ab-43d4-a8a7-999999999999",
- "name": "Network Engineering",
- "environments": {
- "5f1b431b-bc42-4652-b628-f44444444444": "Staging",
- "ce1abc55-1f1b-4f13-8299-000000000000": "Production"
}, - "users": {
- "099fe2d4-6a5f-441e-9e9f-76666666666667": "Jen Smith"
}, - "api_clients": {
- "b7e92479-33c1-4d16-b20b-5fdb6efc2358": "CircleCI Client"
}, - "policy": "fugue:READONLY"
}
Edit a list of Users' Group assignment.
User and Group IDs to be associated.
user_ids | Array of strings |
group_ids | Array of strings |
{- "user_ids": [
- "e082df19-f648-4500-9d5a-123456789900",
- "e9ca37b6-928f-4503-ab8e-048758429081"
], - "group_ids": [
- "default-admin-group",
- "9ab86fb7-c0ab-43d4-a8a7-888777666600"
]
}
{- "type": "InvalidParameterValue",
- "message": "order_direction must be one of ['asc', 'desc']",
- "code": 400
}
List details for all users.
offset | integer >= 0 Default: 0 Number of items to skip before returning. This parameter is used when the number of items spans multiple pages. |
max_items | integer [ 1 .. 100 ] Default: 100 Maximum number of items to return. |
order_direction | string Default: "desc" Enum: "asc" "desc" Direction to sort the items in. |
string Used to filter list to a single invite by email. |
Array of objects (User) [ items ] Paginated list of users. | |
is_truncated | boolean Indicates whether there are more items at the next offset. |
next_offset | integer Next offset to use to get the next page of items. |
count | integer Total number of items. |
{- "items": [
- {
- "id": "29acf40e-8831-4299-8dfa-1234509888",
- "resource_type": "USER",
- "status": "ACTIVE",
- "email": "rhendricks@piedpiper.co",
- "groups": {
- "default-admin-group": "Admin"
}, - "first_name": "Richard",
- "last_name": "Hendricks",
- "owner": true
}, - {
- "id": "31e8b5f3-2562-471c-b25e-64eb7ef00449",
- "resource_type": "USER",
- "status": "ACTIVE",
- "email": "bgilfoyle@fugue.co",
- "groups": {
- "default-admin-group": "Network Engineering"
}, - "first_name": "Bertram",
- "last_name": "Gilfoyle",
- "owner": false
}
], - "count": 14,
- "is_truncated": false,
- "next_offset": null
}
Fetch a user by id.
user_id required | string id of the user |
id required | string |
resource_type | string |
email required | string |
owner | boolean |
first_name | string |
last_name | string |
status required | string |
object Map from group id to name. |
{- "id": "29acf40e-8831-4299-8dfa-2222222222222",
- "resource_type": "USER",
- "status": "ACTIVE",
- "email": "rhendricks@piedpiper.co",
- "groups": {
- "default-admin-group": "Admin"
}, - "first_name": "Richard",
- "last_name": "Hendricks",
- "owner": false
}
Lists details for all rule waivers. Example API request here. Learn more about waivers here.
offset | integer >= 0 Default: 0 Number of items to skip before returning. This parameter is used when the number of items spans multiple pages. |
max_items | integer [ 1 .. 100 ] Default: 100 Maximum number of items to return. |
order_by | string Default: "name" Value: "name" Field to sort the items by. |
order_direction | string Default: "asc" Enum: "asc" "desc" Direction to sort the items in. |
query | string [ 2 .. 1800 ] characters DEPRECATED. A stringified JSON array of search parameters. Use the |
q.id | Array of strings A specific rule waiver ID. |
q.environment_id | Array of strings An environment ID associated with a rule waiver. |
q.name | Array of strings A name of a rule waiver. |
q.rule_id | Array of strings A rule ID associated with a rule waiver. |
q.resource_id | Array of strings A resource ID associated with a rule waiver. |
q.resource_type | Array of strings A resource ID associated with a rule waiver. |
q.resource_provider | Array of strings A resource provider associated with a rule waiver |
q.environment_name | Array of strings An environment name associated with a rule waiver. |
q.environment_provider | Array of strings An environment provider associated with a rule waiver |
q.provider | Array of strings Alias for q.environment_provider. |
q.status | Array of strings A current waiver status. |
Array of objects (RuleWaiver) [ items ] | |
count | integer |
is_truncated | boolean |
next_offset | integer |
{- "items": [
- {
- "id": "36283aca-b747-43cf-8af2-ee20b7b51b9c",
- "environment_id": "95705e29-3605-4b5f-b8cb-35a7af93ba06",
- "environment_name": "Demo 3",
- "resource_provider": "aws.us-west-2",
- "resource_type": "AWS.CloudWatchLogs.LogGroup",
- "resource_id": "/aws/lambda/us-east-1.frontend-security-function",
- "rule_id": "FG_R00068",
- "name": "Waive CMK for frontend-security-function",
- "comment": "KMS CMK is not required",
- "created_by": "api_client:343b807b-019a-484b-9bce-c774270efb5e",
- "created_by_display_name": null,
- "created_at": 1613713903,
- "updated_by": null,
- "updated_by_display_name": null,
- "updated_at": null,
- "expires_at": 1671496797,
- "status": "ACTIVE"
}, - {
- "id": "dc5cb324-ad63-4e1a-a9d9-f33969451767",
- "environment_id": "95705e29-3605-4b5f-b8cb-35a7af93ba06",
- "environment_name": "Demo 3",
- "resource_provider": "*",
- "resource_type": "AWS.IAM.Role",
- "resource_id": "*",
- "rule_id": "FG_R00255",
- "name": "Waive MFA and ext IDs for IAM roles",
- "comment": "IAM roles do not need to have MFA or external IDs in test accounts",
- "created_by": "api_client:343b807b-019a-484b-9bce-c774270efb5e",
- "created_by_display_name": null,
- "created_at": 1613714810,
- "updated_by": null,
- "updated_by_display_name": null,
- "updated_at": null,
- "expires_at": 1647465850,
- "status": "EXPIRED"
}
], - "count": 2,
- "is_truncated": false,
- "next_offset": null
}
Creates a new rule waiver. Example API request here. Learn more about waivers here.
Rule waiver parameters
environment_id required | string |
resource_provider required | string |
resource_type required | string |
resource_id required | string |
resource_tag | string |
rule_id required | string |
name required | string |
comment | string |
expires_at | integer Unix timestamp representation of the expiration date of this rule waiver.
Cannot be combined with |
object (Duration) Defines a duration from the current time and date. | |
expires_at_ts | string RFC3339 representation of the expiration date of this rule waiver.
Cannot be combined with |
id required | string |
environment_id required | string |
environment_name | string |
resource_provider required | string |
resource_type required | string |
resource_id required | string Resource ID that waiver applies to. Can contain * or ? wildcard characters. |
resource_tag | string
|
rule_id required | string |
name required | string |
comment | string |
created_by | string Principal that created the rule waiver. |
created_by_display_name | string Display name of the user that created the rule waiver. |
created_at | integer The date and time when the rule waiver was created. |
expires_at | integer The date and time when this rule waiver expires. |
status | string Enum: "ACTIVE" "EXPIRED" Enum for whether or not this waiver is active or expired. |
updated_by | string Principal that last updated the rule waiver. |
updated_by_display_name | string Display name of the user that last updated the rule waiver. |
updated_at | integer The date and time when the rule waiver was last updated. |
rule_description | string Description of the rule. |
object Mapping of this rule in compliance families and their controls which are enabled in a given environment. |
{- "resource_type": "AWS.CloudWatchLogs.LogGroup",
- "resource_id": "/aws/lambda/us-east-1.frontend-security-function",
- "resource_tag": "Bus*Unit:US",
- "resource_provider": "aws.us-west-2",
- "environment_id": "95705e29-3605-4b5f-b8cb-35a7af93ba06",
- "rule_id": "FG_R00068",
- "name": "Waive CMK for frontend-security-function",
- "comment": "KMS CMK is not required",
- "expires_at": 1679000151
}
{- "id": "36283aca-b747-43cf-8af2-ee20b7b51b9c",
- "environment_id": "95705e29-3605-4b5f-b8cb-35a7af93ba06",
- "environment_name": "Demo 3",
- "resource_provider": "aws.us-west-2",
- "resource_type": "AWS.CloudWatchLogs.LogGroup",
- "resource_id": "/aws/lambda/us-east-1.frontend-security-function",
- "resource_tag": "Bus*Unit:US",
- "rule_id": "FG_R00068",
- "name": "Waive CMK for frontend-security-function",
- "comment": "KMS CMK is not required",
- "created_by": "api_client:343b807b-019a-484b-9bce-c774270efb5e",
- "created_by_display_name": null,
- "created_at": 1613713903,
- "expires_at": 1671496797,
- "status": "ACTIVE",
- "updated_by": null,
- "updated_by_display_name": null,
- "updated_at": null,
- "rule_description": "CloudWatch log groups should be encrypted with KMS CMKs. CloudWatch log groups are encrypted by default. However, utilizing KMS CMKs gives you more control over key rotation and provides auditing visibility into key usage.",
- "rule_compliance_mapping": null
}
Retrieves details and rule metadata for a rule waiver. Example API request here. Learn more about waivers here.
rule_waiver_id required | string The ID of rule waiver to update |
id required | string |
environment_id required | string |
environment_name | string |
resource_provider required | string |
resource_type required | string |
resource_id required | string Resource ID that waiver applies to. Can contain * or ? wildcard characters. |
resource_tag | string
|
rule_id required | string |
name required | string |
comment | string |
created_by | string Principal that created the rule waiver. |
created_by_display_name | string Display name of the user that created the rule waiver. |
created_at | integer The date and time when the rule waiver was created. |
expires_at | integer The date and time when this rule waiver expires. |
status | string Enum: "ACTIVE" "EXPIRED" Enum for whether or not this waiver is active or expired. |
updated_by | string Principal that last updated the rule waiver. |
updated_by_display_name | string Display name of the user that last updated the rule waiver. |
updated_at | integer The date and time when the rule waiver was last updated. |
rule_description | string Description of the rule. |
object Mapping of this rule in compliance families and their controls which are enabled in a given environment. |
{- "id": "36283aca-b747-43cf-8af2-ee20b7b51b9c",
- "environment_id": "95705e29-3605-4b5f-b8cb-35a7af93ba06",
- "environment_name": "Demo 3",
- "resource_provider": "aws.us-west-2",
- "resource_type": "AWS.CloudWatchLogs.LogGroup",
- "resource_id": "/aws/lambda/us-east-1.frontend-security-function",
- "resource_tag": "Bus*Unit:US",
- "rule_id": "FG_R00068",
- "name": "Waive CMK for frontend-security-function",
- "comment": "KMS CMK is not required",
- "created_by": "api_client:343b807b-019a-484b-9bce-c774270efb5e",
- "created_by_display_name": null,
- "created_at": 1613713903,
- "expires_at": 1671496797,
- "status": "ACTIVE",
- "updated_by": null,
- "updated_by_display_name": null,
- "updated_at": null,
- "rule_description": "CloudWatch log groups should be encrypted with KMS CMKs. CloudWatch log groups are encrypted by default. However, utilizing KMS CMKs gives you more control over key rotation and provides auditing visibility into key usage.",
- "rule_compliance_mapping": null
}
Updates a rule waiver. Example API request here. Learn more about waivers here.
rule_waiver_id required | string The ID of rule waiver to update |
Rule waiver update parameters
name | string |
comment | string |
expires_at | integer Unix timestamp representation of the expiration date of this rule waiver.
Cannot be combined with |
object (Duration) Defines a duration from the current time and date. | |
expires_at_ts | string RFC3339 representation of the expiration date of this rule waiver.
Cannot be combined with |
id required | string |
environment_id required | string |
environment_name | string |
resource_provider required | string |
resource_type required | string |
resource_id required | string Resource ID that waiver applies to. Can contain * or ? wildcard characters. |
resource_tag | string
|
rule_id required | string |
name required | string |
comment | string |
created_by | string Principal that created the rule waiver. |
created_by_display_name | string Display name of the user that created the rule waiver. |
created_at | integer The date and time when the rule waiver was created. |
expires_at | integer The date and time when this rule waiver expires. |
status | string Enum: "ACTIVE" "EXPIRED" Enum for whether or not this waiver is active or expired. |
updated_by | string Principal that last updated the rule waiver. |
updated_by_display_name | string Display name of the user that last updated the rule waiver. |
updated_at | integer The date and time when the rule waiver was last updated. |
rule_description | string Description of the rule. |
object Mapping of this rule in compliance families and their controls which are enabled in a given environment. |
{- "name": "Waive CMK for frontend-security-function",
- "comment": "KMS CMK is not required",
- "expires_at_ts": "2022-12-19 16:39:57-08:00"
}
{- "id": "36283aca-b747-43cf-8af2-ee20b7b51b9c",
- "environment_id": "95705e29-3605-4b5f-b8cb-35a7af93ba06",
- "environment_name": "Demo 3",
- "resource_provider": "aws.us-west-2",
- "resource_type": "AWS.CloudWatchLogs.LogGroup",
- "resource_id": "/aws/lambda/us-east-1.frontend-security-function",
- "resource_tag": "Bus*Unit:US",
- "rule_id": "FG_R00068",
- "name": "Waive CMK for frontend-security-function",
- "comment": "KMS CMK is not required",
- "created_by": "api_client:343b807b-019a-484b-9bce-c774270efb5e",
- "created_by_display_name": null,
- "created_at": 1613713903,
- "expires_at": 1671496797,
- "status": "ACTIVE",
- "updated_by": null,
- "updated_by_display_name": null,
- "updated_at": null,
- "rule_description": "CloudWatch log groups should be encrypted with KMS CMKs. CloudWatch log groups are encrypted by default. However, utilizing KMS CMKs gives you more control over key rotation and provides auditing visibility into key usage.",
- "rule_compliance_mapping": null
}
Deletes a rule waiver. Example API request here. Learn more about waivers here.
rule_waiver_id required | string The ID of rule waiver to delete |
{- "type": "AuthenticationError",
- "message": "Invalid or missing authentication token",
- "code": 401
}
Lists audit log events.
max_items | integer [ 25 .. 999 ] Default: 100 Maximum number of items to return. |
order_direction | string Default: "desc" Enum: "asc" "desc" Direction to sort the items in. |
subject_kind | string The subject to filter on. Values - api_client, environment, group, invite, notification, rule, rule_waiver, scan |
range_from | string <date-time> Earliest timestamp to include in results. format: ISO 8601. Example: 2021-03-16T02:00 |
range_to | string <date-time> Latest timestamp to include in results. format: ISO 8601. Example: 2021-03-18T23:00 |
next_token | string If set can be used to retrieve the next page of records. |
Array of objects (AuditLogEvent) [ items ] List of audit log events | |
next_token | string If set can be used to retrieve the next page of records. |
{- "items": [
- {
- "id": "25aec443-7d33-409a-8ca6-c7a488de696c",
- "timestamp": "2021-03-05T06:41:24.857325+00:00",
- "principal": "system:fugue",
- "event_source": "fugue_internal",
- "request_context": {
- "trace_id": "1-6041d201-aa3716f4e2d4b859d6113994",
- "source_ip": null,
- "user_agent": "Fugue",
- "protocol": "https",
- "domain": null,
- "path": null,
- "method": null
}, - "identity": {
- "principal_kind": "system",
- "principal_id": "fugue",
- "name": null,
- "email": null
}, - "action_type": "write",
- "action": "ScanCompleted",
- "subject_kind": "environment",
- "subject_id": "769b0d81-8a6a-41ca-b527-5fee3c87711e",
- "subject_name": "Demo 2",
- "parameters": {
- "message": "None",
- "scan_id": "1c5a1c4d-9242-469b-a404-1bad9c765823",
- "status": "SUCCESS"
}, - "response_code": 200,
- "response_message": "OK",
- "error": false,
- "results": [
- {
- "entity_kind": "scan",
- "entity_id": "1c5a1c4d-9242-469b-a404-1bad9c765823",
- "entity_name": "2021-03-05T06:38:56+00:00",
- "action": "UpdateScan"
}, - {
- "entity_kind": "environment",
- "entity_id": "769b0d81-8a6a-41ca-b527-5fee3c87711e",
- "entity_name": "Demo 2",
- "action": "UpdateEnvironmentScanStatus"
}
]
}, - {
- "id": "1bd89795-eddb-469e-aa6d-8414a484b098",
- "timestamp": "2021-03-05T06:11:30.346395+00:00",
- "principal": "system:fugue",
- "event_source": "fugue_internal",
- "request_context": {
- "trace_id": "1-6041cafd-d05f8b6a1e0d13298a2dcb6f",
- "source_ip": null,
- "user_agent": "Fugue",
- "protocol": "https",
- "domain": null,
- "path": null,
- "method": null
}, - "identity": {
- "principal_kind": "system",
- "principal_id": "fugue",
- "name": null,
- "email": null
}, - "action_type": "write",
- "action": "ScanCompleted",
- "subject_kind": "environment",
- "subject_id": "f961ad2e-195c-4fb3-8d46-39523aa9f96c",
- "subject_name": "Production",
- "parameters": {
- "message": "None",
- "scan_id": "df776383-4d20-46a2-9af7-cf0bd5e6f1c9",
- "status": "SUCCESS"
}, - "response_code": 200,
- "response_message": "OK",
- "error": false,
- "results": [
- {
- "entity_kind": "scan",
- "entity_id": "df776383-4d20-46a2-9af7-cf0bd5e6f1c9",
- "entity_name": "2021-03-05T06:08:58+00:00",
- "action": "UpdateScan"
}, - {
- "entity_kind": "environment",
- "entity_id": "f961ad2e-195c-4fb3-8d46-39523aa9f96c",
- "entity_name": "Production",
- "action": "UpdateEnvironmentScanStatus"
}
]
}
], - "next_token": "cHJpbmNpcGFsX2lkPWFwaV9jbGllbnQ6MzQzYjgwN2ItMDE5YS00ODRiLTliY2UtYzc3NDI3MGVmYjVlO29yZGVyX2J5PXVuaXhfdHM7b3JkZXJfZGlyZWN0aW9uPURFU0M7c3ViamVjdF9raW5kPTtzdGFydF90aW1lPTtlbmRfdGltZT07ZXhlY3V0aW9uX2lkPTRiNDQzYzQ5LTNiMDItNDdjOC04YjkzLTBiZWQ1MGRkMzZhMztuZXh0X3Rva2VuPUFUczFtZzZ3Zi82Z0gvcDhudGdBVlFBcVltdkdYYW5lWTI3N3BnOXNka2JBYzkxVExGK1lYcGN1Q0VTTWtTN0hkNGJNNnZtcWFHektBWGNKdU55d0VKMitrbEtFdDM3c2JnPT07c3RhcnRfaWQ9NTFhM2RkYTEtOWUwYy00N2Y4LTk0NjItNzI2MjQxYmMzYTdhO3N0YXJ0X3ZhbHVlPTE2MTUxMDE2Mzc7c3RhcnRfa2luZD1pbnRlZ2VyO2xhc3RfZHQ9MjAyMS0wMy0wNw=="
}