Downloading Your Security Report

This guide demonstrates how to download your Coralogix security report via API.

Prerequisites

Cloud Security Posture Management (CSPM) set up

Configuration

STEP 1. Access your API URL based on the domain associated with your account.

.com	Ireland	ng-api-http.coralogix.com
.app.eu2.coralogix.com	Stockholm	ng-api-http.eu2.coralogix.com
.app.coralogixsg.com	Singapore	ng-api-http.coralogixsg.com
.in	Mumbai	ng-api-http.app.coralogix.in
.us	United States	ng-api-http.coralogix.us

STEP 2. Access your Coralogix Logs Query Key.

On your Coralogix dashboard, click Data Flow > select API Keys.

Data Flow > API Keys

Copy your Logs Query Key.

Logs Query Key

STEP 3. Create the API.

URL	https:// {{Coralogix domain}}/xdr/get-report
HTTP Method	POST
Content Type	application/json
Authorization	Bearer {{Logs Query key}}

STEP 4. Schema

Request schema.

{
    "executionId": string(uuid), // in case it's not provided using the last scan id
    "filter": {
        "region": string[],
        "account": string[],
        "complianceFramework": string[],
        "provider": string[], // "aws", "gcp", "azure", "github", etc...
    "service": string[], // "RDS", "BIG QUERY", "S3", etc
        "testName": string[], // sort name of the security rule (testIdentity)
        "result": string[] // (enum) "Passed", "Failed"
        "severity": int[], // (enum) 1 - Low, 2 - Medium, 3 - High, 4 - Critical 
        "active": string[] // (enum): "Enabled", "Disabled"
    }
}

Note: Every field in the request payload is optional. Passing a null value or ignoring that field is the same as passing an empty list.

Compliance frameworks and short names:

Snowbit	snowbit
CIS AWS 1.4.0	cis_aws
HIPAA	hipaa
ISO-27001	iso_27001
PCI DSS 3.1.0	pci_dss
SOC 2	soc2

Response schema:

{
    "executionId": string // uuid v4 format
    "data":[
    {
      "region": string,
      "account": string,
      "complianceFrameworks": string[],
      "provider": string,
            "category": string, // From the category view eg: "Database", "Storage", "Identity Management", etc
      "service": string, // "RDS", "BIG QUERY", "S3", etc
      "testName": string,
      "severity": int, // enum: 1 - Low, 2 - Medium, 3 - High, 4 - Critical 
      "resourceName": string,
      "resourceId": string,
      "passed": boolean,
      "active": boolean
    }
  ]
}

Additional Resources

Documentation

Cloud Security Posture Management (CSPM)

Support

Need help?

Our world-class customer success team is available 24/7 to walk you through your setup and answer any questions that may come up.

Feel free to reach out to us via our in-app chat or by sending us an email at [email protected].

How to protect secrets in the STA config?

Next GCP Security Posture Management (CSPM)