Findings

Finding information of a security vulnerability.

List all security findings in a project

get/api/projects/{projectID}/findings

List all security findings in a project

SecuritycloudOneToken or cloudOneAPIKey

Request

path Parameters

projectID

required

string

The projectID

query Parameters

category	string The category of findings to get Value: "malicious-activity" Example: category=malicious-activity
cursor	string An encoded value used to retrieve the next set of results for a query that returns more results than the provided limit. It uses the `next` value from the previous response. Example: cursor=eyJrIjoiMXVLa2lsb3B2RnhsS0FuYUU0bThqUmVjZDdCIiwibiI6IkJUY2hRU2pOVDBSUjc0cHUifQ.EilR0MPcmh9JdsQ1omPx1cJQvh_RjDwI_AnHAWu-G1YSN9ZTjoKswEhDObUaefE8nf97AlccfogXrvrcjfpE7gDJCz4oI-6rfM43E9T_Or3uyOG3OgHoK9eyUX-qv8WTYwnf1tzwVN1e1D4B0Kr81yQBi2Y-MdeIH60rkOFI42w6I9fEJRDnPRoFqRn2Hw70ehjrCRpkeRKS9emduCL_YNZmjNEst1i6heg5-sqtkBYrYaqWecKJ5rqskQN_apfrX-BEfh6Ph2j7hYKJ6s32j3dOGR9paTFikewtKWMXBcy6kW5uZqGwO05sVW1Wy6HavxpNm5ha50WKotoEndvzuW0RasT9YLbCry1qRYt3X8NKybpERt2u7lRHNSY3DuVtbXbeR9oUzsO1Br31ywH0dBkn3WsfPYFOaEt0htVo0_DlDZh-0oH4PdzvCkzDQn-EM8u9PCxzvxSMGtQ_UXcDxEZcUgfgnLQy4Fu2AHumF136tXZyTh8GAd-mLqC6xtvOXJTDF7s0TxQ7A57d9C1EDrEJOBuq
limit	integer The maximum numbers of records to return. It accepts an integer ranging from 1 to 50. Otherwise, the request will be rejected. Example: limit=50
resourceID	string The ID of a resource Example: resourceID=89aa5c20-b23b-4db1-ab7f-93bd96d46e8f
severity	string The severity of the finding Enum: "critical" "high" "medium" "low"
sort	string The property to sort by. A - in front of the property indicates a descending order, the property name by itself indicates ascending order. The default is lastDetected descending. Only one sortable column is allowed. Enum: "-category" "category" "-type" "type" "-firstDetected" "firstDetected" "-lastDetected" "lastDetected" "-severity" "severity"
type	string The type of findings to get Enum: "malware" "integrity-monitoring" Example: type=malware

header Parameters

Api-Version

required

string

The API version used in this request.

Value: "v1"

Responses

200

All security findings in a project

400

Something about your request didn't quite make sense. The error message should help you figure out what went wrong.

401

Unauthorized

403

You tried to do something that you're not allowed to do. Check your privileges to see what you're actually allowed to do. This could also mean that your token has expired.

404

The resource you were looking for doesn't exist.

429

You have made too many requests too quickly. Check the Retry-After header for an indication of when you might be able to try again.

500

The service has encountered an unexpected internal error. It's possible that trying again will help, but it's more likely that you're out of luck for the moment.

503

The service is temporarily unavailable, likely due to maintenance. It should be available soon, check the Retry-After header for an indication of when you might be able to try again.

Response samples

application/json

{"findings": [{"category": "malicious-activity",
"details": {"file": "/etc/passwd",
"type": "integrity-monitoring",
"difference": "s3://example-bucket/path/to/object",
"pathToFile": "[/user/bin/malware.zip, /usr/bin/malware.zip/eicar.txt]",
"fileSystemGUID": "5782184C-C4EA-47D2-9039-F1564F7735F3"
},
"firstDetected": "2022-05-13T15:06:53Z",
"id": "89aa5c20-b23b-4db1-ab7f-93bd96d46e8f",
"lastDetected": "2022-05-13T15:06:53Z",
"links": [{"href": "https://projects.us-1.cloudone.trendmicro.com/api/projects/89aa5c20-b23b-4db1-ab7f-93bd96d46e8f",
"rel": "project"
}
],
"name": "CVE-0000-0001",
"resource": {"cloudResourceID": "arn:aws:lambda:us-east-1:012345678912:function:my-lambda",
"id": "9aa5c20-b23b-4db1-ab7f-93bd96d46e8f",
"name": "my-lambda-function",
"type": "aws-lambda-function",
"region": "us-east-1"
},
"severity": "critical",
"source": "Sentry",
"type": "malware"
}
],
"next": "dGhpcyB2YWx1ZSBpcyBvcGFxdWUsIGRlY29kaW5nIGl0IHdvbid0IGJlIHVzZWZ1bAo="
}

Describe a count of findings inside of a project

get/api/projects/{projectID}/findings/counts

Describe a count of findings inside of a project

SecuritycloudOneToken or cloudOneAPIKey

Request

path Parameters

projectID

required

string

The projectID

query Parameters

category	string The category of findings to get Value: "malicious-activity" Example: category=malicious-activity
resourceID	string The ID of a resource Example: resourceID=89aa5c20-b23b-4db1-ab7f-93bd96d46e8f
severity	string The severity of the finding Enum: "critical" "high" "medium" "low"
type	string The type of findings to get Enum: "malware" "integrity-monitoring" Example: type=malware

header Parameters

Api-Version

required

string

The API version used in this request.

Value: "v1"

Responses

200

The count of findings in a project

400

Something about your request didn't quite make sense. The error message should help you figure out what went wrong.

401

Unauthorized

403

You tried to do something that you're not allowed to do. Check your privileges to see what you're actually allowed to do. This could also mean that your token has expired.

404

The resource you were looking for doesn't exist.

429

You have made too many requests too quickly. Check the Retry-After header for an indication of when you might be able to try again.

500

The service has encountered an unexpected internal error. It's possible that trying again will help, but it's more likely that you're out of luck for the moment.

503

The service is temporarily unavailable, likely due to maintenance. It should be available soon, check the Retry-After header for an indication of when you might be able to try again.

Response samples

application/json

{"total": 10,
"counts": {"malware": 5,
"integrity-monitoring": 5
}
}

Describe a security finding

get/api/projects/{projectID}/findings/{findingID}

Describe a security finding

SecuritycloudOneToken or cloudOneAPIKey

Request

path Parameters

findingID required	string The findingID
projectID required	string The projectID

header Parameters

Api-Version

required

string

The API version used in this request.

Value: "v1"

Responses

200

The security finding details

400

Something about your request didn't quite make sense. The error message should help you figure out what went wrong.

401

Unauthorized

403

You tried to do something that you're not allowed to do. Check your privileges to see what you're actually allowed to do. This could also mean that your token has expired.

404

The resource you were looking for doesn't exist.

429

You have made too many requests too quickly. Check the Retry-After header for an indication of when you might be able to try again.

500

The service has encountered an unexpected internal error. It's possible that trying again will help, but it's more likely that you're out of luck for the moment.

503

The service is temporarily unavailable, likely due to maintenance. It should be available soon, check the Retry-After header for an indication of when you might be able to try again.

Response samples

application/json

{"category": "malicious-activity",
"details": {"file": "/etc/passwd",
"type": "integrity-monitoring",
"difference": "s3://example-bucket/path/to/object",
"pathToFile": "[/user/bin/malware.zip, /usr/bin/malware.zip/eicar.txt]",
"fileSystemGUID": "5782184C-C4EA-47D2-9039-F1564F7735F3"
},
"firstDetected": "2022-05-13T15:06:53Z",
"id": "89aa5c20-b23b-4db1-ab7f-93bd96d46e8f",
"lastDetected": "2022-05-13T15:06:53Z",
"links": [{"href": "https://projects.us-1.cloudone.trendmicro.com/api/projects/89aa5c20-b23b-4db1-ab7f-93bd96d46e8f",
"rel": "project"
}
],
"name": "CVE-0000-0001",
"resource": {"cloudResourceID": "arn:aws:lambda:us-east-1:012345678912:function:my-lambda",
"id": "9aa5c20-b23b-4db1-ab7f-93bd96d46e8f",
"name": "my-lambda-function",
"type": "aws-lambda-function",
"region": "us-east-1"
},
"severity": "critical",
"source": "Sentry",
"type": "malware"
}