Report Configs

Managing Conformity report configs.

List Report Configs

get/report-configs

A GET request to this endpoint allows you to list report configs filter by accountId or groupId or under the organisation if you have enough privileges.

Query Organisation Level Report Configs: querying without any query parameters.

SecurityApiKeyAuth
Request
query Parameters
accountId
string

optional Cloud Conformity ID of the account. Provide to get only report configs for the specified account.

Example: accountId=HksLj2_
groupId
string

optional Cloud Conformity ID of the group. Provide to get only report configs for the specified group. Notice: if you provided accountId at the same time, groupId would be ignored.

Example: groupId=JdmvoD3
Responses
200

OK

401

Unauthorized. The requesting user does not have enough privilege.

Response samples
application/json
{
  • "data": [
    ]
}

Create Report Config

post/report-configs

This endpoint is used to create a new report config. This feature can be used in conjunction with a GET request to copy report configs from one account to others.

IMPORTANT: Some guidelines about using this endpoint:

  • Each report config can be account-level, group-level, or organisation-level.
    • If creating account-level report config, you must have a valid accountId.
    • If creating group-level report config, you must have a valid groupId. If you provided accountId and groupId at the same time, groupId would be ignored.
    • If creating organisation-level report config you don't provide any accountId or groupId.
    • Only ADMIN/POWER users can create organisation-level and group-level report-configs.
    • For account-level report config, includeAccountNames field will be ignored as account names are displayed by default.

Filtering

Name Values
filter.services An array of service strings. e.g. ["Auto-Scaling", "CloudFormation"], or ["StorageAccounts", "SecurityCenter"]

For a complete list, please refer to Cloud Conformity Services Endpoint
filter.resourceTypes An array of resource types. e.g. ["kms-key", "ec2-instance"]

For a complete list, please refer to Cloud Conformity ResourceTypes Endpoint
filter.regions An array of valid region strings. e.g. ["us-west-1", "us-west-2"], or ["eastus", "westus"]

For a complete list, please refer to Cloud Conformity Region Endpoint
filter.ruleIds An array of rule ids. e.g. ["EC2-001", "S3-001"]

For a complete list, please refer to Cloud Conformity Services Endpoint
filter.tags An array of any assigned metadata tags to your resources
filter.text Filter by resource Id, rule title or message. A string. e.g "john", "s3" or "write"
filter.resource Filter by resource Id for an exact match, e.g "johnSmith", a wildcard, e.g "joh?Sm*h" or when used with filter[resourceSearchMode]=regex, a regular expression, e.g "joh.?Sm.*h".
For more information about filters, please refer to Filter and Search
filter.resourceSearchMode Set the search mode for the resource filter.

Valid values are "text" or "regex". Text supports an exact match or the wildcard characters * and ?
Defaults to "text"
filter.message Filter by message. Will find messages that contain all words regardless of the order. e.g "new message" will find "message new" and "new message"
filter.createdLessThanDays Deprecated. Use filter[newerThanDays] instead.
filter.createdMoreThanDays Deprecated. Use filter[olderThanDays] instead.
filter.newerThanDays The filter.olderThanDays and filter.newerThanDays range refers to days to go back from the report's generation date. It converts the number of days entered to the date when the check was created and assigned a status, or where the status changed from "Success" to "Failure" or from "Failure" to "Success". You can use this filter by entering values for the number of days you wish to view before filter[olderThanDays] and after filter[newerThanDays]. You must pass at least 2 days up to 1 day to see any checks for a specific time duration. To display checks from a particular day up to the report's generation date, pass the number of days in filter.newerThanDays and leave filter.olderThanDays blank. Number. e.g. 5.
filter.olderThanDays To display all checks for up to a particular day, pass a number of days to go back from the report's generation date in filter.olderThanDays and leave filter.newerThanDays blank. Number. e.g. 5.
filter.categories An array of category (Conformity category) strings from the following:
security | cost-optimisation | operational-excellence | reliability | performance-efficiency | sustainability
filter.riskLevels Risk level. Possible values: ["EXTREME" | "VERY_HIGH" | "HIGH" | "MEDIUM" | "LOW"]
filter.complianceStandards An array of supported standard or framework ids. Possible values: ["AWAF" | "GCPWAF" | "CISAWSF-1_5_0" | "CISAWSF-2_0" | "CISAWSF-3_0" | "CISAZUREF-2_0" | "CISAZUREF-2_1" | "CISGCPF-1_3_0" | "CISGCPF-2_0" | "CISGCPF-3_0" | "CIS-V8" | "PCI" | "PCI-V4" | "HIPAA" | "HITRUST" | "GDPR" | "APRA" | "NIST4" | "NIST5" | "SOC2" | "NIST-CSF" | "NIST-CSF-2_0" | "ISO27001" | "ISO27001-2022" | "AGISM" | "AGISM-2024" | "ASAE-3150" | "MAS" | "FEDRAMP" | "ENISA" | "NIS-2" | "FISC-V9" | "LGPD" | "AZUREWAF-2024"]
filter.reportComplianceStandardId A single standard or framework id string. Possible values: ["AWAF" | "GCPWAF" | "NIST4" | "NIST5" | "CISAWSF-1_5_0" | "CISAWSF-2_0" | "CISAWSF-3_0" | "CISAZUREF-2_0" | "CISAZUREF-2_1" | "CISGCPF-1_3_0" | "CISGCPF-2_0" | "CISGCPF-3_0" | "CIS-V8" | "PCI" | "PCI-V4" | "SOC2" | "NIST-CSF" | "NIST-CSF-2_0" | "ISO27001" | "ISO27001-2022" | "AGISM" | "AGISM-2024" | "HIPAA" | "HITRUST" | "ASAE-3150" | "APRA" | "MAS" | "FEDRAMP" | "ENISA" | "NIS-2" | "FISC-V9" | "LGPD" | "AZUREWAF-2024"]
filter.statuses The status of the check. Valid values: ["SUCCESS" | "FAILURE"]
filter.suppressedFilterMode Choosing between the "v1" or "v2" suppressed functionality.
"v1": Using suppressed=true will return both suppressed and unsuppressed checks, suppressed=false will return unsuppressed checks only.
"v2": Using suppressed=true will return suppressed checks only, suppressed=false will return unsuppressed checks only, and removing the filter will return both suppressed and unsuppressed checks. The filter defaults to "v1". Valid values: [ "v1" | "v2" ]
filter.suppressed Show Suppressed rules. A boolean. Should be used in conjunction with a filter[suppressedFilterMode]:
"v1"- Using suppressed=true will return both suppressed and unsuppressed checks, suppressed=false will return unsuppressed checks only;
"v2"- Using suppressed=true will return suppressed checks only, suppressed=false will return unsuppressed checks only, and removing the filter will return both.
Default: true for "v1", and when removed for "v2", will return both suppressed and unsuppressed checks. Valid values: [true |false]
filter.providers Cloud providers. Possible values: ["aws" | "azure" | "gcp"]
filter.withChecks Displays only controls from PDF reports with one or more associated checks. If withoutChecks is also set to true, then filter has no effect and all checks will be displayed. The default value is false. Valid values: [true |false]
filter.withoutChecks Displays only controls from PDF reports with 0 associated checks. If withChecks is also set to true, then filter has no effect and all checks will be displayed. The default value is false. Valid values: [true |false]
filter.filterTags An array of any assigned metadata tags, tag keys or tag values to your AWS resources. e.g filterTags ["dev"] will match resource with tag "environment::dev" in the filter
SecurityApiKeyAuth
Request
Request Body schema: application/vnd.api+json
object
Responses
200

OK

401

Unauthorized. The requesting user does not have enough privilege.

422

Unprocessed Entity. Validation error.

Request samples
application/vnd.api+json
{
  • "data": {
    }
}
Response samples
application/json
{
  • "data": {
    }
}

Get Report Config Details

get/report-configs/{id}

This endpoint allows you to get the details of the specified report config.

SecurityApiKeyAuth
Request
path Parameters
id
required
string

The Cloud Conformity ID of the report config.

Responses
200

OK

401

Unauthorized. The requesting user does not have enough privilege.

Response samples
application/json
{
  • "data": {
    }
}

Delete Report Config

delete/report-configs/{id}

A DELETE request to this endpoint allows a user to delete a report config.

SecurityApiKeyAuth
Request
path Parameters
id
required
string

id is the Conformity report config id

Responses
200

OK

401

Unauthorized. The requesting user does not have enough privilege.

Response samples
application/json
{
  • "meta": {
    }
}

Update Report Config

patch/report-configs/{id}

A PATCH request to this endpoint allows you to update a specific report config.

Note:
accountId or groupId could not be changed after report-config was created.
For account-level report config, includeAccountNames field will be ignored as account names are displayed by default.

SecurityApiKeyAuth
Request
path Parameters
id
required
string

id is the Conformity report config id.

Request Body schema: application/vnd.api+json
object
Responses
200

OK

401

Unauthorized. The requesting user does not have enough privilege.

Request samples
application/vnd.api+json
{
  • "data": {
    }
}
Response samples
application/json
{
  • "data": {
    }
}