Automation
Get All Event Filters
This endpoint retrieves a list of Event Filters.
GET /api/v2/automation/event-filters/
Query Parameters
The following parameters may be used to filter the Event Filters in the response.
| Parameter | Description |
|---|---|
| event | Filter by event ID. For example using event=VerificationRan will return a list of the Event Filters that use VerificationRan. |
| active | true/false. If true, will return a list of active event filters. If false, will return get a list of inactive event filters. |
GET /api/v2/automation/event-filters/ HTTP/1.1
Accept: application/json
Authorization: Token "YOUR SDE ACCESS TOKEN"
HTTP/1.1 200 OK
Content-Type: application/json
{
"results": [{
"id": "E1",
"name": "VerificationRan1",
"event_id": "VerificationRan",
"active": true,
"criteria": {
"vulnerability_report": {
"SAST": {
"high": 0,
"critical": 0
}
}
},
"threshold": null,
"action_plans": [{
"id": "AP1",
"action_id": "TransitionTaskStatus",
"params": {
"note": "Task status automatically transitioned to Complete by ${scanner_name}. More information: \n${scan_details}",
"task_id": "T1368",
"status_id": "TS1"
}
}],
"created": "2019-11-12T16:48:09.411236-05:00",
"updated": "2019-11-12T16:48:09.411236-05:00"
}, {
"id": "E2",
"name": "VerificationRan2",
"event_id": "TaskStatusChange",
"active": true,
"criteria": {
"task": "T21",
"status": "TS1"
},
"threshold": 90,
"action_plans": [{
"id": "AP2",
"action_id": "TransitionTaskStatus",
"params": {
"note": "Task status automatically transitioned to Complete by ${scanner_name}. More information: \n${scan_details}",
"task_id": "T1369",
"status_id": "TS1"
}
}],
"created": "2019-11-12T16:48:09.411236-05:00",
"updated": "2019-11-12T16:48:09.411236-05:00"
}]
}
Get a Specific Event Filter
This endpoint retrieves a specific Event Filter, as specified by the id parameter.
GET /api/v2/automation/event-filters/{event-filter-id}/
URL Parameters
| Parameter | Description |
|---|---|
| event_filter_id | The id of the Event Filter to retrieve |
GET /api/v2/automation/event-filters/E7/ HTTP/1.1
Accept: application/json
Authorization: Token "YOUR SDE ACCESS TOKEN"
HTTP/1.1 200 OK
Content-Type: application/json
{
"id": "E7",
"event_id": "VerificationRan",
"active": true,
"criteria": {
"category": "INFRASTRUCTURE"
},
"threshold": 90,
"action_plans": [{
"id": "AP14",
"action_id": "TransitionTaskStatus",
"params": {
"note": "Task status automatically transitioned to Incomplete as it has been more than 90 days since you ran an Infrastructure scan.",
"task_id": "T1915",
"status_id": "TS2"
}
}],
"created": "2019-11-12T16:48:09.411236-05:00",
"updated": "2019-11-12T16:48:09.411236-05:00"
}
Get All Actions
This endpoint retrieves a list of all DefinedAction classes
GET /api/v2/automation/actions/
GET /api/v2/automation/actions/ HTTP/1.1
Accept: application/json
Authorization: Token "YOUR SDE ACCESS TOKEN"
HTTP/1.1 200 OK
Content-Type: application/json
{
"results": [
{
"action_id": "TransitionTaskStatus",
"description": "Modify task status"
},
{
"action_id": "AddTaskNote",
"description": "Add note to task"
}
]
}
Get All Events
This endpoint retrieves a list of all DefinedEvent classes
GET /api/v2/automation/events/
GET /api/v2/automation/events/ HTTP/1.1
Accept: application/json
Authorization: Token "YOUR SDE ACCESS TOKEN"
HTTP/1.1 200 OK
Content-Type: application/json
{
"results": [
{
"event_id": "VerificationRan",
"description": "Verification tool ran"
}
]
}
Create an Event Filter
This endpoint is used to create a new Event Filter.
POST /api/v2/automation/event-filters/
| Fields | Required | Description |
|---|---|---|
| event_id | Yes | ID of an existing event type |
| name | Yes | Unique identifying name |
| active | No | Defaults to true |
| criteria | No | Criteria to determine if action is applicable |
| threshold | No | Used to represent a Threshold EventFilter, which dictates the time threshold in days |
| action_plans | Yes | Array of action plans to be executed on the occurrence of the Event |
| action_id | Yes | Within action_plans, only applicable within an action_plan; ID of an existing action type |
| params | No | Within action_plans; parameters applicable to whatever action to be performed |
POST /api/v2/automation/event-filters/ HTTP/1.1
Accept: application/json
Authorization: Token "YOUR SDE ACCESS TOKEN"
{
"event_id": "VerificationRan",
"name": "NewEventFilter",
"active": true,
"criteria": {
"vulnerability_report": {
"DAST": {
"high": 0,
"critical": 0
}
}
},
"threshold": 120,
"action_plans": [{
"action_id": "TransitionTaskStatus",
"params": {
"note": "Task status automatically transitioned to Complete by ${scanner_name}. More information: \n${scan_details}",
"task_id": "T1369",
"status_id": "TS1"
}
}]
}
HTTP/1.1 201 CREATED
Content-Type: application/json
{
"id": "CE1",
"event_id": "VerificationRan",
"name": "NewEventFilter",
"active": true,
"criteria": {
"vulnerability_report": {
"DAST": {
"high": 0,
"critical": 0
}
}
},
"threshold": 120,
"action_plans": [{
"id": "CAP1",
"action_id": "TransitionTaskStatus",
"params": {
"note": "Task status automatically transitioned to Complete by ${scanner_name}. More information: \n${scan_details}",
"task_id": "T1369",
"status_id": "TS1"
}
}],
"created": "2019-11-12T16:48:09.411236-05:00",
"updated": "2019-11-12T16:48:09.411236-05:00"
}
Update an Event Filter
Update one or more fields of an existing Event Filter.
PATCH /api/v2/automation/event-filters/{event-filter-id}/
| Fields | Description |
|---|---|
| event_id | ID of an existing event type |
| name | Unique identifying name |
| active | Defaults to true |
| criteria | Criteria to determine if action is applicable |
| threshold | Used to represent a Threshold EventFilter, which dictates the time threshold in days |
| action_plans | Array of action plans to be executed on the occurrence of the Event; only the top level field can be updated |
PATCH /api/v2/automation/event-filters/E1/ HTTP/1.1
Accept: application/json
Authorization: Token "YOUR SDE ACCESS TOKEN"
{
"event_id": "VerificationRan",
"name": "LatestEventFilter"
}
HTTP/1.1 200 OK
Content-Type: application/json
{
"id": "CE1",
"event_id": "VerificationRan",
"name": "LatestEventFilter",
"active": true,
"criteria": {
"vulnerability_report": {
"DAST": {
"high": 0,
"critical": 0
}
}
},
"threshold": 120,
"action_plans": [{
"id": "CAP1",
"action_id": "TransitionTaskStatus",
"params": {
"note": "Task status automatically transitioned to Complete by ${scanner_name}. More information: \n${scan_details}",
"task_id": "T1369",
"status_id": "TS1"
}
}],
"created": "2019-11-12T16:48:09.411236-05:00",
"updated": "2019-11-14T16:40:12.411236-05:00"
}
Delete an Event Filter
This endpoint deletes a single Event Filter, as specified by the id parameter.
DELETE /api/v2/automation/event-filters/{event-filter-id}/
| Parameter | Description |
|---|---|
| event_filter_id | The id of the event filter to delete |
DELETE api/v2/automation/event-filters/E1/
Accept: application/json
Authorization: Token "YOUR SDE ACCESS TOKEN"
HTTP/1.1 204 NO CONTENT
Trigger the automation events
This endpoint is used to trigger the automation events.
POST /api/v2/automation/trigger-event/
POST /api/v2/automation/trigger-event/ HTTP/1.1
Accept: application/json
Authorization: Token "YOUR SDE ACCESS TOKEN"
HTTP/1.1 200 OK
Content-Type: application/json
{
"success": true
}