On this page:

Getting started with Cloud Optix REST API

Cloud Optix provides a REST API based request-response system you can use to communicate with the platform. The Cloud Optix API interface can be used for the following functions:

Authenticating requests

Every API calls requires authentication. Use the API key to authenticate with Cloud Optix.

API key: Generate the API key from the Sophos Cloud Optix console. You must keep your API key safe.

Generating the API key from the Cloud Optix console

To generate an API key, do the following:

Go to<Settings>on the menu.
Click <Integrations>.
Go to <Sophos Cloud Optix API> option.
If you see an API key in the option box, you already have an API key. If you regenerate the key, the older key will becomes invalid. Any script or tools using the older key will not work.
If you are generating the key for the first time, or regenerating the key, please set the validity period of the key. Choose from 6 months, 1 year or perpetual. Click<Generate new key>.
Copy and save the API key.

Sending an Authenticated Request

The API endpoint accepts the API key in a custom HTTP header. You must specify the API key in the HTTP header in the following format:

Authorization: ApiKey <API_KEY_VALUE>

Cloud Optix APIs available

1. Alerts	Get alert count and alert details
2. Search	Get data based on a searchKey
3. Container Image Scanning	Scan your docker images and integrate your CICD pipelines
4. IaC Integration	Scan your Infrastructure-as-Code (IaC) templates
5. Outgoing Traffic	Get outgoing traffic at an instance or vpc level
6. Outbound Traffic Alerts	Add IPs to generate alerts when Cloud Optix sees outbound traffic to specific destinations
7. IP Whitelist IP Whitelist	Add whitelisted IPs and IP ranges
8. Inventory: Hosts	Get details of instances and virtual machines
9. Inventory: Accounts	Get details of cloud environments (e.g. AWS accounts)
10. Inventory: Users	Get details of users of your cloud environments
11. Inventory: Serverless	Get details of serverless services such as Lambda's for AWS and Function's for Azure
12. Inventory: Containers	Get details of containers and their types
13. Environment Name Sync	Enable or disable sync of your cloud environment name

GET APIs for Alert

Purpose: Get an alert count and alert details.

Getting Alert count

URL: GET api/v1/alerts/count

Supported Media Types: Produces: application/json

Mandatory HTTP headers:

Authorization: ApiKey <API_KEY_VALUE>

Query Params:

Key	Description
days	Integer. Optional. Number of days for which alerts would be fetched. Cannot be less than 1 or more than 365. Value not specified means querying for 365 days
alertType	String. Optional. Valid Values - Policy, Anomaly, GuardDuty Value not specified means ALL
providerList	String. Optional. Valid Values - AWS, Azure Value not specified means ALL
policyTagList	String. Optional. Valid Values - Avid, CIS, FFIEC, HIPAA, ISO 27001, PCI, SOC2, SOC2-TSP, FEDRAMP-LOW, FEDRAMP-MODERATE, FEDRAMP-HIGH, EBU R143 Value not specified means ALL
accountIds	String. Optional. The Id of the accounts that you want to fetch data for
lastSeenFrom	String. Optional. Valid values should comply follow ISO 8601 format [date-element] 'T' [time-element] [offset] where date-element = yyyy-MM-dd and time-element(optional) = HH:mm:ss and offset(optional) = [+/-]hh:mm NOTE: If offset is not mentioned, the default is UTC(00:00).
lastSeenTo	String. Optional. Valid values should comply follow ISO 8601 format [date-element] 'T' [time-element] [offset] where date-element = yyyy-MM-dd and time-element(optional) = HH:mm:ss and offset(optional) = [+/-]hh:mm NOTE: If offset is not mentioned, the default is UTC(00:00).
states	String. Optional. Valid Values - OPEN, SUPPRESS Value not specified means ALL

Success Response:

HTTP status code: 200

Failures:

HTTP Status Code	Cause/Message
`400`	`ApiKey not provided`
`400`	Date in 'lastSeenTo' is not in proper format It accepts formats described by the following syntax: [date-element] 'T' [time-element] [offset] where date-element = yyyy-MM-dd and time-element(optional) = HH:mm:ss and offset(optional) = [+/-]hh:mm
`400`	Date in 'lastSeenFrom' is not in proper format It accepts formats described by the following syntax: [date-element] 'T' [time-element] [offset] where date-element = yyyy-MM-dd and time-element(optional) = HH:mm:ss and offset(optional) = [+/-]hh:mm
`400`	`Alert Type not supported`
`400`	`Provider Type not supported`
`400`	`Account Ids <<ids>> not found`
`400`	`Can only set one of the filters: set 'days' or else set lastSeenFrom/lastSeenTo`
`400`	`Days cannot be less than 1 and greater than 365`
`400`	`Invalid Date format for both lastSeenFrom/lastSeenTo`
`400`	`Parameter ‘lastSeenTo’ should come after ‘lastSeenFrom’`
`401`	`Unauthorized access or ApiKey expired`
`404`	`No message available (API resource could not be found)`

Response Json Data:


"root":{5 items"critical":string"int"
"high":string"int"
"medium":string"int"
"low":string"int"
"total":string"int"
}

Getting Alerts

URL: GET api/v1/alerts

Note: This API is paginated.

Supported Media Types: Produces: application/json

Mandatory HTTP headers:

Authorization: ApiKey <API_KEY_VALUE>

Query Params:

Key	Description
days	Integer. Optional. Number of days for which alerts would be fetched. Cannot be less than 1 or more than 365. Value not specified means querying for 365 days
alertType	String. Optional. Valid Values - Policy, Anomaly, GuardDuty Value not specified means ALL
providerList	String. Optional. Valid Values - AWS, Azure Value not specified means ALL
policyTagList	String. Optional. Valid Values - Avid, CIS, FFIEC, HIPAA, ISO 27001, PCI, SOC2, SOC2-TSP, FEDRAMP-LOW, FEDRAMP-MODERATE, FEDRAMP-HIGH, EBU R143 Value not specified means ALL
accountIds	String. Optional. The Id of the accounts that you want to fetch data for
lastSeenFrom	String. Optional. Valid values should comply follow ISO 8601 format [date-element] 'T' [time-element] [offset] where date-element = yyyy-MM-dd and time-element(optional) = HH:mm:ss and offset(optional) = [+/-]hh:mm NOTE: If offset is not mentioned, the default is UTC(00:00).
lastSeenTo	String. Optional. Valid values should comply follow ISO 8601 format [date-element] 'T' [time-element] [offset] where date-element = yyyy-MM-dd and time-element(optional) = HH:mm:ss and offset(optional) = [+/-]hh:mm NOTE: If offset is not mentioned, the default is UTC(00:00).
states	String. Optional. Valid Values - OPEN, SUPPRESS Value not specified means ALL
severity	String. Optional. Valid Values - low, medium, high, critical Value not specified means ALL
page	Integer. Mandatory. Page to be retrieved. Should start with 1.
size	Integer. Optional. Number of records on a page. Should not be more than 50. Default : 20

Success Response:

HTTP status code: 200

Failures:

HTTP Status Code	Cause/Message
`400`	`ApiKey not provided`
`400`	Date in 'lastSeenTo' is not in proper format It accepts formats described by the following syntax: [date-element] 'T' [time-element] [offset] where date-element = yyyy-MM-dd and time-element(optional) = HH:mm:ss and offset(optional) = [+/-]hh:mm
`400`	Date in 'lastSeenFrom' is not in proper format It accepts formats described by the following syntax: [date-element] 'T' [time-element] [offset] where date-element = yyyy-MM-dd and time-element(optional) = HH:mm:ss and offset(optional) = [+/-]hh:mm
`400`	`Alert Type not supported`
`400`	`Provider Type not supported`
`400`	`Account Ids <<ids>> not found`
`400`	`Can only set one of the filters: set 'days' or else set lastSeenFrom/lastSeenTo`
`400`	`Days cannot be less than 1 and greater than 365`
`400`	`Invalid Date format for both lastSeenFrom/lastSeenTo`
`400`	`Parameter ‘lastSeenTo’ should come after ‘lastSeenFrom’`
`400`	`Pageable size cannot be greater than 50`
`400`	`Alert Type not supported`
`401`	`Unauthorized access or ApiKey expired`
`404`	`No message available (API resource could not be found)`

Response Json Data:


"root":{6 items
"data":[...
]1 item
"currentPage":string"int"
"hasNext":string"boolean"
"hasPrevious":string"boolean"
"totalPages":string"int"
"size":string"int"
}

Optix Search API

URL: GET /api/v1/search/searchKey

For possible values for searchKey, see Supported Search Keys in the table below.

Supported Media Types: Produces:application/json

Mandatory HTTP headers:

Authorization: ApiKey <API_KEY_VALUE>

Query Params:

Key	Description
searchTerm	Any URIEncoded string that follows the format described in https://docs.sophos.com/pcg/optix/help/en-us/MonitorAlerts/Search/index.html Example: searchTerm=tags.name:test* or isPublic:true
filters	Key value combinations for filtering data. Keys are search field names as described in https://docs.sophos.com/pcg/optix/help/en-us/MonitorAlerts/Search/FieldNames/index.html. Multiple values can be specified using comma "," as a delimiter. Multiple filters can be specified using semicolon ";" as a delimiter. Example: instanceId=i-exampleId,i-secondId;isPublic=true
page	Page to be retrieved. Starts with 1. Example: page=1
size	Integer. Mandatory. Number of records per page. Max supported value is 10000. Example:size=50

Supported Search Keys:

Search Key	Provider	Returned Data
ALERT	-	Alerts
AWS_ACTIVITY_LOG	AWS	Activity Logs
AWS_AMI	AWS	EC2 AMIs
AWS_CLUSTER	AWS	EKS Clusters
AWS_CONTAINER	AWS	EKS Containers
AWS_CONTAINER_FARGATE	AWS	ECS Fargate Container Definitions
AWS_EBS_VOLUME	AWS	EBS Volumes
AWS_ES	AWS	Elasticsearch (OpenSearch)
AWS_EXTERNAL_ACCESS	AWS	Citadel Findings
AWS_GROUP	AWS	IAM Groups
AWS_HIGHRISK_ANOMALY	AWS	Anomaly Findings in Activity Logs
AWS_HOST	AWS	EC2 instances
AWS_INCOMING_TRAFFIC	AWS	Inbound Traffic
AWS_INGRESS	AWS	EKS Ingresses
AWS_LAMBDA	AWS	Lambda Functions
AWS_NETWORK_POLICY	AWS	EKS Network Policies
AWS_NODE	AWS	EKS Nodes
AWS_NODE_GROUP	AWS	EKS Node Groups
AWS_OUTGOING_TRAFFIC	AWS	Outbound Traffic
AWS_POD	AWS	EKS Pods
AWS_RBAC_ROLE	AWS	EKS RBAC Rolles
AWS_RDS	AWS	RDS
AWS_REDSHIFT_CLUSTER	AWS	RedShift Clusters
AWS_ROLE	AWS	IAM Roles
AWS_S3	AWS	S3 Buckets
AWS_SECURITY_GROUP	AWS	Security Groups
AWS_SERVICE	AWS	EKS Services
AWS_SSO_USER	AWS	IAM SSO Users
AWS_TASK_DEFINITION	AWS	ECS Fargate Task Definitions
AWS_USER	AWS	IAM User
AWS_VPC	AWS	VPCs
AWS_LOAD_BALANCER	AWS	Load Balancer
AZURE_ACTIVITY_LOG	Azure	Activity Logs
AZURE_APP_SERVICE	Azure	App Services
AZURE_CLUSTER	Azure	AKS Clusters
AZURE_CONTAINER	Azure	AKS Containers
AZURE_COSMOS_DB	Azure	Cosmos DBs
AZURE_DB	Azure	DB Server
AZURE_FUNCTION	Azure	Functions
AZURE_GROUP	Azure	RBAC Groups
AZURE_HOST	Azure	VMs
AZURE_INCOMING_TRAFFIC	Azure	Inbound Traffic
AZURE_INGRESS	Azure	AKS Ingresses
AZURE_IOT_HUB	Azure	IoT Hubs
AZURE_LOGIC_APP	Azure	Logic Apps
AZURE_NETWORK_POLICY	Azure	AKS Network Policies
AZURE_NETWORK_SECURITY_GROUP	Azure	Network Security Groups
AZURE_NODE	Azure	AKS Nodes
AZURE_NODE_GROUP	Azure	AKS Node Groups
AZURE_OUTGOING_TRAFFIC	Azure	Outbound Traffic
AZURE_POD	Azure	AKS Pods
AZURE_RBAC_ROLE	Azure	AKS RBAC Role
AZURE_RESOURCE_GROUP	Azure	Resource Groups
AZURE_SERVICE	Azure	AKS Services
AZURE_SQL_SERVER	Azure	SQL Servers
AZURE_STORAGE_ACCOUNT	Azure	Storage Accounts
AZURE_USER	Azure	RBAC Users
AZURE_VIRTUAL_NETWORK	Azure	Virtual Networks
GCP_ACTIVITY_LOG	GCP	Activity Logs
GCP_BUCKET	GCP	Buckets
GCP_CLUSTER	GCP	GKE Clusters
GCP_CONTAINER	GCP	GKE Containers
GCP_FIREWALL	GCP	Firewalls
GCP_GROUP	GCP	IAM Groups
GCP_HOST	GCP	VMs
GCP_INCOMING_TRAFFIC	GCP	Inbound Traffic
GCP_INGRESS	GCP	GKE Ingresses
GCP_NETWORK_POLICY	GCP	GKE Network Policies
GCP_NODE	GCP	GKE Nodes
GCP_NODEPOOL	GCP	GKE Nodepools
GCP_OUTGOING_TRAFFIC	GCP	Outbound Traffic
GCP_POD	GCP	GKE Pods
GCP_RBAC_ROLE	GCP	GKE RBAC Roles
GCP_ROLE_BINDING	GCP	IAM Role Bindings
GCP_SERVICE	GCP	GKE Services
GCP_SQL	GCP	DBs
GCP_USER	GCP	IAM Users
GCP_VPC	GCP	VPCs
NATIVE_CONTAINER	Kubernetes	Containers
NATIVE_INGRESS	Kubernetes	Ingresses
NATIVE_NETWORK_POLICY	Kubernetes	Network Policies
NATIVE_NODE	Kubernetes	Nodes
NATIVE_POD	Kubernetes	Pods
NATIVE_RBAC_ROLE	Kubernetes	RBAC Roles
NATIVE_SERVICE	Kubernetes	Services
IMAGE_SCAN_DETAILS	Container Image	Scanned Images
IMAGE_REGISTRY	AWS, Azure, Docker	Image Registries

APIs for Image Scanning

Purpose: These APIs can be used to submit docker images for scanning and to get vulnerability details. You can integrate APIs in your build pipeline to scan docker images before deployment.

Create scan task

URL: POST api/v1/image-scanning/submit-for-scan

Supported Media Types: Produces: application/json

Mandatory HTTP headers:

Authorization: ApiKey <API_KEY_VALUE>

Query Params:

Other Query Params:

Key	Description
files	MultipartFile[]. Mandatory. The array of files to be scanned for dockerfiles.
repo_url	String. Mandatory. The repoURL to be associated with the files. Required to save results to console.
branch	String. Mandatory. The branch to be associated with the files. Required if you wish to save results to console.
committer_name	String. Optional. The name of the person making the commits to be associated with the files. Required if you wish to save results to console.
committer_email	String. Optional. The email of the person making the commits to be associated with the files. Required if you wish to save results to console.

Success Response:

HTTP status code: 200

A successful response provides taskId. The taskId can be used to make further requests, to query for the status of the scan task/results. Response will have "duplicate = true" if task for the same repo & branch is already submitted and is in processing state. Response will return "quotaFull = true" if the task contains more images to scan than the available quota. For example value will be true if task contains 6 images to scan and quota left is 5.

Response Json Data:


"root":{3 items"taskId":string"string"
"duplicate":string"boolean"
"quotaFull":string"boolean"
}

Failures:

HTTP Status Code	Cause/Message
`400`	`ApiKey not provided`
`400`	`Unable to retrieve user (When API key cannot be linked to a customer)`
`400`	`Proper arguments not provided (When one/more of the mandatory params is not provided properly)`
`401`	`Unauthorized access or ApiKey expired`
`404`	`No message available (API resource could not be found)`

Create scan task by image name

URL: POST api/v1/image-scanning/submit-for-scan/by-image-name

Supported Media Types: Produces: application/json

Mandatory HTTP headers:

Authorization: ApiKey <API_KEY_VALUE>

Query Params:

Key	Description
repoURL	String. Mandatory. The repoURL to be associated with the files. Required to save results to console.
imageNames	String. Mandatory. Comma separated list of image full names to be scanned

Key

Description

repoURL

String. Mandatory.

The repoURL to be associated with the files. Required to save results to console.

imageNames

String. Mandatory.

Comma separated list of image full names to be scanned

Success Response:

HTTP status code: 200

A successful response provides taskId. The taskId can be used to make further requests, to query for the status of the scan task/results. Response will have "duplicate = true" if task for the same repo & images is already submitted and is in processing state. Response will return "quotaFull = true" if the task contains more images to scan than the available quota. For example value will be true if task contains 6 images to scan and quota left is 5.

Response Json Data:


"root":{3 items"taskId":string"string"
"duplicate":string"boolean"
"quotaFull":string"boolean"
}

Failures:

HTTP Status Code	Cause/Message
`400`	`ApiKey not provided`
`400`	`Unable to retrieve user (When API key cannot be linked to a customer)`
`400`	`Proper arguments not provided (When one/more of the mandatory params is not provided properly)`
`401`	`Unauthorized access or ApiKey expired`
`404`	`No message available (API resource could not be found)`

Getting the Status of the Scan

URL:GET api/v1/image-scanning/get-scan-result

Supported Media Types: Produces: application/json

Mandatory HTTP headers:

Authorization: ApiKey <API_KEY_VALUE>

Other Query Params:

Key	Description
taskId	String. Mandatory. The ID of the task for which you are requesting the status. This is provided in the response when you upload files for scanning.

Key

Description

taskId

String. Mandatory.

The ID of the task for which you are requesting the status. This is provided in the response when you upload files for scanning.

Success Response:

HTTP status code: 200

A successful response provides scanResult containing all vulnerability details, taskId, status ( "submitted, complete or failed"), createdAt (UTC timestamp), completedAt if task is finished, branch name submitted in task, filesScanned count of final images scanned.

Response Json Data:

 
"root":{7 items"taskId":string"string"
"status":string"string"
"createdAt":string"time(UTC)"
"completedAt":string"time(UTC)"
"branch":string"string"
"filesScanned":string"integer"
"scanResult":[...
]1 item
}

Param description:

Param	Description
`taskId`	`Unique Id for the task`
`status`	`Current status of the task. Value would be one of these "submitted, complete or failed"`
`createdAt`	`UTC time the task was created at`
`completedAt`	`UTC time the task completed at`
`branch`	`Value of branch submitted during task creation`
`filesScanned`	`List of files successfully scanned`
`scanResult`	`Scan results for the images`
`fullTag`	`Full image tag`
`registry`	`Registry of the image`
`vulnerabilities`	`Vulnerability counts for all criticality level`
`files`	`List of files where the image mention is present`
`isPublic`	`Is the image public`
`isSecure`	`Is the image secure`

Failures:

HTTP Status Code	Cause/Message
`400`	`ApiKey not provided`
`400`	`Unable to retrieve user (When API key cannot be linked to a customer)`
`400`	`Proper arguments not provided (When one/more of the mandatory params is not provided properly)`
`401`	`Unauthorized access or ApiKey expired`
`404`	`No message available (API resource could not be found)`

Get vulnerability details of a scanned image

URL:GET api/v1/image-scanning/container-scan-result

Supported Media Types: Produces: application/json

Mandatory HTTP headers:

Authorization: ApiKey <API_KEY_VALUE>

Other Query Params:

Key	Description
container	String. Mandatory. Full image name with registry. e.g. docker.io/bkaimal0/redis:6.2.0

Key

Description

container

String. Mandatory.

Full image name with registry. e.g. docker.io/bkaimal0/redis:6.2.0

Success Response:

HTTP status code: 200

A successful response provides scanResult containing all vulnerability details, if the image is analyzed. It will fail if not. Check Scan Result API for status

Response Json Data:


"root":{5 items"success":string"boolean"
"status":string"String"
"message":string"String"
"code":string"String"
"data":{...
}6 items
}

Param description:

Param	Description
`fullTag`	`Full image tag`
`registry`	`Registry of the image`
`vulnerabilities`	`Vulnerability counts for all criticality level`
`isPublic`	`Is the image public`
`isSecure`	`Is the image secure`

Failures:

HTTP Status Code	Cause/Message
`400`	`ApiKey not provided`
`400`	`Unable to retrieve user (When API key cannot be linked to a customer)`
`400`	`Proper arguments not provided (When one/more of the mandatory params is not provided properly)`
`401`	`Unauthorized access or ApiKey expired`
`404`	`No message available (API resource could not be found)`

APIs for IaC Integration

Purpose:  Scan your Infrastructure-as-Code (IaC) templates for potential misconfigurations, before deploying infrastructure to your cloud environment, or as part of your CI/CD pipeline.

Uploading IaC Templates for Scanning

URL: POST api/v1/iac/scan

Supported Media Types: Produces: application/json

Mandatory HTTP headers:

Authorization: ApiKey <API_KEY_VALUE>

Other Query Params:

Key	Description
files	MultipartFile[]. Mandatory. The array of files to be scanned. For better results, please include helper files such as those carrying values of variables used in the templates.
repo_url	String. Optional. The repoURL to be associated with the files. Required if you wish to save results to console.
branch	String. Optional. The branch to be associated with the files. Required if you wish to save results to console.
committer_name	String. Optional. The name of the person making the commits to be associated with the files. Required if you wish to save results to console.
committer_email	String. Optional. The email of the person making the commits to be associated with the files. Required if you wish to save results to console.
async	Boolean. Optional. By default, scan results are not reported in your Cloud Optix console as alerts and in compliance reports. If you want to see the results in the API response and in the console, change this setting to true. Default: true
save_results_to_account	Boolean. Optional. By default, scan results will not be reported in your Cloud Optix console as alerts and in compliance reports. If you only want to see the results not only in the API response, but in the console as well, change this setting to true. Default: false
policy_name	String. Optional. By default, your IaC template files will be scanned against all IaC policies in your Cloud Optix account. To scan files against a specific IaC policy only, provide the name of the policy

Success Response:

HTTP status code: 200

A successful response provides a scan_id and a summary of the number of issues detected, by severity level. The scan_id is used to make further requests, as detailed below. The scan summary is only provided when async is set to false.

Response Json Data:


"root":{2 items"scan_id":string"string"
"summary":{...
}4 items
}

Failures:

HTTP Status Code	Cause/Message
`400`	`ApiKey not provided`
`400`	`Unable to retrieve user (When API key cannot be linked to a customer)`
`400`	`Proper arguments not provided (When one/more of the mandatory params is not provided properly)`
`401`	`Unauthorized access or ApiKey expired`
`404`	`No message available (Api resource could not be found)`

Getting the Status of the Scan

URL: GET api/v1/iac/scan/status

Supported Media Types: Produces: application/json

Mandatory HTTP headers:

Authorization: ApiKey <API_KEY_VALUE>

Other Query Params:

Key	Description
scan_id	String. Mandatory. The ID of the scan for which you are requesting the status. This is provided in the response when you upload files for scanning.

Key

Description

scan_id

String. Mandatory.

The ID of the scan for which you are requesting the status. This is provided in the response when you upload files for scanning.

Success Response:

HTTP status code: 200

Response Json Data:


"root":{3 items"processing_ongoing":string"boolean"
"success":string"boolean"
"error":string"string"
}

Failures:

HTTP Status Code	Cause/Message
`400`	`ApiKey not provided`
`400`	`Unable to find the scan you requested`
`401`	`Unauthorized access or ApiKey expired`
`404`	`No message available (API resource could not be found)`

Note: Once the Scan Status API returns success as true and process_ongoingas false, you can retrieve a detailed report of the scan.

Getting the Detailed Report of the Scan

URL: GET api/v1/iac/scan/detailedReport

Supported Media Types: Produces: application/json

Mandatory HTTP headers:

Authorization: ApiKey <API_KEY_VALUE>

Other Query Params:

Key	Description
scan_id	String. Mandatory. The ID of the scan for which you are requesting a detailed report. This is provided in the response when you upload files for scanning.

Key

Description

scan_id

String. Mandatory.

The ID of the scan for which you are requesting a detailed report. This is provided in the response when you upload files for scanning.

Success Response:

HTTP status code: 200

Response Json Data:


"root":{1 item
"alerts":[...
]1 item
}

Failures:

HTTP Status Code	Cause/Message
`400`	`ApiKey not provided`
`400`	`Unable to find the scan you requested`
`401`	`Unauthorized access or ApiKey expired`
`404`	`No message available (API resource could not be found)`

Getting the Detailed Report of the Scan (v2)

Provides enhanced details for affected resources, description, and remediation over V1 of the API.

URL: GET api/v2/iac/scan/detailed-report

Supported Media Types: Produces: application/json

Mandatory HTTP headers:

Authorization: ApiKey <API_KEY_VALUE>

Other Query Params:

Key	Description
scan_id	String. Mandatory. The ID of the scan for which you are requesting a detailed report. This is provided in the response when you upload files for scanning.

Key

Description

scan_id

String. Mandatory.

The ID of the scan for which you are requesting a detailed report. This is provided in the response when you upload files for scanning.

Success Response:

HTTP status code: 200

Response Json Data:


"root":{1 item
"alerts":[...
]1 item
}

Failures:

HTTP Status Code	Cause/Message
`400`	`ApiKey not provided`
`400`	`Unable to find the scan you requested`
`401`	`Unauthorized access or ApiKey expired`
`404`	`No message available (API resource could not be found)`

GET APIs for OutGoing Traffic

Purpose: Get outgoing traffic at a instance or VPC level.

Getting data at VPC level

URL:GET api/v1/outgoingtraffic/vpc

Note: This API is paginated.

Supported Media Types: Produces: application/json

Mandatory HTTP headers:

Authorization: ApiKey <API_KEY_VALUE>

Query Params:

Key	Description
accountId	String. Mandatory. The Id of the account that you want to fetch data for
vpcId	String. Mandatory. The Id of the VPC
page	Integer. Optional if isPageable is false else Mandatory. Page to be retrieved. Should start with 1.
size	Integer. Optional. Number of records on a page. Should not be more than 50. Default: 20
isPageable	Boolean. Optional. If true, result will be paginated, else non paginated.
timeFrom	String. Optional. Valid values should comply follow ISO 8601 format [date-element] 'T' [time-element] [offset] where date-element = yyyy-MM-dd and time-element(optional) = HH:mm:ss and offset(optional) = [+/-]hh:mm NOTE: If offset is not mentioned, the default is UTC(00:00).
timeTo	String. Optional. Valid values should comply follow ISO 8601 format [date-element] 'T' [time-element] [offset] where date-element = yyyy-MM-dd and time-element(optional) = HH:mm:ss and offset(optional) = [+/-]hh:mm NOTE: If offset is not mentioned, the default is UTC(00:00).

Success Response:

HTTP status code: 200

Failures:

HTTP Status Code	Cause/Message
`400`	`ApiKey not provided`
`400`	`Page number should be greater than 0`
`400`	`Pageable size cannot be greater than 50`
`400`	`Invalid data`
`400`	`Retry using parameters timeFrom and timeTo or limited range for timeFrom and timeTo`
`400`	Date in 'timeTo' is not in proper format It accepts formats described by the following syntax: [date-element] 'T' [time-element] [offset] where date-element = yyyy-MM-dd and time-element(optional) = HH:mm:ss and offset(optional) = [+/-]hh:mm
`400`	Date in 'timeFrom' is not in proper format It accepts formats described by the following syntax: [date-element] 'T' [time-element] [offset] where date-element = yyyy-MM-dd and time-element(optional) = HH:mm:ss and offset(optional) = [+/-]hh:mm
`400`	`Parameter ‘timeTo’ should come after ‘timeFrom’`
`401`	`Unauthorized access or ApiKey expired`
`404`	`No message available (API resource could not be found)`

Response Json Data:


"root":{6 items
"data":[...
]1 item
"currentPage":string"int"
"hasNext":string"boolean"
"hasPrevious":string"boolean"
"totalPages":string"int"
"size":string"int"
}

Getting data at instance level

URL:GET api/v1/outgoingtraffic/instance

Note: This api is paginated.

Supported Media Types: Produces: application/json

Mandatory HTTP headers:

Authorization: ApiKey <API_KEY_VALUE>

Query Params:

Key	Description
instanceId	String. Mandatory. The Id of the instance
page	Integer. Optional if isPageable is false else Mandatory. Page to be retrieved. Should start with 1.
size	Integer. Optional. Number of records on a page. Should not be more than 50. Default: 20
isPageable	Boolean. Optional. If true, result will be paginated, else non paginated.
timeFrom	String. Optional. Valid values should comply follow ISO 8601 format [date-element] 'T' [time-element] [offset] where date-element = yyyy-MM-dd and time-element(optional) = HH:mm:ss and offset(optional) = [+/-]hh:mm NOTE: If offset is not mentioned, the default is UTC(00:00).
timeTo	String. Optional. Valid values should comply follow ISO 8601 format [date-element] 'T' [time-element] [offset] where date-element = yyyy-MM-dd and time-element(optional) = HH:mm:ss and offset(optional) = [+/-]hh:mm NOTE: If offset is not mentioned, the default is UTC(00:00).

Success Response:

HTTP status code: 200

Failures:

HTTP Status Code	Cause/Message
`400`	`ApiKey not provided`
`400`	`Page number should be greater than 0`
`400`	`Pageable size cannot be greater than 50`
`400`	`Invalid data`
`400`	`Retry using parameters timeFrom and timeTo or limited range for timeFrom and timeTo`
`400`	Date in 'timeTo' is not in proper format It accepts formats described by the following syntax: [date-element] 'T' [time-element] [offset] where date-element = yyyy-MM-dd and time-element(optional) = HH:mm:ss and offset(optional) = [+/-]hh:mm
`400`	Date in 'timeFrom' is not in proper format It accepts formats described by the following syntax: [date-element] 'T' [time-element] [offset] where date-element = yyyy-MM-dd and time-element(optional) = HH:mm:ss and offset(optional) = [+/-]hh:mm
`400`	`Parameter ‘timeTo’ should come after ‘timeFrom’`
`401`	`Unauthorized access or ApiKey expired`
`404`	`No message available (API resource could not be found)`

Response Json Data:


"root":{6 items
"data":[...
]1 item
"currentPage":string"int"
"hasNext":string"boolean"
"hasPrevious":string"boolean"
"totalPages":string"int"
"size":string"int"
}

Outbound Traffic Alerts

Purpose: Cloud Optix can alert on outbound traffic to a list of destination IP addresses. Use this API to provide the list.

Note: This API is not currently available to all customers.

URL: POST api/v1/outboundtraffic/ipList

Supported Media Types: Consumes: application/json

Mandatory HTTP headers:

Authorization: ApiKey <API_KEY_VALUE>

Request JSON Payload Structure:


"root":[1 item
0:{...
}2 items
]

[ { "accountIds": <<Array of String: optional valid account ids>>, "data": { "ips": [ <<String: valid IP>>, <<String: valid IP>> ] } }]

Success Response:

HTTP status code: 200

Success Message:

Outbound traffic alert ips saved successfully.

Failures:

HTTP Status Code	Cause/Message
`400`	`ApiKey not provided`
`400`	`Data object invalid`
`400`	`Account Ids <id> not found`
`401`	`Unauthorized access or ApiKey expired`
`404`	`No message available (API resource could not be found)`

POST API for IP Whitelist

Purpose: Add whitelisted IPs.

URL: POST api/v1/whitelistIPs

Supported Media Types: Consumes: application/json

Mandatory HTTP headers:

Authorization: ApiKey <API_KEY_VALUE>

Request JSON Payload Structure:

{ "accountIds": <<Array of String: optional valid account ids>>, "data": { "ips": [ <<String: valid IP/IP range>>, <<String: valid IP/IP range>> ] }}

Success Response:

HTTP status code: 200

Success Message:

Response Json Data:


"root":[1 item
0:{...
}5 items
]

Failures:

HTTP Status Code	Cause/Message
`400`	`ApiKey not provided`
`400`	`Data object invalid`
`400`	`Account Ids <id> not found`
`401`	`Unauthorized access or ApiKey expired`
`404`	`No message available (API resource could not be found)`

GET API for Hosts

Purpose: Gets details of instances/virtual machines.

Getting Hosts

URL: GET api/v1/vms

Note: This API is paginated.

Supported Media Types: Produces: application/json

Mandatory HTTP headers:

Authorization: ApiKey <API_KEY_VALUE>

Query Params:

Key	Description
accountIds	String. Optional. Comma separated list. If not set, returns data for all environments. E.g.: 12345678xxx,98765432xxx
provider	String. Mandatory. Valid Values - AWS, Azure, GCP
page	Integer. Optional. Page to be retrieved. Should start with 0. Default: 0 (invalid values will be treated as [page]:0)
size	Integer. Mandatory. Number of records on a page. Should not be more than 500 and less than 100.

Success Response:

HTTP status code: 200

Failures:

HTTP Status Code	Cause/Message
`401`	`Unauthorized access or ApiKey expired`
`400`	`ApiKey not provided`
`400`	`Account Ids <<ids>> not found`
`400`	`Pageable size cannot be greater than 500`
`400`	`Pageable size cannot be less than 100`
`400`	`Provider type not supported`

Response Json Data:


"root":{7 items"errorMessage":string"String"
"data":[...
]3 items
"currentPage":string"int"
"hasNext":string"boolean"
"hasPrevious":string"boolean"
"totalPages":string"int"
"size":string"int"
}

GET API for Accounts (Environments)

Purpose: Gets details of environments in your Cloud Optix account (e.g. AWS accounts, Azure subcriptions and GCP projects).

Getting Accounts

URL: GET api/v1/accounts

Note: This API is paginated.

Supported Media Types: Produces: application/json

Mandatory HTTP headers:

Authorization: ApiKey <API_KEY_VALUE>

Query Params:

Key

Description

accountIds

String. Optional.

Comma separated list. If not set, returns data for all environments. E.g.: 12345678xxx,98765432xxx

provider

String. Optional.

Valid Values - AWS, Azure, GCP, Kubernetes and Docker (All Case-sensitive). If not set, will returns data for all providers

&nbsp

Success Response:

HTTP status code: 200

Failures:

HTTP Status Code	Cause/Message
`401`	`Unauthorized access or ApiKey expired`
`400`	`ApiKey not provided`
`400`	`Account Ids <<ids>> not found`
`400`	`Provider type not supported`

Response Json Data:


"root":[1 item
0:{...
}13 items
]

GET API for Users

Purpose: Gets details of Users on your cloud environments

Getting Users

URL: GET api/v1/users

Note: This API is paginated.

Supported Media Types: Produces: application/json

Mandatory HTTP headers:

Authorization: ApiKey <API_KEY_VALUE>

Query Params:

Key	Description
accountIds	String. Optional. Comma separated list. If not set, returns data for all environments. E.g.: 12345678xxx,98765432xxx
provider	String. Mandatory. Valid Values - AWS, Azure, GCP
page	Integer. Optional. Page to be retrieved. Should start with 0. Default: 0 (invalid values will be treated as [page]:0)
size	Integer. Mandatory. Number of records on a page. Should not be more than 500 and less than 100.

Success Response:

HTTP status code: 200

Failures:

HTTP Status Code	Cause/Message
`401`	`Unauthorized access or ApiKey expired`
`400`	`ApiKey not provided`
`400`	`Account Ids <<ids>> not found`
`400`	`Pageable size cannot be greater than 500`
`400`	`Pageable size cannot be less than 100`
`400`	`Provider type not supported`

Response Json Data:


"root":{7 items"errorMessage":string"String"
"data":[...
]3 items
"currentPage":string"int"
"hasNext":string"boolean"
"hasPrevious":string"boolean"
"totalPages":string"int"
"size":string"int"
}

GET API for Serverless

Purpose: Gets details of Serverless services such as Lambda's for AWS and Function's for Azure.

Getting Serverless

URL: GET api/v1/serverless

Note: This API is paginated.

Supported Media Types: Produces: application/json

Mandatory HTTP headers:

Authorization: ApiKey <API_KEY_VALUE>

Query Params:

Key	Description
accountIds	String. Optional. Comma-separated list of Account-Ids for your Customer.
provider	String. Mandatory. Valid Values - AWS, Azure.
page	Integer. Optional. Page to be retrieved. Should start with 0. Default: 0 (invalid values will be treated as [page]:0)
size	Integer. Mandatory. Number of records on a page. Should not be more than 500 and less than 100.

Success Response:

HTTP status code: 200

Failures:

HTTP Status Code	Cause/Message
`401`	`Unauthorized access or ApiKey expired`
`401`	`Api Key Not Valid`
`400`	`ApiKey not provided`
`400`	`Account Ids <<ids>> not found`
`400`	`Pageable size cannot be greater than 500`
`400`	`Page number should be greater than 0`
`400`	`Provider <<provider>> not supported`

Response Json Data:

For AWS:

 
"root":{7 items"errorMessage":string"String"
"data":[...
]1 item
"currentPage":int0
"hasNext":booltrue
"hasPrevious":boolfalse
"totalPages":int56
"size":int1
}

For Azure:


"root":{7 items"errorMessage":string"String"
"data":[...
]1 item
"currentPage":int0
"hasNext":booltrue
"hasPrevious":boolfalse
"totalPages":int56
"size":int1
}

Error Response:


"root":{1 item"errorMessage":string"String"
}

Environment Name Sync API

Purpose: Use this API to turn on / off the sync of environment name with Cloud Optix. If this setting is turned on then the name of environment in customer cloud will start reflecting in Cloud Optix.

URL: POST api/v1/environments/sync-name

Supported Media Types: Consumes: application/json

Mandatory HTTP headers:

Authorization: ApiKey <API_KEY_VALUE>

Request JSON Payload Structure:


"root":{2 items
"accountIds":[...
]2 items
"status":booltrue
}

 { "accountIds": <<Array of String: valid account ids>>, "status":  <<Boolean: true to enable sync of environment name, false to disable it>> }

Request Body:

Key

Description

accountIds

Array of Strings. required.

Comma separated list of environment Ids. e.g. ["123456xxx","22339876xxx"]

Use "all" keyword instead of accountIds to enable/disable sync of name for all the environments of AWS, GCP, Azure. e.g "accountIds": ["all"]

Note: You can either use accountIds or "all" keyword at a time.

status

Boolean. required.

true : enable sync of name for given environments.
false : disable sync of name for given environments.

Success Response:

HTTP status code: 200

Success Message:

Account name sync status successfully updated for all accounts.

Failures:

HTTP Status Code	Cause/Message
`204`	`Empty Request Body`
`400`	`ApiKey not provided`
`400`	`Invalid Request Body`
`401`	`Unauthorized access or ApiKey expired`
`404`	`No message available (API resource could not be found)`

GET API for Containers

Purpose: Gets details of Containers and their types

Getting Containers

URL: GET api/v1/containers

Note: This API is paginated.

Supported Media Types: Produces: application/json

Mandatory HTTP header:

Authorization: ApiKey <API_KEY_VALUE>

Query Params:

Key	Description
cloudProvider	String. Mandatory Supported value: native/eks/aks/gke
containerType	String. Mandatory. Supported Value: clusters/nodes/pods/containers
accountIds	String. Optional Comma-separated list of Account-Ids for your Customer. Eg: 12345678xxx,98765432xxx
page	Integer. Optional. Page to be retrieved. Should start with 0. Default: 0 (invalid values will be treated as [page]:0)
size	Integer. Mandatory. Number of records on a page. Should not be more than 500 and less than 100.

Success Response:

HTTP status code: 200

Failures:

HTTP Status Code	Cause/Message
`401`	`Unauthorized access or ApiKey expired`
`401`	`ApiKey Not Valid`
`400`	`ApiKey not provided`
`400`	`Account Ids <<ids>> not found`
`400`	`Provider not provided.`
`400`	`Container-Type not provided.`
`400`	`Invalid Container-Type:<<containerType>>`
`400`	`Provider:<<cloudProvider>> not supported for Container-Type:<<containerType>>`

Response Json Data:

For EKS Cluster:


"root":{7 items"errorMessage":string"String"
"data":[...
]1 item
"currentPage":int0
"hasNext":booltrue
"hasPrevious":boolfalse
"totalPages":int56
"size":int1
}

For Nodes:


"root":{7 items"errorMessage":string"String"
"data":[...
]1 item
"currentPage":int0
"hasNext":booltrue
"hasPrevious":boolfalse
"totalPages":int56
"size":int1
}

For Pods:


"root":{7 items"errorMessage":string"String"
"data":[...
]1 item
"currentPage":int0
"hasNext":booltrue
"hasPrevious":boolfalse
"totalPages":int56
"size":int1
}

For Containers:


"root":{7 items"errorMessage":string"String"
"data":[...
]1 item
"currentPage":int0
"hasNext":booltrue
"hasPrevious":boolfalse
"totalPages":int56
"size":int1
}

Error Response:


"root":{1 item"errorMessage":string"String"
}

Cloud Optix API Guide

Getting started with Cloud Optix REST API

Authenticating requests

Generating the API key from the Cloud Optix console

Sending an Authenticated Request

Cloud Optix APIs available

GET APIs for Alert

Getting Alert count

Getting Alerts

Optix Search API

APIs for Image Scanning

Create scan task

Create scan task by image name

Getting the Status of the Scan

Get vulnerability details of a scanned image

APIs for IaC Integration

Uploading IaC Templates for Scanning

Getting the Status of the Scan

Getting the Detailed Report of the Scan

Getting the Detailed Report of the Scan (v2)

GET APIs for OutGoing Traffic

Getting data at VPC level

Getting data at instance level

Outbound Traffic Alerts

POST API for IP Whitelist

GET API for Hosts

Getting Hosts

GET API for Accounts (Environments)

Getting Accounts

GET API for Users

Getting Users

GET API for Serverless

Getting Serverless

Environment Name Sync API

GET API for Containers

Getting Containers