CISO Assistant API — Quantitative Risk (CRQ) (0.7.0)

Download OpenAPI specification:

CISO Assistant - API Documentation for automating all your GRC needs

quantitative-risk-hypotheses

crq_quantitative_risk_hypotheses_list

Override the list method to inject optimized data into the serializer context.

Authorizations:

knoxApiToken

query Parameters

id	Array of strings <uuid> [ items <uuid > ] Multiple values may be separated by commas.
is_selected	boolean
limit	integer Number of results to return per page.
offset	integer The initial index from which to return the results.
ordering	string Which field to use when ordering the results.
quantitative_risk_scenario	Array of strings <uuid> [ items <uuid > ]
risk_stage	Array of strings Items Enum: "current" "inherent" "residual" `inherent` - Inherent `current` - Current `residual` - Residual
search	string A search term.

Responses

Response samples

200

Content type

application/json

{"count": 123,
"next": "http://api.example.org/accounts/?offset=400&limit=100",
"previous": "http://api.example.org/accounts/?offset=200&limit=100",
"results": [{"id": "497f6eca-6276-4993-bfeb-53cbbbba6f08",
"quantitative_risk_scenario": "string",
"existing_applied_controls": ["string"
],
"added_applied_controls": ["string"
],
"removed_applied_controls": ["string"
],
"probability": 0.1,
"impact": null,
"simulation_parameters_display": "string",
"lec_data": "string",
"risk_tolerance_curve": "string",
"currency": "string",
"ale": "string",
"ale_display": "string",
"treatment_cost": "string",
"treatment_cost_display": "string",
"roc": "string",
"roc_display": "string",
"roc_interpretation": "string",
"roc_calculation_explanation": "string",
"folder": "string",
"loss_threshold": "string",
"loss_threshold_display": "string",
"created_at": "2019-08-24T14:15:22Z",
"updated_at": "2019-08-24T14:15:22Z",
"is_published": true,
"name": "string",
"description": "string",
"risk_stage": "inherent",
"ref_id": "string",
"parameters": null,
"simulation_data": null,
"observation": "string",
"is_simulation_fresh": true,
"is_selected": true,
"filtering_labels": ["497f6eca-6276-4993-bfeb-53cbbbba6f08"
]
}
]
}

crq_quantitative_risk_hypotheses_create

Authorizations:

knoxApiToken

Request Body schema:
application/json
required

probability	number or null <double>
impact	string or null
is_published	boolean (Published)
name required	string <= 200 characters
description	string or null
risk_stage	string (RiskStageEnum) Enum: "inherent" "current" "residual" `inherent` - Inherent `current` - Current `residual` - Residual
ref_id	string <= 100 characters
parameters	any or null
simulation_data	any or null
observation	string or null
is_simulation_fresh	boolean
is_selected	boolean
folder	string <uuid>
quantitative_risk_scenario required	string <uuid>
filtering_labels	Array of strings <uuid> (Labels) [ items <uuid > ]
existing_applied_controls	Array of strings <uuid> (Existing Applied controls) [ items <uuid > ]
added_applied_controls	Array of strings <uuid> (Added Applied controls) [ items <uuid > ]
removed_applied_controls	Array of strings <uuid> (Removed Applied controls) [ items <uuid > ]

Responses

Request samples

Payload

Content type

application/json

{"probability": 0.1,
"impact": "string",
"is_published": true,
"name": "string",
"description": "string",
"risk_stage": "inherent",
"ref_id": "string",
"parameters": null,
"simulation_data": null,
"observation": "string",
"is_simulation_fresh": true,
"is_selected": true,
"folder": "ca579eb8-24ac-44d0-a8b9-a42c500083f5",
"quantitative_risk_scenario": "29740310-1177-4999-9a9f-7893ae31cd81",
"filtering_labels": ["497f6eca-6276-4993-bfeb-53cbbbba6f08"
],
"existing_applied_controls": ["497f6eca-6276-4993-bfeb-53cbbbba6f08"
],
"added_applied_controls": ["497f6eca-6276-4993-bfeb-53cbbbba6f08"
],
"removed_applied_controls": ["497f6eca-6276-4993-bfeb-53cbbbba6f08"
]
}

Response samples

201

Content type

application/json

{"id": "497f6eca-6276-4993-bfeb-53cbbbba6f08",
"probability": 0.1,
"impact": "string",
"created_at": "2019-08-24T14:15:22Z",
"updated_at": "2019-08-24T14:15:22Z",
"is_published": true,
"name": "string",
"description": "string",
"risk_stage": "inherent",
"ref_id": "string",
"parameters": null,
"simulation_data": null,
"observation": "string",
"is_simulation_fresh": true,
"is_selected": true,
"folder": "ca579eb8-24ac-44d0-a8b9-a42c500083f5",
"quantitative_risk_scenario": "29740310-1177-4999-9a9f-7893ae31cd81",
"filtering_labels": ["497f6eca-6276-4993-bfeb-53cbbbba6f08"
],
"existing_applied_controls": ["497f6eca-6276-4993-bfeb-53cbbbba6f08"
],
"added_applied_controls": ["497f6eca-6276-4993-bfeb-53cbbbba6f08"
],
"removed_applied_controls": ["497f6eca-6276-4993-bfeb-53cbbbba6f08"
]
}

crq_quantitative_risk_hypotheses_retrieve

Return a single object with unauthorized related fields masked.

Authorizations:

knoxApiToken

path Parameters

id

required

string <uuid>

A UUID string identifying this Quantitative Risk Hypothesis.

Responses

Response samples

200

Content type

application/json

{"id": "497f6eca-6276-4993-bfeb-53cbbbba6f08",
"quantitative_risk_scenario": "string",
"existing_applied_controls": ["string"
],
"added_applied_controls": ["string"
],
"removed_applied_controls": ["string"
],
"probability": 0.1,
"impact": null,
"simulation_parameters_display": "string",
"lec_data": "string",
"risk_tolerance_curve": "string",
"currency": "string",
"ale": "string",
"ale_display": "string",
"treatment_cost": "string",
"treatment_cost_display": "string",
"roc": "string",
"roc_display": "string",
"roc_interpretation": "string",
"roc_calculation_explanation": "string",
"folder": "string",
"loss_threshold": "string",
"loss_threshold_display": "string",
"created_at": "2019-08-24T14:15:22Z",
"updated_at": "2019-08-24T14:15:22Z",
"is_published": true,
"name": "string",
"description": "string",
"risk_stage": "inherent",
"ref_id": "string",
"parameters": null,
"simulation_data": null,
"observation": "string",
"is_simulation_fresh": true,
"is_selected": true,
"filtering_labels": ["497f6eca-6276-4993-bfeb-53cbbbba6f08"
]
}

crq_quantitative_risk_hypotheses_update

Authorizations:

knoxApiToken

path Parameters

id

required

string <uuid>

A UUID string identifying this Quantitative Risk Hypothesis.

Request Body schema:
application/json
required

probability	number or null <double>
impact	string or null
is_published	boolean (Published)
name required	string <= 200 characters
description	string or null
risk_stage	string (RiskStageEnum) Enum: "inherent" "current" "residual" `inherent` - Inherent `current` - Current `residual` - Residual
ref_id	string <= 100 characters
parameters	any or null
simulation_data	any or null
observation	string or null
is_simulation_fresh	boolean
is_selected	boolean
folder	string <uuid>
quantitative_risk_scenario required	string <uuid>
filtering_labels	Array of strings <uuid> (Labels) [ items <uuid > ]
existing_applied_controls	Array of strings <uuid> (Existing Applied controls) [ items <uuid > ]
added_applied_controls	Array of strings <uuid> (Added Applied controls) [ items <uuid > ]
removed_applied_controls	Array of strings <uuid> (Removed Applied controls) [ items <uuid > ]

Responses

Request samples

Payload

Content type

application/json

{"probability": 0.1,
"impact": "string",
"is_published": true,
"name": "string",
"description": "string",
"risk_stage": "inherent",
"ref_id": "string",
"parameters": null,
"simulation_data": null,
"observation": "string",
"is_simulation_fresh": true,
"is_selected": true,
"folder": "ca579eb8-24ac-44d0-a8b9-a42c500083f5",
"quantitative_risk_scenario": "29740310-1177-4999-9a9f-7893ae31cd81",
"filtering_labels": ["497f6eca-6276-4993-bfeb-53cbbbba6f08"
],
"existing_applied_controls": ["497f6eca-6276-4993-bfeb-53cbbbba6f08"
],
"added_applied_controls": ["497f6eca-6276-4993-bfeb-53cbbbba6f08"
],
"removed_applied_controls": ["497f6eca-6276-4993-bfeb-53cbbbba6f08"
]
}

Response samples

200

Content type

application/json

{"id": "497f6eca-6276-4993-bfeb-53cbbbba6f08",
"probability": 0.1,
"impact": "string",
"created_at": "2019-08-24T14:15:22Z",
"updated_at": "2019-08-24T14:15:22Z",
"is_published": true,
"name": "string",
"description": "string",
"risk_stage": "inherent",
"ref_id": "string",
"parameters": null,
"simulation_data": null,
"observation": "string",
"is_simulation_fresh": true,
"is_selected": true,
"folder": "ca579eb8-24ac-44d0-a8b9-a42c500083f5",
"quantitative_risk_scenario": "29740310-1177-4999-9a9f-7893ae31cd81",
"filtering_labels": ["497f6eca-6276-4993-bfeb-53cbbbba6f08"
],
"existing_applied_controls": ["497f6eca-6276-4993-bfeb-53cbbbba6f08"
],
"added_applied_controls": ["497f6eca-6276-4993-bfeb-53cbbbba6f08"
],
"removed_applied_controls": ["497f6eca-6276-4993-bfeb-53cbbbba6f08"
]
}

crq_quantitative_risk_hypotheses_partial_update

Authorizations:

knoxApiToken

path Parameters

id

required

string <uuid>

A UUID string identifying this Quantitative Risk Hypothesis.

Request Body schema:
application/json

probability	number or null <double>
impact	string or null
is_published	boolean (Published)
name	string <= 200 characters
description	string or null
risk_stage	string (RiskStageEnum) Enum: "inherent" "current" "residual" `inherent` - Inherent `current` - Current `residual` - Residual
ref_id	string <= 100 characters
parameters	any or null
simulation_data	any or null
observation	string or null
is_simulation_fresh	boolean
is_selected	boolean
folder	string <uuid>
quantitative_risk_scenario	string <uuid>
filtering_labels	Array of strings <uuid> (Labels) [ items <uuid > ]
existing_applied_controls	Array of strings <uuid> (Existing Applied controls) [ items <uuid > ]
added_applied_controls	Array of strings <uuid> (Added Applied controls) [ items <uuid > ]
removed_applied_controls	Array of strings <uuid> (Removed Applied controls) [ items <uuid > ]

Responses

Request samples

Payload

Content type

application/json

{"probability": 0.1,
"impact": "string",
"is_published": true,
"name": "string",
"description": "string",
"risk_stage": "inherent",
"ref_id": "string",
"parameters": null,
"simulation_data": null,
"observation": "string",
"is_simulation_fresh": true,
"is_selected": true,
"folder": "ca579eb8-24ac-44d0-a8b9-a42c500083f5",
"quantitative_risk_scenario": "29740310-1177-4999-9a9f-7893ae31cd81",
"filtering_labels": ["497f6eca-6276-4993-bfeb-53cbbbba6f08"
],
"existing_applied_controls": ["497f6eca-6276-4993-bfeb-53cbbbba6f08"
],
"added_applied_controls": ["497f6eca-6276-4993-bfeb-53cbbbba6f08"
],
"removed_applied_controls": ["497f6eca-6276-4993-bfeb-53cbbbba6f08"
]
}

Response samples

200

Content type

application/json

{"id": "497f6eca-6276-4993-bfeb-53cbbbba6f08",
"probability": 0.1,
"impact": "string",
"created_at": "2019-08-24T14:15:22Z",
"updated_at": "2019-08-24T14:15:22Z",
"is_published": true,
"name": "string",
"description": "string",
"risk_stage": "inherent",
"ref_id": "string",
"parameters": null,
"simulation_data": null,
"observation": "string",
"is_simulation_fresh": true,
"is_selected": true,
"folder": "ca579eb8-24ac-44d0-a8b9-a42c500083f5",
"quantitative_risk_scenario": "29740310-1177-4999-9a9f-7893ae31cd81",
"filtering_labels": ["497f6eca-6276-4993-bfeb-53cbbbba6f08"
],
"existing_applied_controls": ["497f6eca-6276-4993-bfeb-53cbbbba6f08"
],
"added_applied_controls": ["497f6eca-6276-4993-bfeb-53cbbbba6f08"
],
"removed_applied_controls": ["497f6eca-6276-4993-bfeb-53cbbbba6f08"
]
}

crq_quantitative_risk_hypotheses_destroy

Authorizations:

knoxApiToken

path Parameters

id

required

string <uuid>

A UUID string identifying this Quantitative Risk Hypothesis.

Responses

crq_quantitative_risk_hypotheses_cascade_info_retrieve

Cascade preview:

deleted: objects actually deleted by cascade
affected: objects not deleted but whose relationships will be removed (through rows, SET_NULL, local links)

Authorizations:

knoxApiToken

path Parameters

id

required

string <uuid>

A UUID string identifying this Quantitative Risk Hypothesis.

Responses

crq_quantitative_risk_hypotheses_lec_retrieve

Returns the Loss Exceedance Curve data from stored simulation results. Returns empty data if simulation is not fresh (parameters have changed).

Authorizations:

knoxApiToken

path Parameters

id

required

string <uuid>

A UUID string identifying this Quantitative Risk Hypothesis.

Responses

crq_quantitative_risk_hypotheses_object_retrieve

Authorizations:

knoxApiToken

path Parameters

id

required

string <uuid>

A UUID string identifying this Quantitative Risk Hypothesis.

Responses

crq_quantitative_risk_hypotheses_run_simulation_retrieve

Triggers a Monte Carlo simulation for a specific risk hypothesis. Requires probability and impact parameters to be set on the hypothesis.

Authorizations:

knoxApiToken

path Parameters

id

required

string <uuid>

A UUID string identifying this Quantitative Risk Hypothesis.

Responses

crq_quantitative_risk_hypotheses_batch_action_create

Perform a batch action on multiple objects. Uses the IAM-filtered queryset and serializers to respect permissions and validation, mirroring the standard partial_update / destroy flows.

Payload: { "action": "delete"|"change_field"|"change_m2m"|"change_folder", "ids": [...], "field": "", "value": ... }

Authorizations:

knoxApiToken

Responses

crq_quantitative_risk_hypotheses_default_ref_id_retrieve

Authorizations:

knoxApiToken

Responses

crq_quantitative_risk_hypotheses_risk_stage_retrieve

Authorizations:

knoxApiToken

Responses

quantitative-risk-scenarios

crq_quantitative_risk_scenarios_list

Override the list method to inject optimized data into the serializer context.

Authorizations:

knoxApiToken

query Parameters

assets	Array of strings <uuid> [ items <uuid > ]
id	Array of strings <uuid> [ items <uuid > ] Multiple values may be separated by commas.
is_selected	boolean
limit	integer Number of results to return per page.
offset	integer The initial index from which to return the results.
ordering	string Which field to use when ordering the results.
priority	Array of integers or null Items Enum: 1 2 3 4 `1` - P1 `2` - P2 `3` - P3 `4` - P4
qualifications	Array of strings <uuid> [ items <uuid > ]
quantitative_risk_study	Array of strings <uuid> [ items <uuid > ]
search	string A search term.
status	Array of strings Items Enum: "accept" "draft" "mitigate" "open" "transfer" `draft` - Draft `open` - Open `mitigate` - Mitigate `accept` - Accept `transfer` - Transfer
threats	Array of strings <uuid> [ items <uuid > ]
vulnerabilities	Array of strings <uuid> [ items <uuid > ]

Responses

Response samples

200

Content type

application/json

{"count": 123,
"next": "http://api.example.org/accounts/?offset=400&limit=100",
"previous": "http://api.example.org/accounts/?offset=200&limit=100",
"results": [{"id": "497f6eca-6276-4993-bfeb-53cbbbba6f08",
"quantitative_risk_study": "string",
"assets": ["string"
],
"owner": ["string"
],
"threats": ["string"
],
"vulnerabilities": ["string"
],
"qualifications": ["string"
],
"folder": "string",
"current_ale": "string",
"current_ale_display": "string",
"residual_ale": "string",
"residual_ale_display": "string",
"created_at": "2019-08-24T14:15:22Z",
"updated_at": "2019-08-24T14:15:22Z",
"is_published": true,
"name": "string",
"description": "string",
"priority": 1,
"status": "draft",
"observation": "string",
"ref_id": "string",
"is_selected": true
}
]
}

crq_quantitative_risk_scenarios_create

Authorizations:

knoxApiToken

Request Body schema:
application/json
required

is_published	boolean (Published)
name required	string <= 200 characters
description	string or null
	(PriorityEnum (integer or null)) or (NullEnum (number or null)) [ 0 .. 9223372036854776000 ]
status	string (Status694Enum) Enum: "draft" "open" "mitigate" "accept" "transfer" `draft` - Draft `open` - Open `mitigate` - Mitigate `accept` - Accept `transfer` - Transfer
observation	string or null
ref_id	string <= 100 characters
is_selected	boolean
folder	string <uuid>
quantitative_risk_study required	string <uuid>
assets	Array of strings <uuid> [ items <uuid > ] Assets impacted by the risk scenario
owner	Array of strings <uuid> [ items <uuid > ]
vulnerabilities	Array of strings <uuid> [ items <uuid > ] Vulnerabities exploited by the risk scenario
threats	Array of strings <uuid> [ items <uuid > ]
qualifications	Array of strings <uuid> [ items <uuid > ]

Responses

Request samples

Payload

Content type

application/json

{"is_published": true,
"name": "string",
"description": "string",
"priority": 1,
"status": "draft",
"observation": "string",
"ref_id": "string",
"is_selected": true,
"folder": "ca579eb8-24ac-44d0-a8b9-a42c500083f5",
"quantitative_risk_study": "f870772b-e64e-4c1b-9039-54ba39f7b7e6",
"assets": ["497f6eca-6276-4993-bfeb-53cbbbba6f08"
],
"owner": ["497f6eca-6276-4993-bfeb-53cbbbba6f08"
],
"vulnerabilities": ["497f6eca-6276-4993-bfeb-53cbbbba6f08"
],
"threats": ["497f6eca-6276-4993-bfeb-53cbbbba6f08"
],
"qualifications": ["497f6eca-6276-4993-bfeb-53cbbbba6f08"
]
}

Response samples

201

Content type

application/json

{"id": "497f6eca-6276-4993-bfeb-53cbbbba6f08",
"is_published": true,
"name": "string",
"description": "string",
"priority": 1,
"status": "draft",
"observation": "string",
"ref_id": "string",
"is_selected": true,
"folder": "ca579eb8-24ac-44d0-a8b9-a42c500083f5",
"quantitative_risk_study": "f870772b-e64e-4c1b-9039-54ba39f7b7e6",
"assets": ["497f6eca-6276-4993-bfeb-53cbbbba6f08"
],
"owner": ["497f6eca-6276-4993-bfeb-53cbbbba6f08"
],
"vulnerabilities": ["497f6eca-6276-4993-bfeb-53cbbbba6f08"
],
"threats": ["497f6eca-6276-4993-bfeb-53cbbbba6f08"
],
"qualifications": ["497f6eca-6276-4993-bfeb-53cbbbba6f08"
]
}

crq_quantitative_risk_scenarios_retrieve

Return a single object with unauthorized related fields masked.

Authorizations:

knoxApiToken

path Parameters

id

required

string <uuid>

A UUID string identifying this Quantitative Risk Scenario.

Responses

Response samples

200

Content type

application/json

{"id": "497f6eca-6276-4993-bfeb-53cbbbba6f08",
"quantitative_risk_study": "string",
"assets": ["string"
],
"owner": ["string"
],
"threats": ["string"
],
"vulnerabilities": ["string"
],
"qualifications": ["string"
],
"folder": "string",
"current_ale": "string",
"current_ale_display": "string",
"residual_ale": "string",
"residual_ale_display": "string",
"created_at": "2019-08-24T14:15:22Z",
"updated_at": "2019-08-24T14:15:22Z",
"is_published": true,
"name": "string",
"description": "string",
"priority": 1,
"status": "draft",
"observation": "string",
"ref_id": "string",
"is_selected": true
}

crq_quantitative_risk_scenarios_update

Authorizations:

knoxApiToken

path Parameters

id

required

string <uuid>

A UUID string identifying this Quantitative Risk Scenario.

Request Body schema:
application/json
required

is_published	boolean (Published)
name required	string <= 200 characters
description	string or null
	(PriorityEnum (integer or null)) or (NullEnum (number or null)) [ 0 .. 9223372036854776000 ]
status	string (Status694Enum) Enum: "draft" "open" "mitigate" "accept" "transfer" `draft` - Draft `open` - Open `mitigate` - Mitigate `accept` - Accept `transfer` - Transfer
observation	string or null
ref_id	string <= 100 characters
is_selected	boolean
folder	string <uuid>
quantitative_risk_study required	string <uuid>
assets	Array of strings <uuid> [ items <uuid > ] Assets impacted by the risk scenario
owner	Array of strings <uuid> [ items <uuid > ]
vulnerabilities	Array of strings <uuid> [ items <uuid > ] Vulnerabities exploited by the risk scenario
threats	Array of strings <uuid> [ items <uuid > ]
qualifications	Array of strings <uuid> [ items <uuid > ]

Responses

Request samples

Payload

Content type

application/json

{"is_published": true,
"name": "string",
"description": "string",
"priority": 1,
"status": "draft",
"observation": "string",
"ref_id": "string",
"is_selected": true,
"folder": "ca579eb8-24ac-44d0-a8b9-a42c500083f5",
"quantitative_risk_study": "f870772b-e64e-4c1b-9039-54ba39f7b7e6",
"assets": ["497f6eca-6276-4993-bfeb-53cbbbba6f08"
],
"owner": ["497f6eca-6276-4993-bfeb-53cbbbba6f08"
],
"vulnerabilities": ["497f6eca-6276-4993-bfeb-53cbbbba6f08"
],
"threats": ["497f6eca-6276-4993-bfeb-53cbbbba6f08"
],
"qualifications": ["497f6eca-6276-4993-bfeb-53cbbbba6f08"
]
}

Response samples

200

Content type

application/json

{"id": "497f6eca-6276-4993-bfeb-53cbbbba6f08",
"is_published": true,
"name": "string",
"description": "string",
"priority": 1,
"status": "draft",
"observation": "string",
"ref_id": "string",
"is_selected": true,
"folder": "ca579eb8-24ac-44d0-a8b9-a42c500083f5",
"quantitative_risk_study": "f870772b-e64e-4c1b-9039-54ba39f7b7e6",
"assets": ["497f6eca-6276-4993-bfeb-53cbbbba6f08"
],
"owner": ["497f6eca-6276-4993-bfeb-53cbbbba6f08"
],
"vulnerabilities": ["497f6eca-6276-4993-bfeb-53cbbbba6f08"
],
"threats": ["497f6eca-6276-4993-bfeb-53cbbbba6f08"
],
"qualifications": ["497f6eca-6276-4993-bfeb-53cbbbba6f08"
]
}

crq_quantitative_risk_scenarios_partial_update

Authorizations:

knoxApiToken

path Parameters

id

required

string <uuid>

A UUID string identifying this Quantitative Risk Scenario.

Request Body schema:
application/json

is_published	boolean (Published)
name	string <= 200 characters
description	string or null
	(PriorityEnum (integer or null)) or (NullEnum (number or null)) [ 0 .. 9223372036854776000 ]
status	string (Status694Enum) Enum: "draft" "open" "mitigate" "accept" "transfer" `draft` - Draft `open` - Open `mitigate` - Mitigate `accept` - Accept `transfer` - Transfer
observation	string or null
ref_id	string <= 100 characters
is_selected	boolean
folder	string <uuid>
quantitative_risk_study	string <uuid>
assets	Array of strings <uuid> [ items <uuid > ] Assets impacted by the risk scenario
owner	Array of strings <uuid> [ items <uuid > ]
vulnerabilities	Array of strings <uuid> [ items <uuid > ] Vulnerabities exploited by the risk scenario
threats	Array of strings <uuid> [ items <uuid > ]
qualifications	Array of strings <uuid> [ items <uuid > ]

Responses

Request samples

Payload

Content type

application/json

{"is_published": true,
"name": "string",
"description": "string",
"priority": 1,
"status": "draft",
"observation": "string",
"ref_id": "string",
"is_selected": true,
"folder": "ca579eb8-24ac-44d0-a8b9-a42c500083f5",
"quantitative_risk_study": "f870772b-e64e-4c1b-9039-54ba39f7b7e6",
"assets": ["497f6eca-6276-4993-bfeb-53cbbbba6f08"
],
"owner": ["497f6eca-6276-4993-bfeb-53cbbbba6f08"
],
"vulnerabilities": ["497f6eca-6276-4993-bfeb-53cbbbba6f08"
],
"threats": ["497f6eca-6276-4993-bfeb-53cbbbba6f08"
],
"qualifications": ["497f6eca-6276-4993-bfeb-53cbbbba6f08"
]
}

Response samples

200

Content type

application/json

{"id": "497f6eca-6276-4993-bfeb-53cbbbba6f08",
"is_published": true,
"name": "string",
"description": "string",
"priority": 1,
"status": "draft",
"observation": "string",
"ref_id": "string",
"is_selected": true,
"folder": "ca579eb8-24ac-44d0-a8b9-a42c500083f5",
"quantitative_risk_study": "f870772b-e64e-4c1b-9039-54ba39f7b7e6",
"assets": ["497f6eca-6276-4993-bfeb-53cbbbba6f08"
],
"owner": ["497f6eca-6276-4993-bfeb-53cbbbba6f08"
],
"vulnerabilities": ["497f6eca-6276-4993-bfeb-53cbbbba6f08"
],
"threats": ["497f6eca-6276-4993-bfeb-53cbbbba6f08"
],
"qualifications": ["497f6eca-6276-4993-bfeb-53cbbbba6f08"
]
}

crq_quantitative_risk_scenarios_destroy

Authorizations:

knoxApiToken

path Parameters

id

required

string <uuid>

A UUID string identifying this Quantitative Risk Scenario.

Responses

crq_quantitative_risk_scenarios_cascade_info_retrieve

Cascade preview:

deleted: objects actually deleted by cascade
affected: objects not deleted but whose relationships will be removed (through rows, SET_NULL, local links)

Authorizations:

knoxApiToken

path Parameters

id

required

string <uuid>

A UUID string identifying this Quantitative Risk Scenario.

Responses

crq_quantitative_risk_scenarios_lec_retrieve

Returns combined Loss Exceedance Curve data for the scenario:

Inherent hypothesis curve (if available and has simulation data)
Current hypothesis curve (if available and has simulation data)
Study risk tolerance curve (if configured)
All residual hypothesis curves (if they have simulation data)

Authorizations:

knoxApiToken

path Parameters

id

required

string <uuid>

A UUID string identifying this Quantitative Risk Scenario.

Responses

crq_quantitative_risk_scenarios_object_retrieve

Authorizations:

knoxApiToken

path Parameters

id

required

string <uuid>

A UUID string identifying this Quantitative Risk Scenario.

Responses

crq_quantitative_risk_scenarios_batch_action_create

Perform a batch action on multiple objects. Uses the IAM-filtered queryset and serializers to respect permissions and validation, mirroring the standard partial_update / destroy flows.

Payload: { "action": "delete"|"change_field"|"change_m2m"|"change_folder", "ids": [...], "field": "", "value": ... }

Authorizations:

knoxApiToken

Responses

crq_quantitative_risk_scenarios_default_ref_id_retrieve

Authorizations:

knoxApiToken

Responses

crq_quantitative_risk_scenarios_priority_retrieve

Authorizations:

knoxApiToken

Responses

crq_quantitative_risk_scenarios_status_retrieve

Authorizations:

knoxApiToken

Responses

quantitative-risk-studies

crq_quantitative_risk_studies_list

Override the list method to inject optimized data into the serializer context.

Authorizations:

knoxApiToken

query Parameters

authors	Array of strings <uuid> [ items <uuid > ]
folder	Array of strings <uuid> [ items <uuid > ]
genericcollection	Array of strings <uuid> [ items <uuid > ]
id	Array of strings <uuid> [ items <uuid > ] Multiple values may be separated by commas.
limit	integer Number of results to return per page.
offset	integer The initial index from which to return the results.
ordering	string Which field to use when ordering the results.
reviewers	Array of strings <uuid> [ items <uuid > ]
search	string A search term.
status	Array of strings or null Items Enum: "deprecated" "done" "in_progress" "in_review" "planned" `planned` - Planned `in_progress` - In progress `in_review` - In review `done` - Done `deprecated` - Deprecated

Responses

Response samples

200

Content type

application/json

{"count": 123,
"next": "http://api.example.org/accounts/?offset=400&limit=100",
"previous": "http://api.example.org/accounts/?offset=200&limit=100",
"results": [{"id": "497f6eca-6276-4993-bfeb-53cbbbba6f08",
"folder": "string",
"authors": ["string"
],
"reviewers": ["string"
],
"risk_tolerance_display": "string",
"loss_threshold_display": "string",
"validation_flows": ["string"
],
"created_at": "2019-08-24T14:15:22Z",
"updated_at": "2019-08-24T14:15:22Z",
"is_published": true,
"name": "string",
"description": "string",
"eta": "2019-08-24",
"due_date": "2019-08-24",
"ref_id": "string",
"status": "planned",
"observation": "string",
"risk_tolerance": null,
"loss_threshold": 0.1,
"distribution_model": "lognormal_ci90",
"portfolio_simulation": null
}
]
}

crq_quantitative_risk_studies_create

Authorizations:

knoxApiToken

Request Body schema:
application/json
required

is_published	boolean (Published)
name required	string <= 200 characters
description	string or null
eta	string or null <date>
due_date	string or null <date>
ref_id	string <= 100 characters
	(Status6d9Enum (string or null)) or (BlankEnum (any or null)) or (NullEnum (any or null))
observation	string or null
risk_tolerance	any or null Risk tolerance points and curve data. Expected format: {'points': {'point1': {'probability': float, 'acceptable_loss': float}, 'point2': {'probability': float, 'acceptable_loss': float}}, 'curve_data': {'loss_values': [...], 'probability_values': [...]}}
loss_threshold	number or null <double>
distribution_model	string (DistributionModelEnum) Value: "lognormal_ci90" `lognormal_ci90` - Lognormal - CI 90
portfolio_simulation	any or null Cached portfolio simulation results to improve performance. Contains current and residual portfolio calculations with metadata.
folder	string <uuid>
reviewers	Array of strings <uuid> [ items <uuid > ]
authors	Array of strings <uuid> [ items <uuid > ]

Responses

Request samples

Payload

Content type

application/json

{"is_published": true,
"name": "string",
"description": "string",
"eta": "2019-08-24",
"due_date": "2019-08-24",
"ref_id": "string",
"status": "planned",
"observation": "string",
"risk_tolerance": null,
"loss_threshold": 0.1,
"distribution_model": "lognormal_ci90",
"portfolio_simulation": null,
"folder": "ca579eb8-24ac-44d0-a8b9-a42c500083f5",
"reviewers": ["497f6eca-6276-4993-bfeb-53cbbbba6f08"
],
"authors": ["497f6eca-6276-4993-bfeb-53cbbbba6f08"
]
}

Response samples

201

Content type

application/json

{"id": "497f6eca-6276-4993-bfeb-53cbbbba6f08",
"is_published": true,
"name": "string",
"description": "string",
"eta": "2019-08-24",
"due_date": "2019-08-24",
"ref_id": "string",
"status": "planned",
"observation": "string",
"risk_tolerance": null,
"loss_threshold": 0.1,
"distribution_model": "lognormal_ci90",
"portfolio_simulation": null,
"folder": "ca579eb8-24ac-44d0-a8b9-a42c500083f5",
"reviewers": ["497f6eca-6276-4993-bfeb-53cbbbba6f08"
],
"authors": ["497f6eca-6276-4993-bfeb-53cbbbba6f08"
]
}

crq_quantitative_risk_studies_retrieve

Return a single object with unauthorized related fields masked.

Authorizations:

knoxApiToken

path Parameters

id

required

string <uuid>

A UUID string identifying this Quantitative Risk Study.

Responses

Response samples

200

Content type

application/json

{"id": "497f6eca-6276-4993-bfeb-53cbbbba6f08",
"folder": "string",
"authors": ["string"
],
"reviewers": ["string"
],
"risk_tolerance_display": "string",
"loss_threshold_display": "string",
"validation_flows": ["string"
],
"created_at": "2019-08-24T14:15:22Z",
"updated_at": "2019-08-24T14:15:22Z",
"is_published": true,
"name": "string",
"description": "string",
"eta": "2019-08-24",
"due_date": "2019-08-24",
"ref_id": "string",
"status": "planned",
"observation": "string",
"risk_tolerance": null,
"loss_threshold": 0.1,
"distribution_model": "lognormal_ci90",
"portfolio_simulation": null
}

crq_quantitative_risk_studies_update

Authorizations:

knoxApiToken

path Parameters

id

required

string <uuid>

A UUID string identifying this Quantitative Risk Study.

Request Body schema:
application/json
required

is_published	boolean (Published)
name required	string <= 200 characters
description	string or null
eta	string or null <date>
due_date	string or null <date>
ref_id	string <= 100 characters
	(Status6d9Enum (string or null)) or (BlankEnum (any or null)) or (NullEnum (any or null))
observation	string or null
risk_tolerance	any or null Risk tolerance points and curve data. Expected format: {'points': {'point1': {'probability': float, 'acceptable_loss': float}, 'point2': {'probability': float, 'acceptable_loss': float}}, 'curve_data': {'loss_values': [...], 'probability_values': [...]}}
loss_threshold	number or null <double>
distribution_model	string (DistributionModelEnum) Value: "lognormal_ci90" `lognormal_ci90` - Lognormal - CI 90
portfolio_simulation	any or null Cached portfolio simulation results to improve performance. Contains current and residual portfolio calculations with metadata.
folder	string <uuid>
reviewers	Array of strings <uuid> [ items <uuid > ]
authors	Array of strings <uuid> [ items <uuid > ]

Responses

Request samples

Payload

Content type

application/json

{"is_published": true,
"name": "string",
"description": "string",
"eta": "2019-08-24",
"due_date": "2019-08-24",
"ref_id": "string",
"status": "planned",
"observation": "string",
"risk_tolerance": null,
"loss_threshold": 0.1,
"distribution_model": "lognormal_ci90",
"portfolio_simulation": null,
"folder": "ca579eb8-24ac-44d0-a8b9-a42c500083f5",
"reviewers": ["497f6eca-6276-4993-bfeb-53cbbbba6f08"
],
"authors": ["497f6eca-6276-4993-bfeb-53cbbbba6f08"
]
}

Response samples

200

Content type

application/json

{"id": "497f6eca-6276-4993-bfeb-53cbbbba6f08",
"is_published": true,
"name": "string",
"description": "string",
"eta": "2019-08-24",
"due_date": "2019-08-24",
"ref_id": "string",
"status": "planned",
"observation": "string",
"risk_tolerance": null,
"loss_threshold": 0.1,
"distribution_model": "lognormal_ci90",
"portfolio_simulation": null,
"folder": "ca579eb8-24ac-44d0-a8b9-a42c500083f5",
"reviewers": ["497f6eca-6276-4993-bfeb-53cbbbba6f08"
],
"authors": ["497f6eca-6276-4993-bfeb-53cbbbba6f08"
]
}

crq_quantitative_risk_studies_partial_update

Authorizations:

knoxApiToken

path Parameters

id

required

string <uuid>

A UUID string identifying this Quantitative Risk Study.

Request Body schema:
application/json

is_published	boolean (Published)
name	string <= 200 characters
description	string or null
eta	string or null <date>
due_date	string or null <date>
ref_id	string <= 100 characters
	(Status6d9Enum (string or null)) or (BlankEnum (any or null)) or (NullEnum (any or null))
observation	string or null
risk_tolerance	any or null Risk tolerance points and curve data. Expected format: {'points': {'point1': {'probability': float, 'acceptable_loss': float}, 'point2': {'probability': float, 'acceptable_loss': float}}, 'curve_data': {'loss_values': [...], 'probability_values': [...]}}
loss_threshold	number or null <double>
distribution_model	string (DistributionModelEnum) Value: "lognormal_ci90" `lognormal_ci90` - Lognormal - CI 90
portfolio_simulation	any or null Cached portfolio simulation results to improve performance. Contains current and residual portfolio calculations with metadata.
folder	string <uuid>
reviewers	Array of strings <uuid> [ items <uuid > ]
authors	Array of strings <uuid> [ items <uuid > ]

Responses

Request samples

Payload

Content type

application/json

{"is_published": true,
"name": "string",
"description": "string",
"eta": "2019-08-24",
"due_date": "2019-08-24",
"ref_id": "string",
"status": "planned",
"observation": "string",
"risk_tolerance": null,
"loss_threshold": 0.1,
"distribution_model": "lognormal_ci90",
"portfolio_simulation": null,
"folder": "ca579eb8-24ac-44d0-a8b9-a42c500083f5",
"reviewers": ["497f6eca-6276-4993-bfeb-53cbbbba6f08"
],
"authors": ["497f6eca-6276-4993-bfeb-53cbbbba6f08"
]
}

Response samples

200

Content type

application/json

{"id": "497f6eca-6276-4993-bfeb-53cbbbba6f08",
"is_published": true,
"name": "string",
"description": "string",
"eta": "2019-08-24",
"due_date": "2019-08-24",
"ref_id": "string",
"status": "planned",
"observation": "string",
"risk_tolerance": null,
"loss_threshold": 0.1,
"distribution_model": "lognormal_ci90",
"portfolio_simulation": null,
"folder": "ca579eb8-24ac-44d0-a8b9-a42c500083f5",
"reviewers": ["497f6eca-6276-4993-bfeb-53cbbbba6f08"
],
"authors": ["497f6eca-6276-4993-bfeb-53cbbbba6f08"
]
}

crq_quantitative_risk_studies_destroy

Authorizations:

knoxApiToken

path Parameters

id

required

string <uuid>

A UUID string identifying this Quantitative Risk Study.

Responses

crq_quantitative_risk_studies_action_plan_list

Action plan for quantitative risk studies. Returns controls from hypotheses in the study.

Authorizations:

knoxApiToken

path Parameters

id

required

string <uuid>

query Parameters

limit	integer Number of results to return per page.
offset	integer The initial index from which to return the results.
ordering	string Which field to use when ordering the results.
search	string A search term.

Responses

Response samples

200

Content type

application/json

{"count": 123,
"next": "http://api.example.org/accounts/?offset=400&limit=100",
"previous": "http://api.example.org/accounts/?offset=200&limit=100",
"results": [{"id": "497f6eca-6276-4993-bfeb-53cbbbba6f08",
"folder": "string",
"reference_control": "string",
"priority": "string",
"category": "string",
"csf_function": "string",
"evidences": ["string"
],
"effort": "string",
"control_impact": "string",
"status": "string",
"cost": null,
"annual_cost": "string",
"ranking_score": 0,
"owner": ["string"
],
"quantitative_risk_scenarios": "string",
"created_at": "2019-08-24T14:15:22Z",
"updated_at": "2019-08-24T14:15:22Z",
"name": "string",
"description": "string",
"ref_id": "string",
"start_date": "2019-08-24",
"eta": "2019-08-24",
"expiry_date": "2019-08-24",
"link": "string",
"progress_field": 100,
"is_published": true,
"observation": "string",
"filtering_labels": ["497f6eca-6276-4993-bfeb-53cbbbba6f08"
],
"assets": ["497f6eca-6276-4993-bfeb-53cbbbba6f08"
],
"security_exceptions": ["497f6eca-6276-4993-bfeb-53cbbbba6f08"
],
"objectives": ["497f6eca-6276-4993-bfeb-53cbbbba6f08"
]
}
]
}

crq_quantitative_risk_studies_action_plan_budget_overview_list

Mixin that computes budget aggregation over an applied controls queryset.

Authorizations:

knoxApiToken

path Parameters

id

required

string <uuid>

query Parameters

limit	integer Number of results to return per page.
offset	integer The initial index from which to return the results.
ordering	string Which field to use when ordering the results.
search	string A search term.

Responses

Response samples

200

Content type

application/json

{"count": 123,
"next": "http://api.example.org/accounts/?offset=400&limit=100",
"previous": "http://api.example.org/accounts/?offset=200&limit=100",
"results": [{"id": "497f6eca-6276-4993-bfeb-53cbbbba6f08",
"folder": "string",
"reference_control": "string",
"priority": "string",
"category": "string",
"csf_function": "string",
"evidences": ["string"
],
"effort": "string",
"control_impact": "string",
"status": "string",
"cost": null,
"annual_cost": "string",
"ranking_score": 0,
"owner": ["string"
],
"quantitative_risk_scenarios": "string",
"created_at": "2019-08-24T14:15:22Z",
"updated_at": "2019-08-24T14:15:22Z",
"name": "string",
"description": "string",
"ref_id": "string",
"start_date": "2019-08-24",
"eta": "2019-08-24",
"expiry_date": "2019-08-24",
"link": "string",
"progress_field": 100,
"is_published": true,
"observation": "string",
"filtering_labels": ["497f6eca-6276-4993-bfeb-53cbbbba6f08"
],
"assets": ["497f6eca-6276-4993-bfeb-53cbbbba6f08"
],
"security_exceptions": ["497f6eca-6276-4993-bfeb-53cbbbba6f08"
],
"objectives": ["497f6eca-6276-4993-bfeb-53cbbbba6f08"
]
}
]
}

crq_quantitative_risk_studies_ale_comparison_retrieve

Returns data for ALE comparison chart showing:

Current ALE (positive values)
Residual ALE (positive values)
Treatment cost (negative values) for each scenario

Authorizations:

knoxApiToken

path Parameters

id

required

string <uuid>

A UUID string identifying this Quantitative Risk Study.

Responses

crq_quantitative_risk_studies_cascade_info_retrieve

Cascade preview:

deleted: objects actually deleted by cascade
affected: objects not deleted but whose relationships will be removed (through rows, SET_NULL, local links)

Authorizations:

knoxApiToken

path Parameters

id

required

string <uuid>

A UUID string identifying this Quantitative Risk Study.

Responses

crq_quantitative_risk_studies_combined_ale_retrieve

Returns combined ALE metrics for the quantitative risk study:

Current ALE Combined: Sum of current ALE from all scenarios
Residual ALE Combined: Sum of ALE from selected residual hypotheses per scenario

Authorizations:

knoxApiToken

path Parameters

id

required

string <uuid>

A UUID string identifying this Quantitative Risk Study.

Responses

crq_quantitative_risk_studies_combined_lec_retrieve

Returns combined Loss Exceedance Curve data for the quantitative risk study:

Risk tolerance curve (if configured)
Sum of all current hypothesis LEC curves from study scenarios

Authorizations:

knoxApiToken

path Parameters

id

required

string <uuid>

A UUID string identifying this Quantitative Risk Study.

Responses

crq_quantitative_risk_studies_executive_summary_retrieve

Returns executive summary data for the quantitative risk study. Includes scenarios that are selected and not in draft status with:

Main information (ref_id, name, description)
Assets, threats, qualifications links
LEC chart data (current, selected residual, risk tolerance)
Current and residual ALE insights
Treatment cost of selected residual hypothesis

Authorizations:

knoxApiToken

path Parameters

id

required

string <uuid>

A UUID string identifying this Quantitative Risk Study.

Responses

crq_quantitative_risk_studies_key_metrics_retrieve

Returns key metrics data for quantitative risk scenarios scoped per study. Provides the following info per scenario based on risk metrics:

name
ale (Annual Loss Expectancy)
var_95 (Value at Risk 95%)
var_99 (Value at Risk 99%)
var_999 (Value at Risk 99.9%)
proba_of_exceeding_threshold (Probability of exceeding the loss threshold)

Data is provided for both current and residual risk levels based on risk_stage. Current level uses hypothesis with risk_stage='current' Residual level uses hypothesis with risk_stage='residual' and is_selected=True

Authorizations:

knoxApiToken

path Parameters

id

required

string <uuid>

A UUID string identifying this Quantitative Risk Study.

Responses

crq_quantitative_risk_studies_object_retrieve

Authorizations:

knoxApiToken

path Parameters

id

required

string <uuid>

A UUID string identifying this Quantitative Risk Study.

Responses

crq_quantitative_risk_studies_retrigger_all_simulations_create

Retriggers all simulations for the quantitative risk study. This includes:

All hypothesis simulations (for each scenario's hypotheses with valid parameters)
Portfolio simulation (combined ALE and LEC curves)
Risk tolerance curve generation

This operation can be slow as it processes multiple simulations.

Authorizations:

knoxApiToken

path Parameters

id

required

string <uuid>

A UUID string identifying this Quantitative Risk Study.

Responses

crq_quantitative_risk_studies_batch_action_create

Perform a batch action on multiple objects. Uses the IAM-filtered queryset and serializers to respect permissions and validation, mirroring the standard partial_update / destroy flows.

Payload: { "action": "delete"|"change_field"|"change_m2m"|"change_folder", "ids": [...], "field": "", "value": ... }

CISO Assistant API — Quantitative Risk (CRQ) (0.7.0)

quantitative-risk-hypotheses

crq_quantitative_risk_hypotheses_list

Authorizations:

query Parameters

Responses

Response samples

crq_quantitative_risk_hypotheses_create

Authorizations:

Request Body schema: application/jsonapplication/x-www-form-urlencodedmultipart/form-dataapplication/jsonrequired

Responses

Request samples

Response samples

crq_quantitative_risk_hypotheses_retrieve

Authorizations:

path Parameters

Responses

Response samples

crq_quantitative_risk_hypotheses_update

Authorizations:

path Parameters

Request Body schema: application/jsonapplication/x-www-form-urlencodedmultipart/form-dataapplication/jsonrequired

Responses

Request samples

Response samples

crq_quantitative_risk_hypotheses_partial_update

Authorizations:

path Parameters

Request Body schema: application/jsonapplication/x-www-form-urlencodedmultipart/form-dataapplication/json

Responses

Request samples

Response samples

crq_quantitative_risk_hypotheses_destroy

Authorizations:

path Parameters

Responses

crq_quantitative_risk_hypotheses_cascade_info_retrieve

Authorizations:

path Parameters

Responses

crq_quantitative_risk_hypotheses_lec_retrieve

Authorizations:

path Parameters

Responses

crq_quantitative_risk_hypotheses_object_retrieve

Authorizations:

path Parameters

Responses

crq_quantitative_risk_hypotheses_run_simulation_retrieve

Authorizations:

path Parameters

Responses

crq_quantitative_risk_hypotheses_batch_action_create

Authorizations:

Responses

crq_quantitative_risk_hypotheses_default_ref_id_retrieve

Authorizations:

Responses

crq_quantitative_risk_hypotheses_risk_stage_retrieve

Authorizations:

Responses

quantitative-risk-scenarios

crq_quantitative_risk_scenarios_list

Authorizations:

query Parameters

Responses

Response samples

crq_quantitative_risk_scenarios_create

Authorizations:

Request Body schema: application/jsonapplication/x-www-form-urlencodedmultipart/form-dataapplication/jsonrequired

Responses

Request samples

Response samples

crq_quantitative_risk_scenarios_retrieve

Authorizations:

path Parameters

Responses

Response samples

crq_quantitative_risk_scenarios_update

Authorizations:

Request Body schema:
application/json
required

Request Body schema:
application/json
required

Request Body schema:
application/json

Request Body schema:
application/json
required

Request Body schema:
application/json
required

Request Body schema:
application/json

Request Body schema:
application/json
required

Request Body schema:
application/json
required

Request Body schema:
application/json