CISO Assistant API — Security Exceptions & Findings (0.7.0)

Download OpenAPI specification:

CISO Assistant - API Documentation for automating all your GRC needs

findings

findings_list

Override the list method to inject optimized data into the serializer context.

Authorizations:

knoxApiToken

query Parameters

applied_controls	Array of strings <uuid> [ items <uuid > ]
due_date	string <date>
evidences	Array of strings <uuid> [ items <uuid > ]
filtering_labels	Array of strings <uuid> [ items <uuid > ]
findings_assessment	Array of strings <uuid> [ items <uuid > ]
folder	Array of strings <uuid> [ items <uuid > ]
id	Array of strings <uuid> [ items <uuid > ] Multiple values may be separated by commas.
limit	integer Number of results to return per page.
name	string
offset	integer The initial index from which to return the results.
ordering	string Which field to use when ordering the results.
owner	Array of strings <uuid> [ items <uuid > ]
priority	Array of integers or null Items Enum: 1 2 3 4 `1` - P1 `2` - P2 `3` - P3 `4` - P4
search	string A search term.
severity	Array of integers Items Enum: -1 0 1 2 3 4 `-1` - undefined `0` - info `1` - low `2` - medium `3` - high `4` - critical
status	Array of strings Items Enum: "--" "assigned" "closed" "confirmed" "deprecated" "dismissed" "identified" "in_progress" "mitigated" "resolved" `--` - Undefined `identified` - Identified `confirmed` - Confirmed `dismissed` - Dismissed `assigned` - Assigned `in_progress` - In Progress `mitigated` - Mitigated `resolved` - Resolved `closed` - Closed `deprecated` - Deprecated

Responses

Response samples

200

Content type

application/json

{"count": 123,
"next": "http://api.example.org/accounts/?offset=400&limit=100",
"previous": "http://api.example.org/accounts/?offset=200&limit=100",
"results": [{"id": "497f6eca-6276-4993-bfeb-53cbbbba6f08",
"path": "string",
"owner": ["string"
],
"findings_assessment": "string",
"threats": ["string"
],
"vulnerabilities": ["string"
],
"reference_controls": ["string"
],
"applied_controls": ["string"
],
"filtering_labels": ["string"
],
"evidences": ["string"
],
"perimeter": "string",
"folder": "string",
"severity": "string",
"priority": "string",
"created_at": "2019-08-24T14:15:22Z",
"updated_at": "2019-08-24T14:15:22Z",
"is_published": true,
"name": "string",
"description": "string",
"eta": "2019-08-24",
"due_date": "2019-08-24",
"ref_id": "string",
"status": "--",
"observation": "string"
}
]
}

findings_create

Authorizations:

knoxApiToken

Request Body schema:
application/json
required

is_published	boolean (Published)
name required	string <= 200 characters
description	string or null
eta	string or null <date>
due_date	string or null <date>
ref_id	string (Reference ID) <= 100 characters
	(PriorityEnum (integer or null)) or (NullEnum (number or null)) [ 0 .. 9223372036854776000 ]
severity	integer [ -9223372036854776000 .. 9223372036854776000 ] Enum: -1 0 1 2 3 4 `-1` - undefined `0` - info `1` - low `2` - medium `3` - high `4` - critical
status	string (Status5fcEnum) Enum: "--" "identified" "confirmed" "dismissed" "assigned" "in_progress" "mitigated" "resolved" "closed" "deprecated" `--` - Undefined `identified` - Identified `confirmed` - Confirmed `dismissed` - Dismissed `assigned` - Assigned `in_progress` - In Progress `mitigated` - Mitigated `resolved` - Resolved `closed` - Closed `deprecated` - Deprecated
observation	string or null
findings_assessment required	string <uuid>
filtering_labels	Array of strings <uuid> (Labels) [ items <uuid > ]
threats	Array of strings <uuid> [ items <uuid > ]
vulnerabilities	Array of strings <uuid> [ items <uuid > ]
reference_controls	Array of strings <uuid> [ items <uuid > ]
applied_controls	Array of strings <uuid> [ items <uuid > ]
owner	Array of strings <uuid> [ items <uuid > ]
evidences	Array of strings <uuid> [ items <uuid > ] Evidences related to the follow-up

Responses

Request samples

Payload

Content type

application/json

{"is_published": true,
"name": "string",
"description": "string",
"eta": "2019-08-24",
"due_date": "2019-08-24",
"ref_id": "string",
"priority": 1,
"severity": -1,
"status": "--",
"observation": "string",
"findings_assessment": "69cc1a79-dd84-4f89-9814-52e4737f78c4",
"filtering_labels": ["497f6eca-6276-4993-bfeb-53cbbbba6f08"
],
"threats": ["497f6eca-6276-4993-bfeb-53cbbbba6f08"
],
"vulnerabilities": ["497f6eca-6276-4993-bfeb-53cbbbba6f08"
],
"reference_controls": ["497f6eca-6276-4993-bfeb-53cbbbba6f08"
],
"applied_controls": ["497f6eca-6276-4993-bfeb-53cbbbba6f08"
],
"owner": ["497f6eca-6276-4993-bfeb-53cbbbba6f08"
],
"evidences": ["497f6eca-6276-4993-bfeb-53cbbbba6f08"
]
}

Response samples

201

Content type

application/json

{"id": "497f6eca-6276-4993-bfeb-53cbbbba6f08",
"is_published": true,
"name": "string",
"description": "string",
"eta": "2019-08-24",
"due_date": "2019-08-24",
"ref_id": "string",
"priority": 1,
"severity": -1,
"status": "--",
"observation": "string",
"findings_assessment": "69cc1a79-dd84-4f89-9814-52e4737f78c4",
"filtering_labels": ["497f6eca-6276-4993-bfeb-53cbbbba6f08"
],
"threats": ["497f6eca-6276-4993-bfeb-53cbbbba6f08"
],
"vulnerabilities": ["497f6eca-6276-4993-bfeb-53cbbbba6f08"
],
"reference_controls": ["497f6eca-6276-4993-bfeb-53cbbbba6f08"
],
"applied_controls": ["497f6eca-6276-4993-bfeb-53cbbbba6f08"
],
"owner": ["497f6eca-6276-4993-bfeb-53cbbbba6f08"
],
"evidences": ["497f6eca-6276-4993-bfeb-53cbbbba6f08"
]
}

findings_retrieve

Return a single object with unauthorized related fields masked.

Authorizations:

knoxApiToken

path Parameters

id

required

string <uuid>

A UUID string identifying this Finding.

Responses

Response samples

200

Content type

application/json

{"id": "497f6eca-6276-4993-bfeb-53cbbbba6f08",
"path": "string",
"owner": ["string"
],
"findings_assessment": "string",
"threats": ["string"
],
"vulnerabilities": ["string"
],
"reference_controls": ["string"
],
"applied_controls": ["string"
],
"filtering_labels": ["string"
],
"evidences": ["string"
],
"perimeter": "string",
"folder": "string",
"severity": "string",
"priority": "string",
"created_at": "2019-08-24T14:15:22Z",
"updated_at": "2019-08-24T14:15:22Z",
"is_published": true,
"name": "string",
"description": "string",
"eta": "2019-08-24",
"due_date": "2019-08-24",
"ref_id": "string",
"status": "--",
"observation": "string"
}

findings_update

Authorizations:

knoxApiToken

path Parameters

id

required

string <uuid>

A UUID string identifying this Finding.

Request Body schema:
application/json
required

is_published	boolean (Published)
name required	string <= 200 characters
description	string or null
eta	string or null <date>
due_date	string or null <date>
ref_id	string (Reference ID) <= 100 characters
	(PriorityEnum (integer or null)) or (NullEnum (number or null)) [ 0 .. 9223372036854776000 ]
severity	integer [ -9223372036854776000 .. 9223372036854776000 ] Enum: -1 0 1 2 3 4 `-1` - undefined `0` - info `1` - low `2` - medium `3` - high `4` - critical
status	string (Status5fcEnum) Enum: "--" "identified" "confirmed" "dismissed" "assigned" "in_progress" "mitigated" "resolved" "closed" "deprecated" `--` - Undefined `identified` - Identified `confirmed` - Confirmed `dismissed` - Dismissed `assigned` - Assigned `in_progress` - In Progress `mitigated` - Mitigated `resolved` - Resolved `closed` - Closed `deprecated` - Deprecated
observation	string or null
findings_assessment required	string <uuid>
filtering_labels	Array of strings <uuid> (Labels) [ items <uuid > ]
threats	Array of strings <uuid> [ items <uuid > ]
vulnerabilities	Array of strings <uuid> [ items <uuid > ]
reference_controls	Array of strings <uuid> [ items <uuid > ]
applied_controls	Array of strings <uuid> [ items <uuid > ]
owner	Array of strings <uuid> [ items <uuid > ]
evidences	Array of strings <uuid> [ items <uuid > ] Evidences related to the follow-up

Responses

Request samples

Payload

Content type

application/json

{"is_published": true,
"name": "string",
"description": "string",
"eta": "2019-08-24",
"due_date": "2019-08-24",
"ref_id": "string",
"priority": 1,
"severity": -1,
"status": "--",
"observation": "string",
"findings_assessment": "69cc1a79-dd84-4f89-9814-52e4737f78c4",
"filtering_labels": ["497f6eca-6276-4993-bfeb-53cbbbba6f08"
],
"threats": ["497f6eca-6276-4993-bfeb-53cbbbba6f08"
],
"vulnerabilities": ["497f6eca-6276-4993-bfeb-53cbbbba6f08"
],
"reference_controls": ["497f6eca-6276-4993-bfeb-53cbbbba6f08"
],
"applied_controls": ["497f6eca-6276-4993-bfeb-53cbbbba6f08"
],
"owner": ["497f6eca-6276-4993-bfeb-53cbbbba6f08"
],
"evidences": ["497f6eca-6276-4993-bfeb-53cbbbba6f08"
]
}

Response samples

200

Content type

application/json

{"id": "497f6eca-6276-4993-bfeb-53cbbbba6f08",
"is_published": true,
"name": "string",
"description": "string",
"eta": "2019-08-24",
"due_date": "2019-08-24",
"ref_id": "string",
"priority": 1,
"severity": -1,
"status": "--",
"observation": "string",
"findings_assessment": "69cc1a79-dd84-4f89-9814-52e4737f78c4",
"filtering_labels": ["497f6eca-6276-4993-bfeb-53cbbbba6f08"
],
"threats": ["497f6eca-6276-4993-bfeb-53cbbbba6f08"
],
"vulnerabilities": ["497f6eca-6276-4993-bfeb-53cbbbba6f08"
],
"reference_controls": ["497f6eca-6276-4993-bfeb-53cbbbba6f08"
],
"applied_controls": ["497f6eca-6276-4993-bfeb-53cbbbba6f08"
],
"owner": ["497f6eca-6276-4993-bfeb-53cbbbba6f08"
],
"evidences": ["497f6eca-6276-4993-bfeb-53cbbbba6f08"
]
}

findings_partial_update

Authorizations:

knoxApiToken

path Parameters

id

required

string <uuid>

A UUID string identifying this Finding.

Request Body schema:
application/json

is_published	boolean (Published)
name	string <= 200 characters
description	string or null
eta	string or null <date>
due_date	string or null <date>
ref_id	string (Reference ID) <= 100 characters
	(PriorityEnum (integer or null)) or (NullEnum (number or null)) [ 0 .. 9223372036854776000 ]
severity	integer [ -9223372036854776000 .. 9223372036854776000 ] Enum: -1 0 1 2 3 4 `-1` - undefined `0` - info `1` - low `2` - medium `3` - high `4` - critical
status	string (Status5fcEnum) Enum: "--" "identified" "confirmed" "dismissed" "assigned" "in_progress" "mitigated" "resolved" "closed" "deprecated" `--` - Undefined `identified` - Identified `confirmed` - Confirmed `dismissed` - Dismissed `assigned` - Assigned `in_progress` - In Progress `mitigated` - Mitigated `resolved` - Resolved `closed` - Closed `deprecated` - Deprecated
observation	string or null
findings_assessment	string <uuid>
filtering_labels	Array of strings <uuid> (Labels) [ items <uuid > ]
threats	Array of strings <uuid> [ items <uuid > ]
vulnerabilities	Array of strings <uuid> [ items <uuid > ]
reference_controls	Array of strings <uuid> [ items <uuid > ]
applied_controls	Array of strings <uuid> [ items <uuid > ]
owner	Array of strings <uuid> [ items <uuid > ]
evidences	Array of strings <uuid> [ items <uuid > ] Evidences related to the follow-up

Responses

Request samples

Payload

Content type

application/json

{"is_published": true,
"name": "string",
"description": "string",
"eta": "2019-08-24",
"due_date": "2019-08-24",
"ref_id": "string",
"priority": 1,
"severity": -1,
"status": "--",
"observation": "string",
"findings_assessment": "69cc1a79-dd84-4f89-9814-52e4737f78c4",
"filtering_labels": ["497f6eca-6276-4993-bfeb-53cbbbba6f08"
],
"threats": ["497f6eca-6276-4993-bfeb-53cbbbba6f08"
],
"vulnerabilities": ["497f6eca-6276-4993-bfeb-53cbbbba6f08"
],
"reference_controls": ["497f6eca-6276-4993-bfeb-53cbbbba6f08"
],
"applied_controls": ["497f6eca-6276-4993-bfeb-53cbbbba6f08"
],
"owner": ["497f6eca-6276-4993-bfeb-53cbbbba6f08"
],
"evidences": ["497f6eca-6276-4993-bfeb-53cbbbba6f08"
]
}

Response samples

200

Content type

application/json

{"id": "497f6eca-6276-4993-bfeb-53cbbbba6f08",
"is_published": true,
"name": "string",
"description": "string",
"eta": "2019-08-24",
"due_date": "2019-08-24",
"ref_id": "string",
"priority": 1,
"severity": -1,
"status": "--",
"observation": "string",
"findings_assessment": "69cc1a79-dd84-4f89-9814-52e4737f78c4",
"filtering_labels": ["497f6eca-6276-4993-bfeb-53cbbbba6f08"
],
"threats": ["497f6eca-6276-4993-bfeb-53cbbbba6f08"
],
"vulnerabilities": ["497f6eca-6276-4993-bfeb-53cbbbba6f08"
],
"reference_controls": ["497f6eca-6276-4993-bfeb-53cbbbba6f08"
],
"applied_controls": ["497f6eca-6276-4993-bfeb-53cbbbba6f08"
],
"owner": ["497f6eca-6276-4993-bfeb-53cbbbba6f08"
],
"evidences": ["497f6eca-6276-4993-bfeb-53cbbbba6f08"
]
}

findings_destroy

Authorizations:

knoxApiToken

path Parameters

id

required

string <uuid>

A UUID string identifying this Finding.

Responses

findings_cascade_info_retrieve

Cascade preview:

deleted: objects actually deleted by cascade
affected: objects not deleted but whose relationships will be removed (through rows, SET_NULL, local links)

Authorizations:

knoxApiToken

path Parameters

id

required

string <uuid>

A UUID string identifying this Finding.

Responses

findings_object_retrieve

Authorizations:

knoxApiToken

path Parameters

id

required

string <uuid>

A UUID string identifying this Finding.

Responses

findings_batch_action_create

Perform a batch action on multiple objects. Uses the IAM-filtered queryset and serializers to respect permissions and validation, mirroring the standard partial_update / destroy flows.

Payload: { "action": "delete"|"change_field"|"change_m2m"|"change_folder", "ids": [...], "field": "", "value": ... }

Authorizations:

knoxApiToken

Responses

findings_owner_retrieve

Authorizations:

knoxApiToken

Responses

findings_priority_retrieve

Authorizations:

knoxApiToken

Responses

findings_sankey_data_retrieve

Returns findings data structured for Sankey diagram: Category -> Severity -> Status

Authorizations:

knoxApiToken

Responses

findings_severity_retrieve

Authorizations:

knoxApiToken

Responses

findings_status_retrieve

Authorizations:

knoxApiToken

Responses

findings-assessments

findings_assessments_list

Override the list method to inject optimized data into the serializer context.

Authorizations:

knoxApiToken

query Parameters

authors	Array of strings <uuid> [ items <uuid > ]
category	Array of strings Items Enum: "--" "audit" "pentest" "self_identified" `--` - Undefined `pentest` - Pentest `audit` - Audit `self_identified` - Self-identified
evidences	Array of strings <uuid> [ items <uuid > ]
folder	Array of strings <uuid> [ items <uuid > ]
genericcollection	Array of strings <uuid> [ items <uuid > ]
id	Array of strings <uuid> [ items <uuid > ] Multiple values may be separated by commas.
limit	integer Number of results to return per page.
name	string
offset	integer The initial index from which to return the results.
ordering	string Which field to use when ordering the results.
perimeter	Array of strings <uuid> [ items <uuid > ]
ref_id	string
search	string A search term.
status	Array of strings or null Items Enum: "deprecated" "done" "in_progress" "in_review" "planned" `planned` - Planned `in_progress` - In progress `in_review` - In review `done` - Done `deprecated` - Deprecated

Responses

Response samples

200

Content type

application/json

{"count": 123,
"next": "http://api.example.org/accounts/?offset=400&limit=100",
"previous": "http://api.example.org/accounts/?offset=200&limit=100",
"results": [{"id": "497f6eca-6276-4993-bfeb-53cbbbba6f08",
"path": "string",
"perimeter": "string",
"authors": ["string"
],
"reviewers": ["string"
],
"folder": "string",
"findings_count": 0,
"treatment_progress": 0,
"evidences": ["string"
],
"validation_flows": ["string"
],
"created_at": "2019-08-24T14:15:22Z",
"updated_at": "2019-08-24T14:15:22Z",
"is_published": true,
"name": "string",
"description": "string",
"eta": "2019-08-24",
"due_date": "2019-08-24",
"version": "string",
"status": "planned",
"observation": "string",
"is_locked": true,
"category": "--",
"ref_id": "string"
}
]
}

findings_assessments_create

Authorizations:

knoxApiToken

Request Body schema:
application/json
required

is_published	boolean (Published)
name required	string <= 200 characters
description	string or null
eta	string or null <date>
due_date	string or null <date>
version	string or null <= 100 characters Version of the compliance assessment (eg. 1.0, 2.0, etc.)
	(Status6d9Enum (string or null)) or (BlankEnum (any or null)) or (NullEnum (any or null))
observation	string or null
is_locked	boolean or null
category	string (CategoryB50Enum) Enum: "--" "pentest" "audit" "self_identified" `--` - Undefined `pentest` - Pentest `audit` - Audit `self_identified` - Self-identified
ref_id	string or null (Reference id) <= 100 characters
folder	string <uuid>
perimeter	string or null <uuid>
reviewers	Array of strings <uuid> [ items <uuid > ]
authors	Array of strings <uuid> [ items <uuid > ]
evidences	Array of strings <uuid> [ items <uuid > ] Evidences related to the follow-up

Responses

Request samples

Payload

Content type

application/json

{"is_published": true,
"name": "string",
"description": "string",
"eta": "2019-08-24",
"due_date": "2019-08-24",
"version": "string",
"status": "planned",
"observation": "string",
"is_locked": true,
"category": "--",
"ref_id": "string",
"folder": "ca579eb8-24ac-44d0-a8b9-a42c500083f5",
"perimeter": "bf619ff5-f1a2-4505-92b9-0c56e7a44b98",
"reviewers": ["497f6eca-6276-4993-bfeb-53cbbbba6f08"
],
"authors": ["497f6eca-6276-4993-bfeb-53cbbbba6f08"
],
"evidences": ["497f6eca-6276-4993-bfeb-53cbbbba6f08"
]
}

Response samples

201

Content type

application/json

{"id": "497f6eca-6276-4993-bfeb-53cbbbba6f08",
"is_published": true,
"name": "string",
"description": "string",
"eta": "2019-08-24",
"due_date": "2019-08-24",
"version": "string",
"status": "planned",
"observation": "string",
"is_locked": true,
"category": "--",
"ref_id": "string",
"folder": "ca579eb8-24ac-44d0-a8b9-a42c500083f5",
"perimeter": "bf619ff5-f1a2-4505-92b9-0c56e7a44b98",
"reviewers": ["497f6eca-6276-4993-bfeb-53cbbbba6f08"
],
"authors": ["497f6eca-6276-4993-bfeb-53cbbbba6f08"
],
"evidences": ["497f6eca-6276-4993-bfeb-53cbbbba6f08"
]
}

findings_assessments_retrieve

Return a single object with unauthorized related fields masked.

Authorizations:

knoxApiToken

path Parameters

id

required

string <uuid>

A UUID string identifying this findings assessment.

Responses

Response samples

200

Content type

application/json

{"id": "497f6eca-6276-4993-bfeb-53cbbbba6f08",
"path": "string",
"perimeter": "string",
"authors": ["string"
],
"reviewers": ["string"
],
"folder": "string",
"findings_count": 0,
"treatment_progress": 0,
"evidences": ["string"
],
"validation_flows": ["string"
],
"created_at": "2019-08-24T14:15:22Z",
"updated_at": "2019-08-24T14:15:22Z",
"is_published": true,
"name": "string",
"description": "string",
"eta": "2019-08-24",
"due_date": "2019-08-24",
"version": "string",
"status": "planned",
"observation": "string",
"is_locked": true,
"category": "--",
"ref_id": "string"
}

findings_assessments_update

Authorizations:

knoxApiToken

path Parameters

id

required

string <uuid>

A UUID string identifying this findings assessment.

Request Body schema:
application/json
required

is_published	boolean (Published)
name required	string <= 200 characters
description	string or null
eta	string or null <date>
due_date	string or null <date>
version	string or null <= 100 characters Version of the compliance assessment (eg. 1.0, 2.0, etc.)
	(Status6d9Enum (string or null)) or (BlankEnum (any or null)) or (NullEnum (any or null))
observation	string or null
is_locked	boolean or null
category	string (CategoryB50Enum) Enum: "--" "pentest" "audit" "self_identified" `--` - Undefined `pentest` - Pentest `audit` - Audit `self_identified` - Self-identified
ref_id	string or null (Reference id) <= 100 characters
folder	string <uuid>
perimeter	string or null <uuid>
reviewers	Array of strings <uuid> [ items <uuid > ]
authors	Array of strings <uuid> [ items <uuid > ]
evidences	Array of strings <uuid> [ items <uuid > ] Evidences related to the follow-up

Responses

Request samples

Payload

Content type

application/json

{"is_published": true,
"name": "string",
"description": "string",
"eta": "2019-08-24",
"due_date": "2019-08-24",
"version": "string",
"status": "planned",
"observation": "string",
"is_locked": true,
"category": "--",
"ref_id": "string",
"folder": "ca579eb8-24ac-44d0-a8b9-a42c500083f5",
"perimeter": "bf619ff5-f1a2-4505-92b9-0c56e7a44b98",
"reviewers": ["497f6eca-6276-4993-bfeb-53cbbbba6f08"
],
"authors": ["497f6eca-6276-4993-bfeb-53cbbbba6f08"
],
"evidences": ["497f6eca-6276-4993-bfeb-53cbbbba6f08"
]
}

Response samples

200

Content type

application/json

{"id": "497f6eca-6276-4993-bfeb-53cbbbba6f08",
"is_published": true,
"name": "string",
"description": "string",
"eta": "2019-08-24",
"due_date": "2019-08-24",
"version": "string",
"status": "planned",
"observation": "string",
"is_locked": true,
"category": "--",
"ref_id": "string",
"folder": "ca579eb8-24ac-44d0-a8b9-a42c500083f5",
"perimeter": "bf619ff5-f1a2-4505-92b9-0c56e7a44b98",
"reviewers": ["497f6eca-6276-4993-bfeb-53cbbbba6f08"
],
"authors": ["497f6eca-6276-4993-bfeb-53cbbbba6f08"
],
"evidences": ["497f6eca-6276-4993-bfeb-53cbbbba6f08"
]
}

findings_assessments_partial_update

Authorizations:

knoxApiToken

path Parameters

id

required

string <uuid>

A UUID string identifying this findings assessment.

Request Body schema:
application/json

is_published	boolean (Published)
name	string <= 200 characters
description	string or null
eta	string or null <date>
due_date	string or null <date>
version	string or null <= 100 characters Version of the compliance assessment (eg. 1.0, 2.0, etc.)
	(Status6d9Enum (string or null)) or (BlankEnum (any or null)) or (NullEnum (any or null))
observation	string or null
is_locked	boolean or null
category	string (CategoryB50Enum) Enum: "--" "pentest" "audit" "self_identified" `--` - Undefined `pentest` - Pentest `audit` - Audit `self_identified` - Self-identified
ref_id	string or null (Reference id) <= 100 characters
folder	string <uuid>
perimeter	string or null <uuid>
reviewers	Array of strings <uuid> [ items <uuid > ]
authors	Array of strings <uuid> [ items <uuid > ]
evidences	Array of strings <uuid> [ items <uuid > ] Evidences related to the follow-up

Responses

Request samples

Payload

Content type

application/json

{"is_published": true,
"name": "string",
"description": "string",
"eta": "2019-08-24",
"due_date": "2019-08-24",
"version": "string",
"status": "planned",
"observation": "string",
"is_locked": true,
"category": "--",
"ref_id": "string",
"folder": "ca579eb8-24ac-44d0-a8b9-a42c500083f5",
"perimeter": "bf619ff5-f1a2-4505-92b9-0c56e7a44b98",
"reviewers": ["497f6eca-6276-4993-bfeb-53cbbbba6f08"
],
"authors": ["497f6eca-6276-4993-bfeb-53cbbbba6f08"
],
"evidences": ["497f6eca-6276-4993-bfeb-53cbbbba6f08"
]
}

Response samples

200

Content type

application/json

{"id": "497f6eca-6276-4993-bfeb-53cbbbba6f08",
"is_published": true,
"name": "string",
"description": "string",
"eta": "2019-08-24",
"due_date": "2019-08-24",
"version": "string",
"status": "planned",
"observation": "string",
"is_locked": true,
"category": "--",
"ref_id": "string",
"folder": "ca579eb8-24ac-44d0-a8b9-a42c500083f5",
"perimeter": "bf619ff5-f1a2-4505-92b9-0c56e7a44b98",
"reviewers": ["497f6eca-6276-4993-bfeb-53cbbbba6f08"
],
"authors": ["497f6eca-6276-4993-bfeb-53cbbbba6f08"
],
"evidences": ["497f6eca-6276-4993-bfeb-53cbbbba6f08"
]
}

findings_assessments_destroy

Authorizations:

knoxApiToken

path Parameters

id

required

string <uuid>

A UUID string identifying this findings assessment.

Responses

findings_assessments_cascade_info_retrieve

Cascade preview:

deleted: objects actually deleted by cascade
affected: objects not deleted but whose relationships will be removed (through rows, SET_NULL, local links)

Authorizations:

knoxApiToken

path Parameters

id

required

string <uuid>

A UUID string identifying this findings assessment.

Responses

findings_assessments_md_retrieve

Authorizations:

knoxApiToken

path Parameters

id

required

string <uuid>

A UUID string identifying this findings assessment.

Responses

findings_assessments_metrics_retrieve

Authorizations:

knoxApiToken

path Parameters

id

required

string <uuid>

A UUID string identifying this findings assessment.

Responses

findings_assessments_object_retrieve

Authorizations:

knoxApiToken

path Parameters

id

required

string <uuid>

A UUID string identifying this findings assessment.

Responses

findings_assessments_pdf_retrieve

Authorizations:

knoxApiToken

path Parameters

id

required

string <uuid>

A UUID string identifying this findings assessment.

Responses

findings_assessments_xlsx_retrieve

Authorizations:

knoxApiToken

path Parameters

id

required

string <uuid>

A UUID string identifying this findings assessment.

Responses

findings_assessments_batch_action_create

Perform a batch action on multiple objects. Uses the IAM-filtered queryset and serializers to respect permissions and validation, mirroring the standard partial_update / destroy flows.

Payload: { "action": "delete"|"change_field"|"change_m2m"|"change_folder", "ids": [...], "field": "", "value": ... }

Authorizations:

knoxApiToken

Responses

findings_assessments_category_retrieve

Authorizations:

knoxApiToken

Responses

findings_assessments_status_retrieve

Authorizations:

knoxApiToken

Responses

findings_assessments_sunburst_data_retrieve

Returns FindingsAssessment data structured for sunburst visualization: Categories (pentest, audit, self-identified) -> Status

Authorizations:

knoxApiToken

Responses

security-exceptions

security_exceptions_list

Override the list method to inject optimized data into the serializer context.

Authorizations:

knoxApiToken

query Parameters

approver	Array of strings <uuid> [ items <uuid > ]
expiration_date	string <date>
folder	Array of strings <uuid> [ items <uuid > ]
genericcollection	Array of strings <uuid> [ items <uuid > ]
id	Array of strings <uuid> [ items <uuid > ] Multiple values may be separated by commas.
limit	integer Number of results to return per page.
name	string
offset	integer The initial index from which to return the results.
ordering	string Which field to use when ordering the results.
owners	Array of strings <uuid> [ items <uuid > ]
requirement_assessments	Array of strings <uuid> [ items <uuid > ]
risk_scenarios	Array of strings <uuid> [ items <uuid > ]
search	string A search term.
severity	Array of integers Items Enum: -1 0 1 2 3 4 `-1` - undefined `0` - info `1` - low `2` - medium `3` - high `4` - critical
status	Array of strings Items Enum: "approved" "deprecated" "draft" "expired" "in_review" "resolved" `draft` - draft `in_review` - in review `approved` - approved `resolved` - resolved `expired` - expired `deprecated` - deprecated

Responses

Response samples

200

Content type

application/json

{"count": 123,
"next": "http://api.example.org/accounts/?offset=400&limit=100",
"previous": "http://api.example.org/accounts/?offset=200&limit=100",
"results": [{"id": "497f6eca-6276-4993-bfeb-53cbbbba6f08",
"path": "string",
"folder": "string",
"owners": ["string"
],
"approver": "string",
"severity": "string",
"associated_objects_count": "string",
"assets": ["string"
],
"validation_flows": ["string"
],
"created_at": "2019-08-24T14:15:22Z",
"updated_at": "2019-08-24T14:15:22Z",
"name": "string",
"description": "string",
"ref_id": "string",
"status": "draft",
"expiration_date": "2019-08-24",
"is_published": true,
"observation": "string"
}
]
}

security_exceptions_create

API endpoint that allows security exceptions to be viewed or edited.

Authorizations:

knoxApiToken

Request Body schema:
application/json
required

requirement_assessments	Array of strings <uuid> [ items <uuid > ]
applied_controls	Array of strings <uuid> [ items <uuid > ]
assets	Array of strings <uuid> [ items <uuid > ]
name required	string <= 200 characters
description	string or null
ref_id	string or null (Reference ID) <= 100 characters
severity	integer [ -9223372036854776000 .. 9223372036854776000 ] Enum: -1 0 1 2 3 4 `-1` - undefined `0` - info `1` - low `2` - medium `3` - high `4` - critical
status	string (Status167Enum) Enum: "draft" "in_review" "approved" "resolved" "expired" "deprecated" `draft` - draft `in_review` - in review `approved` - approved `resolved` - resolved `expired` - expired `deprecated` - deprecated
expiration_date	string or null <date> Specify when the security exception will no longer apply
is_published	boolean (Published)
observation	string or null
folder	string <uuid>
approver	string or null <uuid>
owners	Array of strings <uuid> (Owner) [ items <uuid > ]

Responses

Request samples

Payload

Content type

application/json

{"requirement_assessments": ["497f6eca-6276-4993-bfeb-53cbbbba6f08"
],
"applied_controls": ["497f6eca-6276-4993-bfeb-53cbbbba6f08"
],
"assets": ["497f6eca-6276-4993-bfeb-53cbbbba6f08"
],
"name": "string",
"description": "string",
"ref_id": "string",
"severity": -1,
"status": "draft",
"expiration_date": "2019-08-24",
"is_published": true,
"observation": "string",
"folder": "ca579eb8-24ac-44d0-a8b9-a42c500083f5",
"approver": "a0a63d7a-7a62-4e15-9ab9-49317f76d38f",
"owners": ["497f6eca-6276-4993-bfeb-53cbbbba6f08"
]
}

Response samples

201

Content type

application/json

{"id": "497f6eca-6276-4993-bfeb-53cbbbba6f08",
"requirement_assessments": ["497f6eca-6276-4993-bfeb-53cbbbba6f08"
],
"applied_controls": ["497f6eca-6276-4993-bfeb-53cbbbba6f08"
],
"assets": ["497f6eca-6276-4993-bfeb-53cbbbba6f08"
],
"created_at": "2019-08-24T14:15:22Z",
"updated_at": "2019-08-24T14:15:22Z",
"name": "string",
"description": "string",
"ref_id": "string",
"severity": -1,
"status": "draft",
"expiration_date": "2019-08-24",
"is_published": true,
"observation": "string",
"folder": "ca579eb8-24ac-44d0-a8b9-a42c500083f5",
"approver": "a0a63d7a-7a62-4e15-9ab9-49317f76d38f",
"owners": ["497f6eca-6276-4993-bfeb-53cbbbba6f08"
]
}

security_exceptions_retrieve

Return a single object with unauthorized related fields masked.

Authorizations:

knoxApiToken

path Parameters

id

required

string <uuid>

A UUID string identifying this security exception.

Responses

Response samples

200

Content type

application/json

{"id": "497f6eca-6276-4993-bfeb-53cbbbba6f08",
"path": "string",
"folder": "string",
"owners": ["string"
],
"approver": "string",
"severity": "string",
"associated_objects_count": "string",
"assets": ["string"
],
"validation_flows": ["string"
],
"created_at": "2019-08-24T14:15:22Z",
"updated_at": "2019-08-24T14:15:22Z",
"name": "string",
"description": "string",
"ref_id": "string",
"status": "draft",
"expiration_date": "2019-08-24",
"is_published": true,
"observation": "string"
}

security_exceptions_update

API endpoint that allows security exceptions to be viewed or edited.

Authorizations:

knoxApiToken

path Parameters

id

required

string <uuid>

A UUID string identifying this security exception.

Request Body schema:
application/json
required

requirement_assessments	Array of strings <uuid> [ items <uuid > ]
applied_controls	Array of strings <uuid> [ items <uuid > ]
assets	Array of strings <uuid> [ items <uuid > ]
name required	string <= 200 characters
description	string or null
ref_id	string or null (Reference ID) <= 100 characters
severity	integer [ -9223372036854776000 .. 9223372036854776000 ] Enum: -1 0 1 2 3 4 `-1` - undefined `0` - info `1` - low `2` - medium `3` - high `4` - critical
status	string (Status167Enum) Enum: "draft" "in_review" "approved" "resolved" "expired" "deprecated" `draft` - draft `in_review` - in review `approved` - approved `resolved` - resolved `expired` - expired `deprecated` - deprecated
expiration_date	string or null <date> Specify when the security exception will no longer apply
is_published	boolean (Published)
observation	string or null
folder	string <uuid>
approver	string or null <uuid>
owners	Array of strings <uuid> (Owner) [ items <uuid > ]

Responses

Request samples

Payload

Content type

application/json

{"requirement_assessments": ["497f6eca-6276-4993-bfeb-53cbbbba6f08"
],
"applied_controls": ["497f6eca-6276-4993-bfeb-53cbbbba6f08"
],
"assets": ["497f6eca-6276-4993-bfeb-53cbbbba6f08"
],
"name": "string",
"description": "string",
"ref_id": "string",
"severity": -1,
"status": "draft",
"expiration_date": "2019-08-24",
"is_published": true,
"observation": "string",
"folder": "ca579eb8-24ac-44d0-a8b9-a42c500083f5",
"approver": "a0a63d7a-7a62-4e15-9ab9-49317f76d38f",
"owners": ["497f6eca-6276-4993-bfeb-53cbbbba6f08"
]
}

Response samples

200

Content type

application/json

{"id": "497f6eca-6276-4993-bfeb-53cbbbba6f08",
"requirement_assessments": ["497f6eca-6276-4993-bfeb-53cbbbba6f08"
],
"applied_controls": ["497f6eca-6276-4993-bfeb-53cbbbba6f08"
],
"assets": ["497f6eca-6276-4993-bfeb-53cbbbba6f08"
],
"created_at": "2019-08-24T14:15:22Z",
"updated_at": "2019-08-24T14:15:22Z",
"name": "string",
"description": "string",
"ref_id": "string",
"severity": -1,
"status": "draft",
"expiration_date": "2019-08-24",
"is_published": true,
"observation": "string",
"folder": "ca579eb8-24ac-44d0-a8b9-a42c500083f5",
"approver": "a0a63d7a-7a62-4e15-9ab9-49317f76d38f",
"owners": ["497f6eca-6276-4993-bfeb-53cbbbba6f08"
]
}

security_exceptions_partial_update

API endpoint that allows security exceptions to be viewed or edited.

Authorizations:

knoxApiToken

path Parameters

id

required

string <uuid>

A UUID string identifying this security exception.

Request Body schema:
application/json

requirement_assessments	Array of strings <uuid> [ items <uuid > ]
applied_controls	Array of strings <uuid> [ items <uuid > ]
assets	Array of strings <uuid> [ items <uuid > ]
name	string <= 200 characters
description	string or null
ref_id	string or null (Reference ID) <= 100 characters
severity	integer [ -9223372036854776000 .. 9223372036854776000 ] Enum: -1 0 1 2 3 4 `-1` - undefined `0` - info `1` - low `2` - medium `3` - high `4` - critical
status	string (Status167Enum) Enum: "draft" "in_review" "approved" "resolved" "expired" "deprecated" `draft` - draft `in_review` - in review `approved` - approved `resolved` - resolved `expired` - expired `deprecated` - deprecated
expiration_date	string or null <date> Specify when the security exception will no longer apply
is_published	boolean (Published)
observation	string or null
folder	string <uuid>
approver	string or null <uuid>
owners	Array of strings <uuid> (Owner) [ items <uuid > ]

Responses

Request samples

Payload

Content type

application/json

{"requirement_assessments": ["497f6eca-6276-4993-bfeb-53cbbbba6f08"
],
"applied_controls": ["497f6eca-6276-4993-bfeb-53cbbbba6f08"
],
"assets": ["497f6eca-6276-4993-bfeb-53cbbbba6f08"
],
"name": "string",
"description": "string",
"ref_id": "string",
"severity": -1,
"status": "draft",
"expiration_date": "2019-08-24",
"is_published": true,
"observation": "string",
"folder": "ca579eb8-24ac-44d0-a8b9-a42c500083f5",
"approver": "a0a63d7a-7a62-4e15-9ab9-49317f76d38f",
"owners": ["497f6eca-6276-4993-bfeb-53cbbbba6f08"
]
}

Response samples

200

Content type

application/json

{"id": "497f6eca-6276-4993-bfeb-53cbbbba6f08",
"requirement_assessments": ["497f6eca-6276-4993-bfeb-53cbbbba6f08"
],
"applied_controls": ["497f6eca-6276-4993-bfeb-53cbbbba6f08"
],
"assets": ["497f6eca-6276-4993-bfeb-53cbbbba6f08"
],
"created_at": "2019-08-24T14:15:22Z",
"updated_at": "2019-08-24T14:15:22Z",
"name": "string",
"description": "string",
"ref_id": "string",
"severity": -1,
"status": "draft",
"expiration_date": "2019-08-24",
"is_published": true,
"observation": "string",
"folder": "ca579eb8-24ac-44d0-a8b9-a42c500083f5",
"approver": "a0a63d7a-7a62-4e15-9ab9-49317f76d38f",
"owners": ["497f6eca-6276-4993-bfeb-53cbbbba6f08"
]
}

security_exceptions_destroy

API endpoint that allows security exceptions to be viewed or edited.

Authorizations:

knoxApiToken

path Parameters

id

required

string <uuid>

A UUID string identifying this security exception.

Responses

security_exceptions_cascade_info_retrieve

Cascade preview:

deleted: objects actually deleted by cascade
affected: objects not deleted but whose relationships will be removed (through rows, SET_NULL, local links)

Authorizations:

knoxApiToken

path Parameters

id

required

string <uuid>

A UUID string identifying this security exception.

Responses

security_exceptions_object_retrieve

API endpoint that allows security exceptions to be viewed or edited.

Authorizations:

knoxApiToken

path Parameters

id

required

string <uuid>

A UUID string identifying this security exception.

Responses

security_exceptions_batch_action_create

Perform a batch action on multiple objects. Uses the IAM-filtered queryset and serializers to respect permissions and validation, mirroring the standard partial_update / destroy flows.

Payload: { "action": "delete"|"change_field"|"change_m2m"|"change_folder", "ids": [...], "field": "", "value": ... }

CISO Assistant API — Security Exceptions & Findings (0.7.0)

findings

findings_list

Authorizations:

query Parameters

Responses

Response samples

findings_create

Authorizations:

Request Body schema: application/jsonapplication/x-www-form-urlencodedmultipart/form-dataapplication/jsonrequired

Responses

Request samples

Response samples

findings_retrieve

Authorizations:

path Parameters

Responses

Response samples

findings_update

Authorizations:

path Parameters

Request Body schema: application/jsonapplication/x-www-form-urlencodedmultipart/form-dataapplication/jsonrequired

Responses

Request samples

Response samples

findings_partial_update

Authorizations:

path Parameters

Request Body schema: application/jsonapplication/x-www-form-urlencodedmultipart/form-dataapplication/json

Responses

Request samples

Response samples

findings_destroy

Authorizations:

path Parameters

Responses

findings_cascade_info_retrieve

Authorizations:

path Parameters

Responses

findings_object_retrieve

Authorizations:

path Parameters

Responses

findings_batch_action_create

Authorizations:

Responses

findings_owner_retrieve

Authorizations:

Responses

findings_priority_retrieve

Authorizations:

Responses

findings_sankey_data_retrieve

Authorizations:

Responses

findings_severity_retrieve

Authorizations:

Responses

findings_status_retrieve

Authorizations:

Responses

findings-assessments

findings_assessments_list

Authorizations:

query Parameters

Responses

Response samples

findings_assessments_create

Authorizations:

Request Body schema: application/jsonapplication/x-www-form-urlencodedmultipart/form-dataapplication/jsonrequired

Responses

Request samples

Response samples

findings_assessments_retrieve

Authorizations:

path Parameters

Responses

Response samples

findings_assessments_update

Request Body schema:
application/json
required

Request Body schema:
application/json
required

Request Body schema:
application/json

Request Body schema:
application/json
required

Request Body schema:
application/json
required

Request Body schema:
application/json

Request Body schema:
application/json
required