# Downloading your security report

Copy as Markdown[Open in ChatGPT](https://chatgpt.com/?q=Read%20https%3A%2F%2Fdocs-docusaurus.kinsta.page%2Fuser-guides%2Fsecurity%2Fcloud-security-posture-management%2Fdownloading-your-security-report.md%20and%20help%20me%20with%20my%20question%20about%20this%20Coralogix%20documentation%20page.)[Open in Claude](https://claude.ai/new?q=Read%20https%3A%2F%2Fdocs-docusaurus.kinsta.page%2Fuser-guides%2Fsecurity%2Fcloud-security-posture-management%2Fdownloading-your-security-report.md%20and%20help%20me%20with%20my%20question%20about%20this%20Coralogix%20documentation%20page.)

This guide demonstrates how to **download your Coralogix security report** via API.

## Prerequisites[​](#prerequisites "Direct link to Prerequisites")

* [Cloud Security Posture Management (CSPM)](https://docs-docusaurus.kinsta.page/user-guides/security/cloud-security-posture-management/gcp-security-posture-management/.md) set up

## Configuration[​](#configuration "Direct link to Configuration")

1

<!-- -->

.

Choose the <!-- -->https\:///xdr/get-report<!-- --> endpoint that corresponds to your Coralogix [domain](https://docs-docusaurus.kinsta.page/user-guides/account-management/account-settings/coralogix-domain/.md) using the domain selector at the top of the page.

2

<!-- -->

.

To use this API you need to [create](https://docs-docusaurus.kinsta.page/user-guides/account-management/api-keys/api-keys/.md) a personal or team API key. It’s recommended to use permission presets, as they are automatically updated with all relevant permissions. Alternatively, you can manually add individual permissions.

| Preset       | Action                                                                                                                                                                                                             | Description                                                                                                                                                                                      |
| ------------ | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ |
| DataQuerying | `LEGACY-ARCHIVE-QUERIES:EXECUTE`<br />`LOGS.DATA-API#HIGH:READDATA`<br />`LOGS.DATA-API#LOW:READDATA`<br />`METRICS.DATA-API#HIGH:READDATA`<br />`SPANS.DATA-API#HIGH:READDATA`<br />`SPANS.DATA-API#LOW:READDATA` | Query Data from the Archive<br />Query Frequent Search Logs<br />Query Monitoring & Compliance Logs<br />Query Metrics<br />Query Frequent Search Spans<br />Query Monitoring & Compliance Spans |

3

<!-- -->

.

Create the API.

| URL           | `https://eu2.coralogix.com/xdr/get-report` |
| ------------- | ------------------------------------------ |
| HTTP Method   | POST                                       |
| Content Type  | application/json                           |
| Authorization | Bearer {{Logs Query key}}                  |

4

<!-- -->

.

Schema

Request schema.

```
{

    "executionId": string(uuid), // in case it's not provided using the last scan id

    "filter": {

        "region": string[],

        "account": string[],

        "complianceFramework": string[],

        "provider": string[], // "aws", "gcp", "azure", "github", etc...

    "service": string[], // "RDS", "BIG QUERY", "S3", etc

        "testName": string[], // sort name of the security rule (testIdentity)

        "result": string[] // (enum) "Passed", "Failed"

        "severity": int[], // (enum) 1 - Low, 2 - Medium, 3 - High, 4 - Critical 

        "active": string[] // (enum): "Enabled", "Disabled"

    }

}
```

**Note**: Every field in the request payload is optional. Passing a `null` value or ignoring that field is the same as passing an empty list.

Compliance frameworks and short names:

| Snowbit       | snowbit    |
| ------------- | ---------- |
| CIS AWS 1.4.0 | cis\_aws   |
| HIPAA         | hipaa      |
| ISO-27001     | iso\_27001 |
| PCI DSS 3.1.0 | pci\_dss   |
| SOC 2         | soc2       |

Response schema:

```
{

    "executionId": string // uuid v4 format

    "data":[

    {

      "region": string,

      "account": string,

      "complianceFrameworks": string[],

      "provider": string,

            "category": string, // From the category view eg: "Database", "Storage", "Identity Management", etc

      "service": string, // "RDS", "BIG QUERY", "S3", etc

      "testName": string,

      "severity": int, // enum: 1 - Low, 2 - Medium, 3 - High, 4 - Critical 

      "resourceName": string,

      "resourceId": string,

      "passed": boolean,

      "active": boolean

    }

  ]

}
```

## Additional resources[​](#additional-resources "Direct link to Additional resources")

|                     |                                                                                                                                                                            |
| ------------------- | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
| Documentation       | [Cloud Security Posture Management (CSPM)](https://docs-docusaurus.kinsta.page/user-guides/security/cloud-security-posture-management/gcp-security-posture-management/.md) |
| Coralogix Endpoints | [Coralogix Endpoints](https://docs-docusaurus.kinsta.page/integrations/coralogix-endpoints/.md)                                                                            |
