Downloading your security report
This guide demonstrates how to download your Coralogix security report via API.
Prerequisites
Configuration
Choose the https:///xdr/get-report endpoint that corresponds to your Coralogix domain using the domain selector at the top of the page.
To use this API you need to create a personal or team API key. It’s recommended to use permission presets, as they are automatically updated with all relevant permissions. Alternatively, you can manually add individual permissions.
| Preset | Action | Description |
|---|---|---|
| DataQuerying | LEGACY-ARCHIVE-QUERIES:EXECUTE LOGS.DATA-API#HIGH:READDATA LOGS.DATA-API#LOW:READDATA METRICS.DATA-API#HIGH:READDATA SPANS.DATA-API#HIGH:READDATA SPANS.DATA-API#LOW:READDATA | Query Data from the Archive Query Frequent Search Logs Query Monitoring & Compliance Logs Query Metrics Query Frequent Search Spans Query Monitoring & Compliance Spans |
Create the API.
| URL | https://eu2.coralogix.com/xdr/get-report |
|---|---|
| HTTP Method | POST |
| Content Type | application/json |
| Authorization | Bearer {{Logs Query key}} |
Schema
Request schema.
{
"executionId": string(uuid), // in case it's not provided using the last scan id
"filter": {
"region": string[],
"account": string[],
"complianceFramework": string[],
"provider": string[], // "aws", "gcp", "azure", "github", etc...
"service": string[], // "RDS", "BIG QUERY", "S3", etc
"testName": string[], // sort name of the security rule (testIdentity)
"result": string[] // (enum) "Passed", "Failed"
"severity": int[], // (enum) 1 - Low, 2 - Medium, 3 - High, 4 - Critical
"active": string[] // (enum): "Enabled", "Disabled"
}
}
Note: Every field in the request payload is optional. Passing a null value or ignoring that field is the same as passing an empty list.
Compliance frameworks and short names:
| Snowbit | snowbit |
|---|---|
| CIS AWS 1.4.0 | cis_aws |
| HIPAA | hipaa |
| ISO-27001 | iso_27001 |
| PCI DSS 3.1.0 | pci_dss |
| SOC 2 | soc2 |
Response schema:
{
"executionId": string // uuid v4 format
"data":[
{
"region": string,
"account": string,
"complianceFrameworks": string[],
"provider": string,
"category": string, // From the category view eg: "Database", "Storage", "Identity Management", etc
"service": string, // "RDS", "BIG QUERY", "S3", etc
"testName": string,
"severity": int, // enum: 1 - Low, 2 - Medium, 3 - High, 4 - Critical
"resourceName": string,
"resourceId": string,
"passed": boolean,
"active": boolean
}
]
}
Additional resources
| Documentation | Cloud Security Posture Management (CSPM) |
| Coralogix Endpoints | Coralogix Endpoints |
Support
Need help?
Our world-class customer success team is available 24/7 to walk you through your setup and answer any questions that may come up.
Feel free to reach out to us via our in-app chat or by sending us an email at support@coralogix.com.