List findings in a tenant

curl --request GET \
  --url https://{region}.api.plerion.com/v1/tenant/findings \
  --header 'Authorization: Bearer <token>'

{
  "data": [
    {
      "schemaVersion": "2022-06-09",
      "id": "prn:findings:458511a1-9bc2-4fce-97a0-0e3139588e6e:plerion-aws-16:arn:aws:iam::1111222233334444:policy/test-policy",
      "organizationId": "dc16d897-7f52-4b73-be57-96c7c9a853da",
      "tenantId": "42749bc1-c99b-4c2c-a081-a6cda9370081",
      "integrationId": "458511a1-9bc2-4fce-97a0-0e3139588e6e",
      "provider": "AWS",
      "executionId": 1675576960384,
      "assetId": "prn:assets:458511a1-9bc2-4fce-97a0-0e3139588e6e:aws:iam:policy:us-east-1:arn:aws:iam::1111222233334444:policy/test-policy",
      "providerAccountId": 1111222233334444,
      "resourceType": "AWS::IAM::Policy",
      "detectionId": "PLERION-AWS-16",
      "status": "FAILED",
      "severityLevel": "HIGH",
      "message": "Policy allows full administrative privileges is attached",
      "firstObservedAt": "2023-02-04T06:02:40.594Z",
      "createdAt": "2023-02-04T06:07:09.092Z",
      "lastObservedAt": "2023-02-05T06:02:40.384Z",
      "updatedAt": "2023-02-05T06:07:02.959Z",
      "parameters": [
        "<string>"
      ],
      "tags": [
        "<string>"
      ],
      "fullResourceName": "arn:aws:iam::1111222233334444:policy/test-policy",
      "resourceId": "test-policy",
      "providerFullResourceName": "arn:aws:iam::1111222233334444:policy/test-policy",
      "region": "us-east-1",
      "service": "IAM",
      "likelihood": 3,
      "impact": 5,
      "calculatedSeverity": 2,
      "modifiedSeverityLevel": "CRITICAL",
      "attackPaths": {},
      "isExempted": false,
      "meta": {},
      "resourceTags": [
        {
          "Key": "Public",
          "Value": true
        }
      ],
      "resourceURL": "https://us-east-1.console.aws.amazon.com/iam/home#/policies/arn:aws:iam::1111222233334444:policy/test-policy"
    }
  ],
  "meta": {
    "cursor": "k3d83a9b-k3dk-5lkd-2ldk-9kd77c1beb6",
    "perPage": 10,
    "total": 42,
    "page": 1,
    "hasNextPage": true,
    "hasPreviousPage": false
  }
}

List findings in a tenant

Use the list findings API to filter findings across the tenant with many options from Provider, Service, Detection, Severity, Integration, etc. By default all PASSED and FAILED findings are returned. To list only failed findings filter by statuses=FAILED

Date range filtering is supported using the firstObservedAtStart and firstObservedAtEnd parameters:

firstObservedAtStart alone: Includes findings with a first observed time from the specified date to the present.
firstObservedAtEnd alone: Includes findings with a first observed time up to the specified date.
Both provided: Includes findings with a first observed time within the specified date range.

Date strings must follow ISO 8601 format (e.g., 2023-02-01T18:09:07Z).

GET

tenant

findings

List findings in a tenant

curl --request GET \
  --url https://{region}.api.plerion.com/v1/tenant/findings \
  --header 'Authorization: Bearer <token>'

{
  "data": [
    {
      "schemaVersion": "2022-06-09",
      "id": "prn:findings:458511a1-9bc2-4fce-97a0-0e3139588e6e:plerion-aws-16:arn:aws:iam::1111222233334444:policy/test-policy",
      "organizationId": "dc16d897-7f52-4b73-be57-96c7c9a853da",
      "tenantId": "42749bc1-c99b-4c2c-a081-a6cda9370081",
      "integrationId": "458511a1-9bc2-4fce-97a0-0e3139588e6e",
      "provider": "AWS",
      "executionId": 1675576960384,
      "assetId": "prn:assets:458511a1-9bc2-4fce-97a0-0e3139588e6e:aws:iam:policy:us-east-1:arn:aws:iam::1111222233334444:policy/test-policy",
      "providerAccountId": 1111222233334444,
      "resourceType": "AWS::IAM::Policy",
      "detectionId": "PLERION-AWS-16",
      "status": "FAILED",
      "severityLevel": "HIGH",
      "message": "Policy allows full administrative privileges is attached",
      "firstObservedAt": "2023-02-04T06:02:40.594Z",
      "createdAt": "2023-02-04T06:07:09.092Z",
      "lastObservedAt": "2023-02-05T06:02:40.384Z",
      "updatedAt": "2023-02-05T06:07:02.959Z",
      "parameters": [
        "<string>"
      ],
      "tags": [
        "<string>"
      ],
      "fullResourceName": "arn:aws:iam::1111222233334444:policy/test-policy",
      "resourceId": "test-policy",
      "providerFullResourceName": "arn:aws:iam::1111222233334444:policy/test-policy",
      "region": "us-east-1",
      "service": "IAM",
      "likelihood": 3,
      "impact": 5,
      "calculatedSeverity": 2,
      "modifiedSeverityLevel": "CRITICAL",
      "attackPaths": {},
      "isExempted": false,
      "meta": {},
      "resourceTags": [
        {
          "Key": "Public",
          "Value": true
        }
      ],
      "resourceURL": "https://us-east-1.console.aws.amazon.com/iam/home#/policies/arn:aws:iam::1111222233334444:policy/test-policy"
    }
  ],
  "meta": {
    "cursor": "k3d83a9b-k3dk-5lkd-2ldk-9kd77c1beb6",
    "perPage": 10,
    "total": 42,
    "page": 1,
    "hasNextPage": true,
    "hasPreviousPage": false
  }
}

Authorizations

Authorization

string

header

required

Bearer API Key. For example, "Bearer {Tenant API Key}"

Headers

Authorization

string

required

Bearer API Key. For example, "Bearer {Tenant API Key}"

Content-Type

string

application/json

Query Parameters

ids

string

Filter findings based on Plerion Resource Names (prn) or ids. Accepts a comma-separated list of ids.

Example:

"id1,id2"

detectionIds

string

Filter findings based on Plerion Detection IDs. Accepts a comma-separated list of detection ids.

Example:

"PLERION-AWS-1,PLERION-AWS-2"

regions

string

Filter findings based on Provider regions. Accepts a comma-separated list of regions.

Example:

"us-east-1,us-west-2"

assetIds

string

Filter findings based on Asset Plerion Resource Names (prn) or asset ids. Accepts a comma-separated list of asset ids.

Example:

"assetId1,assetId2"

integrationIds

string

Filter findings based on Plerion integration ids. Accepts a comma-separated list of integration ids.

Example:

"integration1,integration2"

assetGroupIds

string

Filter findings based on asset group ids. Accepts a comma-separated list of asset group ids.

Example:

"assetGroupId1,assetGroupId2"

severityLevels

enum<string>

Filter findings based on severity levels. Accepts a comma-separated list of severity levels.

Available options:

CRITICAL,

HIGH,

MEDIUM,

LOW

Example:

"CRITICAL,HIGH"

statuses

enum<string>

Filter findings based on statuses. Accepts a comma-separated list of statuses.

Available options:

PASSED,

FAILED

Example:

"FAILED"

resourceTypes

string

Filter findings based on provider resource types. Accepts a comma-separated list of resource types.

Example:

"AWS::S3::Bucket,AWS::Lambda::Function"

providers

enum<string>

Filter findings based on provider. Accepts a comma-separated list of providers.

Available options:

AWS,

Azure,

GCP,

Kubernetes

Example:

"AWS,GCP"

services

string

Filter findings based on cloud provider services. Accepts a comma-separated list of service names. Each service can be specified either by its name alone (e.g., S3, Lambda, EC2) or prefixed with its provider in the format Provider::Service (e.g., AWS::S3, GCP::Compute, Azure::VirtualMachine).

Example:

"AWS::S3,GCP::Compute,Azure::VirtualMachine"

isExempted

string<boolean>

Filter findings based on whether the finding is exempted. Accepts true or false.

Example:

true

firstObservedAtStart

string<date-time>

Start of the date range for filtering findings based on the first observed time. Specify the start of the range using a valid ISO 8601 date-time string. If firstObservedAtStart is provided and firstObservedAtEnd is omitted, results will include findings from this date to the present. Supported formats include:

yyyy-MM-ddTHH:mm:ssZ (e.g., 2020-12-18T08:00:00Z)
yyyy-MM-ddTHH:mm:ss.SSSZ (e.g., 2020-12-18T08:00:00.000Z)

Example:

"2023-02-01T18:09:07Z"

firstObservedAtEnd

string<date-time>

End of the date range for filtering findings based on the first observed time. Specify the end of the range using a valid ISO 8601 date-time string. If firstObservedAtEnd is provided and firstObservedAtStart is omitted, results will include findings up to this date. Supported formats include:

yyyy-MM-ddTHH:mm:ssZ (e.g., 2020-12-18T08:00:00Z)
yyyy-MM-ddTHH:mm:ss.SSSZ (e.g., 2020-12-18T08:00:00.000Z)

Example:

"2023-02-01T18:09:07Z"

sortBy

enum<string>

Order the list by supported field

Available options:

status,

provider,

resourceType,

service,

detectionId,

firstObservedAt,

lastObservedAt,

severityLevel,

resourceFullName,

assetId,

region,

integrationId

Example:

"provider"

sortOrder

enum<string>

The sort order of the list. The parameter sortBy has to be provided to use sortOrder. If sortOrder is not provided the default order is ASC

Available options:

ASC,

DESC

Example:

"ASC"

perPage

number

Specify the batch size of the list. Used for pagination

Required range: x <= 1000

Example:

100

cursor

string

Get the next batch of findings. Used for pagination. When cursor is provided, the response will not include total count.

Example:

"k3d83a9b-k3dk-5lkd-2ldk-9kd77c1beb6"

Response

200

application/json

Findings list

The response is of type object.

Quick start with Plerion API List alerts in a tenant

Overview

API documentation

List findings in a tenant

Authorizations

Headers

Query Parameters

Response