Skip to content

Downloading Your Security Report

This guide demonstrates how to download your Coralogix security report via API.

Prerequisites

Configuration

1

Access your API URL based on the domain associated with your account.

.com Ireland ng-api-http.coralogix.com
.app.eu2.coralogix.com Stockholm ng-api-http.eu2.coralogix.com
.app.coralogixsg.com Singapore ng-api-http.coralogixsg.com
.in Mumbai ng-api-http.app.coralogix.in
.us United States ng-api-http.coralogix.us
2

To use this API you need to create a personal or team API key. It’s recommended to use permission presets, as they are automatically updated with all relevant permissions. Alternatively, you can manually add individual permissions.

Preset Action Description
DataQuerying LEGACY-ARCHIVE-QUERIES:EXECUTE
LOGS.DATA-API#HIGH:READDATA
LOGS.DATA-API#LOW:READDATA
METRICS.DATA-API#HIGH:READDATA
SPANS.DATA-API#HIGH:READDATA
SPANS.DATA-API#LOW:READDATA
Query Data from the Archive
Query Frequent Search Logs
Query Monitoring & Compliance Logs
Query Metrics
Query Frequent Search Spans
Query Monitoring & Compliance Spans
3

Create the API.

URL https://<coralogix_domain>/xdr/get-report
HTTP Method POST
Content Type application/json
Authorization Bearer {{Logs Query key}}
4

Schema

Request schema.

{
    "executionId": string(uuid), // in case it's not provided using the last scan id
    "filter": {
        "region": string[],
        "account": string[],
        "complianceFramework": string[],
        "provider": string[], // "aws", "gcp", "azure", "github", etc...
    "service": string[], // "RDS", "BIG QUERY", "S3", etc
        "testName": string[], // sort name of the security rule (testIdentity)
        "result": string[] // (enum) "Passed", "Failed"
        "severity": int[], // (enum) 1 - Low, 2 - Medium, 3 - High, 4 - Critical 
        "active": string[] // (enum): "Enabled", "Disabled"
    }
}

Note: Every field in the request payload is optional. Passing a null value or ignoring that field is the same as passing an empty list.

Compliance frameworks and short names:

Snowbit snowbit
CIS AWS 1.4.0 cis_aws
HIPAA hipaa
ISO-27001 iso_27001
PCI DSS 3.1.0 pci_dss
SOC 2 soc2

Response schema:

{
    "executionId": string // uuid v4 format
    "data":[
    {
      "region": string,
      "account": string,
      "complianceFrameworks": string[],
      "provider": string,
            "category": string, // From the category view eg: "Database", "Storage", "Identity Management", etc
      "service": string, // "RDS", "BIG QUERY", "S3", etc
      "testName": string,
      "severity": int, // enum: 1 - Low, 2 - Medium, 3 - High, 4 - Critical 
      "resourceName": string,
      "resourceId": string,
      "passed": boolean,
      "active": boolean
    }
  ]
}

Additional Resources

Documentation Cloud Security Posture Management (CSPM)

Support

Need help?

Our world-class customer success team is available 24/7 to walk you through your setup and answer any questions that may come up.

Feel free to reach out to us via our in-app chat or by sending us an email at [email protected].