This guide demonstrates how to **download your Coralogix security report** via API. ## Prerequisites - [Cloud Security Posture Management (CSPM)](https://coralogix.com/docs/user-guides/security/cloud-security-posture-management/gcp-security-posture-management/index.md) set up ## Configuration 1. Choose the https://\[[DOMAIN_VALUE]\]/xdr/get-report endpoint that corresponds to your Coralogix [domain](https://coralogix.com/docs/user-guides/account-management/account-settings/coralogix-domain/index.md) using the domain selector at the top of the page. 2. To use this API you need to [create](https://coralogix.com/docs/user-guides/account-management/api-keys/api-keys/index.md) a personal or team API key. It’s recommended to use permission presets, as they are automatically updated with all relevant permissions. Alternatively, you can manually add individual permissions. | Preset | Action | Description | | ------------ | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------- | | DataQuerying | `LEGACY-ARCHIVE-QUERIES:EXECUTE` `LOGS.DATA-API#HIGH:READDATA` `LOGS.DATA-API#LOW:READDATA` `METRICS.DATA-API#HIGH:READDATA` `SPANS.DATA-API#HIGH:READDATA` `SPANS.DATA-API#LOW:READDATA` | Query Data from the Archive Query Frequent Search Logs Query Monitoring & Compliance Logs Query Metrics Query Frequent Search Spans Query Monitoring & Compliance Spans | 3. Create the API. | URL | `{{ endpoints.security_report }}` | | ------------- | --------------------------------- | | HTTP Method | POST | | Content Type | application/json | | Authorization | Bearer {{Logs Query key}} | 4. Schema Request schema. ```js { "executionId": string(uuid), // in case it's not provided using the last scan id "filter": { "region": string[], "account": string[], "complianceFramework": string[], "provider": string[], // "aws", "gcp", "azure", "github", etc... "service": string[], // "RDS", "BIG QUERY", "S3", etc "testName": string[], // sort name of the security rule (testIdentity) "result": string[] // (enum) "Passed", "Failed" "severity": int[], // (enum) 1 - Low, 2 - Medium, 3 - High, 4 - Critical "active": string[] // (enum): "Enabled", "Disabled" } } ``` **Note**: Every field in the request payload is optional. Passing a `null` value or ignoring that field is the same as passing an empty list. Compliance frameworks and short names: | Snowbit | snowbit | | ------------- | --------- | | CIS AWS 1.4.0 | cis_aws | | HIPAA | hipaa | | ISO-27001 | iso_27001 | | PCI DSS 3.1.0 | pci_dss | | SOC 2 | soc2 | Response schema: ```js { "executionId": string // uuid v4 format "data":[ { "region": string, "account": string, "complianceFrameworks": string[], "provider": string, "category": string, // From the category view eg: "Database", "Storage", "Identity Management", etc "service": string, // "RDS", "BIG QUERY", "S3", etc "testName": string, "severity": int, // enum: 1 - Low, 2 - Medium, 3 - High, 4 - Critical "resourceName": string, "resourceId": string, "passed": boolean, "active": boolean } ] } ``` ## Additional resources | | | | ------------------- | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------- | | Documentation | [Cloud Security Posture Management (CSPM)](https://coralogix.com/docs/user-guides/security/cloud-security-posture-management/gcp-security-posture-management/index.md) | | Coralogix Endpoints | [Coralogix Endpoints](https://coralogix.com/docs/integrations/coralogix-endpoints/index.md) | ## Support **Need help?** Our world-class customer success team is available 24/7 to walk you through your setup and answer any questions that may come up. Feel free to reach out to us **via our in-app chat** or by sending us an email at [support@coralogix.com](mailto:support@coralogix.com).