Get Cloud Discovery Scan Results
GET/api/v32.07/cloud/discovery
x-prisma-cloud-target-env: {"permission":"monitorCloud"}
Returns a list of all cloud discovery scan results in a paginated response.
The entities
object and the associated parameters in the response schema is now part of a new API endpoint /api/v1/cloud/discovery/entities
.
cURL Request
Refer to the following cURL example request:
$ curl -k \
-u <USER> \
-H 'Content-Type: application/json' \
-X GET \
"https://<CONSOLE>/api/v<VERSION>/cloud/discovery"
Request
Query Parameters
Offsets the result to a specific report count. Offset starts from 0.
Limit is the amount to fix.
Sorts the result using a key.
Sorts the result in reverse order.
Provider is the provider filter.
CredentialID is the account filter.
ServiceType is the service type filter.
Registry is the registry filter.
AccountName is the account name filter.
Agentless is the agentless filter.
Zone is the zone filter.
Responses
- 200
- default
- application/json
- Schema
- Example (from schema)
Schema
- Array [
- ]
AccountID is the cloud account ID.
AccountName is the cloud account name.
Agentless indicates whether the account is scan by agentless.
Collections are the matched result collections.
CredentialID is the id reference of the credential used.
Defended is the number of defended entities (registries, functions, clusters).
DefenseCoverage is the defense coverage percentage (0-100).
Err holds any error found during a scan.
Nodes is the number of nodes.
Project is the GCP project that was scanned.
Possible values: [aws,azure,gcp,alibaba,oci,others
]
CloudProvider specifies the cloud provider name
Region is the region that was scanned, for example: GCP - "us-east-1", Azure - "westus".
Registry is the registry that was scanned, for example: testcloudscanregistry.azurecr.io.
registryTags object
RegistryTags are the registry tags.
Possible values: [aws-ecr,aws-lambda,aws-ec2,aws-eks,aws-ecs,aws-s3,aws-config,aws-cloud-trail,aws-kms,aws-cloud-watch,aws-sns,aws-security-hub,aws-secrets-manager,aws-parameter-store,azure-acr,azure-functions,azure-aks,azure-aci,azure-vm,gcp-gcr,gcp-gcf,gcp-gke,gcp-vm,gcp-artifact,oci-instance
]
ScanResultType represents a cloud scan result type
Total is total number of entities found in cloud scan.
Undefended is the number of undefended entities (registries, functions, clusters).
Zone is the zone that was scanned, only relevant to GCP.
[
{
"accountID": "string",
"accountName": "string",
"agentless": true,
"collections": [
"string"
],
"credentialId": "string",
"defended": 0,
"defenseCoverage": 0,
"err": "string",
"nodes": 0,
"project": "string",
"provider": [
"aws",
"azure",
"gcp",
"alibaba",
"oci",
"others"
],
"region": "string",
"registry": "string",
"registryTags": {},
"serviceType": [
"aws-ecr",
"aws-lambda",
"aws-ec2",
"aws-eks",
"aws-ecs",
"aws-s3",
"aws-config",
"aws-cloud-trail",
"aws-kms",
"aws-cloud-watch",
"aws-sns",
"aws-security-hub",
"aws-secrets-manager",
"aws-parameter-store",
"azure-acr",
"azure-functions",
"azure-aks",
"azure-aci",
"azure-vm",
"gcp-gcr",
"gcp-gcf",
"gcp-gke",
"gcp-vm",
"gcp-artifact",
"oci-instance"
],
"total": 0,
"undefended": 0,
"zone": "string"
}
]