Skip to main content

Get Cloud Discovery Scan Results



x-prisma-cloud-target-env: {"permission":"monitorCloud","saas":true,"self-hosted":true}
x-public: true

Returns a list of all cloud discovery scan results in a paginated response.

The entities object and the associated parameters in the response schema is now part of a new API endpoint /api/v1/cloud/discovery/entities.

cURL Request

Refer to the following cURL example request:

$ curl -k \
-u <USER> \
-H 'Content-Type: application/json' \
-X GET \


Query Parameters

    offset integer

    Offsets the result to a specific report count. Offset starts from 0.

    limit integer

    Limit is the amount to fix.

    sort string

    Sorts the result using a key.

    reverse boolean

    Sorts the result in reverse order.

    provider string[]

    Provider is the provider filter.

    credentialID string[]

    CredentialID is the account filter.

    serviceType string[]

    ServiceType is the service type filter.

    registry string[]

    Registry is the registry filter.

    accountName string[]

    AccountName is the account name filter.

    agentless boolean

    Agentless is the agentless filter.

    zone string[]

    Zone is the zone filter.


  • Array [
  • accountID string

    AccountID is the cloud account ID.

    accountName string

    AccountName is the cloud account name.

    agentless boolean

    Agentless indicates whether the account is scan by agentless.

    collections string (string)[]

    Collections are the matched result collections.

    credentialId string

    CredentialID is the id reference of the credential used.

    defended integer

    Defended is the number of defended entities (registries, functions, clusters).

    defenseCoverage integer

    DefenseCoverage is the defense coverage percentage (0-100).

    err string

    Err holds any error found during a scan.

    nodes integer

    Nodes is the number of nodes.

    project string

    Project is the GCP project that was scanned.

    provider common.CloudProvider (string)

    Possible values: [aws,azure,gcp,alibaba,oci,others]

    CloudProvider specifies the cloud provider name

    region string

    Region is the region that was scanned, for example: GCP - "us-east-1", Azure - "westus".

    registry string

    Registry is the registry that was scanned, for example:

    registryTags object

    RegistryTags are the registry tags.

    property name* string (string)
    serviceType shared.ScanResultType (string)

    Possible values: [aws-ecr,aws-lambda,aws-ec2,aws-eks,aws-ecs,aws-s3,aws-config,aws-cloud-trail,aws-kms,aws-cloud-watch,aws-sns,aws-security-hub,aws-secrets-manager,aws-parameter-store,azure-acr,azure-functions,azure-aks,azure-aci,azure-vm,gcp-gcr,gcp-gcf,gcp-gke,gcp-vm,gcp-artifact,oci-instance]

    ScanResultType represents a cloud scan result type

    total integer

    Total is total number of entities found in cloud scan.

    undefended integer

    Undefended is the number of undefended entities (registries, functions, clusters).

    zone string

    Zone is the zone that was scanned, only relevant to GCP.

  • ]