Skip to main content

Get Custom Policies Table Data

GET 
/code/api/v1/policies/table/data
deprecated

This endpoint has been deprecated and may be replaced or removed in future versions of the API.

Prisma Cloud Application Security supports policy-as-code capabilities using YAML-based policy definition files to enable attribute and connection checks (composite checks).

For information on defining YAML-based policies, see the Prisma Cloud documentation about the Code Editor and Custom Build Policy Examples. If you are upgraded to Darwin, see Code Editor and Custom Build Policy Examples.

To use the API request, add your token to the header. API supports both YAML and JSON configuration of Prisma Cloud Application Security custom policy schema.

This API gets all Prisma Cloud Application Security custom policies with count of passed, failed, suppressed resources, scan status (compliant/non-compliant), and attached benchmarks of specific policies.

Use the given examples as a reference for the expected output of this API request.

info

Use the CSPM endpoint List Policies V2 in place of this endpoint. :::

Request

Responses

Returns custom policies with benchmarks and errors count

Schema
    anyOf
    data object[]required
  • Array [
    • accountsData objectrequired
    object
    property name* AccountData
    amounts objectrequired
    AWAITING_REMEDIATION doublerequired
    CLOSED doublerequired
    DELETED doublerequired
    OPEN doublerequired
    REMEDIATED doublerequired
    SUPPRESSED doublerequired
    lastUpdateDate stringrequired
    benchmarks objectrequired
    object
    property name* string[]
  • Array [

    • string

  • ]
    • constructiveTitle stringrequired
    descriptiveTitle stringrequired
    id stringrequired
    severity stringrequired
    title stringrequired
  • ]
    • filters objectrequired
    accounts string[]required
    benchmarks string[]required
    category CategoryTypeBig (string)[]required

    Possible values: [Elasticsearch, General, IAM, Logging, Monitoring, Networking, Public, Secrets, Serverless, Storage, Kubernetes, Vulnerabilities, Compute, VCS, BuildIntegrity, Licenses, AlibabaCloud, Drift, Policy3D]

    createdBy string[]required
    provider ProviderBigType (string)[]required

    Possible values: [AWS, GCP, Azure, Kubernetes, Docker, DockerImage, OCI, OpenStack, Packages, Git, Prisma Cloud Application Security, Linode, DigitalOcean, PANOS, Licenses, AlibabaCloud, CircleCI, Github, Gitlab]

    resourceTypes object[]required
  • Array [
    • anyOf

    string

    Possible values: [aws, aws_root, aws_root_access_key, aws_acm_certificate, aws_acm_certificate_validation, aws_acmpca_certificate_authority, aws_api_gateway_account, aws_api_gateway_api_key, aws_api_gateway_authorizer, aws_api_gateway_base_path_mapping, aws_api_gateway_client_certificate, aws_api_gateway_deployment, aws_api_gateway_documentation_part, aws_api_gateway_documentation_version, aws_api_gateway_domain_name, aws_api_gateway_gateway_response, aws_api_gateway_integration, aws_api_gateway_integration_response, aws_api_gateway_method, aws_api_gateway_method_response, aws_api_gateway_method_settings, aws_api_gateway_model, aws_api_gateway_request_validator, aws_api_gateway_resource, aws_api_gateway_rest_api, aws_api_gateway_stage, aws_api_gateway_usage_plan, aws_api_gateway_usage_plan_key, aws_api_gateway_vpc_link, aws_apigatewayv2_api, aws_apigatewayv2_api_mapping, aws_apigatewayv2_authorizer, aws_apigatewayv2_deployment, aws_apigatewayv2_domain_name, aws_apigatewayv2_integration, aws_apigatewayv2_integration_response, aws_apigatewayv2_model, aws_apigatewayv2_route, aws_apigatewayv2_route_response, aws_apigatewayv2_stage, aws_apigatewayv2_vpc_link, aws_accessanalyzer_analyzer, aws_appmesh_mesh, aws_appmesh_route, aws_appmesh_virtual_node, aws_appmesh_virtual_router, aws_appmesh_virtual_service, aws_appsync_api_key, aws_appsync_datasource, aws_appsync_function, aws_appsync_graphql_api, aws_appsync_resolver, aws_appautoscaling_policy, aws_appautoscaling_scheduled_action, aws_appautoscaling_target, aws_athena_database, aws_athena_named_query, aws_athena_workgroup, aws_autoscaling_attachment, aws_autoscaling_group, aws_autoscaling_lifecycle_hook, aws_autoscaling_notification, aws_autoscaling_policy, aws_autoscaling_schedule, aws_backup_plan, aws_backup_selection, aws_backup_vault, aws_batch_compute_environment, aws_batch_job_definition, aws_batch_job_queue, aws_budgets_budget, aws_cloud9_environment_ec2, aws_cloudformation_stack, aws_cloudformation_stack_set, aws_cloudformation_stack_set_instance, aws_cloudfront_distribution, aws_cloudfront_origin_access_identity, aws_cloudfront_public_key, aws_cloudhsm_v2_cluster, aws_cloudhsm_v2_hsm, aws_cloudtrail, aws_cloudwatch_dashboard, aws_cloudwatch_event_permission, aws_cloudwatch_event_rule, aws_cloudwatch_event_target, aws_cloudwatch_log_destination, aws_cloudwatch_log_destination_policy, aws_cloudwatch_log_group, aws_cloudwatch_log_metric_filter, aws_cloudwatch_log_resource_policy, aws_cloudwatch_log_stream, aws_cloudwatch_log_subscription_filter, aws_cloudwatch_metric_alarm, aws_codebuild_project, aws_codebuild_source_credential, aws_codebuild_webhook, aws_codecommit_repository, aws_codecommit_trigger, aws_codedeploy_app, aws_codedeploy_deployment_config, aws_codedeploy_deployment_group, aws_codepipeline, aws_codepipeline_webhook, aws_codestarnotifications_notification_rule, aws_cognito_identity_pool, aws_cognito_identity_pool_roles_attachment, aws_cognito_identity_provider, aws_cognito_resource_server, aws_cognito_user_group, aws_cognito_user_pool, aws_cognito_user_pool_client, aws_cognito_user_pool_domain, aws_config_aggregate_authorization, aws_config_config_rule, aws_config_configuration_aggregator, aws_config_configuration_recorder, aws_config_configuration_recorder_status, aws_config_delivery_channel, aws_config_organization_custom_rule, aws_config_organization_managed_rule, aws_cur_report_definition, aws_dlm_lifecycle_policy, aws_datapipeline_pipeline, aws_datasync_agent, aws_datasync_location_efs, aws_datasync_location_nfs, aws_datasync_location_s3, aws_datasync_location_smb, aws_datasync_task, aws_dms_certificate, aws_dms_endpoint, aws_dms_event_subscription, aws_dms_replication_instance, aws_dms_replication_subnet_group, aws_dms_replication_task, aws_devicefarm_project, aws_dx_bgp_peer, aws_dx_connection, aws_dx_connection_association, aws_dx_gateway, aws_dx_gateway_association, aws_dx_gateway_association_proposal, aws_dx_hosted_private_virtual_interface, aws_dx_hosted_private_virtual_interface_accepter, aws_dx_hosted_public_virtual_interface, aws_dx_hosted_public_virtual_interface_accepter, aws_dx_hosted_transit_virtual_interface, aws_dx_hosted_transit_virtual_interface_accepter, aws_dx_lag, aws_dx_private_virtual_interface, aws_dx_public_virtual_interface, aws_dx_transit_virtual_interface, aws_directory_service_conditional_forwarder, aws_directory_service_directory, aws_directory_service_log_subscription, aws_docdb_cluster, aws_docdb_cluster_instance, aws_docdb_cluster_parameter_group, aws_docdb_cluster_snapshot, aws_docdb_subnet_group, aws_dynamodb_global_table, aws_dynamodb_table, aws_dynamodb_table_item, aws_dax_cluster, aws_dax_parameter_group, aws_dax_subnet_group, aws_ami, aws_ami_copy, aws_ami_from_instance, aws_ami_launch_permission, aws_ebs_default_kms_key, aws_ebs_encryption_by_default, aws_ebs_snapshot, aws_ebs_snapshot_copy, aws_ebs_volume, aws_ec2_availability_zone_group, aws_ec2_capacity_reservation, aws_ec2_client_vpn_authorization_rule, aws_ec2_client_vpn_endpoint, aws_ec2_client_vpn_network_association, aws_ec2_client_vpn_route, aws_ec2_fleet, aws_ec2_local_gateway_route, aws_ec2_local_gateway_route_table_vpc_association, aws_ec2_tag, aws_ec2_traffic_mirror_filter, aws_ec2_traffic_mirror_filter_rule, aws_ec2_traffic_mirror_session, aws_ec2_traffic_mirror_target, aws_ec2_transit_gateway, aws_ec2_transit_gateway_peering_attachment, aws_ec2_transit_gateway_peering_attachment_accepter, aws_ec2_transit_gateway_route, aws_ec2_transit_gateway_route_table, aws_ec2_transit_gateway_route_table_association, aws_ec2_transit_gateway_route_table_propagation, aws_ec2_transit_gateway_vpc_attachment, aws_ec2_transit_gateway_vpc_attachment_accepter, aws_eip, aws_eip_association, aws_instance, aws_key_pair, aws_launch_configuration, aws_launch_template, aws_placement_group, aws_snapshot_create_volume_permission, aws_spot_datafeed_subscription, aws_spot_fleet_request, aws_spot_instance_request, aws_volume_attachment, aws_ecr_lifecycle_policy, aws_ecr_repository, aws_ecr_repository_policy, aws_ecs_capacity_provider, aws_ecs_cluster, aws_ecs_service, aws_ecs_task_definition, aws_efs_access_point, aws_efs_file_system, aws_efs_file_system_policy, aws_efs_mount_target, aws_eks_cluster, aws_eks_fargate_profile, aws_eks_node_group, aws_elasticache_cluster, aws_elasticache_parameter_group, aws_elasticache_replication_group, aws_elasticache_security_group, aws_elasticache_subnet_group, aws_elastic_beanstalk_application, aws_elastic_beanstalk_application_version, aws_elastic_beanstalk_configuration_template, aws_elastic_beanstalk_environment, aws_app_cookie_stickiness_policy, aws_elb, aws_elb_attachment, aws_lb_cookie_stickiness_policy, aws_lb_ssl_negotiation_policy, aws_load_balancer_backend_server_policy, aws_load_balancer_listener_policy, aws_load_balancer_policy, aws_proxy_protocol_policy, aws_lb, aws_lb_listener, aws_lb_listener_certificate, aws_lb_listener_rule, aws_lb_target_group, aws_lb_target_group_attachment, aws_emr_cluster, aws_emr_instance_group, aws_emr_security_configuration, aws_elastictranscoder_pipeline, aws_elastictranscoder_preset, aws_elasticsearch_domain, aws_elasticsearch_domain_policy, aws_fsx_lustre_file_system, aws_fsx_windows_file_system, aws_fms_admin_account, aws_gamelift_alias, aws_gamelift_build, aws_gamelift_fleet, aws_gamelift_game_session_queue, aws_glacier_vault, aws_glacier_vault_lock, aws_globalaccelerator_accelerator, aws_globalaccelerator_endpoint_group, aws_globalaccelerator_listener, aws_glue_catalog_database, aws_glue_catalog_table, aws_glue_classifier, aws_glue_connection, aws_glue_crawler, aws_glue_job, aws_glue_security_configuration, aws_glue_trigger, aws_glue_workflow, aws_guardduty_detector, aws_guardduty_invite_accepter, aws_guardduty_ipset, aws_guardduty_member, aws_guardduty_organization_admin_account, aws_guardduty_organization_configuration, aws_guardduty_threatintelset, aws_iam_access_key, aws_iam_account_alias, aws_iam_account_password_policy, aws_iam_group, aws_iam_group_membership, aws_iam_group_policy, aws_iam_group_policy_attachment, aws_iam_instance_profile, aws_iam_openid_connect_provider, aws_iam_policy, aws_iam_policy_attachment, aws_iam_policy_document, aws_iam_role, aws_iam_role_policy, aws_iam_role_policy_attachment, aws_iam_saml_provider, aws_iam_server_certificate, aws_iam_service_linked_role, aws_iam_user, aws_iam_user_group_membership, aws_iam_user_login_profile, aws_iam_user_policy, aws_iam_user_policy_attachment, aws_iam_user_ssh_key, aws_inspector_assessment_target, aws_inspector_assessment_template, aws_inspector_resource_group, aws_iot_certificate, aws_iot_policy, aws_iot_policy_attachment, aws_iot_role_alias, aws_iot_thing, aws_iot_thing_principal_attachment, aws_iot_thing_type, aws_iot_topic_rule, aws_kms_alias, aws_kms_ciphertext, aws_kms_external_key, aws_kms_grant, aws_kms_key, aws_kinesis_analytics_application, aws_kinesis_stream, aws_kinesis_firehose_delivery_stream, aws_kinesis_video_stream, aws_lambda_alias, aws_lambda_event_source_mapping, aws_lambda_function, aws_lambda_function_event_invoke_config, aws_lambda_layer_version, aws_lambda_permission, aws_lambda_provisioned_concurrency_config, aws_licensemanager_association, aws_licensemanager_license_configuration, aws_lightsail_domain, aws_lightsail_instance, aws_lightsail_key_pair, aws_lightsail_static_ip, aws_lightsail_static_ip_attachment, aws_mq_broker, aws_mq_configuration, aws_macie_member_account_association, aws_macie_s3_bucket_association, aws_msk_cluster, aws_msk_configuration, aws_media_convert_queue, aws_media_package_channel, aws_media_store_container, aws_media_store_container_policy, aws_neptune_cluster, aws_neptune_cluster_instance, aws_neptune_cluster_parameter_group, aws_neptune_cluster_snapshot, aws_neptune_event_subscription, aws_neptune_parameter_group, aws_neptune_subnet_group, aws_opsworks_application, aws_opsworks_custom_layer, aws_opsworks_ganglia_layer, aws_opsworks_haproxy_layer, aws_opsworks_instance, aws_opsworks_java_app_layer, aws_opsworks_memcached_layer, aws_opsworks_mysql_layer, aws_opsworks_nodejs_app_layer, aws_opsworks_permission, aws_opsworks_php_app_layer, aws_opsworks_rails_app_layer, aws_opsworks_rds_db_instance, aws_opsworks_stack, aws_opsworks_static_web_layer, aws_opsworks_user_profile, aws_organizations_account, aws_organizations_organization, aws_organizations_organizational_unit, aws_organizations_policy, aws_organizations_policy_attachment, aws_pinpoint_adm_channel, aws_pinpoint_apns_channel, aws_pinpoint_apns_sandbox_channel, aws_pinpoint_apns_voip_channel, aws_pinpoint_apns_voip_sandbox_channel, aws_pinpoint_app, aws_pinpoint_baidu_channel, aws_pinpoint_email_channel, aws_pinpoint_event_stream, aws_pinpoint_gcm_channel, aws_pinpoint_sms_channel, aws_qldb_ledger, aws_quicksight_group, aws_quicksight_user, aws_ram_principal_association, aws_ram_resource_association, aws_ram_resource_share, aws_ram_resource_share_accepter, aws_db_cluster_snapshot, aws_db_event_subscription, aws_db_instance, aws_db_instance_role_association, aws_db_option_group, aws_db_parameter_group, aws_db_security_group, aws_db_snapshot, aws_db_subnet_group, aws_rds_cluster, aws_rds_cluster_endpoint, aws_rds_cluster_instance, aws_rds_cluster_parameter_group, aws_rds_global_cluster, aws_redshift_cluster, aws_redshift_event_subscription, aws_redshift_parameter_group, aws_redshift_security_group, aws_redshift_snapshot_copy_grant, aws_redshift_snapshot_schedule, aws_redshift_snapshot_schedule_association, aws_redshift_subnet_group, aws_resourcegroups_group, aws_route53_delegation_set, aws_route53_health_check, aws_route53_query_log, aws_route53_record, aws_route53_zone, aws_route53_zone_association, aws_route53_resolver_endpoint, aws_route53_resolver_rule, aws_route53_resolver_rule_association, aws_s3_access_point, aws_s3_account_public_access_block, aws_s3_bucket, aws_s3_bucket_analytics_configuration, aws_s3_bucket_inventory, aws_s3_bucket_metric, aws_s3_bucket_notification, aws_s3_bucket_object, aws_s3_bucket_policy, aws_s3_bucket_public_access_block, aws_ses_active_receipt_rule_set, aws_ses_configuration_set, aws_ses_domain_dkim, aws_ses_domain_identity, aws_ses_domain_identity_verification, aws_ses_domain_mail_from, aws_ses_email_identity, aws_ses_event_destination, aws_ses_identity_notification_topic, aws_ses_identity_policy, aws_ses_receipt_filter, aws_ses_receipt_rule, aws_ses_receipt_rule_set, aws_ses_template, aws_sns_platform_application, aws_sns_sms_preferences, aws_sns_topic, aws_sns_topic_policy, aws_sns_topic_subscription, aws_sqs_queue, aws_sqs_queue_policy, aws_ssm_activation, aws_ssm_association, aws_ssm_document, aws_ssm_maintenance_window, aws_ssm_maintenance_window_target, aws_ssm_maintenance_window_task, aws_ssm_parameter, aws_ssm_patch_baseline, aws_ssm_patch_group, aws_ssm_resource_data_sync, aws_swf_domain, aws_sagemaker_endpoint, aws_sagemaker_endpoint_configuration, aws_sagemaker_model, aws_sagemaker_notebook_instance, aws_sagemaker_notebook_instance_lifecycle_configuration, aws_secretsmanager_secret, aws_secretsmanager_secret_rotation, aws_secretsmanager_secret_version, aws_securityhub_account, aws_securityhub_member, aws_securityhub_product_subscription, aws_securityhub_standards_subscription, aws_servicecatalog_portfolio, aws_service_discovery_http_namespace, aws_service_discovery_private_dns_namespace, aws_service_discovery_public_dns_namespace, aws_service_discovery_service, aws_servicequotas_service_quota, aws_shield_protection, aws_simpledb_domain, aws_sfn_activity, aws_sfn_state_machine, aws_storagegateway_cache, aws_storagegateway_cached_iscsi_volume, aws_storagegateway_gateway, aws_storagegateway_nfs_file_share, aws_storagegateway_smb_file_share, aws_storagegateway_upload_buffer, aws_storagegateway_working_storage, aws_transfer_server, aws_transfer_ssh_key, aws_transfer_user, aws_customer_gateway, aws_default_network_acl, aws_default_route_table, aws_default_security_group, aws_default_subnet, aws_default_vpc, aws_default_vpc_dhcp_options, aws_egress_only_internet_gateway, aws_flow_log, aws_internet_gateway, aws_main_route_table_association, aws_nat_gateway, aws_network_acl, aws_network_acl_rule, aws_network_interface, aws_network_interface_attachment, aws_network_interface_sg_attachment, aws_route, aws_route_table, aws_route_table_association, aws_security_group, aws_security_group_rule, aws_subnet, aws_vpc, aws_vpc_dhcp_options, aws_vpc_dhcp_options_association, aws_vpc_endpoint, aws_vpc_endpoint_connection_notification, aws_vpc_endpoint_route_table_association, aws_vpc_endpoint_service, aws_vpc_endpoint_service_allowed_principal, aws_vpc_endpoint_subnet_association, aws_vpc_ipv4_cidr_block_association, aws_vpc_peering_connection, aws_vpc_peering_connection_accepter, aws_vpc_peering_connection_options, aws_vpn_connection, aws_vpn_connection_route, aws_vpn_gateway, aws_vpn_gateway_attachment, aws_vpn_gateway_route_propagation, aws_waf_byte_match_set, aws_waf_geo_match_set, aws_waf_ipset, aws_waf_rate_based_rule, aws_waf_regex_match_set, aws_waf_regex_pattern_set, aws_waf_rule, aws_waf_rule_group, aws_waf_size_constraint_set, aws_waf_sql_injection_match_set, aws_waf_web_acl, aws_waf_xss_match_set, aws_wafregional_byte_match_set, aws_wafregional_geo_match_set, aws_wafregional_ipset, aws_wafregional_rate_based_rule, aws_wafregional_regex_match_set, aws_wafregional_regex_pattern_set, aws_wafregional_rule, aws_wafregional_rule_group, aws_wafregional_size_constraint_set, aws_wafregional_sql_injection_match_set, aws_wafregional_web_acl, aws_wafregional_web_acl_association, aws_wafregional_xss_match_set, aws_wafv2_ip_set, aws_wafv2_regex_pattern_set, aws_wafv2_rule_group, aws_wafv2_web_acl, aws_wafv2_web_acl_association, aws_wafv2_web_acl_logging_configuration, aws_worklink_fleet, aws_worklink_website_certificate_authority_association, aws_workspaces_directory, aws_workspaces_ip_group, aws_workspaces_workspace, aws_xray_sampling_rule, aws_route53_vpc_association_authorization, aws_acmpca_certificate, aws_acmpca_certificate_authority_certificate, aws_cloudfront_key_group, aws_cloudwatch_query_definition, aws_cognito_user_pool_ui_customization, aws_ecr_registry_policy, aws_ecr_replication_configuration, aws_ecrpublic_repository, aws_eks_addon, aws_kinesis_stream_consumer, aws_kinesisanalyticsv2_application_snapshot, aws_lightsail_instance_public_ports, aws_mwaa_environment, aws_route53_hosted_zone_dnssec, aws_route53_resolver_firewall_domain_list, aws_route53_resolver_firewall_rule_group, aws_sagemaker_app, aws_securityhub_insight]

  • ]
    • severity SeverityTypeBig (string)[]required

    Possible values: [CRITICAL, HIGH, MEDIUM, LOW, INFO]

Loading...