Skip to main content

Get custom policies table data

Prisma Cloud Code Security supports policy-as-code capabilities using YAML-based policy definition files to enable attribute and connection checks (composite checks).

To use the API request, add your token to the header. API supports both YAML and JSON configuration of Prisma Cloud Code Security custom policy schema)

This API gets all Prisma Cloud Code Security custom policies with count of passed, failed, suppressed resources, scan status (compliant/non-compliant), and attached benchmarks of specific policies. Use the example below as a reference for the expected output of this API request.

Responses

Returns custom policies with benchmarks and errors count

Schema
  • anyOf
  • data object[] required
  • Array [
  • accountsData object required
  • property name* object (AccountData)
  • amounts object required
  • CLOSED double required
  • DELETED double required
  • OPEN double required
  • REMEDIATED double required
  • SUPPRESSED double required
  • lastUpdateDate string required
  • benchmarks object required
  • property name* object
  • Array [
  • string
  • ]
  • constructiveTitle string required
  • descriptiveTitle string required
  • id string required
  • severity string required
  • title string required
  • ]
  • filters object required
  • accounts string[] required
  • benchmarks string[] required
  • category CategoryTypeBig[] required

    Possible values: [Elasticsearch, General, IAM, Logging, Monitoring, Networking, Public, Secrets, Serverless, Storage, Kubernetes, Vulnerabilities, Compute, VCS, BuildIntegrity, Licenses, AlibabaCloud]

  • createdBy string[] required
  • provider ProviderBigType[] required

    Possible values: [AWS, GCP, Azure, Kubernetes, Docker, DockerImage, OCI, OpenStack, Packages, Git, Prisma Cloud Code Security, Linode, DigitalOcean, PANOS, Licenses, AlibabaCloud]

  • resourceTypes object[] required
  • Array [
  • anyOf
  • string

    Possible values: [aws, aws_root, aws_root_access_key, aws_acm_certificate, aws_acm_certificate_validation, aws_acmpca_certificate_authority, aws_api_gateway_account, aws_api_gateway_api_key, aws_api_gateway_authorizer, aws_api_gateway_base_path_mapping, aws_api_gateway_client_certificate, aws_api_gateway_deployment, aws_api_gateway_documentation_part, aws_api_gateway_documentation_version, aws_api_gateway_domain_name, aws_api_gateway_gateway_response, aws_api_gateway_integration, aws_api_gateway_integration_response, aws_api_gateway_method, aws_api_gateway_method_response, aws_api_gateway_method_settings, aws_api_gateway_model, aws_api_gateway_request_validator, aws_api_gateway_resource, aws_api_gateway_rest_api, aws_api_gateway_stage, aws_api_gateway_usage_plan, aws_api_gateway_usage_plan_key, aws_api_gateway_vpc_link, aws_apigatewayv2_api, aws_apigatewayv2_api_mapping, aws_apigatewayv2_authorizer, aws_apigatewayv2_deployment, aws_apigatewayv2_domain_name, aws_apigatewayv2_integration, aws_apigatewayv2_integration_response, aws_apigatewayv2_model, aws_apigatewayv2_route, aws_apigatewayv2_route_response, aws_apigatewayv2_stage, aws_apigatewayv2_vpc_link, aws_accessanalyzer_analyzer, aws_appmesh_mesh, aws_appmesh_route, aws_appmesh_virtual_node, aws_appmesh_virtual_router, aws_appmesh_virtual_service, aws_appsync_api_key, aws_appsync_datasource, aws_appsync_function, aws_appsync_graphql_api, aws_appsync_resolver, aws_appautoscaling_policy, aws_appautoscaling_scheduled_action, aws_appautoscaling_target, aws_athena_database, aws_athena_named_query, aws_athena_workgroup, aws_autoscaling_attachment, aws_autoscaling_group, aws_autoscaling_lifecycle_hook, aws_autoscaling_notification, aws_autoscaling_policy, aws_autoscaling_schedule, aws_backup_plan, aws_backup_selection, aws_backup_vault, aws_batch_compute_environment, aws_batch_job_definition, aws_batch_job_queue, aws_budgets_budget, aws_cloud9_environment_ec2, aws_cloudformation_stack, aws_cloudformation_stack_set, aws_cloudformation_stack_set_instance, aws_cloudfront_distribution, aws_cloudfront_origin_access_identity, aws_cloudfront_public_key, aws_cloudhsm_v2_cluster, aws_cloudhsm_v2_hsm, aws_cloudtrail, aws_cloudwatch_dashboard, aws_cloudwatch_event_permission, aws_cloudwatch_event_rule, aws_cloudwatch_event_target, aws_cloudwatch_log_destination, aws_cloudwatch_log_destination_policy, aws_cloudwatch_log_group, aws_cloudwatch_log_metric_filter, aws_cloudwatch_log_resource_policy, aws_cloudwatch_log_stream, aws_cloudwatch_log_subscription_filter, aws_cloudwatch_metric_alarm, aws_codebuild_project, aws_codebuild_source_credential, aws_codebuild_webhook, aws_codecommit_repository, aws_codecommit_trigger, aws_codedeploy_app, aws_codedeploy_deployment_config, aws_codedeploy_deployment_group, aws_codepipeline, aws_codepipeline_webhook, aws_codestarnotifications_notification_rule, aws_cognito_identity_pool, aws_cognito_identity_pool_roles_attachment, aws_cognito_identity_provider, aws_cognito_resource_server, aws_cognito_user_group, aws_cognito_user_pool, aws_cognito_user_pool_client, aws_cognito_user_pool_domain, aws_config_aggregate_authorization, aws_config_config_rule, aws_config_configuration_aggregator, aws_config_configuration_recorder, aws_config_configuration_recorder_status, aws_config_delivery_channel, aws_config_organization_custom_rule, aws_config_organization_managed_rule, aws_cur_report_definition, aws_dlm_lifecycle_policy, aws_datapipeline_pipeline, aws_datasync_agent, aws_datasync_location_efs, aws_datasync_location_nfs, aws_datasync_location_s3, aws_datasync_location_smb, aws_datasync_task, aws_dms_certificate, aws_dms_endpoint, aws_dms_event_subscription, aws_dms_replication_instance, aws_dms_replication_subnet_group, aws_dms_replication_task, aws_devicefarm_project, aws_dx_bgp_peer, aws_dx_connection, aws_dx_connection_association, aws_dx_gateway, aws_dx_gateway_association, aws_dx_gateway_association_proposal, aws_dx_hosted_private_virtual_interface, aws_dx_hosted_private_virtual_interface_accepter, aws_dx_hosted_public_virtual_interface, aws_dx_hosted_public_virtual_interface_accepter, aws_dx_hosted_transit_virtual_interface, aws_dx_hosted_transit_virtual_interface_accepter, aws_dx_lag, aws_dx_private_virtual_interface, aws_dx_public_virtual_interface, aws_dx_transit_virtual_interface, aws_directory_service_conditional_forwarder, aws_directory_service_directory, aws_directory_service_log_subscription, aws_docdb_cluster, aws_docdb_cluster_instance, aws_docdb_cluster_parameter_group, aws_docdb_cluster_snapshot, aws_docdb_subnet_group, aws_dynamodb_global_table, aws_dynamodb_table, aws_dynamodb_table_item, aws_dax_cluster, aws_dax_parameter_group, aws_dax_subnet_group, aws_ami, aws_ami_copy, aws_ami_from_instance, aws_ami_launch_permission, aws_ebs_default_kms_key, aws_ebs_encryption_by_default, aws_ebs_snapshot, aws_ebs_snapshot_copy, aws_ebs_volume, aws_ec2_availability_zone_group, aws_ec2_capacity_reservation, aws_ec2_client_vpn_authorization_rule, aws_ec2_client_vpn_endpoint, aws_ec2_client_vpn_network_association, aws_ec2_client_vpn_route, aws_ec2_fleet, aws_ec2_local_gateway_route, aws_ec2_local_gateway_route_table_vpc_association, aws_ec2_tag, aws_ec2_traffic_mirror_filter, aws_ec2_traffic_mirror_filter_rule, aws_ec2_traffic_mirror_session, aws_ec2_traffic_mirror_target, aws_ec2_transit_gateway, aws_ec2_transit_gateway_peering_attachment, aws_ec2_transit_gateway_peering_attachment_accepter, aws_ec2_transit_gateway_route, aws_ec2_transit_gateway_route_table, aws_ec2_transit_gateway_route_table_association, aws_ec2_transit_gateway_route_table_propagation, aws_ec2_transit_gateway_vpc_attachment, aws_ec2_transit_gateway_vpc_attachment_accepter, aws_eip, aws_eip_association, aws_instance, aws_key_pair, aws_launch_configuration, aws_launch_template, aws_placement_group, aws_snapshot_create_volume_permission, aws_spot_datafeed_subscription, aws_spot_fleet_request, aws_spot_instance_request, aws_volume_attachment, aws_ecr_lifecycle_policy, aws_ecr_repository, aws_ecr_repository_policy, aws_ecs_capacity_provider, aws_ecs_cluster, aws_ecs_service, aws_ecs_task_definition, aws_efs_access_point, aws_efs_file_system, aws_efs_file_system_policy, aws_efs_mount_target, aws_eks_cluster, aws_eks_fargate_profile, aws_eks_node_group, aws_elasticache_cluster, aws_elasticache_parameter_group, aws_elasticache_replication_group, aws_elasticache_security_group, aws_elasticache_subnet_group, aws_elastic_beanstalk_application, aws_elastic_beanstalk_application_version, aws_elastic_beanstalk_configuration_template, aws_elastic_beanstalk_environment, aws_app_cookie_stickiness_policy, aws_elb, aws_elb_attachment, aws_lb_cookie_stickiness_policy, aws_lb_ssl_negotiation_policy, aws_load_balancer_backend_server_policy, aws_load_balancer_listener_policy, aws_load_balancer_policy, aws_proxy_protocol_policy, aws_lb, aws_lb_listener, aws_lb_listener_certificate, aws_lb_listener_rule, aws_lb_target_group, aws_lb_target_group_attachment, aws_emr_cluster, aws_emr_instance_group, aws_emr_security_configuration, aws_elastictranscoder_pipeline, aws_elastictranscoder_preset, aws_elasticsearch_domain, aws_elasticsearch_domain_policy, aws_fsx_lustre_file_system, aws_fsx_windows_file_system, aws_fms_admin_account, aws_gamelift_alias, aws_gamelift_build, aws_gamelift_fleet, aws_gamelift_game_session_queue, aws_glacier_vault, aws_glacier_vault_lock, aws_globalaccelerator_accelerator, aws_globalaccelerator_endpoint_group, aws_globalaccelerator_listener, aws_glue_catalog_database, aws_glue_catalog_table, aws_glue_classifier, aws_glue_connection, aws_glue_crawler, aws_glue_job, aws_glue_security_configuration, aws_glue_trigger, aws_glue_workflow, aws_guardduty_detector, aws_guardduty_invite_accepter, aws_guardduty_ipset, aws_guardduty_member, aws_guardduty_organization_admin_account, aws_guardduty_organization_configuration, aws_guardduty_threatintelset, aws_iam_access_key, aws_iam_account_alias, aws_iam_account_password_policy, aws_iam_group, aws_iam_group_membership, aws_iam_group_policy, aws_iam_group_policy_attachment, aws_iam_instance_profile, aws_iam_openid_connect_provider, aws_iam_policy, aws_iam_policy_attachment, aws_iam_policy_document, aws_iam_role, aws_iam_role_policy, aws_iam_role_policy_attachment, aws_iam_saml_provider, aws_iam_server_certificate, aws_iam_service_linked_role, aws_iam_user, aws_iam_user_group_membership, aws_iam_user_login_profile, aws_iam_user_policy, aws_iam_user_policy_attachment, aws_iam_user_ssh_key, aws_inspector_assessment_target, aws_inspector_assessment_template, aws_inspector_resource_group, aws_iot_certificate, aws_iot_policy, aws_iot_policy_attachment, aws_iot_role_alias, aws_iot_thing, aws_iot_thing_principal_attachment, aws_iot_thing_type, aws_iot_topic_rule, aws_kms_alias, aws_kms_ciphertext, aws_kms_external_key, aws_kms_grant, aws_kms_key, aws_kinesis_analytics_application, aws_kinesis_stream, aws_kinesis_firehose_delivery_stream, aws_kinesis_video_stream, aws_lambda_alias, aws_lambda_event_source_mapping, aws_lambda_function, aws_lambda_function_event_invoke_config, aws_lambda_layer_version, aws_lambda_permission, aws_lambda_provisioned_concurrency_config, aws_licensemanager_association, aws_licensemanager_license_configuration, aws_lightsail_domain, aws_lightsail_instance, aws_lightsail_key_pair, aws_lightsail_static_ip, aws_lightsail_static_ip_attachment, aws_mq_broker, aws_mq_configuration, aws_macie_member_account_association, aws_macie_s3_bucket_association, aws_msk_cluster, aws_msk_configuration, aws_media_convert_queue, aws_media_package_channel, aws_media_store_container, aws_media_store_container_policy, aws_neptune_cluster, aws_neptune_cluster_instance, aws_neptune_cluster_parameter_group, aws_neptune_cluster_snapshot, aws_neptune_event_subscription, aws_neptune_parameter_group, aws_neptune_subnet_group, aws_opsworks_application, aws_opsworks_custom_layer, aws_opsworks_ganglia_layer, aws_opsworks_haproxy_layer, aws_opsworks_instance, aws_opsworks_java_app_layer, aws_opsworks_memcached_layer, aws_opsworks_mysql_layer, aws_opsworks_nodejs_app_layer, aws_opsworks_permission, aws_opsworks_php_app_layer, aws_opsworks_rails_app_layer, aws_opsworks_rds_db_instance, aws_opsworks_stack, aws_opsworks_static_web_layer, aws_opsworks_user_profile, aws_organizations_account, aws_organizations_organization, aws_organizations_organizational_unit, aws_organizations_policy, aws_organizations_policy_attachment, aws_pinpoint_adm_channel, aws_pinpoint_apns_channel, aws_pinpoint_apns_sandbox_channel, aws_pinpoint_apns_voip_channel, aws_pinpoint_apns_voip_sandbox_channel, aws_pinpoint_app, aws_pinpoint_baidu_channel, aws_pinpoint_email_channel, aws_pinpoint_event_stream, aws_pinpoint_gcm_channel, aws_pinpoint_sms_channel, aws_qldb_ledger, aws_quicksight_group, aws_quicksight_user, aws_ram_principal_association, aws_ram_resource_association, aws_ram_resource_share, aws_ram_resource_share_accepter, aws_db_cluster_snapshot, aws_db_event_subscription, aws_db_instance, aws_db_instance_role_association, aws_db_option_group, aws_db_parameter_group, aws_db_security_group, aws_db_snapshot, aws_db_subnet_group, aws_rds_cluster, aws_rds_cluster_endpoint, aws_rds_cluster_instance, aws_rds_cluster_parameter_group, aws_rds_global_cluster, aws_redshift_cluster, aws_redshift_event_subscription, aws_redshift_parameter_group, aws_redshift_security_group, aws_redshift_snapshot_copy_grant, aws_redshift_snapshot_schedule, aws_redshift_snapshot_schedule_association, aws_redshift_subnet_group, aws_resourcegroups_group, aws_route53_delegation_set, aws_route53_health_check, aws_route53_query_log, aws_route53_record, aws_route53_zone, aws_route53_zone_association, aws_route53_resolver_endpoint, aws_route53_resolver_rule, aws_route53_resolver_rule_association, aws_s3_access_point, aws_s3_account_public_access_block, aws_s3_bucket, aws_s3_bucket_analytics_configuration, aws_s3_bucket_inventory, aws_s3_bucket_metric, aws_s3_bucket_notification, aws_s3_bucket_object, aws_s3_bucket_policy, aws_s3_bucket_public_access_block, aws_ses_active_receipt_rule_set, aws_ses_configuration_set, aws_ses_domain_dkim, aws_ses_domain_identity, aws_ses_domain_identity_verification, aws_ses_domain_mail_from, aws_ses_email_identity, aws_ses_event_destination, aws_ses_identity_notification_topic, aws_ses_identity_policy, aws_ses_receipt_filter, aws_ses_receipt_rule, aws_ses_receipt_rule_set, aws_ses_template, aws_sns_platform_application, aws_sns_sms_preferences, aws_sns_topic, aws_sns_topic_policy, aws_sns_topic_subscription, aws_sqs_queue, aws_sqs_queue_policy, aws_ssm_activation, aws_ssm_association, aws_ssm_document, aws_ssm_maintenance_window, aws_ssm_maintenance_window_target, aws_ssm_maintenance_window_task, aws_ssm_parameter, aws_ssm_patch_baseline, aws_ssm_patch_group, aws_ssm_resource_data_sync, aws_swf_domain, aws_sagemaker_endpoint, aws_sagemaker_endpoint_configuration, aws_sagemaker_model, aws_sagemaker_notebook_instance, aws_sagemaker_notebook_instance_lifecycle_configuration, aws_secretsmanager_secret, aws_secretsmanager_secret_rotation, aws_secretsmanager_secret_version, aws_securityhub_account, aws_securityhub_member, aws_securityhub_product_subscription, aws_securityhub_standards_subscription, aws_servicecatalog_portfolio, aws_service_discovery_http_namespace, aws_service_discovery_private_dns_namespace, aws_service_discovery_public_dns_namespace, aws_service_discovery_service, aws_servicequotas_service_quota, aws_shield_protection, aws_simpledb_domain, aws_sfn_activity, aws_sfn_state_machine, aws_storagegateway_cache, aws_storagegateway_cached_iscsi_volume, aws_storagegateway_gateway, aws_storagegateway_nfs_file_share, aws_storagegateway_smb_file_share, aws_storagegateway_upload_buffer, aws_storagegateway_working_storage, aws_transfer_server, aws_transfer_ssh_key, aws_transfer_user, aws_customer_gateway, aws_default_network_acl, aws_default_route_table, aws_default_security_group, aws_default_subnet, aws_default_vpc, aws_default_vpc_dhcp_options, aws_egress_only_internet_gateway, aws_flow_log, aws_internet_gateway, aws_main_route_table_association, aws_nat_gateway, aws_network_acl, aws_network_acl_rule, aws_network_interface, aws_network_interface_attachment, aws_network_interface_sg_attachment, aws_route, aws_route_table, aws_route_table_association, aws_security_group, aws_security_group_rule, aws_subnet, aws_vpc, aws_vpc_dhcp_options, aws_vpc_dhcp_options_association, aws_vpc_endpoint, aws_vpc_endpoint_connection_notification, aws_vpc_endpoint_route_table_association, aws_vpc_endpoint_service, aws_vpc_endpoint_service_allowed_principal, aws_vpc_endpoint_subnet_association, aws_vpc_ipv4_cidr_block_association, aws_vpc_peering_connection, aws_vpc_peering_connection_accepter, aws_vpc_peering_connection_options, aws_vpn_connection, aws_vpn_connection_route, aws_vpn_gateway, aws_vpn_gateway_attachment, aws_vpn_gateway_route_propagation, aws_waf_byte_match_set, aws_waf_geo_match_set, aws_waf_ipset, aws_waf_rate_based_rule, aws_waf_regex_match_set, aws_waf_regex_pattern_set, aws_waf_rule, aws_waf_rule_group, aws_waf_size_constraint_set, aws_waf_sql_injection_match_set, aws_waf_web_acl, aws_waf_xss_match_set, aws_wafregional_byte_match_set, aws_wafregional_geo_match_set, aws_wafregional_ipset, aws_wafregional_rate_based_rule, aws_wafregional_regex_match_set, aws_wafregional_regex_pattern_set, aws_wafregional_rule, aws_wafregional_rule_group, aws_wafregional_size_constraint_set, aws_wafregional_sql_injection_match_set, aws_wafregional_web_acl, aws_wafregional_web_acl_association, aws_wafregional_xss_match_set, aws_wafv2_ip_set, aws_wafv2_regex_pattern_set, aws_wafv2_rule_group, aws_wafv2_web_acl, aws_wafv2_web_acl_association, aws_wafv2_web_acl_logging_configuration, aws_worklink_fleet, aws_worklink_website_certificate_authority_association, aws_workspaces_directory, aws_workspaces_ip_group, aws_workspaces_workspace, aws_xray_sampling_rule, aws_route53_vpc_association_authorization, aws_acmpca_certificate, aws_acmpca_certificate_authority_certificate, aws_cloudfront_key_group, aws_cloudwatch_query_definition, aws_cognito_user_pool_ui_customization, aws_ecr_registry_policy, aws_ecr_replication_configuration, aws_ecrpublic_repository, aws_eks_addon, aws_kinesis_stream_consumer, aws_kinesisanalyticsv2_application_snapshot, aws_lightsail_instance_public_ports, aws_mwaa_environment, aws_route53_hosted_zone_dnssec, aws_route53_resolver_firewall_domain_list, aws_route53_resolver_firewall_rule_group, aws_sagemaker_app, aws_securityhub_insight]

  • ]
  • severity SeverityTypeBig[] required

    Possible values: [CRITICAL, HIGH, MEDIUM, LOW, INFO]

Loading...