Download OpenAPI specification:Download
Advanced Scan Scheduling API
Expedites scan for all the scannable targets that are descendants
of a given level of the topology (for example all hosts belonging to a given subnet).
Please note this operation will override all the Scan Schedules that targets belong to.
In case when targets are explicitly excluded
from scan functionality they will NOT
be scanned unless force=true
parameter has been set to true
.
Scan Now functionality moves the list of targets and their descendants
to the top of the scan queue, raising their scan priority, immediately marking them
as due to be scanned. It does not mean selected targets will be all scanned at once,
since scanning process is dependent on available resources in the form of Scan Appliances
deployed within the protected networks. In automatic
deployment mode Alert Logic
will address the demand by spinning-up additional Scan Appliances adhering to the
designated settings, while in manual
mode it is the responsibility of the user to
provide the sufficient number of active Scan Appliances to execute scans.
All the targets marked as due to be scanned will remain in such state until they have been scanned or scan requests have been cancelled.
account_id required | string |
deployment_id required | string <uuid> |
force | boolean or null Default: false Allows to override the exclusion rules applied to selected targets. Otherwise exclusion rules take precedence over expedited scan. |
type required | string Enum: "asset" "cidr" "ip_address" "ip_range" "tag" Indicates the concrete type of ScanScopeItem's object |
asset_type | string Enum: "deployment" "region" "network" "vpc" "subnet" "host" "external-ip" "external-dns-name" "agent" Specifies the type of the asset added to the scan scope. Following asset types are supported:
|
key required | string |
{- "type": "asset",
- "asset_type": "subnet",
- "key": "/aws/us-east-1/subnet/sub-03acf31d311531"
}
All scan jobs currently running against targets that are within the scope
defined by the ScanScopeItem
object, will be terminated.
Targets will not be re-enqueued until the next scan SLA period defined by
scan_frequency
parameter of a schedule that contains each of the targets.
account_id required | string |
deployment_id required | string <uuid> |
type required | string Enum: "asset" "cidr" "ip_address" "ip_range" "tag" Indicates the concrete type of ScanScopeItem's object |
asset_type | string Enum: "deployment" "region" "network" "vpc" "subnet" "host" "external-ip" "external-dns-name" "agent" Specifies the type of the asset added to the scan scope. Following asset types are supported:
|
key required | string |
{- "type": "asset",
- "asset_type": "subnet",
- "key": "/aws/us-east-1/subnet/sub-03acf31d311531"
}
All scan jobs currently running against targets that are within the scope
defined by the selected schedule, will be terminated.
Targets will not be re-enqueued until the next scan SLA period defined by
scan_frequency
parameter of the schedule.
account_id required | string |
deployment_id required | string <uuid> |
id required | string <uuid> |
This Post request does not specify the scan type and uses a default value (vulnerability).
So in this case, the validator only works for the following types of scanning: vulnerability
and discovery
.
Validates a list of supplied strings that represent IP Addresses,
checking for their correctness, as well as their alignment with the deployment's
protection scope.
This API always returns 200 OK status and provides the results of validation
using three arrays with respective status (valid
/invalid
/out_of_scope
).
In response API will cast valid IP Addresses into instatiations of
ScanScopeItem classes and those that are present in the valid
list
can be subsequently used in the Scan Schedule's Scope definition.
account_id required | string |
deployment_id required | string <uuid> |
[- "10.0.0.1",
- "10.0.1.0/24",
- "10.0.0.1 - 10.0.0.100",
- "10.0..0",
- "19216810",
- "192.168.1.300",
- "some non ip address string"
]
{- "valid": [
- {
- "type": "cidr",
- "value": "10.0.0.1/24"
}
], - "invalid": [
- "10.0..0",
- "19216810",
- "192.168.1.300",
- "some non ip address string"
], - "out_of_scope": [
- {
- "type": "cidr",
- "value": "10.0.0.1/24"
}
]
}
Validates a list of supplied strings that represent IP Addresses, checking for their correctness, as well as their alignment with the deployment's protection scope.
Depending on the value of the parameter {type_of_scan} different validation will be performed:
vulnerability
/discovery
/abs
- IP address or range will be validated against network CIDR ranges
that are in scope of the deployment. Additionally, IP addresses will be checked
if they belong to the list of restricted private IPv4 ranges, as defined in the following
IANA document
external
- external IP addresses are not being compared with deployment's
CIDR ranges, as all external assets are assumed to be within the scope of protection.
Additionally, IP addresses will be checked if they don't belong to the restricted
private IP ranges defined in the following
IANA document
Note: By default the parameter will be set to vulnerability
This API always returns 200 OK status and provides the results of validation
using three arrays with respective status (valid
/invalid
/out_of_scope
).
In response API will cast valid IP Addresses into instatiations of
ScanScopeItem classes and those that are present in the valid
list
can be subsequently used in the Scan Schedule's Scope definition.
account_id required | string |
deployment_id required | string <uuid> |
type_of_scan required | string or null Default: "vulnerability" Enum: "vulnerability" "external" "discovery" "abs" Validation for different types of scan occurs in different ways. |
[- "10.0.0.1",
- "10.0.1.0/24",
- "10.0.0.1 - 10.0.0.100",
- "10.0..0",
- "19216810",
- "192.168.1.300",
- "some non ip address string"
]
{- "valid": [
- {
- "type": "cidr",
- "value": "10.0.0.1/24"
}
], - "invalid": [
- "10.0..0",
- "19216810",
- "192.168.1.300",
- "some non ip address string"
], - "out_of_scope": [
- {
- "type": "cidr",
- "value": "10.0.0.1/24"
}
]
}
Lists supported timezones that can be used in ScanWindow
definition
[- {
- "tz_name": "Europe/Belfast",
- "status": "Canonical",
- "utc_offset": "+00:00",
- "dst_offset": "+01:00",
- "tz_link": "Europe/London",
- "dst": false
}
]
Lists scan schedules that belong to a particular deployment
account_id required | string |
deployment_id required | string <uuid> |
return_fields | Array of strings Items Enum: "id" "name" "enabled" "scan_frequency" "scan_window" "scope" Allows to specify fields of |
[- {
- "id": "497f6eca-6276-4993-bfeb-53cbbbba6f08",
- "name": "My Advanced Internal Scan Schedule 01",
- "default": false,
- "enabled": true,
- "type_of_scan": "vulnerability",
- "timezone": "Europe/Belfast",
- "scan_frequency": "weekly",
- "scan_windows": [
- {
- "type": "days_of_week",
- "start_time": "17:00",
- "end_time": "05:00",
- "days_of_week": [
- 1,
- 3,
- 4
]
}
], - "scan_scope": {
- "include_all_assets": false,
- "include": [
- {
- "type": "asset",
- "asset_type": "subnet",
- "key": "/aws/us-east-1/subnet/sub-03acf31d311531"
}
]
}, - "scan_options": [
- {
- "scan_ports": [
- {
- "ports": [
- 22,
- 3305
], - "proto": "t"
}
]
}
], - "created": {
- "at": "2019-08-24T14:15:22Z",
- "by": "9803dfd4-efbe-42f7-a2a0-ec43b67e871e"
}, - "modified": {
- "at": "2019-08-24T14:15:22Z",
- "by": "9803dfd4-efbe-42f7-a2a0-ec43b67e871e"
}
}
]
Create new Scan Schedule for a given deployment
account_id required | string |
deployment_id required | string <uuid> |
name | string |
enabled | boolean Default: true Specifies whether the schedule is active or not. |
type_of_scan | string Enum: "vulnerability" "external" "discovery" "abs" Specifies which type of scan the schedule should apply to. There are 4 types of scans
|
timezone | string or null Name of the timezone that should be used for the ScanSchedule object.
The list of all supported timezones can be obtained with This field is optional with |
scan_frequency | string Enum: "automatic" "daily" "weekly" "fortnightly" "monthly" "quarterly" "once" Specifies the SLA period of how frequently consecutive scans should target individual targets within the deployment. Depending on characteristicts of the workload or its compliance and security requirements, different targets (e.g. hosts, external ip addresses, networks) of a certain scanning scope (e.g. hosts within certain subnets or belonging to certain CIDR ranges) may require different frequency of scans. By setting By setting Please note when the same host effectively
belongs to two distinct Scan Schedules, the higher frequency (e.g. daily over weekly)
will be respected for both schedules and union of |
Array of ScanWindowSelectedDaysOfWeek (object) or ScanWindowSelectedDaysOfMonth (object) or ScanWindowContinuousPeriodWeekly (object) or ScanWindowContinuousPeriodMonthly (object) or ScanWindowSpecificDate (object) or ScanWindowContinuousQuarterly (object) or ScanWindowSelectedWeekdayOfMonth (object) or null Specifies the time periods when the Scan Schedule should be active. In case when there are no restrictions to the scanning periods and Scan Schedule
should be considered as "automatic", Please note there are four types of
For details please refer to the documentation of the above models. | |
object Specifies what assets are considered to be scanned within designated periods
defined by | |
Array of ScanOptionPorts (object) or null An optional list of Scan Options, that affect the scan configuration.
One of the supported options is a list of ports, applicable to |
{- "name": "My Advanced Internal Scan Schedule 01",
- "enabled": true,
- "type_of_scan": "vulnerability",
- "timezone": "Europe/Belfast",
- "scan_frequency": "weekly",
- "scan_windows": [
- {
- "type": "days_of_week",
- "start_time": "17:00",
- "end_time": "05:00",
- "days_of_week": [
- 1,
- 3,
- 4
]
}
], - "scan_scope": {
- "include_all_assets": false,
- "include": [
- {
- "type": "asset",
- "asset_type": "subnet",
- "key": "/aws/us-east-1/subnet/sub-03acf31d311531"
}
]
}, - "scan_options": [
- {
- "scan_ports": [
- {
- "ports": [
- 22,
- 3305
], - "proto": "t"
}
]
}
]
}
{- "id": "497f6eca-6276-4993-bfeb-53cbbbba6f08",
- "name": "My Advanced Internal Scan Schedule 01",
- "default": false,
- "enabled": true,
- "type_of_scan": "vulnerability",
- "timezone": "Europe/Belfast",
- "scan_frequency": "weekly",
- "scan_windows": [
- {
- "type": "days_of_week",
- "start_time": "17:00",
- "end_time": "05:00",
- "days_of_week": [
- 1,
- 3,
- 4
]
}
], - "scan_scope": {
- "include_all_assets": false,
- "include": [
- {
- "type": "asset",
- "asset_type": "subnet",
- "key": "/aws/us-east-1/subnet/sub-03acf31d311531"
}
]
}, - "scan_options": [
- {
- "scan_ports": [
- {
- "ports": [
- 22,
- 3305
], - "proto": "t"
}
]
}
], - "created": {
- "at": "2019-08-24T14:15:22Z",
- "by": "9803dfd4-efbe-42f7-a2a0-ec43b67e871e"
}, - "modified": {
- "at": "2019-08-24T14:15:22Z",
- "by": "9803dfd4-efbe-42f7-a2a0-ec43b67e871e"
}
}
Returns the scan schedule definition for a given id
.
account_id required | string |
deployment_id required | string <uuid> |
id required | string <uuid> |
{- "id": "497f6eca-6276-4993-bfeb-53cbbbba6f08",
- "name": "My Advanced Internal Scan Schedule 01",
- "default": false,
- "enabled": true,
- "type_of_scan": "vulnerability",
- "timezone": "Europe/Belfast",
- "scan_frequency": "weekly",
- "scan_windows": [
- {
- "type": "days_of_week",
- "start_time": "17:00",
- "end_time": "05:00",
- "days_of_week": [
- 1,
- 3,
- 4
]
}
], - "scan_scope": {
- "include_all_assets": false,
- "include": [
- {
- "type": "asset",
- "asset_type": "subnet",
- "key": "/aws/us-east-1/subnet/sub-03acf31d311531"
}
]
}, - "scan_options": [
- {
- "scan_ports": [
- {
- "ports": [
- 22,
- 3305
], - "proto": "t"
}
]
}
], - "created": {
- "at": "2019-08-24T14:15:22Z",
- "by": "9803dfd4-efbe-42f7-a2a0-ec43b67e871e"
}, - "modified": {
- "at": "2019-08-24T14:15:22Z",
- "by": "9803dfd4-efbe-42f7-a2a0-ec43b67e871e"
}
}
account_id required | string |
deployment_id required | string <uuid> |
id required | string <uuid> |
{- "id": "497f6eca-6276-4993-bfeb-53cbbbba6f08",
- "name": "My Advanced Internal Scan Schedule 01",
- "default": false,
- "enabled": true,
- "type_of_scan": "vulnerability",
- "timezone": "Europe/Belfast",
- "scan_frequency": "weekly",
- "scan_windows": [
- {
- "type": "days_of_week",
- "start_time": "17:00",
- "end_time": "05:00",
- "days_of_week": [
- 1,
- 3,
- 4
]
}
], - "scan_scope": {
- "include_all_assets": false,
- "include": [
- {
- "type": "asset",
- "asset_type": "subnet",
- "key": "/aws/us-east-1/subnet/sub-03acf31d311531"
}
]
}, - "scan_options": [
- {
- "scan_ports": [
- {
- "ports": [
- 22,
- 3305
], - "proto": "t"
}
]
}
], - "created": {
- "at": "2019-08-24T14:15:22Z",
- "by": "9803dfd4-efbe-42f7-a2a0-ec43b67e871e"
}, - "modified": {
- "at": "2019-08-24T14:15:22Z",
- "by": "9803dfd4-efbe-42f7-a2a0-ec43b67e871e"
}
}
Returns a summary of the selected schedule specified by id
.
account_id required | string |
deployment_id required | string <uuid> |
id required | string <uuid> |
return_fields | Array of strings Items Enum: "assets_number" "assets_in_sla" "assets_excluded" "assets_to_scan" "assets_being_scanned" "last_scan_date" "next_scan_date" "status" Allows to specify which of the fields of |
{- "assets_number": 964,
- "assets_in_sla": 950,
- "assets_excluded": 14,
- "assets_to_scan": 0,
- "last_scan_date": "2019-08-24T14:15:22Z",
- "next_scan_date": "2019-08-24T14:15:22Z",
- "status": "in_progress"
}