APIs

This page describes the API methods you can use to query parameters, dashboards, and security reports of your choice.

API Rate Limits

The API supports a maximum of 300 requests per minute.

Generate Access Tokens

You can generate access tokens for each API access call into your Controller by generating the token through the OAuth API.

Example of endpoint usage:

curl -X GET  'https://<controller address>/controller/argento/public-api/v1/applications' \
--header 'Authorization: Bearer <your-token-from-ouath-above>'

Get Application List

Get a list of applications based on the provided query parameters.

GET controller/argento/public-api/v1/applications

Parameters

NameTypeDescription
date string This is the date for nodes daily statistics count of the applications. This is in RFC3339 format. Example: 2023-05-25T00:10:01-02:00.
sort string This allows you to sort the applications by a specific field. Example: sort=applicationName .
order string The ascending or descending order of the applications.
filter string This allows you to filter the applications by a specific field. Example: filter=applicationName eq "application1".
max integer The maximum number of applications to return. Default: 10 .
offset integer The offset for pagination. Default: 0 .
applicationId integer This is the global application filter, which restricts outputs to one application. Use the field appdApplicationId value from the response.

Responses

Code 200

A successful retrieval of the application list:

{
  "items": [
    {
      "appdApplicationId": 0,
      "applicationCreatedAt": "string",
      "applicationId": "string",
      "applicationName": "string",
      "applicationSecurityEnabled": true,
      "applicationSecurityEnabledComputed": true,
      "countApmActive": 0,
      "countReady": 0,
      "countSecured": 0,
      "countSecurityEnabled": 0,
      "countSupportedAgent": 0
    }
  ],
  "total": 0
}
Code 400

A bad request:

{
  "error": "string"
}
Code 500

An internal server error:

{
  "error": "string"
}

Get Application Tiers

Get a list of tiers based a specific application and provided query parameters.

GET controller/argento/public-api/v1/applications/{applicationId}/tiers

Parameters

NameTypeDescription
applicationId string The required application ID used for specific application tier details.
date string This is the date in RFC3339 format. Example: 2023-05-25T00:10:01-02:00.
sort string This allows you to sort the applications by a specific field. Example: sort=applicationName .
order string The ascending or descending order of the applications.
filter string This allows you to filter the applications by a specific field. Example: filter=applicationName eq "application1" .
max integer The maximum number of applications to return. Default: 10 .
offset integer The offset for pagination. Default: 0.
applicationId integer This is the global application filter, which restricts outputs to one application.
tierId integer The global tier filter, which restricts outputs to one tier only. Use the appdTierId value from the response.

Responses

Code 200

A successful retrieval of the tier list of a specific application:

{
"items": [
{
"appdApplicationId": 0,
"appdTierId": 0,
"applicationName": "string",
"countApmActive": 0,
"countReady": 0,
"countSecured": 0,
"countSecurityEnabled": 0,
"countSupportedAgent": 0,
"id": "string",
"tierCreatedAt": "string",
"tierEnableSecurity": true,
"tierEnableSecurityStatus": true,
"tierName": "string"
}
],
"total": 0
}
Code 400

A bad request:

{
"error": "string"
}
Code 500

An internal server error:

{
"error": "string"
}

Get Application Nodes

Get a list of nodes based on a specific tier and provided query parameters.

GET controller/argento/public-api/v1/applications/{applicationId}/tiers/{tierId}/nodes

Parameters

NameTypeDescription
tierId integer Tier ID required for specific node details.
date string Date in RFC3339 format. Example: 2023-05-25T00:10:01-02:00.
sort string Sort the nodes by a specific field. Example: sort=nodeName .
order string Order of the sort field (asc or desc).
filter string Filter the nodes by a specific field. Example: filter=nodeName eq 'node1'.
max integer Maximum number of nodes to return. Default: 10 .
offset integer Offset for pagination. Default 0.

Responses

Code 200

Successful retrieval of node list.

Code 400

A bad request:

{
"error": "string"
}
Code 500

An internal server error:

{
"error": "string"
}

Get Attack List

This API call retrieves details of a specific attack if the attackSummaryId is provided, Otherwise, this API retrieves a list of attacks.

GET controller/argento/public-api/v1/attacks

Parameters

NameTypeDescription
startedAt string The start time of the transactions in RFC3339 format. Example: 2023-05-25T00:10:01-02:00.
endedAt string The end time of the transactions in RFC3339 format. Example: 2023-05-25T00:10:01-02:00.
sort string This allows you to sort the attacks by a specific field. Example: sort=attackName .
order string The ascending or descending order of the sort field.
filter string This allows you to filter the attacks by a specific field. Example: filter=attackName eq "dangerousOne" .
max integer The maximum number of attacks to return. Default: 10 .
offset integer The offset for pagination. The Default: 0 .
applicationId integer This is the global application filter, which restricts outputs to one application. Use appdApplicationId value from the response
tierId integer The global tier filter, which restricts outputs to one tier only. Use the appdTierId value from the response.

Responses

Code 200

A successful retrieval of the attack list or attack details:

{
  "items": [
    {
      "appdApplicationId": 0,
      "appdBtId": 0,
      "appdTierId": 0,
      "applicationId": "string",
      "applicationName": "string",
      "attackName": "string",
      "attackNote": "string",
      "attackOutcome": "string",
      "attackSource": "string",
      "attackStatus": "string",
      "attackSummaryId": "string",
      "attackTypes": "string",
      "btName": "string",
      "btUuid": "string",
      "firstSeenAt": "string",
      "keyInfo": "string",
      "lastSeenAt": "string",
      "tierId": "string",
      "tierName": "string"
    }
  ],
  "total": 0
}
Code 400

A bad request:

{
"error": "string"
}
Code 500

An internal server error:

{
"error": "string"
}

Get Attack Details

This API call retrieves details of a specific attack if the attackSummaryId is provided, Otherwise, this API retrieves a list of attacks.

GET controller/argento/public-api/v1/attacks/{attackSummaryId}

Parameters

NameTypeDescription
attackSummaryId string The required attack summary ID for specific attack details.
startedAt string The start time of the transactions in RFC3339 format. Example: 2023-05-25T00:10:01-02:00.
endedAt string The end time of the transactions in RFC3339 format. Example: 2023-05-25T00:10:01-02:00.
sort string This allows you to sort the attacks by a specific field. Example: sort=attackName .
order string The ascending or descending order of the sort field.
filter string This allows you to filter the attacks by a specific field. Example: filter=attackName eq "dangerousOne" .
max integer The maximum number of attacks to return. Default: 10 .
offset integer The offset for pagination. The Default: 0 .
applicationId integer This is the global application filter, which restricts outputs to one application. Use appdApplicationId value from the response
tierId integer The global tier filter, which restricts outputs to one tier only. Use the appdTierId value from the response.

Responses

Code 200

A successful retrieval of the attack list or attack details:

{
  "items": [
    {
      "appdApplicationId": 0,
      "appdBtId": 0,
      "appdTierId": 0,
      "applicationId": "string",
      "applicationName": "string",
      "attackName": "string",
      "attackNote": "string",
      "attackOutcome": "string",
      "attackSource": "string",
      "attackStatus": "string",
      "attackSummaryId": "string",
      "attackTypes": "string",
      "btName": "string",
      "btUuid": "string",
      "firstSeenAt": "string",
      "keyInfo": "string",
      "lastSeenAt": "string",
      "tierId": "string",
      "tierName": "string"
    }
  ],
  "total": 0
}
Code 400

A bad request:

{
"error": "string"
}
Code 500

An internal server error:

{
"error": "string"
}

Get Business Transaction List

This API call retrieves a list of business transactions based on the provided query parameters.

GET controller/argento/public-api/v1/businessTransactions

Parameters

NameTypeDescription
startedAt string The start time of the transactions in RFC3339 format. Example: 2023-05-25T00:10:01-02:00.
endedAt string The end time of the transactions in RFC3339 format. Example: 2023-05-25T00:10:01-02:00.
sort string This allows you to sort the transactions by a specific field. Example: sort=businessTransactionNam e.
order string The ascending or descending order of the sort field.
filter string This allows you to filter the transactions by a specific field. Example: filter=businessTransactionName eq "businessOne" .
max integer The maximum number of transactions to return. Default: 10 .
offset integer The offset for pagination. Default: 0 .
applicationId integer This is the global application filter, which restricts outputs to one application. Use appdApplicationId value from the response.
tierId integer The global tier filter, which restricts outputs to one tier only. Use the appdTierId value from the response.

Responses

Code 200

A successful retrieval of the business transaction list:

{
"items": [
{
"appdApplicationId": 0,
"appdBusinessTransactionId": 0,
"applicationId": "string",
"applicationName": "string",
"attackOutcomeCountAttempted": 0,
"attackOutcomeCountBlocked": 0,
"attackOutcomeCountExploited": 0,
"brmTitle": "string",
"businessRiskScore": 0,
"businessTransactionId": "string",
"businessTransactionName": "string",
"entryTierAppdId": 0,
"entryTierId": "string",
"entryTierName": "string",
"riskScore": 0,
"severityCountCritical": 0,
"severityCountHigh": 0,
"severityCountLow": 0,
"severityCountMedium": 0,
"tierCount": 0,
"totalAttackCount": 0,
"totalVulnCount": 0
}
],
"total": 0
}
Code 400

A bad request:

{
"error": "string"
}
Code 500

An internal server error:

{
"error": "string"
}

Get Business Transaction Details

This API call retrieves details of a business transaction based on the provided query parameters.

GET controller/argento/public-api/v1/businessTransactions/{businessTransactionId}

Parameters

NameTypeDescription
businessTransactionId string This is the required business transaction ID.

Responses

Code 200

A successful and detailed retrieval of a specific business transaction:

{
"appdApplicationId": 0,
"appdBusinessTransactionId": 0,
"applicationName": "string",
"brmTitle": "string",
"businessRiskScore": 0,
"businessTransactionName": "string",
"entryTierAppdId": 0,
"entryTierName": "string",
"riskScore": 0,
"riskScoreCard": "string"
}
Code 400

A bad request:

{
"error": "string"
}
Code 500

An internal server error:

{
"error": "string"
}

Get Library List

Get a list of libraries based on the provided query parameters.

GET controller/argento/public-api/v1/libraries

Parameters

NameTypeDescription
startedAt string The start time of the transactions in RFC3339 format. Example: 2023-05-25T00:10:01-02:00.
endedAt string The end time of the transactions in RFC3339 format. Example: 2023-05-25T00:10:01-02:00.
sort string This allows you to sort the libraries by a specific field. Example: sort=applicationName .
order string The ascending or descending order of the sort field.
filter string This allows you to filter the libraries by a specific field. Example: filter=applicationName eq "application1" .
max integer The maximum number of libraries to return. Default: 10 .
offset integer The offset for pagination. Default: 0.
applicationId integer This is the global application filter, which restricts outputs to one application. Use appdApplicationId value from the response
tierId integer The global tier filter, which restricts outputs to one tier only. Use the appdTierId value from the response.
filePathstringThe location of the file system, which identifies that the node has a file to that path. This also identifies that the library is from your application.

Responses

Code 200

A successful retrieval of the library list:

{
  "items": [
    {
      "active_internet_breach": true,
      "affectedNodeCount": 0,
      "appdApplicationId": 0,
      "appdTierId": 0,
      "applicationName": "string",
      "easily_exploitable": true,
      "kennaRiskScore": 0,
      "libraryId": "string",
      "malware_exploitable": true,
      "packageCanonicalName": "string",
      "packageId": "string",
      "packageLanguage": "string",
      "packageName": "string",
      "packageVersion": "string",
      "popular_target": true,
      "predicted_exploitable": true,
      "recommendedVersion": "string",
      "remote_code_execution": true,
      "riskScore": 0,
      "severity": "string",
      "severityCountCritical": 0,
      "severityCountHigh": 0,
      "severityCountLow": 0,
      "severityCountMedium": 0,
      "status": "string",
      "tierName": "string",
      "totalVulnCount": 0
    }
  ],
  "total": 0
}
Code 400

A bad request:

{
"error": "string"
}
Code 500

An internal server error:

{
"error": "string"
}

Get Library Details

Get details of a library based on the provided query parameters.

GET controller/argento/public-api/v1/libraries/{libraryId}

Parameters

NameTypeDescription
libraryId string The required library ID.
applicationId integer This is the global application filter, which restricts outputs to one application. Use appdApplicationId value from the response
tierId integer The global tier filter, which restricts outputs to one tier only. Use the appdTierId value from the response.
filePathstringThe location of the file system, which identifies that the node has a file to that path. This also identifies that the library is from your application.

Responses

Code 200

A successful and detailed retrieval of a specific library:

{
"active_internet_breach": true,
"affectedNodeCount": 0,
"appdApplicationId": 0,
"appdTierId": 0,
"applicationName": "string",
"easily_exploitable": true,
"kennaRiskScore": 0,
"libraryId": "string",
"malware_exploitable": true,
"packageCanonicalName": "string",
"packageId": "string",
"packageLanguage": "string",
"packageName": "string",
"packageVersion": "string",
"popular_target": true,
"predicted_exploitable": true,
"recommendedVersion": "string",
"remote_code_execution": true,
"riskScore": 0,
"severity": "string",
"severityCountCritical": 0,
"severityCountHigh": 0,
"severityCountLow": 0,
"severityCountMedium": 0,
"status": "string",
"tierName": "string",
"totalVulnCount": 0
}
Code 400

A bad request:

{
"error": "string"
}
Code 500

An internal server error:

{
"error": "string"
}

Get Business Risk Score

Get a business risk score by application and business transaction based on the provided query parameters.

GET controller/argento/public-api/v1/stats/businessRisk

Parameters

NameTypeDescription
btld string This is the business transaction ID.
applicationId integer This is the global application filter, which restricts outputs to one application. Use appdApplicationId value from the response
tierId integer The global tier filter, which restricts outputs to one tier only. Use the appdTierId value from the response.

Responses

Code 200

A successful retrieval of the business risk score:

{
"brmTitle": "string",
"businessRiskScore": 0
}
Code 204

Successful update, no content.

Code 400

A bad request:

{
"error": "string"
}
Code 404

Resource not found:

{
"error": "string"
}
Code 500

An internal server error:

{
"error": "string"
}

Get Vulnerability List

Get a list of vulnerabilities based on the provided query parameters.

GET controller/argento/public-api/v1/vulnerabilities

Parameters

NameTypeDescription
startedAt string The start time of the transactions in RFC3339 format. Example: 2023-05-25T00:10:01-02:00.
endedAt string The end time of the transactions in RFC3339 format. Example: 2023-05-25T00:10:01-02:00.
sort string This allows you to sort the vulnerabilities by a specific field. Example: sort=cweName .
order string The ascending or descending order of the sort field.
filter string This allows you to filter the vulnerabilities by a specific field. Example: filter=cweName eq "CW-94".
max integer The maximum number of libraries to return. Default: 10 .
offset integer The offset for pagination. Default: 0 .
applicationId integer This is the global application filter, which restricts outputs to one application. Use appdApplicationId value from the response
tierId integer The global tier filter, which restricts outputs to one tier only. Use the appdTierId value from the response.

Responses

Code 200

A successful retrieval of the vulnerability list:

{
"items": [
{
"active_internet_breach": true,
"affectedNodeCount": 0,
"appdApplicationId": 0,
"appdTierId": 0,
"applicationName": "string",
"attackSummaryId": "string",
"cveId": "string",
"cveName": "string",
"cvePublishDate": "string",
"cveTitle": "string",
"cweName": "string",
"easily_exploitable": true,
"firstSeenAt": "string",
"hasAttacks": true,
"hasEvent": true,
"hasObservations": true,
"incidentId": "string",
"kennaScore": 0,
"lastSeenAt": "string",
"libraryId": "string",
"malware_exploitable": true,
"packageCanonicalName": "string",
"packageId": "string",
"packageLanguage": "string",
"popular_target": true,
"predicted_exploitable": true,
"remediation": "string",
"remote_code_execution": true,
"riskScore": 0,
"severity": "string",
"status": "Unknown",
"tierId": "string",
"tierName": "string"
}
],
"total": 0
}
Code 400

A bad request:

{
"error": "string"
}
Code 500

An internal server error:

{
"error": "string"
}

Get Vulnerability Details

This API call retrieves details of a vulnerability based on the provided query parameters.

GET controller/argento/public-api/v1/vulnerabilities/{cveId}

Parameters

NameTypeDescription
cveId string The required CVE ID.

Responses

Code 200

A successful and detailed retrieval of a specific vulnerability.

{
"createdAt": "string",
"cveId": "string",
"cveTitle": "string",
"cvss3BaseScore": 0,
"cvss3VectorString": "string",
"cweName": "string",
"description": "string",
"kenna": {
"active_internet_breach": true,
"easily_exploitable": true,
"malware_exploitable": true,
"popular_target": true,
"predicted_exploitable": true,
"remote_code_execution": true,
"risk_score_meter": 0
},
"name": "string",
"nvdUrl": "string",
"publishDate": "string",
"remediation": "string",
"severity": "string",
"updatedAt": "string"
}
Code 400

A bad request:

{
"error": "string"
}
Code 500

An internal server error:

{
"error": "string"
}

Get Tier Nodes

Get a list of nodes based on a specific tier ID. 

GET controller/argento/public-api/v1/tiers/{tierId}/nodes

Parameters

NameTypeDescription
tierId integer Tier ID that you want to get node details for.
date string Date in RFC3339 format. Example: 2023-05-25T00:10:01-02:00.
sort string Sort the applications by a specific field. Example: sort=applicationName.
order string Order of the sort field (asc or desc).
filter string Filter the nodes by a specific field. Example: filter=nodeName eq 'node1'.
max integer Maximum number of nodes to return. Default: 10 .
offset integer Offset for pagination. Default 0.

Responses

Code 200

Successful retrieval of node list.

Code 400

A bad request:

{
"error": "string"
}
Code 500

An internal server error:

{
"error": "string"
}

Update the Security Status for an Application

Updates the securityEnabled status for a specific application based on the provided resource ID. 

PATCH controller/argento/public-api/v1/applications/{resourceId}

Parameters

NameTypeDescription
resourceId string Resource ID of the application (UUID format). Required.
body object JSON body containing the securityEnabled status. Required.

Example:

{
  "securityEnabled": true
}

Responses

Code 204

Successful update, no content.

Code 400

Invalid request (such as missing or invalid parameters):

{
"error": "string"
}
Code 404

Resource not found:

{
"error": "string"
}
Code 500

Internal server error: 

{
"error": "string"
}

Update the Security Status for a Node

Updates the securityEnabled status for a specific node based on the provided resource ID. 

PATCH controller/argento/public-api/v1/nodes/{resourceId}

Parameters

NameTypeDescription
resourceId string Resource ID of the node (UUID format). Required.
body object JSON body containing the securityEnabled status. Required.

Responses

Code 204

Successful update, no content.

Code 400

Invalid request (such as missing or invalid parameters):

{
"error": "string"
}
Code 404

Resource not found:

{
"error": "string"
}
Code 500

Internal server error: 

{
"error": "string"
}

Update the Security Status for a Tier

Updates the securityEnabled status for a specific tier based on the provided resource ID. 

PATCH controller/argento/public-api/v1/tiers/{resourceId}

Parameters

NameTypeDescription
resourceId string Resource ID of the tier (UUID format). Required.
body object JSON body containing the securityEnabled status. Required.

Example:

{
  "securityEnabled": true
}

Responses

Code 204

Successful update, no content.

Code 400

Invalid request (such as missing or invalid parameters):

{
"error": "string"
}
Code 404

Resource not found:

{
"error": "string"
}
Code 500

Internal server error: 

{
"error": "string"
}