이 페이지는 아직 한국어로 제공되지 않습니다. 번역 작업 중입니다.
현재 번역 프로젝트에 대한 질문이나 피드백이 있으신 경우 언제든지 연락주시기 바랍니다.

Entity Risk Scores

Retrieves security risk scores for entities in your organization.

List Entity Risk Scores

v2 (latest)

Note: This endpoint is in public beta and it’s subject to change. If you have any feedback, contact Datadog support.

GET https://api.ap1.datadoghq.com/api/v2/security-entities/risk-scoreshttps://api.ap2.datadoghq.com/api/v2/security-entities/risk-scoreshttps://api.datadoghq.eu/api/v2/security-entities/risk-scoreshttps://api.ddog-gov.com/api/v2/security-entities/risk-scoreshttps://api.datadoghq.com/api/v2/security-entities/risk-scoreshttps://api.us3.datadoghq.com/api/v2/security-entities/risk-scoreshttps://api.us5.datadoghq.com/api/v2/security-entities/risk-scores

개요

Get a list of entity risk scores for your organization. Entity risk scores provide security risk assessment for entities like cloud resources, identities, or services based on detected signals, misconfigurations, and identity risks.

인수

쿼리 문자열

이름

유형

설명

from

integer

Start time for the query in Unix timestamp (milliseconds). Defaults to 2 weeks ago.

integer

End time for the query in Unix timestamp (milliseconds). Defaults to now.

page[size]

integer

Size of the page to return. Maximum is 1000.

page[number]

integer

Page number to return (1-indexed).

page[queryId]

string

Query ID for pagination consistency.

filter[sort]

string

Sort order for results. Format: field:direction where direction is asc or desc. Supported fields: riskScore, lastDetected, firstDetected, entityName, signalsDetected.

filter[query]

string

Supports filtering by entity attributes, risk scores, severity, and more. Example: severity:critical AND entityType:aws_iam_user

entityType

array

Filter by entity type(s). Can specify multiple values.

응답

Response containing a list of entity risk scores

Expand All

항목

유형

설명

data [required]

[object]

attributes [required]

object

Attributes of an entity risk score

meta [required]

object

Metadata for pagination

{
  "data": [
    {
      "attributes": {
        "configRisks": {
          "hasIdentityRisk": false,
          "hasMisconfiguration": true,
          "hasPrivilegedRole": true,
          "isPrivileged": false,
          "isProduction": true,
          "isPubliclyAccessible": true
        },
        "entityID": "arn:aws:iam::123456789012:user/john.doe",
        "entityMetadata": {
          "accountID": "123456789012",
          "environments": [
            "production",
            "us-east-1"
          ],
          "mitreTactics": [
            "Credential Access",
            "Privilege Escalation"
          ],
          "mitreTechniques": [
            "T1078",
            "T1098"
          ],
          "projectID": "my-gcp-project",
          "services": [
            "api-gateway",
            "lambda"
          ],
          "sources": [
            "cloudtrail",
            "cloud-security-posture-management"
          ],
          "subscriptionID": "a1b2c3d4-e5f6-7890-abcd-ef1234567890"
        },
        "entityName": "john.doe",
        "entityProviders": [
          "aws"
        ],
        "entityRoles": [
          "Admin",
          "Developer"
        ],
        "entityType": "aws_iam_user",
        "firstDetected": 1704067200000,
        "lastActivityTitle": "Suspicious API call detected",
        "lastDetected": 1705276800000,
        "riskScore": 85.5,
        "riskScoreEvolution": 12.3,
        "severity": "critical",
        "signalsDetected": 15
      },
      "id": "arn:aws:iam::123456789012:user/john.doe",
      "type": "security_entity_risk_score"
    }
  ],
  "meta": {
    "pageNumber": 1,
    "pageSize": 10,
    "queryId": "abc123def456",
    "totalRowCount": 150
  }
}

Bad Request

API error response.

Expand All

항목

유형

설명

errors [required]

[object]

A list of errors.

{
  "errors": [
    {
      "detail": "Missing required attribute in body",
      "meta": {},
      "source": {
        "header": "Authorization",
        "parameter": "limit",
        "pointer": "/data/attributes/title"
      },
      "status": "400",
      "title": "Bad Request"
    }
  ]
}

Unauthorized

API error response.

Expand All

항목

유형

설명

errors [required]

[object]

A list of errors.

{
  "errors": [
    {
      "detail": "Missing required attribute in body",
      "meta": {},
      "source": {
        "header": "Authorization",
        "parameter": "limit",
        "pointer": "/data/attributes/title"
      },
      "status": "400",
      "title": "Bad Request"
    }
  ]
}

Forbidden

API error response.

Expand All

항목

유형

설명

errors [required]

[object]

A list of errors.

{
  "errors": [
    {
      "detail": "Missing required attribute in body",
      "meta": {},
      "source": {
        "header": "Authorization",
        "parameter": "limit",
        "pointer": "/data/attributes/title"
      },
      "status": "400",
      "title": "Bad Request"
    }
  ]
}

Too many requests

API error response.

Expand All

항목

유형

설명

errors [required]

[string]

A list of errors.

{
  "errors": [
    "Bad Request"
  ]
}

코드 사례

                  # Curl command
curl -X GET "https://api.ap1.datadoghq.com"https://api.ap2.datadoghq.com"https://api.datadoghq.eu"https://api.ddog-gov.com"https://api.datadoghq.com"https://api.us3.datadoghq.com"https://api.us5.datadoghq.com/api/v2/security-entities/risk-scores" \
-H "Accept: application/json" \
-H "DD-API-KEY: ${DD_API_KEY}" \
-H "DD-APPLICATION-KEY: ${DD_APP_KEY}"

                