API Reference

Copy Markdown

Open in Claude

Open in ChatGPT

Open in Cursor

---

Copy Markdown

View as Markdown

Security Center

Security CenterInsights

Retrieves Security Center Insights

client.securityCenter.insights.list(InsightListParams { account_id, zone_id, dismissed, 12 more } params?, RequestOptionsoptions?): V4PagePagination<InsightListResponse { count, issues, page, per_page } >

GET/{accounts_or_zones}/{account_or_zone_id}/security-center/insights

Archives Security Center Insight

client.securityCenter.insights.dismiss(stringissueId, InsightDismissParams { account_id, zone_id, dismiss } params, RequestOptionsoptions?): InsightDismissResponse { errors, messages, success }

PUT/{accounts_or_zones}/{account_or_zone_id}/security-center/insights/{issue_id}/dismiss

ModelsExpand Collapse

InsightListResponse { count, issues, page, per_page }

count?: number

Indicates the total number of results.

issues?: Array<Issue>

id?: string

dismissed?: boolean

has_extended_context?: boolean

Indicates whether the insight has a large payload that requires fetching via the context endpoint.

issue_class?: string

issue_type?: IssueType

payload?: Payload { detection_method, zone_tag }

detection_method?: string

Describes the method used to detect insight.

zone_tag?: string

resolve_link?: string

resolve_text?: string

severity?: "Low" | "Moderate" | "Critical"

One of the following:

"Low"

"Moderate"

"Critical"

since?: string

formatdate-time

status?: "active" | "resolved"

The current status of the insight.

One of the following:

"active"

"resolved"

subject?: string

timestamp?: string

formatdate-time

user_classification?: "false_positive" | "accept_risk" | "other" | null

User-defined classification for the insight. Can be ‘false_positive’, ‘accept_risk’, ‘other’, or null.

One of the following:

"false_positive"

"accept_risk"

"other"

page?: number

Specifies the current page within paginated list of results.

per_page?: number

Sets the number of results per page of results.

maximum1000

minimum1

InsightDismissResponse { errors, messages, success }

errors: Array<Error>

code: number

minimum1000

message: string

documentation_url?: string

source?: Source { pointer }

pointer?: string

messages: Array<Message>

code: number

minimum1000

message: string

documentation_url?: string

source?: Source { pointer }

pointer?: string

success: true

Whether the API call was successful.

Security CenterInsightsClass

Retrieves Security Center Insight Counts by Class

client.securityCenter.insights.class.get(ClassGetParams { account_id, zone_id, dismissed, 10 more } params?, RequestOptionsoptions?): ClassGetResponse { count, value }

GET/{accounts_or_zones}/{account_or_zone_id}/security-center/insights/class

ModelsExpand Collapse

ClassGetResponse = Array<ClassGetResponseItem>

count?: number

value?: string

Security CenterInsightsSeverity

Retrieves Security Center Insight Counts by Severity

client.securityCenter.insights.severity.get(SeverityGetParams { account_id, zone_id, dismissed, 10 more } params?, RequestOptionsoptions?): SeverityGetResponse { count, value }

GET/{accounts_or_zones}/{account_or_zone_id}/security-center/insights/severity

ModelsExpand Collapse

SeverityGetResponse = Array<SeverityGetResponseItem>

count?: number

value?: string

Security CenterInsightsType

Retrieves Security Center Insight Counts by Type

client.securityCenter.insights.type.get(TypeGetParams { account_id, zone_id, dismissed, 10 more } params?, RequestOptionsoptions?): TypeGetResponse { count, value }

GET/{accounts_or_zones}/{account_or_zone_id}/security-center/insights/type

ModelsExpand Collapse

TypeGetResponse = Array<TypeGetResponseItem>

count?: number

value?: string

Security CenterInsightsAudit Logs

Retrieves account or zone Audit Log

client.securityCenter.insights.auditLogs.list(AuditLogListParams { account_id, zone_id, before, 6 more } params?, RequestOptionsoptions?): CursorPagination<AuditLogListResponse { id, changed_at, changed_by, 6 more } >

GET/{accounts_or_zones}/{account_or_zone_id}/security-center/insights/audit-log

Retrieves Issue Audit Log

client.securityCenter.insights.auditLogs.listByInsight(stringissueId, AuditLogListByInsightParams { account_id, zone_id, before, 6 more } params?, RequestOptionsoptions?): CursorPagination<AuditLogListByInsightResponse { id, changed_at, changed_by, 6 more } >

GET/{accounts_or_zones}/{account_or_zone_id}/security-center/insights/{issue_id}/audit-log

ModelsExpand Collapse

AuditLogListResponse { id, changed_at, changed_by, 6 more }

id?: string

UUIDv7 identifier for the audit log entry, time-ordered.

formatuuid

changed_at?: string

The timestamp when the change occurred.

formatdate-time

changed_by?: string

The actor that made the change. ‘system’ for automated changes, or a user identifier.

current_value?: string | null

The value of the field after the change. Null if the field was cleared.

field_changed?: "status" | "user_classification"

The field that was changed.

One of the following:

"status"

"user_classification"

issue_id?: string

The ID of the insight this audit log entry relates to.

previous_value?: string | null

The value of the field before the change. Null if the field was not previously set.

rationale?: string | null

Optional rationale provided for the change.

zone_id?: number

The zone ID associated with the insight. Only present for zone-level insights.

formatint64

AuditLogListByInsightResponse { id, changed_at, changed_by, 6 more }

id?: string

UUIDv7 identifier for the audit log entry, time-ordered.

formatuuid

changed_at?: string

The timestamp when the change occurred.

formatdate-time

changed_by?: string

The actor that made the change. ‘system’ for automated changes, or a user identifier.

current_value?: string | null

The value of the field after the change. Null if the field was cleared.

field_changed?: "status" | "user_classification"

The field that was changed.

One of the following:

"status"

"user_classification"

issue_id?: string

The ID of the insight this audit log entry relates to.

previous_value?: string | null

The value of the field before the change. Null if the field was not previously set.

rationale?: string | null

Optional rationale provided for the change.

zone_id?: number

The zone ID associated with the insight. Only present for zone-level insights.

formatint64

Security CenterInsightsClassification

Updates Security Center Insight Classification

client.securityCenter.insights.classification.update(stringissueId, ClassificationUpdateParams { account_id, zone_id, classification, rationale } params, RequestOptionsoptions?): ClassificationUpdateResponse { errors, messages, success }

PATCH/{accounts_or_zones}/{account_or_zone_id}/security-center/insights/{issue_id}/classification

ModelsExpand Collapse

ClassificationUpdateResponse { errors, messages, success }

errors: Array<Error>

code: number

minimum1000

message: string

documentation_url?: string

source?: Source { pointer }

pointer?: string

messages: Array<Message>

code: number

minimum1000

message: string

documentation_url?: string

source?: Source { pointer }

pointer?: string

success: true

Whether the API call was successful.

Security CenterInsightsContext

Retrieves Security Center Insight Context

client.securityCenter.insights.context.get(stringissueId, ContextGetParams { account_id } params, RequestOptionsoptions?): ContextGetResponse

GET/accounts/{account_id}/security-center/insights/{issue_id}/context

ModelsExpand Collapse

ContextGetResponse = Record<string, unknown>