API Reference

Security Center

Copy Markdown

Open in Claude

Open in ChatGPT

Open in Cursor

---

Copy Markdown

View as Markdown

Insights

Retrieves Security Center Insights

GET/{accounts_or_zones}/{account_or_zone_id}/security-center/insights

Archives Security Center Insight

PUT/{accounts_or_zones}/{account_or_zone_id}/security-center/insights/{issue_id}/dismiss

ModelsExpand Collapse

InsightListResponse object { count, issues, page, per_page }

count: optional number

Indicates the total number of results.

issues: optional array of object { id, dismissed, has_extended_context, 11 more }

id: optional string

dismissed: optional boolean

has_extended_context: optional boolean

Indicates whether the insight has a large payload that requires fetching via the context endpoint.

issue_class: optional string

issue_type: optional IssueType

payload: optional object { detection_method, zone_tag }

detection_method: optional string

Describes the method used to detect insight.

zone_tag: optional string

resolve_link: optional string

resolve_text: optional string

severity: optional "Low" or "Moderate" or "Critical"

One of the following:

"Low"

"Moderate"

"Critical"

since: optional string

formatdate-time

status: optional "active" or "resolved"

The current status of the insight.

One of the following:

"active"

"resolved"

subject: optional string

timestamp: optional string

formatdate-time

user_classification: optional "false_positive" or "accept_risk" or "other"

User-defined classification for the insight. Can be ‘false_positive’, ‘accept_risk’, ‘other’, or null.

One of the following:

"false_positive"

"accept_risk"

"other"

page: optional number

Specifies the current page within paginated list of results.

per_page: optional number

Sets the number of results per page of results.

maximum1000

minimum1

InsightDismissResponse object { errors, messages, success }

errors: array of object { code, message, documentation_url, source }

code: number

minimum1000

message: string

documentation_url: optional string

source: optional object { pointer }

pointer: optional string

messages: array of object { code, message, documentation_url, source }

code: number

minimum1000

message: string

documentation_url: optional string

source: optional object { pointer }

pointer: optional string

success: true

Whether the API call was successful.

InsightsClass

Retrieves Security Center Insight Counts by Class

GET/{accounts_or_zones}/{account_or_zone_id}/security-center/insights/class

ModelsExpand Collapse

ClassGetResponse = array of object { count, value }

count: optional number

value: optional string

InsightsSeverity

Retrieves Security Center Insight Counts by Severity

GET/{accounts_or_zones}/{account_or_zone_id}/security-center/insights/severity

ModelsExpand Collapse

SeverityGetResponse = array of object { count, value }

count: optional number

value: optional string

InsightsType

Retrieves Security Center Insight Counts by Type

GET/{accounts_or_zones}/{account_or_zone_id}/security-center/insights/type

ModelsExpand Collapse

TypeGetResponse = array of object { count, value }

count: optional number

value: optional string

InsightsAudit Logs

Retrieves account or zone Audit Log

GET/{accounts_or_zones}/{account_or_zone_id}/security-center/insights/audit-log

Retrieves Issue Audit Log

GET/{accounts_or_zones}/{account_or_zone_id}/security-center/insights/{issue_id}/audit-log

ModelsExpand Collapse

AuditLogListResponse object { id, changed_at, changed_by, 6 more }

id: optional string

UUIDv7 identifier for the audit log entry, time-ordered.

formatuuid

changed_at: optional string

The timestamp when the change occurred.

formatdate-time

changed_by: optional string

The actor that made the change. ‘system’ for automated changes, or a user identifier.

current_value: optional string

The value of the field after the change. Null if the field was cleared.

field_changed: optional "status" or "user_classification"

The field that was changed.

One of the following:

"status"

"user_classification"

issue_id: optional string

The ID of the insight this audit log entry relates to.

previous_value: optional string

The value of the field before the change. Null if the field was not previously set.

rationale: optional string

Optional rationale provided for the change.

zone_id: optional number

The zone ID associated with the insight. Only present for zone-level insights.

formatint64

AuditLogListByInsightResponse object { id, changed_at, changed_by, 6 more }

id: optional string

UUIDv7 identifier for the audit log entry, time-ordered.

formatuuid

changed_at: optional string

The timestamp when the change occurred.

formatdate-time

changed_by: optional string

The actor that made the change. ‘system’ for automated changes, or a user identifier.

current_value: optional string

The value of the field after the change. Null if the field was cleared.

field_changed: optional "status" or "user_classification"

The field that was changed.

One of the following:

"status"

"user_classification"

issue_id: optional string

The ID of the insight this audit log entry relates to.

previous_value: optional string

The value of the field before the change. Null if the field was not previously set.

rationale: optional string

Optional rationale provided for the change.

zone_id: optional number

The zone ID associated with the insight. Only present for zone-level insights.

formatint64

InsightsClassification

Updates Security Center Insight Classification

PATCH/{accounts_or_zones}/{account_or_zone_id}/security-center/insights/{issue_id}/classification

ModelsExpand Collapse

ClassificationUpdateResponse object { errors, messages, success }

errors: array of object { code, message, documentation_url, source }

code: number

minimum1000

message: string

documentation_url: optional string

source: optional object { pointer }

pointer: optional string

messages: array of object { code, message, documentation_url, source }

code: number

minimum1000

message: string

documentation_url: optional string

source: optional object { pointer }

pointer: optional string

success: true

Whether the API call was successful.

InsightsContext

Retrieves Security Center Insight Context

GET/accounts/{account_id}/security-center/insights/{issue_id}/context

ModelsExpand Collapse

ContextGetResponse = map[unknown]