Get Issues

description obtain a collection of issues from wiz using targeted queries with specified variables for precise search results endpoint method post inputs json body (object) – required variables (object) – required after (string) use as a pagination argument to refine your results use the value returned by pageinfo endcursor from the previous response orderby (object) the query's results order can be asc or desc direction (string) field () the order field filterby (object) status (array) filter by issue handling status you can specify multiple values if no values are provided, then returns results from all statuses id (array) filter only issues that match these ids you can specify multiple values if no values are provided, then returns results from all issues search (string) free text search on issue title or object name returns null if no match is found frameworktegory (array) filter issues by security framework ids you can specify multiple values if no values are provided, then returns results from all framework categories stacklayer (array) filter issues from a specific stack layer (as defined by the control) you can specify multiple values if no values are provided, then returns results from all stack layers project (array) filter issues associated with these project ids you can specify multiple values if no values are provided, then returns results from all projects severity (array) filter issues according to control severity you can specify multiple values if no values are provided, then returns results from all severities sourcesecurityscan (string) filter by security scan source resolutionreason (array) filter issues by resolution reason you can specify multiple values if no values are provided, then returns results from all resolution reasons type (array) filter by issue type you can specify multiple values if no values are provided, then returns results from all issue types createdat (object) after (string) datetime in iso 8601 format before (string) datetime in iso 8601 format resolvedat (object) after (string) datetime in iso 8601 format before (string) datetime in iso 8601 format dueat (object) after (string) datetime in iso 8601 format before (string) datetime in iso 8601 format hasserviceticket (boolean) filter issues with or without related service ticket hasnote (boolean) filter issues with or without note hasremediation (boolean) filter issues with or without remediation hasautoremediation (boolean) filter issues with or without auto remediation statuschangedat (object) after (string) datetime in iso 8601 format before (string) datetime in iso 8601 format updatedat (object) – required after (string) datetime in iso 8601 format before (string) datetime in iso 8601 format hasduedate (boolean) filter issues with or without due date hasusernote (boolean) filter issues with or without notes created by the user sourcerule (object) id (array) filter issues from specific source rule ids (controls, cloud configuration rules, and cloud events) you can specify multiple values cloudeventrulesource (array) filter issues by the threat detection rule source you can specify multiple values relatedentity (object) type (array) filter issues by specific entity types you can specify multiple values if no values are provided, then returns results from all types ids (array) filter issues of specific entities according to their id you can specify multiple values if no values are provided, then returns results from all ids status (array) filter issues by entity status you can specify multiple values if no values are provided, then returns results from all statuses region (array) filter issues by entity region you can specify multiple values if no values are provided, then returns results from all regions subscriptionid (array) filter issues by the subscription id originating from the entity you can specify multiple values if no values are provided, then returns results from all subscription ids resourcegroupid (array) filter issues by entities contained in a specific resource group you can specify multiple values if no values are provided, then returns results from all resource group ids nativetype (array) filter issues by entity native type cloudplatform (array) filter issues by entity cloud platform you can specify multiple values if no values are provided, then returns results from all cloud platforms id (string) filter issues of a specific entity according to its id tag (array) filter issues by entity tag you can specify multiple values if no values are provided, then returns results from all tags output example \[ { "status code" 200, "response headers" { "date" "mon, 31 jul 2023 06 07 08 gmt", "content type" "application/json; charset=utf 8", "transfer encoding" "chunked", "connection" "keep alive", "content security policy" "default src 'self';base uri 'self';font src 'self' https data ;form action 'self';frame ancestors 'self';img src 'self' data ;object src 'none';script src 'self';script src attr 'none';style src 'self' https 'unsafe inline';upgrade insecure requests", "cross origin embedder policy" "require corp", "cross origin opener policy" "same origin", "cross origin resource policy" "same origin", "x dns prefetch control" "off", "x frame options" "sameorigin", "strict transport security" "max age=15552000; includesubdomains", "x download options" "noopen", "x content type options" "nosniff", "origin agent cluster" "?1", "x permitted cross domain policies" "none", "referrer policy" "no referrer", "x xss protection" "0", "vary" "origin, accept encoding", "access control allow credentials" "true", "etag" "w/\\"183d 5017heaes1tblt8x3y3dwyohquu\\"", "content encoding" "gzip" }, "reason" "ok", "json body" { "data" { "issues" { "nodes" \[ { "id" "fff9cffd 64a7 412c 9535 cf837f4b0b40", "sourcerule" { " typename" "control", "id" "wc id 1335", "name" "eks principals assume roles that provide bind, escalate and impersonate permissions", "controldescription" "these eks principals assume roles that provide bind, escalate and impersonate permissions \n\nthe `bind` permission allows users to create bindings to roles with rights they do not already have the `escalate` permission allows users effectively escalate their privileges the `impersonate` permission allows users to impersonate and gain the rights of other users in the cluster running containers with these permissions has the potential to effectively allow privilege escalation to the cluster admin level ", "resolutionrecommendation" "to follow the principle of least privilege and minimize the risk of unauthorized access and data breaches, it is recommended not to grant `bind`, `escalate` or `impersonate` permissions ", "securitysubcategories" \[ { "title" "4 1 8 limit use of the bind, impersonate and escalate permissions in the kubernetes cluster level 1 (manual)", "category" { "name" "4 1 rbac and service accounts", "framework" { "name" "cis eks 1 2 0" } } }, { "title" "privileged principal", "category" { "name" "4 identity management", "framework" { "name" "wiz for risk assessment" } } }, { "title" "container security", "category" { "name" "9 container security", "framework" { "name" "wiz" } } }, { "title" "cluster misconfiguration", "category" { "name" "2 container & kubernetes security", "framework" { "name" "wiz for risk assessment" } } } ] }, "createdat" "2023 07 04t14 50 55 539558z", "updatedat" "2023 07 31t03 22 18 348299z", "dueat" null, "resolvedat" null, "statuschangedat" "2023 07 04t14 50 53 6446z", "projects" \[ { "id" "83b76efe a7b6 5762 8a53 8e8f59e68bd8", "name" "project 2", "slug" "project 2", "businessunit" "", "riskprofile" { "businessimpact" "mbi" } }, { "id" "af52828c 4eb1 5c4e 847c ebc3a5ead531", "name" "project 4", "slug" "project 4", "businessunit" "dev", "riskprofile" { "businessimpact" "mbi" } }, { "id" "d6ac50bb aec0 52fc 80ab bacd7b02f178", "name" "project1", "slug" "project1", "businessunit" "dev", "riskprofile" { "businessimpact" "mbi" } } ], "status" "open", "severity" "informational", "entitysnapshot" { "id" "e507d472 b7da 5f05 9b25 72a271336b14", "type" "access role", "nativetype" "clusterrole", "name" "system\ aggregate to edit", "status" null, "cloudplatform" "kubernetes", "cloudproviderurl" "", "providerid" "k8s/clusterrole/aaa8e7ca2bf9bc85a75d5bbdd8ffd08d69f8852782a6341c3c3519bac0f24ae9/system\ aggregate to edit/12", "region" "", "resourcegroupexternalid" "", "subscriptionexternalid" "998231069301", "subscriptionname" "wiz integrations", "subscriptiontags" {}, "tags" { "kubernetes io/bootstrapping" "rbac defaults", "rbac authorization k8s io/aggregate to edit" "true" }, "externalid" "k8s/clusterrole/aaa8e7ca2bf9bc85a75d5bbdd8ffd08d69f8852782a6341c3c3519bac0f24ae9/system\ aggregate to edit/12" }, "servicetickets" \[], "notes" \[] }, { "id" "fff14d48 b808 4ed8 a5be b09e191b2df0", "sourcerule" { " typename" "control", "id" "wc id 485", "name" "eks users or service accounts that have permissions to create pods", "controldescription" "access to create new pods should be restricted to the smallest possible group of users ", "resolutionrecommendation" "where possible, remove `create` access to `pod` objects in the cluster ", "securitysubcategories" \[ { "title" "t1525 implant internal image", "category" { "name" "ta0003 persistence", "framework" { "name" "mitre att\&ck v13 matrix" } } }, { "title" "privileged principal", "category" { "name" "4 identity management", "framework" { "name" "wiz for risk assessment" } } }, { "title" "container security", "category" { "name" "9 container security", "framework" { "name" "wiz" } } }, { "title" "identity management", "category" { "name" "5 identity management", "framework" { "name" "wiz" } } }, { "title" "4 1 4 minimize access to create pods level 1 (manual)", "category" { "name" "4 1 policies rbac and service accounts", "framework" { "name" "cis eks 1 1 0" } } }, { "title" "t1578 002 modify cloud compute infrastructure create cloud instance", "category" { "name" "ta0005 defense evasion", "framework" { "name" "mitre att\&ck v13 matrix" } } }, { "title" "t1496 resource hijacking", "category" { "name" "ta0040 impact", "framework" { "name" "mitre att\&ck v13 matrix" } } }, { "title" "ta0004 t1078 004 valid accounts cloud accounts", "category" { "name" "ta0004 privilege escalation", "framework" { "name" "mitre att\&ck v13 matrix" } } }, { "title" "4 1 4 minimize access to create pods level 1 (manual)", "category" { "name" "4 1 rbac and service accounts", "framework" { "name" "cis eks 1 2 0" } } }, { "title" "cluster misconfiguration", "category" { "name" "2 container & kubernetes security", "framework" { "name" "wiz for risk assessment" } } } ] }, "createdat" "2023 07 04t14 50 52 773086z", "updatedat" "2023 07 31t03 22 15 495636z", "dueat" null, "resolvedat" null, "statuschangedat" "2023 07 04t14 50 52 528535z", "projects" \[ { "id" "83b76efe a7b6 5762 8a53 8e8f59e68bd8", "name" "project 2", "slug" "project 2", "businessunit" "", "riskprofile" { "businessimpact" "mbi" } }, { "id" "af52828c 4eb1 5c4e 847c ebc3a5ead531", "name" "project 4", "slug" "project 4", "businessunit" "dev", "riskprofile" { "businessimpact" "mbi" } }, { "id" "d6ac50bb aec0 52fc 80ab bacd7b02f178", "name" "project1", "slug" "project1", "businessunit" "dev", "riskprofile" { "businessimpact" "mbi" } } ], "status" "open", "severity" "informational", "entitysnapshot" { "id" "e92bc514 20e0 5175 ba56 613a4c389b19", "type" "service account", "nativetype" "serviceaccount", "name" "daemon set controller", "status" null, "cloudplatform" "kubernetes", "cloudproviderurl" "", "providerid" "k8s/serviceaccount/aaa8e7ca2bf9bc85a75d5bbdd8ffd08d69f8852782a6341c3c3519bac0f24ae9/kube system/daemon set controller", "region" "", "resourcegroupexternalid" "", "subscriptionexternalid" "998231069301", "subscriptionname" "wiz integrations", "subscriptiontags" {}, "tags" {}, "externalid" "k8s/serviceaccount/aaa8e7ca2bf9bc85a75d5bbdd8ffd08d69f8852782a6341c3c3519bac0f24ae9/kube system/daemon set controller" }, "servicetickets" \[], "notes" \[] } ], "pageinfo" { "hasnextpage" true, "endcursor" "eyjmawvszhmiolt7ikzpzwxkijoiswqilcjwywx1zsi6imzmzje0zdq4lwi4mdgtngvkoc1hnwjllwiwowuxotfimmrmmcj9xx0=" } } } } } ] output parameters status code (number) reason (string) json body (object) data (object) issues (object) nodes (array) id (string) sourcerule (object) typename (string) id (string) name (string) controldescription (string) resolutionrecommendation (string) securitysubcategories (array) title (string) category (object) name (string) framework (object) name (string) createdat (string) updatedat (string) dueat (object) resolvedat (object) statuschangedat (string) projects (array) id (string) name (string) slug (string) businessunit (string) riskprofile (object) businessimpact (string) status (string) severity (string) entitysnapshot (object) id (string) type (string) nativetype (string) name (string) status (object) cloudplatform (string) cloudproviderurl (string) providerid (string) region (string) resourcegroupexternalid (string) subscriptionexternalid (string) subscriptionname (string) subscriptiontags (object) tags (object) externalid (string) servicetickets (array) file name (string) – required file (string) – required notes (array) file name (string) – required file (string) – required pageinfo (object) hasnextpage (boolean) endcursor (string) response headers header type date string content type string transfer encoding string connection string content security policy string cross origin embedder policy string cross origin opener policy string cross origin resource policy string x dns prefetch control string x frame options string strict transport security string x download options string x content type options string origin agent cluster string x permitted cross domain policies string referrer policy string x xss protection string vary string access control allow credentials string etag string content encoding string