Risk
Retrieve Risk Details
https://api.entro.security/v1/risk/{RISK_GUID}Authorizations
AuthorizationstringRequiredPath parameters
RISK_GUIDstringRequiredQuery parameters
enableEnrichmentbooleanOptionalFlag to enable enrichment in the response
Responses
/v1/risk/{RISK_GUID}GET /v1/risk/{RISK_GUID} HTTP/1.1
Host: api.entro.security
Authorization: YOUR_API_KEY
Accept: */*curl -L \
--url 'https://api.entro.security/v1/risk/{RISK_GUID}' \
--header 'Authorization: YOUR_API_KEY' \
--header 'Accept: */*'const response = await fetch('https://api.entro.security/v1/risk/{RISK_GUID}', {
method: 'GET',
headers: {
"Authorization": "YOUR_API_KEY",
"Accept": "*/*"
},
});
const data = await response.json();import requests
response = requests.get(
"https://api.entro.security/v1/risk/{RISK_GUID}",
headers={"Authorization":"YOUR_API_KEY","Accept":"*/*"},
)
data = response.json(){
"guid": "RSK-1273",
"severity": "MEDIUM",
"owner": "adam.cheriki@acme.com",
"detectionTime": "1688302174",
"type": "EXPOSURE",
"rule": "EXPOSED_GITHUB",
"status": "OPEN",
"summary": "A secret of type Certificate is exposed inside 1 commit of the file 'exposure.cert' in the private GitHub repository called 'acme/test'.",
"threatDescription": "Storing secrets in a GitHub repository poses a serious security risk because it's often shared with multiple team members, or in some cases, publicly, which increases the risk of the sensitive information being leaked or misused.",
"payload": {
"tokenStatus": "ENABLED",
"tokenType": "CERTIFICATE",
"tokenSnippet": "----- BEGIN CERT...",
"organization": "acme",
"repository": "test",
"visibility": "PUBLIC",
"filename": "exposure.cert",
"commitAuthor": "adam.cheriki",
"commitUrl": "https://github.com/acme/test/commit/34567d343755bd123f82051681e206da99b400bb",
"commitDate": "2022-12-01T16:12:42Z"
},
"account": {
"environmentType": "PRODUCTION",
"environment": "Acme",
"accountId": "infosecmachine",
"accountType": "GITHUB"
}
}Get Risk Status
https://api.entro.security/v1/risk/{RISK_GUID}/statusAuthorizations
AuthorizationstringRequiredPath parameters
RISK_GUIDstringRequiredResponses
/v1/risk/{RISK_GUID}/statusGET /v1/risk/{RISK_GUID}/status HTTP/1.1
Host: api.entro.security
Authorization: YOUR_API_KEY
Accept: */*curl -L \
--url 'https://api.entro.security/v1/risk/{RISK_GUID}/status' \
--header 'Authorization: YOUR_API_KEY' \
--header 'Accept: */*'const response = await fetch('https://api.entro.security/v1/risk/{RISK_GUID}/status', {
method: 'GET',
headers: {
"Authorization": "YOUR_API_KEY",
"Accept": "*/*"
},
});
const data = await response.json();import requests
response = requests.get(
"https://api.entro.security/v1/risk/{RISK_GUID}/status",
headers={"Authorization":"YOUR_API_KEY","Accept":"*/*"},
)
data = response.json(){
"status": "IN_PROGRESS",
"entroUser": "adam.cheriki@acme.com",
"comment": "Working on it"
}Update Risk Status
https://api.entro.security/v1/risk/{RISK_GUID}/statusAuthorizations
AuthorizationstringRequiredPath parameters
RISK_GUIDstringRequiredBody
Responses
/v1/risk/{RISK_GUID}/statusPOST /v1/risk/{RISK_GUID}/status HTTP/1.1
Host: api.entro.security
Authorization: YOUR_API_KEY
Content-Type: application/json
Accept: */*
Content-Length: 50
{
"status": "IN_PROGRESS",
"comment": "Working on it"
}curl -L \
--request POST \
--url 'https://api.entro.security/v1/risk/{RISK_GUID}/status' \
--header 'Authorization: YOUR_API_KEY' \
--header 'Content-Type: application/json' \
--data '{
"status": "IN_PROGRESS",
"comment": "Working on it"
}'const response = await fetch('https://api.entro.security/v1/risk/{RISK_GUID}/status', {
method: 'POST',
headers: {
"Authorization": "YOUR_API_KEY",
"Content-Type": "application/json"
},
body: JSON.stringify({
"status": "IN_PROGRESS",
"comment": "Working on it"
})
});
const data = await response.json();import json
import requests
response = requests.post(
"https://api.entro.security/v1/risk/{RISK_GUID}/status",
headers={"Authorization":"YOUR_API_KEY","Content-Type":"application/json"},
data=json.dumps({
"status": "IN_PROGRESS",
"comment": "Working on it"
})
)
data = response.json()No content
Get Risk Owner
https://api.entro.security/v1/risk/{RISK_GUID}/ownerAuthorizations
AuthorizationstringRequiredPath parameters
RISK_GUIDstringRequiredResponses
/v1/risk/{RISK_GUID}/ownerGET /v1/risk/{RISK_GUID}/owner HTTP/1.1
Host: api.entro.security
Authorization: YOUR_API_KEY
Accept: */*curl -L \
--url 'https://api.entro.security/v1/risk/{RISK_GUID}/owner' \
--header 'Authorization: YOUR_API_KEY' \
--header 'Accept: */*'const response = await fetch('https://api.entro.security/v1/risk/{RISK_GUID}/owner', {
method: 'GET',
headers: {
"Authorization": "YOUR_API_KEY",
"Accept": "*/*"
},
});
const data = await response.json();import requests
response = requests.get(
"https://api.entro.security/v1/risk/{RISK_GUID}/owner",
headers={"Authorization":"YOUR_API_KEY","Accept":"*/*"},
)
data = response.json(){
"businessOwner": "eyal.neemany@acme.com",
"entroUser": "adam.cheriki@acme.com",
"comment": "He is the actual business owner of this risk"
}Update Risk Owner
https://api.entro.security/v1/risk/{RISK_GUID}/ownerAuthorizations
AuthorizationstringRequiredPath parameters
RISK_GUIDstringRequiredBody
Responses
/v1/risk/{RISK_GUID}/ownerPOST /v1/risk/{RISK_GUID}/owner HTTP/1.1
Host: api.entro.security
Authorization: YOUR_API_KEY
Content-Type: application/json
Accept: */*
Content-Length: 98
{
"businessOwner": "eyal.neemany@acme.com",
"comment": "He is the actual business owner of this risk"
}curl -L \
--request POST \
--url 'https://api.entro.security/v1/risk/{RISK_GUID}/owner' \
--header 'Authorization: YOUR_API_KEY' \
--header 'Content-Type: application/json' \
--data '{
"businessOwner": "eyal.neemany@acme.com",
"comment": "He is the actual business owner of this risk"
}'const response = await fetch('https://api.entro.security/v1/risk/{RISK_GUID}/owner', {
method: 'POST',
headers: {
"Authorization": "YOUR_API_KEY",
"Content-Type": "application/json"
},
body: JSON.stringify({
"businessOwner": "eyal.neemany@acme.com",
"comment": "He is the actual business owner of this risk"
})
});
const data = await response.json();import json
import requests
response = requests.post(
"https://api.entro.security/v1/risk/{RISK_GUID}/owner",
headers={"Authorization":"YOUR_API_KEY","Content-Type":"application/json"},
data=json.dumps({
"businessOwner": "eyal.neemany@acme.com",
"comment": "He is the actual business owner of this risk"
})
)
data = response.json()No content
Get Risk Comments
https://api.entro.security/v1/risk/{RISK_GUID}/commentAuthorizations
AuthorizationstringRequiredPath parameters
RISK_GUIDstringRequiredResponses
/v1/risk/{RISK_GUID}/commentGET /v1/risk/{RISK_GUID}/comment HTTP/1.1
Host: api.entro.security
Authorization: YOUR_API_KEY
Accept: */*curl -L \
--url 'https://api.entro.security/v1/risk/{RISK_GUID}/comment' \
--header 'Authorization: YOUR_API_KEY' \
--header 'Accept: */*'const response = await fetch('https://api.entro.security/v1/risk/{RISK_GUID}/comment', {
method: 'GET',
headers: {
"Authorization": "YOUR_API_KEY",
"Accept": "*/*"
},
});
const data = await response.json();import requests
response = requests.get(
"https://api.entro.security/v1/risk/{RISK_GUID}/comment",
headers={"Authorization":"YOUR_API_KEY","Accept":"*/*"},
)
data = response.json(){
"entroUser": "adam.cheriki@acme.com",
"comment": "He is the actual business owner of this risk"
}Add Risk Comment
https://api.entro.security/v1/risk/{RISK_GUID}/commentAuthorizations
AuthorizationstringRequiredPath parameters
RISK_GUIDstringRequiredBody
Responses
/v1/risk/{RISK_GUID}/commentPOST /v1/risk/{RISK_GUID}/comment HTTP/1.1
Host: api.entro.security
Authorization: YOUR_API_KEY
Content-Type: application/json
Accept: */*
Content-Length: 94
{
"entroUser": "adam.cheriki@acme.com",
"message": "He is the actual business owner of this risk"
}curl -L \
--request POST \
--url 'https://api.entro.security/v1/risk/{RISK_GUID}/comment' \
--header 'Authorization: YOUR_API_KEY' \
--header 'Content-Type: application/json' \
--data '{
"entroUser": "adam.cheriki@acme.com",
"message": "He is the actual business owner of this risk"
}'const response = await fetch('https://api.entro.security/v1/risk/{RISK_GUID}/comment', {
method: 'POST',
headers: {
"Authorization": "YOUR_API_KEY",
"Content-Type": "application/json"
},
body: JSON.stringify({
"entroUser": "adam.cheriki@acme.com",
"message": "He is the actual business owner of this risk"
})
});
const data = await response.json();import json
import requests
response = requests.post(
"https://api.entro.security/v1/risk/{RISK_GUID}/comment",
headers={"Authorization":"YOUR_API_KEY","Content-Type":"application/json"},
data=json.dumps({
"entroUser": "adam.cheriki@acme.com",
"message": "He is the actual business owner of this risk"
})
)
data = response.json()No content
Start Process for Risk Revalidation
https://api.entro.security/v1/risk/{RISK_GUID}/revalidateAuthorizations
AuthorizationstringRequiredPath parameters
RISK_GUIDstringRequiredResponses
/v1/risk/{RISK_GUID}/revalidatePOST /v1/risk/{RISK_GUID}/revalidate HTTP/1.1
Host: api.entro.security
Authorization: YOUR_API_KEY
Accept: */*curl -L \
--request POST \
--url 'https://api.entro.security/v1/risk/{RISK_GUID}/revalidate' \
--header 'Authorization: YOUR_API_KEY' \
--header 'Accept: */*'const response = await fetch('https://api.entro.security/v1/risk/{RISK_GUID}/revalidate', {
method: 'POST',
headers: {
"Authorization": "YOUR_API_KEY",
"Accept": "*/*"
},
});
const data = await response.json();import requests
response = requests.post(
"https://api.entro.security/v1/risk/{RISK_GUID}/revalidate",
headers={"Authorization":"YOUR_API_KEY","Accept":"*/*"},
)
data = response.json(){
"trackingId": "05829995-fa2f-4712-b17f-47dc2165658d"
}Update Risk Severity
https://api.entro.security/v1/risk/{RISK_GUID}/severityAuthorizations
AuthorizationstringRequiredPath parameters
RISK_GUIDstringRequiredBody
severitystring · enumRequiredcommentstringOptionalOptional comment when updating severity
Responses
/v1/risk/{RISK_GUID}/severityPOST /v1/risk/{RISK_GUID}/severity HTTP/1.1
Host: api.entro.security
Authorization: YOUR_API_KEY
Content-Type: application/json
Accept: */*
Content-Length: 74
{
"severity": "CRITICAL",
"comment": "Investigated and confirmed as critical"
}curl -L \
--request POST \
--url 'https://api.entro.security/v1/risk/{RISK_GUID}/severity' \
--header 'Authorization: YOUR_API_KEY' \
--header 'Content-Type: application/json' \
--data '{
"severity": "CRITICAL",
"comment": "Investigated and confirmed as critical"
}'const response = await fetch('https://api.entro.security/v1/risk/{RISK_GUID}/severity', {
method: 'POST',
headers: {
"Authorization": "YOUR_API_KEY",
"Content-Type": "application/json"
},
body: JSON.stringify({
"severity": "CRITICAL",
"comment": "Investigated and confirmed as critical"
})
});
const data = await response.json();import json
import requests
response = requests.post(
"https://api.entro.security/v1/risk/{RISK_GUID}/severity",
headers={"Authorization":"YOUR_API_KEY","Content-Type":"application/json"},
data=json.dumps({
"severity": "CRITICAL",
"comment": "Investigated and confirmed as critical"
})
)
data = response.json(){
"message": "Risk severity updated successfully"
}Check Status of Risk Invalidation Process
https://api.entro.security/v1/risk/{RISK_GUID}/revalidate/{TRACKING_ID}/statusAuthorizations
AuthorizationstringRequiredPath parameters
RISK_GUIDstringRequiredTRACKING_IDstringRequiredResponses
/v1/risk/{RISK_GUID}/revalidate/{TRACKING_ID}/statusGET /v1/risk/{RISK_GUID}/revalidate/{TRACKING_ID}/status HTTP/1.1
Host: api.entro.security
Authorization: YOUR_API_KEY
Accept: */*curl -L \
--url 'https://api.entro.security/v1/risk/{RISK_GUID}/revalidate/{TRACKING_ID}/status' \
--header 'Authorization: YOUR_API_KEY' \
--header 'Accept: */*'const response = await fetch('https://api.entro.security/v1/risk/{RISK_GUID}/revalidate/{TRACKING_ID}/status', {
method: 'GET',
headers: {
"Authorization": "YOUR_API_KEY",
"Accept": "*/*"
},
});
const data = await response.json();import requests
response = requests.get(
"https://api.entro.security/v1/risk/{RISK_GUID}/revalidate/{TRACKING_ID}/status",
headers={"Authorization":"YOUR_API_KEY","Accept":"*/*"},
)
data = response.json(){
"processStatus": "DONE",
"status": "ENABLED",
"isArchived": false
}{
"processStatus": "NOT_FOUND",
"status": "NOT_FOUND",
"isArchived": false,
"message": "Request associated with tracking id asd is either not found or has expired"
}Get Risk Changelog
https://api.entro.security/v1/risk/{RISK_GUID}/changelogAuthorizations
AuthorizationstringRequiredPath parameters
RISK_GUIDstringRequiredResponses
/v1/risk/{RISK_GUID}/changelogGET /v1/risk/{RISK_GUID}/changelog HTTP/1.1
Host: api.entro.security
Authorization: YOUR_API_KEY
Accept: */*curl -L \
--url 'https://api.entro.security/v1/risk/{RISK_GUID}/changelog' \
--header 'Authorization: YOUR_API_KEY' \
--header 'Accept: */*'const response = await fetch('https://api.entro.security/v1/risk/{RISK_GUID}/changelog', {
method: 'GET',
headers: {
"Authorization": "YOUR_API_KEY",
"Accept": "*/*"
},
});
const data = await response.json();import requests
response = requests.get(
"https://api.entro.security/v1/risk/{RISK_GUID}/changelog",
headers={"Authorization":"YOUR_API_KEY","Accept":"*/*"},
)
data = response.json(){
"changelog": [
{
"status": "IN_PROGRESS",
"prevStatus": "OPEN",
"entroUser": "adam.cheriki@acme.com",
"entroUserType": "ENTRO_BOT,ENTRO_AUTO,API,HUMAN",
"comment": "Working on it",
"businessOwner": "",
"date": "2023-08-24T10:30:00Z"
}
]
}List Risks
https://api.entro.security/v1/risksAuthorizations
AuthorizationstringRequiredQuery parameters
limitintegerRequiredThe maximum number of risks to return in the response.
skipintegerOptionalThe number of risks to skip before selecting data.
severitystring · enumOptionalSeverity of the risk
riskStatusstring · enumOptionalStatus of the risk
categorystring · enumOptionalCategory of the risk. For complete list of risk categories, please use the /v1/utils/risk-category endpoint
sourcestringOptionalSource of the risk. For complete list of risk types, please use the /v1/utils/risk-source endpoint
secretTypestringOptionalSecret exposed of the Risk. For complete list of risk types, please use the /v1/utils/list/secret-type endpoint
fromDatestringOptionalFilter risks from this date (MM-DD-YYYY)
fromModifyDatestringOptionalFilter risks from this modification date (MM-DD-YYYY)
enableEnrichmentbooleanOptionalFlag to enable enrichment in the response
validitystring · enumOptionalValidity of the exposed secret (coexist only with ?category=EXPOSED_SECRET)
employeestringOptionalAn employee of the risk. The exact full name or email of the employee required.
commitsstringOptionalOne or more (max 10) Git commit SHAs to filter exposed secrets by. Use a single SHA or provide multiple SHAs separated by commas (e.g., 'commits=34567d343755bd123f82051681e206da99b400bb,34567d343755bd123f82051681e206da99b40012') to find risks associated with specific commits.
Responses
/v1/risks?limit=50GET /v1/risks?limit=50 HTTP/1.1 Host: api.entro.security Authorization: YOUR_API_KEY Accept: */*
curl -L \ --url 'https://api.entro.security/v1/risks' \ --header 'Authorization: YOUR_API_KEY' \ --header 'Accept: */*'
const response = await fetch('https://api.entro.security/v1/risks', {
method: 'GET',
headers: {
"Authorization": "YOUR_API_KEY",
"Accept": "*/*"
},
});
const data = await response.json();import requests
response = requests.get(
"https://api.entro.security/v1/risks",
headers={"Authorization":"YOUR_API_KEY","Accept":"*/*"},
)
data = response.json(){
"risks": [
{
"guid": "RSK-1273",
"severity": "MEDIUM",
"owner": "adam.cheriki@acme.com",
"detectionTime": "1688302174",
"type": "EXPOSURE",
"rule": "EXPOSED_GITHUB",
"status": "OPEN",
"summary": "A secret of type Certificate is exposed inside 1 commit of the file 'exposure.cert' in the private GitHub repository called 'acme/test'.",
"threatDescription": "Storing secrets in a GitHub repository poses a serious security risk because it's often shared with multiple team members, or in some cases, publicly, which increases the risk of the sensitive information being leaked or misused.",
"payload": {
"tokenStatus": "ENABLED",
"tokenType": "CERTIFICATE",
"tokenSnippet": "----- BEGIN CERT...",
"organization": "acme",
"repository": "test",
"visibility": "PUBLIC",
"filename": "exposure.cert",
"commitAuthor": "adam.cheriki",
"commitUrl": "https://github.com/acme/test/commit/34567d343755bd123f82051681e206da99b400bb",
"commitDate": "2022-12-01T16:12:42Z"
},
"account": {
"environmentType": "PRODUCTION",
"environment": "Acme",
"accountId": "infosecmachine",
"accountType": "GITHUB"
}
}
]
}List Risks with Query Parameters
https://api.entro.security/v1/risks/queryAuthorizations
AuthorizationstringRequiredQuery parameters
skipintegerOptionalThe number of risks to skip before selecting data.
limitintegerOptionalThe maximum number of risks to return in the response.
severitystringOptionalFilter for risks with specified severities, by executing this filter: "?severity=HIGH|CRITICAL". The complete list of risk severities can be retrieved via the /v1/risks endpoint
riskStatusstringOptionalFilter for risks with specified statuses, by executing this filter: "?riskStatus=OPEN|APPROVED". The complete list of risk types can be retrieved via the /v1/risk-type endpoint
categorystringOptionalFilter risks with specific secret category, OR condition example: "?category=EXPOSED_SECRET|ABNORMAL_BEHAVIOR". The complete list of supported secret categories can be retrieved via the /v1/utils/risk-category endpoint
sourcestringOptionalFilter risks with specific source, OR condition example: "?source=AWS_LAMBDA|@GITHUB@". You can use the ‘@@’ to look for partial secret source (contains operator). For complete list of risk types, please use the /v1/utils/risk-source endpoint
secretTypestringOptionalFilter risks with specific secret type, OR condition example: "?secretType=GCP_SERVICE_ACCOUNT_CREDS|@GITHUB@". You can use the ‘@@’ to look for partial secret type name (contains operator). The complete list of supported secret types can be retrieved via the /v1/secret-type endpoint
fromDatestringOptionalFilter risks creation dates, by using the following filter example: "?fromDate=10-22-2023"
fromModifyDatestringOptionalFilter risks modification dates, by using the following filter example: "?fromModifyDate=10-22-2023"
enableEnrichmentbooleanOptionalFlag to enable enrichment in the response
validitystring · enumOptionalValidity of the exposed secret (coexist only with ?category=EXPOSED_SECRET)
employeestringOptionalAn employee of the risk. The exact full name or email of the employee required.
commitsstringOptionalOne or more (max 10) Git commit SHAs to filter exposed secrets by. Use a single SHA or provide multiple SHAs separated by commas (e.g., 'commits=34567d343755bd123f82051681e206da99b400bb,34567d343755bd123f82051681e206da99b40012') to find risks associated with specific commits.
Responses
/v1/risks/queryGET /v1/risks/query HTTP/1.1 Host: api.entro.security Authorization: YOUR_API_KEY Accept: */*
curl -L \ --url 'https://api.entro.security/v1/risks/query' \ --header 'Authorization: YOUR_API_KEY' \ --header 'Accept: */*'
const response = await fetch('https://api.entro.security/v1/risks/query', {
method: 'GET',
headers: {
"Authorization": "YOUR_API_KEY",
"Accept": "*/*"
},
});
const data = await response.json();import requests
response = requests.get(
"https://api.entro.security/v1/risks/query",
headers={"Authorization":"YOUR_API_KEY","Accept":"*/*"},
)
data = response.json(){
"risks": [
{
"guid": "RSK-1273",
"severity": "MEDIUM",
"owner": "adam.cheriki@acme.com",
"detectionTime": "1688302174",
"type": "EXPOSURE",
"rule": "EXPOSED_GITHUB",
"status": "OPEN",
"summary": "A secret of type Certificate is exposed inside 1 commit of the file 'exposure.cert' in the private GitHub repository called 'acme/test'.",
"threatDescription": "Storing secrets in a GitHub repository poses a serious security risk because it's often shared with multiple team members, or in some cases, publicly, which increases the risk of the sensitive information being leaked or misused.",
"payload": {
"tokenStatus": "ENABLED",
"tokenType": "CERTIFICATE",
"tokenSnippet": "----- BEGIN CERT...",
"organization": "acme",
"repository": "test",
"visibility": "PUBLIC",
"filename": "exposure.cert",
"commitAuthor": "adam.cheriki",
"commitUrl": "https://github.com/acme/test/commit/34567d343755bd123f82051681e206da99b400bb",
"commitDate": "2022-12-01T16:12:42Z"
},
"account": {
"environmentType": "PRODUCTION",
"environment": "Acme",
"accountId": "infosecmachine",
"accountType": "GITHUB"
}
}
]
}