Skip to content

Risk

Retrieve Risk Details

GEThttps://api.entro.security/v1/risk/{RISK_GUID}

Authorizations

AuthorizationstringRequired

Path parameters

RISK_GUIDstringRequired

Query parameters

enableEnrichmentbooleanOptional

Flag to enable enrichment in the response

Responses

200Successful response
GET/v1/risk/{RISK_GUID}
GET /v1/risk/{RISK_GUID} HTTP/1.1
Host: api.entro.security
Authorization: YOUR_API_KEY
Accept: */*
200Successful response
{
  "guid": "RSK-1273",
  "severity": "MEDIUM",
  "owner": "adam.cheriki@acme.com",
  "detectionTime": "1688302174",
  "type": "EXPOSURE",
  "rule": "EXPOSED_GITHUB",
  "status": "OPEN",
  "summary": "A secret of type Certificate is exposed inside 1 commit of the file 'exposure.cert' in the private GitHub repository called 'acme/test'.",
  "threatDescription": "Storing secrets in a GitHub repository poses a serious security risk because it's often shared with multiple team members, or in some cases, publicly, which increases the risk of the sensitive information being leaked or misused.",
  "payload": {
    "tokenStatus": "ENABLED",
    "tokenType": "CERTIFICATE",
    "tokenSnippet": "----- BEGIN CERT...",
    "organization": "acme",
    "repository": "test",
    "visibility": "PUBLIC",
    "filename": "exposure.cert",
    "commitAuthor": "adam.cheriki",
    "commitUrl": "https://github.com/acme/test/commit/34567d343755bd123f82051681e206da99b400bb",
    "commitDate": "2022-12-01T16:12:42Z"
  },
  "account": {
    "environmentType": "PRODUCTION",
    "environment": "Acme",
    "accountId": "infosecmachine",
    "accountType": "GITHUB"
  }
}

Get Risk Status

GEThttps://api.entro.security/v1/risk/{RISK_GUID}/status

Authorizations

AuthorizationstringRequired

Path parameters

RISK_GUIDstringRequired

Responses

200Successful response
GET/v1/risk/{RISK_GUID}/status
GET /v1/risk/{RISK_GUID}/status HTTP/1.1
Host: api.entro.security
Authorization: YOUR_API_KEY
Accept: */*
200Successful response
{
  "status": "IN_PROGRESS",
  "entroUser": "adam.cheriki@acme.com",
  "comment": "Working on it"
}

Update Risk Status

POSThttps://api.entro.security/v1/risk/{RISK_GUID}/status

Authorizations

AuthorizationstringRequired

Path parameters

RISK_GUIDstringRequired

Body

anyOptional

Responses

204No content
POST/v1/risk/{RISK_GUID}/status
POST /v1/risk/{RISK_GUID}/status HTTP/1.1
Host: api.entro.security
Authorization: YOUR_API_KEY
Content-Type: application/json
Accept: */*
Content-Length: 50

{
  "status": "IN_PROGRESS",
  "comment": "Working on it"
}
204No content
No content

Get Risk Owner

GEThttps://api.entro.security/v1/risk/{RISK_GUID}/owner

Authorizations

AuthorizationstringRequired

Path parameters

RISK_GUIDstringRequired

Responses

200Successful response
GET/v1/risk/{RISK_GUID}/owner
GET /v1/risk/{RISK_GUID}/owner HTTP/1.1
Host: api.entro.security
Authorization: YOUR_API_KEY
Accept: */*
200Successful response
{
  "businessOwner": "eyal.neemany@acme.com",
  "entroUser": "adam.cheriki@acme.com",
  "comment": "He is the actual business owner of this risk"
}

Update Risk Owner

POSThttps://api.entro.security/v1/risk/{RISK_GUID}/owner

Authorizations

AuthorizationstringRequired

Path parameters

RISK_GUIDstringRequired

Body

anyOptional

Responses

204No content
POST/v1/risk/{RISK_GUID}/owner
POST /v1/risk/{RISK_GUID}/owner HTTP/1.1
Host: api.entro.security
Authorization: YOUR_API_KEY
Content-Type: application/json
Accept: */*
Content-Length: 98

{
  "businessOwner": "eyal.neemany@acme.com",
  "comment": "He is the actual business owner of this risk"
}
204No content
No content

Get Risk Comments

GEThttps://api.entro.security/v1/risk/{RISK_GUID}/comment

Authorizations

AuthorizationstringRequired

Path parameters

RISK_GUIDstringRequired

Responses

200Successful response
GET/v1/risk/{RISK_GUID}/comment
GET /v1/risk/{RISK_GUID}/comment HTTP/1.1
Host: api.entro.security
Authorization: YOUR_API_KEY
Accept: */*
200Successful response
{
  "entroUser": "adam.cheriki@acme.com",
  "comment": "He is the actual business owner of this risk"
}

Add Risk Comment

POSThttps://api.entro.security/v1/risk/{RISK_GUID}/comment

Authorizations

AuthorizationstringRequired

Path parameters

RISK_GUIDstringRequired

Body

anyOptional

Responses

204No content
POST/v1/risk/{RISK_GUID}/comment
POST /v1/risk/{RISK_GUID}/comment HTTP/1.1
Host: api.entro.security
Authorization: YOUR_API_KEY
Content-Type: application/json
Accept: */*
Content-Length: 94

{
  "entroUser": "adam.cheriki@acme.com",
  "message": "He is the actual business owner of this risk"
}
204No content
No content

Start Process for Risk Revalidation

POSThttps://api.entro.security/v1/risk/{RISK_GUID}/revalidate

Authorizations

AuthorizationstringRequired

Path parameters

RISK_GUIDstringRequired

Responses

200Successful response
POST/v1/risk/{RISK_GUID}/revalidate
POST /v1/risk/{RISK_GUID}/revalidate HTTP/1.1
Host: api.entro.security
Authorization: YOUR_API_KEY
Accept: */*
200Successful response
{
  "trackingId": "05829995-fa2f-4712-b17f-47dc2165658d"
}

Update Risk Severity

POSThttps://api.entro.security/v1/risk/{RISK_GUID}/severity

Authorizations

AuthorizationstringRequired

Path parameters

RISK_GUIDstringRequired

Body

severitystring · enumRequired

Possible values: LOW MEDIUM HIGH CRITICAL

commentstringOptional

Optional comment when updating severity

Responses

200Successful response
POST/v1/risk/{RISK_GUID}/severity
POST /v1/risk/{RISK_GUID}/severity HTTP/1.1
Host: api.entro.security
Authorization: YOUR_API_KEY
Content-Type: application/json
Accept: */*
Content-Length: 74

{
  "severity": "CRITICAL",
  "comment": "Investigated and confirmed as critical"
}
200Successful response
{
  "message": "Risk severity updated successfully"
}

Check Status of Risk Invalidation Process

GEThttps://api.entro.security/v1/risk/{RISK_GUID}/revalidate/{TRACKING_ID}/status

Authorizations

AuthorizationstringRequired

Path parameters

RISK_GUIDstringRequired
TRACKING_IDstringRequired

Responses

200Successful response
404Not found
GET/v1/risk/{RISK_GUID}/revalidate/{TRACKING_ID}/status
GET /v1/risk/{RISK_GUID}/revalidate/{TRACKING_ID}/status HTTP/1.1
Host: api.entro.security
Authorization: YOUR_API_KEY
Accept: */*
{
  "processStatus": "DONE",
  "status": "ENABLED",
  "isArchived": false
}

Get Risk Changelog

GEThttps://api.entro.security/v1/risk/{RISK_GUID}/changelog

Authorizations

AuthorizationstringRequired

Path parameters

RISK_GUIDstringRequired

Responses

200Successful response
GET/v1/risk/{RISK_GUID}/changelog
GET /v1/risk/{RISK_GUID}/changelog HTTP/1.1
Host: api.entro.security
Authorization: YOUR_API_KEY
Accept: */*
200Successful response
{
  "changelog": [
    {
      "status": "IN_PROGRESS",
      "prevStatus": "OPEN",
      "entroUser": "adam.cheriki@acme.com",
      "entroUserType": "ENTRO_BOT,ENTRO_AUTO,API,HUMAN",
      "comment": "Working on it",
      "businessOwner": "",
      "date": "2023-08-24T10:30:00Z"
    }
  ]
}

List Risks

GEThttps://api.entro.security/v1/risks

Authorizations

AuthorizationstringRequired

Query parameters

limitintegerRequired

The maximum number of risks to return in the response.

Default: 50

skipintegerOptional

The number of risks to skip before selecting data.

severitystring · enumOptional

Severity of the risk

Possible values: UNKNOWN LOW MEDIUM HIGH CRITICAL

riskStatusstring · enumOptional

Status of the risk

Possible values: OPEN IN_PROGRESS DISCARDED MITIGATED APPROVED RESOLVED

categorystring · enumOptional

Category of the risk. For complete list of risk categories, please use the /v1/utils/risk-category endpoint

Possible values: CLOUD_SERVICE_RISKS ABNORMAL_BEHAVIOR MISCONFIGURATION SECRET_HYGINE EXPOSED_SECRET LEAST_PRIVILEGE MONITORING

sourcestringOptional

Source of the risk. For complete list of risk types, please use the /v1/utils/risk-source endpoint

secretTypestringOptional

Secret exposed of the Risk. For complete list of risk types, please use the /v1/utils/list/secret-type endpoint

fromDatestringOptional

Filter risks from this date (MM-DD-YYYY)

Pattern: ^(0[1-9]|1[0-2])-(0[1-9]|[1-2][0-9]|3[0-1])-[0-9]{4}$

fromModifyDatestringOptional

Filter risks from this modification date (MM-DD-YYYY)

Pattern: ^(0[1-9]|1[0-2])-(0[1-9]|[1-2][0-9]|3[0-1])-[0-9]{4}$

enableEnrichmentbooleanOptional

Flag to enable enrichment in the response

validitystring · enumOptional

Validity of the exposed secret (coexist only with ?category=EXPOSED_SECRET)

Possible values: INVALID ENABLED DISABLED UNSUPPORTED UNREACHABLE REVOKED

employeestringOptional

An employee of the risk. The exact full name or email of the employee required.

commitsstringOptional

One or more (max 10) Git commit SHAs to filter exposed secrets by. Use a single SHA or provide multiple SHAs separated by commas (e.g., 'commits=34567d343755bd123f82051681e206da99b400bb,34567d343755bd123f82051681e206da99b40012') to find risks associated with specific commits.

Responses

200Successful response
GET/v1/risks?limit=50
GET /v1/risks?limit=50 HTTP/1.1
Host: api.entro.security
Authorization: YOUR_API_KEY
Accept: */*
200Successful response
{
  "risks": [
    {
      "guid": "RSK-1273",
      "severity": "MEDIUM",
      "owner": "adam.cheriki@acme.com",
      "detectionTime": "1688302174",
      "type": "EXPOSURE",
      "rule": "EXPOSED_GITHUB",
      "status": "OPEN",
      "summary": "A secret of type Certificate is exposed inside 1 commit of the file 'exposure.cert' in the private GitHub repository called 'acme/test'.",
      "threatDescription": "Storing secrets in a GitHub repository poses a serious security risk because it's often shared with multiple team members, or in some cases, publicly, which increases the risk of the sensitive information being leaked or misused.",
      "payload": {
        "tokenStatus": "ENABLED",
        "tokenType": "CERTIFICATE",
        "tokenSnippet": "----- BEGIN CERT...",
        "organization": "acme",
        "repository": "test",
        "visibility": "PUBLIC",
        "filename": "exposure.cert",
        "commitAuthor": "adam.cheriki",
        "commitUrl": "https://github.com/acme/test/commit/34567d343755bd123f82051681e206da99b400bb",
        "commitDate": "2022-12-01T16:12:42Z"
      },
      "account": {
        "environmentType": "PRODUCTION",
        "environment": "Acme",
        "accountId": "infosecmachine",
        "accountType": "GITHUB"
      }
    }
  ]
}

List Risks with Query Parameters

GEThttps://api.entro.security/v1/risks/query

Authorizations

AuthorizationstringRequired

Query parameters

skipintegerOptional

The number of risks to skip before selecting data.

limitintegerOptional

The maximum number of risks to return in the response.

severitystringOptional

Filter for risks with specified severities, by executing this filter: "?severity=HIGH|CRITICAL". The complete list of risk severities can be retrieved via the /v1/risks endpoint

riskStatusstringOptional

Filter for risks with specified statuses, by executing this filter: "?riskStatus=OPEN|APPROVED". The complete list of risk types can be retrieved via the /v1/risk-type endpoint

categorystringOptional

Filter risks with specific secret category, OR condition example: "?category=EXPOSED_SECRET|ABNORMAL_BEHAVIOR". The complete list of supported secret categories can be retrieved via the /v1/utils/risk-category endpoint

sourcestringOptional

Filter risks with specific source, OR condition example: "?source=AWS_LAMBDA|@GITHUB@". You can use the ‘@@’ to look for partial secret source (contains operator). For complete list of risk types, please use the /v1/utils/risk-source endpoint

secretTypestringOptional

Filter risks with specific secret type, OR condition example: "?secretType=GCP_SERVICE_ACCOUNT_CREDS|@GITHUB@". You can use the ‘@@’ to look for partial secret type name (contains operator). The complete list of supported secret types can be retrieved via the /v1/secret-type endpoint

fromDatestringOptional

Filter risks creation dates, by using the following filter example: "?fromDate=10-22-2023"

Pattern: ^(0[1-9]|1[0-2])-(0[1-9]|[1-2][0-9]|3[0-1])-[0-9]{4}$

fromModifyDatestringOptional

Filter risks modification dates, by using the following filter example: "?fromModifyDate=10-22-2023"

Pattern: ^(0[1-9]|1[0-2])-(0[1-9]|[1-2][0-9]|3[0-1])-[0-9]{4}$

enableEnrichmentbooleanOptional

Flag to enable enrichment in the response

validitystring · enumOptional

Validity of the exposed secret (coexist only with ?category=EXPOSED_SECRET)

Possible values: INVALID ENABLED DISABLED UNSUPPORTED UNREACHABLE REVOKED

employeestringOptional

An employee of the risk. The exact full name or email of the employee required.

commitsstringOptional

One or more (max 10) Git commit SHAs to filter exposed secrets by. Use a single SHA or provide multiple SHAs separated by commas (e.g., 'commits=34567d343755bd123f82051681e206da99b400bb,34567d343755bd123f82051681e206da99b40012') to find risks associated with specific commits.

Responses

200Successful response
GET/v1/risks/query
GET /v1/risks/query HTTP/1.1
Host: api.entro.security
Authorization: YOUR_API_KEY
Accept: */*
200Successful response
{
  "risks": [
    {
      "guid": "RSK-1273",
      "severity": "MEDIUM",
      "owner": "adam.cheriki@acme.com",
      "detectionTime": "1688302174",
      "type": "EXPOSURE",
      "rule": "EXPOSED_GITHUB",
      "status": "OPEN",
      "summary": "A secret of type Certificate is exposed inside 1 commit of the file 'exposure.cert' in the private GitHub repository called 'acme/test'.",
      "threatDescription": "Storing secrets in a GitHub repository poses a serious security risk because it's often shared with multiple team members, or in some cases, publicly, which increases the risk of the sensitive information being leaked or misused.",
      "payload": {
        "tokenStatus": "ENABLED",
        "tokenType": "CERTIFICATE",
        "tokenSnippet": "----- BEGIN CERT...",
        "organization": "acme",
        "repository": "test",
        "visibility": "PUBLIC",
        "filename": "exposure.cert",
        "commitAuthor": "adam.cheriki",
        "commitUrl": "https://github.com/acme/test/commit/34567d343755bd123f82051681e206da99b400bb",
        "commitDate": "2022-12-01T16:12:42Z"
      },
      "account": {
        "environmentType": "PRODUCTION",
        "environment": "Acme",
        "accountId": "infosecmachine",
        "accountType": "GITHUB"
      }
    }
  ]
}