Get risk events

This method returns all PTA Risk Events.

URL

  • Make sure there are no spaces in the URL.

  • The following characters are not supported in URL values: + & %

  • If the URL includes a dot (.), add a forward slash (/) at the end of the URL. For example: api/Safes/MySafe/Members/user@cyber.com/

 
https://<IIS_Server_Ip>/PasswordVault/API/pta/API/Risks/RisksEvents/

The following (optional) parameters can be used in the query string in the URL:

Parameter

Description

filter

Search for risk events using filters (see Filter parameters for details):

  • type
  • status

Type: string

Example: https://<PVWA_Address>/PasswordVault/API/pta/API/Risks/RisksEvents/?filter=type eq "RISK_RISKY_SPN" AND status eq "OPEN"

sort

Sort the events you are searching for

Type: string

page

The page number, starting with 0

Type: number

size

The maximum number of returned events in a given page. If not specified, the server limits the results to 100. The maximum number that can be specified is 1000.

Type: number

Filter parameters

 

To use more than one filter, you can use the AND operator.

For example, https://<PVWA_Address>/PasswordVault/API/pta/API/Risks/RisksEvents/?filter=type eq "RISK_RISKY_SPN" AND status eq "OPEN"

Parameter

Description

type

Whether to return only the risk events of a specific type, using the type name

Type: string

Valid values:

  • RISK_UNCONSTRAINED_DELEGATION

  • RISK_RISKY_SPN

Example: https://<PVWA_Address>/PasswordVault/API/pta/API/Risks/RisksEvents/?filter=type eq "RISK_RISKY_SPN"

status

Whether to return only open or closed risk events

Type: string

Valid values:

  • OPEN

  • CLOSED

Example: https://<PVWA_Address>/PasswordVault/API/pta/API/Risks/RisksEvents/?filter=status eq "OPEN"

Resource information

HTTP method

GET

Content type

application/json

Header parameter

Parameter

Authorization

Type

String

Description

The JWT token that identifies the session.

Valid values

A session token that was returned from the “Logon” method.

Body parameters

None

Result

 

This is an example of the result for an array of events.

{
"entities": [
{
"id": "64140cdb7034f5c1fa6d353f",
"riskType": "RISK_UNCONSTRAINED_DELEGATION",
"status": "CLOSED",
"closeReason": "HANDLED",
"reasonText": "The issue was investigated by the relevant team",
"detectionTime": 1679035611490,
"score": 10.0,
"account": "vicky@domain.com",
"service": "vicky"
},
{
"id": "64140cdsdjcif5c1fa6034f5",
"riskType": "RISK_RISKY_SPN",
"status": "OPEN",
"closeReason": null,
"reasonText": null,
"detectionTime": 1679035611495,
"score": 30.0,
"account": "vicky@domain.com",
"service": "vicky"
}
],
"totalEntities": 2,
"filter": "status eq OPEN AND riskAccount startsWith vicky",
"sort": "detectionTime",
"page": 0,
"size": 2,
"totalPages": 1
}

 

Parameter Type Description
entities see Value section A list of PTA events (see Value section)
totalEntities Integer Total number of results across all pages
filter String The filter as sent in the URL. Empty string if it was not specified.
sort String

The sort as sent in the URL. Empty string if it was not specified.

page Integer

The number of the specified page. 0 if it was not specified.

size Integer The number of maximum events in a single page. 100 if it was not specified.
totalPages Integer The number of pages based on the filter

Value

id String Risk event ID
riskType String Risk event type
mStatus String The status of the risk event: OPEN/CLOSED
detectionTime Integer

The detection time of the risk event (represented in epoch time)

riskAccount String

The account that was involved in the risk event

riskService String Any additional data for the risk event
score Integer Risk event score
closeReason String The close reason for the risk event after you have investigated and handled the event successfully or determined to close it for other reasons: HANDLED/NOTREAL/OTHER/NONE

reasonText

String

Free text for the user to elaborate on the close reason. Limited to 100 characters.