From 71394c6d5ea8d1a7a31c4b18a19dd7ab605e5a9a Mon Sep 17 00:00:00 2001 From: sra Date: Thu, 5 Jun 2025 06:35:02 +0530 Subject: [PATCH 1/4] DOCS-7893 Local server builds. --- docusaurus.config.ts | 10 + .../incident-sspm/incidentconsolidated.yaml | 917 ++++++++++++++++++ .../sase/api/incident-sspm/introduction.md | 12 + products/sase/sidebars.ts | 4 + 4 files changed, 943 insertions(+) create mode 100644 openapi-specs/sase/incident-sspm/incidentconsolidated.yaml create mode 100644 products/sase/api/incident-sspm/introduction.md diff --git a/docusaurus.config.ts b/docusaurus.config.ts index 502f1f9b8..f2487e504 100644 --- a/docusaurus.config.ts +++ b/docusaurus.config.ts @@ -500,6 +500,11 @@ const config = { label: "SaaS Security Posture Management", icon: "api-doc", }, + { + to: "sase/api/incident-sspm", + label: "Incident Security Posture Management", + icon: "api-doc", + }, { to: "access/api/adem/autonomous-dem-api", label: "Autonomous DEM", @@ -923,6 +928,11 @@ const config = { outputDir: "products/sase/api/sspm", sidebarOptions: { groupPathsBy: "tag" }, }, + incidentsspm: { + specPath: "openapi-specs/sase/incident-sspm", + outputDir: "products/sase/api/incident-sspm", + sidebarOptions: { groupPathsBy: "tag" }, + }, access: { specPath: "openapi-specs/access/prisma-access-config", outputDir: "products/access/api/prisma-access-config", diff --git a/openapi-specs/sase/incident-sspm/incidentconsolidated.yaml b/openapi-specs/sase/incident-sspm/incidentconsolidated.yaml new file mode 100644 index 000000000..a291acc71 --- /dev/null +++ b/openapi-specs/sase/incident-sspm/incidentconsolidated.yaml @@ -0,0 +1,917 @@ +components: + schemas: + CreateTicketRequest: + properties: + description: + type: string + feature: + $ref: '#/components/schemas/Feature' + integrationId: + type: string + issueTypeId: + type: string + resourceIds: + items: + type: string + type: array + settings: + additionalProperties: + type: string + type: object + summary: + type: string + type: + type: string + required: + - resourceIds + - feature + - integrationId + - type + - issueTypeId + - summary + type: object + DownloadCsvRequest: + properties: + service: + type: string + userEmail: + type: string + userFullName: + type: string + required: + - userFullName + - userEmail + - service + type: object + Feature: + enum: + - ENROLLMENT + - ACTIVITY + - LOGOUT + - IDENTITY_NHI + - IDENTITY_ACTIVITY + type: string + FeatureState: + properties: + lastScannedAt: + $ref: '#/components/schemas/Instant' + status: + type: string + type: object + IdpInfo: + properties: + appType: + type: string + displayName: + type: string + idpId: + type: string + type: object + Instant: + example: 2022-03-10 16:15:50+00:00 + format: date-time + type: string + ListResponseIdpInfo: + properties: + items: + items: + $ref: '#/components/schemas/IdpInfo' + type: array + total: + format: int64 + type: integer + type: object + ListResponseMapStringObject: + properties: + items: + items: + type: object + type: array + total: + format: int64 + type: integer + type: object + ListResponseMfaActivity: + properties: + items: + items: + $ref: '#/components/schemas/MfaActivity' + type: array + total: + format: int64 + type: integer + type: object + ListResponseSaaSAccount: + properties: + items: + items: + $ref: '#/components/schemas/SaaSAccount' + type: array + total: + format: int64 + type: integer + type: object + ListResponseSaaSActivity: + properties: + items: + items: + $ref: '#/components/schemas/SaaSActivity' + type: array + total: + format: int64 + type: integer + type: object + ListResponseSaaSInstanceInfo: + properties: + items: + items: + $ref: '#/components/schemas/SaaSInstanceInfo' + type: array + total: + format: int64 + type: integer + type: object + ListResponseTicket: + properties: + items: + items: + $ref: '#/components/schemas/Ticket' + type: array + total: + format: int64 + type: integer + type: object + MfaActivity: + properties: + admin: + type: boolean + appId: + type: string + appType: + type: string + email: + type: string + fullName: + type: string + id: + type: string + idpId: + type: string + idpType: + type: string + ipAddress: + type: string + location: + type: string + mfaFactors: + type: string + mfaStrength: + type: string + saasProviderMfaType: + type: string + tenant: + type: string + ticketKey: + type: string + ticketUrl: + type: string + timestamp: + $ref: '#/components/schemas/Instant' + userId: + type: string + type: object + MfaActivityCountByAppType: + properties: + appType: + type: string + count: + format: int64 + type: integer + iconAppType: + type: string + type: object + RemediationRequest: + properties: + users: + items: + type: string + type: array + type: object + SaaSAccount: + properties: + accountName: + type: string + accountType: + type: string + appId: + type: string + appType: + type: string + createdTime: + $ref: '#/components/schemas/Instant' + creator: + type: string + credentialsExpiresAt: + $ref: '#/components/schemas/Instant' + email: + type: string + githubOrgName: + type: string + id: + type: string + isElevated: + type: boolean + isLocal: + type: boolean + isNonHuman: + type: boolean + isOrphaned: + type: boolean + jobId: + type: string + lastCredentialsRotated: + $ref: '#/components/schemas/Instant' + lastLoginTime: + $ref: '#/components/schemas/Instant' + lastModifiedTime: + $ref: '#/components/schemas/Instant' + latestScanTime: + $ref: '#/components/schemas/Instant' + linkedHumanAccounts: + type: string + roles: + type: string + rotatedBy: + type: string + saasInstanceId: + type: string + saasProviderId: + type: string + saasProviderNhiName: + type: string + tenant: + type: string + ticketKey: + type: string + ticketUrl: + type: string + type: object + SaaSActivity: + properties: + activityDateTime: + $ref: '#/components/schemas/Instant' + activityType: + type: string + appType: + type: string + clientIP: + type: string + createdAt: + $ref: '#/components/schemas/Instant' + id: + type: string + location: + type: string + rawData: + type: string + resourceName: + type: string + resourceType: + type: string + saasInstanceId: + type: string + summary: + type: string + tenant: + type: string + userAgent: + type: string + userId: + type: string + type: object + SaaSInstanceInfo: + properties: + appType: + type: string + displayName: + type: string + saasInstanceId: + type: string + type: object + Ticket: + properties: + createdAt: + $ref: '#/components/schemas/Instant' + feature: + type: string + id: + type: string + integrationId: + type: string + resourceIds: + type: string + saasInstanceId: + type: string + summary: + type: string + tenant: + type: string + ticketKey: + type: string + ticketUrl: + type: string + type: + type: string + users: + type: string + type: object + UnlinkTicketRequest: + properties: + feature: + $ref: '#/components/schemas/Feature' + id: + type: string + resourceIds: + items: + type: string + type: array + required: + - id + - feature + type: object + securitySchemes: + Bearer: + scheme: bearer + type: http +info: + contact: + email: api-team@paloaltonetworks.com + description: "Auto-generated Incident SSPM OpenAPI documentation \u2013 updated\ + \ on DATE" + license: + name: MIT + url: https://opensource.org/license/mit + termsOfService: https://www.paloaltonetworks.com/content/dam/pan/en_US/assets/pdf/legal/palo-alto-networks-end-user-license-agreement-eula.pdf + title: Incident SSPM API + version: '1.0' +openapi: 3.0.3 +paths: + /sspm/identity/v1/catalog/{appType}: + get: + description: Retrieve the apptype. + parameters: + - in: path + name: appType + required: true + schema: + type: string + - in: query + name: feature + schema: + type: string + security: + - Bearer: [] + summary: Get Catalog by AppType + tags: + - catalog + /sspm/identity/v1/idps: + get: + description: Retrieve the idps. + parameters: + - in: query + name: designated + schema: + type: boolean + - in: header + name: x-ps-tenant + schema: + type: string + security: + - Bearer: [] + summary: Get All Idps + tags: + - idp + post: + description: Create the idps. + parameters: + - in: query + name: designated + schema: + type: boolean + - in: query + name: idpId + schema: + type: string + - in: query + name: idpType + schema: + type: string + - in: header + name: x-ps-tenant + schema: + type: string + security: + - Bearer: [] + summary: Create Idp + tags: + - idp + /sspm/identity/v1/idps/{idpId}/accounts/logout: + get: + description: Retrieve the logout. + parameters: + - in: path + name: idpId + required: true + schema: + type: string + - in: query + name: batch_id + schema: + type: string + - in: header + name: x-ps-tenant + schema: + type: string + security: + - Bearer: [] + summary: Retrieve Idp Account Logout Status + tags: + - idp + post: + description: Create the logout. + parameters: + - in: path + name: idpId + required: true + schema: + type: string + - in: header + name: x-ps-tenant + schema: + type: string + requestBody: + content: + application/json: + schema: + $ref: '#/components/schemas/RemediationRequest' + security: + - Bearer: [] + summary: Log Out Idp Account + tags: + - idp + /sspm/identity/v1/idps/{idpId}/feature_state: + get: + description: Retrieve the feature state. + parameters: + - in: path + name: idpId + required: true + schema: + type: string + - in: query + name: feature + schema: + $ref: '#/components/schemas/Feature' + - in: header + name: x-ps-tenant + schema: + type: string + security: + - Bearer: [] + summary: Get Idp Feature State + tags: + - idp + /sspm/identity/v1/idps/{idpId}/idp_accounts/count: + get: + description: Retrieve the count. + parameters: + - in: path + name: idpId + required: true + schema: + type: string + - in: query + name: filter + schema: + type: string + - in: header + name: x-ps-tenant + schema: + type: string + security: + - Bearer: [] + summary: Count Idp Accounts + tags: + - idp + /sspm/identity/v1/idps/{idpId}/idp_accounts/csv_report: + post: + description: Create the csv report. + parameters: + - in: path + name: idpId + required: true + schema: + type: string + - in: query + name: filter + schema: + type: string + - in: query + name: sortBy + schema: + type: string + - in: header + name: x-ps-tenant + schema: + type: string + requestBody: + content: + application/json: + schema: + $ref: '#/components/schemas/DownloadCsvRequest' + security: + - Bearer: [] + summary: Retrieve CSV report of Idp accounts + tags: + - idp + /sspm/identity/v1/idps/{idpId}/mfa_activity: + get: + description: Retrieve the mfa activity. + parameters: + - in: path + name: idpId + required: true + schema: + type: string + - in: query + name: filter + schema: + type: string + - in: query + name: limit + schema: + format: int32 + type: integer + - in: query + name: page + schema: + format: int32 + type: integer + - in: query + name: sortBy + schema: + type: string + - in: header + name: x-ps-tenant + schema: + type: string + security: + - Bearer: [] + summary: Retrieve IDP MFA Activities + tags: + - idp + /sspm/identity/v1/idps/{idpId}/mfa_activity/count: + get: + description: Retrieve the count. + parameters: + - in: path + name: idpId + required: true + schema: + type: string + - in: query + name: filter + schema: + type: string + - in: header + name: x-ps-tenant + schema: + type: string + security: + - Bearer: [] + summary: Count IDP MFA Activities + tags: + - idp + /sspm/identity/v1/idps/{idpId}/mfa_activity/count_by_app_type: + get: + description: Retrieve the count by app type. + parameters: + - in: path + name: idpId + required: true + schema: + type: string + - in: query + name: filter + schema: + type: string + - in: query + name: limit + schema: + format: int32 + type: integer + - in: query + name: page + schema: + format: int32 + type: integer + - in: header + name: x-ps-tenant + schema: + type: string + security: + - Bearer: [] + summary: Count IDP MFA Activities by AppType + tags: + - idp + /sspm/identity/v1/idps/{idpId}/mfa_activity/csv_report: + post: + description: Create the csv report. + parameters: + - in: path + name: idpId + required: true + schema: + type: string + - in: query + name: filter + schema: + type: string + - in: query + name: sortBy + schema: + type: string + - in: header + name: x-ps-tenant + schema: + type: string + requestBody: + content: + application/json: + schema: + $ref: '#/components/schemas/DownloadCsvRequest' + security: + - Bearer: [] + summary: Retrieve IDP MFA Activities CSV Report + tags: + - idp + /sspm/identity/v1/saas_instances: + get: + description: Retrieve the saas instances. + parameters: + - in: header + name: x-ps-tenant + schema: + type: string + security: + - Bearer: [] + summary: Retrieve SAAS Instance List + tags: + - saas instance + /sspm/identity/v1/saas_instances/{saasInstanceId}/saas_accounts: + get: + description: Retrieve the saas accounts. + parameters: + - in: path + name: saasInstanceId + required: true + schema: + type: string + - in: query + name: filter + schema: + type: string + - in: query + name: limit + schema: + format: int32 + type: integer + - in: query + name: page + schema: + format: int32 + type: integer + - in: query + name: sortBy + schema: + type: string + - in: header + name: x-ps-tenant + schema: + type: string + security: + - Bearer: [] + summary: Retrieve SAAS Account List + tags: + - saas instance + /sspm/identity/v1/saas_instances/{saasInstanceId}/saas_accounts/count: + get: + description: Retrieve the count. + parameters: + - in: path + name: saasInstanceId + required: true + schema: + type: string + - in: query + name: filter + schema: + type: string + - in: header + name: x-ps-tenant + schema: + type: string + security: + - Bearer: [] + summary: Count SAAS Account + tags: + - saas instance + /sspm/identity/v1/saas_instances/{saasInstanceId}/saas_accounts/csv_report: + post: + description: Create the csv report. + parameters: + - in: path + name: saasInstanceId + required: true + schema: + type: string + - in: query + name: filter + schema: + type: string + - in: query + name: sortBy + schema: + type: string + - in: header + name: x-ps-tenant + schema: + type: string + requestBody: + content: + application/json: + schema: + $ref: '#/components/schemas/DownloadCsvRequest' + security: + - Bearer: [] + summary: Retrieve SAAS Account CSV Report + tags: + - saas instance + /sspm/identity/v1/saas_instances/{saasInstanceId}/saas_activity: + get: + description: Retrieve the saas activity. + parameters: + - in: path + name: saasInstanceId + required: true + schema: + type: string + - in: query + name: filter + schema: + type: string + - in: query + name: limit + schema: + format: int32 + type: integer + - in: query + name: page + schema: + format: int32 + type: integer + - in: query + name: sortBy + schema: + type: string + - in: header + name: x-ps-tenant + schema: + type: string + security: + - Bearer: [] + summary: Retrieve SAAS Activity List + tags: + - saas instance + /sspm/identity/v1/{saasInstanceId}/tickets: + delete: + description: Delete the tickets. + parameters: + - in: path + name: saasInstanceId + required: true + schema: + type: string + - in: header + name: x-ps-tenant + schema: + type: string + requestBody: + content: + application/json: + schema: + $ref: '#/components/schemas/UnlinkTicketRequest' + security: + - Bearer: [] + summary: Delete tickets for SAAS Instance + tags: + - saas instance + get: + description: Retrieve the tickets. + parameters: + - in: path + name: saasInstanceId + required: true + schema: + type: string + - in: query + name: filter + schema: + type: string + - in: query + name: limit + schema: + format: int32 + type: integer + - in: query + name: page + schema: + format: int32 + type: integer + - in: query + name: sortBy + schema: + type: string + - in: header + name: x-ps-tenant + schema: + type: string + security: + - Bearer: [] + summary: Retrieve Tickets of SAAS Instance + tags: + - saas instance + post: + description: Create the tickets. + parameters: + - in: path + name: saasInstanceId + required: true + schema: + type: string + - in: header + name: x-ps-tenant + schema: + type: string + requestBody: + content: + application/json: + schema: + $ref: '#/components/schemas/CreateTicketRequest' + security: + - Bearer: [] + summary: Create ticket for SAAS Instance + tags: + - saas instance + /sspm/identity/v1/{saasInstanceId}/tickets/{ticketKey}/issues: + get: + description: Retrieve the issues. + parameters: + - in: path + name: saasInstanceId + required: true + schema: + type: string + - in: path + name: ticketKey + required: true + schema: + type: string + - in: query + name: limit + schema: + format: int32 + type: integer + - in: query + name: page + schema: + format: int32 + type: integer + - in: header + name: x-ps-tenant + schema: + type: string + security: + - Bearer: [] + summary: Retrieve Issues of Tickets + tags: + - saas instance +servers: +- url: https://api.strata.paloaltonetworks.com +tags: +- description: API endpoints related to catalog + name: catalog +- description: API endpoints related to idp + name: idp +- description: API endpoints related to saas instance + name: saas instance diff --git a/products/sase/api/incident-sspm/introduction.md b/products/sase/api/incident-sspm/introduction.md new file mode 100644 index 000000000..ec8847dea --- /dev/null +++ b/products/sase/api/incident-sspm/introduction.md @@ -0,0 +1,12 @@ +--- +id: introduction +title: SaaS Incident Security Posture Management APIs +sidebar_label: Incident Security Posture Management APIs +slug: /sase/api/incident-sspm +keywords: + - SASE + - Reference + - API +--- + +???? Add Incident SSPM introduction ??? diff --git a/products/sase/sidebars.ts b/products/sase/sidebars.ts index 0079f2ba8..e491fe2ed 100644 --- a/products/sase/sidebars.ts +++ b/products/sase/sidebars.ts @@ -318,6 +318,10 @@ module.exports = { "sase/api/sspm/sspm-api-workflow", require("./api/sspm/sidebar"), ], + incidentsspm: [ + "sase/api/incident-sspm/introduction", + require("./api/incident-sspm/sidebar"), + ], sasesubscription: [ "sase/api/subscription/subscription-api", require("./api/subscription/sidebar"), From 096c8371427fb3dd21dbaa7afde2cd3aa290f7de Mon Sep 17 00:00:00 2001 From: sra Date: Mon, 9 Jun 2025 16:43:19 +0530 Subject: [PATCH 2/4] DOCS-7893 API reference is not showing up. Troubleshooting --- yarn.lock | 37 +++++++++++++++++++++++++++++++------ 1 file changed, 31 insertions(+), 6 deletions(-) diff --git a/yarn.lock b/yarn.lock index abf47da50..0a4ac9b42 100644 --- a/yarn.lock +++ b/yarn.lock @@ -4985,9 +4985,9 @@ caniuse-api@^3.0.0: lodash.uniq "^4.5.0" caniuse-lite@^1.0.0, caniuse-lite@^1.0.30001616, caniuse-lite@^1.0.30001646, caniuse-lite@^1.0.30001669: - version "1.0.30001686" - resolved "https://registry.npmjs.org/caniuse-lite/-/caniuse-lite-1.0.30001686.tgz#0e04b8d90de8753188e93c9989d56cb19d902670" - integrity sha512-Y7deg0Aergpa24M3qLC5xjNklnKnhsmSyR/V89dLZ1n0ucJIFNs7PgR2Yfa/Zf6W79SbBicgtGxZr2juHkEUIA== + version "1.0.30001721" + resolved "https://registry.npmjs.org/caniuse-lite/-/caniuse-lite-1.0.30001721.tgz" + integrity sha512-cOuvmUVtKrtEaoKiO0rSc29jcjwMwX5tOHDy4MgVFEWiUXj4uBMJkwI8MDySkgXidpMiHUcviogAvFi4pA2hDQ== ccount@^2.0.0: version "2.0.1" @@ -12542,7 +12542,16 @@ string-convert@^0.2.0: resolved "https://registry.npmjs.org/string-convert/-/string-convert-0.2.1.tgz#6982cc3049fbb4cd85f8b24568b9d9bf39eeff97" integrity sha512-u/1tdPl4yQnPBjnVrmdLo9gtuLvELKsAoRapekWggdiQNvvvum+jYF329d84NAa660KQw7pB2n36KrIKVoXa3A== -"string-width-cjs@npm:string-width@^4.2.0", string-width@^4.1.0, string-width@^4.2.0, string-width@^4.2.3: +"string-width-cjs@npm:string-width@^4.2.0": + version "4.2.3" + resolved "https://registry.npmjs.org/string-width/-/string-width-4.2.3.tgz#269c7117d27b05ad2e536830a8ec895ef9c6d010" + integrity sha512-wKyQRQpjJ0sIp62ErSZdGsjMJWsap5oRNihHhu6G7JVO/9jIB6UyevL+tXuOqrng8j/cxKTWyWUwvSTriiZz/g== + dependencies: + emoji-regex "^8.0.0" + is-fullwidth-code-point "^3.0.0" + strip-ansi "^6.0.1" + +string-width@^4.1.0, string-width@^4.2.0, string-width@^4.2.3: version "4.2.3" resolved "https://registry.npmjs.org/string-width/-/string-width-4.2.3.tgz#269c7117d27b05ad2e536830a8ec895ef9c6d010" integrity sha512-wKyQRQpjJ0sIp62ErSZdGsjMJWsap5oRNihHhu6G7JVO/9jIB6UyevL+tXuOqrng8j/cxKTWyWUwvSTriiZz/g== @@ -12591,7 +12600,14 @@ stringify-object@^3.3.0: is-obj "^1.0.1" is-regexp "^1.0.0" -"strip-ansi-cjs@npm:strip-ansi@^6.0.1", strip-ansi@^6.0.0, strip-ansi@^6.0.1: +"strip-ansi-cjs@npm:strip-ansi@^6.0.1": + version "6.0.1" + resolved "https://registry.npmjs.org/strip-ansi/-/strip-ansi-6.0.1.tgz#9e26c63d30f53443e9489495b2105d37b67a85d9" + integrity sha512-Y38VPSHcqkFrCpFnQ9vuSXmquuv5oXOKpGeT6aGrr3o3Gc9AlVa6JBfUSOCnbxGGZF+/0ooI7KrPuUSztUdU5A== + dependencies: + ansi-regex "^5.0.1" + +strip-ansi@^6.0.0, strip-ansi@^6.0.1: version "6.0.1" resolved "https://registry.npmjs.org/strip-ansi/-/strip-ansi-6.0.1.tgz#9e26c63d30f53443e9489495b2105d37b67a85d9" integrity sha512-Y38VPSHcqkFrCpFnQ9vuSXmquuv5oXOKpGeT6aGrr3o3Gc9AlVa6JBfUSOCnbxGGZF+/0ooI7KrPuUSztUdU5A== @@ -13519,7 +13535,16 @@ wildcard@^2.0.0, wildcard@^2.0.1: resolved "https://registry.npmjs.org/wildcard/-/wildcard-2.0.1.tgz#5ab10d02487198954836b6349f74fff961e10f67" integrity sha512-CC1bOL87PIWSBhDcTrdeLo6eGT7mCFtrg0uIJtqJUFyK+eJnzl8A1niH56uu7KMa5XFrtiV+AQuHO3n7DsHnLQ== -"wrap-ansi-cjs@npm:wrap-ansi@^7.0.0", wrap-ansi@^7.0.0: +"wrap-ansi-cjs@npm:wrap-ansi@^7.0.0": + version "7.0.0" + resolved "https://registry.npmjs.org/wrap-ansi/-/wrap-ansi-7.0.0.tgz#67e145cff510a6a6984bdf1152911d69d2eb9e43" + integrity sha512-YVGIj2kamLSTxw6NsZjoBxfSwsn0ycdesmc4p+Q21c5zPuZ1pl+NfxVdxPtdHvmNVOQ6XSYG4AUtyt/Fi7D16Q== + dependencies: + ansi-styles "^4.0.0" + string-width "^4.1.0" + strip-ansi "^6.0.0" + +wrap-ansi@^7.0.0: version "7.0.0" resolved "https://registry.npmjs.org/wrap-ansi/-/wrap-ansi-7.0.0.tgz#67e145cff510a6a6984bdf1152911d69d2eb9e43" integrity sha512-YVGIj2kamLSTxw6NsZjoBxfSwsn0ycdesmc4p+Q21c5zPuZ1pl+NfxVdxPtdHvmNVOQ6XSYG4AUtyt/Fi7D16Q== From 93281859245182058f2a92e5401105fa9369ac69 Mon Sep 17 00:00:00 2001 From: sra Date: Wed, 11 Jun 2025 19:33:38 +0530 Subject: [PATCH 3/4] DOCS-7893 Creating a PR for review --- docusaurus.config.ts | 10 +- .../sase/identity-sspm/identity-sspm.yaml | 1158 +++++++++++++++++ .../sase/incident-sspm/identity-sspm.yaml | 1154 ++++++++++++++++ .../incident-sspm/incidentconsolidated.yaml | 917 ------------- .../sase/api/identity-sspm/introduction.md | 48 + .../sase/api/incident-sspm/introduction.md | 12 - products/sase/sidebars.ts | 6 +- 7 files changed, 2368 insertions(+), 937 deletions(-) create mode 100644 openapi-specs/sase/identity-sspm/identity-sspm.yaml create mode 100644 openapi-specs/sase/incident-sspm/identity-sspm.yaml delete mode 100644 openapi-specs/sase/incident-sspm/incidentconsolidated.yaml create mode 100644 products/sase/api/identity-sspm/introduction.md delete mode 100644 products/sase/api/incident-sspm/introduction.md diff --git a/docusaurus.config.ts b/docusaurus.config.ts index f2487e504..8e53711a7 100644 --- a/docusaurus.config.ts +++ b/docusaurus.config.ts @@ -501,8 +501,8 @@ const config = { icon: "api-doc", }, { - to: "sase/api/incident-sspm", - label: "Incident Security Posture Management", + to: "sase/api/identity-sspm", + label: "Identity Security Posture Management", icon: "api-doc", }, { @@ -928,9 +928,9 @@ const config = { outputDir: "products/sase/api/sspm", sidebarOptions: { groupPathsBy: "tag" }, }, - incidentsspm: { - specPath: "openapi-specs/sase/incident-sspm", - outputDir: "products/sase/api/incident-sspm", + identitysspm: { + specPath: "openapi-specs/sase/identity-sspm", + outputDir: "products/sase/api/identity-sspm", sidebarOptions: { groupPathsBy: "tag" }, }, access: { diff --git a/openapi-specs/sase/identity-sspm/identity-sspm.yaml b/openapi-specs/sase/identity-sspm/identity-sspm.yaml new file mode 100644 index 000000000..05715b590 --- /dev/null +++ b/openapi-specs/sase/identity-sspm/identity-sspm.yaml @@ -0,0 +1,1158 @@ +openapi: 3.0.3 +info: + title: Incident Security Service Posture Management API + version: '1.0' + description: "Endpoint to retrieve Identity Posture Security information This Open\ + \ API spec file was created on June 11, 2025. \xA9 2025 Palo Alto Networks, Inc.\ + \ Palo Alto Networks is a registered trademark of Palo Alto Networks. A list of\ + \ our trademarks can be found at [https://www.paloaltonetworks.com/company/trademarks.html](https://www.paloaltonetworks.com/company/trademarks.html).\ + \ All other marks mentioned herein may be trademarks of their respective companies." +servers: +- url: https://api.sase.paloaltonetworks.com +- url: https://api.strata.paloaltonetworks.com +External tags: +- name: Catalog + description: Application Catalog +- name: Identity + description: Identity Provider related API +- name: SaaS Instance + description: SaaS Instance related API +components: + schemas: + CreateTicketRequest: + required: + - resourceIds + - feature + - integrationId + - type + - issueTypeId + - summary + type: object + properties: + resourceIds: + type: array + items: + type: string + feature: + $ref: '#/components/schemas/Feature' + integrationId: + type: string + type: + type: string + issueTypeId: + type: string + summary: + type: string + description: + type: string + settings: + type: object + additionalProperties: + type: string + DownloadCsvRequest: + required: + - userFullName + - userEmail + - service + type: object + properties: + userFullName: + type: string + userEmail: + type: string + service: + type: string + Feature: + enum: + - ENROLLMENT + - ACTIVITY + - LOGOUT + - IDENTITY_NHI + - IDENTITY_ACTIVITY + type: string + FeatureState: + type: object + properties: + status: + type: string + lastScannedAt: + $ref: '#/components/schemas/Instant' + IdpInfo: + type: object + properties: + displayName: + type: string + idpId: + type: string + appType: + type: string + Instant: + format: date-time + type: string + example: 2022-03-10 16:15:50+00:00 + ListResponseIdpInfo: + type: object + properties: + total: + format: int64 + type: integer + items: + type: array + items: + $ref: '#/components/schemas/IdpInfo' + ListResponseMapStringObject: + type: object + properties: + total: + format: int64 + type: integer + items: + type: array + items: + type: object + ListResponseMfaActivity: + type: object + properties: + total: + format: int64 + type: integer + items: + type: array + items: + $ref: '#/components/schemas/MfaActivity' + ListResponseSaaSAccount: + type: object + properties: + total: + format: int64 + type: integer + items: + type: array + items: + $ref: '#/components/schemas/SaaSAccount' + ListResponseSaaSActivity: + type: object + properties: + total: + format: int64 + type: integer + items: + type: array + items: + $ref: '#/components/schemas/SaaSActivity' + ListResponseSaaSInstanceInfo: + type: object + properties: + total: + format: int64 + type: integer + items: + type: array + items: + $ref: '#/components/schemas/SaaSInstanceInfo' + ListResponseTicket: + type: object + properties: + total: + format: int64 + type: integer + items: + type: array + items: + $ref: '#/components/schemas/Ticket' + MfaActivity: + type: object + properties: + id: + type: string + tenant: + type: string + userId: + type: string + idpId: + type: string + idpType: + type: string + mfaStrength: + type: string + admin: + type: boolean + appType: + type: string + appId: + type: string + timestamp: + $ref: '#/components/schemas/Instant' + mfaFactors: + type: string + saasProviderMfaType: + type: string + fullName: + type: string + email: + type: string + ipAddress: + type: string + location: + type: string + ticketKey: + type: string + ticketUrl: + type: string + MfaActivityCountByAppType: + type: object + properties: + appType: + type: string + count: + format: int64 + type: integer + iconAppType: + type: string + RemediationRequest: + type: object + properties: + users: + type: array + items: + type: string + SaaSAccount: + type: object + properties: + id: + type: string + saasProviderId: + type: string + tenant: + type: string + saasInstanceId: + type: string + jobId: + type: string + appId: + type: string + appType: + type: string + accountType: + type: string + accountName: + type: string + email: + type: string + isLocal: + type: boolean + isOrphaned: + type: boolean + isElevated: + type: boolean + ticketKey: + type: string + ticketUrl: + type: string + roles: + type: string + creator: + type: string + linkedHumanAccounts: + type: string + saasProviderNhiName: + type: string + lastModifiedTime: + $ref: '#/components/schemas/Instant' + lastLoginTime: + $ref: '#/components/schemas/Instant' + isNonHuman: + type: boolean + createdTime: + $ref: '#/components/schemas/Instant' + latestScanTime: + $ref: '#/components/schemas/Instant' + lastCredentialsRotated: + $ref: '#/components/schemas/Instant' + rotatedBy: + type: string + githubOrgName: + type: string + credentialsExpiresAt: + $ref: '#/components/schemas/Instant' + SaaSActivity: + type: object + properties: + id: + type: string + userId: + type: string + tenant: + type: string + saasInstanceId: + type: string + appType: + type: string + resourceType: + type: string + resourceName: + type: string + activityType: + type: string + clientIP: + type: string + location: + type: string + userAgent: + type: string + summary: + type: string + rawData: + type: string + activityDateTime: + $ref: '#/components/schemas/Instant' + createdAt: + $ref: '#/components/schemas/Instant' + SaaSInstanceInfo: + type: object + properties: + displayName: + type: string + saasInstanceId: + type: string + appType: + type: string + Ticket: + type: object + properties: + id: + type: string + tenant: + type: string + saasInstanceId: + type: string + resourceIds: + type: string + feature: + type: string + users: + type: string + integrationId: + type: string + type: + type: string + ticketKey: + type: string + ticketUrl: + type: string + summary: + type: string + createdAt: + $ref: '#/components/schemas/Instant' + UnlinkTicketRequest: + required: + - id + - feature + type: object + properties: + id: + type: string + resourceIds: + type: array + items: + type: string + feature: + $ref: '#/components/schemas/Feature' +external tags: +- name: catalog + description: Endpoints grouped under catalog +- name: idp + description: Endpoints grouped under idp +- name: saas instance + description: Endpoints grouped under saas instance +paths: + /sspm/identity/v1/catalog/{appType}: + get: + summary: Get application catalog + description: "Retrieve application catalog details based on the specified application\ + \ type. \nThis helps identify supported application types and their available\ + \ features." + operationId: catalog_get + responses: + '200': + description: OK + content: + application/json: + schema: + type: object + additionalProperties: {} + '404': + description: Not Found + parameters: + - name: appType + in: path + required: true + schema: + type: string + - name: feature + in: query + schema: + type: string + external tags: + - untagged + tags: + - catalog + /sspm/identity/v1/idps: + get: + summary: Get all Identity Providers + description: Retrieve a list of identity providers (Identity Providers) configured + for the tenant. You can optionally filter the results to view only designated + identity providers. + operationId: idps_get + responses: + '200': + description: OK + content: + application/json: + schema: + $ref: '#/components/schemas/ListResponseIdpInfo' + '404': + description: Not Found + parameters: + - name: designated + in: query + schema: + type: boolean + - name: x-ps-tenant + in: header + schema: + type: string + external tags: + - untagged + tags: + - idp + post: + summary: Create identity provider + description: Create a new identity provider (Identity Provider) entry for the + tenant. You can specify the type, identifier, and whether it should be marked + as designated. + operationId: idps_post + responses: + '201': + description: Created + '400': + description: Bad Request + parameters: + - name: designated + in: query + schema: + type: boolean + - name: idpId + in: query + schema: + type: string + - name: idpType + in: query + schema: + type: string + - name: x-ps-tenant + in: header + schema: + type: string + external tags: + - untagged + tags: + - idp + /sspm/identity/v1/idps/{idpId}/accounts/logout: + get: + summary: Get logout status + description: Retrieve the logout status of user accounts associated with the + specified identity provider (Identity Provider). This is useful for tracking + the outcome of account logout actions in batch operations. + operationId: idps_accounts_logout_get + responses: + '200': + description: OK + '404': + description: Not Found + parameters: + - name: idpId + in: path + required: true + schema: + type: string + - name: batch_id + in: query + schema: + type: string + - name: x-ps-tenant + in: header + schema: + type: string + external tags: + - untagged + tags: + - idp + post: + summary: Trigger account logout + description: Initiate a logout request for user accounts associated with the + specified identity provider (Identity Provider). This action helps enforce + session termination for compliance or security purposes. + operationId: idps_accounts_logout_post + responses: + '200': + description: OK + '404': + description: Not Found + parameters: + - name: idpId + in: path + required: true + schema: + type: string + - name: x-ps-tenant + in: header + schema: + type: string + external tags: + - untagged + tags: + - idp + requestBody: + content: + application/json: + schema: + $ref: '#/components/schemas/RemediationRequest' + /sspm/identity/v1/idps/{idpId}/feature_state: + get: + summary: Get Identity Provider feature state + description: Retrieve the current status and last scan timestamp of a specific + feature enabled for the identity provider (Identity Provider). This helps + assess feature health and scan recency. + operationId: idps_feature_state_get + responses: + '200': + description: OK + content: + application/json: + schema: + $ref: '#/components/schemas/FeatureState' + '404': + description: Not Found + parameters: + - name: idpId + in: path + required: true + schema: + type: string + - name: feature + in: query + schema: + $ref: '#/components/schemas/Feature' + - name: x-ps-tenant + in: header + schema: + type: string + external tags: + - untagged + tags: + - idp + /sspm/identity/v1/idps/{idpId}/idp_accounts/count: + get: + summary: Get Identity Provider account count + description: Return the number of user accounts linked to the specified identity + provider (Identity Provider). Filtering options can be applied to count specific + types of accounts such as orphaned or privileged users. + operationId: idps_idp_accounts_count_get + responses: + '200': + description: OK + content: + application/json: + schema: + type: object + additionalProperties: + format: int64 + type: integer + '404': + description: Not Found + parameters: + - name: idpId + in: path + required: true + schema: + type: string + - name: filter + in: query + schema: + type: string + - name: x-ps-tenant + in: header + schema: + type: string + external tags: + - untagged + tags: + - idp + /sspm/identity/v1/idps/{idpId}/idp_accounts/csv_report: + post: + summary: Generate Identity Provider account CSV report + description: Generate a CSV report of accounts associated with the specified + identity provider (Identity Provider). The report supports compliance audits + and user access reviews. + operationId: idps_idp_accounts_csv_report_get + responses: + '201': + description: Created + '400': + description: Bad Request + parameters: + - name: idpId + in: path + required: true + schema: + type: string + - name: filter + in: query + schema: + type: string + - name: sortBy + in: query + schema: + type: string + - name: x-ps-tenant + in: header + schema: + type: string + external tags: + - untagged + tags: + - idp + requestBody: + content: + application/json: + schema: + $ref: '#/components/schemas/DownloadCsvRequest' + /sspm/identity/v1/idps/{idpId}/mfa_activity: + get: + summary: Get Multi-factor authentication activity logs + description: Retrieve a list of multi-factor authentication (Multi-factor authentication) + activities for the specified identity provider (Identity Provider). The logs + include user identities, timestamps, IP Address addresses, and Multi-factor + authentication methods used. + operationId: idps_mfa_activity_get + responses: + '200': + description: OK + content: + application/json: + schema: + $ref: '#/components/schemas/ListResponseMfaActivity' + '404': + description: Not Found + parameters: + - name: idpId + in: path + required: true + schema: + type: string + - name: filter + in: query + schema: + type: string + - name: limit + in: query + schema: + format: int32 + type: integer + - name: page + in: query + schema: + format: int32 + type: integer + - name: sortBy + in: query + schema: + type: string + - name: x-ps-tenant + in: header + schema: + type: string + external tags: + - untagged + tags: + - idp + /sspm/identity/v1/idps/{idpId}/mfa_activity/count: + get: + summary: Get Multi-factor authentication activity count + description: Return the number of multi-factor authentication (Multi-factor + authentication) activities recorded for the specified identity provider (Identity + Provider). This count helps evaluate authentication volume and usage patterns. + operationId: idps_mfa_activity_count_get + responses: + '200': + description: OK + content: + application/json: + schema: + type: object + additionalProperties: + format: int64 + type: integer + '404': + description: Not Found + parameters: + - name: idpId + in: path + required: true + schema: + type: string + - name: filter + in: query + schema: + type: string + - name: x-ps-tenant + in: header + schema: + type: string + external tags: + - untagged + tags: + - idp + /sspm/identity/v1/idps/{idpId}/mfa_activity/count_by_app_type: + get: + summary: Get Multi-factor authentication activity count by app type + description: Return the number of multi-factor authentication (Multi-factor + authentication) activities for the specified identity provider (Identity Provider), + grouped by application type. This helps analyze authentication trends across + different SaaS applications. + operationId: idps_mfa_activity_count_by_app_type_get + responses: + '200': + description: OK + content: + application/json: + schema: + type: array + items: + $ref: '#/components/schemas/MfaActivityCountByAppType' + '404': + description: Not Found + parameters: + - name: idpId + in: path + required: true + schema: + type: string + - name: filter + in: query + schema: + type: string + - name: limit + in: query + schema: + format: int32 + type: integer + - name: page + in: query + schema: + format: int32 + type: integer + - name: x-ps-tenant + in: header + schema: + type: string + external tags: + - untagged + tags: + - idp + /sspm/identity/v1/idps/{idpId}/mfa_activity/csv_report: + post: + summary: Generate Identity Provider Multi-factor authentication activity CSV + report + description: Generate a comma-separated values (CSV) report of multi-factor + authentication (Multi-factor authentication) activities for the specified + identity provider (Identity Provider). This report helps audit authentication + patterns and policy compliance. + operationId: idps_mfa_activity_csv_report_get + responses: + '201': + description: Created + '400': + description: Bad Request + parameters: + - name: idpId + in: path + required: true + schema: + type: string + - name: filter + in: query + schema: + type: string + - name: sortBy + in: query + schema: + type: string + - name: x-ps-tenant + in: header + schema: + type: string + external tags: + - untagged + tags: + - idp + requestBody: + content: + application/json: + schema: + $ref: '#/components/schemas/DownloadCsvRequest' + /sspm/identity/v1/saas_instances: + get: + summary: Get SaaS instance list + description: "Retrieve a list of software as a service (SaaS) instances configured\ + \ for the tenant. \nEach instance includes metadata such as application type\ + \ and display name." + operationId: saas_instances_get + responses: + '200': + description: OK + content: + application/json: + schema: + $ref: '#/components/schemas/ListResponseSaaSInstanceInfo' + '404': + description: Not Found + parameters: + - name: x-ps-tenant + in: header + schema: + type: string + external tags: + - untagged + tags: + - saas instance + /sspm/identity/v1/saas_instances/{saasInstanceId}/saas_accounts: + get: + summary: Get SaaS account list + description: "Retrieve a list of user accounts associated with the specified\ + \ software as a service (SaaS) instance. \nThe response includes account metadata\ + \ such as roles, login activity, and status for each user." + operationId: saas_instances_saas_accounts_get + responses: + '200': + description: OK + content: + application/json: + schema: + $ref: '#/components/schemas/ListResponseSaaSAccount' + '404': + description: Not Found + parameters: + - name: saasInstanceId + in: path + required: true + schema: + type: string + - name: filter + in: query + schema: + type: string + - name: limit + in: query + schema: + format: int32 + type: integer + - name: page + in: query + schema: + format: int32 + type: integer + - name: sortBy + in: query + schema: + type: string + - name: x-ps-tenant + in: header + schema: + type: string + external tags: + - untagged + tags: + - saas instance + /sspm/identity/v1/saas_instances/{saasInstanceId}/saas_accounts/count: + get: + summary: Get SaaS account count + description: "Return the number of user accounts associated with the specified\ + \ software as a service (SaaS) instance. \nYou can apply filters to refine\ + \ the account count based on criteria such as roles, status, or account types." + operationId: saas_instances_saas_accounts_count_get + responses: + '200': + description: OK + content: + application/json: + schema: + type: object + additionalProperties: + format: int64 + type: integer + '404': + description: Not Found + parameters: + - name: saasInstanceId + in: path + required: true + schema: + type: string + - name: filter + in: query + schema: + type: string + - name: x-ps-tenant + in: header + schema: + type: string + external tags: + - untagged + tags: + - saas instance + /sspm/identity/v1/saas_instances/{saasInstanceId}/saas_accounts/csv_report: + post: + summary: Generate SaaS account CSV report + description: "Generate a CSV report of accounts linked to the specified software\ + \ as a service (SaaS) instance. \nThis report helps in auditing user presence\ + \ and roles within the application." + operationId: saas_instances_saas_accounts_count_csv_report_post + responses: + '201': + description: Created + '400': + description: Bad Request + parameters: + - name: saasInstanceId + in: path + required: true + schema: + type: string + - name: filter + in: query + schema: + type: string + - name: sortBy + in: query + schema: + type: string + - name: x-ps-tenant + in: header + schema: + type: string + external tags: + - untagged + tags: + - saas instance + requestBody: + content: + application/json: + schema: + $ref: '#/components/schemas/DownloadCsvRequest' + /sspm/identity/v1/saas_instances/{saasInstanceId}/saas_activity: + get: + summary: Get SaaS activity logs + description: "Retrieve a list of activity logs for the specified software as\ + \ a service (SaaS) instance. \nLogs include user actions, accessed resources,\ + \ locations, and timestamps to support security auditing and monitoring." + operationId: saas_instances_saas_activity_get + responses: + '200': + description: OK + content: + application/json: + schema: + $ref: '#/components/schemas/ListResponseSaaSActivity' + '404': + description: Not Found + parameters: + - name: saasInstanceId + in: path + required: true + schema: + type: string + - name: filter + in: query + schema: + type: string + - name: limit + in: query + schema: + format: int32 + type: integer + - name: page + in: query + schema: + format: int32 + type: integer + - name: sortBy + in: query + schema: + type: string + - name: x-ps-tenant + in: header + schema: + type: string + external tags: + - untagged + tags: + - saas instance + /sspm/identity/v1/{saasInstanceId}/tickets: + get: + summary: Get SaaS instance tickets + description: Retrieve a list of tickets associated with the specified software + as a service (SaaS) instance. Tickets track security findings, misconfigurations, + or other remediation needs. + operationId: saas_instances_tickets_get + responses: + '200': + description: OK + content: + application/json: + schema: + $ref: '#/components/schemas/ListResponseTicket' + '404': + description: Not Found + parameters: + - name: saasInstanceId + in: path + required: true + schema: + type: string + - name: filter + in: query + schema: + type: string + - name: limit + in: query + schema: + format: int32 + type: integer + - name: page + in: query + schema: + format: int32 + type: integer + - name: sortBy + in: query + schema: + type: string + - name: x-ps-tenant + in: header + schema: + type: string + external tags: + - untagged + tags: + - saas instance + post: + summary: Create SaaS instance ticket + description: "Create a new ticket for the specified software as a service (SaaS)\ + \ instance. \nTickets help track remediation efforts for flagged issues or\ + \ vulnerabilities." + operationId: saas_instances_tickets_post + responses: + '200': + description: OK + content: + application/json: + schema: + $ref: '#/components/schemas/Ticket' + '400': + description: Bad Request + parameters: + - name: saasInstanceId + in: path + required: true + schema: + type: string + - name: x-ps-tenant + in: header + schema: + type: string + external tags: + - untagged + tags: + - saas instance + requestBody: + content: + application/json: + schema: + $ref: '#/components/schemas/CreateTicketRequest' + delete: + summary: Delete SaaS instance tickets + description: "Delete or unlink one or more tickets associated with the specified\ + \ software as a service (SaaS) instance. \nThis action is typically used to\ + \ close resolved or invalid issues." + operationId: saas_instances_tickets_delete + responses: + '204': + description: No Content + '404': + description: Not Found + parameters: + - name: saasInstanceId + in: path + required: true + schema: + type: string + - name: x-ps-tenant + in: header + schema: + type: string + external tags: + - untagged + tags: + - saas instance + requestBody: + content: + application/json: + schema: + $ref: '#/components/schemas/UnlinkTicketRequest' + /sspm/identity/v1/{saasInstanceId}/tickets/{ticketKey}/issues: + get: + summary: Get ticket issues + description: "Retrieve a list of issues linked to a specific ticket for the\ + \ given software as a service (SaaS) instance. \nThis helps in tracking and\ + \ managing remediation or investigation items." + operationId: saas_instances_tickets_issues_get + responses: + '200': + description: OK + content: + application/json: + schema: + $ref: '#/components/schemas/ListResponseMapStringObject' + '404': + description: Not Found + parameters: + - name: saasInstanceId + in: path + required: true + schema: + type: string + - name: ticketKey + in: path + required: true + schema: + type: string + - name: limit + in: query + schema: + format: int32 + type: integer + - name: page + in: query + schema: + format: int32 + type: integer + - name: x-ps-tenant + in: header + schema: + type: string + external tags: + - untagged + tags: + - saas instance diff --git a/openapi-specs/sase/incident-sspm/identity-sspm.yaml b/openapi-specs/sase/incident-sspm/identity-sspm.yaml new file mode 100644 index 000000000..cf087c7e7 --- /dev/null +++ b/openapi-specs/sase/incident-sspm/identity-sspm.yaml @@ -0,0 +1,1154 @@ +openapi: 3.0.3 +info: + title: Incident Security Service Posture Management API + version: '1.0' + description: "Endpoint to retrieve Identity Posture Security information This Open\ + \ API spec file was created on June 11, 2025. \xA9 2025 Palo Alto Networks, Inc.\ + \ Palo Alto Networks is a registered trademark of Palo Alto Networks. A list of\ + \ our trademarks can be found at [https://www.paloaltonetworks.com/company/trademarks.html](https://www.paloaltonetworks.com/company/trademarks.html).\ + \ All other marks mentioned herein may be trademarks of their respective companies." +servers: +- url: https://api.sase.paloaltonetworks.com +- url: https://api.strata.paloaltonetworks.com +External tags: +- name: Catalog + description: Application Catalog +- name: Identity + description: Identity Provider related API +- name: SaaS Instance + description: SaaS Instance related API +components: + schemas: + CreateTicketRequest: + required: + - resourceIds + - feature + - integrationId + - type + - issueTypeId + - summary + type: object + properties: + resourceIds: + type: array + items: + type: string + feature: + $ref: '#/components/schemas/Feature' + integrationId: + type: string + type: + type: string + issueTypeId: + type: string + summary: + type: string + description: + type: string + settings: + type: object + additionalProperties: + type: string + DownloadCsvRequest: + required: + - userFullName + - userEmail + - service + type: object + properties: + userFullName: + type: string + userEmail: + type: string + service: + type: string + Feature: + enum: + - ENROLLMENT + - ACTIVITY + - LOGOUT + - IDENTITY_NHI + - IDENTITY_ACTIVITY + type: string + FeatureState: + type: object + properties: + status: + type: string + lastScannedAt: + $ref: '#/components/schemas/Instant' + IdpInfo: + type: object + properties: + displayName: + type: string + idpId: + type: string + appType: + type: string + Instant: + format: date-time + type: string + example: 2022-03-10 16:15:50+00:00 + ListResponseIdpInfo: + type: object + properties: + total: + format: int64 + type: integer + items: + type: array + items: + $ref: '#/components/schemas/IdpInfo' + ListResponseMapStringObject: + type: object + properties: + total: + format: int64 + type: integer + items: + type: array + items: + type: object + ListResponseMfaActivity: + type: object + properties: + total: + format: int64 + type: integer + items: + type: array + items: + $ref: '#/components/schemas/MfaActivity' + ListResponseSaaSAccount: + type: object + properties: + total: + format: int64 + type: integer + items: + type: array + items: + $ref: '#/components/schemas/SaaSAccount' + ListResponseSaaSActivity: + type: object + properties: + total: + format: int64 + type: integer + items: + type: array + items: + $ref: '#/components/schemas/SaaSActivity' + ListResponseSaaSInstanceInfo: + type: object + properties: + total: + format: int64 + type: integer + items: + type: array + items: + $ref: '#/components/schemas/SaaSInstanceInfo' + ListResponseTicket: + type: object + properties: + total: + format: int64 + type: integer + items: + type: array + items: + $ref: '#/components/schemas/Ticket' + MfaActivity: + type: object + properties: + id: + type: string + tenant: + type: string + userId: + type: string + idpId: + type: string + idpType: + type: string + mfaStrength: + type: string + admin: + type: boolean + appType: + type: string + appId: + type: string + timestamp: + $ref: '#/components/schemas/Instant' + mfaFactors: + type: string + saasProviderMfaType: + type: string + fullName: + type: string + email: + type: string + ipAddress: + type: string + location: + type: string + ticketKey: + type: string + ticketUrl: + type: string + MfaActivityCountByAppType: + type: object + properties: + appType: + type: string + count: + format: int64 + type: integer + iconAppType: + type: string + RemediationRequest: + type: object + properties: + users: + type: array + items: + type: string + SaaSAccount: + type: object + properties: + id: + type: string + saasProviderId: + type: string + tenant: + type: string + saasInstanceId: + type: string + jobId: + type: string + appId: + type: string + appType: + type: string + accountType: + type: string + accountName: + type: string + email: + type: string + isLocal: + type: boolean + isOrphaned: + type: boolean + isElevated: + type: boolean + ticketKey: + type: string + ticketUrl: + type: string + roles: + type: string + creator: + type: string + linkedHumanAccounts: + type: string + saasProviderNhiName: + type: string + lastModifiedTime: + $ref: '#/components/schemas/Instant' + lastLoginTime: + $ref: '#/components/schemas/Instant' + isNonHuman: + type: boolean + createdTime: + $ref: '#/components/schemas/Instant' + latestScanTime: + $ref: '#/components/schemas/Instant' + lastCredentialsRotated: + $ref: '#/components/schemas/Instant' + rotatedBy: + type: string + githubOrgName: + type: string + credentialsExpiresAt: + $ref: '#/components/schemas/Instant' + SaaSActivity: + type: object + properties: + id: + type: string + userId: + type: string + tenant: + type: string + saasInstanceId: + type: string + appType: + type: string + resourceType: + type: string + resourceName: + type: string + activityType: + type: string + clientIP: + type: string + location: + type: string + userAgent: + type: string + summary: + type: string + rawData: + type: string + activityDateTime: + $ref: '#/components/schemas/Instant' + createdAt: + $ref: '#/components/schemas/Instant' + SaaSInstanceInfo: + type: object + properties: + displayName: + type: string + saasInstanceId: + type: string + appType: + type: string + Ticket: + type: object + properties: + id: + type: string + tenant: + type: string + saasInstanceId: + type: string + resourceIds: + type: string + feature: + type: string + users: + type: string + integrationId: + type: string + type: + type: string + ticketKey: + type: string + ticketUrl: + type: string + summary: + type: string + createdAt: + $ref: '#/components/schemas/Instant' + UnlinkTicketRequest: + required: + - id + - feature + type: object + properties: + id: + type: string + resourceIds: + type: array + items: + type: string + feature: + $ref: '#/components/schemas/Feature' +external tags: +- name: untagged + description: Endpoints grouped under untagged +paths: + /sspm/identity/v1/catalog/{appType}: + get: + summary: Get application catalog + description: "Retrieve application catalog details based on the specified application\ + \ type. \nThis helps identify supported application types and their available\ + \ features." + operationId: catalog_get + responses: + '200': + description: OK + content: + application/json: + schema: + type: object + additionalProperties: {} + '404': + description: Not Found + parameters: + - name: appType + in: path + required: true + schema: + type: string + - name: feature + in: query + schema: + type: string + external tags: + - untagged + tags: + - catalog + /sspm/identity/v1/idps: + get: + summary: Get all Identity Providers + description: Retrieve a list of identity providers (Identity Providers) configured + for the tenant. You can optionally filter the results to view only designated + identity providers. + operationId: idps_get + responses: + '200': + description: OK + content: + application/json: + schema: + $ref: '#/components/schemas/ListResponseIdpInfo' + '404': + description: Not Found + parameters: + - name: designated + in: query + schema: + type: boolean + - name: x-ps-tenant + in: header + schema: + type: string + external tags: + - untagged + tags: + - idp + post: + summary: Create identity provider + description: Create a new identity provider (Identity Provider) entry for the + tenant. You can specify the type, identifier, and whether it should be marked + as designated. + operationId: idps_post + responses: + '201': + description: Created + '400': + description: Bad Request + parameters: + - name: designated + in: query + schema: + type: boolean + - name: idpId + in: query + schema: + type: string + - name: idpType + in: query + schema: + type: string + - name: x-ps-tenant + in: header + schema: + type: string + external tags: + - untagged + tags: + - idp + /sspm/identity/v1/idps/{idpId}/accounts/logout: + get: + summary: Get logout status + description: Retrieve the logout status of user accounts associated with the + specified identity provider (Identity Provider). This is useful for tracking + the outcome of account logout actions in batch operations. + operationId: idps_accounts_logout_get + responses: + '200': + description: OK + '404': + description: Not Found + parameters: + - name: idpId + in: path + required: true + schema: + type: string + - name: batch_id + in: query + schema: + type: string + - name: x-ps-tenant + in: header + schema: + type: string + external tags: + - untagged + tags: + - idp + post: + summary: Trigger account logout + description: Initiate a logout request for user accounts associated with the + specified identity provider (Identity Provider). This action helps enforce + session termination for compliance or security purposes. + operationId: idps_accounts_logout_post + responses: + '200': + description: OK + '404': + description: Not Found + parameters: + - name: idpId + in: path + required: true + schema: + type: string + - name: x-ps-tenant + in: header + schema: + type: string + external tags: + - untagged + tags: + - idp + requestBody: + content: + application/json: + schema: + $ref: '#/components/schemas/RemediationRequest' + /sspm/identity/v1/idps/{idpId}/feature_state: + get: + summary: Get Identity Provider feature state + description: Retrieve the current status and last scan timestamp of a specific + feature enabled for the identity provider (Identity Provider). This helps + assess feature health and scan recency. + operationId: idps_feature_state_get + responses: + '200': + description: OK + content: + application/json: + schema: + $ref: '#/components/schemas/FeatureState' + '404': + description: Not Found + parameters: + - name: idpId + in: path + required: true + schema: + type: string + - name: feature + in: query + schema: + $ref: '#/components/schemas/Feature' + - name: x-ps-tenant + in: header + schema: + type: string + external tags: + - untagged + tags: + - idp + /sspm/identity/v1/idps/{idpId}/idp_accounts/count: + get: + summary: Get Identity Provider account count + description: Return the number of user accounts linked to the specified identity + provider (Identity Provider). Filtering options can be applied to count specific + types of accounts such as orphaned or privileged users. + operationId: idps_idp_accounts_count_get + responses: + '200': + description: OK + content: + application/json: + schema: + type: object + additionalProperties: + format: int64 + type: integer + '404': + description: Not Found + parameters: + - name: idpId + in: path + required: true + schema: + type: string + - name: filter + in: query + schema: + type: string + - name: x-ps-tenant + in: header + schema: + type: string + external tags: + - untagged + tags: + - idp + /sspm/identity/v1/idps/{idpId}/idp_accounts/csv_report: + post: + summary: Generate Identity Provider account CSV report + description: Generate a CSV report of accounts associated with the specified + identity provider (Identity Provider). The report supports compliance audits + and user access reviews. + operationId: idps_idp_accounts_csv_report_get + responses: + '201': + description: Created + '400': + description: Bad Request + parameters: + - name: idpId + in: path + required: true + schema: + type: string + - name: filter + in: query + schema: + type: string + - name: sortBy + in: query + schema: + type: string + - name: x-ps-tenant + in: header + schema: + type: string + external tags: + - untagged + tags: + - idp + requestBody: + content: + application/json: + schema: + $ref: '#/components/schemas/DownloadCsvRequest' + /sspm/identity/v1/idps/{idpId}/mfa_activity: + get: + summary: Get Multi-factor authentication activity logs + description: Retrieve a list of multi-factor authentication (Multi-factor authentication) + activities for the specified identity provider (Identity Provider). The logs + include user identities, timestamps, IP Address addresses, and Multi-factor + authentication methods used. + operationId: idps_mfa_activity_get + responses: + '200': + description: OK + content: + application/json: + schema: + $ref: '#/components/schemas/ListResponseMfaActivity' + '404': + description: Not Found + parameters: + - name: idpId + in: path + required: true + schema: + type: string + - name: filter + in: query + schema: + type: string + - name: limit + in: query + schema: + format: int32 + type: integer + - name: page + in: query + schema: + format: int32 + type: integer + - name: sortBy + in: query + schema: + type: string + - name: x-ps-tenant + in: header + schema: + type: string + external tags: + - untagged + tags: + - idp + /sspm/identity/v1/idps/{idpId}/mfa_activity/count: + get: + summary: Get Multi-factor authentication activity count + description: Return the number of multi-factor authentication (Multi-factor + authentication) activities recorded for the specified identity provider (Identity + Provider). This count helps evaluate authentication volume and usage patterns. + operationId: idps_mfa_activity_count_get + responses: + '200': + description: OK + content: + application/json: + schema: + type: object + additionalProperties: + format: int64 + type: integer + '404': + description: Not Found + parameters: + - name: idpId + in: path + required: true + schema: + type: string + - name: filter + in: query + schema: + type: string + - name: x-ps-tenant + in: header + schema: + type: string + external tags: + - untagged + tags: + - idp + /sspm/identity/v1/idps/{idpId}/mfa_activity/count_by_app_type: + get: + summary: Get Multi-factor authentication activity count by app type + description: Return the number of multi-factor authentication (Multi-factor + authentication) activities for the specified identity provider (Identity Provider), + grouped by application type. This helps analyze authentication trends across + different SaaS applications. + operationId: idps_mfa_activity_count_by_app_type_get + responses: + '200': + description: OK + content: + application/json: + schema: + type: array + items: + $ref: '#/components/schemas/MfaActivityCountByAppType' + '404': + description: Not Found + parameters: + - name: idpId + in: path + required: true + schema: + type: string + - name: filter + in: query + schema: + type: string + - name: limit + in: query + schema: + format: int32 + type: integer + - name: page + in: query + schema: + format: int32 + type: integer + - name: x-ps-tenant + in: header + schema: + type: string + external tags: + - untagged + tags: + - idp + /sspm/identity/v1/idps/{idpId}/mfa_activity/csv_report: + post: + summary: Generate Identity Provider Multi-factor authentication activity CSV + report + description: Generate a comma-separated values (CSV) report of multi-factor + authentication (Multi-factor authentication) activities for the specified + identity provider (Identity Provider). This report helps audit authentication + patterns and policy compliance. + operationId: idps_mfa_activity_csv_report_get + responses: + '201': + description: Created + '400': + description: Bad Request + parameters: + - name: idpId + in: path + required: true + schema: + type: string + - name: filter + in: query + schema: + type: string + - name: sortBy + in: query + schema: + type: string + - name: x-ps-tenant + in: header + schema: + type: string + external tags: + - untagged + tags: + - idp + requestBody: + content: + application/json: + schema: + $ref: '#/components/schemas/DownloadCsvRequest' + /sspm/identity/v1/saas_instances: + get: + summary: Get SaaS instance list + description: "Retrieve a list of software as a service (SaaS) instances configured\ + \ for the tenant. \nEach instance includes metadata such as application type\ + \ and display name." + operationId: saas_instances_get + responses: + '200': + description: OK + content: + application/json: + schema: + $ref: '#/components/schemas/ListResponseSaaSInstanceInfo' + '404': + description: Not Found + parameters: + - name: x-ps-tenant + in: header + schema: + type: string + external tags: + - untagged + tags: + - saas instance + /sspm/identity/v1/saas_instances/{saasInstanceId}/saas_accounts: + get: + summary: Get SaaS account list + description: "Retrieve a list of user accounts associated with the specified\ + \ software as a service (SaaS) instance. \nThe response includes account metadata\ + \ such as roles, login activity, and status for each user." + operationId: saas_instances_saas_accounts_get + responses: + '200': + description: OK + content: + application/json: + schema: + $ref: '#/components/schemas/ListResponseSaaSAccount' + '404': + description: Not Found + parameters: + - name: saasInstanceId + in: path + required: true + schema: + type: string + - name: filter + in: query + schema: + type: string + - name: limit + in: query + schema: + format: int32 + type: integer + - name: page + in: query + schema: + format: int32 + type: integer + - name: sortBy + in: query + schema: + type: string + - name: x-ps-tenant + in: header + schema: + type: string + external tags: + - untagged + tags: + - saas instance + /sspm/identity/v1/saas_instances/{saasInstanceId}/saas_accounts/count: + get: + summary: Get SaaS account count + description: "Return the number of user accounts associated with the specified\ + \ software as a service (SaaS) instance. \nYou can apply filters to refine\ + \ the account count based on criteria such as roles, status, or account types." + operationId: saas_instances_saas_accounts_count_get + responses: + '200': + description: OK + content: + application/json: + schema: + type: object + additionalProperties: + format: int64 + type: integer + '404': + description: Not Found + parameters: + - name: saasInstanceId + in: path + required: true + schema: + type: string + - name: filter + in: query + schema: + type: string + - name: x-ps-tenant + in: header + schema: + type: string + external tags: + - untagged + tags: + - saas instance + /sspm/identity/v1/saas_instances/{saasInstanceId}/saas_accounts/csv_report: + post: + summary: Generate SaaS account CSV report + description: "Generate a CSV report of accounts linked to the specified software\ + \ as a service (SaaS) instance. \nThis report helps in auditing user presence\ + \ and roles within the application." + operationId: saas_instances_saas_accounts_count_csv_report_post + responses: + '201': + description: Created + '400': + description: Bad Request + parameters: + - name: saasInstanceId + in: path + required: true + schema: + type: string + - name: filter + in: query + schema: + type: string + - name: sortBy + in: query + schema: + type: string + - name: x-ps-tenant + in: header + schema: + type: string + external tags: + - untagged + tags: + - saas instance + requestBody: + content: + application/json: + schema: + $ref: '#/components/schemas/DownloadCsvRequest' + /sspm/identity/v1/saas_instances/{saasInstanceId}/saas_activity: + get: + summary: Get SaaS activity logs + description: "Retrieve a list of activity logs for the specified software as\ + \ a service (SaaS) instance. \nLogs include user actions, accessed resources,\ + \ locations, and timestamps to support security auditing and monitoring." + operationId: saas_instances_saas_activity_get + responses: + '200': + description: OK + content: + application/json: + schema: + $ref: '#/components/schemas/ListResponseSaaSActivity' + '404': + description: Not Found + parameters: + - name: saasInstanceId + in: path + required: true + schema: + type: string + - name: filter + in: query + schema: + type: string + - name: limit + in: query + schema: + format: int32 + type: integer + - name: page + in: query + schema: + format: int32 + type: integer + - name: sortBy + in: query + schema: + type: string + - name: x-ps-tenant + in: header + schema: + type: string + external tags: + - untagged + tags: + - saas instance + /sspm/identity/v1/{saasInstanceId}/tickets: + get: + summary: Get SaaS instance tickets + description: Retrieve a list of tickets associated with the specified software + as a service (SaaS) instance. Tickets track security findings, misconfigurations, + or other remediation needs. + operationId: saas_instances_tickets_get + responses: + '200': + description: OK + content: + application/json: + schema: + $ref: '#/components/schemas/ListResponseTicket' + '404': + description: Not Found + parameters: + - name: saasInstanceId + in: path + required: true + schema: + type: string + - name: filter + in: query + schema: + type: string + - name: limit + in: query + schema: + format: int32 + type: integer + - name: page + in: query + schema: + format: int32 + type: integer + - name: sortBy + in: query + schema: + type: string + - name: x-ps-tenant + in: header + schema: + type: string + external tags: + - untagged + tags: + - saas instance + post: + summary: Create SaaS instance ticket + description: "Create a new ticket for the specified software as a service (SaaS)\ + \ instance. \nTickets help track remediation efforts for flagged issues or\ + \ vulnerabilities." + operationId: saas_instances_tickets_post + responses: + '200': + description: OK + content: + application/json: + schema: + $ref: '#/components/schemas/Ticket' + '400': + description: Bad Request + parameters: + - name: saasInstanceId + in: path + required: true + schema: + type: string + - name: x-ps-tenant + in: header + schema: + type: string + external tags: + - untagged + tags: + - saas instance + requestBody: + content: + application/json: + schema: + $ref: '#/components/schemas/CreateTicketRequest' + delete: + summary: Delete SaaS instance tickets + description: "Delete or unlink one or more tickets associated with the specified\ + \ software as a service (SaaS) instance. \nThis action is typically used to\ + \ close resolved or invalid issues." + operationId: saas_instances_tickets_delete + responses: + '204': + description: No Content + '404': + description: Not Found + parameters: + - name: saasInstanceId + in: path + required: true + schema: + type: string + - name: x-ps-tenant + in: header + schema: + type: string + external tags: + - untagged + tags: + - saas instance + requestBody: + content: + application/json: + schema: + $ref: '#/components/schemas/UnlinkTicketRequest' + /sspm/identity/v1/{saasInstanceId}/tickets/{ticketKey}/issues: + get: + summary: Get ticket issues + description: "Retrieve a list of issues linked to a specific ticket for the\ + \ given software as a service (SaaS) instance. \nThis helps in tracking and\ + \ managing remediation or investigation items." + operationId: saas_instances_tickets_issues_get + responses: + '200': + description: OK + content: + application/json: + schema: + $ref: '#/components/schemas/ListResponseMapStringObject' + '404': + description: Not Found + parameters: + - name: saasInstanceId + in: path + required: true + schema: + type: string + - name: ticketKey + in: path + required: true + schema: + type: string + - name: limit + in: query + schema: + format: int32 + type: integer + - name: page + in: query + schema: + format: int32 + type: integer + - name: x-ps-tenant + in: header + schema: + type: string + external tags: + - untagged + tags: + - saas instance diff --git a/openapi-specs/sase/incident-sspm/incidentconsolidated.yaml b/openapi-specs/sase/incident-sspm/incidentconsolidated.yaml deleted file mode 100644 index a291acc71..000000000 --- a/openapi-specs/sase/incident-sspm/incidentconsolidated.yaml +++ /dev/null @@ -1,917 +0,0 @@ -components: - schemas: - CreateTicketRequest: - properties: - description: - type: string - feature: - $ref: '#/components/schemas/Feature' - integrationId: - type: string - issueTypeId: - type: string - resourceIds: - items: - type: string - type: array - settings: - additionalProperties: - type: string - type: object - summary: - type: string - type: - type: string - required: - - resourceIds - - feature - - integrationId - - type - - issueTypeId - - summary - type: object - DownloadCsvRequest: - properties: - service: - type: string - userEmail: - type: string - userFullName: - type: string - required: - - userFullName - - userEmail - - service - type: object - Feature: - enum: - - ENROLLMENT - - ACTIVITY - - LOGOUT - - IDENTITY_NHI - - IDENTITY_ACTIVITY - type: string - FeatureState: - properties: - lastScannedAt: - $ref: '#/components/schemas/Instant' - status: - type: string - type: object - IdpInfo: - properties: - appType: - type: string - displayName: - type: string - idpId: - type: string - type: object - Instant: - example: 2022-03-10 16:15:50+00:00 - format: date-time - type: string - ListResponseIdpInfo: - properties: - items: - items: - $ref: '#/components/schemas/IdpInfo' - type: array - total: - format: int64 - type: integer - type: object - ListResponseMapStringObject: - properties: - items: - items: - type: object - type: array - total: - format: int64 - type: integer - type: object - ListResponseMfaActivity: - properties: - items: - items: - $ref: '#/components/schemas/MfaActivity' - type: array - total: - format: int64 - type: integer - type: object - ListResponseSaaSAccount: - properties: - items: - items: - $ref: '#/components/schemas/SaaSAccount' - type: array - total: - format: int64 - type: integer - type: object - ListResponseSaaSActivity: - properties: - items: - items: - $ref: '#/components/schemas/SaaSActivity' - type: array - total: - format: int64 - type: integer - type: object - ListResponseSaaSInstanceInfo: - properties: - items: - items: - $ref: '#/components/schemas/SaaSInstanceInfo' - type: array - total: - format: int64 - type: integer - type: object - ListResponseTicket: - properties: - items: - items: - $ref: '#/components/schemas/Ticket' - type: array - total: - format: int64 - type: integer - type: object - MfaActivity: - properties: - admin: - type: boolean - appId: - type: string - appType: - type: string - email: - type: string - fullName: - type: string - id: - type: string - idpId: - type: string - idpType: - type: string - ipAddress: - type: string - location: - type: string - mfaFactors: - type: string - mfaStrength: - type: string - saasProviderMfaType: - type: string - tenant: - type: string - ticketKey: - type: string - ticketUrl: - type: string - timestamp: - $ref: '#/components/schemas/Instant' - userId: - type: string - type: object - MfaActivityCountByAppType: - properties: - appType: - type: string - count: - format: int64 - type: integer - iconAppType: - type: string - type: object - RemediationRequest: - properties: - users: - items: - type: string - type: array - type: object - SaaSAccount: - properties: - accountName: - type: string - accountType: - type: string - appId: - type: string - appType: - type: string - createdTime: - $ref: '#/components/schemas/Instant' - creator: - type: string - credentialsExpiresAt: - $ref: '#/components/schemas/Instant' - email: - type: string - githubOrgName: - type: string - id: - type: string - isElevated: - type: boolean - isLocal: - type: boolean - isNonHuman: - type: boolean - isOrphaned: - type: boolean - jobId: - type: string - lastCredentialsRotated: - $ref: '#/components/schemas/Instant' - lastLoginTime: - $ref: '#/components/schemas/Instant' - lastModifiedTime: - $ref: '#/components/schemas/Instant' - latestScanTime: - $ref: '#/components/schemas/Instant' - linkedHumanAccounts: - type: string - roles: - type: string - rotatedBy: - type: string - saasInstanceId: - type: string - saasProviderId: - type: string - saasProviderNhiName: - type: string - tenant: - type: string - ticketKey: - type: string - ticketUrl: - type: string - type: object - SaaSActivity: - properties: - activityDateTime: - $ref: '#/components/schemas/Instant' - activityType: - type: string - appType: - type: string - clientIP: - type: string - createdAt: - $ref: '#/components/schemas/Instant' - id: - type: string - location: - type: string - rawData: - type: string - resourceName: - type: string - resourceType: - type: string - saasInstanceId: - type: string - summary: - type: string - tenant: - type: string - userAgent: - type: string - userId: - type: string - type: object - SaaSInstanceInfo: - properties: - appType: - type: string - displayName: - type: string - saasInstanceId: - type: string - type: object - Ticket: - properties: - createdAt: - $ref: '#/components/schemas/Instant' - feature: - type: string - id: - type: string - integrationId: - type: string - resourceIds: - type: string - saasInstanceId: - type: string - summary: - type: string - tenant: - type: string - ticketKey: - type: string - ticketUrl: - type: string - type: - type: string - users: - type: string - type: object - UnlinkTicketRequest: - properties: - feature: - $ref: '#/components/schemas/Feature' - id: - type: string - resourceIds: - items: - type: string - type: array - required: - - id - - feature - type: object - securitySchemes: - Bearer: - scheme: bearer - type: http -info: - contact: - email: api-team@paloaltonetworks.com - description: "Auto-generated Incident SSPM OpenAPI documentation \u2013 updated\ - \ on DATE" - license: - name: MIT - url: https://opensource.org/license/mit - termsOfService: https://www.paloaltonetworks.com/content/dam/pan/en_US/assets/pdf/legal/palo-alto-networks-end-user-license-agreement-eula.pdf - title: Incident SSPM API - version: '1.0' -openapi: 3.0.3 -paths: - /sspm/identity/v1/catalog/{appType}: - get: - description: Retrieve the apptype. - parameters: - - in: path - name: appType - required: true - schema: - type: string - - in: query - name: feature - schema: - type: string - security: - - Bearer: [] - summary: Get Catalog by AppType - tags: - - catalog - /sspm/identity/v1/idps: - get: - description: Retrieve the idps. - parameters: - - in: query - name: designated - schema: - type: boolean - - in: header - name: x-ps-tenant - schema: - type: string - security: - - Bearer: [] - summary: Get All Idps - tags: - - idp - post: - description: Create the idps. - parameters: - - in: query - name: designated - schema: - type: boolean - - in: query - name: idpId - schema: - type: string - - in: query - name: idpType - schema: - type: string - - in: header - name: x-ps-tenant - schema: - type: string - security: - - Bearer: [] - summary: Create Idp - tags: - - idp - /sspm/identity/v1/idps/{idpId}/accounts/logout: - get: - description: Retrieve the logout. - parameters: - - in: path - name: idpId - required: true - schema: - type: string - - in: query - name: batch_id - schema: - type: string - - in: header - name: x-ps-tenant - schema: - type: string - security: - - Bearer: [] - summary: Retrieve Idp Account Logout Status - tags: - - idp - post: - description: Create the logout. - parameters: - - in: path - name: idpId - required: true - schema: - type: string - - in: header - name: x-ps-tenant - schema: - type: string - requestBody: - content: - application/json: - schema: - $ref: '#/components/schemas/RemediationRequest' - security: - - Bearer: [] - summary: Log Out Idp Account - tags: - - idp - /sspm/identity/v1/idps/{idpId}/feature_state: - get: - description: Retrieve the feature state. - parameters: - - in: path - name: idpId - required: true - schema: - type: string - - in: query - name: feature - schema: - $ref: '#/components/schemas/Feature' - - in: header - name: x-ps-tenant - schema: - type: string - security: - - Bearer: [] - summary: Get Idp Feature State - tags: - - idp - /sspm/identity/v1/idps/{idpId}/idp_accounts/count: - get: - description: Retrieve the count. - parameters: - - in: path - name: idpId - required: true - schema: - type: string - - in: query - name: filter - schema: - type: string - - in: header - name: x-ps-tenant - schema: - type: string - security: - - Bearer: [] - summary: Count Idp Accounts - tags: - - idp - /sspm/identity/v1/idps/{idpId}/idp_accounts/csv_report: - post: - description: Create the csv report. - parameters: - - in: path - name: idpId - required: true - schema: - type: string - - in: query - name: filter - schema: - type: string - - in: query - name: sortBy - schema: - type: string - - in: header - name: x-ps-tenant - schema: - type: string - requestBody: - content: - application/json: - schema: - $ref: '#/components/schemas/DownloadCsvRequest' - security: - - Bearer: [] - summary: Retrieve CSV report of Idp accounts - tags: - - idp - /sspm/identity/v1/idps/{idpId}/mfa_activity: - get: - description: Retrieve the mfa activity. - parameters: - - in: path - name: idpId - required: true - schema: - type: string - - in: query - name: filter - schema: - type: string - - in: query - name: limit - schema: - format: int32 - type: integer - - in: query - name: page - schema: - format: int32 - type: integer - - in: query - name: sortBy - schema: - type: string - - in: header - name: x-ps-tenant - schema: - type: string - security: - - Bearer: [] - summary: Retrieve IDP MFA Activities - tags: - - idp - /sspm/identity/v1/idps/{idpId}/mfa_activity/count: - get: - description: Retrieve the count. - parameters: - - in: path - name: idpId - required: true - schema: - type: string - - in: query - name: filter - schema: - type: string - - in: header - name: x-ps-tenant - schema: - type: string - security: - - Bearer: [] - summary: Count IDP MFA Activities - tags: - - idp - /sspm/identity/v1/idps/{idpId}/mfa_activity/count_by_app_type: - get: - description: Retrieve the count by app type. - parameters: - - in: path - name: idpId - required: true - schema: - type: string - - in: query - name: filter - schema: - type: string - - in: query - name: limit - schema: - format: int32 - type: integer - - in: query - name: page - schema: - format: int32 - type: integer - - in: header - name: x-ps-tenant - schema: - type: string - security: - - Bearer: [] - summary: Count IDP MFA Activities by AppType - tags: - - idp - /sspm/identity/v1/idps/{idpId}/mfa_activity/csv_report: - post: - description: Create the csv report. - parameters: - - in: path - name: idpId - required: true - schema: - type: string - - in: query - name: filter - schema: - type: string - - in: query - name: sortBy - schema: - type: string - - in: header - name: x-ps-tenant - schema: - type: string - requestBody: - content: - application/json: - schema: - $ref: '#/components/schemas/DownloadCsvRequest' - security: - - Bearer: [] - summary: Retrieve IDP MFA Activities CSV Report - tags: - - idp - /sspm/identity/v1/saas_instances: - get: - description: Retrieve the saas instances. - parameters: - - in: header - name: x-ps-tenant - schema: - type: string - security: - - Bearer: [] - summary: Retrieve SAAS Instance List - tags: - - saas instance - /sspm/identity/v1/saas_instances/{saasInstanceId}/saas_accounts: - get: - description: Retrieve the saas accounts. - parameters: - - in: path - name: saasInstanceId - required: true - schema: - type: string - - in: query - name: filter - schema: - type: string - - in: query - name: limit - schema: - format: int32 - type: integer - - in: query - name: page - schema: - format: int32 - type: integer - - in: query - name: sortBy - schema: - type: string - - in: header - name: x-ps-tenant - schema: - type: string - security: - - Bearer: [] - summary: Retrieve SAAS Account List - tags: - - saas instance - /sspm/identity/v1/saas_instances/{saasInstanceId}/saas_accounts/count: - get: - description: Retrieve the count. - parameters: - - in: path - name: saasInstanceId - required: true - schema: - type: string - - in: query - name: filter - schema: - type: string - - in: header - name: x-ps-tenant - schema: - type: string - security: - - Bearer: [] - summary: Count SAAS Account - tags: - - saas instance - /sspm/identity/v1/saas_instances/{saasInstanceId}/saas_accounts/csv_report: - post: - description: Create the csv report. - parameters: - - in: path - name: saasInstanceId - required: true - schema: - type: string - - in: query - name: filter - schema: - type: string - - in: query - name: sortBy - schema: - type: string - - in: header - name: x-ps-tenant - schema: - type: string - requestBody: - content: - application/json: - schema: - $ref: '#/components/schemas/DownloadCsvRequest' - security: - - Bearer: [] - summary: Retrieve SAAS Account CSV Report - tags: - - saas instance - /sspm/identity/v1/saas_instances/{saasInstanceId}/saas_activity: - get: - description: Retrieve the saas activity. - parameters: - - in: path - name: saasInstanceId - required: true - schema: - type: string - - in: query - name: filter - schema: - type: string - - in: query - name: limit - schema: - format: int32 - type: integer - - in: query - name: page - schema: - format: int32 - type: integer - - in: query - name: sortBy - schema: - type: string - - in: header - name: x-ps-tenant - schema: - type: string - security: - - Bearer: [] - summary: Retrieve SAAS Activity List - tags: - - saas instance - /sspm/identity/v1/{saasInstanceId}/tickets: - delete: - description: Delete the tickets. - parameters: - - in: path - name: saasInstanceId - required: true - schema: - type: string - - in: header - name: x-ps-tenant - schema: - type: string - requestBody: - content: - application/json: - schema: - $ref: '#/components/schemas/UnlinkTicketRequest' - security: - - Bearer: [] - summary: Delete tickets for SAAS Instance - tags: - - saas instance - get: - description: Retrieve the tickets. - parameters: - - in: path - name: saasInstanceId - required: true - schema: - type: string - - in: query - name: filter - schema: - type: string - - in: query - name: limit - schema: - format: int32 - type: integer - - in: query - name: page - schema: - format: int32 - type: integer - - in: query - name: sortBy - schema: - type: string - - in: header - name: x-ps-tenant - schema: - type: string - security: - - Bearer: [] - summary: Retrieve Tickets of SAAS Instance - tags: - - saas instance - post: - description: Create the tickets. - parameters: - - in: path - name: saasInstanceId - required: true - schema: - type: string - - in: header - name: x-ps-tenant - schema: - type: string - requestBody: - content: - application/json: - schema: - $ref: '#/components/schemas/CreateTicketRequest' - security: - - Bearer: [] - summary: Create ticket for SAAS Instance - tags: - - saas instance - /sspm/identity/v1/{saasInstanceId}/tickets/{ticketKey}/issues: - get: - description: Retrieve the issues. - parameters: - - in: path - name: saasInstanceId - required: true - schema: - type: string - - in: path - name: ticketKey - required: true - schema: - type: string - - in: query - name: limit - schema: - format: int32 - type: integer - - in: query - name: page - schema: - format: int32 - type: integer - - in: header - name: x-ps-tenant - schema: - type: string - security: - - Bearer: [] - summary: Retrieve Issues of Tickets - tags: - - saas instance -servers: -- url: https://api.strata.paloaltonetworks.com -tags: -- description: API endpoints related to catalog - name: catalog -- description: API endpoints related to idp - name: idp -- description: API endpoints related to saas instance - name: saas instance diff --git a/products/sase/api/identity-sspm/introduction.md b/products/sase/api/identity-sspm/introduction.md new file mode 100644 index 000000000..ee05649c1 --- /dev/null +++ b/products/sase/api/identity-sspm/introduction.md @@ -0,0 +1,48 @@ +--- +id: introduction +title: SaaS Incident Security Posture Management APIs +sidebar_label: Incident Security Posture Management APIs +slug: /sase/api/identity-sspm +keywords: + - SASE + - Reference + - API +--- + +The Identity API is a component of the SaaS Security Posture Management (SSPM) framework. It allows developers to access security-related metrics and configurations tied to user and service accounts. Identity builds upon posture security to offer more granular insights into how identities are managed across SaaS environments. + +## Prerequisites + +To use the Identity API: + +- You must have a valid SaaS Security account. +- You must have onboarded identity sources such as Okta or Office 365. +- You need a registered application with a client ID and endpoint URL for authentication. + +## Key Features + +The Identity API allows you to: + +- Detect MFA misconfigurations across identity providers. +- Identify users with no MFA or incomplete enforcement. +- Track account activity and highlight dormant or inactive accounts. +- Detect credentials that haven't rotated within a defined period. +- Flag over-privileged accounts that exceed role-based access expectations. +- Aggregate user posture metrics for reporting and dashboards. + +## Posture vs Identity + +| Category | Posture | Identity | +|----------|---------|----------| +| Focus | Configuration (e.g., password policies) | User accounts and their behaviors | +| Objective | Compliance with standards | Risk identification and mitigation | +| Scope | General SaaS application configuration | Specific to user and service identities | +| Example | Enforcing password complexity | Detecting a dormant admin account | + + +## Use Cases + +- **Dormant Account Identification**: Detect user accounts that belong to employees who have left the organization but are still active in the system. +- **Over-Privileged Account Detection**: Highlight accounts with excessive permissions relative to their assigned roles. +- **MFA Compliance Monitoring**: Audit which users have not enrolled in MFA or are missing enforcement policies. +- **Activity Analysis**: Review sign-in activity for anomalies and risk signals across user accounts. \ No newline at end of file diff --git a/products/sase/api/incident-sspm/introduction.md b/products/sase/api/incident-sspm/introduction.md deleted file mode 100644 index ec8847dea..000000000 --- a/products/sase/api/incident-sspm/introduction.md +++ /dev/null @@ -1,12 +0,0 @@ ---- -id: introduction -title: SaaS Incident Security Posture Management APIs -sidebar_label: Incident Security Posture Management APIs -slug: /sase/api/incident-sspm -keywords: - - SASE - - Reference - - API ---- - -???? Add Incident SSPM introduction ??? diff --git a/products/sase/sidebars.ts b/products/sase/sidebars.ts index e491fe2ed..ef4126597 100644 --- a/products/sase/sidebars.ts +++ b/products/sase/sidebars.ts @@ -318,9 +318,9 @@ module.exports = { "sase/api/sspm/sspm-api-workflow", require("./api/sspm/sidebar"), ], - incidentsspm: [ - "sase/api/incident-sspm/introduction", - require("./api/incident-sspm/sidebar"), + identitysspm: [ + "sase/api/identity-sspm/introduction", + require("./api/identity-sspm/sidebar"), ], sasesubscription: [ "sase/api/subscription/subscription-api", From 0e8aaf6bb038f7109ca616429c7dad87451151d7 Mon Sep 17 00:00:00 2001 From: sra Date: Thu, 12 Jun 2025 11:03:27 +0530 Subject: [PATCH 4/4] DOCS-7893 Updated the introduction.md file. --- .../sase/api/identity-sspm/introduction.md | 55 ++++++++++++------- 1 file changed, 36 insertions(+), 19 deletions(-) diff --git a/products/sase/api/identity-sspm/introduction.md b/products/sase/api/identity-sspm/introduction.md index ee05649c1..a22702733 100644 --- a/products/sase/api/identity-sspm/introduction.md +++ b/products/sase/api/identity-sspm/introduction.md @@ -9,28 +9,37 @@ keywords: - API --- -The Identity API is a component of the SaaS Security Posture Management (SSPM) framework. It allows developers to access security-related metrics and configurations tied to user and service accounts. Identity builds upon posture security to offer more granular insights into how identities are managed across SaaS environments. +# Introduction to the Identity API + +The Identity API empowers developers within the SaaS Security Posture Management (SSPM) framework to access security-related metrics and configurations for user and service accounts. This API extends posture security capabilities, offering you detailed insights into how your organization manages identities across SaaS environments. + +## What is the Identity API? + +The Identity API enables security teams to monitor, analyze, and respond to identity-related risks. Your teams can connect users, permissions, activities, and security configurations to maintain a comprehensive view of your identity security posture. ## Prerequisites -To use the Identity API: +Before you integrate with the Identity API, you need: + +- An active SaaS Security account with appropriate access permissions +- Onboarded identity sources like Okta, Office 365, or other supported IdPs +- A registered application with your client ID and endpoint URL for authentication +- API credentials that allow you to access identity data -- You must have a valid SaaS Security account. -- You must have onboarded identity sources such as Okta or Office 365. -- You need a registered application with a client ID and endpoint URL for authentication. +## Key Capabilities -## Key Features +With the Identity API, you can: -The Identity API allows you to: +- **Detect MFA Gaps**: Identify and fix multi-factor authentication misconfigurations across your identity providers +- **Monitor Authentication Health**: Find users who lack MFA or have incomplete enforcement +- **Track Account Lifecycle**: Monitor account activity and identify dormant or inactive accounts that create security risks +- **Enforce Credential Hygiene**: Find credentials your users haven't rotated according to your security policies +- **Control Privilege Escalation**: Identify accounts that have more privileges than their roles require +- **Generate Compliance Reports**: Create comprehensive security reports and executive dashboards using aggregated user posture metrics -- Detect MFA misconfigurations across identity providers. -- Identify users with no MFA or incomplete enforcement. -- Track account activity and highlight dormant or inactive accounts. -- Detect credentials that haven't rotated within a defined period. -- Flag over-privileged accounts that exceed role-based access expectations. -- Aggregate user posture metrics for reporting and dashboards. +## Understanding Posture vs. Identity -## Posture vs Identity +Posture security and identity security serve different yet complementary functions: | Category | Posture | Identity | |----------|---------|----------| @@ -39,10 +48,18 @@ The Identity API allows you to: | Scope | General SaaS application configuration | Specific to user and service identities | | Example | Enforcing password complexity | Detecting a dormant admin account | +## Common Use Cases + +### Dormant Account Identification +Find and manage user accounts of former employees that still have active status in your systems, eliminating potential security vulnerabilities. + +### Over-Privileged Account Detection +Spot accounts with excessive permissions compared to their assigned roles, helping you maintain the principle of least privilege. + +### MFA Compliance Monitoring +Continuously check which users haven't enrolled in MFA or have gaps in their enforcement policies to ensure consistent authentication security. -## Use Cases +### Activity Analysis +Examine authentication patterns and user behaviors to spot anomalies that may signal account compromise or insider threats. -- **Dormant Account Identification**: Detect user accounts that belong to employees who have left the organization but are still active in the system. -- **Over-Privileged Account Detection**: Highlight accounts with excessive permissions relative to their assigned roles. -- **MFA Compliance Monitoring**: Audit which users have not enrolled in MFA or are missing enforcement policies. -- **Activity Analysis**: Review sign-in activity for anomalies and risk signals across user accounts. \ No newline at end of file +These APIs use the [common SASE authentication](/sase/docs/getstarted) for service access and authorization. \ No newline at end of file