SecMaster
IAM provides system-defined identity policies to define common actions supported by cloud services. You can also create custom identity policies using the actions supported by cloud services for more refined access control.
In addition to IAM, the Organizations service provides Service Control Policies (SCPs) to set access control policies.
SCPs do not actually grant any permissions to a principal. They only set the permissions boundary for the principal. When SCPs are attached to a member account or an organizational unit (OU), they do not directly grant permissions to that member account or OU. Instead, the SCPs just determine what permissions are available for that member account or the member accounts under that OU. The granted permissions can be applied only if they are allowed by the SCPs.
To learn more about how IAM is different from Organizations for access control, see What Are the Differences in Access Control Between IAM and Organizations?.
This section describes the elements used by IAM custom identity policies and Organizations SCPs. The elements include actions, resources, and conditions.
- For details about how to use these elements to create an IAM custom identity policy, see Creating a Custom Identity Policy.
- For details about how to use these elements to create a custom SCP, see Creating an SCP.
Actions
Actions are specific operations that are allowed or denied in an SCP.
- The Access Level column describes how the action is classified (List, Read, or Write). This classification helps you understand the level of access that an action grants when you use it in an SCP.
- The Resource Type column indicates whether the action supports resource-level permissions.
- You can use a wildcard (*) to indicate all resource types. If this column is empty (-), the action does not support resource-level permissions, and you must specify all resources ("*") in your SCP statements.
- If this column includes a resource type, you must specify the URN in the Resource element of your statements.
- Required resources are marked with asterisks (*) in the table. If you specify a resource in a statement using this action, then it must be of this type.
For details about the resource types defined by SecMaster, see Resources.
- The Condition Key column contains keys that you can specify in the Condition element of an SCP statement.
- If the Resource Type column has values for an action, the condition key takes effect only for the listed resource types.
- If the Resource Type column is empty (-) for an action, the condition key takes effect for all resources that action supports.
- If the Condition Key column is empty (-) for an action, the action does not support any condition keys.
For details about the condition keys defined by SecMaster, see Conditions.
- The Alias column lists the policy actions that are configured in identity policies. With these actions, you can use APIs for policy-based authorization. For details, see Policies and Identity Policies.
The following table lists the actions that you can define in identity policy statements for SecMaster.
|
Action |
Description |
Access Level |
Resource Type (*: Required) |
Condition Key |
Alias |
|---|---|---|---|---|---|
|
secmaster:playbook:get |
Grants the permission to query playbook details. |
read |
playbook * |
- |
- |
|
secmaster:playbook:create |
Grants the permission to create a playbook. |
write |
playbook * |
- |
- |
|
secmaster:playbook:delete |
Grants the permission to delete a playbook. |
write |
playbook * |
- |
- |
|
secmaster:playbook:update |
Grants the permission to update a playbook. |
write |
playbook * |
- |
- |
|
secmaster:playbook:list |
Grants the permission to query the playbook list. |
list |
playbook * |
- |
- |
|
secmaster:playbook:getStatistics |
Grants the permission to obtain playbook statistics. |
read |
playbook * |
- |
- |
|
secmaster:playbook:getMonitor |
Grants the permission to obtain the playbook running monitoring data. |
read |
playbook * |
- |
- |
|
secmaster:playbook:copyVersion |
Grants the permission to clone a playbook. |
write |
playbook * |
- |
- |
|
secmaster:playbook:approve |
Grants the permission to review a playbook. |
write |
playbook * |
- |
- |
|
secmaster:playbook:listApproves |
Grants the permission to query the playbook review list. |
list |
playbook * |
- |
- |
|
secmaster:playbook:listInstances |
Grants the permission to query the playbook instance list. |
list |
playbook * |
- |
- |
|
secmaster:playbook:getInstanceAuditlog |
Grants the permission to query the audit log list of a playbook instance. |
list |
playbook * |
- |
- |
|
secmaster:playbook:createVersion |
Grants the permission to create a playbook version. |
write |
playbook * |
- |
- |
|
secmaster:playbook:getVersion |
Grants the permission to obtain a playbook version. |
read |
playbook * |
- |
- |
|
secmaster:playbook:deleteVersion |
Grants the permission to delete a playbook version. |
write |
playbook * |
- |
- |
|
secmaster:playbook:updateVersion |
Grants the permission to update a playbook version. |
write |
playbook * |
- |
- |
|
secmaster:playbook:listVersions |
Grants the permission to obtain the list of playbook versions. |
list |
playbook * |
- |
- |
|
secmaster:playbook:getInstance |
Grants the permission to query details about a playbook instance. |
read |
playbook * |
- |
- |
|
secmaster:playbook:getInstanceTopology |
Grants the permission to query details about a playbook instance topology. |
read |
playbook * |
- |
- |
|
secmaster:playbook:operateInstance |
Grants permissions to operate a playbook instance. |
write |
playbook * |
- |
- |
|
secmaster:workflow:list |
Grants the permission to query the workflow list. |
list |
workflow * |
- |
- |
|
secmaster:workflow:get |
Grants the permission to obtain details about a workflow. |
read |
workflow * |
- |
- |
|
secmaster:workflow:delete |
Grants the permission to delete a workflow. |
write |
workflow * |
- |
- |
|
secmaster:workflow:create |
Grants the permission to create a workflow. |
write |
workflow * |
- |
- |
|
secmaster:workflow:update |
Grants the permission to update a workflow. |
write |
workflow * |
- |
- |
|
secmaster:workflow:listVersions |
Grants the permission to obtain the list of workflow versions. |
list |
workflow * |
- |
- |
|
secmaster:workflow:getVersion |
Grants the permission to obtain details about a workflow version. |
read |
workflow * |
- |
- |
|
secmaster:workflow:deleteVersion |
Grants the permission to delete a workflow version. |
write |
workflow * |
- |
- |
|
secmaster:workflow:createVersion |
Grants the permission to create a workflow version. |
write |
workflow * |
- |
- |
|
secmaster:workflow:updateVersion |
Grants the permission to update a workflow version. |
write |
workflow * |
- |
- |
|
secmaster:workflow:approveVersion |
Grants the permission to review a workflow version. |
write |
workflow * |
- |
- |
|
secmaster:workflow:validate |
Grants the permission to verify a workflow version. |
write |
workflow * |
- |
- |
|
secmaster:workflow:simulate |
Grants the permission to update the debugging result of a workflow version. |
write |
workflow * |
- |
- |
|
secmaster:workflow:getInstance |
Grants the permission to query the topology of a workflow instance. |
read |
workflow * |
- |
- |
|
secmaster:workflow:operateInstance |
Grants the permission to update or create a workflow instance. |
write |
workflow * |
- |
- |
|
secmaster:connection:list |
Grants the permission to query the asset connection list. |
list |
connection * |
- |
- |
|
secmaster:connection:create |
Grants the permissions to create an asset connection. |
write |
connection * |
- |
- |
|
secmaster:connection:get |
Grants the permissions to obtain asset connection details. |
read |
connection * |
- |
- |
|
secmaster:connection:delete |
Grants the permissions to delete an asset connection. |
write |
connection * |
- |
- |
|
secmaster:connection:update |
Grants the permissions to update an asset connection. |
write |
connection * |
- |
- |
|
secmaster:workspace:listWorkspace |
Grants the permission to query the workspace list. |
list |
workspace * |
- |
secmaster:workspace:list |
|
secmaster:workspace:createWorkspace |
Grants the permission to create a workspace. |
write |
workspace * |
- |
secmaster:workspace:create |
|
secmaster:workspace:updateWorkspace |
Grants the permission to update a workspace. |
write |
workspace * |
- |
secmaster:workspace:update |
|
secmaster:workspace:getWorkspace |
Grants the permission to obtain workspace details. |
read |
workspace * |
- |
secmaster:workspace:get |
|
secmaster:workspace:deleteWorkspace |
Grants the permission to delete a workspace. |
write |
workspace * |
- |
secmaster:workspace:delete |
|
secmaster:workspace:listAgency |
Grants the permission to query the workspace agencies list. |
list |
workspace * |
- |
secmaster:workspace:list |
|
secmaster:workspace:createAgency |
Grants the permission to create a workspace agency. |
write |
workspace * |
secmaster:workspace:create |
|
|
secmaster:workspace:updateAgency |
Grants the permission to update a workspace agency. |
write |
workspace * |
- |
secmaster:workspace:update |
|
secmaster:workspace:getAgency |
Grants the permission to obtain workspace agency details. |
read |
workspace * |
- |
secmaster:workspace:get |
|
secmaster:workspace:deleteAgency |
Grants the permission to delete a workspace agency. |
write |
workspace * |
- |
secmaster:workspace:delete |
|
secmaster:task:list |
Grants the permission to query the to-do list. |
list |
task * |
- |
- |
|
secmaster:task:create |
Grants the permission to create a to-do task. |
write |
task * |
- |
- |
|
secmaster:task:update |
Grants the permission to update to-do tasks. |
write |
task * |
- |
- |
|
secmaster:task:get |
Grants the permission to obtain to-do task details. |
read |
task * |
- |
- |
|
secmaster:indicator:get |
Grants the permission to obtain indicator details. |
read |
indicator * |
- |
- |
|
secmaster:indicator:create |
Grants the permission to create an indicator. |
write |
indicator * |
- |
- |
|
secmaster:indicator:update |
Grants the permission to update an indicator. |
write |
indicator * |
- |
- |
|
secmaster:indicator:delete |
Grants the permission to delete an indicator. |
write |
indicator * |
- |
- |
|
secmaster:indicator:list |
Grants the permission to query the indicator list. |
read |
indicator * |
- |
- |
|
secmaster:indicator:listTypes |
Grants the permission to query the indicator type list. |
list |
indicator * |
- |
- |
|
secmaster:indicator:bindLayout |
Grants the permissions to bind an indicator type to a layout. |
write |
indicator * |
- |
- |
|
secmaster:alert:get |
Grants the permission to obtain alert details. |
read |
alert * |
- |
- |
|
secmaster:alert:create |
Grants the permission to create an alert. |
write |
alert * |
- |
- |
|
secmaster:alert:update |
Grants the permission to update an alert. |
write |
alert * |
- |
- |
|
secmaster:alert:list |
Grants the permission to query the alert list. |
list |
alert * |
- |
- |
|
secmaster:alert:delete |
Grants the permission to delete an alert. |
write |
alert * |
- |
- |
|
secmaster:alert:batchOrders |
Grants the permission to convert an alert to an incident. |
list |
alert * |
- |
- |
|
secmaster:alert:listTypes |
Grants the permission to query the alert type list. |
list |
alert * |
- |
- |
|
secmaster:alert:listCategories |
Grants the permission to query the alert category list. |
list |
alert * |
- |
- |
|
secmaster:alert:createType |
Grants the permission to create an alert type. |
write |
alert * |
- |
- |
|
secmaster:alert:updateType |
Grants the permission to modify an alert type. |
write |
alert * |
- |
- |
|
secmaster:alert:deleteType |
Grants the permission to delete an alert type. |
write |
alert * |
- |
- |
|
secmaster:alert:enableType |
Grants the permission to enable or disable an alert type. |
write |
alert * |
- |
- |
|
secmaster:alert:bindLayout |
Grants the permissions to bind an alert type to a layout. |
write |
alert * |
- |
- |
|
secmaster:incident:get |
Grants the permission to obtain incident details. |
read |
incident * |
- |
- |
|
secmaster:incident:create |
Grants the permission to create an incident. |
write |
incident * |
- |
- |
|
secmaster:incident:update |
Grants the permission to update an incident. |
write |
incident * |
- |
- |
|
secmaster:incident:list |
Grants the permission to query the incident list. |
list |
incident * |
- |
- |
|
secmaster:incident:listTypes |
Grants the permission to obtain the incident type list. |
list |
incident * |
- |
- |
|
secmaster:incident:delete |
Grants the permission to delete an incident. |
write |
incident * |
- |
- |
|
secmaster:incident:listCategories |
Grants the permission to query the incident category list. |
list |
incident * |
- |
- |
|
secmaster:incident:createType |
Grants the permission to create an incident type. |
write |
incident * |
- |
- |
|
secmaster:incident:updateType |
Grant permission to modify an incident type. |
write |
incident * |
- |
- |
|
secmaster:incident:deleteType |
Grants the permission to delete an incident type. |
write |
incident * |
- |
- |
|
secmaster:incident:enableType |
Grants the permission to enable or disable an incident type. |
write |
incident * |
- |
- |
|
secmaster:incident:bindLayout |
Grants the permissions to bind an incident type to a layout. |
write |
incident * |
- |
- |
|
secmaster:dataobject:createRelation |
Grants the permission to create an object mapping. |
write |
dataobject * |
- |
- |
|
secmaster:dataobject:deleteRelation |
Grants the permission to delete an object mapping. |
write |
dataobject * |
- |
- |
|
secmaster:dataobject:listRelation |
Grants the permission to query the object mapping list. |
list |
dataobject * |
- |
- |
|
secmaster:vulnerability:listGroup |
Grants the permission to query the vulnerability group list. |
list |
vulnerability * |
- |
- |
|
secmaster:vulnerability:getGroup |
Grants the permission to obtain vulnerability group details. |
read |
vulnerability * |
- |
- |
|
secmaster:vulnerability:exportGroup |
Grants the permission to export the vulnerability group list. |
list |
vulnerability * |
- |
- |
|
secmaster:vulnerability:listType |
Grants the permission to query the vulnerability type list. |
list |
vulnerability * |
- |
- |
|
secmaster:vulnerability:bindLayout |
Grants the permission to bind a vulnerability type to a layout. |
write |
vulnerability * |
- |
- |
|
secmaster:vulnerability:createType |
Grants the permission to create a vulnerability type. |
write |
vulnerability * |
- |
- |
|
secmaster:vulnerability:updateType |
Grants the permission to modify a vulnerability type. |
write |
vulnerability * |
- |
- |
|
secmaster:vulnerability:deleteType |
Grants the permission to delete a vulnerability type. |
write |
vulnerability * |
- |
- |
|
secmaster:vulnerability:enableType |
Grants the permission to enable or disable a vulnerability type. |
write |
vulnerability * |
- |
- |
|
secmaster:subscription:deletePostPaidOrder |
Grants the permission to delete a pay-per-use order. |
write |
- |
- |
- |
|
secmaster:subscription:createPostPaidOrder |
Grants the permission to create a pay-per-use order. |
write |
- |
- |
- |
|
secmaster:subscription:createPrePaidOrder |
Grants the permission to create a yearly/monthly order. |
write |
- |
- |
- |
|
secmaster:subscription:getVersion |
Grants the permission to view the subscribed version. |
read |
- |
- |
- |
|
secmaster:metric:getResult |
Grants the permission to view the metric result. |
read |
metric * |
- |
- |
|
secmaster:metric:listResults |
Grants the permission to list metric results. |
list |
metric * |
- |
- |
|
secmaster:metric:listHits |
Grants the permission to list the hit metrics. |
list |
metric * |
- |
- |
|
secmaster:agency:get |
Grants the permission to view an agency. |
read |
- |
- |
- |
|
secmaster:agency:create |
Grants the permission to create an agency. |
write |
- |
- |
- |
|
secmaster:resource:getStatistics |
Grants the permission to view resource statistics. |
read |
resource * |
- |
- |
|
secmaster:resource:list |
Grants the permission to list resources. |
list |
resource * |
- |
- |
|
secmaster:resource:import |
Grants the permission to import resources. |
write |
resource * |
- |
- |
|
secmaster:resource:getTemplate |
Grants the permission to obtain the resource import template. |
read |
resource * |
- |
- |
|
secmaster:report:list |
Grants the permission to list reports. |
list |
report * |
- |
- |
|
secmaster:report:get |
Grants the permission to view a report. |
read |
report * |
- |
- |
|
secmaster:report:create |
Grants the permission to create a report. |
write |
report * |
- |
- |
|
secmaster:report:update |
Grants the permission to update a report. |
write |
report * |
- |
- |
|
secmaster:report:delete |
Grants the permission to delete a report. |
write |
report * |
- |
- |
|
secmaster:emergencyVulnerability:updateReadStatus |
Grants the permission to set the emergency vulnerability read status. |
write |
emergencyVulnerability * |
- |
- |
|
secmaster:emergencyVulnerability:list |
Grants the permission to list emergency vulnerabilities. |
list |
emergencyVulnerability * |
- |
- |
|
secmaster:emergencyVulnerability:export |
Grants the permission to export emergency vulnerabilities. |
read |
emergencyVulnerability * |
- |
- |
|
secmaster:dataspace:list |
Grants the permission to query the data space list. |
list |
dataspace * |
- |
- |
|
secmaster:dataspace:create |
Grants the permission to create a data space. |
write |
dataspace * |
- |
- |
|
secmaster:dataspace:get |
Grants the permission to query data space details. |
read |
dataspace * |
- |
- |
|
secmaster:dataspace:update |
Grants the permission to update a data space. |
write |
dataspace * |
- |
- |
|
secmaster:dataspace:delete |
Grants the permission to delete a data space. |
write |
dataspace * |
- |
- |
|
secmaster:pipe:list |
Grants the permission to query the data pipeline list. |
list |
pipe * |
- |
- |
|
secmaster:pipe:create |
Grants the permission to create a data pipeline. |
write |
pipe * |
- |
- |
|
secmaster:pipe:get |
Grants the permission to query data pipeline details. |
read |
pipe * |
- |
- |
|
secmaster:pipe:update |
Grants the permission to update a data pipeline. |
write |
pipe * |
- |
- |
|
secmaster:pipe:delete |
Grants the permission to delete a data pipeline. |
write |
pipe * |
- |
- |
|
secmaster:pipe:getIndex |
Grants the permission to query data pipeline indexes. |
read |
pipe * |
- |
- |
|
secmaster:pipe:updateIndex |
Grants the permission to update a data pipeline index. |
write |
pipe * |
- |
- |
|
secmaster:pipe:getConsumption |
Grants the permission to query data pipeline consumption. |
read |
pipe * |
- |
- |
|
secmaster:pipe:createConsumption |
Grants the permission to create pipeline consumption. |
write |
pipe * |
- |
- |
|
secmaster:pipe:deleteConsumption |
Grants the permission to delete pipeline consumption. |
write |
pipe * |
- |
- |
|
secmaster:search:listLogs |
Grants the permission to query data. |
list |
workspace * |
- |
- |
|
secmaster:search:listHistograms |
Grants the permission to query the data distribution histogram. |
list |
workspace * |
- |
- |
|
secmaster:search:createAnalysis |
Grants the permission to execute security analysis. |
write |
workspace * |
- |
- |
|
secmaster:searchCondition:list |
Grants the permission to query the list of search criteria. |
list |
searchCondition * |
- |
- |
|
secmaster:searchCondition:create |
Grants the permission to create search criteria. |
write |
searchCondition * |
- |
- |
|
secmaster:searchCondition:get |
Grants the permission to query search criteria details. |
read |
searchCondition * |
- |
- |
|
secmaster:searchCondition:update |
Grants the permission to update search criteria. |
write |
searchCondition * |
- |
- |
|
secmaster:searchCondition:delete |
Grants the permission to delete search criteria. |
write |
searchCondition * |
- |
- |
|
secmaster:alertRule:list |
Grants the permission to query an alert model. |
list |
alertRule * |
- |
- |
|
secmaster:alertRule:create |
Grants the permission to create an alert model. |
write |
alertRule * |
- |
- |
|
secmaster:alertRule:get |
Grants the permission to query alert model details. |
read |
alertRule * |
- |
- |
|
secmaster:alertRule:update |
Grants the permission to modify an alert model. |
write |
alertRule * |
- |
- |
|
secmaster:alertRule:delete |
Grants the permission to delete an alert model. |
write |
alertRule * |
- |
- |
|
secmaster:alertRule:enable |
Grants the permission to enable an alert model. |
write |
alertRule * |
- |
- |
|
secmaster:alertRule:disable |
Grants the permission to disable an alert model. |
write |
alertRule * |
- |
- |
|
secmaster:alertRule:listMetrics |
Grants the permission to query an alert model overview. |
list |
alertRule * |
- |
- |
|
secmaster:alertRule:createSimulation |
Grants the permission to simulate an alert model. |
write |
alertRule * |
- |
- |
|
secmaster:alertRuleTemplate:list |
Grants the permission to query an alert template. |
list |
alertRuleTemplate * |
- |
- |
|
secmaster:alertRuleTemplate:get |
Grants the permission to query alert template details. |
read |
alertRuleTemplate * |
- |
- |
|
secmaster:alertRuleTemplate:listMetrics |
Grants the permission to query the alert template overview. |
list |
alertRuleTemplate * |
- |
- |
|
secmaster:dataclass:create |
Grants the permission to create a data class. |
write |
dataclass * |
- |
- |
|
secmaster:dataclass:update |
Grants the permission to update a data class. |
write |
dataclass * |
- |
- |
|
secmaster:dataclass:delete |
Grants the permission to delete a data class. |
write |
dataclass * |
- |
- |
|
secmaster:dataclass:get |
Grants the permission to obtain data class details. |
read |
dataclass * |
- |
- |
|
secmaster:dataclass:list |
Grants the permission to query the data class list. |
list |
dataclass * |
- |
- |
|
secmaster:dataclass:createField |
Grants the permission to create a field. |
write |
dataclass * |
- |
- |
|
secmaster:dataclass:updateField |
Grants the permission to update a field. |
write |
dataclass * |
- |
- |
|
secmaster:dataclass:deleteField |
Grants the permission to delete a field. |
write |
dataclass * |
- |
- |
|
secmaster:dataclass:getField |
Grants the permission to obtain field details. |
read |
dataclass * |
- |
- |
|
secmaster:dataclass:listFields |
Grants the permission to query the field list. |
list |
dataclass * |
- |
- |
|
secmaster:dataclass:getType |
Grants the permission to obtain type details. |
read |
dataclass * |
- |
- |
|
secmaster:dataclass:listTypes |
Grants the permission to query the type list. |
list |
dataclass * |
- |
- |
|
secmaster:mapping:update |
Grants the permission to update the categorical mapping status. |
write |
mapping * |
- |
- |
|
secmaster:mapping:list |
Grant permission to search for the categorical mapping list. |
list |
mapping * |
- |
- |
|
secmaster:mapping:getDatasource |
Grants the permission to obtain the categorical mapping data source. |
read |
mapping * |
- |
- |
|
secmaster:mapping:listFunctions |
Grants the permission to obtain a categorical mapping function. |
list |
mapping * |
- |
- |
|
secmaster:mapping:delete |
Grants the permission to delete a categorical mapping. |
write |
mapping * |
- |
- |
|
secmaster:mapping:copy |
Grants the permission to copy a categorical mapping. |
write |
mapping * |
- |
- |
|
secmaster:mapping:createClassifier |
Grants the permission to create a category. |
write |
mapping * |
- |
- |
|
secmaster:mapping:updateClassifier |
Grants the permission to update a category. |
write |
mapping * |
- |
- |
|
secmaster:mapping:getClassifier |
Grants the permission to obtain category information. |
read |
mapping * |
- |
- |
|
secmaster:mapping:deleteClassifier |
Grants the permission to delete a category. |
write |
mapping * |
- |
- |
|
secmaster:mapping:createMapper |
Grants the permission to create a mapping. |
write |
mapping * |
- |
- |
|
secmaster:mapping:updateMapper |
Grants the permission to update a mapping. |
write |
mapping * |
- |
- |
|
secmaster:mapping:listMappers |
Grants the permission to query the mapping list. |
list |
mapping * |
- |
- |
|
secmaster:mapping:getMapper |
Grants the permission to obtain the mapping information. |
read |
mapping * |
- |
- |
|
secmaster:mapping:deleteMapper |
Grants the permission to delete a mapping. |
write |
mapping * |
- |
- |
|
secmaster:layout:listBusinessTypes |
Grants the permission to obtain the layout type list. |
list |
layout * |
- |
- |
|
secmaster:layout:list |
Grants the permission to query the layout list. |
list |
layout * |
- |
- |
|
secmaster:layout:create |
Grants the permission to create a layout. |
write |
layout * |
- |
- |
|
secmaster:layout:delete |
Grants the permission to delete a layout. |
write |
layout * |
- |
- |
|
secmaster:layout:update |
Grants the permission to update a layout. |
write |
layout * |
- |
- |
|
secmaster:layout:get |
Grants the permission to query a layout. |
read |
layout * |
- |
- |
|
secmaster:layout:createTemplate |
Grants the permission to save a layout as a template. |
write |
layout * |
- |
- |
|
secmaster:layout:createField |
Grants the permission to create a layout field. |
write |
layout * |
- |
- |
|
secmaster:layout:listFields |
Grants the permission to obtain the layout field list. |
list |
layout * |
- |
- |
|
secmaster:layout:getField |
Grants the permission to obtain layout field details. |
read |
layout * |
- |
- |
|
secmaster:layout:updateField |
Grants the permission to update a layout field. |
write |
layout * |
- |
- |
|
secmaster:layout:deleteField |
Grants the permission to delete a layout field. |
write |
layout * |
- |
- |
|
secmaster:layout:listWizards |
Grants the permission to obtain a page. |
list |
layout * |
- |
- |
|
secmaster:layout:createWizard |
Grants the permission to create a page. |
write |
layout * |
- |
- |
|
secmaster:layout:getWizard |
Grants the permission to obtain page details. |
read |
layout * |
- |
- |
|
secmaster:layout:deleteWizard |
Grants the permission to delete a page. |
write |
layout * |
- |
- |
|
secmaster:layout:updateWizard |
Grants the permission to update a page. |
write |
layout * |
- |
- |
|
secmaster:catalogue:list |
Grants the permissions to query the directory list. |
list |
catalogue * |
- |
- |
|
secmaster:catalogue:update |
Grants the permission to update a directory. |
write |
catalogue * |
- |
- |
|
secmaster:playbook:export |
Grants the permission to export playbooks. |
read |
playbook * |
- |
- |
|
secmaster:playbook:import |
Grants the permission to import playbooks. |
write |
playbook * |
- |
- |
|
secmaster:indicator:downloadTemplate |
Grants the permission to download the indicator template. |
read |
indicator * |
- |
- |
|
secmaster:indicator:export |
Grants the permission to export indicators. |
read |
indicator * |
- |
- |
|
secmaster:indicator:import |
Grants the permission to import indicators. |
write |
indicator * |
- |
- |
|
secmaster:table:list |
Grants the permission to query a table. |
list |
table * |
- |
- |
|
secmaster:table:create |
Grants the permission to create a table. |
write |
table * |
- |
- |
|
secmaster:table:get |
Grants the permission to query table details. |
read |
table * |
- |
- |
|
secmaster:table:update |
Grants the permission to modify a table. |
write |
table * |
- |
- |
|
secmaster:table:delete |
Grants the permission to delete a table. |
write |
table * |
- |
- |
|
secmaster:table:createLock |
Grants the permission to lock a table. |
write |
table * |
- |
- |
|
secmaster:table:deleteLock |
Grants the permission to unlock a table. |
write |
table * |
- |
- |
|
secmaster:table:listMetrics |
Grants the permission to query table overview. |
list |
table * |
- |
- |
|
secmaster:table:updateSchema |
Grants the permission to design a table. |
write |
table * |
- |
- |
|
secmaster:workspace:listTags |
Grants the permission to query resource tags. |
list |
workspace * |
- |
- |
|
secmaster:workspace:listResourcesByTag |
Grants the permission to query the resource instance list. |
list |
workspace * |
- |
- |
|
secmaster:workspace:listTagsForResource |
Grants the permission to query resource tags. |
list |
workspace * |
- |
- |
|
secmaster:workspace:createTags |
Grant the permission to batch add resource tags. |
write |
workspace * |
- |
- |
|
secmaster:workspace:deleteTags |
Grants the permission to batch delete resource tags. |
write |
workspace * |
- |
- |
|
secmaster:workspace:updateTag |
Grants the permission to update tag values. |
write |
workspace * |
- |
- |
|
secmaster:workflow:export |
Grants the permission to export workflows. |
read |
workflow * |
- |
- |
|
secmaster:workflow:import |
Grants the permission to import workflows. |
write |
workflow * |
- |
- |
|
secmaster:alert:import |
Grants the permission to import alerts. |
write |
alert * |
- |
- |
|
secmaster:alert:export |
Grants the permission to export alerts. |
read |
alert * |
- |
- |
|
secmaster:alert:downloadTemplate |
Grants the permission to download an alert template. |
read |
alert * |
- |
- |
|
secmaster:incident:import |
Grants the permission to import incidents. |
write |
incident * |
- |
- |
|
secmaster:incident:export |
Grants the permission to export incidents. |
read |
incident * |
- |
- |
|
secmaster:incident:downloadTemplate |
Grants the permission to download an incident template. |
read |
incident * |
- |
- |
|
secmaster:dataclass:bindLayout |
Grants the permission to associate a data class type to a layout. |
write |
dataclass * |
- |
- |
|
secmaster:dataclass:createType |
Grants the permission to create a custom data type. |
write |
dataclass * |
- |
- |
|
secmaster:dataclass:updateType |
Grants the permission to update a custom data type. |
write |
dataclass * |
- |
- |
|
secmaster:dataclass:deleteType |
Grants the permission to delete a custom data type. |
write |
dataclass * |
- |
- |
|
secmaster:dataclass:enableType |
Grants the permission to enable a data class type. |
write |
dataclass * |
- |
- |
|
secmaster:preference:create |
Grants the permission to set user preferences. |
write |
- |
- |
- |
|
secmaster:preference:get |
Grants the permission to obtain user preferences. |
read |
- |
- |
- |
|
secmaster:preference:delete |
Grants the permission to delete user preferences. |
write |
- |
- |
- |
|
secmaster:preference:update |
Grants the permission to update user preferences. |
write |
- |
- |
- |
|
secmaster:preference:list |
Grants the permission to search for user preferences. |
list |
- |
- |
- |
|
secmaster:metric:list |
Grants the permission to obtain the metric list. |
list |
metric * |
- |
- |
|
secmaster:metric:create |
Grants the permission to create a metric. |
write |
metric * |
- |
- |
|
secmaster:metric:get |
Grants the permission to obtain the metric details. |
read |
metric * |
- |
- |
|
secmaster:metric:delete |
Grants the permission to delete a metric. |
write |
metric * |
- |
- |
|
secmaster:metric:update |
Grants the permission to update a metric. |
write |
metric * |
- |
- |
|
secmaster:module:list |
Grants the permission to obtain the module list. |
list |
- |
- |
- |
|
secmaster:module:create |
Grants the permission to create a module. |
write |
- |
- |
- |
|
secmaster:module:get |
Grants the permission to obtain module details. |
read |
- |
- |
- |
|
secmaster:module:delete |
Grants the permission to delete a module. |
write |
- |
- |
- |
|
secmaster:module:update |
Grants the permission to update a module. |
write |
- |
- |
- |
|
secmaster:vulnerability:downloadTemplate |
Grants the permission to download a vulnerability template. |
read |
vulnerability * |
- |
- |
|
secmaster:vulnerability:import |
Grants the permission to import vulnerability data. |
write |
vulnerability * |
- |
- |
|
secmaster:policy:list |
Grants the permission to query the policy list. |
list |
policy * |
- |
- |
|
secmaster:policy:create |
Grants the permission to create a policy. |
write |
policy * |
- |
- |
|
secmaster:policy:get |
Grants the permission to query policy details. |
read |
policy * |
- |
- |
|
secmaster:policy:update |
Grants the permission to update a policy. |
write |
policy * |
- |
- |
|
secmaster:policy:delete |
Grants the permission to delete a policy. |
write |
policy * |
- |
- |
|
secmaster:policy:batchDelete |
Grants the permission to batch delete policies. |
write |
policy * |
- |
- |
|
secmaster:note:list |
Grants the permission to query comments. |
list |
- |
- |
- |
|
secmaster:note:create |
Grants the permission to create comments. |
write |
- |
- |
- |
|
secmaster:note:delete |
Grants the permission to delete comments. |
write |
- |
- |
- |
|
secmaster:secureScore:update |
Grants the permission to update the security score. |
write |
- |
- |
- |
|
secmaster:baseline:list |
Grants the permission to view baseline check results. |
list |
baseline * |
- |
- |
|
secmaster:baseline:export |
Grants the permission to export baseline check results. |
read |
baseline * |
- |
- |
|
secmaster:baseline:import |
Grants the permission to import baseline check results. |
write |
baseline * |
- |
- |
|
secmaster:baseline:downloadTemplate |
Grants the permission to download baseline check templates. |
read |
baseline * |
- |
- |
|
secmaster:resource:get |
Grants the permission to obtain resource details. |
read |
resource * |
- |
- |
|
secmaster:resource:getRelations |
Grants the permission to obtain resource topologies. |
read |
resource * |
- |
- |
|
secmaster:resource:update |
Grants the permission to update resources. |
write |
resource * |
- |
- |
|
secmaster:resource:batchUpdate |
Grants the permission to update resources in batches. |
write |
resource * |
- |
- |
|
secmaster:resource:batchDelete |
Grants the permission to delete resources in batches. |
write |
resource * |
- |
- |
|
secmaster:resource:export |
Grants the permission to export resources. |
read |
resource * |
- |
- |
|
secmaster:resource:getSyncStatus |
Grants the permission to view resource synchronization status. |
read |
resource * |
- |
- |
|
secmaster:resource:sync |
Grants the permission to synchronize resources. |
write |
resource * |
- |
- |
|
secmaster:guide:get |
Grants the permission to query the user guide. |
read |
- |
- |
- |
|
secmaster:guide:create |
Grants the permission to create a user guide. |
write |
- |
- |
- |
|
secmaster:shipper:list |
Grants the permission to obtain the delivery information list. |
list |
shipper * |
- |
- |
|
secmaster:shipper:create |
Grants the permission to create data delivery. |
write |
shipper * |
- |
- |
|
secmaster:shipper:delete |
Grants the permission to delete delivery information. |
write |
shipper * |
- |
- |
|
secmaster:shipper:createAuthorization |
Grants the permission to deliver authorization. |
write |
shipper * |
- |
- |
|
secmaster:shipper:listAuthorizations |
Grants the permission to obtain the delivery authorization information list. |
list |
shipper * |
- |
- |
|
secmaster:shipper:handleAuthorization |
Grants the permission to authorize. |
write |
shipper * |
- |
- |
|
secmaster:shipper:get |
Grants the permission to obtain the details of a delivery rule. |
read |
shipper * |
- |
- |
|
secmaster:shipper:resume |
Grants the permission to start a delivery rule. |
write |
shipper * |
- |
- |
|
secmaster:shipper:pause |
Grants the permission to suspend a delivery rule. |
write |
shipper * |
- |
- |
|
secmaster:shipper:getDelegateAuth |
Grants the permission to obtain an agency. |
read |
shipper * |
- |
- |
|
secmaster:shipper:createDelegateAuth |
Grants the permission to create an agency. |
write |
shipper * |
- |
- |
|
secmaster:shipper:retryAuthorization |
Grants the permission to re-authorize. |
write |
shipper * |
- |
- |
|
secmaster:shipper:retry |
Grants the permission to re-deliver. |
write |
shipper * |
- |
- |
|
secmaster:adHocQuery:create |
Grants the permission to execute the analysis statement. |
write |
- |
- |
- |
|
secmaster:adHocQuery:get |
Grants the permission to query statement results. |
read |
- |
- |
- |
|
secmaster:adHocQuery:delete |
Grants the permission to disable query operations. |
write |
- |
- |
- |
|
secmaster:dataTransformation:list |
Grants the permission to query data transfer tasks. |
list |
- |
- |
- |
|
secmaster:dataTransformation:get |
Grants the permission to query data transfer task details. |
read |
- |
- |
- |
|
secmaster:dataTransformation:enable |
Grants the permission to enable a data transfer task. |
write |
- |
- |
- |
|
secmaster:dataTransformation:create |
Grants the permission to create a data transfer task. |
write |
- |
- |
- |
|
secmaster:dataTransformation:delete |
Grants the permission to delete a data transfer task. |
write |
- |
- |
- |
|
secmaster:dataTransformation:update |
Grants the permission to update a data transfer task. |
write |
- |
- |
- |
|
Action |
Description |
Access Level |
Resource Type (*: Required) |
Condition Key |
Alias |
|---|---|---|---|---|---|
|
secmaster:dataTransformation:listMetrics |
Grants the permission to query metrics of data transfer tasks. |
read |
- |
- |
- |
|
secmaster:dataTransformation:disable |
Grants the permission to disable data transfer tasks. |
write |
- |
- |
- |
|
secmaster:analysisScript:list |
Grants the permission to query analysis scripts. |
list |
- |
- |
- |
|
secmaster:analysisScript:create |
Grants the permission to create analysis scripts. |
write |
- |
- |
- |
|
secmaster:analysisScript:get |
Grants the permission to query analysis script details. |
read |
- |
- |
- |
|
secmaster:analysisScript:update |
Grants the permission to update analysis scripts. |
write |
- |
- |
- |
|
secmaster:analysisScript:delete |
Grants the permission to delete analysis scripts. |
write |
- |
- |
- |
|
secmaster:codeSegment:list |
Grants the permission to query code snippets. |
list |
- |
- |
- |
|
secmaster:codeSegment:create |
Grants the permission to create code snippets. |
write |
- |
- |
- |
|
secmaster:codeSegment:get |
Grants the permission to query code snippet details. |
read |
- |
- |
- |
|
secmaster:codeSegment:update |
Grants the permission to update code snippets. |
write |
- |
- |
- |
|
secmaster:codeSegment:delete |
Grants the permission to delete code snippets. |
write |
- |
- |
- |
|
secmaster:retrieveScript:list |
Grants the permission to query retrieval scripts. |
list |
- |
- |
- |
|
secmaster:retrieveScript:create |
Grants the permission to create retrieval scripts. |
write |
- |
- |
- |
|
secmaster:retrieveScript:get |
Grants the permission to query retrieval script details. |
read |
- |
- |
- |
|
secmaster:retrieveScript:update |
Grants the permission to update retrieval scripts. |
write |
- |
- |
- |
|
secmaster:retrieveScript:delete |
Grants the permission to delete retrieval scripts. |
write |
- |
- |
- |
|
secmaster:pipe:updateSchema |
Grants the permission to modify pipeline fields. |
write |
pipe * |
- |
- |
|
secmaster:node:create |
Grants the permission to create a node. |
write |
- |
- |
- |
|
secmaster:node:monitor |
Grants the permission to monitor node information. |
write |
- |
- |
- |
|
secmaster:node:updateTaskNodeStatus |
Grants the permission to modify the node task status. |
write |
- |
- |
- |
|
secmaster:node:taskQueueDetail |
Grants the permission to query node task details. |
read |
- |
- |
- |
|
secmaster:analysisScript:export |
Grants the permission to export analysis scripts. |
read |
analysisScript * |
- |
- |
|
secmaster:analysisScript:import |
Grants the permission to import analysis scripts. |
write |
analysisScript * |
- |
- |
|
secmaster:cloudLog:create |
Grants the permission to save cloud service log subscription configurations. |
write |
- |
- |
- |
|
secmaster:cloudLog:delete |
Grants the permission to delete cloud service log subscription configurations. |
write |
- |
- |
- |
|
secmaster:cloudLog:list |
Grants the permission to obtain cloud service log subscription configurations. |
list |
- |
- |
- |
|
secmaster:cloudLog:listResourceConfig |
Grants the permission to query asset subscription configurations. |
list |
workspace * |
- |
- |
|
secmaster:collector:createConfig |
Grants the permission to save cloud service log subscription configurations. |
write |
- |
- |
- |
|
secmaster:collector:listConfig |
Grants the permission to obtain cloud service log subscription configurations. |
list |
- |
- |
- |
|
secmaster:collectorChannel:create |
Grants the permission to create collection channels. |
write |
collectorChannel * |
- |
- |
|
secmaster:collectorChannel:createOperation |
Grants the permission to control collection channels. |
write |
collectorChannel * |
- |
- |
|
secmaster:collectorChannel:delete |
Grants the permission to delete collection channels. |
write |
collectorChannel * |
- |
- |
|
secmaster:collectorChannel:get |
Grants the permission to obtain collection channel details. |
read |
collectorChannel * |
- |
- |
|
secmaster:collectorChannel:list |
Grants the permission to obtain the collection channel list. |
list |
collectorChannel * |
- |
- |
|
secmaster:collectorChannel:listInstances |
Grants the permission to obtain the collection channel instance list. |
list |
collectorChannel * |
- |
- |
|
secmaster:collectorChannel:listNodes |
Grants the permission to obtain the collection channel node list. |
list |
collectorChannel * |
- |
- |
|
secmaster:collectorChannel:update |
Grants the permission to update collection channels. |
write |
collectorChannel * |
- |
- |
|
secmaster:collectorChannelGroup:create |
Grants the permission to create collection channel groups. |
write |
collectorChannelGroup * |
- |
- |
|
secmaster:collectorChannelGroup:delete |
Grants the permission to delete collection channel groups. |
write |
collectorChannelGroup * |
- |
- |
|
secmaster:collectorChannelGroup:list |
Grants the permission to obtain the collection channel group list. |
list |
collectorChannelGroup * |
- |
- |
|
secmaster:collectorChannelGroup:update |
Grants the permission to update the collection channel group list. |
write |
collectorChannelGroup * |
- |
- |
|
secmaster:collectorConnection:create |
Grants the permission to create collector connections. |
write |
collectorConnection * |
- |
- |
|
secmaster:collectorConnection:delete |
Grants the permission to delete collector connections. |
write |
collectorConnection * |
- |
- |
|
secmaster:collectorConnection:get |
Grants the permission to obtain collector connection details. |
read |
collectorConnection * |
- |
- |
|
secmaster:collectorConnection:list |
Grants the permission to obtain the collector connection list. |
list |
collectorConnection * |
- |
- |
|
secmaster:collectorConnection:update |
Grants the permission to update collector connections. |
write |
collectorConnection * |
- |
- |
|
secmaster:collectorNode:list |
Grants the permission to obtain the collector node list. |
list |
workspace * |
- |
- |
|
secmaster:collectorParser:create |
Grants the permission to create a collector parser. |
write |
collectorParser * |
- |
- |
|
secmaster:collectorParser:delete |
Grants the permission to delete a collector parser. |
write |
collectorParser * |
- |
- |
|
secmaster:collectorParser:export |
Grants the permission to export a collector parser. |
read |
collectorParser * |
- |
- |
|
secmaster:collectorParser:get |
Grants the permission to obtain collector parser details. |
read |
collectorParser * |
- |
- |
|
secmaster:collectorParser:list |
Grants the permission to obtain the collector parser list. |
list |
collectorParser * |
- |
- |
|
secmaster:collectorParser:listTemplates |
Grants the permission to obtain the collector parser template list. |
list |
collectorParser * |
- |
- |
|
secmaster:component:get |
Grants the permission to obtain component details. |
read |
component * |
- |
- |
|
secmaster:component:list |
Grants the permission to obtain the component list. |
list |
component * |
- |
- |
|
secmaster:component:listConfigurationVersions |
Grants the permission to obtain the configuration data of the historical version of a component. |
list |
component * |
- |
- |
|
secmaster:component:listConfigurations |
Grants the permission to obtain the component configuration list. |
list |
component * |
- |
- |
|
secmaster:component:listRunningNodes |
Grants the permission to obtain the component running node list. |
list |
component * |
- |
- |
|
secmaster:component:listTemplates |
Grants the permission to obtain the component template list. |
list |
component * |
- |
- |
|
secmaster:component:updateConfigurations |
Grants the permission to update component configurations. |
write |
component * |
- |
- |
|
secmaster:node:delete |
Grants the permission to delete node information. |
write |
node * |
- |
- |
|
secmaster:node:list |
Grants the permission to query the node information list. |
list |
node * |
- |
- |
|
secmaster:node:update |
Grants the permission to update node information. |
write |
node * |
- |
- |
|
secmaster:table:createConsumption |
Grants the permission to create table data consumption. |
write |
table * |
- |
- |
|
secmaster:table:deleteConsumption |
Grants the permission to delete table data consumption. |
write |
table * |
- |
- |
|
secmaster:table:getConsumption |
Grants the permission to obtain table data consumption information. |
read |
table * |
- |
- |
|
secmaster:accountAgency:list |
Grants the permission to query account management information. |
read |
accountAgency * |
- |
- |
|
secmaster:accountAgency:create |
Grants the permission to create account management. |
write |
accountAgency * |
- |
- |
|
secmaster:accountAgency:get |
Grants the permission to obtain account management information. |
read |
accountAgency * |
- |
- |
|
secmaster:accountAgency:update |
Grants the permission to update account management information. |
write |
accountAgency * |
- |
- |
|
secmaster:accountAgency:delete |
Grants the permission to batch disassociate accounts. |
write |
accountAgency * |
- |
- |
Each API of SecMaster usually supports one or more actions. Table 3 lists the supported actions and dependencies.
|
API |
Action |
Dependency |
|---|---|---|
|
GET /v1/{project_id}/workspaces/{workspace_id}/soc/playbooks/{playbook_id} |
secmaster:playbook:get |
- |
|
POST /v1/{project_id}/workspaces/{workspace_id}/soc/playbooks |
secmaster:playbook:create |
- |
|
DELETE /v1/{project_id}/workspaces/{workspace_id}/soc/playbooks/{playbook_id} |
secmaster:playbook:delete |
- |
|
PUT /v1/{project_id}/workspaces/{workspace_id}/soc/playbooks/{playbook_id} |
secmaster:playbook:update |
- |
|
GET /v1/{project_id}/workspaces/{workspace_id}/soc/playbooks |
secmaster:playbook:list |
- |
|
GET /v1/{project_id}/workspaces/{workspace_id}/soc/playbooks/statistics |
secmaster:playbook:getStatistics |
- |
|
GET /v1/{project_id}/workspaces/{workspace_id}/soc/playbooks/{playbook_id}/monitor |
secmaster:playbook:getMonitor |
- |
|
POST /v1/{project_id}/workspaces/{workspace_id}/soc/playbooks/versions/{playbook_version_id}/clone |
secmaster:playbook:copyVersion |
- |
|
POST /v1/{project_id}/workspaces/{workspace_id}/soc/playbooks/versions/{playbook_version_id}/approve |
secmaster:playbook:approve |
- |
|
GET /v1/{project_id}/workspaces/{workspace_id}/soc/playbooks/versions/approval |
secmaster:playbook:listApproves |
- |
|
GET /v1/{project_id}/workspaces/{workspace_id}/soc/playbooks/instances |
secmaster:playbook:listInstances |
- |
|
POST /v1/{project_id}/workspaces/{workspace_id}/soc/playbooks/instances/auditlogs |
secmaster:playbook:getInstanceAuditlog |
- |
|
POST /v1/{project_id}/workspaces/{workspace_id}/soc/playbooks/versions |
secmaster:playbook:createVersion |
- |
|
POST /v1/{project_id}/workspaces/{workspace_id}/soc/playbooks/versions/{playbook_version_id}/rules |
secmaster:playbook:createVersionRule |
- |
|
POST /v1/{project_id}/workspaces/{workspace_id}/soc/playbooks/versions/{playbook_version_id}/actions |
secmaster:playbook:createVersionAction |
- |
|
GET /v1/{project_id}/workspaces/{workspace_id}/soc/playbooks/versions/{playbook_version_id} |
secmaster:playbook:getVersion |
- |
|
GET /v1/{project_id}/workspaces/{workspace_id}/soc/playbooks/versions/{playbook_version_id}/rules/{rule_id} |
secmaster:playbook:getVersionRule |
- |
|
POST /v1/{project_id}/workspaces/{workspace_id}/soc/playbooks/versions/{playbook_version_id} |
secmaster:playbook:deleteVersion |
- |
|
POST /v1/{project_id}/workspaces/{workspace_id}/soc/playbooks/versions/{playbook_version_id}/rules/{rule_id} |
secmaster:playbook:deleteVersionRule |
- |
|
GET /v1/{project_id}/workspaces/{workspace_id}/soc/playbooks/versions/{playbook_version_id}/actions/{action_id} |
secmaster:playbook:deleteVersionAction |
- |
|
POST /v1/{project_id}/workspaces/{workspace_id}/soc/playbooks/versions/{playbook_version_id} |
secmaster:playbook:updateVersion |
- |
|
GET /v1/{project_id}/workspaces/{workspace_id}/soc/playbooks/versions/{playbook_version_id}/rules/{rule_id} |
secmaster:playbook:updateVersionRule |
- |
|
GET /v1/{project_id}/workspaces/{workspace_id}/soc/playbooks/versions/{playbook_version_id}/actions/{action_id} |
secmaster:playbook:updateVersionAction |
- |
|
GET /v1/{project_id}/workspaces/{workspace_id}/soc/playbooks/{playbook_id}/versions |
secmaster:playbook:listVersions |
- |
|
GET /v1/{project_id}/workspaces/{workspace_id}/soc/playbooks/versions/{playbook_version_id}/actions |
secmaster:playbook:listVersionActions |
- |
|
GET /v1/{project_id}/workspaces/{workspace_id}/soc/playbooks/instances/{instance_id} |
secmaster:playbook:getInstance |
- |
|
GET /v1/{project_id}/workspaces/{workspace_id}/soc/playbooks/instances/{instance_id}/topology |
secmaster:playbook:getInstanceTopology |
- |
|
POST /v1/{project_id}/workspaces/{workspace_id}/soc/playbooks/instances/{instance_id}/operation |
secmaster:playbook:operateInstance |
- |
|
GET /v1/{project_id}/workspaces/{workspace_id}/soc/workflows |
secmaster:workflow:list |
- |
|
GET /v1/{project_id}/workspaces/{workspace_id}/soc/workflows/{workflow_id} |
secmaster:workflow:get |
- |
|
DELETE /v1/{project_id}/workspaces/{workspace_id}/soc/workflows/{workflow_id} |
secmaster:workflow:delete |
- |
|
GET /v1/{project_id}/workspacesPOST /v1/{project_id}/workspaces/{workspace_id}/soc/workflows |
secmaster:workflow:create |
- |
|
PUT /v1/{project_id}/workspaces/{workspace_id}/soc/workflows/{workflow_id} |
secmaster:workflow:update |
- |
|
GET /v1/{project_id}/workspaces/{workspace_id}/soc/workflows/{workflow_id}/versions |
secmaster:workflow:listVersions |
- |
|
GET /v1/{project_id}/workspaces/{workspace_id}/soc/workflows/{workflow_id}/versions/{version_id} |
secmaster:workflow:getVersion |
- |
|
DELETE /v1/{project_id}/workspaces/{workspace_id}/soc/workflows/{workflow_id}/versions/{version_id} |
secmaster:workflow:deleteVersion |
- |
|
POST /v1/{project_id}/workspaces/{workspace_id}/soc/workflows/{workflow_id}/versions |
secmaster:workflow:createVersion |
- |
|
PUT /v1/{project_id}/workspaces/{workspace_id}/soc/workflows/{workflow_id}/versions/{version_id} |
secmaster:workflow:updateVersion |
- |
|
PUT /v1/{project_id}/workspaces/{workspace_id}/soc/workflows/{workflow_id}/versions/{version_id}/approval |
secmaster:workflow:approveVersion |
- |
|
POST /v1/{project_id}/workspaces/{workspace_id}/soc/workflows/{workflow_id}/validation |
secmaster:workflow:validate |
- |
|
PUT /v1/{project_id}/workspaces/{workspace_id}/soc/workflows/{workflow_id}/versions/{version_id}/debug/result |
secmaster:workflow:simulate |
- |
|
GET /v1/{project_id}/workspaces/{workspace_id}/soc/workflows/instances/{instance_id}/topology |
secmaster:workflow:getInstance |
- |
|
POST /v1/{project_id}/workspaces/{workspace_id}/soc/workflows/{workflow_id}/instances |
secmaster:workflow:operateInstance |
- |
|
GET /v1/{project_id}/workspaces/{workspace_id}/soc/assetcredentials |
secmaster:connection:list |
- |
|
POST /v1/{project_id}/workspaces/{workspace_id}/soc/assetcredentials |
secmaster:connection:create |
- |
|
GET /v1/{project_id}/workspaces/{workspace_id}/soc/assetcredentials/{asset_id} |
secmaster:connection:get |
- |
|
DELETE /v1/{project_id}/workspaces/{workspace_id}/soc/assetcredentials/{asset_id} |
secmaster:connection:delete |
- |
|
PUT /v1/{project_id}/workspaces/{workspace_id}/soc/assetcredentials/{asset_id} |
secmaster:connection:update |
- |
|
GET /v1/{project_id}/workspaces |
secmaster:workspace:list |
- |
|
POST /v1/{project_id}/workspaces |
secmaster:workspace:create |
- |
|
PUT /v1/{project_id}/workspaces/{workspace_id} |
secmaster:workspace:update |
- |
|
GET /v1/{project_id}/workspaces/v1/{project_id}/workspaces/{workspace_id} |
secmaster:workspace:get |
- |
|
DELETE /v1/{project_id}/workspaces/{workspace_id} |
secmaster:workspace:delete |
- |
|
GET /v1/{project_id}/workspaces/{workspace_id}/soc/tasks |
secmaster:task:list |
- |
|
POST /v1/{project_id}/workspaces/{workspace_id}/soc/tasks |
secmaster:task:create |
- |
|
PUT /v1/{project_id}/workspaces/{workspace_id}/soc/tasks/{task_id} |
secmaster:task:update |
- |
|
GET /v1/{project_id}/workspaces/{workspace_id}/soc/tasks/{task_id} |
secmaster:task:get |
- |
|
GET /v1/{project_id}/workspaces/{workspace_id}/soc/indicators/{indicator_id} |
secmaster:indicator:get |
- |
|
POST /v1/{project_id}/workspaces/{workspace_id}/soc/indicators |
secmaster:indicator:create |
- |
|
PUT /v1/{project_id}/workspaces/{workspace_id}/soc/indicators/{indicator_id} |
secmaster:indicator:update |
- |
|
DELETE /v1/{project_id}/workspaces/{workspace_id}/soc/indicators/{indicator_id} |
secmaster:indicator:delete |
- |
|
POST /v1/{project_id}/workspaces/{workspace_id}/soc/indicators/search |
secmaster:indicator:list |
- |
|
GET /v1/{project_id}/workspaces/{workspace_id}/soc/indicators/types |
secmaster:indicator:listTypes |
- |
|
POST /v1/{project_id}/workspaces/{workspace_id}/soc/indicators/types/layout |
secmaster:indicator:bindLayout |
- |
|
GET /v1/{project_id}/workspaces/{workspace_id}/soc/alerts/{alert_id} |
secmaster:alert:get |
- |
|
POST /v1/{project_id}/workspaces/{workspace_id}/soc/alerts |
secmaster:alert:create |
- |
|
PUT /v1/{project_id}/workspaces/{workspace_id}/soc/alerts/{alert_id} |
secmaster:alert:update |
- |
|
POST /v1/{project_id}/workspaces/{workspace_id}/soc/alerts/search |
secmaster:alert:list |
- |
|
DELETE /v1/{project_id}/workspaces/{workspace_id}/soc/alerts |
secmaster:alert:delete |
- |
|
POST /v1/{project_id}/workspaces/{workspace_id}/soc/alerts/batch-order |
secmaster:alert:batchOrders |
- |
|
GET /v1/{project_id}/workspaces/{workspace_id}/soc/alerts/types |
secmaster:alert:listTypes |
- |
|
GET /v1/{project_id}/workspaces/{workspace_id}/soc/alerts/types/category |
secmaster:alert:listCategories |
- |
|
POST /v1/{project_id}/workspaces/{workspace_id}/soc/alerts/types |
secmaster:alert:createType |
- |
|
PUT /v1/{project_id}/workspaces/{workspace_id}/soc/alerts/types/{dataclass_type_id} |
secmaster:alert:updateType |
- |
|
DELETE /v1/{project_id}/workspaces/{workspace_id}/soc/alerts/types |
secmaster:alert:deleteType |
- |
|
POST /v1/{project_id}/workspaces/{workspace_id}/soc/alerts/types/enable |
secmaster:alert:enableType |
- |
|
POST /v1/{project_id}/workspaces/{workspace_id}/soc/alerts/types/layout |
secmaster:alert:bindLayout |
- |
|
GET /v1/{project_id}/workspaces/{workspace_id}/soc/incidents/{incident_id} |
secmaster:incident:get |
- |
|
POST /v1/{project_id}/workspaces/{workspace_id}/soc/incidents |
secmaster:incident:create |
- |
|
PUT /v1/{project_id}/workspaces/{workspace_id}/soc/incidents/{incident_id} |
secmaster:incident:update |
- |
|
POST /v1/{project_id}/workspaces/{workspace_id}/soc/incidents/search |
secmaster:incident:list |
- |
|
GET /v1/{project_id}/workspaces/{workspace_id}/soc/incidents/types |
secmaster:incident:listTypes |
- |
|
DELETE /v1/{project_id}/workspaces/{workspace_id}/soc/incidents |
secmaster:incident:delete |
- |
|
GET /v1/{project_id}/workspaces/{workspace_id}/soc/incidents/types/category |
secmaster:incident:listCategories |
- |
|
POST /v1/{project_id}/workspaces/{workspace_id}/soc/incidents/types |
secmaster:incident:createType |
- |
|
PUT /v1/{project_id}/workspaces/{workspace_id}/soc/incidents/types/{dataclass_type_id} |
secmaster:incident:updateType |
- |
|
DELETE /v1/{project_id}/workspaces/{workspace_id}/soc/incidents/types |
secmaster:incident:deleteType |
- |
|
POST /v1/{project_id}/workspaces/{workspace_id}/soc/alerts/incidents/enable |
secmaster:incident:enableType |
- |
|
POST /v1/{project_id}/workspaces/{workspace_id}/soc/incidents/types/layout |
secmaster:incident:bindLayout |
- |
|
POST /v1/{project_id}/workspaces/{workspace_id}/soc/{dataclass_type}/{data_object_id}/{related_dataclass_type} |
secmaster:dataobject:createRelation |
- |
|
DELETE /v1/{project_id}/workspaces/{workspace_id}/soc/{dataclass_type}/{data_object_id}/{related_dataclass_type} |
secmaster:dataobject:deleteRelation |
- |
|
POST /v1/{project_id}/workspaces/{workspace_id}/soc/{dataclass_type}/{data_object_id}/{related_dataclass_type}/search |
secmaster:dataobject:listRelation |
- |
|
POST /v1/{project_id}/workspaces/{workspace_id}/soc/vulnerability/search |
secmaster:vulnerability:listGroup |
- |
|
GET /v1/{project_id}/workspaces/{workspace_id}/soc/vulnerability/{vul_id} |
secmaster:vulnerability:getGroup |
- |
|
POST /v1/{project_id}/workspaces/{workspace_id}/soc/vulnerability/export |
secmaster:vulnerability:exportGroup |
- |
|
GET /v1/{project_id}/workspaces/{workspace_id}/soc/vulnerabilities/types |
secmaster:vulnerability:listType |
- |
|
POST /v1/{project_id}/workspaces/{workspace_id}/soc/vulnerabilities/types/layout |
secmaster:vulnerability:bindLayout |
- |
|
POST /v1/{project_id}/workspaces/{workspace_id}/soc/vulnerabilities/types |
secmaster:vulnerability:createType |
- |
|
PUT /v1/{project_id}/workspaces/{workspace_id}/soc/vulnerabilities/types/{dataclass_type_id} |
secmaster:vulnerability:updateType |
- |
|
DELETE /v1/{project_id}/workspaces/{workspace_id}/soc/vulnerabilities/types |
secmaster:vulnerability:deleteType |
- |
|
POST /v1/{project_id}/workspaces/{workspace_id}/soc/vulnerabilities/types/enable |
secmaster:vulnerability:enableType |
- |
|
DELETE /v1/{project_id}/subscriptions/orders |
secmaster:subscription:deletePostPaidOrder |
- |
|
POST /v1/{project_id}/subscriptions/orders |
secmaster:subscription:createPostPaidOrder |
- |
|
POST /v1/{project_id}/subscriptions/orders/{order_id} |
secmaster:subscription:createPrePaidOrder |
- |
|
GET /v1/{project_id}/subscriptions/version |
secmaster:subscription:getVersion |
- |
|
GET /v1/{project_id}/workspaces/{workspace_id}/sa/metrics/{metric_id}/result |
secmaster:metric:getResult |
- |
|
POST /v1/{project_id}/workspaces/{workspace_id}/sa/metrics/results |
secmaster:metric:listResults |
- |
|
POST /v1/{project_id}/workspaces/{workspace_id}/sa/metrics/hits |
secmaster:metric:listHits |
- |
|
GET /v1/{project_id}/agency |
secmaster:agency:get |
- |
|
POST /v1/{project_id}/agency |
secmaster:agency:create |
- |
|
GET /v1/{project_id}/workspaces/{workspace_id}/resource-statistics |
secmaster:resource:getStatistics |
- |
|
GET /v1/{project_id}/workspaces/{workspace_id}/resources |
secmaster:resource:list |
- |
|
POST /v1/{project_id}/workspaces/{workspace_id}/sa/resources/import |
secmaster:resource:import |
- |
|
GET /v1/{project_id}/workspaces/{workspace_id}/sa/resource/template |
secmaster:resource:getTemplate |
- |
|
GET /v1/{project_id}/workspaces/{workspace_id}/sa/reports |
secmaster:report:list |
- |
|
GET /v1/{project_id}/workspaces/{workspace_id}/sa/reports/{report_id} |
secmaster:report:get |
- |
|
POST /v1/{project_id}/workspaces/{workspace_id}/sa/reports |
secmaster:report:create |
- |
|
PUT /v1/{project_id}/workspaces/{workspace_id}/sa/reports/{report_id} |
secmaster:report:update |
- |
|
DELETE /v1/{project_id}/workspaces/{workspace_id}/sa/reports/{report_id} |
secmaster:report:delete |
- |
|
POST /v1/{project_id}/workspaces/{workspace_id}/sa/vulnerability/read-status |
secmaster:emergencyVulnerability:updateReadStatus |
- |
|
GET /v1/{project_id}/workspaces/{workspace_id}/sa/vulnerability/list |
secmaster:emergencyVulnerability:list |
- |
|
GET /v1/{project_id}/workspaces/{workspace_id}/sa/vulnerability/export |
secmaster:emergencyVulnerability:export |
- |
|
GET /v1/{project_id}/workspaces/{workspace_id}/siem/dataspaces |
secmaster:dataspace:list |
- |
|
POST /v1/{project_id}/workspaces/{workspace_id}/siem/dataspaces |
secmaster:dataspace:create |
- |
|
GET /v1/{project_id}/workspaces/{workspace_id}/siem/dataspaces/{dataspace_id} |
secmaster:dataspace:get |
- |
|
PUT /v1/{project_id}/workspaces/{workspace_id}/siem/dataspaces/{dataspace_id} |
secmaster:dataspace:update |
- |
|
DELETE /v1/{project_id}/workspaces/{workspace_id}/siem/dataspaces/{dataspace_id} |
secmaster:dataspace:delete |
- |
|
GET /v1/{project_id}/workspaces/{workspace_id}/siem/pipes |
secmaster:pipe:list |
- |
|
POST /v1/{project_id}/workspaces/{workspace_id}/siem/pipes |
secmaster:pipe:create |
- |
|
GET /v1/{project_id}/workspaces/{workspace_id}/siem/pipes/{pipe_id} |
secmaster:pipe:get |
- |
|
PUT /v1/{project_id}/workspaces/{workspace_id}/siem/pipes/{pipe_id} |
secmaster:pipe:update |
- |
|
DELETE /v1/{project_id}/workspaces/{workspace_id}/siem/pipes/{pipe_id} |
secmaster:pipe:delete |
- |
|
GET /v1/{project_id}/workspaces/{workspace_id}/siem/pipes/{pipe_id}/index |
secmaster:pipe:getIndex |
- |
|
PUT /v1/{project_id}/workspaces/{workspace_id}/siem/pipes/{pipe_id}/index |
secmaster:pipe:updateIndex |
- |
|
GET /v1/{project_id}/workspaces/{workspace_id}/siem/pipes/{pipe_id}/consumption |
secmaster:pipe:getConsumption |
- |
|
POST /v1/{project_id}/workspaces/{workspace_id}/siem/pipes/{pipe_id}/consumption |
secmaster:pipe:createConsumption |
- |
|
DELETE /v1/{project_id}/workspaces/{workspace_id}/siem/pipes/{pipe_id}/consumption |
secmaster:pipe:deleteConsumption |
- |
|
POST /v1/{project_id}/workspaces/{workspace_id}/siem/search/logs |
secmaster:search:listLogs |
- |
|
POST /v1/{project_id}/workspaces/{workspace_id}/siem/search/histograms |
secmaster:search:listHistograms |
- |
|
POST /v1/{project_id}/workspaces/{workspace_id}/siem/search/analysis |
secmaster:search:createAnalysis |
- |
|
GET /v1/{project_id}/workspaces/{workspace_id}/siem/search/conditions |
secmaster:searchCondition:list |
- |
|
POST /v1/{project_id}/workspaces/{workspace_id}/siem/search/conditions |
secmaster:searchCondition:create |
- |
|
GET /v1/{project_id}/workspaces/{workspace_id}/siem/search/conditions/{condition_id} |
secmaster:searchCondition:get |
- |
|
PUT /v1/{project_id}/workspaces/{workspace_id}/siem/search/conditions/{condition_id} |
secmaster:searchCondition:update |
- |
|
DELETE /v1/{project_id}/workspaces/{workspace_id}/siem/search/conditions/{condition_id} |
secmaster:searchCondition:delete |
- |
|
GET /v1/{project_id}/workspaces/{workspace_id}/siem/alert-rules |
secmaster:alertRule:list |
- |
|
POST /v1/{project_id}/workspaces/{workspace_id}/siem/alert-rules |
secmaster:alertRule:create |
- |
|
GET /v1/{project_id}/workspaces/{workspace_id}/siem/alert-rules/{rule_id} |
secmaster:alertRule:get |
- |
|
PUT /v1/{project_id}/workspaces/{workspace_id}/siem/alert-rules/{rule_id} |
secmaster:alertRule:update |
- |
|
DELETE /v1/{project_id}/workspaces/{workspace_id}/siem/alert-rules |
secmaster:alertRule:delete |
- |
|
POST /v1/{project_id}/workspaces/{workspace_id}/siem/alert-rules/enable |
secmaster:alertRule:enable |
- |
|
POST /v1/{project_id}/workspaces/{workspace_id}/siem/alert-rules/disable |
secmaster:alertRule:disable |
- |
|
GET /v1/{project_id}/workspaces/{workspace_id}/siem/alert-rules/metrics |
secmaster:alertRule:listMetrics |
- |
|
POST /v1/{project_id}/workspaces/{workspace_id}/siem/alert-rules/simulation |
secmaster:alertRule:createSimulation |
- |
|
GET /v1/{project_id}/workspaces/{workspace_id}/siem/alert-rules/templates |
secmaster:alertRuleTemplate:list |
- |
|
GET /v1/{project_id}/workspaces/{workspace_id}/siem/alert-rules/templates/{template_id} |
secmaster:alertRuleTemplate:get |
- |
|
GET /v1/{project_id}/workspaces/{workspace_id}/siem/alert-rules/templates/metrics |
secmaster:alertRuleTemplate:listMetrics |
- |
|
POST /v1/{project_id}/workspaces/{workspace_id}/soc/dataclasses |
secmaster:dataclass:create |
- |
|
PUT /v1/{project_id}/workspaces/{workspace_id}/soc/dataclasses/{dataclass_id} |
secmaster:dataclass:update |
- |
|
DELETE /v1/{project_id}/workspaces/{workspace_id}/soc/dataclasses/{dataclass_id} |
secmaster:dataclass:delete |
- |
|
GET /v1/{project_id}/workspaces/{workspace_id}/soc/dataclasses/{dataclass_id} |
secmaster:dataclass:get |
- |
|
GET /v1/{project_id}/workspaces/{workspace_id}/soc/dataclasses |
secmaster:dataclass:list |
- |
|
POST /v1/{project_id}/workspaces/{workspace_id}/soc/dataclasses/{dataclass_id}/fields |
secmaster:dataclass:createField |
- |
|
PUT /v1/{project_id}/workspaces/{workspace_id}/soc/dataclasses/{dataclass_id}/fields/{field_id} |
secmaster:dataclass:updateField |
- |
|
DELETE /v1/{project_id}/workspaces/{workspace_id}/soc/dataclasses/{dataclass_id}/fields |
secmaster:dataclass:deleteField |
- |
|
GET /v1/{project_id}/workspaces/{workspace_id}/soc/dataclasses/{dataclass_id}/fields/{field_id} |
secmaster:dataclass:getField |
- |
|
GET /v1/{project_id}/workspaces/{workspace_id}/soc/dataclasses/{dataclass_id}/fields |
secmaster:dataclass:listFields |
- |
|
GET /v1/{project_id}/workspaces/{workspace_id}/soc/dataclasses/{dataclass_id}/types/{dataclass_type_id} |
secmaster:dataclass:getType |
- |
|
GET /v1/{project_id}/workspaces/{workspace_id}/soc/dataclasses/{dataclass_id}/types |
secmaster:dataclass:listTypes |
- |
|
PUT /v1/{project_id}/workspaces/{workspace_id}/soc/mappings/{mapping_id}/status |
secmaster:mapping:update |
- |
|
POST /v1/{project_id}/workspaces/{workspace_id}/soc/mappings/search |
secmaster:mapping:list |
- |
|
GET /v1/{project_id}/workspaces/{workspace_id}/soc/mappings/data-source |
secmaster:mapping:getDatasource |
- |
|
GET /v1/{project_id}/workspaces/{workspace_id}/soc/mappings/functions |
secmaster:mapping:listFunctions |
- |
|
DELETE /v1/{project_id}/workspaces/{workspace_id}/soc/mappings/{mapping_id} |
secmaster:mapping:delete |
- |
|
GET /v1/{project_id}/workspaces/{workspace_id}/soc/mappings/{mapping_id}/clone |
secmaster:mapping:copy |
- |
|
POST /v1/{project_id}/workspaces/{workspace_id}/soc/mappings/classifiers |
secmaster:mapping:createClassifier |
- |
|
PUT /v1/{project_id}/workspaces/{workspace_id}/soc/mappings/classifiers/{classifier_id} |
secmaster:mapping:updateClassifier |
- |
|
GET /v1/{project_id}/workspaces/{workspace_id}/soc/mappings/classifiers/{classifier_id} |
secmaster:mapping:getClassifier |
- |
|
DELETE /v1/{project_id}/workspaces/{workspace_id}/soc/mappings/classifiers/{classifier_id} |
secmaster:mapping:deleteClassifier |
- |
|
POST /v1/{project_id}/workspaces/{workspace_id}/soc/mappings/mappers |
secmaster:mapping:createMapper |
- |
|
PUT /v1/{project_id}/workspaces/{workspace_id}/soc/mappings/mappers/{mapper_id} |
secmaster:mapping:updateMapper |
- |
|
POST /v1/{project_id}/workspaces/{workspace_id}/soc/mappings/mappers/search |
secmaster:mapping:listMappers |
- |
|
POST /v1/{project_id}/workspaces/{workspace_id}/soc/mappings/mappers/{mapper_id} |
secmaster:mapping:getMapper |
- |
|
DELETE /v1/{project_id}/workspaces/{workspace_id}/soc/mappings/mappers/{mapper_id} |
secmaster:mapping:deleteMapper |
- |
|
GET /v1/{project_id}/workspaces/{workspace_id}/soc/layouts/business-type |
secmaster:layout:listBusinessTypes |
- |
|
POST /v1/{project_id}/workspaces/{workspace_id}/soc/layouts/search |
secmaster:layout:list |
- |
|
POST /v1/{project_id}/workspaces/{workspace_id}/soc/layouts |
secmaster:layout:create |
- |
|
DELETE /v1/{project_id}/workspaces/{workspace_id}/soc/layouts |
secmaster:layout:delete |
- |
|
PUT /v1/{project_id}/workspaces/{workspace_id}/soc/layouts/{layout_id} |
secmaster:layout:update |
- |
|
GET /v1/{project_id}/workspaces/{workspace_id}/soc/layouts/{layout_id} |
secmaster:layout:get |
- |
|
POST /v1/{project_id}/workspaces/{workspace_id}/soc/layouts/template |
secmaster:layout:createTemplate |
- |
|
POST /v1/{project_id}/workspaces/{workspace_id}/soc/layouts/{layout_id}/fields |
secmaster:layout:createField |
- |
|
GET /v1/{project_id}/workspaces/{workspace_id}/soc/layouts/{layout_id}/fields |
secmaster:layout:listFields |
- |
|
GET /v1/{project_id}/workspaces/{workspace_id}/soc/layouts/{layout_id}/fields/{field_id} |
secmaster:layout:getField |
- |
|
PUT /v1/{project_id}/workspaces/{workspace_id}/soc/layouts/{layout_id}/fields/{field_id} |
secmaster:layout:updateFiled |
- |
|
DELETE /v1/{project_id}/workspaces/{workspace_id}/soc/layouts/{layout_id}/fields |
secmaster:layout:deleteField |
- |
|
GET /v1/{project_id}/workspaces/{workspace_id}/soc/layouts/{layout_id}/wizards |
secmaster:layout:listWizards |
- |
|
POST /v1/{project_id}/workspaces/{workspace_id}/soc/layouts/{layout_id}/wizards |
secmaster:layout:createWizard |
- |
|
GET /v1/{project_id}/workspaces/{workspace_id}/soc/layouts/wizards/{wizard_id};/v1/{project_id}/workspaces/{workspace_id}/soc/layouts/wizards |
secmaster:layout:getWizard |
- |
|
DELETE /v1/{project_id}/workspaces/{workspace_id}/soc/layouts/wizards/{wizard_id} |
secmaster:layout:deleteWizard |
- |
|
PUT /v1/{project_id}/workspaces/{workspace_id}/soc/layouts/wizards |
secmaster:layout:updateWizard |
- |
|
POST /v1/{project_id}/workspaces/{workspace_id}/soc/catalogues/search;/v1/{project_id}/workspaces/{workspace_id}/soc/catalogues |
secmaster:catalogue:list |
- |
|
PUT /v1/{project_id}/workspaces/{workspace_id}/soc/catalogues/{catalogue_id} |
secmaster:catalogue:update |
- |
|
POST /v1/{project_id}/workspaces/{workspace_id}/soc/playbooks/export |
secmaster:playbook:export |
- |
|
POST /v1/{project_id}/workspaces/{workspace_id}/soc/playbooks/import |
secmaster:playbook:import |
- |
|
GET /v1/{project_id}/workspaces/{workspace_id}/soc/indicators/template/download |
secmaster:indicator:downloadTemplate |
- |
|
POST /v1/{project_id}/workspaces/{workspace_id}/soc/indicators/export |
secmaster:indicator:export |
- |
|
POST /v1/{project_id}/workspaces/{workspace_id}/soc/indicators/import |
secmaster:indicator:import |
- |
|
GET /v2/{project_id}/workspaces/{workspace_id}/siem/tables |
secmaster:table:list |
- |
|
-POST /v2/{project_id}/workspaces/{workspace_id}/siem/tables |
secmaster:table:create |
- |
|
GET /v2/{project_id}/workspaces/{workspace_id}/siem/tables/{table_id} |
secmaster:table:get |
- |
|
PUT /v2/{project_id}/workspaces/{workspace_id}/siem/tables/{table_id} |
secmaster:table:update |
- |
|
DELETE /v2/{project_id}/workspaces/{workspace_id}/siem/tables/{table_id} |
secmaster:table:delete |
- |
|
POST /v2/{project_id}/workspaces/{workspace_id}/siem/tables/{table_id}/lock |
secmaster:table:createLock |
- |
|
DELETE /v2/{project_id}/workspaces/{workspace_id}/siem/tables/{table_id}/lock |
secmaster:table:deleteLock |
- |
|
GET /v2/{project_id}/workspaces/{workspace_id}/siem/tables/metrics |
secmaster:table:listMetrics |
- |
|
PUT /v2/{project_id}/workspaces/{workspace_id}/siem/tables/{table_id}/schema |
secmaster:table:updateSchema |
- |
Resources
A resource type indicates the resources that an SCP applies to. If you specify a resource type for any action, the resource URN must be specified in the SCP statements using that action, and the SCP applies only to resources of this type. If no resource type is specified, the Resource element is marked with an asterisk (*) and the SCP applies to all resources. You can also set condition keys in an SCP to define resource types.
The following table lists the resource types that you can define in SCP statements for SecMaster.
|
Resource Type |
URN |
|---|---|
|
workspace |
secmaster:<region>:<account-id>:workspace:<workspace-id> |
|
playbook |
secmaster:<region>:<account-id>:playbook:<workspace-id>/<playbook-id> |
|
workflow |
secmaster:<region>:<account-id>:workflow:<workspace-id>/<workflow-id> |
|
connection |
secmaster:<region>:<account-id>:connection:<workspace-id>/<connection-id> |
|
task |
secmaster:<region>:<account-id>:task:<workspace-id>/<task-id> |
|
indicator |
secmaster:<region>:<account-id>:indicator:<workspace-id>/<indicator-id> |
|
alert |
secmaster:<region>:<account-id>:alert:<workspace-id>/<alert-id> |
|
incident |
secmaster:<region>:<account-id>:incident:<workspace-id>/<incident-id> |
|
dataobject |
secmaster:<region>:<account-id>:dataobject:<workspace-id>/<dataobject-id> |
|
metric |
secmaster:<region>:<account-id>:metric:<workspace-id>/<metric-id> |
|
resource |
secmaster:<region>:<account-id>:resource:<workspace-id>/<resource-id> |
|
report |
secmaster:<region>:<account-id>:report:<workspace-id>/<report-id> |
|
emergencyVulnerability |
secmaster:<region>:<account-id>:emergencyVulnerability:<workspace-id>/<emergency-vulnerability-id> |
|
dataspace |
secmaster:<region>:<account-id>:dataspace:<workspace-id>/<dataspace-id> |
|
pipe |
secmaster:<region>:<account-id>:pipe:<workspace-id>/<pipe-id> |
|
alertRule |
secmaster:<region>:<account-id>:alertRule:<workspace-id>/<alertRule-id> |
|
vulnerability |
secmaster:<region>:<account-id>:vulnerability:<workspace-id>/<vulnerability-id> |
|
alertRuleTemplate |
secmaster:<region>:<account-id>:alertRuleTemplate:<workspace-id>/<alertRuleTemplate-id> |
|
searchCondition |
secmaster:<region>:<account-id>:searchCondition:<workspace-id>/<searchCondition-id> |
|
dataclass |
secmaster:<region>:<account-id>:dataclass:<workspace-id>/<dataclass-id> |
|
mapping |
secmaster:<region>:<account-id>:mapping:<workspace-id>/<mapping-id> |
|
layout |
secmaster:<region>:<account-id>:layout:<workspace-id>/<layout-id> |
|
catalogue |
secmaster:<region>:<account-id>:catalogue:<workspace-id>/<catalogue-id> |
|
table |
secmaster:<region>:<account-id>:table:<workspace-id>/<table-id> |
|
policy |
secmaster:<region>:<account-id>:policy:<workspace-id>/<policy-id> |
|
baseline |
secmaster:<region>:<account-id>:baseline:<workspace-id>/<baseline-id> |
|
shipper |
secmaster:<region>:<account-id>:shipper:<workspace-id>/<shipper-id> |
|
analysisScript |
secmaster:<region>:<account-id>:analysisScript:<workspace-id>/<analysisScript-id> |
|
collectorChannel |
secmaster:<region>:<account-id>:collectorChannel:<workspace-id>/<collectorChannel-id> |
|
collectorChannelGroup |
secmaster:<region>:<account-id>:collectorChannelGroup:<workspace-id>/<collectorChannelGroup-id> |
|
collectorConnection |
secmaster:<region>:<account-id>:collectorConnection:<workspace-id>/<collectorConnection-id> |
|
collectorParser |
secmaster:<region>:<account-id>:collectorParser:<workspace-id>/<collectorParser-id> |
|
component |
secmaster:<region>:<account-id>:component:<workspace-id>/<component-id> |
|
node |
secmaster:<region>:<account-id>:node:<workspace-id>/<node-id> |
|
accountAgency |
secmaster:<region>:<account-id>:accountAgency:<accountAgency-id> |
Conditions
Condition Key
A Condition element lets you specify conditions for when an identity policy is in effect. It contains condition keys and operators.
- Condition keys are the key values in the Condition element of an identity policy statement. Condition keys are classified into global condition keys and service-specific condition keys based on the application scope.
- Global condition keys (with the g: prefix) apply to all actions. Cloud services do not need to provide user identity information. Instead, the system automatically obtains such information and authenticates users. For details, see Global Condition Keys.
- Service-specific condition keys (with the abbreviation of a service name plus a colon as the prefix, for example, secmaster:) apply only to operations of the service. For details, see Table 5.
- The number of values associated with a condition key in the request context of an API call makes the condition key single-valued or multivalued. Single-valued condition keys have at most one value in the request context of an API call. Multivalued condition keys can have multiple values in the request context of an API call. For example, a request can originate from at most one VPC endpoint, so g:SourceVpce is a single-valued condition key. You can tag resources and include multiple tag key-value pairs in a request, so g:TagKeys is a multivalued condition key.
- A condition operator, a condition key, and a condition value together constitute a complete condition statement. An identity policy can be applied only when its request conditions are met. For supported condition operators, see Condition operators.
Service-specific condition keys supported by SecMaster
The following table lists the condition keys that you can define in identity policies for SecMaster. You can include these condition keys to specify conditions for when your identity policy is in effect.
SecMaster does not support service-specific condition keys in SCP statements.
|
Service-specific Condition Key |
Type |
Single-valued/Multivalued |
Important Notes |
|---|---|---|---|
|
secmaster:TargetRegion |
String |
Multivalued |
Only the action secmaster:workspace:createAgency supports this service-level condition key. The target region specified by the condition key secmaster:TargetRegion are filtered based on the region attribute of the managed workspace in the request. |
Condition Key Examples
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.
For any further questions, feel free to contact us through the chatbot.
Chatbot
