Support Center > Search Results > SecureKnowledge Details
How to use the Dome9 REST API to obtain Compliance Assessment Trends
Solution

This note explains how to use the Dome9 REST API to obtain trend results for Compliance Assessments that are run on your cloud accounts by Dome9.

These trends show changes in the pass/fail results over a period of time. 

Use the GET assessmentTrend method in the AssessmentHistoryV2 resource for this. This returns trend results for a specific ruleset (bundle) applied to a specific account.

Use the following steps to obtain these trends.

1. Obtain cloud account ids

Use the GET CloudAccounts method to obtain a list of cloud accounts (and their cloud account ids):

GET CloudAccounts

Response:

    [
    {
    "id": "5*******-d***-4***-a***-8***********",
        "vendor": "aws",
        "name": "************",
        "externalAccountNumber": "************",
        "error": null,
        "isFetchingSuspended": false,
        "creationDate": "2019-09-17T08:28:06.602Z",
        "credentials": {
            "apikey": null,
            "arn": "arn:aws:iam::************:role/Dome9-Connect",
            "secret": null,
            "iamUser": null,
            "type": "RoleBased",
            "isReadOnly": false
        },
        "iamSafe": null,
        "netSec": {
            "regions": [
    			...
    			]
               }
        "magellan": false,
        "fullProtection": false,
        "allowReadOnly": false,
        "organizationalUnitId": null,
        "organizationalUnitPath": "",
        "organizationalUnitName": "Dome9 Main Account",
        "lambdaScanner": false
       },
    ...
    ]
    

The id field is the cloud account id.

2. Obtain ruleset ids

Use the GET CompliancePolicy/View method to obtain a list of the rulesets (bundles) for the account:

GET CompliancePolicy/View

Response:

    [
    {
       "accountId": ***,
        "createdTime": "0001-01-01T00:00:00",
        "updatedTime": "0001-01-01T00:00:00",
        "id": -17,
        "name": "AWS GDPR Readiness",
        "description": "Automated GDPR Assessment for AWS",
        "isTemplate": true,
        "hideInCompliance": true,
        "minFeatureTier": "Advanced",
        "section": 3,
        "showBundle": true,
        "systemBundle": false,
        "cloudVendor": "aws",
        "version": 40,
        "language": "en",
        "rulesCount": 140
    },
    ...
    ]
    

The id field is the ruleset (bundle) id.

3. Request assessment trends for  the account & ruleset, for specific period of time.

Use the GET AssessmentTrend method with the cloud account and ruleset ids, from the previous steps, as follows:

GET AssessmentHistoryv2/assessmentTrend?bundleid=-17&cloudaccountid=5******2-4***-4***-b***-b**********b&from=2019-08-01T00:00:00Z&to=2019-09-01T00:00:00Z

Response:

    [
    {
        "assessmentDate": "2019-08-01T00:14:19.748Z",
        "assessmentId": 193192997,
        "failedTests": 814,
        "totalTests": 2472,
        "passedTests": 1658
    },
    {
        "assessmentDate": "2019-08-02T16:17:24.97Z",
        "assessmentId": 194618931,
        "failedTests": 815,
        "totalTests": 2475,
        "passedTests": 1660
    },
    {
        "assessmentDate": "2019-08-05T14:14:21.762Z",
        "assessmentId": 197117199,
        "failedTests": 816,
        "totalTests": 2475,
        "passedTests": 1659
    },
    ...
    ]
    
    

The aggregate pass/fail/total results for each assessment in the requested to/from period are returned.

Duplicate results are removed; that is, if consecutive assessment results are identical (pass, fail, and total), only the first occurrence is returned.

The results list is limited to 50 results. If there are more results than this, similar results are also removed (the degree of similarity is progressively relaxed until the number of results is within the limit).

Give us Feedback
Please rate this document
[1=Worst,5=Best]
Comment