Update Finding State - C1 documentation

UpdateFindingState

package main

import(
	"context"
	"github.com/conductorone/conductorone-sdk-go/pkg/models/shared"
	conductoronesdkgo "github.com/conductorone/conductorone-sdk-go"
	"github.com/conductorone/conductorone-sdk-go/pkg/models/operations"
	"log"
)

func main() {
    ctx := context.Background()

    s := conductoronesdkgo.New(
        conductoronesdkgo.WithSecurity(shared.Security{
            BearerAuth: "<YOUR_BEARER_TOKEN_HERE>",
            Oauth: "<YOUR_OAUTH_HERE>",
        }),
    )

    res, err := s.Finding.UpdateFindingState(ctx, operations.C1APIFindingV1FindingServiceUpdateFindingStateRequest{
        FindingID: "<id>",
    })
    if err != nil {
        log.Fatal(err)
    }
    if res.UpdateFindingStateResponse != nil {
        // handle response
    }
}

{
  "finding": {
    "appId": "<string>",
    "appUserTarget": {
      "appId": "<string>",
      "appUserId": "<string>"
    },
    "assignedOwner": {
      "appOwnerAppId": "<string>",
      "identityUserId": "<string>",
      "managerOfUserId": "<string>",
      "userSetId": "<string>"
    },
    "computedOwner": {
      "appOwnerAppId": "<string>",
      "identityUserId": "<string>",
      "managerOfUserId": "<string>",
      "userSetId": "<string>"
    },
    "createdAt": "2023-11-07T05:31:56Z",
    "customTags": {},
    "fingerprint": "<string>",
    "firstObservedAt": "2023-11-07T05:31:56Z",
    "id": "<string>",
    "identityUserTarget": {
      "identityUserId": "<string>"
    },
    "lastObservedAt": "2023-11-07T05:31:56Z",
    "recurrenceCount": 123,
    "remediationDescription": "<string>",
    "resolvedAt": "2023-11-07T05:31:56Z",
    "riskAcceptanceExpiresAt": "2023-11-07T05:31:56Z",
    "riskAcceptanceJustification": "<string>",
    "riskScore": {
      "originalScore": 123,
      "overrideByUserId": "<string>",
      "overrideScore": 123,
      "riskFactors": [
        {
          "description": "<string>",
          "name": "<string>",
          "weight": 123
        }
      ],
      "score": 123,
      "systemScore": 123
    },
    "serviceAccountMisclassification": {},
    "serviceAccountMisclassificationEvidence": {
      "detectionReason": "<string>"
    },
    "similarUsernameMatch": {
      "proposedIdentityUserId": "<string>"
    },
    "similarUsernameMatchEvidence": {
      "appUsername": "<string>",
      "identityUsername": "<string>",
      "similarityScore": 123
    },
    "snoozeReason": "<string>",
    "snoozeUntil": "2023-11-07T05:31:56Z",
    "sourceDetectorId": "<string>",
    "stateUpdatedById": "<string>",
    "suppressReason": "<string>",
    "taskId": "<string>",
    "updatedAt": "2023-11-07T05:31:56Z"
  }
}

POST

api

findings

{finding_id}

state

UpdateFindingState

package main

import(
	"context"
	"github.com/conductorone/conductorone-sdk-go/pkg/models/shared"
	conductoronesdkgo "github.com/conductorone/conductorone-sdk-go"
	"github.com/conductorone/conductorone-sdk-go/pkg/models/operations"
	"log"
)

func main() {
    ctx := context.Background()

    s := conductoronesdkgo.New(
        conductoronesdkgo.WithSecurity(shared.Security{
            BearerAuth: "<YOUR_BEARER_TOKEN_HERE>",
            Oauth: "<YOUR_OAUTH_HERE>",
        }),
    )

    res, err := s.Finding.UpdateFindingState(ctx, operations.C1APIFindingV1FindingServiceUpdateFindingStateRequest{
        FindingID: "<id>",
    })
    if err != nil {
        log.Fatal(err)
    }
    if res.UpdateFindingStateResponse != nil {
        // handle response
    }
}

{
  "finding": {
    "appId": "<string>",
    "appUserTarget": {
      "appId": "<string>",
      "appUserId": "<string>"
    },
    "assignedOwner": {
      "appOwnerAppId": "<string>",
      "identityUserId": "<string>",
      "managerOfUserId": "<string>",
      "userSetId": "<string>"
    },
    "computedOwner": {
      "appOwnerAppId": "<string>",
      "identityUserId": "<string>",
      "managerOfUserId": "<string>",
      "userSetId": "<string>"
    },
    "createdAt": "2023-11-07T05:31:56Z",
    "customTags": {},
    "fingerprint": "<string>",
    "firstObservedAt": "2023-11-07T05:31:56Z",
    "id": "<string>",
    "identityUserTarget": {
      "identityUserId": "<string>"
    },
    "lastObservedAt": "2023-11-07T05:31:56Z",
    "recurrenceCount": 123,
    "remediationDescription": "<string>",
    "resolvedAt": "2023-11-07T05:31:56Z",
    "riskAcceptanceExpiresAt": "2023-11-07T05:31:56Z",
    "riskAcceptanceJustification": "<string>",
    "riskScore": {
      "originalScore": 123,
      "overrideByUserId": "<string>",
      "overrideScore": 123,
      "riskFactors": [
        {
          "description": "<string>",
          "name": "<string>",
          "weight": 123
        }
      ],
      "score": 123,
      "systemScore": 123
    },
    "serviceAccountMisclassification": {},
    "serviceAccountMisclassificationEvidence": {
      "detectionReason": "<string>"
    },
    "similarUsernameMatch": {
      "proposedIdentityUserId": "<string>"
    },
    "similarUsernameMatchEvidence": {
      "appUsername": "<string>",
      "identityUsername": "<string>",
      "similarityScore": 123
    },
    "snoozeReason": "<string>",
    "snoozeUntil": "2023-11-07T05:31:56Z",
    "sourceDetectorId": "<string>",
    "stateUpdatedById": "<string>",
    "suppressReason": "<string>",
    "taskId": "<string>",
    "updatedAt": "2023-11-07T05:31:56Z"
  }
}

Authorizations

Authorization

string

header

required

Bearer authentication header of the form Bearer <token>, where <token> is your auth token.

Authorization

string

header

required

This API uses OAuth2 with the Client Credential flow. Client Credentials must be sent in the BODY, not the headers. For an example of how to implement this, refer to the c1TokenSource.Token() function.

Path Parameters

finding_id

string

required

The ID of the finding whose state to update.

Body

application/json

The UpdateFindingStateRequest message.

This message contains a oneof named action. Only a single field of the following list may be set at a time:

snooze
suppress
acceptRisk
unsuppress
resolve
reopen

acceptRisk

Accept Risk Action · object

AcceptRiskAction parameters for UpdateFindingState.

Show child attributes

reopen

Reopen Action · object

ReopenAction parameters for UpdateFindingState.

resolve

Resolve Action · object

ResolveAction parameters for UpdateFindingState (manual resolve).

Show child attributes

snooze

Snooze Action · object

SnoozeAction parameters for UpdateFindingState.

Show child attributes

suppress

Suppress State Action · object

SuppressStateAction parameters for UpdateFindingState.

Show child attributes

unsuppress

Unsuppress Action · object

deprecated

UnsuppressAction parameters for UpdateFindingState.

Response

200 - application/json

Successful response

The UpdateFindingStateResponse message.

finding

Finding · object

The Finding message.

This message contains a oneof named finding_type. Only a single field of the following list may be set at a time:

similarUsernameMatch
serviceAccountMisclassification

This message contains a oneof named target. Only a single field of the following list may be set at a time:

identityUserTarget
appUserTarget

This message contains a oneof named evidence. Only a single field of the following list may be set at a time:

similarUsernameMatchEvidence
serviceAccountMisclassificationEvidence

Show child attributes

Delete

Create Finding Task

⌘I