API Features

The API includes the following features:

    List events from the Workflow module

    Manage events from the Workflow module

    Run queries from the Workflow module

    List KRIs

    List privileges

    List profiles

    Manage profiles

    Import vulnerabilities

    List objects

    Manage objects

    List business components

    Manage business components

    List knowledge bases

    Manage users

    List people and groups

    Manage people and groups

    Run queries (except those from the Workflow module)

    View organizational structure

    Manage organizational structure

    Manage risk projects

    Import vulnerability occurrences

 

These features can be used in any authentication mode (anonymous or authenticated). Note that, in addition to selecting the API features in the authorized application, the users must have specific permissions in the system to execute the operations via the API.

 

List events from the Workflow module

This feature allows events from the Workflow module to be listed.

 

Manage events from the Workflow module

This feature allows events from the Workflow module to be created and edited. It also allows assets and plans to be associated and removed from an event, as well as files to be attached to the Progress tab of an event. The additional configurations below are also required.

 

1.    In the Event Type field, select the type of event to be applied to all events originating from the authorized application.

2.    In the Coordinator field, select the person or group to be assigned as coordinator for all events originating from the authorized application.

3.    In the Responsible field, select the person or group to be assigned as responsible for managing all events originating from the authorized application.

4.    To send information on event updates, mark the Send E-mail Notifications checkbox.

5.    In the Severity field, select the severity for all events originating from the authorized application. This is scored on a five-level scale, with 1 - Very Low, 2 - Low, 3 - Medium, 4 - High, and 5 - Very High.

6.    In the Relevance field, select the relevance for all events originating from the authorized application. The relevance is scored on a five-level scale, with 1 - Very Low, 2 - Low, 3 - Medium, 4 - High, and 5 - Very High.

 

Run queries from the Workflow module

This feature allows saved queries from the Workflow module to be run and their results to be viewed according to the author’s permissions.

 

List KRIs

This feature allows Key Risk Indicators (KRIs) registered in the Administration module to be listed.

 

List privileges

This feature allows privileges used by profiles and roles to be listed.

 

List profiles

This feature allows custom and default profiles to be listed.

 

Manage profiles

This feature allows custom profiles to be registered, edited and deleted in the Administration module and also allows people and groups of people to be added and removed from default and custom profiles.

 

Import vulnerabilities

This feature allows vulnerabilities identified by scanners to be registered in the catalogue of vulnerabilities in the Knowledge module.

 

List objects

This feature allows custom objects registered in the Administration module to be listed, as well as enterprise risks, loss events, and enterprise controls from the ERM solution.

 

Manage objects

This feature allows custom objects registered in the Administration module to be created, edited, and deleted, as well as enterprise risks, loss events, and enterprise controls from the ERM solution.

 

List business components

This feature allows business components from the organization to be listed.

 

Manage business components from the Organization module

This feature allows business components to be created, edited, and deleted, as well as have their associations with other business components and assets edited. It also allows the BIA data and continuity requirements of a business component to be edited.

 

List knowledge bases

This feature allows knowledge bases from the Knowledge module to be listed, along with their controls.

 

Manage user accounts

This feature allows user accounts to be created, passwords to be generated and sent, and accounts to be blocked. Note that accounts can only be created for people registered in the Organization module.

 

List people and groups

This feature allows people and groups of people from the Organization module to be listed.

 

Manage people and groups

This feature allows people and groups of people to be created and edited. It also allows people to be included as group members.

 

Run queries (except those from the Workflow module)

This feature allows all queries from the Organization, Risk, and Compliance modules to be run.

 

View organizational structure

This feature allows assets, asset components, and perimeters from the organizational structure to be listed.

 

Manage organizational structure

This feature allows perimeters, assets, and asset components from the organizational structure to be created, edited, and deleted. It also allows assets to be associated and removed from business components, and people and groups to be assigned or removed as perimeter managers.

 

Manage risk projects

This feature allows risk projects to be listed, created, edited, and deleted. It also allows asset components to be added, edited, and removed from the scope of a risk project. In addition, risk questionnaires can be opened, answered, and closed, and attachments can be added to their controls.

 

Import vulnerability occurrences

This feature allows vulnerabilities listed in the catalogue of vulnerabilities to be mapped to assets, thereby creating vulnerability occurrences.