Add a new custom risk to the account

Create a custom risk

Securitybearer
Request
Request Body schema: application/json
required
title
required
string <= 191 characters

Describes the title of a risk

description
required
string <= 768 characters

Describes the problem

impact
number [ 1 .. 10 ]

Describes the impact

likelihood
number [ 1 .. 10 ]

Describes the likelihood

score
number [ 1 .. 100 ]

Assessment score

Array of objects (CategoryRequestPublicDto)
Array of objects (DocumentRequestPublicDto)
treatmentPlan
required
string

The risk treatment plan

Enum: "UNTREATED" "ACCEPT" "TRANSFER" "AVOID" "MITIGATE"
treatmentDetails
string <= 30000 characters

Describes the treatment

anticipatedCompletionDate
string <date-time>

Anticipated Completion Date.

completionDate
string <date-time>

Completion Date.

Array of objects (ReviewerRequestPublicDto)
Array of objects (OwnerRequestPublicDto)
residualImpact
number [ 1 .. 10 ]

Describes the score for impact

residualLikelihood
number [ 1 .. 10 ]

Describes the score for likelihood

residualScore
number [ 1 .. 100 ]

Assessment residual score

Array of objects (ControlRequestPublicDto)
applicable
boolean

Mark if risk is applicable or not

status
string

Risks status

Enum: "ACTIVE" "ARCHIVED" "CLOSED"
Responses
201

Record created!

400

Malformed data and/or validation errors

401

Invalid Authorization

403

You are not allowed to perform this action

409

There is a conflict in the business rules with this request

500

Internal server error

default

Response Code: 412

You must accept the Drata terms and conditions to use the API

post/risk-management
Request samples
application/json
{
  • "title": "Door locks",
  • "description": "Building doors can be open and an unauthorized person can walk in.",
  • "impact": 3,
  • "likelihood": 1,
  • "score": 3,
  • "categories": [
    • {
      • "id": 1
      }
    ],
  • "documents": [
    • {
      • "id": 1
      }
    ],
  • "treatmentPlan": "TRANSFER",
  • "treatmentDetails": "Building doors can be open and an unauthorized person can walk in.",
  • "anticipatedCompletionDate": "2020-07-06 12:00:00.000000",
  • "completionDate": "2020-07-06 12:00:00.000000",
  • "reviewers": [
    • {
      • "id": 1
      }
    ],
  • "owners": [
    • {
      • "id": 1
      }
    ],
  • "residualImpact": 3,
  • "residualLikelihood": 1,
  • "residualScore": 3,
  • "controls": [
    • {
      • "id": 1
      }
    ],
  • "applicable": true,
  • "status": "ACTIVE"
}
Response samples
application/json
{
  • "id": 1,
  • "riskId": "AC-04",
  • "title": "Password Management - Password Cracking",
  • "description": "An attacker attempts to gain access to organizational information by guessing of passwords.",
  • "treatmentPlan": "UNTREATED",
  • "treatmentDetails": "Building doors can be open and an unauthorized person can walk in.",
  • "anticipatedCompletionDate": "2020-07-06 12:00:00.000000",
  • "completionDate": "2020-07-06 12:00:00.000000",
  • "impact": 5,
  • "likelihood": 5,
  • "score": 5,
  • "residualImpact": 5,
  • "residualLikelihood": 5,
  • "residualScore": 5,
  • "applicable": true,
  • "status": "ACTIVE",
  • "controls": [
    • {
      • "id": 23,
      • "code": "DCF-01",
      • "name": "Hello",
      • "description": "this is a description",
      • "isReady": true,
      • "controlNumber": 1,
      • "archivedAt": 1
      }
    ],
  • "categories": [
    • {
      • "id": 1,
      • "name": "Governance"
      }
    ],
  • "owners": [],
  • "reviewers": [],
  • "documents": [
    • {
      • "id": 1,
      • "name": "Security Training",
      • "createdAt": "2020-07-06 12:00:00.000000"
      }
    ],
  • "notes": [
    • {
      • "id": 1,
      • "comment": "Good comment",
      • "createdAt": "2020-07-06 12:00:00.000000",
      • "updatedAt": "2020-07-06 12:00:00.000000",
      • "owner": {}
      }
    ]
}