Add a new custom risk to the account

Create a custom risk

Securitybearer
Request
Request Body schema: application/json
required
title
required
string <= 191 characters

Describes the title of a risk

description
required
string <= 768 characters

Describes the problem

impact
number [ 1 .. 10 ]

Describes the impact

likelihood
number [ 1 .. 10 ]

Describes the likelihood

score
number [ 1 .. 100 ]

Assessment score

Array of objects (CategoryRequestPublicDto) unique
Array of objects (DocumentRequestPublicDto) unique
treatmentPlan
required
string

The risk treatment plan

Enum: "UNTREATED" "ACCEPT" "TRANSFER" "AVOID" "MITIGATE"
treatmentDetails
string <= 30000 characters

Describes the treatment

anticipatedCompletionDate
string <date-time>

Anticipated Completion Date.

completionDate
string <date-time>

Completion Date.

Array of objects (ReviewerRequestPublicDto) unique
Array of objects (OwnerRequestPublicDto) unique
residualImpact
number [ 1 .. 10 ]

Describes the score for impact

residualLikelihood
number [ 1 .. 10 ]

Describes the score for likelihood

residualScore
number [ 1 .. 100 ]

Assessment residual score

Array of objects (ControlRequestPublicDto) unique
applicable
boolean

Mark if risk is applicable or not

status
string

Risks status

Enum: "ACTIVE" "ARCHIVED" "CLOSED"
Responses
201

Record created!

400

Malformed data and/or validation errors

401

Invalid Authorization

402

Response Code 402

You must pay to activate this feature

403

You are not allowed to perform this action

409

There is a conflict in the business rules with this request

412

Response Code: 412

You must accept the Drata terms and conditions to use the API

500

Internal server error

post/risk-management
Request samples
application/json
{
  • "title": "Door locks",
  • "description": "Building doors can be open and an unauthorized person can walk in.",
  • "impact": 3,
  • "likelihood": 1,
  • "score": 3,
  • "categories": [
    • {
      • "id": 1
      }
    ],
  • "documents": [
    • {
      • "id": 1
      }
    ],
  • "treatmentPlan": "TRANSFER",
  • "treatmentDetails": "Building doors can be open and an unauthorized person can walk in.",
  • "anticipatedCompletionDate": "2025-07-01T16:45:55.246Z",
  • "completionDate": "2025-07-01T16:45:55.246Z",
  • "reviewers": [
    • {
      • "id": 1
      }
    ],
  • "owners": [
    • {
      • "id": 1
      }
    ],
  • "residualImpact": 3,
  • "residualLikelihood": 1,
  • "residualScore": 3,
  • "controls": [
    • {
      • "id": 1
      }
    ],
  • "applicable": true,
  • "status": "ACTIVE"
}
Response samples
application/json
{
  • "id": 1,
  • "riskId": "AC-04",
  • "title": "Password Management - Password Cracking",
  • "description": "An attacker attempts to gain access to organizational information by guessing of passwords.",
  • "treatmentPlan": "UNTREATED",
  • "treatmentDetails": "Building doors can be open and an unauthorized person can walk in.",
  • "anticipatedCompletionDate": "2025-07-01T16:45:55.246Z",
  • "completionDate": "2025-07-01T16:45:55.246Z",
  • "impact": 5,
  • "likelihood": 5,
  • "score": 5,
  • "residualImpact": 5,
  • "residualLikelihood": 5,
  • "residualScore": 5,
  • "applicable": true,
  • "status": "ACTIVE",
  • "controls": [
    • {
      • "id": 23,
      • "code": "DCF-01",
      • "name": "Hello",
      • "description": "this is a description",
      • "isReady": true,
      • "controlNumber": 1,
      • "archivedAt": 1
      }
    ],
  • "categories": [
    • {
      • "id": 1,
      • "name": "Governance"
      }
    ],
  • "owners": [],
  • "reviewers": [],
  • "documents": [
    • {
      • "id": 1,
      • "name": "Security Training",
      • "createdAt": "2025-07-01T16:45:55.246Z"
      }
    ],
  • "notes": [
    • {
      • "id": 1,
      • "comment": "Good comment",
      • "createdAt": "2025-07-01T16:45:55.246Z",
      • "updatedAt": "2025-07-01T16:45:55.246Z",
      • "owner": {
        • "id": 1,
        • "entryId": "aaaaaaaa-bbbb-0000-cccc-dddddddddddd",
        • "email": "[email protected]",
        • "firstName": "Sally",
        • "lastName": "Smith",
        • "jobTitle": "CEO",
        • "avatarUrl": "https://cdn-prod.imgpilot.com/avatar.png",
        • "drataTermsAgreedAt": "2025-07-01T16:45:55.246Z",
        • "createdAt": "2025-07-01T16:45:55.246Z",
        • "updatedAt": "2025-07-01T16:45:55.246Z"
        }
      }
    ]
}