Find risks by search terms and filters

List all risks

Securitybearer
Request
query Parameters
page
number >= 1
Default: 1

Which page of data are you requesting

limit
number [ 1 .. 50 ]
Default: 20

How many items are you requesting

sort
string

Which type of sort (default: ID)

Enum: "ID" "RISK_SCORE" "IDENTIFIED_DATE"
Example: sort=ID
sortDir
string

Which direction to sort the data (default: ASC)

Enum: "ASC" "DESC"
Example: sortDir=ASC
q
string

Query to find a risks

applicable
boolean

Filter risks by aplicable

status
string

Filter risks status

Enum: "ACTIVE" "ARCHIVED" "CLOSED"
Example: status=ACTIVE
isScored
boolean

Filter risks by scored or not scored

treatmentPlan
string

Filter risks by treatment plan

Enum: "UNTREATED" "ACCEPT" "TRANSFER" "AVOID" "MITIGATE"
Example: treatmentPlan=UNTREATED
categoriesIds
Array of numbers

List of categories ids to find risks by

Example: categoriesIds=1&categoriesIds=2&categoriesIds=3
ownersIds
Array of numbers

List of owners ids to find risks by

Example: ownersIds=1&ownersIds=2&ownersIds=3
needsAttention
boolean

Filter risks by controls that are not ready

impact
number [ 1 .. 10 ]

Filter by the impact

Example: impact=3
likelihood
number [ 1 .. 10 ]

Filter by the likelihood

Example: likelihood=1
minScore
number [ 1 .. 100 ]

Filter by the range of scores

Example: minScore=1
maxScore
number [ 1 .. 100 ]

Filter by range of scores

Example: maxScore=1
vendorId
number or null

Filter risk by vendor

Example: vendorId=1
onlyVendors
boolean

Filter risks only by vendor

Responses
200
400

Malformed data and/or validation errors

401

Invalid Authorization

403

You are not allowed to perform this action

500

Internal server error

default

Response Code: 412

You must accept the Drata terms and conditions to use the API

get/risk-management
Request samples
Response samples
application/json
{
  • "data": [
    • {
      • "id": 1,
      • "riskId": "AC-04",
      • "title": "Password Management - Password Cracking",
      • "description": "An attacker attempts to gain access to organizational information by guessing of passwords.",
      • "treatmentPlan": "UNTREATED",
      • "treatmentDetails": "Building doors can be open and an unauthorized person can walk in.",
      • "anticipatedCompletionDate": "2020-07-06 12:00:00.000000",
      • "completionDate": "2020-07-06 12:00:00.000000",
      • "impact": 5,
      • "likelihood": 5,
      • "score": 5,
      • "residualImpact": 5,
      • "residualLikelihood": 5,
      • "residualScore": 5,
      • "applicable": true,
      • "status": "ACTIVE",
      • "controls": [
        • {
          • "id": 23,
          • "code": "DCF-01",
          • "name": "Hello",
          • "description": "this is a description",
          • "isReady": true,
          • "controlNumber": 1,
          • "archivedAt": 1
          }
        ],
      • "categories": [
        • {
          • "id": 1,
          • "name": "Governance"
          }
        ],
      • "owners": [],
      • "reviewers": [],
      • "documents": [
        • {
          • "id": 1,
          • "name": "Security Training",
          • "createdAt": "2020-07-06 12:00:00.000000"
          }
        ],
      • "notes": [
        • {
          • "id": 1,
          • "comment": "Good comment",
          • "createdAt": "2020-07-06 12:00:00.000000",
          • "updatedAt": "2020-07-06 12:00:00.000000",
          • "owner": {}
          }
        ]
      }
    ],
  • "page": 1,
  • "limit": 10,
  • "total": 100
}