Find risks by search terms and filters

List all risks

Securitybearer
Request
query Parameters
page
number >= 1
Default: 1

Which page of data are you requesting

limit
number [ 1 .. 50 ]
Default: 20

How many items are you requesting

sort
string

Which type of sort (default: ID)

Enum: "ID" "RISK_SCORE" "IDENTIFIED_DATE"
Example: sort=ID
sortDir
string

Which direction to sort the data (default: ASC)

Enum: "ASC" "DESC"
Example: sortDir=ASC
q
string

Query to find a risks

applicable
boolean

Filter risks by aplicable

status
string

Filter risks status

Enum: "ACTIVE" "ARCHIVED" "CLOSED"
Example: status=ACTIVE
isScored
boolean

Filter risks by scored or not scored

treatmentPlan
string

Filter risks by treatment plan

Enum: "UNTREATED" "ACCEPT" "TRANSFER" "AVOID" "MITIGATE"
Example: treatmentPlan=UNTREATED
categoriesIds
Array of numbers

List of categories ids to find risks by

Example: categoriesIds=1&categoriesIds=2&categoriesIds=3
ownersIds
Array of numbers

List of owners ids to find risks by

Example: ownersIds=1&ownersIds=2&ownersIds=3
needsAttention
boolean

Filter risks by controls that are not ready

impact
number [ 1 .. 10 ]

Filter by the impact

Example: impact=3
likelihood
number [ 1 .. 10 ]

Filter by the likelihood

Example: likelihood=1
minScore
number [ 1 .. 100 ]

Filter by the range of scores

Example: minScore=1
maxScore
number [ 1 .. 100 ]

Filter by range of scores

Example: maxScore=1
vendorId
number or null

Filter risk by vendor

Example: vendorId=1
onlyVendors
boolean

Filter risks only by vendor

Responses
200
400

Malformed data and/or validation errors

401

Invalid Authorization

402

You must upgrade your plan to use this feature

403

You are not allowed to perform this action

412

You must accept the Drata terms and conditions to use the API

500

Internal server error

get/risk-management
Request samples 
Response samples 
application/json
{
  • "data": [
    • {
      • "id": 1,
      • "riskId": "AC-04",
      • "title": "Password Management - Password Cracking",
      • "description": "An attacker attempts to gain access to organizational information by guessing of passwords.",
      • "treatmentPlan": "UNTREATED",
      • "treatmentDetails": "Building doors can be open and an unauthorized person can walk in.",
      • "anticipatedCompletionDate": "2025-07-01T16:45:55.246Z",
      • "completionDate": "2025-07-01T16:45:55.246Z",
      • "impact": 5,
      • "likelihood": 5,
      • "score": 5,
      • "residualImpact": 5,
      • "residualLikelihood": 5,
      • "residualScore": 5,
      • "applicable": true,
      • "status": "ACTIVE",
      • "controls": [
        • {
          • "id": 23,
          • "code": "DCF-01",
          • "name": "Hello",
          • "description": "this is a description",
          • "isReady": true,
          • "controlNumber": 1,
          • "archivedAt": 1
          }
        ],
      • "categories": [
        • {
          • "id": 1,
          • "name": "Governance"
          }
        ],
      • "owners": [],
      • "reviewers": [],
      • "documents": [
        • {
          • "id": 1,
          • "name": "Security Training",
          • "createdAt": "2025-07-01T16:45:55.246Z"
          }
        ],
      • "notes": [
        • {
          • "id": 1,
          • "comment": "Good comment",
          • "createdAt": "2025-07-01T16:45:55.246Z",
          • "updatedAt": "2025-07-01T16:45:55.246Z",
          • "owner": {
            • "id": 1,
            • "entryId": "aaaaaaaa-bbbb-0000-cccc-dddddddddddd",
            • "email": "[email protected]",
            • "firstName": "Sally",
            • "lastName": "Smith",
            • "jobTitle": "CEO",
            • "avatarUrl": "https://cdn-prod.imgpilot.com/avatar.png",
            • "drataTermsAgreedAt": "2025-07-01T16:45:55.246Z",
            • "createdAt": "2025-07-01T16:45:55.246Z",
            • "updatedAt": "2025-07-01T16:45:55.246Z"
            }
          }
        ]
      }
    ],
  • "page": 1,
  • "limit": 10,
  • "total": 100
}