Risks are potential events that could impact the security, reputation, and financial health of a company.
Find Risks matching the provided filters.
🔒 Requires Risk Management: List Risks permission.
Malformed data and/or validation errors
Invalid Authorization
You must upgrade your plan to use this feature
You are not allowed to perform this action
You must accept the Drata terms and conditions to use the API
Internal server error
{- "data": [
- {
- "id": 1,
- "riskId": "AC-04",
- "title": "Password Management - Password Cracking",
- "description": "An attacker attempts to gain access to organizational information by guessing of passwords.",
- "treatmentPlan": "UNTREATED",
- "treatmentDetails": "Implementing multi-factor authentication and password complexity requirements to reduce likelihood of successful password attacks.",
- "anticipatedCompletionDate": "2025-07-01T16:45:55.246Z",
- "completionDate": "2025-07-01T16:45:55.246Z",
- "score": 25,
- "residualScore": 9,
- "status": "ACTIVE",
- "createdAt": "2025-07-01T16:45:55.246Z",
- "updatedAt": "2025-07-01T16:45:55.246Z",
- "controls": [
- {
- "id": 1,
- "code": "AC-1",
- "name": "Access Control",
- "description": "Drata has implemented tools to monitor Drata's databases and notify appropriate personnel of any events or incidents based on\n predetermined criteria. Incidents are escalated per policy.",
- "isReady": true,
- "createdAt": "2025-07-01T16:45:55.246Z",
- "updatedAt": "2025-07-01T16:45:55.246Z"
}
], - "categories": [
- {
- "id": 1,
- "name": "Access Control",
- "createdAt": "2025-07-01T16:45:55.246Z",
- "updatedAt": "2025-07-01T16:45:55.246Z"
}
], - "owners": [
- {
- "id": 1,
- "firstName": "Sally",
- "lastName": "Smith",
- "createdAt": "2025-07-01T16:45:55.246Z",
- "updatedAt": "2025-07-01T16:45:55.246Z"
}
], - "reviewers": [
- {
- "id": 1,
- "firstName": "Sally",
- "lastName": "Smith",
- "createdAt": "2025-07-01T16:45:55.246Z",
- "updatedAt": "2025-07-01T16:45:55.246Z"
}
], - "documents": [
- {
- "id": 1,
- "name": "Risk Assessment Report Q4 2023.pdf",
- "createdAt": "2025-07-01T16:45:55.246Z",
- "updatedAt": "2025-07-01T16:45:55.246Z"
}
], - "notes": [
- {
- "id": 1,
- "comment": "This Risk has been reviewed and approved by the security team. Implementation timeline updated.",
- "createdAt": "2025-07-01T16:45:55.246Z",
- "updatedAt": "2025-07-01T16:45:55.246Z"
}
], - "tickets": [
- {
- "id": 1,
- "externalTicketId": "ENG-11245",
- "isDone": false,
- "createdAt": "2025-07-01T16:45:55.246Z",
- "updatedAt": "2025-07-01T16:45:55.246Z"
}
], - "tasks": [
- {
- "id": 1,
- "title": "Review quarterly security policies",
- "description": "Conduct a comprehensive review of all security policies to ensure compliance with current regulations.",
- "dueDate": "2020-07-06",
- "completedAt": "2025-07-01T16:45:55.246Z",
- "createdAt": "2025-07-01T16:45:55.246Z",
- "updatedAt": "2025-07-01T16:45:55.246Z"
}
], - "customFields": [
- {
- "customFieldId": 1,
- "name": "Stakeholders",
- "value": "Security & IT"
}
]
}
], - "pagination": {
- "cursor": "string"
}
}
Create a new custom Risk in the Risk register.
🔒 Requires Risk Management: Create Risk permission.
Created
Malformed data and/or validation errors
Invalid Authorization
You must upgrade your plan to use this feature
You are not allowed to perform this action
There is a conflict in the business rules with this request
You must accept the Drata terms and conditions to use the API
Unprocessable Entity
Internal server error
{- "title": "Password Management - Weak Password Policies",
- "description": "Weak password policies may allow unauthorized access to organizational systems and data through password-based attacks such as brute force, dictionary attacks, or credential stuffing.",
- "identifiedAt": "2020-07-06",
- "impact": 4,
- "likelihood": 3,
- "treatmentPlan": "MITIGATE",
- "treatmentDetails": "Implement multi-factor authentication and enforce strong password complexity requirements across all systems.",
- "anticipatedCompletionDate": "2020-07-06",
- "completionDate": "2020-07-06",
- "residualImpact": 2,
- "residualLikelihood": 2,
- "status": "ACTIVE",
- "categories": [
- {
- "id": 1
}
], - "owners": [
- {
- "id": 1
}
], - "reviewers": [
- {
- "id": 1
}
], - "controls": [
- {
- "id": 1
}
]
}
{- "id": 1,
- "riskId": "AC-04",
- "title": "Password Management - Password Cracking",
- "description": "An attacker attempts to gain access to organizational information by guessing of passwords.",
- "treatmentPlan": "UNTREATED",
- "treatmentDetails": "Implementing multi-factor authentication and password complexity requirements to reduce likelihood of successful password attacks.",
- "anticipatedCompletionDate": "2025-07-01T16:45:55.246Z",
- "completionDate": "2025-07-01T16:45:55.246Z",
- "score": 25,
- "residualScore": 9,
- "status": "ACTIVE",
- "createdAt": "2025-07-01T16:45:55.246Z",
- "updatedAt": "2025-07-01T16:45:55.246Z",
- "controls": [
- {
- "id": 1,
- "code": "AC-1",
- "name": "Access Control",
- "description": "Drata has implemented tools to monitor Drata's databases and notify appropriate personnel of any events or incidents based on\n predetermined criteria. Incidents are escalated per policy.",
- "isReady": true,
- "createdAt": "2025-07-01T16:45:55.246Z",
- "updatedAt": "2025-07-01T16:45:55.246Z"
}
], - "categories": [
- {
- "id": 1,
- "name": "Access Control",
- "createdAt": "2025-07-01T16:45:55.246Z",
- "updatedAt": "2025-07-01T16:45:55.246Z"
}
], - "owners": [
- {
- "id": 1,
- "firstName": "Sally",
- "lastName": "Smith",
- "createdAt": "2025-07-01T16:45:55.246Z",
- "updatedAt": "2025-07-01T16:45:55.246Z"
}
], - "reviewers": [
- {
- "id": 1,
- "firstName": "Sally",
- "lastName": "Smith",
- "createdAt": "2025-07-01T16:45:55.246Z",
- "updatedAt": "2025-07-01T16:45:55.246Z"
}
], - "documents": [
- {
- "id": 1,
- "name": "Risk Assessment Report Q4 2023.pdf",
- "createdAt": "2025-07-01T16:45:55.246Z",
- "updatedAt": "2025-07-01T16:45:55.246Z"
}
], - "notes": [
- {
- "id": 1,
- "comment": "This Risk has been reviewed and approved by the security team. Implementation timeline updated.",
- "createdAt": "2025-07-01T16:45:55.246Z",
- "updatedAt": "2025-07-01T16:45:55.246Z"
}
], - "tickets": [
- {
- "id": 1,
- "externalTicketId": "ENG-11245",
- "isDone": false,
- "createdAt": "2025-07-01T16:45:55.246Z",
- "updatedAt": "2025-07-01T16:45:55.246Z"
}
], - "tasks": [
- {
- "id": 1,
- "title": "Review quarterly security policies",
- "description": "Conduct a comprehensive review of all security policies to ensure compliance with current regulations.",
- "dueDate": "2020-07-06",
- "completedAt": "2025-07-01T16:45:55.246Z",
- "createdAt": "2025-07-01T16:45:55.246Z",
- "updatedAt": "2025-07-01T16:45:55.246Z"
}
], - "customFields": [
- {
- "customFieldId": 1,
- "name": "Stakeholders",
- "value": "Security & IT"
}
]
}
Get detail for a Risk item.
🔒 Requires Risk Management: Get Risk permission.
Successful
Malformed data and/or validation errors
Invalid Authorization
You must upgrade your plan to use this feature
You are not allowed to perform this action
Not Found
You must accept the Drata terms and conditions to use the API
Internal server error
{- "id": 1,
- "riskId": "AC-04",
- "title": "Password Management - Password Cracking",
- "description": "An attacker attempts to gain access to organizational information by guessing of passwords.",
- "treatmentPlan": "UNTREATED",
- "treatmentDetails": "Implementing multi-factor authentication and password complexity requirements to reduce likelihood of successful password attacks.",
- "anticipatedCompletionDate": "2025-07-01T16:45:55.246Z",
- "completionDate": "2025-07-01T16:45:55.246Z",
- "score": 25,
- "residualScore": 9,
- "status": "ACTIVE",
- "createdAt": "2025-07-01T16:45:55.246Z",
- "updatedAt": "2025-07-01T16:45:55.246Z",
- "controls": [
- {
- "id": 1,
- "code": "AC-1",
- "name": "Access Control",
- "description": "Drata has implemented tools to monitor Drata's databases and notify appropriate personnel of any events or incidents based on\n predetermined criteria. Incidents are escalated per policy.",
- "isReady": true,
- "createdAt": "2025-07-01T16:45:55.246Z",
- "updatedAt": "2025-07-01T16:45:55.246Z"
}
], - "categories": [
- {
- "id": 1,
- "name": "Access Control",
- "createdAt": "2025-07-01T16:45:55.246Z",
- "updatedAt": "2025-07-01T16:45:55.246Z"
}
], - "owners": [
- {
- "id": 1,
- "firstName": "Sally",
- "lastName": "Smith",
- "createdAt": "2025-07-01T16:45:55.246Z",
- "updatedAt": "2025-07-01T16:45:55.246Z"
}
], - "reviewers": [
- {
- "id": 1,
- "firstName": "Sally",
- "lastName": "Smith",
- "createdAt": "2025-07-01T16:45:55.246Z",
- "updatedAt": "2025-07-01T16:45:55.246Z"
}
], - "documents": [
- {
- "id": 1,
- "name": "Risk Assessment Report Q4 2023.pdf",
- "createdAt": "2025-07-01T16:45:55.246Z",
- "updatedAt": "2025-07-01T16:45:55.246Z"
}
], - "notes": [
- {
- "id": 1,
- "comment": "This Risk has been reviewed and approved by the security team. Implementation timeline updated.",
- "createdAt": "2025-07-01T16:45:55.246Z",
- "updatedAt": "2025-07-01T16:45:55.246Z"
}
], - "tickets": [
- {
- "id": 1,
- "externalTicketId": "ENG-11245",
- "isDone": false,
- "createdAt": "2025-07-01T16:45:55.246Z",
- "updatedAt": "2025-07-01T16:45:55.246Z"
}
], - "tasks": [
- {
- "id": 1,
- "title": "Review quarterly security policies",
- "description": "Conduct a comprehensive review of all security policies to ensure compliance with current regulations.",
- "dueDate": "2020-07-06",
- "completedAt": "2025-07-01T16:45:55.246Z",
- "createdAt": "2025-07-01T16:45:55.246Z",
- "updatedAt": "2025-07-01T16:45:55.246Z"
}
], - "customFields": [
- {
- "customFieldId": 1,
- "name": "Stakeholders",
- "value": "Security & IT"
}
]
}
Update an existing Risk.
🔒 Requires Risk Management: Update Risk permission.
Successful
Malformed data and/or validation errors
Invalid Authorization
You must upgrade your plan to use this feature
You are not allowed to perform this action
Not Found
You must accept the Drata terms and conditions to use the API
Unprocessable Entity
Internal server error
{- "title": "Password Management - Weak Password Policies",
- "description": "Weak password policies may allow unauthorized access to organizational systems and data through password-based attacks such as brute force, dictionary attacks, or credential stuffing.",
- "identifiedAt": "2020-07-06",
- "impact": 4,
- "likelihood": 3,
- "treatmentPlan": "MITIGATE",
- "treatmentDetails": "Implement multi-factor authentication and enforce strong password complexity requirements across all systems.",
- "anticipatedCompletionDate": "2020-07-06",
- "completionDate": "2024-12-01",
- "residualImpact": 2,
- "residualLikelihood": 2,
- "status": "ACTIVE",
- "categories": [
- {
- "id": 1
}
], - "owners": [
- {
- "id": 1
}
], - "reviewers": [
- {
- "id": 1
}
], - "controls": [
- {
- "id": 1
}
]
}
{- "id": 1,
- "riskId": "AC-04",
- "title": "Password Management - Password Cracking",
- "description": "An attacker attempts to gain access to organizational information by guessing of passwords.",
- "treatmentPlan": "UNTREATED",
- "treatmentDetails": "Implementing multi-factor authentication and password complexity requirements to reduce likelihood of successful password attacks.",
- "anticipatedCompletionDate": "2025-07-01T16:45:55.246Z",
- "completionDate": "2025-07-01T16:45:55.246Z",
- "score": 25,
- "residualScore": 9,
- "status": "ACTIVE",
- "createdAt": "2025-07-01T16:45:55.246Z",
- "updatedAt": "2025-07-01T16:45:55.246Z",
- "controls": [
- {
- "id": 1,
- "code": "AC-1",
- "name": "Access Control",
- "description": "Drata has implemented tools to monitor Drata's databases and notify appropriate personnel of any events or incidents based on\n predetermined criteria. Incidents are escalated per policy.",
- "isReady": true,
- "createdAt": "2025-07-01T16:45:55.246Z",
- "updatedAt": "2025-07-01T16:45:55.246Z"
}
], - "categories": [
- {
- "id": 1,
- "name": "Access Control",
- "createdAt": "2025-07-01T16:45:55.246Z",
- "updatedAt": "2025-07-01T16:45:55.246Z"
}
], - "owners": [
- {
- "id": 1,
- "firstName": "Sally",
- "lastName": "Smith",
- "createdAt": "2025-07-01T16:45:55.246Z",
- "updatedAt": "2025-07-01T16:45:55.246Z"
}
], - "reviewers": [
- {
- "id": 1,
- "firstName": "Sally",
- "lastName": "Smith",
- "createdAt": "2025-07-01T16:45:55.246Z",
- "updatedAt": "2025-07-01T16:45:55.246Z"
}
], - "documents": [
- {
- "id": 1,
- "name": "Risk Assessment Report Q4 2023.pdf",
- "createdAt": "2025-07-01T16:45:55.246Z",
- "updatedAt": "2025-07-01T16:45:55.246Z"
}
], - "notes": [
- {
- "id": 1,
- "comment": "This Risk has been reviewed and approved by the security team. Implementation timeline updated.",
- "createdAt": "2025-07-01T16:45:55.246Z",
- "updatedAt": "2025-07-01T16:45:55.246Z"
}
], - "tickets": [
- {
- "id": 1,
- "externalTicketId": "ENG-11245",
- "isDone": false,
- "createdAt": "2025-07-01T16:45:55.246Z",
- "updatedAt": "2025-07-01T16:45:55.246Z"
}
], - "tasks": [
- {
- "id": 1,
- "title": "Review quarterly security policies",
- "description": "Conduct a comprehensive review of all security policies to ensure compliance with current regulations.",
- "dueDate": "2020-07-06",
- "completedAt": "2025-07-01T16:45:55.246Z",
- "createdAt": "2025-07-01T16:45:55.246Z",
- "updatedAt": "2025-07-01T16:45:55.246Z"
}
], - "customFields": [
- {
- "customFieldId": 1,
- "name": "Stakeholders",
- "value": "Security & IT"
}
]
}