Skip to main content
POST
/
v2
/
bulk
/
assets
cURL
curl --request POST \
  --url https://client.synack.com/api/asset/v2/bulk/assets \
  --header 'Authorization: Bearer <token>' \
  --header 'Content-Type: application/json' \
  --data '
{
  "organizationUid": "<string>",
  "assetType": "cloudaccount",
  "origin": "provided",
  "inProduction": true,
  "active": true,
  "label": "<string>",
  "description": "<string>",
  "lifecycleState": "confirmed",
  "criticality": "undefined",
  "changeStatus": "unchanged",
  "anyListingActive": false,
  "anyListingActiveWithin2Years": false,
  "scanStateUpdatedAt": "2023-11-07T05:31:56Z",
  "lastCheckedAt": "2023-11-07T05:31:56Z",
  "lastReachableAt": "2023-11-07T05:31:56Z",
  "lastSuccessfulScan": "2023-11-07T05:31:56Z",
  "lastFailedScan": "2023-11-07T05:31:56Z",
  "firstSeen": "2023-11-07T05:31:56Z",
  "lastSeen": "2023-11-07T05:31:56Z",
  "status": "unchecked",
  "errorCode": 123,
  "sourceRelationships": [
    {
      "sourceAssetUid": "<string>",
      "targetAssetUid": "<string>",
      "startsAt": "2023-11-07T05:31:56Z",
      "relationshipType": "discoveredBy",
      "assetScanner": "burp",
      "uid": "<string>",
      "endsAt": "2023-11-07T05:31:56Z"
    }
  ],
  "externalRelationships": [
    {
      "type": "discoveredBy",
      "sourceAssetUid": "<string>",
      "targetUid": "<string>",
      "targetService": "assetDiscovery",
      "startsAt": "2023-11-07T05:31:56Z",
      "uid": "<string>",
      "endsAt": "2023-11-07T05:31:56Z"
    }
  ],
  "cloudAccount": {
    "credentialData": "TXkgdm9pY2UgaXMgbXkgcGFzc3dvcmQu",
    "cloudPlatform": "aws",
    "cloudCredentialFormat": "aws_assume_role"
  }
}
'
{
  "organizationUid": "<string>",
  "assetType": "cloudaccount",
  "origin": "provided",
  "createdAt": "2023-11-07T05:31:56Z",
  "createdBy": "<string>",
  "uid": "<string>",
  "location": "<string>",
  "inProduction": true,
  "active": true,
  "label": "<string>",
  "description": "<string>",
  "lifecycleState": "confirmed",
  "criticality": "undefined",
  "changeStatus": "unchanged",
  "anyListingActive": false,
  "anyListingActiveWithin2Years": false,
  "scanStateUpdatedAt": "2023-11-07T05:31:56Z",
  "lastCheckedAt": "2023-11-07T05:31:56Z",
  "lastReachableAt": "2023-11-07T05:31:56Z",
  "lastSuccessfulScan": "2023-11-07T05:31:56Z",
  "lastFailedScan": "2023-11-07T05:31:56Z",
  "firstSeen": "2023-11-07T05:31:56Z",
  "lastSeen": "2023-11-07T05:31:56Z",
  "status": "unchecked",
  "errorCode": 123,
  "listings": [
    {
      "listingUid": "<string>",
      "scope": "in",
      "scopeRules": [
        {
          "uid": "<string>",
          "rule": "<string>",
          "scope": "in",
          "appliesTo": "scanners",
          "createdAt": "2023-11-07T05:31:56Z",
          "createdBy": "<string>",
          "updatedAt": "2023-11-07T05:31:56Z",
          "updatedBy": "<string>"
        }
      ],
      "createdAt": "2023-11-07T05:31:56Z",
      "updatedAt": "2023-11-07T05:31:56Z"
    }
  ],
  "scopeRules": [
    {
      "uid": "<string>",
      "rule": "<string>",
      "scope": "in",
      "appliesTo": "scanners"
    }
  ],
  "relationships": [
    {
      "sourceAssetUid": "<string>",
      "targetAssetUid": "<string>",
      "startsAt": "2023-11-07T05:31:56Z",
      "relationshipType": "discoveredBy",
      "createdAt": "2023-11-07T05:31:56Z",
      "createdBy": "<string>",
      "assetScanner": "burp",
      "uid": "<string>",
      "endsAt": "2023-11-07T05:31:56Z",
      "updatedAt": "2023-11-07T05:31:56Z",
      "updatedBy": "<string>"
    }
  ],
  "externalRelationships": [
    {
      "type": "discoveredBy",
      "sourceAssetUid": "<string>",
      "targetUid": "<string>",
      "targetService": "assetDiscovery",
      "startsAt": "2023-11-07T05:31:56Z",
      "createdAt": "2023-11-07T05:31:56Z",
      "createdBy": "<string>",
      "uid": "<string>",
      "endsAt": "2023-11-07T05:31:56Z",
      "updatedAt": "2023-11-07T05:31:56Z",
      "updatedBy": "<string>"
    }
  ],
  "gateways": [
    {
      "gatewayId": "<string>",
      "listingUid": "<string>"
    }
  ],
  "updatedAt": "2023-11-07T05:31:56Z",
  "updatedBy": "<string>",
  "cloudAccount": {
    "credentialData": "TXkgdm9pY2UgaXMgbXkgcGFzc3dvcmQu",
    "cloudPlatform": "aws",
    "cloudCredentialFormat": "aws_assume_role"
  }
}

Authorizations

Authorization
string
header
required

The access token received from the authorization server in the OAuth 2.0 flow.

Body

application/json

Supply Asset UID for the asset to upsert

organizationUid
string
required

Unique identifier for an organization.

assetType
enum<string>
required

Derived from the properties associated with the asset.

Available options:
cloudaccount,
host,
network,
mobileapp,
webapp
origin
enum<string>
default:provided
required

Indicates the origin for the asset, i.e. whether the asset was provided manually or it was discovered by some sort of automation.

Available options:
provided,
discovered
inProduction
boolean
default:true

Indicates whether the asset resides in a production environment.

active
boolean
default:true

Active assets may participate in listings. When inactive, the asset is essentially soft-deleted and may not be scanned or subject to new research by SRT.

label
string

Optional label for the asset. If present, label is part of the derived property of asset location, which enables creation of multiple assets with different labels under a single organization.

description
string

Optional description for the asset.

lifecycleState
enum<string>
default:confirmed

Indicates the asset position in asset lifecycle FSM.

Available options:
confirmed,
unconfirmed,
ignored,
archived
criticality
enum<string>
default:undefined

Indicates importance of the asset to the customer.

Available options:
high,
medium,
low,
undefined
changeStatus
enum<string>
default:unchanged

Indicates whether the asset is newly discovered, has changed since last evaluated, or is unchanged.

Available options:
new,
changed,
unchanged
anyListingActive
boolean
default:false

This field is used for scheduling Fingerprinting scans. A calculated field based on if the asset has any listings in which it is active. This field is read only and relates only to assets created after Apr 1 2023.

anyListingActiveWithin2Years
boolean
default:false

This field is used for scheduling Fingerprinting scans. A calculated field based on if the asset has any active listings or listings deactivated less than 2 years ago. This field is read only and relates only to assets created prior to Apr 1 2023.

scanStateUpdatedAt
string<date-time>

The date time the scan state was updated.

lastCheckedAt
string<date-time>

The last date time the asset was checked.

lastReachableAt
string<date-time>

The last date time the asset was successfully checked for reachability.

lastSuccessfulScan
string<date-time>

The last date time the asset scan was successful.

lastFailedScan
string<date-time>

The last date time the asset scan was failed.

firstSeen
string<date-time>

For assets with an origin of discovered. The date time when the asset was first discovered.

lastSeen
string<date-time>

For assets with an origin of discovered. The date time when the asset was last discovered or fingerprinted.

status
enum<string>

Status reported by automated checkers.

Available options:
unchecked,
invalid,
valid
errorCode
integer<int32>

Optional numeric error code set by an automated process such as scanning or checking.

sourceRelationships
object[]

Relationships which have this asset as a source (SourceAssetID and SourceAssetUID will be set automatically). This property is only available in the postAssetBulk request body and is not returned as part of any responses.

externalRelationships
object[]

External relationships which this asset participates in as a source. When used in postAssetBulk request, AssetID and AssetUID will be set automatically.

cloudAccount
object

Keeps credentials for accessing the cloud provider. Mandatory for assets of 'cloudaccount' type.

Response

A single asset or an array of assets.

organizationUid
string
required

Unique identifier for an organization.

assetType
enum<string>
required

Derived from the properties associated with the asset.

Available options:
cloudaccount,
host,
network,
mobileapp,
webapp
origin
enum<string>
default:provided
required

Indicates the origin for the asset, i.e. whether the asset was provided manually or it was discovered by some sort of automation.

Available options:
provided,
discovered
createdAt
string<date-time>
required

Automatically set by the server to the time the request was processed whenever the resource was created.

createdBy
string
required

Automatically set by the server to the requesting user whenever the resource is updated. May be a user account or a service account if the action is performed by an automated.

uid
string

Unique Identifier.

location
string

Derived human-readable text representation of the asset, based on assetType and other properties.

inProduction
boolean
default:true

Indicates whether the asset resides in a production environment.

active
boolean
default:true

Active assets may participate in listings. When inactive, the asset is essentially soft-deleted and may not be scanned or subject to new research by SRT.

label
string

Optional label for the asset. If present, label is part of the derived property of asset location, which enables creation of multiple assets with different labels under a single organization.

description
string

Optional description for the asset.

lifecycleState
enum<string>
default:confirmed

Indicates the asset position in asset lifecycle FSM.

Available options:
confirmed,
unconfirmed,
ignored,
archived
criticality
enum<string>
default:undefined

Indicates importance of the asset to the customer.

Available options:
high,
medium,
low,
undefined
changeStatus
enum<string>
default:unchanged

Indicates whether the asset is newly discovered, has changed since last evaluated, or is unchanged.

Available options:
new,
changed,
unchanged
anyListingActive
boolean
default:false

This field is used for scheduling Fingerprinting scans. A calculated field based on if the asset has any listings in which it is active. This field is read only and relates only to assets created after Apr 1 2023.

anyListingActiveWithin2Years
boolean
default:false

This field is used for scheduling Fingerprinting scans. A calculated field based on if the asset has any active listings or listings deactivated less than 2 years ago. This field is read only and relates only to assets created prior to Apr 1 2023.

scanStateUpdatedAt
string<date-time>

The date time the scan state was updated.

lastCheckedAt
string<date-time>

The last date time the asset was checked.

lastReachableAt
string<date-time>

The last date time the asset was successfully checked for reachability.

lastSuccessfulScan
string<date-time>

The last date time the asset scan was successful.

lastFailedScan
string<date-time>

The last date time the asset scan was failed.

firstSeen
string<date-time>

For assets with an origin of discovered. The date time when the asset was first discovered.

lastSeen
string<date-time>

For assets with an origin of discovered. The date time when the asset was last discovered or fingerprinted.

status
enum<string>

Status reported by automated checkers.

Available options:
unchecked,
invalid,
valid
errorCode
integer<int32>

Optional numeric error code set by an automated process such as scanning or checking.

listings
object[]

Array of listings the asset belongs to.

scopeRules
object[]

Rules that modify the scope of security research for this asset.

relationships
object[]

Relationships which this asset participates in, either as a source or as a target.

externalRelationships
object[]

External relationships which this asset participates in as a source. When used in postAssetBulk request, AssetID and AssetUID will be set automatically.

gateways
object[]

Array of Launchpoint-managed VPN gateways per listing.

updatedAt
string<date-time>

Automatically set by the server to the time the request was processed whenever the resource is updated.

updatedBy
string

Automatically set by the server to the requesting user whenever the resource is updated. May be a user account or a service account if the action is performed by an automated.

cloudAccount
object

Keeps credentials for accessing the cloud provider. Mandatory for assets of 'cloudaccount' type.