Assessments

run_assessment

dome9.dome9.Dome9.run_assessment(self, rulesetId, cloudAccountId, cloudAccountType, region=None)

Run compliance assessments on Cloud Accounts, and get the results

Parameters:
  • rulesetId (str) – Id of the Compliance Policy Ruleset to run
  • cloudAccountId (str) – Id of the Cloud Account
  • cloudAccountType (str) – Type of the Cloud Account (Google, Aws, Azure, Kubernetes, …)
  • region (str, optional) – Set a specific region. Defaults to None.
Returns:

Assessment result. Ref: /docs/source/schemas/AssessmentResults.json

Return type:

dict

Response object:
{
    "request": {
        "dome9CloudAccountId": "00000000-0000-0000-0000-000000000000",
        "externalCloudAccountId": "string",
        "cloudAccountId": "string",
        "region": "string",
        "cloudNetwork": "string",
        "cloudAccountType": "Aws",
        "requestId": "00000000-0000-0000-0000-000000000000"
    },
    "tests": [
        {
            "error": "string",
            "testedCount": 0,
            "relevantCount": 0,
            "nonComplyingCount": 0,
            "exclusionStats": {
                "testedCount": 0,
                "relevantCount": 0,
                "nonComplyingCount": 0
            },
            "entityResults": [
                {
                    "validationStatus": "Relevant",
                    "isRelevant": true,
                    "isValid": true,
                    "isExcluded": true,
                    "exclusionId": "00000000-0000-0000-0000-000000000000",
                    "remediationId": "00000000-0000-0000-0000-000000000000",
                    "error": "string",
                    "testObj": {}
                }
            ],
            "rule": {
                "name": "string",
                "severity": "Low",
                "logic": "string",
                "description": "string",
                "remediation": "string",
                "complianceTag": "string",
                "domain": "string",
                "priority": "string",
                "controlTitle": "string",
                "ruleId": "string",
                "logicHash": "string",
                "isDefault": true
            },
            "testPassed": true
        }
    ],
    "locationMetadata": {
        "account": {
            "srl": "string",
            "name": "string",
            "id": "string",
            "externalId": "string"
        },
        "region": {
            "srl": "string",
            "name": "string",
            "id": "string",
            "externalId": "string"
        },
        "cloudNetwork": {
            "srl": "string",
            "name": "string",
            "id": "string",
            "externalId": "string"
        }
    },
    "testEntities": {
        "notSupported": [{}],
        "instance": [{}],
        "securityGroup": [{}],
        "elb": [{}],
        "rds": [{}],
        "lambda": [{}],
        "region": [{}],
        "virtualMachine": [{}],
        "networkSecurityGroup": [{}],
        "cloudTrail": [{}],
        "nacl": [{}],
        "vpc": [{}],
        "subnet": [{}],
        "s3Bucket": [{}],
        "applicationLoadBalancer": [{}],
        "iamUser": [{}],
        "iamRole": [{}],
        "iam": [{}],
        "redshift": [{}],
        "kms": [{}],
        "default": [{}],
        "vmInstance": [{}],
        "iamGroup": [{}],
        "efs": [{}],
        "network": [{}],
        "elastiCache": [{}],
        "loadBalancer": [{}],
        "vNet": [{}],
        "sqldb": [{}],
        "redisCache": [{}],
        "applicationGateway": [{}],
        "resourceGroup": [{}],
        "sqlServer": [{}],
        "ecsCluster": [{}],
        "keyVault": [{}],
        "networkLoadBalancer": [{}],
        "networkInterface": [{}],
        "ecsTaskDefinition": [{}],
        "iamPolicy": [{}],
        "volume": [{}],
        "cloudFront": [{}],
        "kinesis": [{}],
        "iamServerCertificate": [{}],
        "route53HostedZone": [{}],
        "route53RecordSetGroup": [{}],
        "acmCertificate": [{}],
        "route53Domain": [{}],
        "storageAccount": [{}],
        "dynamoDbTable": [{}],
        "ami": [{}],
        "vpnGateway": [{}],
        "virtualMfaDevices": [{}],
        "internetGateway": [{}],
        "wafRegional": [{}],
        "lock": [{}],
        "vpnConnection": [{}],
        "ecsTask": [{}],
        "customerGateway": [{}],
        "gcpSecurityGroup": [{}],
        "elasticIP": [{}],
        "iamInstanceProfile": [{}],
        "storageBucket": [{}],
        "ecsService": [{}],
        "project": [{}],
        "serviceAccount": [{}],
        "kmsKeyRing": [{}],
        "dataWarehouse": [{}],
        "guardDutyDetector": [{}],
        "gcpIamPolicy": [{}],
        "gcpIamUser": [{}],
        "apiGateway": [{}],
        "gcpGsuiteUser": [{}],
        "gcpGsuiteGroup": [{}],
        "gcpIamGroup": [{}],
        "bigQuery": [{}],
        "routeTable": [{}],
        "gkeCluster": [{}],
        "postgreSQL": [{}],
        "vpcFlowLog": [{}],
        "iamAccountSummary": [{}],
        "sageMakerNotebook": [{}],
        "containerRegistry": [{}],
        "inspector": [{}],
        "kmsAliases": [{}],
        "passwordPolicy": [{}],
        "configurationRecorder": [{}],
        "cosmosDbAccount": [{}],
        "networkWatcher": [{}],
        "vpcPeeringConnection": [{}],
        "metricAlarm": [{}],
        "snsSubscription": [{}],
        "logGroup": [{}],
        "metricFilter": [{}],
        "cloudWatchEventsRule": [{}],
        "awsIamAccessKey": [{}],
        "kubernetesNode": [{}],
        "kubernetesPod": [{}],
        "kubernetesService": [{}],
        "logProfile": [{}],
        "policyAssignment": [{}],
        "kubernetesNetworkPolicy": [{}],
        "kubernetesIngress": [{}],
        "kubernetesPodSecurityPolicy": [{}],
        "cloudSql": [{}],
        "kubernetesKubelet": [
            {}
        ]
    },
    "dataSyncStatus": [
        {
            "entityType": "NotSupported",
            "recentlySuccessfulSync": true,
            "generalFetchPermissionIssues": true,
            "entitiesWithPermissionIssues": [
                {
                    "externalId": "string",
                    "name": "string",
                    "cloudVendorIdentifier": "string"
                }
            ]
        }
    ],
    "assessmentPassed": true,
    "hasErrors": true,
    "id": 0
}

get_assessment

dome9.dome9.Dome9.get_assessment(self, assessmentId)

Get results of an assesment by id

Parameters:assessmentId (str) – Report/Assessment id
Returns:Assesment result. Ref: /docs/source/schemas/AssessmentResults.json
Return type:dict
Response object:
{
    "request": {
        "dome9CloudAccountId": "00000000-0000-0000-0000-000000000000",
        "externalCloudAccountId": "string",
        "cloudAccountId": "string",
        "region": "string",
        "cloudNetwork": "string",
        "cloudAccountType": "Aws",
        "requestId": "00000000-0000-0000-0000-000000000000"
    },
    "tests": [
        {
            "error": "string",
            "testedCount": 0,
            "relevantCount": 0,
            "nonComplyingCount": 0,
            "exclusionStats": {
                "testedCount": 0,
                "relevantCount": 0,
                "nonComplyingCount": 0
            },
            "entityResults": [
                {
                    "validationStatus": "Relevant",
                    "isRelevant": true,
                    "isValid": true,
                    "isExcluded": true,
                    "exclusionId": "00000000-0000-0000-0000-000000000000",
                    "remediationId": "00000000-0000-0000-0000-000000000000",
                    "error": "string",
                    "testObj": {}
                }
            ],
            "rule": {
                "name": "string",
                "severity": "Low",
                "logic": "string",
                "description": "string",
                "remediation": "string",
                "complianceTag": "string",
                "domain": "string",
                "priority": "string",
                "controlTitle": "string",
                "ruleId": "string",
                "logicHash": "string",
                "isDefault": true
            },
            "testPassed": true
        }
    ],
    "locationMetadata": {
        "account": {
            "srl": "string",
            "name": "string",
            "id": "string",
            "externalId": "string"
        },
        "region": {
            "srl": "string",
            "name": "string",
            "id": "string",
            "externalId": "string"
        },
        "cloudNetwork": {
            "srl": "string",
            "name": "string",
            "id": "string",
            "externalId": "string"
        }
    },
    "testEntities": {
        "notSupported": [{}],
        "instance": [{}],
        "securityGroup": [{}],
        "elb": [{}],
        "rds": [{}],
        "lambda": [{}],
        "region": [{}],
        "virtualMachine": [{}],
        "networkSecurityGroup": [{}],
        "cloudTrail": [{}],
        "nacl": [{}],
        "vpc": [{}],
        "subnet": [{}],
        "s3Bucket": [{}],
        "applicationLoadBalancer": [{}],
        "iamUser": [{}],
        "iamRole": [{}],
        "iam": [{}],
        "redshift": [{}],
        "kms": [{}],
        "default": [{}],
        "vmInstance": [{}],
        "iamGroup": [{}],
        "efs": [{}],
        "network": [{}],
        "elastiCache": [{}],
        "loadBalancer": [{}],
        "vNet": [{}],
        "sqldb": [{}],
        "redisCache": [{}],
        "applicationGateway": [{}],
        "resourceGroup": [{}],
        "sqlServer": [{}],
        "ecsCluster": [{}],
        "keyVault": [{}],
        "networkLoadBalancer": [{}],
        "networkInterface": [{}],
        "ecsTaskDefinition": [{}],
        "iamPolicy": [{}],
        "volume": [{}],
        "cloudFront": [{}],
        "kinesis": [{}],
        "iamServerCertificate": [{}],
        "route53HostedZone": [{}],
        "route53RecordSetGroup": [{}],
        "acmCertificate": [{}],
        "route53Domain": [{}],
        "storageAccount": [{}],
        "dynamoDbTable": [{}],
        "ami": [{}],
        "vpnGateway": [{}],
        "virtualMfaDevices": [{}],
        "internetGateway": [{}],
        "wafRegional": [{}],
        "lock": [{}],
        "vpnConnection": [{}],
        "ecsTask": [{}],
        "customerGateway": [{}],
        "gcpSecurityGroup": [{}],
        "elasticIP": [{}],
        "iamInstanceProfile": [{}],
        "storageBucket": [{}],
        "ecsService": [{}],
        "project": [{}],
        "serviceAccount": [{}],
        "kmsKeyRing": [{}],
        "dataWarehouse": [{}],
        "guardDutyDetector": [{}],
        "gcpIamPolicy": [{}],
        "gcpIamUser": [{}],
        "apiGateway": [{}],
        "gcpGsuiteUser": [{}],
        "gcpGsuiteGroup": [{}],
        "gcpIamGroup": [{}],
        "bigQuery": [{}],
        "routeTable": [{}],
        "gkeCluster": [{}],
        "postgreSQL": [{}],
        "vpcFlowLog": [{}],
        "iamAccountSummary": [{}],
        "sageMakerNotebook": [{}],
        "containerRegistry": [{}],
        "inspector": [{}],
        "kmsAliases": [{}],
        "passwordPolicy": [{}],
        "configurationRecorder": [{}],
        "cosmosDbAccount": [{}],
        "networkWatcher": [{}],
        "vpcPeeringConnection": [{}],
        "metricAlarm": [{}],
        "snsSubscription": [{}],
        "logGroup": [{}],
        "metricFilter": [{}],
        "cloudWatchEventsRule": [{}],
        "awsIamAccessKey": [{}],
        "kubernetesNode": [{}],
        "kubernetesPod": [{}],
        "kubernetesService": [{}],
        "logProfile": [{}],
        "policyAssignment": [{}],
        "kubernetesNetworkPolicy": [{}],
        "kubernetesIngress": [{}],
        "kubernetesPodSecurityPolicy": [{}],
        "cloudSql": [{}],
        "kubernetesKubelet": [
            {}
        ]
    },
    "dataSyncStatus": [
        {
            "entityType": "NotSupported",
            "recentlySuccessfulSync": true,
            "generalFetchPermissionIssues": true,
            "entitiesWithPermissionIssues": [
                {
                    "externalId": "string",
                    "name": "string",
                    "cloudVendorIdentifier": "string"
                }
            ]
        }
    ],
    "assessmentPassed": true,
    "hasErrors": true,
    "id": 0
}