List all risks of type "RSK"

GET

/v1/risks/rsk

• Production
• Staging
• Local

Parameters

Query Parameters

id

Array<integer>

title_contains

string | null

description_contains

string | null

opened_by

array | null

impact

array | null

Allowed values: Very Low Low Medium High Severe

likelihood

array | null

Allowed values: Remote Unlikely Possible Probable Imminent

initially_reported_urgency

array | null

Allowed values: Critical High Medium Low Info

type

array | null

Allowed values: Code Configuration Control Deficiency Policy Procedural Vulnerability Third-party

status

array | null

Allowed values: New Urgency Proposed Remediation Closure Proposed Closed

source

array | null

threat_objectives

array | null

Allowed values: Sabotage Data Disclosure Extortion Customer Targeting Resource Hijacking Fraud

urgency

array | null

Allowed values: Info Low Medium High Critical

created_date

array | null

updated_date

array | null

closed_date

array | null

discovered_date

array | null

due_date

array | null

expected_date

array | null

assigned_to

array | null

tags

array | null

page

integer | null format: int64

page_size

integer | null format: int64

order_by

string | null

free_text_contains

string | null

Responses

200

List all RSK risks

object

risks

Array<object>

default:

This struct is used to represent both OrgRisks and KeyRisks. It is used to display risks in the Risk Register

object

assigned_to

One of:

null

null

object

AKRs: assigned_to_id on org_key_risk_history OrgRisks: assigned_to_id on risk_history

object

email

required

string

first_name

required

string

icon

string | null format: image/png

Example

https://picsum.photos/200

id

required

string format: uuid

last_name

required

string

closed_date

AKRs: closed_date on org_key_risk_history OrgRisks: closed_date on risk_history

string | null format: date-time

comments

required

Risk_comment

integer format: int64

control_statement

The control statement for the risk

string | null

created_date

required

AKRs: the created_date is derived from created_date on org_key_risk_history. OrgRisks: created_date on risk

string format: date-time

description

required

KeyRisk: key_risk_history OrgRisk: risk_history

string

discovered_date

required

AKRs: discovered_date on org_key_risk_history OrgRisks: discovered_date on risk_history

string format: date-time

due_date

AKRs: due_date on org_key_risk_history OrgRisks: due_date on risk_history

string | null format: date-time

expected_date

AKRs: expected_date on org_key_risk_history OrgRisks: expected_date on risk_history

string | null format: date-time

id

required

string

Example

RSK-00001

impact

One of:

null

null

string

KeyRisk: org_key_risk_history OrgRisk: risk_history

string

Allowed values: Very Low Low Medium High Severe

impact_analysis

The impact analysis for the risk (for AI scoring analysis)

string | null

incident_associations

required

Associations to incident based on the incident_risk_assoc table

Array<string>

Example

INC-00001

initially_reported_urgency

One of:

null

null

string

AKRs: none OrgRisks: tentative urgency on risk_history

string

Allowed values: Critical High Medium Low Info

likelihood

One of:

null

null

string

KeyRisk: org_key_risk_history OrgRisk: risk_history

string

Allowed values: Remote Unlikely Possible Probable Imminent

likelihood_analysis

The likelihood analysis for the risk (for AI scoring analysis)

string | null

opened_by

One of:

null

null

object

AKRs: none OrgRisks: opened_by_id on risk_history

object

email

required

string

first_name

required

string

icon

string | null format: image/png

Example

https://picsum.photos/200

id

required

string format: uuid

last_name

required

string

remediation_task

The task to remediate the risk

string | null

source

KeyRisk: AKR_SOURCE, OrgRisk: risk_history

string | null

status

required

KeyRisk: org_key_risk_history OrgRisk: risk_history

string

Allowed values: New Urgency Proposed Remediation Closure Proposed Closed

tags

required

The tags applied to the risk

Array<object>

object

content

required

string

creator_id

required

string format: uuid

id

required

string format: uuid

org_id

string | null format: uuid

threat_objectives

required

AKRs: key_risk_threat_objective OrgRisks: risk_threat_objective

Array<object>

A relational struct that has a threat objective type and its relevancy to a risk.

object

created_date

The time that this relation was mutated

string | null format: date-time

relevance

One of:

null

null

string

The relevancy of the threat objective to the risk. Typically a value of 1, or 2. While the relevancy is null the the database, implementations of retrieving this from postgres should ignore null values.

string

Allowed values: Moderate Substantial

threat_objective

required

The threat objective type

string

Allowed values: Sabotage Data Disclosure Extortion Customer Targeting Resource Hijacking Fraud

title

required

KeyRisk: key_risk_history OrgRisk: risk_history

string

type

required

KeyRisk: key_risk_history, OrgRisk: risk_history

string

Allowed values: Code Configuration Control Deficiency Policy Procedural Vulnerability Third-party

updated_date

required

AKRs: updated_date on org_key_risk_history OrgRisks: created_date on risk_history

string format: date-time

total

integer

0