Introducing Cado API V3 for Automated SOC Workflow
SOC Teams are under a lot of pressure to respond fast, and cannot waste time with manual processes. Automation is a must for a high performing SOC Team to enable them to work consistently fast. Automation is built into the heart of the Cado platform, allowing SOC Teams to enable one-click automation with leading tools, such as JIRA, Slack, and ServiceNow. This can reduce time to respond greatly and is the key differentiator between hitting tight ticket SLAs.
For more complex tools and workloads, you might need deeper integration. In order to enable that, the Cado Engineering team has been hard at work improving our API, and we're proud to start rolling out the next version of it - API V3.
An easy example to show the power of API V3 is to get a list of EC2 Instances with the name "Web Server" in a specific AWS account and region.
You can request this data using this API:
GET https://my.cado.instance.com/api/v3/import/aws/ec2?region=us-east-1&instance_name="Web Server"&cloud_id="Production" |
In this example we're calling the /import/aws/ec2 API, using the us-east-1 region and the Production AWS Account. Calling this API will yield us these results:
{ "pagination": { "type": "cursor", "next_token": null, "previous_token": null, "current_token": null, "per_page": 10 }, "status": "success", "data": [ { "availability_zone": "us-east-1d", "state": "stopped", "instance_id": "i-00000000000", "instance_name": "Web Server", "instance_type": "t3.large", "ip_address": null, "importable": true, } ] } |
And if we encounter an error, the response is also clear and concise, with additional information to aid in debugging your integrations:
{ "status": "error", "message": "Access was denied when trying to perform the ec2:ListInstances action. Please visit https://docs.aws.amazon.com/IAM/latest/UserGuide/troubleshoot_access-denied.html for common troubleshooting steps for IAM.", "code": "AccessDenied", "data": { "action": "ec2:ListInstances", "resource": null, "documentation": "https://docs.aws.amazon.com/IAM/latest/UserGuide/troubleshoot_access-denied.html" } } |
The data we send back is in a standardized format. This will make it easier for integrations to be built, as you can generally guess on the structure of a response, rather than having to frequently refer to the API documentation.
The format we've adopted is a modified form of JSend. The major change with this format is categorization and additional context of error responses, which will help greatly for building integrations with API V3, as you'll get more context as to what has gone wrong. This additional context and structured information will help you build complex automations faster, with ease.
We’ve also invested a large amount of time greatly refining our API documentation to make it easier to discover new APIs, and understand exactly what they require.
You can use V3 of our API now and get started building automations to refine your SOC workflow. The API documentation is available at https://cado-security.github.io/api-reference/ and you can see code examples at https://github.com/cado-security/cado-api-examples.
New to Cado Security and interested in learning more? Request a demo to see the Cado Platform in action.
More from the blog
View All PostsIPC YOU: How the Cado Platform Reveals Attacker Command Outputs
March 29, 2023Case Study: Responding to an Attack in AWS
January 19, 2023How we Sped up Acquiring Forensic Data From Managed Kubernetes Services by 97% by Rebuilding the SDK
May 25, 2023Subscribe to Our Blog
To stay up to date on the latest from Cado Security, subscribe to our blog today.