This article brings together common customer questions and practical answers based on typical Secureframe workflows, compliance situations and unique tech stacks.
It is meant as quick reference material for day-to-day use of the product.
Asset inventory and CMDB
Can customers filter or sort cloud resources in the Asset Inventory by resource group?
Not directly as a dedicated column, but there is a workaround. Customers can search the Asset Inventory by resource group name and save the view. For example, in an Azure resource ID like /subscriptions/.../resourceGroups/cfmm-azure-ai-test/providers/..., the resource group is cfmm-azure-ai-test, which can be searched and saved as a filtered view.
Does Secureframe support vulnerabilities that are not tied to a resource in the asset inventory?
Yes. For third-party vulnerability integrations, Secureframe now surfaces the resource name even if the vulnerability is not directly tied to an asset in your inventory. This ensures that vulnerabilities affecting multiple resources will appear as separate line items, giving you clearer visibility and making it easier to track and remediate issues across different resources.
For Asset Inventory Cloud resources, can we mark all those out of scope except for the EU-West-1 region?
If assets in other regions are fully isolated (via AWS accounts, VPCs, or network segmentation), they can be marked out of scope.
How does Secureframe simplify asset management?
Secureframe integrates with tools like Kandji, JAMF, and JumpCloud to automatically pull assets into an inventory, assign owners, determine scope, and track security configurations.
I installed the Secureframe Agent — why is my device still missing from Asset Inventory?
-
Let’s confirm if the Secureframe Agent installation completed successfully.
1. Did the installation fail, freeze, or close without finishing?
- If yes, the Agent likely did not install properly. Please re-download and try installing it again.
- If no, continue below.2. Are there Secureframe Agent logs on your device?
- If yes, upload those to your support ticket — they help us verify Agent status.
- If no logs are found, your device’s OS may be incompatible with the Agent.
What kind of evidence is needed for Cloud infrastructure asset inventory if those are on-premise?
A spreadsheet or similar document showing the inventory of servers, switches, or databases. Ensure the owner or team responsible for each item and its status (active/inactive) is included.
Why isn’t my device showing up in Secureframe Asset Inventory after installing the Secureframe Agent?
There are several reasons why a device might not appear in your Asset Inventory. Let’s walk through the most common causes and solutions.
Why would inactive employees still show computer devices “in scope” under Asset Inventory?
A device should only be marked out of scope once it has been confirmed as returned or wiped clean remotely. Admins should not assume this is done via inactive status and should mark the device out of scope manually once the steps are completed.
Do I need to complete every question in the Endpoint Ransomware document, or only the highlighted sections?
All questions should be answered and fully documented.
Does GDPR include endpoint requirements that would require a customer to get the Secureframe agent?
Yes, GDPR has endpoint requirements such as hard drive encryption. The Secureframe agent is not required for GDPR compliance, but the customer must show compliance with the endpoint requirements.
How do I call the appropriate endpoints using SecureFrame's API?
-
Use /evidences/{id} to retrieve a specific evidence item
Use /controls or /tests to access related evidence and compliance data
Use /users/{user_id}/evidences to get evidence tied to a specific user
Authenticate with your API key and secret in each request
Apply filters or pagination if needed for large datasets
First, you will need to setup an API key at https://support.secureframe.com/hc/en-us/articles/38295501741459-Secureframe-Developer-Portal-API
Once your API key is setup, you can visit our API Developer portal which provides documentation and tools to help developers integrate Secureframe with their existing systems.
How do I use the Archive a Vendor endpoint (PUT /vendors/{id}/archive) in the Secureframe API?
Endpoint: PUT /vendors/{id}/archive
Summary: Archive a Vendor
Description: Archives a Vendor by ID.
[DEPRECATED - Use the Third Party Risk Management Vendor [endpoint](/tag/Third-Party-Risk-Management-Vendor#operation/tprmVendorRiskDetailsIndex)].If you have not done so already, please also migrate your Vendors frontend experience by going to [the vendors page](https://app.secureframe.com/vendors/) and clicking “Take me to new TPRM.”
Category: Vendor
Parameters:
- id (path, string, required): Scope response to id
- terminated_at (query, string, optional): The date this vendor was terminated.
Responses:
- default:
- 404: Resource not found
- 403: Forbidden
- 401: Unauthorized
- 400: Bad Request
Authentication: header_authorization
How do I use the Archive an Integration Connection endpoint (PUT /integration_connections/{id}/archive) in the Secureframe API?
Endpoint: PUT /integration_connections/{id}/archive
Summary: Archive an Integration Connection
Description: Archives an Integration Connection by ID.
Category: Integration Connection
Parameters:
- id (path, string, required): Scope response to id
Responses:
- default:
- 404: Resource not found
- 403: Forbidden
- 401: Unauthorized
- 400: Bad Request
Authentication: header_authorization
How do I use the Create a Comment endpoint (POST /comments) in the Secureframe API?
Endpoint: POST /comments
Summary: Create a Comment
Description: Creates a new Comment
Category: Comment
Parameters:
- commentable_id (query, string, optional): The ID of the commentable resource
- commentable_type (query, string, optional): The type of the commentable resource (e.g., "test", "risk", "vendor")
- content (query, string, optional): The content of the comment
- conversation_id (query, string, optional): Optional conversation ID to associate with the comment
Responses:
- default:
- 403: Forbidden
- 401: Unauthorized
- 400: Bad Request
Authentication: header_authorization
How do I use the Create a Knowledge Base Answer endpoint (POST /knowledge_base_answers) in the Secureframe API?
Endpoint: POST /knowledge_base_answers
Summary: Create a Knowledge Base Answer
Description: Create a new Knowledge Base Answer
Category: Knowledge Base Answer
Parameters:
- content (query, string, required): The content of the Knowledge Base Answer.
- knowledge_base_question_id (query, string, required): The ID of the associated Knowledge Base Question.
- primary_answer (query, boolean, optional): Flag to indicate if this is the primary answer.
- type (query, string, required): The type of the Knowledge Base Answer.
Responses:
- default:
- 403: Forbidden
- 401: Unauthorized
- 400: Bad Request
Authentication: header_authorization
How do I use the Create a Knowledge Base Question endpoint (POST /knowledge_base_questions) in the Secureframe API?
Endpoint: POST /knowledge_base_questions
Summary: Create a Knowledge Base Question
Description: Create a new Knowledge Base Question
Category: Knowledge Base Question
Parameters:
- content (query, string, required): The content of the Knowledge Base Question.
- owner_id (query, string, optional): The ID of the owner of the Knowledge Base Question.
- review_frequency (query, string, optional): The frequency of the review of the Knowledge Base Question.
Responses:
- default:
- 403: Forbidden
- 401: Unauthorized
- 400: Bad Request
Authentication: header_authorization
How do I use the Create a Test Export endpoint (POST /tests/{test_id}/exports) in the Secureframe API?
Endpoint: POST /tests/{test_id}/exports
Summary: Create a Test Export
Description: Creates a new Test Export for a Test.
Category: Test Export
Parameters:
- framework_id (query, string, optional): The ID of the Company's Framework for the export
- is_json (query, boolean, optional): If the export should be a JSON file or not (default: false)
- test_id (path, string, required): The ID of the test to attach the evidence
Responses:
- default:
- 404: Resource not found
- 403: Forbidden
- 401: Unauthorized
- 400: Bad Request
Authentication: header_authorization
How do I use the Create a User Evidence endpoint (POST /users/{user_id}/evidences) in the Secureframe API?
Endpoint: POST /users/{user_id}/evidences
Summary: Create a User Evidence
Description: Uploads evidence for a User.
Category: User Evidence
Parameters:
- activity_completion (query, string, optional): The date the activity was completed
- document_type (query, string, required): The type of evidence being uploaded for this user
- user_id (path, string, required): The id of the user to attach the evidence
Request body (multipart/form-data):
- file (string): File which you want to attach as evidence
Responses:
- default:
- 404: Resource not found
- 403: Forbidden
- 401: Unauthorized
- 400: Bad Request
Authentication: header_authorization
How do I use the Create Framework Asset Scope endpoint (POST /cloud_resources/{cloud_resource_id}/framework_asset_scopes) in the Secureframe API?
Endpoint: POST /cloud_resources/{cloud_resource_id}/framework_asset_scopes
Summary: Create Framework Asset Scope
Description: Create a Framework Asset Scope for the Cloud Resource by ID
Category: Cloud Resource Framework Asset Scope
Parameters:
- active (query, boolean, optional): Flag to indicate if this Framework Asset Scope is active.
- cloud_resource_id (path, string, required): Scope response to cloud_resource_id
- framework_id (query, string, optional): The ID of the Framework assigned to this Framework Asset Scope.
- manually_scoped_reason (query, string, optional): Reason if this Framework Asset Scope is manually scoped.
Responses:
- default:
- 404: Resource not found
- 403: Forbidden
- 401: Unauthorized
- 400: Bad Request
Authentication: header_authorization
How do I use the Create Framework Asset Scope endpoint (POST /devices/{device_id}/framework_asset_scopes) in the Secureframe API?
Endpoint: POST /devices/{device_id}/framework_asset_scopes
Summary: Create Framework Asset Scope
Description: Create a Framework Asset Scope for the Device by ID
Category: Device Framework Asset Scope
Parameters:
- active (query, boolean, optional): Flag to indicate if this Framework Asset Scope is active.
- device_id (path, string, required): Scope response to device_id
- framework_id (query, string, optional): The ID of the Framework assigned to this Framework Asset Scope.
- manually_scoped_reason (query, string, optional): Reason if this Framework Asset Scope is manually scoped.
Responses:
- default:
- 404: Resource not found
- 403: Forbidden
- 401: Unauthorized
- 400: Bad Request
Authentication: header_authorization
How do I use the Create Framework Asset Scope endpoint (POST /repositories/{id}/framework_asset_scopes) in the Secureframe API?
Endpoint: POST /repositories/{id}/framework_asset_scopes
Summary: Create Framework Asset Scope
Description: Create a Framework Asset Scope for the Repository by ID
Category: Repository Framework Asset Scope
Parameters:
- active (query, boolean, optional): Flag to indicate if this Framework Asset Scope is active.
- framework_id (query, string, optional): The ID of the Framework assigned to this Framework Asset Scope.
- id (path, string, required): Scope response to id
- manually_scoped_reason (query, string, optional): Reason if this Framework Asset Scope is manually scoped.
Responses:
- default:
- 404: Resource not found
- 403: Forbidden
- 401: Unauthorized
- 400: Bad Request
Authentication: header_authorization
How do I use the Delete a Comment endpoint (DELETE /comments/{id}) in the Secureframe API?
Endpoint: DELETE /comments/{id}
Summary: Delete a Comment
Description: Deletes a Comment by ID
Category: Comment
Parameters:
- id (path, string, required): Scope response to id
Responses:
- default:
- 404: Resource not found
- 403: Forbidden
- 401: Unauthorized
- 400: Bad Request
Authentication: header_authorization
How do I use the Delete a Knowledge Base Answer endpoint (DELETE /knowledge_base_answers/{id}) in the Secureframe API?
Endpoint: DELETE /knowledge_base_answers/{id}
Summary: Delete a Knowledge Base Answer
Description: Delete a Knowledge Base Answer by ID
Category: Knowledge Base Answer
Parameters:
- id (path, string, required): Scope response to id
Responses:
- 200: OK
- 404: Resource not found
- 403: Forbidden
- 401: Unauthorized
- 400: Bad Request
Authentication: header_authorization
How do I use the Delete a Knowledge Base Question endpoint (DELETE /knowledge_base_questions/{id}) in the Secureframe API?
Endpoint: DELETE /knowledge_base_questions/{id}
Summary: Delete a Knowledge Base Question
Description: Delete a Knowledge Base Question by ID
Category: Knowledge Base Question
Parameters:
- id (path, string, required): Scope response to id
Responses:
- 200: OK
- 404: Resource not found
- 403: Forbidden
- 401: Unauthorized
- 400: Bad Request
Authentication: header_authorization
How do I use the Get a Cloud Resource endpoint (GET /cloud_resources/{id}) in the Secureframe API?
Endpoint: GET /cloud_resources/{id}
Summary: Get a Cloud Resource
Description: Returns a single Cloud Resource by ID
Category: Cloud Resource
Parameters:
- id (path, string, required): Scope response to id
Responses:
- default:
- 404: Resource not found
- 403: Forbidden
- 401: Unauthorized
- 400: Bad Request
Authentication: header_authorization
How do I use the Get a Comment endpoint (GET /comments/{id}) in the Secureframe API?
Endpoint: GET /comments/{id}
Summary: Get a Comment
Description: Returns a single Comment by ID
Category: Comment
Parameters:
- id (path, string, required): Scope response to id
Responses:
- default:
- 404: Resource not found
- 403: Forbidden
- 401: Unauthorized
- 400: Bad Request
Authentication: header_authorization
How do I use the Get a Control endpoint (GET /controls/{id}) in the Secureframe API?
Endpoint: GET /controls/{id}
Summary: Get a Control
Description: Returns a Control by ID
Category: Control
Parameters:
- id (path, string, required): Scope response to id
Responses:
- default:
- 404: Resource not found
- 403: Forbidden
- 401: Unauthorized
- 400: Bad Request
Authentication: header_authorization
How do I use the Get a Device endpoint (GET /devices/{id}) in the Secureframe API?
Endpoint: GET /devices/{id}
Summary: Get a Device
Description: Returns a single Device by ID
Category: Device
Parameters:
- id (path, string, required): Scope response to id
Responses:
- default:
- 404: Resource not found
- 403: Forbidden
- 401: Unauthorized
- 400: Bad Request
Authentication: header_authorization
How do I use the Get a Framework endpoint (GET /frameworks/{id}) in the Secureframe API?
Endpoint: GET /frameworks/{id}
Summary: Get a Framework
Description: Returns a Framework by ID
Category: Framework
Parameters:
- id (path, string, required): Scope response to id
Responses:
- default:
- 404: Resource not found
- 403: Forbidden
- 401: Unauthorized
- 400: Bad Request
Authentication: header_authorization
How do I use the Get a Knowledge Base Answer endpoint (GET /knowledge_base_answers/{id}) in the Secureframe API?
Endpoint: GET /knowledge_base_answers/{id}
Summary: Get a Knowledge Base Answer
Description: Returns a single Knowledge Base Answer by ID
Category: Knowledge Base Answer
Parameters:
- id (path, string, required): Scope response to id
Responses:
- default:
- 404: Resource not found
- 403: Forbidden
- 401: Unauthorized
- 400: Bad Request
Authentication: header_authorization
How do I use the Get a Knowledge Base Question endpoint (GET /knowledge_base_questions/{id}) in the Secureframe API?
Endpoint: GET /knowledge_base_questions/{id}
Summary: Get a Knowledge Base Question
Description: Returns a single Knowledge Base Question by ID
Category: Knowledge Base Question
Parameters:
- id (path, string, required): Scope response to id
Responses:
- default:
- 404: Resource not found
- 403: Forbidden
- 401: Unauthorized
- 400: Bad Request
Authentication: header_authorization
How do I use the Get a Repository endpoint (GET /repositories/{id}) in the Secureframe API?
Endpoint: GET /repositories/{id}
Summary: Get a Repository
Description: Returns a single Repository by ID
Category: Repository
Parameters:
- id (path, string, required): Scope response to id
Responses:
- default:
- 404: Resource not found
- 403: Forbidden
- 401: Unauthorized
- 400: Bad Request
Authentication: header_authorization
How do I use the Get a Risk endpoint (GET /risks/{id}) in the Secureframe API?
Endpoint: GET /risks/{id}
Summary: Get a Risk
Description: Returns a Risk by ID
Category: Risk
Parameters:
- id (path, string, required): Scope response to id
Responses:
- default:
- 404: Resource not found
- 403: Forbidden
- 401: Unauthorized
- 400: Bad Request
Authentication: header_authorization
How do I use the Get a Test endpoint (GET /tests/{id}) in the Secureframe API?
Endpoint: GET /tests/{id}
Summary: Get a Test
Description: Returns a Test by ID
Category: Test
Parameters:
- id (path, string, required): Scope response to id
Responses:
- default:
- 404: Resource not found
- 403: Forbidden
- 401: Unauthorized
- 400: Bad Request
Authentication: header_authorization
How do I use the Get a User Account endpoint (GET /user_accounts/{id}) in the Secureframe API?
Endpoint: GET /user_accounts/{id}
Summary: Get a User Account
Description: Returns a single User Account by ID
Category: User Account
Parameters:
- id (path, string, required): Scope response to id
Responses:
- default:
- 404: Resource not found
- 403: Forbidden
- 401: Unauthorized
- 400: Bad Request
Authentication: header_authorization
How do I use the Get a User endpoint (GET /users/{id}) in the Secureframe API?
Endpoint: GET /users/{id}
Summary: Get a User
Description: Returns a User by ID
Category: User
Parameters:
- id (path, string, required): Scope response to id
Responses:
- default:
- 404: Resource not found
- 403: Forbidden
- 401: Unauthorized
- 400: Bad Request
Authentication: header_authorization
How do I use the Get a Vendor endpoint (GET /vendors/{id}) in the Secureframe API?
Endpoint: GET /vendors/{id}
Summary: Get a Vendor
Description: Returns a single Vendor by ID
[DEPRECATED - Use the Third Party Risk Management Vendor [endpoint](/tag/Third-Party-Risk-Management-Vendor#operation/tprmVendorRiskDetailsIndex)].If you have not done so already, please also migrate your Vendors frontend experience by going to [the vendors page](https://app.secureframe.com/vendors/) and clicking “Take me to new TPRM.”
Category: Vendor
Parameters:
- id (path, string, required): Scope response to id
Responses:
- default:
- 404: Resource not found
- 403: Forbidden
- 401: Unauthorized
- 400: Bad Request
Authentication: header_authorization
How do I use the Get an Evidence endpoint (GET /evidences/{id}) in the Secureframe API?
Endpoint: GET /evidences/{id}
Summary: Get an Evidence
Description: Returns a single Evidence by ID
Category: Evidence
Parameters:
- id (path, string, required): Scope response to id
Responses:
- default:
- 404: Resource not found
- 403: Forbidden
- 401: Unauthorized
- 400: Bad Request
Authentication: header_authorization
How do I use the Get an Integration Connection endpoint (GET /integration_connections/{id}) in the Secureframe API?
Endpoint: GET /integration_connections/{id}
Summary: Get an Integration Connection
Description: Returns an Integration Connection by ID
Category: Integration Connection
Parameters:
- id (path, string, required): Scope response to id
Responses:
- default:
- 404: Resource not found
- 403: Forbidden
- 401: Unauthorized
- 400: Bad Request
Authentication: header_authorization
How do I use the Get user security settings endpoint (GET /user_security_settings) in the Secureframe API?
Endpoint: GET /user_security_settings
Summary: Get user security settings
Description: Returns user security settings for the provided API key's company and user
Category: User Security Settings
Responses:
- default:
- 403: Forbidden
- 401: Unauthorized
- 400: Bad Request
Authentication: header_authorization
How do I use the Link a User Account endpoint (PUT /user_accounts/{id}/link) in the Secureframe API?
Endpoint: PUT /user_accounts/{id}/link
Summary: Link a User Account
Description: Links a User to a User Account.
Category: User Account
Parameters:
- id (path, string, required): Scope response to id
- user_id (query, string, optional): The ID of the user to link to the User Account. If user_id is not provided or is an empty string, the User Account will be unlinked.
Responses:
- default:
- 404: Resource not found
- 403: Forbidden
- 401: Unauthorized
- 400: Bad Request
Authentication: header_authorization
How do I use the List Cloud Resources endpoint (GET /cloud_resources) in the Secureframe API?
-
Endpoint: GET /cloud_resources
Summary: List Cloud Resources
Description: Returns a list of Cloud Resources.
### Search parameters| Filter | Description |
| :-- | :-- |
| `cloud_resource_type` | The type of this Cloud Resource |
| `created_at` | The date this Cloud Resource was created |
| `id` | The ID of the Cloud Resource |
| `in_audit_scope` | Flag to indicate if this Cloud Resource is in scope. [DEPRECATED - Use the Cloud Resource Framework Asset Scope [endpoint](/tag/Cloud-Resource-Framework-Asset-Scope#operation/cloudResourcesCompanyFrameworkAssetScopesIndex)] |
| `region` | The region this Cloud Resource belongs to |
| `third_party_id` | The identifier for this Cloud Resource on the vendor side |
| `updated_at` | The date this Cloud Resource was last updated |
| `vendor_name` | The name of the vendor that this Cloud Resource is from |Category: Cloud Resource
Parameters:
- include (query, string, optional): Comma delimited string of relationships to include. Available relationships: company_vendor_connection, integration_connection, owner. Note: company_vendor_connection is deprecated, please use integration_connection instead.
- page (query, integer, optional): Used for pagination of response data (default: page 1). Specifies the offset of the next block of data to receive.
- per_page (query, integer, optional): Used for pagination of response data (default: 100 items per response). Specifies the number of results for a given page.
- q (query, string, optional): Search and filter the Cloud Resource data using Lucene syntax.
- relationships (query, boolean, optional): Set to true to return the associated relationships data within the response. (default: false)
Responses:
- default:
- 403: Forbidden
- 401: Unauthorized
- 400: Bad Request
Authentication: header_authorization
How do I use the List Comments endpoint (GET /comments) in the Secureframe API?
-
Endpoint: GET /comments
Summary: List Comments
Description: Returns a list of Comments.
### Search parameters| Filter | Description |
| :-- | :-- |
| `commentable_type` | The type of the commentable object |
| `commentable_id` | The ID of the commentable object |
| `company_id` | The ID of the company |
| `content` | The content of the comment |
| `id` | The ID of the comment |Category: Comment
Parameters:
- include (query, string, optional): Set to a comma separated list of related resources to include in the response
- page (query, integer, optional): Used for pagination of response data (default: page 1). Specifies the offset of the next block of data to receive.
- per_page (query, integer, optional): Used for pagination of response data (default: 100 items per response). Specifies the number of results for a given page.
- q (query, string, optional): Search and filter the Comment data using Lucene syntax.
- relationships (query, boolean, optional): Set to true to return the associated relationships data within the response. (default: false)
Responses:
- default:
- 403: Forbidden
- 401: Unauthorized
- 400: Bad Request
Authentication: header_authorization
How do I use the List Controls endpoint (GET /controls) in the Secureframe API?
-
Endpoint: GET /controls
Summary: List Controls
Description: Returns a list of Controls.
### Search parameters| Filter | Description |
| :-- | :-- |
| `author_name` | The author name of the Control |
| `description` | The description of the Control |
| `key` | The key of the Control |
| `name` | The name of the Control |
| `frameworks` | The framework keys for this Control |
| `created_at` | The date when this Control was created |
| `custom` | True if Control is custom, False if authored by Secureframe |
| `enabled` | Flag to indicate if this Control is enabled |
| `first_failed_at` | When the Control first failed |
| `health_status` | The overall health of the Control |
| `id` | The ID of the Control |
| `implementation_date` | The implementation date of the Control |
| `owner_assigned_at` | When the owner was assigned to the Control |
| `owner_name` | The Control owner's name |
| `updated_at` | The date the Control was last updated |Category: Control
Parameters:
- include (query, string, optional): Comma delimited string of relationships to include. Available relationships: author, company, owner
- page (query, integer, optional): Used for pagination of response data (default: page 1). Specifies the offset of the next block of data to receive.
- per_page (query, integer, optional): Used for pagination of response data (default: 100 items per response). Specifies the number of results for a given page.
- q (query, string, optional): Search and filter the control data using Lucene syntax.
- relationships (query, boolean, optional): Set to true to return the associated relationships data within the response. (default: false)
Responses:
- default:
- 403: Forbidden
- 401: Unauthorized
- 400: Bad Request
Authentication: header_authorization
How do I use the List Devices endpoint (GET /devices) in the Secureframe API?
-
Endpoint: GET /devices
Summary: List Devices
Description: Returns a list of Devices.
### Search parameters| Filter | Description |
| :-- | :-- |
| `cpu` | The cpu info available for this Device |
| `created_at` | The date this Device object was created |
| `device_name` | The name of the Device |
| `device_user_name` | The Device user's name |
| `hard_drive_encrypted` | Flag to indicate if the hard drive is encrypted |
| `id` | The ID of the Device |
| `in_audit_scope` | Flag to indicate if this Device is in scope. [DEPRECATED - Use the Device Framework Asset Scope [endpoint](/tag/Device-Framework-Asset-Scope#operation/devicesCompanyFrameworkAssetScopesIndex)] |
| `last_checkin_at` | The date this Device last checked in |
| `local_firewall_enabled` | Flag to indicate if the local firewall is enabled |
| `mac_address` | The MAC address of the Device |
| `make` | The make of the Device |
| `memory` | The memory of the Device |
| `model` | The model of the Device |
| `native_anti_virus_enabled` | Flag to indicate if native antivirus is enabled |
| `os` | The operating system of the Device |
| `out_of_audit_scope_reason` | Out of scope reason if the Device is not in scope |
| `owner_name` | The Device owner's name |
| `password_enforcement_enabled` | Flag to indicate if password enforcement is enabled |
| `remote_ip` | The remote IP of the Device |
| `serial_number` | The serial number of the Device |
| `session_timeout_enabled` | Flag to indicate if session timeout is enabled |
| `updated_at` | The date this Device was last updated |Category: Device
Parameters:
- include (query, boolean, optional): Set to true along with relationships to return the entire relationship data in the `included` key within the response.
- page (query, integer, optional): Used for pagination of response data (default: page 1). Specifies the offset of the next block of data to receive.
- per_page (query, integer, optional): Used for pagination of response data (default: 100 items per response). Specifies the number of results for a given page.
- q (query, string, optional): Search and filter the Device data using Lucene syntax.
- relationships (query, boolean, optional): Set to true to return the associated relationships data within the response. (default: false)
Responses:
- default:
- 403: Forbidden
- 401: Unauthorized
- 400: Bad Request
Authentication: header_authorization
How do I use the List Framework Asset Scopes endpoint (GET /cloud_resources/{cloud_resource_id}/framework_asset_scopes) in the Secureframe API?
-
Endpoint: GET /cloud_resources/{cloud_resource_id}/framework_asset_scopes
Summary: List Framework Asset Scopes
Description: Returns a list of Framework Asset Scopes for the Cloud Resource by IDThe absence of a Framework Asset Scope indicates the asset is not in scope for the Framework.
Category: Cloud Resource Framework Asset Scope
Parameters:
- cloud_resource_id (path, string, required): Scope response to cloud_resource_id
- include (query, string, optional): Comma delimited string of relationships to include. Available relationships: manually_scoped_by
- relationships (query, boolean, optional): Set to true to return the associated relationships data within the response. (default: false)
Responses:
- default:
- 403: Forbidden
- 401: Unauthorized
- 400: Bad Request
Authentication: header_authorization
How do I use the List Framework Asset Scopes endpoint (GET /devices/{device_id}/framework_asset_scopes) in the Secureframe API?
-
Endpoint: GET /devices/{device_id}/framework_asset_scopes
Summary: List Framework Asset Scopes
Description: Returns a list of Framework Asset Scopes for the Device by IDThe absence of a Framework Asset Scope indicates the asset is not in scope for the Framework.
Category: Device Framework Asset Scope
Parameters:
- device_id (path, string, required): Scope response to device_id
- include (query, string, optional): Comma delimited string of relationships to include. Available relationships: manually_scoped_by
- relationships (query, boolean, optional): Set to true to return the associated relationships data within the response. (default: false)
Responses:
- default:
- 403: Forbidden
- 401: Unauthorized
- 400: Bad Request
Authentication: header_authorization
How do I use the List Framework Asset Scopes endpoint (GET /repositories/{id}/framework_asset_scopes) in the Secureframe API?
-
Endpoint: GET /repositories/{id}/framework_asset_scopes
Summary: List Framework Asset Scopes
Description: Returns a list of Framework Asset Scopes for the Repository by ID.The absence of a Framework Asset Scope indicates the asset is not in scope for the Framework.
Category: Repository Framework Asset Scope
Parameters:
- id (path, string, required): Scope response to id
- include (query, string, optional): Comma delimited string of relationships to include. Available relationships: manually_scoped_by
- relationships (query, boolean, optional): Set to true to return the associated relationships data within the response. (default: false)
Responses:
- default:
- 403: Forbidden
- 401: Unauthorized
- 400: Bad Request
Authentication: header_authorization
How do I use the List Frameworks endpoint (GET /frameworks) in the Secureframe API?
-
Endpoint: GET /frameworks
Summary: List Frameworks
Description: Returns a list of Frameworks.
### Search parameters| Filter | Description |
| :-- | :-- |
| `created_at` | The date when this Framework was created |
| `id` | The ID of the Framework |
| `title` | The title of the Framework |
| `updated_at` | The date the Framework was last updated |Category: Framework
Parameters:
- include (query, string, optional): Comma delimited string of relationships to include. Available relationships: company
- page (query, integer, optional): Used for pagination of response data (default: page 1). Specifies the offset of the next block of data to receive.
- per_page (query, integer, optional): Used for pagination of response data (default: 100 items per response). Specifies the number of results for a given page.
- q (query, string, optional): Search and filter the Framework data using Lucene syntax.
- relationships (query, boolean, optional): Set to true to return the associated relationships data within the response. (default: false)
Responses:
- default:
- 403: Forbidden
- 401: Unauthorized
- 400: Bad Request
Authentication: header_authorization
How do I use the List Integration Connections endpoint (GET /integration_connections) in the Secureframe API?
-
Endpoint: GET /integration_connections
Summary: List Integration Connections
Description: Returns a list of Integration Connections.
### Search parameters| Filter | Description |
| :-- | :-- |
| `id` | The ID of the Integration Connection |
| `name` | The name of the Integration Connection if applicable |
| `status` | The status of the Integration Connection |
| `updated_at` | The date this Integration Connection was last updated |
| `vendor_name` | The name of the vendor for this Integration Connection |Category: Integration Connection
Parameters:
- include (query, string, optional): Comma delimited string of relationships to include. Available relationships: company_vendor
- page (query, integer, optional): Used for pagination of response data (default: page 1). Specifies the offset of the next block of data to receive.
- per_page (query, integer, optional): Used for pagination of response data (default: 100 items per response). Specifies the number of results for a given page.
- q (query, string, optional): Search and filter the Integration Connection data using Lucene syntax.
- relationships (query, boolean, optional): Set to true to return the associated relationships data within the response. (default: false)
Responses:
- default:
- 403: Forbidden
- 401: Unauthorized
- 400: Bad Request
Authentication: header_authorization
How do I use the List Repositories endpoint (GET /repositories) in the Secureframe API?
-
Endpoint: GET /repositories
Summary: List Repositories
Description: Returns a list of Repositories.
### Search parameters| Filter | Description |
| :-- | :-- |
| `created_at` | The date this Repository was created |
| `id` | The ID of the Repository |
| `in_audit_scope` | Flag to indicate if the Repository is in audit scope. [DEPRECATED - Use the Repository Framework Asset Scope [endpoint](/tag/Repository-Framework-Asset-Scope#operation/repositoriesCompanyFrameworkAssetScopesIndex)] |
| `name` | The name of the repository |
| `owner_name` | The Repository owner's name |
| `private` | Flag to indicate if the Repository is private |
| `updated_at` | The date this Repository was last updated |
| `vendor_name` | The name of the vendor that this Repository is from |Category: Repository
Parameters:
- include (query, string, optional): Comma delimited string of relationships to include. Available relationships: company_vendor_connection, integration_connection, owner. Note: company_vendor_connection is deprecated, please use integration_connection instead.
- page (query, integer, optional): Used for pagination of response data (default: page 1). Specifies the offset of the next block of data to receive.
- per_page (query, integer, optional): Used for pagination of response data (default: 100 items per response). Specifies the number of results for a given page.
- q (query, string, optional): Search and filter the Repository data using Lucene syntax.
- relationships (query, boolean, optional): Set to true to return the associated relationships data within the response. (default: false)
Responses:
- default:
- 403: Forbidden
- 401: Unauthorized
- 400: Bad Request
Authentication: header_authorization
How do I use the List Risks endpoint (GET /risks) in the Secureframe API?
-
Endpoint: GET /risks
Summary: List Risks
Description: Returns a list of Risks.
### Search parameters| Filter | Description |
| :-- | :-- |
| `archived` | Flag to indicate if this risk is archived |
| `id` | The ID of the risk |
| `custom_risk_id` | The custom risk ID |
| `owner_name` | The name of the User that is the owner for this risk |
| `description` | The description of the risk |Category: Risk
Parameters:
- include (query, string, optional): Comma delimited string of relationships to include. Available relationships: owner
- page (query, integer, optional): Used for pagination of response data (default: page 1). Specifies the offset of the next block of data to receive.
- per_page (query, integer, optional): Used for pagination of response data (default: 100 items per response). Specifies the number of results for a given page.
- q (query, string, optional): Search and filter the Risk data using Lucene syntax.
- relationships (query, boolean, optional): Set to true to return the associated relationships data within the response. (default: false)
Responses:
- default:
- 403: Forbidden
- 401: Unauthorized
- 400: Bad Request
Authentication: header_authorization
How do I use the List Tests endpoint (GET /tests) in the Secureframe API?
-
Endpoint: GET /tests
Summary: List Tests
Description: Returns a list of Tests.
### Search parameters| Filter | Description |
| :-- | :-- |
| `author_name` | The author name of the Test |
| `created_at` | The date when this Test was created |
| `custom` | True if the Test is custom (user generated), false if it's Secureframe-authored |
| `description` | The description of the Test |
| `enabled` | True if the Test is currently enabled |
| `enabled_field_updated_by_user` | The name of the user who enabled the Test, null if wasn't enabled by a user |
| `frameworks` | The framework keys for this Test |
| `health_status` | The overall health of the Test |
| `id` | The ID of the Test |
| `key` | The user-friendly identifier used to reference this Test |
| `last_evaluated` | The date the Test was last evaluated at |
| `next_due_date` | The date new Test evidence is needed by if applicable |
| `owner_assigned_at` | The date the Test owner was assigned |
| `owner_name` | The Test owner's name |
| `pass` | True if the Test is passing, false otherwise. [DEPRECATED - Use health_status instead] |
| `passed_with_upload` | True if the Test passed from the existance of an upload, false otherwise |
| `promote_at` | The current date set for implementation of the Test |
| `recommended_action` | Actions for completing the Test |
| `required_implementation_date` | The pre-configured date the Test must be implemented by |
| `resource_category` | The category the Test resource belongs to |
| `status` | The status of the Test. [DEPRECATED - Use health_status instead] |
| `test_domain` | The domain the Test belongs to |
| `test_function` | The purpose of the Test |
| `test_interval_seconds` | The interval in which Test evidence should be collected if applicable |
| `test_type` | The type of Test |
| `title` | The title of the Test |
| `tolerance_window_seconds` | The time between the Test interval elapsing and evidence becoming stale and Test failing if applicable |
| `updated_at` | The date the Test was last updated |
| `vendor_name` | The vendor name associated with the Test if applicable |Category: Test
Parameters:
- include (query, string, optional): Comma delimited string of relationships to include. Available relationships: company, enabled_field_updated_by, owner, promoted_by
- page (query, integer, optional): Used for pagination of response data (default: page 1). Specifies the offset of the next block of data to receive.
- per_page (query, integer, optional): Used for pagination of response data (default: 100 items per response). Specifies the number of results for a given page.
- q (query, string, optional): Search and filter the Test data using Lucene syntax.
- relationships (query, boolean, optional): Set to true to return the associated relationships data within the response. (default: false)
Responses:
- default:
- 403: Forbidden
- 401: Unauthorized
- 400: Bad Request
Authentication: header_authorization
How do I use the List User Accounts endpoint (GET /user_accounts) in the Secureframe API?
-
Endpoint: GET /user_accounts
Summary: List User Accounts
Description: Returns a list of User Accounts.
### Search parameters| Filter | Description |
| :-- | :-- |
| `active` | Flag to indicate if this is an active User Account on the vendor side. Defaults to true if the vendor does not support or provide this value. |
| `created_at` | The date this User Account was created |
| `email` | The email received from the connection |
| `first_name` | The first name of the user received from the connection |
| `has_user` | Flag to indicate if this User Account has a User. False indicates that it's an unlinked account |
| `id` | The ID of the User Account |
| `last_name` | The last name of the user received from the connection |
| `third_party_id` | The identifier for this User Account on the vendor side |
| `updated_at` | The date this User Account was last updated |
| `vendor_name` | The name of the vendor that this User Account is from |Category: User Account
Parameters:
- include (query, string, optional): Comma delimited string of relationships to include. Available relationships: company_user, company_vendor_connection, integration_connection. Note: company_vendor_connection is deprecated, please use integration_connection instead.
- page (query, integer, optional): Used for pagination of response data (default: page 1). Specifies the offset of the next block of data to receive.
- per_page (query, integer, optional): Used for pagination of response data (default: 100 items per response). Specifies the number of results for a given page.
- q (query, string, optional): Search and filter the User Account data using Lucene syntax.
- relationships (query, boolean, optional): Set to true to return the associated relationships data within the response. (default: false)
Responses:
- default:
- 403: Forbidden
- 401: Unauthorized
- 400: Bad Request
Authentication: header_authorization
How do I use the List Users endpoint (GET /users) in the Secureframe API?
-
Endpoint: GET /users
Summary: List Users
Description: Returns a list of Users.
### Search parameters| Filter | Description |
| :-- | :-- |
| `active` | Flag to indicate if this User is active |
| `department_id` | The department_id of the User |
| `email` | The email of the User |
| `employee_type` | The employee_type of the User |
| `end_date` | The end date for the User |
| `first_name` | The first name of the User |
| `id` | The ID of the User |
| `in_audit_scope` | Flag to indicate if the User is in audit scope |
| `invited` | Flag to indicate if this User has been invited |
| `invited_at` | The date the User was invited |
| `last_name` | The last name of the User |
| `name` | The name of the User |
| `onboarding_status` | The onboarding status of the User |
| `personnel_status` | The personnel status of the User |
| `preferred_first_name` | The preferred first name of the User |
| `secureframe_agent_acknowledged_at` | The date that the User acknowledged secureframe agent |
| `start_date` | The start date of the User |
| `title` | The title of the User |Category: User
Parameters:
- include (query, string, optional): Comma delimited string of relationships to include. Available relationships: company, manager
- page (query, integer, optional): Used for pagination of response data (default: page 1). Specifies the offset of the next block of data to receive.
- per_page (query, integer, optional): Used for pagination of response data (default: 100 items per response). Specifies the number of results for a given page.
- q (query, string, optional): Search and filter the user data using Lucene syntax.
- relationships (query, boolean, optional): Set to true to return the associated relationships data within the response. (default: false)
Responses:
- default:
- 403: Forbidden
- 401: Unauthorized
- 400: Bad Request
Authentication: header_authorization
How do I use the List Vendors endpoint (GET /vendors) in the Secureframe API?
-
Endpoint: GET /vendors
Summary: List Vendors
Description: Returns a list of Vendors.
[DEPRECATED - Use the Third Party Risk Management Vendor [endpoint](/tag/Third-Party-Risk-Management-Vendor#operation/tprmVendorRiskDetailsIndex)].If you have not done so already, please also migrate your Vendors frontend experience by going to [the vendors page](https://app.secureframe.com/vendors/) and clicking “Take me to new TPRM.”
### Search parameters| Filter | Description |
| :-- | :-- |
| `archived` | Flag to indicate if this Vendor is archived |
| `id` | The ID of the Vendor |
| `name` | The name of the Vendor |
| `owner_name` | The name of the User that is the owner for this Vendor |
| `risk_level` | The risk level for this Vendor |
| `updated_at` | The date this Vendor was last updated |Category: Vendor
Parameters:
- page (query, integer, optional): Used for pagination of response data (default: page 1). Specifies the offset of the next block of data to receive.
- per_page (query, integer, optional): Used for pagination of response data (default: 100 items per response). Specifies the number of results for a given page.
- q (query, string, optional): Search and filter the Vendor data using Lucene syntax.
Responses:
- default:
- 403: Forbidden
- 401: Unauthorized
- 400: Bad Request
Authentication: header_authorization
How do I use the Publish data endpoint (POST /custom_connections/{id}/data) in the Secureframe API?
-
Endpoint: POST /custom_connections/{id}/data
Summary: Publish data
Description: Publish resource data to a custom integration.This endpoint accepts a list of resource data objects, each containing the current state of a resource to be
processed. This data will be processed and if successful, the results will be available in the Custom Automated
Tests feature, as well as the Asset Inventory and/or other Secureframe features.**Early access:** This endpoint is currently only available to customers in our Early Access program. Please contact
Secureframe to request access. All details are subject to change.### New schemas
If a schema does not already exist for the provided slug, one will be created automatically based on the structure
of the first resource data object in the request.After a schema is created, it must be defined using the "Define Schema" workflow in the Secureframe application
interface in order for the data to be processed.### Resource data format
You can provide us data in any JSON structure you like, as long as all resources in a schema follow the same
format. We recommend you provide the data to us with as few changes as possible from the original format in your
system or as provided by the vendor.At least one field must uniquely identify the resource within the schema, and be set as its "primary ID" when
defining the schema. The primary ID cannot be changed after the schema is created.The data may be nested (e.g. `{ "name": { "first": "Alan", "last": "Turing" } }`). However, arrays are not currently
supported and will be ignored.### Supported model mappings
When you send resource data to Secureframe using schemas that have a model mapping set up, the data will be mapped to corresponding models in the Secureframe application. \
\
You can structure your data in any way that makes sense for your systems, as long as all required fields are present for the chosen category. \
The field names in your data don't need to match our internal field names - the mapping is handled automatically based on the schema definition. \
We recommend providing data in a format as close as possible to the examples below. This approach simplifies integration and makes it easier to properly map your data to our system. \
After processing, your data will appear in the appropriate sections of the Secureframe application, such as Asset Inventory, Personnel, or Training Records, depending on the schema's category.**Cloud resources** \
\
Cloud resources are the resources used for creating and updating any cloud-based or on-premise servers, virtual machines, VPNs, databases, etc.
These should be used any time you want to import data about hardware or cloud-based infrastructure components that are in scope for your compliance plan. \
\
Example resource data for a cloud resource:
```json
{
"id": "123", // required, type: string
"cloud_resource_type": "aws_ec2_instance", // required, type: string, supported values listed below
"description": "My Cloud Resource" // optional, type: string
}
```
<details>
<summary>Supported values for `cloud_resource_type`</summary>- account
- acm_certificate
- alert
- analytics
- api_management_service
- app_gateway
- app_workflow
- athena_workgroup
- audit_config_all_services
- autoscaling_group
- batch_account
- cdn
- certificate
- cloudfront_distribution
- cloudtrail
- cloudwatchlogs_log_group
- cluster
- cluster_node_pool
- compute_backend_service
- compute_disk
- compute_instance
- compute_network
- compute_subnetwork
- compute_target_http_proxy_list
- compute_url_map
- configservice_recorder
- container_cluster
- container_registry
- crypto_key
- database
- database_backup
- database_firewall_rule
- database_replica
- datalake_analytics
- datalake_storage
- dms_instance
- diagnostic_setting
- dns_managed_zone
- docker_image
- domain
- domain_record
- droplet
- droplet_neighbor
- dynamodb_table
- ec2_image
- ec2_instance
- ec2_security_group
- ec2_snapshot
- ec2_subnet
- ec2_volume
- ec2_vpc
- ec2_vpc_peering_connections
- ecr_repository
- efs_filesystem
- eks_cluster
- elasticloadbalancing
- elb
- elbv2
- elbv2_listener
- es_domain
- event_hub
- firehose_stream
- firewall
- floating_ip
- fsx_file_system
- glacier_vault
- guardduty_detector
- heroku_addon
- heroku_app
- iam_certificate
- iam_group
- iam_mfa_device
- iam_password_policy
- iam_role
- iam_user
- iam_account
- iam_credential_report
- image
- iot
- key
- key_vault
- keyring
- kinesis_stream
- kms_key
- lambda_function
- load_balancer
- log_alert
- log_profile
- metric
- microsoft_compute_virtualmachines
- microsoft_compute_virtualmachines_scaleset
- microsoft_container_images
- microsoft_dbformysql_servers
- microsoft_dbforpostgresql_servers
- microsoft_sql_servers
- microsoft_sql_servers_blob_auditing_policy
- microsoft_sql_servers_databases
- microsoft_storage_storageaccounts
- monitoring_alert_policy
- nat_gateway
- network_load_balancer
- network_watcher
- organizations_account
- policy_assignment
- project
- project_resource
- public_ip_address
- rds_cluster
- rds_instance
- rds_snapshot
- redis_service
- resourcemanager_project
- redshift
- region
- registry
- registry_repository
- route53domain
- route_table
- s3_bucket
- sagemaker_notebook
- search_service
- security_auto_provisioning_setting
- security_contact
- security_group
- servicebus
- service_account
- ses_dkim
- ses_ruleset
- snapshot
- sns_topic
- space
- space_cor
- sql_instance
- sqs_queue
- ssl_proxy
- ssm_instance
- ssm_parameter
- storage_bucket
- storage_container
- storage_volume
- subscription
- transfer_server
- virtual_network
- vpc
- vpc_member
- web_app_service
- xray_encryption_config</details>
**Training records** \
\
Training records specify that a certain person has completed a training course. These should be used when you have data from an external training system and you want to bring that data into Secureframe. \
The `completed_at` attribute should be set if training was completed.
\
Example resource data for a training record:
```json
{
"id": "123", // required, type: string
"completed_at": "2024-01-01T00:00:00Z", // type: datetime, format: ISO 8601
"user_email": "john.doe@example.com", // required, type: string
"training_slug": "security_awareness_training" // required, type: string, supported values listed below
}
```
<details>
<summary>Supported values for `training_slug`</summary>- ccpa_training
- gdpr_training
- hipaa_training
- pci_secure_code_training
- pci_training
- security_awareness_training</details>
**Personnel accounts** \
\
Personnel accounts are records that a person has an account granting them access to a certain system. \
You can use this to import information about these accounts into the Secureframe application's Personnel section. \
\
Example resource data for a personnel account:
```json
{
"id": "123", // required, type: string
"email": "john.doe@example.com", // required, type: string
"secondary_email": "john.doe2@example.com", // optional, type: string
"username": "john.doe", // optional, type: string
"first_name": "John", // optional, type: string
"preferred_first_name": "John", // optional, type: string
"last_name": "Doe", // optional, type: string
"admin": false, // optional, type: boolean
"active": true // optional, type: boolean
}
```**Devices** \
\
Devices are records that a person has a device that is managed by your organization. \
You can use this to import information about these devices into the Computers tab of the Secureframe application's Asset inventory section. \
\
Example resource data for a device:
```json
{
"device_name": "John's MacBook Pro", // optional, type: string
"email": "john.doe@example.com", // optional, type: string
"model": "MacBook Pro 16-inch", // optional, type: string
"make": "Apple", // optional, type: string
"serial_number": "F2NK4NGXQW2", // optional, type: string
"enroll_date": "2024-03-01T12:00:00Z", // optional, type: datetime, format: ISO 8601
"device_uuid": "12345678-1234-1234-1234-123456789012", // optional, type: string
"last_checkin_at": "2025-03-17T10:30:00Z", // optional, type: datetime, format: ISO 8601
"os": "macOS 14.3", // optional, type: string
"cpu": "Apple M2 Max", // optional, type: string
"memory": "32GB", // optional, type: string
"mac_address": "00:1A:2B:3C:4D:5E", // optional, type: string
"remote_ip": "127.0.0.1", // optional, type: string
"hard_drive_encrypted": true, // optional, type: boolean
"active": true, // optional, type: boolean
"native_anti_virus_enabled": true, // optional, type: boolean
"password_enforcement_enabled": true, // optional, type: boolean
"local_firewall_enabled": true, // optional, type: boolean
"session_timeout_enabled": true, // optional, type: boolean
"anti_virus_software": "XProtect", // optional, type: string
"macos_filevault_enabled": true // optional, type: boolean
}
```### Processing
This data will be processed asynchronously, and a `202 Accepted` response indicates the data is enqueued for
processing. There may be a delay before the data is available in the Secureframe application, especially if a large
amount of data is being processed.Data for a given connection will be processed in the order it is enqueued, even if provided in separate requests
or for separate schemas.#### Partial updates
By default, the data in a request will replace the existing data for the resource and is expected to be the complete
state of a resource. To perform a partial update, you can set the `partial` parameter to `true`. When processing a partial
update, only the fields specified in the request will be updated. Any fields not specified in the request will be
left unchanged. If you want to delete a field, you can set its value to `null`.
Category: Custom Integration
Parameters:
- id (path, string, required): The ID of the custom connection.
Responses:
- 202: Accepted The data is enqueued for processing.
- 400: Bad Request The request body was not in the correct format.
- 401: Unauthorized The Authorization header was invalid.
- 403: Forbidden The API key provided was not authorized to push data for this custom connection.
- 404: Not Found A custom connection could not be found for the provided ID.
Authentication: header_authorization
How do I use the Update a Cloud Resource endpoint (PUT /cloud_resources/{id}) in the Secureframe API?
Endpoint: PUT /cloud_resources/{id}
Summary: Update a Cloud Resource
Description: Update a Cloud Resource by ID
Category: Cloud Resource
Parameters:
- id (path, string, required): Scope response to id
- in_audit_scope (query, boolean, optional): Flag to indicate if this Cloud Resource is in scope. [DEPRECATED - Use the Cloud Resource Framework Asset Scope [endpoint](/tag/Cloud-Resource-Framework-Asset-Scope#operation/cloudResourcesCompanyFrameworkAssetScopesCreate)]
- out_of_audit_scope_reason (query, string, optional): Out of scope reason if the Cloud Resource is not in scope. [DEPRECATED - Use the Cloud Resource Framework Asset Scope [endpoint](/tag/Cloud-Resource-Framework-Asset-Scope#operation/cloudResourcesCompanyFrameworkAssetScopesCreate)]
- owner_id (query, string, optional): ID of the User that's the owner of this Cloud Resource.
Responses:
- default:
- 404: Resource not found
- 403: Forbidden
- 401: Unauthorized
- 400: Bad Request
Authentication: header_authorization
How do I use the Update a Comment endpoint (PUT /comments/{id}) in the Secureframe API?
Endpoint: PUT /comments/{id}
Summary: Update a Comment
Description: Updates a Comment by ID
Category: Comment
Parameters:
- content (query, string, optional): The updated content of the comment
- id (path, string, required): Scope response to id
Responses:
- default:
- 404: Resource not found
- 403: Forbidden
- 401: Unauthorized
- 400: Bad Request
Authentication: header_authorization
How do I use the Update a Knowledge Base Answer endpoint (PUT /knowledge_base_answers/{id}) in the Secureframe API?
Endpoint: PUT /knowledge_base_answers/{id}
Summary: Update a Knowledge Base Answer
Description: Update a Knowledge Base Answer by ID
Category: Knowledge Base Answer
Parameters:
- content (query, string, optional): The content of the Knowledge Base Answer.
- id (path, string, required): Scope response to id
- primary_answer (query, boolean, optional): Flag to indicate if this is the primary answer.
- type (query, string, optional): The type of the Knowledge Base Answer.
Responses:
- default:
- 403: Forbidden
- 401: Unauthorized
- 400: Bad Request
Authentication: header_authorization
How do I use the Update a Knowledge Base Question endpoint (PUT /knowledge_base_questions/{id}) in the Secureframe API?
Endpoint: PUT /knowledge_base_questions/{id}
Summary: Update a Knowledge Base Question
Description: Update a Knowledge Base Question by ID
Category: Knowledge Base Question
Parameters:
- content (query, string, optional): The content of the Knowledge Base Question.
- id (path, string, required): Scope response to id
- manual_review_requested (query, boolean, optional): Flag to indicate if a manual review of the Knowledge Base Question is requested.
- owner_id (query, string, optional): The ID of the owner of the Knowledge Base Question.
- review_frequency (query, string, optional): The frequency of the review of the Knowledge Base Question.
Responses:
- default:
- 403: Forbidden
- 401: Unauthorized
- 400: Bad Request
Authentication: header_authorization
How do I use the Update a Repository endpoint (PUT /repositories/{id}) in the Secureframe API?
Endpoint: PUT /repositories/{id}
Summary: Update a Repository
Description: Update a Repository by ID
Category: Repository
Parameters:
- id (path, string, required): Scope response to id
- in_audit_scope (query, boolean, optional): Flag to indicate if this Repository is in scope. [DEPRECATED - Use the Repository Framework Asset Scope [endpoint](/tag/Repository-Framework-Asset-Scope#operation/repositoriesCompanyFrameworkAssetScopesCreate)]
- out_of_audit_scope_reason (query, string, optional): Out of scope reason if the repository is not in scope. [DEPRECATED - Use the Repository Framework Asset Scope [endpoint](/tag/Repository-Framework-Asset-Scope#operation/repositoriesCompanyFrameworkAssetScopesCreate)]
- owner_id (query, string, optional): ID of the User that's the owner of this repository.
Responses:
- default:
- 404: Resource not found
- 403: Forbidden
- 401: Unauthorized
- 400: Bad Request
Authentication: header_authorization
How do I use the Update a Test endpoint (PUT /tests/{id}) in the Secureframe API?
Endpoint: PUT /tests/{id}
Summary: Update a Test
Description: Update a Test by ID
Category: Test
Parameters:
- disabled_justification (query, string, optional): The justification reason for why this test is disabled.
- enabled (query, boolean, optional): true or false for whether this test should be enabled or disabled.
- id (path, string, required): Scope response to id
- next_due_date (query, string, optional): Date time in ISO8601 format.
- owner_id (query, string, optional): The UUID of a user.
- passed_with_upload_justification (query, string, optional): The justification reason for why this test is passed with upload.
- promote_at (query, string, optional): Date time in ISO8601 format.
- test_interval_seconds (query, string, optional): How often the test should be run.
- tolerance_window_seconds (query, string, optional): The tolerance window representation for a test to be at risk.
Responses:
- default:
- 404: Resource not found
- 403: Forbidden
- 401: Unauthorized
- 400: Bad Request
Authentication: header_authorization
How do I use the Update a User endpoint (PUT /users/{id}) in the Secureframe API?
Endpoint: PUT /users/{id}
Summary: Update a User
Description: Update a User by ID
Category: User
Parameters:
- active (query, boolean, optional): True if the user account is active, false if it has been disabled.
- employee_type (query, string, optional): The type of employee.
- end_date (query, string, optional): Date when the user's employement ended in ISO 8601 format.
- id (path, string, required): Scope response to id
- in_audit_scope (query, boolean, optional): True if the user should be audited, false otherwise - only updateable in certain cases.
- start_date (query, string, optional): Date when the user's employement started in ISO 8601 format.
Responses:
- default:
- 404: Resource not found
- 403: Forbidden
- 401: Unauthorized
- 400: Bad Request
Authentication: header_authorization
I had a user recently leave our company, but they had their own laptop with Secureframe agent installed and that is still reporting last check-in on our asset inventory. How can I get rid of this?
-
Because this device is read only, neither Secureframe nor the Admin will be able to remove the agent remotely.
You can reachout to this previous employee and ask them to remove.
We are also working on a feature to automatically filter out or ignore devices that are no longer in scope or active.
If a single employee doesn't want to download the Secureframe Agent (endpoint) and the admin is NOT going to make them, how do you ensure that single device is covered?
They need to maintain the device's endpoint security and should have outlined in their policy how they will monitor that the employee maintains secure settings.
Is an endpoint hosting a VDI client considered an Out-of-Scope Asset?
Yes, an endpoint hosting a VDI client configured to not allow any processing, storage, or transmission of CUI beyond the Keyboard/Video/Mouse sent to the VDI client is considered an Out-of-Scope Asset.
What Cloud Resource endpoints are available in the Secureframe API?
-
The Secureframe API provides the following Cloud Resource endpoints:
This document describes the API for reading Cloud Resources.- GET /cloud_resources - List Cloud Resources
- GET /cloud_resources/{id} - Get a Cloud Resource
- PUT /cloud_resources/{id} - Update a Cloud Resource
What Cloud Resource Framework Asset Scope endpoints are available in the Secureframe API?
-
The Secureframe API provides the following Cloud Resource Framework Asset Scope endpoints:
This document describes the API for reading and creating Framework Asset Scopes.A Framework Asset Scope defines the scope of an asset (e.g., a Cloud Resource) within a Framework.
Framework Asset Scopes are immutable. Once created, they cannot be modified. To update a scope, create a new resource with the updated information.
- GET /cloud_resources/{cloud_resource_id}/framework_asset_scopes - List Framework Asset Scopes
- POST /cloud_resources/{cloud_resource_id}/framework_asset_scopes - Create Framework Asset Scope
What Comment endpoints are available in the Secureframe API?
-
The Secureframe API provides the following Comment endpoints:
This document describes the API for reading, creating, updating, and deleting Comments.- GET /comments - List Comments
- POST /comments - Create a Comment
- GET /comments/{id} - Get a Comment
- PUT /comments/{id} - Update a Comment
- DELETE /comments/{id} - Delete a Comment
What Control endpoints are available in the Secureframe API?
-
The Secureframe API provides the following Control endpoints:
This document describes the API for reading Controls.- GET /controls - List Controls
- GET /controls/{id} - Get a Control
What Custom Integration endpoints are available in the Secureframe API?
-
The Secureframe API provides the following Custom Integration endpoints:
This document describes the API for publishing data to a custom integration.- POST /custom_connections/{id}/data - Publish data
What Device endpoints are available in the Secureframe API?
-
The Secureframe API provides the following Device endpoints:
This document describes the API for reading Devices.- GET /devices - List Devices
- GET /devices/{id} - Get a Device
What Device Framework Asset Scope endpoints are available in the Secureframe API?
-
The Secureframe API provides the following Device Framework Asset Scope endpoints:
This document describes the API for reading and creating Framework Asset Scopes.A Framework Asset Scope defines the scope of an asset (e.g., a Device) within a Framework.
Framework Asset Scopes are immutable. Once created, they cannot be modified. To update a scope, create a new resource with the updated information.
- GET /devices/{device_id}/framework_asset_scopes - List Framework Asset Scopes
- POST /devices/{device_id}/framework_asset_scopes - Create Framework Asset Scope
What does "Empty device name" mean under the evidence tab in screen lock enforcement for user endpoints, and how can I identify the assets to troubleshoot?
-
An "Empty device name" entry typically indicates that device information did not populate correctly from the source integration. This can occur when the device data (such as hostname or device ID) is missing or not being synced properly.
To troubleshoot:
Check the integration source (e.g., your MDM or endpoint security tool) for the user in question.
Verify that the device is listed in that system and that its details are complete and accurate.
Ensure the integration is active and syncing correctly with Secureframe.
What Evidence endpoints are available in the Secureframe API?
-
The Secureframe API provides the following Evidence endpoints:
This document describes the API for reading Evidence.- GET /evidences/{id} - Get an Evidence
What Framework endpoints are available in the Secureframe API?
-
The Secureframe API provides the following Framework endpoints:
This document describes the API for reading Frameworks.- GET /frameworks - List Frameworks
- GET /frameworks/{id} - Get a Framework
What if client uses Chromebooks as endpoints?
Chromebooks are similar to mobile devices and may not meet all traditional endpoint requirements. However, if used by in-scope personnel, the organization should ensure Chromebook compliance with SOC 2 mobile device management controls, such as endpoint inventory (tracking), password enforcement, encryption, and anti-virus. Tracking can be done via the Secureframe agent or manually.
What Integration Connection endpoints are available in the Secureframe API?
-
The Secureframe API provides the following Integration Connection endpoints:
This document describes the API for reading and archiving Integration Connections.- GET /integration_connections - List Integration Connections
- GET /integration_connections/{id} - Get an Integration Connection
- PUT /integration_connections/{id}/archive - Archive an Integration Connection
What Knowledge Base Answer endpoints are available in the Secureframe API?
-
The Secureframe API provides the following Knowledge Base Answer endpoints:
This document describes the API for reading Knowledge Base Answers.- GET /knowledge_base_answers/{id} - Get a Knowledge Base Answer
- PUT /knowledge_base_answers/{id} - Update a Knowledge Base Answer
- DELETE /knowledge_base_answers/{id} - Delete a Knowledge Base Answer
- POST /knowledge_base_answers - Create a Knowledge Base Answer
What Knowledge Base Question endpoints are available in the Secureframe API?
-
The Secureframe API provides the following Knowledge Base Question endpoints:
This document describes the API for reading Knowledge Base Questions.- GET /knowledge_base_questions/{id} - Get a Knowledge Base Question
- PUT /knowledge_base_questions/{id} - Update a Knowledge Base Question
- DELETE /knowledge_base_questions/{id} - Delete a Knowledge Base Question
- POST /knowledge_base_questions - Create a Knowledge Base Question
What Repository endpoints are available in the Secureframe API?
-
The Secureframe API provides the following Repository endpoints:
This document describes the API for reading and updating Repositories.- GET /repositories - List Repositories
- GET /repositories/{id} - Get a Repository
- PUT /repositories/{id} - Update a Repository
What Repository Framework Asset Scope endpoints are available in the Secureframe API?
-
The Secureframe API provides the following Repository Framework Asset Scope endpoints:
This document describes the API for reading Framework Asset Scopes.A Framework Asset Scope defines the scope of an asset (e.g., a Repository) within a Framework.
Framework Asset Scopes are immutable. Once created, they cannot be modified. To update a scope, create a new resource with the updated information.
- GET /repositories/{id}/framework_asset_scopes - List Framework Asset Scopes
- POST /repositories/{id}/framework_asset_scopes - Create Framework Asset Scope
What Risk endpoints are available in the Secureframe API?
-
The Secureframe API provides the following Risk endpoints:
This document describes the API for reading and updating Risks.- GET /risks - List Risks
- GET /risks/{id} - Get a Risk
What Test endpoints are available in the Secureframe API?
-
The Secureframe API provides the following Test endpoints:
This document describes the API for reading and updating Tests.- GET /tests - List Tests
- GET /tests/{id} - Get a Test
- PUT /tests/{id} - Update a Test
What Test Export endpoints are available in the Secureframe API?
-
The Secureframe API provides the following Test Export endpoints:
This document describes the API for creating a Test Export for a Test.- POST /tests/{test_id}/exports - Create a Test Export
What User Account endpoints are available in the Secureframe API?
-
The Secureframe API provides the following User Account endpoints:
This document describes the API for reading User Accounts.- GET /user_accounts - List User Accounts
- GET /user_accounts/{id} - Get a User Account
- PUT /user_accounts/{id}/link - Link a User Account
What User endpoints are available in the Secureframe API?
-
The Secureframe API provides the following User endpoints:
This document describes the API for reading and updating Users.- GET /users - List Users
- GET /users/{id} - Get a User
- PUT /users/{id} - Update a User
What User Evidence endpoints are available in the Secureframe API?
-
The Secureframe API provides the following User Evidence endpoints:
This document describes the API for creating Evidence for a User.- POST /users/{user_id}/evidences - Create a User Evidence
What User Security Settings endpoints are available in the Secureframe API?
-
The Secureframe API provides the following User Security Settings endpoints:
This document describes the API for retrieving user security settings for the provided API key's company.- GET /user_security_settings - Get user security settings
What Vendor endpoints are available in the Secureframe API?
-
The Secureframe API provides the following Vendor endpoints:
This document describes the API for reading and archiving Vendors.- GET /vendors - List Vendors
- GET /vendors/{id} - Get a Vendor
- PUT /vendors/{id}/archive - Archive a Vendor
Which test requires the employee/contractor user device endpoint details?
-
The test name will vary slightly depending on the MDM/Endpoint integration in use.
Common examples include:
Hard drive encryption for user endpoints
Anti-malware monitoring for user endpoints
Password policy monitoring for user endpoints
Screen lock monitoring for user endpoints
Firewall monitoring for user endpointsIf you have integrated with a specific tool (e.g., Intune), the test name will be similar but may include the integration name in parentheses — for example, "Hard drive encryption for user endpoints (Intune)"
Why don’t the “Screen Lock monitoring for user endpoints (Secureframe agent)” or “Firewall monitoring for user endpoints (Secureframe agent)” tests show up in the Test Library by default?
-
These tests don’t populate automatically because they are not currently mapped to the SOC 2 framework.
Secureframe’s platform dynamically surfaces tests based on the compliance frameworks enabled in your instance. Since these two tests (Firewall Monitoring and Screen Lock Monitoring) are mapped to CVT4.0,
800-171r2,
CIS IG3,
CIS IG2,
CIS IG1,
NFL ISRI,
CJIS,
800-53r5-M,
GovRAMP Moderate,
Cyber Essentials,
800-53r5-H,
FedRAMP High,
FedRAMP Moderate,
TX-RAMP Level 2,
CMMC L2,
800-171r3,
DORA, and they won’t appear by default in an environment where only SOC 2 is enabled.Tip: These tests can still be manually added and used for visibility and internal hygiene, even if they aren’t mapped to your active frameworks.
Can MDM be used to monitor employee activity on mobile devices?
Yes, MDM solutions can track device usage and application activity, but privacy concerns should be considered.
Can we use multiple MDM vendors at once?
You can, but it's not necessary unless you have both Windows and Macs, and use an MDM that does not cover both operating systems.
Has a request been made to add an N/A tab for non-Windows/mobile devices in Intune compliance tests, and is there a plan to implement it?
-
Yes, the limitation is known. Since Intune compliance tests are not performed on mobile devices, the suggestion involves adding an N/A tab explaining that the test evaluates Windows settings and that items listed were detected as non-Windows or mobile devices. This would help identify false detections and reduce manual workload. However, there are no current plans to extend services here.
If you would like to have your name added to the feature request, just let us know.
How does MDM help with regulatory compliance?
MDM allows organizations to enforce security policies, encrypt sensitive data, and track device usage, which helps with compliance for regulations like GDPR, HIPAA, and PCI DSS.
How to access SecureFrame on a mobile device?
Secureframe does not currently support mobile devices. We recommend accessing Secureframe on a desktop or laptop for the best experience.
If a client does not have an MDM and is going to upload separate evidence instead of using the agent or an MDM, what evidence do they need to provide?
They must provide evidence for hard drive encryption, password policy, anti-virus, firewall, automatic software updates, start screensaver/lock screen after 15 minutes.
If someone is using an MDM and Secureframe Agent, will one take precedence over the other?
The information from the Secureframe Agent will take precedence over other sources.
Is MDM only suitable for large enterprises?
No, MDM can be used by organizations of any size, though larger organizations (50+ employees) are recommended to use a more robust MDM solution rather than the Secureframe agent.
MDM recommendation
For Mac-only environments, we recommend Kandji. For multi-OS environments, solutions like Kolide, Hexnode, or AirWatch are ideal for managing devices across different operating systems (Mac, Windows, Linux).
What if we use an MDM that we use, but you don’t have?
You can export a CSV file from your provider and use that as evidence in the data room for device inventory or device management screenshots.
When looking at Endpoint/MDM services, what should we consider?
Consider the number of users. If you have hundreds, choose an MDM that can police activities automatically. If price is a concern and you have a low user count, use the Secureframe agent.
What does assigning an owner to the inventory help to ensure?
Assigning an owner to the inventory helps to ensure the inventory stays current.
Can Secureframe's virtual desktop environment support engineering applications like SolidWorks and MATLAB?
Yes. The virtual desktop environment supports both SolidWorks and MATLAB. As a general rule, any application that can be installed on a standard computer can be installed and run within the virtual desktop.
Does the VDI have a feature for holding files in a 'Pending Release' state for review by a Security Officer or Manager?
Secureframe Virtual Desktops does not currently have a feature for holding files in a pending release state for Security Officer or Manager review. For more information on how this may fit into your compliance setup, please reach out to your Customer Success Manager or Account Manager.
Related to
Comments
0 comments
Please sign in to leave a comment.