Skip to main content
  • ON PREMISES SOLUTIONS
  • Public API
  • getPhasrRecommendations

getPhasrRecommendations

Use this method to retrieve PHASR recommendations for a company.

Parameters

Name

Description

Included in request

Type

Values

objectId

The ID of the specific recommendation you want to retrieve.

Optional

String

Must be a valid recommendation ID.

ruleIds

The IDs of the rules for which you want to retrieve recommendations.

Optional

Array of strings

The IDs must be in the {ruleId}-{type} format.

categoryIds

When included, the response will only returns recommendations of the specified type.

Optional

Array of integers

Possible values:

  • 1 - tampering tool

  • 2 - hack tool

  • 3 - remote tool

  • 4 - miner

  • 5 - lol bin

actionTaken

When included, the response will only returns recommendations where a specific action was taken as a result of the recommendation.

Optional

Array of integers

Possible values:

  • 0 - Action needed. The user has to review the recommendations and take action on them.

  • 1 - Applied. This status is set after the recommendation has been applied to all the behavioral profiles for which it was generated.

  • 2 - Partially applied. This status is set after the recommendation has been applied only to a specific set of behavioral profiles selected by the user.

createdOnMin

Only include recommendations created after this specific date and time.

Optional

String

The value must be in ISO 8601 date format.

createdOnMax

Only include recommendations created before this specific date and time.

Optional

String

The value must be in ISO 8601 date format.

behavioralProfileIdentities

Only include recommendations for the identities associated with the specified identifiers.

Optional

Array of strings

Values must be in a valid behavioral profile identities format.

behavioralProfileResources

Only include recommendations for the resources associated with the specified identifiers.

Optional

Array of strings

Values must be in a valid behavioral profile resource format.

sort

Determines the basis on which the recommendations will be ordered in the response.

Optional

String

Possible values:

  • attackSurfaceReduction

  • createdOn

dir

Determines the direction in which the results are sorted: ascending or descending.

Optional

String

Possible values:

  • ASC

  • DESC

General parameters

These are common parameters, available across all public API methods.

Parameter

Description

Included in request

Type

Values

id

This parameter adds an identifier to the request, linking it to its corresponding response.

The target replies with the same value in the response, allowing easy call tracking.

Mandatory

String

No additional requirements

method

The name of the method you are using to send the request.

Mandatory

String

Must be a valid method name.

jsonrpc

The version of JSON-RPC used by the request and the response.

Mandatory

Integer

Possible values:

  • 2.0

params

An object containing the configuration of the request.

Mandatory

Object

No additional requirements.

Under the params object

page

The results page number.

Optional

Integer

Default value: 1

perPage

The number of results displayed per page.

Optional

Integer

The upper limit is 100 items per page.

Default value: 30

Return value

Attribute

Type

Description

items

Object

Contains information for a specific recommendation.

Objects

items

Attribute

Type

Description

objectId

String

The ID of the recommendation.

ruleId

Integer

The ID of the rule that created the recommendation.

actionTaken

Integer

The action that was taken as a result of the recommendation.

Possible values:

  • 0 - allow

  • 1 - restrict

  • 2 - partially applied

behavioralProfiles

Integer

The behavioral profiles that the rule applies to.

attackSurfaceReduction

Integer

The attack surface reduction that is affected by the application of the recommendation.

type

Integer

The type of the recommendation.

createdOn

String

The date and time the recommendation was created on.

Example

Request:

{
  "params": {
    "page": 1,
    "perPage": 20,
    "companyId": "1234567890abcdef",
    "sort": "attackSurfaceReduction",
    "dir": "ASC",
    "objectId": "68480f4e11e8dc005bb0f9e7",
    "ruleIds": ["696-0", "596-1"],
    "categoryIds": [4, 3, 2],
    "actionTaken": [0, 1],
    "createdOnMin": "2025-05-07T13:21:00.704Z",
    "createdOnMax": "2025-06-06T13:21:00.704Z",
    "behavioralProfileIdentities": [
      "Local_S-1-5-21-4003642952-1244496884-1545565483-1003_67ff9a5be8e045f5713ee6f6",
      "Local_S-2-5-21-4003642952-1244496884-1545565483-1003_67ff9a5be8e045f5713ee6f7",
      "Local_S-3-5-21-4003642952-1244496884-1545565483-1003_67ff9a5be8e045f5713ee6f8"
    ],
    "behavioralProfileResources": [
      "376f7eff-b0d7-49b2-825b-2af1c0f1aede-b545e199a29e",
      "376f7eff-b0d7-49b2-825b-2af1c0f1aede-b545e199a29a",
      "376f7eff-b0d7-49b2-825b-2af1c0f1aede-b545e199a29b"
    ]
  },
  "jsonrpc": "2.0",
  "method": "getPhasrRecommendations",
  "id": "a1b2c3d4-e5f6-7890-abcd-ef1234567890"
}

Response:

{
  "page": 1,
  "pagesCount": 1,
  "perPage": 4,
  "total": 4,
  "items": [
    {
      "objectId": "6864e34452037a9169c459f3",
      "ruleId": 619,
      "actionTaken": 1,
      "behavioralProfiles": 2,
      "attackSurfaceReduction": 0.05,
      "type": 1,
      "createdOn": "2025-07-02T07:44:04.000Z"
    },
    {
      "objectId": "6864e34452037a9169c459f4",
      "ruleId": 18,
      "actionTaken": 1,
      "behavioralProfiles": 2,
      "attackSurfaceReduction": 0.05,
      "type": 1,
      "createdOn": "2025-07-02T07:44:04.000Z"
    },
    {
      "objectId": "68652b4b83b317095936ffb6",
      "ruleId": 697,
      "actionTaken": 1,
      "behavioralProfiles": 1,
      "attackSurfaceReduction": 0.01,
      "type": 0,
      "createdOn": "2025-07-02T12:51:23.000Z"
    },
    {
      "objectId": "68652b4b83b317095936ffb9",
      "ruleId": 2,
      "actionTaken": 1,
      "behavioralProfiles": 1,
      "attackSurfaceReduction": 0.01,
      "type": 0,
      "createdOn": "2025-07-02T12:51:23.000Z"
    }
  ]
}
In this section: