Findings API
Manage your organization’s security incidents, non-conformity reports (NCRs), audit findings, and other security-related discoveries.
List Findings
Section titled “List Findings”Get a paginated list of all findings.
GET /findings/
Section titled “GET /findings/”curl --location GET \--url "https://kordon-app.com/api/v1/findings/" \--header "Authorization: Bearer YOUR-TOKEN"Example Response
Status: 200
{ "data": [ { "id": "92a5f296-6910-4bbe-b366-9080f7d018f6", "assets": [], "controls": [], "created_at": "2025-11-12T09:20:10+00:00", "date_discovered": "2025-11-09T00:00:00+00:00", "description": "Security team identified a misconfigured S3 bucket with public access permissions. Immediate restriction required and data exposure analysis ongoing.", "kind": "incident", "labels": [], "manager": { "id": "0f27df97-00b0-44ea-b8f0-522ad901ac37", "active": true, "color": "#FA8C16", "kind": "person", "name": "Demo User" }, "owner": { "id": "0f27df97-00b0-44ea-b8f0-522ad901ac37", "active": true, "color": "#FA8C16", "kind": "person", "name": "Demo User" }, "priority": "high", "requirements": [], "risks": [], "source": null, "state": "open", "tasks": [], "title": "Misconfigured S3 Bucket Exposed Publicly", "updated_at": "2025-11-13T12:38:28+00:00", "vendors": [] } ], "meta": { "total_count": 49, "page": 1, "permissions": { "create": true }, "per_page": "10" }}Get Finding
Section titled “Get Finding”Retrieve a specific finding by ID.
GET /findings/:id
Section titled “GET /findings/:id”curl --location GET \--url "https://kordon-app.com/api/v1/findings/92a5f296-6910-4bbe-b366-9080f7d018f6" \--header "Authorization: Bearer YOUR-TOKEN"Example Response
Status: 200
{ "data": { "id": "9ce45bc1-28de-4896-bc15-39443fc86d31", "assets": [ { "id": "5a352625-2191-4083-92e5-e735b463a7a6", "state": "live", "title": "Customer Relationship Data" } ], "controls": [ { "id": "9ac52938-6e5a-476e-9097-021b77cbe1fb", "state": "failing", "title": "Security Training" } ], "created_at": "2025-11-12T08:32:19+00:00", "date_discovered": "2025-11-12T00:00:00+00:00", "description": "Onboarding training hasn't been done for 2 new joiners.", "kind": "ncr", "labels": [], "manager": { "id": "58e7bf6e-618e-4c87-81fb-31b5ecee2d41", "active": true, "color": "#F5222D", "kind": "person", "name": "Danny Ocean" }, "owner": { "id": "58e7bf6e-618e-4c87-81fb-31b5ecee2d41", "active": true, "color": "#F5222D", "kind": "person", "name": "Danny Ocean" }, "priority": "medium", "requirements": [ { "id": "690a7009-38ea-4935-a139-f1b495e46d56", "is_applicable": true, "regulations": [ { "id": "fce9d4d7-ffae-4aa1-84ac-941288d75ba4", "is_custom": false, "title": "SOC 2" } ], "title": "Attract, Develop, Retain Personnel in Line with Security Objectives" } ], "risks": [ { "id": "6d59f166-a777-40a2-8c1e-bbf79bb0fda4", "state": "not_mitigated", "title": "Device theft" } ], "source": "Internal audit", "state": "open", "tasks": [], "title": "Onboarding training gap", "updated_at": "2025-11-12T08:33:35+00:00", "vendors": [] }}Create Finding
Section titled “Create Finding”Create a new finding.
POST /findings/
Section titled “POST /findings/”Required Parameters:
title- Finding titlemanager_id- User ID of the finding managerowner_id- User ID of the finding ownerkind- Finding type (see Finding Types below)state- Finding statepriority- Finding priority (low,medium,high)date_discovered- Date when the finding was discovered (ISO 8601 format)source- Source of the finding (e.g., “Internal audit”, “External audit”)
Optional Parameters:
description- Detailed description of the finding
curl --location POST \--url "https://kordon-app.com/api/v1/findings/" \--header "Authorization: Bearer YOUR-TOKEN" \--header "Content-Type: application/json" \--data '{ "title": "Missing encryption on database", "description": "Production database identified without encryption at rest enabled.", "manager_id": "0f27df97-00b0-44ea-b8f0-522ad901ac37", "owner_id": "0f27df97-00b0-44ea-b8f0-522ad901ac37", "kind": "incident", "state": "open", "priority": "high", "date_discovered": "2025-11-20T00:00:00+00:00", "source": "Security audit"}'Update Finding
Section titled “Update Finding”Update an existing finding.
PATCH /findings/:id
Section titled “PATCH /findings/:id”curl --location PATCH \--url "https://kordon-app.com/api/v1/findings/92a5f296-6910-4bbe-b366-9080f7d018f6" \--header "Authorization: Bearer YOUR-TOKEN" \--header "Content-Type: application/json" \--data '{ "state": "resolved", "priority": "medium"}'Example Response
Status: 200
The response will include the full data of the updated finding.
Delete Finding
Section titled “Delete Finding”Remove a finding.
DELETE /findings/:id
Section titled “DELETE /findings/:id”curl --location DELETE \--url "https://kordon-app.com/api/v1/findings/92a5f296-6910-4bbe-b366-9080f7d018f6" \--header "Authorization: Bearer YOUR-TOKEN"Example Response
Status: 200
{ "data": { "id": "92a5f296-6910-4bbe-b366-9080f7d018f6" }}Finding Types
Section titled “Finding Types”Available finding types (kind):
incident- Security incidentncr- Non-conformity reportobservation- Audit observationopportunity- Improvement opportunity
Finding States
Section titled “Finding States”Available finding states:
open- Finding is active and needs attentionin_progress- Finding is being addressedresolved- Finding has been resolvedclosed- Finding is closed and archived
Priority Levels
Section titled “Priority Levels”Available priority levels:
low- Low priority, minimal impactmedium- Medium priority, moderate impacthigh- High priority, significant impact
Relationships
Section titled “Relationships”Findings can be related to:
- Assets - Information assets affected by the finding
- Controls - Security controls related to the finding
- Risks - Risks associated with the finding
- Requirements - Compliance requirements linked to the finding
- Vendors - Third-party vendors involved in the finding
- Tasks - Action items to address the finding