Skip to content
Kordoni juhised

Meetmete API

Siin saab hallata organisatsiooni turvameetmeid, poliitikaid, protseduure ja nende toimivuse seiret.

Meetmete tüübid

Section titled “Meetmete tüübid”

Saadaolevad meetmete tüübid (kind):

  • policy - Organisatsiooni poliitika dokument
  • procedure - Standardne tööprotseduur
  • technical - Tehniline turvameede

Meetmete staatused

Section titled “Meetmete staatused”

Saadaolevad meetmete staatused:

  • not_implemented - Meede on veel rakendamata
  • implemented - Meede on rakendatud
  • failing - Meede ei toimi tõhusalt

Seosed

Section titled “Seosed”

Meetmed võivad olla seotud järgmiste objektidega:

  • Varad - Infovarad, mida meede kaitseb
  • Riskid - Riskid, mida meede aitab leevendada
  • Nõuded - Vastavusnõuded, mida meede täidab
  • Leiud - Auditi leiud või mittevastavused, mis on seotud meetmega
  • Tarnijad - Kolmandad osapooled, kes on seotud meetmega
  • Ülesanded - Hooldus-, ülevaatus- või auditiülesanded

Õigused

Section titled “Õigused”

permissions objekt näitab, milliseid tegevusi praegune kasutaja saab teha:

  • update - Saab meedet muuta
  • destroy - Saab meetme kustutada
  • connect - Saab meedet siduda teiste objektidega
  • changelog - Saab vaadata meetme muudatuste ajalugu

GET /controls/

Section titled “GET /controls/”

Kõikide meetmete nimekiri koos filtreerimise võimalusega.

Päringu parameetrid

ParameeterTüüpKirjeldus
kind[]massiivFiltreeri meetme tüübi järgi: policy, procedure, technical, physical.
state[]massiivFiltreeri staatuse järgi: not_implemented, implemented, failing.
owner[]massiivFiltreeri omaniku kasutaja ID-de järgi.
manager[]massiivFiltreeri halduri kasutaja ID-de järgi.
labels[]massiivFiltreeri sildi ID-de järgi. Kasuta väärtust none siltideta meetmete leidmiseks.
Terminal window
curl --location GET \
--url "https://SINU_KORDONI_DOMEEN/api/v1/controls/" \
--header "Authorization: Bearer SINU_VÕTI"

Näide filtritega:

Terminal window
curl --location GET \
--url "https://SINU_KORDONI_DOMEEN/api/v1/controls/?state[]=failing&kind[]=policy&kind[]=procedure" \
--header "Authorization: Bearer SINU_VÕTI"

Vastuse näide

Staatus: 200

{
    "data": [
        {
            "id": "18211d00-904f-4ca9-a212-1e616a687d83",
            "assets": [],
            "begins_at": "2025-03-24T00:00:00+00:00",
            "created_at": "2025-03-24T09:02:24+00:00",
            "description": "<p><strong>1. Purpose</strong></p><p>The purpose of this Acceptable Use Policy is to establish guidelines for the appropriate use of the Company's information systems...</p>",
            "findings": [
                {
                    "id": "064ad39e-0f7f-479f-a239-5b4e30713a16",
                    "kind": "ncr",
                    "state": "open",
                    "title": "Start monitoring controls effect on risks in Kordon"
                }
            ],
            "kind": "policy",
            "labels": [],
            "manager": {
                "id": "58e7bf6e-618e-4c87-81fb-31b5ecee2d41",
                "active": true,
                "color": "#F5222D",
                "kind": "person",
                "name": "Rusty Ryan"
            },
            "owner": {
                "id": "58e7bf6e-618e-4c87-81fb-31b5ecee2d41",
                "active": true,
                "color": "#F5222D",
                "kind": "person",
                "name": "Rusty Ryan"
            },
            "permissions": {
                "update": true,
                "destroy": true,
                "connect": true,
                "changelog": true
            },
            "requirements": [
                {
                    "id": "9c70579f-fc76-4908-af69-7d9fdb3e8bf2",
                    "is_applicable": true,
                    "regulations": [
                        {
                            "id": "f1c874ec-4dcf-4603-a339-767094cdc5ce",
                            "is_custom": false,
                            "title": "ISO 27001:2022"
                        }
                    ],
                    "title": "Actions to address risks and opportunities"
                }
            ],
            "risks": [],
            "state": "not_implemented",
            "tasks": [],
            "title": "Acceptable Use Policy",
            "updated_at": "2025-10-29T15:14:06+00:00",
            "vendors": []
        }
    ],
    "meta": {
        "total_count": 60,
        "page": 1,
        "permissions": {
            "create": true
        },
        "per_page": "10"
    }
}

GET /controls/:id

Section titled “GET /controls/:id”

Konkreetse meetme otsimine ID järgi.

Terminal window
curl --location GET \
--url "https://SINU_KORDONI_DOMEEN/api/v1/controls/18211d00-904f-4ca9-a212-1e616a687d83" \
--header "Authorization: Bearer SINU_VÕTI"

Vastuse näide

Staatus: 200

{
    "data": {
        "id": "5e440b94-87c9-4bd9-9b04-65095439760e",
        "assets": [],
        "begins_at": "2024-05-16T00:00:00+00:00",
        "created_at": "2024-05-15T09:15:34+00:00",
        "description": "<p><strong>1. Purpose</strong></p><p>The purpose of this Code of Conduct is to outline the ethical principles...</p>",
        "findings": [
            {
                "id": "064ad39e-0f7f-479f-a239-5b4e30713a16",
                "kind": "ncr",
                "state": "open",
                "title": "Start monitoring controls effect on risks in Kordon"
            }
        ],
        "kind": "policy",
        "labels": [],
        "manager": {
            "id": "58e7bf6e-618e-4c87-81fb-31b5ecee2d41",
            "active": true,
            "color": "#F5222D",
            "kind": "person",
            "name": "Rusty Ryan"
        },
        "owner": {
            "id": "58e7bf6e-618e-4c87-81fb-31b5ecee2d41",
            "active": true,
            "color": "#F5222D",
            "kind": "person",
            "name": "Rusty Ryan"
        },
        "permissions": {
            "update": true,
            "destroy": true,
            "connect": true,
            "changelog": true
        },
        "requirements": [
            {
                "id": "690a7009-38ea-4935-a139-f1b495e46d56",
                "is_applicable": true,
                "regulations": [
                    {
                        "id": "fce9d4d7-ffae-4aa1-84ac-941288d75ba4",
                        "is_custom": false,
                        "title": "SOC 2"
                    }
                ],
                "title": "Attract, Develop, Retain Personnel in Line with Security Objectives"
            }
        ],
        "risks": [
            {
                "id": "3efe0045-3562-4aa5-96bd-b17f13c4de79",
                "state": "acceptable",
                "title": "DDoS attack"
            }
        ],
        "state": "failing",
        "tasks": [
            {
                "id": "365077f9-028c-4162-8477-3b85fcfd86ac",
                "assignee": {
                    "id": "58e7bf6e-618e-4c87-81fb-31b5ecee2d41",
                    "active": true,
                    "color": "#F5222D",
                    "kind": "person",
                    "name": "Rusty Ryan"
                },
                "kind": "review",
                "state": "new",
                "title": "Annual review of Code of Conduct"
            }
        ],
        "title": "Code of Conduct",
        "updated_at": "2025-11-13T12:32:25+00:00",
        "vendors": []
    }
}

POST /controls/

Section titled “POST /controls/”

Loo uus meede.

Nõutavad parameetrid:

  • title - Meetme pealkiri
  • owner_id - Meetme omaniku kasutaja ID
  • manager_id - Meetme halduri kasutaja ID
  • kind - Meetme tüüp (policy, procedure või technical)
  • begins_at - Kuupäev, millal meede jõustub (ISO 8601 formaat)

Valikulised parameetrid:

  • description - Meetme detailne kirjeldus (toeatab lihtsat HTML-i)
  • state - Meetme staatus (vaikimisi not_implemented)
Terminal window
curl --location POST \
--url "https://SINU_KORDONI_DOMEEN/api/v1/controls/" \
--header "Authorization: Bearer SINU_VÕTI" \
--header "Content-Type: application/json" \
--data '{
    "control": {
        "title": "Data Encryption Policy",
        "begins_at": "2025-11-12T00:00:00+00:00",
        "kind": "policy",
        "manager_id": "844596ff-8942-4704-b0cd-3e853921d71b",
        "owner_id": "844596ff-8942-4704-b0cd-3e853921d71b"
    }
}'

PATCH /controls/:id

Section titled “PATCH /controls/:id”

Uuenda olemasolevat meedet.

Terminal window
curl --location PATCH \
--url "https://SINU_KORDONI_DOMEEN/api/v1/controls/18211d00-904f-4ca9-a212-1e616a687d83" \
--header "Authorization: Bearer SINU_VÕTI" \
--header "Content-Type: application/json" \
--data '{
    "title": "A new title"
}'

Vastuse näide

Staatus: 200

Vastus sisaldab täielikku uuendatud meetme andmestikku.

Ühenda ülesanne meetmega

Ülesande ühendamiseks meetmega uuenda ülesande taskable_id väärtust meetme ID-ga. Täpsemat infot vaata Ülesannete API dokumentatsioonist.

PATCH /tasks/:task_id

Section titled “PATCH /tasks/:task_id”
Terminal window
curl --location PATCH \
--url "https://SINU_KORDONI_DOMEEN/api/v1/tasks/ulesande-id-siia" \
--header "Authorization: Bearer SINU_VÕTI" \
--header "Content-Type: application/json" \
--data '{
    "task": {
        "taskable_id": "18211d00-904f-4ca9-a212-1e616a687d83"
    }
}'

See ühendab ülesande meetmega ning ülesanne ilmub meetme tasks nimekirja.

DELETE /controls/:id

Section titled “DELETE /controls/:id”

Kustuta meede.

Terminal window
curl --location DELETE \
--url "https://SINU_KORDONI_DOMEEN/api/v1/controls/18211d00-904f-4ca9-a212-1e616a687d83" \
--header "Authorization: Bearer SINU_VÕTI"

Vastuse näide

Staatus: 200

{
    "data": {
        "id": "18211d00-904f-4ca9-a212-1e616a687d83"
    }
}

Meetme sidemete haldamine

Section titled “Meetme sidemete haldamine”

Meetmeid saab ühendada nõuete, varade, tarnijate, riskide, äriprotsesside ja leidudega.

Sidemete vaatamine

Section titled “Sidemete vaatamine”

Kui pärid meetme GET /controls/:id kaudu, siis kõik seosed on vastuses kaasas:

{
    "data": {
        "id": "ad784c35-c246-4441-b07f-bcf89731db99",
        "title": "Automated Capacity Adjustment",
        "assets": [
            {
                "id": "0fb11fe0-85de-423d-ba63-b76598a9c743",
                "state": "deprecated",
                "title": "Web app"
            },
            {
                "id": "16615652-dcea-4250-8068-ab19e0dc046d",
                "state": "live",
                "title": "AWS environment"
            }
        ],
        "business_processes": [
            {
                "id": "5a35e67e-f6b7-488d-86a2-6d7943ea6119",
                "title": "Sales"
            },
            {
                "id": "3c041e93-a87d-4d4e-a247-c8ad6afbc3e7",
                "title": "Marketing"
            }
        ],
        "findings": [
            {
                "id": "0177187d-9000-4d2a-bad4-c1506a207086",
                "kind": "incident",
                "state": "resolved",
                "title": "Delayed Security Patch Deployment"
            }
        ],
        "requirements": [
            {
                "id": "64fd3076-c1ff-4b05-9a96-aae96f3443dc",
                "is_applicable": true,
                "regulations": [
                    {
                        "id": "fce9d4d7-ffae-4aa1-84ac-941288d75ba4",
                        "is_custom": false,
                        "title": "SOC 2"
                    }
                ],
                "title": "Capacity monitoring"
            }
        ],
        "risks": [
            {
                "id": "3efe0045-3562-4aa5-96bd-b17f13c4de79",
                "state": "acceptable",
                "title": "DDoS attack"
            }
        ],
        "vendors": [
            {
                "id": "b00f71e5-9cb4-4995-96e6-0e5710f85e0a",
                "title": "Pipedrive"
            }
        ]
    }
}

PATCH /controls/:id/connections

Section titled “PATCH /controls/:id/connections”

Uuenda meetme sidemeid.

Sidemete parameetrid

ParameeterTüüpKirjeldus
requirement_idsmassiivÜhendatavate nõuete ID-d
asset_idsmassiivÜhendatavate varade ID-d
vendor_idsmassiivÜhendatavate tarnijate ID-d
risk_idsmassiivÜhendatavate riskide ID-d
business_process_idsmassiivÜhendatavate äriprotsesside ID-d
finding_idsmassiivÜhendatavate leidude ID-d

Näide: Lisa uus riski side

Kui meede on hetkel ühendatud 2 riskiga ja soovid lisada kolmanda:

Terminal window
curl --location PATCH \
--url "https://SINU_KORDONI_DOMEEN/api/v1/controls/ad784c35-c246-4441-b07f-bcf89731db99/connections" \
--header "Authorization: Bearer SINU_VÕTI" \
--header "Content-Type: application/json" \
--data '{
    "connections": {
        "risk_ids": [
            "3efe0045-3562-4aa5-96bd-b17f13c4de79",
            "6d59f166-a777-40a2-8c1e-bbf79bb0fda4",
            "8c8d2bd2-2373-401b-9c53-d2200183c136"
        ]
    }
}'

Näide: Uuenda mitut sidetüüpi korraga

Terminal window
curl --location PATCH \
--url "https://SINU_KORDONI_DOMEEN/api/v1/controls/ad784c35-c246-4441-b07f-bcf89731db99/connections" \
--header "Authorization: Bearer SINU_VÕTI" \
--header "Content-Type: application/json" \
--data '{
    "connections": {
        "requirement_ids": [
            "64fd3076-c1ff-4b05-9a96-aae96f3443dc",
            "a41a8208-4c0d-4103-9e53-04cb45930c70"
        ],
        "asset_ids": [
            "0fb11fe0-85de-423d-ba63-b76598a9c743",
            "16615652-dcea-4250-8068-ab19e0dc046d"
        ],
        "vendor_ids": [
            "b00f71e5-9cb4-4995-96e6-0e5710f85e0a"
        ],
        "risk_ids": [
            "3efe0045-3562-4aa5-96bd-b17f13c4de79"
        ],
        "business_process_ids": [
            "5a35e67e-f6b7-488d-86a2-6d7943ea6119"
        ],
        "finding_ids": [
            "0177187d-9000-4d2a-bad4-c1506a207086"
        ]
    }
}'

Näide: Eemalda kõik tarnija seosed

Terminal window
curl --location PATCH \
--url "https://SINU_KORDONI_DOMEEN/api/v1/controls/ad784c35-c246-4441-b07f-bcf89731db99/connections" \
--header "Authorization: Bearer SINU_VÕTI" \
--header "Content-Type: application/json" \
--data '{
    "connections": {
        "vendor_ids": []
    }
}'

Vastuse näide

Staatus: 200

Vastus sisaldab täielikku meetme objekti koos kõigi uuendatud sidetega.