list_misconfigurations
Retrieve paginated misconfiguration lists with environment filtering for security audits, compliance reporting, and bulk remediation workflows.
Instructions
List misconfigurations with pagination and view filtering.
Retrieves a paginated list of misconfigurations with filtering by environment type. For advanced filtering by severity, status, compliance, etc., use search_misconfigurations instead.
Args: first: Number of misconfigurations to retrieve (1-100, default: 10). after: Pagination cursor from previous response (optional). Use pageInfo.endCursor from previous response to get next page. view_type: Environment filter with options: - "ALL": Show all misconfigurations (default) - "CLOUD": Cloud environment only - "KUBERNETES": Kubernetes environment only - "IDENTITY": Identity-related misconfigurations - "INFRASTRUCTURE_AS_CODE": IaC misconfigurations - "ADMISSION_CONTROLLER": Admission controller findings - "OFFENSIVE_SECURITY": Offensive security findings - "SECRET_SCANNING": Secret scanning findings fields: Optional JSON string containing an array of field names to return. If not specified, returns all default fields. Use minimal fields like '["id"]' when paging through intermediate results.
Available fields:
- Basic: "id", "externalId", "name", "severity", "status"
- Timing: "detectedAt", "lastSeenAt", "eventTime"
- Context: "environment", "product", "vendor", "organization"
- Analysis: "analystVerdict", "mitigable", "exposureReason"
- Type: "misconfigurationType"
- IDs: "resourceUid", "exploitId", "exclusionPolicyId"
- Nested objects (returns subfields):
- "asset" (id, externalId, name, type, category, subcategory, privileged,
cloudInfo {accountId, accountName, providerName, region},
kubernetesInfo {cluster, namespace})
- "scope" (account {id, name}, site {id, name}, group {id, name})
- "assignee" (id, email, fullName)
- "evidence" (fileName, fileType, iacFramework, ipAddress, port, subdomain)
- "cnapp" (policy {id, version, group}, verifiedExploitable)
- "admissionRequest" (category, resourceName, resourceNamespace, resourceType,
userName, userUid, userGroup)
- "remediation" (mitigable, mitigationSteps)
- "mitreAttacks" (techniqueId, techniqueName, techniqueUrl, tacticName, tacticUid)
- Lists: "complianceStandards", "dataClassificationDataTypes", "dataClassificationCategories"
- Enforcement: "enforcementAction"
Examples:
- Minimal for paging: '["id"]'
- Summary view: '["id", "severity", "status", "name", "detectedAt"]'
- With asset context: '["id", "name", "asset", "severity"]'
- Full details: omit fields parameter or pass NoneReturns: Paginated misconfiguration list in JSON format containing: - edges: Array of misconfiguration objects - pageInfo: Pagination metadata - hasNextPage: Boolean indicating more results available - hasPreviousPage: Boolean indicating previous page exists - startCursor: Cursor for first item in current page - endCursor: Cursor for last item (use for next page) - totalCount: Total number of matching misconfigurations
Common Use Cases: - Security dashboard feeds - Environment-specific security reviews - Bulk remediation workflows - Compliance reporting by scope - Cloud security posture management
Pagination Example: 1. Call with first=20 to get first 20 misconfigurations 2. Use pageInfo.endCursor as 'after' parameter for next 20 3. Continue until pageInfo.hasNextPage is false
Raises: RuntimeError: If there's an error listing misconfigurations. ValueError: If parameters are invalid.
Input Schema
| Name | Required | Description | Default |
|---|---|---|---|
| first | No | ||
| after | No | ||
| view_type | No | ALL | |
| fields | No |
Output Schema
| Name | Required | Description | Default |
|---|---|---|---|
| result | Yes |