Skip to main content
GET
/
risk-scenarios
List risk scenarios
curl --request GET \
  --url https://api.vanta.com/v1/risk-scenarios \
  --header 'Authorization: Bearer <token>'
{
  "results": {
    "data": [
      {
        "riskId": "assets-not-identified-and-protected",
        "description": "Assets are not identified and protected according to company requirements.",
        "isSensitive": false,
        "likelihood": 4,
        "impact": 4,
        "residualLikelihood": 2,
        "residualImpact": 1,
        "categories": [
          "Access control"
        ],
        "ciaCategories": [
          "Confidentiality"
        ],
        "treatment": "Avoid",
        "owner": null,
        "note": null,
        "riskRegister": "Default",
        "customFields": [],
        "isArchived": false,
        "reviewStatus": "DRAFT",
        "requiredApprovers": [],
        "type": "Risk Scenario",
        "identificationDate": "2024-03-07T18:46:05.944Z"
      }
    ],
    "pageInfo": {
      "hasNextPage": false,
      "hasPreviousPage": false,
      "startCursor": "1",
      "endCursor": "1"
    }
  }
}

Documentation Index

Fetch the complete documentation index at: https://vanta.mintlify.app/llms.txt

Use this file to discover all available pages before exploring further.

Authorizations

Authorization
string
header
required

Bearer authentication header of the form Bearer <token>, where <token> is your auth token.

Query Parameters

pageSize
integer<int32>
default:10

Controls the maximum number of items returned in one response from the API.

Required range: 1 <= x <= 100
pageCursor
string

A marker or pointer, telling the API where to start fetching items for the subsequent page in a paginated dataset. Note that the requested page will not include the item that corresponds to this cursor but will start from the one immediately after this cursor.

includeIgnored
boolean
ownerMatchesAny
string[]

Use "No owner" to filter scenarios without owner assigned.

searchString
string
categoryMatchesAny
string[]

Use "Uncategorized" to filter scenarios without any category.

ciaCategoryMatchesAny
enum<string>[]

Use "Uncategorized" to filter scenarios with none of Confidentiality, Integrity or Availability assigned.

Available options:
Confidentiality,
Integrity,
Availability
treatmentTypeMatchesAny
enum<string>[]

Use "No treatment type" to filter scenarios without treatment specified.

Available options:
Mitigate,
Transfer,
Avoid,
Accept
inherentScoreGroupMatchesAny
enum<string>[]
Available options:
Very low,
Low,
Med,
High,
Critical
residualScoreGroupMatchesAny
enum<string>[]
Available options:
Very low,
Low,
Med,
High,
Critical
reviewStatusMatchesAny
enum<string>[]
Available options:
APPROVED,
DRAFT,
NOT_REVIEWED,
AWAITING_SUBMISSION,
PENDING_APPROVAL,
REQUESTED_CHANGES
type
enum<string>

Filter by risk scenario type. Defaults to "Risk Scenario". Only returns enterprise risks when explicitly set to "Enterprise Risk".

Available options:
Risk Scenario,
Enterprise Risk
orderBy
enum<string>

Default to order by description alphabetically.

Available options:
description,
createdAt

Response

200 - application/json

Ok

results
object
required