CipherInsights v12.1.1

Submit Search

GET CBOM

The GET /cbom method is used to return a cryptographic bill of materials (CBOM A CBOM (Cryptography Bill of Materials) is a structured inventory of the cryptographic elements in a software application—covering algorithms (e.g., AES-256, RSA-2048), libraries (e.g., OpenSSL, Bouncy Castle), and keys with supported sizes (e.g., RSA-2048, ECC-384). By formalizing this information, a CBOM provides a clear picture of a specific version’s crypto architecture, helps identify vulnerabilities or policy misalignments, and supports audits and compliance with standards such as NIST.) from observed network crypto assets and services. This method returns HTTP 200 OK on a success with the CBOM data.

Table 19: GET CBOM Input Parameters

Name	In	Description
filter	query	A string indicating a query to limit the results. The default is to return all records. For example: clientIp = '10.4.3.10' AND cipherEnc IN ('AES 128 GCM') Or, URL encoded: clientIp%20%3D%20%2710.4.3.10%27%20AND%20cipherEnc%20IN%20%28%27AES%20128%20GCM%27%29 Tip: The filter option on the evidence page when configured with the Discovery API Selector can be used to test and build filters for use with the API (see Filtering).
timeFrame	query	An object providing the timeframe for which results should be returned. Time can be provided as relative to now, in epoch time, or in materialized time. The default begin time is 0. The default end time is now. For example. materialized time: timeFrame[materializedView]=last30Days Or, URL encoded: timeFrame%5BmaterializedView%5D=last30Days Epoch time: timeFrame[begin]=1758993950&timeFrame[end]=1759166750 Or, URL encoded: timeFrame%5Bbegin%5D=1758993950&timeFrame%5Bend%5D=1759166750 Time relative to now (range 48-24 hours before now): timeFrame[begin]=now minus 48 hours&timeFrame[end]=now minus 24 hours Time relative to now (range 24 hours before now): timeFrame[begin]=now minus 24 hours&timeFrame[end]=now Time relative to now (all time before now): timeFrame[begin]=0&timeFrame[end]=now Or, URL encoded: timeFrame%5Bbegin%5D=now%20minus%2048%20hours&timeFrame%5Bend%5D=now%20minus%2024%20hours timeFrame%5Bbegin%5D=now%20minus%2048%20hours&timeFrame%5Bend%5D=now timeFrame%5Bbegin%5D=0&timeFrame%5Bend%5D=now

Name

Description

filter

query

A string indicating a query to limit the results. The default is to return all records.

For example:

clientIp = '10.4.3.10' AND cipherEnc IN ('AES 128 GCM')

Or, URL encoded:

clientIp%20%3D%20%2710.4.3.10%27%20AND%20cipherEnc%20IN%20%28%27AES%20128%20GCM%27%29

Tip: The filter option on the evidence page when configured with the Discovery API Selector can be used to test and build filters for use with the API (see Filtering).

timeFrame

query

An object providing the timeframe for which results should be returned. Time can be provided as relative to now, in epoch time, or in materialized time. The default begin time is 0. The default end time is now.

For example. materialized time:

timeFrame[materializedView]=last30Days

Or, URL encoded:

timeFrame%5BmaterializedView%5D=last30Days

Epoch time:

timeFrame[begin]=1758993950&timeFrame[end]=1759166750

Or, URL encoded:

timeFrame%5Bbegin%5D=1758993950&timeFrame%5Bend%5D=1759166750

Time relative to now (range 48-24 hours before now):

timeFrame[begin]=now minus 48 hours&timeFrame[end]=now minus 24 hours

Time relative to now (range 24 hours before now):

timeFrame[begin]=now minus 24 hours&timeFrame[end]=now

Time relative to now (all time before now):

timeFrame[begin]=0&timeFrame[end]=now

Or, URL encoded:

timeFrame%5Bbegin%5D=now%20minus%2048%20hours&timeFrame%5Bend%5D=now%20minus%2024%20hours

timeFrame%5Bbegin%5D=now%20minus%2048%20hours&timeFrame%5Bend%5D=now

timeFrame%5Bbegin%5D=0&timeFrame%5Bend%5D=now

Table 20: GET CBOM Response Data

Name

Description

bomFormat

A string naming the CBOM format (e.g., CycloneDX).

specVersion

A string indicating the CBOM specification version (e.g., 1.6).

serialNumber

A string UUID (URN) uniquely identifying this CBOM.

metadata

An object with details about when/how the CBOM was produced. Show metadata details.

Name

Description

timestamp

A string in ISO-8601 UTC format for CBOM generation time.

lifecycles

An array of objects describing the process phase(s); each has:

phase: A string naming the phase (e.g., discovery).

tools

An object listing producers/tools. Show tools details.

Name

Description

components

An array of objects, each containing information about the component:

type: A string tool type (e.g., application).
name: A string tool name (e.g., CipherInsights).
version: A string tool version (e.g., 12.1.1).

properties

An array of objects as name/value pairs capturing extra context. For example:

"name": "filter",

"value": "clientIp = '10.4.3.10'"

components

An array of objects containing cryptographic things (protocols, certs, algorithms, keys). Show component details.

Name

Description

Name

A string display name of the component.

type

A string component type (e.g., cryptographic-asset).

bom-ref

A string containing a unique reference for cross-linking within the CBOM.

cryptoProperties

An object describing the crypto specifics. Show property details.

Name

Description

assetType

A string indicating the type of asset (e.g., protocol, certificate).

protocolProperties

An object containing properties for assets of type protocol. This value will not exist for assets of other types. Show property details.

Name	Description
type	A string indicating the protocol type (e.g., tls).
version	A string indicating the protocol version (e.g., TLS1.2).
cipherSuites	An array of objects listing the cipher suites providing: name: A string indicating the name of the cipher suite (e.g., TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384). algorithms: An array of strings listing the included algorithms (e.g., crypto/algorithm/ECDHE).
cryptoRefArray	An array of strings referencing related crypto objects (e.g., certificate refs).

certificateProperties

An object containing X.509 metadata for assets of type certificate. This value will not exist for assets of other types. Show property details.

Name	Description
subjectName	A string containing the full certificate subject DN.
issuerName	A string containing the full certificate issuer DN.
notValidBefore	A string (ISO-8601 UTC) indicating the start of validity.
notValidAfter	A string (ISO-8601 UTC) indicating the end of validity.
signatureAlgorithmRef	A string reference to the signature algorithm object.
subjectPublicKeyRef	A string reference to the subject public-key object.

relatedCryptoMaterialProperties

An object containing properties for assets of type cryptographic-asset. This value will not exist for assets of other types. Show property details.

Name	Description
type	A string indicating the type of crypto material (e.g., public-key).
state	A string indicating the state of the crypto material (e.g., active).
algorithmRef	A string reference to the key algorithm object.
size	A string indicating the key size (e.g., 256, 384, 2048).
value	A string containing the value for the crypto material (e.g., public key).

services

An array of objects specifying services using cryptography. Show services details.

dependencies

An array of objects specifying the dependencies for services using cryptography. Show dependency details.

Example: Using curl to query about certificates where at least one DNS

The Domain Name System is a service that translates names into IP addresses. SAN

The subject alternative name (SAN) is an extension to the X.509 specification that allows you to specify additional values when enrolling for a digital certificate. A variety of SAN formats are supported, with DNS name being the most common. has the referenced domain:

Copy

API_KEY='<YOUR-API-KEY>'
HUB='https://<YOUR-HUB-SERVER>'

curl -sS -G "$HUB/api/v1/cbom" \
  -H 'Accept: application/json' \
  -H 'Content-Type: application/json' \
  -H "x-api-key: $API_KEY" \
  --data-urlencode 'timeFrame[begin]=now minus 24 hours' \
  --data-urlencode 'timeFrame[end]=now' \
  --data-urlencode "filter=protocol = 'TLS'"

Was this page helpful? Provide Feedback

Version v12.1.1

On this page: