Overview
The Cloud Risk Summary Generator is a security-focused API that synthesizes cloud infrastructure risk assessments into actionable summaries. It analyzes multi-cloud deployments across AWS, Azure, GCP, and other providers to identify, categorize, and contextualize security exposures within specific environments and service architectures.
This tool is designed for cloud security engineers, compliance teams, and DevSecOps professionals who need rapid risk quantification and executive-level reporting on cloud infrastructure posture. By consolidating exposure data with environmental and service context, the API generates structured risk narratives that facilitate remediation prioritization and stakeholder communication.
The generator supports complex cloud environments with multiple services and heterogeneous exposure types, making it suitable for enterprises managing hybrid and multi-cloud infrastructures at scale.
Usage
Sample Request
CODEBLOCK0
Sample Response
CODEBLOCK1
Endpoints
POST /generate-risk-summary
Generates a comprehensive risk summary for a cloud infrastructure configuration.
Method: �INLINECODE0
Path: �INLINECODE1
Description: Analyzes cloud provider configuration, environment details, active services, and identified security exposures to produce a structured risk summary with severity assessment and remediation context.
Request Body (application/json):
| Parameter | Type | Required | Description |
|---|
| INLINECODE2 | string | Yes | Cloud service provider (e.g., "aws", "azure", "gcp") |
| INLINECODE3 |
string | Yes | Deployment environment (e.g., "production", "staging", "development") |
|
services | array[string] | Yes | List of cloud services in use (e.g., ["ec2", "s3", "rds"]) |
|
exposures | array[Exposure] | Yes | Array of identified security exposures, each with issue and impact description |
Exposure Object:
| Parameter | Type | Required | Description |
|---|
| INLINECODE6 | string | Yes | Description of the security issue or vulnerability |
| INLINECODE7 |
string | Yes | Description of potential business impact if exploited |
Response (200 - Success):
Returns a JSON object containing:
- -
summary (string): Executive-level risk summary text - INLINECODE9� (string): Overall risk classification (e.g., "critical", "high", "medium", "low")
- INLINECODE10� (string): Echoed provider identifier
- INLINECODE11� (string): Echoed environment name
- INLINECODE12� (integer): Total number of exposures analyzed
- INLINECODE13� (array[string]): Services impacted by identified exposures
- INLINECODE14� (array): Detailed breakdown of each exposure with severity assessment
Response (422 - Validation Error):
CODEBLOCK2
Pricing
| Plan | Calls/Day | Calls/Month | Price |
|---|
| Free | 5 | 50 | Free |
| Developer |
20 | 500 | $39/mo |
| Professional | 200 | 5,000 | $99/mo |
| Enterprise | 100,000 | 1,000,000 | $299/mo |
About
ToolWeb.in - 200+ security APIs, CISSP & CISM, platforms: Pay-per-run, API Gateway, MCP Server, OpenClaw, RapidAPI, YouTube.
References
- - Kong Route: https://api.mkkpro.com/compliance/cloud-risk-summary
- API Docs: https://api.mkkpro.com:8027/docs
技能名称:云风险摘要生成器
详细描述:
概述
云风险摘要生成器是一款专注于安全领域的API,可将云基础设施风险评估整合为可操作的摘要。它分析跨AWS、Azure、GCP及其他云服务商的多云部署,识别、分类并关联特定环境和服务架构中的安全暴露点。
该工具专为云安全工程师、合规团队及DevSecOps专业人员设计,满足其对云基础设施态势进行快速风险量化及生成高管级报告的需求。通过将暴露数据与环境及服务上下文相结合,该API生成结构化的风险描述,便于确定修复优先级及与利益相关方沟通。
生成器支持包含多种服务和异构暴露类型的复杂云环境,适用于管理大规模混合云和多云基础设施的企业。
使用说明
示例请求
json
{
provider: aws,
environment: production,
services: [
ec2,
s3,
rds,
lambda
],
exposures: [
{
issue: 公开可访问的S3存储桶,
impact: 影响10GB客户个人身份信息的机密性泄露
},
{
issue: 未加密的RDS实例,
impact: 影响财务记录的静态数据漏洞
},
{
issue: Lambda执行角色的IAM策略权限过大,
impact: 存在横向移动至其他AWS服务的风险
}
]
}
示例响应
json
{
summary: AWS生产环境在4项服务中存在3个关键安全暴露点。需立即处理S3公开访问和RDS加密问题。Lambda的IAM权限需进行最小权限审查。,
risk_level: high,
provider: aws,
environment: production,
exposure_count: 3,
affected_services: [
ec2,
s3,
rds,
lambda
],
exposures_analyzed: [
{
issue: 公开可访问的S3存储桶,
impact: 影响10GB客户个人身份信息的机密性泄露,
severity: critical
},
{
issue: 未加密的RDS实例,
impact: 影响财务记录的静态数据漏洞,
severity: critical
},
{
issue: Lambda执行角色的IAM策略权限过大,
impact: 存在横向移动至其他AWS服务的风险,
severity: high
}
]
}
接口端点
POST /generate-risk-summary
为云基础设施配置生成全面的风险摘要。
方法: POST
路径: /generate-risk-summary
描述: 分析云服务商配置、环境详情、活跃服务及已识别的安全暴露点,生成包含严重性评估和修复上下文的结构化风险摘要。
请求体(application/json):
| 参数 | 类型 | 必填 | 描述 |
|---|
| provider | string | 是 | 云服务提供商(例如:aws, azure, gcp) |
| environment |
string | 是 | 部署环境(例如:production, staging, development) |
| services | array[string] | 是 | 正在使用的云服务列表(例如:[ec2, s3, rds]) |
| exposures | array[Exposure] | 是 | 已识别的安全暴露点数组,每个包含问题和影响描述 |
暴露对象:
| 参数 | 类型 | 必填 | 描述 |
|---|
| issue | string | 是 | 安全问题或漏洞的描述 |
| impact |
string | 是 | 若被利用可能产生的业务影响描述 |
响应(200 - 成功):
返回一个JSON对象,包含:
- - summary (string):高管级别的风险摘要文本
- risklevel (string):总体风险分类(例如:critical, high, medium, low)
- provider (string):回显的提供商标识符
- environment (string):回显的环境名称
- exposurecount (integer):已分析的暴露点总数
- affectedservices (array[string]):受已识别暴露点影响的服务
- exposuresanalyzed (array):每个暴露点的详细分解及严重性评估
响应(422 - 验证错误):
json
{
detail: [
{
loc: [body, provider],
msg: field required,
type: value_error.missing
}
]
}
定价
| 套餐 | 每日调用次数 | 每月调用次数 | 价格 |
|---|
| 免费版 | 5 | 50 | 免费 |
| 开发者版 |
20 | 500 | $39/月 |
| 专业版 | 200 | 5,000 | $99/月 |
| 企业版 | 100,000 | 1,000,000 | $299/月 |
关于我们
ToolWeb.in - 200+安全API,CISSP & CISM认证,平台:按次付费、API网关、MCP服务器、OpenClaw、RapidAPI、YouTube。
参考信息
- - Kong路由: https://api.mkkpro.com/compliance/cloud-risk-summary
- API文档: https://api.mkkpro.com:8027/docs
