Vanta Developer Console
API Reference

Create risk scenario

post
https://api.vanta.com/v1/risk-scenarios

Create a new risk scenario.

Body Params
string
required

This describes an actual or potential risk to your organization's people, processes, technology, data, and facilities. Document actual issues or likely scenarios based on your specific environment or a potential vulnerability.

string

The unique ID of the risk. Used to reference and update existing risks. We will auto-generate one if one isn't specified.

boolean
deprecated

If set to true this risk can only be seen by its owner or users with Admin, RiskSensitiveManage or RiskSensitiveView permissions.

double

Represents the probability of an incident occurring due to this risk or vulnerability, expressed as a numerical score. Defaults to a range of 1-5, where higher values indicate greater likelihood. The range can be customized in the Risk Management settings.

double

Represents the potential severity of harm to your organization’s operations if this risk is exploited, expressed as a numerical score. Defaults to a range of 1-5, where higher values indicate greater impact. The range can be customized in the Risk Management settings.

double

Represents the adjusted probability of this risk being exploited or affecting operations after implementing risk treatments, such as controls or mitigations. Expressed as a numerical score, defaulting to a range of 1-5. The range can be customized in the Risk Management settings.

double

Represents the adjusted severity of harm to your organization’s operations if this risk is exploited after implementing risk treatments, such as controls or mitigations. Expressed as a numerical score, defaulting to a range of 1-5. The range can be customized in the Risk Management settings.

categories
array of strings

The list of categories this risk scenario belongs to. Each element in the list will become a new custom category if it doesn't match an existing one. You can reference the current category options in the Risk Management settings and/or enter new values.

categories
ciaCategories
array of objects

Enter a list of the following for the type of risk documented:

  • Confidentiality: Risk to data stores, customer/sensitive information, etc.
  • Integrity: Risk to accuracy or integrity of system settings and/or data
  • Availability: Risk to normal service operations and critical system functionality
ciaCategories
string
enum

Indicate how your leadership team wants to address an identified risk. Please note: not all risks need to be addressed immediately (or at all). Your Risk Treatment decision will depend on multiple factors, such as your organization's risk tolerance and the value of the asset that the risk is associated with. The options are:

  • Mitigate: Identify controls to put in place or tasks to be done that will reduce the risk score.
  • Transfer: Move risk outside of your organization's set of responsibilities e.g. get cyber liability insurance.
  • Avoid: Stop doing the activity which is causing the risk to your organization and its assets.
  • Accept: Decide to live with the risk and take no further actions. - Accept: decide to live with the risk; this may be because it is highly unlikely, has a low financial or operational impact, or the cost and effort to treat the risk far exceeds the value of the asset
Allowed:
string

The person responsible for tracking and mitigating this risk scenario. This should be the email address of a valid Vanta user.

string

Additional context about the risk scenario and why it has specific impact and likelihood scores.

string

Name of the risk register to associate with this scenario.

This field must be set if the organization has multiple registers.

customFields
array of objects

The list of custom attributes. You can reference existing custom attributes in the Risk Management settings and/or create new ones. The format is:

  • {label: "field-name", value: "string-representation"} for text, date, number and currency fields
  • {label: "field-name", value: ["option1", "option2"]} for picklist fields
customFields
string
enum

The type of risk scenario to create.

  • "Risk Scenario": Standard risk scenario (default)
  • "Enterprise Risk": Enterprise-level risk (requires Enterprise Risk Management SKU)

Enterprise risks cannot be associated with a risk register. Defaults to "Risk Scenario" if not specified.

Allowed:
Response

Updated about 1 year ago

Language
Credentials
Bearer
Response 
Click Try It! to start a request and see the response here! Or choose an example:
application/json
Updated about 1 year ago