Li, Qiao a5e72d5590 HSS API 20240206 version

Reviewed-by: Belejkanic, Lukas <lukas.belejkanic@t-systems.com>
Reviewed-by: Drobnak, David <david.drobnak@t-systems.com>
Co-authored-by: Li, Qiao <qiaoli@huawei.com>
Co-committed-by: Li, Qiao <qiaoli@huawei.com>

2024-05-28 20:54:21 +00:00

21 KiB

Raw Permalink Blame History

Querying the Checklist of a Security Configuration Item

Function

This API is used to query the checklist of a specified security configuration item.

URI

GET /v5/{project_id}/baseline/risk-config/{check_name}/check-rules

**Table 1** Path Parameters
Parameter	Mandatory	Type	Description
project_id	Yes	String	Project ID Minimum: 20 Maximum: 64
check_name	Yes	String	Name of the configuration check (baseline), for example, SSH, CentOS 7, and Windows. Minimum: 0 Maximum: 256

**Table 2** Query Parameters
Parameter	Mandatory	Type	Description
enterprise_project_id	No	String	Enterprise project ID. The value 0 indicates the default enterprise project. To query all enterprise projects, set this parameter to all_granted_eps. Default: 0 Minimum: 0 Maximum: 64
standard	Yes	String	hw_standard: Cloud security practice standard
result_type	No	String	Result type. Its value can be: safe: The item passed the check. unhandled: The item failed the check and is not ignored. ignored: The item failed the check but is ignored. Default: unhandled
check_rule_name	No	String	Check item name. Fuzzy match is supported. Minimum: 0 Maximum: 2048
severity	No	String	Risk level. Its value can be: Security Low Medium High Critical
host_id	No	String	Server ID. If this parameter is not specified, all the servers of the user are queried. Minimum: 0 Maximum: 64
limit	No	Integer	Number of records displayed on each page. Minimum: 0 Maximum: 200 Default: 10
offset	No	Integer	Offset, which specifies the start position of the record to be returned. Minimum: 0 Maximum: 2000000 Default: 0

Request Parameters

**Table 3** Request header parameters
Parameter	Mandatory	Type	Description
X-Auth-Token	Yes	String	User token. Minimum: 32 Maximum: 2097152

Response Parameters

Status code: 200

**Table 4** Response body parameters
Parameter	Type	Description
total_num	Long	Total risks Minimum: 0 Maximum: 9223372036854775807
data_list	Array of CheckRuleRiskInfoResponseInfo objects	Data list Array Length: 0 - 2147483647

**Table 5** CheckRuleRiskInfoResponseInfo
Parameter	Type	Description
severity	String	Risk level. Its value can be: Low Medium High Minimum: 0 Maximum: 255
check_name	String	Name of the configuration check (baseline), for example, SSH, CentOS 7, and Windows. Minimum: 0 Maximum: 256
check_type	String	Baseline type. The values for check_type and check_name are the same for Linux servers. For example, they can both be set to SSH or CentOS 7. For Windows servers, the values for check_type and check_name are different. For example, check_type can be set to Windows Server 2019 R2 or Windows Server 2016 R2. Minimum: 0 Maximum: 256
standard	String	hw_standard: Cloud security practice standard
check_rule_name	String	Check item name Minimum: 0 Maximum: 2048
check_rule_id	String	Check item ID Minimum: 0 Maximum: 64
host_num	Integer	The number of servers on which the current baseline detection is performed. Minimum: 0 Maximum: 2147483647
scan_result	String	Detection result. Its value can be: pass failed
status	String	Status. Its value can be: safe ignored unhandled
enable_fix	Integer	Indicates whether one-click repair is supported. 1: yes; 0: no.
rule_params	Array of CheckRuleFixParamInfo objects	Range of parameters applicable to the check items that can be fixed by parameter transfer. This API is returned only for check items that support parameter transfer fix. Array Length: 0 - 2147483647

**Table 6** CheckRuleFixParamInfo
Parameter	Type	Description
rule_param_id	Integer	Check item parameter ID Minimum: 0 Maximum: 10
rule_desc	String	Check item parameter description Minimum: 0 Maximum: 256
default_value	Integer	Default values of check item parameters Minimum: 0 Maximum: 2147483647
range_min	Integer	Minimum value of check item parameters Minimum: 0 Maximum: 2147483647
range_max	Integer	Minimum value of check item parameters Minimum: 0 Maximum: 2147483647

Example Requests

This API is used to query the check items whose baseline name is SSH, check standard is cloud security practice standard, and enterprise project ID is xxx.

GET https://{endpoint}/v5/{project_id}/baseline/risk-config/SSH/check-rules?standard=hw_standard&enterprise_project_id=xxx

{
  "standard" : "hw_standard"
}

Example Responses

Status code: 200

checklist of the specified security configuration item

{
  "total_num" : 1,
  "data_list" : [ {
    "check_rule_id" : "1.1",
    "check_rule_name" : "Rule:Ensure that permissions on /etc/ssh/sshd_config are configured.",
    "check_type" : "SSH",
    "host_num" : 2,
    "scan_result" : "failed",
    "severity" : "High",
    "status" : "unhandled",
    "enable_fix" : 1,
    "enable_click" : true,
    "rule_params" : [ {
      "rule_param_id" : 1,
      "rule_desc" : "Set the timeout duration.",
      "default_value" : 5,
      "range_min" : 1,
      "range_max" : 10
    }, {
      "rule_param_id" : 2,
      "rule_desc" : "Set the number of restarts.",
      "default_value" : 10,
      "range_min" : 1,
      "range_max" : 20
    } ]
  } ]
}

Status Codes

Status Code	Description
200	checklist of the specified security configuration item

Error Codes

See Error Codes.

Parent topic: Baseline Management

21 KiB Raw Permalink Blame History