Get Risk Profile Data

Retrieves the properties and values of a specified risk profile in JSON format.

Resource name: /api/v1/risks/profiles/{profileName}

Request method: GET

Request parameters

Parameter Type Description
profileName

mandatory

string Profile Name. To get the profile name, use GET /api/v1/risks/profiles method from the Risk Profile Resource Group.

cUrl Example

curl -X GET "https://<localhost>/api/v1/risks/profiles/{profileName}"			

Status codes

Code Description
200 Risk profile data
401 Unauthorized
404 Risk profile doesn't exist

Response parameters

Parameter Type Description
items array Array of RiskProfileItem objects
notInheritedFromStandard boolean

Indicates if the profile settings are unique and not inherited from a standard configuration.

  • true: profile settings are unique and not inherited from a standard configuration.

  • false: profile settings are not unique and inherited from a standard configuration.

revision string The version or revision number of the risk profile.
spreadsheetFileName string Name of the associated spreadsheet file. Shown only when the risk profile was created from a spreadsheet.
spreadsheetGroupsPrefix string Prefix used for groups, if specified in the spreadsheet.

Response example success 200

{
  "notInheritedFromStandard": "true",
  "items": [
    {
      "id": "U01",
      "Code": "U01",
      "Brand": "Any",
      "Type": "queries",
      "Title": "algosec_1_TCP_udp_9009 from Outside can reach Inside",
      "Risk": "Medium",
      "XQL": "Queries/QIndex[@name = \"q_srv_Outside_Inside\"] \n\t\t/QEntry[\n\t\t\t@srv = \"algosec_1_TCP_udp_9009\"\n\t\t] \n\t\t/QRes[\n\t\t\t@n_risky_dst_ips   $ne$ 0     $and$ \n\t\t\t@n_risky_src_ips   $ne$ 0     $and$ \n\t\t\t@is_vpn $ne$ \"yes\" \n\t\t]",
      "Parsed_XQL": {
        "from": "EXTERNAL",
        "to": "INTERNAL",
        "type": "basic",
        "service": "algosec_1_TCP_udp_9009",
        "vpn_trust": "yes"
      },
      "Assessment": "Your network is accessible from the %HGRP{Outside} using the  \n%SRV{algosec_1_TCP_udp_9009} service. \n%QREF{q_srv_Outside_Inside:algosec_1_TCP_udp_9009} \n<br>\nNumber of Outside IP addresses that have access: %N_SRC_IMPACT_IPS \n<br>\nNumber of exposed Inside addresses: %N_DST_IMPACT_IPS  \n<p> \n\n%PCIDS\n\t",
      "Remedy": "Modify your rules so %SRV{algosec_1_TCP_udp_9009} is not allowed to enter your network  \n from the %HGRP{Outside}.\n\t",
      "Description": "Description test"
    },
    {
      "id": "U02",
      "Code": "U02",
      "Brand": "Any",
      "Type": "queries",
      "Title": "algosec_administratively_prohibited from Outside can reach over 1 IP addresses in Inside",
      "Risk": "Low",
      "XQL": "Queries/QIndex[@name = \"q_srv_Outside_Inside\"] \n\t\t/QEntry[\n\t\t\t@srv = \"algosec_administratively_prohibited\" $and$ \n\t\t\teval(\"1\",\"Number\") $lt$ @n_dst_impact_ips\n\t\t] \n\t\t/QRes[\n\t\t\t@n_risky_dst_ips   $ne$ 0     $and$ \n\t\t\t@n_risky_src_ips   $ne$ 0     $and$ \n\t\t\t@is_vpn $ne$ \"yes\" \n\t\t]",
      "Parsed_XQL": {
        "from": "EXTERNAL",
        "to": "INTERNAL",
        "type": "destination_threshold",
        "service": "algosec_administratively_prohibited",
        "amount": "1",
        "vpn_trust": "yes"
      },
      "Assessment": "Over 1 IP addresses on your network are reachable  \nfrom the %HGRP{Outside} using  \nthe %SRV{algosec_administratively_prohibited} service.  \n%QREF{q_srv_Outside_Inside:algosec_administratively_prohibited} \n<br>\nNumber of Outside IP addresses that have access: %N_SRC_IMPACT_IPS\n<br>\nNumber of exposed Inside addresses: %N_DST_IMPACT_IPS \n<br>\n \n%PCIDS\n\t",
      "Remedy": "Review the rules that allow %SRV{algosec_administratively_prohibited} access from the \n%HGRP{Outside} (you can press the Details button to see the list of rules) \nand limit their destinations. \n\t"
    },
    {
      "id": "U03",
      "Code": "U03",
      "Brand": "Any",
      "Type": "queries",
      "Title": "Over 2 IP addresses in Outside can send algosec_600_2000 to Inside",
      "Risk": "Medium",
      "XQL": "Queries/QIndex[@name = \"q_srv_Outside_Inside\"] \n\t\t/QEntry[\n\t\t\t@srv = \"algosec_600_2000\" $and$ \n\t\t\teval(\"2\",\"Number\") $lt$ @n_src_impact_ips \n\t\t] \n\t\t/QRes[\n\t\t\t@n_risky_dst_ips   $ne$ 0     $and$ \n\t\t\t@n_risky_src_ips   $ne$ 0     $and$ \n\t\t\t@is_vpn $ne$ \"yes\" \n\t\t]",
      "Parsed_XQL": {
        "from": "EXTERNAL",
        "to": "INTERNAL",
        "type": "source_threshold",
        "service": "algosec_600_2000",
        "amount": "2",
        "vpn_trust": "yes"
      },
      "Assessment": "Over 2 IP addresses from the %HGRP{Outside} are allowed to use %SRV{algosec_600_2000} \nto enter to the %HGRP{Inside}. \n%QREF{q_srv_Outside_Inside:algosec_600_2000} \n<br>\nNumber of Outside IP addresses that have access: %N_SRC_IMPACT_IPS\n<br>\nNumber of reachable Inside addresses: %N_DST_IMPACT_IPS \n<br>\n \n%PCIDS\n\t",
      "Remedy": "Review the rules that allow outbound %SRV{algosec_600_2000} access \n(you can press the Details button to see the list of rules) \nand limit their sources to IP addresses that require such access. \n\t"
    },
    {
      "id": "U04",
      "Code": "U04",
      "Brand": "Any",
      "Type": "queries",
      "Title": "algosec_admin_https from Host_10.137.6.124 can reach 8.8.8.8",
      "Risk": "Medium",
      "XQL": "Queries/QIndex[@name = \"q_srv_UserHG_UserHG\"] \n\t\t/QEntry[\n\t\t\t@srv = \"algosec_admin_https\" $and$\n\t\t\t@src = \"unnamed_riskU04_src\" $and$\n\t\t\t@dst = \"unnamed_riskU04_dst\"\t\t\t\n\t\t] \n\t\t/QRes[\n\t\t\t@n_dst_ips   $ne$ 0     $and$ \n\t\t\t@n_src_ips   $ne$ 0\t\t\n\t\t]",
      "Parsed_XQL": {
        "type": "hostgroups",
        "service": "algosec_admin_https",
        "vpn_trust": "yes"
      },
      "Hostgroups_defs": {
        "dstDefinition": "8.8.8.8",
        "dstName": "unnamed_riskU04_dst",
        "srcDefinition": "Host_10.137.6.124",
        "srcName": "unnamed_riskU04_src",
        "service": "algosec_admin_https"
      },
      "Supress": "U01",
      "Assessment": "Machines with IP addresses in %HGRP{unnamed_riskU04_src} \ncan access machines with IP addresses in %HGRP{unnamed_riskU04_dst}\nusing the %SRV{algosec_admin_https} service. \n%QREF{q_srv_UserHG_UserHG:algosec_admin_https} \n<br>\n<br>\nNumber of source IP addresses that have access: %N_SRC_IMPACT_IPS_COUNT_VPN \n<br>\nNumber of reachable destination IP addresses: %N_DST_IMPACT_IPS_COUNT_VPN  \n<p> \n\n\t",
      "Remedy": "Modify your rules so %SRV{algosec_admin_https} is not allowed from %HGRP{unnamed_riskU04_src} to %HGRP{unnamed_riskU04_dst}.\n\t"
    }
  ]
}

Response example failure 400

{
  "error": "Bad Request",
  "message": "Invalid request parameters"
}