Get Risk Profile Data
Retrieves the properties and values of a specified risk profile in JSON format.
Resource name: /api/v1/risks/profiles/{profileName}
Request method: GET
Request parameters
Parameter | Type | Description |
---|---|---|
profileName
mandatory |
string | Profile Name. To get the profile name, use GET /api/v1/risks/profiles method from the Risk Profile Resource Group. |
cUrl Example
curl -X GET "https://<localhost>/api/v1/risks/profiles/{profileName}"
Status codes
Code | Description |
---|---|
200 | Risk profile data |
401 | Unauthorized |
404 | Risk profile doesn't exist |
Response parameters
Parameter | Type | Description |
---|---|---|
items | array | Array of RiskProfileItem objects |
notInheritedFromStandard | boolean |
Indicates if the profile settings are unique and not inherited from a standard configuration.
|
revision | string | The version or revision number of the risk profile. |
spreadsheetFileName | string | Name of the associated spreadsheet file. Shown only when the risk profile was created from a spreadsheet. |
spreadsheetGroupsPrefix | string | Prefix used for groups, if specified in the spreadsheet. |
Response example success 200
{ "notInheritedFromStandard": "true", "items": [ { "id": "U01", "Code": "U01", "Brand": "Any", "Type": "queries", "Title": "algosec_1_TCP_udp_9009 from Outside can reach Inside", "Risk": "Medium", "XQL": "Queries/QIndex[@name = \"q_srv_Outside_Inside\"] \n\t\t/QEntry[\n\t\t\t@srv = \"algosec_1_TCP_udp_9009\"\n\t\t] \n\t\t/QRes[\n\t\t\t@n_risky_dst_ips $ne$ 0 $and$ \n\t\t\t@n_risky_src_ips $ne$ 0 $and$ \n\t\t\t@is_vpn $ne$ \"yes\" \n\t\t]", "Parsed_XQL": { "from": "EXTERNAL", "to": "INTERNAL", "type": "basic", "service": "algosec_1_TCP_udp_9009", "vpn_trust": "yes" }, "Assessment": "Your network is accessible from the %HGRP{Outside} using the \n%SRV{algosec_1_TCP_udp_9009} service. \n%QREF{q_srv_Outside_Inside:algosec_1_TCP_udp_9009} \n<br>\nNumber of Outside IP addresses that have access: %N_SRC_IMPACT_IPS \n<br>\nNumber of exposed Inside addresses: %N_DST_IMPACT_IPS \n<p> \n\n%PCIDS\n\t", "Remedy": "Modify your rules so %SRV{algosec_1_TCP_udp_9009} is not allowed to enter your network \n from the %HGRP{Outside}.\n\t", "Description": "Description test" }, { "id": "U02", "Code": "U02", "Brand": "Any", "Type": "queries", "Title": "algosec_administratively_prohibited from Outside can reach over 1 IP addresses in Inside", "Risk": "Low", "XQL": "Queries/QIndex[@name = \"q_srv_Outside_Inside\"] \n\t\t/QEntry[\n\t\t\t@srv = \"algosec_administratively_prohibited\" $and$ \n\t\t\teval(\"1\",\"Number\") $lt$ @n_dst_impact_ips\n\t\t] \n\t\t/QRes[\n\t\t\t@n_risky_dst_ips $ne$ 0 $and$ \n\t\t\t@n_risky_src_ips $ne$ 0 $and$ \n\t\t\t@is_vpn $ne$ \"yes\" \n\t\t]", "Parsed_XQL": { "from": "EXTERNAL", "to": "INTERNAL", "type": "destination_threshold", "service": "algosec_administratively_prohibited", "amount": "1", "vpn_trust": "yes" }, "Assessment": "Over 1 IP addresses on your network are reachable \nfrom the %HGRP{Outside} using \nthe %SRV{algosec_administratively_prohibited} service. \n%QREF{q_srv_Outside_Inside:algosec_administratively_prohibited} \n<br>\nNumber of Outside IP addresses that have access: %N_SRC_IMPACT_IPS\n<br>\nNumber of exposed Inside addresses: %N_DST_IMPACT_IPS \n<br>\n \n%PCIDS\n\t", "Remedy": "Review the rules that allow %SRV{algosec_administratively_prohibited} access from the \n%HGRP{Outside} (you can press the Details button to see the list of rules) \nand limit their destinations. \n\t" }, { "id": "U03", "Code": "U03", "Brand": "Any", "Type": "queries", "Title": "Over 2 IP addresses in Outside can send algosec_600_2000 to Inside", "Risk": "Medium", "XQL": "Queries/QIndex[@name = \"q_srv_Outside_Inside\"] \n\t\t/QEntry[\n\t\t\t@srv = \"algosec_600_2000\" $and$ \n\t\t\teval(\"2\",\"Number\") $lt$ @n_src_impact_ips \n\t\t] \n\t\t/QRes[\n\t\t\t@n_risky_dst_ips $ne$ 0 $and$ \n\t\t\t@n_risky_src_ips $ne$ 0 $and$ \n\t\t\t@is_vpn $ne$ \"yes\" \n\t\t]", "Parsed_XQL": { "from": "EXTERNAL", "to": "INTERNAL", "type": "source_threshold", "service": "algosec_600_2000", "amount": "2", "vpn_trust": "yes" }, "Assessment": "Over 2 IP addresses from the %HGRP{Outside} are allowed to use %SRV{algosec_600_2000} \nto enter to the %HGRP{Inside}. \n%QREF{q_srv_Outside_Inside:algosec_600_2000} \n<br>\nNumber of Outside IP addresses that have access: %N_SRC_IMPACT_IPS\n<br>\nNumber of reachable Inside addresses: %N_DST_IMPACT_IPS \n<br>\n \n%PCIDS\n\t", "Remedy": "Review the rules that allow outbound %SRV{algosec_600_2000} access \n(you can press the Details button to see the list of rules) \nand limit their sources to IP addresses that require such access. \n\t" }, { "id": "U04", "Code": "U04", "Brand": "Any", "Type": "queries", "Title": "algosec_admin_https from Host_10.137.6.124 can reach 8.8.8.8", "Risk": "Medium", "XQL": "Queries/QIndex[@name = \"q_srv_UserHG_UserHG\"] \n\t\t/QEntry[\n\t\t\t@srv = \"algosec_admin_https\" $and$\n\t\t\t@src = \"unnamed_riskU04_src\" $and$\n\t\t\t@dst = \"unnamed_riskU04_dst\"\t\t\t\n\t\t] \n\t\t/QRes[\n\t\t\t@n_dst_ips $ne$ 0 $and$ \n\t\t\t@n_src_ips $ne$ 0\t\t\n\t\t]", "Parsed_XQL": { "type": "hostgroups", "service": "algosec_admin_https", "vpn_trust": "yes" }, "Hostgroups_defs": { "dstDefinition": "8.8.8.8", "dstName": "unnamed_riskU04_dst", "srcDefinition": "Host_10.137.6.124", "srcName": "unnamed_riskU04_src", "service": "algosec_admin_https" }, "Supress": "U01", "Assessment": "Machines with IP addresses in %HGRP{unnamed_riskU04_src} \ncan access machines with IP addresses in %HGRP{unnamed_riskU04_dst}\nusing the %SRV{algosec_admin_https} service. \n%QREF{q_srv_UserHG_UserHG:algosec_admin_https} \n<br>\n<br>\nNumber of source IP addresses that have access: %N_SRC_IMPACT_IPS_COUNT_VPN \n<br>\nNumber of reachable destination IP addresses: %N_DST_IMPACT_IPS_COUNT_VPN \n<p> \n\n\t", "Remedy": "Modify your rules so %SRV{algosec_admin_https} is not allowed from %HGRP{unnamed_riskU04_src} to %HGRP{unnamed_riskU04_dst}.\n\t" } ] }
Response example failure 400
{ "error": "Bad Request", "message": "Invalid request parameters" }