Download Risk Profile File

Downloads a risk profile file in either XML or XLSX format. The XML file represents the last updated definitive risk profile, which may have undergone additional updates. The XLSX option downloads a record of the most recently uploaded Excel file.

Resource name: /api/v1/risks/profiles/{profileName}/download

Request Method: GET

Request parameters:

Parameter	Type	Description
fileType mandatory	string	Requested file type - xml (default) or xlsx. The XML file constitutes the last updated definitive risk profile, which may have undergone additional updates. The XLSX option downloads a record of the most recently uploaded Excel file.
profileName mandatory	string	Profile Name. To get the profile name, use GET /api/v1/risks/profiles method from the Risk Profile Resource Group.

Parameter

Type

Description

fileType

mandatory

string

Requested file type - xml (default) or xlsx. The XML file constitutes the last updated definitive risk profile, which may have undergone additional updates. The XLSX option downloads a record of the most recently uploaded Excel file.

profileName

mandatory

string

Profile Name. To get the profile name, use GET /api/v1/risks/profiles method from the Risk Profile Resource Group.

cUrl Example:

curl -X GET "https://<localhost>/api/v1/risks/profiles/{profileName}/download?fileType=xml"

Status codes:

Code	Description
200	Risk profile file
401	Unauthorized
404	Risk profile file doesn't exist

Response example success 200 (xml):

Displays the risk profile file in the specified format that can be copied to a text file.

<?xml version="1.0" encoding="UTF-8"?>
<Misconfigs>
<Notes>for test</Notes>
<NotInheritedFromStandard>true</NotInheritedFromStandard>


<Item id="U01">
<Code>U01</Code>
<Brand>Any</Brand>
<Type>queries</Type>
<Title>algosec_1_chargen_tcp from Outside can reach Inside</Title>
<Risk>Susp_High</Risk>
<XQL>Queries/QIndex[@name = &quot;q_srv_Outside_Inside&quot;] 
		/QEntry[
			@srv = &quot;algosec_1_chargen_tcp&quot;
		] 
		/QRes[
			@n_risky_dst_ips   $ne$ 0     $and$ 
			@n_risky_src_ips   $ne$ 0     $and$ 
			@is_vpn $ne$ &quot;yes&quot; 
		]</XQL>
<Assessment>Your network is accessible from the %HGRP{Outside} using the  
%SRV{algosec_1_chargen_tcp} service. 
%QREF{q_srv_Outside_Inside:algosec_1_chargen_tcp} 
&lt;br&gt;
Number of Outside IP addresses that have access: %N_SRC_IMPACT_IPS 
&lt;br&gt;
Number of exposed Inside addresses: %N_DST_IMPACT_IPS  
&lt;p&gt; 

%PCIDS
	</Assessment>
<Remedy>Modify your rules so %SRV{algosec_1_chargen_tcp} is not allowed to enter your network  
 from the %HGRP{Outside}.
	</Remedy>
<Description>test descript</Description>
<Supress/>
<Parsed_XQL from="EXTERNAL" to="INTERNAL" service="algosec_1_chargen_tcp" type="basic" vpn_trust="yes"/>
</Item>



<Item id="U02">
<Code>U02</Code>
<Brand>Any</Brand>
<Type>queries</Type>
<Title>Traffic not allowed by PCI can reach AIRM-PRD-AP_AIRM_A_PRD_APP_EPG_PRD</Title>
<Risk>Medium</Risk>
<XQL>Queries/QIndex[@name = &quot;q_srv_UserHG_UserHG&quot;] 
		/QEntry[
			@srv = &quot;algosec_200_300&quot; $and$
			@src = &quot;unnamed_riskU02_src&quot; $and$
			@dst = &quot;unnamed_riskU02_dst&quot;			
		] 
		/QRes[
			@n_dst_ips   $ne$ 0     $and$ 
			@n_src_ips   $ne$ 0		
		]</XQL>
<Assessment>The PCI zone (%HGRP{unnamed_riskU02_dst}), which includes servers storing cardholder data,
is accessible using services among those listed in %SRV{algosec_200_300}. 
PCI DSS requirement 1.1.5 requires you to document such services.
%QREF{q_srv_UserHG_UserHG:algosec_200_300} 
&lt;br&gt;
&lt;br&gt;
Number of source IP addresses that have access: %N_SRC_IMPACT_IPS_COUNT_VPN 
&lt;br&gt;
Number of reachable destination IP addresses: %N_DST_IMPACT_IPS_COUNT_VPN  
&lt;p&gt; 

	</Assessment>
<Remedy>Review the rules that allow %SRV{algosec_200_300} 
into the PCI zone (%HGRP{unnamed_riskU02_dst}). 
You can press the Details button to see the list of rules 
and limit their destinations. 

Remove any unnecessary rules, and eliminate any services that are not required.
If the remaining services that are necessary for business still trigger this risk item
consider white-listing them. To do so please go to the
%HREF{fwaindex_rules.html}{Risky Rules} tab, and click the &quot;Trust&quot; button 
next to the rules allowing the flagged traffic. 
	</Remedy>
<Description>Traffic not allowed by PCI can reach the PCI zone.</Description>
<Supress/>
<Parsed_XQL from="" to="" service="algosec_200_300" type="PCI" vpn_trust="yes"/>
<Hostgroups_defs dst_def="AIRM-PRD-AP_AIRM_A_PRD_APP_EPG_PRD" dst_name="unnamed_riskU02_dst" src_def="*,A_Hb-Mut-Prod-Rev-Oper_671_ESB-WSO_0000" src_name="unnamed_riskU02_src" serviceH="algosec_200_300"/>
</Item>
</Misconfigs>

Response example failure 400:

{
  "error": "Bad Request",
  "message": "Invalid request parameters"
}

Yes No

Send Feedback

Sorry about that

Why wasn't this helpful? (check all that apply)

Couldn't find what I was looking for

Instructions confusing or unclear

Instructions didn't work

Thanks for your feedback!

Great!

Thanks for taking the time to give us your feedback.

ASMS
- ASMS
- AlgoSec Cloud
- ObjectFlow
- Prevasio
- AlgoBot
Version: A33.00
- Earlier Versions

Search Tips

Use a different search method

AlgoSec Documentation supports the following search methods: