Download Risk Profile File

Downloads a risk profile file in either XML or XLSX format. The XML file represents the last updated definitive risk profile, which may have undergone additional updates. The XLSX option downloads a record of the most recently uploaded Excel file.

Resource name: /api/v1/risks/profiles/{profileName}/download

Request Method: GET

Request parameters:

Parameter Type Description

fileType

mandatory

string Requested file type - xml (default) or xlsx. The XML file constitutes the last updated definitive risk profile, which may have undergone additional updates. The XLSX option downloads a record of the most recently uploaded Excel file.

profileName

mandatory

string Profile Name. To get the profile name, use GET /api/v1/risks/profiles method from the Risk Profile Resource Group.

cUrl Example:

curl -X GET "https://<localhost>/api/v1/risks/profiles/{profileName}/download?fileType=xml"

Status codes:

Code Description
200 Risk profile file
401 Unauthorized
404 Risk profile file doesn't exist

Response example success 200 (xml):

Displays the risk profile file in the specified format that can be copied to a text file.

<?xml version="1.0" encoding="UTF-8"?>
<Misconfigs>
<Notes>for test</Notes>
<NotInheritedFromStandard>true</NotInheritedFromStandard>


<Item id="U01">
<Code>U01</Code>
<Brand>Any</Brand>
<Type>queries</Type>
<Title>algosec_1_chargen_tcp from Outside can reach Inside</Title>
<Risk>Susp_High</Risk>
<XQL>Queries/QIndex[@name = &quot;q_srv_Outside_Inside&quot;] 
		/QEntry[
			@srv = &quot;algosec_1_chargen_tcp&quot;
		] 
		/QRes[
			@n_risky_dst_ips   $ne$ 0     $and$ 
			@n_risky_src_ips   $ne$ 0     $and$ 
			@is_vpn $ne$ &quot;yes&quot; 
		]</XQL>
<Assessment>Your network is accessible from the %HGRP{Outside} using the  
%SRV{algosec_1_chargen_tcp} service. 
%QREF{q_srv_Outside_Inside:algosec_1_chargen_tcp} 
&lt;br&gt;
Number of Outside IP addresses that have access: %N_SRC_IMPACT_IPS 
&lt;br&gt;
Number of exposed Inside addresses: %N_DST_IMPACT_IPS  
&lt;p&gt; 

%PCIDS
	</Assessment>
<Remedy>Modify your rules so %SRV{algosec_1_chargen_tcp} is not allowed to enter your network  
 from the %HGRP{Outside}.
	</Remedy>
<Description>test descript</Description>
<Supress/>
<Parsed_XQL from="EXTERNAL" to="INTERNAL" service="algosec_1_chargen_tcp" type="basic" vpn_trust="yes"/>
</Item>



<Item id="U02">
<Code>U02</Code>
<Brand>Any</Brand>
<Type>queries</Type>
<Title>Traffic not allowed by PCI can reach AIRM-PRD-AP_AIRM_A_PRD_APP_EPG_PRD</Title>
<Risk>Medium</Risk>
<XQL>Queries/QIndex[@name = &quot;q_srv_UserHG_UserHG&quot;] 
		/QEntry[
			@srv = &quot;algosec_200_300&quot; $and$
			@src = &quot;unnamed_riskU02_src&quot; $and$
			@dst = &quot;unnamed_riskU02_dst&quot;			
		] 
		/QRes[
			@n_dst_ips   $ne$ 0     $and$ 
			@n_src_ips   $ne$ 0		
		]</XQL>
<Assessment>The PCI zone (%HGRP{unnamed_riskU02_dst}), which includes servers storing cardholder data,
is accessible using services among those listed in %SRV{algosec_200_300}. 
PCI DSS requirement 1.1.5 requires you to document such services.
%QREF{q_srv_UserHG_UserHG:algosec_200_300} 
&lt;br&gt;
&lt;br&gt;
Number of source IP addresses that have access: %N_SRC_IMPACT_IPS_COUNT_VPN 
&lt;br&gt;
Number of reachable destination IP addresses: %N_DST_IMPACT_IPS_COUNT_VPN  
&lt;p&gt; 

	</Assessment>
<Remedy>Review the rules that allow %SRV{algosec_200_300} 
into the PCI zone (%HGRP{unnamed_riskU02_dst}). 
You can press the Details button to see the list of rules 
and limit their destinations. 

Remove any unnecessary rules, and eliminate any services that are not required.
If the remaining services that are necessary for business still trigger this risk item
consider white-listing them. To do so please go to the
%HREF{fwaindex_rules.html}{Risky Rules} tab, and click the &quot;Trust&quot; button 
next to the rules allowing the flagged traffic. 
	</Remedy>
<Description>Traffic not allowed by PCI can reach the PCI zone.</Description>
<Supress/>
<Parsed_XQL from="" to="" service="algosec_200_300" type="PCI" vpn_trust="yes"/>
<Hostgroups_defs dst_def="AIRM-PRD-AP_AIRM_A_PRD_APP_EPG_PRD" dst_name="unnamed_riskU02_dst" src_def="*,A_Hb-Mut-Prod-Rev-Oper_671_ESB-WSO_0000" src_name="unnamed_riskU02_src" serviceH="algosec_200_300"/>
</Item>
</Misconfigs>

Response example failure 400:

{
  "error": "Bad Request",
  "message": "Invalid request parameters"
}