Retrieves the properties and values of a specified customer-defined risk profile in JSON format.
Resource name: /api/v1/risks/profiles/{profileName}
Request method: GET
Request parameters
| Parameter | Type | Description |
|---|---|---|
| profileName
mandatory |
string | Customer-defined risk profile name. To get the profile name, use GET /api/v1/risks/profiles method from the Risk Profile Resource Group. |
cUrl Example
curl -X GET "https://<localhost>/api/v1/risks/profiles/{profileName}"
Status codes
| Code | Description |
|---|---|
| 200 | Risk profile data. |
| 401 | Unauthorized. |
| 404 | Risk profile doesn't exist. |
Response parameters
| Parameter | Type | Description |
|---|---|---|
| items | array | Array of RiskProfileItem objects. |
| notInheritedFromStandard | boolean |
Indicates if the profile settings are unique and not inherited from a standard configuration.
|
| revision | string | The version or revision number of the risk profile. |
| spreadsheetFileName | string | Name of the associated spreadsheet file. Shown only when the risk profile was created from a spreadsheet. |
| spreadsheetGroupsPrefix | string | Prefix used for groups, if specified in the spreadsheet. |
Response example success 200
{
"notInheritedFromStandard": "true",
"items": [
{
"id": "U01",
"Code": "U01",
"Brand": "Any",
"Type": "queries",
"Title": "algosec_1_TCP_udp_9009 from Outside can reach Inside",
"Risk": "Medium",
"XQL": "Queries/QIndex[@name = \"q_srv_Outside_Inside\"] \n\t\t/QEntry[\n\t\t\t@srv = \"algosec_1_TCP_udp_9009\"\n\t\t] \n\t\t/QRes[\n\t\t\t@n_risky_dst_ips $ne$ 0 $and$ \n\t\t\t@n_risky_src_ips $ne$ 0 $and$ \n\t\t\t@is_vpn $ne$ \"yes\" \n\t\t]",
"Parsed_XQL": {
"from": "EXTERNAL",
"to": "INTERNAL",
"type": "basic",
"service": "algosec_1_TCP_udp_9009",
"vpn_trust": "yes"
},
"Assessment": "Your network is accessible from the %HGRP{Outside} using the \n%SRV{algosec_1_TCP_udp_9009} service. \n%QREF{q_srv_Outside_Inside:algosec_1_TCP_udp_9009} \n<br>\nNumber of Outside IP addresses that have access: %N_SRC_IMPACT_IPS \n<br>\nNumber of exposed Inside addresses: %N_DST_IMPACT_IPS \n<p> \n\n%PCIDS\n\t",
"Remedy": "Modify your rules so %SRV{algosec_1_TCP_udp_9009} is not allowed to enter your network \n from the %HGRP{Outside}.\n\t",
"Description": "Description test"
},
{
"id": "U02",
"Code": "U02",
"Brand": "Any",
"Type": "queries",
"Title": "algosec_administratively_prohibited from Outside can reach over 1 IP addresses in Inside",
"Risk": "Low",
"XQL": "Queries/QIndex[@name = \"q_srv_Outside_Inside\"] \n\t\t/QEntry[\n\t\t\t@srv = \"algosec_administratively_prohibited\" $and$ \n\t\t\teval(\"1\",\"Number\") $lt$ @n_dst_impact_ips\n\t\t] \n\t\t/QRes[\n\t\t\t@n_risky_dst_ips $ne$ 0 $and$ \n\t\t\t@n_risky_src_ips $ne$ 0 $and$ \n\t\t\t@is_vpn $ne$ \"yes\" \n\t\t]",
"Parsed_XQL": {
"from": "EXTERNAL",
"to": "INTERNAL",
"type": "destination_threshold",
"service": "algosec_administratively_prohibited",
"amount": "1",
"vpn_trust": "yes"
},
"Assessment": "Over 1 IP addresses on your network are reachable \nfrom the %HGRP{Outside} using \nthe %SRV{algosec_administratively_prohibited} service. \n%QREF{q_srv_Outside_Inside:algosec_administratively_prohibited} \n<br>\nNumber of Outside IP addresses that have access: %N_SRC_IMPACT_IPS\n<br>\nNumber of exposed Inside addresses: %N_DST_IMPACT_IPS \n<br>\n \n%PCIDS\n\t",
"Remedy": "Review the rules that allow %SRV{algosec_administratively_prohibited} access from the \n%HGRP{Outside} (you can press the Details button to see the list of rules) \nand limit their destinations. \n\t"
},
{
"id": "U03",
"Code": "U03",
"Brand": "Any",
"Type": "queries",
"Title": "Over 2 IP addresses in Outside can send algosec_600_2000 to Inside",
"Risk": "Medium",
"XQL": "Queries/QIndex[@name = \"q_srv_Outside_Inside\"] \n\t\t/QEntry[\n\t\t\t@srv = \"algosec_600_2000\" $and$ \n\t\t\teval(\"2\",\"Number\") $lt$ @n_src_impact_ips \n\t\t] \n\t\t/QRes[\n\t\t\t@n_risky_dst_ips $ne$ 0 $and$ \n\t\t\t@n_risky_src_ips $ne$ 0 $and$ \n\t\t\t@is_vpn $ne$ \"yes\" \n\t\t]",
"Parsed_XQL": {
"from": "EXTERNAL",
"to": "INTERNAL",
"type": "source_threshold",
"service": "algosec_600_2000",
"amount": "2",
"vpn_trust": "yes"
},
"Assessment": "Over 2 IP addresses from the %HGRP{Outside} are allowed to use %SRV{algosec_600_2000} \nto enter to the %HGRP{Inside}. \n%QREF{q_srv_Outside_Inside:algosec_600_2000} \n<br>\nNumber of Outside IP addresses that have access: %N_SRC_IMPACT_IPS\n<br>\nNumber of reachable Inside addresses: %N_DST_IMPACT_IPS \n<br>\n \n%PCIDS\n\t",
"Remedy": "Review the rules that allow outbound %SRV{algosec_600_2000} access \n(you can press the Details button to see the list of rules) \nand limit their sources to IP addresses that require such access. \n\t"
},
{
"id": "U04",
"Code": "U04",
"Brand": "Any",
"Type": "queries",
"Title": "algosec_admin_https from Host_10.137.6.124 can reach 8.8.8.8",
"Risk": "Medium",
"XQL": "Queries/QIndex[@name = \"q_srv_UserHG_UserHG\"] \n\t\t/QEntry[\n\t\t\t@srv = \"algosec_admin_https\" $and$\n\t\t\t@src = \"unnamed_riskU04_src\" $and$\n\t\t\t@dst = \"unnamed_riskU04_dst\"\t\t\t\n\t\t] \n\t\t/QRes[\n\t\t\t@n_dst_ips $ne$ 0 $and$ \n\t\t\t@n_src_ips $ne$ 0\t\t\n\t\t]",
"Parsed_XQL": {
"type": "hostgroups",
"service": "algosec_admin_https",
"vpn_trust": "yes"
},
"Hostgroups_defs": {
"dstDefinition": "8.8.8.8",
"dstName": "unnamed_riskU04_dst",
"srcDefinition": "Host_10.137.6.124",
"srcName": "unnamed_riskU04_src",
"service": "algosec_admin_https"
},
"Supress": "U01",
"Assessment": "Machines with IP addresses in %HGRP{unnamed_riskU04_src} \ncan access machines with IP addresses in %HGRP{unnamed_riskU04_dst}\nusing the %SRV{algosec_admin_https} service. \n%QREF{q_srv_UserHG_UserHG:algosec_admin_https} \n<br>\n<br>\nNumber of source IP addresses that have access: %N_SRC_IMPACT_IPS_COUNT_VPN \n<br>\nNumber of reachable destination IP addresses: %N_DST_IMPACT_IPS_COUNT_VPN \n<p> \n\n\t",
"Remedy": "Modify your rules so %SRV{algosec_admin_https} is not allowed from %HGRP{unnamed_riskU04_src} to %HGRP{unnamed_riskU04_dst}.\n\t"
}
]
}
Response example failure 400
{
"error": "Bad Request",
"message": "Invalid request parameters"
}
Clear your browser's cache