Table of Contents | ||||
---|---|---|---|---|
|
Info |
---|
CyberCNS APIs are available for partners to integrate CyberCNS with different systems. |
API Documentation
Navigate to API Documentation as shown using the CyberCNS portal.
...
String: Filter query to be executed against the database.
Skip: It specifies the number of pages to skip.
Eg: when the skip is set to 0 and the limit is set to 10, it will process the entire dataset by splitting it into 10 pages. The data from the first page will be returned, and for the second page, the skip will be 1, and the limit will be 10, returning the next 10 data.Limit: It limits the number of returned values. The default limit is 100.
Sort: It specifies the sorting order based on the 'severity.keyword' field in descending order.
...
Sample Script (Vulnerability)
Refer to the Sample Script to get vulnerability, refer below example.
Code Block import json
Code Block sess_cookie = api.get_cookie() def get_vulns(sess_cookie, params, limit, skip=0): resp = requests.get( "https://portaluswest2.mycybercns.com/api/vulnerability/", headers={ "content-type": "application/json" }, params={"q": json.dumps(params), "limit": limit, "skip": skip}, cookies=sess_cookie, ) return resp.json() params = { "query": { "bool": { "must": [ { "match": { "severity.keyword": "High" }, } ], } } } # dict_keys(['data', 'total', 'count', 'scroll_id']) vulns = get_vulns(sess_cookie, params, 5, 0) print(params["query"]["bool"]["must"][0]['match'])
Code Block print(f"Total: {vulns['total']}")
CyberCNS Collections and Queries
Below are the CyberCNS Collections and Queries which can be used to get required information.
Collection | Query | Enum | Must Example | Explanation |
Company | {"query": {"bool": {"must": [{"exists": {"field": "description"}}], "must_not": [{"exists": {"field": "companyRef"}}]}}} | |||
Agents | {"query": {"bool": {"must": [ {"exists": {"field": "agent_type"}}]}}} | enumData = ['LinuxX86', 'Windows', 'Darwin', 'LinuxArm']; | must :- {"match": {"companyRef.id.keyword": "<CompanyID>"} | This should be used wherever Company ID reference is required |
Assets | {"query": {"bool": {"must": [{"exists": {"field": "host.importance"}}], "must_not": [{"match": {"isdeprecated": true}}]}}} | for agent level must :- {"match": {"agentRef.id.keyword": "<AgentID>"} | For all agent related queries. Also as agents are company specific in case you need company reference, Company ID reference is required | |
Deprecated Assets | {"query": {"bool": {"must": [{"exists": {"field": "host.importance"}}, {"match": {"isdeprecated": true}}]]}}} | |||
Ports | {"query": {"bool": {"must": [{"exists": {"field": "port"}}, {"exists": {"field": "service"}}]}}} | must :- {"match": {"assetRef.id.keyword": "<AssetID>"} | For all asset details related data like ports, interfaces AssetID must be used | |
Interfaces | {"query": {"bool": {"must": [{"exists": {"field": "interface"}}, {"exists": {"field": "mac"}}]}}} | |||
Users | {"query": {"bool": {"must": [{"exists": {"field": "uid"}}, {"exists": {"field": "username"}}]}}} | |||
Storage | {"query": {"bool": {"must": [{"exists": {"field": "mountpoint"}}, {"exists": {"field": "device"}}]}}} | |||
InstalledPrograms | {"query": {"bool": {"must": [{"exists": {"field": "publisher"}}, {"exists": {"field": "version"}}]}}} | |||
Vulnerability | {"query": {"bool": {"must": [{"exists": {"field": "vul_id"}}, {"exists": {"field": "score"}}]}}} | |||
Vulnerability Auth | {"query": {"bool": {"must": [{"exists": {"field": "vul_id"}}, {"exists": {"field": "score.base_score"}}, {"range": {"score.base_score": {"gt": 0}}}]}}} | |||
Vulnerability NoAuth | {"query": {"bool": {"must": [{"exists": {"field": "vul_id"}}, {"exists": {"field": "score.cvss_score"}}, {"exists": {"field": "port"}}, {"range": {"port": {"gt": 0}}}}]}}} | |||
Compliance | {"query": {"bool": {"must": [{"exists": {"field": "complaince_id"}}]}}} | |||
Compliance For individual | {"query": {"bool": {"must": [{"exists": {"field": "complaince_id"}}, {"exists":{"field": "benchmarks.<ComplianceType>"}}]}}} | |||
ComplianceChecks | {"query": {"bool": {"must": [{"exists": {"field": "filename"}}, {"exists": {"field": "isApplicable"}}]}}} | |||
Remediation | {"query": {"bool": {"must": [{"exists": {"field": "remediation_status"}}]}}} | |||
RemediationSuppression | {"query": {"bool": {"must": [{"exists": {"field": "remediationdays"}}]}}} | |||
Jobs | {"query": {"bool": {"must": [{"exists": {"field": "job_data"}}]}}} | |||
DiscoverySettings | {"query": {"bool": {"must": [{"exists": {"field": "discovery_type"}}]}}} | |||
AssetCredentials | {"query": {"bool": {"must": [{"exists": {"field": "cred_type"}}, {"exists": {"field": "hostname"}}, {"match": {"hostname.keyword": ""}}], "must_not": [{"exists": {"field": "assetid.keyword"}}]}}} | |||
ADCredentials | {"query": {"bool": {"must": [{"exists": {"field": "cred_type"}}, {"exists": {"field": "hostname"}}], "must_not": [{"match": {"hostname.keyword": ""}}]}}} | |||
RegistryMisConfiguration | {"query": {"bool": {"must": [{"exists": {"field": "hive"}}, {"exists": {"field": "found"}}]}}} | |||
AssetBestPractices | {"query": {"bool": {"must": [{"exists": {"field": "practice_type"}}]}}} | |||
AssetFirewallPolicy | {"query": {"bool": {"must": [{"exists": {"field": "policytype"}}]}}} | |||
SNMPv2 | {"query": {"bool": {"must": [{"match": {"snmp_version.keyword": "v2"}}, {"exists": {"field": "community"}}]}}} | |||
SNMPv3 | {"query": {"bool": {"must": [{"exists": {"field": "securityName"}}]}}} | |||
AssetTimeStats | {"query": {"bool": {"must": [ {"exists": {"field": "vul_stats"}}]}} | |||
AD OU | {"query": {"bool": {"must": [{"match": {"object_type.keyword": "ad_ou"}}, {"exists": {"field": "object_type"}}]}}} | |||
AD Users | {"query": {"bool": {"must": [{"match": {"object_type.keyword": "ad_users"}}, {"exists": {"field": "object_type"}}]}}} | |||
AD Groups | {"query": {"bool": {"must": [{"match": {"object_type.keyword": "ad_groups"}}, {"exists": {"field": "object_type"}}]}}} | |||
AD Computers | {"query": {"bool": {"must": [{"match": {"object_type.keyword": "ad_computers"}}, {"exists": {"field": "object_type"}}]}}} | |||
AD GPO | {"query": {"bool": {"must": [{"match": {"object_type.keyword": "ad_gpo"}}, {"exists": {"field": "object_type"}}]}}} | |||
AD Password Policy | {"query":{"bool":{"should":[{"exists":{"field":"maxPasswordAge"}},{"exists":{"field":"minPasswordAge"}}]}}} | |||
ExternalScan Agent | {"query": {"bool": {"must": [{"match": {"agent_type": 4}}, {"exists": {"field": "agent_type"}}], "must_not": [{"exists": {"field": "companyRef.id.keyword"}}]}}} | |||
SslScanTimeseries | ": <External Scan Asset ID>}}]}} | |||
VulnerabilityTimeseries | {"query": {"bool": {"must": [ {"exists": {"field": "uniqueid"}}, {"exists": {"field": "vul_id"}}]}}} | |||
External Scan Assets | {"query": {"bool": {"must": [{"match": {"discoveredProtocols.keyword": "EXTERNALSCAN"}}, {"exists": {"field": "host.importance"}}]}}} | |||
Computers Not loggedIn From 30 Days | {"query": {"bool": {"must": [{"match": {"object_type.keyword": "ad_computers"}}, {"match": {"enabled": true}}, {"exists": {"field": "object_type"}}, {"range": {"lastLogonDate": {"lte": "now-30d"}}}]}}} | |||
Users Not loggedIn From 30 Days | {"query": {"bool": {"must": [{"match": {"object_type.keyword": "ad_users"}}, {"match": {"enabled": true}}, {"exists": {"field": "object_type"}}, {"range": {"lastLogonDate": {"lte": "now-30d"}}}]}}} | |||
Groups Critical Objects | {"query": {"bool": {"must": [{"match": {"object_type.keyword": "ad_groups"}}, {"match": {"isCriticalSystemObj": true}}, {"exists": {"field": "object_type"}}]}}} | |||
Groups Non Critical Objects | {"query": {"bool": {"must": [{"match": {"object_type.keyword": "ad_groups"}}, {"match": {"isCriticalSystemObj": false}}, {"exists": {"field": "object_type"}}]}}} | |||
Groups Empty | {"query": {"bool": {"must": [{"match": {"object_type.keyword": "ad_groups"}}, {"match": {"empty": false}}, {"exists": {"field": "object_type"}}]}}} | |||
GPO Active | {"query": {"bool": {"must": [{"match": {"object_type.keyword": "ad_gpo"}}, {"match": {"linkedTo": true}}, {"exists": {"field": "object_type"}}]}}} | |||
GPO In Active | {"query": {"bool": {"must": [{"match": {"object_type.keyword": "ad_gpo"}}, {"exists": {"field": "object_type"}}], "must_not": [{"exists": {"field": "linked"}}]}}} | |||
GetAll Integration Credentials | {"query": {"bool": {"must": [ {"exists": {"field": "params"}}, {"exists": {"field": "integrationName"}}]}}} | |||
Get Single Integration Credentials | {"query": {"bool": {"must": [ {"exists": {"field": "params"}}, {"exists": {"field": "integrationName"}}, {"match": {"integrationName.keyword": "<Integration Name>"}}]}}} | |||
Integration Mappings | {"query": {"bool": {"must": [ {"exists": {"field": "integrationRef.integrationName"}}]}}} | |||
Single Integration Mappings | {"query": {"bool": {"must": [ {"exists": {"field": "integrationRef.integrationName"}}, {"match": {"integrationRef.integrationName.keyword": "<Integration Name>"}}]}}} | |||
Integration Mappings based on compay map | {"query": {"bool": {"must": [ {"exists": {"field": "integrationRef.integrationName"}}, {"match": {" companyRef.id .keyword": "<Company ID>"}}]}}} | |||
Global Integrations | {"query": {"bool": {"must": [{"match": {"sourceCompanyId.keyword": "*"}}, {"match": {"destCompanyId.keyword": "*"}}]}}} | |||
TableSettings | {"query": {"bool": {"must": [ {"exists": {"field": "tableId"}}, {"exists": {"field": "columns"}}]}}} | |||
Alerts | {"query": {"bool": {"must": [{"exists": {"field": "description"}}, {"exists": {"field": "name"}}, {"exists": {"field": "status"}}], "should": [{"match": {"status.keyword": "Open"}}, {"match": {"status.keyword": "Closed"}}], "must_not": [{"exists": {"field": "alertsRef"}}]}}} | |||
Events | {"query": {"bool": {"must": [{"exists": {"field": "description"}}, {"exists": {"field": "name"}}, {"exists": {"field": "status"}}, {"exists": {"field": "alertsRef"}}], "should": [{"match": {"status.keyword": "Open"}}, {"match": {"status.keyword": "Closed"}}]}}} | |||
ApplicationBaseLine | {"query": {"bool": {"should": [{"exists": {"field": "mandatoryApplications"}}, {"exists": {"field": "deniedApplications"}}]}}} | |||
Scheduler | {"query": {"bool": {"must": [{"exists": {"field": "scantype"}}, {"exists": {"field": "settings"}}]}}} | |||
NotificationRules | {"query": {"bool": {"must": [{"exists": {"field": "integrationRule"}}, {"exists": {"field": "alertRules"}}]}}} | |||
Port Modification Events | {"query": {"bool": {"must": [{"exists": {"field": "description"}}, {"exists": {"field": "name"}}, {"exists": {"field": "status"}}, {"exists": {"field": "alertsRef"}}, {"terms": {"ruleReference.eventId.keyword": ["CCNS-PORTS-CREATE-EVENT-00001", "CCNS-PORTS-DELETE-EVENT-00001"]}}]}}} | |||
Custom Report Builder | {"query": {"bool": {"must": [{"exists": {"field": "customReportName"}}]}}} | |||
Custom Report Generated | {"query": {"bool": {"must": [{"exists": {"field": "customreportbuilderRef"}}]}}} | |||
ApplicationBaseLine Results | {"query": {"bool": {"should": [{"exists": {"field": "is_mandatory_application"}}, {"exists": {"field": "is_denied_application"}}]}}} | |||
Firewall Assets | {"query":{"bool":{"must":[{"exists":{"field":"host.importance"}},{"match":{"os.product_type.keyword":"firewall"}}]}}} |
...
{"query": {"bool": {"must": [{"exists": {"field": "host.importance"}}, {"match": {"companyRef.id.keyword": "bab8d50a-4f59-4c9b-bcab-303650facd24"}}], "must_not": [{"match": {"isdeprecated": true}}]}}}
...
scroll_id = "start"
final_data = []
limit = 10000
page = 0
base_url = "https://<BaseURL>/api/vulnerability/" # Ex:- "https://portaluseast2.mycybercns.com"
start_time = time.time()
while True:
resp = requests.get(base_url, params={"q": json.dumps(query), "limit": limit,
"skip": page, "scroll_id": scroll_id,
"fields": json.dumps(['vul_id'])}, headers=headers)
if resp.status_code != 200:
print(f"Error in getting response {resp.status_code} {resp.content}")
break
else:
resp = resp.json()
if len(resp['data']) > 0:
final_data.extend(resp["data"])
scroll_id = resp.get("scroll_id")
page += 1
print(f"{limit} {len(resp['data'])}, {resp['total']} {resp['count']} {scroll_id}, time elaspsed {time.time() - start_time}")
else:
print("Empty data, ")
break
# time.sleep(10)
print(len(final_data))
NOTE:
The KRoles and KUsers APIs are related to KeyCloak. All CyberCNS APIs will work with IDs, but for KeyClock, we are using the name of the role or user in the API endpoint for better communication between the UI and KeyCloak.
...