Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Pagination parameter description :

parameter

Explanation

page

page number

perpage

status description

data

Specific request parameters

Response format :

The response is in json format, the example is as follows:

Code Block
{
    "page": 1,
    "perpage": 10,
    "total": 1,
    "total_page": 1,
    "status":0,
    "description":"ok",
    "data":{
        "version":"official-101"
    }
}

Parameter description :

parameter

Explanation

page

Current page number

perpage

Current number of pages

total

How many data

total_page

How many pages of data

status

Response status code, 0 means success, non-zero means abnormal

description

Request result description, if status is 0, it is ok, otherwise it is abnormal information

data

Request result specific data

Interface type : Interfaces are divided into two categories, one is the front-end interface for the front-end service, and the other is the Agent interface for the RASP Agent. The specific interface format is shown below.

...

Code Block
{
    "username":"rasp",
    "password":"<hashedpwd>"
}

Parameter description :

parameter

Parameter Type

have to

Explanation

username

String

Yes

username

password

String (hashed)

Yes

password

Return results :

Code Block
{
    "data": {},
    "description": "ok",
    "status": 0
}

...

Code Block
{
    "data": {
        "is_default":true,
    },
    "description": "ok",
    "status": 0
}

parameter

Explanation

is_default

Whether it is the default password, true if it is, otherwise false

Change Password Interface

...

Code Block
{
    "old_password":"<oldhashedpwd>",
    "new_password":"<newhashedpwd>"
}

Parameter description :

parameter

Parameter Type

have to

Explanation

old_password

String (hashed)

Yes

old password

new_password

String (hashed)

Yes

new password

Return results :

Code Block
{
    "data": {},
    "description": "ok",
    "status": 0
}

...

Request body : file parameter in form data format, parameter name plugin

Parameter description :

parameter

Parameter Type

have to

Explanation

app_id

String

Yes

APP unique identifier

plugin

file

Yes

Plug-in file, form-data format

Return results :

Code Block
{
    "data": {
        "id": "c593342c72eb78fc8e7393d0a87b8f3fc54dfbec8835250641a6dbd9973ae981b4b7abc4",
        "app_id": "c593342c72eb78fc8e7393d0a87b8f3fc54dfbec",
        "upload_time": 1542177395622,
        "version": "'2018-1025-1600'",
        "name": "official",
        "md5": "8835250641a6dbd9973ae981b4b7abc4",
        "plugin": "/*js plugin content*/",
        "algorithm_config": {
            "command_other": {
                "action": "log"
            },
            "command_reflect": {
                "action": "block"
            },
            "fileUpload_multipart_script": {
                "action": "block"
            },
            "fileUpload_webdav": {
                "action": "block"
            }
    },
    "description": "ok",
    "status": 0
}

parameter

Explanation

id

Plug-in unique identification

app_id

APP to which the plugin belongs

upload_time

Timestamp of upload time

version

Plugin version

name

Plugin name

md5

Plug-in content checksum

algorithm_config

Algorithm configuration in the plugin

plugin

Plugin content

Download plugin

Description : Download the plugin according to the plugin id

...

Request body : None

Parameter description :

parameter

Parameter Type

have to

Explanation

id

String

Yes

Plug-in unique identification

Results returned : plugin file, the file name is {NAME}-{VERSION} .js, {VERSION} is the plugin version, and {NAME} is the plugin name

...

Code Block
{
    "id":"47af9da31ec3f233f35a25776f5e06086ebf239ff60a021ada4750b65640d0d24b9ae382"
}

Parameter description :

parameter

Parameter Type

have to

Explanation

id

String

Yes

Plug-in unique identification

Return results :

Code Block
{
    "data": {
        "id": "7c70d5ba5547e77a6f9ad5d376b92fe7e47da7c4",
        "app_id": "fcbc4d8ac6bcaac27b1cc4703e5339a4aa6e8a1c",
        "name": "official",
        "upload_time": 1546595795342,
        "version": "2018-1227-1200",
        "md5": "4259002c18ff3a9f40b44e91824ba0cf",
        "algorithm_config": {
            "xxe_file": {
                "action": "log",
                "name": "log001",
                "reference": "https://deinitions.com#case-xxe"
            },
            "xxe_protocol": {
                "action": "block",
                "name": "xxe001",
                "protocols": ["ftp", "dict", "gopher", "jar", "netdoc"]
            }
            ... 忽略
        }
    },
    "description": "ok",
    "status": 0
}

parameter

Explanation

id

Plug-in unique identification

app_id

APP to which the plugin belongs

upload_time

Timestamp of upload time

version

Plugin version

name

Plugin name

md5

Plug-in content checksum

algorithm_config

Algorithm configuration in the plugin

Deliver algorithm configuration

...

Code Block
{
    "id":"47af9da31ec3f233f35a25776f5e06086ebf239f3f35a25776f5e06086ebf239f",
    "config":{
        "xxe_file": {
            "action": "log",
            "name": "log002",
            "reference": "https://definitions.com#case-xxe"
        },
        "xxe_protocol": {
            "action": "block",
            "name": "xxe002",
            "protocols": ["ftp", "dict", "gopher", "jar", "netdoc"]
        }
        ... others
    }
}

Parameter description :

parameter

Parameter Type

have to

Explanation

id

String

Yes

Plug-in unique identification

config

object

Yes

Algorithm configuration

Return results :

Code Block
{
    "data": {},
    "description": "ok",
    "status": 0
}

...

Code Block
{
    "id":"47af9da31ec3f233f35a25776f5e06086ebf239ff60a021ada4750b65640d0d24b9ae382"
}

Parameter description :

parameter

Parameter Type

have to

Explanation

id

String

Yes

Plug-in unique identification

Return results :

Code Block
{
    "data": {},
    "description": "ok",
    "status": 0
}

...

Code Block
{
    "id":"47af9da31ec3f233f35a25776f5e06086ebf239ff60a021ada4750b65640d0d24b9ae382"
}

Parameter description :

parameter

Parameter Type

have to

Explanation

id

String

Yes

Plug-in unique identification

Return results :

Code Block
{
    "data": {},
    "description": "ok",
    "status": 0
}

...

Code Block
{
    "name":"Java 001",
    "language":"java", 
    "description":"rasp protected", 
    "selected_plugin_id":"47af9da31ec3f233f35a25776f5e0608w6ebf239ff60a021ada4750b65640d0d24b9ae382"
}

Parameter description :

parameter

Parameter Type

have to

Explanation

name

String

Yes

APP name, the name can not be repeated

language

String

Yes

APP business language

description

String

no

APP description information

selected_plugin_id

String

no

Plugin issued by APP

Return results :

Code Block
{
    "data": {
        "id": "1107158fb4cd0a901de850b2c64fab5faf0837d3",
        "name": "Java 001",
        "language":"java",
        "create_time":1545984191,
        "secret":"SFklSJ5_DF125IKn15SDF-1SD141Af1",
        "description": "rasp protected",
        "config_time": 0,
        "general_config": {
            "block.content.html": "</script><script>\n                              location.href=\https://definitions.com/blocked2/?request_id=%request_id%\"\n                              </script>",
            "block.content_json": "{\"error\":true,\"reason\": \"Request blocked by RASP\",\"request_id\": \"%request_id%\"}",
            "block.content_xml": "<?xml version=\"1.0\"?>\n\t\t\t\t\t\t\t <doc>\n\t\t\t\t\t\t\t <error>true</error>\n\t\t\t\t\t\t\t <reason>Request blocked by RASP</reason>\n\t\t\t\t\t\t\t <request_id>%request_id%</request_id>\n\t\t\t\t\t\t\t </doc>",
            "block.redirect_url": "https://definitions.com/blocked/?request_id=%request_id%",
            "block.status_code": 302,
            "body.maxbytes": 4096,
            "clientip.header": "ClientIP",
            "ognl.expression.minlength": 30,
            "plugin.filter": true,
            "plugin.maxstack": 100,
            "plugin.timeout.millis": 100
        },
        "whitelist_config": {},
        "selected_plugin_id": "",
        "email_alarm_conf": {
            "enable": false,
            "tls_enable": false,
            "server_addr": "",
            "username": "",
            "password": "",
            "subject": "",
            "recv_addr": []
        },
        "ding_alarm_conf": {
            "enable": false,
            "agent_id": "",
            "corp_id": "",
            "corp_secret": "",
            "recv_user": [],
            "recv_party": []
        },
        "http_alarm_conf": {
            "enable": false,
            "recv_addr": []
        },
        "attack_type_alarm_conf":null,
        "algorithm_config":{}
    },
    "description": "ok",
    "status": 0
}

parameter

Explanation

id

APP unique identifier

name

APP name

description

APP description information

language

The programming language used by the APP

create_time

APP creation time

secret

APP key, used for communication authentication with RASP

config_time

Last time when RASP related configuration was issued

general_config

Common configuration, used to deliver RASP

whitelist_config

Interception whitelist configuration, used to deliver RASP

selected_plugin_id

The plugin id selected for delivery

email_alarm_conf

email alarm configuration

ding_alarm_conf

Nail alarm configuration

http_alarm_conf

http alarm configuration

attack_type_alarm_conf

If there is no such configuration, then all alarm methods will be triggered according to all attack types. The key in the configuration is the attack type, and value is the list of alarm methods that this type will trigger. The current alarm methods include ding, http, email

algorithm_config

The algorithm configuration of the currently selected plugin in app

Delete APP

Description : Delete an APP and delete all RASPs and plug-ins under the APP at the same time. When only one APP is left, it cannot be deleted. At least one APP can not be deleted. Apps that still exist online RASP cannot be deleted

...

Code Block
{
    "id":"a8604735911f1866029401c6766ba87f685ff037"
}

Parameter description :

parameter

Parameter Type

have to

Explanation

id

String

Yes

APP unique identifier

Return results :

Code Block
{
    "data": {},
    "description": "ok",
    "status": 0
}

...

Code Block
{
    "page":1,
    "perpage":10
}

Parameter description :

parameter

Parameter Type

have to

Explanation

app_id

String

no

The unique ID of the APP, if there is this parameter, the APP with the corresponding id will be returned

page

int

no

Page number

perpage

int

no

Number of data per page

Return results :

Return the corresponding id APP

...

Code Block
{
    "app_id":"47af9da31ec3f233f35a25776f5e06086ebf239f",
    "config":{
    "inject.custom_headers":{
        "X-Protected-By":"RASP"
    },
        "block.content_html": "</script><script>location.href="https://definitions.com/blocked2/?request_id=%request_id%"</script>",
        "block.content_json": "{"error":true,"reason": "Request blocked by RASP","request_id": "%request_id%"}",
        "block.content_xml": "<?xml version="1.0"?><doc><error>true</error><reason>Request blocked by RASP</reason><request_id>%request_id%</request_id></doc>",
        "block.redirect_url": "https://definitions.com/blocked/?request_id=%request_id%",
        "block.status_code": 403,
        "body.maxbytes": 12288,
        "clientip.header": "ClientIP",
    "cpu.usage.enable":false,
    "cpu.usage.interval":5,
    "cpu.usage.percent":90,
    "debug.level":0,
    "decompile.enable":false,
    "dependency_check.interval":100,
    "fileleak_scan.interval":21600,
    "fileleak_scan.limit":100,
    "fileleak_scan.name":""\.(git|svn|tar|gz|rar|zip|sql|log)$"",
  "log.maxbackup":30,
  "log.maxburst":100,
  "log.maxstack":100,
  "lru.compare_enable":false,
  "lru.compare_limit":10240,
  "lru.max_size":1000,
  "ognl.expression.minlength":30,
  "plugin.filter":true,
  "plugin.maxstack":100,
  "plugin.timeout.millis":100,
  "request.param_encoding":"rasp",
  "response.sampler_burst":5,
  "response.sampler_interval":60,
  "security.weak_passwords":[

  ],
  "syslog.enable":false,
  "syslog.facility":1,
  "syslog.tag":"RASP",
  "syslog.url":""
    }
}

Parameter description :

parameter

Parameter Type

have to

Explanation

app_id

String

Yes

APP unique identifier

config

object

Yes

General configuration complete content

Return result : return the complete APP information after update

...

Code Block
{
    "app_id":"e64071cf900944b701213a6f17d36e0d18d8b6ab",
    "config":[
        {
            "url":"www.asod.com/sss/sss",
            "hook":{
                "sql":true,
                "ssrf":false
            },
      "description":""
        }
    ]
}

Parameter description :

parameter

Parameter Type

have to

Explanation

app_id

String

Yes

APP unique identifier

config

object

Yes

Whitelist configuration complete content

Return result : return the complete APP information after update

...

Code Block
{
    "app_id":"47af9da31ec3f233f35a25776f5e06086ebf239f",
    "attack_type_alarm_conf":{
        "sql":["email","ding","http"],
        "xxe":["email"]
    },
    "email_alarm_conf": { 
        "enable":false,
        "tls_enable":false,
        "server_addr":"email.qq.com:445",
        "username":"123456789@qq.com",
        "password":"4354edfwe",
        "subject":"rasp alarm", 
        "recv_addr":["165165@163.com"]
    },
    "ding_alarm_conf": { 
        "enable":false,
        "agent_id":"1s6ef5w1ef6",
        "corp_id":"1r5thnb5",
        "corp_secret":"d512c5f5fg546sdg5",
        "recv_user":["5sdf5","87njy7uoi"],
        "recv_party":["8ik44ws"]
    },
    "http_alarm_conf": { 
        "enable":false,
        "recv_addr":["www.opff.com"]
    },
  "general_alarm_conf":{
    "alarm_check_interval":120
  },
  "kafka_alarm_conf":{
    "url":"1.1.1.1:6666",
    "user":"",
    "pwd":"",
    "enable":true,
    "topic":"RASP"
  }  
}

Parameter description :

parameter

Parameter Type

have to

Explanation

app_id

String

Yes

APP unique identifier

attack_type_alarm_conf

Object

no

If there is no such configuration, then all alarm methods will be triggered according to all attack types. The key in the configuration is the attack type, and value is the list of alarm methods that this type will trigger. The current alarm methods include ding, http, email

email_alarm_conf

Object

no

Email alarm configuration

ding_alarm_conf

Object

no

Nail alarm configuration

http_alarm_conf

Object

no

http alarm configuration

email_alarm_conf.enable

bool

no

email alarm switch, default false

email_alarm_conf.tls_enable

bool

no

Whether to open mail tls authentication, default false

email_alarm_conf.server_addr

String

Yes

Mail server address

email_alarm_conf.username

String

no

Email account username

email_alarm_conf.password

String

no

Email account password

email_alarm_conf.subject

String

no

Email Subject

email_alarm_conf.recv_addr

String Array

Yes

Email address sent by email alarm

ding_alarm_conf.enable

bool

no

Nail alarm switch, default false

ding_alarm_conf.agent_id

String

Yes

Nail Alarm Application Agent ID

ding_alarm_conf.corp_id

String

Yes

Dingding Alarm's Enterprise ID

ding_alarm_conf.corp_secret

String

Yes

Dingfang's enterprise key

ding_alarm_conf.recv_user

String Array

no

List of users received by Dingding alarm, each element of the list is a user ID, and it cannot be empty together with recv_party parameter

ding_alarm_conf.recv_party

String Array

no

List of departments to receive the DingDing alarm. Each element of the list is an ID of a department. It cannot be empty together with the recv_user parameter.

http_alarm_conf.enable

String

no

HTTP alarm push switch, default false

http_alarm_conf.recv_addr

String Array

Yes

HTTP alarm receiving address list

general_alarm_conf.alarm_check_interval

Int

Yes

Email alarm interval (applies to all apps)

kafka_alarm_conf.url

String

Yes

The address of the kafka server

kafka_alarm_conf.user

String

no

Kafka server username

kafka_alarm_conf.pwd

String

no

kafka server password

kafka_alarm_conf.enable

Bool

Yes

Whether to enable kafka push

kafka_alarm_conf.topic

String

Yes

Write the topic name of kafka

Return result : return the complete APP information after update

...

Code Block
{
    "app_id":"47af9da31ec3f233f35a25776f5e06086ebf239f",
    "name":"myapp",
    "language":"php",
    "description":"php001"
}

Parameter description :

parameter

Parameter Type

have to

Explanation

app_id

String

Yes

APP unique identifier

name

String

Yes

APP name

language

String

Yes

The programming language used by the APP

description

String

no

APP description information

Return result : return the complete APP information after update

...

Code Block
{
    "app_id":"47af9da31ec3f233f35a25776f5e06086ebf239f",
    "page":1,
    "perpage":15
}

Parameter description :

parameter

Parameter Type

have to

Explanation

app_id

String

Yes

APP unique identifier

page

int

Yes

page number

perpage

int

Yes

Number of single pages

Return results :

Code Block
{
    "data": {
        "page": 1,
        "perpage": 15,
        "total": 2,
        "total_page": 1,
        "data": [
            {
                "id": "47af9da31ec3f233f35a25776f5e06086ebf239ff60a021ada4750b65640d0d24b9ae382",
                "app_id": "47af9da31ec3f233f35a25776f5e06086ebf239f",
                "upload_time": 1540992061040,
                "version": "2018-1016-1000",
                "md5": "f60a021ada4750b65640d0d24b9ae382"
                ...
            },
            {
                "id": "47af9da31ec3f233f35a25776f5e06086ebf239f914450bbf9309777723f38facfa8183f",
                "app_id": "47af9da31ec3f233f35a25776f5e06086ebf239f",
                "upload_time": 1540979046327,
                "version": "2018-1016-0000",
                "md5": "914450bbf9309777723f38facfa8183f"
                ...
            }
        ]
    },
    "description": "ok",
    "status": 0
}

...

Code Block
{
    "app_id": "47af9da31ec3f233f35a25776f5e06086ebf239f"
}

Parameter description :

parameter

Parameter Type

have to

Explanation

app_id

String

Yes

APP unique identifier

Return results :

Code Block
{
    "data": {
        "id": "47af9da31ec3f233f35a25776f5e06086ebf239ff60a021ada4750b65640d0d24b9ae382",
        "app_id": "47af9da31ec3f233f35a25776f5e06086ebf239f",
        "upload_time": 1540985045544,
        "version": "2018-1016-1000",
        "md5": "f60a021ada4750b65640d0d24b9ae382"
        ...
    },
    "description": "ok",
    "status": 0
}

...

Code Block
{
    "app_id": "47af9da31ec3f233f35a25776f5e06086ebf239f",
    "plugin_id":"47af9da31ec3f233f35a25776f5e06086ebf239ff60a021ada4750b65640d0d24b9ae382"
}

Parameter description :

parameter

Parameter Type

have to

Explanation

app_id

String

Yes

APP unique identifier

plugin_id

String

Yes

Plug-in unique identification

Return results :

Code Block
{
    "data": {},
    "description": "ok",
    "status": 0
}

...

Code Block
{
    "app_id": "47af9da31ec3f233f35a25776f5e06086ebf239f"
}

Parameter description :

parameter

Parameter Type

have to

Explanation

app_id

String

Yes

APP unique identifier

Return results :

Code Block
{
    "data": {},
    "description": "ok",
    "status": 0
}

...

Code Block
{
    "app_id": "47af9da31ec3f233f35a25776f5e06086ebf239f"
}

Parameter description :

parameter

Parameter Type

have to

Explanation

app_id

String

Yes

APP unique identifier

Return results :

Code Block
{
    "data": {},
    "description": "ok",
    "status": 0
}

...

Code Block
{
    "app_id": "47af9da31ec3f233f35a25776f5e06086ebf239f"
}

Parameter description :

parameter

Parameter Type

have to

Explanation

app_id

String

Yes

APP unique identifier

Return results :

Code Block
{
    "data": {},
    "description": "ok",
    "status": 0
}

...

Code Block
{
    "app_id": "47af9da31ec3f233f35a25776f5e06086ebf239f"
}

Parameter description :

parameter

Parameter Type

have to

Explanation

app_id

String

Yes

APP unique identifier

Return results :

Code Block
{
    "data": {},
    "description": "ok",
    "status": 0
}

...

Code Block
{
    "app_id": "47af9da31ec3f233f35a25776f5e06086ebf239f"
}

Parameter description :

parameter

Parameter Type

have to

Explanation

app_id

String

Yes

APP unique identifier

Return results :

Code Block
{
    "data": {
        "is_latest": false,
        "selected_version": "2019-0606-1802",
        "latest_version": "2019-0606-1803"
    },
    "description": "ok",
    "status": 0
}

parameter

Explanation

is_latest

Whether the currently released plugin is the latest version

selected_version

The currently released plugin version

latest_version

Latest plugin version

RASP management interface

...

Code Block
{
    "page":1,
    "perpage":10,
    "data": {
        "id": "426199dc7a15cce89b0c937a65a24a23",
        "app_id": "fcbc4d8ac6bcaac27b1cc4703e5339a4aa6e8a1c",
        "version": "1.0.0-RC1",
        "hostname": "820c2691f452",
        "register_ip": "172.17.0.2",
        "language": "java",
        "language_version": "1.7.0_17",
        "server_type": "tomcat",
        "server_version": "7.0.78.0",
        "rasp_home": "/tomcat/rasp",
        "plugin_version": "2018-1227-1200",
        "heartbeat_interval": 180,
        "online": false,
        "register_time": 1546595808,
        "host_type": "docker"
    }
}

Parameter description :

parameter

Parameter Type

have to

Explanation

id

String

no

RASP unique identifier

app_id

String

no

ID of the app to which it belongs

version

String

no

RASP version

hostname

String

no

The host name where the RASP is located. This field supports fuzzy search and searches both the hostname and register_ip fields

register_ip

String

no

The IP address used by RASP to access the cloud control background

language

String

no

Programming language

language_version

String

no

language version

server_type

String

no

Server type

server_version

String

no

Server version

rasp_home

String

no

RASP installation directory

plugin_version

String

no

Plugin version

heartbeat_interval

int

no

Heartbeat interval time, unit: second

online

bool

no

Whether online

register_time

int

no

Registration time, millisecond timestamp

host_type

String

no

The host type where the rasp is located

Return results :

Code Block
{
    "data": {
        "page": 1,
        "perpage": 10,
        "total": 2,
        "total_page": 1,
        "data": [    
            {
                "id": "426199dc7a15cce89b0c937a65a24a23",
                "app_id": "fcbc4d8ac6bcaac27b1cc4703e5339a4aa6e8a1c",
                "version": "1.0.0-RC1",
                "hostname": "820c2691f452",
                "register_ip": "172.17.0.2",
                "language": "java",
                "language_version": "1.7.0_17",
                "server_type": "tomcat",
                "server_version": "7.0.78.0",
                "rasp_home": "/tomcat/rasp",
                "plugin_version": "2018-1227-1200",
                "heartbeat_interval": 180,
                "online": false,
                "last_heartbeat_time": 1546597790,
                "register_time": 1546595808,
                "host_type": "docker",
                "environ": {
                    "COLORTERM": "gnome-terminal",
                    "DISPLAY": ":0",
                }
        ]
    },
    "description": "ok",
    "status": 0
}

parameter

Explanation

id

RASP unique identifier

app_id

ID of the app to which it belongs

version

RASP version

hostname

The host name where the RASP is located. This field supports fuzzy search and searches both the hostname and register_ip fields

register_ip

The IP address used by RASP to access the cloud control background

language

Programming language

server_type

Server type

server_version

Server version

rasp_home

RASP installation directory

plugin_version

Plugin version

heartbeat_interval

Heartbeat interval time, unit: second

online

Whether online

last_heartbeat_time

Last heartbeat time, millisecond timestamp

register_time

Registration time, millisecond timestamp

host_type

Host type, example: docker

environ

Process environment variables

RASP version number statistics

...

Code Block
{
    "data":{
        "app_id":"fcbc4d8ac6bcaac27b1cc4703e5339a4aa6e8a1c",
        "version":"1.3.0"
    },
    "page":1,
    "perpage":10
}

Parameter description :

parameter

Parameter Type

have to

Explanation

app_id

String

Yes

ID of the app to which it belongs

version

String

no

Specify the version number of the search

Return results :

Code Block
{
  "data": {
    "data": [
      {
        "version": "1.3.0",
        "count": 1
      }
    ],
    "page": 1,
    "perpage": 10,
    "total": 1,
    "total_page": 1
  },
  "description": "ok",
  "status": 0
}

parameter

Explanation

version

Host version number

count

The number of hosts corresponding to the host version number

Export RASP

Description : Search rasp by conditions and export the search results to a csv file, the app_id field is required, and the remaining search conditions are optional

...

Path : v1 / api / rasp / csv? App_id = eaGdr22DfthDz51JHF65sd

Parameter description :

parameter

Parameter Type

have to

Explanation

app_id

String

Yes

ID of the app to which it belongs

Return result : csv file

Remove RASP

...

Code Block
{
    "app_id":"94892d14c8f1dfcedb63af258cc008929c3ef4f5",
    "id": "47af9da31ec3f233f35a25776f5e06086ebf239f",
    "register_ip":"126.23.3.63",
    "expire_time": 604800,
    "host_type": "docker"
}

Parameter description :

parameter

Parameter Type

have to

Explanation

app_id

String

Yes

APP unique identifier

id

String

no

RASP unique identifier

register_ip

String

no

Register ip

expire_time

int

no

Unit / sec, delete rasp whose timeout exceeds this value

host_type

String

no

The host type where the rasp is located

Return results :

Code Block
{
    "data": {
        "count":1
    },
    "description": "ok",
    "status": 0
}

parameter

Explanation

count

Number of RASP agents removed

Bulk delete RASP

Description : Batch delete rasp according to rasp id

...

Code Block
{
    "app_id":"94892d14c8f1dfcedb63af258cc008929c3ef4f5",
    "ids": [
        "47af9da31ec3f233f35a25776f5e06086ebf239f",
        "d64g58d4gc3fs58745sdfgd5g5s7f54e5f4s585s",
        "net1d5ns8bad6584thg1s5dnbs8gbs8af5RFG415"
    ]
}

Parameter description :

parameter

Parameter Type

have to

Explanation

app_id

String

Yes

APP unique identifier

ids

String Array

Yes

RASP unique identification list

Return results :

Code Block
{
    "data": {
        "count":1
    },
    "description": "ok",
    "status": 0
}

parameter

Explanation

count

Number of RASP agents removed

RASP Remarks Interface

Description : Add or modify remark information for the rasp with the specified id

...

Code Block
{
    "id": "47af9da31ec3f233f35a25776f5e06086ebf239f",
    "description": "this is a description"
}

Parameter description :

parameter

Parameter Type

have to

Explanation

id

String

Yes

RASP unique identifier

description

String

Yes

Description

Return results :

Code Block
{
    "data": {
    },
    "description": "ok",
    "status": 0
}

...

Code Block
{
    "data":{
        "app_id":"f284baaeb786a8285bd1dde04a3dd7502c766c8a"
    },
    "page":1,
    "perpage":10
}

Parameter description :

parameter

Parameter Type

have to

Explanation

app_id

String

Yes

ID of the app to which it belongs

Return results :

Code Block
{
    "data": {
        "page": 1,
        "perpage": 10,
        "total": 1,
        "total_page": 1,
        "data": [    
            {
              @timestamp: 1579597454365,
              app_id: "4a335d670ec7c9353d3cf7480e68614dda087ded",
              hostname: "d2e69eebfa7b",
              id: "d1dd52ff8c82becccf9678b6ed09eca0",
              path: ["/tomcat/bin/bootstrap.jar"],
              product: "Apache Tomcat Bootstrap",
              rasp_count: 1,
              rasp_id: "3089c8d2672efd1ef5c3e322d9e8fcb1",
              register_ip: "172.17.0.2",
              search_string: "Apache Tomcat Bootstrap8.0.5",
              source: "manifest_implementation",
              tag: "Apache Software Foundation:Apache Tomcat Bootstrap:8.0.5",
              vendor: "Apache Software Foundation",
              version: "8.0.5"
            }     
        ]
    },
    "description": "ok",
    "status": 0
}

parameter

Explanation

timestamp

Class library information upload time

app_id

ID of the app to which it belongs

hostname

Host name

id

Unique identification of class library information

path

Library dependent path

product

product name

rasp_count

Affect the number of hosts

rasp_id

RASP to which class library information belongs

register_ip

RASP machine IP address

search_string

source

tag

vendor

Manufacturer

version

The version number of the class library

Class library information aggregation

...

Code Block
{
    "data":{
        "app_id":"0d46b13c2f25722e542b1a89817e1163e190fce1",
        "tag":"org.apache.struts.xwork:xwork-core:2.3.14.2",
        "key_word":"",
        "hostname":""
    },
    "page":1,
    "perpage":10
}

parameter

Parameter Type

have to

Explanation

app_id

String

Yes

APP unique identifier

tag

String

key_word

String

no

Key words

hostname

String

no

Host name

Return results :

Code Block
{
    "data": {
                "page": 1,
        "perpage": 10,
        "total": 1,
        "total_page": 1,
        "data": [    
            {
              @timestamp: 1579612005801,
              app_id: "0d46b13c2f25722e542b1a89817e1163e190fce1",
              hostname: "cq02-scloud-docker-trial",
              id: "148f69b483fff233ee4d4f9fffbfd478",
              path: ["/tomcat/bin/bootstrap.jar"],
              product: "xwork-core",
              rasp_count: 1,
              rasp_id: "3089c8d2672efd1ef5c3e322d9e8fcb1",
              register_ip: "10.58.119.17",
              search_string: "Apache Tomcat Bootstrap8.0.5",
              source: "manifest_implementation",
              tag: "Apache Software Foundation:Apache Tomcat Bootstrap:8.0.5",
              vendor: "Apache Software Foundation",
              version: "2.3.14.2"
            }     
        ]
    },
    "description": "ok",
    "status": 0
}

parameter

Explanation

app_id

ID of the app to which it belongs

timestamp

Class library information upload time

hostname

Host name

id

Unique identification of class library information

path

Library dependent path

product

product name

rasp_count

Affect the number of hosts

rasp_id

RASP to which class library information belongs

register_ip

RASP machine IP address

search_string

source

tag

vendor

Manufacturer

version

The version number of the class library

Static Token management interface

...

Code Block
{
    "token":"44b2b50665c9f11c73090b19c3dd787031611e80",
    "description":"Sampletoken"
}

Parameter description :

parameter

Parameter Type

have to

Explanation

token

String

Yes

token content

description

String

no

token description

Return results :

Code Block
{
    "data": {
        "token": "44b2b50665c9f11c73090b19c3dd787031611e80",
        "description": "Sample"
    },
    "description": "ok",
    "status": 0
}

...

Code Block
{
    "data":{
        "id": "389fdbeb0aceb154d5d5d26eba28fea9f402c945",
        "type_id": 1010,
        "app_id": "e64071cf900944b701213a6f17d36e0d18d8b6ab",
        "user": "admin",
        "ip": "127.0.0.1"
    },
    "start_time":1,
    "end_time":1542807647000,
    "page":1,
    "perpage":15
}

Parameter description :

parameter

Parameter Type

have to

Explanation

data

String

Yes

All fields that support searching, all fields in data are optional

start_time

int

Yes

Operation log start time, millisecond timestamp

end_time

int

Yes

End time of operation log, millisecond timestamp

Return results :

Code Block
{
    "data": {
        "data": [
            {
                "id": "389fdbeb0aceb154d5d5d26eba28fea9f402c945",
                "type_id": 1010,
                "app_id": "e64071cf900944b701213a6f17d36e0d18d8b6ab",
                "time": 1542807647000,
                "user": "admin",
                "content": "uploaded the plugin: ba41c57afab600c39dba7398987b159d648d0836",
                "ip": "127.0.0.1"
            }
        ],
        "page": 1,
        "perpage": 15,
        "total": 1,
        "total_page": 1
    },
    "description": "ok",
    "status": 0
}

parameter

Explanation

id

Operation log unique identifier

app_id

ID of the app to which it belongs

type_id

Log type

time

Operating time

user

Operator

content

Operation content

ip

The IP of the originator of the operation request relative to the cloud control background

Server management interface

...

Code Block
{
    "data":{
        "panel_url":"126.56.23.5:8086",
        "agent_url":[
            "126.56.23.5:8086",
            "10.23.36.122:8086",
            "172.23.233.192:8086"
        ]
    },
    "description": "ok",
    "status": 0
}

parameter

Explanation

panel_url

Front-end server url access address

agent_url

agent server access address list

Change server address

Description : Change the access address of panel and agent server

...

Code Block
{
    "panel_url":"126.56.23.5:8086",
    "agent_urls":[
        "126.56.23.5:8086",
        "10.23.36.122:8086",
        "172.23.233.192:8086"
    ]
}

Parameter description :

parameter

Parameter Type

have to

Explanation

panel_url

String

Yes

Front-end server url access address

agent_url

String Array

no

agent server access address list

Return results :

Code Block
{
    "data":{
        "panel_url":"126.56.23.5:8086",
        "agent_urls":[
            "126.56.23.5:8086",
            "10.23.36.122:8086",
            "172.23.233.192:8086"
        ]
    },
    "description": "ok",
    "status": 0
}

...

Code Block
{
    "app_id":"e64071cf900944b701213a6f17d36e0d18d8b6ab"
}

Parameter description :

parameter

Explanation

app_id

Front-end server url access address

Return results :

Code Block
{
    "data": {},
    "description": "ok",
    "status": 0
}

...

Code Block
{
    "app_id":"f284baaeb786a8285bd1dde04a3dd7502c766c8a",  
    "start_time":1523264521321212,
    "end_time":1523267821321000,
    "interval":"hour", 
    "time_zone":"+08:00"
}

Parameter description :

parameter

Parameter Type

have to

Explanation

app_id

String

Yes

Apps that need to be aggregated

start_time

int

Yes

Starting time

end_time

int

Yes

End Time

interval

String

Yes

Aggregation granularity, hour hour, month month, day day

time_zone

String

Yes

Aggregate time zone

Return results :

Code Block
{
    "data":[
        {
            "start_time":1523264521321212,
            "request_sum":10000
        },
        {
            "start_time":1523264521340000,
            "request_sum":87
        }
    ],
    "description": "ok",
    "status": 0
}

parameter

Explanation

start_time

Starting time

request_sum

Number of requests processed by RASP

Alarm interface

In order to reduce the es pressure, the start and end time of all alarm interfaces cannot exceed 366 days, and the size of the aggregate interface cannot exceed 1024

...

Code Block
{
    "app_id":"f284baaeb786a8285bd1dde04a3dd7502c766c8a",
    "start_time":1535600036000,
    "end_time":1546140836000,
    "interval":"month", 
    "time_zone":"+08:00"
}

Parameter description :

parameter

Parameter Type

have to

Explanation

app_id

String

Yes

Apps that need to be aggregated

start_time

int

Yes

Starting time

end_time

int

Yes

End Time

interval

String

Yes

Aggregation granularity, hour hour, month month, day day

time_zone

String

Yes

Aggregate time zone

Return results :

Code Block
{
    "data": {
        "data": [ 
            [
                0,
                0,
                0,
                1,
                0
            ],
            [
                0,
                0,
                0,
                0,
                0
            ]
        ],
        "labels": [
            1533052800000,
            1535731200000,
            1538323200000,
            1541001600000,
            1543593600000
        ]
    },
    "description": "ok",
    "status": 0
}

parameter

Explanation

data

Aggregate data, the first element is info data, the second is block data

labels

Aggregated horizontal axis time label array, each element is a millisecond timestamp

Aggregate attack logs by type

...

Code Block
{
    "app_id":"f284baaeb786a8285bd1dde04a3dd7502c766c8a",
    "start_time":1535600036000,
    "end_time":1546140836000,
    "size":10
}

Parameter description :

parameter

Parameter Type

have to

Explanation

app_id

String

Yes

Apps that need to be aggregated

start_time

int

Yes

Starting time

end_time

int

Yes

End Time

size

int

Yes

Number of attack types aggregated

Return results :

Code Block
{
    "data":[
        [
            "sql", 156
        ],
        [
            "xxe", 156
        ]
    ],
    "description": "ok",
    "status": 0
}

parameter

Explanation

data

Aggregate data, each array represents a type, the first element of each array represents the type name, and the second element represents the number of attacks of that type

Aggregate attack logs by UA

...

Code Block
{
    "app_id":"f284baaeb786a8285bd1dde04a3dd7502c766c8a",
    "start_time":1535600036000,
    "end_time":1546140836000,
    "size":10
}

Parameter description :

parameter

Parameter Type

have to

Explanation

app_id

String

Yes

Apps that need to be aggregated

start_time

int

Yes

Starting time

end_time

int

Yes

End Time

size

int

Yes

Number of aggregated UA types

Return results :

Code Block
{
    data:[
        [
            "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36", 156
        ],
        [
            "Chrome/5.0 (X11; Linux x86_64) AppleWebKit/537.36", 156
        ]
    ],
    "description": "ok",
    "status": 0
}

parameter

Explanation

data

Aggregate data, each array represents a type, the first element of each array represents the name of the UA, and the second element represents the number of attacks of the UA

Vulnerability aggregation search

...

Code Block
{
    "data":{
        "attack_type":["directory","sql"],
        "app_id":"f284baaeb786a8285bd1dde04a3dd7502c766c8a",
           "start_time":"1523264521321000",
        "end_time":"1523264521421000"
    }
    "page":1,
    "perpage":10
}

Parameter description :

parameter

Parameter Type

have to

Explanation

app_id

String

no

The APP to which the vulnerability belongs, if this parameter is present, the corresponding app data is counted, if not, all data is counted

attack_type

String Array

no

The attack type can be multi-selected. If the array is empty, nothing is returned. Without this parameter, or if the parameter is null, this parameter is not filtered

rasp_id

String

no

RASP to which the vulnerability belongs

server_hostname

String

no

The hostname of the machine where the vulnerability occurred

attack_source

String

no

Attack source ip

url

String

no

Attack URL

intercept_state

String Array

no

Interception status, optional values: block, info, nothing is returned if the array is empty, no parameter, or the parameter is null, this parameter is not filtered

local_ip

String

no

Attacking machine ip

start_time

int

Yes

Starting time

end_time

int

Yes

End Time

Return results :

Code Block
{
    "data": {
        "page": 1,
        "perpage": 10,
        "total": 500,
        "total_page": 50,
        "data":[
            {
                "attack_type":"directory",
                "stack_md5":"1111121637821204cwwd2e52d62d0aa8",
                "event_time":"2019-01-27T23:51:15+0800",
                ...
            }
            ...
        ]
    },
    "description": "ok",
    "status": 0
}

parameter

Explanation

data

Vulnerability aggregation results, the results are sorted according to the latest attack time of each vulnerability, and the content displayed by each vulnerability is the latest attack content of the vulnerability

Attack Alarm Search

Description : Search the attack log, and sort the results in descending order of time

...

Code Block
{
    "data":{
        "attack_type":["directory","sql"],
        "app_id":"f284baaeb786a8285bd1dde04a3dd7502c766c8a",
           "start_time":"1523264521321000",
        "end_time":"1523264521421000"
    }
    "page":1,
    "perpage":10
}

Parameter description :

parameter

Parameter Type

have to

Explanation

app_id

String

no

App belongs to, if there is this parameter, then the corresponding app data is counted, if not, all data is counted

attack_type

String Array

no

The attack type can be multi-selected. If the array is empty, nothing is returned. Without this parameter, or if the parameter is null, this parameter is not filtered

rasp_id

String

no

Rasp

server_hostname

String

no

The hostname or IP of the machine where the attack occurred, supporting fuzzy search

attack_source

String

no

Attack source ip, support fuzzy search

url

String

no

Attack URL, including search, support fuzzy search

intercept_state

String Array

no

Interception status, optional values: block, info, nothing is returned if the array is empty, no parameter, or the parameter is null, this parameter is not filtered

local_ip

String

no

Attacking machine ip

request_id

String

no

Request id

stack_md5

String

no

MD5 of the attack stack

plugin_message

String

no

The monitoring information returned by the plug-in supports fuzzy search

start_time

int

Yes

Starting time

end_time

int

Yes

End Time

Return results :

Code Block
{
    "data": {
        "page": 1,
        "perpage": 10,
        "total": 500,
        "total_page": 50,
        "data":[
            {
                "attack_type":"directory",
                "intercept_state":"block",
                "plugin_confidence":100
                ...
            }
            ...
        ]
    },
    "description": "ok",
    "status": 0
}

parameter

Explanation

data

Search attack results

Baseline alarm search

Description : Search the baseline log, and sort the results in descending order of time

...

Code Block
{
    "data":{
        "policy_id":["3004","3003"],
        "app_id":"f284baaeb786a8285bd1dde04a3dd7502c766c8a",
        "server_hostname":"nmg01.xx.cq",
        "local_ip":"172.36.2.6",
        "start_time":"1523264521321000",
        "end_time":"1523264521421000"
    },
    "page":1,
    "perpage":10
}

Parameter description :

parameter

Parameter Type

have to

Explanation

app_id

String

no

App belongs to, if there is this parameter, then the corresponding app data is counted, if not, all data is counted

policy_id

int Array

no

This field can be multi-selected. If the array is empty, nothing is returned. Without this parameter, or if the parameter is null, this parameter is not filtered.

rasp_id

String

no

Rasp

server_hostname

String

no

The hostname or IP of the machine, support fuzzy search

local_ip

String

no

Machine ip

message

String

no

Baseline alarm information, support fuzzy search

start_time

int

Yes

Starting time

end_time

int

Yes

End Time


Return results :

Code Block
{
    "data": {
        "page": 1,
        "perpage": 10,
        "total": 500,
        "total_page": 50,
        "data":[
            {
                "policy_id":"3004",
                ... // policy 3004


            },
            ... // other plicies
        ]
    },
    "description": "ok",
    "status": 0
}

parameter

Explanation

data

Search baseline results

Exception interface

Search for abnormal information

...

Code Block
{
    "data":{
        "app_id":"f284baaeb786a8285bd1dde04a3dd7502c766c8a",
        "server_hostname":"nmg01.xx.cq",
        "local_ip":"172.36.2.6",
        "start_time":"1523264521321000",
        "end_time":"1523264521421000"
    },
    "page":1,
    "perpage":10
}

Parameter description :

parameter

Parameter Type

have to

Explanation

app_id

String

no

App belongs to, if there is this parameter, then the corresponding app data is counted, if not, all data is counted

rasp_id

String

no

ID of the RASP to which the attack belongs

server_hostname

String

no

The hostname or IP of the machine, support fuzzy search

local_ip

String

no

Machine ip

message

String

no

Search abnormal information contains the abnormal log of this value, supports fuzzy search

start_time

int

Yes

Starting time

end_time

int

Yes

End Time

Return results :

Code Block
{
    "data": {
        "page": 1,
        "perpage": 10,
        "total": 500,
        "total_page": 50,
        "data":[
                {
                      "message": "HTTP request to https://definitions.com:8086/v1/agent/rasp failed:",
                      "server_nic": [{
                          "name": "en0",
                          "ip": "172.24.182.127"
                      }],
                      "stack_trace": "sun.reflect.NativeConstructorAccessorImpl.newInstance0(NativeMethod)",
                      "level": "WARN",
                      "event_time": "2019-01-11T13:36:46+0800",
                      "app_id": "9b3554a97673f1f8f5c929310298037a660d3b7a",
                      "pid": 58353,
                      "server_hostname": "localhost",
                      "rasp_id": "3089c8d2672efd1ef5c3e322d9e8fcb1"
                  }
        ]
    },
    "description": "ok",
    "status": 0
}

parameter

Explanation

data

Search error log results

RASP interface

verification method

...

Code Block
{
    "id":"569e8ea7a16123492b5878920fd36985",
    "version" :"v3.2",
    "hostname":"tyy-OptiPlex-9020",
    "register_ip":"127.56.23.4",
    "language" :"java",
    "language_version":"8.1" ,
    "server_type":"tomcat",
    "server_version":"8.5.1" ,
    "heartbeat_interval":60,
    "rasp_home":"/home/work/tomcat8/rasp",
    "host_type":"docker",
    "environ":{
        "JAVA_HOME":"/home/java/jdk-7.0.25"
    }
}

Parameter description :

parameter

Parameter Type

have to

Explanation

id

String

Yes

RASP unique identifier

version

String

Yes

RASP version

hostname

String

Yes

The host name of the machine where RASP is located

register_ip

String

Yes

RASP machine IP address

language

String

Yes

Development language used by RASP

language_version

String

Yes

Development language version used by RASP

server_type

String

Yes

Types of servers used by RASP

server_version

String

Yes

The server version number used by RASP

heartbeat_interval

int

Yes

Heartbeat interval time, unit: second

rasp_home

String

no

RASP installation directory

host_type

String

no

Host type, such as docker

environ

String

no

Service process environment variables

Return results :

Code Block
{
    "status":0,         
    "description":"ok", 
    "data":{
        "id":"569e8ea7a16123492b5878920fd36985",
        "app_id":"023e68ea7a12564492b5878920fd630c8",
        "version" :"v3.2",
        "hostname":"tyy-OptiPlex-9020",
        "register_ip":"127.56.23.4",
        "language" :"java",
        "language_version":"8.1" ,
        "server_type":"tomcat",
        "server_version":"8.5.1" ,
        "heartbeat_interval":60,
        "rasp_home" :"/home/work/tomcat8/rasp",
        "last_heartbeat_time":"15425645253",
        "online":true,
        "host_type":"docker",
        "plugin_version":"",
        "plugin_name":"",
        "plugin_md5":"",
        "environ":{
            "JAVA_HOME":"/home/java/jdk-7.0.25"
        },
        "register_time":"15425645253"
    }
}

Parameter description :

parameter

Explanation

id

RASP unique identifier

app_id

App ID

version

RASP version

hostname

The host name of the machine where RASP is located

register_ip

RASP machine IP address

language

Development language used by RASP

language_version

Development language version used by RASP

server_type

Types of servers used by RASP

server_version

The server version number used by RASP

heartbeat_interval

Heartbeat interval time, unit: second

rasp_home

RASP installation directory

last_heartbeat_time

Last heartbeat time, if there is no heartbeat, it is the registration time

online

Whether rasp is online, this value should be true

host_type

Host type, such as docker

plugin_version

The version of the plug-in. The plug-in has not been delivered during registration, so it is empty

plugin_name

The name of the plug-in. No plug-in has been delivered during registration, so it is empty

plugin_md5

Checksum of plug-in content, no plug-in has been delivered during registration, so it is empty

environ

Service process environment variables

register_time

Registered time stamp, unit: second

Heartbeat interface

Description : Accept the timed heartbeat from RASP to the cloud control background. If the md5 in the request parameters is different from the plug-in md5 specified in the background, a new plug-in is determined. If the configuration time is less than the last configuration time of the cloud control background, a new configuration is determined Updates are full updates of plugins and configurations.

...

Code Block
{
    "rasp_id":"47af9da31ec3f233f35a25776f5e06086ebf239f",
    "plugin_md5":"47af9da31ec3f2ebf239f", 
    "plugin_version":"2018-08-15 11:11:12", 
    "config_time":1536302712000,
    "hostname":"rasp-host"
}

Parameter description :

parameter

Parameter Type

have to

Explanation

rasp_id

String

Yes

RASP unique identifier

plugin_md5

String

Yes

MD5 of the current RASP plugin

plugin_version

String

Yes

Current version of the plugin

config_time

int

no

The last modification time of the background configuration. If there is no such field or 0, the configuration will be delivered if it has not been delivered.

hostname

String

no

Host hostname, used for runtime update

Return results :

Code Block
{
    "status":0,         
    "description":"ok", 
    "data":{
        "plugin":{
            "version":"2018-08-15 11:11:12"
            "md5":"569e8ea7a16123492b5878920fd36985",
            "plugin":"/*javascript*/"
        },
        "config_time":1536303412000,
        "config":{
            "block.content_html": "</script><script>location.href=\"https://definitions.com/blocked2/?request_id=%request_id%\"</script>",
            "block.content_json": "{\"xxxx\":\"xxxxxx\"}",
            "block.content_xml": "<?xml version=\"1.0\"?><doc><error>true</error><reason>Request blocked by RASP</reason><request_id>%request_id%</request_id></doc>",
            "block.redirect_url": "https://definitions.com/blocked/?request_id=%request_id%",
            "block.status_code": 302,
            "body.maxbytes": 4096,
            "clientip.header": "ClientIP",
            "debug.level": 0,
            "decompile.enable": true,
            "inject.custom_headers": {},
            "log.maxbackup": 30,
            "log.maxburst": 100,
            "ognl.expression.minlength": 30,
            "plugin.filter": true,
            "plugin.maxstack": 100,
            "plugin.timeout.millis": 100,
            "syslog.enable": false,
            "syslog.facility": 1,
            "syslog.tag": "RASP",
            "syslog.url": "",
            "hook.white":{
                "www.test.com/test1":[sql,ssrf],
                "www.test.com/test2":[sql,ssrf],
                "*":[all]
            }
        }
    }
}

Parameter description :

parameter

Explanation

plugin

Plugin content

config_time

Time when the configuration is delivered this time

config

Detailed configuration description and detailed description of configuration items: https://definitions.com/doc/setup/others.html

Statistics reporting interface

...

Code Block
{
    "rasp_id":"569e8ea7a16123492b5878920fd36985",
    "time":15665422321,
    "request_sum":10000
}

Parameter description :

parameter

Parameter Type

have to

Explanation

rasp_id

String

Yes

RASP unique identifier

time

int

Yes

Statistical time, millisecond timestamp

request_sum

int

no

Number of requests, default 0

Return results :

Code Block
{
    "status":0,         
    "description":"ok",
    "data":{}
}

...

rasp_id: d5ged5g54dr1gdr5d5erg5rdg

Parameter description :

parameter

Parameter Type

have to

Explanation

crash_log

file

Yes

Crash log

rasp_id

String

Yes

RASP unique identifier, RASP may not exist

language

String

no

RASP language

hostname

String

no

CPU name

Return results :

Code Block
{
    "status":0,         
    "description":"ok",
    "data":{}
}

...

Code Block
{
    "status":0,         
    "description":"ok", 
    "data":{
        "count":1
    }
}

parameter

Explanation

count

Number of logs successfully processed

Upload library dependency information

...

Code Block
{
    "dependency": [{
        "product": "rasp-engine",
        "version": "1.3.0",
        "vendor": "com.securityreviewer.rasp",
        "path": "/home/work/rasp/rasp-engine.jar",
        "source": "pom"
    }, {
        "product": "rasp-engine",
        "version": "7.0.78",
        "vendor": "Apache Software Foundation",
        "path": "/home/work/rasp/rasp-engine.jar",
        "source": "manifest_implementation"
    }, {
        "product": "Bootstrap",
        "version": "7.0.78",
        "vendor": "Apache Software Foundation",
        "path": "/home/work/rasp/bin/bootstrap.jar",
        "source": "manifest_implementation"
    }],
    "rasp_id": "3089c8d2672efd1ef5c3e322d9e8fcb1"
}

Parameter description :

parameter

Parameter Type

have to

Explanation

rasp_id

String

Yes

Rasp

product

String

Yes

product name

version

String

Yes

version number

vendor

String

Yes

Manufacturer

path

String

Yes

Library dependent path

source

String

no

source

Return results :

Code Block
{
    "data": {
    },
    "description": "ok",
    "status": 0
}

...

Code Block
{
    "status":0,         
    "description":"ok", 
    "data":{
        "count":1
    }
}

parameter

Explanation

count

Number of logs successfully processed

Upload exception log

Description : Upload exception logs

...

Code Block
{
    "status":0,         
    "description":"ok", 
    "data":{
        "count":1
    }
}

parameter

Explanation

count

Number of logs successfully processed

RASP Agent authentication interface

...

Code Block
{
    "order":"startTask",
    "data":{
            .....
    }
}

Parameter description :

parameter

Explanation

order

Task type.

host

Scan target host

Response format :

The response is in json format, the example is as follows:

Code Block
{
    "data":{
        "data":{
            "app_id":"593342c72eb78fc8e7393d0a87b8f3fc54dfbec"
        },
        "description":"ok",
        "register":2,
        "status":0
    },
    "description":"ok",
    "status":0
}

Parameter description :

parameter

Explanation

data

The content returned by the scanner to the cloud control background

app_id

APP unique identifier

register

Scanner status: 0 indicates that the scanner is not connected, 1 indicates that it is connecting, 2 indicates that the scanner is connected successfully, 3 indicates that the reception response is abnormal, and 4 indicates that the scanner connection timed out

data.status

error code

verification method

  • Add request header: Content-Type: application / json

...

Code Block
{
    "order":"startTask",
    "data":{
            "host":"1.2.3.4", 
            "port": 80, 
        "app_id":"593342c72eb78fc8e7393d0a87b8f3fc54dfbec"
    }
}

parameter

Parameter Type

have to

Explanation

order

String

Yes

Task type. startTask means new scan

host

String

Yes

Scan target host

port

String

Yes

Scan target port

app_id

String

Yes

APP unique identifier

Return results :

Code Block
{
    "data":{
        "data":{
            "app_id":"593342c72eb78fc8e7393d0a87b8f3fc54dfbec"
        },
        "description":"ok",
        "register":2,
        "status":0
    },
    "description":"ok",
    "status":0
}

parameter

Explanation

data

The content returned by the scanner to the cloud control background

app_id

APP unique identifier

register

Scanner status. 2 means the scanner is connected successfully

data.status

Error code: 2 concurrent scanning tasks reached the limit, 3 targets are being scanned by other tasks

Change setting

Description : Modify the scan configuration of the target host

...

Code Block
{
    "order":"setConfig",
    "data":{
        "host":"1.2.3.4",
        "port":80,
        "app_id":"593342c72eb78fc8e7393d0a87b8f3fc54dfbec",
        "config":{
            "scan_plugin_status":{
                "command_basic":{
                    "description":"IAST plugin",
                    "enable":true,
                    "show_name":"IAST"
                },
              ...
            },
            "scan_rate":{
                "max_concurrent_request":20,
                "max_request_interval":1000,
                "min_request_interval":0
            },
            "white_url_reg":"^/path/eg",
            "scan_proxy":"http://127.0.0.1:8080"
        }
    }
}

parameter

Parameter Type

have to

Explanation

order

String

Yes

Task type. setConfig means to modify the configuration

host

String

Yes

Scan target host

port

String

Yes

Scan target port

app_id

String

Yes

APP unique identifier

scan_plugin_status

Object

Yes

Configuration parameter

scan_rate

Object

Yes

Scan rate setting

white_url_reg

String

no

url whitelist regular

scan_proxy

String

no

Http proxy used by scan request

Return results :

Code Block
{
    "data":{
        "data":{
            "app_id":"593342c72eb78fc8e7393d0a87b8f3fc54dfbec"
        },
        "description":"ok",
        "register":2,
        "status":0
    },
    "description":"ok",
    "status":0
}

parameter

Explanation

data.status

Error code: 2 The whitelist rule is illegal, 3 The proxy protocol is not http or https

Get configuration

Description : Get the scan configuration of the target host

...

Code Block
{
    "order":"getConfig",
    "data":{
            "host":"1.2.3.4", 
            "port": 80, 
        "app_id":"593342c72eb78fc8e7393d0a87b8f3fc54dfbec"
    }
}

parameter

Parameter Type

have to

Explanation

order

String

Yes

Task type. getConfig means get configuration

host

String

Yes

Scan target host

port

String

Yes

Scan target port

app_id

String

Yes

APP unique identifier

Return results :

Code Block
{
    "data":{
        "data":{
            "app_id":"593342c72eb78fc8e7393d0a87b8f3fc54dfbec",
            "scan_plugin_status":{
                "command_basic":{
                    "enable":true,
                    "show_name":"命令注入检测插件",
                    "description":"xxxx"
                }
            },
            "scan_rate":{
                "max_concurrent_request":10,
                "max_request_interval":1000,
                "min_request_interval":0
            },
            "white_url_reg":"^/logout"
        },
        "description":"ok",
        "register":2,
        "status":0
    },
    "description":"ok",
    "status":0
}

parameter

Explanation

scan_plugin_status

Plug-in switch

max_concurrent_request

Maximum number of concurrent requests

max_request_interval

Maximum request interval

min_request_interval

Minimum request interval

app_id

APP unique identifier

Stop scanning

Description : Terminate the specified scan task immediately

...

Code Block
{
    "order":"stopTask",
    "data":{
        "scanner_id":0,
        "app_id":"593342c72eb78fc8e7393d0a87b8f3fc54dfbec"
    }
}

parameter

Parameter Type

have to

Explanation

order

String

Yes

Task type. getConfig means get configuration

scanner_id

Int

Yes

Scan task id

app_id

String

Yes

APP unique identifier

Return results :

Code Block
{
    "data":{
        "data":{
            "app_id":"593342c72eb78fc8e7393d0a87b8f3fc54dfbec"
        },
        "description":"ok",
        "register":2,
        "status":0
    },
    "description":"ok",
    "status":0
}

parameter

Explanation

data.status

Error code: 2 The specified scan task does not exist, 3 The termination fails

Scanning data

Get all goals

...

Code Block
{
    "order":"getAllTasks",
    "data":{
        "page":1,
        "app_id":"593342c72eb78fc8e7393d0a87b8f3fc54dfbec"
    }
}

parameter

Parameter Type

have to

Explanation

app_id

String

Yes

APP unique identifier

order

String

Yes

Instruction parameters. "getAllTasks" means get all targets

Return results :

Code Block
{
    "status":0,
    "description":"ok",
    "data":{
        "total":0,
        "app_id":"593342c72eb78fc8e7393d0a87b8f3fc54dfbec",
        "result":[
          {
            "host":"127.0.0.1",
            "port":8010,
            "total":2,
            "scanned":0,
            "failed":0,
            "last_time":1571303703
          }  
        ]
    }
}

Parameter description :

parameter

Explanation

app_id

APP unique identifier

host

The data returned by the scanner, see the interface description for details

port

The port number

total

The total number of URLs under the target

scanned

Number of scanned URLs under this target

failed

The number of failed URLs scanned under this target

last_time

When the task was last received

Clear scan task

Description : Clear the information of the target host (reset to an unconfigured agent state), or clear the url list

...

Code Block
{
    "order":"cleanTask",
    "data":{
        "host":"1.2.3.4",
        "port":80,
        "url_only":true,
        "app_id":"593342c72eb78fc8e7393d0a87b8f3fc54dfbec"
    }
}

parameter

Parameter Type

have to

Explanation

order

String

Yes

Task type. cleanTask means to clear the task

host

String

Yes

Scan target host

port

String

Yes

Scan target port

url_only

Bool

Yes

Whether to clear only the url

app_id

String

Yes

APP unique identifier

Return results :

Code Block
{
    "data":{
        "data":{
            "app_id":"593342c72eb78fc8e7393d0a87b8f3fc54dfbec"
        },
        "description":"ok",
        "register":2,
        "status":0
    },
    "description":"ok",
    "status":0
}

parameter

Explanation

data.status

Error code: 2 The target is being scanned

COPYRIGHT (C) 2014-2021 2022 SECURITY REVIEWER SRL. ALL RIGHTS RESERVED.