API Interface
The API interface is provided by Dashboard. The following are the descriptions of each request.
Request format :
The request body is in json format, and the paging page number starts from 1. The paging request format is as follows:
1
2
3
4
5
6
7
{
"page":1,
"perpage":10,
"data":{
"version":"official-101"
}
}
Pagination parameter description :
page | page number |
perpage | status description |
data | Specific request parameters |
Response format :
The response is in json format, the example is as follows:
1
2
3
4
5
6
7
8
9
10
11
{
"page": 1,
"perpage": 10,
"total": 1,
"total_page": 1,
"status":0,
"description":"ok",
"data":{
"version":"official-101"
}
}
Parameter description :
page | Current page number |
perpage | Current number of pages |
total | How many data |
total_page | How many pages of data |
status | Response status code, 0 means success, non-zero means abnormal |
description | Request result description, if status is 0, it is ok, otherwise it is abnormal information |
data | Request result specific data |
Interface type : Interfaces are divided into two categories, one is the front-end interface for the front-end service, and the other is the Agent interface for the RASP Agent. The specific interface format is shown below.
Ping interface
Description : General interface used to test background connectivity
Request method : GET, POST
Path : v1 / ping
Request body : empty
Return results :
1
2
3
4
5
{
"data": {},
"description": "ok",
"status": 0
}
Front-end interface
verification method
There are two authentication methods:
Obtain cookie authentication after login, the cookie field is RASP_AUTH_ID, and the cookie validity period is 7 days by default.
By adding a static token in the request header for authentication, the request header field is X-RASP-Token. For the specific token management method, refer to the token management interface below.
Logout interface
Login interface
Description : login interface, initial management back-end user name:, rasp password:, admin@123login (hashed) successfully set login cookie
Request method : POST
Path : v1 / user / login
Request body :
1
2
3
4
{
"username":"rasp",
"password":"<hashedpwd>"
}
Parameter description :
username | String | Yes | username |
password | String (hashed) | Yes | password |
Return results :
1
2
3
4
5
{
"data": {},
"description": "ok",
"status": 0
}
Logout interface
Description : Log out and clear cookies
Request method : GET
Path : v1 / user / logout
Request body : none
Return results :
1
2
3
4
5
{
"data": {},
"description": "ok",
"status": 0
}
Get logged in
Description : Get the current login status
Request method : GET
Path : v1 / user / islogin
Request body : none
Return results :
1
2
3
4
5
{
"data": {},
"description": "ok",
"status": 0
}
Default password judgment interface
Description : Determine whether the current user password is the default password, used to provide a reminder to the front end whether the password needs to be changed
Request method : GET, POST
Path : v1 / user / default
Request body : none
Return results :
1
2
3
4
5
6
7
{
"data": {
"is_default":true,
},
"description": "ok",
"status": 0
}
is_default | Whether it is the default password, true if it is, otherwise false |
Change Password Interface
Description : Change the administrator password, the password length is 8 ~ 50 bytes, and must contain both letters and arrays
Request method : POST
Path : v1 / user / update
Request body :
1
2
3
4
{
"old_password":"<oldhashedpwd>",
"new_password":"<newhashedpwd>"
}
Parameter description :
old_password | String (hashed) | Yes | old password |
new_password | String (hashed) | Yes | new password |
Return results :
1
2
3
4
5
{
"data": {},
"description": "ok",
"status": 0
}
Plugin management interface
Upload plugin
Description : The uploaded file is a plugin file ending in .js, the plugin version is on the first line of the file, and the plugin name is on the second line of the plugin
Request method : POST
Path : v1 / api / plugin? App_id = c593342c72eb78fc8e7393d0a87b8f3fc54dfbec
Request body : file parameter in form data format, parameter name plugin
Parameter description :
app_id | String | Yes | APP unique identifier |
plugin | file | Yes | Plug-in file, form-data format |
Return results :
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
{
"data": {
"id": "c593342c72eb78fc8e7393d0a87b8f3fc54dfbec8835250641a6dbd9973ae981b4b7abc4",
"app_id": "c593342c72eb78fc8e7393d0a87b8f3fc54dfbec",
"upload_time": 1542177395622,
"version": "'2018-1025-1600'",
"name": "official",
"md5": "8835250641a6dbd9973ae981b4b7abc4",
"plugin": "/*js plugin content*/",
"algorithm_config": {
"command_other": {
"action": "log"
},
"command_reflect": {
"action": "block"
},
"fileUpload_multipart_script": {
"action": "block"
},
"fileUpload_webdav": {
"action": "block"
}
},
"description": "ok",
"status": 0
}
id | Plug-in unique identification |
app_id | APP to which the plugin belongs |
upload_time | Timestamp of upload time |
version | Plugin version |
name | Plugin name |
md5 | Plug-in content checksum |
algorithm_config | Algorithm configuration in the plugin |
plugin | Plugin content |
Download plugin
Description : Download the plugin according to the plugin id
Request method : GET
Path : v1 / api / plugin / download? Id = 47af9da31ec3f233f35a25776f5e06086ebf239ff60a021ada4750b65640d0d24b9ae382
Request body : None
Parameter description :
id | String | Yes | Plug-in unique identification |
Results returned : plugin file, the file name is {NAME}-{VERSION} .js, {VERSION} is the plugin version, and {NAME} is the plugin name
Get basic plug-in information
Description : Get plug-in based on plug-in id
Request method : POST
Path : v1 / api / plugin / get
Request body :
1
2
3
{
"id":"47af9da31ec3f233f35a25776f5e06086ebf239ff60a021ada4750b65640d0d24b9ae382"
}
Parameter description :
id | String | Yes | Plug-in unique identification |
Return results :
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
{
"data": {
"id": "7c70d5ba5547e77a6f9ad5d376b92fe7e47da7c4",
"app_id": "fcbc4d8ac6bcaac27b1cc4703e5339a4aa6e8a1c",
"name": "official",
"upload_time": 1546595795342,
"version": "2018-1227-1200",
"md5": "4259002c18ff3a9f40b44e91824ba0cf",
"algorithm_config": {
"xxe_file": {
"action": "log",
"name": "log001",
"reference": "https://deinitions.com#case-xxe"
},
"xxe_protocol": {
"action": "block",
"name": "xxe001",
"protocols": ["ftp", "dict", "gopher", "jar", "netdoc"]
}
... 忽略
}
},
"description": "ok",
"status": 0
}
id | Plug-in unique identification |
app_id | APP to which the plugin belongs |
upload_time | Timestamp of upload time |
version | Plugin version |
name | Plugin name |
md5 | Plug-in content checksum |
algorithm_config | Algorithm configuration in the plugin |
Deliver algorithm configuration
Description : The plug-in algorithm switch configuration is delivered to the plug-in, and the distributed algorithm configuration will be merged into the plug-in
Request method : POST
Path : v1 / api / plugin / algorithm / config
Request body :
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
{
"id":"47af9da31ec3f233f35a25776f5e06086ebf239f3f35a25776f5e06086ebf239f",
"config":{
"xxe_file": {
"action": "log",
"name": "log002",
"reference": "https://definitions.com#case-xxe"
},
"xxe_protocol": {
"action": "block",
"name": "xxe002",
"protocols": ["ftp", "dict", "gopher", "jar", "netdoc"]
}
... others
}
}
Parameter description :
id | String | Yes | Plug-in unique identification |
config | object | Yes | Algorithm configuration |
Return results :
1
2
3
4
5
{
"data": {},
"description": "ok",
"status": 0
}
Restore plugin default algorithm configuration
Description : Restore the initial default algorithm configuration of the plugin according to the plugin id
Request method : POST
Path : v1 / api / plugin / algorithm / restore
Request body :
1
2
3
{
"id":"47af9da31ec3f233f35a25776f5e06086ebf239ff60a021ada4750b65640d0d24b9ae382"
}
Parameter description :
id | String | Yes | Plug-in unique identification |
Return results :
1
2
3
4
5
{
"data": {},
"description": "ok",
"status": 0
}
Remove plugin
Description : Delete the plugin according to the plugin id, the selected plugin cannot be deleted
Request method : POST
Path : v1 / api / plugin / delete
Request body :
1
2
3
{
"id":"47af9da31ec3f233f35a25776f5e06086ebf239ff60a021ada4750b65640d0d24b9ae382"
}
Parameter description :
id | String | Yes | Plug-in unique identification |
Return results :
1
2
3
4
5
{
"data": {},
"description": "ok",
"status": 0
}
App management interface
New APP
Description : Add an APP
Request method : POST
Path : v1 / api / app
Request body :
1
2
3
4
5
6
{
"name":"Java 001",
"language":"java",
"description":"rasp protected",
"selected_plugin_id":"47af9da31ec3f233f35a25776f5e0608w6ebf239ff60a021ada4750b65640d0d24b9ae382"
}
Parameter description :
name | String | Yes | APP name, the name can not be repeated |
language | String | Yes | APP business language |
description | String | no | APP description information |
selected_plugin_id | String | no | Plugin issued by APP |
Return results :
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
{
"data": {
"id": "1107158fb4cd0a901de850b2c64fab5faf0837d3",
"name": "Java 001",
"language":"java",
"create_time":1545984191,
"secret":"SFklSJ5_DF125IKn15SDF-1SD141Af1",
"description": "rasp protected",
"config_time": 0,
"general_config": {
"block.content.html": "</script><script>\n location.href=\https://definitions.com/blocked2/?request_id=%request_id%\"\n </script>",
"block.content_json": "{\"error\":true,\"reason\": \"Request blocked by RASP\",\"request_id\": \"%request_id%\"}",
"block.content_xml": "<?xml version=\"1.0\"?>\n\t\t\t\t\t\t\t <doc>\n\t\t\t\t\t\t\t <error>true</error>\n\t\t\t\t\t\t\t <reason>Request blocked by RASP</reason>\n\t\t\t\t\t\t\t <request_id>%request_id%</request_id>\n\t\t\t\t\t\t\t </doc>",
"block.redirect_url": "https://definitions.com/blocked/?request_id=%request_id%",
"block.status_code": 302,
"body.maxbytes": 4096,
"clientip.header": "ClientIP",
"ognl.expression.minlength": 30,
"plugin.filter": true,
"plugin.maxstack": 100,
"plugin.timeout.millis": 100
},
"whitelist_config": {},
"selected_plugin_id": "",
"email_alarm_conf": {
"enable": false,
"tls_enable": false,
"server_addr": "",
"username": "",
"password": "",
"subject": "",
"recv_addr": []
},
"ding_alarm_conf": {
"enable": false,
"agent_id": "",
"corp_id": "",
"corp_secret": "",
"recv_user": [],
"recv_party": []
},
"http_alarm_conf": {
"enable": false,
"recv_addr": []
},
"attack_type_alarm_conf":null,
"algorithm_config":{}
},
"description": "ok",
"status": 0
}
id | APP unique identifier |
name | APP name |
description | APP description information |
language | The programming language used by the APP |
create_time | APP creation time |
secret | APP key, used for communication authentication with RASP |
config_time | Last time when RASP related configuration was issued |
general_config | Common configuration, used to deliver RASP |
whitelist_config | Interception whitelist configuration, used to deliver RASP |
selected_plugin_id | The plugin id selected for delivery |
email_alarm_conf | email alarm configuration |
ding_alarm_conf | Nail alarm configuration |
http_alarm_conf | http alarm configuration |
attack_type_alarm_conf | If there is no such configuration, then all alarm methods will be triggered according to all attack types. The key in the configuration is the attack type, and value is the list of alarm methods that this type will trigger. The current alarm methods include ding, http, email |
algorithm_config | The algorithm configuration of the currently selected plugin in app |
Delete APP
Description : Delete an APP and delete all RASPs and plug-ins under the APP at the same time. When only one APP is left, it cannot be deleted. At least one APP can not be deleted. Apps that still exist online RASP cannot be deleted
Request method : POST
Path : v1 / api / app / delete
Request body :
1
2
3
{
"id":"a8604735911f1866029401c6766ba87f685ff037"
}
Parameter description :
id | String | Yes | APP unique identifier |
Return results :
1
2
3
4
5
{
"data": {},
"description": "ok",
"status": 0
}
Get the app
Description : Get all apps, or apps with an id. If there is an id parameter in the parameter, the app with the corresponding id is returned. If there is no id parameter, the page and perpage parameters are required for paging, and the corresponding number of APP arrays are returned.
Request method : POST
Path : v1 / api / app / get
Request body :
Get the corresponding id APP
1
2
3
{
"app_id":"569e8ea7a16123492b5878920fd36985"
}
Get a certain number of apps
1
2
3
4
{
"page":1,
"perpage":10
}
Parameter description :
app_id | String | no | The unique ID of the APP, if there is this parameter, the APP with the corresponding id will be returned |
page | int | no | Page number |
perpage | int | no | Number of data per page |
Return results :
Return the corresponding id APP
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
{
"status":0,
"description":"ok",
"data":{
"id":"569e8ea7a16123492b5878920fd36985"
"name":"Java xxx",
"description":"rasp protected",
"config_time":155536548555,
"create_time":154598419100,
"language":"java",
"general_config":{
"plugin.timeout.millis":500,
"security.enforce_policy":true,
...
}
...
}
}
Return a certain amount of APP
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
{
"status":0,
"description":"ok",
"page": 1,
"perpage": 10,
"total": 1,
"total_page": 1,
"data":[
{
"id":"569e8ea7a16123492b5878920fd36985"
"name":"Java yyy",
"description":"rasp protected",
"config_time":155536548555,
"create_time":154598419100,
"language":"java",
"general_config":{
"plugin.timeout.millis":500,
"security.enforce_policy":true,
...
}
}
]
}
Deliver common configuration
Description : Send rasp common configuration to app
Request method : POST
Path : v1 / api / app / general / config
Request body :
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
{
"app_id":"47af9da31ec3f233f35a25776f5e06086ebf239f",
"config":{
"inject.custom_headers":{
"X-Protected-By":"RASP"
},
"block.content_html": "</script><script>location.href="https://definitions.com/blocked2/?request_id=%request_id%"</script>",
"block.content_json": "{"error":true,"reason": "Request blocked by RASP","request_id": "%request_id%"}",
"block.content_xml": "<?xml version="1.0"?><doc><error>true</error><reason>Request blocked by RASP</reason><request_id>%request_id%</request_id></doc>",
"block.redirect_url": "https://definitions.com/blocked/?request_id=%request_id%",
"block.status_code": 403,
"body.maxbytes": 12288,
"clientip.header": "ClientIP",
"cpu.usage.enable":false,
"cpu.usage.interval":5,
"cpu.usage.percent":90,
"debug.level":0,
"decompile.enable":false,
"dependency_check.interval":100,
"fileleak_scan.interval":21600,
"fileleak_scan.limit":100,
"fileleak_scan.name":""\.(git|svn|tar|gz|rar|zip|sql|log)$"",
"log.maxbackup":30,
"log.maxburst":100,
"log.maxstack":100,
"lru.compare_enable":false,
"lru.compare_limit":10240,
"lru.max_size":1000,
"ognl.expression.minlength":30,
"plugin.filter":true,
"plugin.maxstack":100,
"plugin.timeout.millis":100,
"request.param_encoding":"rasp",
"response.sampler_burst":5,
"response.sampler_interval":60,
"security.weak_passwords":[
],
"syslog.enable":false,
"syslog.facility":1,
"syslog.tag":"RASP",
"syslog.url":""
}
}
Parameter description :
app_id | String | Yes | APP unique identifier |
config | object | Yes | General configuration complete content |
Return result : return the complete APP information after update
Deliver whitelist configuration
Description : Deliver rasp whitelist configuration to the app
Request method : POST
Path : v1 / api / app / whitelist / config
Request body :
1
2
3
4
5
6
7
8
9
10
11
12
13
{
"app_id":"e64071cf900944b701213a6f17d36e0d18d8b6ab",
"config":[
{
"url":"www.asod.com/sss/sss",
"hook":{
"sql":true,
"ssrf":false
},
"description":""
}
]
}
Parameter description :
app_id | String | Yes | APP unique identifier |
config | object | Yes | Whitelist configuration complete content |
Return result : return the complete APP information after update
Alarm configuration
Description : Send alarm configuration to app
Request method : POST
Path : v1 / api / app / alarm / config
Request body :
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
{
"app_id":"47af9da31ec3f233f35a25776f5e06086ebf239f",
"attack_type_alarm_conf":{
"sql":["email","ding","http"],
"xxe":["email"]
},
"email_alarm_conf": {
"enable":false,
"tls_enable":false,
"server_addr":"email.qq.com:445",
"username":"123456789@qq.com",
"password":"4354edfwe",
"subject":"rasp alarm",
"recv_addr":["165165@163.com"]
},
"ding_alarm_conf": {
"enable":false,
"agent_id":"1s6ef5w1ef6",
"corp_id":"1r5thnb5",
"corp_secret":"d512c5f5fg546sdg5",
"recv_user":["5sdf5","87njy7uoi"],
"recv_party":["8ik44ws"]
},
"http_alarm_conf": {
"enable":false,
"recv_addr":["www.opff.com"]
},
"general_alarm_conf":{
"alarm_check_interval":120
},
"kafka_alarm_conf":{
"url":"1.1.1.1:6666",
"user":"",
"pwd":"",
"enable":true,
"topic":"RASP"
}
}
Parameter description :
app_id | String | Yes | APP unique identifier |
attack_type_alarm_conf | Object | no | If there is no such configuration, then all alarm methods will be triggered according to all attack types. The key in the configuration is the attack type, and value is the list of alarm methods that this type will trigger. The current alarm methods include ding, http, email |
email_alarm_conf | Object | no | Email alarm configuration |
ding_alarm_conf | Object | no | Nail alarm configuration |
http_alarm_conf | Object | no | http alarm configuration |
email_alarm_conf.enable | bool | no | email alarm switch, default false |
email_alarm_conf.tls_enable | bool | no | Whether to open mail tls authentication, default false |
email_alarm_conf.server_addr | String | Yes | Mail server address |
email_alarm_conf.username | String | no | Email account username |
email_alarm_conf.password | String | no | Email account password |
email_alarm_conf.subject | String | no | Email Subject |
email_alarm_conf.recv_addr | String Array | Yes | Email address sent by email alarm |
ding_alarm_conf.enable | bool | no | Nail alarm switch, default false |
ding_alarm_conf.agent_id | String | Yes | Nail Alarm Application Agent ID |
ding_alarm_conf.corp_id | String | Yes | Dingding Alarm's Enterprise ID |
ding_alarm_conf.corp_secret | String | Yes | Dingfang's enterprise key |
ding_alarm_conf.recv_user | String Array | no | List of users received by Dingding alarm, each element of the list is a user ID, and it cannot be empty together with recv_party parameter |
ding_alarm_conf.recv_party | String Array | no | List of departments to receive the DingDing alarm. Each element of the list is an ID of a department. It cannot be empty together with the recv_user parameter. |
http_alarm_conf.enable | String | no | HTTP alarm push switch, default false |
http_alarm_conf.recv_addr | String Array | Yes | HTTP alarm receiving address list |
general_alarm_conf.alarm_check_interval | Int | Yes | Email alarm interval (applies to all apps) |
kafka_alarm_conf.url | String | Yes | The address of the kafka server |
kafka_alarm_conf.user | String | no | Kafka server username |
kafka_alarm_conf.pwd | String | no | kafka server password |
kafka_alarm_conf.enable | Bool | Yes | Whether to enable kafka push |
kafka_alarm_conf.topic | String | Yes | Write the topic name of kafka |
Return result : return the complete APP information after update
APP configuration interface
Description : Deliver APP configuration, used to configure APP name, language and description information
Request method : POST
Path : v1 / api / app / config
Request body :
1
2
3
4
5
6
{
"app_id":"47af9da31ec3f233f35a25776f5e06086ebf239f",
"name":"myapp",
"language":"php",
"description":"php001"
}
Parameter description :
app_id | String | Yes | APP unique identifier |
name | String | Yes | APP name |
language | String | Yes | The programming language used by the APP |
description | String | no | APP description information |
Return result : return the complete APP information after update
Get all the plugins under the APP
Description : Get all plug-in content according to APP ID
Request method : POST
Path : v1 / api / app / plugin / get
Request body :
1
2
3
4
5
{
"app_id":"47af9da31ec3f233f35a25776f5e06086ebf239f",
"page":1,
"perpage":15
}
Parameter description :
app_id | String | Yes | APP unique identifier |
page | int | Yes | page number |
perpage | int | Yes | Number of single pages |
Return results :
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
{
"data": {
"page": 1,
"perpage": 15,
"total": 2,
"total_page": 1,
"data": [
{
"id": "47af9da31ec3f233f35a25776f5e06086ebf239ff60a021ada4750b65640d0d24b9ae382",
"app_id": "47af9da31ec3f233f35a25776f5e06086ebf239f",
"upload_time": 1540992061040,
"version": "2018-1016-1000",
"md5": "f60a021ada4750b65640d0d24b9ae382"
...
},
{
"id": "47af9da31ec3f233f35a25776f5e06086ebf239f914450bbf9309777723f38facfa8183f",
"app_id": "47af9da31ec3f233f35a25776f5e06086ebf239f",
"upload_time": 1540979046327,
"version": "2018-1016-0000",
"md5": "914450bbf9309777723f38facfa8183f"
...
}
]
},
"description": "ok",
"status": 0
}
Get the plugin issued by the APP
Description : Get the currently selected plug-in of the APP, the plug-in will be issued to the RASP under the APP
Request method : POST
Path : v1 / api / app / plugin / select / get
Request body :
1
2
3
{
"app_id": "47af9da31ec3f233f35a25776f5e06086ebf239f"
}
Parameter description :
app_id | String | Yes | APP unique identifier |
Return results :
1
2
3
4
5
6
7
8
9
10
11
12
{
"data": {
"id": "47af9da31ec3f233f35a25776f5e06086ebf239ff60a021ada4750b65640d0d24b9ae382",
"app_id": "47af9da31ec3f233f35a25776f5e06086ebf239f",
"upload_time": 1540985045544,
"version": "2018-1016-1000",
"md5": "f60a021ada4750b65640d0d24b9ae382"
...
},
"description": "ok",
"status": 0
}
Set the plugin issued by the APP
Description : Set the plugin sent to RASP by APP
Request method : POST
Path : v1 / api / app / plugin / select
Request body :
1
2
3
4
{
"app_id": "47af9da31ec3f233f35a25776f5e06086ebf239f",
"plugin_id":"47af9da31ec3f233f35a25776f5e06086ebf239ff60a021ada4750b65640d0d24b9ae382"
}
Parameter description :
app_id | String | Yes | APP unique identifier |
plugin_id | String | Yes | Plug-in unique identification |
Return results :
1
2
3
4
5
{
"data": {},
"description": "ok",
"status": 0
}
Test mail alarm
Description : Test mail alarm
Request method : POST
Path : v1 / api / app / email / test
Request body :
1
2
3
{
"app_id": "47af9da31ec3f233f35a25776f5e06086ebf239f"
}
Parameter description :
app_id | String | Yes | APP unique identifier |
Return results :
1
2
3
4
5
{
"data": {},
"description": "ok",
"status": 0
}
Test spike alarm
Description : Test spike alarm
Request method : POST
Path : v1 / api / app / ding / test
Request body :
1
2
3
{
"app_id": "47af9da31ec3f233f35a25776f5e06086ebf239f"
}
Parameter description :
app_id | String | Yes | APP unique identifier |
Return results :
1
2
3
4
5
{
"data": {},
"description": "ok",
"status": 0
}
Test HTTP alarm
Description : Test HTTP alarm
Request method : POST
Path : v1 / api / app / http / test
Request body :
1
2
3
{
"app_id": "47af9da31ec3f233f35a25776f5e06086ebf239f"
}
Parameter description :
app_id | String | Yes | APP unique identifier |
Return results :
1
2
3
4
5
{
"data": {},
"description": "ok",
"status": 0
}
Test Kafka Alarm
Description : Test Kafka alarm
Request method : POST
Path : v1 / api / app / kafka / test
Request body :
1
2
3
{
"app_id": "47af9da31ec3f233f35a25776f5e06086ebf239f"
}
Parameter description :
app_id | String | Yes | APP unique identifier |
Return results :
1
2
3
4
5
{
"data": {},
"description": "ok",
"status": 0
}
Get plugin update information
Description : If the current plugin is official.js, determine whether the current plugin is the latest official plugin. If not (such as iast.js), return the version information of the currently issued plugin and the latest
Request method : POST
Path : v1 / api / app / plugin / latest
Request body :
1
2
3
{
"app_id": "47af9da31ec3f233f35a25776f5e06086ebf239f"
}
Parameter description :
app_id | String | Yes | APP unique identifier |
Return results :
1
2
3
4
5
6
7
8
9
{
"data": {
"is_latest": false,
"selected_version": "2019-0606-1802",
"latest_version": "2019-0606-1803"
},
"description": "ok",
"status": 0
}
is_latest | Whether the currently released plugin is the latest version |
selected_version | The currently released plugin version |
latest_version | Latest plugin version |
RASP management interface
Search RASP
Description : Search RASP by condition
Request method : POST
Path : v1 / api / rasp / search
Request body :
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
{
"page":1,
"perpage":10,
"data": {
"id": "426199dc7a15cce89b0c937a65a24a23",
"app_id": "fcbc4d8ac6bcaac27b1cc4703e5339a4aa6e8a1c",
"version": "1.0.0-RC1",
"hostname": "820c2691f452",
"register_ip": "172.17.0.2",
"language": "java",
"language_version": "1.7.0_17",
"server_type": "tomcat",
"server_version": "7.0.78.0",
"rasp_home": "/tomcat/rasp",
"plugin_version": "2018-1227-1200",
"heartbeat_interval": 180,
"online": false,
"register_time": 1546595808,
"host_type": "docker"
}
}
Parameter description :
id | String | no | RASP unique identifier |
app_id | String | no | ID of the app to which it belongs |
version | String | no | RASP version |
hostname | String | no | The host name where the RASP is located. This field supports fuzzy search and searches both the hostname and register_ip fields |
register_ip | String | no | The IP address used by RASP to access the cloud control background |
language | String | no | Programming language |
language_version | String | no | language version |
server_type | String | no | Server type |
server_version | String | no | Server version |
rasp_home | String | no | RASP installation directory |
plugin_version | String | no | Plugin version |
heartbeat_interval | int | no | Heartbeat interval time, unit: second |
online | bool | no | Whether online |
register_time | int | no | Registration time, millisecond timestamp |
host_type | String | no | The host type where the rasp is located |
Return results :
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
{
"data": {
"page": 1,
"perpage": 10,
"total": 2,
"total_page": 1,
"data": [
{
"id": "426199dc7a15cce89b0c937a65a24a23",
"app_id": "fcbc4d8ac6bcaac27b1cc4703e5339a4aa6e8a1c",
"version": "1.0.0-RC1",
"hostname": "820c2691f452",
"register_ip": "172.17.0.2",
"language": "java",
"language_version": "1.7.0_17",
"server_type": "tomcat",
"server_version": "7.0.78.0",
"rasp_home": "/tomcat/rasp",
"plugin_version": "2018-1227-1200",
"heartbeat_interval": 180,
"online": false,
"last_heartbeat_time": 1546597790,
"register_time": 1546595808,
"host_type": "docker",
"environ": {
"COLORTERM": "gnome-terminal",
"DISPLAY": ":0",
}
]
},
"description": "ok",
"status": 0
}
id | RASP unique identifier |
app_id | ID of the app to which it belongs |
version | RASP version |
hostname | The host name where the RASP is located. This field supports fuzzy search and searches both the hostname and register_ip fields |
register_ip | The IP address used by RASP to access the cloud control background |
language | Programming language |
server_type | Server type |
server_version | Server version |
rasp_home | RASP installation directory |
plugin_version | Plugin version |
heartbeat_interval | Heartbeat interval time, unit: second |
online | Whether online |
last_heartbeat_time | Last heartbeat time, millisecond timestamp |
register_time | Registration time, millisecond timestamp |
host_type | Host type, example: docker |
environ | Process environment variables |
RASP version number statistics
Description : Count the number of hosts under each version of RASP
Request method : POST
Path : v1 / api / rasp / search / version
Request body :
1
2
3
4
5
6
7
8
{
"data":{
"app_id":"fcbc4d8ac6bcaac27b1cc4703e5339a4aa6e8a1c",
"version":"1.3.0"
},
"page":1,
"perpage":10
}
Parameter description :
app_id | String | Yes | ID of the app to which it belongs |
version | String | no | Specify the version number of the search |
Return results :
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
{
"data": {
"data": [
{
"version": "1.3.0",
"count": 1
}
],
"page": 1,
"perpage": 10,
"total": 1,
"total_page": 1
},
"description": "ok",
"status": 0
}
version | Host version number |
count | The number of hosts corresponding to the host version number |
Export RASP
Description : Search rasp by conditions and export the search results to a csv file, the app_id field is required, and the remaining search conditions are optional
Request method : GET
Path : v1 / api / rasp / csv? App_id = eaGdr22DfthDz51JHF65sd
Parameter description :
app_id | String | Yes | ID of the app to which it belongs |
Return result : csv file
Remove RASP
Description : Delete RASP of specified condition, online rasp is not allowed to delete, when id exists in the parameter, delete the rasp of specified id and ignore other parameters
Request method : POST
Path : v1 / api / rasp / delete
Request body :
1
2
3
4
5
6
7
{
"app_id":"94892d14c8f1dfcedb63af258cc008929c3ef4f5",
"id": "47af9da31ec3f233f35a25776f5e06086ebf239f",
"register_ip":"126.23.3.63",
"expire_time": 604800,
"host_type": "docker"
}
Parameter description :
app_id | String | Yes | APP unique identifier |
id | String | no | RASP unique identifier |
register_ip | String | no | Register ip |
expire_time | int | no | Unit / sec, delete rasp whose timeout exceeds this value |
host_type | String | no | The host type where the rasp is located |
Return results :
1
2
3
4
5
6
7
{
"data": {
"count":1
},
"description": "ok",
"status": 0
}
count | Number of RASP agents removed |
Bulk delete RASP
Description : Batch delete rasp according to rasp id
Request method : POST
Path : v1 / api / rasp / batch_delete
Request body :
1
2
3
4
5
6
7
8
{
"app_id":"94892d14c8f1dfcedb63af258cc008929c3ef4f5",
"ids": [
"47af9da31ec3f233f35a25776f5e06086ebf239f",
"d64g58d4gc3fs58745sdfgd5g5s7f54e5f4s585s",
"net1d5ns8bad6584thg1s5dnbs8gbs8af5RFG415"
]
}
Parameter description :
app_id | String | Yes | APP unique identifier |
ids | String Array | Yes | RASP unique identification list |
Return results :
1
2
3
4
5
6
7
{
"data": {
"count":1
},
"description": "ok",
"status": 0
}
count | Number of RASP agents removed |
RASP Remarks Interface
Description : Add or modify remark information for the rasp with the specified id
Request method : POST
Path : v1 / api / rasp / describe
Request body :
1
2
3
4
{
"id": "47af9da31ec3f233f35a25776f5e06086ebf239f",
"description": "this is a description"
}
Parameter description :
id | String | Yes | RASP unique identifier |
description | String | Yes | Description |
Return results :
1
2
3
4
5
6
{
"data": {
},
"description": "ok",
"status": 0
}
Class library information management interface
Class library information aggregation
Description : Aggregate the class library information of the host according to the host under the application
Request method : POST
Path : v1 / api / dependency / aggr
Request body :
1
2
3
4
5
6
7
{
"data":{
"app_id":"f284baaeb786a8285bd1dde04a3dd7502c766c8a"
},
"page":1,
"perpage":10
}
Parameter description :
app_id | String | Yes | ID of the app to which it belongs |
Return results :
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
{
"data": {
"page": 1,
"perpage": 10,
"total": 1,
"total_page": 1,
"data": [
{
@timestamp: 1579597454365,
app_id: "4a335d670ec7c9353d3cf7480e68614dda087ded",
hostname: "d2e69eebfa7b",
id: "d1dd52ff8c82becccf9678b6ed09eca0",
path: ["/tomcat/bin/bootstrap.jar"],
product: "Apache Tomcat Bootstrap",
rasp_count: 1,
rasp_id: "3089c8d2672efd1ef5c3e322d9e8fcb1",
register_ip: "172.17.0.2",
search_string: "Apache Tomcat Bootstrap8.0.5",
source: "manifest_implementation",
tag: "Apache Software Foundation:Apache Tomcat Bootstrap:8.0.5",
vendor: "Apache Software Foundation",
version: "8.0.5"
}
]
},
"description": "ok",
"status": 0
}
timestamp | Class library information upload time |
app_id | ID of the app to which it belongs |
hostname | Host name |
id | Unique identification of class library information |
path | Library dependent path |
product | product name |
rasp_count | Affect the number of hosts |
rasp_id | RASP to which class library information belongs |
register_ip | RASP machine IP address |
search_string |
|
source |
|
tag |
|
vendor | Manufacturer |
version | The version number of the class library |
Class library information aggregation
Description : View details of class library information
Request method : POST
Path : v1 / api / dependency / search
Request body :
1
2
3
4
5
6
7
8
9
10
{
"data":{
"app_id":"0d46b13c2f25722e542b1a89817e1163e190fce1",
"tag":"org.apache.struts.xwork:xwork-core:2.3.14.2",
"key_word":"",
"hostname":""
},
"page":1,
"perpage":10
}
app_id | String | Yes | APP unique identifier |
tag | String |
|
|
key_word | String | no | Key words |
hostname | String | no | Host name |
Return results :
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
{
"data": {
"page": 1,
"perpage": 10,
"total": 1,
"total_page": 1,
"data": [
{
@timestamp: 1579612005801,
app_id: "0d46b13c2f25722e542b1a89817e1163e190fce1",
hostname: "cq02-scloud-docker-trial",
id: "148f69b483fff233ee4d4f9fffbfd478",
path: ["/tomcat/bin/bootstrap.jar"],
product: "xwork-core",
rasp_count: 1,
rasp_id: "3089c8d2672efd1ef5c3e322d9e8fcb1",
register_ip: "10.58.119.17",
search_string: "Apache Tomcat Bootstrap8.0.5",
source: "manifest_implementation",
tag: "Apache Software Foundation:Apache Tomcat Bootstrap:8.0.5",
vendor: "Apache Software Foundation",
version: "2.3.14.2"
}
]
},
"description": "ok",
"status": 0
}
app_id | ID of the app to which it belongs |
timestamp | Class library information upload time |
hostname | Host name |
id | Unique identification of class library information |
path | Library dependent path |
product | product name |
rasp_count | Affect the number of hosts |
rasp_id | RASP to which class library information belongs |
register_ip | RASP machine IP address |
search_string |
|
source |
|
tag |
|
vendor | Manufacturer |
version | The version number of the class library |
Static Token management interface
Generate / update token
Description : When the token parameter is updated, otherwise it is a new token
Request method : POST
Path : v1 / api / token
Request body :
Add token:
1
2
3
{
"description":"xxx Sample token"
}
Update token:
1
2
3
4
{
"token":"44b2b50665c9f11c73090b19c3dd787031611e80",
"description":"Sampletoken"
}
Parameter description :
token | String | Yes | token content |
description | String | no | token description |
Return results :
1
2
3
4
5
6
7
8
{
"data": {
"token": "44b2b50665c9f11c73090b19c3dd787031611e80",
"description": "Sample"
},
"description": "ok",
"status": 0
}
Get token
Description : Get a certain amount of token information
Request method : POST
Path : v1 / api / token / get
Request body :
1
2
3
4
{
"page":1,
"perpage":10
}
Return results :
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
{
"data": {
"page": 1,
"perpage": 10,
"total": 5,
"total_page": 1,
"data": [
{
"token": "349532e57aa36ee9b72a62fec8907109a016f348",
"description": "a token"
},
{
"token": "f284baaeb786a8285bd1dde04a3dd7502c766c8a",
"description": "b token"
}
]
},
"description": "ok",
"status": 0
}
Delete token
Description : Delete token
Request method : POST
Path : v1 / api / token / delete
Request body :
1
2
3
{
"token":"f284baaeb786a8285bd1dde04a3dd7502c766c8a"
}
Return results :
1
2
3
4
5
6
{
"data": {
},
"description": "ok",
"status": 0
}
Operation log interface
Search operation logs
Description : Search operation logs
Request method : POST
Path : v1 / api / operation / search
Request body :
1
2
3
4
5
6
7
8
9
10
11
12
13
{
"data":{
"id": "389fdbeb0aceb154d5d5d26eba28fea9f402c945",
"type_id": 1010,
"app_id": "e64071cf900944b701213a6f17d36e0d18d8b6ab",
"user": "admin",
"ip": "127.0.0.1"
},
"start_time":1,
"end_time":1542807647000,
"page":1,
"perpage":15
}
Parameter description :
data | String | Yes | All fields that support searching, all fields in data are optional |
start_time | int | Yes | Operation log start time, millisecond timestamp |
end_time | int | Yes | End time of operation log, millisecond timestamp |
Return results :
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
{
"data": {
"data": [
{
"id": "389fdbeb0aceb154d5d5d26eba28fea9f402c945",
"type_id": 1010,
"app_id": "e64071cf900944b701213a6f17d36e0d18d8b6ab",
"time": 1542807647000,
"user": "admin",
"content": "uploaded the plugin: ba41c57afab600c39dba7398987b159d648d0836",
"ip": "127.0.0.1"
}
],
"page": 1,
"perpage": 15,
"total": 1,
"total_page": 1
},
"description": "ok",
"status": 0
}
id | Operation log unique identifier |
app_id | ID of the app to which it belongs |
type_id | Log type |
time | Operating time |
user | Operator |
content | Operation content |
ip | The IP of the originator of the operation request relative to the cloud control background |
Server management interface
Get server url
Description : Get the url address of panel and agent server
Request method : POST
Path : v1 / api / server / url / get
Parameter : None
Return results :
1
2
3
4
5
6
7
8
9
10
11
12
{
"data":{
"panel_url":"126.56.23.5:8086",
"agent_url":[
"126.56.23.5:8086",
"10.23.36.122:8086",
"172.23.233.192:8086"
]
},
"description": "ok",
"status": 0
}
panel_url | Front-end server url access address |
agent_url | agent server access address list |
Change server address
Description : Change the access address of panel and agent server
Request method : POST
Path : v1 / api / server / url
Request body :
1
2
3
4
5
6
7
8
{
"panel_url":"126.56.23.5:8086",
"agent_urls":[
"126.56.23.5:8086",
"10.23.36.122:8086",
"172.23.233.192:8086"
]
}
Parameter description :
panel_url | String | Yes | Front-end server url access address |
agent_url | String Array | no | agent server access address list |
Return results :
1
2
3
4
5
6
7
8
9
10
11
12
{
"data":{
"panel_url":"126.56.23.5:8086",
"agent_urls":[
"126.56.23.5:8086",
"10.23.36.122:8086",
"172.23.233.192:8086"
]
},
"description": "ok",
"status": 0
}
Clear data
Description : Clear the attack events, baseline alarms, exception logs, and number of requests in the database
Request method : POST
Path : v1 / api / server / url
Request body :
1
2
3
{
"app_id":"e64071cf900944b701213a6f17d36e0d18d8b6ab"
}
Parameter description :
app_id | Front-end server url access address |
Return results :
1
2
3
4
5
{
"data": {},
"description": "ok",
"status": 0
}
Request Statistics Interface
Request statistics aggregation
Description : Aggregate request statistics uploaded by RASP according to time
Request method : POST
Path : v1 / api / report / dashboard
Request body :
1
2
3
4
5
6
7
{
"app_id":"f284baaeb786a8285bd1dde04a3dd7502c766c8a",
"start_time":1523264521321212,
"end_time":1523267821321000,
"interval":"hour",
"time_zone":"+08:00"
}
Parameter description :
app_id | String | Yes | Apps that need to be aggregated |
start_time | int | Yes | Starting time |
end_time | int | Yes | End Time |
interval | String | Yes | Aggregation granularity, hour hour, month month, day day |
time_zone | String | Yes | Aggregate time zone |
Return results :
1
2
3
4
5
6
7
8
9
10
11
12
13
14
{
"data":[
{
"start_time":1523264521321212,
"request_sum":10000
},
{
"start_time":1523264521340000,
"request_sum":87
}
],
"description": "ok",
"status": 0
}
start_time | Starting time |
request_sum | Number of requests processed by RASP |
Alarm interface
In order to reduce the es pressure, the start and end time of all alarm interfaces cannot exceed 366 days, and the size of the aggregate interface cannot exceed 1024
Aggregate attack logs by time
Description : Aggregate attack data by time
Request method : POST
Path : v1 / api / log / attack / aggr / time
Request body :
1
2
3
4
5
6
7
{
"app_id":"f284baaeb786a8285bd1dde04a3dd7502c766c8a",
"start_time":1535600036000,
"end_time":1546140836000,
"interval":"month",
"time_zone":"+08:00"
}
Parameter description :
app_id | String | Yes | Apps that need to be aggregated |
start_time | int | Yes | Starting time |
end_time | int | Yes | End Time |
interval | String | Yes | Aggregation granularity, hour hour, month month, day day |
time_zone | String | Yes | Aggregate time zone |
Return results :
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
{
"data": {
"data": [
[
0,
0,
0,
1,
0
],
[
0,
0,
0,
0,
0
]
],
"labels": [
1533052800000,
1535731200000,
1538323200000,
1541001600000,
1543593600000
]
},
"description": "ok",
"status": 0
}
data | Aggregate data, the first element is info data, the second is block data |
labels | Aggregated horizontal axis time label array, each element is a millisecond timestamp |
Aggregate attack logs by type
Description : Aggregate attack data according to attack type
Request method : POST
Path : v1 / api / log / attack / aggr / type
Request body :
1
2
3
4
5
6
{
"app_id":"f284baaeb786a8285bd1dde04a3dd7502c766c8a",
"start_time":1535600036000,
"end_time":1546140836000,
"size":10
}
Parameter description :
app_id | String | Yes | Apps that need to be aggregated |
start_time | int | Yes | Starting time |
end_time | int | Yes | End Time |
size | int | Yes | Number of attack types aggregated |
Return results :
1
2
3
4
5
6
7
8
9
10
11
12
{
"data":[
[
"sql", 156
],
[
"xxe", 156
]
],
"description": "ok",
"status": 0
}
data | Aggregate data, each array represents a type, the first element of each array represents the type name, and the second element represents the number of attacks of that type |
Aggregate attack logs by UA
Description : Aggregate attack data according to the request User-Agent header
Request method : POST
Path : v1 / api / log / attack / aggr / ua
Request body :
1
2
3
4
5
6
{
"app_id":"f284baaeb786a8285bd1dde04a3dd7502c766c8a",
"start_time":1535600036000,
"end_time":1546140836000,
"size":10
}
Parameter description :
app_id | String | Yes | Apps that need to be aggregated |
start_time | int | Yes | Starting time |
end_time | int | Yes | End Time |
size | int | Yes | Number of aggregated UA types |
Return results :
1
2
3
4
5
6
7
8
9
10
11
12
{
data:[
[
"Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36", 156
],
[
"Chrome/5.0 (X11; Linux x86_64) AppleWebKit/537.36", 156
]
],
"description": "ok",
"status": 0
}
data | Aggregate data, each array represents a type, the first element of each array represents the name of the UA, and the second element represents the number of attacks of the UA |
Vulnerability aggregation search
Description : Aggregate attack data by vulnerability (different stacks are different vulnerabilities)
Request method : POST
Path : v1 / api / log / attack / aggr / vuln
Request body :
1
2
3
4
5
6
7
8
9
10
{
"data":{
"attack_type":["directory","sql"],
"app_id":"f284baaeb786a8285bd1dde04a3dd7502c766c8a",
"start_time":"1523264521321000",
"end_time":"1523264521421000"
}
"page":1,
"perpage":10
}
Parameter description :
app_id | String | no | The APP to which the vulnerability belongs, if this parameter is present, the corresponding app data is counted, if not, all data is counted |
attack_type | String Array | no | The attack type can be multi-selected. If the array is empty, nothing is returned. Without this parameter, or if the parameter is null, this parameter is not filtered |
rasp_id | String | no | RASP to which the vulnerability belongs |
server_hostname | String | no | The hostname of the machine where the vulnerability occurred |
attack_source | String | no | Attack source ip |
url | String | no | Attack URL |
intercept_state | String Array | no | Interception status, optional values: block, info, nothing is returned if the array is empty, no parameter, or the parameter is null, this parameter is not filtered |
local_ip | String | no | Attacking machine ip |
start_time | int | Yes | Starting time |
end_time | int | Yes | End Time |
Return results :
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
{
"data": {
"page": 1,
"perpage": 10,
"total": 500,
"total_page": 50,
"data":[
{
"attack_type":"directory",
"stack_md5":"1111121637821204cwwd2e52d62d0aa8",
"event_time":"2019-01-27T23:51:15+0800",
...
}
...
]
},
"description": "ok",
"status": 0
}
data | Vulnerability aggregation results, the results are sorted according to the latest attack time of each vulnerability, and the content displayed by each vulnerability is the latest attack content of the vulnerability |
Attack Alarm Search
Description : Search the attack log, and sort the results in descending order of time
Request method : POST
Path : v1 / api / log / attack / search
Request body :
1
2
3
4
5
6
7
8
9
10
{
"data":{
"attack_type":["directory","sql"],
"app_id":"f284baaeb786a8285bd1dde04a3dd7502c766c8a",
"start_time":"1523264521321000",
"end_time":"1523264521421000"
}
"page":1,
"perpage":10
}
Parameter description :
app_id | String | no | App belongs to, if there is this parameter, then the corresponding app data is counted, if not, all data is counted |
attack_type | String Array | no | The attack type can be multi-selected. If the array is empty, nothing is returned. Without this parameter, or if the parameter is null, this parameter is not filtered |
rasp_id | String | no | Rasp |
server_hostname | String | no | The hostname or IP of the machine where the attack occurred, supporting fuzzy search |
attack_source | String | no | Attack source ip, support fuzzy search |
url | String | no | Attack URL, including search, support fuzzy search |
intercept_state | String Array | no | Interception status, optional values: block, info, nothing is returned if the array is empty, no parameter, or the parameter is null, this parameter is not filtered |
local_ip | String | no | Attacking machine ip |
request_id | String | no | Request id |
stack_md5 | String | no | MD5 of the attack stack |
plugin_message | String | no | The monitoring information returned by the plug-in supports fuzzy search |
start_time | int | Yes | Starting time |
end_time | int | Yes | End Time |
Return results :
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
{
"data": {
"page": 1,
"perpage": 10,
"total": 500,
"total_page": 50,
"data":[
{
"attack_type":"directory",
"intercept_state":"block",
"plugin_confidence":100
...
}
...
]
},
"description": "ok",
"status": 0
}
data | Search attack results |
Baseline alarm search
Description : Search the baseline log, and sort the results in descending order of time
Request method : POST
Path : v1 / api / log / policy / search
Request body :
1
2
3
4
5
6
7
8
9
10
11
12
{
"data":{
"policy_id":["3004","3003"],
"app_id":"f284baaeb786a8285bd1dde04a3dd7502c766c8a",
"server_hostname":"nmg01.xx.cq",
"local_ip":"172.36.2.6",
"start_time":"1523264521321000",
"end_time":"1523264521421000"
},
"page":1,
"perpage":10
}
Parameter description :
app_id | String | no | App belongs to, if there is this parameter, then the corresponding app data is counted, if not, all data is counted |
policy_id | int Array | no | This field can be multi-selected. If the array is empty, nothing is returned. Without this parameter, or if the parameter is null, this parameter is not filtered. |
rasp_id | String | no | Rasp |
server_hostname | String | no | The hostname or IP of the machine, support fuzzy search |
local_ip | String | no | Machine ip |
message | String | no | Baseline alarm information, support fuzzy search |
start_time | int | Yes | Starting time |
end_time | int | Yes | End Time |
Return results :
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
{
"data": {
"page": 1,
"perpage": 10,
"total": 500,
"total_page": 50,
"data":[
{
"policy_id":"3004",
... // policy 3004
},
... // other plicies
]
},
"description": "ok",
"status": 0
}
data | Search baseline results |
Exception interface
Search for abnormal information
Description : Search for abnormal information based on conditions
Request method : POST
Path : v1 / api / log / error / search
Request body :
1
2
3
4
5
6
7
8
9
10
11
{
"data":{
"app_id":"f284baaeb786a8285bd1dde04a3dd7502c766c8a",
"server_hostname":"nmg01.xx.cq",
"local_ip":"172.36.2.6",
"start_time":"1523264521321000",
"end_time":"1523264521421000"
},
"page":1,
"perpage":10
}
Parameter description :
app_id | String | no | App belongs to, if there is this parameter, then the corresponding app data is counted, if not, all data is counted |
rasp_id | String | no | ID of the RASP to which the attack belongs |
server_hostname | String | no | The hostname or IP of the machine, support fuzzy search |
local_ip | String | no | Machine ip |
message | String | no | Search abnormal information contains the abnormal log of this value, supports fuzzy search |
start_time | int | Yes | Starting time |
end_time | int | Yes | End Time |
Return results :
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
{
"data": {
"page": 1,
"perpage": 10,
"total": 500,
"total_page": 50,
"data":[
{
"message": "HTTP request to https://definitions.com:8086/v1/agent/rasp failed:",
"server_nic": [{
"name": "en0",
"ip": "172.24.182.127"
}],
"stack_trace": "sun.reflect.NativeConstructorAccessorImpl.newInstance0(NativeMethod)",
"level": "WARN",
"event_time": "2019-01-11T13:36:46+0800",
"app_id": "9b3554a97673f1f8f5c929310298037a660d3b7a",
"pid": 58353,
"server_hostname": "localhost",
"rasp_id": "3089c8d2672efd1ef5c3e322d9e8fcb1"
}
]
},
"description": "ok",
"status": 0
}
data | Search error log results |
RASP interface
verification method
Add APP ID request header: X-RASP-AppID: 9b3554a97673f1f8f5c929310298037a660d3b7a
Add APP Secret request header: X-RASP-AppSecret: 2wMG8K9F71CZyvlWu1CRwf7tVDVW7Ud4gxCY5X4aMzO
RASP registration interface
Description : Register the basic information of RASP, if there is id parameter, then update the corresponding RASP information, otherwise add RASP
Request method : POST
Path : v1 / agent / rasp
Request body :
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
{
"id":"569e8ea7a16123492b5878920fd36985",
"version" :"v3.2",
"hostname":"tyy-OptiPlex-9020",
"register_ip":"127.56.23.4",
"language" :"java",
"language_version":"8.1" ,
"server_type":"tomcat",
"server_version":"8.5.1" ,
"heartbeat_interval":60,
"rasp_home":"/home/work/tomcat8/rasp",
"host_type":"docker",
"environ":{
"JAVA_HOME":"/home/java/jdk-7.0.25"
}
}
Parameter description :
id | String | Yes | RASP unique identifier |
version | String | Yes | RASP version |
hostname | String | Yes | The host name of the machine where RASP is located |
register_ip | String | Yes | RASP machine IP address |
language | String | Yes | Development language used by RASP |
language_version | String | Yes | Development language version used by RASP |
server_type | String | Yes | Types of servers used by RASP |
server_version | String | Yes | The server version number used by RASP |
heartbeat_interval | int | Yes | Heartbeat interval time, unit: second |
rasp_home | String | no | RASP installation directory |
host_type | String | no | Host type, such as docker |
environ | String | no | Service process environment variables |
Return results :
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
{
"status":0,
"description":"ok",
"data":{
"id":"569e8ea7a16123492b5878920fd36985",
"app_id":"023e68ea7a12564492b5878920fd630c8",
"version" :"v3.2",
"hostname":"tyy-OptiPlex-9020",
"register_ip":"127.56.23.4",
"language" :"java",
"language_version":"8.1" ,
"server_type":"tomcat",
"server_version":"8.5.1" ,
"heartbeat_interval":60,
"rasp_home" :"/home/work/tomcat8/rasp",
"last_heartbeat_time":"15425645253",
"online":true,
"host_type":"docker",
"plugin_version":"",
"plugin_name":"",
"plugin_md5":"",
"environ":{
"JAVA_HOME":"/home/java/jdk-7.0.25"
},
"register_time":"15425645253"
}
}
Parameter description :
id | RASP unique identifier |
app_id | App ID |
version | RASP version |
hostname | The host name of the machine where RASP is located |
register_ip | RASP machine IP address |
language | Development language used by RASP |
language_version | Development language version used by RASP |
server_type | Types of servers used by RASP |
server_version | The server version number used by RASP |
heartbeat_interval | Heartbeat interval time, unit: second |
rasp_home | RASP installation directory |
last_heartbeat_time | Last heartbeat time, if there is no heartbeat, it is the registration time |
online | Whether rasp is online, this value should be true |
host_type | Host type, such as docker |
plugin_version | The version of the plug-in. The plug-in has not been delivered during registration, so it is empty |
plugin_name | The name of the plug-in. No plug-in has been delivered during registration, so it is empty |
plugin_md5 | Checksum of plug-in content, no plug-in has been delivered during registration, so it is empty |
environ | Service process environment variables |
register_time | Registered time stamp, unit: second |
Heartbeat interface
Description : Accept the timed heartbeat from RASP to the cloud control background. If the md5 in the request parameters is different from the plug-in md5 specified in the background, a new plug-in is determined. If the configuration time is less than the last configuration time of the cloud control background, a new configuration is determined Updates are full updates of plugins and configurations.
Request method : POST
Path : v1 / agent / heartbeat
Request body :
1
2
3
4
5
6
7
{
"rasp_id":"47af9da31ec3f233f35a25776f5e06086ebf239f",
"plugin_md5":"47af9da31ec3f2ebf239f",
"plugin_version":"2018-08-15 11:11:12",
"config_time":1536302712000,
"hostname":"rasp-host"
}
Parameter description :
rasp_id | String | Yes | RASP unique identifier |
plugin_md5 | String | Yes | MD5 of the current RASP plugin |
plugin_version | String | Yes | Current version of the plugin |
config_time | int | no | The last modification time of the background configuration. If there is no such field or 0, the configuration will be delivered if it has not been delivered. |
hostname | String | no | Host hostname, used for runtime update |
Return results :
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
{
"status":0,
"description":"ok",
"data":{
"plugin":{
"version":"2018-08-15 11:11:12"
"md5":"569e8ea7a16123492b5878920fd36985",
"plugin":"/*javascript*/"
},
"config_time":1536303412000,
"config":{
"block.content_html": "</script><script>location.href=\"https://definitions.com/blocked2/?request_id=%request_id%\"</script>",
"block.content_json": "{\"xxxx\":\"xxxxxx\"}",
"block.content_xml": "<?xml version=\"1.0\"?><doc><error>true</error><reason>Request blocked by RASP</reason><request_id>%request_id%</request_id></doc>",
"block.redirect_url": "https://definitions.com/blocked/?request_id=%request_id%",
"block.status_code": 302,
"body.maxbytes": 4096,
"clientip.header": "ClientIP",
"debug.level": 0,
"decompile.enable": true,
"inject.custom_headers": {},
"log.maxbackup": 30,
"log.maxburst": 100,
"ognl.expression.minlength": 30,
"plugin.filter": true,
"plugin.maxstack": 100,
"plugin.timeout.millis": 100,
"syslog.enable": false,
"syslog.facility": 1,
"syslog.tag": "RASP",
"syslog.url": "",
"hook.white":{
"www.test.com/test1":[sql,ssrf],
"www.test.com/test2":[sql,ssrf],
"*":[all]
}
}
}
}
Parameter description :
plugin | Plugin content |
config_time | Time when the configuration is delivered this time |
config | Detailed configuration description and detailed description of configuration items: |
Statistics reporting interface
Description : Upload rasp statistics
Request method : POST
Path : v1 / agent / report
Request body :
1
2
3
4
5
{
"rasp_id":"569e8ea7a16123492b5878920fd36985",
"time":15665422321,
"request_sum":10000
}
Parameter description :
rasp_id | String | Yes | RASP unique identifier |
time | int | Yes | Statistical time, millisecond timestamp |
request_sum | int | no | Number of requests, default 0 |
Return results :
1
2
3
4
5
{
"status":0,
"description":"ok",
"data":{}
}
Crash reporting interface
Description : Upload rasp crash information
Request method : POST
Path : v1 / agent / crash / report
Request body :
Format: multipart / form - data
content:
crash_log: hs_err_pid25945.log
hostname: Mac-xxxx-host
language: java
rasp_id: d5ged5g54dr1gdr5d5erg5rdg
Parameter description :
crash_log | file | Yes | Crash log |
rasp_id | String | Yes | RASP unique identifier, RASP may not exist |
language | String | no | RASP language |
hostname | String | no | CPU name |
Return results :
1
2
3
4
5
{
"status":0,
"description":"ok",
"data":{}
}
Upload attack alarm log
Description : Upload RASP attack log
Request method : POST
Path : v1 / agent / log / attack
Request body :
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39