API Interface

The API interface is provided by Dashboard. The following are the descriptions of each request.

Request format :

The request body is in json format, and the paging page number starts from 1. The paging request format is as follows:

1 2 3 4 5 6 7 { "page":1, "perpage":10, "data":{ "version":"official-101" } }

Pagination parameter description :

parameter

Explanation

parameter

Explanation

page

page number

perpage

status description

data

Specific request parameters

Response format :

The response is in json format, the example is as follows:

1 2 3 4 5 6 7 8 9 10 11 { "page": 1, "perpage": 10, "total": 1, "total_page": 1, "status":0, "description":"ok", "data":{ "version":"official-101" } }

Parameter description :

parameter

Explanation

parameter

Explanation

page

Current page number

perpage

Current number of pages

total

How many data

total_page

How many pages of data

status

Response status code, 0 means success, non-zero means abnormal

description

Request result description, if status is 0, it is ok, otherwise it is abnormal information

data

Request result specific data

Interface type : Interfaces are divided into two categories, one is the front-end interface for the front-end service, and the other is the Agent interface for the RASP Agent. The specific interface format is shown below.

Ping interface

Description : General interface used to test background connectivity

Request method : GET, POST

Path : v1 / ping

Request body : empty

Return results :

1 2 3 4 5 { "data": {}, "description": "ok", "status": 0 }

Front-end interface

verification method

There are two authentication methods:

  1. Obtain cookie authentication after login, the cookie field is RASP_AUTH_ID, and the cookie validity period is 7 days by default.

  2. By adding a static token in the request header for authentication, the request header field is X-RASP-Token. For the specific token management method, refer to the token management interface below.

Logout interface

Login interface

Description : login interface, initial management back-end user name:, rasp password:, admin@123login (hashed) successfully set login cookie

Request method : POST

Path : v1 / user / login

Request body :

1 2 3 4 { "username":"rasp", "password":"<hashedpwd>" }

Parameter description :

parameter

Parameter Type

have to

Explanation

parameter

Parameter Type

have to

Explanation

username

String

Yes

username

password

String (hashed)

Yes

password

Return results :

1 2 3 4 5 { "data": {}, "description": "ok", "status": 0 }

Logout interface

Description : Log out and clear cookies

Request method : GET

Path : v1 / user / logout

Request body : none

Return results :

1 2 3 4 5 { "data": {}, "description": "ok", "status": 0 }

Get logged in

Description : Get the current login status

Request method : GET

Path : v1 / user / islogin

Request body : none

Return results :

1 2 3 4 5 { "data": {}, "description": "ok", "status": 0 }

Default password judgment interface

Description : Determine whether the current user password is the default password, used to provide a reminder to the front end whether the password needs to be changed

Request method : GET, POST

Path : v1 / user / default

Request body : none

Return results :

1 2 3 4 5 6 7 { "data": { "is_default":true, }, "description": "ok", "status": 0 }

parameter

Explanation

parameter

Explanation

is_default

Whether it is the default password, true if it is, otherwise false

Change Password Interface

Description : Change the administrator password, the password length is 8 ~ 50 bytes, and must contain both letters and arrays

Request method : POST

Path : v1 / user / update

Request body :

1 2 3 4 { "old_password":"<oldhashedpwd>", "new_password":"<newhashedpwd>" }

Parameter description :

parameter

Parameter Type

have to

Explanation

parameter

Parameter Type

have to

Explanation

old_password

String (hashed)

Yes

old password

new_password

String (hashed)

Yes

new password

Return results :

1 2 3 4 5 { "data": {}, "description": "ok", "status": 0 }

Plugin management interface

Upload plugin

Description : The uploaded file is a plugin file ending in .js, the plugin version is on the first line of the file, and the plugin name is on the second line of the plugin

Request method : POST

Path : v1 / api / plugin? App_id = c593342c72eb78fc8e7393d0a87b8f3fc54dfbec

Request body : file parameter in form data format, parameter name plugin

Parameter description :

parameter

Parameter Type

have to

Explanation

parameter

Parameter Type

have to

Explanation

app_id

String

Yes

APP unique identifier

plugin

file

Yes

Plug-in file, form-data format

Return results :

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 { "data": { "id": "c593342c72eb78fc8e7393d0a87b8f3fc54dfbec8835250641a6dbd9973ae981b4b7abc4", "app_id": "c593342c72eb78fc8e7393d0a87b8f3fc54dfbec", "upload_time": 1542177395622, "version": "'2018-1025-1600'", "name": "official", "md5": "8835250641a6dbd9973ae981b4b7abc4", "plugin": "/*js plugin content*/", "algorithm_config": { "command_other": { "action": "log" }, "command_reflect": { "action": "block" }, "fileUpload_multipart_script": { "action": "block" }, "fileUpload_webdav": { "action": "block" } }, "description": "ok", "status": 0 }

parameter

Explanation

parameter

Explanation

id

Plug-in unique identification

app_id

APP to which the plugin belongs

upload_time

Timestamp of upload time

version

Plugin version

name

Plugin name

md5

Plug-in content checksum

algorithm_config

Algorithm configuration in the plugin

plugin

Plugin content

Download plugin

Description : Download the plugin according to the plugin id

Request method : GET

Path : v1 / api / plugin / download? Id = 47af9da31ec3f233f35a25776f5e06086ebf239ff60a021ada4750b65640d0d24b9ae382

Request body : None

Parameter description :

parameter

Parameter Type

have to

Explanation

parameter

Parameter Type

have to

Explanation

id

String

Yes

Plug-in unique identification

Results returned : plugin file, the file name is {NAME}-{VERSION} .js, {VERSION} is the plugin version, and {NAME} is the plugin name

Get basic plug-in information

Description : Get plug-in based on plug-in id

Request method : POST

Path : v1 / api / plugin / get

Request body :

1 2 3 { "id":"47af9da31ec3f233f35a25776f5e06086ebf239ff60a021ada4750b65640d0d24b9ae382" }

Parameter description :

parameter

Parameter Type

have to

Explanation

parameter

Parameter Type

have to

Explanation

id

String

Yes

Plug-in unique identification

Return results :

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 { "data": { "id": "7c70d5ba5547e77a6f9ad5d376b92fe7e47da7c4", "app_id": "fcbc4d8ac6bcaac27b1cc4703e5339a4aa6e8a1c", "name": "official", "upload_time": 1546595795342, "version": "2018-1227-1200", "md5": "4259002c18ff3a9f40b44e91824ba0cf", "algorithm_config": { "xxe_file": { "action": "log", "name": "log001", "reference": "https://deinitions.com#case-xxe" }, "xxe_protocol": { "action": "block", "name": "xxe001", "protocols": ["ftp", "dict", "gopher", "jar", "netdoc"] } ... 忽略 } }, "description": "ok", "status": 0 }

parameter

Explanation

parameter

Explanation

id

Plug-in unique identification

app_id

APP to which the plugin belongs

upload_time

Timestamp of upload time

version

Plugin version

name

Plugin name

md5

Plug-in content checksum

algorithm_config

Algorithm configuration in the plugin

Deliver algorithm configuration

Description : The plug-in algorithm switch configuration is delivered to the plug-in, and the distributed algorithm configuration will be merged into the plug-in

Request method : POST

Path : v1 / api / plugin / algorithm / config

Request body :

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 { "id":"47af9da31ec3f233f35a25776f5e06086ebf239f3f35a25776f5e06086ebf239f", "config":{ "xxe_file": { "action": "log", "name": "log002", "reference": "https://definitions.com#case-xxe" }, "xxe_protocol": { "action": "block", "name": "xxe002", "protocols": ["ftp", "dict", "gopher", "jar", "netdoc"] } ... others } }

Parameter description :

parameter

Parameter Type

have to

Explanation

parameter

Parameter Type

have to

Explanation

id

String

Yes

Plug-in unique identification

config

object

Yes

Algorithm configuration

Return results :

1 2 3 4 5 { "data": {}, "description": "ok", "status": 0 }

Restore plugin default algorithm configuration

Description : Restore the initial default algorithm configuration of the plugin according to the plugin id

Request method : POST

Path : v1 / api / plugin / algorithm / restore

Request body :

1 2 3 { "id":"47af9da31ec3f233f35a25776f5e06086ebf239ff60a021ada4750b65640d0d24b9ae382" }

Parameter description :

parameter

Parameter Type

have to

Explanation

parameter

Parameter Type

have to

Explanation

id

String

Yes

Plug-in unique identification

Return results :

1 2 3 4 5 { "data": {}, "description": "ok", "status": 0 }

Remove plugin

Description : Delete the plugin according to the plugin id, the selected plugin cannot be deleted

Request method : POST

Path : v1 / api / plugin / delete

Request body :

1 2 3 { "id":"47af9da31ec3f233f35a25776f5e06086ebf239ff60a021ada4750b65640d0d24b9ae382" }

Parameter description :

parameter

Parameter Type

have to

Explanation

parameter

Parameter Type

have to

Explanation

id

String

Yes

Plug-in unique identification

Return results :

1 2 3 4 5 { "data": {}, "description": "ok", "status": 0 }

App management interface

New APP

Description : Add an APP

Request method : POST

Path : v1 / api / app

Request body :

1 2 3 4 5 6 { "name":"Java 001", "language":"java", "description":"rasp protected", "selected_plugin_id":"47af9da31ec3f233f35a25776f5e0608w6ebf239ff60a021ada4750b65640d0d24b9ae382" }

Parameter description :

parameter

Parameter Type

have to

Explanation

parameter

Parameter Type

have to

Explanation

name

String

Yes

APP name, the name can not be repeated

language

String

Yes

APP business language

description

String

no

APP description information

selected_plugin_id

String

no

Plugin issued by APP

Return results :

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 { "data": { "id": "1107158fb4cd0a901de850b2c64fab5faf0837d3", "name": "Java 001", "language":"java", "create_time":1545984191, "secret":"SFklSJ5_DF125IKn15SDF-1SD141Af1", "description": "rasp protected", "config_time": 0, "general_config": { "block.content.html": "</script><script>\n location.href=\https://definitions.com/blocked2/?request_id=%request_id%\"\n </script>", "block.content_json": "{\"error\":true,\"reason\": \"Request blocked by RASP\",\"request_id\": \"%request_id%\"}", "block.content_xml": "<?xml version=\"1.0\"?>\n\t\t\t\t\t\t\t <doc>\n\t\t\t\t\t\t\t <error>true</error>\n\t\t\t\t\t\t\t <reason>Request blocked by RASP</reason>\n\t\t\t\t\t\t\t <request_id>%request_id%</request_id>\n\t\t\t\t\t\t\t </doc>", "block.redirect_url": "https://definitions.com/blocked/?request_id=%request_id%", "block.status_code": 302, "body.maxbytes": 4096, "clientip.header": "ClientIP", "ognl.expression.minlength": 30, "plugin.filter": true, "plugin.maxstack": 100, "plugin.timeout.millis": 100 }, "whitelist_config": {}, "selected_plugin_id": "", "email_alarm_conf": { "enable": false, "tls_enable": false, "server_addr": "", "username": "", "password": "", "subject": "", "recv_addr": [] }, "ding_alarm_conf": { "enable": false, "agent_id": "", "corp_id": "", "corp_secret": "", "recv_user": [], "recv_party": [] }, "http_alarm_conf": { "enable": false, "recv_addr": [] }, "attack_type_alarm_conf":null, "algorithm_config":{} }, "description": "ok", "status": 0 }

parameter

Explanation

parameter

Explanation

id

APP unique identifier

name

APP name

description

APP description information

language

The programming language used by the APP

create_time

APP creation time

secret

APP key, used for communication authentication with RASP

config_time

Last time when RASP related configuration was issued

general_config

Common configuration, used to deliver RASP

whitelist_config

Interception whitelist configuration, used to deliver RASP

selected_plugin_id

The plugin id selected for delivery

email_alarm_conf

email alarm configuration

ding_alarm_conf

Nail alarm configuration

http_alarm_conf

http alarm configuration

attack_type_alarm_conf

If there is no such configuration, then all alarm methods will be triggered according to all attack types. The key in the configuration is the attack type, and value is the list of alarm methods that this type will trigger. The current alarm methods include ding, http, email

algorithm_config

The algorithm configuration of the currently selected plugin in app

Delete APP

Description : Delete an APP and delete all RASPs and plug-ins under the APP at the same time. When only one APP is left, it cannot be deleted. At least one APP can not be deleted. Apps that still exist online RASP cannot be deleted

Request method : POST

Path : v1 / api / app / delete

Request body :

1 2 3 { "id":"a8604735911f1866029401c6766ba87f685ff037" }

Parameter description :

parameter

Parameter Type

have to

Explanation

parameter

Parameter Type

have to

Explanation

id

String

Yes

APP unique identifier

Return results :

1 2 3 4 5 { "data": {}, "description": "ok", "status": 0 }

Get the app

Description : Get all apps, or apps with an id. If there is an id parameter in the parameter, the app with the corresponding id is returned. If there is no id parameter, the page and perpage parameters are required for paging, and the corresponding number of APP arrays are returned.

Request method : POST

Path : v1 / api / app / get

Request body :

Get the corresponding id APP

1 2 3 { "app_id":"569e8ea7a16123492b5878920fd36985" }

Get a certain number of apps

1 2 3 4 { "page":1, "perpage":10 }

Parameter description :

parameter

Parameter Type

have to

Explanation

parameter

Parameter Type

have to

Explanation

app_id

String

no

The unique ID of the APP, if there is this parameter, the APP with the corresponding id will be returned

page

int

no

Page number

perpage

int

no

Number of data per page

Return results :

Return the corresponding id APP

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 { "status":0, "description":"ok", "data":{ "id":"569e8ea7a16123492b5878920fd36985" "name":"Java xxx", "description":"rasp protected", "config_time":155536548555, "create_time":154598419100, "language":"java", "general_config":{ "plugin.timeout.millis":500, "security.enforce_policy":true, ... } ... } }

Return a certain amount of APP

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 { "status":0, "description":"ok", "page": 1, "perpage": 10, "total": 1, "total_page": 1, "data":[ { "id":"569e8ea7a16123492b5878920fd36985" "name":"Java yyy", "description":"rasp protected", "config_time":155536548555, "create_time":154598419100, "language":"java", "general_config":{ "plugin.timeout.millis":500, "security.enforce_policy":true, ... } } ] }

Deliver common configuration

Description : Send rasp common configuration to app

Request method : POST

Path : v1 / api / app / general / config

Request body :

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 { "app_id":"47af9da31ec3f233f35a25776f5e06086ebf239f", "config":{ "inject.custom_headers":{ "X-Protected-By":"RASP" }, "block.content_html": "</script><script>location.href="https://definitions.com/blocked2/?request_id=%request_id%"</script>", "block.content_json": "{"error":true,"reason": "Request blocked by RASP","request_id": "%request_id%"}", "block.content_xml": "<?xml version="1.0"?><doc><error>true</error><reason>Request blocked by RASP</reason><request_id>%request_id%</request_id></doc>", "block.redirect_url": "https://definitions.com/blocked/?request_id=%request_id%", "block.status_code": 403, "body.maxbytes": 12288, "clientip.header": "ClientIP", "cpu.usage.enable":false, "cpu.usage.interval":5, "cpu.usage.percent":90, "debug.level":0, "decompile.enable":false, "dependency_check.interval":100, "fileleak_scan.interval":21600, "fileleak_scan.limit":100, "fileleak_scan.name":""\.(git|svn|tar|gz|rar|zip|sql|log)$"", "log.maxbackup":30, "log.maxburst":100, "log.maxstack":100, "lru.compare_enable":false, "lru.compare_limit":10240, "lru.max_size":1000, "ognl.expression.minlength":30, "plugin.filter":true, "plugin.maxstack":100, "plugin.timeout.millis":100, "request.param_encoding":"rasp", "response.sampler_burst":5, "response.sampler_interval":60, "security.weak_passwords":[ ], "syslog.enable":false, "syslog.facility":1, "syslog.tag":"RASP", "syslog.url":"" } }

Parameter description :

parameter

Parameter Type

have to

Explanation

parameter

Parameter Type

have to

Explanation

app_id

String

Yes

APP unique identifier

config

object

Yes

General configuration complete content

Return result : return the complete APP information after update

Deliver whitelist configuration

Description : Deliver rasp whitelist configuration to the app

Request method : POST

Path : v1 / api / app / whitelist / config

Request body :

1 2 3 4 5 6 7 8 9 10 11 12 13 { "app_id":"e64071cf900944b701213a6f17d36e0d18d8b6ab", "config":[ { "url":"www.asod.com/sss/sss", "hook":{ "sql":true, "ssrf":false }, "description":"" } ] }

Parameter description :

parameter

Parameter Type

have to

Explanation

parameter

Parameter Type

have to

Explanation

app_id

String

Yes

APP unique identifier

config

object

Yes

Whitelist configuration complete content

Return result : return the complete APP information after update

Alarm configuration

Description : Send alarm configuration to app

Request method : POST

Path : v1 / api / app / alarm / config

Request body :

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 { "app_id":"47af9da31ec3f233f35a25776f5e06086ebf239f", "attack_type_alarm_conf":{ "sql":["email","ding","http"], "xxe":["email"] }, "email_alarm_conf": { "enable":false, "tls_enable":false, "server_addr":"email.qq.com:445", "username":"123456789@qq.com", "password":"4354edfwe", "subject":"rasp alarm", "recv_addr":["165165@163.com"] }, "ding_alarm_conf": { "enable":false, "agent_id":"1s6ef5w1ef6", "corp_id":"1r5thnb5", "corp_secret":"d512c5f5fg546sdg5", "recv_user":["5sdf5","87njy7uoi"], "recv_party":["8ik44ws"] }, "http_alarm_conf": { "enable":false, "recv_addr":["www.opff.com"] }, "general_alarm_conf":{ "alarm_check_interval":120 }, "kafka_alarm_conf":{ "url":"1.1.1.1:6666", "user":"", "pwd":"", "enable":true, "topic":"RASP" } }

Parameter description :

parameter

Parameter Type

have to

Explanation

parameter

Parameter Type

have to

Explanation

app_id

String

Yes

APP unique identifier

attack_type_alarm_conf

Object

no

If there is no such configuration, then all alarm methods will be triggered according to all attack types. The key in the configuration is the attack type, and value is the list of alarm methods that this type will trigger. The current alarm methods include ding, http, email

email_alarm_conf

Object

no

Email alarm configuration

ding_alarm_conf

Object

no

Nail alarm configuration

http_alarm_conf

Object

no

http alarm configuration

email_alarm_conf.enable

bool

no

email alarm switch, default false

email_alarm_conf.tls_enable

bool

no

Whether to open mail tls authentication, default false

email_alarm_conf.server_addr

String

Yes

Mail server address

email_alarm_conf.username

String

no

Email account username

email_alarm_conf.password

String

no

Email account password

email_alarm_conf.subject

String

no

Email Subject

email_alarm_conf.recv_addr

String Array

Yes

Email address sent by email alarm

ding_alarm_conf.enable

bool

no

Nail alarm switch, default false

ding_alarm_conf.agent_id

String

Yes

Nail Alarm Application Agent ID

ding_alarm_conf.corp_id

String

Yes

Dingding Alarm's Enterprise ID

ding_alarm_conf.corp_secret

String

Yes

Dingfang's enterprise key

ding_alarm_conf.recv_user

String Array

no

List of users received by Dingding alarm, each element of the list is a user ID, and it cannot be empty together with recv_party parameter

ding_alarm_conf.recv_party

String Array

no

List of departments to receive the DingDing alarm. Each element of the list is an ID of a department. It cannot be empty together with the recv_user parameter.

http_alarm_conf.enable

String

no

HTTP alarm push switch, default false

http_alarm_conf.recv_addr

String Array

Yes

HTTP alarm receiving address list

general_alarm_conf.alarm_check_interval

Int

Yes

Email alarm interval (applies to all apps)

kafka_alarm_conf.url

String

Yes

The address of the kafka server

kafka_alarm_conf.user

String

no

Kafka server username

kafka_alarm_conf.pwd

String

no

kafka server password

kafka_alarm_conf.enable

Bool

Yes

Whether to enable kafka push

kafka_alarm_conf.topic

String

Yes

Write the topic name of kafka

Return result : return the complete APP information after update

APP configuration interface

Description : Deliver APP configuration, used to configure APP name, language and description information

Request method : POST

Path : v1 / api / app / config

Request body :

1 2 3 4 5 6 { "app_id":"47af9da31ec3f233f35a25776f5e06086ebf239f", "name":"myapp", "language":"php", "description":"php001" }

Parameter description :

parameter

Parameter Type

have to

Explanation

parameter

Parameter Type

have to

Explanation

app_id

String

Yes

APP unique identifier

name

String

Yes

APP name

language

String

Yes

The programming language used by the APP

description

String

no

APP description information

Return result : return the complete APP information after update

Get all the plugins under the APP

Description : Get all plug-in content according to APP ID

Request method : POST

Path : v1 / api / app / plugin / get

Request body :

1 2 3 4 5 { "app_id":"47af9da31ec3f233f35a25776f5e06086ebf239f", "page":1, "perpage":15 }

Parameter description :

parameter

Parameter Type

have to

Explanation

parameter

Parameter Type

have to

Explanation

app_id

String

Yes

APP unique identifier

page

int

Yes

page number

perpage

int

Yes

Number of single pages

Return results :

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 { "data": { "page": 1, "perpage": 15, "total": 2, "total_page": 1, "data": [ { "id": "47af9da31ec3f233f35a25776f5e06086ebf239ff60a021ada4750b65640d0d24b9ae382", "app_id": "47af9da31ec3f233f35a25776f5e06086ebf239f", "upload_time": 1540992061040, "version": "2018-1016-1000", "md5": "f60a021ada4750b65640d0d24b9ae382" ... }, { "id": "47af9da31ec3f233f35a25776f5e06086ebf239f914450bbf9309777723f38facfa8183f", "app_id": "47af9da31ec3f233f35a25776f5e06086ebf239f", "upload_time": 1540979046327, "version": "2018-1016-0000", "md5": "914450bbf9309777723f38facfa8183f" ... } ] }, "description": "ok", "status": 0 }

Get the plugin issued by the APP

Description : Get the currently selected plug-in of the APP, the plug-in will be issued to the RASP under the APP

Request method : POST

Path : v1 / api / app / plugin / select / get

Request body :

1 2 3 { "app_id": "47af9da31ec3f233f35a25776f5e06086ebf239f" }

Parameter description :

parameter

Parameter Type

have to

Explanation

parameter

Parameter Type

have to

Explanation

app_id

String

Yes

APP unique identifier

Return results :

1 2 3 4 5 6 7 8 9 10 11 12 { "data": { "id": "47af9da31ec3f233f35a25776f5e06086ebf239ff60a021ada4750b65640d0d24b9ae382", "app_id": "47af9da31ec3f233f35a25776f5e06086ebf239f", "upload_time": 1540985045544, "version": "2018-1016-1000", "md5": "f60a021ada4750b65640d0d24b9ae382" ... }, "description": "ok", "status": 0 }

Set the plugin issued by the APP

Description : Set the plugin sent to RASP by APP

Request method : POST

Path : v1 / api / app / plugin / select

Request body :

1 2 3 4 { "app_id": "47af9da31ec3f233f35a25776f5e06086ebf239f", "plugin_id":"47af9da31ec3f233f35a25776f5e06086ebf239ff60a021ada4750b65640d0d24b9ae382" }

Parameter description :

parameter

Parameter Type

have to

Explanation

parameter

Parameter Type

have to

Explanation

app_id

String

Yes

APP unique identifier

plugin_id

String

Yes

Plug-in unique identification

Return results :

1 2 3 4 5 { "data": {}, "description": "ok", "status": 0 }

Test mail alarm

Description : Test mail alarm

Request method : POST

Path : v1 / api / app / email / test

Request body :

1 2 3 { "app_id": "47af9da31ec3f233f35a25776f5e06086ebf239f" }

Parameter description :

parameter

Parameter Type

have to

Explanation

parameter

Parameter Type

have to

Explanation

app_id

String

Yes

APP unique identifier

Return results :

1 2 3 4 5 { "data": {}, "description": "ok", "status": 0 }

Test spike alarm

Description : Test spike alarm

Request method : POST

Path : v1 / api / app / ding / test

Request body :

1 2 3 { "app_id": "47af9da31ec3f233f35a25776f5e06086ebf239f" }

Parameter description :

parameter

Parameter Type

have to

Explanation

parameter

Parameter Type

have to

Explanation

app_id

String

Yes

APP unique identifier

Return results :

1 2 3 4 5 { "data": {}, "description": "ok", "status": 0 }

Test HTTP alarm

Description : Test HTTP alarm

Request method : POST

Path : v1 / api / app / http / test

Request body :

1 2 3 { "app_id": "47af9da31ec3f233f35a25776f5e06086ebf239f" }

Parameter description :

parameter

Parameter Type

have to

Explanation

parameter

Parameter Type

have to

Explanation

app_id

String

Yes

APP unique identifier

Return results :

1 2 3 4 5 { "data": {}, "description": "ok", "status": 0 }

Test Kafka Alarm

Description : Test Kafka alarm

Request method : POST

Path : v1 / api / app / kafka / test

Request body :

1 2 3 { "app_id": "47af9da31ec3f233f35a25776f5e06086ebf239f" }

Parameter description :

parameter

Parameter Type

have to

Explanation

parameter

Parameter Type

have to

Explanation

app_id

String

Yes

APP unique identifier

Return results :

1 2 3 4 5 { "data": {}, "description": "ok", "status": 0 }

Get plugin update information

Description : If the current plugin is official.js, determine whether the current plugin is the latest official plugin. If not (such as iast.js), return the version information of the currently issued plugin and the latest

Request method : POST

Path : v1 / api / app / plugin / latest

Request body :

1 2 3 { "app_id": "47af9da31ec3f233f35a25776f5e06086ebf239f" }

Parameter description :

parameter

Parameter Type

have to

Explanation

parameter

Parameter Type

have to

Explanation

app_id

String

Yes

APP unique identifier

Return results :

1 2 3 4 5 6 7 8 9 { "data": { "is_latest": false, "selected_version": "2019-0606-1802", "latest_version": "2019-0606-1803" }, "description": "ok", "status": 0 }

parameter

Explanation

parameter

Explanation

is_latest

Whether the currently released plugin is the latest version

selected_version

The currently released plugin version

latest_version

Latest plugin version

RASP management interface

Search RASP

Description : Search RASP by condition

Request method : POST

Path : v1 / api / rasp / search

Request body :

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 { "page":1, "perpage":10, "data": { "id": "426199dc7a15cce89b0c937a65a24a23", "app_id": "fcbc4d8ac6bcaac27b1cc4703e5339a4aa6e8a1c", "version": "1.0.0-RC1", "hostname": "820c2691f452", "register_ip": "172.17.0.2", "language": "java", "language_version": "1.7.0_17", "server_type": "tomcat", "server_version": "7.0.78.0", "rasp_home": "/tomcat/rasp", "plugin_version": "2018-1227-1200", "heartbeat_interval": 180, "online": false, "register_time": 1546595808, "host_type": "docker" } }

Parameter description :

parameter

Parameter Type

have to

Explanation

parameter

Parameter Type

have to

Explanation

id

String

no

RASP unique identifier

app_id

String

no

ID of the app to which it belongs

version

String

no

RASP version

hostname

String

no

The host name where the RASP is located. This field supports fuzzy search and searches both the hostname and register_ip fields

register_ip

String

no

The IP address used by RASP to access the cloud control background

language

String

no

Programming language

language_version

String

no

language version

server_type

String

no

Server type

server_version

String

no

Server version

rasp_home

String

no

RASP installation directory

plugin_version

String

no

Plugin version

heartbeat_interval

int

no

Heartbeat interval time, unit: second

online

bool

no

Whether online

register_time

int

no

Registration time, millisecond timestamp

host_type

String

no

The host type where the rasp is located

Return results :

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 { "data": { "page": 1, "perpage": 10, "total": 2, "total_page": 1, "data": [ { "id": "426199dc7a15cce89b0c937a65a24a23", "app_id": "fcbc4d8ac6bcaac27b1cc4703e5339a4aa6e8a1c", "version": "1.0.0-RC1", "hostname": "820c2691f452", "register_ip": "172.17.0.2", "language": "java", "language_version": "1.7.0_17", "server_type": "tomcat", "server_version": "7.0.78.0", "rasp_home": "/tomcat/rasp", "plugin_version": "2018-1227-1200", "heartbeat_interval": 180, "online": false, "last_heartbeat_time": 1546597790, "register_time": 1546595808, "host_type": "docker", "environ": { "COLORTERM": "gnome-terminal", "DISPLAY": ":0", } ] }, "description": "ok", "status": 0 }

parameter

Explanation

parameter

Explanation

id

RASP unique identifier

app_id

ID of the app to which it belongs

version

RASP version

hostname

The host name where the RASP is located. This field supports fuzzy search and searches both the hostname and register_ip fields

register_ip

The IP address used by RASP to access the cloud control background

language

Programming language

server_type

Server type

server_version

Server version

rasp_home

RASP installation directory

plugin_version

Plugin version

heartbeat_interval

Heartbeat interval time, unit: second

online

Whether online

last_heartbeat_time

Last heartbeat time, millisecond timestamp

register_time

Registration time, millisecond timestamp

host_type

Host type, example: docker

environ

Process environment variables

RASP version number statistics

Description : Count the number of hosts under each version of RASP

Request method : POST

Path : v1 / api / rasp / search / version

Request body :

1 2 3 4 5 6 7 8 { "data":{ "app_id":"fcbc4d8ac6bcaac27b1cc4703e5339a4aa6e8a1c", "version":"1.3.0" }, "page":1, "perpage":10 }

Parameter description :

parameter

Parameter Type

have to

Explanation

parameter

Parameter Type

have to

Explanation

app_id

String

Yes

ID of the app to which it belongs

version

String

no

Specify the version number of the search

Return results :

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 { "data": { "data": [ { "version": "1.3.0", "count": 1 } ], "page": 1, "perpage": 10, "total": 1, "total_page": 1 }, "description": "ok", "status": 0 }

parameter

Explanation

parameter

Explanation

version

Host version number

count

The number of hosts corresponding to the host version number

Export RASP

Description : Search rasp by conditions and export the search results to a csv file, the app_id field is required, and the remaining search conditions are optional

Request method : GET

Path : v1 / api / rasp / csv? App_id = eaGdr22DfthDz51JHF65sd

Parameter description :

parameter

Parameter Type

have to

Explanation

parameter

Parameter Type

have to

Explanation

app_id

String

Yes

ID of the app to which it belongs

Return result : csv file

Remove RASP

Description : Delete RASP of specified condition, online rasp is not allowed to delete, when id exists in the parameter, delete the rasp of specified id and ignore other parameters

Request method : POST

Path : v1 / api / rasp / delete

Request body :

1 2 3 4 5 6 7 { "app_id":"94892d14c8f1dfcedb63af258cc008929c3ef4f5", "id": "47af9da31ec3f233f35a25776f5e06086ebf239f", "register_ip":"126.23.3.63", "expire_time": 604800, "host_type": "docker" }

Parameter description :

parameter

Parameter Type

have to

Explanation

parameter

Parameter Type

have to

Explanation

app_id

String

Yes

APP unique identifier

id

String

no

RASP unique identifier

register_ip

String

no

Register ip

expire_time

int

no

Unit / sec, delete rasp whose timeout exceeds this value

host_type

String

no

The host type where the rasp is located

Return results :

1 2 3 4 5 6 7 { "data": { "count":1 }, "description": "ok", "status": 0 }

parameter

Explanation

parameter

Explanation

count

Number of RASP agents removed

Bulk delete RASP

Description : Batch delete rasp according to rasp id

Request method : POST

Path : v1 / api / rasp / batch_delete

Request body :

1 2 3 4 5 6 7 8 { "app_id":"94892d14c8f1dfcedb63af258cc008929c3ef4f5", "ids": [ "47af9da31ec3f233f35a25776f5e06086ebf239f", "d64g58d4gc3fs58745sdfgd5g5s7f54e5f4s585s", "net1d5ns8bad6584thg1s5dnbs8gbs8af5RFG415" ] }

Parameter description :

parameter

Parameter Type

have to

Explanation

parameter

Parameter Type

have to

Explanation

app_id

String

Yes

APP unique identifier

ids

String Array

Yes

RASP unique identification list

Return results :

1 2 3 4 5 6 7 { "data": { "count":1 }, "description": "ok", "status": 0 }

parameter

Explanation

parameter

Explanation

count

Number of RASP agents removed

RASP Remarks Interface

Description : Add or modify remark information for the rasp with the specified id

Request method : POST

Path : v1 / api / rasp / describe

Request body :

1 2 3 4 { "id": "47af9da31ec3f233f35a25776f5e06086ebf239f", "description": "this is a description" }

Parameter description :

parameter

Parameter Type

have to

Explanation

parameter

Parameter Type

have to

Explanation

id

String

Yes

RASP unique identifier

description

String

Yes

Description

Return results :

1 2 3 4 5 6 { "data": { }, "description": "ok", "status": 0 }

Class library information management interface

Class library information aggregation

Description : Aggregate the class library information of the host according to the host under the application

Request method : POST

Path : v1 / api / dependency / aggr

Request body :

1 2 3 4 5 6 7 { "data":{ "app_id":"f284baaeb786a8285bd1dde04a3dd7502c766c8a" }, "page":1, "perpage":10 }

Parameter description :

parameter

Parameter Type

have to

Explanation

parameter

Parameter Type

have to

Explanation

app_id

String

Yes

ID of the app to which it belongs

Return results :

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 { "data": { "page": 1, "perpage": 10, "total": 1, "total_page": 1, "data": [ { @timestamp: 1579597454365, app_id: "4a335d670ec7c9353d3cf7480e68614dda087ded", hostname: "d2e69eebfa7b", id: "d1dd52ff8c82becccf9678b6ed09eca0", path: ["/tomcat/bin/bootstrap.jar"], product: "Apache Tomcat Bootstrap", rasp_count: 1, rasp_id: "3089c8d2672efd1ef5c3e322d9e8fcb1", register_ip: "172.17.0.2", search_string: "Apache Tomcat Bootstrap8.0.5", source: "manifest_implementation", tag: "Apache Software Foundation:Apache Tomcat Bootstrap:8.0.5", vendor: "Apache Software Foundation", version: "8.0.5" } ] }, "description": "ok", "status": 0 }

parameter

Explanation

parameter

Explanation

timestamp

Class library information upload time

app_id

ID of the app to which it belongs

hostname

Host name

id

Unique identification of class library information

path

Library dependent path

product

product name

rasp_count

Affect the number of hosts

rasp_id

RASP to which class library information belongs

register_ip

RASP machine IP address

search_string

 

source

 

tag

 

vendor

Manufacturer

version

The version number of the class library

Class library information aggregation

Description : View details of class library information

Request method : POST

Path : v1 / api / dependency / search

Request body :

1 2 3 4 5 6 7 8 9 10 { "data":{ "app_id":"0d46b13c2f25722e542b1a89817e1163e190fce1", "tag":"org.apache.struts.xwork:xwork-core:2.3.14.2", "key_word":"", "hostname":"" }, "page":1, "perpage":10 }

parameter

Parameter Type

have to

Explanation

parameter

Parameter Type

have to

Explanation

app_id

String

Yes

APP unique identifier

tag

String

 

 

key_word

String

no

Key words

hostname

String

no

Host name

Return results :

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 { "data": { "page": 1, "perpage": 10, "total": 1, "total_page": 1, "data": [ { @timestamp: 1579612005801, app_id: "0d46b13c2f25722e542b1a89817e1163e190fce1", hostname: "cq02-scloud-docker-trial", id: "148f69b483fff233ee4d4f9fffbfd478", path: ["/tomcat/bin/bootstrap.jar"], product: "xwork-core", rasp_count: 1, rasp_id: "3089c8d2672efd1ef5c3e322d9e8fcb1", register_ip: "10.58.119.17", search_string: "Apache Tomcat Bootstrap8.0.5", source: "manifest_implementation", tag: "Apache Software Foundation:Apache Tomcat Bootstrap:8.0.5", vendor: "Apache Software Foundation", version: "2.3.14.2" } ] }, "description": "ok", "status": 0 }

parameter

Explanation

parameter

Explanation

app_id

ID of the app to which it belongs

timestamp

Class library information upload time

hostname

Host name

id

Unique identification of class library information

path

Library dependent path

product

product name

rasp_count

Affect the number of hosts

rasp_id

RASP to which class library information belongs

register_ip

RASP machine IP address

search_string

 

source

 

tag

 

vendor

Manufacturer

version

The version number of the class library

Static Token management interface

Generate / update token

Description : When the token parameter is updated, otherwise it is a new token

Request method : POST

Path : v1 / api / token

Request body :

Add token:

1 2 3 { "description":"xxx Sample token" }

Update token:

1 2 3 4 { "token":"44b2b50665c9f11c73090b19c3dd787031611e80", "description":"Sampletoken" }

Parameter description :

parameter

Parameter Type

have to

Explanation

parameter

Parameter Type

have to

Explanation

token

String

Yes

token content

description

String

no

token description

Return results :

1 2 3 4 5 6 7 8 { "data": { "token": "44b2b50665c9f11c73090b19c3dd787031611e80", "description": "Sample" }, "description": "ok", "status": 0 }

Get token

Description : Get a certain amount of token information

Request method : POST

Path : v1 / api / token / get

Request body :

1 2 3 4 { "page":1, "perpage":10 }

Return results :

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 { "data": { "page": 1, "perpage": 10, "total": 5, "total_page": 1, "data": [ { "token": "349532e57aa36ee9b72a62fec8907109a016f348", "description": "a token" }, { "token": "f284baaeb786a8285bd1dde04a3dd7502c766c8a", "description": "b token" } ] }, "description": "ok", "status": 0 }

Delete token

Description : Delete token

Request method : POST

Path : v1 / api / token / delete

Request body :

1 2 3 { "token":"f284baaeb786a8285bd1dde04a3dd7502c766c8a" }

Return results :

1 2 3 4 5 6 { "data": { }, "description": "ok", "status": 0 }

Operation log interface

Search operation logs

Description : Search operation logs

Request method : POST

Path : v1 / api / operation / search

Request body :

1 2 3 4 5 6 7 8 9 10 11 12 13 { "data":{ "id": "389fdbeb0aceb154d5d5d26eba28fea9f402c945", "type_id": 1010, "app_id": "e64071cf900944b701213a6f17d36e0d18d8b6ab", "user": "admin", "ip": "127.0.0.1" }, "start_time":1, "end_time":1542807647000, "page":1, "perpage":15 }

Parameter description :

parameter

Parameter Type

have to

Explanation

parameter

Parameter Type

have to

Explanation

data

String

Yes

All fields that support searching, all fields in data are optional

start_time

int

Yes

Operation log start time, millisecond timestamp

end_time

int

Yes

End time of operation log, millisecond timestamp

Return results :

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 { "data": { "data": [ { "id": "389fdbeb0aceb154d5d5d26eba28fea9f402c945", "type_id": 1010, "app_id": "e64071cf900944b701213a6f17d36e0d18d8b6ab", "time": 1542807647000, "user": "admin", "content": "uploaded the plugin: ba41c57afab600c39dba7398987b159d648d0836", "ip": "127.0.0.1" } ], "page": 1, "perpage": 15, "total": 1, "total_page": 1 }, "description": "ok", "status": 0 }

parameter

Explanation

parameter

Explanation

id

Operation log unique identifier

app_id

ID of the app to which it belongs

type_id

Log type

time

Operating time

user

Operator

content

Operation content

ip

The IP of the originator of the operation request relative to the cloud control background

Server management interface

Get server url

Description : Get the url address of panel and agent server

Request method : POST

Path : v1 / api / server / url / get

Parameter : None

Return results :

1 2 3 4 5 6 7 8 9 10 11 12 { "data":{ "panel_url":"126.56.23.5:8086", "agent_url":[ "126.56.23.5:8086", "10.23.36.122:8086", "172.23.233.192:8086" ] }, "description": "ok", "status": 0 }

parameter

Explanation

parameter

Explanation

panel_url

Front-end server url access address

agent_url

agent server access address list

Change server address

Description : Change the access address of panel and agent server

Request method : POST

Path : v1 / api / server / url

Request body :

1 2 3 4 5 6 7 8 { "panel_url":"126.56.23.5:8086", "agent_urls":[ "126.56.23.5:8086", "10.23.36.122:8086", "172.23.233.192:8086" ] }

Parameter description :

parameter

Parameter Type

have to

Explanation

parameter

Parameter Type

have to

Explanation

panel_url

String

Yes

Front-end server url access address

agent_url

String Array

no

agent server access address list

Return results :

1 2 3 4 5 6 7 8 9 10 11 12 { "data":{ "panel_url":"126.56.23.5:8086", "agent_urls":[ "126.56.23.5:8086", "10.23.36.122:8086", "172.23.233.192:8086" ] }, "description": "ok", "status": 0 }

Clear data

Description : Clear the attack events, baseline alarms, exception logs, and number of requests in the database

Request method : POST

Path : v1 / api / server / url

Request body :

1 2 3 { "app_id":"e64071cf900944b701213a6f17d36e0d18d8b6ab" }

Parameter description :

parameter

Explanation

parameter

Explanation

app_id

Front-end server url access address

Return results :

1 2 3 4 5 { "data": {}, "description": "ok", "status": 0 }

Request Statistics Interface

Request statistics aggregation

Description : Aggregate request statistics uploaded by RASP according to time

Request method : POST

Path : v1 / api / report / dashboard

Request body :

1 2 3 4 5 6 7 { "app_id":"f284baaeb786a8285bd1dde04a3dd7502c766c8a", "start_time":1523264521321212, "end_time":1523267821321000, "interval":"hour", "time_zone":"+08:00" }

Parameter description :

parameter

Parameter Type

have to

Explanation

parameter

Parameter Type

have to

Explanation

app_id

String

Yes

Apps that need to be aggregated

start_time

int

Yes

Starting time

end_time

int

Yes

End Time

interval

String

Yes

Aggregation granularity, hour hour, month month, day day

time_zone

String

Yes

Aggregate time zone

Return results :

1 2 3 4 5 6 7 8 9 10 11 12 13 14 { "data":[ { "start_time":1523264521321212, "request_sum":10000 }, { "start_time":1523264521340000, "request_sum":87 } ], "description": "ok", "status": 0 }

parameter

Explanation

parameter

Explanation

start_time

Starting time

request_sum

Number of requests processed by RASP

Alarm interface

In order to reduce the es pressure, the start and end time of all alarm interfaces cannot exceed 366 days, and the size of the aggregate interface cannot exceed 1024

Aggregate attack logs by time

Description : Aggregate attack data by time

Request method : POST

Path : v1 / api / log / attack / aggr / time

Request body :

1 2 3 4 5 6 7 { "app_id":"f284baaeb786a8285bd1dde04a3dd7502c766c8a", "start_time":1535600036000, "end_time":1546140836000, "interval":"month", "time_zone":"+08:00" }

Parameter description :

parameter

Parameter Type

have to

Explanation

parameter

Parameter Type

have to

Explanation

app_id

String

Yes

Apps that need to be aggregated

start_time

int

Yes

Starting time

end_time

int

Yes

End Time

interval

String

Yes

Aggregation granularity, hour hour, month month, day day

time_zone

String

Yes

Aggregate time zone

Return results :

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 { "data": { "data": [ [ 0, 0, 0, 1, 0 ], [ 0, 0, 0, 0, 0 ] ], "labels": [ 1533052800000, 1535731200000, 1538323200000, 1541001600000, 1543593600000 ] }, "description": "ok", "status": 0 }

parameter

Explanation

parameter

Explanation

data

Aggregate data, the first element is info data, the second is block data

labels

Aggregated horizontal axis time label array, each element is a millisecond timestamp

Aggregate attack logs by type

Description : Aggregate attack data according to attack type

Request method : POST

Path : v1 / api / log / attack / aggr / type

Request body :

1 2 3 4 5 6 { "app_id":"f284baaeb786a8285bd1dde04a3dd7502c766c8a", "start_time":1535600036000, "end_time":1546140836000, "size":10 }

Parameter description :

parameter

Parameter Type

have to

Explanation

parameter

Parameter Type

have to

Explanation

app_id

String

Yes

Apps that need to be aggregated

start_time

int

Yes

Starting time

end_time

int

Yes

End Time

size

int

Yes

Number of attack types aggregated

Return results :

1 2 3 4 5 6 7 8 9 10 11 12 { "data":[ [ "sql", 156 ], [ "xxe", 156 ] ], "description": "ok", "status": 0 }

parameter

Explanation

parameter

Explanation

data

Aggregate data, each array represents a type, the first element of each array represents the type name, and the second element represents the number of attacks of that type

Aggregate attack logs by UA

Description : Aggregate attack data according to the request User-Agent header

Request method : POST

Path : v1 / api / log / attack / aggr / ua

Request body :

1 2 3 4 5 6 { "app_id":"f284baaeb786a8285bd1dde04a3dd7502c766c8a", "start_time":1535600036000, "end_time":1546140836000, "size":10 }

Parameter description :

parameter

Parameter Type

have to

Explanation

parameter

Parameter Type

have to

Explanation

app_id

String

Yes

Apps that need to be aggregated

start_time

int

Yes

Starting time

end_time

int

Yes

End Time

size

int

Yes

Number of aggregated UA types

Return results :

1 2 3 4 5 6 7 8 9 10 11 12 { data:[ [ "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36", 156 ], [ "Chrome/5.0 (X11; Linux x86_64) AppleWebKit/537.36", 156 ] ], "description": "ok", "status": 0 }

parameter

Explanation

parameter

Explanation

data

Aggregate data, each array represents a type, the first element of each array represents the name of the UA, and the second element represents the number of attacks of the UA

Description : Aggregate attack data by vulnerability (different stacks are different vulnerabilities)

Request method : POST

Path : v1 / api / log / attack / aggr / vuln

Request body :

1 2 3 4 5 6 7 8 9 10 { "data":{ "attack_type":["directory","sql"], "app_id":"f284baaeb786a8285bd1dde04a3dd7502c766c8a", "start_time":"1523264521321000", "end_time":"1523264521421000" } "page":1, "perpage":10 }

Parameter description :

parameter

Parameter Type

have to

Explanation

parameter

Parameter Type

have to

Explanation

app_id

String

no

The APP to which the vulnerability belongs, if this parameter is present, the corresponding app data is counted, if not, all data is counted

attack_type

String Array

no

The attack type can be multi-selected. If the array is empty, nothing is returned. Without this parameter, or if the parameter is null, this parameter is not filtered

rasp_id

String

no

RASP to which the vulnerability belongs

server_hostname

String

no

The hostname of the machine where the vulnerability occurred

attack_source

String

no

Attack source ip

url

String

no

Attack URL

intercept_state

String Array

no

Interception status, optional values: block, info, nothing is returned if the array is empty, no parameter, or the parameter is null, this parameter is not filtered

local_ip

String

no

Attacking machine ip

start_time

int

Yes

Starting time

end_time

int

Yes

End Time

Return results :

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 { "data": { "page": 1, "perpage": 10, "total": 500, "total_page": 50, "data":[ { "attack_type":"directory", "stack_md5":"1111121637821204cwwd2e52d62d0aa8", "event_time":"2019-01-27T23:51:15+0800", ... } ... ] }, "description": "ok", "status": 0 }

parameter

Explanation

parameter

Explanation

data

Vulnerability aggregation results, the results are sorted according to the latest attack time of each vulnerability, and the content displayed by each vulnerability is the latest attack content of the vulnerability

Description : Search the attack log, and sort the results in descending order of time

Request method : POST

Path : v1 / api / log / attack / search

Request body :

1 2 3 4 5 6 7 8 9 10 { "data":{ "attack_type":["directory","sql"], "app_id":"f284baaeb786a8285bd1dde04a3dd7502c766c8a", "start_time":"1523264521321000", "end_time":"1523264521421000" } "page":1, "perpage":10 }

Parameter description :

parameter

Parameter Type

have to

Explanation

parameter

Parameter Type

have to

Explanation

app_id

String

no

App belongs to, if there is this parameter, then the corresponding app data is counted, if not, all data is counted

attack_type

String Array

no

The attack type can be multi-selected. If the array is empty, nothing is returned. Without this parameter, or if the parameter is null, this parameter is not filtered

rasp_id

String

no

Rasp

server_hostname

String

no

The hostname or IP of the machine where the attack occurred, supporting fuzzy search

attack_source

String

no

Attack source ip, support fuzzy search

url

String

no

Attack URL, including search, support fuzzy search

intercept_state

String Array

no

Interception status, optional values: block, info, nothing is returned if the array is empty, no parameter, or the parameter is null, this parameter is not filtered

local_ip

String

no

Attacking machine ip

request_id

String

no

Request id

stack_md5

String

no

MD5 of the attack stack

plugin_message

String

no

The monitoring information returned by the plug-in supports fuzzy search

start_time

int

Yes

Starting time

end_time

int

Yes

End Time

Return results :

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 { "data": { "page": 1, "perpage": 10, "total": 500, "total_page": 50, "data":[ { "attack_type":"directory", "intercept_state":"block", "plugin_confidence":100 ... } ... ] }, "description": "ok", "status": 0 }

parameter

Explanation

parameter

Explanation

data

Search attack results

Description : Search the baseline log, and sort the results in descending order of time

Request method : POST

Path : v1 / api / log / policy / search

Request body :

1 2 3 4 5 6 7 8 9 10 11 12 { "data":{ "policy_id":["3004","3003"], "app_id":"f284baaeb786a8285bd1dde04a3dd7502c766c8a", "server_hostname":"nmg01.xx.cq", "local_ip":"172.36.2.6", "start_time":"1523264521321000", "end_time":"1523264521421000" }, "page":1, "perpage":10 }

Parameter description :

parameter

Parameter Type

have to

Explanation

parameter

Parameter Type

have to

Explanation

app_id

String

no

App belongs to, if there is this parameter, then the corresponding app data is counted, if not, all data is counted

policy_id

int Array

no

This field can be multi-selected. If the array is empty, nothing is returned. Without this parameter, or if the parameter is null, this parameter is not filtered.

rasp_id

String

no

Rasp

server_hostname

String

no

The hostname or IP of the machine, support fuzzy search

local_ip

String

no

Machine ip

message

String

no

Baseline alarm information, support fuzzy search

start_time

int

Yes

Starting time

end_time

int

Yes

End Time


Return results :

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 { "data": { "page": 1, "perpage": 10, "total": 500, "total_page": 50, "data":[ { "policy_id":"3004", ... // policy 3004 }, ... // other plicies ] }, "description": "ok", "status": 0 }

parameter

Explanation

parameter

Explanation

data

Search baseline results

Exception interface

Search for abnormal information

Description : Search for abnormal information based on conditions

Request method : POST

Path : v1 / api / log / error / search

Request body :

1 2 3 4 5 6 7 8 9 10 11 { "data":{ "app_id":"f284baaeb786a8285bd1dde04a3dd7502c766c8a", "server_hostname":"nmg01.xx.cq", "local_ip":"172.36.2.6", "start_time":"1523264521321000", "end_time":"1523264521421000" }, "page":1, "perpage":10 }

Parameter description :

parameter

Parameter Type

have to

Explanation

parameter

Parameter Type

have to

Explanation

app_id

String

no

App belongs to, if there is this parameter, then the corresponding app data is counted, if not, all data is counted

rasp_id

String

no

ID of the RASP to which the attack belongs

server_hostname

String

no

The hostname or IP of the machine, support fuzzy search

local_ip

String

no

Machine ip

message

String

no

Search abnormal information contains the abnormal log of this value, supports fuzzy search

start_time

int

Yes

Starting time

end_time

int

Yes

End Time

Return results :

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 { "data": { "page": 1, "perpage": 10, "total": 500, "total_page": 50, "data":[ { "message": "HTTP request to https://definitions.com:8086/v1/agent/rasp failed:", "server_nic": [{ "name": "en0", "ip": "172.24.182.127" }], "stack_trace": "sun.reflect.NativeConstructorAccessorImpl.newInstance0(NativeMethod)", "level": "WARN", "event_time": "2019-01-11T13:36:46+0800", "app_id": "9b3554a97673f1f8f5c929310298037a660d3b7a", "pid": 58353, "server_hostname": "localhost", "rasp_id": "3089c8d2672efd1ef5c3e322d9e8fcb1" } ] }, "description": "ok", "status": 0 }

parameter

Explanation

parameter

Explanation

data

Search error log results

RASP interface

verification method

  • Add APP ID request header: X-RASP-AppID: 9b3554a97673f1f8f5c929310298037a660d3b7a

  • Add APP Secret request header: X-RASP-AppSecret: 2wMG8K9F71CZyvlWu1CRwf7tVDVW7Ud4gxCY5X4aMzO

RASP registration interface

Description : Register the basic information of RASP, if there is id parameter, then update the corresponding RASP information, otherwise add RASP

Request method : POST

Path : v1 / agent / rasp

Request body :

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 { "id":"569e8ea7a16123492b5878920fd36985", "version" :"v3.2", "hostname":"tyy-OptiPlex-9020", "register_ip":"127.56.23.4", "language" :"java", "language_version":"8.1" , "server_type":"tomcat", "server_version":"8.5.1" , "heartbeat_interval":60, "rasp_home":"/home/work/tomcat8/rasp", "host_type":"docker", "environ":{ "JAVA_HOME":"/home/java/jdk-7.0.25" } }

Parameter description :

parameter

Parameter Type

have to

Explanation

parameter

Parameter Type

have to

Explanation

id

String

Yes

RASP unique identifier

version

String

Yes

RASP version

hostname

String

Yes

The host name of the machine where RASP is located

register_ip

String

Yes

RASP machine IP address

language

String

Yes

Development language used by RASP

language_version

String

Yes

Development language version used by RASP

server_type

String

Yes

Types of servers used by RASP

server_version

String

Yes

The server version number used by RASP

heartbeat_interval

int

Yes

Heartbeat interval time, unit: second

rasp_home

String

no

RASP installation directory

host_type

String

no

Host type, such as docker

environ

String

no

Service process environment variables

Return results :

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 { "status":0, "description":"ok", "data":{ "id":"569e8ea7a16123492b5878920fd36985", "app_id":"023e68ea7a12564492b5878920fd630c8", "version" :"v3.2", "hostname":"tyy-OptiPlex-9020", "register_ip":"127.56.23.4", "language" :"java", "language_version":"8.1" , "server_type":"tomcat", "server_version":"8.5.1" , "heartbeat_interval":60, "rasp_home" :"/home/work/tomcat8/rasp", "last_heartbeat_time":"15425645253", "online":true, "host_type":"docker", "plugin_version":"", "plugin_name":"", "plugin_md5":"", "environ":{ "JAVA_HOME":"/home/java/jdk-7.0.25" }, "register_time":"15425645253" } }

Parameter description :

parameter

Explanation

parameter

Explanation

id

RASP unique identifier

app_id

App ID

version

RASP version

hostname

The host name of the machine where RASP is located

register_ip

RASP machine IP address

language

Development language used by RASP

language_version

Development language version used by RASP

server_type

Types of servers used by RASP

server_version

The server version number used by RASP

heartbeat_interval

Heartbeat interval time, unit: second

rasp_home

RASP installation directory

last_heartbeat_time

Last heartbeat time, if there is no heartbeat, it is the registration time

online

Whether rasp is online, this value should be true

host_type

Host type, such as docker

plugin_version

The version of the plug-in. The plug-in has not been delivered during registration, so it is empty

plugin_name

The name of the plug-in. No plug-in has been delivered during registration, so it is empty

plugin_md5

Checksum of plug-in content, no plug-in has been delivered during registration, so it is empty

environ

Service process environment variables

register_time

Registered time stamp, unit: second

Heartbeat interface

Description : Accept the timed heartbeat from RASP to the cloud control background. If the md5 in the request parameters is different from the plug-in md5 specified in the background, a new plug-in is determined. If the configuration time is less than the last configuration time of the cloud control background, a new configuration is determined Updates are full updates of plugins and configurations.

Request method : POST

Path : v1 / agent / heartbeat

Request body :

1 2 3 4 5 6 7 { "rasp_id":"47af9da31ec3f233f35a25776f5e06086ebf239f", "plugin_md5":"47af9da31ec3f2ebf239f", "plugin_version":"2018-08-15 11:11:12", "config_time":1536302712000, "hostname":"rasp-host" }

Parameter description :

parameter

Parameter Type

have to

Explanation

parameter

Parameter Type

have to

Explanation

rasp_id

String

Yes

RASP unique identifier

plugin_md5

String

Yes

MD5 of the current RASP plugin

plugin_version

String

Yes

Current version of the plugin

config_time

int

no

The last modification time of the background configuration. If there is no such field or 0, the configuration will be delivered if it has not been delivered.

hostname

String

no

Host hostname, used for runtime update

Return results :

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 { "status":0, "description":"ok", "data":{ "plugin":{ "version":"2018-08-15 11:11:12" "md5":"569e8ea7a16123492b5878920fd36985", "plugin":"/*javascript*/" }, "config_time":1536303412000, "config":{ "block.content_html": "</script><script>location.href=\"https://definitions.com/blocked2/?request_id=%request_id%\"</script>", "block.content_json": "{\"xxxx\":\"xxxxxx\"}", "block.content_xml": "<?xml version=\"1.0\"?><doc><error>true</error><reason>Request blocked by RASP</reason><request_id>%request_id%</request_id></doc>", "block.redirect_url": "https://definitions.com/blocked/?request_id=%request_id%", "block.status_code": 302, "body.maxbytes": 4096, "clientip.header": "ClientIP", "debug.level": 0, "decompile.enable": true, "inject.custom_headers": {}, "log.maxbackup": 30, "log.maxburst": 100, "ognl.expression.minlength": 30, "plugin.filter": true, "plugin.maxstack": 100, "plugin.timeout.millis": 100, "syslog.enable": false, "syslog.facility": 1, "syslog.tag": "RASP", "syslog.url": "", "hook.white":{ "www.test.com/test1":[sql,ssrf], "www.test.com/test2":[sql,ssrf], "*":[all] } } } }

Parameter description :

parameter

Explanation

parameter

Explanation

plugin

Plugin content

config_time

Time when the configuration is delivered this time

config

Detailed configuration description and detailed description of configuration items: https://definitions.com/doc/setup/others.html

Statistics reporting interface

Description : Upload rasp statistics

Request method : POST

Path : v1 / agent / report

Request body :

1 2 3 4 5 { "rasp_id":"569e8ea7a16123492b5878920fd36985", "time":15665422321, "request_sum":10000 }

Parameter description :

parameter

Parameter Type

have to

Explanation

parameter

Parameter Type

have to

Explanation

rasp_id

String

Yes

RASP unique identifier

time

int

Yes

Statistical time, millisecond timestamp

request_sum

int

no

Number of requests, default 0

Return results :

1 2 3 4 5 { "status":0, "description":"ok", "data":{} }

Crash reporting interface

Description : Upload rasp crash information

Request method : POST

Path : v1 / agent / crash / report

Request body :

Format: multipart / form - data

content:

crash_log: hs_err_pid25945.log

hostname: Mac-xxxx-host

language: java

rasp_id: d5ged5g54dr1gdr5d5erg5rdg

Parameter description :

parameter

Parameter Type

have to

Explanation

parameter

Parameter Type

have to

Explanation

crash_log

file

Yes

Crash log

rasp_id

String

Yes

RASP unique identifier, RASP may not exist

language

String

no

RASP language

hostname

String

no

CPU name

Return results :

1 2 3 4 5 { "status":0, "description":"ok", "data":{} }

Upload attack alarm log

Description : Upload RASP attack log

Request method : POST

Path : v1 / agent / log / attack

Request body :

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39