Skip to main content
McAfee MVISION Cloud

IaaS Resources API

The following IaaS Resource APIs fetches the latest and detailed information about a resource such as Security configuration Incidents, tags, and additional details of a resource. You must have Usage Analytics Users role with manage privilege to make a request to IaaS Resource API.

API to get the list of resources

API: POST  https://www.myshn.net/shnapi/rest/external/api/v1/iaas/resources
Authorization: Basic Auth
Content-Type: application/json

Request Body:

{
    "filter_params": [
        {
            "field": "Region",
            "values": [
                "Central US",
                "Iowa, USA"
            ]
        },
        {
            "field": "Compliant With Policy",
            "values": [
                "Yes",
                "No"
            ]
        },
        {
            "field": "Account Name",
            "values": [
                "Azure"
            ]
        },
        {
            "field": "Resource Type",
            "values": ["Network Security Group", "Disk"]
        },
        {
            "field": "Category",
            "values": ["Network", "Other"]
        },
        {
            "field": "Provider",
            "values": ["Microsoft Azure"]
        }
    ],
    "page_info": {
        "limit": 100,
        "offset": 0
    },
    "sort_info": {
        "sortColumn": "Name",
        "sortOrder": "ASC"
    }
}

Construction of the Request body:

Filter params:

The filters in params section lets you filter the resources. Each filter param contains two fields:

  1. field -> represents the header of the filter in the Resources page.
  2. values -> represents the values displayed under the filter.

Page Info:

The page info section contains the limit and offset: 

  1. limit -> represents the number of records.
  2. offset -> represents the starting point to return rows from a result set.

Sort Info:

Sort info section contains sortColumn and sortOrder.

  1. sortColumn -> displays the sorted results.
  2. sortOrder -> sorts by ascending(ASC) or descending(DESC).

Response

If you do not have the Usage Analytics User role with the Manage privilege, you will get the following response:

{
    "error": "access_denied",
    "error_description": "Access is denied"
} 

If you have specified an invalid data in the request body, you will get the following response:

 {
  "Errors": [
    "Invalid field name: Region name",
    "Invalid field name: Compliant Status"
  ]
}

If you try to fetch more than 200k resources, you will get the following response:

{
    "Errors": [
        "Fetching 200001 records not permitted, since the max limit is: 200000"
    ]
} 

On successful execution of the request body, you will get the following response:

[
    {
        "resource_id": "29367b4efd5a7b12b82e657f7dc1720a8e24205b4b225b3f911fe01d3bf51141",
        "entity_id": "/subscriptions/1234/resourceGroups/MC_container-security_container-security_centralus/providers/Microsoft.Network/networkSecurityGroups/aks-agentpool-15493165-nsg",
        "compliant_status": "No",
        "resource_name": "aks-agentpool-15493165-nsg",
        "resource_type": "Network Security Group",
        "category": "Network",
        "region": "Central US",
        "account_id": "1234",
        "account_name": "Azure"
    },
    {
        "resource_id": "d26db75e5d17b86f1d54ab7a0fe9d7cf003bc465c4466a2af0d228655305b44f",
        "entity_id": "/subscriptions/1234/resourceGroups/auqarg/providers/Microsoft.Network/networkSecurityGroups/123",
        "compliant_status": "Yes",
        "resource_name": "123",
        "resource_type": "Network Security Group",
        "category": "Network",
        "region": "Central US",
        "account_id": "1234",
        "account_name": "Azure"
    },
    {
        "resource_id": "e979c78504835e36492282d07b8d65e613ff23471cb6f64755e699c5336c9c1f",
        "entity_id": "/subscriptions/1234/resourceGroups/tenantonboarding/providers/Microsoft.Network/networkSecurityGroups/testconfigaudit-nsg",
        "compliant_status": "No",
        "resource_name": "testconfigaudit-nsg",
        "resource_type": "Network Security Group",
        "category": "Network",
        "region": "Central US",
        "account_id": "1234",
        "account_name": "Azure"
    },
    {
        "resource_id": "fe3772b1bc142b43b2b978c64e9099659c3d919c52820d0c23e12124eb373078",
        "entity_id": "/subscriptions/1234/resourceGroups/config_audit/providers/Microsoft.Network/networkSecurityGroups/ARMTemplateNWSGP",
        "compliant_status": "No",
        "resource_name": "ARMTemplateNWSGP",
        "resource_type": "Network Security Group",
        "category": "Network",
        "region": "Central US",
        "account_id": "1234",
        "account_name": "Azure"
    }
] 

API to get detailed information about the resources


API: POST   https://www.myshn.net/shnapi/rest/external/api/v1/iaas/resourceInfo                    
Authorization: Basic Auth
Content-Type: application/json

Request Body:

{
    "resource_id": "5f272aca07e999e11c26b00b40265425d150aa8026c84560b4abea814da1781c",
    "resource_name": "elasticbeanstalk-ap-south-1-295207888133",
    "entity_id": "elasticbeanstalk-ap-south-1-295207888133"
}

Construction of the request body:

The request body contains:

  1. resource_id -> id of the resource.
  2. resource_name -> name of the resource.
  3. entity_id -> unique id of the entity.

For populating values to the fields, please refer to the response of the 2nd API.
 

Response

If you do not have the Usage Analytics User role with Manage privilege, you will get the following response:

{
    "error": "access_denied",
    "error_description": "Access is denied"
} 

On successful execution of the request body, you will get the following response:

{
    "message": "Success",
    "content": {
        "resource_violation_collection": {
            "incident_count": 4,
            "policy_details": [
                {
                    "policy_name": "access logging enabled for s3 bucket",
                    "policy_id": "132420",
                    "severity_label": "medium",
                    "severity_id": 1
                },
                {
                    "policy_name": "check lifecycle policy on s3 bucket",
                    "policy_id": "132398",
                    "severity_label": "low",
                    "severity_id": 0
                },
                {
                    "policy_name": "s3 object versioning enabled",
                    "policy_id": "132436",
                    "severity_label": "low",
                    "severity_id": 0
                },
                {
                    "policy_name": "mfa delete enabled on s3 buckets",
                    "policy_id": "132397",
                    "severity_label": "high",
                    "severity_id": 2
                }
            ]
        },
        "resource_metadata": {
            "tags": null,
            "additional_details": {
                "accessConfiguration.blockPublicAcls": false,
                "accessConfiguration.blockPublicPolicy": false,
                "accessConfiguration.ignorePublicAcls": false,
                "accessConfiguration.restrictPublicBuckets": false,
                "accountId": "123",
                "accountName": "MYAWS",
                "bucketGrants[0].granteeId": "b3e9ee61d08ffce2ab79dd0822d6e44eb7c3eccd9cd210104cb5310f16e9701c",
                "bucketGrants[0].granteeType": "id",
                "bucketGrants[0].permission": "FULL_CONTROL",
                "bucketName": "elasticbeanstalk-ap-south-1-123",
                "bucketOwner": null,
                "bucketPolicy": "{\"Version\":\"2008-10-17\",\"Statement\":[{\"Sid\":\"eb-ad78f54a-f239-4c90-adda-49e5f56cb51e\",\"Effect\":\"Allow\",\"Principal\":{\"AWS\":\"arn:aws:iam::295207888133:role/aws-elasticbeanstalk-ec2-role\"},\"Action\":\"s3:PutObject\",\"Resource\":\"arn:aws:s3:::elasticbeanstalk-ap-south-1-295207888133/resources/environments/logs/*\"},{\"Sid\":\"eb-af163bf3-d27b-4712-b795-d1e33e331ca4\",\"Effect\":\"Allow\",\"Principal\":{\"AWS\":\"arn:aws:iam::295207888133:role/aws-elasticbeanstalk-ec2-role\"},\"Action\":[\"s3:ListBucket\",\"s3:ListBucketVersions\",\"s3:GetObject\",\"s3:GetObjectVersion\"],\"Resource\":[\"arn:aws:s3:::elasticbeanstalk-ap-south-1-123\",\"arn:aws:s3:::elasticbeanstalk-ap-south-1-123/resources/environments/*\"]},{\"Sid\":\"eb-58950a8c-feb6-11e2-89e0-0800277d041b\",\"Effect\":\"Deny\",\"Principal\":{\"AWS\":\"*\"},\"Action\":\"s3:DeleteBucket\",\"Resource\":\"arn:aws:s3:::elasticbeanstalk-ap-south-1-123\"}]}",
                "dataSource": null,
                "defaultEncryptionEnabled": true,
                "isBucketLoggingEnabled": false,
                "isBucketVersioningEnabled": false,
                "isLifeCycleConfigurationEnabled": false,
                "isMfaDeleteEnabled": false,
                "isPubliclyReadable": false,
                "isPubliclyWritable": false,
                "publiclyAllowedActions": [],
                "publiclyAllowedReadActions": [],
                "region": "ap-south-1",
                "storage": true,
                "templateMetadata": null
            },
            "entity_type_id": 2048
        },
        "item_type": "s3"
    }
} 

API to get the count of resources

API: POST  https://www.myshn.net/shnapi/rest/external/api/v1/iaas/resourcesCount
Authorization : Basic Auth
Content-Type: application/json

Request Body: 

{
  "filter_params": [
    {
      "field": "Region",
      "values": [
        "Central US",
        "Iowa, USA"
      ]
    }
  ]
}

Response:


If you do not have the Usage Analytics User role with Manage privilege, you will get the following response:

{
    "error": "access_denied",
    "error_description": "Access is denied"
} 

On successful execution of the request body, you will get the following response:

1708 

You can filter the count of resources by adding filters to the request body. For adding filters, please refer "Construction of the request body" section in 2nd API.

 

  • Was this article helpful?