NAV

API Reference

The VulcanoSec API is based on REST. It is designed to be easy and predictable and to have resource-oriented URL endpoints. It uses common HTTP verbs and response codes to indicate API errors. Therefore the API can be understood by standard HTTP clients and libraries. In general the API uses JSON as data input and output format.

API Endpoint For VulcanoSec Suite On-Premise:

https://hostname/api/

Authentication

Example

# Request an access token via

curl -X POST https://hostname/api/oauth/token \
  -u admin:flyingsheepwithwings \
  -d "grant_type=client_credentials"

It returns

{
  "access_token": "VS3x1XSg4Hk/wxw8IP+2XpmoKynR7urxglaGfLfFRXbxYljxNW5mksOSNj+BkO2DVoQehGosBnqCJA8WAz3Jyg==",
  "expires_in": 79781,
  "token_type": "vulcanosec token"
}

HTTP Request

POST https://hostname/api/oauth/token

You need to send a ‘Authorization: Basic base64encodedpassword’ header with your username and password in order to retrieve a valid api token.

VulcanoSec uses API token to allow access to the API and expects for the API key to be included as HTTP Basic Authentication in all API requests to the server in a header that looks like the following:

Authorization: Basic VlMzeDFYU2c0SGsvd3h3OElQKzJYcG1vS3luUjd1cnhnbGFHZkxmRlJYYnhZbGp4Tlc1bWtzT1NOaitCa08yRFZvUWVoR29zQm5xQ0pBOFdBejNKeWc9PTo=

You need to provide your API key as the username like VS3x1XSg4Hk/wxw8IP+2XpmoKynR7urxglaGfLfFRXbxYljxNW5mksOSNj+BkO2DVoQehGosBnqCJA8WAz3Jyg==:. A password is not required. Basic Authentication uses the colon : to seperat between username and password.

// a method to generate the Basic header in JavaScript
// @see https://developer.mozilla.org/en-US/docs/Web/API/WindowBase64/btoa
var user = 'admin', pass = ''
btoa(user + ':' + pass)
// return "YWRtaW46"

For request authorization, use the following request scheme:

# With shell, you can just pass the correct header with each request
curl "https://hostname/api/version" \
  -u VS3x1XSg4Hk/wxw8IP+2XpmoKynR7urxglaGfLfFRXbxYljxNW5mksOSNj+BkO2DVoQehGosBnqCJA8WAz3Jyg==:

It returns

{
  "api": "vulcanosec",
  "version": "1.0.1"
}

Compliance Profiles

List all compliance profiles of owner

# lists all compliance profiles of a user
curl  "https://hostname/api/owners/vulcanosec/compliance" \
 -u VS3x1XSg4Hk/wxw8IP+2XpmoKynR7urxglaGfLfFRXbxYljxNW5mksOSNj+BkO2DVoQehGosBnqCJA8WAz3Jyg==:

It returns

{
    "linux": {
        "id": "linux",
        "owner": "vulcanosec",
        "name": "vulcanosec/linux",
        "title": "Basic Linux",
        "version": "1.0.0",
        "summary": "Verify that Linux nodes are configured securely",
        "description": "# Basic Linux Compliance Profile\n\ncopyright: 2015, Vulcano Security GmbH\nlicense: All rights reserved\n",
        "license": "Proprietary, All rights reserved",
        "copyright": "Vulcano Security GmbH",
        "copyright_email": "hello@vulcanosec.com"
    },
    "mysql": {
        "id": "mysql",
        "owner": "vulcanosec",
        "name": "vulcanosec/mysql",
        "title": "Basic MySQL",
        "version": "1.0.0",
        "summary": "Verify that MySQL Server is configured securely",
        "description": "# Basic MySQL Compliance Profile\n\ncopyright: 2015, Vulcano Security GmbH\nlicense: All rights reserved\n",
        "license": "Proprietary, All rights reserved",
        "copyright": "Vulcano Security GmbH",
        "copyright_email": "hello@vulcanosec.com"
    },
    ...
}

HTTP Request

GET /owners/:owner/compliance

Return values

Parameter Type  Description
id int  profile id
owner string owner of profile
name string identifier of profile
title string human readable profile title
version string version of profile
summary string describes the purpose of the profile
description string long description
license string license of the profile
copyright string copyright holder
copyright_email string contact for copyright holder

List specific compliance profile

# lists all compliance profiles of a user
curl  "https://hostname/api/owners/vulcanosec/compliance/ssh" \
 -u VS3x1XSg4Hk/wxw8IP+2XpmoKynR7urxglaGfLfFRXbxYljxNW5mksOSNj+BkO2DVoQehGosBnqCJA8WAz3Jyg==:

It returns

{
    "id": "ssh",
    "owner": "vulcanosec",
    "name": "vulcanosec/ssh",
    "title": "Basic SSH",
    "version": "1.0.0",
    "summary": "Verify that SSH Server and SSH Client are configured securely",
    "description": "# Basic SSH Compliance Profile\n\ncopyright: 2015, Vulcano Security GmbH\nlicense: All rights reserved\n",
    "license": "Proprietary, All rights reserved",
    "copyright": "Vulcano Security GmbH",
    "copyright_email": "hello@vulcanosec.com",
    "rules": {
        "spec/ssh_folder_spec": {
            "title": "SSH folder configuration",
            "rules": {
                "vulcanosec/ssh/basic-1": {
                    "impact": 1,
                    "title": "/etc/ssh should be a directory",
                    "desc": "In order for OpenSSH to function correctly, its configuration path must be a folder."
                },
                ...
            }
        }
    }
}

HTTP Request

GET /owners/:owner/compliance/:profile

List all compliance profiles accessible by user

The results is grouped by owners of the profiles.

# returns all profiles of a user
curl  "https://hostname/api/user/compliance" \
 -u VS3x1XSg4Hk/wxw8IP+2XpmoKynR7urxglaGfLfFRXbxYljxNW5mksOSNj+BkO2DVoQehGosBnqCJA8WAz3Jyg==:
{
    "acme": {
        "cis-ubuntu-level1": {
            "id": "cis-ubuntu-level1",
            "owner": "admin",
            "name": "admin/cis-ubuntu-level1",
            "title": "CIS Ubuntu 14.04 LTS Server Benchmark Level 1",
            "version": "1.0.0",
            "summary": "CIS Ubuntu 14.04 LTS Server Benchmark",
            "description": "# CIS Ubuntu 14.04 LTS Server Benchmark\n\ncopyright: 2015, Vulcano Security GmbH\nlicense: All rights reserved\n",
            "license": "Proprietary, All rights reserved",
            "copyright": "Vulcano Security GmbH",
            "copyright_email": "hello@vulcanosec.com"
        }
    },
    "vulcanosec": {
        "linux": {
            "id": "linux",
            "owner": "vulcanosec",
            "name": "vulcanosec/linux",
            "title": "Basic Linux",
            "version": "1.0.0",
            "summary": "Verify that Linux nodes are configured securely",
            "description": "# Basic Linux Compliance Profile\n\ncopyright: 2015, Vulcano Security GmbH\nlicense: All rights reserved\n",
            "license": "Proprietary, All rights reserved",
            "copyright": "Vulcano Security GmbH",
            "copyright_email": "hello@vulcanosec.com"
        },
        ...
    }
}

HTTP Request

GET /user/compliance

Upload a compliance profile

This endpoint allows you to upload a tar or zip. It will extract the owner and id from the vmetadata.rb and use this information to place the profile accordingly.

# uses httpie and jq
server="https://hostname/api"
token=$(http post $server/oauth/token -a admin:flyingsheepwithwings | jq '.access_token' | tr -d '"')
tar -cvzf newprofile.tar.gz newprofile
http -a $token: "$server/owners/admin/compliance" < newprofile.tar.gz

HTTP Request

POST /owners/:owner/compliance/

Upload a compliance profile as ZIP

Uploads a new profile to a specific id via zip. Create a new tar via zip -r newprofile.zip profile_directory. You could also use the context menu of Windows and MacOS to compress the profile directory.

# uses httpie and jq
server="https://hostname/api"
token=$(http post $server/oauth/token -a admin:flyingsheepwithwings | jq '.access_token' | tr -d '"')
zip -r newprofile.zip newprofile
http -a $token: "$server/owners/admin/compliance/newprofile/zip" < newprofile.zip

HTTP Request

POST /owners/:owner/compliance/:profile/zip

Upload a compliance profile as TAR.

Upload a new profile to a specific id via tar. Create a new tar via tar -cvzf newprofile.tar.gz profile_directory

# uses httpie and jq
server="https://hostname/api"
token=$(http post $server/oauth/token -a admin:flyingsheepwithwings | jq '.access_token' | tr -d '"')
tar -cvzf newprofile.tar.gz newprofile
http -a $token: "$server/owners/admin/compliance/newprofile/tar" < newprofile.tar.gz

HTTP Request

POST /owners/:owner/compliance/:profile/tar

Download a compliance profile as TAR.

Downloads an existing profile from the server and allows you to modify it.

# uses httpie and jq
server="https://hostname/api"
token=$(http post $server/oauth/token -a admin:flyingsheepwithwings | jq '.access_token' | tr -d '"')
http -a $token: "$server/owners/admin/compliance/ssh/tar" > profile.tar.gz
tar -zxvf profile.tar.gz

HTTP Request

GET /owners/:owner/compliance/:profile/tar

Environments

List all environments

# lists all environments
curl  "https://hostname/api/owners/acme/envs" \
 -u VS3x1XSg4Hk/wxw8IP+2XpmoKynR7urxglaGfLfFRXbxYljxNW5mksOSNj+BkO2DVoQehGosBnqCJA8WAz3Jyg==:

It returns

[
  {
    "id": "production",
    "owner": "acme",
    "name": "",
    "lastScan": "0001-01-01T00:00:00Z",
    "complianceStatus": 0,
    "patchlevelStatus": 0,
    "unknownStatus": 0
  }
]

Returns all environments in our organization

HTTP Request

GET https://hostname/api/owners/:user/envs/:env

Get environment

# lists all environments
curl  "https://hostname/api/owners/acme/envs/production" \
 -u VS3x1XSg4Hk/wxw8IP+2XpmoKynR7urxglaGfLfFRXbxYljxNW5mksOSNj+BkO2DVoQehGosBnqCJA8WAz3Jyg==:

It returns

{
  "id": "production",
  "owner": "acme",
  "name": "",
  "lastScan": "0001-01-01T00:00:00Z",
  "complianceStatus": 0,
  "patchlevelStatus": 0,
  "unknownStatus": 0
}

HTTP Request

GET https://hostname/api/owners/:user/envs/:env/

Create environment

# creates an environment
curl -v -X POST "https://hostname/api/owners/acme/envs" \
 -H "Content-Type: application/json" \
 -u VS3x1XSg4Hk/wxw8IP+2XpmoKynR7urxglaGfLfFRXbxYljxNW5mksOSNj+BkO2DVoQehGosBnqCJA8WAz3Jyg==: \
  -d "{ \"id\": \"production\"}"

It returns

Status: 204 No Content

HTTP Request

POST https://hostname/api/owners/:user/envs/

Parameter Type  Description
id string  Required. The identifier for the environment

Delete environment

# deletes an environments
curl -X DELETE "https://hostname/api/owners/acme/envs/production" \
 -u VS3x1XSg4Hk/wxw8IP+2XpmoKynR7urxglaGfLfFRXbxYljxNW5mksOSNj+BkO2DVoQehGosBnqCJA8WAz3Jyg==:

It returns

Status: 204 No Content

HTTP Request

DELETE https://hostname/api/owners/:user/envs/:env

Errors

The VulcanoSec API uses conventional HTTP response codes to highlight a request success or failure. The following codes are used:

Error Code Meaning
200 OK – Everything worked as expected.
400 Bad Request – In most cases a required parameter is missing.
401 Unauthorized – No valid API key provided.
402  Request Failed – Parameters were valid but request failed.
403 Forbidden – You do not have the permission to execute the request
404 Not Found – The specified resource could not be found
429 Too Many Requests – You reached the rate limit.
500, 501, 502, 503 Server Error – Something went wrong.

In general, 2xx codes indicate success, 4xx indicate a request error (e.g. data is missing) and 5xx indicate an error with VulcanoSec API.

Job Runs

List all jobs

# list all jobs
curl  "https://hostname/api/owners/acme/jobs" \
 -u VS3x1XSg4Hk/wxw8IP+2XpmoKynR7urxglaGfLfFRXbxYljxNW5mksOSNj+BkO2DVoQehGosBnqCJA8WAz3Jyg==:

It returns

[{
  "id": "76fdce4d-0734-441c-b01b-6dd6bfce081a",
  "status": "done",
  "nextRun": "2015-07-21T20:55:00Z",
  "schedule": "2015-07-21T20:55:00Z"
}, {
  "id": "c8ba8e88-7e45-4253-9081-cbb17a5f0c76",
  "status": "scheduled",
  "name": "Rec",
  "nextRun": "2015-07-21T23:11:00Z",
  "schedule": {
    "month": "*",
    "day": "21",
    "weekday": "*",
    "hour": "23",
    "minute": "11"
  }
}, {
  "id": "e0d5bbf0-a1c4-4c50-ad09-fc1486068e8c",
  "status": "skipped",
  "nextRun": "0001-01-01T00:00:00Z",
  "schedule": "2015-07-21T20:25:00Z"
}]

HTTP Request

GET https://hostname/api/owners/:user/jobs

Return values

Parameter Type  Description
id uuid id of job run
name  string name of the job
status string 'done’, 'scheduled’ or 'skipped’
nextRun iso-date  next scheduled run in UTC
schedule cron or iso-date  schedule

Get job details

# get job details
curl  "https://hostname/api/owners/acme/jobs/c8ba8e88-7e45-4253-9081-cbb17a5f0c76" \
 -u VS3x1XSg4Hk/wxw8IP+2XpmoKynR7urxglaGfLfFRXbxYljxNW5mksOSNj+BkO2DVoQehGosBnqCJA8WAz3Jyg==:

It returns

{
  "id": "c8ba8e88-7e45-4253-9081-cbb17a5f0c76",
  "status": "scheduled",
  "name": "Rec",
  "nextRun": "2015-07-21T23:11:00Z",
  "schedule": {
    "month": "*",
    "day": "21",
    "weekday": "*",
    "hour": "23",
    "minute": "11"
  },
  "tasks": [{
    "type": "scan",
    "environments": [{
      "nodes": ["u12", "u14"],
      "id": "production"
    }],
    "compliance": [{
      "owner": "vulcanosec",
      "profile": "linux"
    }, {
      "owner": "vulcanosec",
      "profile": "ssh"
    }],
    "patchlevel": [{
      "profile": "default",
      "force": false
    }]
  }]
}

HTTP Request

GET https://hostname/api/owners/:user/jobs/:jobid

Return values

Parameter Type  Description
id uuid id of job run
name  string name of the job
status string 'done’, 'scheduled’ or 'skipped’
nextRun iso-date  next scheduled run in UTC
schedule cron or iso-date  schedule
tasks  array  contains compliance scans or patch runs

Create job

# creates a job
curl -v -X POST "https://hostname/api/owners/acme/jobs" \
 -H "Content-Type: application/json" \
 -u VS3x1XSg4Hk/wxw8IP+2XpmoKynR7urxglaGfLfFRXbxYljxNW5mksOSNj+BkO2DVoQehGosBnqCJA8WAz3Jyg==: \
  -d "{\"id\":\"c8ba8e88-7e45-4253-9081-cbb17a5f0c76\",\"name\":\"Rec\",\"schedule\":{\"hour\":\"23\",\"minute\":\"11\",\"day\":\"21\",\"month\":\"*\",\"weekday\":\"*\"},\"tasks\":[{\"compliance\":[{\"owner\":\"vulcanosec\",\"profile\":\"linux\"},{\"owner\":\"vulcanosec\",\"profile\":\"ssh\"}],\"environments\":[{\"id\":\"production\",\"nodes\":[\"u12\",\"u14\"]}],\"patchlevel\":[{\"profile\":\"default\"}],\"type\":\"scan\"}]}"

uses the following json


{
  "id": "c8ba8e88-7e45-4253-9081-cbb17a5f0c76",
  "name": "Rec",
  "schedule": {
    "hour": "23",
    "minute": "11",
    "day": "21",
    "month": "*",
    "weekday": "*"
  },
  "tasks": [{
    "compliance": [{
      "owner": "vulcanosec",
      "profile": "linux"
    }, {
      "owner": "vulcanosec",
      "profile": "ssh"
    }],
    "environments": [{
      "id": "production",
      "nodes": ["u12", "u14"]
    }],
    "patchlevel": [{
      "profile": "default"
    }],
    "type": "scan"
  }]
}

``

> It returns

```http
Status: 204 No Content

HTTP Request

POST https://hostname/api/owners/:user/jobs/

Delete job

# deletes a job
curl -X DELETE "https://hostname/api/owners/acme/jobs/c8ba8e88-7e45-4253-9081-cbb17a5f0c76" \
 -u VS3x1XSg4Hk/wxw8IP+2XpmoKynR7urxglaGfLfFRXbxYljxNW5mksOSNj+BkO2DVoQehGosBnqCJA8WAz3Jyg==:

It returns

Status: 204 No Content

HTTP Request

DELETE https://hostname/api/owners/:user/jobs/:jobid

Key Pairs

List Key Pairs

# lists key pairs for user or organization
curl  "https://hostname/api/owners/admin/keys" \
 -u VS3x1XSg4Hk/wxw8IP+2XpmoKynR7urxglaGfLfFRXbxYljxNW5mksOSNj+BkO2DVoQehGosBnqCJA8WAz3Jyg==:

It returns

[{
    "owner": "admin",
    "id": "vagrant",
    "name": "vagrant",
    "public": "ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEA6NF8iallvQVp22WDkTkyrtvp9eWW6A8YVr+kz4TjGYe7gHzIw+niNltGEFHzD8+v1I2YJ6oXevct1YeS0o9HZyN1Q9qgCgzUFtdOKLv6IedplqoPkcmF0aYet2PkEDo3MlTBckFXPITAMzF8dJSIFo9D8HfdOV0IAdx4O7PtixWKn5y2hMNG0zQPyUecp4pzC6kivAIhyfHilFR61RGL+GPXQ2MWZWFYbAGjyiYJnAmCP3NOTd0jMZEnDkbUvxhMmBYSdETk1rRgm+R4LOzFUGaHqHDLKLX+FIPKcF96hrucXzcWyLbIbEgE98OHlnVYCzRdK8jlqm8tehUc9c9WhQ== vagrant insecure public key"
}]

List all key pairs with public keys for an existing user or organization

HTTP Request

GET https://hostname/api/owners/:user/keys

Add Key Pair

# creates a new user
curl -X POST "https://hostname/api/owners/admin/keys/" \
 -H "Content-Type: application/json" \
 -u VS3x1XSg4Hk/wxw8IP+2XpmoKynR7urxglaGfLfFRXbxYljxNW5mksOSNj+BkO2DVoQehGosBnqCJA8WAz3Jyg==: \
  -d "{ \"id\": \"vagrant\", \"name\": \"vagrant\", \"private\": \"...\", \"public\": \"...\"}"

uses the following json

{
    "name": "vagrant",
    "id": "vagrant",
    "private": "-----BEGIN RSA PRIVATE KEY-----\nMIIEogIBAAKCAQEA6NF8iallvQVp22WDkTkyrtvp9eWW6A8YVr+kz4TjGYe7gHzI\nw+niNltGEFHzD8+v1I2YJ6oXevct1YeS0o9HZyN1Q9qgCgzUFtdOKLv6IedplqoP\nkcmF0aYet2PkEDo3MlTBckFXPITAMzF8dJSIFo9D8HfdOV0IAdx4O7PtixWKn5y2\nhMNG0zQPyUecp4pzC6kivAIhyfHilFR61RGL+GPXQ2MWZWFYbAGjyiYJnAmCP3NO\nTd0jMZEnDkbUvxhMmBYSdETk1rRgm+R4LOzFUGaHqHDLKLX+FIPKcF96hrucXzcW\nyLbIbEgE98OHlnVYCzRdK8jlqm8tehUc9c9WhQIBIwKCAQEA4iqWPJXtzZA68mKd\nELs4jJsdyky+ewdZeNds5tjcnHU5zUYE25K+ffJED9qUWICcLZDc81TGWjHyAqD1\nBw7XpgUwFgeUJwUlzQurAv+/ySnxiwuaGJfhFM1CaQHzfXphgVml+fZUvnJUTvzf\nTK2Lg6EdbUE9TarUlBf/xPfuEhMSlIE5keb/Zz3/LUlRg8yDqz5w+QWVJ4utnKnK\niqwZN0mwpwU7YSyJhlT4YV1F3n4YjLswM5wJs2oqm0jssQu/BT0tyEXNDYBLEF4A\nsClaWuSJ2kjq7KhrrYXzagqhnSei9ODYFShJu8UWVec3Ihb5ZXlzO6vdNQ1J9Xsf\n4m+2ywKBgQD6qFxx/Rv9CNN96l/4rb14HKirC2o/orApiHmHDsURs5rUKDx0f9iP\ncXN7S1uePXuJRK/5hsubaOCx3Owd2u9gD6Oq0CsMkE4CUSiJcYrMANtx54cGH7Rk\nEjFZxK8xAv1ldELEyxrFqkbE4BKd8QOt414qjvTGyAK+OLD3M2QdCQKBgQDtx8pN\nCAxR7yhHbIWT1AH66+XWN8bXq7l3RO/ukeaci98JfkbkxURZhtxV/HHuvUhnPLdX\n3TwygPBYZFNo4pzVEhzWoTtnEtrFueKxyc3+LjZpuo+mBlQ6ORtfgkr9gBVphXZG\nYEzkCD3lVdl8L4cw9BVpKrJCs1c5taGjDgdInQKBgHm/fVvv96bJxc9x1tffXAcj\n3OVdUN0UgXNCSaf/3A/phbeBQe9xS+3mpc4r6qvx+iy69mNBeNZ0xOitIjpjBo2+\ndBEjSBwLk5q5tJqHmy/jKMJL4n9ROlx93XS+njxgibTvU6Fp9w+NOFD/HvxB3Tcz\n6+jJF85D5BNAG3DBMKBjAoGBAOAxZvgsKN+JuENXsST7F89Tck2iTcQIT8g5rwWC\nP9Vt74yboe2kDT531w8+egz7nAmRBKNM751U/95P9t88EDacDI/Z2OwnuFQHCPDF\nllYOUI+SpLJ6/vURRbHSnnn8a/XG+nzedGH5JGqEJNQsz+xT2axM0/W/CRknmGaJ\nkda/AoGANWrLCz708y7VYgAtW2Uf1DPOIYMdvo6fxIB5i9ZfISgcJ/bbCUkFrhoH\n+vq/5CIWxCPp0f85R4qxxQ5ihxJ0YDQT9Jpx4TMss4PSavPaBH3RXow5Ohe+bYoQ\nNE5OgEXk2wVfZczCZpigBKbKZHNYcelXtTt/nP3rsCuGcM4h53s=\n-----END RSA PRIVATE KEY-----",
    "public": "ssh-rsa AAAAB3NzaC1yc2EAAAABIwAAAQEA6NF8iallvQVp22WDkTkyrtvp9eWW6A8YVr+kz4TjGYe7gHzIw+niNltGEFHzD8+v1I2YJ6oXevct1YeS0o9HZyN1Q9qgCgzUFtdOKLv6IedplqoPkcmF0aYet2PkEDo3MlTBckFXPITAMzF8dJSIFo9D8HfdOV0IAdx4O7PtixWKn5y2hMNG0zQPyUecp4pzC6kivAIhyfHilFR61RGL+GPXQ2MWZWFYbAGjyiYJnAmCP3NOTd0jMZEnDkbUvxhMmBYSdETk1rRgm+R4LOzFUGaHqHDLKLX+FIPKcF96hrucXzcWyLbIbEgE98OHlnVYCzRdK8jlqm8tehUc9c9WhQ== vagrant insecure public key"
}

It returns

Status: 204 No Content

Adds a new keypair to an existing user or organization

HTTP Request

POST https://hostname/api/owners/:user/keys

Parameter Type  Description
id string identifier of key
name string user readable name of the key
public string public key in openssh format
private string private key in openssh format

Edit Key Pair

# edit a key pair
curl -X PATCH "https://hostname/api/owners/admin/keys/vagrant" \
 -u VS3x1XSg4Hk/wxw8IP+2XpmoKynR7urxglaGfLfFRXbxYljxNW5mksOSNj+BkO2DVoQehGosBnqCJA8WAz3Jyg==: \
 -d "{\"name\":\"My Vagrant Key\"}"

It returns

Status: 204 No Content

Edits an existing key pair from a user or organization

HTTP Request

PATCH https://hostname/api/owners/:user/keys/:keyname

Delete Key Pair

# deletes a key pair
curl -X DELETE "https://hostname/api/owners/admin/keys/vagrant" \
 -u VS3x1XSg4Hk/wxw8IP+2XpmoKynR7urxglaGfLfFRXbxYljxNW5mksOSNj+BkO2DVoQehGosBnqCJA8WAz3Jyg==:

It returns

Status: 204 No Content

Removes an existing key pair from a user or organization

HTTP Request

DELETE https://hostname/api/owners/:user/keys/:keyname

Nodes

Get environments nodes

# lists all nodes in environment
curl  "https://hostname/api/owners/acme/envs/production/nodes" \
 -u VS3x1XSg4Hk/wxw8IP+2XpmoKynR7urxglaGfLfFRXbxYljxNW5mksOSNj+BkO2DVoQehGosBnqCJA8WAz3Jyg==:

It returns

[
  {
    "id": "192.168.100.200",
    "environment": "production",
    "owner": "acme",
    "name": "",
    "hostname": "192.168.100.200",
    "loginMethod": "ssh",
    "loginUser": "root",
    "loginPassword": "",
    "loginKey": "sshpublickey",
    "loginPort": 0,
    "disableSudo": false,
    "sudoOptions": "",
    "sudoPassword": "",
    "lastScan": "0001-01-01T00:00:00Z",
    "lastScanID": "",
    "os_family": "",
    "os_release": "",
    "os_arch": "",
    "complianceStatus": 0,
    "patchlevelStatus": 0,
    "unknownStatus": 0
  }
]

HTTP Request

GET https://hostname/api/owners/:user/envs/:env/nodes

Get specific nodes

# get node overview
curl  "https://hostname/api/owners/acme/envs/production/nodes/192.168.100.200" \
 -u VS3x1XSg4Hk/wxw8IP+2XpmoKynR7urxglaGfLfFRXbxYljxNW5mksOSNj+BkO2DVoQehGosBnqCJA8WAz3Jyg==:

It returns

{
  "id": "192.168.100.200",
  "environment": "production",
  "owner": "acme",
  "name": "",
  "hostname": "192.168.100.200",
  "loginMethod": "ssh",
  "loginUser": "root",
  "loginPassword": "",
  "loginKey": "sshpublickey",
  "loginPort": 0,
  "disableSudo": false,
  "sudoOptions": "",
  "sudoPassword": "",
  "lastScan": "0001-01-01T00:00:00Z",
  "lastScanID": "",
  "os_family": "",
  "os_release": "",
  "os_arch": "",
  "complianceStatus": 0,
  "patchlevelStatus": 0,
  "unknownStatus": 0
}

HTTP Request

GET https://hostname/api/owners/:user/envs/:env/nodes/:node

Create node

# creates a node
curl -X POST "https://hostname/api/owners/acme/envs/nodes" \
 -H "Content-Type: application/json" \
 -u VS3x1XSg4Hk/wxw8IP+2XpmoKynR7urxglaGfLfFRXbxYljxNW5mksOSNj+BkO2DVoQehGosBnqCJA8WAz3Jyg==: \
  -d "{\"loginUser\":\"root\",\"loginMethod\":\"ssh\",\"loginKey\":\"acme/nameofkey\",\"hostname\":\"192.168.100.200\",\"loginPort\":22,\"id\":\"192.168.100.200\"}"

uses the following json

{
    "loginUser": "root",
    "loginMethod": "ssh",
    "loginKey": "acme/nameofkey",
    "hostname": "192.168.100.200",
    "loginPort": 22,
    "id": "192.168.100.200"
}

It returns

Status: 204 No Content

HTTP Request

POST https://hostname/api/owners/:user/envs/:env/nodes

Get node status

# shows node status
curl  "https://hostname/api/owners/acme/envs/production/nodes" \
 -u VS3x1XSg4Hk/wxw8IP+2XpmoKynR7urxglaGfLfFRXbxYljxNW5mksOSNj+BkO2DVoQehGosBnqCJA8WAz3Jyg==: 

It returns

[
    {
        "complianceStatus": 0, 
        "disableSudo": false, 
        "environment": "production", 
        "hostname": "192.168.100.200", 
        "id": "192.168.100.200", 
        "lastScan": "2015-06-26T15:17:30.945183863Z", 
        "lastScanID": "1170660a-7e50-4c3a-6da7-eaa510e2f0a9", 
        "loginKey": "admin/vagrant", 
        "loginMethod": "ssh", 
        "loginPassword": "", 
        "loginPort": 22, 
        "loginUser": "root", 
        "name": "", 
        "os_arch": "x86_64", 
        "os_family": "ubuntu", 
        "os_release": "14.04", 
        "owner": "admin", 
        "patchlevelStatus": 0.045643155, 
        "sudoOptions": "", 
        "sudoPassword": "", 
        "unknownStatus": 0
    }
]

HTTP Request

GET https://hostname/api/owners/:user/envs/:env/nodes/:node

Connectivity check for node

# shows node patch state
curl  "https://hostname/api/owners/acme/envs/production/nodes/192.168.100.200/connectivity" \
 -u VS3x1XSg4Hk/wxw8IP+2XpmoKynR7urxglaGfLfFRXbxYljxNW5mksOSNj+BkO2DVoQehGosBnqCJA8WAz3Jyg==: 

It returns

Status: 200 (success) or 402 (error)

HTTP Request

GET https://hostname/api/owners/:user/envs/:env/nodes/:node/connectivity

Response Code Meaning
200 OK – Everything worked as expected.
402  Request Failed – Node is not reachable.

In case of an error the request returns one of the following error messages:

Connection Timeout

{
  "error":"connection timed out",
  "message":"Failed to connect to {destination}, connection timed out."
}

Connection Refused

{
  "error":"connection refused",
  "message":"Failed to connect to {destination}, connection refused."
}

Authentication Failed

{
  "error":"authentication failed",
  "message":"Authentication failed for {destination}"
}

Sudo Password Required

{
  "error":"sudo password required",
  "message":"Failed to run commands on {destination}: "+
  "The node is configured to use sudo, but sudo requires a password to run commands."
}

Wrong Sudo Password

{
  "error":"wrong sudo password",
  "message":"Failed to run commands on {destination}: Sudo password is incorrect."
}

Cannot Use Sudo

{
  "error":"no sudo",
  "message":"Failed to run commands on {destination}: "+
  "Cannot use sudo, please deactivate it or configure sudo for this user."
}

Get compliance level of node

# shows node compliance state
curl  "https://hostname/api/owners/acme/envs/production/nodes/192.168.100.200/compliance" \
 -u VS3x1XSg4Hk/wxw8IP+2XpmoKynR7urxglaGfLfFRXbxYljxNW5mksOSNj+BkO2DVoQehGosBnqCJA8WAz3Jyg==: 

It returns

[
    {
        "failures": 1, 
        "impact": 1, 
        "log": "Linux kernel parameter \"net.ipv4.tcp_syncookies\" value should eq 1", 
        "profileID": "linux", 
        "profileOwner": "vulcanosec", 
        "rule": "vulcanosec/linux/sysctl-ipv4-9.2", 
        "skipped": false
    }, 
    {
        "failures": 1, 
        "impact": 0.5, 
        "log": "Path \"/tmp\" should be mounted", 
        "profileID": "linux", 
        "profileOwner": "vulcanosec", 
        "rule": "vulcanosec/linux/fs-1", 
        "skipped": false
    }, 
...
]

HTTP Request

GET https://hostname/api/owners/:user/envs/:env/nodes/:node/compliance

Get available patches for node

# shows node patch state
curl  "https://hostname/api/owners/acme/envs/production/nodes/192.168.100.200/patches" \
 -u VS3x1XSg4Hk/wxw8IP+2XpmoKynR7urxglaGfLfFRXbxYljxNW5mksOSNj+BkO2DVoQehGosBnqCJA8WAz3Jyg==:

It returns

[
    {
        "arch": "amd64",
        "criticality": 0,
        "installedVersion": "2.7.3-0ubuntu3.6",
        "name": "python2.7-minimal",
        "repo": "Ubuntu:12.04/precise-updates",
        "type": "deb",
        "version": "2.7.3-0ubuntu3.8"
    },
...
]

HTTP Request

GET https://hostname/api/owners/:user/envs/:env/nodes/:node/patches

Get installed packages of node

# shows node patch state
curl  "https://hostname/api/owners/acme/envs/production/nodes/192.168.100.200/packages" \
 -u VS3x1XSg4Hk/wxw8IP+2XpmoKynR7urxglaGfLfFRXbxYljxNW5mksOSNj+BkO2DVoQehGosBnqCJA8WAz3Jyg==:

It returns

[
    {
        "arch": "add",
        "name": "adduser",
        "repo": "",
        "type": "deb",
        "version": "3.113ubuntu2"
    },
    {
        "arch": "commandline",
        "name": "apt",
        "repo": "",
        "type": "deb",
        "version": "0.8.16~exp12ubuntu10.24"
    },
...
]

HTTP Request

GET https://hostname/api/owners/:user/envs/:env/nodes/:node/packages

Organizations

List your organizations

# lists all organizations
curl  "https://hostname/api/orgs" \
 -u VS3x1XSg4Hk/wxw8IP+2XpmoKynR7urxglaGfLfFRXbxYljxNW5mksOSNj+BkO2DVoQehGosBnqCJA8WAz3Jyg==:

It returns

[
  {
    "id": "acme",
    "name": "Acme Industries"
  }
]

Returns a list of all your organizations.

HTTP Request

GET https://hostname/api/orgs/

Get an organization

# Get an organizations
curl  "https://hostname/api/orgs/acme" \
 -u VS3x1XSg4Hk/wxw8IP+2XpmoKynR7urxglaGfLfFRXbxYljxNW5mksOSNj+BkO2DVoQehGosBnqCJA8WAz3Jyg==:

It returns

{
  "id": "acme",
  "name": "Acme Industries"
}

HTTP Request

GET https://hostname/api/orgs/:org

Return a single organization.

Create an organization

# creates a new organizations
curl -X POST "https://hostname/api/orgs" \
 -H "Content-Type: application/json" \
 -u VS3x1XSg4Hk/wxw8IP+2XpmoKynR7urxglaGfLfFRXbxYljxNW5mksOSNj+BkO2DVoQehGosBnqCJA8WAz3Jyg==: \
  -d "{ \"id\":\"acme\", \"name\":\"Acme Industries\"}"

It returns

Status: 204 No Content

HTTP Request

POST https://hostname/api/orgs/

Arguments

Parameter Type  Description
id string  Required. The ID of the organization
name string  Required. The name of the organization

Edit an organization

# edits an organizations
curl -X PATCH "https://hostname/api/orgs/acme" \
 -H "Content-Type: application/json" \
 -u VS3x1XSg4Hk/wxw8IP+2XpmoKynR7urxglaGfLfFRXbxYljxNW5mksOSNj+BkO2DVoQehGosBnqCJA8WAz3Jyg==: \
  -d "{\"name\":\"Acme Industries Inc.\"}"

It returns

Status: 204 No Content

Edits the name of an organization.

HTTP Request

PATCH https://hostname/api/orgs/

Arguments

Parameter Type  Description
name string  The name of the organization

Delete an organization

# deletes an organizations
curl -X DELETE "https://hostname/api/orgs/acme" \
 -u VS3x1XSg4Hk/wxw8IP+2XpmoKynR7urxglaGfLfFRXbxYljxNW5mksOSNj+BkO2DVoQehGosBnqCJA8WAz3Jyg==:

It returns

Status: 204 No Content

This request deletes an existing organization. Deleting an organization requires admin rights access.

HTTP Request

DELETE https://hostname/api/orgs/:org

Patch Runs

List all patchrun reports

# list all scans
curl  "https://hostname/api/owners/acme/patchruns" \
 -u VS3x1XSg4Hk/wxw8IP+2XpmoKynR7urxglaGfLfFRXbxYljxNW5mksOSNj+BkO2DVoQehGosBnqCJA8WAz3Jyg==:

It returns

[
  {
    "config": null,
    "end": "2015-06-29T04:52:00.739010716Z",
    "failureCount": 0,
    "id": "210a994c-8bef-4c89-4a1c-09418e19d92c",
    "nodeCount": 1,
    "owner": "acme",
    "progress": 0,
    "skipCount": 0,
    "start": "2015-06-29T04:51:39.739010716Z",
    "successCount": 1
  }
]

HTTP Request

GET https://hostname/api/owners/:user/patchruns

Return values

Parameter Type  Description
id string id of patch run
start date  iso time
end date  iso time
nodeCount int  amount of applied nodes
successCount int  amount of successful patches
failureCount int  amount of patches with errors
skipCount int amount patches that have not been applied

Get patch run details

# get scan details
curl  "https://hostname/api/owners/acme/patchruns/210a994c-8bef-4c89-4a1c-09418e19d92c" \
 -u VS3x1XSg4Hk/wxw8IP+2XpmoKynR7urxglaGfLfFRXbxYljxNW5mksOSNj+BkO2DVoQehGosBnqCJA8WAz3Jyg==:

It returns

{
    "config": null,
    "end": "0001-01-01T00:00:00Z",
    "failureCount": 0,
    "id": "210a994c-8bef-4c89-4a1c-09418e19d92c",
    "nodeCount": 1,
    "owner": "admin",
    "progress": 0,
    "skipCount": 0,
    "start": "2015-06-29T04:51:39.739010716Z",
    "successCount": 1
}

HTTP Request

GET https://hostname/api/owners/:user/patchruns/:patchrunid

List nodes of patch run

# get scan details
curl  "https://hostname/api/owners/acme/patchruns/210a994c-8bef-4c89-4a1c-09418e19d92c/nodes" \
 -u VS3x1XSg4Hk/wxw8IP+2XpmoKynR7urxglaGfLfFRXbxYljxNW5mksOSNj+BkO2DVoQehGosBnqCJA8WAz3Jyg==:

It returns

[
    {
        "environment": "production",
        "log": "",
        "node": "u14",
        "packageCount": 1,
        "patchRunID": "210a994c-8bef-4c89-4a1c-09418e19d92c",
        "successRate": 1
    }
]

HTTP Request

GET https://hostname/api/owners/:user/patchruns/:patchrunid/nodes

Execute a patch run


curl -X POST "https://hostname/api/owners/acme/patchrun" \
 -H "Content-Type: application/json" \
 -u VS3x1XSg4Hk/wxw8IP+2XpmoKynR7urxglaGfLfFRXbxYljxNW5mksOSNj+BkO2DVoQehGosBnqCJA8WAz3Jyg==: \
 -d "{\"environments\":[{\"nodes\":[\"u14\"],\"id\":\"production\"}],\"packages\":[{\"name\":\"initscripts\",\"version\":\"2.88dsf-41ubuntu6.2\",\"type\":\"deb\"}]}"

The json request looks as follows

{
    "environments":[{
        "nodes":["u14"],
        "id":"production"
    }],
    "packages":[{
        "name":"initscripts",
        "version":"2.88dsf-41ubuntu6.2",
        "type":"deb"
    }]
}

It returns

{
    "id": "e896505a-ebdd-4a76-621a-b3a5108f811e"
}

HTTP Request

POST https://hostname/api/owners/:user/patchrun

Arguments

Parameter Type  Description
environments array  list of environments and selected nodes
packages array  list of packages that should be updated

Return values

Parameter Type  Description
id string patchrun identifier

Scans

List all scans reports

# list all scans
curl  "https://hostname/api/owners/acme/scans" \
 -u VS3x1XSg4Hk/wxw8IP+2XpmoKynR7urxglaGfLfFRXbxYljxNW5mksOSNj+BkO2DVoQehGosBnqCJA8WAz3Jyg==: 

It returns

[
  {
    "id": "a74566b9-b527-437f-480f-e56c5b8a1791",
    "owner": "acme",
    "start": "2015-05-22T01:10:37.133367688Z",
    "end": "2015-05-22T01:10:42.491573741Z",
    "nodeCount": 1,
    "complianceProfiles": 1,
    "patchlevelProfiles": 1,
    "complianceStatus": 0,
    "patchlevelStatus": 0,
    "unknownStatus": 0
  }
]

HTTP Request

GET https://hostname/api/owners/:user/scans

Get scan details

# get scan details
curl  "https://hostname/api/owners/acme/scans/90def607-1688-40f5-5a4c-161c51fd8aac" \
 -u VS3x1XSg4Hk/wxw8IP+2XpmoKynR7urxglaGfLfFRXbxYljxNW5mksOSNj+BkO2DVoQehGosBnqCJA8WAz3Jyg==: 

It returns

{
  "id": "a74566b9-b527-437f-480f-e56c5b8a1791",
  "owner": "admin",
  "start": "2015-05-22T01:10:37.133367688Z",
  "end": "2015-05-22T01:10:42.491573741Z",
  "nodeCount": 1,
  "complianceProfiles": 1,
  "patchlevelProfiles": 1,
  "complianceStatus": 0,
  "patchlevelStatus": 0,
  "unknownStatus": 0,
  "complianceSummary": {
    "success": 0,
    "minor": 0,
    "major": 43,
    "critical": 2,
    "skipped": 0,
    "total": 45
  },
  "patchlevelSummary": {
    "success": 0,
    "minor": 0,
    "major": 0,
    "critical": 0,
    "unknown": 0,
    "total": 0
  }
}

HTTP Request

GET https://hostname/api/owners/:user/scans/:scanid

Parameter Type  Description
id string scan id
owner string scan owner
start iso date scan start
end iso date scan end
nodeCount  int amount of tested nodes
success float amount of successful rules
critical float amount of failed rules
major float amount of rules with major errors
minor float amount of rules with minor errors
skipped float amount of nodes with skipped rules

Get executed compliance rules for scan

# shows executed compliance rules for scan
curl  "https://hostname/api/owners/acme/scans/90def607-1688-40f5-5a4c-161c51fd8aac/rules" \
 -u VS3x1XSg4Hk/wxw8IP+2XpmoKynR7urxglaGfLfFRXbxYljxNW5mksOSNj+BkO2DVoQehGosBnqCJA8WAz3Jyg==: 

It returns

{
  "vulcanosec": {
    "linux": {
      "vulcanosec/linux/basic-1": {
        "log": "",
        "complianceStatus": 1,
        "unknownStatus": 0
      },
      "vulcanosec/linux/fs-1": {
        "log": "",
        "complianceStatus": 0.5,
        "unknownStatus": 0
      },
...

HTTP Request

GET https://hostname/api/owners/:user/scans/:scanid/rules

Return values

Parameter Type  Description
log string  rule description
complianceStatus int CVSS range

Get nodes for scan

# scanned nodes
curl  "https://hostname/api/owners/acme/scans/90def607-1688-40f5-5a4c-161c51fd8aac/nodes" \
 -u VS3x1XSg4Hk/wxw8IP+2XpmoKynR7urxglaGfLfFRXbxYljxNW5mksOSNj+BkO2DVoQehGosBnqCJA8WAz3Jyg==: 

It returns

[
  {
    "environment": "production",
    "node": "192.168.59.107:11024",
    "complianceStatus": 0,
    "patchlevelStatus": -1,
    "unknownStatus": 0,
    "os_family": "",
    "os_release": "",
    "os_arch": "",
    "complianceSummary": {
      "success": 0,
      "minor": 0,
      "major": 43,
      "critical": 2,
      "skipped": 0,
      "total": 45
    },
    "patchlevelSummary": {
      "success": 0,
      "minor": 0,
      "major": 0,
      "critical": 0,
      "unknown": 0,
      "total": 0
    },
    "patchStatus": null
  }
]

HTTP Request

GET https://hostname/api/owners/:user/scans/:scanid/nodes

Get compliance results for each node

# compliance rules results
curl  "https://hostname/api/owners/acme/scans/90def607-1688-40f5-5a4c-161c51fd8aac/envs/production/nodes/192.168.100.200/compliance" \
 -u VS3x1XSg4Hk/wxw8IP+2XpmoKynR7urxglaGfLfFRXbxYljxNW5mksOSNj+BkO2DVoQehGosBnqCJA8WAz3Jyg==: 

It returns

[
  {
    "profileOwner": "vulcanosec",
    "profileID": "linux",
    "rule": "vulcanosec/linux/basic-1",
    "impact": 1,
    "failures": 1,
    "skipped": false,
    "log": "Path \"/etc/ssh\" should be directory"
  },
  ...
]

HTTP Request

GET https://hostname/api/owners/:user/scans/:scanid/envs/:env/nodes/:node/compliance

Return values

Parameter Type  Description
rule string rule identifier
impact float  value between 0 and 1
failures int -1=skipped, 0=no failure, 1+ amount of failures per rule
log string  error log
profileOwner string  owner of compliance rules
profileID string compliance rules identifier

Get available patches for each node

curl  "https://hostname/api/owners/acme/scans/90def607-1688-40f5-5a4c-161c51fd8aac/envs/production/nodes/192.168.100.200/patches" \
 -u VS3x1XSg4Hk/wxw8IP+2XpmoKynR7urxglaGfLfFRXbxYljxNW5mksOSNj+BkO2DVoQehGosBnqCJA8WAz3Jyg==: 

It returns

[
    {
        "arch": "amd64", 
        "criticality": 0, 
        "installedVersion": "2.7.3-0ubuntu3.6", 
        "name": "python2.7-minimal", 
        "repo": "Ubuntu:12.04/precise-updates", 
        "type": "deb", 
        "version": "2.7.3-0ubuntu3.8"
    }
    ...
]

HTTP Request

GET https://hostname/api/owners/:user/scans/:scanid/envs/:env/nodes/:node/patches

Return values

Parameter Type  Description
criticality integer  0-10 CVSS score
name string  package name
version string  package version
arch string  cpu architecture
repo string  package repository

Get installed packages for each node

curl  "https://hostname/api/owners/acme/scans/90def607-1688-40f5-5a4c-161c51fd8aac/envs/production/nodes/192.168.100.200/packages" \
 -u VS3x1XSg4Hk/wxw8IP+2XpmoKynR7urxglaGfLfFRXbxYljxNW5mksOSNj+BkO2DVoQehGosBnqCJA8WAz3Jyg==: 

It returns

[
    {
        "arch": "add", 
        "name": "adduser", 
        "repo": "", 
        "type": "deb", 
        "version": "3.113ubuntu2"
    }, 
    {
        "arch": "commandline", 
        "name": "apt", 
        "repo": "", 
        "type": "deb", 
        "version": "0.8.16~exp12ubuntu10.24"
    }, 
    ...
]

HTTP Request

GET https://hostname/api/owners/:user/scans/:scanid/envs/:env/nodes/:node/packages

Execute a new scan


curl -X POST "https://hostname/api/owners/acme/scans" \
 -H "Content-Type: application/json" \
 -u VS3x1XSg4Hk/wxw8IP+2XpmoKynR7urxglaGfLfFRXbxYljxNW5mksOSNj+BkO2DVoQehGosBnqCJA8WAz3Jyg==: \
  -d "{\"compliance\":[{\"owner\":\"vulcanosec\",\"profile\":\"linux\"},{\"owner\":\"vulcanosec\",\"profile\":\"ssh\"}],\"environments\":[{\"id\":\"production\",\"nodes\":[\"192.168.100.200\"]}],\"patchlevel\":[{\"profile\":\"default\"}]"

The json request looks as follows

{
    "compliance": [{
        "owner": "vulcanosec",
        "profile": "linux"
    }, {
        "owner": "vulcanosec",
        "profile": "ssh"
    }],
    "environments": [{
        "id": "production",
        "nodes": ["192.168.100.200"]
    }],
    "patchlevel": [{
        "profile" : "default"
    }]
}

It returns

{
  "id" : "57130678-1a1f-405d-70bf-fe570a25621e"
}

HTTP Request

POST https://hostname/api/owners/:user/scans

Arguments

Parameter Type  Description
compliance array  list of selected profiles
environments array  list of environments and selected nodes
patchlevel array  patch level scan profile

Return values

Parameter Type  Description
id string  scan identifier

Server configuration

Some server parameters are exposed via API and can be configured.

Get server configuration

# get the server's configuration
curl -X GET "https://hostname/api/server/config" \
 -H "Content-Type: application/json" \
 -u VS3x1XSg4Hk/wxw8IP+2XpmoKynR7urxglaGfLfFRXbxYljxNW5mksOSNj+BkO2DVoQehGosBnqCJA8WAz3Jyg==:

It returns

{
    "detectTimeout":25,
    "scanTimeout":1800,
    "updateTimeout":1800
}

This returns the server’s global configuration, which can be edited via API or configuration file. It only contains parameters that can be safely exposed.

All timeout configurations are set in seconds, i.e. 1800 results in a 30min timeout.

Edit server configuration

# edits the server's global configuration
curl -X PATCH "https://hostname/api/server/config" \
 -H "Content-Type: application/json" \
 -u VS3x1XSg4Hk/wxw8IP+2XpmoKynR7urxglaGfLfFRXbxYljxNW5mksOSNj+BkO2DVoQehGosBnqCJA8WAz3Jyg==: \
 -d "{\"detectTimeout\":10, \"scanTimeout\": 1500}"

It returns

Status: 204 No Content

Teams

List teams

# list teams
curl  "https://hostname/api/orgs/acme/teams" \
  -u VS3x1XSg4Hk/wxw8IP+2XpmoKynR7urxglaGfLfFRXbxYljxNW5mksOSNj+BkO2DVoQehGosBnqCJA8WAz3Jyg==:

The above command returns JSON structured like this:

[
  {
    "id": "owners",
    "org": "acme",
    "name": "Owners"
  }
]

This request returns all teams that are part of an organization. By default, each organization has a owners team.

HTTP Request

GET https://hostname/api/orgs/:org/teams

Get team

# get a team
curl  "https://hostname/api/orgs/acme/teams/owners" \
  -u VS3x1XSg4Hk/wxw8IP+2XpmoKynR7urxglaGfLfFRXbxYljxNW5mksOSNj+BkO2DVoQehGosBnqCJA8WAz3Jyg==:

The above command returns JSON structured like this:

{
  "id": "owners",
  "org": "acme",
  "name": "Owners",
  "members": [
    "admin"
  ],
  "permissions": {
    "harden": "true",
    "manage": "true",
    "patch": "true",
    "scan": "true"
  }
}

Get detailed information about one team.

HTTP Request

GET https://hostname/api/orgs/:org/teams/:team

Create team

# creates a new team
curl -X POST "https://hostname/api/orgs/acme/teams" \
 -H "Content-Type: application/json" \
 -u VS3x1XSg4Hk/wxw8IP+2XpmoKynR7urxglaGfLfFRXbxYljxNW5mksOSNj+BkO2DVoQehGosBnqCJA8WAz3Jyg==: \
  -d "{ \"id\": \"audit\", \"name\": \"Auditors\", \"permissions\": {\"scan\": \"true\"}}"

It returns

Status: 204 No Content

Create a new team within your organization.

HTTP Request

POST https://hostname/api/orgs/:org/teams

Arguments

Parameter Type  Description
id string  Required. The ID of the team
name string  Required. The name of the team
permissions object Optional. Sets the team permissions

The permissions are defined as follows:

{
    id: 'audit',
    name: 'Auditors',
    permissions: {
        scan: "true"
    }
}

VulcanoSec supports the following permissions: manage, scan, harden and patch.

Edit team

# edit team
curl -X PATCH "https://hostname/api/orgs/acme/teams/audit" \
 -H "Content-Type: application/json" \
 -u VS3x1XSg4Hk/wxw8IP+2XpmoKynR7urxglaGfLfFRXbxYljxNW5mksOSNj+BkO2DVoQehGosBnqCJA8WAz3Jyg==: \
  -d "{\"name\":\"External Auditors\"}"

It returns

Status: 204 No Content

Create a new team within your organization.

HTTP Request

PATCH https://hostname/api/orgs/:org/teams/:team

Arguments

Parameter Type  Description
name string Optional. The name of the team
permissions object Optional. Sets the team permissions

Delete team

# deletes a team
curl -X DELETE "https://hostname/api/orgs/acme/teams/audit" \
 -u VS3x1XSg4Hk/wxw8IP+2XpmoKynR7urxglaGfLfFRXbxYljxNW5mksOSNj+BkO2DVoQehGosBnqCJA8WAz3Jyg==:

It returns

Status: 204 No Content

Deletes a team within your organization.

HTTP Request

DELETE https://hostname/api/orgs/:org/teams/:team

Edit Team Permissions

# edit team
curl -X PATCH "https://hostname/api/orgs/acme/teams/audit" \
 -H "Content-Type: application/json" \
 -u VS3x1XSg4Hk/wxw8IP+2XpmoKynR7urxglaGfLfFRXbxYljxNW5mksOSNj+BkO2DVoQehGosBnqCJA8WAz3Jyg==: \
  -d "{\"permissions\":{\"manage\":\"false\"}}"

It returns

Status: 204 No Content

HTTP Request

PATCH https://hostname/api/orgs/:org/teams/:team/members/:member

List team memberships

# list teams
curl "https://hostname/api/orgs/acme/teams/owners" \
  -u VS3x1XSg4Hk/wxw8IP+2XpmoKynR7urxglaGfLfFRXbxYljxNW5mksOSNj+BkO2DVoQehGosBnqCJA8WAz3Jyg==:

The above command returns JSON structured like this:

{
  "id": "owners",
  "org": "acme",
  "name": "Owners",
  "members": [
    "admin"
  ],
  "permissions": {
    "harden": "true",
    "manage": "true",
    "patch": "true",
    "scan": "true"
  }
}

HTTP Request

GET https://hostname/api/orgs/:org/teams/:team/members

Add team membership

# add a team member
curl -X POST "https://hostname/api/orgs/acme/teams/owners/members" \
 -H "Content-Type: application/json" \
 -u VS3x1XSg4Hk/wxw8IP+2XpmoKynR7urxglaGfLfFRXbxYljxNW5mksOSNj+BkO2DVoQehGosBnqCJA8WAz3Jyg==: \
  -d "[\"bob\"]"

It returns

Status: 204 No Content

HTTP Request

POST https://hostname/api/orgs/:org/teams/:team/members

Parameter Type  Description
users array  Required. Array of user ids

Remove team membership

# delete a team member
curl -X DELETE "https://hostname/api/orgs/acme/teams/audit/members/bob" \
 -u VS3x1XSg4Hk/wxw8IP+2XpmoKynR7urxglaGfLfFRXbxYljxNW5mksOSNj+BkO2DVoQehGosBnqCJA8WAz3Jyg==:

It returns

Status: 204 No Content

HTTP Request

DELETE https://hostname/api/orgs/:org/teams/:team/members/:member

Users

Get all users

# lists all users
curl  "https://hostname/api/users" \
 -u VS3x1XSg4Hk/wxw8IP+2XpmoKynR7urxglaGfLfFRXbxYljxNW5mksOSNj+BkO2DVoQehGosBnqCJA8WAz3Jyg==:

It returns

[
  {
    "id": "admin",
    "name": "Core Admin"
  }
]

List all users in your tenant.

HTTP Request

GET https://hostname/api/users

Get a single user

# lists all users
curl  "https://hostname/api/users/admin" \
 -u VS3x1XSg4Hk/wxw8IP+2XpmoKynR7urxglaGfLfFRXbxYljxNW5mksOSNj+BkO2DVoQehGosBnqCJA8WAz3Jyg==:

It returns

{
  "id": "admin",
  "name": "Core Admin",
  "preferences": null,
  "permissions": {
    "site_admin": "true"
  }
}

Returns a specific user in your tenant.

HTTP Request

GET https://hostname/api/users/:user

Create a new user

# creates a new user
curl -X POST "https://hostname/api/users" \
 -H "Content-Type: application/json" \
 -u VS3x1XSg4Hk/wxw8IP+2XpmoKynR7urxglaGfLfFRXbxYljxNW5mksOSNj+BkO2DVoQehGosBnqCJA8WAz3Jyg==: \
  -d "{ \"id\": \"bob\", \"name\": \"BoB\", \"pass\": \"helloworld\"}"

It returns

Status: 204 No Content

Creates a new user in your tenant.

HTTP Request

POST https://hostname/api/users/

Parameter Type  Description
id string  Required. The ID of the user
name string  Required. The name of the user
password string  Required. Unencrypted password
{
  id: 'bob',
  name: 'Bob Barrel',
  password : 'mysecretpassword'
}

Edit user

# edit team
curl -X PATCH "https://hostname/api/users/bob" \
 -H "Content-Type: application/json" \
 -u VS3x1XSg4Hk/wxw8IP+2XpmoKynR7urxglaGfLfFRXbxYljxNW5mksOSNj+BkO2DVoQehGosBnqCJA8WAz3Jyg==: \
  -d "{\"name\":\"Bob Maier\"}"

It returns

Status: 204 No Content

Edit an existing user.

HTTP Request

PATCH https://hostname/api/users/:user

Parameter Type  Description
name string Optional. The name of the user
pass string Optional. Unencrypted password

Delete user

# deletes a user
curl -X DELETE "https://hostname/api/users/bob" \
 -u VS3x1XSg4Hk/wxw8IP+2XpmoKynR7urxglaGfLfFRXbxYljxNW5mksOSNj+BkO2DVoQehGosBnqCJA8WAz3Jyg==:

It returns

Status: 204 No Content

Deletes an existing user.

HTTP Request

DELETE https://hostname/api/users/:user