Advisor Data - AdvisorContainer Retrieve, Update, and Delete Methods

URI

https://164.99.19.131:8443/SentinelRESTServices/objects/advisor-container/{Id}

Supported Methods

GET
PUT
DELETE
GET

Authentication

Authentication Types
Sentinel Permissions Needed

Supported Formats

Response

URL Parameters

None.

Success Codes

Fault Codes

Response Data

Object type: advisor-container
Needs description.
FieldDescription
attack-detailsList of AdvAttackDetails objects as a result of executing an advisor report. Definition
attack-summariesList of AttackSummary objects as a result of executing an advisor report. Definition
eventsThe list of AssetEventData objects used to locate AssetData objects when executing an asset report. Definition
idUnique identifier for advisor container.
metaThe metadata for an object, including the object type name and the URL reference to the object. Definition
Object type: meta
The metadata for an object, including the object type name and the URL reference to the object.
FieldDescription
@hrefThe URL reference to the object.
typeThe name of the object type
Object type: attack-summary
An Advisor Summary Details object contains summary information about real-time vulnerabilities of enterprise assets.
FieldDescription
attack-nameThe vulnerability attack name which is built from the product name (RV31) and attack name (RT1) event fields.
bug-traqidsList of BugTraq IDs associated with the vulnerability.
cveidsList of CVE IDs associated with the vulnerability.
osvidsList of OSV IDs associated with the vulnerability.
uuidUnique identifier for advisor attack summary.
Object type: advisor-event-data
An Advisor Event Data object contains event information required to search for advisor attacks in the system such as the attack name as well as event IDs and event times.
FieldDescription
attack-pairThe vulnerability attack name which is built from the product name (RV31) and attack name (RT1) event fields.
timeUsed to find vulnerabilities associated with a given event ID and time.
uuidUsed to find vulnerabilities associated with a given event ID and time.
Object type: adv-attack-details
An Advisor Attack Details object contains information about real-time vulnerabilities of enterprise assets.
FieldDescription
attack-scenarioThe path used to exploit the vulnerability.
categoryA general grouping or classification of the vulnerability.
descriptionAn abreviated description of the vulnerability.
full-descA description or explanation of the cause and effect the vulnerability may have on the system.
IdNeeds description.
impactThe impact the vulnerability has on the system.
patchesLinks to software patches or updates which can be applied to mitigate the vulnerability.
severityThe relative seriousness of the vulnerability.
solution-descSuggested solutions to the vulnerability.
titleThe vulnerability title.
urgencyThe level of attention that should be given to mitigating the vulnerability.
uuidUnique identifier for advisor attack.

Sample Request

GET https://164.99.19.131:8443/SentinelRESTServices/objects/advisor-container/Wildebeest
Sample Response for application/json
Status: 200
{
   "meta":{
      "type":"advisor-container",
      "@href":"https://164.99.19.131:8443/SentinelRESTServices/objects/advisor-container/Wildebeest"
   },
   "id":"Wildebeest",
   "attack-summaries":[
      {
         "bug-traqids":[
            "20249"
         ],
         "osvids":[
            "3561"
         ],
         "attack-name":"SecureNet_Provider,TTP Client [xml-rpc PHP Code Injection] Attack V1 -NG",
         "uuid":"79600390-9B73-102E-A3E2-001676E4A757",
         "cveids":[
            "2001-0144"
         ]
      }
   ],
   "events":[
      {
         "time":"2012-04-25T13:33:44.489Z",
         "attack-pair":"SecureNet_Provider,TTP Client [xml-rpc PHP Code Injection] Attack V1 -NG",
         "uuid":"79600390-9B73-102E-A3E2-001676E4A757"
      }
   ],
   "attack-details":[
      {
         "category":"Manipulation",
         "title":"jdoe",
         "patches":"http://www.cisco.com/warp/public/707/Microsoft-IIS-vulnerabilities-MS02-018.shtml",
         "description":"ACC IMoveis 4.0 imoveis.php id Parameter SQL Injection",
         "full-desc":"ACC IMoveis contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the 'imoveis.php' script not properly sanitizing user-supplied input to the 'id' parameter. This may allow an attacker to inject or manipulate SQL queries in the back-end database, allowing for the manipulation or disclosure of arbitrary data.",
         "solution-desc":"Install Patch Q319733, as it has been reported to fix this vulnerability. It is also possible to correct the flaw by implementing the following workaround: Disable FTP - The IIS Lockdown Tool disables FTP by default.",
         "attack-scenario":"http://[victim]/cgi-bin/dumpenv.pl",
         "severity":4,
         "Id":42,
         "uuid":"79600390-9B73-102E-A3E2-001676E4A757",
         "impact":"Loss of Availability",
         "urgency":1
      }
   ]
}
PUT

Authentication

Authentication Types
Sentinel Permissions Needed

Supported Formats

Request

URL Parameters

None.

Success Codes

Fault Codes

Request Data

Object type: advisor-container
Needs description.
FieldRequiredDescription
attack-detailsfalseList of AdvAttackDetails objects as a result of executing an advisor report. Definition
attack-summariesfalseList of AttackSummary objects as a result of executing an advisor report. Definition
eventsfalseThe list of AssetEventData objects used to locate AssetData objects when executing an asset report. Definition
idfalseUnique identifier for advisor container.

Object type: meta
The metadata for an object, including the object type name and the URL reference to the object.
FieldRequiredDescription
@hreffalseThe URL reference to the object.
typefalseThe name of the object type

Object type: attack-summary
An Advisor Summary Details object contains summary information about real-time vulnerabilities of enterprise assets.
FieldRequiredDescription
attack-namefalseThe vulnerability attack name which is built from the product name (RV31) and attack name (RT1) event fields.
bug-traqidsfalseList of BugTraq IDs associated with the vulnerability.
cveidsfalseList of CVE IDs associated with the vulnerability.
osvidsfalseList of OSV IDs associated with the vulnerability.
uuidfalseUnique identifier for advisor attack summary.

Object type: advisor-event-data
An Advisor Event Data object contains event information required to search for advisor attacks in the system such as the attack name as well as event IDs and event times.
FieldRequiredDescription
attack-pairfalseThe vulnerability attack name which is built from the product name (RV31) and attack name (RT1) event fields.
timefalseUsed to find vulnerabilities associated with a given event ID and time.
uuidfalseUsed to find vulnerabilities associated with a given event ID and time.

Object type: adv-attack-details
An Advisor Attack Details object contains information about real-time vulnerabilities of enterprise assets.
FieldRequiredDescription
attack-scenariofalseThe path used to exploit the vulnerability.
categoryfalseA general grouping or classification of the vulnerability.
descriptionfalseAn abreviated description of the vulnerability.
full-descfalseA description or explanation of the cause and effect the vulnerability may have on the system.
IdfalseNeeds description.
impactfalseThe impact the vulnerability has on the system.
patchesfalseLinks to software patches or updates which can be applied to mitigate the vulnerability.
severityfalseThe relative seriousness of the vulnerability.
solution-descfalseSuggested solutions to the vulnerability.
titlefalseThe vulnerability title.
urgencyfalseThe level of attention that should be given to mitigating the vulnerability.
uuidfalseUnique identifier for advisor attack.

Sample Request

PUT https://164.99.19.131:8443/SentinelRESTServices/objects/advisor-container/Wildebeest
{
   "id":"Wildebeest",
   "attack-summaries":[
      {
         "bug-traqids":[
            "20249"
         ],
         "osvids":[
            "3561"
         ],
         "attack-name":"SecureNet_Provider,TTP Client [xml-rpc PHP Code Injection] Attack V1 -NG",
         "uuid":"79600390-9B73-102E-A3E2-001676E4A757",
         "cveids":[
            "2001-0144"
         ]
      }
   ],
   "events":[
      {
         "time":"2012-04-25T13:33:44.489Z",
         "attack-pair":"SecureNet_Provider,TTP Client [xml-rpc PHP Code Injection] Attack V1 -NG",
         "uuid":"79600390-9B73-102E-A3E2-001676E4A757"
      }
   ],
   "attack-details":[
      {
         "category":"Manipulation",
         "title":"jdoe",
         "patches":"http://www.cisco.com/warp/public/707/Microsoft-IIS-vulnerabilities-MS02-018.shtml",
         "description":"ACC IMoveis 4.0 imoveis.php id Parameter SQL Injection",
         "full-desc":"ACC IMoveis contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the 'imoveis.php' script not properly sanitizing user-supplied input to the 'id' parameter. This may allow an attacker to inject or manipulate SQL queries in the back-end database, allowing for the manipulation or disclosure of arbitrary data.",
         "solution-desc":"Install Patch Q319733, as it has been reported to fix this vulnerability. It is also possible to correct the flaw by implementing the following workaround: Disable FTP - The IIS Lockdown Tool disables FTP by default.",
         "attack-scenario":"http://[victim]/cgi-bin/dumpenv.pl",
         "severity":4,
         "Id":42,
         "uuid":"79600390-9B73-102E-A3E2-001676E4A757",
         "impact":"Loss of Availability",
         "urgency":1
      }
   ]
}
Sample Response for application/json
Status: 200

DELETE

Authentication

Authentication Types
Sentinel Permissions Needed

URL Parameters

None.

Success Codes

Fault Codes

Sample Request

DELETE https://164.99.19.131:8443/SentinelRESTServices/objects/advisor-container/Wildebeest