Parameter | Type | Default Value | Description |
---|---|---|---|
query |
string | [no filter] | The TinyQ language filter that specifies a subset of all available records. |
field |
string | not present | The name or names of fields whose values are to be returned. The field item may appear zero or more times in the URI query parameters. A single value of "[none]" indicates return only metadata. The absence of any field parameter indicates return all field values, |
page |
integer | 1 | The 1-based offset into the total records based on page size. Actual offset is (page - 1) * pagesize. |
pagesize |
integer | [unlimited] | The maximum number of object records to return as a result of the request. |
Object type: page | |
---|---|
A container for one or more objects in the result listing. There may be multiple pages in a listing if a page size is specified that is less than the total number of objects in the listing. | |
Field | Description |
next | A URL addressing the subsequent page of objects in the total set of available objects. |
objects | The list of objects returned in the page of results. |
prev | A URL addressing the previous page of objects in the total set of available objects. |
Object type: advisor-container | |
---|---|
Needs description. | |
Field | Description |
attack-details | List of AdvAttackDetails objects as a result of executing an advisor report. Definition |
attack-summaries | List of AttackSummary objects as a result of executing an advisor report. Definition |
events | The list of AssetEventData objects used to locate AssetData objects when executing an asset report. Definition |
id | Unique identifier for advisor container. |
meta | The metadata for an object, including the object type name and the URL reference to the object. Definition |
Object type: meta | |
---|---|
The metadata for an object, including the object type name and the URL reference to the object. | |
Field | Description |
@href | The URL reference to the object. |
type | The name of the object type |
Object type: attack-summary | |
---|---|
An Advisor Summary Details object contains summary information about real-time vulnerabilities of enterprise assets. | |
Field | Description |
attack-name | The vulnerability attack name which is built from the product name (RV31) and attack name (RT1) event fields. |
bug-traqids | List of BugTraq IDs associated with the vulnerability. |
cveids | List of CVE IDs associated with the vulnerability. |
osvids | List of OSV IDs associated with the vulnerability. |
uuid | Unique identifier for advisor attack summary. |
Object type: advisor-event-data | |
---|---|
An Advisor Event Data object contains event information required to search for advisor attacks in the system such as the attack name as well as event IDs and event times. | |
Field | Description |
attack-pair | The vulnerability attack name which is built from the product name (RV31) and attack name (RT1) event fields. |
time | Used to find vulnerabilities associated with a given event ID and time. |
uuid | Used to find vulnerabilities associated with a given event ID and time. |
Object type: adv-attack-details | |
---|---|
An Advisor Attack Details object contains information about real-time vulnerabilities of enterprise assets. | |
Field | Description |
attack-scenario | The path used to exploit the vulnerability. |
category | A general grouping or classification of the vulnerability. |
description | An abreviated description of the vulnerability. |
full-desc | A description or explanation of the cause and effect the vulnerability may have on the system. |
Id | Needs description. |
impact | The impact the vulnerability has on the system. |
patches | Links to software patches or updates which can be applied to mitigate the vulnerability. |
severity | The relative seriousness of the vulnerability. |
solution-desc | Suggested solutions to the vulnerability. |
title | The vulnerability title. |
urgency | The level of attention that should be given to mitigating the vulnerability. |
uuid | Unique identifier for advisor attack. |
GET https://164.99.19.131:8443/SentinelRESTServices/objects/advisor-container?page=2&pagesize=1
{ "objects":[ { "meta":{ "type":"advisor-container", "@href":"https://164.99.19.131:8443/SentinelRESTServices/objects/advisor-container/Wildebeest" }, "id":"Wildebeest", "attack-summaries":[ { "bug-traqids":[ "20249" ], "osvids":[ "3561" ], "attack-name":"SecureNet_Provider,TTP Client [xml-rpc PHP Code Injection] Attack V1 -NG", "uuid":"79600390-9B73-102E-A3E2-001676E4A757", "cveids":[ "2001-0144" ] } ], "events":[ { "time":"2012-04-25T13:33:44.484Z", "attack-pair":"SecureNet_Provider,TTP Client [xml-rpc PHP Code Injection] Attack V1 -NG", "uuid":"79600390-9B73-102E-A3E2-001676E4A757" } ], "attack-details":[ { "category":"Manipulation", "title":"jdoe", "patches":"http://www.cisco.com/warp/public/707/Microsoft-IIS-vulnerabilities-MS02-018.shtml", "description":"ACC IMoveis 4.0 imoveis.php id Parameter SQL Injection", "full-desc":"ACC IMoveis contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the 'imoveis.php' script not properly sanitizing user-supplied input to the 'id' parameter. This may allow an attacker to inject or manipulate SQL queries in the back-end database, allowing for the manipulation or disclosure of arbitrary data.", "solution-desc":"Install Patch Q319733, as it has been reported to fix this vulnerability. It is also possible to correct the flaw by implementing the following workaround: Disable FTP - The IIS Lockdown Tool disables FTP by default.", "attack-scenario":"http://[victim]/cgi-bin/dumpenv.pl", "severity":4, "Id":42, "uuid":"79600390-9B73-102E-A3E2-001676E4A757", "impact":"Loss of Availability", "urgency":1 } ] } ], "prev":{ "@href":"https://164.99.19.131:8443/SentinelRESTServices/objects/advisor-container?pagesize=1&page=1" }, "next":{ "@href":"https://164.99.19.131:8443/SentinelRESTServices/objects/advisor-container?pagesize=1&page=3" } }
Object type: advisor-container | ||
---|---|---|
Needs description. | ||
Field | Required | Description |
attack-details | false | List of AdvAttackDetails objects as a result of executing an advisor report. Definition |
attack-summaries | false | List of AttackSummary objects as a result of executing an advisor report. Definition |
events | false | The list of AssetEventData objects used to locate AssetData objects when executing an asset report. Definition |
id | false | Unique identifier for advisor container. |
Object type: meta | ||
---|---|---|
The metadata for an object, including the object type name and the URL reference to the object. | ||
Field | Required | Description |
@href | false | The URL reference to the object. |
type | false | The name of the object type |
Object type: attack-summary | ||
---|---|---|
An Advisor Summary Details object contains summary information about real-time vulnerabilities of enterprise assets. | ||
Field | Required | Description |
attack-name | false | The vulnerability attack name which is built from the product name (RV31) and attack name (RT1) event fields. |
bug-traqids | false | List of BugTraq IDs associated with the vulnerability. |
cveids | false | List of CVE IDs associated with the vulnerability. |
osvids | false | List of OSV IDs associated with the vulnerability. |
uuid | false | Unique identifier for advisor attack summary. |
Object type: advisor-event-data | ||
---|---|---|
An Advisor Event Data object contains event information required to search for advisor attacks in the system such as the attack name as well as event IDs and event times. | ||
Field | Required | Description |
attack-pair | false | The vulnerability attack name which is built from the product name (RV31) and attack name (RT1) event fields. |
time | false | Used to find vulnerabilities associated with a given event ID and time. |
uuid | false | Used to find vulnerabilities associated with a given event ID and time. |
Object type: adv-attack-details | ||
---|---|---|
An Advisor Attack Details object contains information about real-time vulnerabilities of enterprise assets. | ||
Field | Required | Description |
attack-scenario | false | The path used to exploit the vulnerability. |
category | false | A general grouping or classification of the vulnerability. |
description | false | An abreviated description of the vulnerability. |
full-desc | false | A description or explanation of the cause and effect the vulnerability may have on the system. |
Id | false | Needs description. |
impact | false | The impact the vulnerability has on the system. |
patches | false | Links to software patches or updates which can be applied to mitigate the vulnerability. |
severity | false | The relative seriousness of the vulnerability. |
solution-desc | false | Suggested solutions to the vulnerability. |
title | false | The vulnerability title. |
urgency | false | The level of attention that should be given to mitigating the vulnerability. |
uuid | false | Unique identifier for advisor attack. |
Object type: | |
---|---|
The metadata representation of the newly-created advisor-container object, including the URL reference to the new object. | |
Field | Description |
meta | The metadata for an object, including the object type name and the URL reference to the object. Definition |
Object type: meta | |
---|---|
The metadata for an object, including the object type name and the URL reference to the object. | |
Field | Description |
@href | The URL reference to the object. |
type | The name of the object type |
Object type: attack-summary | |
---|---|
An Advisor Summary Details object contains summary information about real-time vulnerabilities of enterprise assets. | |
Field | Description |
attack-name | The vulnerability attack name which is built from the product name (RV31) and attack name (RT1) event fields. |
bug-traqids | List of BugTraq IDs associated with the vulnerability. |
cveids | List of CVE IDs associated with the vulnerability. |
osvids | List of OSV IDs associated with the vulnerability. |
uuid | Unique identifier for advisor attack summary. |
Object type: advisor-event-data | |
---|---|
An Advisor Event Data object contains event information required to search for advisor attacks in the system such as the attack name as well as event IDs and event times. | |
Field | Description |
attack-pair | The vulnerability attack name which is built from the product name (RV31) and attack name (RT1) event fields. |
time | Used to find vulnerabilities associated with a given event ID and time. |
uuid | Used to find vulnerabilities associated with a given event ID and time. |
Object type: adv-attack-details | |
---|---|
An Advisor Attack Details object contains information about real-time vulnerabilities of enterprise assets. | |
Field | Description |
attack-scenario | The path used to exploit the vulnerability. |
category | A general grouping or classification of the vulnerability. |
description | An abreviated description of the vulnerability. |
full-desc | A description or explanation of the cause and effect the vulnerability may have on the system. |
Id | Needs description. |
impact | The impact the vulnerability has on the system. |
patches | Links to software patches or updates which can be applied to mitigate the vulnerability. |
severity | The relative seriousness of the vulnerability. |
solution-desc | Suggested solutions to the vulnerability. |
title | The vulnerability title. |
urgency | The level of attention that should be given to mitigating the vulnerability. |
uuid | Unique identifier for advisor attack. |
POST https://164.99.19.131:8443/SentinelRESTServices/objects/advisor-container
{ "id":"Wildebeest", "attack-summaries":[ { "bug-traqids":[ "20249" ], "osvids":[ "3561" ], "attack-name":"SecureNet_Provider,TTP Client [xml-rpc PHP Code Injection] Attack V1 -NG", "uuid":"79600390-9B73-102E-A3E2-001676E4A757", "cveids":[ "2001-0144" ] } ], "events":[ { "time":"2012-04-25T13:33:44.488Z", "attack-pair":"SecureNet_Provider,TTP Client [xml-rpc PHP Code Injection] Attack V1 -NG", "uuid":"79600390-9B73-102E-A3E2-001676E4A757" } ], "attack-details":[ { "category":"Manipulation", "title":"jdoe", "patches":"http://www.cisco.com/warp/public/707/Microsoft-IIS-vulnerabilities-MS02-018.shtml", "description":"ACC IMoveis 4.0 imoveis.php id Parameter SQL Injection", "full-desc":"ACC IMoveis contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the 'imoveis.php' script not properly sanitizing user-supplied input to the 'id' parameter. This may allow an attacker to inject or manipulate SQL queries in the back-end database, allowing for the manipulation or disclosure of arbitrary data.", "solution-desc":"Install Patch Q319733, as it has been reported to fix this vulnerability. It is also possible to correct the flaw by implementing the following workaround: Disable FTP - The IIS Lockdown Tool disables FTP by default.", "attack-scenario":"http://[victim]/cgi-bin/dumpenv.pl", "severity":4, "Id":42, "uuid":"79600390-9B73-102E-A3E2-001676E4A757", "impact":"Loss of Availability", "urgency":1 } ] }
Location:https://164.99.19.131:8443/SentinelRESTServices/objects/advisor-container/Wildebeest
{ "meta":{ "type":"advisor-container", "@href":"https://164.99.19.131:8443/SentinelRESTServices/objects/advisor-container/Wildebeest" } }