Core Services Detection
This Public Experimental API helps you identify core services and suggests an appropriate label for them. There are 51 services that can be detected.
Core services (such as DNS, Domain Controller, NTP, and LDP) are essential to your computing environment and run on one or on multiple workloads. Identifying and labeling these workloads is important because they are centrally connected, and other applications depend on them.
When you use the core service detection to label and write policies for core services, you can save time on application policies and introduce enforcement faster.
Users have the ability to change port numbers on which a specific core service is running so that they can adjust them to their environment. Users cannot change ports using the UI, only the APIs.
The user authorized to manage core services is the Organization Administrator.
Common schemas for managing core services:
core_services_labels.schema.jsoncore_services_type_ports_def.schema.jsoncore_services_type_ports.schema.json
Services API Methods
Functionality | HTTP | URI |
|---|---|---|
Get all detected core services for this organization |
|
|
Get a detected core service by UUID |
|
|
Get detected core service summary details |
|
|
Get all core service types for this organization |
|
|
Get core service type by UUID |
|
|
Accept, reject or skip the core service recommendation. |
|
|
Edit suggested labels of a core service type for the organization. |
|
|
Parameters for detected_core_services
Parameter | Description | Type | Required |
|---|---|---|---|
| (GET) The href of this detected core service | String | Yes |
| (GET) The ip address which is detected as core service | String | Yes |
| (GET) Get all detected core services of a particular type, such as Splunk/NFS. The href will be given in the query parameter. | String | Yes |
| (GET) The method by which this core service was detected | String | Yes |
| (GET) Date at which core service was detected | date/time | Yes |
| (GET) Date core service was updated with action information | date/time | Yes |
| (GET) Confidence of the detected core service. "minimum": 50, "maximum": 100" | Integer | No |
| (GET, PUT) Feedback provided for this core service recommendation, if any. "maxLength": 500 | String | No |
| (GET, PUT) User can accept, skip or reject the core service determination. | String | No |
| (GET, PUT) Indicates if the end user applied labels for this workload | Boolean | No |
| (GET) Date core service was last recommended by core service detection algorithm | date/time | No |
| (GET, PUT) "$ref": "traffic_flows_workload.schema.json" | Object | No |
Parameters for detected_core_services_summary
Parameter | Description | Type | Required |
|---|---|---|---|
| The unique identifier for the core service type. A core service type is defined by a name, port information and PCE recommended labels | String | Yes |
| Total number of detected core services which are skipped or no decision has been made yet | Integer | No |
| Number of accepted recommendations | Integer | No |
| Number of recommendations rejected by the user | Integer | No |
Parameters for core_services_types
Parameter | Description | Type | Required |
|---|---|---|---|
| (GET) The href of this core service type | URI | Yes |
| The name of the core service type | String | Yes |
| (GET, PUT) "$ref": "core_services_labels.schema.json" | ||
| (GET) Timestamp at which this core service type was created | String | Yes |
| (GET) Timestamp at which this core service type was updated | String | Yes |
| GET, PUT) Required ports for this core service type, if any "$ref": "core_services_type_ports.schema.json" | ||
| (GET, PUT) Optional ports for this core service type, if any "$ref": "core_services_type_ports.schema.json" | ||
| (GET, PUT) Each IP/workload is identified for 1 core service type and they are ordered by priority. For PUT: "minimum": 1 | Integer | No |
| (GET, PUT) Number of optional ports required For PUT: "maximum": 65535 | Integer | No |
| (PUT) Indicates whether the provider is a core service. Default value is | Booolean | No |
Sample URLs and Payloads
GET /api/v2/orgs/1/detected_core_services/ ddfe5204-ad29-4bcd-9821-fcb62353a985.
{
"href" :
"/orgs/1/detected_core_services/ddfe5204-ad29-4bcd-9821-fcb62353a985" ,
"ip_address" :
"103.10.11.44" ,
"workload" : {
"hostname" :
"SE555Q5" ,
"href" :
"/orgs/2/workloads/e62d71b3-36c4-4c27-926b-411b93ba6d6f" ,
"labels" : []
},
"core_service_type" : {
"href" :
"/orgs/1/core_service_type/3555d1e4-fcb2-49c2-9a4a-215c4d5e86dc"
},
"confidence" :
100 ,
"method_name" :
"process_based" ,
"created_at" :
"2020-08-04T05:02:46.648Z" ,
"updated_at" :
"2020-08-04T05:02:46.648Z" ,
"last_detected_at" :
"2020-09-05T05:02:46.648Z"
}
PUT /api/v2/orgs/1/detected_core_services/3ddd5204-ad29-4bcd-9821-fcb62353a98f
Take the appropriate action for the identified core services, such as accept the recommendation to apply the suggested labels to the workload.
Example
1 :
{ "action" : "accept" }
Example
2 :
{ "action" : "accept" ,
"workload" :{ "href" :
"/orgs/2/workloads/e62d71b3-36c4-4c27-926b-411b93ba6d6f" }} # for the
case when an IP is converted to UMWL and accepted as core service
Example
3 :
{ "action" : "reject" }
Example
4 :
{ "action" : "reject" ,
"feedback" : "Not a core service." }
Example
5 :
{ "action" : "skip" ,
"feedback" : "Check with Ops if this is a core service." }
Example
6 :
{ "labels_applied" : true }GET /api/v2/orgs/ :xorg_id /core_service_types/44dd5204-ad29-4bcd-9821-fcb62353a98f
{
"href" : "/orgs/2/core_service_type/44dd5204-ad29-4bcd-9821-fcb62353a98f" ,
"core_service" : "splunk" ,
"required_ports" :[{ "port" : 9997 ,
"to_port" : 10000 }],
"optional_ports" :[{ "port" : 112 }, { "port" : 455 }],
"labels" : [
{
"value" : "app-splunk" ,
"key" :
"app"
"href" : "/orgs/1/labels/2"
},
{
"value" : "role-splunk" ,
"key" :
"role" ,
"href" : "/orgs/1/labels/12"
} ],
"created_at" :
"2020-08-04T05:02:46.648Z" ,
"updated_at" :
"2020-08-05T05:02:46.648Z"
}PUT /api/v2/orgs/ :xorg_id /core_service_types/44dd5204-ad29-4bcd-9821-fcb62353a98f
{
"labels" : [
{
"href" : "/orgs/1/labels/3"
},
{
"href" : "/orgs/1/labels/10"
}]
}