Core Services Detection

This Public Experimental API helps you identify core services and suggests an appropriate label for them. There are 51 services that can be detected.

Core services (such as DNS, Domain Controller, NTP, and LDP) are essential to your computing environment and run on one or on multiple workloads. Identifying and labeling these workloads is important because they are centrally connected, and other applications depend on them.

When you use the core service detection to label and write policies for core services, you can save time on application policies and introduce enforcement faster.

Users have the ability to change port numbers on which a specific core service is running so that they can adjust them to their environment. Users cannot change ports using the UI, only the APIs.

The user authorized to manage core services is the Organization Administrator.

Common schemas for managing core services:

core_services_labels.schema.json
core_services_type_ports_def.schema.json
core_services_type_ports.schema.json

Services API Methods

Functionality	HTTP	URI
Get all detected core services for this organization	`GET`	`[api_version][org_href]/detected_core_services`
Get a detected core service by UUID	`GET`	`[api_version][org_href]/detected_core_services/<uuid>`
Get detected core service summary details	`GET`	`[api_version][org_href]/detected_core_services_summary`
Get all core service types for this organization	`GET`	`[api_version][org_href]/core_service_types`
Get core service type by UUID	`GET`	`[api_version][org_href]/core_service_types/<uuid>`
Accept, reject or skip the core service recommendation.	`PUT`	`[api_version][org_href]/detected_core_services/:uuid`
Edit suggested labels of a core service type for the organization.	`PUT`	`[api_version][org_href]/core_service_types/:uuid`

Parameters for Detected ore Services

Parameter	Description	Type	Required
`org_id`	Organization	Integer	Yes
`action`	The action taken on the detected core services	String	No
`core_service_type`	Get all detected core services of a particular type, such as Splunk/NFS. The href will be given in the query parameter.	String	No
`max_results`	The maximum results to be returned	Integer	No

Properties for detected_core_services

Property	Description	Type	Required
`href`	The href of this detected core service	String	Yes
`ip_address`	The ip address which is detected as core service	String	Yes
`core_service_type`	Get all detected core services of a particular type, such as Splunk/NFS. The href will be given in the query parameter.	String	Yes
`method_name`	The method by which this core service was detected	String	Yes
`created_at`	Date at which core service was detected	date/time	Yes
`updated_at`	Date core service was updated with action information	date/time	Yes
`labels_applied`	Indicates if the end user applied labels for this workload	Boolean	No
`last_detected_at`	Date core service was last recommended by core service detection algorithm	date/time	No
`confidence`	Confidence of the detected core service. "minimum": 50, "maximum": 100"	Integer	No
`feedback`	Feedback provided for this core service recommendation, if any	String	No
`action`	User can accept, skip or reject the core service determination.	String	No

Properties for detected_core_services_summary

Property	Description	Type	Required
`href`	The href of this detected core service	String	Yes
`core_service_type`	The unique identifier for the core service type. A core service type is defined by a name, port information and PCE recommended labels	String	Yes
`recommended`	Total number of detected core services which are skipped or no decision has been made yet	Integer	No
`accepted`	Number of accepted recommendations	Integer	No
`rejected`	Number of recommendations rejected by the user	Integer	No

Sample URLs and Payloads

GET /api/v2/orgs/1/detected_core_services/ ddfe5204-ad29-4bcd-9821-fcb62353a985.

{ 
    "href" : 
        "/orgs/1/detected_core_services/ddfe5204-ad29-4bcd-9821-fcb62353a985" , 
	"ip_address" : 
	"103.10.11.44" , 
	"workload" : { 
            "hostname" : 
		"SE555Q5" , 
	    "href" : 
		"/orgs/2/workloads/e62d71b3-36c4-4c27-926b-411b93ba6d6f" , 
	    "labels" : [] 
	}, 
	"core_service_type" : { 
            "href" : 
             "/orgs/1/core_service_type/3555d1e4-fcb2-49c2-9a4a-215c4d5e86dc" 
	}, 
	"confidence" : 
		100  , 
	"method_name" : 
		"process_based" , 
	"created_at" : 
		"2020-08-04T05:02:46.648Z" , 
	"updated_at" : 
		"2020-08-04T05:02:46.648Z" , 
	"last_detected_at" : 
		"2020-09-05T05:02:46.648Z" 
}

PUT /api/v2/orgs/1/detected_core_services/3ddd5204-ad29-4bcd-9821-fcb62353a98f

Take the appropriate action for the identified core services, such as accept the recommendation to apply the suggested labels to the workload.

Example 
	1  : 
{ "action" : "accept" } 
 
Example 
	2  : 
{ "action" : "accept" , 
	"workload" :{ "href" : 
	"/orgs/2/workloads/e62d71b3-36c4-4c27-926b-411b93ba6d6f" }} # for the 
	case when an IP is converted to UMWL and accepted as core service 
  
Example 
	3  : 
{ "action" : "reject" } 
 
Example 
	4  : 
{ "action" : "reject" , 
	"feedback" : "Not a core service." } 
 
Example 
	5  : 
{ "action" : "skip" , 
	"feedback" : "Check with Ops if this is a core service." } 
  
Example 
	6  : 
{ "labels_applied" : true }

GET /api/v2/orgs/ :xorg_id /core_service_types/44dd5204-ad29-4bcd-9821-fcb62353a98f

{ 
	"href" : "/orgs/2/core_service_type/44dd5204-ad29-4bcd-9821-fcb62353a98f" , 
	"core_service" : "splunk" , 
	"required_ports" :[{ "port" : 9997 , 
		"to_port" : 10000 }], 
	"optional_ports" :[{ "port" : 112 }, { "port" : 455 }], 
	"labels" : [ 
	{ 
		"value" : "app-splunk" , 
		"key" : 
			"app" 
		"href" : "/orgs/1/labels/2" 
	}, 
	{ 
		"value" : "role-splunk" , 
		"key" : 
			"role" , 
		"href" : "/orgs/1/labels/12" 
	} ], 
	"created_at" : 
		"2020-08-04T05:02:46.648Z" , 
	"updated_at" : 
		"2020-08-05T05:02:46.648Z" 
}

PUT /api/v2/orgs/ :xorg_id /core_service_types/44dd5204-ad29-4bcd-9821-fcb62353a98f

{ 
"labels" : [ 
	{ 
		"href" : "/orgs/1/labels/3" 
	}, 
	{ 
		"href" : "/orgs/1/labels/10" 
	}] 
}

REST APIs for 22.5