Skip to main content

REST APIs for 24.5

  • REST APIs for 24.5
  • Visualization
  • Ransomware Protection Dashboard APIs

Ransomware Protection Dashboard APIs

The Ransomware Dashboard is powered by the two main APIs: time_series and risk_summary.

Multiple APIs are used to manage Ransomware Dashboard features and to generate reports about protection statistics:

Risk Summary APIs

Risk summary APIs are the following:

  • GET /api/v2/orgs/:xorg_id/app_groups/:app_group_id/risk_details

This API is added under specific app_groups to represent the name and os_platforms of the ransomware service.

This API is referencing the schema workloads_by_exposure:

  • workloads_by_exposure

The schema workloads_by_exposure describes the number of workloads with one or more critically risky services as its highest risk. It is also used by the API risk_summary_get.

  • GET /api/v2/orgs/1/app_groups/risk_summary

This API, added under app_groups, returns a ransomware risk summary for each app group.

This API is referencing the common schema workload_exposure_severity:

  • common workload_exposure_severity

The common schema workload_exposure_severity describes exposed ransomware severity for a workload.

  • workloads_get

This Public Stable API was changed to support the Ransomware Dashboard in the following way:

One new object was added: risk_summary, which explains the risk summary for the workload. This object includes a required object ransomware, which supplies these properties:

  • workload_exposure_severity

  • ransomware_protection_percent

  • last_updated_at

  • workloads_risk_details_get

This API, which supplies the risk details, you can see in action on the Workloads page, tab Ransomware Protection.

In addition to the organization admin, the users with access to the workload can view the ransomware protection details for that workload or how many risky ports are protected and how many risky ports are not protected.

  • workload_ransomware_services

This schema is referenced from workloads_risk_details_get to supply the required service data:

  • Service location and name

  • Service Port and Protocol

  • Severity and Protection state of this service

  • Status of the port on the workload

  • Active and Draft policy that applies to the Port

Information about the operating systems has been added for the ransomware service: Windows and Linux.

  • settings_get

This Public Stable API now includes two new properties: num_assets_requiring_ransomware_protection and cloud_secure_tenant_id.

},
    "num_assets_requiring_ransomware_protection": {
      "description": "number of assets that need ransomware protection for this org",
      "type": [
        "integer",
        "null"
      ]
    },
================

    },
    "cloud_secure_tenant_id": {
      "description": "Cloud Secure tenant id corresponding to this organization",
      "type": "string"
    }
  }
}

  • settings_put

This Public Stable API was changed to include the new property num_assets_requiring_ransomware_protection, which provides a number of assets that need ransomware protection in a specific organization (1 - 9999999). Number of assets is between one and 9999999.

"properties": {
    "num_assets_requiring_ransomware_protection": {
      "description": "number of assets that need ransomware protection for this org",
      "type": "integer",
      "minimum": 1,
      "maximum": 9999999
    },
================
},
    "cloud_secure_tenant_id": {
      "description": "Cloud Secure tenant id corresponding to this organization",
      "type": "string"
    }
  }

Risky Services APIs

The new widget for the Ransomware Dashboard displays risky services and their protection coverage scores.

  • GET /api/v2/orgs/:xorg_id/sec_policy/:pversion/services

The API now contains the property average_protection_percent, which is the average amount of ransomware protection percentages for all service ports in the service.

To include the needed data in the response to this request from the UI, the query parameter include_ransomware_protection_percent is used and set to true to include the average percentage data.

Summary Reports

The APIs used to generate summary reports are:

  • reports_risk_summary_ransomware_timeseries_statistics_post

  • reports_risk_summary_ransomware_timeseries_statistics_post_response.

  • reports_risk_summary_get

  • reports_time_series_statistics_post

  • reports_time_series_statistics_post_response

  • reports_risk_summary_ransomware_timeseries_statistics_post

This API is used to show the time series data:

  • Number of managed workloads

  • Percent of the ransomware protection coverage

  • Number of workloads by exposure

Data is presented with the granularity of day, week, month, and quarter, where the default is day.

Payloads for this API can be such as the following:

[{"property":"num_workloads_by_exposure","resolution":"day"}]

[{"property":"ransomware_protection_coverage_percent","resolution":"day"}]

  • reports_risk_summary_ransomware_timeseries_statistics_post_response

This API gives the start and end date of the time period.

  • reports_risk_summary_get

Security administrators use this API to view how many workloads are ransomware protection-ready and then assess the degree of protection in their whole system. This schema supplies the required information to run the Ransomware Dashboard:

  • Number of total workloads

  • Number of protected workloads

  • Number of risky ports by the severity of their risk exposure (low, medium, high, and critical)

  • Workload protection by the port type (admin and legacy)

  • Ransomware protection coverage percent

  • Date when the status was last updated

The property risky_ports_by_category was added to support the widget "Risky ports by type" in the UI.

Four required properties are added for the ransomware objects:

  • top_risky_applications

  • top_risky_services

  • num_risky_services

  • num_unenforced_workloads

  • num_protected_unprotected_ports

This schema is referenced from reports_risk_summary_get.schema.json to supply the number of protected and unprotected ports for a specified risk level.

Other APIs that support Summary Reports

  • report_schedules_post

  • report_schedules_put

  • reports_schedules_get

  • report_templates_get

  • reports_get

APIs referencing ransomware_risk_report_params through the property report_parameters
  • reports_time_series_statistics_post

This schema supplies the granularity of the time series data.

The API reports_time_series_statistics_post includes these properties:

  • num_managed_workloads, which is requested by the payload. The resolution might be day, week, month, and quarter, which defines what the UI will show. The default value is "day".

  • ransomware_protection_coverage_percent: Percent of the ransomware protection coverage

  • num_workloads_by_exposure: Number of workloads by exposure

Data is presented with the granularity of day, week, month, and quarter, where the default is day.

  • reports_time_series_statistics_post_response

This API specifies the time series data about the protected workloads.

This API gives the percentage of the end date of the counted period.

It is referencing the schema num_workloads_by_exposure_time_series.