ACP Rules Setup
  • 11 Oct 2024
  • 4 Minutes to read
  • Dark
    Light
  • PDF

ACP Rules Setup

  • Dark
    Light
  • PDF

Article summary

About this Article
This article provides information related to ACP Rules setup using APIs.

ACP Rules Setup using APIs

System admins can add custom rules for ACP using APIs. By design, in Protect mode, VSP blocks all commands executed by remote users using the BUA (Block Unless Allowlisted) model. In case of a malicious intent, no new ACP rules are added and even connecting to the workload through SSH will not spawn a shell session.

 A system admin can connect to the workload server unhindered by using a set of APIs to add required custom rules at any time. The admins can use any language and use their own scripts to add or delete rules using the below APIs


Available APIs

Search for Host Profiles

This API is utilized to search for a particular Host Profile in the Profile list using the provided keyword.

Request Type: POST

URL: https://<CMS_IP_Address>>/services/pm/process-profiles/search

Body:

{

         "expression": {

             "relation": "AND",

             "criteriaList": [

            {

                 "operator": "NE",

                 "ignoreCase": False,

                 "field": "deleted",

                 "value": True,

                 "values": None,

                 "oid": False

            },

            {

                 "operator": "CONTAINS",

                 "ignoreCase": False,

                 "field": "name",

                 "value": <HOST_PROFILE_NAME>,

                 "values": None,

                 "oid": False

            },

            {

                 "operator": "EQ",

                 "ignoreCase": False,

                 "field": "podTemplate",

                 "value": False,

                 "values": None,

                 "oid": False

            }

            ],

             "expressionList": []

        },

        "sort": {

             "sortItems": [

                {

                     "key": "id",

                     "direction": "DESC"

                }

            ]

        },

        "page": {

             "page": 1,

             "size": 15

        },

         "collation": None

    }


Search for ACP Policy

This API is utilized to search for a particular ACP Policy in the ACP list using the provided keyword.

Request Type: POST

URL: https://<CMS_IP_Address>>/services/spc/scriptPolicy/search

Body:

{

     "expression": {

         "relation": "AND",

         "criteriaList": [

            {

                 "operator": "CONTAINS",

                 "ignoreCase": False,

                 "field": "name",

                 "value": <POLICY_NAME>,

                 "values": None,

                 "oid": False

            }

        ],

         "expressionList": []

    },

    "sort": {

         "sortItems": [

            {

                 "key": "name",

                 "direction": "ASC"

            }

        ]

    },

    "page": {

        "page": 1,

        "size": 20

    },

    "collation": None

}


Search for ACP Rule

This API is utilized to search for a particular ACP rule in an ACP policy using the provided keyword.

Request Type: POST

URL: https://<CMS_IP_Address>>/services/scc/scriptConfig/search

Body:

{

     "expression": {

         "relation": "AND",

         "criteriaList": [

            {

                 "operator": "EQ",

                 "ignoreCase": False,

                 "field": "scriptPolicyId",

                 "value": <POLICY_ID>,

                 "values": None,

                 "oid": False

            }

        ],

         "expressionList": []

    },

    "sort": {

         "sortItems": [

            {

                 "key": "id",

                 "direction": "DESC"

            }

        ]

    },

    "page": {

        "page": count+1,

        "size": page_size

    },

    "collation": None

}


Update ACP Rule

This API is utilized to update an ACP rule.

Request Type: POST

URL: https://<CMS_IP_Address>>/services/scc/scriptConfig

Body:

{

    "id": "66c2f6890f437a01a0d63d8e",

     "scriptPolicyId": "66c2f6830f437a01a0d63c36",

     "scriptPolicyName": "Linux_ACP",

    "name": "ACP_unzip",

     "description": "ACP_unzip",

    "consoleAllowed": true,

     "interpreter": "^unzip$",

     "amsiProtection": false,

     "minAllowedVersion": "",

     "explicitWhitelistingNeeded": true,

     "fileBasedExecutionPolicy": {

      "allowed": false,

       "mappedExtensions": [],

       "onlyWhitelistedScripts": false,

       "onlySignedScripts": true

    },

     "filelessExecutionPolicy": {

      "allowed": true,

       "unsafeCommandPatterns": {

         "allowed": true,

         "patterns": [

          {

             "matchType": "MATCHES",

             "pattern": "-r /home/virsec",

             "description": "admin"

          }

        ]

      },

       "allowedParentProcesses": {

         "allowed": false,

         "patterns": []

      },

       "allowedUsers": {

         "allowed": false,

         "patterns": []

      }

    },

     "runtimePolicy": {

       "maxNetworkConnections": 2,

       "allowedPaths": [],

       "registryAccessAllowed": true,

       "launchProcessAllowed": true,

       "terminateProcessAllowed": true

    }

  }





Was this article helpful?