ACP Rules Setup
- 11 Oct 2024
- 4 Minutes to read
- Print
- DarkLight
- PDF
ACP Rules Setup
- Updated on 11 Oct 2024
- 4 Minutes to read
- Print
- DarkLight
- PDF
Article summary
Did you find this summary helpful?
Thank you for your feedback
About this Article
This article provides information related to ACP Rules setup using APIs.
ACP Rules Setup using APIs
System admins can add custom rules for ACP using APIs. By design, in Protect mode, VSP blocks all commands executed by remote users using the BUA (Block Unless Allowlisted) model. In case of a malicious intent, no new ACP rules are added and even connecting to the workload through SSH will not spawn a shell session.
A system admin can connect to the workload server unhindered by using a set of APIs to add required custom rules at any time. The admins can use any language and use their own scripts to add or delete rules using the below APIs
Available APIs
Search for Host Profiles
This API is utilized to search for a particular Host Profile in the Profile list using the provided keyword.
Request Type: POST
URL: https://<CMS_IP_Address>>/services/pm/process-profiles/search
Body:
{
"expression": {
"relation": "AND",
"criteriaList": [
{
"operator": "NE",
"ignoreCase": False,
"field": "deleted",
"value": True,
"values": None,
"oid": False
},
{
"operator": "CONTAINS",
"ignoreCase": False,
"field": "name",
"value": <HOST_PROFILE_NAME>,
"values": None,
"oid": False
},
{
"operator": "EQ",
"ignoreCase": False,
"field": "podTemplate",
"value": False,
"values": None,
"oid": False
}
],
"expressionList": []
},
"sort": {
"sortItems": [
{
"key": "id",
"direction": "DESC"
}
]
},
"page": {
"page": 1,
"size": 15
},
"collation": None
}
Search for ACP Policy
This API is utilized to search for a particular ACP Policy in the ACP list using the provided keyword.
Request Type: POST
URL: https://<CMS_IP_Address>>/services/spc/scriptPolicy/search
Body:
{
"expression": {
"relation": "AND",
"criteriaList": [
{
"operator": "CONTAINS",
"ignoreCase": False,
"field": "name",
"value": <POLICY_NAME>,
"values": None,
"oid": False
}
],
"expressionList": []
},
"sort": {
"sortItems": [
{
"key": "name",
"direction": "ASC"
}
]
},
"page": {
"page": 1,
"size": 20
},
"collation": None
}
Search for ACP Rule
This API is utilized to search for a particular ACP rule in an ACP policy using the provided keyword.
Request Type: POST
URL: https://<CMS_IP_Address>>/services/scc/scriptConfig/search
Body:
{
"expression": {
"relation": "AND",
"criteriaList": [
{
"operator": "EQ",
"ignoreCase": False,
"field": "scriptPolicyId",
"value": <POLICY_ID>,
"values": None,
"oid": False
}
],
"expressionList": []
},
"sort": {
"sortItems": [
{
"key": "id",
"direction": "DESC"
}
]
},
"page": {
"page": count+1,
"size": page_size
},
"collation": None
}
Update ACP Rule
This API is utilized to update an ACP rule.
Request Type: POST
URL: https://<CMS_IP_Address>>/services/scc/scriptConfig
Body:
{
"id": "66c2f6890f437a01a0d63d8e",
"scriptPolicyId": "66c2f6830f437a01a0d63c36",
"scriptPolicyName": "Linux_ACP",
"name": "ACP_unzip",
"description": "ACP_unzip",
"consoleAllowed": true,
"interpreter": "^unzip$",
"amsiProtection": false,
"minAllowedVersion": "",
"explicitWhitelistingNeeded": true,
"fileBasedExecutionPolicy": {
"allowed": false,
"mappedExtensions": [],
"onlyWhitelistedScripts": false,
"onlySignedScripts": true
},
"filelessExecutionPolicy": {
"allowed": true,
"unsafeCommandPatterns": {
"allowed": true,
"patterns": [
{
"matchType": "MATCHES",
"pattern": "-r /home/virsec",
"description": "admin"
}
]
},
"allowedParentProcesses": {
"allowed": false,
"patterns": []
},
"allowedUsers": {
"allowed": false,
"patterns": []
}
},
"runtimePolicy": {
"maxNetworkConnections": 2,
"allowedPaths": [],
"registryAccessAllowed": true,
"launchProcessAllowed": true,
"terminateProcessAllowed": true
}
}
Was this article helpful?