cancel
Showing results for 
Search instead for 
Did you mean: 

Getting vWAF Baseline Protection latest version through API call

SOLVED
Highlighted
Occasional Contributor

Getting vWAF Baseline Protection latest version through API call

Hello All,

 

I was working on a project to automate WAF policy creation, addition of baseline handlers and application mapping.  Wondering if anyone can help me out with this query.

 

On Pulse Secure vADC/vWAF 17.4/4.9,  I am trying a rest API call to create a new rule set with BaselineProtection Handler. Basically what i am trying to do is to apply the latest baseline handler through code with latest baseline version available on the system.  If the send a API POST without this parameter, the handler fails to load signatures. But i would like the parameter "baseline_config_version": "201706081942" to be derived dynamically based on the latest baseline update version avaliable on the system. 

 

 

Is there an API call which can return baseline config version which is availiable latest on the device. 

---------------------------------------------------------------------------------------------------------------------------------------

API Details

API URL - https://10.13.103.52:9070/api/af/2.0/applications/a2de24106086e193-cab8761c7db92eaf187d14d03634f3be/...

Method - POST

Body - 

{
"__subnodes": [],
"baseline_config_version": "201709220727",
"comment": "(previous ruleset version: 1)",
"db_last_modified_timestamp": 1521082375,
"db_last_modified_userid": "UUID-61646d696e",
"global_handler": [],
"handler": [
{
"ConfigItems": [
{
"db_last_modified_userid": "unknown",
"last_modified": 1521082371,
"name": "enabled",
"owner": [
[
"wizard",
"Baseline Protection Wizard"
]
],
"type": "boolean",
"value": true
},
{
"db_last_modified_userid": "unknown",
"last_modified": 1521082371,
"name": "exclude_from_baseline_check",
"owner": [
[
"wizard",
"Baseline Protection Wizard"
]
],
"type": "list of (string, list of string, list of string)",
"value": [
[
"Referer",
[
"headers"
],
[
"*"
]
],
[
"__viewstate",
[
"args"
],
[
"*"
]
]
]
},
{
"db_last_modified_userid": "unknown",
"last_modified": 1521082371,
"name": "multiple_decoding",
"owner": [],
"type": "list of (selection of ('args', 'headers', 'uri'), integer, boolean)",
"value": [
[
"args",
1,
true
],
[
"headers",
1,
false
],
[
"uri",
1,
false
]
]
},
{
"db_last_modified_userid": "unknown",
"last_modified": 1521082371,
"name": "included_categories",
"owner": [],
"type": "list of string",
"value": [
"code-injection",
"common-attacks",
"ldap-injection",
"path-traversal",
"scanner",
"shell-injection",
"sql",
"xpath",
"xss"
]
}
],
"db_last_modified_userid": "unknown",
"name": "BaselineProtectionHandler",
"owner": []
}
],
"last_modified": 1521082371,
"name": "initial ruleset",
"owner": [
[
"wizard",
"Baseline Protection Wizard"
]
],
"rules": [
{
"db_last_modified_userid": "unknown",
"handler": [],
"name": ".*",
"owner": [],
"selector": []
}
],
"script_library": {
"db_last_modified_userid": "unknown",
"owner": [],
"script_library": []
},
"version": 2,
"wizardConfig": [
{
"db_last_modified_userid": "unknown",
"last_modified": 0,
"name": "Anti Phishing Wizard",
"owner": []
},
{
"db_last_modified_userid": "unknown",
"last_modified": 0,
"name": "Anti Spider Wizard",
"owner": []
},
{
"data": [
[
"Case Insensitive Arguments",
{
"db_last_modified_userid": "unknown",
"last_modified": 1521082367,
"name": null,
"owner": [],
"type": "boolean",
"value": true
}
],
[
"Choose Baseline Categories",
{
"db_last_modified_userid": "unknown",
"last_modified": 1521082367,
"name": null,
"owner": [],
"type": "dictionary",
"value": {
"Code Injection": {
"description": "Code Injection",
"enabled": true
},
"Common Attacks": {
"description": "Common Attacks",
"enabled": true
},
"Cross-Site Scripting (XSS)": {
"description": "Cross-Site Scripting (XSS)",
"enabled": true
},
"LDAP Injection": {
"description": "LDAP Injection",
"enabled": true
},
"Path Traversal": {
"description": "Path Traversal",
"enabled": true
},
"SQL Injection": {
"description": "SQL Injection",
"enabled": true
},
"Scanner": {
"description": "Scanner",
"enabled": true
},
"Shell Command Injection": {
"description": "Shell Command Injection",
"enabled": true
},
"XPath Injection": {
"description": "XPath Injection",
"enabled": true
}
}
}
],
[
"Choose Baseline Tags",
{
"db_last_modified_userid": "unknown",
"last_modified": 1521082368,
"name": null,
"owner": [],
"type": "dictionary",
"value": {
"ASP": {
"description": "ASP",
"enabled": true
},
"JSP": {
"description": "JSP",
"enabled": true
},
"Java": {
"description": "Java",
"enabled": true
},
"LDAP": {
"description": "LDAP",
"enabled": true
},
"MS-Access": {
"description": "MS-Access",
"enabled": true
},
"MSSQL": {
"description": "MSSQL",
"enabled": true
},
"MySQL": {
"description": "MySQL",
"enabled": true
},
"Oracle": {
"description": "Oracle",
"enabled": true
},
"PHP": {
"description": "PHP",
"enabled": true
},
"Postgres": {
"description": "Postgres",
"enabled": true
}
}
}
],
[
"Choose Baseline Version",
{
"db_last_modified_userid": "unknown",
"last_modified": 1521082365,
"name": null,
"owner": [],
"type": "selection of ('2017-09-22 07:27')",
"value": "2017-09-22 07:27"
}
],
[
"Excluded Arguments",
{
"db_last_modified_userid": "unknown",
"last_modified": 1521082366,
"name": null,
"owner": [],
"type": "list of string",
"value": [
"__viewstate"
]
}
],
[
"Excluded Headers",
{
"db_last_modified_userid": "unknown",
"last_modified": 1521082365,
"name": null,
"owner": [],
"type": "list of string",
"value": [
"Referer"
]
}
],
[
"Reject Multiple Encoded Data",
{
"db_last_modified_userid": "unknown",
"last_modified": 1521082370,
"name": null,
"owner": [],
"type": "boolean",
"value": true
}
]
],
"db_last_modified_userid": "unknown",
"last_modified": 1521082370,
"name": "Baseline Protection Wizard",
"owner": []
},
{
"db_last_modified_userid": "unknown",
"last_modified": 0,
"name": "CodeProfiler Import Wizard",
"owner": []
},
{
"db_last_modified_userid": "unknown",
"last_modified": 0,
"name": "Deep Linking Wizard",
"owner": []
},
{
"db_last_modified_userid": "unknown",
"last_modified": 0,
"name": "OWA Protection Wizard",
"owner": []
},
{
"db_last_modified_userid": "unknown",
"last_modified": 0,
"name": "Payment Card Industry Wizard",
"owner": []
},
{
"db_last_modified_userid": "unknown",
"last_modified": 0,
"name": "Response Header Security Wizard",
"owner": []
},
{
"db_last_modified_userid": "unknown",
"last_modified": 0,
"name": "Secure Session Wizard",
"owner": []
},
{
"db_last_modified_userid": "unknown",
"last_modified": 0,
"name": "Sentinel Import Wizard",
"owner": []
},
{
"db_last_modified_userid": "unknown",
"last_modified": 0,
"name": "Suggest Rules Wizard",
"owner": []
},
{
"db_last_modified_userid": "unknown",
"last_modified": 0,
"name": "ThreadFix Import Wizard",
"owner": []
},
{
"db_last_modified_userid": "unknown",
"last_modified": 0,
"name": "Vulnerability Description Import Wizard",
"owner": []
},
{
"db_last_modified_userid": "unknown",
"last_modified": 0,
"name": "IpBlacklistWizard",
"owner": []
}
]
}

 

Thanks in Advance.

3 REPLIES
Community Manager

Re: Getting vWAF Baseline Protection latest version through API call

Hello, you should be able to read the You can get the list of all available baselines from here:

http://host:8087/api/af/latest/baselines 

 

So you might be able to access via API calls using something like this:

  1. Response = REST(GET) Call to (http://host:8087/api/af/latest/baselines)  ……make a REST call to the URL
  2. Convert the response JSON to Python Dictionary (if the framework is not already converting)
  3. The below lines should give you the latest baseline
available_baseline_versions = Response['baselines'].keys()
if available_baseline_versions:
    return max(available_baseline_versions)

 

Occasional Contributor

Re: Getting vWAF Baseline Protection latest version through API call

Thanks, it works.

Community Manager

Re: Getting vWAF Baseline Protection latest version through API call

Thanks - kudos to @sudayakumar for help on this one!