Products
Solutions
Partners
Support
Company
Try Now
Pulse Secure Community
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Getting vWAF Baseline Protection latest version through API call

SOLVED
Go to solution
shobithk
Occasional Contributor
‎03-18-2018 09:56:PM
‎03-18-2018 09:56:PM

Getting vWAF Baseline Protection latest version through API call

Hello All,

 

I was working on a project to automate WAF policy creation, addition of baseline handlers and application mapping.  Wondering if anyone can help me out with this query.

 

On Pulse Secure vADC/vWAF 17.4/4.9,  I am trying a rest API call to create a new rule set with BaselineProtection Handler. Basically what i am trying to do is to apply the latest baseline handler through code with latest baseline version available on the system.  If the send a API POST without this parameter, the handler fails to load signatures. But i would like the parameter "baseline_config_version": "201706081942" to be derived dynamically based on the latest baseline update version avaliable on the system. 

 

 

Is there an API call which can return baseline config version which is availiable latest on the device. 

---------------------------------------------------------------------------------------------------------------------------------------

API Details

API URL - https://10.13.103.52:9070/api/af/2.0/applications/a2de24106086e193-cab8761c7db92eaf187d14d03634f3be/...

Method - POST

Body - 

{
"__subnodes": [],
"baseline_config_version": "201709220727",
"comment": "(previous ruleset version: 1)",
"db_last_modified_timestamp": 1521082375,
"db_last_modified_userid": "UUID-61646d696e",
"global_handler": [],
"handler": [
{
"ConfigItems": [
{
"db_last_modified_userid": "unknown",
"last_modified": 1521082371,
"name": "enabled",
"owner": [
[
"wizard",
"Baseline Protection Wizard"
]
],
"type": "boolean",
"value": true
},
{
"db_last_modified_userid": "unknown",
"last_modified": 1521082371,
"name": "exclude_from_baseline_check",
"owner": [
[
"wizard",
"Baseline Protection Wizard"
]
],
"type": "list of (string, list of string, list of string)",
"value": [
[
"Referer",
[
"headers"
],
[
"*"
]
],
[
"__viewstate",
[
"args"
],
[
"*"
]
]
]
},
{
"db_last_modified_userid": "unknown",
"last_modified": 1521082371,
"name": "multiple_decoding",
"owner": [],
"type": "list of (selection of ('args', 'headers', 'uri'), integer, boolean)",
"value": [
[
"args",
1,
true
],
[
"headers",
1,
false
],
[
"uri",
1,
false
]
]
},
{
"db_last_modified_userid": "unknown",
"last_modified": 1521082371,
"name": "included_categories",
"owner": [],
"type": "list of string",
"value": [
"code-injection",
"common-attacks",
"ldap-injection",
"path-traversal",
"scanner",
"shell-injection",
"sql",
"xpath",
"xss"
]
}
],
"db_last_modified_userid": "unknown",
"name": "BaselineProtectionHandler",
"owner": []
}
],
"last_modified": 1521082371,
"name": "initial ruleset",
"owner": [
[
"wizard",
"Baseline Protection Wizard"
]
],
"rules": [
{
"db_last_modified_userid": "unknown",
"handler": [],
"name": ".*",
"owner": [],
"selector": []
}
],
"script_library": {
"db_last_modified_userid": "unknown",
"owner": [],
"script_library": []
},
"version": 2,
"wizardConfig": [
{
"db_last_modified_userid": "unknown",
"last_modified": 0,
"name": "Anti Phishing Wizard",
"owner": []
},
{
"db_last_modified_userid": "unknown",
"last_modified": 0,
"name": "Anti Spider Wizard",
"owner": []
},
{
"data": [
[
"Case Insensitive Arguments",
{
"db_last_modified_userid": "unknown",
"last_modified": 1521082367,
"name": null,
"owner": [],
"type": "boolean",
"value": true
}
],
[
"Choose Baseline Categories",
{
"db_last_modified_userid": "unknown",
"last_modified": 1521082367,
"name": null,
"owner": [],
"type": "dictionary",
"value": {
"Code Injection": {
"description": "Code Injection",
"enabled": true
},
"Common Attacks": {
"description": "Common Attacks",
"enabled": true
},
"Cross-Site Scripting (XSS)": {
"description": "Cross-Site Scripting (XSS)",
"enabled": true
},
"LDAP Injection": {
"description": "LDAP Injection",
"enabled": true
},
"Path Traversal": {
"description": "Path Traversal",
"enabled": true
},
"SQL Injection": {
"description": "SQL Injection",
"enabled": true
},
"Scanner": {
"description": "Scanner",
"enabled": true
},
"Shell Command Injection": {
"description": "Shell Command Injection",
"enabled": true
},
"XPath Injection": {
"description": "XPath Injection",
"enabled": true
}
}
}
],
[
"Choose Baseline Tags",
{
"db_last_modified_userid": "unknown",
"last_modified": 1521082368,
"name": null,
"owner": [],
"type": "dictionary",
"value": {
"ASP": {
"description": "ASP",
"enabled": true
},
"JSP": {
"description": "JSP",
"enabled": true
},
"Java": {
"description": "Java",
"enabled": true
},
"LDAP": {
"description": "LDAP",
"enabled": true
},
"MS-Access": {
"description": "MS-Access",
"enabled": true
},
"MSSQL": {
"description": "MSSQL",
"enabled": true
},
"MySQL": {
"description": "MySQL",
"enabled": true
},
"Oracle": {
"description": "Oracle",
"enabled": true
},
"PHP": {
"description": "PHP",
"enabled": true
},
"Postgres": {
"description": "Postgres",
"enabled": true
}
}
}
],
[
"Choose Baseline Version",
{
"db_last_modified_userid": "unknown",
"last_modified": 1521082365,
"name": null,
"owner": [],
"type": "selection of ('2017-09-22 07:27')",
"value": "2017-09-22 07:27"
}
],
[
"Excluded Arguments",
{
"db_last_modified_userid": "unknown",
"last_modified": 1521082366,
"name": null,
"owner": [],
"type": "list of string",
"value": [
"__viewstate"
]
}
],
[
"Excluded Headers",
{
"db_last_modified_userid": "unknown",
"last_modified": 1521082365,
"name": null,
"owner": [],
"type": "list of string",
"value": [
"Referer"
]
}
],
[
"Reject Multiple Encoded Data",
{
"db_last_modified_userid": "unknown",
"last_modified": 1521082370,
"name": null,
"owner": [],
"type": "boolean",
"value": true
}
]
],
"db_last_modified_userid": "unknown",
"last_modified": 1521082370,
"name": "Baseline Protection Wizard",
"owner": []
},
{
"db_last_modified_userid": "unknown",
"last_modified": 0,
"name": "CodeProfiler Import Wizard",
"owner": []
},
{
"db_last_modified_userid": "unknown",
"last_modified": 0,
"name": "Deep Linking Wizard",
"owner": []
},
{
"db_last_modified_userid": "unknown",
"last_modified": 0,
"name": "OWA Protection Wizard",
"owner": []
},
{
"db_last_modified_userid": "unknown",
"last_modified": 0,
"name": "Payment Card Industry Wizard",
"owner": []
},
{
"db_last_modified_userid": "unknown",
"last_modified": 0,
"name": "Response Header Security Wizard",
"owner": []
},
{
"db_last_modified_userid": "unknown",
"last_modified": 0,
"name": "Secure Session Wizard",
"owner": []
},
{
"db_last_modified_userid": "unknown",
"last_modified": 0,
"name": "Sentinel Import Wizard",
"owner": []
},
{
"db_last_modified_userid": "unknown",
"last_modified": 0,
"name": "Suggest Rules Wizard",
"owner": []
},
{
"db_last_modified_userid": "unknown",
"last_modified": 0,
"name": "ThreadFix Import Wizard",
"owner": []
},
{
"db_last_modified_userid": "unknown",
"last_modified": 0,
"name": "Vulnerability Description Import Wizard",
"owner": []
},
{
"db_last_modified_userid": "unknown",
"last_modified": 0,
"name": "IpBlacklistWizard",
"owner": []
}
]
}

 

Thanks in Advance.

0 Kudos
1 ACCEPTED SOLUTION

Accepted Solutions
pwallace
Community Manager
Community Manager
‎03-19-2018 10:16:AM
‎03-19-2018 10:16:AM

Re: Getting vWAF Baseline Protection latest version through API call

Hello, you should be able to read the You can get the list of all available baselines from here:

http://host:8087/api/af/latest/baselines 

 

So you might be able to access via API calls using something like this:

  1. Response = REST(GET) Call to (http://host:8087/api/af/latest/baselines)  ……make a REST call to the URL
  2. Convert the response JSON to Python Dictionary (if the framework is not already converting)
  3. The below lines should give you the latest baseline
available_baseline_versions = Response['baselines'].keys()
if available_baseline_versions:
    return max(available_baseline_versions)

 

View solution in original post

3 REPLIES 3
pwallace
Community Manager
Community Manager
‎03-19-2018 10:16:AM
‎03-19-2018 10:16:AM

Re: Getting vWAF Baseline Protection latest version through API call

Hello, you should be able to read the You can get the list of all available baselines from here:

http://host:8087/api/af/latest/baselines 

 

So you might be able to access via API calls using something like this:

  1. Response = REST(GET) Call to (http://host:8087/api/af/latest/baselines)  ……make a REST call to the URL
  2. Convert the response JSON to Python Dictionary (if the framework is not already converting)
  3. The below lines should give you the latest baseline
available_baseline_versions = Response['baselines'].keys()
if available_baseline_versions:
    return max(available_baseline_versions)

 

shobithk
Occasional Contributor
‎03-20-2018 05:50:PM
‎03-20-2018 05:50:PM

Re: Getting vWAF Baseline Protection latest version through API call

Thanks, it works.

0 Kudos
pwallace
Community Manager
Community Manager
‎03-21-2018 02:08:AM
‎03-21-2018 02:08:AM

Re: Getting vWAF Baseline Protection latest version through API call

Thanks - kudos to @sudayakumar for help on this one!

 

© 2017 Pulse Secure, LLC. Use of this website assumes acceptance of our Legal Notices and Privacy Policy. Pulse Secure has updated its Privacy Policy effective June 28, 2017.