| Object type: advisor-container | |
|---|---|
| Needs description. | |
| Field | Description |
| attack-details | List of AdvAttackDetails objects as a result of executing an advisor report. Definition |
| attack-summaries | List of AttackSummary objects as a result of executing an advisor report. Definition |
| events | The list of AssetEventData objects used to locate AssetData objects when executing an asset report. Definition |
| id | Unique identifier for advisor container. |
| meta | The metadata for an object, including the object type name and the URL reference to the object. Definition |
| Object type: meta | |
|---|---|
| The metadata for an object, including the object type name and the URL reference to the object. | |
| Field | Description |
| @href | The URL reference to the object. |
| type | The name of the object type |
| Object type: attack-summary | |
|---|---|
| An Advisor Summary Details object contains summary information about real-time vulnerabilities of enterprise assets. | |
| Field | Description |
| attack-name | The vulnerability attack name which is built from the product name (RV31) and attack name (RT1) event fields. |
| bug-traqids | List of BugTraq IDs associated with the vulnerability. |
| cveids | List of CVE IDs associated with the vulnerability. |
| osvids | List of OSV IDs associated with the vulnerability. |
| uuid | Unique identifier for advisor attack summary. |
| Object type: advisor-event-data | |
|---|---|
| An Advisor Event Data object contains event information required to search for advisor attacks in the system such as the attack name as well as event IDs and event times. | |
| Field | Description |
| attack-pair | The vulnerability attack name which is built from the product name (RV31) and attack name (RT1) event fields. |
| time | Used to find vulnerabilities associated with a given event ID and time. |
| uuid | Used to find vulnerabilities associated with a given event ID and time. |
| Object type: adv-attack-details | |
|---|---|
| An Advisor Attack Details object contains information about real-time vulnerabilities of enterprise assets. | |
| Field | Description |
| attack-scenario | The path used to exploit the vulnerability. |
| category | A general grouping or classification of the vulnerability. |
| description | An abreviated description of the vulnerability. |
| full-desc | A description or explanation of the cause and effect the vulnerability may have on the system. |
| Id | Needs description. |
| impact | The impact the vulnerability has on the system. |
| patches | Links to software patches or updates which can be applied to mitigate the vulnerability. |
| severity | The relative seriousness of the vulnerability. |
| solution-desc | Suggested solutions to the vulnerability. |
| title | The vulnerability title. |
| urgency | The level of attention that should be given to mitigating the vulnerability. |
| uuid | Unique identifier for advisor attack. |
GET https://164.99.19.131:8443/SentinelRESTServices/objects/advisor-container/Wildebeest
{
"meta":{
"type":"advisor-container",
"@href":"https://164.99.19.131:8443/SentinelRESTServices/objects/advisor-container/Wildebeest"
},
"id":"Wildebeest",
"attack-summaries":[
{
"bug-traqids":[
"20249"
],
"osvids":[
"3561"
],
"attack-name":"SecureNet_Provider,TTP Client [xml-rpc PHP Code Injection] Attack V1 -NG",
"uuid":"79600390-9B73-102E-A3E2-001676E4A757",
"cveids":[
"2001-0144"
]
}
],
"events":[
{
"time":"2012-04-25T13:33:44.489Z",
"attack-pair":"SecureNet_Provider,TTP Client [xml-rpc PHP Code Injection] Attack V1 -NG",
"uuid":"79600390-9B73-102E-A3E2-001676E4A757"
}
],
"attack-details":[
{
"category":"Manipulation",
"title":"jdoe",
"patches":"http://www.cisco.com/warp/public/707/Microsoft-IIS-vulnerabilities-MS02-018.shtml",
"description":"ACC IMoveis 4.0 imoveis.php id Parameter SQL Injection",
"full-desc":"ACC IMoveis contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the 'imoveis.php' script not properly sanitizing user-supplied input to the 'id' parameter. This may allow an attacker to inject or manipulate SQL queries in the back-end database, allowing for the manipulation or disclosure of arbitrary data.",
"solution-desc":"Install Patch Q319733, as it has been reported to fix this vulnerability. It is also possible to correct the flaw by implementing the following workaround: Disable FTP - The IIS Lockdown Tool disables FTP by default.",
"attack-scenario":"http://[victim]/cgi-bin/dumpenv.pl",
"severity":4,
"Id":42,
"uuid":"79600390-9B73-102E-A3E2-001676E4A757",
"impact":"Loss of Availability",
"urgency":1
}
]
}
| Object type: advisor-container | ||
|---|---|---|
| Needs description. | ||
| Field | Required | Description |
| attack-details | false | List of AdvAttackDetails objects as a result of executing an advisor report. Definition |
| attack-summaries | false | List of AttackSummary objects as a result of executing an advisor report. Definition |
| events | false | The list of AssetEventData objects used to locate AssetData objects when executing an asset report. Definition |
| id | false | Unique identifier for advisor container. |
| Object type: meta | ||
|---|---|---|
| The metadata for an object, including the object type name and the URL reference to the object. | ||
| Field | Required | Description |
| @href | false | The URL reference to the object. |
| type | false | The name of the object type |
| Object type: attack-summary | ||
|---|---|---|
| An Advisor Summary Details object contains summary information about real-time vulnerabilities of enterprise assets. | ||
| Field | Required | Description |
| attack-name | false | The vulnerability attack name which is built from the product name (RV31) and attack name (RT1) event fields. |
| bug-traqids | false | List of BugTraq IDs associated with the vulnerability. |
| cveids | false | List of CVE IDs associated with the vulnerability. |
| osvids | false | List of OSV IDs associated with the vulnerability. |
| uuid | false | Unique identifier for advisor attack summary. |
| Object type: advisor-event-data | ||
|---|---|---|
| An Advisor Event Data object contains event information required to search for advisor attacks in the system such as the attack name as well as event IDs and event times. | ||
| Field | Required | Description |
| attack-pair | false | The vulnerability attack name which is built from the product name (RV31) and attack name (RT1) event fields. |
| time | false | Used to find vulnerabilities associated with a given event ID and time. |
| uuid | false | Used to find vulnerabilities associated with a given event ID and time. |
| Object type: adv-attack-details | ||
|---|---|---|
| An Advisor Attack Details object contains information about real-time vulnerabilities of enterprise assets. | ||
| Field | Required | Description |
| attack-scenario | false | The path used to exploit the vulnerability. |
| category | false | A general grouping or classification of the vulnerability. |
| description | false | An abreviated description of the vulnerability. |
| full-desc | false | A description or explanation of the cause and effect the vulnerability may have on the system. |
| Id | false | Needs description. |
| impact | false | The impact the vulnerability has on the system. |
| patches | false | Links to software patches or updates which can be applied to mitigate the vulnerability. |
| severity | false | The relative seriousness of the vulnerability. |
| solution-desc | false | Suggested solutions to the vulnerability. |
| title | false | The vulnerability title. |
| urgency | false | The level of attention that should be given to mitigating the vulnerability. |
| uuid | false | Unique identifier for advisor attack. |
PUT https://164.99.19.131:8443/SentinelRESTServices/objects/advisor-container/Wildebeest
{
"id":"Wildebeest",
"attack-summaries":[
{
"bug-traqids":[
"20249"
],
"osvids":[
"3561"
],
"attack-name":"SecureNet_Provider,TTP Client [xml-rpc PHP Code Injection] Attack V1 -NG",
"uuid":"79600390-9B73-102E-A3E2-001676E4A757",
"cveids":[
"2001-0144"
]
}
],
"events":[
{
"time":"2012-04-25T13:33:44.489Z",
"attack-pair":"SecureNet_Provider,TTP Client [xml-rpc PHP Code Injection] Attack V1 -NG",
"uuid":"79600390-9B73-102E-A3E2-001676E4A757"
}
],
"attack-details":[
{
"category":"Manipulation",
"title":"jdoe",
"patches":"http://www.cisco.com/warp/public/707/Microsoft-IIS-vulnerabilities-MS02-018.shtml",
"description":"ACC IMoveis 4.0 imoveis.php id Parameter SQL Injection",
"full-desc":"ACC IMoveis contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the 'imoveis.php' script not properly sanitizing user-supplied input to the 'id' parameter. This may allow an attacker to inject or manipulate SQL queries in the back-end database, allowing for the manipulation or disclosure of arbitrary data.",
"solution-desc":"Install Patch Q319733, as it has been reported to fix this vulnerability. It is also possible to correct the flaw by implementing the following workaround: Disable FTP - The IIS Lockdown Tool disables FTP by default.",
"attack-scenario":"http://[victim]/cgi-bin/dumpenv.pl",
"severity":4,
"Id":42,
"uuid":"79600390-9B73-102E-A3E2-001676E4A757",
"impact":"Loss of Availability",
"urgency":1
}
]
}
DELETE https://164.99.19.131:8443/SentinelRESTServices/objects/advisor-container/Wildebeest