Downloads a risk profile file in either XML or XLSX format. The XML file represents the last updated definitive risk profile, which may have undergone additional updates. The XLSX option downloads a record of the most recently uploaded Excel file.
Resource name: /api/v1/risks/profiles/{profileName}/download
Request Method: GET
Request parameters:
| Parameter | Type | Description |
|---|---|---|
|
fileType mandatory |
string | Requested file type - xml (default) or xlsx. The XML file constitutes the last updated definitive risk profile, which may have undergone additional updates. The XLSX option downloads a record of the most recently uploaded Excel file. |
|
profileName mandatory |
string | Profile Name. To get the profile name, use GET /api/v1/risks/profiles method from the Risk Profile resource group.. |
cUrl Example:
curl -X GET "https://<localhost>/api/v1/risks/profiles/{profileName}/download?fileType=xml"
Status codes:
| Code | Description |
|---|---|
| 200 | Risk profile file |
| 401 | Unauthorized |
| 404 | Risk profile file doesn't exist |
Response example success 200 (xml):
Displays the risk profile file in the specifies format that can be copied to a text file.
<?xml version="1.0" encoding="UTF-8"?>
<Misconfigs>
<Notes>for test</Notes>
<NotInheritedFromStandard>true</NotInheritedFromStandard>
<Item id="U01">
<Code>U01</Code>
<Brand>Any</Brand>
<Type>queries</Type>
<Title>algosec_1_chargen_tcp from Outside can reach Inside</Title>
<Risk>Susp_High</Risk>
<XQL>Queries/QIndex[@name = "q_srv_Outside_Inside"]
/QEntry[
@srv = "algosec_1_chargen_tcp"
]
/QRes[
@n_risky_dst_ips $ne$ 0 $and$
@n_risky_src_ips $ne$ 0 $and$
@is_vpn $ne$ "yes"
]</XQL>
<Assessment>Your network is accessible from the %HGRP{Outside} using the
%SRV{algosec_1_chargen_tcp} service.
%QREF{q_srv_Outside_Inside:algosec_1_chargen_tcp}
<br>
Number of Outside IP addresses that have access: %N_SRC_IMPACT_IPS
<br>
Number of exposed Inside addresses: %N_DST_IMPACT_IPS
<p>
%PCIDS
</Assessment>
<Remedy>Modify your rules so %SRV{algosec_1_chargen_tcp} is not allowed to enter your network
from the %HGRP{Outside}.
</Remedy>
<Description>test descript</Description>
<Supress/>
<Parsed_XQL from="EXTERNAL" to="INTERNAL" service="algosec_1_chargen_tcp" type="basic" vpn_trust="yes"/>
</Item>
<Item id="U02">
<Code>U02</Code>
<Brand>Any</Brand>
<Type>queries</Type>
<Title>Traffic not allowed by PCI can reach AIRM-PRD-AP_AIRM_A_PRD_APP_EPG_PRD</Title>
<Risk>Medium</Risk>
<XQL>Queries/QIndex[@name = "q_srv_UserHG_UserHG"]
/QEntry[
@srv = "algosec_200_300" $and$
@src = "unnamed_riskU02_src" $and$
@dst = "unnamed_riskU02_dst"
]
/QRes[
@n_dst_ips $ne$ 0 $and$
@n_src_ips $ne$ 0
]</XQL>
<Assessment>The PCI zone (%HGRP{unnamed_riskU02_dst}), which includes servers storing cardholder data,
is accessible using services among those listed in %SRV{algosec_200_300}.
PCI DSS requirement 1.1.5 requires you to document such services.
%QREF{q_srv_UserHG_UserHG:algosec_200_300}
<br>
<br>
Number of source IP addresses that have access: %N_SRC_IMPACT_IPS_COUNT_VPN
<br>
Number of reachable destination IP addresses: %N_DST_IMPACT_IPS_COUNT_VPN
<p>
</Assessment>
<Remedy>Review the rules that allow %SRV{algosec_200_300}
into the PCI zone (%HGRP{unnamed_riskU02_dst}).
You can press the Details button to see the list of rules
and limit their destinations.
Remove any unnecessary rules, and eliminate any services that are not required.
If the remaining services that are necessary for business still trigger this risk item
consider white-listing them. To do so please go to the
%HREF{fwaindex_rules.html}{Risky Rules} tab, and click the "Trust" button
next to the rules allowing the flagged traffic.
</Remedy>
<Description>Traffic not allowed by PCI can reach the PCI zone.</Description>
<Supress/>
<Parsed_XQL from="" to="" service="algosec_200_300" type="PCI" vpn_trust="yes"/>
<Hostgroups_defs dst_def="AIRM-PRD-AP_AIRM_A_PRD_APP_EPG_PRD" dst_name="unnamed_riskU02_dst" src_def="*,A_Hb-Mut-Prod-Rev-Oper_671_ESB-WSO_0000" src_name="unnamed_riskU02_src" serviceH="algosec_200_300"/>
</Item>
</Misconfigs>
Response example failure 400:
{
"error": "Bad Request",
"message": "Invalid request parameters"
}
Clear your browser's cache