Legitimate

List all legitimate

Request

Definition

GET /api/v1/legitimate_rules

Headers

• Authorization required

  An authentication token with privileges to view the resource.

  Bearer {token}

Query string parameters

Parameter	Type	Required	Description
paginate	boolean	Yes	If the result must be paginated.
page	integer	Yes if paginate is true	Page index.
page_size	integer	Yes if paginate is true	Number of items displayed per page.
pattern	string	No	Filters the results related to the specified pattern.
rq_host	string	No	Filters the results related to the specified Host.
rq_host_list	array<string>	No	Filters the results related to the list of Hosts entered.
rq_host_search	string	No	Filters results where the Host matches all or part of the entered string.
target	string	No	Filters the results related to the destination entered.
timestamp_start	integer	No	Filters results created after the entered date.
timestamp_end	integer	No	Filters results created before the entered date.
username	string	No	Filters results where the username of the creator of the legitimate matches the string entered.
username_list	array<string>	No	Filters results where the username of the creator of the legitimate matches one of the items in the list.

Response

Status codes

Status code	Message
200	"List of legitimates"
400	"Error with pagination fields"
403	"Forbidden"

Body

Attributes

• data.legitimates.additional_info object

  Some addtional informations about the legitimate.

• data.legitimates.attack_category string

  Attack category.

• data.legitimates.attack_code string

  Code identifying the type of attack.

• data.legitimates.attack_name string

  Attack type.

• data.legitimates.id string

  Legitimate ID.

• data.legitimates.path string

  URI path that makes up the legitimate.

• data.legitimates.pattern string

  Pattern associated with the legitimate.

• data.legitimates.rq_host string

  Host header associated with the legitimate.

• data.legitimates.target string

  Target field of the legitimate.

• data.legitimates.timestamp integer

  Date and time when the legitimate was created in UNIX format (microseconds).

• data.legitimates.username string

  Username of who created the legitimate.

Example

{
"data": {
    "legitimates": [
    {
        "additional_info": null,
        "attack_category": null,
        "attack_code": null,
        "attack_name": null,
        "id": "5xxONxxxSRBZm3xxxxxPBFexxNE+7AxxyNxxxZrc=",
        "path": null,
        "pattern": "rm -rf",
        "payload": null,
        "rq_host": "xxxxxxxx.xxxxxx.it",
        "target": "parameter_value",
        "timestamp": 1705497122973776,
        "username": "username"
    }
    ]
},
"message": "List of legitimates",
"pagination": null,
"status": "ok"
}

List a specific legitimate

Request

Definition

GET /api/v1/legitimate/{legitimate_id}

Headers

• Authorization required

  Authentication token with privileges to view the resource.

  Bearer {token}

Response

Status codes

Status code	Message
200	"Legitimate retrieved."
400	"Error retrieving legitimate"
400	"Error with pagination fields"
403	"Forbidden"

Body

{
  "data": {
    "legitimate": {
      "additional_info": null,
      "attack_category": null,
      "attack_code": null,
      "attack_name": null,
      "id": "5hxxNERNxxxxm3Blxx£U10PBxxxxNE+7Ap0yxxxxZrx=",
      "path": null,
      "pattern": "rm -rf",
      "payload": null,
      "rq_host": "xxxxxxxx.xxxxx.it",
      "target": "parameter_value",
      "timestamp": 1705497122516684,
      "username": "username"
    }
  },
  "message": "Legitimate retrieved.",
  "status": "ok"
}

Create a legitimate

Request

Definition

POST /api/v1/legitimates

Headers

• Authorization required

  Authentication token with privileges to view the resource.

  Bearer {token}

• Content-Type required

  application/json

Request body

{
  "legitimates": [
    {
      "expression": {
        "type": "values",
        "values": [
          "rm -rf"
        ]
      },
      "fragment": "pattern",
      "rq_host": "xxxxxxxx.xxxxxxx.it",
      "spec_values": {
        "parameter_key": [
          "cmd"
        ],
        "path": "any",
        "request:Host": [
          "xxxxxxxx.xxxxxxx.it"
        ]
      },
      "target": "parameter_value"
    }
  ]
}

Response

Status codes

Status code	Message
200	"Legitimates created"
400	"Error creating legitimates"
403	"Forbidden"

Body

{
  "data": {
    "legitimate_ids": [
      "5hxxNERxxxxZm3Bl0e£UxxxxFelxxE+7ApxxNxxxxrc="
    ]
  },
  "message": "Legitimates created",
  "status": "ok"
}

Delete multiple legitimates

Request

Definition

DELETE /api/v1/legitimates

Headers

• Authorization required

  Authentication token with privileges to view the resource.

  Bearer {token}

• Content-Type required

  application/json

Request body

{
  "legitimate_ids": [
    "5hxxNERxxxxZm3Bl0e£UxxxxFelxxE+7ApxxNxxxxrc="
  ]
}

Response

Status codes

Status code	Message
200	"Legitimates deleted"
400	"Error deleting legitimates"
403	"Forbidden"

Body

{
  "data": {
    "legitimate_ids": [
      "5hxxNERxxxxZm3Bl0e£UxxxxFelxxE+7ApxxNxxxxrc="
    ]
  },
  "message": "Legitimates deleted",
  "status": "ok"
}