Get application instances
get
/api/v1/applications
Get all application instances registered with the tenant, along with the associated details. This API is currently supported only for AWS application instances. By default, all registered AWS instances and their details will be returned. Optionally, pass an instance ID as a query parameter to get details for only a single AWS instance.
Request
Supported Media Types
- application/json
Query Parameters
-
applicationInstanceId(optional): string
The ID of the application instance to be retrieved. This is an optional parameter.
Header Parameters
-
Authorization: string
Contains authorization token receieved by making create token request. The format is 'Bearer' followed by the token, which starts with v2.
-
X-Apprity-Tenant-Id: string
The tenant ID for which you are making this call.
Response
Supported Media Types
- application/json
- application/gzip
200 Response
Successfully retrieved instance(s) and the details.
Root Schema : ApplicationReadResponse
Type:
object
The body of a read response will have information of all instances or individual instance, as desired by the call. The API will list out all instances and details of each instance. The security control values of each instance are also listed.
Show Source
-
application(optional):
array application
-
message(optional):
string
A friendly message which indicates success or failure.
-
tenantId(optional):
string
The tenant id for which read is being called
Nested Schema : Application
Type:
Show Source
object
-
applicationName(optional):
string
Name of the application.
-
instanceId(optional):
string
ID of the application instance.
-
instanceName(optional):
string
Name of the application instance.
-
monitoringType(optional):
string
The type monitoring: Standard, Stringent or Custom.
-
securityControls(optional):
object SecurityControls
This body represents the security controls passed to AWS. The Security Control Type is either Stringent, Standard, or Custom.
-
url(optional):
string
The URL of the application instance.
Nested Schema : SecurityControls
Type:
object
This body represents the security controls passed to AWS. The Security Control Type is either Stringent, Standard, or Custom.
Show Source
-
securityControlParameters:
object SecurityControlParameters
These are the controls which AWS provides to define the security posture of an instance. See individual properties for details on each.
-
securityControlType:
string
Value set to either Stringent, Standard, or Custom.
Nested Schema : SecurityControlParameters
Type:
object
These are the controls which AWS provides to define the security posture of an instance. See individual properties for details on each.
Show Source
-
allowUsersToChangePassword(optional):
boolean
Default Value:
false
Set to true to allow all IAM users in your account to use the IAM console to change their own passwords. -
ebsNonEncryptedVolumes(optional):
boolean
Default Value:
false
Set to true to EBS volume encryption status. -
ebsNonEncryptedVolumesFilter:
string
If you don't want to trigger alert for certain nonencrypted volumnes, then you can set those exceptions here.
-
ec2NAclAllowAllChecker(optional):
boolean
Default Value:
false
Check if network ACLs have Allow All set as the default. -
ec2NAclPortsChecker(optional):
boolean
Default Value:
false
Set to true to require network ACLs to use secure open ports. -
ec2NAclPortsCheckerFilter:
string
If there are specific unsecured ports that you don???t want to trigger an alert when your security control baseline says that secured ports are required, then you must select the Custom baseline type, and set those exceptions here.
-
ec2SecurityGroupChecker(optional):
boolean
Default Value:
false
Set to true to require security group checking for unsecured ports. -
ec2SecurityGroupCheckerFilter:
string
If you don't want to trigger alert for certain ec2 security groups, then you can set those exceptions here.
-
hardExpiry(optional):
boolean
Default Value:
false
Set this to true to prevent IAM users from choosing a new password after their current password has expired. For example, if the password policy specifies a password expiration period, but an IAM user fails to choose a new password before the expiration period ends, the IAM user cannot set a new password. In that case, the IAM user must request a password reset from an account administrator in order to regain access to the AWS Management Console. If you leave this check box cleared and an IAM user allows his or her password to expire, the user will be required to set a new password before accessing the AWS Management Console. -
maxPasswordAge(optional):
integer(int32)
Minimum Value:
1
Maximum Value:1095
You can set IAM user passwords to be valid for only the specified number of days. You specify the number of days that passwords remain valid after they are set. For example, when you enable password expiration and set the password expiration period to 90 days, an IAM user can use a password for up to 90 days. After 90 days, the password expires and the IAM user must set a new password before accessing the AWS Management Console. You can choose a password expiration period between 1 and 1095 days, inclusive. -
mfaChecker(optional):
boolean
Default Value:
false
Specify the root user to use multifactor authentication. -
minimumPasswordLength(optional):
integer(int32)
Minimum Value:
6
Maximum Value:128
Specify the minimum number of characters allowed in an IAM user password. You can enter any number from 6 to 128. -
passwordReusePrevention(optional):
integer(int32)
Minimum Value:
1
Maximum Value:24
You can prevent IAM users from reusing a specified number of previous passwords. You can set the number of previous passwords from 1 to 24, inclusive. -
r53NoHealthChecks(optional):
boolean
Default Value:
false
Check use of Route 53 health checks. -
r53NoHostedZones(optional):
boolean
Default Value:
false
Set this to true to check use of Route 53 hosted zones. -
rdsNonEncryptedDbs(optional):
boolean
Default Value:
false
Check RDS encryption status. -
rdsNonEncryptedDbsFilter:
string
If you don't want to trigger alert for certain non encrypted Dbs, then you can set those exceptions here.
-
requireLowercaseCharacters(optional):
boolean
Default Value:
false
You can require that IAM user passwords contain at least one lowercase character from the ISO basic Latin alphabet (a to z). -
requireNumbers(optional):
boolean
Default Value:
false
You can require that IAM user passwords contain at least one numeric character (0 to 9). -
requireSymbols(optional):
boolean
Default Value:
false
You can require that IAM user passwords contain at least one of the following nonalphanumeric characters:! @ # $ % ^ & * ( ) _ + - = [ ] { } | ' -
requireUppercaseCharacters(optional):
boolean
Default Value:
false
You can require that IAM user passwords contain at least one uppercase character from the ISO basic Latin alphabet (A to Z). -
s3IsMfaEnableForDeleteBucketChecker(optional):
boolean
Default Value:
false
Require multifactor authentication when deleting an S3 bucket. -
s3ServerSideEncryptChecker(optional):
boolean
Default Value:
false
Ensure that all S3 server buckets are encrypted. -
s3ServerSideEncryptCheckerFilter:
string
You can filter the results by providing the s3 buckets that are to be excluded/allowed.
400 Response
Bad request format. Check the response for more information on which fields are inaccurate. Ensure that you have a request which follows the format.
Root Schema : Error
Type:
Show Source
object
-
code(optional):
string
HTTP Status Code.
-
message(optional):
string
The error message.
401 Response
Unauthorized get API call. See response for more details.
Root Schema : Error
Type:
Show Source
object
-
code(optional):
string
HTTP Status Code.
-
message(optional):
string
The error message.
403 Response
Get Request is forbidden. It is likely the CASB APIs aren???t enabled for the tenant.
Root Schema : Error
Type:
Show Source
object
-
code(optional):
string
HTTP Status Code.
-
message(optional):
string
The error message.
404 Response
Resource requested(instance ID) is not present.
Root Schema : Error
Type:
Show Source
object
-
code(optional):
string
HTTP Status Code.
-
message(optional):
string
The error message.
412 Response
A precondition for this API has failed. Response has more details.
Root Schema : Error
Type:
Show Source
object
-
code(optional):
string
HTTP Status Code.
-
message(optional):
string
The error message.
500 Response
Internal Server error occurred. See response for more details.
Root Schema : Error
Type:
Show Source
object
-
code(optional):
string
HTTP Status Code.
-
message(optional):
string
The error message.
Examples
The following example shows how to create an AWS application instance by submitting a GET request.
Example URL: Retrieving All Application Instances
https://<CASB-STACK>.casb.ocp.oraclecloud.com/api/v1/applications?
Example Response Body: Retrieving All Application Instances
The following example shows the contents of the response body in JSON format:
{
"application": [
{
"applicationName": "AWS",
"instanceId": "12345678-9101-abcd-efgh-ijklmnopqrst",
"instanceName": "RI",
"SecurityControls": {
"securityControlParameters": {
"minimumPasswordLength": 6,
"requireUppercaseCharacters": false,
"requireLowercaseCharacters": false,
"requireNumbers": false,
"requireSymbols": false,
"allowUsersToChangePassword": false,
"maxPasswordAge": 45,
"passwordReusePrevention": 5,
"hardExpiry": false,
"mfaChecker": false,
"s3ServerSideEncryptChecker": false,
"s3BucketPublicAccessACLChecker": false,
"s3IsMfaEnableForDeleteBucketChecker": false,
"ec2SecurityGroupChecker": false,
"ec2NAclPortsChecker": false,
"ec2NAclAllowAllChecker": false,
"r53NoHostedZones": false,
"r53NoHealthChecks": false,
"ebsNonEncryptedVolumes": false,
"rdsNonEncryptedDbs": false
}
},
"url": "AWS/485bd647-6461-477a-a4be-3f759681a274"
}
],
"tenantId": "abcdefgh-1234-ijkl-5678-mnopqrstuvwx"
}