Juniper Secure Analytics API Guide Release 2014.7 Modified:2016-07-26 Copyright©2016,JuniperNetworks,Inc. JuniperNetworks,Inc. 1133InnovationWay Sunnyvale,California94089 USA 408-745-2000 www.juniper.net Copyright©2016,JuniperNetworks,Inc.Allrightsreserved. JuniperNetworks,Junos,Steel-BeltedRadius,NetScreen,andScreenOSareregisteredtrademarksofJuniperNetworks,Inc.intheUnited Statesandothercountries.TheJuniperNetworksLogo,theJunoslogo,andJunosEaretrademarksofJuniperNetworks,Inc.Allother trademarks,servicemarks,registeredtrademarks,orregisteredservicemarksarethepropertyoftheirrespectiveowners. JuniperNetworksassumesnoresponsibilityforanyinaccuraciesinthisdocument.JuniperNetworksreservestherighttochange,modify, transfer,orotherwiserevisethispublicationwithoutnotice. JuniperSecureAnalyticsAPIGuide Copyright©2016,JuniperNetworks,Inc. Allrightsreserved. Theinformationinthisdocumentiscurrentasofthedateonthetitlepage. YEAR2000NOTICE JuniperNetworkshardwareandsoftwareproductsareYear2000compliant.JunosOShasnoknowntime-relatedlimitationsthroughthe year2038.However,theNTPapplicationisknowntohavesomedifficultyintheyear2036. ENDUSERLICENSEAGREEMENT TheJuniperNetworksproductthatisthesubjectofthistechnicaldocumentationconsistsof(orisintendedforusewith)JuniperNetworks software.UseofsuchsoftwareissubjecttothetermsandconditionsoftheEndUserLicenseAgreement(“EULA”)postedat http://www.juniper.net/support/eula.html.Bydownloading,installingorusingsuchsoftware,youagreetothetermsandconditionsof thatEULA. ii Copyright©2016,JuniperNetworks,Inc. Table of Contents About the Documentation ............................................liii Documentation and Release Notes .................................liii Documentation Conventions ......................................liii Documentation Feedback .........................................lv Requesting Technical Support .....................................lvi Self-HelpOnlineToolsandResources...........................lvi OpeningaCasewithJTAC.....................................lvi Part1 JuniperSecureAnalyticsAPIGuide Chapter1 RESTful API .......................................................3 RESTful API Overview ................................................3 API Endpoints ...................................................3 RequiredpermissionstoaccesstheAPI..............................3 APIRequestsandResponses.......................................5 Versionheaders..................................................5 Endpoint deprecation .............................................5 Filter Syntax ........................................................6 ComparisonOperators............................................6 NullValuesandComparisonOperators...............................8 Logical Operators ................................................8 SpecifyingJSONFieldsforComparisons..............................8 SpecifyingStringandNumericValuesinFilters........................9 FilteringComplexObjectsbyUsingtheCONTAINSOperator..............9 ListsthatContainSimpleTypes.................................9 ListsthatContainComplexObjects.............................10 TheLIKEOperator...............................................10 SortSyntax.........................................................11 Sorting Multiple Fields ............................................11 EscapingCharactersinSortStrings..................................11 Paging Syntax ..................................................12 Range Header Parameter .........................................12 APIErrorMessages..................................................13 Cross-origin resource sharing ......................................15 Managementofallowedorigins....................................16 Chapter2 APICommand-lineClient...........................................17 APIClientOverview..................................................17 BasicAPICalls..................................................17 CallswithPathParameters........................................18 CallswithQueryParameters.......................................18 Copyright©2016,JuniperNetworks,Inc. iii APIGuide CallswithBodyParameters.......................................18 CallstoOtherConsoles...........................................19 StoredTokensAuthorization.......................................19 UserNameandPasswordAuthorization.............................19 APIClientHelp..................................................19 Chapter3 AccessingtheInteractiveAPIDocumentationPage....................21 AccessingtheInteractiveAPI..........................................21 Chapter4 REST API V6.0 References .........................................23 RESTAPIV6.0References............................................23 Analytics endpoints .............................................23 GET /analytics/custom_actions/actions .........................24 POST /analytics/custom_actions/actions ........................25 GET /analytics/custom_actions/actions/{action_id} ...............28 POST /analytics/custom_actions/actions/{action_id} ..............30 DELETE /analytics/custom_actions/actions/{action_id} ............32 GET /analytics/custom_actions/interpreters ......................33 GET /analytics/custom_actions/interpreters/{interpreter_id} ........34 GET /analytics/custom_actions/scripts ..........................35 POST/analytics/custom_actions/scripts.........................37 GET /analytics/custom_actions/scripts/{script_id} ................38 POST /analytics/custom_actions/scripts/{script_id} ...............39 DELETE /analytics/custom_actions/scripts/{script_id} .............40 Arielendpoints..................................................41 GET /ariel/databases .........................................41 GET/ariel/databases/{database_name}.........................42 GET/ariel/searches..........................................44 POST /ariel/searches ........................................45 GET/ariel/searches/{search_id}................................47 POST /ariel/searches/{search_id} ..............................48 DELETE/ariel/searches/{search_id}.............................51 GET /ariel/searches/{search_id}/results .........................52 Asset model endpoints ..........................................54 GET/asset_model/assets.....................................54 POST /asset_model/assets/{asset_id} ..........................56 GET/asset_model/properties..................................57 GET /asset_model/saved_searches .............................58 GET/asset_model/saved_searches/{saved_search_id}/results.......60 Authenticationendpoints.........................................62 POST /auth/logout ..........................................62 Configurationendpoints..........................................62 GET /config/domain_management/domains .....................63 POST /config/domain_management/domains ....................65 GET /config/domain_management/domains/{domain_id} ..........66 POST/config/domain_management/domains/{domain_id}.........68 DELETE /config/domain_management/domains/{domain_id} .......70 GET/config/access/tenant_management/tenants.................72 POST /config/access/tenant_management/tenants ...............73 GET /config/access/tenant_management/tenants/{tenant_id} ......74 iv Copyright©2016,JuniperNetworks,Inc. TableofContents POST /config/access/tenant_management/tenants/{tenant_id} .....75 DELETE /config/access/tenant_management/tenants/{tenant_id} ...77 GET /config/extension_management/extensions ..................78 POST /config/extension_management/extensions .................81 GET /config/extension_management/extensions/{extension_id} .....84 POST/config/extension_management/extensions/{extension_id}....86 DELETE /config/extension_management/extensions/{extension_id} .....89 GET /config/extension_management/extensions_task_status/{status_id}..90 GET /config/extension_management/extensions_task_status/{status_id}/results..92 GUIapplicationframeworkendpoints...............................94 GET /gui_app_framework/application_creation_task ...............94 POST /gui_app_framework/application_creation_task ..............95 GET /gui_app_framework/application_creation_task/{application_id} ..97 POST /gui_app_framework/application_creation_task/{application_id}..98 GET /gui_app_framework/applications ..........................99 GET/gui_app_framework/applications/{application_id}............102 POST /gui_app_framework/applications/{application_id} ..........106 PUT /gui_app_framework/applications/{application_id} ...........109 DELETE /gui_app_framework/applications/{application_id} .........111 Help endpoints .................................................112 GET/help/endpoints.........................................112 GET /help/endpoints/{endpoint_id} ............................115 GET/help/resources.........................................119 GET /help/resources/{resource_id} ............................120 GET/help/versions..........................................122 GET /help/versions/{version_id} ...............................123 JSAVulnerabilityManagerendpoints...............................125 GET /qvm/assets ...........................................125 GET/qvm/filters............................................126 GET /qvm/network ..........................................127 GET/qvm/openservices......................................128 GET /qvm/saved_searches ...................................129 GET /qvm/saved_searches/vuln_instances/{task_id}/results/assets...131 GET /qvm/saved_searches/vuln_instances/{task_id}/results/vuln_instances..133 GET /qvm/saved_searches/vuln_instances/{task_id}/results/vulnerabilities..134 GET /qvm/saved_searches/vuln_instances/{task_id}/status ........136 GET/qvm/saved_searches/{saved_search_id}....................137 GET /qvm/saved_searches/{saved_search_id}/vuln_instances ......139 POST /qvm/tickets/assign ...................................140 GET /qvm/vulns ............................................141 Copyright©2016,JuniperNetworks,Inc. v APIGuide Referencedataendpoints........................................142 GET /reference_data/map_of_sets .............................143 POST/reference_data/map_of_sets............................145 GET/reference_data/map_of_sets/{name}......................146 POST /reference_data/map_of_sets/{name} ....................148 DELETE/reference_data/map_of_sets/{name}...................149 GET /reference_data/map_of_sets/{name}/dependents ...........152 DELETE /reference_data/map_of_sets/{name}/value/{key} ........154 GET /reference_data/maps ...................................155 POST/reference_data/maps..................................157 GET/reference_data/maps/{name}............................158 POST /reference_data/maps/{name} ..........................160 DELETE /reference_data/maps/{name} .........................161 GET /reference_data/maps/{name}/dependents .................163 DELETE /reference_data/maps/{name}/value/{key} ..............165 GET /reference_data/sets ....................................167 POST/reference_data/sets...................................168 GET /reference_data/sets/{name} .............................170 POST /reference_data/sets/{name} ............................171 DELETE /reference_data/sets/{name} ..........................173 GET /reference_data/sets/{name}/dependents ..................175 DELETE /reference_data/sets/{name}/value/{value} ..............177 POST/reference_data/sets/bulk_load/{name}...................178 GET /reference_data/tables ..................................180 POST/reference_data/tables..................................181 GET /reference_data/tables/{name} ...........................183 POST/reference_data/tables/{name}..........................185 DELETE /reference_data/tables/{name} ........................187 GET /reference_data/tables/{name}/dependents ................189 DELETE /reference_data/tables/{name}/value/{outer_key}/{inner_key} ..191 Scanner endpoints .............................................193 GET /scanner/profiles .......................................193 POST /scanner/profiles/create ................................194 POST /scanner/profiles/start .................................195 GET /scanner/scanprofiles ...................................196 POST /scanner/scanprofiles ..................................198 GET /scanner/scanprofiles/{profileid} ..........................199 POST/scanner/scanprofiles/{profileid}.........................201 DELETE/scanner/scanprofiles/{profileid}.......................202 POST/scanner/scanprofiles/{profileid}/start....................203 SIEM endpoints ...............................................204 GET /siem/local_destination_addresses ........................204 GET /siem/local_destination_addresses/{local_destination_address_id}..206 GET /siem/offense_closing_reasons ...........................208 POST/siem/offense_closing_reasons...........................210 GET/siem/offense_closing_reasons/{closing_reason_id}............211 GET/siem/offense_types.....................................212 vi Copyright©2016,JuniperNetworks,Inc. TableofContents GET /siem/offense_types/{offense_type_id} .....................214 GET /siem/offenses .........................................215 GET/siem/offenses/{offense_id}..............................219 POST /siem/offenses/{offense_id} ............................222 GET /siem/offenses/{offense_id}/notes ........................226 POST/siem/offenses/{offense_id}/notes.......................228 GET/siem/offenses/{offense_id}/notes/{note_id}................229 GET/siem/source_addresses.................................230 GET /siem/source_addresses/{source_address_id} ...............232 Systemendpoints..............................................234 GET/system/servers........................................234 GET /system/servers/{server_id} ..............................236 POST/system/servers/{server_id}.............................237 GET /system/servers/{server_id}/firewall_rules ..................238 PUT /system/servers/{server_id}/firewall_rules ..................240 GET/system/servers/{server_id}/network_interfaces/ethernet......242 POST /system/servers/{server_id}/network_interfaces/ethernet/{device_name}..244 GET /system/servers/{server_id}/network_interfaces/bonded ......248 POST/system/servers/{server_id}/network_interfaces/bonded.....250 POST /system/servers/{server_id}/network_interfaces/bonded/{device_name}..255 DELETE /system/servers/{server_id}/network_interfaces/bonded/{device_name}..261 Chapter5 PreviousRESTAPIversions.......................................263 PreviousRESTAPIversions..........................................263 RESTAPIV5.1References........................................263 Analyticsendpoints.........................................263 Ariel endpoints .............................................281 Assetmodelendpoints......................................294 Authentication endpoints ....................................302 Configuration endpoints .....................................302 GUIapplicationframeworkendpoints..........................334 Help endpoints ............................................352 JSAVulnerabilityManagerendpoints...........................355 Referencedataendpoints....................................363 Scannerendpoints..........................................414 SIEM endpoints ............................................425 System endpoints ..........................................453 RESTAPIV5.0References.......................................472 Analyticsendpoints.........................................472 Ariel endpoints ............................................490 Assetmodelendpoints......................................503 Authenticationendpoints.....................................511 Configuration endpoints ......................................511 GUIapplicationframeworkendpoints..........................543 Help endpoints ............................................559 JSAVulnerabilityManagerendpoints...........................562 Copyright©2016,JuniperNetworks,Inc. vii APIGuide Referencedataendpoints....................................570 Scannerendpoints..........................................621 SIEM endpoints ............................................632 Systemendpoints..........................................660 RESTAPIV4.0References.......................................679 Arielendpoints.............................................679 Assetmodelendpoints......................................692 Authenticationendpoints....................................700 Help endpoints ............................................700 JSAVulnerabilityManagerendpoints...........................704 Referencedataendpoints.....................................711 Scanner endpoints .........................................750 SIEMendpoints.............................................761 Part2 Index Index ........................................................793 viii Copyright©2016,JuniperNetworks,Inc. List of Tables AbouttheDocumentation..........................................liii Table1:NoticeIcons.................................................liv Table2:TextandSyntaxConventions...................................liv Part1 JuniperSecureAnalyticsAPIGuide Chapter1 RESTful API .......................................................3 Table3:RolePermissionsandSecurityProfileRequirements.................4 Table4:FilterComparisonOperators....................................6 Table5:LogicalOperators.............................................8 Table6:JSONFieldsforComparisons...................................9 Table 7: LIKE Operator ...............................................10 Table8:SortOperators...............................................11 Table9:APIErrorMessages...........................................13 Chapter2 APICommand-lineClient...........................................17 Table10:ArgumentsforBasicCalls.....................................18 Chapter3 AccessingtheInteractiveAPIDocumentationPage....................21 Table11:RESTAPIinterfaces..........................................21 Chapter4 REST API V6.0 References .........................................23 Table12:GET/analytics/custom_actions/actionsresourcedetails............24 Table13:GET/analytics/custom_actions/actionsrequestparameterdetails...24 Table14:GET/analytics/custom_actions/actionsresponsecodes............24 Table15:POST/analytics/custom_actions/actionsresourcedetails..........26 Table16:POST/analytics/custom_actions/actionsrequestparameter details ........................................................26 Table17:POST/analytics/custom_actions/actionsrequestbodydetails.......27 Table18:POST/analytics/custom_actions/actionsresponsecodes...........27 Table19:GET/analytics/custom_actions/actions/{action_id}resource details ........................................................28 Table20:GET/analytics/custom_actions/actions/{action_id}requestparameter details ........................................................28 Table21:GET/analytics/custom_actions/actions/{action_id}response codes .........................................................28 Table22:POST/analytics/custom_actions/actions/{action_id}resource details ........................................................30 Table23:POST/analytics/custom_actions/actions/{action_id}request parameter details ...............................................30 Table24:POST/analytics/custom_actions/actions/{action_id}requestbody details.........................................................31 Copyright©2016,JuniperNetworks,Inc. ix APIGuide Table25:POST/analytics/custom_actions/actions/{action_id}response codes .........................................................31 Table26:DELETE/analytics/custom_actions/actions/{action_id}resource details ........................................................32 Table27:DELETE/analytics/custom_actions/actions/{action_id}request parameter details ...............................................32 Table28:DELETE/analytics/custom_actions/actions/{action_id}response codes .........................................................33 Table29:GET/analytics/custom_actions/interpretersresourcedetails........33 Table30:GET/analytics/custom_actions/interpretersrequestparameter details ........................................................33 Table31:GET/analytics/custom_actions/interpretersresponsecodes........34 Table32:GET/analytics/custom_actions/interpreters/{interpreter_id}resource details ........................................................34 Table33:GET/analytics/custom_actions/interpreters/{interpreter_id}request parameter details ...............................................34 Table34:GET/analytics/custom_actions/interpreters/{interpreter_id}response codes .........................................................35 Table35:GET/analytics/custom_actions/scriptsresourcedetails............35 Table36:GET/analytics/custom_actions/scriptsrequestparameterdetails...36 Table37:GET/analytics/custom_actions/scriptsresponsecodes............36 Table38:POST/analytics/custom_actions/scriptsresourcedetails...........37 Table39:POST/analytics/custom_actions/scriptsrequestparameter details ........................................................37 Table40:POST/analytics/custom_actions/scriptsrequestbodydetails.......37 Table41:POST/analytics/custom_actions/scriptsresponsecodes...........37 Table42:GET/analytics/custom_actions/scripts/{script_id}resource details ........................................................38 Table43:GET/analytics/custom_actions/scripts/{script_id}requestparameter details ........................................................38 Table44:GET/analytics/custom_actions/scripts/{script_id}response codes .........................................................38 Table45:POST/analytics/custom_actions/scripts/{script_id}resource details ........................................................39 Table46:POST/analytics/custom_actions/scripts/{script_id}requestparameter details ........................................................39 Table47:POST/analytics/custom_actions/scripts/{script_id}requestbody details ........................................................40 Table48:POST/analytics/custom_actions/scripts/{script_id}response codes.........................................................40 Table49:DELETE/analytics/custom_actions/scripts/{script_id}resource details ........................................................40 Table50:DELETE/analytics/custom_actions/scripts/{script_id}request parameter details ...............................................41 Table51:DELETE/analytics/custom_actions/scripts/{script_id}response codes .........................................................41 Table52:GET/ariel/databasesresourcedetails..........................42 Table53:GET/ariel/databasesrequestparameterdetails..................42 Table54:GET/ariel/databasesresponsecodes..........................42 x Copyright©2016,JuniperNetworks,Inc.