The Dome9 API enables developers to access Dome9 functionality by using an API key.
This is a public preview of the next generation Dome9 V2 api.
While there are many more resources already implemented, the resources below are documented and validated for external usage.
If there are any other api use-case - please contact us at [email protected]. We'll then verify and document these resources / actions.
For creating a new API key please navigate to Credentials tab in My Settings page.
As you can see in the screen shot below, you have a box of V2 API, where you can manage your API keys.
By clicking on CREATE API KEY, you will see the next popup:
Save your new API key, ID and Secret, because there is no way to recover the secret number.
-
Once you have the api key, you are ready to work with the Dome9 V2 API...
-
Note: The maximum number of API keys is 7.
The base URL for Dome9 API V2 is: https://api.dome9.com/v2/
The API is using HTTP Basic Authentication scheme.
You'll use the api key id as the user name and the apiKeySecret as the password.
Example:
me$ curl -u your-api-key-id:your-api-key-secret https://api.dome9.com/v2/CloudAccounts
[{"id":"1eeab7ac-8443-4d18-aa0b-e3201ff1d731","vendor":"aws","name":"aws prod","externalAccountNumber":"1111111111","error":null,"credentials":{"apikey":"AKIAIMLTZZXXXXXX","arn":null,"secret":null,"iamUser":null,"type":"UserBased","isReadOnly":null},"iamSafe":null,"netSec":{"regions":[...
... redacted ...
- GET
- Change Protection Mode
- Create Security Groups
- Create Service
- Overwrite Security Group
- Overwrite service
- Delete service
- Delete Security Groups
The GET request returns all cloud security groups, which are protected by Dome9.
URL: /CloudSecurityGroup/{groupid}
METHOD: GET
groupid: if the request is made without the security group id, then all security groups protected by Dome9 will be returned.
Example:
curl -u id:secret -X GET --header 'Accept: application/json' 'https://api.dome9.com/v2/cloudsecuritygroup/529900'
{
"securityGroupId": "integer",
"externalId": "string",
"isProtected": "boolean",
"securityGroupName": "string",
"vpcId": "string",
"vpcName": "string",
"regionId": "string",
"cloudAccountId": "string",
"cloudAccountName": "string",
"services": {},
"tags": {}
}
- securityGroupId (integer): The Security Group ID in Dome9.
- externalId (string): The Security Group ID in AWS.
- isProtected (boolean, optional): will appear as "true" if the group is in "Full Protection" mode, or will appear as "false" if the group is in "Read Only" mode.
- securityGroupName (string, optional): The name of the Security Group.
- description (string, optional): The description of the Security Group.
- vpcId (string, optional): The VPC id of the Security Group.
- vpcName (string, optional): The VPC name of the Security Group.
- regionId (string, optional): Can be one of the following regions - 'us_east_1', 'us_west_1', 'eu_west_1', 'ap_southeast_1', 'ap_northeast_1', 'us_west_2', 'sa_east_1', 'az_1_region_a_geo_1', 'az_2_region_a_geo_1', 'az_3_region_a_geo_1', 'ap_southeast_2', 'mellanox_region', 'us_gov_west_1', 'eu_central_1', 'ap_northeast_2'
- cloudAccountId (string, optional): Dome9 Cloud Account ID.
- services (object, optional) - The inbound and outbound services of the security group.
- tags (object, optional) - The security group's tags.
Change the protection mode to "Read Only" or "Full Protection".
URL: /CloudSecurityGroup/{groupId}/protection-mode
METHOD: POST
groupid: The groupid can be either the group's Dome9 internal ID or the group's AWS ID (externalId).
BODY:
{
"protectionMode": "string" /*required*/
}
- protectionMode(string): can be either 'FullManage' or 'ReadOnly'
Example:
curl -u id:secret -X POST --header 'Content-Type: application/json' --header 'Accept: application/json' -d '{
"protectionMode": "ReadOnly"
}' 'https://api.dome9.com/v2/cloudsecuritygroup/429618/protection-mode'
{
"securityGroupId": "integer",
"externalId": "string",
"isProtected": "boolean",
"securityGroupName": "string",
"vpcId": "string",
"regionId": "string",
"cloudAccountId": "string",
"cloudAccountName": "string",
"services": {},
"tags": {}
}
- securityGroupId (integer): The Security Group ID in Dome9.
- externalId (string): The Security Group ID in AWS.
- isProtected (boolean, optional): will appear as "true" if the group is in "Full Protection" mode, or will appear as "false" if the group is in "Read Only" mode.
- securityGroupName (string, optional): The name of the Security Group.
- description (string, optional): The description of the Security Group.
- vpcId (string, optional): The VPC id of the Security Group.
- regionId (string, optional): Can be one of the following regions - 'us_east_1', 'us_west_1', 'eu_west_1', 'ap_southeast_1', 'ap_northeast_1', 'us_west_2', 'sa_east_1', 'az_1_region_a_geo_1', 'az_2_region_a_geo_1', 'az_3_region_a_geo_1', 'ap_southeast_2', 'mellanox_region', 'us_gov_west_1', 'eu_central_1', 'ap_northeast_2'
- cloudAccountId (string, optional): Dome9 Cloud Account ID.
- services (object, optional) - The security group's inbound and outbound services.
- tags (object, optional) - The security group's tags.
URL: /CloudSecurityGroup
METHOD: POST
BODY:
{
"securityGroupName": "string",
"description": "string",
"vpcId": "string",
"regionId": "string",
"cloudAccountId": "string",
"cloudAccountName": "string",
"services": {
"inbound": [
{
"name": "string" /*required*/,
"id": "string",
"description": null,
"protocolType": "string" /*required*/,
"port": "string" /*required*/,
"openForAll": "boolean" /*required*/,
"scope": [
{
"type": "string",
"data": {
"cidr": "string",
"note": null
}
}
],
"icmpType": "string",
}
],
"outbound": [
{
"name": "string" /*required*/,
"id": "string",
"description": "string",
"protocolType": "string" /*required*/,
"port": "string" /*required*/,
"openForAll": "boolean" /*required*/,
"scope": [
{
"type": "string",
"data": {
"cidr": "string",
"note": "string",
}
}
],
"icmpType": "string",
}
]
}
"tags": {}
}
- securityGroupName (string, optional): The name of the Security Group.
- description (string, optional): The description of the Security Group.
- vpcId (string, optional): The VPC of the Security Group.
- regionId (string, optional): Can be one of the next regions - 'us_east_1', 'us_west_1', 'eu_west_1', 'ap_southeast_1', 'ap_northeast_1', 'us_west_2', 'sa_east_1', 'az_1_region_a_geo_1', 'az_2_region_a_geo_1', 'az_3_region_a_geo_1', 'ap_southeast_2', 'mellanox_region', 'us_gov_west_1', 'eu_central_1', 'ap_northeast_2'
- cloudAccountId (string, optional): Dome9 Cloud Account ID.
- services (object, optional): an option to add services to the security group.
- name (string): The service name.
- id (string) : The service id.
- description (string, optional): The service description.
- protocolType (string): Can be one of the following protocols - 'HOPOPT', 'ICMP', 'IGMP', 'GGP', 'IPV4', 'ST', 'TCP', 'CBT', 'EGP', 'IGP', 'BBN_RCC_MON', 'NVP2', 'PUP', 'ARGUS', 'EMCON', 'XNET', 'CHAOS', 'UDP', 'MUX', 'DCN_MEAS', 'HMP', 'PRM', 'XNS_IDP', 'TRUNK1', 'TRUNK2', 'LEAF1', 'LEAF2', 'RDP', 'IRTP', 'ISO_TP4', 'NETBLT', 'MFE_NSP', 'MERIT_INP', 'DCCP', 'ThreePC', 'IDPR', 'XTP', 'DDP', 'IDPR_CMTP', 'TPplusplus', 'IL', 'IPV6', 'SDRP', 'IPV6_ROUTE', 'IPV6_FRAG', 'IDRP', 'RSVP', 'GRE', 'DSR', 'BNA', 'ESP', 'AH', 'I_NLSP', 'SWIPE', 'NARP', 'MOBILE', 'TLSP', 'SKIP', 'IPV6_ICMP', 'IPV6_NONXT', 'IPV6_OPTS', 'CFTP', 'SAT_EXPAK', 'KRYPTOLAN', 'RVD', 'IPPC', 'SAT_MON', 'VISA', 'IPCV', 'CPNX', 'CPHB', 'WSN', 'PVP', 'BR_SAT_MON', 'SUN_ND', 'WB_MON', 'WB_EXPAK', 'ISO_IP', 'VMTP', 'SECURE_VMTP', 'VINES', 'TTP', 'NSFNET_IGP', 'DGP', 'TCF', 'EIGRP', 'OSPFIGP', 'SPRITE_RPC', 'LARP', 'MTP', 'AX25', 'IPIP', 'MICP', 'SCC_SP', 'ETHERIP', 'ENCAP', 'GMTP', 'IFMP', 'PNNI', 'PIM', 'ARIS', 'SCPS', 'QNX', 'AN', 'IPCOMP', 'SNP', 'COMPAQ_PEER', 'IPX_IN_IP', 'VRRP', 'PGM', 'L2TP', 'DDX', 'IATP', 'STP', 'SRP', 'UTI', 'SMP', 'SM', 'PTP', 'ISIS', 'FIRE', 'CRTP', 'CRUDP', 'SSCOPMCE', 'IPLT', 'SPS', 'PIPE', 'SCTP', 'FC', 'RSVP_E2E_IGNORE', 'MOBILITY_HEADER', 'UDPLITE', 'MPLS_IN_IP', 'MANET', 'HIP', 'SHIM6', 'WESP', 'ROHC', 'ALL'.
- port (string, optional): The port (can be a port range).
- openForAll (boolean): if it is "true" the service will be open for the entire Internet, and if "false" the service will be open to the given scopes.
- scope (Array[ScopeElementViewModel], optional): The service's scope. If the service is "closed" then the scope isn't necessary.
- type (string): Can be one of the following - ['CIDR', 'DNS', 'IPList', 'MagicIP', 'AWS'],
- data (object): For CIDR - "cidr":'IP', For IP-List - "id":"IP-LIST ID","name":"IP-LIST NAME"}, For SG reference - {"extid": "AWS SG ID", "name": "SG NAME"}, for Magic IP - {"type": "MagicIP","data": {"name": "Magic IP Name"}, for DNS - {"type": "DNS","data": {"dns": "DNS ADDRESS","note": 'optional comment'}}
- inbound (boolean): If "true", the service will be added to the group's inbound rules and if "false", the service will be added to the group's outbound rules.
- icmpType (string, optional): In case of ICMP - 'EchoReply', 'DestinationUnreachable', 'SourceQuench', 'Redirect', 'AlternateHostAddress', 'Echo', 'RouterAdvertisement', 'RouterSelection', 'TimeExceeded', 'ParameterProblem', 'Timestamp', 'TimestampReply', 'InformationRequest', 'InformationReply', 'AddressMaskRequest', 'AddressMaskReply', 'Traceroute', 'DatagramConversionError', 'MobileHostRedirect', 'IPv6WhereAreYou', 'IPv6IAmHere', 'MobileRegistrationRequest', 'MobileRegistrationReply', 'DomainNameRequest', 'DomainNameReply', 'SKIP', 'Photuris', 'All'
- tags (object, optional)
Example:
curl -u id:secret -X POST --header 'Content-Type: application/json' --header 'Accept: application/json' -d '{
"isProtected": true,
"securityGroupName": "string",
"description": "string",
"vpcId": "vpc-*******",
"regionId": "us_east_1",
"cloudAccountId": "*******-****-****-****-***********",
"tags": {}
}' 'https://api.dome9.com/v2/CloudSecurityGroup'
- securityGroupId (integer): The Security Group ID in Dome9.
- externalId (string): The Security Group ID in AWS.
- isProtected (boolean, optional): will appear as "true" if the group is in "Full Protection" mode, or will appear as "false" if the group is in "Read Only" mode.
- securityGroupName (string, optional): The name of the Security Group.
- description (string, optional): The description of the Security Group.
- vpcId (string, optional): The VPC id of the Security Group.
- regionId (string, optional): Can be one of the following regions - 'us_east_1', 'us_west_1', 'eu_west_1', 'ap_southeast_1', 'ap_northeast_1', 'us_west_2', 'sa_east_1', 'az_1_region_a_geo_1', 'az_2_region_a_geo_1', 'az_3_region_a_geo_1', 'ap_southeast_2', 'mellanox_region', 'us_gov_west_1', 'eu_central_1', 'ap_northeast_2'
- cloudAccountId (string, optional): Dome9 Cloud Account ID.
- services (object, optional) - The group's inbound and outbound services.
- tags (object, optional) - The security group's tags.
Create a new service for an AWS security group.
URL: /cloudsecuritygroup/{groupid}/services/{policyType}
METHOD: POST
policyType: if set as "Inbound" the service will be created in the group's inbound services and if set as "Outbound" it will be created in the group's outbound services.
groupid: The groupid in the URL can be either the internal id or the external id.
BODY:
{
"name": "string" /*required*/,
"id": "string",
"description": "string",
"protocolType": "string" /*required*/,
"port": "string" /*required*/,
"openForAll": "boolean" /*required*/,
"scope": [
{
"type": "string",
"data": "object"
}
],
"icmpType": "string"
}
- name (string): The service name.
- id (string): The service id.
- description (string, optional): The service description.
- protocolType (string): Can be one of the following protocols - 'HOPOPT', 'ICMP', 'IGMP', 'GGP', 'IPV4', 'ST', 'TCP', 'CBT', 'EGP', 'IGP', 'BBN_RCC_MON', 'NVP2', 'PUP', 'ARGUS', 'EMCON', 'XNET', 'CHAOS', 'UDP', 'MUX', 'DCN_MEAS', 'HMP', 'PRM', 'XNS_IDP', 'TRUNK1', 'TRUNK2', 'LEAF1', 'LEAF2', 'RDP', 'IRTP', 'ISO_TP4', 'NETBLT', 'MFE_NSP', 'MERIT_INP', 'DCCP', 'ThreePC', 'IDPR', 'XTP', 'DDP', 'IDPR_CMTP', 'TPplusplus', 'IL', 'IPV6', 'SDRP', 'IPV6_ROUTE', 'IPV6_FRAG', 'IDRP', 'RSVP', 'GRE', 'DSR', 'BNA', 'ESP', 'AH', 'I_NLSP', 'SWIPE', 'NARP', 'MOBILE', 'TLSP', 'SKIP', 'IPV6_ICMP', 'IPV6_NONXT', 'IPV6_OPTS', 'CFTP', 'SAT_EXPAK', 'KRYPTOLAN', 'RVD', 'IPPC', 'SAT_MON', 'VISA', 'IPCV', 'CPNX', 'CPHB', 'WSN', 'PVP', 'BR_SAT_MON', 'SUN_ND', 'WB_MON', 'WB_EXPAK', 'ISO_IP', 'VMTP', 'SECURE_VMTP', 'VINES', 'TTP', 'NSFNET_IGP', 'DGP', 'TCF', 'EIGRP', 'OSPFIGP', 'SPRITE_RPC', 'LARP', 'MTP', 'AX25', 'IPIP', 'MICP', 'SCC_SP', 'ETHERIP', 'ENCAP', 'GMTP', 'IFMP', 'PNNI', 'PIM', 'ARIS', 'SCPS', 'QNX', 'AN', 'IPCOMP', 'SNP', 'COMPAQ_PEER', 'IPX_IN_IP', 'VRRP', 'PGM', 'L2TP', 'DDX', 'IATP', 'STP', 'SRP', 'UTI', 'SMP', 'SM', 'PTP', 'ISIS', 'FIRE', 'CRTP', 'CRUDP', 'SSCOPMCE', 'IPLT', 'SPS', 'PIPE', 'SCTP', 'FC', 'RSVP_E2E_IGNORE', 'MOBILITY_HEADER', 'UDPLITE', 'MPLS_IN_IP', 'MANET', 'HIP', 'SHIM6', 'WESP', 'ROHC', 'ALL'.
- port (string, optional): The port (can be a port range).
- openForAll (boolean): if "true", the service will be open for the entire internet, otherwise it will be open according to the given scope parameter.
- scope (Array[ScopeElementViewModel], optional): The service scope. If the service is "closed" then the scope isn't necessary.
- type (string): Can be one of the following - ['CIDR', 'DNS', 'IPList', 'MagicIP', 'AWS'],
- data (object): For CIDR - "cidr":'IP', For IP-List - "id":"IP-LIST ID","name":"IP-LIST NAME"}, For SG reference - {"extid": "AWS SG ID", "name": "SG NAME"}, for Magic IP - {"type": "MagicIP","data": {"name": "Magic IP Name"}, for DNS - {"type": "DNS","data": {"dns": "DNS ADDRESS","note": 'optional comment'}}
- icmpType (string, optional): In case of ICMP - 'EchoReply', 'DestinationUnreachable', 'SourceQuench', 'Redirect', 'AlternateHostAddress', 'Echo', 'RouterAdvertisement', 'RouterSelection', 'TimeExceeded', 'ParameterProblem', 'Timestamp', 'TimestampReply', 'InformationRequest', 'InformationReply', 'AddressMaskRequest', 'AddressMaskReply', 'Traceroute', 'DatagramConversionError', 'MobileHostRedirect', 'IPv6WhereAreYou', 'IPv6IAmHere', 'MobileRegistrationRequest', 'MobileRegistrationReply', 'DomainNameRequest', 'DomainNameReply', 'SKIP', 'Photuris', 'All'
Example:
curl -u id:secret -X POST --header 'Content-Type: application/json' --header 'Accept: application/json' -d '{
"id":"6-22",
"name":"SSH",
"description":"Secure Shell access",
"protocolType":"TCP",
"port":"22",
"openForAll":false,
"scope":[
{
"type":"CIDR",
"data":{
"cidr":"10.0.0.1/32",
"note":null
}
}
],
"inbound":true,
"icmpType":null
}' 'https://api.dome9.com/v2/cloudsecuritygroup/543921/services/Inbound'
Similar to the request parameters.
Overwrite an existing Security Group, overwrite tags and services.
URL: /CloudSecurityGroup/{groupid}
METHOD: PUT
groupid: the security group id, can be both of AWS and Dome9.
BODY:
{
"description": "string",
"services": {
"inbound": [
{
"name": "string" /*required*/,
"id": "string",
"description": null,
"protocolType": "string" /*required*/,
"port": "string" /*required*/,
"openForAll": "boolean" /*required*/,
"scope": [
{
"type": "string",
"data": {
"cidr": "string",
"note": null
}
}
],
"icmpType": "string",
}
],
"outbound": [
{
"name": "string" /*required*/,
"id": "string",
"description": "string",
"protocolType": "string" /*required*/,
"port": "string" /*required*/,
"openForAll": "boolean" /*required*/,
"scope": [
{
"type": "string",
"data": {
"cidr": "string",
"note": "string",
}
}
],
"icmpType": "string",
}
]
}
"tags": {}
}
- name (string): The service name.
- id (string): The service id.
- description (string, optional): The service description.
- protocolType (string): Can be one of the following protocols - 'HOPOPT', 'ICMP', 'IGMP', 'GGP', 'IPV4', 'ST', 'TCP', 'CBT', 'EGP', 'IGP', 'BBN_RCC_MON', 'NVP2', 'PUP', 'ARGUS', 'EMCON', 'XNET', 'CHAOS', 'UDP', 'MUX', 'DCN_MEAS', 'HMP', 'PRM', 'XNS_IDP', 'TRUNK1', 'TRUNK2', 'LEAF1', 'LEAF2', 'RDP', 'IRTP', 'ISO_TP4', 'NETBLT', 'MFE_NSP', 'MERIT_INP', 'DCCP', 'ThreePC', 'IDPR', 'XTP', 'DDP', 'IDPR_CMTP', 'TPplusplus', 'IL', 'IPV6', 'SDRP', 'IPV6_ROUTE', 'IPV6_FRAG', 'IDRP', 'RSVP', 'GRE', 'DSR', 'BNA', 'ESP', 'AH', 'I_NLSP', 'SWIPE', 'NARP', 'MOBILE', 'TLSP', 'SKIP', 'IPV6_ICMP', 'IPV6_NONXT', 'IPV6_OPTS', 'CFTP', 'SAT_EXPAK', 'KRYPTOLAN', 'RVD', 'IPPC', 'SAT_MON', 'VISA', 'IPCV', 'CPNX', 'CPHB', 'WSN', 'PVP', 'BR_SAT_MON', 'SUN_ND', 'WB_MON', 'WB_EXPAK', 'ISO_IP', 'VMTP', 'SECURE_VMTP', 'VINES', 'TTP', 'NSFNET_IGP', 'DGP', 'TCF', 'EIGRP', 'OSPFIGP', 'SPRITE_RPC', 'LARP', 'MTP', 'AX25', 'IPIP', 'MICP', 'SCC_SP', 'ETHERIP', 'ENCAP', 'GMTP', 'IFMP', 'PNNI', 'PIM', 'ARIS', 'SCPS', 'QNX', 'AN', 'IPCOMP', 'SNP', 'COMPAQ_PEER', 'IPX_IN_IP', 'VRRP', 'PGM', 'L2TP', 'DDX', 'IATP', 'STP', 'SRP', 'UTI', 'SMP', 'SM', 'PTP', 'ISIS', 'FIRE', 'CRTP', 'CRUDP', 'SSCOPMCE', 'IPLT', 'SPS', 'PIPE', 'SCTP', 'FC', 'RSVP_E2E_IGNORE', 'MOBILITY_HEADER', 'UDPLITE', 'MPLS_IN_IP', 'MANET', 'HIP', 'SHIM6', 'WESP', 'ROHC', 'ALL'.
- port (string, optional): The port (can be port range).
- openForAll (boolean): if "true" the service will be open to the entire internet, and if set to "false" the service will be open according to the given scope parameter.
- scope (Array[ScopeElementViewModel], optional): The service scope. If the service is "closed" then the scope isn't necessary.
- type (string): can be one of the following - ['CIDR', 'DNS', 'IPList', 'MagicIP', 'AWS'],
- data (object): for CIDR - "cidr":'IP', For IP-List - "id":"IP-LIST ID","name":"IP-LIST NAME"}, For SG reference - {"extid": "AWS SG ID", "name": "SG NAME"}, for Magic IP - {"type": "MagicIP","data": {"name": "Magic IP Name"}, for DNS - {"type": "DNS","data": {"dns": "DNS ADDRESS","note": 'optional comment'}}
- icmpType (string, optional): in case of ICMP - 'EchoReply', 'DestinationUnreachable', 'SourceQuench', 'Redirect', 'AlternateHostAddress', 'Echo', 'RouterAdvertisement', 'RouterSelection', 'TimeExceeded', 'ParameterProblem', 'Timestamp', 'TimestampReply', 'InformationRequest', 'InformationReply', 'AddressMaskRequest', 'AddressMaskReply', 'Traceroute', 'DatagramConversionError', 'MobileHostRedirect', 'IPv6WhereAreYou', 'IPv6IAmHere', 'MobileRegistrationRequest', 'MobileRegistrationReply', 'DomainNameRequest', 'DomainNameReply', 'SKIP', 'Photuris', 'All'
- tags (object): the format is "key":"value".
Example:
curl -u id:secret -X PUT --header 'Content-Type: application/json' --header 'Accept: application/json' -d '{
"securityGroupId": ******,
"externalId": "sg-******",
"isProtected": true,
"securityGroupName": "string",
"description": "string",
"vpcId": "vpc-*******",
"vpcName": "testt",
"regionId": "us_east_1",
"cloudAccountId": "*****************************",
"cloudAccountName": "Staging Automation",
"services": {
"inbound": [
{
"id": "6-22",
"name": "SSH",
"description": "Secure Shell access",
"protocolType": "TCP",
"port": "22",
"openForAll": false,
"scope": [
{
"type": "CIDR",
"data": {
"cidr": "10.0.0.1/32",
"note": null
}
}
],
"inbound": true,
"icmpType": null
}
],
"outbound": [
{
"id": "-1",
"name": "All Traffic",
"description": "Allow all outbound traffic",
"protocolType": "ALL",
"port": "",
"openForAll": true,
"scope": [
{
"type": "CIDR",
"data": {
"cidr": "0.0.0.0/0",
"note": "Allow All Traffic"
}
}
],
"inbound": false,
"icmpType": null
}
]
},
"tags": {}
}' 'https://api.dome9.com/v2/cloudsecuritygroup/543921'
Similar to the request parameters.
Update an existing security group's service. note: the service will be fully overwritten.
URL: /cloudsecuritygroup/{groupid}/services/{policyType}
METHOD: PUT
policyType: if set as "Inbound" it will overwrite the service in the group's inbound policy, and if set as "Outbound" it will overwrite the service in the group's outbound policy.
groupid: The groupid in the URL can be either the group's Dome9 internal id or the group's AWS external id.
BODY:
{
"name": "string" /*required*/,
"id": "string",
"description": "string",
"protocolType": "string" /*required*/,
"port": "string" /*required*/,
"openForAll": "boolean" /*required*/,
"scope": [
{
"type": "string",
"data": "object"
}
],
"icmpType": "string"
}
- name (string): The service name.
- id (string): The service id.
- description (string, optional): The service description.
- protocolType (string): Can be one of the following protocols - 'HOPOPT', 'ICMP', 'IGMP', 'GGP', 'IPV4', 'ST', 'TCP', 'CBT', 'EGP', 'IGP', 'BBN_RCC_MON', 'NVP2', 'PUP', 'ARGUS', 'EMCON', 'XNET', 'CHAOS', 'UDP', 'MUX', 'DCN_MEAS', 'HMP', 'PRM', 'XNS_IDP', 'TRUNK1', 'TRUNK2', 'LEAF1', 'LEAF2', 'RDP', 'IRTP', 'ISO_TP4', 'NETBLT', 'MFE_NSP', 'MERIT_INP', 'DCCP', 'ThreePC', 'IDPR', 'XTP', 'DDP', 'IDPR_CMTP', 'TPplusplus', 'IL', 'IPV6', 'SDRP', 'IPV6_ROUTE', 'IPV6_FRAG', 'IDRP', 'RSVP', 'GRE', 'DSR', 'BNA', 'ESP', 'AH', 'I_NLSP', 'SWIPE', 'NARP', 'MOBILE', 'TLSP', 'SKIP', 'IPV6_ICMP', 'IPV6_NONXT', 'IPV6_OPTS', 'CFTP', 'SAT_EXPAK', 'KRYPTOLAN', 'RVD', 'IPPC', 'SAT_MON', 'VISA', 'IPCV', 'CPNX', 'CPHB', 'WSN', 'PVP', 'BR_SAT_MON', 'SUN_ND', 'WB_MON', 'WB_EXPAK', 'ISO_IP', 'VMTP', 'SECURE_VMTP', 'VINES', 'TTP', 'NSFNET_IGP', 'DGP', 'TCF', 'EIGRP', 'OSPFIGP', 'SPRITE_RPC', 'LARP', 'MTP', 'AX25', 'IPIP', 'MICP', 'SCC_SP', 'ETHERIP', 'ENCAP', 'GMTP', 'IFMP', 'PNNI', 'PIM', 'ARIS', 'SCPS', 'QNX', 'AN', 'IPCOMP', 'SNP', 'COMPAQ_PEER', 'IPX_IN_IP', 'VRRP', 'PGM', 'L2TP', 'DDX', 'IATP', 'STP', 'SRP', 'UTI', 'SMP', 'SM', 'PTP', 'ISIS', 'FIRE', 'CRTP', 'CRUDP', 'SSCOPMCE', 'IPLT', 'SPS', 'PIPE', 'SCTP', 'FC', 'RSVP_E2E_IGNORE', 'MOBILITY_HEADER', 'UDPLITE', 'MPLS_IN_IP', 'MANET', 'HIP', 'SHIM6', 'WESP', 'ROHC', 'ALL'.
- port (string, optional): The port (can be a port range).
- openForAll (boolean): if set as "true" the service will be open to the entire internet, and if set as "false" the service will be open according to the given scope parameter.
- scope (Array[ScopeElementViewModel], optional): The service scope. If the service is "closed" then the scope isn't necessary.
- type (string): can be one of the following - ['CIDR', 'DNS', 'IPList', 'MagicIP', 'AWS'],
- data (object): for CIDR - "cidr":'IP', For IP-List - "id":"IP-LIST ID","name":"IP-LIST NAME"}, For SG reference - {"extid": "AWS SG ID", "name": "SG NAME"}, for Magic IP - {"type": "MagicIP","data": {"name": "Magic IP Name"}, for DNS - {"type": "DNS","data": {"dns": "DNS ADDRESS","note": 'optional comment'}}
- icmpType (string, optional): in case of ICMP - 'EchoReply', 'DestinationUnreachable', 'SourceQuench', 'Redirect', 'AlternateHostAddress', 'Echo', 'RouterAdvertisement', 'RouterSelection', 'TimeExceeded', 'ParameterProblem', 'Timestamp', 'TimestampReply', 'InformationRequest', 'InformationReply', 'AddressMaskRequest', 'AddressMaskReply', 'Traceroute', 'DatagramConversionError', 'MobileHostRedirect', 'IPv6WhereAreYou', 'IPv6IAmHere', 'MobileRegistrationRequest', 'MobileRegistrationReply', 'DomainNameRequest', 'DomainNameReply', 'SKIP', 'Photuris', 'All'
Example:
curl -u id:secret -X PUT --header 'Content-Type: application/json' --header 'Accept: application/json' -d '{
"id": "6-22",
"name": "SSH",
"description": "Secure Shell access",
"protocolType": "TCP",
"port": "22",
"openForAll": false,
"scope": [
{
"type": "CIDR",
"data": {
"cidr": "10.0.0.2/32",
"note": null
}
}
],
"inbound": true,
"icmpType": null
}' 'https://api.dome9.com/v2/cloudsecuritygroup/******/services/Inbound'
Similar to the request parameters.
Delete an existing service from a security group's policy.
URL: /cloudsecuritygroup/{groupid}/services/{policyType}/{serviceid}
METHOD: DELETE
- serviceid: composed of the port and protocol type with the following structure "{port}-{protocol type}",for example in ssh case it will be "6-22".
- groupid: The groupid in the URL can be either the internal id or the external id. policyType: if set as "Inbound" it will delete the service in the security group's inbound policy and if set as "Outbound" it will delete the service in the security group's outbound policy.
Example:
https://api.dome9.com/v2/cloudsecuritygroup/*****/services/Inbound/6-22
If successful the response is null.
Delete an existing security group.
URL: /cloudsecuritygroup/{groupid}
METHOD: DELETE
- groupid: The groupid in the URL can be either the security group's Dome9 internal Id or the AWS external Id.
Example:
curl -u id:secret -X DELETE 'https://api.dome9.com/v2/cloudsecuritygroup/******'
When successful the response is null.
Adding a new AWS account to your Dome9 account.
URL: /CloudAccounts
METHOD: POST
BODY:
{
"name": "string",
"credentials": {
"arn": "string" /*required*/,
"secret": "string" /*required*/,
"type": "RoleBased" /*required*/,
"isReadOnly": "boolean"
},
"fullProtection": "boolean"
}
- name (string, optional): the account name in Dome9.
- credentials (object, required): AWS account credentials.
- arn (string, required): the AWS role's ARN to be used by Dome9.
- secret (string, required): the role's External ID.
- type (string, required): 'RoleBased'.
- isReadOnly (boolean, optional): the attached policy type.
- fullProtection (boolean, optional): if "true", all security groups will be imported in "Full Protection" mode, otherwise all groups will be imported in "Read Only" mode.
Example:
curl -u id:secret -X POST --header 'Content-Type: application/json' --header 'Accept: application/json' -d '{
"name": "string",
"credentials": {
"arn": "arn:aws:iam::***********:role/dome9-connect-staging",
"secret": "********" ,
"type": "RoleBased" ,
"isReadOnly": "false"
},
"fullProtection": "false"
}' 'https://api.dome9.com/v2/CloudAccounts'
Updating an existing attached AWS account.
URL: /CloudAccounts/{id}
METHOD: PATCH
id: The Dome9 cloud account ID
BODY:
{
"name": "string",
"credentials": {
"arn": "string" ,
"secret": "string" ,
"type": "RoleBased" ,
"isReadOnly": "boolean"
},
"fullProtection": "boolean",
"netSec": {
"regions": [
{
"region": "string",
"hidden": "boolean",
"newGroupBehavior": "boolean"
}
]
}
}
- name (string, optional): the account name on Dome9.
- credentials (object, required): AWS account credentials.
- arn (string, required): the AWS role's ARN to be used by Dome9.
- secret (string, required): the role's external ID.
- type (string, required): 'RoleBased'.
- isReadOnly (boolean, optional): the attached policy type.
- fullProtection (boolean, optional): if "true", all security groups will be imported in "Full Protection" mode, otherwise all groups will be imported in "Read Only" mode.
- regions: the region data. It is only possible to update one region configuration on a single request.
- region (string, optional): can be one of the following options - 'us_east_1', 'us_west_1', 'eu_west_1', 'ap_southeast_1', 'ap_northeast_1', 'us_west_2', 'sa_east_1', 'az_1_region_a_geo_1', 'az_2_region_a_geo_1', 'az_3_region_a_geo_1', 'ap_southeast_2', 'mellanox_region', 'us_gov_west_1', 'eu_central_1', 'ap_northeast_2'
- hidden (boolean, optional): if set as "true" then the security groups in the region won't be displayed, and if set as "false" then the security groups in the region will be shown.
- newGroupBehavior (string, optional): can be one of the following: 'ReadOnly', 'FullManage', 'Reset'.
Example:
curl -u id:secret -X PATCH --header 'Content-Type: application/json' --header 'Accept: application/json' -d '{
"id": "******************************",
"vendor": "aws",
"name": "string",
"externalAccountNumber": "**********",
"error": null,
"credentials": {
"arn": "arn:aws:iam::88888888888888:role/dome9-connect",
"secret": ***********,
"type": "RoleBased",
"isReadOnly": false
},
"netSec": {
"regions": [
{
"region": "us_east_1",
"name": "N. Virginia",
"hidden": false,
"newGroupBehavior": "ReadOnly"
}
]
},
"fullProtection": false,
"allowReadOnly": false
}' 'https://api.dome9.com/v2/CloudAccounts/*****************************'
Delete an existing AWS Account. (Disconnect it from the Dome9 system)
URL: /CloudAccounts/{cloudAccountId}
METHOD: DELETE
cloudAccountId: The Dome9 cloudAccountId.
Example:
curl -u id:secret -X DELETE 'https://api.dome9.com/v2/CloudAccounts/**************************'
The get request fetches all IP Lists, which are configured in the Dome9 account. ID: If the request is made without the IP List id then all IP Lists will be fetched.
URL: /IpList/{id}
METHOD: GET
[
{
"id": 0,
"name": "string",
"description": "string",
"items": [
{
"ip": "string",
"comment": "string"
}
]
}
]
- id (integer): the IP List's Id.
- name (string): the IP List's name.
- description (string): the IP List's description.
- items (Array[IPDescriptor]): an array of Ips.
- ip (string): IP address.
- comment (string): a comment on the IP address, if exists.
Example:
curl -u id:secret -X GET --header 'Accept: application/json' 'https://api.dome9.com/v2/IpList'
Create a new IP List.
URL: /IpList
METHOD: POST
BODY:
{
"name": "string", /* required */
"description": "string",
"items": [
{
"ip": "string", /* required */
"comment": "string"
}
]
}
Example:
curl -u id:secret -X POST --header 'Content-Type: application/json' --header 'Accept: application/json' -d '{
"name": "string",
"description": "string",
"items": [
{
"ip": "10.0.0.1/32",
"comment": "string"
}
]
}' 'https://api.dome9.com/v2/IpList'
- name (string): the IP List's name.
- description (string): the IP List's description.
- items (Array[IPDescriptor]): an array of IPs.
- ip (string): IP address.
- comment (string): a comment on the IP address.
Update an existing IP List. The Update is relevant for the data and the description. It will overwrite the existing IP List.
URL: /IpList/{id}
METHOD: PUT
BODY:
{
"name": "string",
"description": "string",
"items": [
{
"ip": "string",
"comment": "string"
}
]
}
- id (in the URL): the IP List's ID.
- name (string): the IP List's name.
- description (string): the IP List's description.
- items (Array[IPDescriptor]): an array of IPs.
- ip (string): IP address.
- comment (string): a comment on the IP address.
Example:
curl -u id:secret -X PUT --header 'Content-Type: application/json' --header 'Accept: application/json' -d '{
"id":121
"name": "string",
"description": "string",
"items": [
{
"ip": "10.0.0.1/32",
"comment": "string"
}
]
}' 'https://api.dome9.com/v2/IpList'
Delete an existing IP List.
URL: /IpList/{id}
METHOD: DELETE
- id: The IP List's Id.
Example:
curl -u id:secret -X DELETE 'https://api.dome9.com/v2/IpList/2841'
Delete an existing Dome9 Agent.
URL: /api/Agent/{id}
METHOD: DELETE
- id: The id in the URL is the Dome9 internal Id of the agent (server) in question.
Example:
curl -u id:secret -X DELETE 'https://api.dome9.com/v2/api/Agent/******'
When successful the response is null.
Create new user
URL: /user
METHOD: POST
BODY:
{
"email": "[email protected]",
"firstName": "string",
"lastName": "string",
"ssoEnabled": true
}
- email(string, required): The user email.
- firstName(string, required): First name
- lastName(string, required): Last name
- ssoEnabled(boolean, required): Will be true for SSO accounts only
Example:
curl -u id:secret -X POST --header 'Content-Type: application/json' --header 'Accept: application/json' -d '{
"email": "[email protected]",
"firstName": "string",
"lastName": "string",
"ssoEnabled": true
}' 'https://api.dome9.com/v2/user'
{
"id": 11111,
"name": "[email protected]",
"isSuspended": false,
"isOwner": false,
"isSuperUser": false,
"hasApiKey": false,
"isMfaEnabled": false,
"ssoEnabled": true,
"roleIds": [],
"iamSafe": {
"cloudAccounts": []
},
"permissions": {
"access": [],
"manage": [],
"create": [],
"view": [],
"crossAccountAccess": []
}
}
- id (integer): The User ID in Dome9.
- name (string): The user Email.
- isSuspended (boolean): will appear as "true" if the user is in "suspended" mode, or will appear as "false" if the user is in "active" mode.
- isOwner (boolean): Will appear as "true" if the user is owner.
- isSuperUser (boolean): (boolean): Will appear as "true" if the user is Super User.
- hasApiKey (boolean): Will appear as true if the user created an API key.
- isMfaEnabled (boolean): Will appear as true if the user has IAM Safe.
- ssoEnabled (boolean): Will appear as true if the user is created as SSO user.
- roleIds (object): List the attached roles.
- iamSafe (object): IAM Safe object of the user.
- iamSafe (object): IAM Safe object of the user.
- permissions (object): The permissions of the user
Update existing user
URL: /user/${id}
METHOD: PUT
BODY:
{
"id": 0,
"name": "string",
"isSuspended": true,
"isOwner": true,
"isSuperUser": true,
"hasApiKey": true,
"isMfaEnabled": true,
"ssoEnabled": true,
"roleIds": [
0
],
"iamSafe": {
"cloudAccounts": [
{
"cloudAccountId": "string",
"name": "string",
"externalAccountNumber": "string",
"lastLeaseTime": "2017-04-03T08:34:51.363Z",
"state": "Pending",
"iamEntity": "string"
}
]
},
"permissions": {
"access": [
"string"
],
"manage": [
"string"
],
"create": [
"string"
],
"view": [
"string"
],
"crossAccountAccess": [
"string"
]
}
}
- id(integer, required): The User ID in Dome9.
- permissions(object, required): The permissions of the user.
Example:
curl -u id:secret -X PUT --header 'Content-Type: application/json' --header 'Accept: application/json' -d '{
"id": 1981,
"roleIds": [
441
],
"permissions": {
"access": [],
"manage": [],
"create": [],
"view": [],
"crossAccountAccess": []
}
}' 'https://api.dome9.com/v2/user/1981'
{
"id": 1981,
"name": "[email protected]",
"isSuspended": false,
"isOwner": false,
"isSuperUser": false,
"hasApiKey": false,
"isMfaEnabled": false,
"ssoEnabled": false,
"roleIds": [
441
],
"iamSafe": {
"cloudAccounts": []
},
"permissions": {
"access": [],
"manage": [],
"create": [],
"view": [],
"crossAccountAccess": []
}
}
- id (integer): The User ID in Dome9.
- name (string): The user Email.
- isSuspended (boolean): will appear as "true" if the user is in "suspended" mode, or will appear as "false" if the user is in "active" mode.
- isOwner (boolean): Will appear as "true" if the user is owner.
- isSuperUser (boolean): (boolean): Will appear as "true" if the user is Super User.
- hasApiKey (boolean): Will appear as true if the user created an API key.
- isMfaEnabled (boolean): Will appear as true if the user has IAM Safe.
- ssoEnabled (boolean): Will appear as true if the user is created as SSO user.
- roleIds (object): List the attached roles.
- iamSafe (object): IAM Safe object of the user.
- iamSafe (object): IAM Safe object of the user.
- permissions (object): The permissions of the user
Delete user
URL: /user/{id}
METHOD: DELETE
- id: The user ID
Example:
curl -u your-api-key-id:your-api-key-secret -X DELETE 'https://api.dome9.com/v2/user/{id number}'
When successful the response is null.
Get the entire users in your Dome9 account
URL: /user
METHOD: GET
Example:
curl -u your-api-key-id:your-api-key-secret -X GET 'https://api.dome9.com/v2/user/'
Array of users as detailed in create new user response.
Create new role
URL: /role
METHOD: POST
BODY:
{
"id": null,
"name": "Auditor",
"description": "Auditor Role, Views all system resources",
"permissions": {
"access": [],
"manage": [],
"create": [],
"view": [""],
"crossAccountAccess": []
}
}
- id(int): The role id - will be created with the role.
- Name(string, required): Role name
- description(string): Role description
- permissions(object): Will contain the Role permissions
Example:
curl -u id:secret -X POST --header 'Content-Type: application/json' --header 'Accept: application/json' -d '{
"name": "MyRoleName",
"description": "CreateRoletest",
"permissions": {
"access": [],
"manage": [],
"create": [],
"view": [""],
"crossAccountAccess": []
}
}' 'https://api.dome9.com/v2/role'
{
"id": 11111,
"name": "MyRoleName",
"description": CreateRoletest,
"permissions": {
"access": [],
"manage": [],
"create": [],
"view": [],
"crossAccountAccess": []
}
}
- id (integer): The Role ID in Dome9.
- name (string): The Role name.
- description(string): The Role description.
- permissions (object): The permissions of the user
Delete Role
URL: /role/{id}
METHOD: DELETE
- id: The role ID
Example:
curl -u your-api-key-id:your-api-key-secret -X DELETE 'https://api.dome9.com/v2/role/{id number}'
When successful the response is null.
Get the entire roles in your Dome9 account
URL: /role
METHOD: GET
Example:
curl -u your-api-key-id:your-api-key-secret -X GET 'https://api.dome9.com/v2/role/'
Array of roles as That have defined Users permissions.
{
"id": 441,
"name": "Auditor",
"description": "Auditor Role, Views all system resources",
"permissions": {
"access": [],
"manage": [],
"create": [],
"view": [
""
],
"crossAccountAccess": []
}
},
{
"id": 1701,
"name": "new11",
"description": "",
"permissions": {
"access": [],
"manage": [],
"create": [],
"view": [],
"crossAccountAccess": []
}
}
}
Create new bundle
URL: /CompliancePolicy
METHOD: POST
BODY:
{
"name": "string",
"description": "string",
"rules": [
{
"name": "string",
"description": "string",
"severity": "string",
"logic": "string",
"remediation": "string",
"complianceTag": "string"
}
]
}
- name(string, required): bundle name.
- description(string, required): Bundle description.
- rules(Array[rule], required):
- name(string, required): Rule name.
- description(string, required): Rule description.
- severity(string, required): Rule severity (high, medium, low).
- logic(string, required): Rule logic, for example "Instance should have vpc".
- complianceTag(string): Rule tag.
Example:
curl -u id:secret -X POST --header 'Content-Type: application/json' --header 'Accept: application/json' -d '{
"name": "bundle_name",
"description": "string",
"rules": [ \
{ \
"name": "", \
"severity": "Low", \
"logic": "", \
"description": "", \
"remediation": "", \
"complianceTag": "" \
} \
]
}' 'https://api.dome9.com/v2/CompliancePolicy'
{
"id": 0,
"name": "string",
"description": "string",
"isTemplate": "boolean",
"rules": [
{}
],
"_created": "2016-12-18T13:03:02.998Z",
"_updated": "2016-12-18T13:03:02.998Z"
}
- id(integer): Bundle ID.
- name(string): bundle name.
- description(string): Bundle description.
- rules(Array[rule]):
- name(string): Rule name.
- description(string): Rule description.
- severity(string): Rule severity (high, medium, low).
- logic(string): Rule logic, for example "Instance should have vpc".
- complianceTag(string): Rule tag.
- isTemplate(boolean): returns true if bundle is Dome9 template.
Get all custom and template bundles
URL: /CompliancePolicy
METHOD: GET
Example:
curl -u your-api-key-id:your-api-key-secret -X GET 'https://api.dome9.com/v2/CompliancePolicy/'
Array of bundles as detailed in create new bundle response.
Update existing bundle
URL: /CompliancePolicy
METHOD: PUT
BODY:
{
"name": "string",
"description": "string",
"rules": [
{
"name": "string",
"description": "string",
"severity": "string",
"logic": "string",
"remediation": "string",
"complianceTag": "string"
}
],
"id": "integer"
}
- id(integer, required): Bundle ID.
- name(string, required): bundle name.
- description(string, required): Bundle description.
- rules(Array[rule], required):
- name(string, required): Rule name.
- description(string, required): Rule description.
- severity(string, required): Rule severity (high, medium, low).
- logic(string, required): Rule logic, for example "Instance should have vpc".
- complianceTag(string): Rule tag.
Example:
curl -u id:secret -X PUT --header 'Content-Type: application/json' --header 'Accept: application/json' -d '{
"name": "string",
"description": "string",
"rules": [ \
{ \
"name": "", \
"severity": "Low/Medium/High", \
"logic": "", \
"description": "", \
"remediation": "", \
"complianceTag": "" \
} \
]\
}' 'https://api.dome9.com/v2/CompliancePolicy'
{
"id": 0,
"name": "string",
"description": "string",
"isTemplate": "boolean",
"rules": [
{}
],
"_created": "2016-12-18T13:03:02.998Z",
"_updated": "2016-12-18T13:03:02.998Z"
}
- id(integer): Bundle ID.
- name(string): bundle name.
- description(string): Bundle description.
- rules(Array[rule]):
- name(string): Rule name.
- description(string): Rule description.
- severity(string): Rule severity (high, medium, low).
- logic(string): Rule logic, for example "Instance should have vpc".
- complianceTag(string): Rule tag.
- isTemplate(boolean): returns true if bundle is Dome9 template.
Delete a bundle by ID
URL: /CompliancePolicy/{id}
METHOD: DELETE
Example:
curl -u your-api-key-id:your-api-key-secret -X DELETE 'https://api.dome9.com/v2/CompliancePolicy/{id}'
Run existing bundle
URL: /Assessment/bundle
METHOD: POST
BODY:
{
"id": "integer",
"name": "string",
"description": "string",
"cloudAccountId": "string",
"region": "string",
"cloudNetwork": "string",
"cloudAccountType": "Aws/Azure/Google"
}
- id(string, required): Bundle ID.
- name(string): Bundle name (default is the original bundle name).
- description(string): Bundle description (default is the original bundle description).
- cloudAccountId(string, required): Dome9 Cloud Account ID.
- region(string): Run the bundle on specific region.
- cloudNetwork(string): Run the bundle on specific cloud network(VPC/VNET), could not filter by cloudNetwork with out filtering by region.
- cloudAccountType(string): Aws/Azure/Google
Example:
curl -u id:secret -X POST --header 'Content-Type: application/json' --header 'Accept: application/json' -d '{
"id": "integer",
"name": "string",
"description": "string",
"cloudAccountId": "string",
"region": "string",
"cloudNetwork": "string",
"cloudAccountType": "Aws"
}' 'https://api.dome9.com/v2/assessment/bundle'
{
"request": {
"cloudAccountId": "string",
"region": "string",
"cloudNetwork": "string",
"cloudAccountType": "string"
},
"tests": [{
"error": "string",
"testedCount": "integer",
"relevantCount": "integer",
"nonComplyingCount": "integer",
"entityResults": [{
"isRelevant": "boolean",
"isValid": "boolean",
"error": "string",
"testObj": {}
}],
"rule": {},
"testPassed": "boolean"
}],
"locationMetadata": {
"account": {
"name": "string",
"id": "string",
"externalId": "string"
},
"region": {
"name": "string",
"id": "string",
"externalId": "string"
},
"cloudNetwork": {
"name": "string",
"id": "string",
"externalId": "string"
}
},
"assessmentPassed": "boolean",
"hasErrors": "boolean"
}
-
request(object):
- id(string): Bundle ID.
- name(string): Bundle name (default is the original bundle name).
- description(string): Bundle description (default is the original bundle description).
- cloudAccountId(string): Dome9 Cloud Account ID.
- region(string): Run the bundle on specific region.
- cloudNetwork(string): Run the bundle on specific cloud network(VPC/VNET), could not filter by cloudNetwork with out filtering by region.
- cloudAccountType(string): Aws/Azure/Google.
-
tests(Array[test]): * error (string): Error in case of failure. * testedCount (integer): Number of tested entities , * relevantCount (integer): Number of relevant entities from tested entities , * nonComplyingCount (integer): Number of non complying entities from relevant entities, * entityResults (Array[validationResult]): * isRelevant (boolean): Return true if validation result is relevant. * isValid (boolean): Return true if validation result is valid. * error (string): if validation result failed, it will contain error description. * testObj (object): The entity the is tested, for example (Instance, SecurityGroup, RDS , etc.). * rule (object): * name(string): Rule name. * description(string): Rule description. * severity(string): Rule severity (high, medium, low). * logic(string): Rule logic, for example "Instance should have vpc". * complianceTag(string): Rule tag. * testPassed (boolean): Return true if the test is passed.
-
locationMetadata (object):
- account (object):
- name (string): cloud account name.
- id (string): cloud account id.
- externalId (string): Cloud external ID.
- region (object):
- name (string); Region name.
- id (string): Region ID.
- externalId (string): Region external ID.
- cloudNetwork": {
- name (string): VPC/VNET Name.
- id (string): Cloud network ID.
- externalId (string): Cloud Network external ID.
- account (object):
-
assessmentPassed (boolean): return true if the assessment passed.
-
hasErrors (boolean): Return true if assessment has error.
Create and run assessment.
URL: /Assessment
METHOD: POST
BODY:
{
"rules": [
"string"
],
"cloudAccountId": "string",
"region": "string",
"cloudNetwork": "string",
"cloudAccountType": "Aws/Azure/Google"
}
- rules (Array[string], required): rules logics for example ["Instance should have vpc"].
- cloudAccountId(string, required): Dome9 Cloud Account ID.
- region(string): Run the bundle on specific region.
- cloudNetwork(string): Run the bundle on specific cloud network(VPC/VNET), could not filter by cloudNetwork with out filtering by region.
- cloudAccountType(string, required): Aws/Azure/Google
Example:
curl -u id:secret -X POST --header 'Content-Type: application/json' --header 'Accept: application/json' -d '{
"cloudAccountId": "string",
"externalAcountId": "string",
"region": "string",
"cloudNetwork": "string",
"cloudAccountType": "Aws/Azure/Google"
}' 'https://api.dome9.com/v2/Assessment'
{
"request": {
"cloudAccountId": "string",
"region": "string",
"cloudNetwork": "string",
"cloudAccountType": "string"
},
"tests": [{
"error": "string",
"testedCount": "integer",
"relevantCount": "integer",
"nonComplyingCount": "integer",
"entityResults": [{
"isRelevant": "boolean",
"isValid": "boolean",
"error": "string",
"testObj": {}
}],
"rule": {},
"testPassed": "boolean"
}],
"locationMetadata": {
"account": {
"srl": "string",
"name": "string",
"id": "string",
"externalId": "string"
},
"region": {
"srl": "string",
"name": "string",
"id": "string",
"externalId": "string"
},
"cloudNetwork": {
"srl": "string",
"name": "string",
"id": "string",
"externalId": "string"
}
},
"assessmentPassed": "boolean",
"hasErrors": "boolean"
}
-
request(object):
- rules (Array[string]): rules logics for example ["Instance should have vpc"].
- cloudAccountId(string): Dome9 Cloud Account ID.
- region(string): Run the bundle on specific region.
- cloudNetwork(string): Run the bundle on specific cloud network(VPC/VNET), could not filter by cloudNetwork with out filtering by region.
- cloudAccountType(string): Aws/Azure/Google.
-
tests(Array[test]): * error (string): Error in case of failure. * testedCount (integer): Number of tested entities , * relevantCount (integer): Number of relevant entities from tested entities , * nonComplyingCount (integer): Number of non complying entities from relevant entities, * entityResults (Array[validationResult]): * isRelevant (boolean): Return true if validation result is relevant. * isValid (boolean): Return true if validation result is valid. * error (string): if validation result failed, it will contain error description. * testObj (object): The entity the is tested, for example (Instance, SecurityGroup, RDS , etc.). * rule (object): * name(string): Rule name. * description(string): Rule description. * severity(string): Rule severity (high, medium, low). * logic(string): Rule logic, for example "Instance should have vpc". * complianceTag(string): Rule tag. * testPassed (boolean): Return true if the test is passed.
-
locationMetadata (object):
- account (object):
- name (string): cloud account name.
- id (string): cloud account id.
- externalId (string): Cloud external ID.
- region (object):
- name (string); Region name.
- id (string): Region ID.
- externalId (string): Region external ID.
- cloudNetwork": {
- name (string): VPC/VNET Name.
- id (string): Cloud network ID.
- externalId (string): Cloud Network external ID.
- account (object):
-
assessmentPassed (boolean): return true if the assessment passed.
-
hasErrors (boolean): Return true if assessment has error.
The GET request returns all open leases, which are took by the user.
URL: /AccessLease
METHOD: GET
Example:
curl -u id:secret -X GET --header 'Accept: application/json' 'https://api.dome9.com/v2/AccessLease'
{
"aws": [
{
"cloudAccountId": "string",
"region": "string",
"securityGroupId": "integer",
"id": "string",
"accountId": "integer",
"name": "string",
"ip": "string",
"note": "string",
"created": "string",
"user": "string",
"length": "string",
"protocol": "string",
"portFrom": "integer",
"portTo": "integer",
"srl": "string"
}
],
"agents": [
{
"agentId": "integer",
"id": "string",
"accountId": "integer",
"name": "string",
"ip": "string",
"note": "string",
"created": "string",
"user": "string",
"length": "string",
"protocol": "string",
"portFrom": "integer",
"portTo": "integer",
"srl": "string"
}
]
}
- aws(array) - array of open leases for aws services.
- agents(array) - array of open leases for agent services.
- agentId: Dome9 Agent ID.
- cloudAccountId (string): Dome9 Cloud Account ID.
- region (string): Can be one of the following regions - 'us_east_1', 'us_west_1', 'eu_west_1', 'ap_southeast_1', 'ap_northeast_1', 'us_west_2', 'sa_east_1', 'az_1_region_a_geo_1', 'az_2_region_a_geo_1', 'az_3_region_a_geo_1', 'ap_southeast_2', 'mellanox_region', 'us_gov_west_1', 'eu_central_1', 'ap_northeast_2'
- securityGroupId (integer): The Security Group ID in Dome9.
- id(string): Lease ID.
- accountId (integer): Dome9 account ID.
- name(string): The lease name/ service name.
- ip (string): The target ip of the lease.
- note (string): A comment for the lease.
- created (string): Creation time, in UTC format.
- user (string): Dome9 user.
- length (string): Lease duration time in Timespan format.
- protocol (string): Internet protocol suite: 'HOPOPT', 'ICMP', 'IGMP', 'GGP', 'IPV4', 'ST', 'TCP', 'CBT', 'EGP', 'IGP', 'BBN_RCC_MON', 'NVP2', 'PUP', 'ARGUS', 'EMCON', 'XNET', 'CHAOS', 'UDP', 'MUX', 'DCN_MEAS', 'HMP', 'PRM', 'XNS_IDP', 'TRUNK1', 'TRUNK2', 'LEAF1', 'LEAF2', 'RDP', 'IRTP', 'ISO_TP4', 'NETBLT', 'MFE_NSP', 'MERIT_INP', 'DCCP', 'ThreePC', 'IDPR', 'XTP', 'DDP', 'IDPR_CMTP', 'TPplusplus', 'IL', 'IPV6', 'SDRP', 'IPV6_ROUTE', 'IPV6_FRAG', 'IDRP', 'RSVP', 'GRE', 'DSR', 'BNA', 'ESP', 'AH', 'I_NLSP', 'SWIPE', 'NARP', 'MOBILE', 'TLSP', 'SKIP', 'IPV6_ICMP', 'IPV6_NONXT', 'IPV6_OPTS', 'CFTP', 'SAT_EXPAK', 'KRYPTOLAN', 'RVD', 'IPPC', 'SAT_MON', 'VISA', 'IPCV', 'CPNX', 'CPHB', 'WSN', 'PVP', 'BR_SAT_MON', 'SUN_ND', 'WB_MON', 'WB_EXPAK', 'ISO_IP', 'VMTP', 'SECURE_VMTP', 'VINES', 'TTP', 'NSFNET_IGP', 'DGP', 'TCF', 'EIGRP', 'OSPFIGP', 'SPRITE_RPC', 'LARP', 'MTP', 'AX25', 'IPIP', 'MICP', 'SCC_SP', 'ETHERIP', 'ENCAP', 'GMTP', 'IFMP', 'PNNI', 'PIM', 'ARIS', 'SCPS', 'QNX', 'AN', 'IPCOMP', 'SNP', 'COMPAQ_PEER', 'IPX_IN_IP', 'VRRP', 'PGM', 'L2TP', 'DDX', 'IATP', 'STP', 'SRP', 'UTI', 'SMP', 'SM', 'PTP', 'ISIS', 'FIRE', 'CRTP', 'CRUDP', 'SSCOPMCE', 'IPLT', 'SPS', 'PIPE', 'SCTP', 'FC', 'RSVP_E2E_IGNORE', 'MOBILITY_HEADER', 'UDPLITE', 'MPLS_IN_IP', 'MANET', 'HIP', 'SHIM6', 'WESP', 'ROHC', 'ALL'.
- portfrom and portTo: Port range.
Create a new lease for an AWS service.
URL: /accesslease/aws
METHOD: POST
BODY:
{
"region": "string",
"securityGroupId": "integer",
"ip": "string",
"length": "string",
"protocol": "string",
"portFrom":"integer",
"portTo":"integer",
"note":"string"
}
- region (string): Can be one of the following regions - 'us_east_1', 'us_west_1', 'eu_west_1', 'ap_southeast_1', 'ap_northeast_1', 'us_west_2', 'sa_east_1', 'az_1_region_a_geo_1', 'az_2_region_a_geo_1', 'az_3_region_a_geo_1', 'ap_southeast_2', 'mellanox_region', 'us_gov_west_1', 'eu_central_1', 'ap_northeast_2'
- securityGroupId (integer): The Security Group ID in Dome9.
- ip (string,optional): The target ip of the lease, default is machine IP.
- note (string,optional): A comment for the lease.
- length (string): Lease duration time in Timespan format, for example for 5 hours "5:0:0".
- protocol (string): Internet protocol suite: 'HOPOPT', 'ICMP', 'IGMP', 'GGP', 'IPV4', 'ST', 'TCP', 'CBT', 'EGP', 'IGP', 'BBN_RCC_MON', 'NVP2', 'PUP', 'ARGUS', 'EMCON', 'XNET', 'CHAOS', 'UDP', 'MUX', 'DCN_MEAS', 'HMP', 'PRM', 'XNS_IDP', 'TRUNK1', 'TRUNK2', 'LEAF1', 'LEAF2', 'RDP', 'IRTP', 'ISO_TP4', 'NETBLT', 'MFE_NSP', 'MERIT_INP', 'DCCP', 'ThreePC', 'IDPR', 'XTP', 'DDP', 'IDPR_CMTP', 'TPplusplus', 'IL', 'IPV6', 'SDRP', 'IPV6_ROUTE', 'IPV6_FRAG', 'IDRP', 'RSVP', 'GRE', 'DSR', 'BNA', 'ESP', 'AH', 'I_NLSP', 'SWIPE', 'NARP', 'MOBILE', 'TLSP', 'SKIP', 'IPV6_ICMP', 'IPV6_NONXT', 'IPV6_OPTS', 'CFTP', 'SAT_EXPAK', 'KRYPTOLAN', 'RVD', 'IPPC', 'SAT_MON', 'VISA', 'IPCV', 'CPNX', 'CPHB', 'WSN', 'PVP', 'BR_SAT_MON', 'SUN_ND', 'WB_MON', 'WB_EXPAK', 'ISO_IP', 'VMTP', 'SECURE_VMTP', 'VINES', 'TTP', 'NSFNET_IGP', 'DGP', 'TCF', 'EIGRP', 'OSPFIGP', 'SPRITE_RPC', 'LARP', 'MTP', 'AX25', 'IPIP', 'MICP', 'SCC_SP', 'ETHERIP', 'ENCAP', 'GMTP', 'IFMP', 'PNNI', 'PIM', 'ARIS', 'SCPS', 'QNX', 'AN', 'IPCOMP', 'SNP', 'COMPAQ_PEER', 'IPX_IN_IP', 'VRRP', 'PGM', 'L2TP', 'DDX', 'IATP', 'STP', 'SRP', 'UTI', 'SMP', 'SM', 'PTP', 'ISIS', 'FIRE', 'CRTP', 'CRUDP', 'SSCOPMCE', 'IPLT', 'SPS', 'PIPE', 'SCTP', 'FC', 'RSVP_E2E_IGNORE', 'MOBILITY_HEADER', 'UDPLITE', 'MPLS_IN_IP', 'MANET', 'HIP', 'SHIM6', 'WESP', 'ROHC', 'ALL'.
- portfrom and portTo (string): Port range. Example:
curl -u id:secret -X POST --header 'Content-Type: application/json' --header 'Accept: application/json' -d '{ \
"region": "eu_west_1",
"securityGroupId": 338,
"length": "5:0:0",
"protocol": "TCP",
"portFrom":18444,
note:"example",
"ip": "127.0.0.1/32", \
}' 'https://api.dome9.com/v2/accesslease/aws'
{
"cloudAccountId": "string",
"region": "string",
"securityGroupId": "integer",
"id": "string",
"accountId": "integer",
"name": "string",
"ip": "string",
"note": "string",
"created": "string",
"user": "string",
"length": "string",
"protocol": "string",
"portFrom": "integer",
"portTo": "integer",
"srl": "string"
}
- cloudAccountId (string): Dome9 Cloud Account ID.
- region (string): Can be one of the following regions - 'us_east_1', 'us_west_1', 'eu_west_1', 'ap_southeast_1', 'ap_northeast_1', 'us_west_2', 'sa_east_1', 'az_1_region_a_geo_1', 'az_2_region_a_geo_1', 'az_3_region_a_geo_1', 'ap_southeast_2', 'mellanox_region', 'us_gov_west_1', 'eu_central_1', 'ap_northeast_2'
- securityGroupId (integer): The Security Group ID in Dome9.
- id(string): Lease ID.
- accountId (integer): Dome9 account ID.
- name(string): The lease name/ service name.
- ip (string): The target ip of the lease.
- note (string): A comment for the lease.
- created (string): Creation time, in UTC format.
- user (string): Dome9 user.
- length (string): Lease duration time in Timespan format.
- protocol (string): Internet protocol suite: 'HOPOPT', 'ICMP', 'IGMP', 'GGP', 'IPV4', 'ST', 'TCP', 'CBT', 'EGP', 'IGP', 'BBN_RCC_MON', 'NVP2', 'PUP', 'ARGUS', 'EMCON', 'XNET', 'CHAOS', 'UDP', 'MUX', 'DCN_MEAS', 'HMP', 'PRM', 'XNS_IDP', 'TRUNK1', 'TRUNK2', 'LEAF1', 'LEAF2', 'RDP', 'IRTP', 'ISO_TP4', 'NETBLT', 'MFE_NSP', 'MERIT_INP', 'DCCP', 'ThreePC', 'IDPR', 'XTP', 'DDP', 'IDPR_CMTP', 'TPplusplus', 'IL', 'IPV6', 'SDRP', 'IPV6_ROUTE', 'IPV6_FRAG', 'IDRP', 'RSVP', 'GRE', 'DSR', 'BNA', 'ESP', 'AH', 'I_NLSP', 'SWIPE', 'NARP', 'MOBILE', 'TLSP', 'SKIP', 'IPV6_ICMP', 'IPV6_NONXT', 'IPV6_OPTS', 'CFTP', 'SAT_EXPAK', 'KRYPTOLAN', 'RVD', 'IPPC', 'SAT_MON', 'VISA', 'IPCV', 'CPNX', 'CPHB', 'WSN', 'PVP', 'BR_SAT_MON', 'SUN_ND', 'WB_MON', 'WB_EXPAK', 'ISO_IP', 'VMTP', 'SECURE_VMTP', 'VINES', 'TTP', 'NSFNET_IGP', 'DGP', 'TCF', 'EIGRP', 'OSPFIGP', 'SPRITE_RPC', 'LARP', 'MTP', 'AX25', 'IPIP', 'MICP', 'SCC_SP', 'ETHERIP', 'ENCAP', 'GMTP', 'IFMP', 'PNNI', 'PIM', 'ARIS', 'SCPS', 'QNX', 'AN', 'IPCOMP', 'SNP', 'COMPAQ_PEER', 'IPX_IN_IP', 'VRRP', 'PGM', 'L2TP', 'DDX', 'IATP', 'STP', 'SRP', 'UTI', 'SMP', 'SM', 'PTP', 'ISIS', 'FIRE', 'CRTP', 'CRUDP', 'SSCOPMCE', 'IPLT', 'SPS', 'PIPE', 'SCTP', 'FC', 'RSVP_E2E_IGNORE', 'MOBILITY_HEADER', 'UDPLITE', 'MPLS_IN_IP', 'MANET', 'HIP', 'SHIM6', 'WESP', 'ROHC', 'ALL'.
- portfrom and portTo: Port range.
Create a new lease for an agent.
URL: /accesslease/agents
METHOD: POST
BODY:
{
"agentId":"integer",
"protocol":"string",
"portFrom":"string",
"portTo":"string",
"length":"string",
"note":"string",
"ip":"string"
}
- agentId: Dome9 Agent ID.
- ip (string): The target ip of the lease.
- note (string): A comment for the lease.
- length (string): Lease duration time in Timespan format.
- protocol (string): Internet protocol suite: 'HOPOPT', 'ICMP', 'IGMP', 'GGP', 'IPV4', 'ST', 'TCP', 'CBT', 'EGP', 'IGP', 'BBN_RCC_MON', 'NVP2', 'PUP', 'ARGUS', 'EMCON', 'XNET', 'CHAOS', 'UDP', 'MUX', 'DCN_MEAS', 'HMP', 'PRM', 'XNS_IDP', 'TRUNK1', 'TRUNK2', 'LEAF1', 'LEAF2', 'RDP', 'IRTP', 'ISO_TP4', 'NETBLT', 'MFE_NSP', 'MERIT_INP', 'DCCP', 'ThreePC', 'IDPR', 'XTP', 'DDP', 'IDPR_CMTP', 'TPplusplus', 'IL', 'IPV6', 'SDRP', 'IPV6_ROUTE', 'IPV6_FRAG', 'IDRP', 'RSVP', 'GRE', 'DSR', 'BNA', 'ESP', 'AH', 'I_NLSP', 'SWIPE', 'NARP', 'MOBILE', 'TLSP', 'SKIP', 'IPV6_ICMP', 'IPV6_NONXT', 'IPV6_OPTS', 'CFTP', 'SAT_EXPAK', 'KRYPTOLAN', 'RVD', 'IPPC', 'SAT_MON', 'VISA', 'IPCV', 'CPNX', 'CPHB', 'WSN', 'PVP', 'BR_SAT_MON', 'SUN_ND', 'WB_MON', 'WB_EXPAK', 'ISO_IP', 'VMTP', 'SECURE_VMTP', 'VINES', 'TTP', 'NSFNET_IGP', 'DGP', 'TCF', 'EIGRP', 'OSPFIGP', 'SPRITE_RPC', 'LARP', 'MTP', 'AX25', 'IPIP', 'MICP', 'SCC_SP', 'ETHERIP', 'ENCAP', 'GMTP', 'IFMP', 'PNNI', 'PIM', 'ARIS', 'SCPS', 'QNX', 'AN', 'IPCOMP', 'SNP', 'COMPAQ_PEER', 'IPX_IN_IP', 'VRRP', 'PGM', 'L2TP', 'DDX', 'IATP', 'STP', 'SRP', 'UTI', 'SMP', 'SM', 'PTP', 'ISIS', 'FIRE', 'CRTP', 'CRUDP', 'SSCOPMCE', 'IPLT', 'SPS', 'PIPE', 'SCTP', 'FC', 'RSVP_E2E_IGNORE', 'MOBILITY_HEADER', 'UDPLITE', 'MPLS_IN_IP', 'MANET', 'HIP', 'SHIM6', 'WESP', 'ROHC', 'ALL'.
- portfrom and portTo: Port range. Example:
curl -u id:secret -X POST --header 'Content-Type: application/json' --header 'Accept: application/json' -d '{ \
"agentId":"integer",
"protocol":"string",
"portFrom":"string",
"portTo":"string",
"length":"string",
"note":"string",
"ip":"string"
"ip": "127.0.0.1/32", \
}' 'https://api.dome9.com/v2/accesslease/agents'
{
"agentId":"integer",
"id":"string",
"accountId":"integer",
"name":"string",
"ip":"string",
"note":"string",
"created":"string",
"user":"string",
"length":"string",
"protocol":"string",
"portFrom":"integer",
"portTo":"integer",
"srl":"string"
}
- agentId: Dome9 Agent ID.
- ip (string): The target ip of the lease.
- note (string): A comment for the lease.
- length (string): Lease duration time in Timespan format.
- protocol (string): Internet protocol suite: 'HOPOPT', 'ICMP', 'IGMP', 'GGP', 'IPV4', 'ST', 'TCP', 'CBT', 'EGP', 'IGP', 'BBN_RCC_MON', 'NVP2', 'PUP', 'ARGUS', 'EMCON', 'XNET', 'CHAOS', 'UDP', 'MUX', 'DCN_MEAS', 'HMP', 'PRM', 'XNS_IDP', 'TRUNK1', 'TRUNK2', 'LEAF1', 'LEAF2', 'RDP', 'IRTP', 'ISO_TP4', 'NETBLT', 'MFE_NSP', 'MERIT_INP', 'DCCP', 'ThreePC', 'IDPR', 'XTP', 'DDP', 'IDPR_CMTP', 'TPplusplus', 'IL', 'IPV6', 'SDRP', 'IPV6_ROUTE', 'IPV6_FRAG', 'IDRP', 'RSVP', 'GRE', 'DSR', 'BNA', 'ESP', 'AH', 'I_NLSP', 'SWIPE', 'NARP', 'MOBILE', 'TLSP', 'SKIP', 'IPV6_ICMP', 'IPV6_NONXT', 'IPV6_OPTS', 'CFTP', 'SAT_EXPAK', 'KRYPTOLAN', 'RVD', 'IPPC', 'SAT_MON', 'VISA', 'IPCV', 'CPNX', 'CPHB', 'WSN', 'PVP', 'BR_SAT_MON', 'SUN_ND', 'WB_MON', 'WB_EXPAK', 'ISO_IP', 'VMTP', 'SECURE_VMTP', 'VINES', 'TTP', 'NSFNET_IGP', 'DGP', 'TCF', 'EIGRP', 'OSPFIGP', 'SPRITE_RPC', 'LARP', 'MTP', 'AX25', 'IPIP', 'MICP', 'SCC_SP', 'ETHERIP', 'ENCAP', 'GMTP', 'IFMP', 'PNNI', 'PIM', 'ARIS', 'SCPS', 'QNX', 'AN', 'IPCOMP', 'SNP', 'COMPAQ_PEER', 'IPX_IN_IP', 'VRRP', 'PGM', 'L2TP', 'DDX', 'IATP', 'STP', 'SRP', 'UTI', 'SMP', 'SM', 'PTP', 'ISIS', 'FIRE', 'CRTP', 'CRUDP', 'SSCOPMCE', 'IPLT', 'SPS', 'PIPE', 'SCTP', 'FC', 'RSVP_E2E_IGNORE', 'MOBILITY_HEADER', 'UDPLITE', 'MPLS_IN_IP', 'MANET', 'HIP', 'SHIM6', 'WESP', 'ROHC', 'ALL'.
- portfrom and portTo: Port range.
- id(string): Lease ID.
- accountId (integer): Dome9 account ID.
- name(string): The lease name/ service name.
- created (string): Creation time, in UTC format.
- user (string): Dome9 user.
Terminate an open lease.
URL: /AccessLease/{leaseId}
METHOD: DELETE
- leaseId: The lease ID, which return once a lease is created or on get request,
Example:
curl -X DELETE --header 'Accept: application/json' 'http://127.0.0.1/api/AccessLease/{leaseId}'
If successful the response is null.
Adding a new Azure account to your Dome9 account.
URL: /AzureCloudAccount
METHOD: POST
BODY:
{
"name": "string", /*required*/
"subscriptionId": "string", /*required*/
"tenantId": "string", /*required*/
"credentials": {
"clientId": "string", /*required*/
"clientPassword": "string" /*required*/
}
}
To get more information of how to get the values for the parameters below, follow the instructions here.
- name (string, optional): Account name in Dome9.
- subscriptionId (string, required): Azure subscription ID.
- tenantId (string, required): Azure tenant ID.
- credentials (object, required): Azure account credentials.
- clientId (string, required): Azure client Id
- clientPassword (string, required): Azure Client password.
Example:
curl -u id:secret -X POST --header 'Content-Type: application/json' --header 'Accept: application/json' -d '{
"name":"azure account",
"subscriptionId": "*********-****-****-****-**********",
"tenantId": "*********-****-****-****-**********",
"credentials": {
"clientId": "*********-****-****-****-**********",
"clientPassword": "*********-****-****-****-**********"
}
}' 'https://api.dome9.com/v2/AzureCloudAccount'
Modify Azure account operation mode on your Dome9 account.
URL: /AzureCloudAccount/{id}/OperationMode
METHOD: PUT
BODY:
{
"operationMode": "Read"
}
To get more information of how to get the values for the parameters below, follow the instructions here.
- operationMode (string): "Read" or "Manage".
Example:
curl -u id:secret -X PUT --header 'Content-Type: application/json' --header 'Accept: application/json' -d '{
"operationMode": "Manage"
}
}' 'https://api.dome9.com/v2/AzureCloudAccount/{id}/OperationMode'
Modify Azure account name on your Dome9 account.
URL: /AzureCloudAccount/{id}/AccountName
METHOD: PUT
BODY:
{
"name": "String"
}
- name (string, optional): The desired cloud account name.
Example:
curl -u id:secret -X PUT --header 'Content-Type: application/json' --header 'Accept: application/json' -d '{
"name": "String"
}
}' 'https://api.dome9.com/v2/AzureCloudAccount/{id}/AccountName'
Return Azure accounts on your Dome9 account.
URL: /AzureCloudAccount
METHOD: GET
Example:
curl -u id:secret -X GET --header 'Content-Type: application/json' --header 'Accept: application/json' -d '{
}
}' 'https://api.dome9.com/v2/AzureCloudAccount'
Remove Azure account from your Dome9 account.
URL: /AzureCloudAccount/{id}
METHOD: DELETE
Example:
curl -u id:secret -X DELETE --header 'Content-Type: application/json' --header 'Accept: application/json' -d '{
}
}' 'https://api.dome9.com/v2/AzureCloudAccount/{id}'
- GET
- Create Agent Security Groups
- Create Service
- Overwrite service
- Delete service
- Create FIM Policy
- Disable FIM Policy
- Change Logging Policy
- Delete Agent Security Groups
- Create Whitelist
The GET request returns all Dome9 agent security groups,
URL: /securityGroup/{groupid}
METHOD: GET
groupid: if the request is made without the security group id, then all Dome9 agent security groups will be returned.
Example:
curl -u id:secret -X GET --header 'Accept: application/json' 'https://api.dome9.com/v2/Securitygroup/22661
{
"securityGroupId": 22661,
"securityGroupName": "Alerts-Demo",
"securityGroupDescription": "string",
"loggingPolicy": "NoLogging",
"fimPolicy": {
"frequency": "Every6Hours",
"enabled": true,
"rules": [
{
"include": true,
"value": "string",
"comment": "string"
}
],
"excludedFileTypes": [
"string"
]
},
"whitelist": {
"inbound": [
{},
"services": {}
]
}
}
- securityGroupId (integer): The Security Group ID in Dome9.
- securityGroupName (string): The name of the Security Group.
- securityGroupDescription(string, optional): The description of the Security Group.
- loggingPolicy(string, optional): The logging policy of the Security Group.
- fimPolicy(object, optional): The File Integrity monitoring policy of the Security Group.
- services (object, optional) - The inbound and outbound services of the security group.
URL: /SecurityGroup
METHOD: POST
BODY:
{
"name": "string",
"description": "string"
}
- Name (string): The name of the Agent Security Group.
- description (string, optional): The description of the Agent Security Group.
Example:
curl -u id:secret -X POST --header 'Content-Type: application/json' --header 'Accept: application/json' -d '{
"name": "string",
"description": "string"
}' 'https://api.dome9.com/v2/SecurityGroup'
- securityGroupId (integer): The Agent Security Group ID in Dome9.
- securityGroupName (string): The name of the Agent Security Group.
- securityGroupDescription (string, optional): The description of the Agent Security Group.
- loggingPolicy(string, optional): The logging policy of the Security Group.
- fimPolicy(object, optional): The File Integrity monitoring policy of the Security Group.
- services (object, optional) - The inbound and outbound services of the security group.
Create a new service for an Agent security group.
URL: /securityGroup/{groupid}/service/{policyType}
METHOD: POST
policyType: if set as "Inbound" the service will be created in the group's inbound services and if set as "Outbound" it will be created in the group's outbound services.
groupid: The groupid in the URL is the internal id of the agent security group.
BODY:
{
"name": "string",
"description": "string",
"portRange": {
"portFrom": 0,
"portTo": 0
},
"protocol": "string",
"normallyOpen": true,
"scope": [
{
"type": "CIDR",
"data": {}
}
],
"icmpType": "string"
}
- name (string): The service name.
- description (string, optional): The service description.
- protocolType (string): Can be one of the following protocols - 'HOPOPT', 'ICMP', 'IGMP', 'GGP', 'IPV4', 'ST', 'TCP', 'CBT', 'EGP', 'IGP', 'BBN_RCC_MON', 'NVP2', 'PUP', 'ARGUS', 'EMCON', 'XNET', 'CHAOS', 'UDP', 'MUX', 'DCN_MEAS', 'HMP', 'PRM', 'XNS_IDP', 'TRUNK1', 'TRUNK2', 'LEAF1', 'LEAF2', 'RDP', 'IRTP', 'ISO_TP4', 'NETBLT', 'MFE_NSP', 'MERIT_INP', 'DCCP', 'ThreePC', 'IDPR', 'XTP', 'DDP', 'IDPR_CMTP', 'TPplusplus', 'IL', 'SDRP', 'IDRP', 'RSVP', 'GRE', 'DSR', 'BNA', 'ESP', 'AH', 'I_NLSP', 'SWIPE', 'NARP', 'MOBILE', 'TLSP', 'SKIP', 'CFTP', 'SAT_EXPAK', 'KRYPTOLAN', 'RVD', 'IPPC', 'SAT_MON', 'VISA', 'IPCV', 'CPNX', 'CPHB', 'WSN', 'PVP', 'BR_SAT_MON', 'SUN_ND', 'WB_MON', 'WB_EXPAK', 'ISO_IP', 'VMTP', 'SECURE_VMTP', 'VINES', 'TTP', 'NSFNET_IGP', 'DGP', 'TCF', 'EIGRP', 'OSPFIGP', 'SPRITE_RPC', 'LARP', 'MTP', 'AX25', 'IPIP', 'MICP', 'SCC_SP', 'ETHERIP', 'ENCAP', 'GMTP', 'IFMP', 'PNNI', 'PIM', 'ARIS', 'SCPS', 'QNX', 'AN', 'IPCOMP', 'SNP', 'COMPAQ_PEER', 'IPX_IN_IP', 'VRRP', 'PGM', 'L2TP', 'DDX', 'IATP', 'STP', 'SRP', 'UTI', 'SMP', 'SM', 'PTP', 'ISIS', 'FIRE', 'CRTP', 'CRUDP', 'SSCOPMCE', 'IPLT', 'SPS', 'PIPE', 'SCTP', 'FC', 'RSVP_E2E_IGNORE', 'MOBILITY_HEADER', 'UDPLITE', 'MPLS_IN_IP', 'MANET', 'HIP', 'SHIM6', 'WESP', 'ROHC'.
- port (string, optional): The port (can be a port range).
- normallyOpen (boolean): if "true", the service will be open for the entire internet, otherwise it will be open according to the given scope parameter.
- scope (Array[ScopeElementViewModel], optional): The service scope. If the service is "closed" then the scope isn't necessary.
- type (string): Can be one of the following - ['CIDR', 'DNS', 'IPList', 'MagicIP', 'AWS'],
- data (object): For CIDR - "cidr":'IP', For IP-List - "id":"IP-LIST ID","name":"IP-LIST NAME"}, for Magic IP - {"type": "MagicIP","data": {"name": "Magic IP Name"}, for DNS - {"type": "DNS","data": {"dns": "DNS ADDRESS","note": 'optional comment'}}
- icmpType (string, optional): In case of ICMP - 'EchoReply', 'DestinationUnreachable', 'SourceQuench', 'Redirect', 'AlternateHostAddress', 'Echo', 'RouterAdvertisement', 'RouterSelection', 'TimeExceeded', 'ParameterProblem', 'Timestamp', 'TimestampReply', 'InformationRequest', 'InformationReply', 'AddressMaskRequest', 'AddressMaskReply', 'Traceroute', 'DatagramConversionError', 'MobileHostRedirect', 'MobileRegistrationRequest', 'MobileRegistrationReply', 'DomainNameRequest', 'DomainNameReply', 'SKIP', 'Photuris', 'All'
Example:
curl -u id:secret -X POST --header 'Content-Type: application/json' --header 'Accept: application/json' -d '{
{
"name": "SSH",
"description": "Secure Shell access",
"portRange": {
"portFrom": 22,
"portTo": 22
},
"protocol": "TCP",
"normallyOpen": false,
"scope": [
{
"type": "CIDR",
"data": {
"cidr":"10.0.0.1/32",
"Note":null
}
],
"icmpType": null
}' 'https://api.dome9.com/v2/securitygroup/543921/service/Inbound'
Similar to the request parameters.
Update an existing Agent security group service.
URL: /securityGroup/{groupid}/service/{policyType}
METHOD: PUT
policyType: if set as "Inbound" the service will be updated for the group's inbound services and if set as "Outbound" it will be updated for the group's outbound services.
groupid: The groupid in the URL is the internal id of the agent security group.
BODY:
{
"name": "string",
"description": "string",
"portRange": {
"portFrom": 0,
"portTo": 0
},
"protocol": "string",
"normallyOpen": true,
"scope": [
{
"type": "CIDR",
"data": {}
}
],
"icmpType": "string"
}
- name (string): The service name.
- description (string, optional): The service description.
- protocolType (string):According to the protocol need to be updated.
- port (string, optional): The port (can be a port range).
- normallyOpen (boolean): if "true", the service will be open for the entire internet, otherwise it will be open according to the given scope parameter.
- scope (Array[ScopeElementViewModel], optional): The service scope. If the service is "closed" then the scope isn't necessary.
- type (string): Can be one of the following - ['CIDR', 'DNS', 'IPList', 'MagicIP', 'AWS'],
- data (object): For CIDR - "cidr":'IP', For IP-List - "id":"IP-LIST ID","name":"IP-LIST NAME"}, for Magic IP - {"type": "MagicIP","data": {"name": "Magic IP Name"}, for DNS - {"type": "DNS","data": {"dns": "DNS ADDRESS","note": 'optional comment'}}
- icmpType (string, optional): In case of ICMP - 'EchoReply', 'DestinationUnreachable', 'SourceQuench', 'Redirect', 'AlternateHostAddress', 'Echo', 'RouterAdvertisement', 'RouterSelection', 'TimeExceeded', 'ParameterProblem', 'Timestamp', 'TimestampReply', 'InformationRequest', 'InformationReply', 'AddressMaskRequest', 'AddressMaskReply', 'Traceroute', 'DatagramConversionError', 'MobileHostRedirect', 'MobileRegistrationRequest', 'MobileRegistrationReply', 'DomainNameRequest', 'DomainNameReply', 'SKIP', 'Photuris', 'All'
Example:
curl -u id:secret -X PUT --header 'Content-Type: application/json' --header 'Accept: application/json' -d '{
{
"name": "SSH",
"description": "Secure Shell access",
"portRange": {
"portFrom": 22,
"portTo": 22
},
"protocol": "TCP",
"normallyOpen": false,
"scope": [
{
"type": "CIDR",
"data": {
"cidr":"10.0.0.1/32",
"Note":null
}
],
"icmpType": null
}' 'https://api.dome9.com/v2/securityGroup/23681/service/Inbound'
Similar to the request parameters.
Delete an Agent security group service.
URL: /securityGroup/{groupid}/service/{policyType}
METHOD: DELETE
- groupid: The groupid in the URL can be either the internal id or the external id. policyType: if set as "Inbound" it will delete the service in the security group's inbound policy and if set as "Outbound" it will delete the service in the security group's outbound policy. Protocol: The service protocol going to be deleted. fromPort: The service ports going to be deleted. toPort: The service ports going to be deleted.
Example:
curl -X DELETE 'https://api.dome9.com/v2/SecurityGroup/23681/service/outbound?protocol=TCP&fromPort=389&toPort=389'
No content 204 code.
Update a FIM Policy for Agent security group. Calling this action will also enable the FIM Policy
URL: /securityGroup/fim-policy
METHOD: PUT
BODY:
{
"sgId": 0,
"fimPolicy": {
"frequency": "Every6Hours",
"enabled": true,
"rules": [
{
"include": true,
"value": "string",
"comment": "string"
}
],
"excludedFileTypes": [
"string"
]
}
}
- sgId: The groupid in the URL is the internal id of the agent security group
- frequency(string): Every6Hours, Every12Hours, OnceADay, OnceAWeek
- enabled(boolean): if true it will enable the policy, if false it means the policy is disabled.
- rules(Array): Array of rules
- Include(boolean): If true the rule will be included in the fim policy, if false it would be excluded from the scan
- Value(string): the path to the file or directory
- comment(string, optional): comment for this path.
Example:
curl -u id:secret -X PUT --header 'Content-Type: application/json' --header 'Accept: application/json' -d '{
{
"securityGroupId": 3781,
"securityGroupName": "Dome9Default",
"securityGroupDescription": "",
"loggingPolicy": "LogDeny",
"fimPolicy": {
"frequency": "OnceADay",
"enabled": true,
"rules": [
{
"include": true,
"value": "/var/tmp",
"comment": null
},
{
"include": false,
"value": "/var/tmp/listl1.txt",
"comment": "Excluded by [email protected]"
},
{
"include": false,
"value": "/var/tmp/listl22.txt",
"comment": "Excluded by [email protected]"
}
],
"excludedFileTypes": []
},
"whitelist": {
"inbound": [],
"outbound": [
{
"type": "CIDR",
"data": {
"cidr": "0.0.0.0/0",
"note": "Allow All Outbound Traffic"
}
}
]
}
}' 'https://api.dome9.com/v2/securityGroup/fim-policy'
Similar to the request parameters.
Disable a FIM Policy for Agent security group.
URL:/SecurityGroup/{groupId}/fim-policy/disable
METHOD: PUT
- groupId: The groupid in the URL is the internal id of the agent security group
Example:
curl -u id:secret -X PUT --header 'Content-Type: application/json' --header 'Accept: application/json' -d
'https://api.dome9.com/v2/SecurityGroup/663/fim-policy/disable'
Message: "Fim-policy disabled successfully"
Change Logging Policy for Agent security group.
URL:/SecurityGroup/{groupId}/fim-policy/logging-policy
METHOD: PUT
BODY:
{
"loggingPolicy": "String"
}
- groupId: The groupid in the URL is the internal id of the agent security group
- loggingPolicy: "NoLogging", "LogSuccess", "LogDeny", "LogBoth"
Example:
curl -u id:secret -X PUT --header 'Content-Type: application/json' --header 'Accept: application/json' -d '{
{
"loggingPolicy": "LogSuccess"
}
' 'https://api.dome9.com/v2/securityGroup/23681/fim-policy/logging-policy
'
Similar to the request parameters.
Delete an Agent security group.
URL: /securitygroup/{groupid}
METHOD: DELETE
- groupid: The groupid in the URL can be either the internal id or the external id.
Example:
curl -X DELETE ''https://api.dome9.com/v2/SecurityGroup/23681'
no content 204 code.
Create an Agent security group whitelist
URL: /SecurityGroup/{groupId}/whitelist/{policyType}
METHOD: POST
policyType: if set as "Inbound" the service will be created in the group's inbound Whitelist and if set as "Outbound" it will be created in the group's outbound whitelist.
groupid: The groupid in the URL is the internal id of the agent security group.
BODY:
[
{
"type": "CIDR",
"data": {
"cidr": "1.2.3.4/32",
"note": ""
}
},
{
"type": "IPList",
"data": {
"id": "2261",
"name": "arik"
}
},
{
"type": "MagicIP",
"data": {
"name": "incapsula"
}
}
]
- type (string): The whitelist type CIDR/IPList/MagicIP.
- data (string): The whitelist content according to the selected type.
- cidr (string): The desired CIDR.
- note (string, optional): note for the CIDR.
- id (string, optional): The IPList ID.
- name (string): The IPList name, or if MagicIP selected then the service name.
Example:
curl -u id:secret -X POST --header 'Content-Type: application/json' --header 'Accept: application/json' -d '{
[
{
"type": "CIDR",
"data": {
"cidr": "10.22.31.4/32",
"note": ""
}
},
{
"type": "IPList",
"data": {
"id": "2261",
"name": "Production-Servers"
}
}
]
}' 'https://api.dome9.com/v2/securityGroup/23681/whitelist/inbound'
The GET request returns all Dome9 agent IP Blacklist items,
URL: /Blacklist/
METHOD: GET
Example:
curl -u id:secret -X GET --header 'Accept: application/json' 'https://api.dome9.com/v2/Blacklist'
{
"entries": [
{
"expiration": null,
"comment": "Lab",
"ip": "192.168.4.5/32"
},
{
"expiration": null,
"comment": "",
"ip": "11.25.3.3/32"
},
{
"expiration": null,
"comment": "",
"ip": "45.66.36.25/32"
}
]
}
- expiration (string, optional): The IP Blacklisted expiration time.
- comment (string, optional): Comment for the Blaclisted item.
- ip(string): The IP required to Blacklist.
URL: /Blacklist
METHOD: PUT
BODY:
{
"name": "string",
"description": "string"
}
- entries (array) The collection of the Blacklisted IP's.
- expiration (string, optional): The IP Blacklisted expiration time.
- comment (string, optional): Comment for the Blaclisted item.
- ip(string): The IP required to Blacklist.
Example:
curl -u id:secret -X PUT --header 'Content-Type: application/json' --header 'Accept: application/json' -d '{
{
"entries": [
{
"expiration": "string",
"comment": "string",
"ip": "string"
},
{
"expiration": "string",
"comment": "string",
"ip": "string"
}
]
}
}' 'https://api.dome9.com/v2/Blacklist'
Similar to the request parameters.