CIS Benchmark API
Overview
CIS benchmarks are configuration guidelines published by the Center for Internet Security. The CIS Benchmark APIs enable configuration and retrieval of Benchmark Sets and Rules in Carbon Black Cloud, and retrieval of the results from scans performed using these Rules.
For more information on this feature see the Carbon Black Cloud User Guide. The APIs here enable access to the same features for automation and integration use cases.
For more information on CIS Benchmarks, see the Center for Internet Security. CIS benchmarks contain over 100 configuration guidelines created by a global community of cybersecurity experts to safeguard various systems against attacks targeting configuration vulnerabilities.
By monitoring compliance against benchmark recommendations, you can remediate issues and improve the security posture of your organization. The custom osquery extension collects the CIS benchmark results, see Live Query Extension Tables.
In December 2023, two new endpoints to search for and export devices within a Benchmark Set. See Search Devices in Benchmark Sets and Export Devices in Benchmark Sets.
Use Cases
Through these APIs you can
- Curate benchmarks
- Query compliance results
- Export compliance results
- Query, enable, or disable a compliance rule
- Update compliance scan schedule
- Execute compliance scan manually
- Exclude or Include the device from compliance scan
Requirements
- Carbon Black Cloud Workload - You must have purchased one of the Carbon Black Cloud Workload packages.
- All API calls require an API key with appropriate permissions, see Authentication.
Resources
- Carbon Black Cloud User Guide
- CBC Postman Collection
- Carbon Black Cloud Python SDK - CIS Benchmark extensions coming soon
Authentication
Determine whether you use Carbon Black Cloud or VMware Cloud Services Platform to manage identity and authorization, or see the Carbon Black Cloud API Access Guide for complete instructions.
Carbon Black Cloud Managed Identity and Authentication
Customize your access to the Carbon Black Cloud APIs with Role-Based Access Control; All APIs and Services authenticate via API Keys. To access the data in Carbon Black Cloud via API, you must set up a key with the correct permissions for the calls you want to make and pass it in the HTTP Headers.
Environment
Available on majority of environments; Use the Carbon Black Cloud Console URL, as described here.
API Route
Replace the {cbc-hostname} and {org_key} with the URL of your Environment and the org_key for your specific Org.
- /compliance/assessment/api/v1/orgs/{org_key}/benchmark_sets/{benchmark_set_id}/compliance/devices/_export
- /compliance/assessment/api/v1/orgs/{org_key}/benchmark_sets/{benchmark_set_id}/compliance/rules/_export
- /compliance/assessment/api/v1/orgs/{org_key}/benchmark_sets/compliance/summary/_search
- /compliance/assessment/api/v1/orgs/{org_key}/benchmark_sets/{benchmark_set_id}/_clone
- /compliance/assessment/api/v1/orgs/{org_key}/benchmark_sets/{benchmark_set_id}/rules/_search
- /compliance/assessment/api/v1/orgs/{org_key}/benchmark_sets/{benchmark_set_id}/rules/{benchmark_set_rule_id}
- /compliance/assessment/api/v1/orgs/{org_key}/benchmark_sets/{benchmark_set_id}/compliance/devices/_search
- /compliance/assessment/api/v1/orgs/{org_key}/benchmark_sets/{benchmark_set_id}
- /compliance/assessment/api/v1/orgs/{org_key}/benchmark_sets/{benchmark_set_id}/actions
- /compliance/assessment/api/v1/orgs/{org_key}/benchmark_sets/{benchmark_set_id}/compliance/devices/{device_id}/rules/_search
- /compliance/assessment/api/v1/orgs/{org_key}/benchmark_sets/{benchmark_set_id}/compliance/rules/_search
- /compliance/assessment/api/v1/orgs/{org_key}/benchmark_sets/{benchmark_set_id}/compliance/rules/{benchmark_set_rule_id}/devices/_search
- /compliance/assessment/api/v1/orgs/{org_key}/benchmark_sets/_search
- /compliance/assessment/api/v1/orgs/{org_key}/benchmark_sets/{benchmark_set_id}/sections
- /compliance/assessment/api/v1/orgs/{org_key}/benchmark_sets/{benchmark_set_id}/rules
- /compliance/assessment/api/v1/orgs/{org_key}/settings
- /compliance/assessment/api/v1/orgs/{org_key}/benchmark_sets/{benchmark_set_id}/compliance/device_actions
Access Level
Before you create your API Key, you need to create a "Custom" Access Level including each category:
- Compliance > Compliance Assessment Data > complianceAssessment.data, allow permission to
READ, UPDATE, DELETE, EXECUTE
API Key
When creating your API Key, use the Access Level Type of "Custom" and select the Access Level you created. Details on constructing and passing the API Key in your requests are available here.
Cloud Services Platform Managed Identity and Authentication
Customize your access to the Carbon Black Cloud APIs with OAuth Access Control; API access is controlled using OAuth apps or User API Tokens. This is currently limited to the UK Point of Presence and AWS GovCloud (US).
Environment
Available on
Prod UK and AWS GovCloud (US). Full list of environments is available here; Use the Carbon Black Cloud Console URL from Cloud Services Platform, as described here.
API Route
Replace the {cbc-hostname} and {org_key} with the URL of your Environment and the org_key for your specific Org.
- /compliance/assessment/api/v1/orgs/{org_key}/benchmark_sets/{benchmark_set_id}/compliance/devices/_export
- /compliance/assessment/api/v1/orgs/{org_key}/benchmark_sets/{benchmark_set_id}/compliance/rules/_export
- /compliance/assessment/api/v1/orgs/{org_key}/benchmark_sets/compliance/summary/_search
- /compliance/assessment/api/v1/orgs/{org_key}/benchmark_sets/{benchmark_set_id}/_clone
- /compliance/assessment/api/v1/orgs/{org_key}/benchmark_sets/{benchmark_set_id}/rules/_search
- /compliance/assessment/api/v1/orgs/{org_key}/benchmark_sets/{benchmark_set_id}/rules/{benchmark_set_rule_id}
- /compliance/assessment/api/v1/orgs/{org_key}/benchmark_sets/{benchmark_set_id}/compliance/devices/_search
- /compliance/assessment/api/v1/orgs/{org_key}/benchmark_sets/{benchmark_set_id}
- /compliance/assessment/api/v1/orgs/{org_key}/benchmark_sets/{benchmark_set_id}/actions
- /compliance/assessment/api/v1/orgs/{org_key}/benchmark_sets/{benchmark_set_id}/compliance/devices/{device_id}/rules/_search
- /compliance/assessment/api/v1/orgs/{org_key}/benchmark_sets/{benchmark_set_id}/compliance/rules/_search
- /compliance/assessment/api/v1/orgs/{org_key}/benchmark_sets/{benchmark_set_id}/compliance/rules/{benchmark_set_rule_id}/devices/_search
- /compliance/assessment/api/v1/orgs/{org_key}/benchmark_sets/_search
- /compliance/assessment/api/v1/orgs/{org_key}/benchmark_sets/{benchmark_set_id}/sections
- /compliance/assessment/api/v1/orgs/{org_key}/benchmark_sets/{benchmark_set_id}/rules
- /compliance/assessment/api/v1/orgs/{org_key}/settings
- /compliance/assessment/api/v1/orgs/{org_key}/benchmark_sets/{benchmark_set_id}/compliance/device_actions
- /compliance/assessment/api/v1/orgs/{org_key}/benchmark_sets/{benchmark_set_id}/compliance/summary
Access Level
Before you create your OAuth App, you need to create a custom Role with the following permissions under IDENTITY & ACCESS MANAGEMENT > Roles > VMware Carbon Black Cloud:
- _API.Compliance:complianceAssessment.Data, allow permission to
READ, UPDATE, DELETE, EXECUTE
API Authentication
The Cloud Services Platform supports several authentication options, Access Token, API Token, and for backward compatibility, X-Auth-Token. To learn about the differences or how to use the authentication methods see the Authentication Guide.
API Calls
Calls for managing Compliance Assessment are arranged in the following groups:
- Settings - View and modify the scanning schedule.
- Benchmark Set - Search for, modify and enable or disable Benchmark Sets.
- Benchmark Rules - Search and modify rules within a Benchmark Set.
- Execute Actions - Enable or disable a Benchmark Set or trigger a reassessment using the Benchmark Set.
- Compliance Information - Get the results of scans using searching from different perspectives including per Device, Rule or Benchmark Set.
Settings
Manage the schedule for running Compliance Assessment scans.
Get Organization Settings
Get the current schedule for compliance scans.
API Permissions Required
| Identity Manager | Permission (.notation name) | Operation(s) | Environment |
|---|---|---|---|
| Carbon Black Cloud | complianceAssessment.data |
READ |
Majority of environments |
| VMware Cloud Services Platform | _API.Compliance:complianceAssessment.Data.READ |
N/A - included in permission name | Prod UK and AWS GovCloud (US) |
Request
GET {cbc-hostname}/compliance/assessment/api/v1/orgs/{org_key}/settingsResponse Codes
| Code | Description | Content-Type | Content |
|---|---|---|---|
| 200 | Scan Schedule for compliance assessment | application/json | View example response below
Schema: Recurrence Rules, consistent with Live Query |
| 400 | Unable to update scan schedule due to bad request | N/A | N/A |
| 401 | Not Authenticated | N/A | N/A |
| 403 | Forbidden | N/A | N/A |
| 500 | Internal Server Error | N/A | N/A |
Examples
Request
Request Headers
Response Body
To download or review the Carbon Black Cloud Postman collection, click here.
GET https://defense.conferdeploy.net/compliance/assessment/api/v1/orgs/1234ABCD/settingsX-AUTH-TOKEN: "ABCDEFGHIJKLMNO123456789/ABCD123456"{
"scan_schedule": "FREQ=WEEKLY;BYDAY=FR;BYHOUR=23;BYMINUTE=30;BYSECOND=0",
"scan_timezone": "UTC"
}Update Organization Settings
Apply a new schedule for Compliance Assessment scans.
API Permissions Required
| Identity Manager | Permission (.notation name) | Operation(s) | Environment |
|---|---|---|---|
| Carbon Black Cloud | complianceAssessment.data |
UPDATE |
Majority of environments |
| VMware Cloud Services Platform | _API.Compliance:complianceAssessment.Data.UPDATE |
N/A - included in permission name | Prod UK and AWS GovCloud (US) |
Request
PUT {cbc-hostname}/compliance/assessment/api/v1/orgs/{org_key}/settings
Request Body - application/json
{
"scan_schedule": "<string>",
"scan_timezone": "<string>"
}
Body Schema
| Field | Definition | Data Type | Values |
|---|---|---|---|
scan_schedule |
Defines how frequently and when benchmark scans run for an organization | String | The Scan Schedule is set in accordance with the Recurrence Rules of Live Query |
scan_timezone |
Timezone that the scan_schedule is configured in |
String | Timezones are set in accordance with the Timezone Database Names of Live Query |
Response Codes
| Code | Description | Content-Type | Content |
|---|---|---|---|
| 200 | Scan Schedule Updated for compliance assessment | application/json | View example response below
Schema: Settings |
| 400 | Error occurred while updating scan schedule | application/json | |
| 401 | Not Authenticated | N/A | N/A |
| 403 | Forbidden | N/A | N/A |
| 500 | Internal Server Error | N/A | N/A |
Examples
Request
Request Headers
Request Body
Response Body
To download or review the Carbon Black Cloud Postman collection, click here.
PUT https://defense.conferdeploy.net/compliance/assessment/api/v1/orgs/1234ABCD/settingsX-AUTH-TOKEN: "ABCDEFGHIJKLMNO123456789/ABCD123456"
Content-Type: "application/json"{
"scan_schedule": "FREQ=WEEKLY;BYDAY=TH;BYHOUR=23;BYMINUTE=30;BYSECOND=0",
"scan_timezone": "UTC"
}{
"scan_schedule": "FREQ=WEEKLY;BYDAY=TH;BYHOUR=23;BYMINUTE=30;BYSECOND=0",
"scan_timezone": "UTC"
}Benchmark Sets
Search, modify, enable or disable, and delete Benchmark Sets.
Search Benchmark Sets
Use the search query and criteria to return the required Benchmark Sets.
API Permissions Required
| Identity Manager | Permission (.notation name) | Operation(s) | Environment |
|---|---|---|---|
| Carbon Black Cloud | complianceAssessment.data |
READ |
Majority of environments |
| VMware Cloud Services Platform | _API.Compliance:complianceAssessment.Data.READ |
N/A - included in permission name | Prod UK and AWS GovCloud (US) |
Request
POST {cbc-hostname}/compliance/assessment/api/v1/orgs/{org_key}/benchmark_sets/_search
Request Body - application/json
{
"query": "<string>",
"rows": <integer>,
"start": <integer>,
"criteria": {
"<fieldname>": [
"<value>"
]},
"sort": [
{
"field": "<string>",
"order": "<string>"
}
]
}
Body Schema
| Field | Definition | Data Type | Values |
|---|---|---|---|
query |
Query in lucene syntax and/or including value searches | String | N/A |
rows |
For pagination, how many results to return | Integer | Default: 1000
Maximum: 80,000 |
start |
For pagination, where to start retrieving results from | Integer | Default: 0 |
criteria |
Criteria is an object that represents values that must be in the results. | Object | id, name, version, os_family, enabled, type, created_by, updated_by, create_time, update_time |
sort |
Sort is a collection of sort parameters that specify a field and order to sort the results. |
Array | order supports ASC or DESC
Supported fields: id, name, version, os_family, enabled, type, created_by, updated_by, create_time, update_time |
Response Codes
| Code | Description | Content-Type | Content |
|---|---|---|---|
| 200 | Get benchmark sets for the org | application/json | View example response below
Results Schema: Benchmark Sets |
| 400 | Error occurred while getting benchmark sets | application/json | |
| 401 | Not Authenticated | N/A | N/A |
| 403 | Forbidden | N/A | N/A |
| 500 | Internal Server Error | N/A | N/A |
Examples
Request
Request Headers
Request Body
Response Body
To download or review the Carbon Black Cloud Postman collection, click here.
POST https://defense.conferdeploy.net/compliance/assessment/api/v1/orgs/1234ABCD/benchmark_sets/_searchX-AUTH-TOKEN: "ABCDEFGHIJKLMNO123456789/ABCD123456"
Content-Type: "application/json"{
"query": "windows",
"rows": 20,
"start": 0
}{
"num_found": "1",
"results": [
{
"id": "251cc749-47d5-420d-9465-00a35a7024aa",
"name": "Sample Benchmark Set",
"version": "1.0.0.1",
"os_family": "WINDOWS_SERVER",
"enabled": false,
"type": "Custom",
"supported_os_info": [
{
"os_metadata_id": "4125c0f6-fb52-436b-a498-74b8a920075e",
"os_type": "WINDOWS",
"os_name": "Windows Server 2012 x64",
"cis_version": "1.3.0"
}
],
"created_by": "Jane Doe",
"updated_by": "jane@company.com",
"create_time": "2023-03-01T03:07:14.383765Z",
"update_time": "2023-03-01T03:07:14.383765Z",
"sections": [
{
"id": "57428517-7E67-27DE-4EA7-699AFF2EDC61",
"name": "Local Policies",
"description": "This section contains recommendations for local policies.",
"sections": [
{
"id": "BE5B0852-96F7-3E07-391F-B1FA8CFF7F21",
"name": "User Rights Assignment",
"description": "This section contains recommendations for user rights assignments.",
"sections": [],
"rules": [
{
"id": "BCCAAACA-F0BE-4C0F-BE0A-A09FC1641EE2",
"rule_name": "(L1) Ensure 'Create a pagefile' is set to 'Administrators'",
"enabled": false,
"section_id": "BE5B0852-96F7-3E07-391F-B1FA8CFF7F21",
"section_name": "User Rights Assignment"
}
]
}]
}]
}]
}Update Benchmark Set
Set new values in a Benchmark Set.
API Permissions Required
| Identity Manager | Permission (.notation name) | Operation(s) | Environment |
|---|---|---|---|
| Carbon Black Cloud | complianceAssessment.data |
UPDATE |
Majority of environments |
| VMware Cloud Services Platform | _API.Compliance:complianceAssessment.Data.UPDATE |
N/A - included in permission name | Prod UK and AWS GovCloud (US) |
Request
PUT {cbc-hostname}/compliance/assessment/api/v1/orgs/{org_key}/benchmark_sets/{benchmark_set_id}
Request Body - application/json
{
"id": "<string>",
"name": "<string>",
"version": "<string>",
"os_family": "<string>",
"enabled": <boolean>,
"type": "<string>",
"supported_os_info": [
{
"os_metadata_id": "<string>",
"os_type": "<string>",
"os_name": "<string>",
"cis_version": "<string>",
}
],
"created_by": "<string>",
"updated_by": "<string>",
"create_time": "<string>",
"update_time": "<string>"
}
Body Schema
| Field | Definition | Data Type | Values |
|---|---|---|---|
| Benchmark Set | Fields required to define a Benchmark Set | Benchmark Set | N/A |
Response Codes
| Code | Description | Content-Type | Content |
|---|---|---|---|
| 200 | Update benchmark set | application/json | |
| 400 | Error occurred while updating benchmark set | application/json | |
| 401 | Not Authenticated | N/A | N/A |
| 403 | Forbidden | N/A | N/A |
| 500 | Internal Server Error | N/A | N/A |
Examples
Request
Request Headers
Request Body
Response Body
To download or review the Carbon Black Cloud Postman collection, click here.
PUT https://defense.conferdeploy.net/compliance/assessment/api/v1/orgs/1234ABCD/benchmark_sets/251cc749-47d5-420d-9465-00a35a7024aaX-AUTH-TOKEN: "ABCDEFGHIJKLMNO123456789/ABCD123456"
Content-Type: "application/json"{
"id": "251cc749-47d5-420d-9465-00a35a7024aa",
"name": "Sample Benchmark Set",
"version": "1.0.0.1",
"os_family": "WINDOWS_SERVER",
"enabled": false,
"type": "Custom",
"supported_os_info": [
{
"os_metadata_id": "4125c0f6-fb52-436b-a498-74b8a920075e",
"os_type": "WINDOWS",
"os_name": "Windows Server 2012 x64",
"cis_version": "1.3.0"
}
],
"created_by": "Jane Doe",
"updated_by": "jane@company.com",
"create_time": "2023-03-01T03:07:14.383765Z",
"update_time": "2023-03-01T03:07:14.383765Z",
}{
"id": "251cc749-47d5-420d-9465-00a35a7024aa",
"name": "Sample Benchmark Set",
"version": "1.0.0.1",
"os_family": "WINDOWS_SERVER",
"enabled": false,
"type": "Custom",
"supported_os_info": [
{
"os_metadata_id": "4125c0f6-fb52-436b-a498-74b8a920075e",
"os_type": "WINDOWS",
"os_name": "Windows Server 2012 x64",
"cis_version": "1.3.0"
}
],
"created_by": "Jane Doe",
"updated_by": "jane@company.com",
"create_time": "2023-03-01T03:07:14.383765Z",
"update_time": "2023-03-01T03:07:14.383765Z"
}Clone Benchmark Set
Make a complete copy of a Benchmark set.
API Permissions Required
| Identity Manager | Permission (.notation name) | Operation(s) | Environment |
|---|---|---|---|
| Carbon Black Cloud | complianceAssessment.data |
READ, CREATE |
Majority of environments |
| VMware Cloud Services Platform | _API.Compliance:complianceAssessment.Data.READ, CREATE |
N/A - included in permission name | Prod UK and AWS GovCloud (US) |
Request
POST {cbc-hostname}/compliance/assessment/api/v1/orgs/{org_key}/benchmark_sets/{benchmark_set_id}/_clone
Request Body - application/json
{
"benchmark_name": "<string>"
}
Body Schema
| Field | Definition | Data Type | Values |
|---|---|---|---|
| benchmark_name | Name of the new benchmark set to be copied from the one identified by ‘benchmark_set_id’ in the request param | String | N/A |
Response Codes
| Code | Description | Content-Type | Content |
|---|---|---|---|
| 200 | Successful Request | content/json | View example response below. id is the identifier of the new benchmark set. |
| 400 | Error occurred cloning benchmark set | application/json | |
| 401 | Not Authenticated | N/A | N/A |
| 403 | Forbidden | N/A | N/A |
| 500 | Internal Server Error | N/A | N/A |
Examples
Request
Request Headers
Request Body
Response Body
To download or review the Carbon Black Cloud Postman collection, click here.
POST https://defense.conferdeploy.net/compliance/assessment/api/v1/orgs/1234ABCD/benchmark_sets/251cc749-47d5-420d-9465-00a35a7024aa/_cloneX-AUTH-TOKEN: "ABCDEFGHIJKLMNO123456789/ABCD123456"
Content-Type: "application/json"{
"benchmark_name": "Copy of Sample Benchmark Set"
}{
"id": "1b9cc3ad-9d34-468c-8d68-0ec150d142d3"
}Delete Benchmark Set
API Permissions Required
| Identity Manager | Permission (.notation name) | Operation(s) | Environment |
|---|---|---|---|
| Carbon Black Cloud | complianceAssessment.data |
DELETE |
Majority of environments |
| VMware Cloud Services Platform | _API.Compliance:complianceAssessment.Data.DELETE |
N/A - included in permission name | Prod UK and AWS GovCloud (US) |
Request
DELETE {cbc-hostname}/compliance/assessment/api/v1/orgs/{org_key}/benchmark_sets/{benchmark_set_id}
Response Codes
| Code | Description | Content-Type | Content |
|---|---|---|---|
| 204 | Deleted benchmark set | N/A | N/A |
| 400 | Error occurred while deleting benchmark set | application/json | |
| 401 | Not Authenticated | N/A | N/A |
| 403 | Forbidden | N/A | N/A |
| 500 | Internal Server Error | N/A | N/A |
Examples
Request
Request Headers
Response Body
To download or review the Carbon Black Cloud Postman collection, click here.
DELETE https://defense.conferdeploy.net/compliance/assessment/api/v1/orgs/1234ABCD/benchmark_sets/251cc749-47d5-420d-9465-00a35a7024aaX-AUTH-TOKEN: "ABCDEFGHIJKLMNO123456789/ABCD123456"No ContentBenchmark Rules
Search and modify rules within a Benchmark Set
Search Rules
API Permissions Required
| Identity Manager | Permission (.notation name) | Operation(s) | Environment |
|---|---|---|---|
| Carbon Black Cloud | complianceAssessment.data |
READ |
Majority of environments |
| VMware Cloud Services Platform | _API.Compliance:complianceAssessment.Data.READ |
N/A - included in permission name | Prod UK and AWS GovCloud (US) |
Request
POST {cbc-hostname}/compliance/assessment/api/v1/orgs/{org_key}/benchmark_sets/{benchmark_set_id}/rules/_search
Request Body - application/json
{
"query": "<string>",
"rows": <integer>,
"start": <integer>,
"criteria": {
"<fieldname>": [
"<value>"
]},
"sort": [
{
"field": "<string>",
"order": "<string>"
}
]
}
Body Schema
| Field | Definition | Data Type | Values |
|---|---|---|---|
query |
Query in lucene syntax and/or including value searches | String | N/A |
rows |
For pagination, how many results to return | Integer | Default: 1000
Maximum: 80,000 |
start |
For pagination, where to start retrieving results from | Integer | Default: 0 |
criteria |
Criteria is an object that represents values that must be in the results. | Object | id, rule_name, enabled, section_id, section_name |
sort |
Sort is a collection of sort parameters that specify a field and order to sort the results. |
Array | order supports ASC or DESC
Supported fields: id, rule_name, enabled, section_id, section_name |
Response Codes
| Code | Description | Content-Type | Content |
|---|---|---|---|
| 200 | Get benchmark set rules | application/json | View example result below
Results Schema: Benchmark Rules |
| 400 | Error occurred while getting benchmark set rules | application/json | |
| 401 | Not Authenticated | N/A | N/A |
| 403 | Forbidden | N/A | N/A |
| 500 | Internal Server Error | N/A | N/A |
Examples
Request
Request Headers
Request Body
Response Body
To download or review the Carbon Black Cloud Postman collection, click here.
POST https://defense.conferdeploy.net/compliance/assessment/api/v1/orgs/1234ABCD/benchmark_sets/251cc749-47d5-420d-9465-00a35a7024aa/rules/_searchX-AUTH-TOKEN: "ABCDEFGHIJKLMNO123456789/ABCD123456"
Content-Type: "application/json"{
"query": "windows",
"rows": 1,
"start": 0,
"sort": [
{
"field": "section_name",
"order": "DESC"
}
]
}{
"num_found": 57,
"results": [
{
"id": "75D1C537-FF92-4B46-9875-9549AA088BC9",
"rule_name": "(L1) Ensure 'Configure Automatic Updates' is set to 'Enabled'",
"enabled": true,
"section_id": "D5F265D0-6087-61C8-D6F9-9AE0B7AFB06B",
"section_name": "Windows Update"
}
]
}Get Specified Rule
Get details of a specified rule within a Benchmark Set.
API Permissions Required
| Identity Manager | Permission (.notation name) | Operation(s) | Environment |
|---|---|---|---|
| Carbon Black Cloud | complianceAssessment.data |
READ |
Majority of environments |
| VMware Cloud Services Platform | _API.Compliance:complianceAssessment.Data.READ |
N/A - included in permission name | Prod UK and AWS GovCloud (US) |
Request
GET {cbc-hostname}/compliance/assessment/api/v1/orgs/{org_key}/benchmark_sets/{benchmark_set_id}/rules/{benchmark_set_rule_id}
Response Codes
| Code | Description | Content-Type | Content |
|---|---|---|---|
| 200 | Get benchmark sets for the org | application/json | View example response below
Schema: Benchmark Rule Information |
| 400 | Error occurred while getting benchmark rule | application/json | |
| 401 | Not Authenticated | N/A | N/A |
| 403 | Forbidden | N/A | N/A |
| 500 | Internal Server | N/A | N/A |
Examples
Request
Request Headers
Response Body
To download or review the Carbon Black Cloud Postman collection, click here.
GET https://defense.conferdeploy.net/compliance/assessment/api/v1/orgs/1234ABCD/benchmark_sets/251cc749-47d5-420d-9465-00a35a7024aa/rules/BCCAAACA-F0BE-4C0F-BE0A-A09FC1641EE2X-AUTH-TOKEN: "ABCDEFGHIJKLMNO123456789/ABCD123456"{
"id": "BCCAAACA-F0BE-4C0F-BE0A-A09FC1641EE2",
"rule_name": "(L1) Ensure 'Create a pagefile' is set to 'Administrators'",
"enabled": true,
"section_id": "BE5B0852-96F7-3E07-391F-B1FA8CFF7F21",
"section_name": "User Rights Assignment",
"supported_os_info": [
{
"os_metadata_id": "4125c0f6-fb52-436b-a498-74b8a920075e",
"os_type": "WINDOWS",
"os_name": "Windows Server 2012 x64",
"cis_version": "1.3.0"
}],
"description": "This policy setting allows users to change the size of the pagefile. By making the pagefile extremely large or extremely small, an attacker could easily affect the performance of a compromised computer.\n\nThe recommended state for this setting is: `Administrators`.",
"rationale": "Users who can change the page file size could make it extremely small or move the file to a highly fragmented storage volume, which could cause reduced computer performance.",
"impact": "None - this is the default behavior.",
"remediation": {
"procedure": "To establish the recommended configuration via GP, set the following UI path to `Administrators`",
"steps": "\n\n ```\nComputer Configuration\\Policies\\Windows Settings\\Security Settings\\Local Policies\\User Rights Assignment\\Create a pagefile\n```"
},
"profile": [
"Level 1 Domain Controller",
"Level 1 Member Server"
]
}Update Rules
API Permissions Required
| Identity Manager | Permission (.notation name) | Operation(s) | Environment |
|---|---|---|---|
| Carbon Black Cloud | complianceAssessment.data |
UPDATE |
Majority of environments |
| VMware Cloud Services Platform | _API.Compliance:complianceAssessment.Data.UPDATE |
N/A - included in permission name | Prod UK and AWS GovCloud (US) |
Request
PUT {cbc-hostname}/compliance/assessment/api/v1/orgs/{org_key}/benchmark_sets/{benchmark_set_id}/rules
Request Body - application/json
[
{
"rule_id": "<string>",
"enabled": <boolean>
}
]Body Schema
| Field | Definition | Data Type | Values |
|---|---|---|---|
| Benchmark Rule Request List | List of rules and whether to set them enabled | [ Benchmark Rule Request ] | N/A |
Response Codes
| Code | Description | Content-Type | Content |
|---|---|---|---|
| 200 | Update benchmark set rules | application/json | View example result below
Results Schema: Benchmark Rule |
| 400 | Error occurred while updating benchmark set rules | application/json | |
| 401 | Not Authenticated | N/A | N/A |
| 403 | Forbidden | N/A | N/A |
| 500 | Internal Server Error | N/A | N/A |
Examples
Request
Request Headers
Request Body
Response Body
To download or review the Carbon Black Cloud Postman collection, click here.
PUT https://defense.conferdeploy.net/compliance/assessment/api/v1/orgs/1234ABCD/benchmark_sets/251cc749-47d5-420d-9465-00a35a7024aa/rulesX-AUTH-TOKEN: "ABCDEFGHIJKLMNO123456789/ABCD123456"
Content-Type: "application/json"[
{
"rule_id": "2A65B63E-89D9-4844-8290-5042FDF2A27B",
"enabled": false
}
][
{
"id": "2A65B63E-89D9-4844-8290-5042FDF2A27B",
"rule_name": "(L1) Ensure 'Allow unencrypted traffic' is set to 'Disabled'",
"enabled": false,
"section_id": "BCE720DD-B5FC-1418-8576-8CF6DF906442",
"section_name": "WinRM Client"
}
]Get All Benchmark Set Sections
Returns the Id and Name of all sections with the Id of the benchmark that contains the section.
API Permissions Required
| Identity Manager | Permission (.notation name) | Operation(s) | Environment |
|---|---|---|---|
| Carbon Black Cloud | complianceAssessment.data |
READ |
Majority of environments |
| VMware Cloud Services Platform | _API.Compliance:complianceAssessment.Data.READ |
N/A - included in permission name | Prod UK and AWS GovCloud (US) |
Request
GET {cbc-hostname}/compliance/assessment/api/v1/orgs/{org_key}/benchmark_sets/{benchmark_set_id}/sections
Response Codes
| Code | Description | Content-Type | Content |
|---|---|---|---|
| 200 | Fetch all BenchmarkSet Sections | application/json | View example response below.
Schema: Benchmark Set Section Item |
| 400 | Error occurred during fetching benchmark set sections | application/json | |
| 401 | Not Authenticated | N/A | N/A |
| 403 | Forbidden | N/A | N/A |
| 500 | Internal Server Error | N/A | N/A |
Examples
Request
Request Headers
To download or review the Carbon Black Cloud Postman collection, click here.
GET https://defense.conferdeploy.net/compliance/assessment/api/v1/orgs/1234ABCD/benchmark_sets/251cc749-47d5-420d-9465-00a35a7024aa/sectionsX-AUTH-TOKEN: "ABCDEFGHIJKLMNO123456789/ABCD123456"[
{
"section_id": "1752BB38-579F-D100-8F40-BF9E621D471E",
"section_name": "Account Lockout Policy",
"parent_id": "0BC9CD10-250C-61E8-F3D2-E3854B9DE335"
},
{
"section_id": "57428517-7E67-27DE-4EA7-699AFF2EDC61",
"section_name": "Local Policies",
"parent_id": null
}
... truncated ...
]Devices
Endpoints that return device information.
Search Devices in Benchmark Sets
Get the Device Summary for devices in a Benchmark Set.
API Permissions Required
| Identity Manager | Permission (.notation name) | Operation(s) | Environment |
|---|---|---|---|
| Carbon Black Cloud | complianceAssessment.data |
READ |
Majority of environments |
| VMware Cloud Services Platform | _API.Compliance:complianceAssessment.Data.READ |
N/A - included in permission name | Prod UK and AWS GovCloud (US) |
Request
POST {cbc-hostname}/compliance/assessment/api/v1/orgs/{org_key}/benchmark_sets/{benchmark_set_id}/inventory/devices/_search
Request Body - application/json
{
"query": "<string>",
"rows": <integer>,
"start": <integer>,
"criteria": {
"<fieldname>": [
"<value>"
]
},
"exclusions": {
"<fieldname>": [
"<value>"
]
},
"sort": [
{
"field": "<string>",
"order": "<string>"
}
]
}
Body Schema
| Field | Definition | Data Type | Values |
|---|---|---|---|
query |
Query in lucene syntax and/or including value searches | String | N/A |
rows |
For pagination, how many results to return | Integer | Default: 1000
Maximum: 80,000 |
start |
For pagination, where to start retrieving results from | Integer | Default: 0 |
criteria |
Criteria is an object that represents values that must be in the results. | Object | id, name, version, os_family, enabled, type, created_by, updated_by, create_time, update_time |
exclusions |
Exclusions is an object that represents values that must not be in the results. | Object | id, name, version, os_family, enabled, type, created_by, updated_by, create_time, update_time |
sort |
Sort is a collection of sort parameters that specify a field and order to sort the results. |
Array | order supports ASC or DESC
Supported fields: id, name, version, os_family, enabled, type, created_by, updated_by, create_time, update_time |
Response Codes
| Code | Description | Content-Type | Content |
|---|---|---|---|
| 200 | Get devices that are part of the benchmark set | application/json | View example response below
Results Schema: Benchmark Sets |
| 400 | Error occurred while getting benchmark sets | application/json | |
| 401 | Not Authenticated | N/A | N/A |
| 403 | Forbidden | N/A | N/A |
| 500 | Internal Server Error | N/A | N/A |
Examples
Request
Request Headers
Request Body
Response Body
To download or review the Carbon Black Cloud Postman collection, click here.
POST https://defense.conferdeploy.net/compliance/assessment/api/v1/orgs/1234ABCD/benchmark_sets/fa6e421c-e75a-483c-bea3-842fb1b52705/inventory/devices/_searchX-AUTH-TOKEN: "ABCDEFGHIJKLMNO123456789/ABCD123456"
Content-Type: "application/json"{
"query": "windows",
"rows": 1,
"start": 0,
"criteria": {
"os_type": [
"WINDOWS"
]
},
"exclusions": {
"cis_version": [
"1.4.0"
]
},
"sort": [
{
"field": "create_time",
"order": "ASC"
}
]
}{
"num_found": 4568,
"results": [
{
"device_id": 12345678,
"device_name": "TEST\\DEMO-MACHINE",
"host_name": null,
"os_version": "Windows Server 2019 x64",
"reason": "ASSESSMENT_SCHEDULED",
"sensor_version": "3.9.0",
"last_checkin_time": "2023-12-19T08:37:03.126Z",
"deployment_type": "WORKLOAD"
}
]
}Export Devices in Benchmark Sets
Export the Device Summary for devices in a Benchmark Set in csv or json format.
- Use the endpoint defined here to create a job with required search criteria to limit the results. A
job_idis returned. - Use the
job_idin the Download Job Output endpoint in the Jobs Service to get the results. The Download Job API requires the permissionjobs.status - READ.
API Permissions Required
| Identity Manager | Permission (.notation name) | Operation(s) | Environment |
|---|---|---|---|
| Carbon Black Cloud | complianceAssessment.data |
READ |
Majority of environments |
| VMware Cloud Services Platform | _API.Compliance:complianceAssessment.Data.READ |
N/A - included in permission name | Prod UK and AWS GovCloud (US) |
Request
POST {cbc-hostname}/compliance/assessment/api/v1/orgs/{org_key}/benchmark_sets/{benchmark_set_id}/inventory/devices/_export
Request Body - application/json
{
"query": "<string>",
"rows": <integer>,
"start": <integer>,
"criteria": {
"<fieldname>": [
"<value>"
]
},
"exclusions": {
"<fieldname>": [
"<value>"
]
},
"sort": [
{
"field": "<string>",
"order": "<string>"
}
],
"format": "<string>"
}
Body Schema
| Field | Definition | Data Type | Values |
|---|---|---|---|
format |
Specify the desired file format for the downloaded content | String | JSON, CSV
Default: CSV |
query |
Query in lucene syntax and/or including value searches | String | N/A |
rows |
For pagination, how many results to return | Integer | Default: 1000
Maximum: 80,000 |
start |
For pagination, where to start retrieving results from | Integer | Default: 0 |
criteria |
Criteria is an object that represents values that must be in the results. | Object | id, name, version, os_family, enabled, type, created_by, updated_by, create_time, update_time |
exclusions |
Exclusions is an object that represents values that must not be in the results. | Object | id, name, version, os_family, enabled, type, created_by, updated_by, create_time, update_time |
sort |
Sort is a collection of sort parameters that specify a field and order to sort the results. |
Array | order supports ASC or DESC
Supported fields: id, name, version, os_family, enabled, type, created_by, updated_by, create_time, update_time |
Response Codes
| Code | Description | Content-Type | Content |
|---|---|---|---|
| 200 | Export job has been started, to export devices that are part of the benchmark set | application/json | Returns a job id
See CSV or JSON example response below for the output from download job output. |
| 400 | Error occurred while getting benchmark sets | application/json | |
| 401 | Not Authenticated | N/A | N/A |
| 403 | Forbidden | N/A | N/A |
| 500 | Internal Server Error | N/A | N/A |
Examples
Request
Request Headers
Request Body
Response Body
To download or review the Carbon Black Cloud Postman collection, click here.
POST https://defense.conferdeploy.net/compliance/assessment/api/v1/orgs/1234ABCD/benchmark_sets/fa6e421c-e75a-483c-bea3-842fb1b52705/inventory/devices/_exportX-AUTH-TOKEN: "ABCDEFGHIJKLMNO123456789/ABCD123456"
Content-Type: "application/json"{
"query": "windows",
"rows": 1,
"start": 0,
"criteria": {
"os_type": [
"WINDOWS"
]
},
"exclusions": {
"cis_version": [
"1.4.0"
]
},
"sort": [
{
"field": "create_time",
"order": "ASC"
}
],
"format": "CSV"
}{
"job_id": 968091
}Example responses after calling Download Job Output
Examples
Request
Request Headers
Example response for Download Job Output with CSV format
Response Body
GET https://defense.conferdeploy.net/jobs/v1/orgs/1234ABCD/jobs/968091/downloadX-AUTH-TOKEN: "ABCDEFGHIJKLMNO123456789/ABCD123456"Response Body
"VM Name","OS Version","Sensor Version","Last Checkin Time","Reason","Asset Type"
"TEST\DEMO-MACHINE","Windows Server 2019 x64","4.0.0.1292","2023-12-19","Assessment Scheduled","WORKLOAD"
Request
Request Headers
Example response for Download Job Output with JSON format
Response Body
To download or review the Carbon Black Cloud Postman collection, click here.
GET https://defense.conferdeploy.net/jobs/v1/orgs/1234ABCD/jobs/968091/downloadX-AUTH-TOKEN: "ABCDEFGHIJKLMNO123456789/ABCD123456"Response Body
[
{
"VM Name": "TEST\\DEMO-MACHINE",
"OS Version": "Windows Server 2019 x64",
"Sensor Version": "4.0.0.1292",
"Asset Type": "WORKLOAD",
"Last Checkin Time": "2023-12-19",
"Reason": "ASSESSMENT_SCHEDULED"
}
]Execute Actions
On a Benchmark Set
Enable or disable a Benchmark Set or trigger a reassessment using the Benchmark Set.
API Permissions Required
| Identity Manager | Permission (.notation name) | Operation(s) | Environment |
|---|---|---|---|
| Carbon Black Cloud | complianceAssessment.data |
EXECUTE |
Majority of environments |
| VMware Cloud Services Platform | _API.Compliance:complianceAssessment.Data.EXECUTE |
N/A - included in permission name | Prod UK and AWS GovCloud (US) |
Request
POST {cbc-hostname}/compliance/assessment/api/v1/orgs/{org_key}/benchmark_sets/{benchmark_set_id}/actions
Request Body - application/json
{
"action": "<string>"
}
Body Schema
| Field | Definition | Data Type | Values |
|---|---|---|---|
action |
The action to take on the benchmark set | String | ENABLE, DISABLE, REASSESS |
Response Codes
| Code | Description | Content-Type | Content |
|---|---|---|---|
| 200 | Executed benchmark set action | application/json | |
| 400 | Error occurred while executing benchmark set action | application/json | |
| 401 | Not Authenticated | N/A | N/A |
| 403 | Forbidden | N/A | N/A |
| 500 | Internal Server Error | N/A | N/A |
Examples
Request
Request Headers
Request Body
Response Body
To download or review the Carbon Black Cloud Postman collection, click here.
POST https://defense.conferdeploy.net/compliance/assessment/api/v1/orgs/1234ABCD/benchmark_sets/251cc749-47d5-420d-9465-00a35a7024aa/actionsX-AUTH-TOKEN: "ABCDEFGHIJKLMNO123456789/ABCD123456"
Content-Type: "application/json"{
"action": "ENABLE"
}{
"status_code": "SUCCESS",
"message": "Benchmark set for Microsoft Windows Server is enabled"
}On Specified Devices
Take the specified action on each device within a Benchmark Set, as specified in the request.
API Permissions Required
| Identity Manager | Permission (.notation name) | Operation(s) | Environment |
|---|---|---|---|
| Carbon Black Cloud | complianceAssessment.data |
EXECUTE |
Majority of environments |
| VMware Cloud Services Platform | _API.Compliance:complianceAssessment.Data.EXECUTE |
N/A - included in permission name | Prod UK and AWS GovCloud (US) |
Request
POST {cbc-hostname}/compliance/assessment/api/v1/orgs/{org_key}/benchmark_sets/{benchmark_set_id}/compliance/device_actions
Request Body - application/json
{
"action": "<string>",
"device_ids": [ <integer> ]
}
Body Schema
| Field | Definition | Data Type | Values |
|---|---|---|---|
action |
The action to be taken | String | EXCLUDE, INCLUDE, REASSESS |
device_ids |
List of devices on which to take the action | Array | e.g. [13579,86422] |
Response Codes
| Code | Description | Content-Type | Content |
|---|---|---|---|
| 200 | Executed device action | application/json | |
| 400 | Error occurred while executing action on device | application/json | |
| 401 | Not Authenticated | N/A | N/A |
| 403 | Forbidden | N/A | N/A |
| 500 | Internal Server Error | N/A | N/A |
Examples
Request
Request Headers
Request Body
Response Body
To download or review the Carbon Black Cloud Postman collection, click here.
POST https://defense.conferdeploy.net/compliance/assessment/api/v1/orgs/1234ABCD/benchmark_sets/251cc749-47d5-420d-9465-00a35a7024aa/compliance/device_actionsX-AUTH-TOKEN: "ABCDEFGHIJKLMNO123456789/ABCD123456"
Content-Type: "application/json"{
"action": "REASSESS",
"device_ids": [ <integer> ]
}{
"status_code": "SUCCESS",
"message": "Benchmark set for Microsoft Windows Server is enabled"
}Compliance Information
Search Benchmark Set Summaries
API Permissions Required
| Identity Manager | Permission (.notation name) | Operation(s) | Environment |
|---|---|---|---|
| Carbon Black Cloud | complianceAssessment.data |
READ |
Majority of environments |
| VMware Cloud Services Platform | _API.Compliance:complianceAssessment.Data.READ |
N/A - included in permission name | Prod UK and AWS GovCloud (US) |
Request
POST {cbc-hostname}/compliance/assessment/api/v1/orgs/{org_key}/benchmark_sets/compliance/summary/_search
Request Body - application/json
{
"query": "<string>",
"rows": <integer>,
"start": <integer>,
"criteria": {
"<fieldname>": [
"<value>"
]
},
"sort": [
{
"field": "<string>",
"order": "<string>"
}
]
}
Body Schema
| Field | Definition | Data Type | Values |
|---|---|---|---|
query |
Query in lucene syntax and/or including value searches | String | N/A |
rows |
For pagination, how many results to return | Integer | Default: 1000
Maximum: 80,000 |
start |
For pagination, where to start retrieving results from | Integer | Default: 0 |
criteria |
Criteria is an object that represents values that must be in the results. | Object | org_key, benchmark_set_id, name , compliant, non_compliant, excluded |
sort |
Sort is a collection of sort parameters that specify a field and order to sort the results. |
Array | order supports ASC or DESC
Supported Fields: org_key, benchmark_set_id, name , compliant, non_compliant, excluded |
Response Codes
| Code | Description | Content-Type | Content |
|---|---|---|---|
| 200 | Get benchmark set compliance summaries | application/json | View example response below
Results Schema: Benchmark Summary |
| 400 | Error occurred while getting benchmark set compliance summary | application/json | |
| 401 | Not Authenticated | N/A | N/A |
| 403 | Forbidden | N/A | N/A |
| 500 | Internal Server Error | N/A | N/A |
Examples
Request
Request Headers
Request Body
Response Body
To download or review the Carbon Black Cloud Postman collection, click here.
POST https://defense.conferdeploy.net/compliance/assessment/api/v1/orgs/1234ABCD/benchmark_sets/compliance/summary/_searchX-AUTH-TOKEN: "ABCDEFGHIJKLMNO123456789/ABCD123456"
Content-Type: "application/json"{
"query": "firewall"
}{
"num_found": 1,
"results": [
{
"org_key": "ABCD1234",
"benchmark_set_id": "ddb18fc4-c3ac-4e32-9015-ad0aadf30164",
"name": "CIS Compliance - Microsoft Windows Server",
"compliant": 0,
"non_compliant": 0,
"excluded": 0,
"not_assessed": 10
}
]
}Search Device Compliance Summaries
API Permissions Required
| Identity Manager | Permission (.notation name) | Operation(s) | Environment |
|---|---|---|---|
| Carbon Black Cloud | complianceAssessment.data |
READ |
Majority of environments |
| VMware Cloud Services Platform | _API.Compliance:complianceAssessment.Data.READ |
N/A - included in permission name | Prod UK and AWS GovCloud (US) |
Request
POST {cbc-hostname}/compliance/assessment/api/v1/orgs/{org_key}/benchmark_sets/{benchmark_set_id}/compliance/devices/_search
Request Body - application/json
{
"query": "<string>",
"rows": <integer>,
"start": <integer>,
"criteria": {
"<fieldname>": [
"<value>"
]},
"sort": [
{
"field": "<string>",
"order": "<string>"
}
]
}
Body Schema
| Field | Definition | Data Type | Values |
|---|---|---|---|
query |
Query in lucene syntax and/or including value searches | String | N/A |
rows |
For pagination, how many results to return | Integer | Default: 1000
Maximum: 80,000 |
start |
For pagination, where to start retrieving results from | Integer | Default: 0 |
criteria |
Criteria is an object that represents values that must be in the results. | Object | device_id, device_name, os_version, compliance_percentage, last_assess_time, excluded_on, excluded_by, reason |
sort |
Sort is a collection of sort parameters that specify a field and order to sort the results. |
Array | order supports ASC or DESC
Supported Fields: device_id, device_name, os_version, compliance_percentage, last_assess_time, excluded_on, excluded_by, reason |
Response Codes
| Code | Description | Content-Type | Content |
|---|---|---|---|
| 200 | Get device compliance | application/json | View example response below
Results Schema: Device Compliance Summaries |
| 400 | Error occurred while getting device compliance | application/json | |
| 401 | Not Authenticated | N/A | N/A |
| 403 | Forbidden | N/A | N/A |
| 500 | Internal Server Error | N/A | N/A |
Examples
Request
Request Headers
Request Body
Response Body
To download or review the Carbon Black Cloud Postman collection, click here.
POST https://defense.conferdeploy.net/compliance/assessment/api/v1/orgs/1234ABCD/benchmark_sets/251cc749-47d5-420d-9465-00a35a7024aa/compliance/devices/_searchX-AUTH-TOKEN: "ABCDEFGHIJKLMNO123456789/ABCD123456"
Content-Type: "application/json"{
"query": "windows",
"rows": 20,
"start": 0
}{
"num_found": "1",
"results": {
"device_id": "13579",
"device_name": "Windows 2019 desktop",
"os_version": "Windows server 2019",
"compliance_percentage": 95,
"last_assess_time": "2022-05-05T010:15:30.000Z",
"excluded_on": "2022-05-05T010:15:30.000Z",
"excluded_by": "User",
"reason": "Excepted By User"
}
}Export Device Compliance Summaries
Exporting device compliance summaries is an asynchronous process requiring two API calls.
- Use the endpoint defined here to create a job with required search criteria to limit the results. A
job_idis returned. - Use the
job_idin the Download Job Output endpoint in the Jobs Service to get the results. The Download Job API requires the permissionjobs.status - READ.
API Permissions Required
| Identity Manager | Permission (.notation name) | Operation(s) | Environment |
|---|---|---|---|
| Carbon Black Cloud | complianceAssessment.data |
READ |
Majority of environments |
| VMware Cloud Services Platform | _API.Compliance:complianceAssessment.Data.READ |
N/A - included in permission name | Prod UK and AWS GovCloud (US) |
Request
POST {cbc-hostname}/compliance/assessment/api/v1/orgs/{org_key}/benchmark_sets/{benchmark_set_id}/compliance/devices/_export
Request Body - application/json
{
"query": "<string>",
"rows": <integer>,
"start": <integer>,
"criteria": {
"<fieldname>": [
"<value>"
]
},
"sort": [
{
"field": "<string>",
"order": "<string>"
}
],
"format": "<string>"
}
Body Schema
| Field | Definition | Data Type | Values |
|---|---|---|---|
format |
Specify the desired file format for the downloaded content | String | JSON, CSV
Default: CSV |
query |
Query in lucene syntax and/or including value searches | String | N/A |
rows |
For pagination, how many results to return | Integer | Default: 1000
Maximum: 80,000 |
start |
For pagination, where to start retrieving results from | Integer | Default: 0 |
criteria |
Criteria is an object that represents values that must be in the results. | Object | device_id, device_name, os_version, compliance_percentage, last_assess_time, excluded_on, excluded_by, reason |
sort |
Sort is a collection of sort parameters that specify a field and order to sort the results. |
Array | order supports ASC or DESC
Supported Fields: device_id, device_name, os_version, compliance_percentage, last_assess_time, excluded_on, excluded_by, reason |
Response Codes
| Code | Description | Content-Type | Content |
|---|---|---|---|
| 200 | Export device compliance | application/json | View example response below. Output of the Download Job have records of type Export Device Compliance Summary |
| 400 | Error occurred while export device compliance summaries | application/json | |
| 401 | Not Authenticated | N/A | N/A |
| 403 | Forbidden | N/A | N/A |
| 500 | Internal Server Error | N/A | N/A |
Examples
Request
Request Headers
Request Body
Response Body
Download Job to Get Results
Request
Response Body of the
Download Job Output in CSV Format
POST https://defense.conferdeploy.net/compliance/assessment/api/v1/orgs/1234ABCD/benchmark_sets/251cc749-47d5-420d-9465-00a35a7024aa/compliance/devices/_exportX-AUTH-TOKEN: "ABCDEFGHIJKLMNO123456789/ABCD123456"
Content-Type: "application/json"{
"query": "windows",
"rows": 20,
"start": 0
}{
"job_id": 1675
}Request
GET {cbc-hostname}/jobs/v1/orgs/ABCD1234/jobs/1675/download[
{
"VM Name": "MYDOMAIN\\DEMOMACHINE",
"Os Version": "Windows Server 2022 x64",
"Compliance Percentage": "95.00",
"Last Access Time": "2023-02-03"
},
{
"VM Name": "MYDOMAIN\\WORKMACHINE",
"Os Version": "Windows Server 2022 x64",
"Compliance Percentage": "95.00",
"Last Access Time": "2023-02-03"
}
... truncated ...
]"VM Name","Compliance Percentage","Last Assessment Time","OS Version"
"MYDOMAIN\\DEMOMACHINE"","95","2023-02-03","Windows Server 2022 x64"
"MYDOMAIN\\WORKMACHINE","95","2023-02-03","Windows Server 2022 x64"Search Rule Compliance Summaries
Returns the compliance summaries for rules that match the search criteria.
API Permissions Required
| Identity Manager | Permission (.notation name) | Operation(s) | Environment |
|---|---|---|---|
| Carbon Black Cloud | complianceAssessment.data |
READ |
Majority of environments |
| VMware Cloud Services Platform | _API.Compliance:complianceAssessment.Data.READ |
N/A - included in permission name | Prod UK and AWS GovCloud (US) |
Request
POST {cbc-hostname}/compliance/assessment/api/v1/orgs/{org_key}/benchmark_sets/{benchmark_set_id}/compliance/rules/_search
Request Body - application/json
{
"query": "<string>",
"rows": <integer>,
"start": <integer>,
"criteria": {
"<fieldname>": [
"<value>"
]
},
"sort": [
{
"field": "<string>",
"order": "<string>"
}
]
}
Body Schema
| Field | Definition | Data Type | Values |
|---|---|---|---|
query |
Query in lucene syntax and/or including value searches | String | N/A |
rows |
For pagination, how many results to return | Integer | Default: 1000
Maximum: 80,000 |
start |
For pagination, where to start retrieving results from | Integer | Default: 0 |
criteria |
Criteria is an object that represents values that must be in the results. | Object | rule_id, rule_name, section_id, section_name, compliant_assets, non_compliant_assets,profile |
sort |
Sort is a collection of sort parameters that specify a field and order to sort the results. |
Array | order supports ASC or DESC
Supported Fields: rule_id, rule_name, section_id, section_name, compliant_assets, non_compliant_assets,profile |
Response Codes
| Code | Description | Content-Type | Content |
|---|---|---|---|
| 200 | Get rule compliance summaries for the org | application/json | See example response below
Results Schema: Rule Compliance Summary |
| 400 | Error occurred while getting rule compliance summaries | application/json | |
| 401 | Not Authenticated | N/A | N/A |
| 403 | Forbidden | N/A | N/A |
| 500 | Internal Server Error | N/A | N/A |
Examples
Request
Request Headers
Request Body
Response Body
To download or review the Carbon Black Cloud Postman collection, click here.
POST https://defense.conferdeploy.net/compliance/assessment/api/v1/orgs/1234ABCD/benchmark_sets/251cc749-47d5-420d-9465-00a35a7024aa/compliance/rules/_searchX-AUTH-TOKEN: "ABCDEFGHIJKLMNO123456789/ABCD123456"
Content-Type: "application/json"{
"query": "firewall"
}{
"num_found": 26,
"results": [
{
"rule_id": "00869D86-6E61-4D7D-A0A3-6F5CDE2E5753",
"rule_name": "(L1) Ensure 'Windows Firewall: Private: Firewall state' is set to 'On (recommended)'",
"section_id": "39285D6D-3D69-55A5-9C99-1EA0FC5ACAD3",
"section_name": "Private Profile",
"compliant_assets": 12,
"non_compliant_assets": 2,
"profile": [
"Level 1 Domain Controller",
"Level 1 Member Server"
]
}
... truncated ...
]
}Export Rule Compliance Summaries
Exporting rule compliance summaries is an asynchronous process requiring two API calls.
- Use the endpoint defined here to create a job with required search criteria to limit the results. A
job_idis returned. - Use the
job_idin the Download Job Output endpoint in the Jobs Service to get the results. The Download Job API requires the permissionjobs.status - READ.
API Permissions Required
| Identity Manager | Permission (.notation name) | Operation(s) | Environment |
|---|---|---|---|
| Carbon Black Cloud | complianceAssessment.data |
READ |
Majority of environments |
| VMware Cloud Services Platform | _API.Compliance:complianceAssessment.Data.READ |
N/A - included in permission name | Prod UK and AWS GovCloud (US) |
Request
POST {cbc-hostname}/compliance/assessment/api/v1/orgs/{org_key}/benchmark_sets/{benchmark_set_id}/compliance/rules/_export
Request Body - application/json
{
"query": "<string>",
"rows": <integer>,
"start": <integer>,
"criteria": {
"<fieldname>": [
"<value>"
]
},
"sort": [
{
"field": "<string>",
"order": "<string>"
}
],
"format": "<string>"
}
Body Schema
| Field | Definition | Data Type | Values |
|---|---|---|---|
format |
Specify the desired file format for the downloaded content | String | JSON, CSV
Default: CSV |
query |
Query in lucene syntax and/or including value searches | String | N/A |
rows |
For pagination, how many results to return | Integer | Default: 1000
Maximum: 80,000 |
start |
For pagination, where to start retrieving results from | Integer | Default: 0 |
criteria |
Criteria is an object that represents values that must be in the results. | Object | rule_id, rule_name, section_id, section_name, compliant_assets, non_compliant_assets,profile |
sort |
Sort is a collection of sort parameters that specify a field and order to sort the results. |
Array | order supports ASC or DESC
Supported Fields: rule_id, rule_name, section_id, section_name, compliant_assets, non_compliant_assets,profile |
Response Codes
| Code | Description | Content-Type | Content |
|---|---|---|---|
| 200 | Export rule compliance summaries for the org | application/json | View example response below. Output of the Download Job have records of type Export Rule Compliance Summary |
| 400 | Error occurred while exporting rule compliance summaries | application/json | |
| 401 | Not Authenticated | N/A | N/A |
| 403 | Forbidden | N/A | N/A |
| 500 | Internal Server Error | N/A | N/A |
Examples
Request
Request Headers
Request Body
Response Body
Response Body of the
Download Job Output in JSON Format
Response Body of the
Download Job Output in CSV Format
POST https://defense.conferdeploy.net/compliance/assessment/api/v1/orgs/1234ABCD/benchmark_sets/251cc749-47d5-420d-9465-00a35a7024aa/compliance/rules/_exportX-AUTH-TOKEN: "ABCDEFGHIJKLMNO123456789/ABCD123456"
Content-Type: "application/json"{
"query": "windows",
"rows": 20,
"start": 0,
"format": "CSV"
}{
"job_id": 1675
}[
{
"Non Compliant Assets Ids": [
"46250900"
],
"Compliant Assets Ids": [],
"Benchmark Set Id": "fa6e421c-e75a-483c-bea3-842fb1b52705",
"Non Compliant Assets": 1,
"Benchmark Set Name": "CIS Compliance - Microsoft Windows Server",
"Recommendation Name": "(L1) Ensure 'Windows Firewall: Private: Firewall state' is set to 'On (recommended)'",
"Compliant Assets": 0,
"Remediation": "To establish the recommended configuration via GP, set the following UI path to On (recommended): Computer Configuration\\Policies\\Windows Settings\\Security Settings\\Windows Firewall with Advanced Security\\Windows Firewall with Advanced Security\\Windows Firewall Properties\\Private Profile\\Firewall state ",
"Section Name": "Private Profile",
"Recommendation Id": "00869D86-6E61-4D7D-A0A3-6F5CDE2E5753"
},
... truncated ...
]"Recommendation Name","Section Name","Compliant Assets","Non Compliant Assets","Compliant Assets Ids","Non Compliant Assets Ids","Benchmark Set Id","Benchmark Set Name","Recommendation Id","Remediation"
"(L1) Ensure 'Windows Firewall: Private: Firewall state' is set to 'On (recommended)'","Private Profile","0","1","","""46250900""","fa6e421c-e75a-483c-bea3-842fb1b52705","CIS Compliance - Microsoft Windows Server","00869D86-6E61-4D7D-A0A3-6F5CDE2E5753","To establish the recommended configuration via GP, set the following UI path to On (recommended): Computer Configuration\Policies\Windows Settings\Security Settings\Windows Firewall with Advanced Security\Windows Firewall with Advanced Security\Windows Firewall Properties\Private Profile\Firewall state "
... truncated ...Search Rule Compliance Results for a Device
Search and return rule compliance results for a specified Device.
API Permissions Required
| Identity Manager | Permission (.notation name) | Operation(s) | Environment |
|---|---|---|---|
| Carbon Black Cloud | complianceAssessment.data |
READ |
Majority of environments |
| VMware Cloud Services Platform | _API.Compliance:complianceAssessment.Data.READ |
N/A - included in permission name | Prod UK and AWS GovCloud (US) |
Request
POST {cbc-hostname}/compliance/assessment/api/v1/orgs/{org_key}/benchmark_sets/{benchmark_set_id}/compliance/devices/{device_id}/rules/_search
Request Body - application/json
{
"query": "<string>",
"rows": <integer>,
"start": <integer>,
"criteria": {
"<fieldname>": [
"<value>"
]
},
"sort": [
{
"field": "<string>",
"order": "<string>"
}
]
}
Body Schema
| Field | Definition | Data Type | Values |
|---|---|---|---|
query |
Query in lucene syntax and/or including value searches | String | N/A |
rows |
For pagination, how many results to return | Integer | Default: 1000
Maximum: 80,000 |
start |
For pagination, where to start retrieving results from | Integer | Default: 0 |
criteria |
Criteria is an object that represents values that must be in the results. | Object | id, rule_name, enabled, section_id, section_name |
sort |
Sort is a collection of sort parameters that specify a field and order to sort the results. |
Array | order supports ASC or DESC
Supported fields: id, rule_name, enabled, section_id, section_name |
Response Codes
| Code | Description | Content-Type | Content |
|---|---|---|---|
| 200 | Get device compliance | application/json | View example response below
Results Schema: Compliance Rule Result |
| 400 | Error occurred while getting rule compliance results | application/json | |
| 401 | Not Authenticated | N/A | N/A |
| 403 | Forbidden | N/A | N/A |
| 500 | Internal Server Error | N/A | N/A |
Examples
Request
Request Headers
Request Body
Response Body
To download or review the Carbon Black Cloud Postman collection, click here.
POST https://defense.conferdeploy.net/compliance/assessment/api/v1/orgs/1234ABCD/benchmark_sets/251cc749-47d5-420d-9465-00a35a7024aa/compliance/devices/13579/rules/_searchX-AUTH-TOKEN: "ABCDEFGHIJKLMNO123456789/ABCD123456"
Content-Type: "application/json"{
"query": "password",
"rows": 1
}{
"num_found": 22,
"results": [
{
"id": "7CA1D791-C92F-4205-B908-7C4FAE24499B",
"rule_name": "(L1) Ensure 'Domain member: Maximum machine account password age' is set to '30 or fewer days, but not 0'",
"enabled": true,
"section_id": "01DCABE2-26E0-9F1D-702A-51C6277D98A2",
"section_name": "Domain member",
"compliance_result": true,
"message": "Registry_Parameters_MaximumPasswordAge=30"
}
]
}Search Rule Results for Devices
Search and return rule compliance results for Devices that match the search criteria within the specified Benchmark Set and Rule.
API Permissions Required
| Identity Manager | Permission (.notation name) | Operation(s) | Environment |
|---|---|---|---|
| Carbon Black Cloud | complianceAssessment.data |
READ |
Majority of environments |
| VMware Cloud Services Platform | _API.Compliance:complianceAssessment.Data.READ |
N/A - included in permission name | Prod UK and AWS GovCloud (US) |
Request
POST {cbc-hostname}/compliance/assessment/api/v1/orgs/{org_key}/benchmark_sets/{benchmark_set_id}/compliance/rules/{benchmark_set_rule_id}/devices/_search
Request Body - application/json
{
"query": "<string>",
"rows": <integer>,
"start": <integer>,
"criteria": {
"<fieldname>": [
"<value>"
]
},
"sort": [
{
"field": "<string>",
"order": "<string>"
}
]
}
Body Schema
| Field | Definition | Data Type | Values |
|---|---|---|---|
query |
Query in lucene syntax and/or including value searches | String | N/A |
rows |
For pagination, how many results to return | Integer | Default: 1000
Maximum: 80,000 |
start |
For pagination, where to start retrieving results from | Integer | Default: 0 |
criteria |
Criteria is an object that represents values that must be in the results. | Object | device_id, device_name, os_version, compliance_percentage |
sort |
Sort is a collection of sort parameters that specify a field and order to sort the results. |
Array | order supports ASC or DESC
Supported fields: device_id, device_name, os_version, compliance_percentage |
Response Codes
| Code | Description | Content-Type | Content |
|---|---|---|---|
| 200 | Get device rule results | application/json | View sample result below
Results Schema: Device Rule Result |
| 400 | Error occurred while getting device rule results | application/json | |
| 401 | Not Authenticated | N/A | N/A |
| 403 | Forbidden | N/A | N/A |
| 500 | Internal Server Error | N/A | N/A |
Examples
Request
Request Headers
Request Body
Response Body
To download or review the Carbon Black Cloud Postman collection, click here.
POST https://defense.conferdeploy.net/compliance/assessment/api/v1/orgs/1234ABCD/benchmark_sets/251cc749-47d5-420d-9465-00a35a7024aa/compliance/rules/BCCAAACA-F0BE-4C0F-BE0A-A09FC1641EE2/devices/_searchX-AUTH-TOKEN: "ABCDEFGHIJKLMNO123456789/ABCD123456"
Content-Type: "application/json"{
"query": "DEMO",
"rows": 1,
"start": 0
}{
"num_found": 13,
"results": [
{
"device_id": 37954691,
"device_name": "DEMO\\MYDEMOSERVER",
"os_version": "Windows Server 2022 x64",
"compliance_result": true
}
]
}Bundles
A Bundle is a versioned set of rules. Use these endpoints to get information about and acknowledge new versions of Bundles.
Get Compliance Bundle Version Updates
Get the updates to compliance bundles that occurred after a given time. The time can be in minutes, hours, days, or weeks.
API Permissions Required
| Identity Manager | Permission (.notation name) | Operation(s) | Environment |
|---|---|---|---|
| Carbon Black Cloud | complianceAssessment.data |
READ |
Majority of environments |
| VMware Cloud Services Platform | _API.Compliance:complianceAssessment.Data.READ |
N/A - included in permission name | Prod UK and AWS GovCloud (US) |
Request
GET {cbc-hostname}/compliance/assessment/api/v1/orgs/{org_key}/bundles/updates
Query Parameters
| Parameter | Description | Values | Default |
|---|---|---|---|
| acknowledged | Whether to fetch acknowledged bundle updates or not | true, false |
true |
| since | The period of time to search for updated versions. Can be in minutes, hours, days, or weeks. | e.g. 1d, 1w |
Response Codes
| Code | Description | Content-Type | Content |
|---|---|---|---|
| 200 | Successful request for Compliance Bundle Updates | application/json | View example response below.
Results Schema: Bundle Update Information |
| 400 | Bad Request | application/json | |
| 401 | Unauthorized | N/A | N/A |
| 403 | Forbidden | N/A | N/A |
| 404 | Not Found | N/A | N/A |
| 500 | Internal Server Error | N/A | N/A |
Examples
Request
Request Headers
Response Body
To download or review the Carbon Black Cloud Postman collection, click here.
GET https://defense.conferdeploy.net/compliance/assessment/api/v1/orgs/ABCD1234/bundles/updates?acknowledged=true&since=180dX-AUTH-TOKEN: "ABCDEFGHIJKLMNO123456789/ABCD123456"[
{
"bundle_id": "a0423be0-eddd-4170-99fc-78d5cb8f157f",
"new_version": "1.0.0.2",
"old_version": "1.0.0.1",
"update_time": "2023-09-29T07:21:43.185547Z",
"status": "COMPLETED",
"bundle_name": "TEST CIS Compliance - Microsoft Windows Server",
"os_family": "TEST_WINDOWS_SERVER",
"acknowledged": true
}
]Acknowledge Compliance Bundle Version
Acknowledges new updates for the compliance bundles specified in the request.
The response includes bundles that were successfully acknowledged. If the request includes invalid bundles or versions, they will be ignored and not included in the response.
API Permissions Required
| Identity Manager | Permission (.notation name) | Operation(s) | Environment |
|---|---|---|---|
| Carbon Black Cloud | complianceAssessment.data |
READ |
Majority of environments |
| VMware Cloud Services Platform | _API.Compliance:complianceAssessment.Data.READ |
N/A - included in permission name | Prod UK and AWS GovCloud (US) |
Request
PUT {cbc-hostname}/compliance/assessment/api/v1/orgs/{org_key}/bundles/updates/_ack
Request Body - application/json
[
{
"bundle_id": "<string>",
"new_version": "<string>"
}
]
Body Schema
| Field | Definition | Data Type | Values |
|---|---|---|---|
| bundle_id | Identifier of the bundle that will be acknowledged. | String | e.g. “a0423be0-eddd-4170-99fc-78d5cb8f157f” |
| new_version | Version identifier of the bundle that will be acknowledged. | String | e.g. “1.0.0.4” |
Response Codes
| Code | Description | Content-Type | Content |
|---|---|---|---|
| 200 | Successfully acknowledged bundle versions | N/A | See example response below |
| 400 | Bad Request | N/A | N/A |
| 401 | Unauthorized | N/A | N/A |
| 403 | Forbidden | N/A | N/A |
| 404 | Not Found | N/A | N/A |
| 500 | Internal Server Error | N/A | N/A |
Examples
Request
Request Headers
Request Body
Response Body
To download or review the Carbon Black Cloud Postman collection, click here.
PUT https://defense.conferdeploy.net/compliance/assessment/api/v1/orgs/ABCD1234/bundles/updates/_ackX-AUTH-TOKEN: "ABCDEFGHIJKLMNO123456789/ABCD123456"
Content-Type: "application/json"[
{
"bundle_id": "a0423be0-eddd-4170-99fc-78d5cb8f157f",
"new_version": "1.0.0.2"
}
][
{
"bundle_id": "a0423be0-eddd-4170-99fc-78d5cb8f157f",
"new_version": "1.0.0.2"
}
]
Request
Request Headers
Request Body
Response Body
To download or review the Carbon Black Cloud Postman collection, click here.
PUT https://defense.conferdeploy.net/compliance/assessment/api/v1/orgs/ABCD1234/bundles/updates/_ackX-AUTH-TOKEN: "ABCDEFGHIJKLMNO123456789/ABCD123456"
Content-Type: "application/json"[
{
"bundle_id": "THIS_BUNDLE_ID_IS_NOT_VALID",
"new_version": "1.0.0.2"
}
][]Difference Between Bundle Versions
Get the differences between two Compliance Bundle versions
API Permissions Required
| Identity Manager | Permission (.notation name) | Operation(s) | Environment |
|---|---|---|---|
| Carbon Black Cloud | complianceAssessment.data |
READ |
Majority of environments |
| VMware Cloud Services Platform | _API.Compliance:complianceAssessment.Data.READ |
N/A - included in permission name | Prod UK and AWS GovCloud (US) |
Request
POST {cbc-hostname}/compliance/assessment/api/v1/orgs/{org_key}/bundles/{bundle_id}/versions/_diff
Request Body - application/json
{
"old_version": "<string>",
"new_version": "<string>"
}
Body Schema
| Field | Definition | Data Type | Values |
|---|---|---|---|
old_version |
Version identifier of the older of two bundles to compare | String | “1.0.0.1” |
new_version |
Version identifier of the newer of two bundles to compare | String | “1.0.0.2” |
Response Codes
| Code | Description | Content-Type | Content |
|---|---|---|---|
| 200 | Successful comparison of two versions of a bundle | N/A | View example response below.
Results Schema: Differencial Result |
| 400 | Bad Request | N/A | N/A |
| 401 | Unauthorized | N/A | N/A |
| 403 | Forbidden | N/A | N/A |
| 404 | Not Found | N/A | N/A |
| 500 | Internal Server Error | N/A | N/A |
Examples
Request
Request Headers
Request Body
Response Body
To download or review the Carbon Black Cloud Postman collection, click here.
POST https://defense.conferdeploy.net/compliance/assessment/api/v1/orgs/ABCD1234/bundles/a0423be0-eddd-4170-99fc-78d5cb8f157f/versions/_diffX-AUTH-TOKEN: "ABCDEFGHIJKLMNO123456789/ABCD123456"
Content-Type: "application/json"{
"old_version": "1.0.0.1",
"new_version": "1.0.0.2"
}{
"old_version": "1.0.0.1",
"new_version": "1.0.0.2",
"change_count": 2,
"added_count": 1,
"removed_count": 1,
"changes": [
{
"action": "REMOVED",
"rule_id": "3FD16705-1E01-47E4-AE3B-CA18FA60C433",
"fields": [
{
"key": "rule_id",
"old_value": null,
"value": "3FD16705-1E01-47E4-AE3B-CA18FA60C433"
},
{
"key": "rule_name",
"old_value": null,
"value": "(L1) Ensure 'Minimum password length' is set to '14 or more character(s)'"
},
{
"key": "section_id",
"old_value": null,
"value": "5C3C74D2-42E0-6E90-E20C-F275DE67AFD4"
},
{
"key": "section_name",
"old_value": null,
"value": "Password Policy"
}
]
},
{
"action": "ADDED",
"rule_id": "004e9492-ba62-4a4c-a433-3dc44b96b074",
"fields": [
{
"key": "rule_id",
"old_value": null,
"value": "004e9492-ba62-4a4c-a433-3dc44b96b074"
},
{
"key": "rule_name",
"old_value": null,
"value": "(L1) Ensure 'Create a token object' is set to 'No One'"
},
{
"key": "section_id",
"old_value": null,
"value": "c9744adf-e7a0-43b4-97b8-64da8317ed2a"
},
{
"key": "section_name",
"old_value": null,
"value": "User Rights Assignment"
}
]
}
]
}Get Rule Info for Bundle Version
Gets the Rule Info for the specified compliance bundle version.
API Permissions Required
| Identity Manager | Permission (.notation name) | Operation(s) | Environment |
|---|---|---|---|
| Carbon Black Cloud | complianceAssessment.data |
READ |
Majority of environments |
| VMware Cloud Services Platform | _API.Compliance:complianceAssessment.Data.READ |
N/A - included in permission name | Prod UK and AWS GovCloud (US) |
Request
GET {cbc-hostname}/compliance/assessment/api/v1/orgs/{org_key}/bundles/{bundle_id}/versions/{version_id}/rules/{benchmark_set_rule_id}Response Codes
| Code | Description | Content-Type | Content |
|---|---|---|---|
| 200 | Successfully got the rule information for a rule in a version of a bundle | N/A | See example response below |
| 400 | Bad Request | N/A | N/A |
| 401 | Unauthorized | N/A | N/A |
| 403 | Forbidden | N/A | N/A |
| 404 | Not Found | N/A | N/A |
| 500 | Internal Server Error | N/A | N/A |
Examples
Request
Request Headers
Response Body
To download or review the Carbon Black Cloud Postman collection, click here.
GET https://defense.conferdeploy.net/compliance/assessment/api/v1/orgs/ABCD1234/bundles/a0423be0-eddd-4170-99fc-78d5cb8f157f/versions/1.0.0.2/rules/004e9492-ba62-4a4c-a433-3dc44b96b074X-AUTH-TOKEN: "ABCDEFGHIJKLMNO123456789/ABCD123456"{
"id": "004e9492-ba62-4a4c-a433-3dc44b96b074",
"rule_name": "(L1) Ensure 'Create a token object' is set to 'No One'",
"enabled": null,
"section_id": "c9744adf-e7a0-43b4-97b8-64da8317ed2a",
"section_name": "User Rights Assignment",
"supported_os_info": [
{
"os_metadata_id": "1",
"os_type": "WINDOWS",
"os_name": "Windows Server 2012 x64",
"cis_version": "2.3.0"
},
{
"os_metadata_id": "2",
"os_type": "WINDOWS",
"os_name": "Windows Server 2012 R2 x64",
"cis_version": "2.5.0"
}
],
"description": "This policy setting allows a process to create an access token, which may provide elevated rights to access sensitive data.\n\nThe recommended state for this setting is: `No One`.\n\n**Note:** This user right is considered a \"sensitive privilege\" for the purposes of auditing.",
"rationale": "A user account that is given this user right has complete control over the system and can lead to the system being compromised.",
"impact": "None - this is the default behavior.",
"remediation": {
"procedure": "To establish the recommended configuration via GP, set the following UI path to `No One`",
"steps": "\n\n ```\nComputer Configuration\\Policies\\Windows Settings\\Security Settings\\Local Policies\\User Rights Assignment\\Create a token object\n```"
},
"profile": [
"Level 1 Domain Controller",
"Level 1 Member Server"
]
}Field Definitions
Benchmark Rule
| Field | Definition | Data Type | Values |
|---|---|---|---|
id |
Identifier of the rule | String | e.g. ‘4125c0f6-fb52-436b-a498-74b8a920075e’ |
rule_name |
Name of the rule | String | e.g. ‘Example rule name’ |
enabled |
Whether the rule is enabled or not | boolean | true, false |
section_id |
Identifier of the section | String | e.g. ‘4125c0f6-fb52-436b-a498-74b8a920075e’ |
section_name |
Name of the section | String | e.g. ‘Password Policy’ |
Benchmark Rule Information
| Field | Definition | Data Type | Values |
|---|---|---|---|
| All of Benchmark Rule fields | Include all the fields from Benchmark Rule | N/A | N/A |
supported_os_info |
Information about the Operating System | Array: [ os_info ] | N/A |
description |
Description of the rule | String | e.g. ‘This setting determines the number of renewed, unique passwords’ |
rationale |
Reason for the rule | String | e.g. ‘The longer a user uses the same password, the greater the risk it is compromised’ |
impact |
What enforcing the rule will cause to happen | String | e.g. ‘The major impact of this configuration is that users must create a new password’ |
remediation |
The action to take when the rule is not met | Object | |
profile |
Profiles this rule applies to | Array | ‘Level 1 Member Server’ |
Benchmark Rule Request
| Field | Definition | Data Type | Values |
|---|---|---|---|
rule_id |
Identifier of the rule | String | e.g. ‘4125c0f6-fb52-436b-a498-74b8a920075e’ |
enabled |
Whether the rule is enabled | boolean | true, false |
Benchmark Set
| Field | Definition | Data Type | Values |
|---|---|---|---|
id |
Identifier of the Benchmark Set | String | e.g. ‘251cc749-47d5-420d-9465-00a35a7024aa’ |
name |
Name of the Benchmark Set | String | e.g. ‘Example Benchmark Set’ |
version |
Version of the Benchmark Set | String | e.g. ‘1.0.0.1’ |
os_family |
Family of operating systems this benchmark set applies to | String | e.g. ‘WINDOWS_SERVER’ |
enabled |
Whether the Benchmark Set is enabled | boolean | true, false |
type |
Descriptive grouping | String | N/A |
supported_os_info |
Operating systems that this Benchmark Set applies to | supported_os_info | N/A |
created_by |
Username of the user who created the Benchmark Set | String | e.g. ‘jane.doe@sample.com’ |
updated_by |
Username of the user who created the Benchmark Set | String | e.g. ‘sample.sam@sample.com’ |
create_time |
Date time of creation in ISO 8601 UTC format to seconds | String | e.g. ‘2022-05-05T010:15:30.000Z’ |
update_time |
Date time the record was last updated in ISO 8601 UTC format to seconds | String | e.g. ‘2022-05-05T010:15:30.000Z’ |
Benchmark Set Section
| Field | Definition | Data Type | Values |
|---|---|---|---|
| id | Identifier of the Benchmark Set Section | String | e.g. ‘4125c0f6-fb52-436b-a498-74b8a920075e’ |
| name | Name of the Benchmark Set Section | String | e.g. ‘Account Policies’ |
| description | Description of the Benchmark Set Section | String | e.g. ‘This section contains recommendations for account policies. |
| rules | Collection of rules that comprise this Section of the Set | [ Benchmark Rule ] | N/A |
Benchmark Set Section Item
| Field | Definition | Data Type | Values |
|---|---|---|---|
section_id |
Identifier of the section | String | e.g. ‘4125c0f6-fb52-436b-a498-74b8a920075e’ |
section_name |
Name of the section | String | e.g. ‘Password Policy’ |
parent_id |
Identifier of the parent of the section | String | e.g. ‘0BC9CD10-250C-61E8-F3D2-E3854B9DE335’ |
Benchmark Summary
| Field | Definition | Data Type | Values |
|---|---|---|---|
org_key |
Identifier of the Carbon Black Cloud organization | String | e.g. ‘1234ABCD’ |
benchmark_set_id |
Identifier of the Benchmark Set | String | e.g. ‘251cc749-47d5-420d-9465-00a35a7024aa’ |
name |
Name of the Benchmark Set | String | e.g. ‘Sample Benchmark Set’ |
compliant |
Number of assets that are compliant with the Benchmark Set | Integer | e.g. 13 |
non_compliant |
Number of assets that are not compliant with the Benchmark Set | Integer | e.g. 3 |
excluded |
Number of assets that were not included in the assessment | Integer | e.g. 7 |
not_assessed |
Number of assets that were not assessed | Integer | e.g. 21 |
Bundle Update Information
| Field | Definition | Data Type | Values |
|---|---|---|---|
bundle_id |
Unique identifier of a set of rules | String | e.g. “4125c0f6-fb52-436b-a498-74b8a920075e” |
old_version |
Identifier of the older version of the bundle that will be replaced | String | e.g. “1.0.0.1” |
new_version |
Identifier of the new version of the bundle that will become current | String | e.g. “1.0.0.2” |
update_time |
Date time of last update in ISO 8601 UTC format to seconds | String | e.g. “2022-05-05T010:15:30.000Z” |
status |
String | COMPLETED |
|
bundle_name |
Descriptive name of the bundle | String | e.g. “CIS Compliance - Microsoft Windows Server” |
os_family |
Operating system that this bundle of rules is applicable to | String | e.g. “Microsoft Windows Server” |
acknowledged |
Whether the version of the bundle has been acknowledged | Boolean | e.g. true |
Compliance Rule Result
| Field | Definition | Data Type | Values |
|---|---|---|---|
benchmark_rule |
Information about the Benchmark Rule | Array: [ benchmark_rule ] | N/A |
compliance_result |
Whether the rule was complied with | boolean | true, false |
message |
Descrip`tion explaining the compliance result | String | N/A |
Device Compliance Summary
| Field | Definition | Data Type | Values |
|---|---|---|---|
device_id |
Identifier of the Device | Integer | e.g. 13579 |
device_name |
Name of the Device | String | e.g. ‘MYDOMAIN\DEMOMACHINE’ |
os_version |
Operating System of the Device | String | e.g. ‘Windows Server 2022 x64’ |
compliance_percentage |
Percentage of rules that the device complied with | Integer | e.g. 95 |
last_assess_time |
Date time of the last assessment in ISO 8601 UTC format to seconds | String | e.g. ‘2022-05-05T010:15:30.000Z’ |
excluded_on |
If the device was excluded from assessment the date time in ISO 8601 UTC format to seconds this occurred | String | e.g. ‘2022-05-05T010:15:30.000Z’ |
excluded_by |
If the device was excluded from assessment the user who performed the exclusion | String | e.g. john.doe@sample.com |
reason |
Reason for exclusion from assessment | String | N/A |
deployment_type |
Type of deployment | String | WORKLOAD, ENDPOINT, AWS, GCP, AZURE |
Device Rule Result
| Field | Definition | Data Type | Values |
|---|---|---|---|
device_id |
Identifier of the Device | Integer | e.g. 13579 |
device_name |
Name of the Device | String | |
os_version |
Operating System of the Device | String | |
compliance_percentage |
Percentage of rules that the dvice complied with | Integer | e.g. 95 |
compliance_result |
Whether the rule was complied with | boolean | true, false |
Differential Result
| Field | Definition | Data Type | Values |
|---|---|---|---|
old_version |
Identifier of the older version of the bundle that will be replaced | String | e.g. “1.0.0.1” |
new_version |
Identifier of the new version of the bundle that will become current | String | e.g. “1.0.0.2” |
change_count |
Number of changes between the two versions | Integer | e.g. 13 |
added_count |
Number of additive changes | Integer | e.g. 3 |
removed_count |
Number of changes where an item was removed | Integer | e.g. 10 |
changes |
List of the items that changed between the versions | Object | |
changes.action |
The type of change | String | ADDED, REMOVED |
changes.rule_id |
Identifier of the rule that changed | String | e.g. “4125c0f6-fb52-436b-a498-74b8a920075e” |
changes.fields |
Details about the fields that changed | Array [ Object ] | |
Export Rule Compliance Summary
All of Rule Compliance Summary and:
| Field | Definition | Data Type | Values |
|---|---|---|---|
benchmark_set_id |
Identifier of the Benchmark Set | String | e.g. ‘251cc749-47d5-420d-9465-00a35a7024aa’ |
benchmark_set_name |
Name of the Benchmark Set | String | e.g. ‘Sample Benchmark Set’ |
remediation |
The action to take when the rule is not met | String | e.g. “To establish the recommended configuration via GP, set the following UI path to Enabled” |
non_compliant_asset_ids |
List of asset ids that are not compliant | Array [ String ] | [‘12356758’] |
compliant_asset_ids |
List of asset ids that are compliant | Array [ String ] | [‘98765432’] |
Export Device Compliance Summary
All of Device Compliance Summary and:
| Field | Definition | Data Type | Values |
|---|---|---|---|
benchmark_set_id |
Identifier of the Benchmark Set | String | e.g. ‘251cc749-47d5-420d-9465-00a35a7024aa’ |
benchmark_set_name |
Name of the Benchmark Set | String | e.g. ‘Sample Benchmark Set’ |
host_name |
String | e.g. “Windows 2019 desktop” | |
rule_id |
String | e.g.“4125c0f6-fb52-436b-a498-74b8a920075e” | |
rule_name |
Name of the rule | String | e.g. ‘Example rule name’ |
compliance_result |
Whether the rule was complied with | boolean | true, false |
Export Response
| Field | Definition | Data Type | Values |
|---|---|---|---|
job_id |
Identifier of an asynchronous export job | Integer | e.g. 1675 |
Inventory Device Summary
| Field | Definition | Data Type | Values |
|---|---|---|---|
device_id |
Identifier of the Device | Integer | e.g. 13579 |
device_name |
Name of the Device | String | e.g. “Windows 2019 desktop " |
host_name |
Operating System of the Device | String | e.g. “Windows 2019 desktop” |
os_version |
Operating System of the Device | String | e.g. “Windows server 2019” |
reason |
Reason for exclusion from assessment | String | OUTDATED_SENSOR_VERSION, NOT_IN_DOMAIN_CONTROLLER, ASSESSMENT_SCHEDULED |
sensor_version |
Version of the sensor installed on the device | String | e.g. “5.5” |
last_checkin_time |
Date time of the last time the sensor checked in ISO 8601 UTC format to seconds | String | e.g. “2022-05-05T010:15:30.000Z” |
deployment_type |
Type of deployment | String | WORKLOAD, ENDPOINT, AWS, GCP, AZURE |
OS Info
| Field | Definition | Data Type | Values |
|---|---|---|---|
os_metadata_id |
Identifier of this descriptive data about an operating system | String | e.g. ‘4125c0f6-fb52-436b-a498-74b8a920075e’ |
os_type |
Type of operating system | String | e.g. ‘WINDOWS’ |
os_name |
Name of operating system | String | e.g. ‘Windows Server 2012 x’ |
cis_version |
Version of CIS | String | e.g. ‘1.3.0’ |
Rule Compliance Summary
| Field | Definition | Data Type | Values |
|---|---|---|---|
rule_id |
Identifier of the rule | String | e.g. ‘4125c0f6-fb52-436b-a498-74b8a920075e’ |
rule_name |
Name of the rule | String | e.g. ‘Sample rule’ |
section_id |
Identifier of the section | String | e.g. ‘4125c0f6-fb52-436b-a498-74b8a920075e’ |
section_name |
Name of the section | String | e.g. ‘Section Name’ |
compliant_assets |
Number of assets that are compliant with the Benchmark Set | Integer | e.g. 13 |
non_compliant_assets |
Number of assets that are not compliant with the Benchmark Set | Integer | e.g. 3 |
profile |
Name of the profile for these rules | Array | e.g. ‘Level 1 Domain Controller’ |
num_found |
The number of records found. May be greater than the number returned | Integer | N/A |
Settings
| Field | Definition | Data Type | Values |
|---|---|---|---|
scan_schedule |
Defines how frequently and when benchmark scans run for an organization | String | e.g. ‘FREQ:DAILY;HOUR:10’ |
scan_timezone |
Timezone that the scan_schedule is configure in |
string | e.g. UTC |
Last modified on April 26, 2024