Get Runtime Host Profiles
GET/api/v32.07/profiles/host
x-prisma-cloud-target-env: {"permission":"monitorRuntimeHosts"}
Retrieves the details and state of each host service runtime model on a host-by-host basis. The returned JSON object has the following structure:
* host1:
* service1: model
* service2: model
* host2:
* service1: model
* service3: model
cURL Request
Refer to the following example cURL command:
$ curl -k \
-u <USER> \
-H 'Content-Type: application/json' \
-X GET \
https://<CONSOLE>/api/v<VERSION>/profiles/host
Request
Query Parameters
Offsets the result to a specific report count. Offset starts from 0.
Limit is the amount to fix.
Sorts the result using a key.
Sorts the result in reverse order.
IDs is the runtime profile id filter.
OS is the service runtime profile OS filter.
States is the runtime profile state filter.
ImageIDs is the runtime profile image id filter.
Images is the runtime profile image filter.
Hosts is the runtime profile hostname filter.
Namespaces is the runtime profile k8s namespace filter.
Clusters is the runtime profile k8s cluster filter.
Responses
- 200
- default
- application/json
- Schema
- Example (from schema)
Schema
- Array [
- Array [
- Array [
- ]
- Array [
- ]
- Array [
- ]
- ]
- Array [
- ]
- Array [
- ]
- ]
ID is the profile ID (hostname).
AccountID is the cloud account ID associated with the profile.
apps object[]
Apps are the host's apps metadata.
listeningPorts object[]
ListeningPorts represents the applications listening ports.
Command represents the command that triggered the connection.
Modified is a timestamp of when the event occurred.
Port is the port number.
ProcessPath represents the path to the process that uses the port.
Name is the app name.
outgoingPorts object[]
OutgoingPorts represents the applications outgoing ports.
Command represents the command that triggered the connection.
Country is the country ISO code for the given IP address.
IP is the IP address captured over this port.
Modified is a timestamp of when the event occurred.
Port is the port number.
ProcessPath represents the path to the process that uses the port.
processes object[]
Processes is a list of the app's descendant processes.
Command is the executed command.
Interactive indicates whether the process belongs to an interactive session.
MD5 is the process binary MD5 sum.
Modified indicates the process binary was modified after the container has started.
Path is the process binary path.
PPath is the parent process path.
Time is the time in which the process was added. If the process was modified, Time is the modification time.
User represents the username that started the process.
startupProcess object
ProfileProcess represents a single process data
Command is the executed command.
Interactive indicates whether the process belongs to an interactive session.
MD5 is the process binary MD5 sum.
Modified indicates the process binary was modified after the container has started.
Path is the process binary path.
PPath is the parent process path.
Time is the time in which the process was added. If the process was modified, Time is the modification time.
User represents the username that started the process.
Collections is a list of collections to which this profile applies.
Created is the profile creation time.
geoip object
ProfileNetworkGeoIP represents a cache of last ip-country pairs attached to each profile
countries object[]
Countries is a list of ip addresses with their corresponding country codes.
Code is the country iso code.
IP is the ip address.
Modified is the last modified time of this entry.
Modified is the last modified time of the cache.
ProfileHash represents the profile hash It is allowed to contain up to uint32 numbers, and represented by int64 since mongodb does not support unsigned data types
Labels are the labels associated with the profile.
sshEvents object[]
SSHEvents represents a list SSH events occurred on the host.
Command is the executed command.
Country represents the SSH client's origin country.
Interactive indicates whether the process belongs to an interactive session.
IP address represents the connection client IP address.
LoginTime represents the SSH login time.
MD5 is the process binary MD5 sum.
Modified indicates the process binary was modified after the container has started.
Path is the process binary path.
PPath is the parent process path.
Time is the time in which the process was added. If the process was modified, Time is the modification time.
User represents the username that started the process.
Time is the last time when this profile was modified.
[
{
"_id": "string",
"accountID": "string",
"apps": [
{
"listeningPorts": [
{
"command": "string",
"modified": "2024-07-29T15:51:28.071Z",
"port": 0,
"processPath": "string"
}
],
"name": "string",
"outgoingPorts": [
{
"command": "string",
"country": "string",
"ip": "string",
"modified": "2024-07-29T15:51:28.071Z",
"port": 0,
"processPath": "string"
}
],
"processes": [
{
"command": "string",
"interactive": true,
"md5": "string",
"modified": true,
"path": "string",
"ppath": "string",
"time": "2024-07-29T15:51:28.071Z",
"user": "string"
}
],
"startupProcess": {
"command": "string",
"interactive": true,
"md5": "string",
"modified": true,
"path": "string",
"ppath": "string",
"time": "2024-07-29T15:51:28.071Z",
"user": "string"
}
}
],
"collections": [
"string"
],
"created": "2024-07-29T15:51:28.071Z",
"geoip": {
"countries": [
{
"code": "string",
"ip": "string",
"modified": "2024-07-29T15:51:28.071Z"
}
],
"modified": "2024-07-29T15:51:28.071Z"
},
"hash": 0,
"labels": [
"string"
],
"sshEvents": [
{
"command": "string",
"country": "string",
"interactive": true,
"ip": 0,
"loginTime": 0,
"md5": "string",
"modified": true,
"path": "string",
"ppath": "string",
"time": "2024-07-29T15:51:28.071Z",
"user": "string"
}
],
"time": "2024-07-29T15:51:28.071Z"
}
]