Get Alert or Vulnerability Capabilities
Listing the current IoT capabilities on alert and vulnerability
Query Parameters
- customerid string required
The customer ID to which the API call is directed
- type string required
Possible values: [
alert,vulnerability,all]The type of IoT supported capabilities
Responses
- 200
- 4XX
- 5XX
Successful Response (We only show some important fields here.)
- application/json
- Schema
- Example (from schema)
- securityAlertsResponseExample
- vulnerabilityResponseExample
Schema
- ver string required
The API version
- api string required
The API path
- total integer required
The total number of capabilities
list object[] required
An array of alert capabilities
Array [name stringThe name of the alert/vulnerability
description stringThe descriptoin of this alert/vulnerability
source stringThe source of this alert/vulnerability
severity stringThe severity of this alert/vulnerability
type stringThe type of the alert/vulnerability
]
{
"ver": "string",
"api": "string",
"total": 0,
"list": [
{
"name": "string",
"description": "string",
"source": "string",
"severity": "string",
"type": "string"
}
]
}
{
"api": "alertVulnCapability/getList",
"ver": "v4.0",
"list": [
{
"name": "Suspicious port scanning activity",
"description": "Detected suspicious outbound port scanning activities. A port scan can be used to discover available application or networking services. A wide range port scan is not normal. It is often used by an attacker or a malware to discover target services with vulnerabilities.",
"type": "scanner",
"severity": "medium",
"source": "iot security"
},
{
"name": "Potential port scanning activity",
"description": "Detected suspicious outbound port scanning activities. A port scan can be used to discover available application or networking services. A software initiated wide range port scan is not normal. It is often used by an attacker or a malware to discover target services with vulnerabilities.",
"type": "scanner",
"severity": "medium",
"source": "iot security"
}
],
"total": 2
}
{
"api": "alertVulnCapability/getList",
"ver": "v4.0",
"list": [
{
"name": "Windows SMB v1 Usage",
"description": "SMB (Server Message Block) is a protocol for sharing files. It allows a device to locate files on other devices running SMB and open, read, write to, and delete those files. There are various implementations of SMB such as Microsoft SMB and Samba. Samba provides file and print services and can integrate with a Microsoft Windows Server domain. Unfortunately, some versions of Microsoft Windows and Samba Servers running SMB v1 are vulnerable to attack because they can allow attackers to obtain sensitive information from them and launch various exploits. As a result, the use of SMB v1 on devices running Microsoft Windows or Linux is considered a security risk.",
"impact": "By exploiting SMB v1 vulnerabilities, an attacker can access information, run arbitrary code, launch attacks such as man-in-the-middle and denial-of-service, and install malware such as EternalBlue, WannaCry, and Conficker on the compromised system. From there, the malware can spread to other computers with which the victim interacts online. Palo Alto Networks IoT Security Team recommends that you evaluate the impact of these vulnerabilities based on their operational environment and specific clinical usage.",
"source": "IoT Security",
"severity": "High"
},
{
"name": "CVE-2013-7404",
"impact": "Successful exploitation of this vulnerability may allow a remote attacker to bypass authentication and gain access to the affected devices.\n\nImpact to individual organizations depends on many factors that are unique to each organization. NCCIC recommends that organizations evaluate the impact of this vulnerability based on their operational environment and specific clinical usage.",
"source": "IoT Security",
"description": "GE Healthcare Discovery NM 750b has a password of 2getin for the insite account for (1) Telnet and (2) FTP, which has unspecified impact and attack vectors. NOTE: it is not clear whether this password is default, hardcoded, or dependent on another system or product that requires a fixed value.",
"severity": "High"
}
],
"total": 2
}
Client Error Response
- application/json
- Schema
- Example (from schema)
- Bad Request
- Forbidden access
- Too many requests
Schema
- code string
STATUS_CODE
- msg string
GENERAL_MESSAGE
{
"code": "string",
"msg": "string"
}
{
"code": 400,
"msg": "Bad Request. This occurs when an HTTP request contains an invalid query string."
}
{
"code": 403,
"msg": "Forbidden access. Either the provided API key is invalid or it does not have the required RBAC permissions to run this API."
}
{
"code": 429,
"msg": "Too many requests. The number of requests for device details for a single device exceeded the rate limit of 180 queries per minute per tenant."
}
Server Error Response
- application/json
- Schema
- Example (from schema)
- securityAlertsResponseExample
Schema
- code string
STATUS_CODE
- msg string
GENERAL_MESSAGE
{
"code": "string",
"msg": "string"
}
{
"code": 500,
"msg": "Internal server error. A unified status for API communication type errors."
}
Loading...