Querying the Checklist of a Security Configuration Item

Function

This API is used to query the checklist of a specified security configuration item.

Authorization Information

Each account has all the permissions required to call all APIs, but IAM users must be assigned the required permissions.

If you are using role/policy-based authorization, see Permissions Policies and Supported Actions for details on the required permissions.
If you are using identity policy-based authorization, no identity policy-based permission required for calling this API.

URI

GET /v5/{project_id}/baseline/risk-config/{check_name}/check-rules

**Table 1** Path Parameters
Parameter	Mandatory	Type	Description
project_id	Yes	String	Definition Project ID, which is used to specify the project that an asset belongs to. After the project ID is configured, you can query assets in the project using the project ID. For details about how to obtain it, see Obtaining a Project ID. Constraints N/A Range The value can contain 1 to 256 characters. Default Value N/A
check_name	Yes	String	Definition Configuration check baseline name, for example, SSH, CentOS 7, or Windows. Constraints N/A Range The value can contain 0 to 256 characters. Default Value N/A

**Table 2** Query Parameters
Parameter	Mandatory	Type	Description
enterprise_project_id	No	String	Definition Enterprise project ID, which is used to filter assets in different enterprise projects. For details, see Obtaining an Enterprise Project ID. To query assets in all enterprise projects, set this parameter to all_granted_eps. Constraints You need to set this parameter only after the enterprise project function is enabled. Range The value can contain 1 to 256 characters. Default Value 0: default enterprise project.
standard	Yes	String	Definition Standard type. Constraints N/A Range cn_standard: DJCP MLPS compliance standard hw_standard: Cloud security practice standard Default Value N/A
result_type	No	String	Definition Result type. Constraints N/A Range safe: The item passed the check. unhandled: The item failed the check and is not ignored. ignored: The item failed the check but is ignored. Default Value unhandled
check_rule_name	No	String	Definition Check item name. Fuzzy match is supported. Constraints N/A Range The value can contain 0 to 2,048 characters. Default Value N/A
severity	No	String	Definition Risk level. Constraints N/A Range Security Low Medium High Critical Default Value N/A
host_id	No	String	Definition Server ID. If this parameter is not specified, all the servers of the user are queried. Constraints N/A Range The value can contain 0 to 64 characters. Default Value N/A
limit	No	Integer	Definition Number of records displayed on each page. Constraints N/A Range Value range: 10-200 Default Value 10
offset	No	Integer	Definition Offset, which specifies the start position of the record to be returned. Constraints N/A Range The value range is 0 to 2,000,000. Default Value The default value is 0.

Request Parameters

**Table 3** Request header parameters
Parameter	Mandatory	Type	Description
X-Auth-Token	Yes	String	Definition User token, which contains user identity and permissions. The token can be used for identity authentication when an API is called. For details about how to obtain the token, see Obtaining a User Token. Constraints N/A Range The value can contain 1 to 32,768 characters. Default Value N/A

Response Parameters

Status code: 200

**Table 4** Response body parameters
Parameter	Type	Description
total_num	Long	Definition Total risks. Range N/A
data_list	Array of CheckRuleRiskInfoResponseInfo objects	Definition Data list. Range N/A

**Table 5** CheckRuleRiskInfoResponseInfo
Parameter	Type	Description
severity	String	Definition Risk level. Range Low: low-risk Medium: medium-risk High: high-risk
check_name	String	Definition Configuration check baseline name, for example, SSH, CentOS 7, or Windows. Range N/A
check_type	String	Definition Baseline type. The values for check_type and check_name are the same for Linux servers. For example, they can both be set to SSH or CentOS 7. For Windows servers, the values for check_type and check_name are different. For example, check_type can be set to Windows Server 2019 R2 or Windows Server 2016 R2. Range N/A
standard	String	Definition Standard type. Range cn_standard: DJCP MLPS compliance standard hw_standard: Cloud security practice standard
check_rule_name	String	Definition Check item (rule) name. Range N/A
check_rule_id	String	Definition Check item ID. Range N/A
host_num	Integer	Definition Number of affected servers, that is, the number of servers where the current baseline check is performed. Range N/A
scan_result	String	Definition Check result. Range pass: The check is passed. failed: The check is not passed.
status	String	Definition Check item status. Range safe: No action is required. ignored: ignored unhandled fixing: fixing fix-failed: The fix failed. verifying
enable_fix	Integer	Definition Whether one-click fix is supported. Range 1: One-click fix is supported. 0: not supported
enable_click	Boolean	Definition Whether the Fix, Ignore, and Verify buttons of the check item are enabled. Range true: The buttons are enabled. false: The buttons are disabled.
not_enable_click_description	String	Definition Reason why a button cannot be clicked. Range The value can contain 0 to 512 characters.
rule_params	Array of CheckRuleFixParamInfo objects	Definition Value range of a parameter that can be configured to fix a check item. This information is only returned for the parameters that can be configured to fix check items. Range N/A

**Table 6** CheckRuleFixParamInfo
Parameter	Type	Description
rule_param_id	Integer	Definition Check item parameter ID. Range Value range: 0 to 10
rule_desc	String	Definition Check item parameter description. Range The value can contain 0 to 256 characters.
default_value	Integer	Definition Default values of check item parameters. Range The value range is 0 to 2,147,483,647.
range_min	Integer	Definition Minimum value of check item parameters. Range The value range is 0 to 2,147,483,647.
range_max	Integer	Definition Maximum value of check item parameters. Range The value range is 0 to 2,147,483,647.

Example Requests

This API is used to query the check items whose baseline name is SSH, check standard is cloud security practice standard, and enterprise project ID is xxx.

GET https://{endpoint}/v5/{project_id}/baseline/risk-config/SSH/check-rules?standard=hw_standard&enterprise_project_id=xxx

{
  "standard" : "hw_standard"
}

Example Responses

Status code: 200

Request succeeded.

{
  "total_num" : 1,
  "data_list" : [ {
    "check_rule_id" : "1.1",
    "check_rule_name" : "Rule:Ensure that permissions on /etc/ssh/sshd_config are configured.",
    "check_type" : "SSH",
    "host_num" : 2,
    "standard" : "hw_standard",
    "scan_result" : "failed",
    "severity" : "High",
    "status" : "unhandled",
    "enable_fix" : 1,
    "enable_click" : true,
    "rule_params" : [ {
      "rule_param_id" : 1,
      "rule_desc" : "Set the timeout duration.",
      "default_value" : 5,
      "range_min" : 1,
      "range_max" : 10
    }, {
      "rule_param_id" : 2,
      "rule_desc" : "Set the number of restarts.",
      "default_value" : 10,
      "range_min" : 1,
      "range_max" : 20
    } ]
  } ]
}

Status Codes

Status Code	Description
200	Request succeeded.

Error Codes

See Error Codes.

Parent Topic: Baseline Management

Previous topic: Exporting Configuration Check Reports Based on Query Results

Next topic: Querying the Check Result of a Security Configuration Item

Feedback

Was this page helpful?

Helpful Not helpful

Provide feedback

Thank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.

The system is busy. Please try again later.

For any further questions, feel free to contact us through the chatbot.

Chatbot