SlideShare a Scribd company logo

EnterpriseView 2.0 REST API Developer's Guide

P
Protect724gopi

This document provides a REST API developer guide for HP EnterpriseView 2.0. It includes an overview of the REST API for importing and exporting asset data, HTTP return codes and error messages. It also includes examples of using the REST API with Spring, including retrieving an asset ID, updating a P5 assessment score, and references various REST resources like compliance score, aggregate scores, and asset reconciliation.

Software
1 of 34
Download to read offline
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
HP EnterpriseView For the Windows Operating System Software Version: 2.0 REST API Developer Guide Document Release Date: June 2013 Software Release Date: June 2013
REST API Developer Guide HP EnterpriseView (2.0)Page 2 of 34
Legal Notices Warranty The only warranties for HP products and services are set forth in the express warranty statements accompanying such products and services. Nothing herein should be construed as constituting an additional warranty. HP shall not be liable for technical or editorial errors or omissions contained herein. The information contained herein is subject to change without notice. The network information used in the examples in this document (including IP addresses and host names) is for illustration purposes only. Restricted Rights Legend Confidential computer software. Valid license from HP required for possession, use or copying. Consistent with FAR 12.211 and 12.212, Commercial Computer Software, Computer Software Documentation, and Technical Data for Commercial Items are licensed to the U.S. Government under vendor's standard commercial license. Copyright Notice © Copyright 2011 - 2013 Hewlett-Packard Development Company, L.P. Follow this link to see a complete statement of copyrights and acknowledgments for all HP ArcSight products: http://www.hpenterprisesecurity.com/copyright. Trademark Notices Adobeℱ is a trademark of Adobe Systems Incorporated. MicrosoftÂź and WindowsÂź are U.S. registered trademarks of Microsoft Corporation. UNIXÂź is a registered trademark of The Open Group. This document is confidential. HP EnterpriseView (2.0) Page 3 of 34 REST API Developer Guide
HP EnterpriseView (2.0)Page 4 of 34 REST API Developer Guide
Documentation Updates The title page of this document contains the following identifying information: l Software Version number, which indicates the software version. l Document Release Date, which changes each time the document is updated. l Software Release Date, which indicates the release date of this version of the software. To check for recent updates or to verify that you are using the most recent edition of a document, go to: http://h20230.www2.hp.com/selfsolve/manuals This site requires that you register for an HP Passport and sign in. To register for an HP Passport ID, go to: http://h20229.www2.hp.com/passport-registration.html Or click the New users - please register link on the HP Passport login page. You will also receive updated or new editions if you subscribe to the appropriate product support service. Contact your HP sales representative for details. HP EnterpriseView (2.0) Page 5 of 34 REST API Developer Guide
HP EnterpriseView (2.0)Page 6 of 34 REST API Developer Guide
Support Visit the HP Software Support Online web site at: http://www.hp.com/go/hpsoftwaresupport This web site provides contact information and details about the products, services, and support that HP Software offers. HP Software online support provides customer self-solve capabilities. It provides a fast and efficient way to access interactive technical support tools needed to manage your business. As a valued support customer, you can benefit by using the support web site to: l Search for knowledge documents of interest l Submit and track support cases and enhancement requests l Download software patches l Manage support contracts l Look up HP support contacts l Review information about available services l Enter into discussions with other software customers l Research and register for software training Most of the support areas require that you register as an HP Passport user and sign in. Many also require a support contract. To register for an HP Passport ID, go to: http://h20229.www2.hp.com/passport-registration.html To find more information about access levels, go to: http://h20230.www2.hp.com/new_access_levels.jsp HP EnterpriseView (2.0) Page 7 of 34 REST API Developer Guide
HP EnterpriseView (2.0)Page 8 of 34 REST API Developer Guide
Contents REST API Overview 11 HTTP Return Codes 13 Error Messages 15 Example Application 17 Application Context 17 HTTP Client Factory Bean 17 Example 18 Authentication 21 Resource References 23 Asset Reconciliation 23 Compliance Score 25 P5 Control Maturity Factor Score (Single) 26 P5 Control Maturity Factors Scores (Multiple) 26 Notes 28 Aggregate Risk Score 30 Aggregate Vulnerability Score 30 Aggregate ESM Threat Score 31 Aggregate Compliance Score 32 Aggregate Control Maturity Score 33 HP EnterpriseView (2.0) Page 9 of 34
HP EnterpriseView (2.0)Page 10 of 34 REST API Developer Guide Contents
REST API Overview Using the EnterpriseView REST API you can import and export asset data in the following ways: l Import assessments on assets from any external security system or tool, eliminating the need to manually assess assets in EnterpriseView. l Export assessments on assets to any external security system or tool. Note: You can import or export assessment information only for assets of type IP; this assessment information is aggregate to top-level assets as in manual assessments l Exporting asset aggregate scores to any external security system or tool, including: n The aggregate risk score of the asset n The aggregate compliance score of the asset n The aggregate control maturity score of the asset n The aggregate asset vulnerability score of the asset n The aggregate ESM threat score of the asset Prerequisites: Make sure that the following entities and parameters are identical in both EnterpriseView and the Security Automation tool: l Assets of type IP l Policy names l Control paragraph numbers The following HTTP request methods for importing and exporting asset data are available: l GET: Reads one of the following resources from the EnterpriseView server: n Asset ID n P5 control maturity scores for multiple (1-5) factors n Compliance score of an asset with a control n Note on a control that is applied to an asset n The aggregate scores of an asset l PUT: Updates/creates the following resources on the EnterpriseView server: HP EnterpriseView (2.0) Page 11 of 34
n P5 control maturity score for a single factor n P5 control maturity scores for multiple (1-5) factors n Compliance score of an asset with a control l POST: Inserts notes on a control that is applied to an asset on the EnterpriseView server. The  first step of a client application is authenticating the user, as described in "Authentication" on page 21. After a client is authenticated, it can work with EnterpriseView resources. HP EnterpriseView (2.0)Page 12 of 34 REST API Developer Guide REST API Overview
HTTP Return Codes Unless otherwise specified, these HTTP return codes are used: Code Cause 200 Successful operations 204 No content 400 Bad request 401 Unauthorized 403 Unauthorized operations 404 Resource not found 409 Conflict 500 Internal server error HP EnterpriseView (2.0) Page 13 of 34
HP EnterpriseView (2.0)Page 14 of 34 REST API Developer Guide HTTP Return Codes
Error Messages These are the application error messages returned by the REST API. Code Exception Can happen when 400 Cannot execute your request. Parameters are missing. Attempting to retrieve an asset ID by the asset's IP address, MAC address or DNS name. Parameters are not passed. 404 Cannot find asset IP Address: {IP_Address} or Cannot find asset MAC Address: {MAC_ Address} or Cannot find asset DNS Name: {DNS_ Name} Attempting to retrieve an asset ID by the asset's IP address, MAC address or DNS name. Cannot find policy: {Policy_Name} Attempting to update or retrieve P5 score/compliance score/note for a specific control. 403 Access is forbidden An unauthorized user tries to access EnterpriseView. 409 Cannot find control: {Control_Paragraph_ Number} Attempting to update or retrieve P5 score/compliance score/note for a specific control. HP EnterpriseView (2.0) Page 15 of 34
Code Exception Can happen when 500 Cannot find asset: {Asset_ID} Attempting to retrieve an asset ID by the asset's IP address, MAC address or DNS name. More than one asset matches the request. You can add additional parameters to filter the results. Attempting to retrieve an asset ID by the asset's IP address, MAC address or DNS name. Score is out of range. Range should be between 0-100. Attempting to input a compliance score that is out of range. Score is out of range. Range should be between 0-5. Attempting to input a P5 control maturity factor score that is out of range. Score value must be either numeric or "NotAssessed". Attempting to input a P5 control maturity factor score or a compliance score that is not numeric or "NotAssessed". Score value must be an integer. Attempting to input a P5 control maturity factor score or a compliance score that is not an integer. Control {Control_Paragraph_Number} is not applied to asset {Asset_ID}. Scores cannot be updated. Attempting to input a P5 control maturity factor score or a compliance score for a control that is not applied to an asset. HP EnterpriseView (2.0)Page 16 of 34 REST API Developer Guide Error Messages
Example Application The following examples are based on Spring framework version 3.0. Application Context <?xml version="1.0" encoding="UTF-8"?> <beans xmlns="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:context="http://www.springframework.org/schema/context" xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.0.xsd http://www.springframework.org/schema/context http://www.springframework. org/schema/context/spring-context-3.0.xsd"> <context:annotation-config/> <context:component-scan base-package="com.hp.redcat.restsample"/> <bean id="credentials" class="org.apache.commons.httpclient.UsernamePassword Credentials"> <constructor-arg value="admin"/> <constructor-arg value="admin"/> </bean> <bean id="secureHttpClient" factory-bean="httpClientFactoryBean" factory-met hod="getHttpClient"/> <bean id="httpClientFactory" class="org.springframework.http.client.CommonsC lientHttpRequestFactory"> <constructor-arg ref="secureHttpClient"/> </bean> <bean id="restTemplate" class="org.springframework.web.client.RestTemplate"> <constructor-arg ref="httpClientFactory"/> </bean> </beans> HTTP Client Factory Bean package com.hp.redcat.restsample; import org.apache.commons.httpclient.Credentials; import org.apache.commons.httpclient.HttpClient; import org.apache.commons.httpclient.auth.AuthScope; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.stereotype.Component; HP EnterpriseView (2.0) Page 17 of 34
@Component public class HttpClientFactoryBean { private HttpClient httpClient; @Autowired public HttpClientFactoryBean(Credentials credentials) { this.httpClient = new HttpClient(); this.httpClient.getState().setCredentials(AuthScope.ANY, credentials); } public HttpClient getHttpClient() { return httpClient; } } Example package com.hp.redcat.restsample; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.stereotype.Component; import org.springframework.web.client.RestTemplate; import java.util.HashMap; import java.util.Map; @Component public class RestSample { @Autowired private RestTemplate restTemplate; /** * @param assetIdInEnterpriseView is the asset ID in EnterpriseView. * Follow the instructions in "Asset Reconciliation" on page 23 to get it. * **/ public void putP5Assessment(String assetIdInEnterpriseView) { Map<String, String> variables = new HashMap<String, String>(); variables.put("assetId", assetIdInEnterpriseView); variables.put("policyKey", "Cobit 4.1"); variables.put("controlParagraph", "PO1.1"); variables.put("p5type", "People"); HP EnterpriseView (2.0)Page 18 of 34 REST API Developer Guide Example Application
final String url = "http://hostname:8080/redcat/rest/" + "assets/{assetId}/policy/audit/{policyKey}/{controlParagraph}/p 5/{p5type}"; restTemplate.put(url, "1", variables); } HP EnterpriseView (2.0) Page 19 of 34 REST API Developer Guide Example Application
HP EnterpriseView (2.0)Page 20 of 34 REST API Developer Guide Example Application
Authentication The application must perform HTTP basic authentication. The user must have the following permissions: l Login l Read Policy Assessment l Edit Policy Assessment l Read Assets The user must have access rights to all the relevant assets. For more information, see the Business Model Authorization section in the HP EnterpriseView user Guide. HP EnterpriseView (2.0) Page 21 of 34
HP EnterpriseView (2.0)Page 22 of 34 REST API Developer Guide Authentication
Resource References This section includes the following resources: Asset Reconciliation 23 Compliance Score 25 P5 Control Maturity Factor Score (Single) 26 P5 Control Maturity Factors Scores (Multiple) 26 Notes 28 Aggregate Risk Score 30 Aggregate Vulnerability Score 30 Aggregate ESM Threat Score 31 Aggregate Compliance Score 32 Aggregate Control Maturity Score 33 Asset Reconciliation Description Reconciliation is the process of identifying and matching entities from different data repositories, for example, in HP Server Automation (SA) and EnterpriseView. This process is designed to assure unique identification of assets in EnterpriseView. The asset ID is passed as a parameter in all of the other methods. Therefore, retrieving the asset ID is always the first action. Parameters The asset ID can be retrieved with one or more of the following parameters: l IP Address l MAC Address l Host Name URL http://{host}:{port}/redcat/rest/reconcile/ asset?ipAddress={ipAddress} http://{host}:{port}/redcat/rest/reconcile/ asset?macAddress={macAddress} http://{host}:{port}/redcat/rest/reconcile/ asset?hostname={hostname} Or any combination of parameters. For example: HP EnterpriseView (2.0) Page 23 of 34
http://{host}:{port}/redcat/rest/reconcile/ asset?hostname={hostname}&macAddress= {macAddress}&ipAddress={ipAddress} Note: The IP Address, MAC Address and Host Name of an asset can change. In this case, using these parameters may return a different asset ID. If your connector has a unique key for this asset that is made up of the Connector Asset ID and the Connector Name, then we recommend using these parameters to make sure that the same asset is always returned. URL http://{host}:{port}/redcat/rest/reconcile/ asset?connectorName={connectorName}&connectorAssetId= {connectorAssetId}&hostname={hostname} http://{host}:{port}/redcat/rest/reconcile/ asset?connectorName={connectorName}&connectorAssetId= {connectorAssetId}&ipAddress={ipAddress} http://{host}:{port}/redcat/rest/reconcile/ asset?connectorName={connectorName}&connectorAssetId= {connectorAssetId}&macAddress={macAddress} Or any combination of parameters. For example: http://{host}:{port}/redcat/rest/reconcile/ asset?connectorName=MyConnector&connectorAssetId=17&ipAddress= 192.168.0.1&hostname=assetHost&macAddress=assetMAC Remark EnterpriseView can return only one asset ID. If more than one asset is found with this method, then 404 error code is returned. None of the parameters (IP address, MAC address, host name) are mandatory in EnterpriseView. Using your knowledge of EnterpriseView, construct your queries to match a unique asset. GET Action Returns one asset ID. Request Body None Returns <?xml version="1.0" encoding="UTF-8" standalone="yes"?> <asset> <id>{asset ID}</id> </asset> Example GET http://127.0.0.1:8080/redcat/rest/reconcile/asset? ipAddress=192.168.0.1 HP EnterpriseView (2.0)Page 24 of 34 REST API Developer Guide Resource References
Compliance Score Description A score between 0 and 100 (inclusive) representing the asset compliance with a specific control. URL http://{host}:{port}/redcat/rest/assets/{asset_id}/policy/audit/{policy_name}/{c ontrol_paragraph}/compliance Remark Attempting to create/update a compliance score that is not in the range of 0 and 100, results in a 500 exception. All parameters are case-sensitive. GET Action Returns the compliance score for a specific control in a specific policy for a specific asset. Note: If the compliance is not assessed, GET returns the parameter "NotAssessed" instead of a score. Request Body None Returns <?xml version="1.0" encoding="UTF-8" standalone="yes"?> <compliance> <complianceScore>{compliance Score}</complianceScore> </compliance> Example GET http://127.0.0.1:8080/redcat/rest/assets/189/policy/ audit/Cobit%204.1/PO1.1/compliance PUT Action Creates/updates the compliance score for a specific control in a specific policy for a specific asset. Note: If the compliance that you want to create/update is not assessed, you need to pass the parameter "NotAssessed" instead of a score. Request Body The compliance score HP EnterpriseView (2.0) Page 25 of 34 REST API Developer Guide Resource References
PUT Example PUT http://127.0.0.1:8080/redcat/rest/assets/189/policy/ audit/Cobit%204.1/PO1.1/compliance (Request body) 100 P5 Control Maturity Factor Score (Single) Description A score between 1-5 (inclusive) representing the control maturity of a single P5 factor in reference to a specific asset. URL http://{host}:{port}/redcat/rest/assets/{asset_id}/policy/audit/{policy_name}/{c ontrol_paragraph}/p5/{p5 factor} P5 factors: people, proof, procedure, process, product Remark All parameters are case-sensitive. PUT Action Creates/updates the P5 control maturity score for one factor on a specific control in a specific policy for a specific asset. Note: If the P5 factor that you want to create/update is not assessed, pass the parameter "NotAssessed" instead of a score. Request Body The P5 control maturity score Example PUT http://127.0.0.1:8080/redcat/rest/assets/189/policy/ audit/Cobit%204.1/PO1.1/p5/people (Request body) 5 P5 Control Maturity Factors Scores (Multiple) Description A score between 1-5 (inclusive) representing the control maturity of one or more (maximum five) P5 factors in reference to a specific asset. URL HP EnterpriseView (2.0)Page 26 of 34 REST API Developer Guide Resource References
http://{host}:{port}/redcat/rest/assets/{asset_id}/policy/audit/{policy_name}/{c ontrol_paragraph}/p5 Remark All parameters are case-sensitive. GET Action Returns the P5 control maturity score for multiple factors on a specific control in a specific policy for a specific asset. If a specific P5 factor is not applied to the control, then it will not be returned. Note: If a P5 factor is not assessed, GET returns the parameter "NotAssessed" instead of a score. Request Body None Returns <?xml version="1.0" encoding="UTF-8" standalone="yes"?> <p5> <people>{people}</people> <procedure>{procedure}</procedure> <process>{process}</process> <product>{product}</product> <proof>{proof}</proof> </p5> Example GET http://127.0.0.1:8080/redcat/rest/assets/189/policy/ audit/Cobit%204.1/PO1.1/p5/ PUT Action Creates/updates the P5 control maturity score for multiple factors on a specific control in a specific policy for a specific asset. Note: l If the P5 factor that you want to create/update is not assessed, you need to pass the parameter "NotAssessed" instead of a score. l If you try to create or update a P5 factor that is not applied to the control, you get a 500 error code. HP EnterpriseView (2.0) Page 27 of 34 REST API Developer Guide Resource References
PUT Request Header content-type: application/xml Request Body <?xml version="1.0" encoding="UTF-8" standalone="yes"?> <p5> <people>{people}</people> <procedure>{procedure}</procedure> <process>{process}</process> <product>{product}</product> <proof>{proof}</proof> </p5> Example <?xml version="1.0" encoding="UTF-8" standalone="yes"?> <p5> <people>3</people> <procedure>3</procedure> <process>4</process> <product>5</product> <proof>NotAssessed</proof> </p5> Notes Description Any number of notes can be attached to a control in a specific policy for a specific asset. URL http://{host}:{port}/redcat/rest/assets/{asset_id}/policy/audit/{policy_name}/{c ontrol_paragraph}/notes Remark POST creates a single note. GET returns all notes for the control. HP EnterpriseView (2.0)Page 28 of 34 REST API Developer Guide Resource References
GET Action Returns all of the notes for a specific control in a specific policy for a specific asset. Request Body None Returns <?xml version="1.0" encoding="UTF-8" standalone="yes"?> <notes> <note> <createTime>{creation date and time} </createTime> <creator> <uniqueId>{user name}</uniqueId> </creator> <message>{note text}</message> </note> 
 </notes> Example GET http://127.0.0.1:8080/rest/assets/189/policy/ audit/Cobit%204.1/PO1.1/notes POST Action Create a new note for a specific control in a specific policy for a specific asset. Request Body The note text Returns HTTP code 200 or an error code Example http://127.0.0.1:8080/redcat/rest/assets/189/policy/ audit/Cobit%204.1/PO1.1/note {note text} HP EnterpriseView (2.0) Page 29 of 34 REST API Developer Guide Resource References
Aggregate Risk Score Description A score between 0 and 100 (inclusive) representing the aggregate risk of an asset. URL http://{host}:{port}/redcat/rest/risk/score/{asset_id} Remark All parameters are case-sensitive. GET Action Returns the aggregate risk score for a specific asset. Note: If there is no aggregate risk score for the asset, GET returns an empty tag instead of a score. Request Body None Returns <?xml version="1.0" encoding="UTF-8" standalone="yes"?> <RiskScore> <AggregateScore> {aggregate risk score} </AggregateScore> </RiskScore> Example GET http://127.0.0.1:8080/redcat/rest/risk/score/189 Aggregate Vulnerability Score Description A score between 0 and 10 (inclusive) representing the aggregate vulnerability of an asset. URL http://{host}:{port}/redcat/rest/vulnerability/score/{asset_id} Remark All parameters are case-sensitive. HP EnterpriseView (2.0)Page 30 of 34 REST API Developer Guide Resource References
GET Action Returns the aggregate risk score for a specific asset. Note: If there is no aggregate vulnerability score for the asset, GET returns "0". Request Body None Returns <?xml version="1.0" encoding="UTF-8" standalone="yes"?> <VulnerabilityScore> <AggregateScore> {aggregate vulnerability score} </AggregateScore> </VulnerabilityScore> Example GET http://127.0.0.1:8080/redcat/rest/vulnerability/score/189 Aggregate ESM Threat Score Description A score between 0 and 10 (inclusive) representing the aggregate ESM threat of an asset. URL http://{host}:{port}/redcat/rest/esm/score/{asset_id} Remark All parameters are case-sensitive. GET Action Returns the aggregate risk score for a specific asset. Note: If there is no aggregate ESM threat score for the asset, GET returns "0". Request Body None HP EnterpriseView (2.0) Page 31 of 34 REST API Developer Guide Resource References
GET Returns <?xml version="1.0" encoding="UTF-8" standalone="yes"?> <ESMScore> <AggregateScore> {aggregate esm threat score} </AggregateScore> </ESMScore> Example GET http://127.0.0.1:8080/redcat/rest/esm/score/189 Aggregate Compliance Score Description A score between 0 and 100 (inclusive) representing the aggregate compliance of an asset. URL http://{host}:{port}/redcat/rest/compliance/score/{asset_id} Remark All parameters are case-sensitive. GET Action Returns the aggregate compliance score for a specific asset. Note: If there is no aggregate compliance score for the asset, GET returns an empty tag instead of a score. Request Body None Returns <?xml version="1.0" encoding="UTF-8" standalone="yes"?> <ComplianceScore> <AggregateScore> {aggregate compliance score} </AggregateScore> </ComplianceScore> Example GET http://127.0.0.1:8080/redcat/rest/compliance/score/189 HP EnterpriseView (2.0)Page 32 of 34 REST API Developer Guide Resource References
Aggregate Control Maturity Score Description A score between 0 and 5 (inclusive) representing the aggregate maturity of an asset. URL http://{host}:{port}/redcat/rest/maturity/score/{asset_id} Remark All parameters are case-sensitive. GET Action Returns the aggregate maturity score for a specific asset. Note: If there is no aggregate maturity score for the asset, GET returns an empty tag instead of a score. Request Body None Returns <?xml version="1.0" encoding="UTF-8" standalone="yes"?> <MaturityScore> <AggregateScore> {aggregate maturity score} </AggregateScore> </MaturityScore> Example GET http://127.0.0.1:8080/redcat/rest/maturity/score/189 HP EnterpriseView (2.0) Page 33 of 34 REST API Developer Guide Resource References
HP EnterpriseView (2.0)Page 34 of 34 REST API Developer Guide Resource References

More Related Content

PDF
ArcSight Enterprise View REST API Developer's Guide
Protect724gopi
 
PDF
ESM Service Layer Developers Guide for ESM 6.8c
Protect724gopi
 
PDF
ESM Service Layer Developer's Guide (ESM v6.9.1c)
Protect724tk
 
PDF
ArcSight Enterprise View Administration Guide
Protect724gopi
 
PDF
Additional license authorizations
Bloombase
 
PDF
Bsm extensibility
andres1422
 
PDF
ArcSight Enterprise View User Guide
Protect724gopi
 
PDF
SharePoint Add-Ins - Brief Overview
Nous Infosystems
 
ArcSight Enterprise View REST API Developer's Guide
Protect724gopi
 
ESM Service Layer Developers Guide for ESM 6.8c
Protect724gopi
 
ESM Service Layer Developer's Guide (ESM v6.9.1c)
Protect724tk
 
ArcSight Enterprise View Administration Guide
Protect724gopi
 
Additional license authorizations
Bloombase
 
Bsm extensibility
andres1422
 
ArcSight Enterprise View User Guide
Protect724gopi
 
SharePoint Add-Ins - Brief Overview
Nous Infosystems
 

Similar to EnterpriseView 2.0 REST API Developer's Guide (20)

PDF
EnterpriseView 2.0 Administration Guide.pdf
Protect724gopi
 
PDF
HP EnterpriseView v1.5 Administration Guide
Protect724gopi
 
PDF
HP ArcSight EnterpriseView v1.6 Administration Guide
Protect724gopi
 
PDF
EnterpriseView Administration Guide.pdf
Protect724gopi
 
PDF
ArcSight Enterprise View Deployment Guide
Protect724gopi
 
PDF
EnterpriseView 2.0 Deployment Guide
Protect724gopi
 
PDF
HP EnterpriseView v1.5 Deployment Guide
Protect724gopi
 
PDF
HP EnterpriseView v1.5 Deployment Guide
Protect724gopi
 
PDF
HP ArcSight EnterpriseView v1.6 Deployment Guide
Protect724gopi
 
PDF
HP ArcSight EnterpriseView Deployment Guide
Protect724gopi
 
PDF
HP ArcSight EnterpriseView Release Notes
Protect724gopi
 
PDF
HP ArcSight EnterpriseView v1.6 User Guide
Protect724gopi
 
PDF
ArcSight EnterpriseView User Guide
Protect724v3
 
PDF
HP EnterpriseView v1.5 User Guide
Protect724gopi
 
PDF
EnterpriseView 2.0 User Guide
Protect724gopi
 
PDF
EnterpriseView 2.0 Release Notes.pdf
Protect724gopi
 
PDF
Introduction to the Salesforce Mobile SDK for Android
Salesforce Developers
 
PPTX
Z101666 best practices for delivering hybrid cloud capability with apis
Teodoro Cipresso
 
PDF
Risk Insight v1.0 Administration Guide
Protect724gopi
 
PDF
Risk Insight v1.0 Deployment Guide
Protect724gopi
 
EnterpriseView 2.0 Administration Guide.pdf
Protect724gopi
 
HP EnterpriseView v1.5 Administration Guide
Protect724gopi
 
HP ArcSight EnterpriseView v1.6 Administration Guide
Protect724gopi
 
EnterpriseView Administration Guide.pdf
Protect724gopi
 
ArcSight Enterprise View Deployment Guide
Protect724gopi
 
EnterpriseView 2.0 Deployment Guide
Protect724gopi
 
HP EnterpriseView v1.5 Deployment Guide
Protect724gopi
 
HP EnterpriseView v1.5 Deployment Guide
Protect724gopi
 
HP ArcSight EnterpriseView v1.6 Deployment Guide
Protect724gopi
 
HP ArcSight EnterpriseView Deployment Guide
Protect724gopi
 
HP ArcSight EnterpriseView Release Notes
Protect724gopi
 
HP ArcSight EnterpriseView v1.6 User Guide
Protect724gopi
 
ArcSight EnterpriseView User Guide
Protect724v3
 
HP EnterpriseView v1.5 User Guide
Protect724gopi
 
EnterpriseView 2.0 User Guide
Protect724gopi
 
EnterpriseView 2.0 Release Notes.pdf
Protect724gopi
 
Introduction to the Salesforce Mobile SDK for Android
Salesforce Developers
 
Z101666 best practices for delivering hybrid cloud capability with apis
Teodoro Cipresso
 
Risk Insight v1.0 Administration Guide
Protect724gopi
 
Risk Insight v1.0 Deployment Guide
Protect724gopi
 
Ad

More from Protect724gopi (10)

PDF
HP ArcSight EnterpriseView REST API Developer's Guide
Protect724gopi
 
PDF
HP EnterpriseView v1.5 REST API Developer's Guide
Protect724gopi
 
PDF
HP EnterpriseView v1.5 SAP BusinessObjects Installation Guide
Protect724gopi
 
PDF
HP ArcSight EnterpriseView REST API v1.6 Developer's Guide
Protect724gopi
 
PDF
HP ArcSight EnterpriseView v1.6 SAP BusinessObjects Installation
Protect724gopi
 
PDF
HP ArcSight EnterpriseView v1.6 SAP BusinessObjects Installation
Protect724gopi
 
PDF
SAP BusinessObjects Installation Guide
Protect724gopi
 
PDF
Risk Insight 1.0 Release Notes
Protect724gopi
 
PDF
Risk Insight v1.0 User Guide
Protect724gopi
 
PDF
Risk Insight HA Tech Note
Protect724gopi
 
HP ArcSight EnterpriseView REST API Developer's Guide
Protect724gopi
 
HP EnterpriseView v1.5 REST API Developer's Guide
Protect724gopi
 
HP EnterpriseView v1.5 SAP BusinessObjects Installation Guide
Protect724gopi
 
HP ArcSight EnterpriseView REST API v1.6 Developer's Guide
Protect724gopi
 
HP ArcSight EnterpriseView v1.6 SAP BusinessObjects Installation
Protect724gopi
 
HP ArcSight EnterpriseView v1.6 SAP BusinessObjects Installation
Protect724gopi
 
SAP BusinessObjects Installation Guide
Protect724gopi
 
Risk Insight 1.0 Release Notes
Protect724gopi
 
Risk Insight v1.0 User Guide
Protect724gopi
 
Risk Insight HA Tech Note
Protect724gopi
 
Ad

Recently uploaded (20)

PDF
Design an Analysis of Algorithms II-SECS-1021-03
DilanEscobar1
 
PDF
Wondershare Filmora 15 Crack With Activation Key [2025
ghrom2211g
 
PPTX
Agentic AI Use Case- Contract Lifecycle Management (CLM).pptx
mhxyzzp
 
PDF
Internet Downloader Manager (IDM) Crack 6.42 Build 41
ghrom2211g
 
PDF
Nekopoi APK 2025 free lastest update
umarali35kp
 
PDF
Navsoft: AI-Powered Business Solutions & Custom Software Development
Navsoft
 
PPTX
Computer Software and OS of computer science of grade 11.pptx
GauravDahal9
 
PPTX
L1 - Introduction to python Backend.pptx
MoizAhmed480282
 
PDF
Adobe Illustrator 28.6 Crack My Vision of Vector Design
ghrom2211g
 
PDF
SAP S4 Hana Brochure 3 (PTS SYSTEMS AND SOLUTIONS)
pts464036
 
PPTX
Operating system designcfffgfgggggggvggggggggg
rmskumara09
 
PDF
T3DD25 TYPO3 Content Blocks - Deep Dive by André Kraus
Andre Kraus
 
PDF
PTS Company Brochure 2025 (1).pdf.......
pts464036
 
PPTX
ai tools demonstartion for schools and inter college
harshavardhanreddyka11
 
PDF
Digital Systems & Binary Numbers (comprehensive )
fyfhqfhtv2
 
PDF
Claude Code: Everyone is a 10x Developer - A Comprehensive AI-Powered CLI Tool
William Chong
 
PPTX
Agentic AI : A Practical Guide. Undersating, Implementing and Scaling Autono...
IT IDOL Technologies
 
PDF
top salesforce developer skills in 2025.pdf
CloudMetic
 
PDF
How to Migrate SBCGlobal Email to Yahoo Easily
raymondjones7273
 
PDF
Internet Downloader Manager (IDM) Crack 6.42 Build 42 Updates Latest 2025
itskinga12
 
Design an Analysis of Algorithms II-SECS-1021-03
DilanEscobar1
 
Wondershare Filmora 15 Crack With Activation Key [2025
ghrom2211g
 
Agentic AI Use Case- Contract Lifecycle Management (CLM).pptx
mhxyzzp
 
Internet Downloader Manager (IDM) Crack 6.42 Build 41
ghrom2211g
 
Nekopoi APK 2025 free lastest update
umarali35kp
 
Navsoft: AI-Powered Business Solutions & Custom Software Development
Navsoft
 
Computer Software and OS of computer science of grade 11.pptx
GauravDahal9
 
L1 - Introduction to python Backend.pptx
MoizAhmed480282
 
Adobe Illustrator 28.6 Crack My Vision of Vector Design
ghrom2211g
 
SAP S4 Hana Brochure 3 (PTS SYSTEMS AND SOLUTIONS)
pts464036
 
Operating system designcfffgfgggggggvggggggggg
rmskumara09
 
T3DD25 TYPO3 Content Blocks - Deep Dive by André Kraus
Andre Kraus
 
PTS Company Brochure 2025 (1).pdf.......
pts464036
 
ai tools demonstartion for schools and inter college
harshavardhanreddyka11
 
Digital Systems & Binary Numbers (comprehensive )
fyfhqfhtv2
 
Claude Code: Everyone is a 10x Developer - A Comprehensive AI-Powered CLI Tool
William Chong
 
Agentic AI : A Practical Guide. Undersating, Implementing and Scaling Autono...
IT IDOL Technologies
 
top salesforce developer skills in 2025.pdf
CloudMetic
 
How to Migrate SBCGlobal Email to Yahoo Easily
raymondjones7273
 
Internet Downloader Manager (IDM) Crack 6.42 Build 42 Updates Latest 2025
itskinga12
 

EnterpriseView 2.0 REST API Developer's Guide

  • 1. HP EnterpriseView For the Windows Operating System Software Version: 2.0 REST API Developer Guide Document Release Date: June 2013 Software Release Date: June 2013
  • 2. REST API Developer Guide HP EnterpriseView (2.0)Page 2 of 34
  • 3. Legal Notices Warranty The only warranties for HP products and services are set forth in the express warranty statements accompanying such products and services. Nothing herein should be construed as constituting an additional warranty. HP shall not be liable for technical or editorial errors or omissions contained herein. The information contained herein is subject to change without notice. The network information used in the examples in this document (including IP addresses and host names) is for illustration purposes only. Restricted Rights Legend Confidential computer software. Valid license from HP required for possession, use or copying. Consistent with FAR 12.211 and 12.212, Commercial Computer Software, Computer Software Documentation, and Technical Data for Commercial Items are licensed to the U.S. Government under vendor's standard commercial license. Copyright Notice © Copyright 2011 - 2013 Hewlett-Packard Development Company, L.P. Follow this link to see a complete statement of copyrights and acknowledgments for all HP ArcSight products: http://www.hpenterprisesecurity.com/copyright. Trademark Notices Adobeℱ is a trademark of Adobe Systems Incorporated. MicrosoftÂź and WindowsÂź are U.S. registered trademarks of Microsoft Corporation. UNIXÂź is a registered trademark of The Open Group. This document is confidential. HP EnterpriseView (2.0) Page 3 of 34 REST API Developer Guide
  • 4. HP EnterpriseView (2.0)Page 4 of 34 REST API Developer Guide
  • 5. Documentation Updates The title page of this document contains the following identifying information: l Software Version number, which indicates the software version. l Document Release Date, which changes each time the document is updated. l Software Release Date, which indicates the release date of this version of the software. To check for recent updates or to verify that you are using the most recent edition of a document, go to: http://h20230.www2.hp.com/selfsolve/manuals This site requires that you register for an HP Passport and sign in. To register for an HP Passport ID, go to: http://h20229.www2.hp.com/passport-registration.html Or click the New users - please register link on the HP Passport login page. You will also receive updated or new editions if you subscribe to the appropriate product support service. Contact your HP sales representative for details. HP EnterpriseView (2.0) Page 5 of 34 REST API Developer Guide
  • 6. HP EnterpriseView (2.0)Page 6 of 34 REST API Developer Guide
  • 7. Support Visit the HP Software Support Online web site at: http://www.hp.com/go/hpsoftwaresupport This web site provides contact information and details about the products, services, and support that HP Software offers. HP Software online support provides customer self-solve capabilities. It provides a fast and efficient way to access interactive technical support tools needed to manage your business. As a valued support customer, you can benefit by using the support web site to: l Search for knowledge documents of interest l Submit and track support cases and enhancement requests l Download software patches l Manage support contracts l Look up HP support contacts l Review information about available services l Enter into discussions with other software customers l Research and register for software training Most of the support areas require that you register as an HP Passport user and sign in. Many also require a support contract. To register for an HP Passport ID, go to: http://h20229.www2.hp.com/passport-registration.html To find more information about access levels, go to: http://h20230.www2.hp.com/new_access_levels.jsp HP EnterpriseView (2.0) Page 7 of 34 REST API Developer Guide
  • 8. HP EnterpriseView (2.0)Page 8 of 34 REST API Developer Guide
  • 9. Contents REST API Overview 11 HTTP Return Codes 13 Error Messages 15 Example Application 17 Application Context 17 HTTP Client Factory Bean 17 Example 18 Authentication 21 Resource References 23 Asset Reconciliation 23 Compliance Score 25 P5 Control Maturity Factor Score (Single) 26 P5 Control Maturity Factors Scores (Multiple) 26 Notes 28 Aggregate Risk Score 30 Aggregate Vulnerability Score 30 Aggregate ESM Threat Score 31 Aggregate Compliance Score 32 Aggregate Control Maturity Score 33 HP EnterpriseView (2.0) Page 9 of 34
  • 10. HP EnterpriseView (2.0)Page 10 of 34 REST API Developer Guide Contents
  • 11. REST API Overview Using the EnterpriseView REST API you can import and export asset data in the following ways: l Import assessments on assets from any external security system or tool, eliminating the need to manually assess assets in EnterpriseView. l Export assessments on assets to any external security system or tool. Note: You can import or export assessment information only for assets of type IP; this assessment information is aggregate to top-level assets as in manual assessments l Exporting asset aggregate scores to any external security system or tool, including: n The aggregate risk score of the asset n The aggregate compliance score of the asset n The aggregate control maturity score of the asset n The aggregate asset vulnerability score of the asset n The aggregate ESM threat score of the asset Prerequisites: Make sure that the following entities and parameters are identical in both EnterpriseView and the Security Automation tool: l Assets of type IP l Policy names l Control paragraph numbers The following HTTP request methods for importing and exporting asset data are available: l GET: Reads one of the following resources from the EnterpriseView server: n Asset ID n P5 control maturity scores for multiple (1-5) factors n Compliance score of an asset with a control n Note on a control that is applied to an asset n The aggregate scores of an asset l PUT: Updates/creates the following resources on the EnterpriseView server: HP EnterpriseView (2.0) Page 11 of 34
  • 12. n P5 control maturity score for a single factor n P5 control maturity scores for multiple (1-5) factors n Compliance score of an asset with a control l POST: Inserts notes on a control that is applied to an asset on the EnterpriseView server. The  first step of a client application is authenticating the user, as described in "Authentication" on page 21. After a client is authenticated, it can work with EnterpriseView resources. HP EnterpriseView (2.0)Page 12 of 34 REST API Developer Guide REST API Overview
  • 13. HTTP Return Codes Unless otherwise specified, these HTTP return codes are used: Code Cause 200 Successful operations 204 No content 400 Bad request 401 Unauthorized 403 Unauthorized operations 404 Resource not found 409 Conflict 500 Internal server error HP EnterpriseView (2.0) Page 13 of 34
  • 14. HP EnterpriseView (2.0)Page 14 of 34 REST API Developer Guide HTTP Return Codes
  • 15. Error Messages These are the application error messages returned by the REST API. Code Exception Can happen when 400 Cannot execute your request. Parameters are missing. Attempting to retrieve an asset ID by the asset's IP address, MAC address or DNS name. Parameters are not passed. 404 Cannot find asset IP Address: {IP_Address} or Cannot find asset MAC Address: {MAC_ Address} or Cannot find asset DNS Name: {DNS_ Name} Attempting to retrieve an asset ID by the asset's IP address, MAC address or DNS name. Cannot find policy: {Policy_Name} Attempting to update or retrieve P5 score/compliance score/note for a specific control. 403 Access is forbidden An unauthorized user tries to access EnterpriseView. 409 Cannot find control: {Control_Paragraph_ Number} Attempting to update or retrieve P5 score/compliance score/note for a specific control. HP EnterpriseView (2.0) Page 15 of 34
  • 16. Code Exception Can happen when 500 Cannot find asset: {Asset_ID} Attempting to retrieve an asset ID by the asset's IP address, MAC address or DNS name. More than one asset matches the request. You can add additional parameters to filter the results. Attempting to retrieve an asset ID by the asset's IP address, MAC address or DNS name. Score is out of range. Range should be between 0-100. Attempting to input a compliance score that is out of range. Score is out of range. Range should be between 0-5. Attempting to input a P5 control maturity factor score that is out of range. Score value must be either numeric or "NotAssessed". Attempting to input a P5 control maturity factor score or a compliance score that is not numeric or "NotAssessed". Score value must be an integer. Attempting to input a P5 control maturity factor score or a compliance score that is not an integer. Control {Control_Paragraph_Number} is not applied to asset {Asset_ID}. Scores cannot be updated. Attempting to input a P5 control maturity factor score or a compliance score for a control that is not applied to an asset. HP EnterpriseView (2.0)Page 16 of 34 REST API Developer Guide Error Messages
  • 17. Example Application The following examples are based on Spring framework version 3.0. Application Context <?xml version="1.0" encoding="UTF-8"?> <beans xmlns="http://www.springframework.org/schema/beans" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:context="http://www.springframework.org/schema/context" xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.0.xsd http://www.springframework.org/schema/context http://www.springframework. org/schema/context/spring-context-3.0.xsd"> <context:annotation-config/> <context:component-scan base-package="com.hp.redcat.restsample"/> <bean id="credentials" class="org.apache.commons.httpclient.UsernamePassword Credentials"> <constructor-arg value="admin"/> <constructor-arg value="admin"/> </bean> <bean id="secureHttpClient" factory-bean="httpClientFactoryBean" factory-met hod="getHttpClient"/> <bean id="httpClientFactory" class="org.springframework.http.client.CommonsC lientHttpRequestFactory"> <constructor-arg ref="secureHttpClient"/> </bean> <bean id="restTemplate" class="org.springframework.web.client.RestTemplate"> <constructor-arg ref="httpClientFactory"/> </bean> </beans> HTTP Client Factory Bean package com.hp.redcat.restsample; import org.apache.commons.httpclient.Credentials; import org.apache.commons.httpclient.HttpClient; import org.apache.commons.httpclient.auth.AuthScope; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.stereotype.Component; HP EnterpriseView (2.0) Page 17 of 34
  • 18. @Component public class HttpClientFactoryBean { private HttpClient httpClient; @Autowired public HttpClientFactoryBean(Credentials credentials) { this.httpClient = new HttpClient(); this.httpClient.getState().setCredentials(AuthScope.ANY, credentials); } public HttpClient getHttpClient() { return httpClient; } } Example package com.hp.redcat.restsample; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.stereotype.Component; import org.springframework.web.client.RestTemplate; import java.util.HashMap; import java.util.Map; @Component public class RestSample { @Autowired private RestTemplate restTemplate; /** * @param assetIdInEnterpriseView is the asset ID in EnterpriseView. * Follow the instructions in "Asset Reconciliation" on page 23 to get it. * **/ public void putP5Assessment(String assetIdInEnterpriseView) { Map<String, String> variables = new HashMap<String, String>(); variables.put("assetId", assetIdInEnterpriseView); variables.put("policyKey", "Cobit 4.1"); variables.put("controlParagraph", "PO1.1"); variables.put("p5type", "People"); HP EnterpriseView (2.0)Page 18 of 34 REST API Developer Guide Example Application
  • 19. final String url = "http://hostname:8080/redcat/rest/" + "assets/{assetId}/policy/audit/{policyKey}/{controlParagraph}/p 5/{p5type}"; restTemplate.put(url, "1", variables); } HP EnterpriseView (2.0) Page 19 of 34 REST API Developer Guide Example Application
  • 20. HP EnterpriseView (2.0)Page 20 of 34 REST API Developer Guide Example Application
  • 21. Authentication The application must perform HTTP basic authentication. The user must have the following permissions: l Login l Read Policy Assessment l Edit Policy Assessment l Read Assets The user must have access rights to all the relevant assets. For more information, see the Business Model Authorization section in the HP EnterpriseView user Guide. HP EnterpriseView (2.0) Page 21 of 34
  • 22. HP EnterpriseView (2.0)Page 22 of 34 REST API Developer Guide Authentication
  • 23. Resource References This section includes the following resources: Asset Reconciliation 23 Compliance Score 25 P5 Control Maturity Factor Score (Single) 26 P5 Control Maturity Factors Scores (Multiple) 26 Notes 28 Aggregate Risk Score 30 Aggregate Vulnerability Score 30 Aggregate ESM Threat Score 31 Aggregate Compliance Score 32 Aggregate Control Maturity Score 33 Asset Reconciliation Description Reconciliation is the process of identifying and matching entities from different data repositories, for example, in HP Server Automation (SA) and EnterpriseView. This process is designed to assure unique identification of assets in EnterpriseView. The asset ID is passed as a parameter in all of the other methods. Therefore, retrieving the asset ID is always the first action. Parameters The asset ID can be retrieved with one or more of the following parameters: l IP Address l MAC Address l Host Name URL http://{host}:{port}/redcat/rest/reconcile/ asset?ipAddress={ipAddress} http://{host}:{port}/redcat/rest/reconcile/ asset?macAddress={macAddress} http://{host}:{port}/redcat/rest/reconcile/ asset?hostname={hostname} Or any combination of parameters. For example: HP EnterpriseView (2.0) Page 23 of 34
  • 24. http://{host}:{port}/redcat/rest/reconcile/ asset?hostname={hostname}&macAddress= {macAddress}&ipAddress={ipAddress} Note: The IP Address, MAC Address and Host Name of an asset can change. In this case, using these parameters may return a different asset ID. If your connector has a unique key for this asset that is made up of the Connector Asset ID and the Connector Name, then we recommend using these parameters to make sure that the same asset is always returned. URL http://{host}:{port}/redcat/rest/reconcile/ asset?connectorName={connectorName}&connectorAssetId= {connectorAssetId}&hostname={hostname} http://{host}:{port}/redcat/rest/reconcile/ asset?connectorName={connectorName}&connectorAssetId= {connectorAssetId}&ipAddress={ipAddress} http://{host}:{port}/redcat/rest/reconcile/ asset?connectorName={connectorName}&connectorAssetId= {connectorAssetId}&macAddress={macAddress} Or any combination of parameters. For example: http://{host}:{port}/redcat/rest/reconcile/ asset?connectorName=MyConnector&connectorAssetId=17&ipAddress= 192.168.0.1&hostname=assetHost&macAddress=assetMAC Remark EnterpriseView can return only one asset ID. If more than one asset is found with this method, then 404 error code is returned. None of the parameters (IP address, MAC address, host name) are mandatory in EnterpriseView. Using your knowledge of EnterpriseView, construct your queries to match a unique asset. GET Action Returns one asset ID. Request Body None Returns <?xml version="1.0" encoding="UTF-8" standalone="yes"?> <asset> <id>{asset ID}</id> </asset> Example GET http://127.0.0.1:8080/redcat/rest/reconcile/asset? ipAddress=192.168.0.1 HP EnterpriseView (2.0)Page 24 of 34 REST API Developer Guide Resource References
  • 25. Compliance Score Description A score between 0 and 100 (inclusive) representing the asset compliance with a specific control. URL http://{host}:{port}/redcat/rest/assets/{asset_id}/policy/audit/{policy_name}/{c ontrol_paragraph}/compliance Remark Attempting to create/update a compliance score that is not in the range of 0 and 100, results in a 500 exception. All parameters are case-sensitive. GET Action Returns the compliance score for a specific control in a specific policy for a specific asset. Note: If the compliance is not assessed, GET returns the parameter "NotAssessed" instead of a score. Request Body None Returns <?xml version="1.0" encoding="UTF-8" standalone="yes"?> <compliance> <complianceScore>{compliance Score}</complianceScore> </compliance> Example GET http://127.0.0.1:8080/redcat/rest/assets/189/policy/ audit/Cobit%204.1/PO1.1/compliance PUT Action Creates/updates the compliance score for a specific control in a specific policy for a specific asset. Note: If the compliance that you want to create/update is not assessed, you need to pass the parameter "NotAssessed" instead of a score. Request Body The compliance score HP EnterpriseView (2.0) Page 25 of 34 REST API Developer Guide Resource References
  • 26. PUT Example PUT http://127.0.0.1:8080/redcat/rest/assets/189/policy/ audit/Cobit%204.1/PO1.1/compliance (Request body) 100 P5 Control Maturity Factor Score (Single) Description A score between 1-5 (inclusive) representing the control maturity of a single P5 factor in reference to a specific asset. URL http://{host}:{port}/redcat/rest/assets/{asset_id}/policy/audit/{policy_name}/{c ontrol_paragraph}/p5/{p5 factor} P5 factors: people, proof, procedure, process, product Remark All parameters are case-sensitive. PUT Action Creates/updates the P5 control maturity score for one factor on a specific control in a specific policy for a specific asset. Note: If the P5 factor that you want to create/update is not assessed, pass the parameter "NotAssessed" instead of a score. Request Body The P5 control maturity score Example PUT http://127.0.0.1:8080/redcat/rest/assets/189/policy/ audit/Cobit%204.1/PO1.1/p5/people (Request body) 5 P5 Control Maturity Factors Scores (Multiple) Description A score between 1-5 (inclusive) representing the control maturity of one or more (maximum five) P5 factors in reference to a specific asset. URL HP EnterpriseView (2.0)Page 26 of 34 REST API Developer Guide Resource References
  • 27. http://{host}:{port}/redcat/rest/assets/{asset_id}/policy/audit/{policy_name}/{c ontrol_paragraph}/p5 Remark All parameters are case-sensitive. GET Action Returns the P5 control maturity score for multiple factors on a specific control in a specific policy for a specific asset. If a specific P5 factor is not applied to the control, then it will not be returned. Note: If a P5 factor is not assessed, GET returns the parameter "NotAssessed" instead of a score. Request Body None Returns <?xml version="1.0" encoding="UTF-8" standalone="yes"?> <p5> <people>{people}</people> <procedure>{procedure}</procedure> <process>{process}</process> <product>{product}</product> <proof>{proof}</proof> </p5> Example GET http://127.0.0.1:8080/redcat/rest/assets/189/policy/ audit/Cobit%204.1/PO1.1/p5/ PUT Action Creates/updates the P5 control maturity score for multiple factors on a specific control in a specific policy for a specific asset. Note: l If the P5 factor that you want to create/update is not assessed, you need to pass the parameter "NotAssessed" instead of a score. l If you try to create or update a P5 factor that is not applied to the control, you get a 500 error code. HP EnterpriseView (2.0) Page 27 of 34 REST API Developer Guide Resource References
  • 28. PUT Request Header content-type: application/xml Request Body <?xml version="1.0" encoding="UTF-8" standalone="yes"?> <p5> <people>{people}</people> <procedure>{procedure}</procedure> <process>{process}</process> <product>{product}</product> <proof>{proof}</proof> </p5> Example <?xml version="1.0" encoding="UTF-8" standalone="yes"?> <p5> <people>3</people> <procedure>3</procedure> <process>4</process> <product>5</product> <proof>NotAssessed</proof> </p5> Notes Description Any number of notes can be attached to a control in a specific policy for a specific asset. URL http://{host}:{port}/redcat/rest/assets/{asset_id}/policy/audit/{policy_name}/{c ontrol_paragraph}/notes Remark POST creates a single note. GET returns all notes for the control. HP EnterpriseView (2.0)Page 28 of 34 REST API Developer Guide Resource References
  • 29. GET Action Returns all of the notes for a specific control in a specific policy for a specific asset. Request Body None Returns <?xml version="1.0" encoding="UTF-8" standalone="yes"?> <notes> <note> <createTime>{creation date and time} </createTime> <creator> <uniqueId>{user name}</uniqueId> </creator> <message>{note text}</message> </note> 
 </notes> Example GET http://127.0.0.1:8080/rest/assets/189/policy/ audit/Cobit%204.1/PO1.1/notes POST Action Create a new note for a specific control in a specific policy for a specific asset. Request Body The note text Returns HTTP code 200 or an error code Example http://127.0.0.1:8080/redcat/rest/assets/189/policy/ audit/Cobit%204.1/PO1.1/note {note text} HP EnterpriseView (2.0) Page 29 of 34 REST API Developer Guide Resource References
  • 30. Aggregate Risk Score Description A score between 0 and 100 (inclusive) representing the aggregate risk of an asset. URL http://{host}:{port}/redcat/rest/risk/score/{asset_id} Remark All parameters are case-sensitive. GET Action Returns the aggregate risk score for a specific asset. Note: If there is no aggregate risk score for the asset, GET returns an empty tag instead of a score. Request Body None Returns <?xml version="1.0" encoding="UTF-8" standalone="yes"?> <RiskScore> <AggregateScore> {aggregate risk score} </AggregateScore> </RiskScore> Example GET http://127.0.0.1:8080/redcat/rest/risk/score/189 Aggregate Vulnerability Score Description A score between 0 and 10 (inclusive) representing the aggregate vulnerability of an asset. URL http://{host}:{port}/redcat/rest/vulnerability/score/{asset_id} Remark All parameters are case-sensitive. HP EnterpriseView (2.0)Page 30 of 34 REST API Developer Guide Resource References
  • 31. GET Action Returns the aggregate risk score for a specific asset. Note: If there is no aggregate vulnerability score for the asset, GET returns "0". Request Body None Returns <?xml version="1.0" encoding="UTF-8" standalone="yes"?> <VulnerabilityScore> <AggregateScore> {aggregate vulnerability score} </AggregateScore> </VulnerabilityScore> Example GET http://127.0.0.1:8080/redcat/rest/vulnerability/score/189 Aggregate ESM Threat Score Description A score between 0 and 10 (inclusive) representing the aggregate ESM threat of an asset. URL http://{host}:{port}/redcat/rest/esm/score/{asset_id} Remark All parameters are case-sensitive. GET Action Returns the aggregate risk score for a specific asset. Note: If there is no aggregate ESM threat score for the asset, GET returns "0". Request Body None HP EnterpriseView (2.0) Page 31 of 34 REST API Developer Guide Resource References
  • 32. GET Returns <?xml version="1.0" encoding="UTF-8" standalone="yes"?> <ESMScore> <AggregateScore> {aggregate esm threat score} </AggregateScore> </ESMScore> Example GET http://127.0.0.1:8080/redcat/rest/esm/score/189 Aggregate Compliance Score Description A score between 0 and 100 (inclusive) representing the aggregate compliance of an asset. URL http://{host}:{port}/redcat/rest/compliance/score/{asset_id} Remark All parameters are case-sensitive. GET Action Returns the aggregate compliance score for a specific asset. Note: If there is no aggregate compliance score for the asset, GET returns an empty tag instead of a score. Request Body None Returns <?xml version="1.0" encoding="UTF-8" standalone="yes"?> <ComplianceScore> <AggregateScore> {aggregate compliance score} </AggregateScore> </ComplianceScore> Example GET http://127.0.0.1:8080/redcat/rest/compliance/score/189 HP EnterpriseView (2.0)Page 32 of 34 REST API Developer Guide Resource References
  • 33. Aggregate Control Maturity Score Description A score between 0 and 5 (inclusive) representing the aggregate maturity of an asset. URL http://{host}:{port}/redcat/rest/maturity/score/{asset_id} Remark All parameters are case-sensitive. GET Action Returns the aggregate maturity score for a specific asset. Note: If there is no aggregate maturity score for the asset, GET returns an empty tag instead of a score. Request Body None Returns <?xml version="1.0" encoding="UTF-8" standalone="yes"?> <MaturityScore> <AggregateScore> {aggregate maturity score} </AggregateScore> </MaturityScore> Example GET http://127.0.0.1:8080/redcat/rest/maturity/score/189 HP EnterpriseView (2.0) Page 33 of 34 REST API Developer Guide Resource References
  • 34. HP EnterpriseView (2.0)Page 34 of 34 REST API Developer Guide Resource References