×
 
 
  •  
$helper.renderConfluenceMacro('{bmc-global-announcement:$space.key}')
BMC Helix Cloud Security ... Developing Using the REST API

Triggering remediation using the REST API



Overview of use case

This use case shows how to trigger remediation on a specific resource on a non-compliant rule for specific policy using the Cloud Security API.

Before you begin

Ensure that the following prerequisites are met:

  • You are a registered user within BMC Helix Cloud Security.
  • A policy in BMC Helix Cloud Security is available against which the remediation of a specific resource on a non-compliant rule can be initiated.
  • Post Man Client is installed as required tool on the system.

High-Level process

Using the API, perform the following steps:

  1. Log on to BMC Helix Cloud Security with your registered credentials:

    https://bmchelix-cloudopsapi.onbmc.com/v3/users/login

  2.  Generate the access token:

    https://bmchelix-cloudopsapi.onbmc.com/v3/auth/tokens

  3.  Search/get list of connectors:

    https://bmchelix-cloudopsapi.onbmc.com/v1/connectorservice/connectors/search

  4. Search ActionPolicyMappings:

    https://bmchelix-cloudopsapi.onbmc.com/v1/actionpolicymappings/search

  5. Invoke action:

    https://bmchelix-cloudopsapi.onbmc.com/v1/actioninvocations

To log on to BMC Helix Cloud Security

API used: https://bmchelix-cloudopsapi.onbmc.com/v3/users/login

Request

Example

       Header
                    Content-Type:application/json
          Body
                   {
                            "id": "john_smith@companyabc",
                             "password": "P@ssw0rd"
                   }


Response


  "user_id": "26116073073078869423",
  "first_name": "john",
  "last_name": "smith",
  "tenant_id": "97223027309016641763",
  "tenant_name": "BMC Software",
  "user_status": "ENABLE",
  "last_login_time": 1568038988898,
  "last_selected_tenant_id": "97223027309016641763",
  "trial_expiry_time": 0,
  "token": "eyJraWQiOiJmMjQyY2RhMi0wMGE3LTQyMWMtYWMzMy02MmQ3MzE4ODkxM2YiLCJ0eXAiOiJKV1QiLCJhbGciOiJSUzUxMiJ9.eyJzdWIiOiIyNjExNjA3MzA3MzA3ODg2OTQyMyIsImF1ZCI6ImJtY190cnVlc2lnaHRfY2xvdWRfc2VydmljZXMiLCJhbXIiOltdLCJpc3MiOiJibWNfdHJ1ZXNpZ2h0X2Nsb3VkX3NlcnZpY2VzX2lkbSIsInR5cGUiOiJSRUZfVE9LRU4iLCJleHAiOjE1NjgxMjU2MzEsImlhdCI6MTU2ODAzOTIzMSwianRpIjoiMTA4OGFhNmItMzY0ZC00MGMzLWI3MDQtNzNmOTk2MmZjZTgxIn0.TfXlfkq43ydCKXqt4cyX0refkMmA8mc8GA6rNTfVIkNgmA4fC7NMxqLb-YttkHzGTm0TmnuAY9hUzH-6bVnmzS8CLluo9AQY8wzWM7CLsfPFd_wnCD-Je0yRTEftspFj4b5ND_M_GnXbC6VYQpjbOthZbm-0wf_x3wuJGvI1XzqY-_8y4tMx-GfAlnyBVwmmXZb0ofl3vVpUZVRCLYtVApsjxfcMXNo6N5B2lJhk9e-4EajPGx21bDCTz5zwe4WeZ_-RO_Ve3NPSQayJ3PQzKD07w65MXFsohUyPH1DzD76CghR4EZt3hy7jDT7iLvBCH4MsGqV6FG9pnPxNWHAyCw",
  "tenants": [
    {
      "tenant_id": "97223027309016641763",
      "tenant_name": "BMC Software",
      "is_msp_tenant": false,
      "is_trial_tenant": false,
      "trial_expiry_time": -1,
      "organizations": [
        {
          "id": "1",
          "name": "BMC Software"
        },
        {
          "id": "2",
          "name": "POV-TEST"
        },
        {
          "id": "3",
          "name": "POV-TEST-2"
        },
        {
          "id": "4",
          "name": "POV-TEST-3"
        }
      ]
    },
    {
      "tenant_id": "53230692198492071055",
      "tenant_name": "BMC",
      "is_msp_tenant": false,
      "tenant_phone_number": "813-695-5599",
      "is_trial_tenant": false,
      "trial_expiry_time": -1,
      "organizations": [
        {
          "id": "6",
          "name": "Mobile Banking App Team"
        },
        {
          "id": "7",
          "name": "AWS Operations"
        },
        {
          "id": "8",
          "name": "AWSOperations"
        },
        {
          "id": "2",
          "name": "Stock Trader App Team"
        },
        {
          "id": "3",
          "name": "IT Service Team"
        },
        {
          "id": "4",
          "name": "COE Team"
        },
        {
          "id": "9",
          "name": "BT"
        },
        {
          "id": "1",
          "name": "BMC"
        },
        {
          "id": "5",
          "name": "Loan App Team"
        }
      ]
    }
  ]
}

Request


Response


To generate the access token

API used: https://bmchelix-cloudopsapi.onbmc.com/v3/auth/tokens

Request

{
  "refresh_token": "eyJraWQiOiJmMjQyY2RhMi0wMGE3LTQyMWMtYWMzMy02MmQ3MzE4ODkxM2YiLCJ0eXAiOiJKV1QiLCJhbGciOiJSUzUxMiJ9.eyJzdWIiOiIyNjExNjA3MzA3MzA3ODg2OTQyMyIsImF1ZCI6ImJtY190cnVlc2lnaHRfY2xvdWRfc2VydmljZXMiLCJhbXIiOltdLCJpc3MiOiJibWNfdHJ1ZXNpZ2h0X2Nsb3VkX3NlcnZpY2VzX2lkbSIsInR5cGUiOiJSRUZfVE9LRU4iLCJleHAiOjE1NjgxMjQ3MDIsImlhdCI6MTU2ODAzODMwMiwianRpIjoiNzM5MGViZWUtNTFjNC00YTdmLThlM2MtMzRmMDE3MjQ2M2VkIn0.PUMSSwfMUzAY_DA4tnTE6X7VnwYvp13x3Gj4YlUwXuMq3YRep3oOUzYk1td87tSWlho2sRkL19UM4PbTSe7X2W3aN8PwfIm24Msmg5WuP416aoMKNQ8F3-WvXEh56UlDRKZdo87GICvHcpvCHvHy8gk8GW1cKGYlnzDNDrJNgnQTAtwxzO8DBenXU2STBbNa4gUCpUwJvGWWmv4NvkFj15MnnMT2Cbp_oOSVK_bQLMSQ8qHsnIS0yL9KHBaT4cQJ0ZA0iYO7o4HXe-6YxPhrRILHLLbB-ViDkgdEtg7fP6HjCQiLxT1eudqMHTaAz-ZPW3vHLwGUDG-chdaRQ8cE4Q",
  "context": {
    "tenant_id": "9722302730901664176334",
    "org_id": 1
  }
}


Response

{
  "json_web_token": "eyJraWQiOiJmMjQyY2RhMi0wMGE3LTQyMWMtYWMzMy02MmQ3MzE4ODkxM2YiLCJ0eXAiOiJKV1QiLCJhbGciOiJSUzUxMiJ9.eyJzdWIiOiIyNjExNjA3MzA3MzA3ODg2OTQyMyIsImF1ZCI6ImJtY190cnVlc2lnaHRfY2xvdWRfc2VydmljZXMiLCJhbXIiOlsiZXlKMWMyVnlYMmxrSWpvaU1qWXhNVFl3TnpNd056TXdOemc0TmprME1qTWlMQ0owWlc1aGJuUmZhV1FpT2lJNU56SXlNekF5TnpNd09UQXhOalkwTVRjMk15SXNJblZ6WlhKZmMzUmhkSFZ6SWpvaVJVNUJRa3hGSWl3aWJHRnpkRjlzYjJkcGJsOTBhVzFsSWpveE5UWTRNRE00T1RnNE9EazRMQ0pqYjI1MFpYaDBJanA3SW5SbGJtRnVkRjlwWkNJNklqazNNakl6TURJM016QTVNREUyTmpReE56WXpJaXdpYVhOZmJYTndYM1JsYm1GdWRDSTZabUZzYzJVc0luQmxjbTFwYzNOcGIyNXpJanBiSWtsdVpuSmhMa0ZqWTI5MWJuUnpMbFpwWlhjaUxDSkpibVp5WVM1RmVHTmxjSFJwYjI1ekxsWnBaWGNpTENKSmJtWnlZUzVCZFhSdmJXRjBhVzl1TGsxaGJtRm5aU0lzSWtsdVpuSmhMa0YxZEc5dFlYUnBiMjR1Vm1sbGR5SXNJa2x1Wm5KaExsSnZiR1Z6TGxacFpYY2lMQ0pKYm1aeVlTNURiMjV1WldOMGIzSnpMbFpwWlhjaUxDSkpibVp5WVM1R1pXRjBkWEpsUm14aFp5NVdhV1YzSWl3aVVHOXNhV041TGtGamRHbHZibEJ2YkdsamVVMWhjSEJwYm1kekxrMWhibUZuWlNJc0lrbHVabkpoTGs5eVoyRnVhWHBoZEdsdmJuTXVUV0Z1WVdkbElpd2lVRzlzYVdONUxrRmpkR2x2Ym5NdVJYaGxZM1YwWlNJc0lsQnZiR2xqZVM1QlkzUnBiMjV6TGxacFpYY2lMQ0pKYm1aeVlTNVNaWE52ZFhKalpWQnZiMnh6TGsxaGJtRm5aU0lzSWtOdmMzUXVRblZrWjJWMGN5NVdhV1YzSWl3aVNXNW1jbUV1VlhObGNuTXVUV0Z1WVdkbElpd2lVRzlzYVdONUxsSmxZMjl0YldWdVpHRjBhVzl1Y3k1V2FXVjNJaXdpU1c1bWNtRXVRMjl1Ym1WamRHOXlTVzV6ZEdGdVkyVXVTVzUyYjJ0bElpd2lRMjl6ZEM1U1pXTnZiVzFsYm1SaGRHbHZibk11Vm1sbGR5SXNJa2x1Wm5KaExrTnZibTVsWTNSdmNrbHVjM1JoYm1ObGN5NVdhV1YzSWl3aVNXNW1jbUV1U1VSUVV5NU5ZVzVoWjJVaUxDSlFiMnhwWTNrdVFXTjBhVzl1VUc5c2FXTjVUV0Z3Y0dsdVozTXVWbWxsZHlJc0lrbHVabkpoTGxWelpYSnpMbFpwWlhjaUxDSkpibVp5WVM1RGIyNXVaV04wYjNKekxrTnZiVzFoYm1SRmVHVmpkWFJsSWl3aVNXNW1jbUV1VW1WemIzVnlZMlZ6TGxacFpYY2lMQ0pRYjJ4cFkza3VVRzlzYVdONVVtVnpkV3gwY3k1V2FXVjNJaXdpUTI5emRDNVNaVzFsWkdsaGRHbHZibk11U1c1MmIydGxJaXdpU1c1bWNtRXVSWGhqWlhCMGFXOXVjeTVOWVc1aFoyVWlMQ0pRYjJ4cFkza3VVRzlzYVdOcFpYTXVWbWxsZHlJc0lsQnZiR2xqZVM1U1pXMWxaR2xoZEdsdmJuTXVTVzUyYjJ0bElpd2lVRzlzYVdONUxrVjJZV3gxWVhScGIyNXpMbFpwWlhjaUxDSlFiMnhwWTNrdVEyOXVibVZqZEc5eVVHOXNhV05wWlhNdVRXRnVZV2RsSWl3aVVHOXNhV041TGtGamRHbHZibk11VFdGdVlXZGxJaXdpU1c1bWNtRXVVbVZ3YjNKMGN5NU5ZVzVoWjJVaUxDSlFiMnhwWTNrdVEyOXVibVZqZEc5eVVHOXNhV05wWlhNdVZtbGxkeUlzSWtOdmMzUXVRblZrWjJWMGN5NU5ZVzVoWjJVaUxDSlFiMnhwWTNrdVFXTjBhVzl1VW1WemRXeDBjeTVXYVdWM0lpd2lVRzlzYVdONUxsQnZiR2xqYVdWekxrMWhibUZuWlNJc0lrbHVabkpoTGs5eVoyRnVhWHBoZEdsdmJuTXVWbWxsZHlJc0lrbHVabkpoTGtsRVVGTXVWbWxsZHlJc0lrTnZjM1F1VW1WemIzVnlZMlZRYjI5c2N5NU5ZVzVoWjJVaUxDSkpibVp5WVM1RGIyNXVaV04wYjNKekxrMWhibUZuWlNJc0lrTnZjM1F1VW1WdFpXUnBZWFJwYjI1ekxsWnBaWGNpTENKSmJtWnlZUzVKZEdsc0xsWnBaWGNpTENKUWIyeHBZM2t1Um1WbFpDNVFkV0pzYVhOb0lpd2lTVzVtY21FdVVtVnpiM1Z5WTJWUWIyOXNjeTVXYVdWM0lpd2lTVzVtY21FdVNYUnBiQzVOWVc1aFoyVWlMQ0pEYjNOMExsWnBaWGNpTENKSmJtWnlZUzVWYzJWeVNXNXpkR0Z1WTJVdVRXRnVZV2RsSWwwc0ltOXlaMkZ1YVhwaGRHbHZibk1pT2xzaU5DSXNJak1pTENJeUlpd2lNU0pkTENKeWIyeGxjeUk2V3lKVVpXNWhiblJCWkcxcGJpSmRMQ0p2Y21kZmFXUWlPaUl4SWl3aWRtbGxkMTl2Y21kZmFXUnpJanBiSWpFaVhYMHNJblJsYm1GdWRITWlPbHRkZlE9PSJdLCJpc3MiOiJibWNfdHJ1ZXNpZ2h0X2Nsb3VkX3NlcnZpY2VzX2lkbSIsInR5cGUiOiJBQ0NFU1NfVE9LRU4iLCJleHAiOjE1NjgwNDAxMzUsImlhdCI6MTU2ODAzOTIzNSwianRpIjoiNTE2MjMxMWMtMjI1Zi00MTVlLThmMTctNDY4NjlkNDY4YzgwIn0.XAjCW5MaEkJJaOb4xp8E-U8IIXOfpXj90XbyOKY7r9Qn_FuOAsu0D4l54S4rEZB-uYhDjFGHnozV3iMDBhmnXGCHg9OapvWD-5MFhnUD30QsZbb48PaA0IchZOQ_EN5J6JwQ3L1PyvuanRwmnVSG8jFEYyGKz90cQJHSkalzqAGovNCUQ2OL2IeZVwylsxnJpayrvJ7wbdeMW_ctGWISIFeHlNQtsh0gtB3SJG5RqUTUYDi1JIF2meIQ9E9eiJfnYh_QafHNM0x6vdN9MyPqYsnw-jMvEj6aUX9bEsuGutf5IamyD820fgwZFHzzJ79Zo5zEW8UUpSSjxnvwo6X-lg"
}


Request


Response


To search/get a list of connectors

API used: https://bmchelix-cloudopsapi.onbmc.com/v1/connectorservice/connectors/search

Request

  1. On the Authorization Tab, choose the Bearer Token authorization type from the menu and provide authorization parameters:

Example 

{
	"method": "POST",
	"url": "https://bmchelix-cloudopsapi.onbmc.com/v1/ruleresults/search",
	"headers": {
		"Content-Type": "application/json",
		"Authorization": "Bearer <TOKEN>"
	},
	"body":{
  "period": "$LATEST",
  "filter": "not contains(definitionTags,'services:secure') "
} 
	
}


Response

Example

{
  "data": [
    {
      "id": "BNe73Rx5bBEjGng9efn5",
      "name": "3July19-AWSOnPremConnDisable",
      "state": "Disabled",
      "type": "aws-collector",
      "status": null,
      "errors": "[]",
      "version": "19.05.371",
      "warnings": "[]",
      "tenantId": "97223027309016641763",
      "collectionFrequency": "-1",
      "collectionProgress": 100,
      "collectionStatus": "Remaining : 0",
      "creationTime": 1562172001000,
      "eventDrivenEnabled": null,
      "hostName": "true",
      "isEnabled": false,
      "isHosted": null,
      "lastDataReceivedTime": 1562172316000,
      "lastHeartbeatTime": 1562257374000,
      "nextCollectionTime": -1,
      "updateTime": 1565673950526,
      "userGroupId": "admin",
      "userEmailId": "asubheda@bmc.com",
      "costIngestionStatistics": null,
      "utilizationIngestionStatistics": null,
      "definitionTags": null
    },
    {
      "id": "eF0rTyF6ptcckBspC7QU",
      "name": "3July19-AWSOnPremConnDisAfter",
      "state": "Disabled",
      "type": "aws-collector",
      "status": null,
      "errors": "[]",
      "version": "19.05.371",
      "warnings": "[]",
      "tenantId": "97223027309016641763",
      "collectionFrequency": "-1",
      "collectionProgress": 100,
      "collectionStatus": "Collection cycle completed.",
      "creationTime": 1562256540000,
      "eventDrivenEnabled": null,
      "hostName": "true",
      "isEnabled": false,
      "isHosted": null,
      "lastDataReceivedTime": 1562256861000,
      "lastHeartbeatTime": 1562257405000,
      "nextCollectionTime": 1562256860000,
      "updateTime": 1562257405000,
      "userGroupId": "admin",
      "userEmailId": "asubheda@bmc.com",
      "costIngestionStatistics": null,
      "utilizationIngestionStatistics": null,
      "definitionTags": null
    },
    {
      "id": "rAMRNeVK23yz6tttIYHN",
      "name": "AmitBase-POV",
      "state": "Downloaded",
      "type": "base-connector",
      "status": null,
      "errors": "[]",
      "version": "19.04.158",
      "warnings": "[]",
      "tenantId": "97223027309016641763",
      "collectionFrequency": "43200000",
      "collectionProgress": null,
      "collectionStatus": null,
      "creationTime": 1565136000000,
      "eventDrivenEnabled": false,
      "hostName": null,
      "isEnabled": true,
      "isHosted": false,
      "lastDataReceivedTime": null,
      "lastHeartbeatTime": null,
      "nextCollectionTime": 1565136000000,
      "updateTime": null,
      "userGroupId": "admin",
      "userEmailId": null,
      "costIngestionStatistics": null,
      "utilizationIngestionStatistics": null,
      "definitionTags": [
        "services:policyservice"
      ]
    },
    {
      "id": "T32qtwsIF5tkp365uUnv",
      "name": "AmitDevAWS",
      "state": "Running",
      "type": "aws-cloud-connector",
      "status": null,
      "errors": "[]",
      "version": "1.0.0",
      "warnings": "[]",
      "tenantId": "97223027309016641763",
      "collectionFrequency": "-1",
      "collectionProgress": 100,
      "collectionStatus": "Collection cycle completed.",
      "creationTime": 1565136000000,
      "eventDrivenEnabled": false,
      "hostName": null,
      "isEnabled": true,
      "isHosted": true,
      "lastDataReceivedTime": null,
      "lastHeartbeatTime": 1566490650369,
      "nextCollectionTime": 1566490699804,
      "updateTime": 1566540586962,
      "userGroupId": "admin",
      "userEmailId": null,
      "costIngestionStatistics": null,
      "utilizationIngestionStatistics": null,
      "definitionTags": [
        ""
      ]
    }
  ],
  "metaData": [
    {
      "total": 4
    }
  ]
}

Request body

Response Details: List of connectors


To search ActionPolicyMappings

API used: https://bmchelix-cloudopsapi.onbmc.com/v1/actionpolicymappings/search

Request

  1. On the Authorization Tab, choose the Bearer Token authorization type from the menu and provide authorization parameters:


Request Body Example 

{
	"method": "POST",
	"url": "https://bmchelix-cloudopsapi.onbmc.com/v1/actionpolicymappings/search",
	"headers": {
		"Content-Type": "application/json",
		"Authorization": "Bearer <TOKEN>"
	},
	"body":{
    "period": "$LATEST",
    "filter": "policy == 'AWS CIS S3 Buckets'",
    "pageSize":20
}
}


Request body


Response details

To invoke the action

API used: https://bmchelix-cloudopsapi.onbmc.com/v1/actioninvocations

Request

  1. On the Authorization Tab, choose the Bearer Token authorization type from the menu and provide authorization parameters:



Request Body Example 

{
	"method": "POST",
	"url": "https://bmchelix-cloudopsapi.onbmc.com/v1/actioninvocations",
	"headers": {
		"Content-Type": "application/json",
		"Authorization": "Bearer <TOKEN>"
	},
	"body":{
  "actionContent": "AWS CIS S3 Buckets_1.0.0",
  "invocations": [
    {
      "policy": "AWS CIS S3 Buckets",
      "rule": "1",
      "resource": "085319564565:chefdata",
      "connectorId": "7526e20d-deea-411e-a6bd-3eb70fa0f1c1",
      "actionName": "Fix violation 2.3 Ensure the S3 bucket CloudTrail logs to is not publicly accessible"

    }
  ]
}


Response

{
  "message": "Successfully submitted remediation request.",
  "invocationKey": "action_invocations/97223027309016641763/acd409c8-c461-4cfd-8e7e-96492fbbf2d2.json"
}

Request body


Response details


Was this page helpful? Yes No Submitting... Thank you
Last modified by Shweta Hardikar on Sep 23, 2020

Comments

Log in or register to comment.

Searching and interpreting evaluated results using the REST API
Endpoints in the current version of the REST API
© Copyright 2017-2023 BMC Software, Inc.
Legal notices

Powered by Atlassian Confluence and Scroll Viewport

© Copyright 2005-2024 BMC Software, Inc. Use of this site signifies your acceptance of BMC’s Terms of Use . BMC, the BMC logo, and other BMC marks are assets of BMC Software, Inc. These trademarks are registered and may be registered in the U.S. and in other countries.