Triggering remediation using the REST API
Overview of use case
This use case shows how to trigger remediation on a specific resource on a non-compliant rule for specific policy using the Cloud Security API.
Before you begin
Ensure that the following prerequisites are met:
- You are a registered user within BMC Helix Cloud Security.
- A policy in BMC Helix Cloud Security is available against which the remediation of a specific resource on a non-compliant rule can be initiated.
- Post Man Client is installed as required tool on the system.
High-Level process
Using the API, perform the following steps:
Log on to BMC Helix Cloud Security with your registered credentials:
https://bmchelix-cloudopsapi.onbmc.com/v3/users/login
Generate the access token:
https://bmchelix-cloudopsapi.onbmc.com/v3/auth/tokens
Search/get list of connectors:
https://bmchelix-cloudopsapi.onbmc.com/v1/connectorservice/connectors/search
Search ActionPolicyMappings:
https://bmchelix-cloudopsapi.onbmc.com/v1/actionpolicymappings/search
Invoke action:
https://bmchelix-cloudopsapi.onbmc.com/v1/actioninvocations
To log on to BMC Helix Cloud Security
API used: https://bmchelix-cloudopsapi.onbmc.com/v3/users/login
Request
Example
Header
Content-Type:application/json
Body
{
"id": "john_smith@companyabc",
"password": "P@ssw0rd"
}
Response
"user_id": "26116073073078869423",
"first_name": "john",
"last_name": "smith",
"tenant_id": "97223027309016641763",
"tenant_name": "BMC Software",
"user_status": "ENABLE",
"last_login_time": 1568038988898,
"last_selected_tenant_id": "97223027309016641763",
"trial_expiry_time": 0,
"token": "eyJraWQiOiJmMjQyY2RhMi0wMGE3LTQyMWMtYWMzMy02MmQ3MzE4ODkxM2YiLCJ0eXAiOiJKV1QiLCJhbGciOiJSUzUxMiJ9.eyJzdWIiOiIyNjExNjA3MzA3MzA3ODg2OTQyMyIsImF1ZCI6ImJtY190cnVlc2lnaHRfY2xvdWRfc2VydmljZXMiLCJhbXIiOltdLCJpc3MiOiJibWNfdHJ1ZXNpZ2h0X2Nsb3VkX3NlcnZpY2VzX2lkbSIsInR5cGUiOiJSRUZfVE9LRU4iLCJleHAiOjE1NjgxMjU2MzEsImlhdCI6MTU2ODAzOTIzMSwianRpIjoiMTA4OGFhNmItMzY0ZC00MGMzLWI3MDQtNzNmOTk2MmZjZTgxIn0.TfXlfkq43ydCKXqt4cyX0refkMmA8mc8GA6rNTfVIkNgmA4fC7NMxqLb-YttkHzGTm0TmnuAY9hUzH-6bVnmzS8CLluo9AQY8wzWM7CLsfPFd_wnCD-Je0yRTEftspFj4b5ND_M_GnXbC6VYQpjbOthZbm-0wf_x3wuJGvI1XzqY-_8y4tMx-GfAlnyBVwmmXZb0ofl3vVpUZVRCLYtVApsjxfcMXNo6N5B2lJhk9e-4EajPGx21bDCTz5zwe4WeZ_-RO_Ve3NPSQayJ3PQzKD07w65MXFsohUyPH1DzD76CghR4EZt3hy7jDT7iLvBCH4MsGqV6FG9pnPxNWHAyCw",
"tenants": [
{
"tenant_id": "97223027309016641763",
"tenant_name": "BMC Software",
"is_msp_tenant": false,
"is_trial_tenant": false,
"trial_expiry_time": -1,
"organizations": [
{
"id": "1",
"name": "BMC Software"
},
{
"id": "2",
"name": "POV-TEST"
},
{
"id": "3",
"name": "POV-TEST-2"
},
{
"id": "4",
"name": "POV-TEST-3"
}
]
},
{
"tenant_id": "53230692198492071055",
"tenant_name": "BMC",
"is_msp_tenant": false,
"tenant_phone_number": "813-695-5599",
"is_trial_tenant": false,
"trial_expiry_time": -1,
"organizations": [
{
"id": "6",
"name": "Mobile Banking App Team"
},
{
"id": "7",
"name": "AWS Operations"
},
{
"id": "8",
"name": "AWSOperations"
},
{
"id": "2",
"name": "Stock Trader App Team"
},
{
"id": "3",
"name": "IT Service Team"
},
{
"id": "4",
"name": "COE Team"
},
{
"id": "9",
"name": "BT"
},
{
"id": "1",
"name": "BMC"
},
{
"id": "5",
"name": "Loan App Team"
}
]
}
]
}
Request
Response
To generate the access token
API used: https://bmchelix-cloudopsapi.onbmc.com/v3/auth/tokens
Request
{
"refresh_token": "eyJraWQiOiJmMjQyY2RhMi0wMGE3LTQyMWMtYWMzMy02MmQ3MzE4ODkxM2YiLCJ0eXAiOiJKV1QiLCJhbGciOiJSUzUxMiJ9.eyJzdWIiOiIyNjExNjA3MzA3MzA3ODg2OTQyMyIsImF1ZCI6ImJtY190cnVlc2lnaHRfY2xvdWRfc2VydmljZXMiLCJhbXIiOltdLCJpc3MiOiJibWNfdHJ1ZXNpZ2h0X2Nsb3VkX3NlcnZpY2VzX2lkbSIsInR5cGUiOiJSRUZfVE9LRU4iLCJleHAiOjE1NjgxMjQ3MDIsImlhdCI6MTU2ODAzODMwMiwianRpIjoiNzM5MGViZWUtNTFjNC00YTdmLThlM2MtMzRmMDE3MjQ2M2VkIn0.PUMSSwfMUzAY_DA4tnTE6X7VnwYvp13x3Gj4YlUwXuMq3YRep3oOUzYk1td87tSWlho2sRkL19UM4PbTSe7X2W3aN8PwfIm24Msmg5WuP416aoMKNQ8F3-WvXEh56UlDRKZdo87GICvHcpvCHvHy8gk8GW1cKGYlnzDNDrJNgnQTAtwxzO8DBenXU2STBbNa4gUCpUwJvGWWmv4NvkFj15MnnMT2Cbp_oOSVK_bQLMSQ8qHsnIS0yL9KHBaT4cQJ0ZA0iYO7o4HXe-6YxPhrRILHLLbB-ViDkgdEtg7fP6HjCQiLxT1eudqMHTaAz-ZPW3vHLwGUDG-chdaRQ8cE4Q",
"context": {
"tenant_id": "9722302730901664176334",
"org_id": 1
}
}
Response
{
"json_web_token": "eyJraWQiOiJmMjQyY2RhMi0wMGE3LTQyMWMtYWMzMy02MmQ3MzE4ODkxM2YiLCJ0eXAiOiJKV1QiLCJhbGciOiJSUzUxMiJ9.eyJzdWIiOiIyNjExNjA3MzA3MzA3ODg2OTQyMyIsImF1ZCI6ImJtY190cnVlc2lnaHRfY2xvdWRfc2VydmljZXMiLCJhbXIiOlsiZXlKMWMyVnlYMmxrSWpvaU1qWXhNVFl3TnpNd056TXdOemc0TmprME1qTWlMQ0owWlc1aGJuUmZhV1FpT2lJNU56SXlNekF5TnpNd09UQXhOalkwTVRjMk15SXNJblZ6WlhKZmMzUmhkSFZ6SWpvaVJVNUJRa3hGSWl3aWJHRnpkRjlzYjJkcGJsOTBhVzFsSWpveE5UWTRNRE00T1RnNE9EazRMQ0pqYjI1MFpYaDBJanA3SW5SbGJtRnVkRjlwWkNJNklqazNNakl6TURJM016QTVNREUyTmpReE56WXpJaXdpYVhOZmJYTndYM1JsYm1GdWRDSTZabUZzYzJVc0luQmxjbTFwYzNOcGIyNXpJanBiSWtsdVpuSmhMa0ZqWTI5MWJuUnpMbFpwWlhjaUxDSkpibVp5WVM1RmVHTmxjSFJwYjI1ekxsWnBaWGNpTENKSmJtWnlZUzVCZFhSdmJXRjBhVzl1TGsxaGJtRm5aU0lzSWtsdVpuSmhMa0YxZEc5dFlYUnBiMjR1Vm1sbGR5SXNJa2x1Wm5KaExsSnZiR1Z6TGxacFpYY2lMQ0pKYm1aeVlTNURiMjV1WldOMGIzSnpMbFpwWlhjaUxDSkpibVp5WVM1R1pXRjBkWEpsUm14aFp5NVdhV1YzSWl3aVVHOXNhV041TGtGamRHbHZibEJ2YkdsamVVMWhjSEJwYm1kekxrMWhibUZuWlNJc0lrbHVabkpoTGs5eVoyRnVhWHBoZEdsdmJuTXVUV0Z1WVdkbElpd2lVRzlzYVdONUxrRmpkR2x2Ym5NdVJYaGxZM1YwWlNJc0lsQnZiR2xqZVM1QlkzUnBiMjV6TGxacFpYY2lMQ0pKYm1aeVlTNVNaWE52ZFhKalpWQnZiMnh6TGsxaGJtRm5aU0lzSWtOdmMzUXVRblZrWjJWMGN5NVdhV1YzSWl3aVNXNW1jbUV1VlhObGNuTXVUV0Z1WVdkbElpd2lVRzlzYVdONUxsSmxZMjl0YldWdVpHRjBhVzl1Y3k1V2FXVjNJaXdpU1c1bWNtRXVRMjl1Ym1WamRHOXlTVzV6ZEdGdVkyVXVTVzUyYjJ0bElpd2lRMjl6ZEM1U1pXTnZiVzFsYm1SaGRHbHZibk11Vm1sbGR5SXNJa2x1Wm5KaExrTnZibTVsWTNSdmNrbHVjM1JoYm1ObGN5NVdhV1YzSWl3aVNXNW1jbUV1U1VSUVV5NU5ZVzVoWjJVaUxDSlFiMnhwWTNrdVFXTjBhVzl1VUc5c2FXTjVUV0Z3Y0dsdVozTXVWbWxsZHlJc0lrbHVabkpoTGxWelpYSnpMbFpwWlhjaUxDSkpibVp5WVM1RGIyNXVaV04wYjNKekxrTnZiVzFoYm1SRmVHVmpkWFJsSWl3aVNXNW1jbUV1VW1WemIzVnlZMlZ6TGxacFpYY2lMQ0pRYjJ4cFkza3VVRzlzYVdONVVtVnpkV3gwY3k1V2FXVjNJaXdpUTI5emRDNVNaVzFsWkdsaGRHbHZibk11U1c1MmIydGxJaXdpU1c1bWNtRXVSWGhqWlhCMGFXOXVjeTVOWVc1aFoyVWlMQ0pRYjJ4cFkza3VVRzlzYVdOcFpYTXVWbWxsZHlJc0lsQnZiR2xqZVM1U1pXMWxaR2xoZEdsdmJuTXVTVzUyYjJ0bElpd2lVRzlzYVdONUxrVjJZV3gxWVhScGIyNXpMbFpwWlhjaUxDSlFiMnhwWTNrdVEyOXVibVZqZEc5eVVHOXNhV05wWlhNdVRXRnVZV2RsSWl3aVVHOXNhV041TGtGamRHbHZibk11VFdGdVlXZGxJaXdpU1c1bWNtRXVVbVZ3YjNKMGN5NU5ZVzVoWjJVaUxDSlFiMnhwWTNrdVEyOXVibVZqZEc5eVVHOXNhV05wWlhNdVZtbGxkeUlzSWtOdmMzUXVRblZrWjJWMGN5NU5ZVzVoWjJVaUxDSlFiMnhwWTNrdVFXTjBhVzl1VW1WemRXeDBjeTVXYVdWM0lpd2lVRzlzYVdONUxsQnZiR2xqYVdWekxrMWhibUZuWlNJc0lrbHVabkpoTGs5eVoyRnVhWHBoZEdsdmJuTXVWbWxsZHlJc0lrbHVabkpoTGtsRVVGTXVWbWxsZHlJc0lrTnZjM1F1VW1WemIzVnlZMlZRYjI5c2N5NU5ZVzVoWjJVaUxDSkpibVp5WVM1RGIyNXVaV04wYjNKekxrMWhibUZuWlNJc0lrTnZjM1F1VW1WdFpXUnBZWFJwYjI1ekxsWnBaWGNpTENKSmJtWnlZUzVKZEdsc0xsWnBaWGNpTENKUWIyeHBZM2t1Um1WbFpDNVFkV0pzYVhOb0lpd2lTVzVtY21FdVVtVnpiM1Z5WTJWUWIyOXNjeTVXYVdWM0lpd2lTVzVtY21FdVNYUnBiQzVOWVc1aFoyVWlMQ0pEYjNOMExsWnBaWGNpTENKSmJtWnlZUzVWYzJWeVNXNXpkR0Z1WTJVdVRXRnVZV2RsSWwwc0ltOXlaMkZ1YVhwaGRHbHZibk1pT2xzaU5DSXNJak1pTENJeUlpd2lNU0pkTENKeWIyeGxjeUk2V3lKVVpXNWhiblJCWkcxcGJpSmRMQ0p2Y21kZmFXUWlPaUl4SWl3aWRtbGxkMTl2Y21kZmFXUnpJanBiSWpFaVhYMHNJblJsYm1GdWRITWlPbHRkZlE9PSJdLCJpc3MiOiJibWNfdHJ1ZXNpZ2h0X2Nsb3VkX3NlcnZpY2VzX2lkbSIsInR5cGUiOiJBQ0NFU1NfVE9LRU4iLCJleHAiOjE1NjgwNDAxMzUsImlhdCI6MTU2ODAzOTIzNSwianRpIjoiNTE2MjMxMWMtMjI1Zi00MTVlLThmMTctNDY4NjlkNDY4YzgwIn0.XAjCW5MaEkJJaOb4xp8E-U8IIXOfpXj90XbyOKY7r9Qn_FuOAsu0D4l54S4rEZB-uYhDjFGHnozV3iMDBhmnXGCHg9OapvWD-5MFhnUD30QsZbb48PaA0IchZOQ_EN5J6JwQ3L1PyvuanRwmnVSG8jFEYyGKz90cQJHSkalzqAGovNCUQ2OL2IeZVwylsxnJpayrvJ7wbdeMW_ctGWISIFeHlNQtsh0gtB3SJG5RqUTUYDi1JIF2meIQ9E9eiJfnYh_QafHNM0x6vdN9MyPqYsnw-jMvEj6aUX9bEsuGutf5IamyD820fgwZFHzzJ79Zo5zEW8UUpSSjxnvwo6X-lg"
}
Request
Response
To search/get a list of connectors
API used: https://bmchelix-cloudopsapi.onbmc.com/v1/connectorservice/connectors/search
Request
- On the Authorization Tab, choose the Bearer Token authorization type from the menu and provide authorization parameters:
Example
{
"method": "POST",
"url": "https://bmchelix-cloudopsapi.onbmc.com/v1/ruleresults/search",
"headers": {
"Content-Type": "application/json",
"Authorization": "Bearer <TOKEN>"
},
"body":{
"period": "$LATEST",
"filter": "not contains(definitionTags,'services:secure') "
}
}
Response
Example
{
"data": [
{
"id": "BNe73Rx5bBEjGng9efn5",
"name": "3July19-AWSOnPremConnDisable",
"state": "Disabled",
"type": "aws-collector",
"status": null,
"errors": "[]",
"version": "19.05.371",
"warnings": "[]",
"tenantId": "97223027309016641763",
"collectionFrequency": "-1",
"collectionProgress": 100,
"collectionStatus": "Remaining : 0",
"creationTime": 1562172001000,
"eventDrivenEnabled": null,
"hostName": "true",
"isEnabled": false,
"isHosted": null,
"lastDataReceivedTime": 1562172316000,
"lastHeartbeatTime": 1562257374000,
"nextCollectionTime": -1,
"updateTime": 1565673950526,
"userGroupId": "admin",
"userEmailId": "asubheda@bmc.com",
"costIngestionStatistics": null,
"utilizationIngestionStatistics": null,
"definitionTags": null
},
{
"id": "eF0rTyF6ptcckBspC7QU",
"name": "3July19-AWSOnPremConnDisAfter",
"state": "Disabled",
"type": "aws-collector",
"status": null,
"errors": "[]",
"version": "19.05.371",
"warnings": "[]",
"tenantId": "97223027309016641763",
"collectionFrequency": "-1",
"collectionProgress": 100,
"collectionStatus": "Collection cycle completed.",
"creationTime": 1562256540000,
"eventDrivenEnabled": null,
"hostName": "true",
"isEnabled": false,
"isHosted": null,
"lastDataReceivedTime": 1562256861000,
"lastHeartbeatTime": 1562257405000,
"nextCollectionTime": 1562256860000,
"updateTime": 1562257405000,
"userGroupId": "admin",
"userEmailId": "asubheda@bmc.com",
"costIngestionStatistics": null,
"utilizationIngestionStatistics": null,
"definitionTags": null
},
{
"id": "rAMRNeVK23yz6tttIYHN",
"name": "AmitBase-POV",
"state": "Downloaded",
"type": "base-connector",
"status": null,
"errors": "[]",
"version": "19.04.158",
"warnings": "[]",
"tenantId": "97223027309016641763",
"collectionFrequency": "43200000",
"collectionProgress": null,
"collectionStatus": null,
"creationTime": 1565136000000,
"eventDrivenEnabled": false,
"hostName": null,
"isEnabled": true,
"isHosted": false,
"lastDataReceivedTime": null,
"lastHeartbeatTime": null,
"nextCollectionTime": 1565136000000,
"updateTime": null,
"userGroupId": "admin",
"userEmailId": null,
"costIngestionStatistics": null,
"utilizationIngestionStatistics": null,
"definitionTags": [
"services:policyservice"
]
},
{
"id": "T32qtwsIF5tkp365uUnv",
"name": "AmitDevAWS",
"state": "Running",
"type": "aws-cloud-connector",
"status": null,
"errors": "[]",
"version": "1.0.0",
"warnings": "[]",
"tenantId": "97223027309016641763",
"collectionFrequency": "-1",
"collectionProgress": 100,
"collectionStatus": "Collection cycle completed.",
"creationTime": 1565136000000,
"eventDrivenEnabled": false,
"hostName": null,
"isEnabled": true,
"isHosted": true,
"lastDataReceivedTime": null,
"lastHeartbeatTime": 1566490650369,
"nextCollectionTime": 1566490699804,
"updateTime": 1566540586962,
"userGroupId": "admin",
"userEmailId": null,
"costIngestionStatistics": null,
"utilizationIngestionStatistics": null,
"definitionTags": [
""
]
}
],
"metaData": [
{
"total": 4
}
]
}
Request body
Response Details: List of connectors
To search ActionPolicyMappings
API used: https://bmchelix-cloudopsapi.onbmc.com/v1/actionpolicymappings/search
Request
- On the Authorization Tab, choose the Bearer Token authorization type from the menu and provide authorization parameters:
Request Body Example
{
"method": "POST",
"url": "https://bmchelix-cloudopsapi.onbmc.com/v1/actionpolicymappings/search",
"headers": {
"Content-Type": "application/json",
"Authorization": "Bearer <TOKEN>"
},
"body":{
"period": "$LATEST",
"filter": "policy == 'AWS CIS S3 Buckets'",
"pageSize":20
}
}
Request body
Response details
To invoke the action
API used: https://bmchelix-cloudopsapi.onbmc.com/v1/actioninvocations
Request
- On the Authorization Tab, choose the Bearer Token authorization type from the menu and provide authorization parameters:
Request Body Example
{
"method": "POST",
"url": "https://bmchelix-cloudopsapi.onbmc.com/v1/actioninvocations",
"headers": {
"Content-Type": "application/json",
"Authorization": "Bearer <TOKEN>"
},
"body":{
"actionContent": "AWS CIS S3 Buckets_1.0.0",
"invocations": [
{
"policy": "AWS CIS S3 Buckets",
"rule": "1",
"resource": "085319564565:chefdata",
"connectorId": "7526e20d-deea-411e-a6bd-3eb70fa0f1c1",
"actionName": "Fix violation 2.3 Ensure the S3 bucket CloudTrail logs to is not publicly accessible"
}
]
}
Response
{
"message": "Successfully submitted remediation request.",
"invocationKey": "action_invocations/97223027309016641763/acd409c8-c461-4cfd-8e7e-96492fbbf2d2.json"
}
Request body
Response details
Comments
Log in or register to comment.