| |
|---|
AdhocTemplateDTO |
Click here to expand...
{
contents: string *
The text contents
injectionFlag: boolean
Whether or not the contents contain device type interaction XML code
substitutionParameterCheckFlag: boolean
Whether or not the contents should be validated for correct substitution parameter syntax
} |
ComparisonCriteriaDTO | |
ComponentId |
Click here to expand...
{
id: string
The database key of the component; an incoming component can be identified either by its database key, or by its unique name, or by its name with qualifiers which are unique when combined; when this database key is present, it takes precedence and componentName and qualifiers(when present) are used to verify the retrieved component
componentName: string
The name of the component; an incoming component can be identified either by its database key, or by its unique name, or by its name with qualifiers which are unique when combined; this name is used to verify any component retrieved by database key, and is used if there is no database key or if the database key fails to resolve; for componentType Configuration and HardwareInventory, componentName is the created timestamp (in milliseconds); for componentType SecurityVulnerability, componentName is the securityVulnerabilityID; for componentType SnmpManagerStation, componentName is the address
componentType: string *
The type of the component, used to verify what is retrieved by key/name; valid values are: Combogroup, Condition, Configuration, Device, DeviceAdapter, DeviceAgent, DeviceSecurityProfile DynamicField, EmailDistributionList, Group, HardwareInventory, JobApprovalType, Keyword, Model, OsImage, PredefinedJob, Realm, RemoteFileServer, Role, Rule, RuleSet, SecurityVulnerability, SnmpManagerStation, Template, and User
qualifiers: {
Any additional single qualifier needed to identify the component uniquely, when the name alone is not sufficient; the map key is the extra attribute name string; the map value string completes the identification of the component; for componentType Configuration and HardwareInventory: key=deviceKey, value=database key of the device the item belongs to, key=deviceName, value=name of the device the item belongs to, key=timestamp, value=creation date/time in server display format; for componentType DeviceAdapter: key=adapterType, value=type of the device adapter, key=parent, value=parent or owner used for organizing certain types of adapters, key=vendorName, value=name of the vendor that owns a device type; for componentType DynamicField: key=type, value=base class name of the component associated with the dynamic field; for componentType Group, ComboGroup: key=realmName, value=name of the realm the group belongs to; for componentType Model: key=vendorGuid, value=the vendor GUID; for componentType OsImage: key=filename, value=name of the file(s) making up the image; for componentType SecurityVulnerability: key=vendorGuid, value=the vendor GUID
}
} |
CorrectiveCustomActionDTO |
Click here to expand...
Discriminator: "@class" : "com.bmc.bcan.rest.services.v4_0.RuleService$CorrectiveCustomActionDTO" {
commitFlag: boolean
Whether or not to commit changes after running the commands in the custom action
guid: string *
The GUID that identifies the type of action
markAsTrustedFlag: boolean
Whether or not any changed configurations resulting from running this action should be marked as trusted
name: string
The type of action referred to by the GUID (read-only)
rebootFlag: boolean
Whether or not the device should be rebooted after running the commands in the custom action
runtimeProperties: {
Name/value pairs for any runtime parameters, for substitution into device commands; this is a map where the key is the property name string and the value is the property value string
}
runtimePropertiesMasked: {
Name/value pairs for any runtime parameters, with passwords masked for display; this is a map where the key is the property name string and the value is the property value string (masked if it is a password; read-only)
}
} |
CorrectiveDeployOsImageActionDTO |
Click here to expand...
Discriminator: "@class" : "com.bmc.bcan.rest.services.v4_0.RuleService$CorrectiveDeployOsImageActionDTO" {
activationKey: string
When image source is from remote file server, license key to activate features in the binary image on the device
deleteCurrentImageId: integer *
How to handle the current image file, when the device supports file management of its binary files
files: [
When image source is from remote file server, which file (or files, for devices with multi-file images) are to be deployed
OsFileDTO
]
footprintKbytes: integer
When image source is from remote file server, the memory footprint, in kilobytes, for the remote image, to verify the new image can run in the device (for those devices that support memory size discovery)
imageFromLibraryId: ComponentId
When image source is image from library, identifies the OS image in the library
imageSourceId: integer *
Which OS image is to be deployed; as a rule corrective action, this is limited to an image from the library or an image from a remote file server
markAsTrustedFlag: boolean
Whether or not any changed configurations resulting from running this action should be marked as trusted
parallelExecutionFlag: boolean
When true, runs this action on multiple devices concurrently; when false, runs this action on multiple devices one by one sequentially (to reduce memory overhead due to large or identical images)
rebootTypeId: integer *
Whether or not to reboot after the image is deployed, and how to handle unsaved changes prior to rebooting
restoreAssociatedStartupFlag: boolean
Whether or not to restore the startup configuration active when an image from the library was active, or active at the selected date/time
targetImageFilesystem: string *
Where the binary file is to be placed on the device's file systems
transferModeId: integer
When image source is from remote file server, which file transfer mode is to be used to copy files from the remote server to the device
} |
CorrectiveDeployToActiveActionDTO |
Click here to expand...
Discriminator: "@class" : "com.bmc.bcan.rest.services.v4_0.RuleService$CorrectiveDeployToActiveActionDTO" {
commitFlag: boolean
Whether or not to commit changes after deploying the script or configuration
forceTunneledTransferFlag: boolean
Whether or not to deploy the script in tunneled mode, overriding the transfer mode set in the device
markAsTrustedFlag: boolean
Whether or not any changed configurations resulting from running this action should be marked as trusted
scriptParams: CorrectiveScriptParamsDTO*
Which script or configuration is to be deployed to the device
smartMergeModeId: integer
Selects to build an incremental merge script or a full merge script
stopOnSyntaxErrorFlag: boolean
When deploying in tunneled mode, whether or not to stop pushing commands from the script once a syntax error is detected
syntaxScanFlag: boolean
Whether or not to validate the command line syntax in the script prior to deploying it
} |
CorrectiveDeployToStoredActionDTO |
Click here to expand...
Discriminator: "@class" : "com.bmc.bcan.rest.services.v4_0.RuleService$CorrectiveDeployToStoredActionDTO" {
markAsTrustedFlag: boolean
Whether or not any changed configurations resulting from running this action should be marked as trusted
rebootFlag: boolean
Whether or not the device should be rebooted after deploying the script or configuration
scriptParams: CorrectiveScriptParamsDTO*
Which script or configuration is to be deployed to the device
} |
CorrectiveScriptParamsDTO |
Click here to expand...
{
adhocTemplate: AdhocTemplateDTO
When the selected script type is ad-hoc template, this is the template
templateId: ComponentId
When the selected script type is template, this identifies the template
runtimeProperties: {
When the selected script type is template, and the template contains runtime substitution parameters, this contains the name/value pairs for those parameters; this is a map where the key is the property name string and the value is the property value string
}
scriptTypeId: integer *
The selected script or configuration type; for a rule corrective action, this is limited to complying with this rule, template, and ad-hoc template
} |
CorrectiveSpanActionDTO | |
DomainAnywhereDTO |
Click here to expand...
Discriminator: "@class" : "com.bmc.bcan.rest.services.v4_0.RuleService$DomainAnywhereDTO" {
excludeTriggerFlag: boolean
Whether or not lines that match the trigger are removed from the lines in the domain
ignoreCommentsFlag: boolean
Whether or not comment lines (as defined by the device's device type) are removed from the lines in the domain
noOtherLinesContainingPattern: string
Regular expression to match lines that the rule does not allow to exist in the configuration outside of those lines already matched by the rule's subject; any sensitive configuration data is masked when you retrieve the rule if you are not granted the "Access Sensitive Data" system right; masked data cannot be stored into the rule
} |
DomainBlocksDTO |
Click here to expand...
Discriminator: "@class" : "com.bmc.bcan.rest.services.v4_0.RuleService$DomainBlocksDTO" {
begin: SearchStringDTO*
The configuration line that starts a block of contiguous lines; any sensitive configuration data is masked when you retrieve the rule if you are not granted the "Access Sensitive Data" system right; masked data cannot be stored into the rule
beginInclusiveFlag: boolean
Whether or not the line that matches the 'begin' value is part of the block and thus included in validation against the subject; note the end line is always excluded from subject matching
caseSensitiveFlag: boolean
Whether or not string matching is case sensitive
deleteEmptyBlocksFlag: boolean
When computing the compliant configuration during remediation, if removing lines such that the enclosing block becomes completely empty, this flag determines whether or not the empty enclosing block is also removed
distinctEndLinesFlag: boolean
Whether or not each begin line has a distinct matching end line, such that the removal of an empty block during remediation can safely remove the end line; some configurations use a closing brace or an exit to delimit every block (in which case this flag should be true to prevent stray end lines being left behind); some configurations end a block with the start of a different block (in which case this flag should be false to prevent improper removal of unrelated lines)
end: SearchStringDTO*
The configuration line that ends a block of lines; any sensitive configuration data is masked when you retrieve the rule if you are not granted the "Access Sensitive Data" system right; masked data cannot be stored into the rule
excludeTriggerFlag: boolean
Whether or not lines that match the trigger are removed from the lines in the domain
frequency: string *
How many times the blocks can appear in the configuration: notAtAll: the block should never appear and the rule is violated if it does; atMostOnce: the block should appear zero or one times and the rule is violated if it appears more; exactlyOnce: the block should appear once and the rule is violated if it appears more; atLeastOnce: the block should appear one or more times and the rule is violated if it is missing; anyNumberOfTimes: the block can appear any number of times
ignoreCommentsFlag: boolean
Whether or not comment lines (as defined by the device's device type) are removed from the lines in the domain
ignoreEOLFlag: boolean
Whether or not line breaks are ignored when matching the subject against the lines in this domain; when true, all eligible lines within the block are concatenated together into a single line before being tested against the subject
ignoreBlocksContainingPattern: string
Regular expression to select blocks to be removed from the domain; when this pattern is matched by at least one line within a block, then that block is ignored; any sensitive configuration data is masked when you retrieve the rule if you are not granted the "Access Sensitive Data" system right; masked data cannot be stored into the rule
includeBlocksContainingPattern: string
Regular expression to select blocks to be included in the domain; when this pattern is matched by at least one line within a block, then that block is included in the domain; any sensitive configuration data is masked when you retrieve the rule if you are not granted the "Access Sensitive Data" system right; masked data cannot be stored into the rule
noOtherLinesContainingPattern: string
Regular expression to match lines that the rule does not allow to exist in the configuration outside of those lines already matched by the rule's subject; any sensitive configuration data is masked when you retrieve the rule if you are not granted the "Access Sensitive Data" system right; masked data cannot be stored into the rule
} |
DomainDTO | |
DomainImageDTO |
Click here to expand...
Discriminator: "@class" : "com.bmc.bcan.rest.services.v4_0.RuleService$DomainImageDTO" |
DomainLinesDTO |
Click here to expand...
Discriminator: "@class" : "com.bmc.bcan.rest.services.v4_0.RuleService$DomainLinesDTO" {
caseSensitiveFlag: boolean
Whether or not string matching is case sensitive
excludePattern: string
Regular expression for lines removed from the lines in the domain; any sensitive configuration data is masked when you retrieve the rule if you are not granted the "Access Sensitive Data" system right; masked data cannot be stored into the rule
excludeTriggerFlag: boolean
Whether or not lines that match the trigger are removed from the lines in the domain
ignoreCommentsFlag: boolean
Whether or not comment lines (as defined by the device's device type) are removed from the lines in the domain
includePattern: string *
Regular expression for lines included in the domain, selecting the lines that are validated against the subject; any sensitive configuration data is masked when you retrieve the rule if you are not granted the "Access Sensitive Data" system right; masked data cannot be stored into the rule
noOtherLinesContainingPattern: string
Regular expression to match lines that the rule does not allow to exist in the configuration outside of those lines already matched by the rule's subject; any sensitive configuration data is masked when you retrieve the rule if you are not granted the "Access Sensitive Data" system right; masked data cannot be stored into the rule
} |
DomainNestedBlocksDTO |
Click here to expand...
Discriminator: "@class" : "com.bmc.bcan.rest.services.v4_0.RuleService$DomainNestedBlocksDTO" {
blocks: [
The begin and end lines for the nested levels of blocks that enclose the lines of interest; any sensitive configuration data is masked when you retrieve the rule if you are not granted the "Access Sensitive Data" system right; masked data cannot be stored into the rule
NestedBlockDTO
] *
beginRegexFlag: boolean
Whether or not the begin strings represent regex patterns (true) or exact complete lines (false)
caseSensitiveFlag: boolean
Whether or not string matching is case sensitive
deleteEmptyBlocksFlag: boolean
When computing the compliant configuration during remediation, if removing lines such that the enclosing block becomes completely empty, this flag determines whether or not the empty enclosing block is also removed
distinctEndLinesFlag: boolean
Whether or not each begin line has a distinct matching end line, such that the removal of an empty block during remediation can safely remove the end line; some configurations use a closing brace or an exit to delimit every block (in which case this flag should be true to prevent stray end lines being left behind); some configurations end a block with the start of a different block (in which case this flag should be false to prevent improper removal of unrelated lines)
endRegexFlag: boolean
Whether or not the end strings represent regex patterns (true) or exact complete lines (false)
excludeTriggerFlag: boolean
Whether or not lines that match the trigger are removed from the lines in the domain
frequency: string *
How many times the innermost blocks can appear in the configuration: notAtAll: the block should never appear and the rule is violated if it does; atMostOnce: the block should appear zero or one times and the rule is violated if it appears more; exactlyOnce: the block should appear once and the rule is violated if it appears more; atLeastOnce: the block should appear one or more times and the rule is violated if it is missing; anyNumberOfTimes: the block can appear any number of times
ignoreCommentsFlag: boolean
Whether or not comment lines (as defined by the device's device type) are removed from the lines in the domain
ignoreEOLFlag: boolean
Whether or not line breaks are ignored when matching the subject against the lines in this domain; when true, all eligible lines within the innermost block are concatenated together into a single line before being tested against the subject
ignoreBlocksContainingPattern: string
Regular expression to select blocks to be removed from the domain; when this pattern is matched by at least one line within an innermost block, then that block is ignored; any sensitive configuration data is masked when you retrieve the rule if you are not granted the "Access Sensitive Data" system right; masked data cannot be stored into the rule
includeBlocksContainingPattern: string
Regular expression to select blocks to be included in the domain; when this pattern is matched by at least one line within an innermost block, then that block is included in the domain; any sensitive configuration data is masked when you retrieve the rule if you are not granted the "Access Sensitive Data" system right; masked data cannot be stored into the rule
innermostBeginInclusiveFlag: boolean
Whether or not the line that matches the 'begin' value of the innermost block is part of that block and thus included in validation against the subject; note the end line is always excluded from subject matching
noOtherLinesContainingPattern: string
Regular expression to match lines that the rule does not allow to exist in the configuration outside of those lines already matched by the rule's subject; any sensitive configuration data is masked when you retrieve the rule if you are not granted the "Access Sensitive Data" system right; masked data cannot be stored into the rule
} |
DynamicFieldValueDTO |
Click here to expand...
{
id: string
The database key of the dynamic field whose value this is (read-only)
name: string
The name of the dynamic field (read-only)
values: [
The value(s) for the dynamic field; for a single-value field, only the first entry is relevant; read-only for Auto Derived and Configuration Profiled types
string
]
dynamicFieldDetailsLink: string
Link to get more detailed information about the dynamic field (read-only)
} |
ImportResultDTO |
Click here to expand...
{
filename: string
Name of the file that was imported
message: string
Description of what happened while importing the security vulnerability; could be added, modified, skipped, or failed, with a reason provided for skipped and failed
securityVulnerabilityDetailsLink: string
Link to get more detailed information about the imported security vulnerability; null when import did not succeed
securityVulnerabilityID: string
The unique identifying tag assigned by the vendor or other originating authority to the security vulnerability; will be null when some overall import error occurred or when the input contained nothing to be imported
successFlag: boolean
Whether or not the import was successful
} |
NestedBlockDTO |
Click here to expand...
{
begin: string *
The line that a block begins with
end: string *
The line that a block, beginning with the 'begin' line, ends with
} |
NumericCriteriaDTO |
Click here to expand...
Discriminator: "@class" : "com.bmc.bcan.rest.services.v4_0.RuleService$NumericCriteriaDTO" {
max: string
Number at the upper bound of valid values; string to allow use of substitution parameters
min: string
Number at the lower bound of valid values; string to allow use of substitution parameters
notFlag: boolean
For the "is" vs "is not" selection; true for "is not"
operatorId: integer *
How numbers are compared; valid values are the integer operators (except not "Not Equal To")
} |
OsFileDTO |
Click here to expand...
{
imageTypeName: string
What type of binary file this is, when a device supports multi-file images; required on update when referring to an existing file within an existing DeployOsImageActionDTO
name: string
The name of the file; required on update when referring to an existing file within an existing DeployOsImageActionDTO
sizeBytes: integer
The size of the file in bytes; required on update when referring to an existing file within an existing DeployOsImageActionDTO
messageDigest: string
The MD5 checksum or digest; required on update when referring to an existing file within an existing DeployOsImageActionDTO
} |
OsImageReleaseDTO |
Click here to expand...
{
major: string *
The first element of a version number; asterisk wildcard is allowed
minor: string *
The second element of a version number; asterisk wildcard is allowed
build: string *
The rest of a version number; asterisk wildcard is allowed
} |
OsVersionRangeDTO |
Click here to expand...
{
displayString: string
Displayable version of this range of versions (read-only)
maxVersion: string
The maximum OS version for this range
maxVersionExclusive: boolean
Whether or not the range is exclusive of the maxVersion; when true the rule is not compatible with the maxVersion
minVersion: string
The minimum OS version for this range
minVersionExclusive: boolean
Whether or not the range is exclusive of the minVersion; when true the rule is not compatible with the minVersion
osImageNamePrefix: string *
Name of the operating system for which this range is applicable
} |
RuleDTO |
Click here to expand...
{
id: string
The rule's unique database key (read-only)
name: string *
The rule's display name
activationDate: date-time
When the rule starts to be active; when the timestamp is missing the timezone, the server local timezone is assumed
Example: 2017-01-31T13:45:00.000+0000
annotation: string
Notes, comments, description, explanation
applicableModelIds: [
Which models this rule is applied to; when null or empty, the rule applies to all models
ComponentId ]
applicableSecurityContextTypeId: integer
The types of security contexts this rule applies to
applicableTrailIds: [
The configuration trails this rule applies to
ComponentId
] *
canCopyFlag: boolean
Whether or not the user is allowed to copy this rule (read-only)
canDeleteFlag: boolean
Whether or not the user is allowed to delete this rule (read-only)
canEditFlag: boolean
Whether or not the user is allowed to edit this rule (read-only)
correctableFlag: boolean
Whether or not this rule is correctable (read-only)
correctiveActions: {
How a rule violation can be corrected; map key is the configuration trail GUID; map value is a CorrectiveSpanActionDTO that applies a correction to the configuration that is in violation, resulting in the violation being cleared
}
cveIDs: [
Associated security vulnerability CVE ID(s): when the rule is associated with a security vulnerability, this is read-only
string
]
deactivationDate: date-time
When the rule stops being active; when the timestamp is missing the timezone, the server local timezone is assumed
Example: 2017-01-31T13:45:00.000+0000
deviceTypeId: ComponentId
Which device type and vendor this rule applies to; null means it applies to all device types
domain: DomainDTO*
What part of the configuration is to be examined
excludedGroupFilters: {
The names of any groups whose member devices are excluded from being checked against this rule; map key is the name of the group (asterisk wildcards allowed); map value is a list of ComponentId containing the realm(s) that own the groups of interest (where a null value means all realms)
}
excludedSpanIds: [
Any network spans whose member devices are excluded from being checked against this rule
ComponentId
]
excludedSpans: string
String version of the excludedSpanIds and excludedGroupFilters fields, listing the names of the excluded network spans (read-only)
maximumOSVersion: OsImageReleaseDTO
The maximum OS version, for when this rule applies to a min/max range of operating system versions
maximumOSVersionName: string
Displayable version of the maximumOSVersion, in major.minor.build format (read-only)
minimumOSVersion: OsImageReleaseDTO
The minimum OS version, for when this rule applies to a min/max range of operating system versions
minimumOSVersionName: string
Displayable version of the minimumOSVersion, in major.minor.build format (read-only)
osImageNamePatterns: [
The regular expressions for matching on OS version names, when this rule applies to a discrete set of images
string
]
osVersionRanges: [
The OS version ranges, for when this rule applies to a varied range of operating system versions
OsVersionRangeDTO
]
ruleSetId: ComponentId*
Identifies the owning rule set
ruleSetDetailsLink: string
Link to get complete details about the owning rule set (read-only)
ruleSetEnabledFlag: boolean
Whether or not the owning rule set is enabled
securityVulnerabilityId: ComponentId
Identifies any security vulnerability associated with this rule
severityId: integer *
The violation severity
subject: SubjectDTO*
What content is to be verified in the configuration, that determines the presence of a violation
substitutionParameterCheckFlag: boolean
Whether or not the trigger, domain and subject are to be validated for proper substitution parameter syntax
trigger: TriggerDTO
Content that must appear in the configuration in order for this rule to be applied
dynamicFields: [
The dynamic fields
DynamicFieldValueDTO
]
} |
SearchStringDTO |
Click here to expand...
{
regexFlag: boolean
Whether or not the 'string' represents a regex pattern (true) or an exact complete line (false)
string: string *
Text for matching against a configuration line
} |
SecurityVulnerabilityDTO |
Click here to expand...
{
id: string
The vulnerability's unique database key (read-only)
securityVulnerabilityID: string
The unique identifying tag assigned by the vendor or other originating authority
affectedOsVersions: [
The operating system versions which are vulnerable
string
]
affectedProducts: [
The models or product lines which are vulnerable
string
]
associatedRules: [
The rules generated from this vulnerability or manually associated with it
ComponentId
]
baseScore: float
The severity of this vulnerability, per the Common Vulnerability Scoring System (CVSS)
cveIDs: string
The IDs back into the central CVE database
descriptions: [
Longer description or explanation of the issue
string
]
deviceTypes: [
Device type name(s) or GUID(s) associated with the affected products and OS versions
string
]
firstImportedTimestamp: date-time
When this vulnerability was first imported into the system
Example: 2017-01-31T13:45:00.000+0000
initialReleaseTimestamp: date-time
When this vulnerability was first released by the originating authority
Example: 2017-01-31T13:45:00.000+0000
lastImportedTimestamp: date-time
When this vulnerability was last updated via import into the system
Example: 2017-01-31T13:45:00.000+0000
lastModifiedTimestamp: date-time
When this vulnerability was last updated by the originating authority
Example: 2017-01-31T13:45:00.000+0000
notificationUrls: [
URLs to the vendor's site with more details about this vulnerability
string
]
remediations: [
What a user can do to fix or alleviate or avoid this vulnerability
string
]
status: string
Status of the vulnerability, which indicates if future updates are likely or not (for example, "Final" means no more updates)
title: string
The short summary of this vulnerability
unenforceableVersions: [
Operating system versions reported by the originating authority that lack any sort of version number and cannot be converted into an applicable OS image name pattern in a rule, and thus cannot be enforced without manual modification of the rule
string
]
vendorId: ComponentId
The vendor that originated this vulnerability
version: string
The version of this vulnerability, when version numbering is supported by the originating authority
} |
SecurityVulnerabilityFilterDTO |
Click here to expand...
{
affectedOsVersionMatch: string
Search for security vulnerabilities with an affected operating system version matching this wildcard-enabled string
affectedProductMatch: string
Search for security vulnerabilities with an affected product matching this wildcard-enabled string
anyTextContentMatch: string
Search for security vulnerabilities with any text-oriented field that matches this wildcard-enabled string
associatedRuleNameMatch: string
Search for security vulnerabilities with an associated rule whose name matches this wildcard-enabled string
baseScoreFloatRange: string
Search for security vulnerabilities whose base score falls within this numeric range
cveIdMatch: string
Search for security vulnerabilities with a CVE ID matching this wildcard-enabled string
descriptionMatch: string
Search for security vulnerabilities with a description matching this wildcard-enabled string
deviceTypeGuidOrNameMatch: string
Search for security vulnerabilities associated either with this specific device type (when the deviceTypeOptionFlag is false), or with a device type name matching this wildcard-enabled string (when deviceTypeOptionFlag is true)
deviceTypeOptionFlag: boolean
Whether or not to search security vulnerabilities by device type name; when true, the deviceTypeGuidOrNameMatch contains a device type name matching string; when false, deviceTypeGuidOrNameMatch contains an exact device type GUID; when null, deviceTypeGuidOrNameMatch is ignored and no device-type-based filtering is done
firstImported: TimePeriodDTO
Search for security vulnerabilities whose initial import date/time falls within this date/time range
idMatch: string
Search for security vulnerabilities whose ID matches this wildcard-enabled string
initialRelease: TimePeriodDTO
Search for security vulnerabilities whose initial publication date/time falls within this date/time range
lastImported: TimePeriodDTO
Search for security vulnerabilities whose last import or update date/time falls within this date/time range
remediationMatch: string
Search for security vulnerabilities with a remediation matching this wildcard-enabled string
statusMatch: string
Search for security vulnerabilities whose status matches this wildcard-enabled string
titleMatch: string
Search for security vulnerabilities whose title matches this wildcard-enabled string
unenforceableVersionMatch: string
Search for security vulnerabilities with an unenforceable version matching this wildcard-enabled string
vendorId: ComponentId
{{Search for security vulnerabilities associated with this vendor }}
} |
SubjectDTO |
Click here to expand...
Subclasses:
SubjectLinesDTO
SubjectLineDTO
SubjectPatternDTO
SubjectPatternsDTO {
caseSensitiveFlag: boolean
Whether or not string matching is case sensitive
frequency: string *
How many times the specified string(s) can appear within the domain: notAtAll: the string(s) should never appear and the rule is violated if they do; atMostOnce: the string(s) should appear zero or one times and the rule is violated if they appear more; exactlyOnce: the string(s) should appear once and the rule is violated if they appear more; atLeastOnce: the string(s) should appear one or more times and the rule is violated if they are missing
ignoreWhitespaceFlag: boolean
Whether or not whitespace within configuration lines is ignored
} |
SubjectLineDTO |
Click here to expand...
Discriminator: "@class" : "com.bmc.bcan.rest.services.v4_0.RuleService$SubjectLineDTO" {
caseSensitiveFlag: boolean
Whether or not string matching is case sensitive
frequency: string *
How many times the specified string(s) can appear within the domain: notAtAll: the string(s) should never appear and the rule is violated if they do; atMostOnce: the string(s) should appear zero or one times and the rule is violated if they appear more; exactlyOnce: the string(s) should appear once and the rule is violated if they appear more; atLeastOnce: the string(s) should appear one or more times and the rule is violated if they are missing
ignoreWhitespaceFlag: boolean
Whether or not whitespace within configuration lines is ignored
line: string *
Literal line to look for within the domain; any sensitive configuration data is masked when you retrieve the rule if you are not granted the "Access Sensitive Data" system right; masked data cannot be stored into the rule
} |
SubjectLinesDTO |
Click here to expand...
Discriminator: "@class" : "com.bmc.bcan.rest.services.v4_0.RuleService$SubjectLinesDTO" {
caseSensitiveFlag: boolean
Whether or not string matching is case sensitive
frequency: string *
How many times the specified string(s) can appear within the domain: notAtAll: the string(s) should never appear and the rule is violated if they do; atMostOnce: the string(s) should appear zero or one times and the rule is violated if they appear more; exactlyOnce: the string(s) should appear once and the rule is violated if they appear more; atLeastOnce: the string(s) should appear one or more times and the rule is violated if they are missing
ignoreWhitespaceFlag: boolean
Whether or not whitespace within configuration lines is ignored
combinedWithAndFlag: boolean
Whether or not the lines are combined with the AND operation (true; line one AND line two AND line three, and so on) or with the OR operation (false; line one OR line two OR line three, and so on)
contiguousFlag: boolean
Whether or not any other non-matching lines from the configuration are allowed to appear interspersed within the matched subject lines
lines: [
The literal lines to look for within the configuration (in the order the lines are to appear, when the orderedFlag is set); any sensitive configuration data is masked when you retrieve the rule if you are not granted the "Access Sensitive Data" system right; masked data cannot be stored into the rule
string
] *
orderedFlag: boolean
Whether or not the lines are matched in order
} |
SubjectOrderedVersionDTO |
Click here to expand...
Discriminator: "@class" : "com.bmc.bcan.rest.services.v4_0.RuleService$SubjectOrderedVersionDTO" {
caseSensitiveFlag: boolean
Whether or not string matching is case sensitive
frequency: string *
How many times the specified string(s) can appear within the domain: notAtAll: the string(s) should never appear and the rule is violated if they do; atMostOnce: the string(s) should appear zero or one times and the rule is violated if they appear more; exactlyOnce: the string(s) should appear once and the rule is violated if they appear more; atLeastOnce: the string(s) should appear one or more times and the rule is violated if they are missing
ignoreWhitespaceFlag: boolean
Whether or not whitespace within configuration lines is ignored
correction: string
A literal line to apply as a correction when the subject pattern is not matched as required; any sensitive configuration data is masked when you retrieve the rule if you are not granted the "Access Sensitive Data" system right; masked data cannot be stored into the rule
pattern: string *
The regular expression for matching a line within the domain; any sensitive configuration data is masked when you retrieve the rule if you are not granted the "Access Sensitive Data" system right; masked data cannot be stored into the rule
max: string
Version at the upper bound of valid values
min: string
Version at the lower bound of valid values
operatorId: integer *
How versions are to be compared; valid values are the integer operators (except not "Equal To" and "Not Equal To")
} |
SubjectParsedLineDTO |
Click here to expand...
Discriminator: "@class" : "com.bmc.bcan.rest.services.v4_0.RuleService$SubjectParsedLineDTO" {
caseSensitiveFlag: boolean
Whether or not string matching is case sensitive
frequency: string *
How many times the specified string(s) can appear within the domain: notAtAll: the string(s) should never appear and the rule is violated if they do; atMostOnce: the string(s) should appear zero or one times and the rule is violated if they appear more; exactlyOnce: the string(s) should appear once and the rule is violated if they appear more; atLeastOnce: the string(s) should appear one or more times and the rule is violated if they are missing
ignoreWhitespaceFlag: boolean
Whether or not whitespace within configuration lines is ignored
correction: string
A literal line to apply as a correction when the subject pattern is not matched as required; any sensitive configuration data is masked when you retrieve the rule if you are not granted the "Access Sensitive Data" system right; masked data cannot be stored into the rule
pattern: string *
The regular expression for matching a line within the domain; any sensitive configuration data is masked when you retrieve the rule if you are not granted the "Access Sensitive Data" system right; masked data cannot be stored into the rule
comparisonCriteria: [
How the values within a line are compared
ComparisonCriteriaDTO
] *
} |
SubjectPatternDTO |
Click here to expand...
Subclasses:
SubjectOrderedVersionDTO
SubjectParsedLineDTO {
caseSensitiveFlag: boolean
Whether or not string matching is case sensitive
frequency: string *
How many times the specified string(s) can appear within the domain: notAtAll: the string(s) should never appear and the rule is violated if they do; atMostOnce: the string(s) should appear zero or one times and the rule is violated if they appear more; exactlyOnce: the string(s) should appear once and the rule is violated if they appear more; atLeastOnce: the string(s) should appear one or more times and the rule is violated if they are missing
ignoreWhitespaceFlag: boolean
Whether or not whitespace within configuration lines is ignored
correction: string
A literal line to apply as a correction when the subject pattern is not matched as required; any sensitive configuration data is masked when you retrieve the rule if you are not granted the "Access Sensitive Data" system right; masked data cannot be stored into the rule
pattern: string *
The regular expression for matching a line within the domain; any sensitive configuration data is masked when you retrieve the rule if you are not granted the "Access Sensitive Data" system right; masked data cannot be stored into the rule
} |
SubjectPatternsDTO |
Click here to expand...
Discriminator: "@class" : "com.bmc.bcan.rest.services.v4_0.RuleService$SubjectPatternsDTO" {
caseSensitiveFlag: boolean
Whether or not string matching is case sensitive
frequency: string *
How many times the specified string(s) can appear within the domain: notAtAll: the string(s) should never appear and the rule is violated if they do; atMostOnce: the string(s) should appear zero or one times and the rule is violated if they appear more; exactlyOnce: the string(s) should appear once and the rule is violated if they appear more; atLeastOnce: the string(s) should appear one or more times and the rule is violated if they are missing
ignoreWhitespaceFlag: boolean
Whether or not whitespace within configuration lines is ignored
combinedWithAndFlag: boolean
Whether or not the patterns are combined with the AND operation (true; pattern one AND pattern two AND pattern three, and so on) or with the OR operation (false; pattern one OR pattern two OR pattern three, and so on)
contiguousFlag: boolean
Whether or not any other non-matching lines from the configuration are allowed to appear interspersed within the matched subject lines
corrections: [
The literal lines to apply as corrections when the subject patterns are not matched as required; any sensitive configuration data is masked when you retrieve the rule if you are not granted the "Access Sensitive Data" system right; masked data cannot be stored into the rule
string
]
forceAllCorrectionsFlag: boolean
When true, every correction line is applied if any of the patterns is violated; when false, only the correction line that corresponds positionally to the failed pattern is applied
orderedFlag: boolean
Whether or not the patterns are matched in order
patterns: [
The regular expressions to match within the configuration; (in the order the lines are to appear, when the orderedFlag is set); any sensitive configuration data is masked when you retrieve the rule if you are not granted the "Access Sensitive Data" system right; masked data cannot be stored into the rule
string
] *
} |
TextCriteriaDTO |
Click here to expand...
Discriminator: "@class" : "com.bmc.bcan.rest.services.v4_0.RuleService$TextCriteriaDTO" {
caseSensitiveFlag: boolean
Whether or not string comparisons are case sensitive
compareTo: [
One or more values that the parsed value will be compared against; the strings are treated as literal text or as regular expressions, depending on the operator
string
] *
operatorId: integer *
How text values are compared; a positive value matches literal text strings; a negative value matches using regular expressions; 4 = Equals; 5 = Does Not Equal; -4 = Matches; -5 = Does Not Match
} |
TimePeriodDTO |
Click here to expand...
{
timePeriodTypeId: integer *
What sort of time period this is
timePeriodTypeName: string
The meaning of the numeric timePeriodTypeId (read-only)
startTimestamp: date-time
The start date/time. Required only for certain user-defined time period types of After and Range; when the timestamp is missing the timezone, the server local timezone is assumed
Example: 2017-01-31T13:45:00.000+0000
endTimestamp: date-time
The end date/time. Required only for certain user-defined time period types of Before and Range; when the timestamp is missing the timezone, the server local timezone is assumed
Example: 2017-01-31T13:45:00.000+0000
} |
TriggerDTO |
Click here to expand...
{
caseSensitiveFlag: boolean
Whether or not pattern matching is case sensitive
pattern: string *
Regular expression for matching lines in the configuration, to trigger application of this rule; any sensitive configuration data is masked when you retrieve the rule if you are not granted the "Access Sensitive Data" system right; masked data cannot be stored into the rule
scope: integer
Specifies where to search for the triggering data in the configuration; values are: 0 for within the entire configuration, or 1 for within the domain(s)
} |
