Managing Conformity accounts.
Note:
- The field
hasRealTimeMonitoring
is planned to be replaced withsubscriptionType
in the future. We advise new customers to use the new fieldsubscriptionType
, existing customers are able to continue using the fieldhasRealTimeMonitoring
until it has been replaced. When an account has thesubscriptionType
of 'advanced', Real-Time threat monitoring is enabled for the account. When an account has subscriptionType of 'essentials', Real-Time threat monitoring is disabled for the account.
List All Accounts
This endpoint allows you to query all accounts that you have access to.
OK
Unauthorized. The requesting user does not have enough privilege.
- 200
- 401
{- "data": [
- {
- "type": "accounts",
- "id": "AgA12vIwb",
- "attributes": {
- "name": "Test",
- "environment": "Prod",
- "awsaccount-id": 123456789012,
- "security-package": true,
- "created-date": 1505595441887,
- "last-notified-date": 1505595441887,
- "last-checked-date": 1505595441887,
- "last-monitoring-event-date": 1505595441887,
- "consumption-tier": "Small: 250-999 resources",
- "meta": {
- "is-deprecated-rules-free": true
}, - "tags": [
- "prod"
], - "cloud-type": "AWS",
- "managed-group-id": "a4ab13d0-8578-4894-138c-65bc3fe3d92f",
- "resource-count": 100
}, - "relationships": {
- "organisation": {
- "data": {
- "type": "organisations",
- "id": "B1nHYYpwx"
}
}
}
}
]
}
Create An AWS Account
This endpoint is used to register a new AWS account with Cloud Conformity.
Note to Cloud One Users: Upon a successful account creation API request, an Email communication channel is set up pending configuration from the Conformity UI. For details on channel configuration, see: Email Communication.
IMPORTANT: In order to register a new AWS account, you need to:
Obtain your External ID from Get Organisation External ID
Configure your account using CloudFormation automation (Note: You need to specify
ExternalID
parameter for both options)Option 1 Launch stack via the console:
Option 2 via the AWS CLI:
aws cloudformation create-stack --stack-name CloudConformity --region us-east-1 --template-url https://s3-us-west-2.amazonaws.com/cloudconformity/CloudConformity.template --parameters ParameterKey=AccountId,ParameterValue=717210094962 ParameterKey=ExternalId,ParameterValue=THE_EXTERNAL_ID --capabilities CAPABILITY_NAMED_IAM
Verify stack creation is completed, and then create a new account (see below) with Cloud Conformity using your roleArn and externalId.
Note:
- Conformity Bot will not run immediately after creating a new AWS account. Once your AWS account is successfully onboarded, it may take up to 24 hours for Conformity Bot to run.
- the server will not accept both hasRealTimeMonitoring and subscriptionType in the request body. Please provide either hasRealTimeMonitoring or subscriptionType or neither.
Example Request with the old field hasRealTimeMonitoring:
curl -X POST \
-H "Content-Type: application/vnd.api+json" \
-H "Authorization: ApiKey S1YnrbQuWagQS0MvbSchNHDO73XHqdAqH52RxEPGAggOYiXTxrwPfmiTNqQkTq3p" \
-d '
{
"data": {
"type": "account",
"attributes": {
"name": "Myaccount",
"environment": "MyEnv",
"access": {
"keys": {
"roleArn": "YOUR_ROLE_ARN",
"externalId": "THE_EXTERNAL_ID"
}
},
"hasRealTimeMonitoring": true
}
}
}' \
https://us-west-2-api.cloudconformity.com/v1/accounts
Example Request with new field subscriptionType:
curl -X POST \
-H "Content-Type: application/vnd.api+json" \
-H "Authorization: ApiKey S1YnrbQuWagQS0MvbSchNHDO73XHqdAqH52RxEPGAggOYiXTxrwPfmiTNqQkTq3p" \
-d '
{
"data": {
"type": "account",
"attributes": {
"name": "Myaccount",
"environment": "MyEnv",
"access": {
"keys": {
"roleArn": "YOUR_ROLE_ARN",
"externalId": "THE_EXTERNAL_ID"
}
},
"subscriptionType": "advanced"
}
}
}' \
https://us-west-2-api.cloudconformity.com/v1/accounts
Example Response:
{
"data": {
"type": "accounts",
"id": "H19NxMi5-",
"attributes": {
"name": "Myaccount",
"environment": "MyEnv",
"awsaccount-id": "123456789012",
"status": "ACTIVE",
"has-real-time-monitoring": true, // **Note:** This field is planned to be replaced with subscription-type in the future.
"meta": {
"is-deprecated-rules-free": true
},
"created-date": 1505595441887,
"settings": {
"communication": {
"channels": [
{
"name": "email",
"users": ["H13rFYTvl"],
"enabled": true,
"levels": ["EXTREME", "VERY_HIGH", "HIGH"]
}
]
},
"rules": {},
"access": {
"type": "CROSS_ACCOUNT",
"stackId": "arn:aws:cloudformation:us-east-1:123456789012:stack/CloudConformity/56db5b90-7ebb-11e7-8a78-500c28902e99"
}
}
},
"subscription-type": "advanced",
"cloud-id": "123456789012",
"relationships": {
"organisation": {
"data": {
"type": "organisations",
"id": "B1nHYYpwx"
}
}
}
}
}
Request Body schema: application/vnd.api+json
object |
OK
Unauthorized. The requesting user does not have enough privilege.
Unprocessed Entity. Validation error.
- Payload
{- "data": {
- "type": "account",
- "attributes": {
- "name": "Myaccount",
- "environment": "MyEnv",
- "access": {
- "keys": {
- "roleArn": "YOUR_ROLE_ARN",
- "externalId": "THE_EXTERNAL_ID"
}
}, - "hasRealTimeMonitoring": true,
- "tags": [
- "production",
- "Sydney"
]
}
}
}
- 200
- 401
- 422
{- "data": {
- "type": "accounts",
- "id": "H19NxMi5-",
- "attributes": {
- "name": "MyAccount",
- "environment": "Prod",
- "awsaccount-id": 123456789012,
- "status": "ACTIVE",
- "has-real-time-monitoring": true,
- "security-package": true,
- "created-date": 1505595441887,
- "last-notified-date": 1505595441887,
- "last-checked-date": 1505595441887,
- "last-monitoring-event-date": 1505595441887,
- "subscription-type": "advanced",
- "cloud-id": 123456789012,
- "meta": {
- "is-deprecated-rules-free": true
}, - "bot-status": "RUNNING",
- "cloud-type": "aws",
- "managed-group-id": "rhGZeSTwT",
- "tags": [
- "YOUR TAG"
], - "settings": {
- "communication": {
- "channels": [
- {
- "name": "email",
- "users": [
- null
], - "enabled": true,
- "levels": [
- null
]
}
]
}, - "rules": [
- {
- "enabled": false,
- "id": "S3-021",
- "riskLevel": "HIGH"
}
], - "bot": {
- "disabledRegions": {
- "us-east-1": true,
- "us-west-2": true
}, - "lastModifiedFrom": "13.237.98.102",
- "disabled": false,
- "disabledUntil": 1505595441887,
- "delay": 2,
- "lastModifiedBy": "NHohT7Gr7"
}, - "access": {
- "type": "CROSS_ACCOUNT",
- "stackId": "arn:aws:cloudformation:us-east-1:123456789012:stack/CloudConformity/56db5b90-7ebb-11e7-8a78-500c28902e99"
}
}
}, - "subscription-type": "advanced",
- "relationships": {
- "organisation": {
- "data": {
- "type": "organisations",
- "id": "B1nHYYpwx"
}
}
}
}
}
Create An Azure Subscription
This endpoint is used to register a new Azure Subscription with an already onboarded Microsoft Entra ID on Conformity.
Note:
- Conformity Bot will not run immediately after creating a new Azure account. Once your Azure account is successfully onboarded, it may take up to 24 hours for Conformity Bot to run.
- Real Time Monitoring is currently not available for Azure subscriptions.
- The
subscriptionType
of Azure subscriptions defaults toessentials
. - Cloud One Users: Upon a successful account creation API request, an Email communication channel is set up pending configuration from the Conformity UI. For details on channel configuration, see: Email Communication.
IMPORTANT: In order to register a new Azure Subscription, you need to:
- Consult the HELP pages to Setup Cloud Conformity Azure Access Application
- Provide the ID of an Microsoft Entra ID already registered with Conformity. If you do not have an existing Microsoft Entra ID on Conformity, this can be added via the application.
Request Body schema: application/vnd.api+json
object |
OK
Unauthorized. The requesting user does not have enough privilege.
Unprocessed Entity. Validation error.
- Payload
{- "data": {
- "type": "account",
- "attributes": {
- "name": "MySubscription",
- "environment": "MyEnvironment",
- "access": {
- "subscriptionId": "YOUR_AZURE_SUBSCRIPTION_ID",
- "activeDirectoryId": "MICROSOFT_ENTRA_ID_ID"
}, - "tags": [
- "production",
- "sydney"
]
}
}
}
- 200
- 401
- 422
{- "data": {
- "type": "accounts",
- "id": "qiaj7JPEz",
- "attributes": {
- "name": "MySubscription",
- "environment": "Prod",
- "status": "ACTIVE",
- "security-package": true,
- "created-date": 1505595441887,
- "bot-status": "RUNNING",
- "cloud-type": "azure",
- "managed-group-id": "ROo8Q7xyJ",
- "cloud-id": "YOUR_AZURE_SUBSCRIPTION_ID",
- "meta": {
- "is-deprecated-rules-free": true
}, - "cloud-data": {
- "azure": {
- "subscriptionId": "YOUR_AZURE_SUBSCRIPTION_ID"
}
}
}, - "subscription-type": "advanced",
- "relationships": {
- "organisation": {
- "data": {
- "type": "organisations",
- "id": "B1nHYYpwx"
}
}
}
}
}
Create A GCP Account
This endpoint is used to create a new GCP account in Conformity.
Note:
- Conformity Bot will not run immediately after creating a new GCP account. Once your GCP account is successfully onboarded, it may take up to 24 hours for Conformity Bot to run.
- Real Time Monitoring is currently not available for GCP accounts..
- The
subscriptionType
of GCP accounts defaults toessentials
. - You can retrieve your
serviceAccountUniqueId
from your GCP group's settings under GCP Service Account Unique ID - Default Cloud GCP projects generated by Apps Scripts can't be added.
Request Body schema: application/vnd.api+json
object |
OK
Unauthorized. The requesting user does not have enough privilege.
Unprocessed Entity. Validation error.
- Payload
{- "data": {
- "type": "account",
- "attributes": {
- "name": "MySubscription",
- "environment": "MyEnvironment",
- "tags": [
- "production",
- "Sydney"
], - "access": {
- "projectId": "YOUR_PROJECT_ID",
- "projectName": "YOUR_PROJECT_NAME",
- "serviceAccountUniqueId": "YOUR_SERVICE_ACCOUNT_UNIQUE_ID"
}
}
}
}
- 200
- 401
- 422
{- "data": {
- "type": "accounts",
- "id": "qiaj7JPEz",
- "attributes": {
- "name": "MyGcpAccount",
- "environment": "Prod",
- "status": "ACTIVE",
- "security-package": true,
- "created-date": 1505595441887,
- "bot-status": "RUNNING",
- "cloud-type": "gcp",
- "managed-group-id": "ROo8Q7xyJ",
- "cloud-data": {
- "gcp": {
- "projectId": "YOUR_PROJECT_ID",
- "projectName": "YOUR_PROJECT_NAME"
}
}, - "cloud-id": "YOUR_PROJECT_ID",
- "meta": {
- "is-deprecated-rules-free": true
}
}, - "subscription-type": "essentials",
- "relationships": {
- "organisation": {
- "data": {
- "type": "organisations",
- "id": "B1nHYYpwx"
}
}
}
}
}
Get Account Details
This endpoint allows you to get the details of the specified account.
Note: If the account contains rule settings that are marked as deprecated and have not been disabled (enabled
: false
), the following meta warning will be included in the response:
{
"meta": {
"deprecation": {
"warning": {
"message": "1 manually configured rule in this account is deprecated. Refer to our Help Pages for instructions.",
"link": "https://cloudone.trendmicro.com/docs/conformity/rules/",
"rules": [
{
"riskLevel": "LOW",
"id": "RuleID-001",
"extraSettings": null,
"provider": "aws",
"enabled": true,
"exceptions": {
"resources": null,
"tags": null,
"filterTags": null
}
}
]
}
}
}
}
OK
Unauthorized. The requesting user does not have enough privilege.
- 200
- 401
{- "data": {
- "type": "accounts",
- "id": "H19NxMi5-",
- "attributes": {
- "name": "MyAccount",
- "environment": "Prod",
- "awsaccount-id": 123456789012,
- "error-code": null,
- "status": "ACTIVE",
- "security-package": true,
- "created-date": 1505595441887,
- "last-notified-date": 1505595441887,
- "last-checked-date": 1505595441887,
- "last-monitoring-event-date": 1505595441887,
- "bot-status": "RUNNING",
- "cloud-type": "aws",
- "tags": [
- "YOUR TAG"
], - "managed-group-id": "rhGZeSTwT",
- "consumption-tier": "Small: 250-999 resources",
- "cloud-id": 123456789012,
- "meta": {
- "is-deprecated-rules-free": true
}, - "resources-count": 842,
- "settings": {
- "communication": {
- "channels": [
- {
- "name": "email",
- "users": [
- null
], - "enabled": true,
- "levels": [
- null
]
}
]
}, - "rules": [
- {
- "enabled": false,
- "id": "S3-021",
- "riskLevel": "HIGH"
}
], - "bot": {
- "disabledRegions": {
- "us-east-1": true,
- "us-west-2": true
}, - "lastModifiedFrom": "13.237.98.102",
- "disabled": false,
- "disabledUntil": 1505595441887,
- "delay": 2,
- "lastModifiedBy": "NHohT7Gr7"
}, - "access": {
- "type": "CROSS_ACCOUNT",
- "stackId": "arn:aws:cloudformation:us-east-1:123456789012:stack/CloudConformity/56db5b90-7ebb-11e7-8a78-500c28902e99"
}
}
}, - "relationships": {
- "organisation": {
- "data": {
- "type": "organisations",
- "id": "B1nHYYpwx"
}
}
}
}
}
Update Account
A PATCH request to this endpoint allows changes to the account name and environment.
We recommend you first Get account details to verify that the subscription needs to be updated.
IMPORTANT: Only ADMINs and users with FULL access to the specified account can use this endpoint.
OK
Unauthorized. The requesting user does not have enough privilege.
- Payload
{- "data": {
- "attributes": {
- "name": "MyAccount",
- "environment": "Prod",
- "tags": [
- "string"
]
}
}
}
- 200
- 401
{- "data": {
- "name": "MyAccount",
- "environment": "Prod",
- "awsaccount-id": 123456789012,
- "error-code": null,
- "status": "ACTIVE",
- "has-real-time-monitoring": true,
- "security-package": true,
- "last-notified-date": 1505595441887,
- "last-checked-date": 1505595441887,
- "last-monitoring-event-date": 1505595441887,
- "subscription-type": "advanced",
- "bot-status": "RUNNING",
- "meta": {
- "is-deprecated-rules-free": true
}, - "tags": null,
- "managed-group-id": "ROo8Q7xyJ",
- "cloud-type": "aws",
- "resources-count": 842,
- "cloud-id": 123456789012,
- "relationships": {
- "organisation": {
- "data": {
- "type": "organisations",
- "id": "B1nHYYpwx"
}
}
}
}
}
Update Account Subscription
A PATCH request to this endpoint allows you to change the add-on package subscription of the specified account.
We recommend you first Get account details to verify that the subscription needs to be updated.
IMPORTANT: Only ADMIN users can use this endpoint.
Please note the server will not accept both hasRealTimeMonitoring and subscriptionType in the request body. Please provide either hasRealTimeMonitoring or subscriptionType or neither
Example Request with the old field hasRealTimeMonitoring:
curl -X PATCH \
-H "Content-Type: application/vnd.api+json" \
-H "Authorization: ApiKey S1YnrbQuWagQS0MvbSchNHDO73XHqdAqH52RxEPGAggOYiXTxrwPfmiTNqQkTq3p" \
-d '
{
"data": {
"attributes": {
"hasRealTimeMonitoring": true
}
}
}' \
https://us-west-2-api.cloudconformity.com/v1/accounts/AgA12vIwb/subscription
Example Request with new field subscriptionType:
curl -X PATCH \
-H "Content-Type: application/vnd.api+json" \
-H "Authorization: ApiKey S1YnrbQuWagQS0MvbSchNHDO73XHqdAqH52RxEPGAggOYiXTxrwPfmiTNqQkTq3p" \
-d '
{
"data": {
"attributes": {
"subscriptionType": "advanced"
}
}
}' \
https://us-west-2-api.cloudconformity.com/v1/accounts/AgA12vIwb/subscription
Example Response:
{
"data": {
"type": "accounts",
"id": "AgA12vIwb",
"attributes": {
"name": "myCCaccount",
"environment": "myAWSenv",
"awsaccount-id": "123456789101",
"status": "ACTIVE",
"has-real-time-monitoring": false, // **Note:** This field is planned to be replaced with subscription-type in the future.
"last-notified-date": 1504113512701,
"last-checked-date": 1504113511956,
"available-runs": 5,
"subscription-type": "advanced",
"created-date": 1504113511956,
"last-monitoring-event-date": 1504113511956,
"cloud-id": "123456789101",
"meta": {
"is-deprecated-rules-free": true
},
"settings": {
"rules": [
{
"riskLevel": "VERY_HIGH",
"id": "CT-001",
"extraSettings": null,
"provider": "aws",
"enabled": true
},
{
"ruleExists": false,
"riskLevel": "MEDIUM",
"id": "RTM-008",
"extraSettings": [
{
"name": "authorisedRegions",
"regions": true,
"type": "regions",
"value": null,
"values": ["eu-west-1", "eu-west-2"]
}
],
"provider": "aws",
"enabled": false
}
]
}
},
"relationships": {
"organisation": {
"data": {
"type": "organisations",
"id": "B1nHYYpwx"
}
}
}
}
}
OK
Unauthorized. The requesting user does not have enough privilege.
- Payload
{- "data": {
- "attributes": {
- "hasRealTimeMonitoring": true,
- "subscriptionType": "advanced"
}
}
}
- 200
- 401
{- "data": [
- {
- "type": "accounts",
- "id": "AgA12vIwb",
- "attributes": {
- "name": "MyAccount",
- "environment": "Prod",
- "awsaccount-id": 123456789012,
- "status": "ACTIVE",
- "has-real-time-monitoring": true,
- "security-package": true,
- "created-date": 1505595441887,
- "last-notified-date": 1505595441887,
- "last-checked-date": 1505595441887,
- "last-monitoring-event-date": 1505595441887,
- "subscription-type": "advanced",
- "cloud-id": 123456789012,
- "meta": {
- "is-deprecated-rules-free": true
}, - "bot-status": "RUNNING",
- "cloud-type": "aws",
- "managed-group-id": "rhGZeSTwT",
- "tags": [
- "YOUR TAG"
], - "settings": {
- "communication": {
- "channels": [
- {
- "name": null,
- "users": [ ],
- "enabled": null,
- "levels": [ ]
}
]
}, - "rules": [
- {
- "enabled": false,
- "id": "S3-021",
- "riskLevel": "HIGH"
}
], - "bot": {
- "disabledRegions": {
- "us-east-1": true,
- "us-west-2": true
}, - "lastModifiedFrom": "13.237.98.102",
- "disabled": false,
- "disabledUntil": 1505595441887,
- "delay": 2,
- "lastModifiedBy": "NHohT7Gr7"
}, - "access": {
- "type": "CROSS_ACCOUNT",
- "stackId": "arn:aws:cloudformation:us-east-1:123456789012:stack/CloudConformity/56db5b90-7ebb-11e7-8a78-500c28902e99"
}
}
}, - "relationships": {
- "organisation": {
- "data": {
- "type": "organisations",
- "id": "B1nHYYpwx"
}
}
}
}
]
}
Get Account Access Setting
This endpoint allows ADMIN users to get the current setting Cloud Conformity uses to access the specified account.
OK
Unauthorized. The requesting user does not have enough privilege.
- 200
- 401
{- "id": "BJ0Ox16Hb:access",
- "type": "settings",
- "attributes": {
- "type": "access",
- "configuration": {
- "externalId": "XTLFTLAXVS7G",
- "roleArn": "arn:aws:iam::222274792222:role/myRole"
}
}, - "relationships": {
- "organisation": {
- "data": {
- "type": "organisations",
- "id": "B1nHYYpwx"
}
}, - "account": {
- "data": {
- "type": "accounts",
- "id": "BJ0Ox16Hb"
}
}
}
}
Get Rule Setting
A GET
request to this endpoint allows you to get configured rule setting for the specified rule Id of the specified account.
If a specific rule has never been configured, the request will result in a 404
error.
For example, even if our bots run rule RDS-018
for your account hourly, if you have never configured it, trying to get rule settings for RDS-018
will result in a 404
error.
Note: If the rule setting being retrieved from the account is marked as deprecated and has not been disabled (enabled
: false
), the following meta warning will be included in the response:
{
"meta": {
"deprecation": {
"warning": {
"message": "1 manually configured rule in this account is deprecated. Refer to our Help Pages for instructions.",
"link": "https://cloudone.trendmicro.com/docs/conformity/rules/",
"rules": [
{
"riskLevel": "LOW",
"id": "RuleID-001",
"extraSettings": null,
"provider": "aws",
"enabled": true,
"exceptions": {
"resources": null,
"tags": null,
"filterTags": null
}
}
]
}
}
}
}
OK
Unauthorized. The requesting user does not have enough privilege.
Not found.
- 200
- 401
- 404
{- "data": {
- "type": "accounts",
- "id": "AgA12vIwb",
- "attributes": {
- "settings": {
- "rules": [
- {
- "riskLevel": "VERY_HIGH",
- "id": "CT-001",
- "extraSettings": null,
- "provider": "aws",
- "enabled": true
}, - {
- "riskLevel": "MEDIUM",
- "id": "RTM-005",
- "extraSettings": [
- {
- "name": "authorisedCountries",
- "countries": true,
- "type": "countries",
- "value": null,
- "values": [
- {
- "value": "CA",
- "label": "Canada"
}, - {
- "value": "US",
- "label": "United States"
}
]
}
], - "provider": "aws",
- "enabled": false
}, - {
- "riskLevel": "MEDIUM",
- "id": "RTM-008",
- "extraSettings": [
- {
- "name": "authorisedRegions",
- "regions": true,
- "type": "regions",
- "value": null,
- "values": [
- "eu-west-1",
- "eu-west-2"
]
}
], - "provider": "aws",
- "enabled": false
}, - {
- "riskLevel": "MEDIUM",
- "id": "RDS-018",
- "exceptions": {
- "resources": [
- "i-erw82heiu8"
], - "tags": [
- "mysql-backups"
], - "filterTags": [
- "dev"
]
}, - "extraSettings": [
- {
- "name": "threshold",
- "value": 90,
- "values": [ ],
- "type": [ ]
}
], - "provider": "aws",
- "enabled": false
}
], - "access": { }
}, - "access": null
}, - "relationships": {
- "organisation": {
- "data": {
- "type": "organisations",
- "id": "B1nHYYpwx"
}
}
}, - "meta": {
- "notes": [
- {
- "createdBy": "SYmS0YcL-",
- "createdDate": 1511456432526,
- "note": "hello world"
}
]
}
}
}
Update Rule Setting
A PATCH
request to this endpoint allows you to customize rule setting for the specified rule Id of the specified account.
This feature is used in conjunction with the GET
request to the same endpoint for copying rule setting from one account to another. An example of this function is provided in the examples folder.
IMPORTANT: To copy rule setting from one account to another, you first need to:
- Obtain rule setting from the desired account. Get rule setting
- Paste rule setting as is into the body of the PATCH request following the format below.
Example Request:
curl -X PATCH \
-H "Content-Type: application/vnd.api+json" \
-H "Authorization: ApiKey S1YnrbQuWagQS0MvbSchNHDO73XHqdAqH52RxEPGAggOYiXTxrwPfmiTNqQkTq3p" \
-d '
{
"data": {
"attributes": {
"ruleSetting": {
"ruleExists": false,
"riskLevel": "MEDIUM",
"id": "RDS-018",
"exceptions": {
"resources": ["i-erw82heiu8"],
"tags": ["mysql-backups"],
"filterTags": ["dev"]
},
"extraSettings": [
{
"name": "threshold",
"value": 90
}
],
"enabled": false
},
"note": "copied from account H19NxMi5- via the api"
}
}
}' \
https://us-west-2-api.cloudconformity.com/v1/accounts/AgA12vIwb/settings/rules/RDS-018
Example Response:
{
"data": {
"type": "accounts",
"id": "AgA12vIwb",
"attributes": {
"settings": {
"rules": [
{
"riskLevel": "VERY_HIGH",
"id": "CT-001",
"extraSettings": null,
"provider": "aws",
"enabled": true
},
{
"riskLevel": "MEDIUM",
"id": "RTM-005",
"extraSettings": [
{
"name": "authorisedCountries",
"countries": true,
"type": "countries",
"value": null,
"values": [
{
"value": "CA",
"label": "Canada"
},
{
"value": "US",
"label": "United States"
}
]
}
],
"provider": "aws",
"enabled": false
},
{
"ruleExists": false,
"riskLevel": "MEDIUM",
"id": "RTM-008",
"extraSettings": [
{
"name": "authorisedRegions",
"regions": true,
"type": "regions",
"value": null,
"values": ["eu-west-1", "eu-west-2"]
}
],
"provider": "aws",
"enabled": false
},
{
"ruleExists": false,
"riskLevel": "MEDIUM",
"id": "RDS-018",
"exceptions": {
"resources": ["i-erw82heiu8"],
"tags": ["mysql-backups"],
"filterTags": ["dev"]
},
"extraSettings": [
{
"name": "threshold",
"value": 90,
"values": [],
"type": []
}
],
"provider": "aws",
"enabled": false
}
],
"access": {}
},
"available-runs": 5,
"access": null
},
"relationships": {
"organisation": {
"data": {
"type": "organisations",
"id": "B1nHYYpwx"
}
}
}
}
}
Note: If the account contains rule settings that are marked as deprecated and have not been disabled (enabled
: false
), the following meta warning will be included in the response:
{
"meta": {
"deprecation": {
"warning": {
"message": "1 manually configured rule in this account is deprecated. Refer to our Help Pages for instructions.",
"link": "https://cloudone.trendmicro.com/docs/conformity/rules/",
"rules": [
{
"riskLevel": "LOW",
"id": "RuleID-001",
"extraSettings": null,
"provider": "aws",
"enabled": true,
"exceptions": {
"resources": null,
"tags": null,
"filterTags": null
}
}
]
}
}
}
}
Errors:
Some errors thrown from rule setting validation may need further clarification. Below is a list. For more information about specific rule configurations, consult Cloud Conformity Services Endpoint
Error Details | Resolution |
---|---|
This Real-Time Threat Monitoring package rule ruleId is not part of the account subscription |
You cannot configure rule settings for this rule. Try another rule. |
ruleId is not configurable from this endpoint. |
This is an organisation-setting which you cannot configure via this account rule settings endpoint. |
Rule risk level missing for ruleId |
ruleSetting.riskLevel is a required parameter |
Rule risk level provided for ruleId is incorrect |
only "LOW", "MEDIUM", "HIGH", "VERY_HIGH", and "EXTREME" are accepted risk levels |
Rule enable status is not valid for ruleId |
ruleSetting.enabled is a required boolean parameter |
One or more rule setting property is invalid for ruleId |
remove the ruleSetting property if it is not id , enabled , riskLevel , extraSettings , or ruleExists |
Provider XXX is invalid for ruleId |
provider must match the cloud provider for the rule |
Extra settings
Rule ruleId
is not configurable | remove ruleSetting.extraSettings
, you may only change risk level or enable/disable this rule. If you are directly copying this rule from another account and getting this message, this rule may have been previously configurable and is no longer.
OK
Unauthorized. The requesting user does not have enough privilege.
- Payload
{- "data": {
- "attributes": {
- "note": "copied from account H19NxMi5- via the api",
- "ruleSetting": {
- "riskLevel": "MEDIUM",
- "id": "RDS-018",
- "exceptions": {
- "resources": [
- "i-erw82heiu8"
], - "tags": [
- "mysql-backups"
], - "filterTags": [
- "dev"
]
}, - "extraSettings": [
- {
- "name": "threshold",
- "value": 90
}
], - "enabled": false
}
}
}
}
- 200
- 401
{- "data": {
- "type": "accounts",
- "id": "AgA12vIwb",
- "attributes": {
- "settings": {
- "rules": [
- {
- "riskLevel": "VERY_HIGH",
- "id": "CT-001",
- "extraSettings": null,
- "provider": "aws",
- "enabled": true
}, - {
- "riskLevel": "MEDIUM",
- "id": "RTM-005",
- "extraSettings": [
- {
- "name": "authorisedCountries",
- "countries": true,
- "type": "countries",
- "value": null,
- "values": [
- {
- "value": "CA",
- "label": "Canada"
}, - {
- "value": "US",
- "label": "United States"
}
]
}
], - "provider": "aws",
- "enabled": false
}, - {
- "riskLevel": "MEDIUM",
- "id": "RTM-008",
- "extraSettings": [
- {
- "name": "authorisedRegions",
- "regions": true,
- "type": "regions",
- "value": null,
- "values": [
- "eu-west-1",
- "eu-west-2"
]
}
], - "provider": "aws",
- "enabled": false
}, - {
- "riskLevel": "MEDIUM",
- "id": "RDS-018",
- "exceptions": {
- "resources": [
- "i-erw82heiu8"
], - "tags": [
- "mysql-backups"
], - "filterTags": [
- "dev"
]
}, - "extraSettings": [
- {
- "name": "threshold",
- "value": 90,
- "values": [ ],
- "type": [ ]
}
], - "provider": "aws",
- "enabled": false
}
], - "access": { }
}, - "access": null
}, - "relationships": {
- "organisation": {
- "data": {
- "type": "organisations",
- "id": "B1nHYYpwx"
}
}
}, - "meta": {
- "notes": [
- {
- "createdBy": "SYmS0YcL-",
- "createdDate": 1511456432526,
- "note": "hello world"
}
]
}
}
}
Get Rule Settings
A GET
request to this endpoint allows you to get rule settings for all configured rules of the specified account.
If a rule has never been configured, it will not show up in the resulting data.
For example, even if our bots run rule RDS-018
for your account hourly, if you have never configured it, it will not be part of the data body we send back.
This endpoint only returns configured rules. If you want to include default rule settings, set includeDefaults=true
in query parameters.
Note: If the account contains rule settings that are marked as deprecated and have not been disabled (enabled
: false
), the following meta warning will be included in the response:
{
"meta": {
"deprecation": {
"warning": {
"message": "1 manually configured rule in this account is deprecated. Refer to our Help Pages for instructions.",
"link": "https://cloudone.trendmicro.com/docs/conformity/rules/",
"rules": [
{
"riskLevel": "LOW",
"id": "RuleID-001",
"extraSettings": null,
"provider": "aws",
"enabled": true,
"exceptions": {
"resources": null,
"tags": null,
"filterTags": null
}
}
]
}
}
}
}
Rule settings
Every rule in Cloud Conformity can be configured via API. These rule settings can disable or enable rules, change default risk level, setup exceptions and configure rule-specific settings.
Rule settings returned from GET /v1/accounts/{accountId}/settings/rules?includeDefaults=true
endpoint
are formatted as the following example:
{
"id": "EC2-012",
"enabled": true,
"riskLevel": "MEDIUM",
"exceptions": {
"tags": ["Role::Temporary", "TagKey::TagValue", "TagKeyOrValue"],
"filterTags": ["role::temporary", "tagkey::tagvalue", "tagKeyOrvalue"],
"resources": ["i-98f25d31", "another EC2 instance ID"]
},
"extraSettings": [
{
"name": "threshold",
"type": "single-number-value",
"value": 100
}
],
"configured": false
}
Extra setting types
These formats are are found in type
field of rule extra settings:
multiple-string-values
- Usage: Used when one or more strings are required.
- UI: List of text fields
Example:
{
"id": "EC2-017",
//...
"extraSettings": [
{
"name": "desiredInstanceTypes",
"type": "multiple-string-values",
"values": [
{
"value": "t2.micro"
},
{
"value": "m3.medium"
},
{
"value": "m3.large"
}
]
}
]
//...
}
multiple-object-values
- Usage: Used when one or more sets of values are required.
- UI: Table of text fields
Example:
{
"id": "RTM-01a",
//...
"extraSettings": [
{
"name": "desiredInstanceTypes",
"type": "multiple-object-values",
"valueKeys": ["eventName", "eventSource", "userIdentityType"],
"values": [
{
"value": {
"eventName": "^(iam.amazonaws.com)",
"eventSource": "^(IAM).*",
"userIdentityType": "^(Delete).*"
}
}
]
}
]
//...
}
choice-multiple-value
- Usage: Used when one or more selections from a predefined set of values are required.
- UI: List of checkboxes
Note that all allowed values are returned from GET /v1/accounts/{accountId}/settings/rules?includeDefaults=true
endpoint
Example:
{
"id": "RTM-009",
//...
"extraSettings": [
{
"name": "ConfigurationChanges",
"values": [
{
"value": "internetGateway",
"enabled": true
},
{
"value": "securityGroup",
"enabled": false
},
{
"value": "elasticNetworkInterface",
"enabled": true
},
{
"value": "virtualPrivateCloud",
"enabled": false
}
]
}
]
//...
}
choice-single-value
- Usage: Used when a single value should be selected from multiple choices.
- UI: List of radio buttons
Note that the allowed values differ for each rule:
- Support-001 (Support Plan)
- "Basic"
- "Developer"
- "Business"
- "Enterprise"
- EC2-025 (EC2 Instance Tenancy)
- "default"
- "dedicated"
- "host"
- ELB-008 (ELB Listener Security)
- "1" (Yes)
- "0" (No)
- ELB-010, ELBv2-004 (ELB/ELBv2 Minimum Number Of EC2 Instances)
- Minimum Number Of EC2 Instances
- 1 (One instance)
- 2 (Two instances)
- Minimum Number Of EC2 Instances
- ELBv2-005 (ELBv2 ALB Listener Security)
- Include Internal Load Balancers
- "1" (Yes)
- "0" (No)
- Include Internal Load Balancers
Example:
{
"id": "Support-001",
//...
"extraSettings": [
{
"name": "level",
"type": "choice-single-value",
"value": "Developer"
}
]
//...
}
countries
- Usage: Used when one or more countries should be selected.
- UI: Multi-select list of countries
For certain rule settings, extra settings require configuration for a "countries" value. Value of each item is a country code.
Example:
{
"id": "RTM-005",
//...
"extraSettings": [
{
"name": "authorisedCountries",
"type": "countries",
"values": [
{
"value": "CA"
},
{
"value": "AU"
},
{
"value": "US"
},
{
"value": "UM"
}
],
"countries": true
}
//..
]
//...
}
Below is the list of supported countries and their respective codes:
Country Name | Code |
---|---|
Other Country | O1 |
Andorra | AD |
United Arab Emirates | AE |
Afghanistan | AF |
Antigua and Barbuda | AG |
Anguilla | AI |
Albania | AL |
Armenia | AM |
Angola | AO |
Asia/Pacific Region | AP |
Antarctica | AQ |
Argentina | AR |
American Samoa | AS |
Austria | AT |
Australia | AU |
Aruba | AW |
Aland Islands | AX |
Azerbaijan | AZ |
Bosnia and Herzegovina | BA |
Barbados | BB |
Bangladesh | BD |
Belgium | BE |
Burkina Faso | BF |
Bulgaria | BG |
Bahrain | BH |
Burundi | BI |
Benin | BJ |
Saint Bartelemey | BL |
Bermuda | BM |
Brunei Darussalam | BN |
Bolivia | BO |
Bonaire, Saint Eustatius and Saba | BQ |
Brazil | BR |
Bahamas | BS |
Bhutan | BT |
Bouvet Island | BV |
Botswana | BW |
Belarus | BY |
Belize | BZ |
Canada | CA |
Cocos (Keeling) Islands | CC |
Congo, The Democratic Republic of the | CD |
Central African Republic | CF |
Congo | CG |
Switzerland | CH |
Cote d'Ivoire | CI |
Cook Islands | CK |
Chile | CL |
Cameroon | CM |
China | CN |
Colombia | CO |
Costa Rica | CR |
Cuba | CU |
Cape Verde | CV |
Curacao | CW |
Christmas Island | CX |
Cyprus | CY |
Czech Republic | CZ |
Germany | DE |
Djibouti | DJ |
Denmark | DK |
Dominica | DM |
Dominican Republic | DO |
Algeria | DZ |
Ecuador | EC |
Estonia | EE |
Egypt | EG |
Western Sahara | EH |
Eritrea | ER |
Spain | ES |
Ethiopia | ET |
Europe | EU |
Finland | FI |
Fiji | FJ |
Falkland Islands (Malvinas) | FK |
Micronesia, Federated States of | FM |
Faroe Islands | FO |
France | FR |
Gabon | GA |
United Kingdom | GB |
Grenada | GD |
Georgia | GE |
French Guiana | GF |
Guernsey | GG |
Ghana | GH |
Gibraltar | GI |
Greenland | GL |
Gambia | GM |
Guinea | GN |
Guadeloupe | GP |
Equatorial Guinea | GQ |
Greece | GR |
South Georgia and the South Sandwich Islands | GS |
Guatemala | GT |
Guam | GU |
Guinea-Bissau | GW |
Guyana | GY |
Hong Kong | HK |
Heard Island and McDonald Islands | HM |
Honduras | HN |
Croatia | HR |
Haiti | HT |
Hungary | HU |
Indonesia | ID |
Ireland | IE |
Israel | IL |
Isle of Man | IM |
India | IN |
British Indian Ocean Territory | IO |
Iraq | IQ |
Iran, Islamic Republic of | IR |
Iceland | IS |
Italy | IT |
Jersey | JE |
Jamaica | JM |
Jordan | JO |
Japan | JP |
Kenya | KE |
Kyrgyzstan | KG |
Cambodia | KH |
Kiribati | KI |
Comoros | KM |
Saint Kitts and Nevis | KN |
Korea, Democratic People's Republic of | KP |
Korea, Republic of | KR |
Kuwait | KW |
Cayman Islands | KY |
Kazakhstan | KZ |
Lao People's Democratic Republic | LA |
Lebanon | LB |
Saint Lucia | LC |
Liechtenstein | LI |
Sri Lanka | LK |
Liberia | LR |
Lesotho | LS |
Lithuania | LT |
Luxembourg | LU |
Latvia | LV |
Libyan Arab Jamahiriya | LY |
Morocco | MA |
Monaco | MC |
Moldova, Republic of | MD |
Montenegro | ME |
Saint Martin | MF |
Madagascar | MG |
Marshall Islands | MH |
Macedonia | MK |
Mali | ML |
Myanmar | MM |
Mongolia | MN |
Macao | MO |
Northern Mariana Islands | MP |
Martinique | MQ |
Mauritania | MR |
Montserrat | MS |
Malta | MT |
Mauritius | MU |
Maldives | MV |
Malawi | MW |
Mexico | MX |
Malaysia | MY |
Mozambique | MZ |
Namibia | NA |
New Caledonia | NC |
Niger | NE |
Norfolk Island | NF |
Nigeria | NG |
Nicaragua | NI |
Netherlands | NL |
Norway | NO |
Nepal | NP |
Nauru | NR |
Niue | NU |
New Zealand | NZ |
Oman | OM |
Panama | PA |
Peru | PE |
French Polynesia | PF |
Papua New Guinea | PG |
Philippines | PH |
Pakistan | PK |
Poland | PL |
Saint Pierre and Miquelon | PM |
Pitcairn | PN |
Puerto Rico | PR |
Palestinian Territory | PS |
Portugal | PT |
Palau | PW |
Paraguay | PY |
Qatar | QA |
Reunion | RE |
Romania | RO |
Serbia | RS |
Russian Federation | RU |
Rwanda | RW |
Saudi Arabia | SA |
Solomon Islands | SB |
Seychelles | SC |
Sudan | SD |
Sweden | SE |
Singapore | SG |
Saint Helena | SH |
Slovenia | SI |
Svalbard and Jan Mayen | SJ |
Slovakia | SK |
Sierra Leone | SL |
San Marino | SM |
Senegal | SN |
Somalia | SO |
Suriname | SR |
South Sudan | SS |
Sao Tome and Principe | ST |
El Salvador | SV |
Sint Maarten | SX |
Syrian Arab Republic | SY |
Swaziland | SZ |
Turks and Caicos Islands | TC |
Chad | TD |
French Southern Territories | TF |
Togo | TG |
Thailand | TH |
Tajikistan | TJ |
Tokelau | TK |
Timor-Leste | TL |
Turkmenistan | TM |
Tunisia | TN |
Tonga | TO |
Turkey | TR |
Trinidad and Tobago | TT |
Tuvalu | TV |
Taiwan | TW |
Tanzania, United Republic of | TZ |
Ukraine | UA |
Uganda | UG |
United States Minor Outlying Islands | UM |
United States | US |
Uruguay | UY |
Uzbekistan | UZ |
Holy See (Vatican City State) | VA |
Saint Vincent and the Grenadines | VC |
Venezuela | VE |
Virgin Islands, British | VG |
Virgin Islands, U.S. | VI |
Vietnam | VN |
Vanuatu | VU |
Wallis and Futuna | WF |
Samoa | WS |
Yemen | YE |
Mayotte | YT |
South Africa | ZA |
Zambia | ZM |
Zimbabwe | ZW |
multiple-aws-account-values
- Usage: Used when one or more AWS Account IDs are required.
- UI: List of text fields accepting AWS Account IDs (12 digits)
Example:
{
"id": "S3-015",
//...
"extraSettings": [
{
"type": "multiple-aws-account-values",
"name": "friendlyAccounts",
"values": [
{
"value": "123456789012"
},
{
"value": "111111111111"
}
]
}
]
//...
}
multiple-ip-values
- Usage: Used when one or more IP addresses or CIDRs are required.
- UI: List of text fields accepting IP address or CIDRs.
Example:
{
"id": "RTM-007",
//...
"extraSettings": [
{
"type": "multiple-ip-values",
"name": "authorisedIps",
"values": [
{
"value": "1.2.3.4"
},
{
"value": "195.200.0.0/24"
}
]
}
//...
]
//...
}
multiple-number-values
- Usage: Used when a one or more numbers are required.
- UI: List of text fields accepting numbers
Example:
{
"id": "EC2-034",
//...
"extraSettings": [
{
"name": "commonlyUsedPorts",
"type": "multiple-number-values",
"values": [
{
"value": 80
},
{
"value": 443
}
//...
]
}
]
//...
}
regions
- Usage: Used when one or more AWS region should be selected.
- UI: List of on/off sliders for every supported AWS region
Note that setting values only include selected region identifiers.
Example:
{
"id": "RTM-008",
//...
"extraSettings": [
{
"type": "regions",
"name": "authorisedRegions",
"values": ["us-east-1", "us-west-2", "ap-southeast-2", "eu-west-1"],
"regions": true
}
//...
]
//...
}
ignored-regions
- Usage: Used when one or more AWS region should be ignored.
- UI: List of on/off sliders for every supported AWS region
Note that setting values only include disabled region identifiers.
Example:
{
"id": "Config-001",
//...
"extraSettings": [
{
"type": "ignored-regions",
"name": "ignoredRegions",
"values": ["us-east-1", "us-west-2", "ap-southeast-2"],
"ignoredRegions": true
}
//...
]
//...
}
single-number-value
- Usage: Used when a single numeric value is required.
- UI: Text field accepting numbers
Example:
{
"id": "SQS-003",
//...
"extraSettings": [
{
"name": "threshold",
"type": "single-number-value",
"value": 100
}
]
//...
}
single-string-value
- Usage: Used when a single string value is required.
- UI: Text field
Example:
{
"id": "IAM-047",
//...
"extraSettings": [
{
"name": "iam_master_role_name",
"type": "single-string-value",
"value": "MasterIAMRole"
}
//...
]
//...
}
single-value-regex
- Usage: Used when a regular expression is required.
- UI: Text field accepting regular expressions
Example:
{
"id": "VPC-004",
//...
"extraSettings": [
{
"name": "pattern",
"type": "single-value-regex",
"value": "^vpc-(ue1|uw1|uw2|ew1|ec1|an1|an2|as1|as2|se1)-(d|t|s|p)-([a-z0-9\\-]+)$"
}
]
//...
}
ttl
- Usage: Real-time monitoring (RTM) rules have Time To Live. This is the number of hours that an RTM check remains valid after which time it is expired and may get triggered again.
- UI: Text field accepting numbers
Example:
{
"id": "RTM-001",
//...
"extraSettings": [
{
"name": "ttl",
"type": "ttl",
"value": 2
}
]
//...
}
multiple-vpc-gateway-mappings
- Usage: Used when one or more VPC gateway mappings are required.
- UI: List of VPC Id and Gateway Id mapping
Example:
{
"id": "VPC-013",
//...
"extraSettings": [
{
"type": "multiple-vpc-gateway-mappings",
"name": "SpecificVPCToSpecificGatewayMapping",
"mappings": [
{
"values": [
{
"type": "single-string-value",
"name": "vpcId",
"value": "vpc-001"
},
{
"type": "multiple-string-values",
"name": "gatewayIds",
"values": [
{
"value": "nat-001"
},
{
"value": "nat-002"
}
]
}
]
}
//...
]
}
]
//...
}
tags
- Usage: Identify friendly accounts with AWS Account Tags
- UI: Text field accepting Tags
Example:
{
"id": "S3-015",
//...
"extraSettings": [
{
"label": "Tags",
"name": "accountTags",
"type": "tags",
"values": ["Sandbox"]
}
]
//...
}
OK
Unauthorized. The requesting user does not have enough privilege.
Not found.
- 200
- 401
- 404
{- "id": "EC2-012",
- "enabled": true,
- "riskLevel": "MEDIUM",
- "exceptions": {
- "tags": [
- "Role::Temporary"
], - "resources": [
- "i-12a34b56"
]
}, - "extraSettings": [
- {
- "name": "threshold",
- "type": "single-number-value",
- "value": 100
}
], - "configured": false
}
Update Rule Settings
A PATCH
request to this endpoint allows you to customize rule settings for the specified account.
This feature is used in conjunction with the GET
request to the same endpoint for copying rule settings from one account to another. An example of this function is provided in the examples folder.
IMPORTANT: To copy rule settings from one account to another, you first need to:
- Obtain rule settings from the desired account. Get rule settings
- Paste rule settings as is into the body of the PATCH request following the format below.
Example Request:
curl -X PATCH \
-H "Content-Type: application/vnd.api+json" \
-H "Authorization: ApiKey S1YnrbQuWagQS0MvbSchNHDO73XHqdAqH52RxEPGAggOYiXTxrwPfmiTNqQkTq3p" \
-d '
{
"data": {
"attributes": {
"note": "copied from account H19NxMi5- via the api",
"ruleSettings": [
{
"ruleExists": false,
"riskLevel": "MEDIUM",
"id": "RDS-018",
"exceptions": {
"resources": ["i-erw82heiu8"],
"tags": ["mysql-backups"],
"filterTags" : ["dev"]
},
"extraSettings": [
{
"name": "threshold",
"value": 90
}
],
"enabled": false
},
{
"riskLevel": "LOW",
"id": "Config-001",
"extraSettings": null,
"provider": "aws",
"enabled": true
},
{
"riskLevel": "MEDIUM",
"id": "RTM-005",
"extraSettings": [
{
"name": "authorisedCountries",
"countries": true,
"type": "countries",
"value": null,
"values": [
{
"value": "CA",
"label": "Canada"
},
{
"value": "US",
"label": "United States"
}
]
}
],
"provider": "aws",
"enabled": false
}
]
}
}
}' \
https://us-west-2-api.cloudconformity.com/v1/accounts/AgA12vIwb/settings/rules
Example Response:
{
"data": {
"type": "accounts",
"id": "AgA12vIwb",
"attributes": {
"settings": {
"rules": [
{
"ruleExists": false,
"riskLevel": "MEDIUM",
"id": "RDS-018",
"exceptions": {
"resources": ["i-erw82heiu8"],
"tags": ["mysql-backups"],
"filterTags": ["dev"]
},
"extraSettings": [
{
"name": "threshold",
"value": 90
}
],
"provider": "aws",
"enabled": false
},
{
"riskLevel": "LOW",
"id": "Config-001",
"extraSettings": null,
"provider": "aws",
"enabled": true
},
{
"riskLevel": "MEDIUM",
"id": "RTM-005",
"extraSettings": [
{
"name": "authorisedCountries",
"countries": true,
"type": "countries",
"value": null,
"values": [
{
"value": "CA",
"label": "Canada"
},
{
"value": "US",
"label": "United States"
}
]
}
],
"provider": "aws",
"enabled": false
}
],
"access": {}
},
"available-runs": 5,
"access": null
},
"relationships": {
"organisation": {
"data": {
"type": "organisations",
"id": "B1nHYYpwx"
}
}
}
}
}
Note: If the account contains rule settings that are marked as deprecated and have not been disabled (enabled
: false
), the following meta warning will be included in the response:
{
"meta": {
"deprecation": {
"warning": {
"message": "1 manually configured rule in this account is deprecated. Refer to our Help Pages for instructions.",
"link": "https://cloudone.trendmicro.com/docs/conformity/rules/",
"rules": [
{
"riskLevel": "LOW",
"id": "RuleID-001",
"extraSettings": null,
"provider": "aws",
"enabled": true,
"exceptions": {
"resources": null,
"tags": null,
"filterTags": null
}
}
]
}
}
}
}
Errors:
Some errors thrown from rule settings validation may need further clarification. Below is a list. For more information about specific rule configurations, consult Cloud Conformity Services Endpoint
Error Details | Resolution |
---|---|
This Real-Time Threat Monitoring package rule rule.id is not part of the account subscription |
Remove that rule setting from the array |
ruleId is not configurable from this endpoint. |
This is an organisation-setting which you cannot configure via this account rule settings endpoint. |
Rule risk level missing for ruleId |
ruleSetting.riskLevel is a required parameter |
Rule risk level provided for ruleId is incorrect |
only "LOW", "MEDIUM", "HIGH", "VERY_HIGH", and "EXTREME" are accepted risk levels |
Rule enable status is not valid for ruleId |
ruleSetting.enabled is a required boolean parameter |
One or more rule setting property is invalid for ruleId |
remove the ruleSetting property if it is not id , enabled , riskLevel , extraSettings , or ruleExists |
Provider XXX is invalid for ruleId |
provider must match the cloud provider for the rule |
Extra Settings
Rule ruleId
is not configurable | remove ruleSetting.extraSettings
, you may only change risk level or enable/disable this rule. If you are directly copying this rule from another account and getting this message, this rule may have been previously configurable and is no longer.
OK
Unauthorized. The requesting user does not have enough privilege.
- Payload
{- "data": {
- "attributes": {
- "ruleSettings": [
- {
- "riskLevel": "MEDIUM",
- "id": "RDS-018",
- "exceptions": {
- "resources": [
- "i-erw82heiu8"
], - "tags": [
- "mysql-backups"
], - "filterTags": [
- "dev"
]
}, - "extraSettings": [
- {
- "name": "threshold",
- "value": 90
}
], - "enabled": false
}, - {
- "riskLevel": "LOW",
- "id": "Config-001",
- "extraSettings": null,
- "provider": "aws",
- "enabled": true
}, - {
- "riskLevel": "MEDIUM",
- "id": "RTM-005",
- "extraSettings": [
- {
- "name": "authorisedCountries",
- "countries": true,
- "type": "countries",
- "value": null,
- "values": [
- {
- "value": "CA",
- "label": "Canada"
}, - {
- "value": "US",
- "label": "United States"
}
]
}
], - "provider": "aws",
- "enabled": false
}
], - "note": "copied from account H19NxMi5- via the api"
}
}
}
- 200
- 401
{- "data": {
- "type": "accounts",
- "id": "AgA12vIwb",
- "attributes": {
- "settings": {
- "rules": [
- {
- "riskLevel": "VERY_HIGH",
- "id": "CT-001",
- "extraSettings": null,
- "provider": "aws",
- "enabled": true
}, - {
- "riskLevel": "MEDIUM",
- "id": "RTM-005",
- "extraSettings": [
- {
- "name": "authorisedCountries",
- "countries": true,
- "type": "countries",
- "value": null,
- "values": [
- {
- "value": "CA",
- "label": "Canada"
}, - {
- "value": "US",
- "label": "United States"
}
]
}
], - "provider": "aws",
- "enabled": false
}, - {
- "riskLevel": "MEDIUM",
- "id": "RTM-008",
- "extraSettings": [
- {
- "name": "authorisedRegions",
- "regions": true,
- "type": "regions",
- "value": null,
- "values": [
- "eu-west-1",
- "eu-west-2"
]
}
], - "provider": "aws",
- "enabled": false
}, - {
- "riskLevel": "MEDIUM",
- "id": "RDS-018",
- "exceptions": {
- "resources": [
- "i-erw82heiu8"
], - "tags": [
- "mysql-backups"
], - "filterTags": [
- "dev"
]
}, - "extraSettings": [
- {
- "name": "threshold",
- "value": 90,
- "values": [ ],
- "type": [ ]
}
], - "provider": "aws",
- "enabled": false
}
], - "access": { }
}, - "access": null
}, - "relationships": {
- "organisation": {
- "data": {
- "type": "organisations",
- "id": "B1nHYYpwx"
}
}
}, - "meta": {
- "notes": [
- {
- "createdBy": "SYmS0YcL-",
- "createdDate": 1511456432526,
- "note": "hello world"
}
]
}
}
}
Get Account Bot Settings
This endpoint allows you to get the current settings of the Conformity Bot for an account.
OK
Unauthorized. The requesting user does not have enough privilege.
- 200
- 401
{- "data": [
- {
- "type": "accounts",
- "id": "AgA12vIwb",
- "attributes": {
- "cloud-type": "aws",
- "settings": {
- "bot": {
- "disabledRegions": {
- "us-east-1": true,
- "us-west-2": true
}, - "lastModifiedFrom": "13.237.98.102",
- "disabled": true,
- "disabledUntil": 1505595441887,
- "delay": 2,
- "lastModifiedBy": "NHohT7Gr7"
}
}
}, - "relationships": {
- "organisation": {
- "data": {
- "type": "organisations",
- "id": "B1nHYYpwx"
}
}
}
}
]
}
Update Account Bot Setting
This endpoint allows ADMIN, POWER USERS, and users with CUSTOM access to accounts to get the current setting that Cloud Conformity uses to determine when Conformity Bot is run and on which regions the Conformity Bot is disabled. This endpoint also supports updating single attributes under the settings
field (see below) in which case, only attributes passed in the request body will be updated.
Example Request to update all attributes:
This request disables the Conformity Bot for two accounts. Conformity Bot is disabled in all regions until the specified date-time, after which it will run every 10 hours for all regions besides us-west-2
.
curl -X PATCH \
-H "Content-Type: application/vnd.api+json" \
-H "Authorization: ApiKey eab0b7914c3ebv45bcK02cW33ff9564cec8" \
-d '
{
"data": {
"type": "accounts",
"attributes": {
"settings": {
"bot": {
"delay": 10,
"disabledRegions": {
"us-west-2": true
},
"disabled": true,
"disabledUntil": 1591751339519,
}
}
}
},
"meta": {
"otherAccounts": ["cfe80897"]
}
};' \
https://us-west-2-api.cloudconformity.com/v1/accounts/2fwmithMj/settings/bot
Example Response:
{
"data": [
{
"type": "accounts",
"id": "2fwmithMj",
"attributes": {
"name": "Test AWS Account",
// ...
"settings": {
"rules": [
// ...
],
"bot": {
"lastModifiedFrom": "12.345.67.890",
"delay": 10,
"disabledRegions": {
"us-west-2": true
},
"disabled": true,
"disabledUntil": 1591751339519,
"lastModifiedBy": "3456d0"
}
},
// ...
"cloud-type": "aws",
"managed-group-id": "23784h"
},
"relationships": {
"organisation": {
"data": {
"type": "organisations",
"id": "moid324"
}
}
}
},
{
"type": "accounts",
"id": "cfe80897",
"attributes": {
"name": "Test Azure Account",
// ...
"settings": {
"rules": [
// ...
],
"bot": {
"lastModifiedFrom": "12.345.67.890",
"delay": 10,
"disabled": true,
"disabledUntil": 1591751339519,
"lastModifiedBy": "3456d0"
}
},
// ...
"cloud-type": "azure",
"managed-group-id": "23784h"
},
"relationships": {
"organisation": {
"data": {
"type": "organisations",
"id": "moid324"
}
}
}
}
]
}
Other requests for example use cases:
Temporarily disable Conformity Bot until the specified date-time:
curl -X PATCH \
-H "Content-Type: application/vnd.api+json" \
-H "Authorization: ApiKey eab0b7914c3ebv45bcK02cW33ff9564cec8" \
-d '
{
"data": {
"type": "accounts",
"attributes": {
"settings": {
"bot": {
"disabled": true,
"disabledUntil": 1591751339519,
}
}
}
}
};' \
https://us-west-2-api.cloudconformity.com/v1/accounts/2fwmithMj/settings/bot
Disable Conformity Bot indefinitely:
curl -X PATCH \
-H "Content-Type: application/vnd.api+json" \
-H "Authorization: ApiKey eab0b7914c3ebv45bcK02cW33ff9564cec8" \
-d '
{
"data": {
"type": "accounts",
"attributes": {
"settings": {
"bot": {
"disabled": true
}
}
}
}
};' \
https://us-west-2-api.cloudconformity.com/v1/accounts/2fwmithMj/settings/bot
Disable Conformity Bot runs for a few regions and increase delay between enabled regions:
curl -X PATCH \
-H "Content-Type: application/vnd.api+json" \
-H "Authorization: ApiKey eab0b7914c3ebv45bcK02cW33ff9564cec8" \
-d '
{
"data": {
"type": "accounts",
"attributes": {
"settings": {
"bot": {
"delay": 10,
"disabledRegions": {
"us-east-1": true,
"us-east-2": true,
"us-west-2": true,
"ap-southeast-2": true
}
}
}
}
}
};' \
https://us-west-2-api.cloudconformity.com/v1/accounts/2fwmithMj/settings/bot
OK
Unauthorized. The requesting user does not have enough privilege.
- Payload
{- "id": "u_9NRVPBC",
- "data": {
- "attributes": {
- "bot": {
- "disabled": false,
- "delay": 2,
- "disabledUntil": 1595552980355,
- "disabledRegions": {
- "us-east-1": true,
- "us-west-2": true
}
}
}
}, - "meta": {
- "otherAccounts": [
- "u_9NRVPBC"
]
}
}
- 200
- 401
{- "data": [
- {
- "type": "accounts",
- "id": "AgA12vIwb",
- "attributes": {
- "name": "MyAccount",
- "environment": "Prod",
- "awsaccount-id": 123456789012,
- "status": "ACTIVE",
- "has-real-time-monitoring": true,
- "security-package": true,
- "created-date": 1505595441887,
- "last-notified-date": 1505595441887,
- "last-checked-date": 1505595441887,
- "last-monitoring-event-date": 1505595441887,
- "subscription-type": "advanced",
- "cloud-id": 123456789012,
- "meta": {
- "is-deprecated-rules-free": true
}, - "bot-status": "RUNNING",
- "cloud-type": "aws",
- "managed-group-id": "rhGZeSTwT",
- "tags": [
- "YOUR TAG"
], - "settings": {
- "communication": {
- "channels": [
- {
- "name": null,
- "users": [ ],
- "enabled": null,
- "levels": [ ]
}
]
}, - "rules": [
- {
- "enabled": false,
- "id": "S3-021",
- "riskLevel": "HIGH"
}
], - "bot": {
- "disabledRegions": {
- "us-east-1": true,
- "us-west-2": true
}, - "lastModifiedFrom": "13.237.98.102",
- "disabled": false,
- "disabledUntil": 1505595441887,
- "delay": 2,
- "lastModifiedBy": "NHohT7Gr7"
}, - "access": {
- "type": "CROSS_ACCOUNT",
- "stackId": "arn:aws:cloudformation:us-east-1:123456789012:stack/CloudConformity/56db5b90-7ebb-11e7-8a78-500c28902e99"
}
}
}, - "relationships": {
- "organisation": {
- "data": {
- "type": "organisations",
- "id": "B1nHYYpwx"
}
}
}
}
]
}
Scan Account
This endpoint allows you to run Conformity Bot for the specified account.
IMPORTANT:
This operation makes API calls to AWS on your behalf.
Amazon throttles API requests for each AWS account on a per-region basis to help the performance of the service.
To avoid API throttling, it's important to ensure that your application doesn't use this API at a high rate.
Refer to AWS Service Limits to find out more about AWS throttle rate.
OK
Unauthorized. The requesting user does not have enough privilege.
- 200
- 401
{- "data": [
- {
- "status": "STARTED"
}
]
}