Description

Exception policy is an object which allows the user to specify some vulnerabilities to be treated differently than the default treatment. There are some APIs for setting and getting exceptions.

Vulnerability Exception Policy Structure

{
    "policyType": "vulnerabilityExceptionPolicy",
    "name": "simple-vulnerability-policy123",
    "guid": "3b0467c9-488d-c244-99d0-90fbf6002367",
    "attributes": {
        "is_namespace": "true"
    },
    "actions": [
        "ignore"
    ],
    "designators": [
        {
            "designatorType": "attribute",
            "attributes": {
                "cluster": "test-cluster1",
                "namespace": "test-ns",
                "kind": "pod",
                "name": "wl_name",
                "containerName": "name",
            },
        },
    ],
    "vulnerabilities": [
      {
        "name": "CVE-example"
      }
    ],
}

Fields

policyType

The type of the policy. For vulnerability exception policy must be 'vulnerabilityExceptionPolicy'

name

The name of the exception as given by the user, for later recognition. This field is unique - two vulnerability exception policy can't have the same name.

guid

The GUID of the policy as given by Armo system. This field may also used for recognition.

actions

The action to take instead of the default. The only available action is 'ignore'.

designators

The designators of the exception.

vulnerabilities

Vulnerabilities to take the actions on.

POST /api/v1/vulnerabilityExceptionPolicy

Create vulnerability exceptions.

Query params

customerGUID - required

Request object

Desired vulnerability exception policy as described in Vulnerability Exceptions.

Required fields

policyType
name
actions
designators
vulnerabilities

Bulk

It is possible to create multiple exceptions for multiple vulnerabilities.

Query params

In addition to the previous query parameters

bulk - true
actions - the same actions from the exception policy object

Request object

Standart response body for pagination APIs as would be given to /api/v1/vulnerability/scanResultsSumSummary

Naming convention

The exceptions that have been created using the bulk will have names according to the convention of (WORKLOAD HASH)_(VULNERABILITY NAME)_(ACTIONS)

GET /api/v1/vulnerabilityExceptionPolicy

Get an exception policy object or list of objects

Query params

customerGUID - required
- Get a list of all policies of the given customer
policyName - Get a specific policy by name
policyGUID - Get a specific policy by GUID
list - Get just a list of names of exceptions of current customer

Filtering

It is possible to filter the policies by their properties using query parameters. For example vulnerabilities.name=CVE-example.
It is possible to filter by scope using scope.PROPERTY query parameter. For example scope.cluster=cluster-name.
Multiple filters are possible

Examples

Get all exceptions of the customer

/api/v1/vulnerabilityExceptionPolicy?customerGUID=31fb54a9-6e8f-4289-8506-f4e875ac19f7

Get filtered exceptions of the customer

/api/v1/vulnerabilityExceptionPolicy?customerGUID=31fb54a9-6e8f-4289-8506-f4e875ac19f7&scope.cluster=cluster-name&scope.namespace&vulnerabilities.name=CVE-name

/api/v1/vulnerabilityExceptionPolicy?customerGUID=31fb54a9-6e8f-4289-8506-f4e875ac19f7&name=exceptionPolicyName

Get specific policy

/api/v1/vulnerabilityExceptionPolicy?customerGUID=31fb54a9-6e8f-4289-8506-f4e875ac19f7&policyName=vul_example_name

/api/v1/vulnerabilityExceptionPolicy?customerGUID=31fb54a9-6e8f-4289-8506-f4e875ac19f7&policyGUID=31fb54a9-6e8f-4289-8506-f4e875ac19f7

PUT /api/v1/vulnerabilityExceptionPolicy

Update an existing exception.

Query params

customerGUID - required

Request object

The new desired vulnerability exception policy as described in Vulnerability Exceptions.

Required fields

policyType
name
guid
actions
designators
vulnerabilities

DELETE /api/v1/vulnerabilityExceptionPolicy

Delete vulnerability exceptions.

Query params

customerGUID - required
policyName
- Can appear multiple times to delete multiple policies
policyName
- Can appear multiple times to delete multiple policies

Bulk

It is possible to delete multiple exceptions for multiple vulnerabilities.

Query params

In addition to customerGUID.

bulk - true

Request object

Standart response body for pagination APIs as would be given to /api/v1/vulnerability/scanResultsSumSummary

Naming convention

The operation will delete only exceptions that have been named according to the convention of (WORKLOAD HASH)_(VULNERABILITY NAME)_(ACTIONS)