Description
Exception policy is an object which allows the user to specify some vulnerabilities to be treated differently than the default treatment. There are some APIs for setting and getting exceptions.
Vulnerability Exception Policy Structure
{
"policyType": "vulnerabilityExceptionPolicy",
"name": "simple-vulnerability-policy123",
"guid": "3b0467c9-488d-c244-99d0-90fbf6002367",
"attributes": {
"is_namespace": "true"
},
"actions": [
"ignore"
],
"designators": [
{
"designatorType": "attribute",
"attributes": {
"cluster": "test-cluster1",
"namespace": "test-ns",
"kind": "pod",
"name": "wl_name",
"containerName": "name",
},
},
],
"vulnerabilities": [
{
"name": "CVE-example"
}
],
}
Fields
policyType
The type of the policy. For vulnerability exception policy must be 'vulnerabilityExceptionPolicy'
name
The name of the exception as given by the user, for later recognition. This field is unique - two vulnerability exception policy can't have the same name.
guid
The GUID of the policy as given by Armo system. This field may also used for recognition.
actions
The action to take instead of the default. The only available action is 'ignore'.
designators
The designators of the exception.
vulnerabilities
Vulnerabilities to take the actions on.
POST /api/v1/vulnerabilityExceptionPolicy
Create vulnerability exceptions.
Query params
- customerGUID - required
Request object
Desired vulnerability exception policy as described in Vulnerability Exceptions.
Required fields
- policyType
- name
- actions
- designators
- vulnerabilities
Bulk
It is possible to create multiple exceptions for multiple vulnerabilities.
Query params
In addition to the previous query parameters
- bulk - true
- actions - the same actions from the exception policy object
Request object
Standart response body for pagination APIs as would be given to /api/v1/vulnerability/scanResultsSumSummary
Naming convention
The exceptions that have been created using the bulk will have names according to the convention of (WORKLOAD HASH)_(VULNERABILITY NAME)_(ACTIONS)
GET /api/v1/vulnerabilityExceptionPolicy
Get an exception policy object or list of objects
Query params
- customerGUID - required
- Get a list of all policies of the given customer
- policyName - Get a specific policy by name
- policyGUID - Get a specific policy by GUID
- list - Get just a list of names of exceptions of current customer
Filtering
It is possible to filter the policies by their properties using query parameters. For example vulnerabilities.name=CVE-example.
It is possible to filter by scope using scope.PROPERTY query parameter. For example scope.cluster=cluster-name.
Multiple filters are possible
Examples
Get all exceptions of the customer
/api/v1/vulnerabilityExceptionPolicy?customerGUID=31fb54a9-6e8f-4289-8506-f4e875ac19f7
Get filtered exceptions of the customer
/api/v1/vulnerabilityExceptionPolicy?customerGUID=31fb54a9-6e8f-4289-8506-f4e875ac19f7&scope.cluster=cluster-name&scope.namespace&vulnerabilities.name=CVE-name
/api/v1/vulnerabilityExceptionPolicy?customerGUID=31fb54a9-6e8f-4289-8506-f4e875ac19f7&name=exceptionPolicyName
Get specific policy
/api/v1/vulnerabilityExceptionPolicy?customerGUID=31fb54a9-6e8f-4289-8506-f4e875ac19f7&policyName=vul_example_name
/api/v1/vulnerabilityExceptionPolicy?customerGUID=31fb54a9-6e8f-4289-8506-f4e875ac19f7&policyGUID=31fb54a9-6e8f-4289-8506-f4e875ac19f7
PUT /api/v1/vulnerabilityExceptionPolicy
Update an existing exception.
Query params
- customerGUID - required
Request object
The new desired vulnerability exception policy as described in Vulnerability Exceptions.
Required fields
- policyType
- name
- guid
- actions
- designators
- vulnerabilities
DELETE /api/v1/vulnerabilityExceptionPolicy
Delete vulnerability exceptions.
Query params
- customerGUID - required
- policyName
- Can appear multiple times to delete multiple policies
- policyName
- Can appear multiple times to delete multiple policies
Bulk
It is possible to delete multiple exceptions for multiple vulnerabilities.
Query params
In addition to customerGUID.
- bulk - true
Request object
Standart response body for pagination APIs as would be given to /api/v1/vulnerability/scanResultsSumSummary
Naming convention
The operation will delete only exceptions that have been named according to the convention of (WORKLOAD HASH)_(VULNERABILITY NAME)_(ACTIONS)