Deepfence Runtime API v1.5

Version: 1.5

Deepfence Runtime API provides programmatic control over Deepfence microservice securing your container, kubernetes and cloud deployments. The API abstracts away underlying infrastructure details like cloud provider, container distros, container orchestrator and type of deployment. This is one uniform API to manage and control security alerts, policies and response to alerts for microservices running anywhere i.e. managed pure greenfield container deployments or a mix of containers, VMs and serverless paradigms like AWS Fargate.

Default request content-types: application/json

Default response content-types: application/json

Schemes:

Summary

Tag: Authentication

Operation	Description
POST /deepfence/v1.5/users/auth	Authentication for API access
GET /deepfence/v1.5/users/me	User details.
POST /deepfence/v1.5/users/refresh/token	Generate a new access token using refresh token
POST /deepfence/v1.5/users/reset-api-key	Reset API Key

Tag: Enumerate

Operation	Description
POST /deepfence/v1.5/data	Data API
POST /deepfence/v1.5/enumerate	Enumerate API
POST /deepfence/v1.5/status	Status API

Tag: Quarantine Protection Policy Logs

Operation	Description
POST /deepfence/v1.5/users/quarantine_protection_policy_log	Get/Delete quarantine protection policy logs by filter
GET /deepfence/v1.5/users/quarantine_protection_policy_log/{policy_log_id}	Get quarantine protection policy log by given policy_log_id
DELETE /deepfence/v1.5/users/quarantine_protection_policy_log/{policy_log_id}	Delete quarantine protection policy log by policy_log_id

Tag: Workload Protection Policy

Operation	Description
GET /deepfence/v1.5/policy_exempt_list	Protection Policy Exempt List: Get all exempted (from network policy, workload protection policy) ip addresses
POST /deepfence/v1.5/policy_exempt_list	Protection Policy Exempt List: Add ip addresses to exempt list (exempt from network policy, workload protection policy)
DELETE /deepfence/v1.5/policy_exempt_list	Protection Policy Exempt List: Delete given ip addresses from exempt list (exempt from network policy, workload protection policy)
GET /deepfence/v1.5/users/node_network_protection_policy	Get all node network protection policies created by the user.
POST /deepfence/v1.5/users/node_network_protection_policy	Add a node network protection policy.
DELETE /deepfence/v1.5/users/node_network_protection_policy	Delete multiple node network protection policies
DELETE /deepfence/v1.5/users/node_network_protection_policy/{policy_id}	Delete a node network protection policy

Tag: Clustering Rules

Operation	Description
GET /deepfence/v1.5/classtype-intent	Get all available classtypes and it's intents (list of intents)
GET /deepfence/v1.5/correlation/clustering_rule/{rule_id}	Get all clustering rules
POST /deepfence/v1.5/correlation/clustering_rule/{rule_id}	Add a correlation clustering rule
DELETE /deepfence/v1.5/correlation/clustering_rule/{rule_id}	Delete a correlation clustering rule

Tag: Network Protection Policy Action

Operation	Description
GET /deepfence/v1.5/users/network_protection_policy_action	Get all network policy actions created by the user.
DELETE /deepfence/v1.5/users/network_protection_policy_action	Delete multiple network policy actions
DELETE /deepfence/v1.5/users/network_protection_policy_action/{policy_id}	Delete a network policy action

Tag: Node Control

Operation	Description
POST /deepfence/v1.5/node/packet_capture_start_multiple	Node Control API - Start Packet Capture for multiple nodes
GET /deepfence/v1.5/node/{node_id}	Node Details API
POST /deepfence/v1.5/node/{node_id}/add_tags	Node Control API - Add User Defined Tags
POST /deepfence/v1.5/node/{node_id}/delete_tags	Node Control API - Delete User Defined Tags
POST /deepfence/v1.5/node/{node_id}/kubernetes_scale_down	Node Control API - Scale Down
POST /deepfence/v1.5/node/{node_id}/kubernetes_scale_up	Node Control API - Scale Up
POST /deepfence/v1.5/node/{node_id}/packet_capture_start	Node Control API - Start Packet Capture
GET /deepfence/v1.5/node/{node_id}/packet_capture_status	Node Control API - Packet Capture Status
POST /deepfence/v1.5/node/{node_id}/packet_capture_stop	Node Control API - Stop Packet Capture
POST /deepfence/v1.5/node/{node_id}/pause	Node Control API - Pause Node
POST /deepfence/v1.5/node/{node_id}/restart	Node Control API - Restart Node
POST /deepfence/v1.5/node/{node_id}/start	Node Control API - Start Node
POST /deepfence/v1.5/node/{node_id}/stop	Node Control API - Stop Node
POST /deepfence/v1.5/node/{node_id}/unpause	Node Control API - Unpause Node

Tag: Alert Management

Operation	Description
POST /deepfence/v1.5/alerts	Get/Delete alerts by filter
GET /deepfence/v1.5/alerts/{alert_id}	Get alert by given alert_id
DELETE /deepfence/v1.5/alerts/{alert_id}	Delete an alert by alert_id
GET /deepfence/v1.5/node-severities	Get the severity of all nodes

Tag: Vulnerability Management

Operation	Description
POST /deepfence/v1.5/node/{node_id}/cve_scan_start	Node Control API - Start CVE
GET /deepfence/v1.5/node/{node_id}/cve_scan_status	Node Control API - CVE Status
POST /deepfence/v1.5/node/{node_id}/cve_scan_stop	Node Control API - Stop CVE
POST /deepfence/v1.5/vulnerability	Get/Delete vulnerabilities by filter
GET /deepfence/v1.5/vulnerability/{vulnerability_id}	Get vulnerability by given vulnerability_id
DELETE /deepfence/v1.5/vulnerability/{vulnerability_id}	Delete a vulnerability doc by vulnerability_id
GET /deepfence/v1.5/vulnerability_scan_diff	Get vulnerability scan diff between two scan ids for scans of same image or host
GET /deepfence/v1.5/vulnerability_scan_history	Get vulnerability scan history

Tag: Compliance

Operation	Description
POST /deepfence/v1.5/compliance/scan_results	Compliance API - Get/Delete Compliance Scan Results with filters
GET /deepfence/v1.5/compliance/{node_id}/{compliance_check_type}/scan_status	Compliance API - Check Compliance Scan Status
GET /deepfence/v1.5/node/{node_id}/applicable_compliance_scans	Compliance API - Get Applicable Compliance Scans
POST /deepfence/v1.5/node/{node_id}/start_compliance_scan	Compliance API - Start Compliance Scan

Tag: Network Protection Policy

Operation	Description
GET /deepfence/v1.5/policy_exempt_list	Protection Policy Exempt List: Get all exempted (from network policy, workload protection policy) ip addresses
POST /deepfence/v1.5/policy_exempt_list	Protection Policy Exempt List: Add ip addresses to exempt list (exempt from network policy, workload protection policy)
DELETE /deepfence/v1.5/policy_exempt_list	Protection Policy Exempt List: Delete given ip addresses from exempt list (exempt from network policy, workload protection policy)
GET /deepfence/v1.5/users/network_protection_policy	Get all network policies created by the user.
POST /deepfence/v1.5/users/network_protection_policy	Add a network protection policy.
DELETE /deepfence/v1.5/users/network_protection_policy/{policy_id}	Delete a network policy

Tag: Network Protection Policy Logs

Operation	Description
POST /deepfence/v1.5/users/network_protection_policy_log	Get/Delete network protection policy logs by filter
GET /deepfence/v1.5/users/network_protection_policy_log/{policy_log_id}	Get network protection policy log by given policy_log_id
DELETE /deepfence/v1.5/users/network_protection_policy_log/{policy_log_id}	Delete network protection policy log by policy_log_id

Tag: Rate Limit Policy

Operation	Description
GET /deepfence/v1.5/users/rate_limit_policy	Get all rate limit policies
POST /deepfence/v1.5/users/rate_limit_policy	Add a rate limit policy.
DELETE /deepfence/v1.5/users/rate_limit_policy	Delete multiple rate limit policies

Tag: Quarantine Protection Policy

Operation	Description
GET /deepfence/v1.5/users/quarantine_protection_policy	Get all quarantine policies created by the user.
POST /deepfence/v1.5/users/quarantine_protection_policy	Add a quarantine protection policy.
DELETE /deepfence/v1.5/users/quarantine_protection_policy/{policy_id}	Delete a quarantine policy

Security

Bearer

Type: apiKey

Name:: Authorization
In:: header

Paths

Get/Delete alerts by filter

POST /deepfence/v1.5/alerts

Tags: Alert Management

Get/Delete alerts by filter

Uses default content-types: application/json

Options to get or delete alerts

Options

Uses default content-types: application/json

200 OK: Request success
400 Bad Request: Bad request
401 Unauthorized: Unauthorized


Bearer

Delete an alert by alert_id

DELETE /deepfence/v1.5/alerts/{alert_id}

Tags: Alert Management


alert_id		path	string

Uses default content-types: application/json

204 No Content: Alert deleted successfully.
400 Bad Request: Bad request
401 Unauthorized: Unauthorized


Bearer

Get alert by given alert_id

GET /deepfence/v1.5/alerts/{alert_id}

Tags: Alert Management


alert_id	Alert ID	path	string

Uses default content-types: application/json

200 OK: Request success
400 Bad Request: Bad request
401 Unauthorized: Unauthorized


Bearer

Get all available classtypes and it's intents (list of intents)

GET /deepfence/v1.5/classtype-intent

Tags: Clustering Rules

application/json

200 OK: Request successful
400 Bad Request: Bad request.
404 Not Found: User not found.


Bearer

Compliance API - Get/Delete Compliance Scan Results with filters

POST /deepfence/v1.5/compliance/scan_results

Tags: Compliance

Get/Delete compliance scan results with filters for node_id, compliance_check_type, etc

Uses default content-types: application/json

Options to get or delete compliance scan results

Options_1

Uses default content-types: application/json

200 OK: Request success
400 Bad Request: Bad request
401 Unauthorized: Unauthorized


Bearer

Compliance API - Check Compliance Scan Status

GET /deepfence/v1.5/compliance/{node_id}/{compliance_check_type}/scan_status

Tags: Compliance

Check status of compliance scan on this node (Applicable node type - host, container)


node_id	Node ID (refer enumerate api)	path	string
compliance_check_type	Compliance check type. Not all options are available. Check applicable compliance scans first.	path	string , x ∈ { cis , nist_master , nist_slave , pcidss , hipaa , standard }

Uses default content-types: application/json

200 OK: Request success
400 Bad Request: Bad request
401 Unauthorized: Unauthorized


Bearer

Delete a correlation clustering rule

DELETE /deepfence/v1.5/correlation/clustering_rule/{rule_id}

Tags: Clustering Rules


rule_id	Rule id	path	integer

Uses default content-types: application/json

204 No Content: Rule removed successfully.
400 Bad Request: Bad request
401 Unauthorized: Unauthorized


Bearer

Get all clustering rules

GET /deepfence/v1.5/correlation/clustering_rule/{rule_id}

Tags: Clustering Rules


rule_id	Rule id	path	integer

application/json

200 OK: Request success
400 Bad Request: Bad request
401 Unauthorized: Unauthorized


Bearer

Add a correlation clustering rule

POST /deepfence/v1.5/correlation/clustering_rule/{rule_id}

Tags: Clustering Rules

Uses default content-types: application/json

JSON parameters.

body


rule_id	Rule id	path	integer

application/json

201 Created: Rule added successfully.
400 Bad Request: Bad request
401 Unauthorized: Unauthorized


Bearer

Data API

POST /deepfence/v1.5/data

Tags: Enumerate

Get data of a previous request by status_id

Uses default content-types: application/json

Options

Options_2

Uses default content-types: application/json

200 OK: Request success
400 Bad Request: Bad request
401 Unauthorized: Unauthorized


Bearer

Enumerate API

POST /deepfence/v1.5/enumerate

Tags: Enumerate

Enumerate nodes (hosts, containers, images, processes) with optional filters

Uses default content-types: application/json

Options to enumerate nodes

Options_3

Uses default content-types: application/json

200 OK: Request success
400 Bad Request: Bad request
401 Unauthorized: Unauthorized


Bearer

Get the severity of all nodes

GET /deepfence/v1.5/node-severities

Tags: Alert Management

Uses default content-types: application/json

200 OK: Valid response
400 Bad Request: Bad request (like missing text data)
401 Unauthorized: Unauthorized


Bearer

Node Control API - Start Packet Capture for multiple nodes

POST /deepfence/v1.5/node/packet_capture_start_multiple

Tags: Node Control

Start Packet Capture on multiple nodes (Applicable node type - host, kube_service)

Uses default content-types: application/json

Options to start packet capture

Options_4

Uses default content-types: application/json

200 OK: Request success
400 Bad Request: Bad request
401 Unauthorized: Unauthorized


Bearer

Node Details API

GET /deepfence/v1.5/node/{node_id}

Tags: Node Control

Get full details of a node (hosts, containers, images, processes) by node_id


node_id	Node ID (refer enumerate api)	path	string

Uses default content-types: application/json

200 OK: Request success
400 Bad Request: Bad request
401 Unauthorized: Unauthorized


Bearer

Node Control API - Add User Defined Tags

POST /deepfence/v1.5/node/{node_id}/add_tags

Tags: Node Control

Add given tags to this node (Applicable node type - host, container, container_image)

Uses default content-types: application/json

Add tags to this node for easy identification

Options_5


node_id	Node ID (refer enumerate api)	path	string

Uses default content-types: application/json

200 OK: Request success
400 Bad Request: Bad request
401 Unauthorized: Unauthorized


Bearer

Compliance API - Get Applicable Compliance Scans

GET /deepfence/v1.5/node/{node_id}/applicable_compliance_scans

Tags: Compliance

Get list of applicable compliance scans for this node (Applicable node type - host, container, container_image)


node_id	Node ID (refer enumerate api)	path	string

Uses default content-types: application/json

200 OK: Request success
400 Bad Request: Bad request
401 Unauthorized: Unauthorized


Bearer

Node Control API - Start CVE

POST /deepfence/v1.5/node/{node_id}/cve_scan_start

Tags: Vulnerability Management

Start CVE on a node (Applicable node type - host, container, container_image)


node_id	Node ID (refer enumerate api)	path	string

Uses default content-types: application/json

200 OK: Request success
400 Bad Request: Bad request
401 Unauthorized: Unauthorized


Bearer

Node Control API - CVE Status

GET /deepfence/v1.5/node/{node_id}/cve_scan_status

Tags: Vulnerability Management

CVE Status for a node (Applicable node type - host, container, container_image)


node_id	Node ID (refer enumerate api)	path	string

Uses default content-types: application/json

200 OK: Request success
400 Bad Request: Bad request
401 Unauthorized: Unauthorized


Bearer

Node Control API - Stop CVE

POST /deepfence/v1.5/node/{node_id}/cve_scan_stop

Tags: Vulnerability Management

Stop CVE on a node (Applicable node type - host, container, container_image)


node_id	Node ID (refer enumerate api)	path	string

Uses default content-types: application/json

200 OK: Request success
400 Bad Request: Bad request
401 Unauthorized: Unauthorized


Bearer

Node Control API - Delete User Defined Tags

POST /deepfence/v1.5/node/{node_id}/delete_tags

Tags: Node Control

Delete given tags from this node (Applicable node type - host, container, container_image)

Uses default content-types: application/json

Delete given tags from this node

Options_6


node_id	Node ID (refer enumerate api)	path	string

Uses default content-types: application/json

200 OK: Request success
400 Bad Request: Bad request
401 Unauthorized: Unauthorized


Bearer

Node Control API - Scale Down

POST /deepfence/v1.5/node/{node_id}/kubernetes_scale_down

Tags: Node Control

Scale down kubernetes deployments (Applicable node type - kube_controller with kubernetes_node_type is Deployment or ReplicaSet)


node_id	Node ID (refer enumerate api)	path	string

Uses default content-types: application/json

200 OK: Request success
400 Bad Request: Bad request
401 Unauthorized: Unauthorized


Bearer

Node Control API - Scale Up

POST /deepfence/v1.5/node/{node_id}/kubernetes_scale_up

Tags: Node Control

Scale up kubernetes deployments (Applicable node type - kube_controller with kubernetes_node_type is Deployment or ReplicaSet)


node_id	Node ID (refer enumerate api)	path	string

Uses default content-types: application/json

200 OK: Request success
400 Bad Request: Bad request
401 Unauthorized: Unauthorized


Bearer

Node Control API - Start Packet Capture

POST /deepfence/v1.5/node/{node_id}/packet_capture_start

Tags: Node Control

Start Packet Capture on a node (Applicable node type - host, kube_service)

Uses default content-types: application/json

Options to start packet capture

Options_7


node_id	Node ID (refer enumerate api)	path	string

Uses default content-types: application/json

200 OK: Request success
400 Bad Request: Bad request
401 Unauthorized: Unauthorized


Bearer

Node Control API - Packet Capture Status

GET /deepfence/v1.5/node/{node_id}/packet_capture_status

Tags: Node Control

Packet Capture Status for a node (Applicable node type - host)


node_id	Node ID (refer enumerate api)	path	string

Uses default content-types: application/json

200 OK: Request success
400 Bad Request: Bad request
401 Unauthorized: Unauthorized


Bearer

Node Control API - Stop Packet Capture

POST /deepfence/v1.5/node/{node_id}/packet_capture_stop

Tags: Node Control

Stop Packet Capture on a node (Applicable node type - host)

Uses default content-types: application/json

Options (if applicable)


node_id	Node ID (refer enumerate api)	path	string

Uses default content-types: application/json

200 OK: Request success
400 Bad Request: Bad request
401 Unauthorized: Unauthorized


Bearer

Node Control API - Pause Node

POST /deepfence/v1.5/node/{node_id}/pause

Tags: Node Control

Pause a node (Applicable node type - container)

Uses default content-types: application/json

Options (if applicable)


node_id	Node ID (refer enumerate api)	path	string

Uses default content-types: application/json

200 OK: Request success
400 Bad Request: Bad request
401 Unauthorized: Unauthorized


Bearer

Node Control API - Restart Node

POST /deepfence/v1.5/node/{node_id}/restart

Tags: Node Control

Restart a node (Applicable node type - container)

Uses default content-types: application/json

Options (if applicable)


node_id	Node ID (refer enumerate api)	path	string

Uses default content-types: application/json

200 OK: Request success
400 Bad Request: Bad request
401 Unauthorized: Unauthorized


Bearer

Node Control API - Start Node

POST /deepfence/v1.5/node/{node_id}/start

Tags: Node Control

Start a node (Applicable node type - container)

Uses default content-types: application/json

Options (if applicable)


node_id	Node ID (refer enumerate api)	path	string

Uses default content-types: application/json

200 OK: Request success
400 Bad Request: Bad request
401 Unauthorized: Unauthorized


Bearer

Compliance API - Start Compliance Scan

POST /deepfence/v1.5/node/{node_id}/start_compliance_scan

Tags: Compliance

Start compliance scan on this node (Applicable node type - host, container, container_image)

Uses default content-types: application/json

Options to start compliance scan

Options_8


node_id	Node ID (refer enumerate api)	path	string

Uses default content-types: application/json

200 OK: Request success
400 Bad Request: Bad request
401 Unauthorized: Unauthorized


Bearer

Node Control API - Stop Node

POST /deepfence/v1.5/node/{node_id}/stop

Tags: Node Control

Stop a node (Applicable node type - container)

Uses default content-types: application/json

Options (if applicable)


node_id	Node ID (refer enumerate api)	path	string

Uses default content-types: application/json

200 OK: Request success
400 Bad Request: Bad request
401 Unauthorized: Unauthorized


Bearer

Node Control API - Unpause Node

POST /deepfence/v1.5/node/{node_id}/unpause

Tags: Node Control

Unpause a node (Applicable node type - container)

Uses default content-types: application/json

Options (if applicable)


node_id	Node ID (refer enumerate api)	path	string

Uses default content-types: application/json

200 OK: Request success
400 Bad Request: Bad request
401 Unauthorized: Unauthorized


Bearer

Protection Policy Exempt List: Delete given ip addresses from exempt list (exempt from network policy, workload protection policy)

DELETE /deepfence/v1.5/policy_exempt_list

Tags: Network Protection Policy, Workload Protection Policy

Delete given ip addresses from exempt list

Uses default content-types: application/json

Options_10

Uses default content-types: application/json

200 OK: Request success
400 Bad Request: Bad request
401 Unauthorized: Unauthorized


Bearer

Protection Policy Exempt List: Get all exempted (from network policy, workload protection policy) ip addresses

GET /deepfence/v1.5/policy_exempt_list

Tags: Network Protection Policy, Workload Protection Policy

Get all exempted ip addresses

Uses default content-types: application/json

200 OK: Request success
400 Bad Request: Bad request
401 Unauthorized: Unauthorized


Bearer

Protection Policy Exempt List: Add ip addresses to exempt list (exempt from network policy, workload protection policy)

POST /deepfence/v1.5/policy_exempt_list

Tags: Network Protection Policy, Workload Protection Policy

Add ip addresses to exempt list

Uses default content-types: application/json

Options_9

Uses default content-types: application/json

200 OK: Request success
400 Bad Request: Bad request
401 Unauthorized: Unauthorized


Bearer

Status API

POST /deepfence/v1.5/status

Tags: Enumerate

Get status of a previous request by status_id

Uses default content-types: application/json

Options

Options_11

Uses default content-types: application/json

200 OK: Request success
400 Bad Request: Bad request
401 Unauthorized: Unauthorized


Bearer

Authentication for API access

POST /deepfence/v1.5/users/auth

Tags: Authentication

Uses default content-types: application/json

JSON parameters.

body_1

application/json

200 OK

Authentication successful.

Example for application/json

{
  "data": {
    "access_token": "",
    "refresh_token": "",
  },
  "error": null,
  "success": true
}

400 Bad Request

Bad request.

Example for application/json

{
  "data": null,
  "error": {
    "message": "api_key is required"
  },
  "success": false
}

404 Not Found

API key not found.

Example for application/json

{
  "data": null,
  "error": {
    "message": "user with api_key aaaaa not found"
  },
  "success": false
}

User details.

GET /deepfence/v1.5/users/me

Tags: Authentication

Permission: ALL

application/json

200 OK: Request success.

inline_response_200
400 Bad Request: Bad request.
404 Not Found: User not found.


Bearer

Get all network policies created by the user.

GET /deepfence/v1.5/users/network_protection_policy

Tags: Network Protection Policy

application/json

200 OK: Request success
400 Bad Request: Bad request
401 Unauthorized: Unauthorized


Bearer

Add a network protection policy.

POST /deepfence/v1.5/users/network_protection_policy

Tags: Network Protection Policy

Uses default content-types: application/json

JSON parameters.

body_2

application/json

201 Created: Policy added successfully.
400 Bad Request: Bad request
401 Unauthorized: Unauthorized


Bearer

Delete a network policy

DELETE /deepfence/v1.5/users/network_protection_policy/{policy_id}

Tags: Network Protection Policy


policy_id		path	integer

Uses default content-types: application/json

204 No Content: Policy removed successfully.
400 Bad Request: Bad request
401 Unauthorized: Unauthorized


Bearer

Delete multiple network policy actions

DELETE /deepfence/v1.5/users/network_protection_policy_action

Tags: Network Protection Policy Action

Uses default content-types: application/json

JSON parameters.

body_3

Uses default content-types: application/json

200 OK: Policies deleted successfully.
400 Bad Request: Bad request
401 Unauthorized: Unauthorized


Bearer

Get all network policy actions created by the user.

GET /deepfence/v1.5/users/network_protection_policy_action

Tags: Network Protection Policy Action

application/json

200 OK: Request success
400 Bad Request: Bad request
401 Unauthorized: Unauthorized


Bearer

Delete a network policy action

DELETE /deepfence/v1.5/users/network_protection_policy_action/{policy_id}

Tags: Network Protection Policy Action


policy_id		path	integer

Uses default content-types: application/json

204 No Content: Policy action removed successfully.
400 Bad Request: Bad request
401 Unauthorized: Unauthorized


Bearer

Get/Delete network protection policy logs by filter

POST /deepfence/v1.5/users/network_protection_policy_log

Tags: Network Protection Policy Logs

Get/Delete network protection policy logs by filter

Uses default content-types: application/json

Options to get or delete policy logs

Options_12

application/json

200 OK: Request success
400 Bad Request: Bad request
401 Unauthorized: Unauthorized


Bearer

Delete network protection policy log by policy_log_id

DELETE /deepfence/v1.5/users/network_protection_policy_log/{policy_log_id}

Tags: Network Protection Policy Logs


policy_log_id		path	string

Uses default content-types: application/json

204 No Content: Policy log deleted successfully.
400 Bad Request: Bad request
401 Unauthorized: Unauthorized


Bearer

Get network protection policy log by given policy_log_id

GET /deepfence/v1.5/users/network_protection_policy_log/{policy_log_id}

Tags: Network Protection Policy Logs


policy_log_id	Policy log ID	path	string

application/json

200 OK: Request success
400 Bad Request: Bad request
401 Unauthorized: Unauthorized


Bearer

Delete multiple node network protection policies

DELETE /deepfence/v1.5/users/node_network_protection_policy

Tags: Workload Protection Policy

Uses default content-types: application/json

JSON parameters.

body_5

Uses default content-types: application/json

200 OK: Policies deleted successfully.
400 Bad Request: Bad request
401 Unauthorized: Unauthorized


Bearer

Get all node network protection policies created by the user.

GET /deepfence/v1.5/users/node_network_protection_policy

Tags: Workload Protection Policy


node_policy_type	Policy type - whitelist or blacklist	query	string , x ∈ { blacklist , whitelist }
node_id	Node id. Node has to be host \| container \| pod \| kube_service	query	string

application/json

200 OK: Request success
400 Bad Request: Bad request
401 Unauthorized: Unauthorized


Bearer

Add a node network protection policy.

POST /deepfence/v1.5/users/node_network_protection_policy

Tags: Workload Protection Policy

Uses default content-types: application/json

JSON parameters.

body_4

Uses default content-types: application/json

201 Created: Policy added successfully.
400 Bad Request: Bad request
401 Unauthorized: Unauthorized


Bearer

Delete a node network protection policy

DELETE /deepfence/v1.5/users/node_network_protection_policy/{policy_id}

Tags: Workload Protection Policy


policy_id		path	integer

Uses default content-types: application/json

204 No Content: Policy removed successfully.
400 Bad Request: Bad request.


Bearer

Get all quarantine policies created by the user.

GET /deepfence/v1.5/users/quarantine_protection_policy

Tags: Quarantine Protection Policy

application/json

200 OK: Request success
400 Bad Request: Bad request
401 Unauthorized: Unauthorized


Bearer

Add a quarantine protection policy.

POST /deepfence/v1.5/users/quarantine_protection_policy

Tags: Quarantine Protection Policy

Uses default content-types: application/json

JSON parameters.

body_6

application/json

201 Created: Policy added successfully.
400 Bad Request: Bad request
401 Unauthorized: Unauthorized


Bearer

Delete a quarantine policy

DELETE /deepfence/v1.5/users/quarantine_protection_policy/{policy_id}

Tags: Quarantine Protection Policy


policy_id		path	integer

Uses default content-types: application/json

204 No Content: Policy removed successfully.
400 Bad Request: Bad request
401 Unauthorized: Unauthorized


Bearer

Get/Delete quarantine protection policy logs by filter

POST /deepfence/v1.5/users/quarantine_protection_policy_log

Tags: Quarantine Protection Policy Logs

Get/Delete quarantine protection policy logs by filter

Uses default content-types: application/json

Options to get or delete policy logs

Options_13

application/json

200 OK: Request success
400 Bad Request: Bad request
401 Unauthorized: Unauthorized


Bearer

Delete quarantine protection policy log by policy_log_id

DELETE /deepfence/v1.5/users/quarantine_protection_policy_log/{policy_log_id}

Tags: Quarantine Protection Policy Logs


policy_log_id		path	string

Uses default content-types: application/json

204 No Content: Policy log deleted successfully.
400 Bad Request: Bad request
401 Unauthorized: Unauthorized


Bearer

Get quarantine protection policy log by given policy_log_id

GET /deepfence/v1.5/users/quarantine_protection_policy_log/{policy_log_id}

Tags: Quarantine Protection Policy Logs


policy_log_id	Policy log ID	path	string

application/json

200 OK: Request success
400 Bad Request: Bad request
401 Unauthorized: Unauthorized


Bearer

Delete multiple rate limit policies

DELETE /deepfence/v1.5/users/rate_limit_policy

Tags: Rate Limit Policy

Uses default content-types: application/json

JSON parameters.

body_8

Uses default content-types: application/json

200 OK: Policies deleted successfully.
400 Bad Request: Bad request
401 Unauthorized: Unauthorized


Bearer

Get all rate limit policies

GET /deepfence/v1.5/users/rate_limit_policy

Tags: Rate Limit Policy


node_id	Optionally filter by node id. Node has to be host \| kube_service	query	string

application/json

200 OK: Request success
400 Bad Request: Bad request
401 Unauthorized: Unauthorized


Bearer

Add a rate limit policy.

POST /deepfence/v1.5/users/rate_limit_policy

Tags: Rate Limit Policy

Uses default content-types: application/json

JSON parameters.

body_7

application/json

201 Created: Policy added successfully.
400 Bad Request: Bad request
401 Unauthorized: Unauthorized


Bearer

Generate a new access token using refresh token

POST /deepfence/v1.5/users/refresh/token

Tags: Authentication

Generate a new access token using refresh token. Usage (In header): Authorization: Bearer <refresh_token>

application/json

200 OK

Example for application/json

{
  "data": {
    "access_token": ""
  },
  "error": null,
  "success": true
}

400 Bad Request

Bad request

404 Not Found

User not found


Bearer

Reset API Key

POST /deepfence/v1.5/users/reset-api-key

Tags: Authentication

Permission: ALL

application/json

200 OK: Reset successful
400 Bad Request: Bad request.
404 Not Found: User not found.


Bearer

Get/Delete vulnerabilities by filter

POST /deepfence/v1.5/vulnerability

Tags: Vulnerability Management

Get/Delete vulnerabilities by filter

Uses default content-types: application/json

Options to get or delete vulnerabilities

Options_14

Uses default content-types: application/json

200 OK: Request success
400 Bad Request: Bad request
401 Unauthorized: Unauthorized


Bearer

Delete a vulnerability doc by vulnerability_id

DELETE /deepfence/v1.5/vulnerability/{vulnerability_id}

Tags: Vulnerability Management


vulnerability_id		path	string

Uses default content-types: application/json

204 No Content: Vulnerability deleted successfully.
400 Bad Request: Bad request
401 Unauthorized: Unauthorized


Bearer

Get vulnerability by given vulnerability_id

GET /deepfence/v1.5/vulnerability/{vulnerability_id}

Tags: Vulnerability Management


vulnerability_id	Vulnerability ID	path	string

Uses default content-types: application/json

200 OK: Request success
400 Bad Request: Bad request
401 Unauthorized: Unauthorized


Bearer

Get vulnerability scan diff between two scan ids for scans of same image or host

GET /deepfence/v1.5/vulnerability_scan_diff

Tags: Vulnerability Management

Get vulnerability scan diff between two scan ids for scans of same image or host


scan_id	scan_id of the vulnerability scan	query	string
compare_with_scan_id	scan_id of the vulnerability scan to be compared with	query	string

Uses default content-types: application/json

200 OK: Request success
400 Bad Request: Bad request
401 Unauthorized: Unauthorized


Bearer

Get vulnerability scan history

GET /deepfence/v1.5/vulnerability_scan_history

Tags: Vulnerability Management

Get vulnerability scan history

Uses default content-types: application/json

200 OK: Request success
400 Bad Request: Bad request
401 Unauthorized: Unauthorized


Bearer

Schema definitions

body: object

from_time_minutes: integer , { x ∈ ℤ | 1 ≤ x ≤ 10080 }

Check alerts happened in past 60 minutes

is_enabled: integer

Enable/disable this rule

node_type: string , x ∈ { host , container , container_image , pod , infra_wide }

On this node type, execute this rule conditions

"host"

on_classtype: string

On this classtype, trigger this rule (Pass on_intent or on_classtype)

"File Anomaly"

on_intent: string

On this intent, trigger this rule (Pass on_intent or on_classtype)

"Exploitation"

rule_name: string

Name for this rule (This will become classtype of new alert)

"Exploit"

run_interval_minutes: integer

Run this rule every 5 minutes

severity: string , x ∈ { info , low , medium , high , critical }

Severity of new alert to create, when rule condition is satisfied

"critical"

body_1: object

api_key: string

api_key

"qwjefwqkjfqkbvfq"

body_2: object

action: string , x ∈ { block (default) , ignore }

action to take, when a policy is enforced

"block"

alert_count_threshold: integer , { x ∈ ℤ | 1 ≤ x ≤ 999999999 }

When number of alerts (threshold) is this, policy will be executed

alert_from_time: integer , { x ∈ ℤ | 0 ≤ x ≤ 999999999 }

Only check in the past 'n' seconds, if ip address reached threshold

alert_level: string , x ∈ { critical , high , medium , low }

Alert level

"critical"

block_duration: integer , { x ∈ ℤ | 1 ≤ x ≤ 999999999 }

Number of seconds to block the ip address

node_type: string , x ∈ { host }

Node type

"host"

on_classtypes: string[]

On these classtypes, trigger this rule (Pass on_intents or on_classtypes)

[
    "File Anomaly"
]

string

on_intents: string[]

On these intents, trigger this rule (Pass on_intents or on_classtypes)

[
    "Exploitation"
]

string

body_3: object

policy_id_list: integer[]

List of policy ids

integer

body_4: object

action: string , x ∈ { block , unblock }

action to take, when a policy is enforced

"block"

block_duration: integer , { x ∈ ℤ | 1 ≤ x ≤ 999999999 }

Number of seconds to block/allow the ip address

ip_address_list: string[]

List of IP addresses

[
    "1.2.3.4"
]

string

node_id: string

Node id. Node has to be host | container | pod | kube_service

"lewkwelwev"

node_policy_type: string , x ∈ { blacklist , whitelist }

Policy type - whitelist or blacklist

"blacklist"

packet_direction: string , x ∈ { inbound , outbound }

Packet direction - inbound or outbound

"inbound"

port_list: string[]

List of ports

[
    "8080",
    "8081"
]

string

body_5: object

policy_id_list: integer[]

List of policy ids

integer

body_6: object

action: string , x ∈ { pause , stop , restart }

action to take, when a policy is enforced

"pause"

alert_count_threshold: integer , { x ∈ ℤ | 1 ≤ x ≤ 999999999 }

When number of alerts (threshold) is this, policy will be executed

alert_level: string , x ∈ { critical , high , medium , low }

Alert level / severity

"critical"

node_type: string , x ∈ { container , host , pod }

Node type

"container"

on_classtypes: string[]

On these classtypes, trigger this rule (Pass on_intents or on_classtypes)

[
    "File Anomaly"
]

string

on_intents: string[]

On these intents, trigger this rule (Pass on_intents or on_classtypes)

[
    "Exploitation"
]

string

body_7: object

ip_address_list: string[]

List of IP addresses

[
    "1.2.3.4"
]

string

node_id: string

Node id. Node has to be host | kube_service

"lewkwelwev"

rate_limit_after: integer , { x ∈ ℤ | 1 ≤ x ≤ 1000000 }

If connection count reaches this limit, stop connections till the end of the time unit

rate_limit_quantum: string , x ∈ { second , minute , hour , day }

Time unit

"minute"

body_8: object

policy_id_list: integer[]

List of policy ids

integer

deepfencev1.5alerts_filters: object

Filter alerts by various fields (key value pairs)

alert_id: string[]

Alert ids

[
    "ewqvfewqk",
    "ewokwlkevf"
]

string

anomaly: string[]

Anomaly types

[
    "network_anomaly"
]

string , x ∈ { network_anomaly , behavioral_anomaly , system_audit , syscall_anomaly }

container_image: string[]

Container image names

[
    "dev-1",
    "dev-2"
]

string

container_name: string[]

Container names

[
    "container-1",
    "container-2"
]

string

host_name: string[]

Host names

[
    "dev-1",
    "dev-2"
]

string

resource_type: string[]

Resource types

[
    "processes"
]

string , x ∈ { processes , files , network }

severity: string[]

Alert severity

[
    "critical"
]

string , x ∈ { critical , high , medium , low , info }

deepfencev1.5compliancescan_results_filters: object

Filter compliance scan results by various fields (key value pairs)

compliance_check_type: string[]

Compliance check type. Not all options are available. Check applicable compliance scans first.

[
    "pcidss"
]

string , x ∈ { cis , nist_master , nist_slave , pcidss , hipaa , standard }

host_name: string[]

Host names

[
    "dev-1",
    "dev-2"
]

string

node_id: string[]

Node ID (refer enumerate api)

[
    "wekgfewgj"
]

string

scan_id: string[]

Scan ID

[
    "wekgfewgj"
]

string

status: string[]

Test status

[
    "pass",
    "fail"
]

string

deepfencev1.5enumerate_filters: object

Filter vulnerabilities by various fields (key value pairs)

container_name: string[]

Container name (for type container, container_image)

[
    "redis",
    "mysql"
]

string

host_name: string[]

Host names

[
    "dev-1",
    "dev-2"
]

string

image_name: string[]

Container image names (for type container, container_image)

[
    "redis:latest",
    "mysql:latest"
]

string

interfaceNames: string[]

Interface names (for type host)

[
    "lo",
    "docker0",
    "eth0"
]

string

kernel_version: string[]

Kernel version (for type host)

[
    "4.13.0-1019-gcp #23-Ubuntu SMP Thu May 31 16:13:34 UTC 2018"
]

string

kubernetes_namespace: string[]

kubernetes namespace (for type pod, kube_controller, kube_service). Empty means all.

[
    "default"
]

string , x ∈ { default , , kube-public , kube-system }

kubernetes_node_type: string[]

kubernetes node type (for type kube_controller)

[
    "running"
]

string , x ∈ { Deployment , DaemonSet , ReplicaSet , CronJob , StatefulSet }

local_networks: string[]

Local networks in CIDR format (for type host)

[
    "127.0.0.1/8",
    "172.17.0.1/16"
]

string

os: string[]

Operating system (for type host)

[
    "linux"
]

string

packet_capture: string[]

Packet capture state (for type host)

[
    "running"
]

string , x ∈ { running , not_running }

pid: integer , { x ∈ ℤ | x ≥ 1 }

Process ID (for type process)

ppid: integer , { x ∈ ℤ | x ≥ 1 }

Parent process ID (for type process)

pseudo: boolean[]

Pseudo node or not

[
    false
]

boolean

publicIpAddress: string[]

Public IP of host (for type host)

[
    "1.2.3.4"
]

string

tags: string[]

User defined tags

[
    "prod"
]

string

type: string[]

Types of node

[
    "host"
]

string , x ∈ { host , container , container_image , container_by_name , process , process_by_name , pod , kube_controller , kube_service , swarm_service }

deepfencev1.5usersnetwork_protection_policy_log_filters: object

Filter policy logs by various fields (key value pairs)

action: string[]

What policy action was performed

[
    "block"
]

string , x ∈ { block , ignore }

alert_count_threshold: integer , { x ∈ ℤ | 1 ≤ x ≤ 999999999 }

Policy was executed when number of alerts (threshold) was this

alert_id: string[]

Alert id for which the policies got executed

[
    "ewqvfewqk",
    "ewokwlkevf"
]

string

block_duration: integer , { x ∈ ℤ | 1 ≤ x ≤ 999999999 }

Number of seconds ip address was blocked

block_ip: string[]

IP address which got blocked or ignored

[
    "111.222.333.444"
]

string

host_name: string[]

Host names

[
    "dev-1",
    "dev-2"
]

string

node_type: string[]

Node type

[
    "host"
]

string , x ∈ { host }

policy_created_by: string[]

Email address of user who created this network protection policy

[
    "demo@deepfence.io"
]

string

severity: string[]

Severity set in network protection policy

[
    "critical"
]

string , x ∈ { critical , high , medium , low }

deepfencev1.5usersquarantine_protection_policy_log_filters: object

Filter policy logs by various fields (key value pairs)

action: string[]

What policy action was performed

[
    "restart"
]

string , x ∈ { pause , stop , restart }

alert_count_threshold: integer , { x ∈ ℤ | 1 ≤ x ≤ 999999999 }

Policy was executed when number of alerts (threshold) was this

alert_id: string[]

Alert id for which the policies got executed

[
    "ewqvfewqk",
    "ewokwlkevf"
]

string

host_name: string[]

Host names

[
    "dev-1",
    "dev-2"
]

string

node_type: string[]

Node type

[
    "host"
]

string , x ∈ { host , container }

policy_created_by: string[]

Email address of user who created this quarantine protection policy

[
    "demo@deepfence.io"
]

string

severity: string[]

Severity set in quarantine protection policy

[
    "critical"
]

string , x ∈ { critical , high , medium , low }

deepfencev1.5vulnerability_filters: object

Filter vulnerabilities by various fields (key value pairs)

container_name: string[]

Container names

[
    "container-1",
    "container-2"
]

string

cve_container_image: string[]

Container image names

[
    "dev-1",
    "dev-2"
]

string

cve_container_image_id: string[]

Container image ids

[
    "ewqlkfn"
]

string

cve_id: string[]

CVE Id

[
    "CVE-2018-9234"
]

string

cve_severity: string[]

CVE severity

[
    "critical"
]

string , x ∈ { critical , high , medium , low }

host_name: string[]

Host names

[
    "dev-1",
    "dev-2"
]

string

scan_id: string[]

scan ids

[
    "scan1",
    "scan2"
]

string

vulnerability_id: string[]

Vulnerability ids

[
    "ewqvfewqk",
    "ewokwlkevf"
]

string

inline_response_200: object

data: object

User details

error: string

Error message, if any. Otherwise null

success: boolean

Success status

Options: object

action: string , x ∈ { get (default) , delete }

Action to perform - get or delete

detailed: boolean

Detailed alert (includes all fields) or simple alert

filters: deepfencev1.5alerts_filters

size: integer , { x ∈ ℤ | 1 ≤ x ≤ 10000 }

The numbers of alerts to return

start_index: integer , { x ∈ ℤ | 0 ≤ x ≤ 9999 }

The number of items to skip before starting to collect the result set

Options_1: object

action: string , x ∈ { get (default) , delete }

Action to perform - get or delete

filters: deepfencev1.5compliancescan_results_filters

size: integer , { x ∈ ℤ | 1 ≤ x ≤ 10000 }

The numbers of scan results to return

start_index: integer , { x ∈ ℤ | 0 ≤ x ≤ 9999 }

The number of items to skip before starting to collect the result set

Options_10: object

ip_address_list: string[]

List of ip addresses to delete from policy exempt list

[
    "1.2.3.4"
]

string

Options_11: object

id: string

Status ID which was sent in previous request. If a particular request takes longer, api call will reply a status id. This id should be used to query the status of that particular request. It status is success, it will respond data url where data will be available.

"qwkfjwqfkwqkf"

Options_12: object

action: string , x ∈ { get (default) , delete }

Action to perform - get or delete

filters: deepfencev1.5usersnetwork_protection_policy_log_filters

size: integer , { x ∈ ℤ | 1 ≤ x ≤ 10000 }

The numbers of policy logs to return

start_index: integer , { x ∈ ℤ | 0 ≤ x ≤ 9999 }

The number of items to skip before starting to collect the result set

Options_13: object

action: string , x ∈ { get (default) , delete }

Action to perform - get or delete

filters: deepfencev1.5usersquarantine_protection_policy_log_filters

size: integer , { x ∈ ℤ | 1 ≤ x ≤ 10000 }

The numbers of policy logs to return

start_index: integer , { x ∈ ℤ | 0 ≤ x ≤ 9999 }

The number of items to skip before starting to collect the result set

Options_14: object

action: string , x ∈ { get (default) , delete }

Action to perform - get or delete

filters: deepfencev1.5vulnerability_filters

group_by: string

Optionally group by cve_caused_by_package | cve_id

"cve_caused_by_package"

size: integer , { x ∈ ℤ | 1 ≤ x ≤ 10000 }

The numbers of vulnerabilities to return

start_index: integer , { x ∈ ℤ | 0 ≤ x ≤ 9999 }

The number of items to skip before starting to collect the result set

Options_2: object

id: string

Status ID which was sent in previous status api. If a particular request takes longer, api call will reply a status id. This id should be used to query the status of that particular request. It status is success, it will respond data url where data will be available.

"qwkfjwqfkwqkf"

Options_3: object

filters: deepfencev1.5enumerate_filters

size: integer , { x ∈ ℤ | 1 ≤ x ≤ 100000 }

The numbers of vulnerabilities to return

start_index: integer , { x ∈ ℤ | 0 ≤ x ≤ 99999 }

The number of items to skip before starting to collect the result set

Options_4: object

capture_percentage: integer , { x ∈ ℤ | 20 ≤ x ≤ 100 }

The percentage of traffic to capture

interface_name: string All

The interface to start packet capture (refer node details api / enumerate api for available interfaces for a node). To start on all interfaces, use 'All'

"eth0"

is_encrypted_capture: string , x ∈ { Y , N (default) }

Is it encrypted packet capture (Y | N)

"N"

node_id_list: string[]

Node ID's to start packet capture (refer enumerate api)

[
    "wekjnew",
    "rvewlvnw",
    "owifcwi"
]

string

"wekjnew"

port_list: integer[]

Ports to start packet capture

integer , { x ∈ ℤ | 1 ≤ x ≤ 65535 }

snap_length: integer , { x ∈ ℤ | 20 ≤ x ≤ 65535 }

Packet header length

Options_5: object

user_defined_tags: string[]

Add tags to this node for easy identification

[
    "prod",
    "dev"
]

string

"dev"

Options_6: object

user_defined_tags: string[]

Delete given tags from this node

[
    "prod",
    "dev"
]

string

"dev"

Options_7: object

capture_percentage: integer , { x ∈ ℤ | 20 ≤ x ≤ 100 }

The percentage of traffic to capture

interface_name: string All

The interface to start packet capture (refer node details api / enumerate api for available interfaces for a node). To start on all interfaces, use 'All'

"eth0"

is_encrypted_capture: string , x ∈ { Y , N (default) }

Is it encrypted packet capture (Y | N)

"N"

port_list: integer[]

Ports to start packet capture

integer , { x ∈ ℤ | 1 ≤ x ≤ 65535 }

snap_length: integer , { x ∈ ℤ | 20 ≤ x ≤ 65535 }

Packet header length

Options_8: object

compliance_check_type: string , x ∈ { cis , nist_master , nist_slave , pcidss , hipaa , standard , mission_critical_classified }

Compliance check type. Not all options are available. Check applicable compliance scans first.

"pcidss"

Options_9: object

ip_address_list: string[]

List of ip addresses to add to policy exempt list

[
    "1.2.3.4"
]

string