Get security settings

This method returns suspicious activities rules and automatic remediation settings of the PTA Server configuration.

URL

  • Make sure there are no spaces in the URL.

  • The following characters are not supported in URL values: + & %

  • If the URL includes a dot (.), add a forward slash (/) at the end of the URL. For example: api/Safes/MySafe/Members/user@cyber.com/

 

 

 
https://<IIS_Server_Ip>/PasswordVault/API/pta/API/Settings

The following values can be added in the URL. None of them are mandatory.

Resource information

HTTP method

GET

Content type

application/json

Header parameter

Parameter

Authorization

Type

String

Description

The JWT token that identifies the session.

Valid values

A session token that was returned from the “Logon” method.

Body parameters

None

Result

 

This is an example of the result for an array of events.
  
[ 
    {
    "riskyActivities": [
   {
       "id": "0", 
       "category": "KEYSTROKES",
       "regex": "(.*)netsh(.*)wlan(.*)key=clear(.*)", 
      "score": 40, 
      "description": "Indication of a privileged user using a decoding command in clear text to retrieve a WIFI password.", 
      "response": "NONE", 
       "active": true
    }
    {
       "id": "1", 
       "category": "SSH",
       "regex": "(.*)ssh(.*)start(.*)", 
      "score": 30, 
      "description": "Restarting the SSH service after a possible configuration change.", 
      "response": "NONE", 
       "active": true
    } 
     ],
"automaticRemediations": {
   "changePassword_SuspectedCredentialsTheft": false,
   "changePassword_OverPassTheHash": false,
   "reconcilePassword_SuspectedPasswordChange": true,
   "pendAccount_UnmanagedPrivilegedAccount": true
    }
 }
]

 

Parameter

riskyActivities

Type

Array

Description

Section that contains the current settings for PSM suspicious activities

Parameter

id

Type

String

Description

Unique string ID of the activity. Must be a valid positive number

Parameter

category

Type

String

Description

Categories of suspicious activities
Valid values:

  • SSH
  • WINDOWS
  • SCP
  • KEYSTROKES
  • SQL

Parameter

regex

Type

String

Description

Suspicious activity expression in regex form. Must support all characters (including "/" and escaping characters)

Parameter

score

Type

Integer

Description

Activity score. Number must be between 1 and 100

Parameter

description

Type

String

Description

Activity description. The field is mandatory but can be empty

Parameter

response

Type

String

Description

Automatic response to be executed
Valid values:

  • NONE
  • TERMINATE
  • SUSPEND

Parameter

active

Type

Boolean

Description

Indicates if the command is active

automaticRemediation

Parameter

changePassword_SuspectedCredentialsTheft

Type

Boolean

Description

Indicates if the command is active

Parameter

changePassword_OverPassTheHash

Type

Boolean

Description

Indicates if the command is active

Parameter

reconcilePassword_SuspectedPasswordChange

Type

Boolean

Description

Indicates if the command is active

Parameter

pendAccount_UnmanagedPrivilegedAccount

Type

Boolean

Description

Indicates if the command is active

Return codes

For a complete list of return codes, see Return Codes.