Get security settings

This method returns suspicious activities rules and automatic remediation settings of the PTA Server configuration.

URL

 

Make sure there are no spaces in the URL.

The following characters are not supported in URL values: + & %

 

 

 
https://<IIS_Server_Ip>/PasswordVault/API/pta/API/Settings

The following values can be added in the URL. None of them are mandatory.

Resource information

HTTP method

GET

Content type

application/json

Header parameter

Parameter

Authorization

Type

String

Description

The JWT token that identifies the session.

Valid values

A session token that was returned from the “Logon” method.

Body parameters

None

Result

 

This is an example of the result for an array of events.
  
[ 
    {
    "riskyActivities": [
   {
       "id": "0", 
       "category": "KEYSTROKES",
       "regex": "(.*)netsh(.*)wlan(.*)key=clear(.*)", 
      "score": 40, 
      "description": "Indication of a privileged user using a decoding command in clear text to retrieve a WIFI password.", 
      "response": "NONE", 
       "active": true
    }
    {
       "id": "1", 
       "category": "SSH",
       "regex": "(.*)ssh(.*)start(.*)", 
      "score": 30, 
      "description": "Restarting the SSH service after a possible configuration change.", 
      "response": "NONE", 
       "active": true
    } 
     ],
"automaticRemediations": {
   "changePassword_SuspectedCredentialsTheft": false,
   "changePassword_OverPassTheHash": false,
   "reconcilePassword_SuspectedPasswordChange": true,
   "pendAccount_UnmanagedPrivilegedAccount": true
    }
 }
]

 

Parameter

riskyActivities

Type

Array

Description

Section that contains the current settings for PSM suspicious activities

Parameter

id

Type

String

Description

Unique string ID of the activity. Must be a valid positive number

Parameter

category

Type

String

Description

Categories of suspicious activities
Valid values:

  • SSH
  • WINDOWS
  • SCP
  • KEYSTROKES
  • SQL

Parameter

regex

Type

String

Description

Suspicious activity expression in regex form. Must support all characters (including "/" and escaping characters)

Parameter

score

Type

Integer

Description

Activity score. Number must be between 1 and 100

Parameter

description

Type

String

Description

Activity description. The field is mandatory but can be empty

Parameter

response

Type

String

Description

Automatic response to be executed
Valid values:

  • NONE
  • TERMINATE
  • SUSPEND

Parameter

active

Type

Boolean

Description

Indicates if the command is active

automaticRemediation

Parameter

changePassword_SuspectedCredentialsTheft

Type

Boolean

Description

Indicates if the command is active

Parameter

changePassword_OverPassTheHash

Type

Boolean

Description

Indicates if the command is active

Parameter

reconcilePassword_SuspectedPasswordChange

Type

Boolean

Description

Indicates if the command is active

Parameter

pendAccount_UnmanagedPrivilegedAccount

Type

Boolean

Description

Indicates if the command is active

Return codes

For a complete list of return codes, see Return Codes.