Get Raw Results in JSON Format

Use this API to get evaluation results in raw JSON format for a specified standard and a specified asset in
Control Compliance Suite
12.5.
Authentication
To grant access to users to view or execute
Control Compliance Suite
RESTful APIs, you must generate an authentication token.
Authorization requirements
You must have permissions to execute the following task to use the Get Raw Results in JSON Format API:
  • View evaluation results
You do not require permission on any
Control Compliance Suite
folder to use this API.
Request method
To retrieve raw results in JSON format, create a
POST
request.
HTTPS request components for Get Raw Results in JSON Format API
Create a POST request by using the following components:
Request component
Value
URL
https://<hostname>:<port number>/ccs/api/v1/Results
You can also use the Fully Qualified Domain Name (FQDN) as the hostname. You can configure the port number from the
Integration Services Endpoint Configuration
dialog box from
Settings
>
Deployment View
on the
Control Compliance Suite
console. You must restart the Symantec Application Server Service after you configure the port. If you do not configure the port, the default port is considered in the request. The default port is 12431.
Content type
application/json
JSON body
{ "AssetID": "<asset-GUID>", "StandardID": "<standard-GUID>", "StandardVersion" : "n1.n2.n3", "JobRunID": "<job run GUID>", "CheckIDList":["GUID1", "GUID2"] }
HTTPS request parameters for Get Raw Results in JSON Format API
The following table contains the description of the HTTPS request parameters for the Get Raw Results in JSON Format:
Field name
Field type
Data type
Description
AssetID
Mandatory
GUID
This is a unique identifier of the evaluated
Control Compliance Suite
asset.
StandardID
Mandatory
GUID
This is a unique identifier of a standard against which asset is evaluated.
JobRunID
Optional
GUID
This is a unique identifier of the job run which contains the specified standard and asset.
If you do not use this parameter, the latest job run which contains the specified asset and standard is considered to retrieve results.
StandardVersion
Optional
Integer
This is the version of the standard against which asset is evaluated.
If you provide the job run ID, the results related to the specified job run ID are displayed irrespective of the version of the standard. If you neither provide job run ID nor standard version, the default version of the standard is displayed in results.
CheckIDList
Optional
GUID
This is the list of check IDs for which you want raw results.
If you do not use this parameter, evaluation results for the entire standard are displayed.
Sample HTTPS request for Get Raw Results in JSON Format API
The following is a sample HTTPS request for your reference:
Request component
Value
URL
https://<hostname>:<port number>/ccs/api/v1/Results
Content type
application/json
JSON body
{ "AssetID" : "0652284f-5c06-4b92-89b5-27e0144a700f", "StandardID" : "DBF4BB0F-9985-4F36-9E8F-7F79AD4B05E5", "StandardVersion" : "1.0.0", "JobRunID" : "a384a120-3d03-47fb-ac62-d647cec3e723" , "CheckIDList" : ["f2907f6e-596a-474f-9535-3049d77b4e1e"] }
Sample HTTPS response for Get Raw Results in JSON Format API
On successful completion of request, HTTPS response code 200 (OK) is returned along with a JSON file, which contains raw data similar to the following:
{ "RawEvaluationResult": { "Passed Checks": [ { "Check name": "4.1.1.1 Ensure auditd is installed", "Check status": "Pass", "CheckID": "429bd103-c7c7-46ad-8746-9a9e4a7f1e7e", "Risk": "N/A", "Confidentiality": "Partial", "Integrity": "Complete", "Availability": "Complete", "AccessComplexity": "High", "AccessVector": "Adjacent Network Accessible", "Authentication": "No Authentication", "RemediationDetails": "Run the following command to Install auditd```# dnf install audit audit-libs```" } ], "Failed Checks": [ { "Check name": "4.1.14 Ensure file deletion events by users are collected", "Check status": "Fail", "CheckID": "4881f7ad-8aea-4d21-86a9-c42a30791cf1", "Risk": "5", "Confidentiality": "No Impact", "Integrity": "Complete", "Availability": "Partial", "AccessComplexity": "Medium", "AccessVector": "Local Accessible", "Authentication": "Single Instance", "RemediationDetails": "Edit or create a file in the `/etc/audit/rules.d/` directory ending in `.rules`Example: `vi /etc/audit/rules.d/delete.rules`and add the following lines:```-a always,exit -F arch=b64 -S unlink -S unlinkat -S rename -S renameat -F auid>=1000 -F auid!=4294967295 -k delete-a always,exit -F arch=b32 -S unlink -S unlinkat -S rename -S renameat -F auid>=1000 -F auid!=4294967295 -k delete```Notes: At a minimum, configure the audit system to collect file deletion events for all users and root.Reloading the auditd config to set active settings may require a system reboot." } ], "Exempted Checks": [], "NotApplicable Checks": [ { "Check name": "1.11 Ensure system-wide crypto policy is FUTURE or FIPS", "Check status": "NotApplicable", "CheckID": "fa23b50b-092c-45d2-82e4-b73995d31865", "Evidence Details": [ { "EntityName": "Files", "Evidence": [ { "EvalCheckId": "be14a849-8d42-ef11-bfb1-0050568cc278", "CheckID": "fa23b50b-092c-45d2-82e4-b73995d31865", "ObjectDisplayName": "[No data available]", "ObjectTypeName": "Unix.File", "ObjectTypeDisplayName": "Files", "FieldName": "Unix.File.FullyQualifiedName", "FieldDisplayName": "File Name (With Path)", "FailedExpression": "File Name (With Path) exact '/etc/crypto-policies/config'", "CurrentValue": "[No data available]" } ] } ], "Risk": "N/A", "Confidentiality": "Partial", "Integrity": "Partial", "Availability": "No Impact", "AccessComplexity": "Medium", "AccessVector": "Network Accessible", "Authentication": "No Authentication", "RemediationDetails": "Run the following command to change the system-wide crypto policy```# update-crypto-policies --set FUTURE```ORTo switch the system to FIPS mode, run the following command:```fips-mode-setup --enable```Impact: The system-wide cryptographic policy in Red Hat Enterprise Linux 8 does not allow communication using older, insecure protocols. For environments that require to be compatible with Red Hat Enterprise Linux 5 and in some cases also with earlier releases, the less secure LEGACY policy level is available." } ], "Checks to be manually reviewed": [], "Asset Name": "10.105.164.211:10.105.164.211", "Standard Name": "CIS Benchmark for Red Hat Enterprise Linux 8 v1.0.0 level 2", "Compliance Statistics": { "Check(s) Passed": "9", "Check(s) Failed": "31", "Check(s) Error": "0", "Check(s) to be manually reviewed (Unknown checks)": "0", "Check(s) Total": "40", "Data collected on date": "7/15/2024 2:33:22 AM", "Compliance Score": "22.5", "Risk Score": "5.8" } } }
HTTPS response codes for Get Raw Results in JSON Format API
Depending on the success or the failure of your API request, you see the following response codes for the Get Raw Results in JSON Format API:
Response Code
Response Type
Description
200
OK
Raw results are retrieved successfully in JSON format.
404
NOT Found
This error is displayed if any of the input parameters does not exist in the
Control Compliance Suite
system.
403
Forbidden
This may be because the identified user does not have proper authorization to access the requested content.
401
Unauthorized
This may be because of an invalid or expired access token in an API request.
400
Bad Request
(Client Error)
The following error message is displayed:
Server could not understand the request due to invalid syntax. Please check requested URL.
500
Internal Server Error
(Server Error)
The following error message is displayed:
Server encountered an error while serving request. Please contact administrator if problem persists.
Sample Python script for Get Raw Results in JSON Format API
Click to view a sample Python script for Get Raw Results in JSON Format API
#Script to get evaluation result in raw JSON format for a specified standard and a specified asset in CCS. import requests from requests.packages.urllib3.exceptions import InsecureRequestWarning # Declare Variables # Replace the <hostname> with CCS application server host name # Replace the <port number> with the configured port number for REST API, Default Port Number : 12431 # Replace the <user name> and <password> with valid CCS user name and password for example: UserName = domain1\\administrator, password = <Base64 encoded> HostName = '<hostname>' PortNumber = '<port number>' UserName = '<user name>' Password = '<password>' #<Base64 encoded> # Function to generate CCS REST API access token def getToken(): urlToken = "https://" + HostName + ":" + PortNumber + "/ccs/api/v1/oauth/tokens" payload = "grant_type=password&username=" + UserName + "&password=" + Password +"" headers = {'Content-Type': "application/json"} responseToken = requests.request("POST", urlToken, data=payload, headers=headers, verify=False) autheticationresult = responseToken.status_code if (autheticationresult!=200) : print("\nToken Generation Failed. Please check if the REST API is enabled and User name and password is correct\n") exit() tokenDict = responseToken.json() token = tokenDict['access_token'] refreshToken = tokenDict['refresh_token'] return token #Get Evaluation Result API endpoint URL. url = "https://" + HostName + ":" + PortNumber + "/ccs/api/v1/Results" #Provide assetid, standardid and jobrunid to get the evaluation result of specific asset, standard and job run. payload = "{\"assetid\" : \"7ca3a38e-1e51-42ef-8b5d-88813eae0c14\", \"standardid\" : \"6b020d29-5fe8-47d0-bd89-ccd3339a5ebe\", \"jobrunid\" : \"cae05ae3-8454-43a9-9139-f678b66decf7\"}" #If you want to get the evaluation result of specific standard version, Please speificy standard version parameter. In this case, jobrunid parameter is not needed. #payload = "{\"assetid\" : \"7ca3a38e-1e51-42ef-8b5d-88813eae0c14\", \"standardid\" : \"6b020d29-5fe8-47d0-bd89-ccd3339a5ebe\", \"standardversion\" : \"1.3.0\"}" #To fetch the latest evaluation result of specific standard and asset, just mention asset id and standard id. #payload = "{\"assetid\" : \"7ca3a38e-1e51-42ef-8b5d-88813eae0c14\", \"standardid\" : \"6b020d29-5fe8-47d0-bd89-ccd3339a5ebe\"}" #To fetch the raw result for specific checks in the standard, you need to provide a list of check IDs in the checkidlist parameter. #payload = "{\"assetid\" : \"df8ce907-7c21-46d7-9372-79a5f5736088\", \"standardid\" : \"f61462b9-8f18-4e39-9e81-509e530fc231\", \"checkidlist\" : [\"7673bba8-1933-41ce-98d8-7fa7cca60c9f\",\"f8e64a6c-abe5-4eab-bfe9-19f1c4ad0c85\",\"62a3ce34-c54b-4800-9c87-2a31bcd7de66\",\"0f2a0ae1-150c-4658-b9c0-bfb6e17693c7\"]}" requests.packages.urllib3.disable_warnings(InsecureRequestWarning) bearertoken = "Bearer " + getToken() print("\n Bearer Token is:\n") print(bearertoken + "\n") headers = { 'Authorization': bearertoken , 'Content-Type': "application/json" } response = requests.request("POST", url, data=payload, headers=headers, verify=False) print(response.text) print(response.json)