Get Evaluation Reports

Use this API to download a report that is generated for the evaluation of a specified standard against a specified asset in
Control Compliance Suite
12.5.
Authentication
To grant access to users to view or execute
Control Compliance Suite
RESTful APIs, you must generate an authentication token.
Authorization requirements
You must have permissions to execute the following task to use the Get Reports API:
  • View evaluation results
You do not require permission on any
Control Compliance Suite
folder to use this API.
Request method
To download an evaluation report, create a
GET
request.
HTTPS request components for Get Evaluation Reports API
Create a GET request by using the following components:
Request component
Value
URL
https://<hostname>:<port number>/ccs/api/v1/Reports?assetid=<AssetGUID>& standardid=<StandardGUID>&reportfiletype=<fileformat>&jobrunid=<JobRunGUID>
You can also use the Fully Qualified Domain Name (FQDN) as the hostname. You can configure the port number from the
Integration Services Endpoint Configuration
dialog box from
Settings
>
Deployment View
on the
Control Compliance Suite
console. You must restart the Symantec Application Server Service after you configure the port. If you do not configure the port, the default port is considered in the request. The default port is 12431.
Content type
application/json
HTTPS request parameters for Get Evaluation Reports API
The following table contains the description of the HTTPS request parameters for the Get Reports API:
Field name
Field type
Data type
Description
AssetID
Mandatory
GUID
This is a unique identifier of an evaluated
Control Compliance Suite
asset for which an evaluation report is downloaded.
StandardID
Mandatory
GUID
This is a unique identifier of a standard against which asset is evaluated.
ReportFileType
Optional
String
This is the file format in which you want to download the evaluation report. Currently, only Microsoft Excel file format is supported.
To download the evaluation report in Microsoft Excel file format, you must complete the following prerequisites:
  • You must install Microsoft Excel on the computer on which you execute REST APIs.
  • You must create a folder called
    Desktop
    at the following location on the computer on which
    Control Compliance Suite
    is installed. The folder location varies depending on the Windows OS architecture:
* On a 64-bit (x64) computer
:
%WINDIR%\SysWow64\Config\SystemProfile
* On a 32-bit (x86) computer
:
%WINDIR%\System32\Config\SystemProfile
JobRunID
Mandatory
GUID
This is a unique identifier of the job run which contains the specified standard and asset.
Sample HTTPS request for Get Evaluation Reports API
The following is a sample HTTPS request for your reference:
HTTPS request components for Get Evaluation Reports API
Request component
Value
URL
https://<hostname>:<port number>/ccs/api/v1/Reports?assetid=a0f454cd-58c9-48f1-af22-3a38674b0bde& standardid=6B020D29-5FE8-47D0-BD89-CCD3339A5EBE&reportfiletype=excel&jobrunid=bef3270d-2079-465e-b193-07782075d473
Content type
application/json
Sample HTTPS response for Get Evaluation Reports API
On successful report generation, HTTPS response code 200 (OK) is returned along with a downloaded file that has the  'EvaluationResultExport_YYYY.MM.DD.HH.MM.SS.MSS'.xls naming convention. From Release 12.7.0, the downloaded report provides remediation information in the Remediaiton column.
HTTPS response codes for Get Evaluation Reports API
Depending on the success or the failure of your API request, you see the following response codes for the Get Evaluation Reports API:
Response Code
Response Type
Description
200
OK
The report file is successfully downloaded in the specified format.
404
NOT Found
This error is displayed if any of the input parameters does not exist in the
Control Compliance Suite
system.
403
Forbidden
This may be because the identified user does not have proper authorization to access the requested content.
401
Unauthorized
This may be because of an invalid or expired access token in an API request.
400
Bad Request
(Client Error)
The following error message is displayed:
Server could not understand the request due to invalid syntax. Please check requested URL.
500
Internal Server Error
(Server Error)
The following error message is displayed:
Server encountered an error while serving request. Please contact administrator if problem persists.
Sample Python script for Get Evaluation Reports API
Click to view a sample Python script for Get Evaluation Reports API
# Script to Generate evaluation report in excel format import requests from requests.packages.urllib3.exceptions import InsecureRequestWarning import xlwt import io import os # Variable # Replace the <hostname> with CCS application server host name # Replace the <port number> with the configured port number for REST API, Default Port Number : 12431 # Replace the <user name> and <password> with valid CCS user name and password for example: UserName = domain1\\administrator, password = <Base64 encoded> HostName = '<hostname>' PortNumber = '<port number>' UserName = '<user name>' Password = '<password>' #<Base64 encoded> ExcelFilePath = "c:\\Outputfile.xls" if os.path.exists(ExcelFilePath): os.remove(ExcelFilePath) # Function to generate CCS REST API access token def getToken(): urlToken = "https://" + HostName + ":" + PortNumber + "/ccs/api/v1/oauth/tokens" payload = "grant_type=password&username=" + UserName + "&password=" + Password +"" headers = {'Content-Type': "application/json"} responseToken = requests.request("POST", urlToken, data=payload, headers=headers, verify=False) autheticationresult = responseToken.status_code if (autheticationresult!=200) : print("\nToken Generation Failed. Please check if the REST API is enabled and User name and password is correct\n") exit() tokenDict = responseToken.json() token = tokenDict['access_token'] refreshToken = tokenDict['refresh_token'] print("bearer Token is:\n") print(token) print("\n Refresh Token is:\n") print(refreshToken) return token # CCS Report URI url = "https://" + HostName + ":" + PortNumber + "/ccs/api/v1/Reports" # Provide the Asset GUID, Standard GUID, Job GUID and Report file type as "excel". querystring = {"assetid":"<AssetID>", "standardid":"<StandardID>", "reportfiletype":"excel", "jobrunid":"<JobRunID>"} requests.packages.urllib3.disable_warnings(InsecureRequestWarning) bearertoken = "Bearer " + getToken() headers = { 'Authorization': bearertoken , 'Content-Type': "application/json" } response = requests.request("GET", url, headers=headers, params=querystring, verify=False) file = open(ExcelFilePath,"wb") file.write(response.content) file.close()