Search Standards

Use this API to retrieve the list of standards in the
Control Compliance Suite
12.5 Standards Manager.
Authentication
To grant access to users to view or execute
Control Compliance Suite
RESTful APIs, you must generate an authentication token.
Authorization requirements
You must have the permission to execute the following task to use the Search Standards API:
  • View standards
To use the Search Standards API, you must have the permission to access sub-folders in the Standards folder. You may not require permissions on the entire Standards hierarchy.
  Request method
To retrieve the list of standards in the
Control Compliance Suite
Standards Manager, create a
GET
request.
  HTTPS request components for Search Standards API
Create a GET request by using the following components:
HTTPS request components for Search Standards API
Request component
Value
URL
https://<hostname>:<port number>/ccs/api/v1/ Standards?Attributes=Attrname1 OP value1, Attrname2 OP value2, AttrnameN OP valueN)& ContainerPath=<Container path value>&SearchSubTree=<True/False>
You can also use the Fully Qualified Domain Name (FQDN) as the hostname. You can configure the port number from the
Integration Services Endpoint Configuration
dialog box from
Settings
>
Deployment View
on the
Control Compliance Suite
console. You must restart the Symantec Application Server Service after you configure the port. If you do not configure the port, the default port is considered in the request. The default port is 12431.
Content type
application/json
HTTPS request parameters for Search Standards API
The following table contains the description of the HTTPS request parameters for the Search Standards API:
HTTPS request parameters for Search Standards API
Field name
Field type
Data type
Description
Attributes
Mandatory
String
This is a comma-separated list of standard attributes and their respective values joined by an operator. The ‘OP’ placeholder in the HTTPS request components for Search Standards API section indicates a query operator, which can be any of the following:
  • =
  • EqualTo
  • Contains
  • StartsWith
  • EndsWith
All these query operators are case-sensitive.
Comma used in the list of attributes is treated as 'AND.'
Wildcard character asterisk (*) is supported in values to be specified.
The
Search Standards
API returns a list of standards along with their total count.
The following attributes are supported for this parameter:
  • DisplayName
  • Symc-Standard-Author
  • Symc-Standard-TargetTypeIDs
These attribute names are not case-sensitive.
Container path
Optional
String
This is the folder in which the search operation is executed. The default value of this parameter is
Standards
, which is the default root folder in the
Control Compliance Suite
standards hierarchy.
SearchSubtree
Optional
Boolean
By using this parameter, you can decide whether to search for the assets in the sub-folders recursively. The default value of this parameter is ‘True.’
Response body for Search Standards API
The GET request for the Search Standards API returns the response body in the following structure:
Success Response: [ { TotalCount:{Int}, StandardDetails":[ { "ID": {String}, "Name":{String}, "Version": {String}, "Author":{String}, "TargetTypes":[Array], "CreationDate":{Date}, "ModifiedDate":{Date}, "IsPredefined":{Boolean} }.. ]
The dates that are returned in the response are in UTC format.
Sample HTTPS request for Search Standards API
The following is a sample HTTPS request for your reference. We have used asset display name as an attribute in the sample:
GET https://<hostname>:<port number>/ccs/api/v1/Standards?searchCriteria=displayname=std&container=standards&Searchsubtree=true
  Sample HTTPS response for Search Standards API
The sample HTTPS request that you created earlier returns the following response:
{"TotalCount":2,"StandardDetails":[{"ID":"c983af4c-eb09-48bd-96af-ca170a12f373","Name":"std","Version":"1.3.0", "Author":"<domain name>\\<user name>","CreationDate":"2018-07-30T09:14:50","ModifiedDate":"2018-07-30T09:15:18","IsPredefined":false}, {"ID":"ed237ad3-c07c-42a3-abfb-dede5820a48b","Name":"std","Version":"1.0.0","Author":"<domain name>\\<user name>", "CreationDate":"2018-09-25T13:37:34","ModifiedDate":"2018-09-25T13:37:34","IsPredefined":false}]}
HTTPS response codes for Search Standards API
Depending on the success or the failure of your API request, you see the following response codes for the Search Standards API:
HTTPS response codes for Search Standards API
Response Code
Response Type
Description
200
OK
The list of standards is available with the following details:
  • Total count of standards
  • Standard details
    Standard details include the following information:
    • Standard GUID
    • Name of the standard
    • Version of the standard
    • Author of the standard
    • Whether the standard is predefined or custom
    • Date when the standard was created
    • Date when the standard was last modified
200
(with Total Count: 0 in response body)
OK
The request is completed successfully. However, there are no records matching the request parameters. In this case, the following response is returned. The total count of standards in this case is zero:
{ TotalCount:int, StandardDetails":[{}] }
403
Forbidden
The following error message is displayed:
You are not authorized to perform this task. Access is denied.
401
Unauthorized
This may be because of an invalid or expired access token in an API request.
400
Bad Request
(Client Error)
The following error message is displayed:
Server could not understand the request due to invalid syntax. Please check requested URL.
500
Internal Server Error
(Server Error)
The following error message is displayed:
Server encountered an error while serving request. Please contact administrator if problem persists.
Sample Python script for Search Standards API
Click to view a sample Python script for Search Standards API
#Script to retrieve the list of standards based on the search criteria mentioned in the request. import requests from requests.packages.urllib3.exceptions import InsecureRequestWarning # Declare Variables # Replace the <hostname> with CCS application server host name # Replace the <port number> with the configured port number for REST API, Default Port Number : 12431 # Replace the <user name> and <password> with valid CCS user name and password for example: UserName = domain1\\administrator, password = <Base64 encoded> HostName = '<hostname>' PortNumber = '<port number>' UserName = '<user name>' Password = '<password>' #<Base64 encoded> # Function to generate CCS REST API access token def getToken(): urlToken = "https://" + HostName + ":" + PortNumber + "/ccs/api/v1/oauth/tokens" payload = "grant_type=password&username=" + UserName + "&password=" + Password +"" headers = {'Content-Type': "application/json"} responseToken = requests.request("POST", urlToken, data=payload, headers=headers, verify=False) autheticationresult = responseToken.status_code if (autheticationresult!=200) : print("\nToken Generation Failed. Please check if the REST API is enabled and User name and password is correct\n") exit() tokenDict = responseToken.json() token = tokenDict['access_token'] refreshToken = tokenDict['refresh_token'] return token #Search Standard API endpoint URL url = "https://" + HostName + ":" + PortNumber + "/ccs/api/v1/Standards" #Search based on displayName of the standard and by using Contains Operator querystring = {"attributes":"displayName Contains red hat", "ContainerPath":"standards\\predefined\\unix", "Searchsubtree":"true"} #Search based on Symc-Standard-Author of the standard by using '=' Operator and displayName of the standard by using StartsWith Operator #querystring = {"attributes":"displayName Contains cis,Symc-Standard-Author=symantec", "ContainerPath":"standards\\predefined\\unix", "Searchsubtree":"true"} #Search based on displayName of the standard and TargetTypeIDs #querystring = {"attributes":"displayName Contains apache,symc-Standard-TargetTypeIDs=97546792-56b0-4020-9d88-f8786371f2d9", "ContainerPath":"standards\\predefined\\unix", "Searchsubtree":"true"} requests.packages.urllib3.disable_warnings(InsecureRequestWarning) bearertoken = "Bearer " + getToken() headers = { 'Authorization': bearertoken , 'Content-Type': "application/json" } response = requests.request("GET", url, headers=headers, params=querystring, verify=False) print(response.text) print(response.json)