VMware VSHIELD APP 1.0 - API Bedienungsanleitung

vShield API Programming GuidevShield 5.0.1vShield App 5.0.1vShield Edge 5.0.1vShield Endpoint 5.0.1This document supports the version of each product

vShield API Programming Guide10 VMware, Inc. Support OfferingsTofindouthowVMwaresupportofferingscanhelpmeetyourbusinessneeds,gotohttp:/

vShield API Programming Guide100 VMware, Inc. Example 8-24. Get XML representation of policy used in previous scanRequest:GET https://<vsm-ip>/

VMware, Inc. 101Chapter 8 vShield Data Security Configuration <providerName>Custom Accounts</providerName><description>Custom Accoun

vShield API Programming Guide102 VMware, Inc. credit card numbers, California drivers license numbers, US National Provider Numbers, group insurance n

VMware, Inc. 103Chapter 8 vShield Data Security Configuration <fileName>C:\TruePositives\SocialSecurityNumbersTP1.05.txt</fileName><fil

vShield API Programming Guide104 VMware, Inc. GET https://<vsm-ip>/api/2.0/dlp/violatingfilesascsvGet Violations in Entire InventoryYoucanview

VMware, Inc. 105 TheRESTAPIconfigurationofthevShieldEdgeandvShieldAppvirtualmachinessupportsschemasforinstallationandservicemanagem

vShield API Programming Guide106 VMware, Inc. </xs:element><xs:complexType name="ReleaseInfoType"> <!-

VMware, Inc. 107Appendix <xs:element name="id" type="xs:string" /><xs:element name="name" type="xs:string&

vShield API Programming Guide108 VMware, Inc. <xs:sequence><xs:element name="peerName"><xs:simpleType><xs:restriction b

VMware, Inc. 109Appendix </xs:all></xs:complexType></xs:element><xs:complexType name="InstallStatus"><xs:sequence

VMware, Inc. 11 1VMwarevShield™isasuiteofnetworkedgeandapplication‐awarefirewallsbuilt forVMwarevCenterServerintegration.vShieldin

vShield API Programming Guide110 VMware, Inc. vShield App Configuration SchemaThisschemaconfiguresavShieldAppafterinstallation.<?xml version

VMware, Inc. 111Appendix <xs:attribute name="subProtocolOfTypeValue" type="xs:int" use="optional" /></xs:comple

vShield API Programming Guide112 VMware, Inc. <xs:choice><xs:element name="applicationSetId" type="xs:string" /><xs

VMware, Inc. 113Appendix <xs:complexType name="Layer3FirewallRuleDto"><xs:complexContent><xs:extension base="FirewallRul

vShield API Programming Guide114 VMware, Inc. vShield App SpoofGuard Schema ThefollowingschemadetailsSpoofGuardconfiguration.<?xml version=&qu

VMware, Inc. 115Appendix <xs:element name="contextId" type="xs:string" /><xs:element name="inSync" type="x

vShield API Programming Guide116 VMware, Inc. <xs:element name="VshieldConfiguration"><xs:complexType><xs:choice><xs:el

VMware, Inc. 117Appendix <xs:element minOccurs="0" name="serviceStatsLocation" type="xs:string"/> <!-- Only for

vShield API Programming Guide118 VMware, Inc. <xs:element name="value" type="xs:string" /></xs:sequence></xs:comple

VMware, Inc. 119Appendix </xs:restriction></xs:simpleType></xs:element><xs:element minOccurs="0" name="protocol&qu

vShield API Programming Guide12 VMware, Inc. vShield EdgeAvShieldEdgevirtualapplianceprovidesnetworkedgesecuritytoprotectthevirtualmachin

vShield API Programming Guide120 VMware, Inc. </xs:restriction></xs:simpleType></xs:element><xs:element name="action"&g

VMware, Inc. 121Appendix <xs:pattern value="(infinite|\d{2,}|[1-9])"/></xs:restriction></xs:simpleType></xs:element>

vShield API Programming Guide122 VMware, Inc. <xs:minLength value="1"/><xs:maxLength value="256"/></xs:restriction&

VMware, Inc. 123Appendix </xs:sequence></xs:complexType><xs:complexType name="IpsecVpnTunnelStats"> <!-- Only in Respo

vShield API Programming Guide124 VMware, Inc. <xs:element name="keySize" type="KeySize"/></xs:sequence></xs:complex

VMware, Inc. 125Appendix <xs:element minOccurs="0" maxOccurs="unbounded" name="networkCounting" type="TrafficSta

vShield API Programming Guide126 VMware, Inc. <xs:element name="webLoadBalancerCapability" type="xs:boolean&

VMware, Inc. 127Appendix <xs:pattern value="(((25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d)\.){3}(25[0-5]|2[0-4]\d|1\d\d|[1-9]?\d))(-)(((25[0-5]|2[0-4]\d|

vShield API Programming Guide128 VMware, Inc. </xs:restriction></xs:simpleType><xs:simpleType name="Moid"><xs:restricti

VMware, Inc. 129Appendix Table 9-1. Error Message Status CodesCode Description200 OK Therequestwasvalidandhasbeencompleted.Generally,thisre

VMware, Inc. 13Chapter 1 Overview of VMware vShield <module name="SecurityGroup" baseUri="/api/2.0/services/securitygroup" vers

vShield API Programming Guide130 VMware, Inc.

DData Securityscanning 96EESX host preparation 35FfirewallvShield Appabout 60force syncvShield App 78IinstallationPort Group Isolation 35status 38vShi

vShield Edge 42vShield Endpoint 38, 85uninstalling a vShield 38unregistering a vShield Endpoint SVM 85VvShieldabout 11uninstalling 38vShield Appabout

vShield API Programming Guide14 VMware, Inc. Example 1-2. Determine the API version of a vShield AppGET https://<vsm-ip>/api/versions/app/<d

VMware, Inc. 15Chapter 1 Overview of VMware vShield How REST WorksOnceaURLofsuchanobjectisknowntoaclient,theclientcanuseanHTTPGETre

vShield API Programming Guide16 VMware, Inc. About the REST APIRESTAPIsuseHTTPrequests(oftensentbyscriptorhigh‐levellanguage)asawayofm

VMware, Inc. 17 2ThevShieldManagerrequirescommunicationwithyourvCenterServerandservicessuchasDNSandNTPtoprovidedetailsonyourVMwar

vShield API Programming Guide18 VMware, Inc. <vsmGlobalConfig xmlns="vmware.vshield.edge.2.0"> <vcInfo> <ipAddress>10.

VMware, Inc. 19Chapter 2 vShield Manager Management Example 2-5. Get vShield Manager configurationRequest:GET https://<vsm-ip>/api/2.0/global/c

VMware, Inc.3401 Hillview Ave.Palo Alto, CA 94304www.vmware.com2 VMware, Inc.vShield API Programming Guide You can find the most up-to-date technical

vShield API Programming Guide20 VMware, Inc. Configure vShield Manager Syslog ServerYoucanconfigurevShieldManagertosendlogstoasyslogserver.

VMware, Inc. 21Chapter 2 vShield Manager Management Get vShield Manager Audit LogsYoucangetvShieldManagerauditlogs.Example 2-14. GetvShieldMa

vShield API Programming Guide22 VMware, Inc. GET https://<vsm-ip>/api/2.0/services/usermgmt/user/<userId>Userinformationincludesuserna

VMware, Inc. 23Chapter 2 vShield Manager Management PUT https://<vsm-ip>/api/2.0/services/usermgmt/user/<userId>/enablestate/<value>

vShield API Programming Guide24 VMware, Inc. Role ManagementGet Role for a UserYoucanretrieveinformationabouttheroleassignedtothisuser.Examp

VMware, Inc. 25Chapter 2 vShield Manager Management Get List of Possible RolesYoucanretrievethepossiblerolesinvShieldManager .Example 2-26. G

vShield API Programming Guide26 VMware, Inc. <value>10.112.201.8-10.112.201.14</value> </ipset>The<scope-moref>canbeada

VMware, Inc. 27Chapter 2 vShield Manager Management List MACsets Created on a ScopeYoucanretrievealltheMACsetsthatwerecreatedonthespecified

vShield API Programming Guide28 VMware, Inc. <macset> <objectId /> <type> <typeName /> </type> <description>

VMware, Inc. 29Chapter 2 vShield Manager Management POST https://10.24.128.128/api/2.0/services/securitygroup/datacenter-31<?xml version="1.0&

VMware, Inc. 3 ContentsAboutThisBook 91 OverviewofVMwarevShield 11vShieldComponents 11vShieldManager 11vShieldApp 11vShieldEdge 12vShieldEn

vShield API Programming Guide30 VMware, Inc. </type><name>myvm</name><revision>10</revision><objectTypeName>Virtua

VMware, Inc. 31Chapter 2 vShield Manager Management DELETE https://<vsm-ip>/api/2.0/services/securitygroup/<securitygroup-id>/members/<

vShield API Programming Guide32 VMware, Inc.  MS_RPC_TCP MS_RPC_UDP NBNS_BROADCAST NBDG_BROADCASTOnlyTCPandUDPsupportcommaseparatedportnum

VMware, Inc. 33Chapter 2 vShield Manager Management Example 2-50. Delete applicationRequest:DELETE https://<vsm-ip>/api/2.0/services/applicatio

vShield API Programming Guide34 VMware, Inc.

VMware, Inc. 35 3YoucanextendthecapabilitiesofvShieldbyaddingthefollowingservices:vShieldApp,vShieldEndpoint,andvShieldEdge.Youmus

vShield API Programming Guide36 VMware, Inc. YoumustspecifythehostIDofthetargetESXhosttoinstallallservices.See“ESXHostPreparationand

VMware, Inc. 37Chapter 3 ESX Host Preparation for vShield App, vShield Endpoint, and vShield Data Security <VshieldConfiguration><VszInstallP

vShield API Programming Guide38 VMware, Inc. Getting the Installation Status of vShield Services on an ESX HostYoucanretrievetheinstallationorun

VMware, Inc. 39 4AfterESXhostpreparationiscomplete,youcansecureinternalnetworksbyinstallingavShieldEdge.Thischapterincludesthefollo

Title4 VMware, Inc. CreatingIPsetandMACsetContainers 25ListIPsetsCreatedonaScope 25CreateanIPsetonaScope 25GetDetailsofanIPset 26Mod

vShield API Programming Guide40 VMware, Inc. <mtu>1500</mtu> </interface> <interface> <isUplink>

VMware, Inc. 41Chapter 4 vShield Edge Installation <vshieldEdgeConfig xmlns="vmware.vshield.edge.2.0"> <installParams> <o

vShield API Programming Guide42 VMware, Inc. <action>allow</action> <enableLog>false</enableLog> <disabled&

VMware, Inc. 43 5YoucanmanagevShieldEdgeservicesandfirewallpolicieswiththeRESTAPI.YoucaninstallEdge,postanddeleteconfigurations,a

vShield API Programming Guide44 VMware, Inc. Get Capabilities of a vShield EdgeThiscallreturnscapabilitiesofthevShieldEdgeinstalledonthespe

VMware, Inc. 45Chapter 5 vShield Edge Management Ifaserviceconfigurationtagispresent,itmeansreplacetheconfiguration.Ifaserviceconfigura

vShield API Programming Guide46 VMware, Inc. vshieldEdgeConfig xmlns="vmware.vshield.edge.2.0"> <dhcpConfig> <binding>

VMware, Inc. 47Chapter 5 vShield Edge Management Example 5-11. Configure firewallPOST https://<vsm-ip>/api/2.0/networks/<internal-portgroup-

vShield API Programming Guide48 VMware, Inc. Example 5-12. Set firewall policy to allow allPOST https://<vsm-ip>/api/2.0/networks/<internal-

VMware, Inc. 49Chapter 5 vShield Edge Management <disabled>false</disabled> </rule> </firewallConfig></vshieldEdg

VMware, Inc. 5Contents DeleteDHCPConfiguration 46ConfigureFirewall 46ChangeFirewallRuletoAllow 47RevertFirewalltoDefault 48CreateFirewallR

vShield API Programming Guide50 VMware, Inc. Example 5-18. Configure NAT servicePOST https://<vsm-ip>/api/2.0/networks/<internal-portgroup-v

VMware, Inc. 51Chapter 5 vShield Edge Management Configure Load BalancerThevShieldEdgeprovidesloadbalancingforHTTPtraffic.Loadbalancing(up

vShield API Programming Guide52 VMware, Inc. Delete Load Balancer ConfigurationExample 5-23. Delete load balancer configurationPOST https://<vsm-i

VMware, Inc. 53Chapter 5 vShield Edge Management </vshieldEdgeConfig>Configure VPNvShieldEdgeagentssupportsite‐to‐siteIPsecVPNbetweenan

vShield API Programming Guide54 VMware, Inc.  The<peerIpAddress>canbeany,oranactualIPaddress.Ifany,thenthissidecanbearesponde

VMware, Inc. 55Chapter 5 vShield Edge Management <department>Engg</department> <city>Pune</city> <state>

vShield API Programming Guide56 VMware, Inc. </vshieldEdgeConfig>6Forthedatapathtowork,youneedtochangethedefaultfirewallpolicytoa

VMware, Inc. 57Chapter 5 vShield Edge Management Example 5-37. Get DHCP statisticsRequest:GET https://<vsm-ip>/api/2.0/networks/<internal-po

vShield API Programming Guide58 VMware, Inc. Get Service StatisticsYoucanretrievethevShieldEdgeservicestatistics.Theseareoftenrequiredfor

VMware, Inc. 59 6YoucanconfigurevShieldAppfirewallrulesandsyslogservicebyusingRESTAPIcalls.Thischapterincludesthefollowingtopics:

Title6 VMware, Inc. ShowPortGroupsthatcanbeMarkedasNamespace 73ShowConfiguredNamespacesinDatacenter 73GettingFlowStatisticDetails 73Get

vShield API Programming Guide60 VMware, Inc. Example 6-1. Retrieve the datacenter stateExample:GET https://<vsm-ip>/api/2.0/app/firewall/datace

VMware, Inc. 61Chapter 6 vShield App Management  <context>isthecontextIDofadatacenter,cluster,ordvPortGroup. <L>isthelistin

vShield API Programming Guide62 VMware, Inc. Getconsolidatedconfigurationsforthecontext:GET https://<vsm-ip>/api/2.0/app/firewall/datacente

VMware, Inc. 63Chapter 6 vShield App Management </address><application><protocol>41</protocol></application></destina

vShield API Programming Guide64 VMware, Inc. <address exclude="false"><containerId>domain-c26</containerId></address>

VMware, Inc. 65Chapter 6 vShield App Management <action>allow</action><logged>false</logged><notes></notes><sou

vShield API Programming Guide66 VMware, Inc. </address><application><protocol>1</protocol><protocolName>ICMP</protoco

VMware, Inc. 67Chapter 6 vShield App Management </VshieldAppConfiguration>Example 6-8. Get configuration of only Layer 3 firewall rules:GET htt

vShield API Programming Guide68 VMware, Inc. <containerId>domain-c26</containerId></address><application><applicationSetId&

VMware, Inc. 69Chapter 6 vShield App Management <protocol>2303</protocol><address exclude="false"><containerId>domai

VMware, Inc. 7Contents DataSecurityScanning 96Start,Pause,Resume,orStopaScanOperation 97QueryStatusforaScanOperation 97QueryingScanRes

vShield API Programming Guide70 VMware, Inc. <action>allow</action><logged>false</logged><notes></notes><destin

VMware, Inc. 71Chapter 6 vShield App Management </VshieldAppConfiguration> Get Fail-Safe Mode Configuration for vShield App FirewallExample 6-12

vShield API Programming Guide72 VMware, Inc. Example 6-15. Get SpoofGuard settingsExample:GET https://<vsm-ip>/api/2.0/spoofGuard/<contextID

VMware, Inc. 73Chapter 6 vShield App Management Intheexamplerequestbody,thenamespaceisdefinedasbeingsynonymouswithobjectnetwork-184.Get

vShield API Programming Guide74 VMware, Inc. Get Flow StatisticsYoucanretrieveflowstatisticsforadatacenter,portgroup,virtualmachine,orvNI

VMware, Inc. 75Chapter 6 vShield App Management Queryparametersaredescribedinthetablebelow.Get Flow Meta-DataYoucanretrievethefollowinginf

vShield API Programming Guide76 VMware, Inc.  totalflowcountExample 6-24. Get flow meta-data for flow typeExample:GET https://<vsm-ip>/api/

VMware, Inc. 77Chapter 6 vShield App Management Excluding Virtual Machines from vShield App ProtectionYoucanexcludeasetofvirtualmachinesfromv

vShield API Programming Guide78 VMware, Inc. Example 6-27. Delete virtual machine from exclusion listExample:DELETE https://<vsm-ip>/api/2.1/ap

VMware, Inc. 79Chapter 6 vShield App Management Querying vShield App Technical Support LogYoucangenerateanddownloadthediagnosticlogfromavShi

Title8 VMware, Inc.

vShield API Programming Guide80 VMware, Inc.

VMware, Inc. 81 7AvShieldEndpointappliancedeliversanintrospection‐basedantivirussolutionthatusesthehypervisortoscanguestvirtualmachin

vShield API Programming Guide82 VMware, Inc. Foralistofreturnstatuscodes,see“ReturnStatusCodes”onpage 86.Register a VendorYoucanregister

VMware, Inc. 83Chapter 7 vShield Endpoint Management <port>solution_port</port></LocationInfo> Intherequest,<vendor_id>

vShield API Programming Guide84 VMware, Inc. GET https://<vsm-ip>/api/2.0/endpointsecurity/registration/<vendor_id>/solutionsExample 7-8.

VMware, Inc. 85Chapter 7 vShield Endpoint Management </ActivatedSVMs>Intherequest,vendor_idistheVMware‐assignedIDforthevendor,whiles

vShield API Programming Guide86 VMware, Inc. Example 7-15. Unset IP address and portRequest:DELETE https://<vsm-ip>/api/2.0/endpointsecurity/re

VMware, Inc. 87Chapter 7 vShield Endpoint Management <xs:element name="Error"> <xs:complexType> <xs:sequence>

vShield API Programming Guide88 VMware, Inc.

VMware, Inc. 89 8vShieldDataSecurityprovidesvisibilityintosensitivedatastoredwithinyourorganization’svirtualizedandcloudenvironments.B

VMware, Inc. 9 Thismanual,thevShieldAPIProgrammingGuide,describeshowtoinstall,configure,monitor,andmaintaintheVMware®vShield™system

vShield API Programming Guide90 VMware, Inc. Defining a Data Security PolicyInordertodetectsensitivedatainyourenvironment,youmustcreatead

VMware, Inc. 91Chapter 8 vShield Data Security Configuration Example 8-2. Enable a regulationRequest:PUT https://<vsm-ip>/api/2.0/dlp/policy/re

vShield API Programming Guide92 VMware, Inc. Example 8-5. View the list of excludable areasRequest:GET https://<vsm-ip>/api/2.0/dlp/excludablea

VMware, Inc. 93Chapter 8 vShield Data Security Configuration </set>Specify Security Groups to be ScannedToscanasubsetofyourinventory,you

vShield API Programming Guide94 VMware, Inc. Example 8-10. Get excluded security groupsRequest:GET https://<vsm-ip>/api/2.0/dlp/policy/excluded

VMware, Inc. 95Chapter 8 vShield Data Security Configuration Example 8-12. Scan all files except PDF and XLXS filesRequest:PUT https://<vsm-ip>

vShield API Programming Guide96 VMware, Inc. <string>North America</string><string>USA</string></regions><categories&

VMware, Inc. 97Chapter 8 vShield Data Security Configuration Allvirtualmachinesinyourdatacenterarescannedonceduringascan.Ifthepolicyis

vShield API Programming Guide98 VMware, Inc. Get List of Virtual Machines Being Scanned Youcanretrieveinformationaboutthevirtualmachinesbeing

VMware, Inc. 99Chapter 8 vShield Data Security Configuration  idisanoptionalparameterwhichlimitsthefilterresultsbytheVCMOIDofadatacen