Analyzing Risks

The Risk Analysis API allows you to calculate the permissiveness in a path definition consisting of sources, destinations, and services. This is useful in assessing the risk in a requested change. For example, if a user requests access from IP address 1.1.1.1 to 2.2.2.2 you can use this API to calculate the permissiveness level in the requested change.

Permissiveness level (high/medium/low) is an indication of how widely a rule is defined, for example:

• A rule with one source host, one destination host, and one service is low permissiveness
• A rule with Source "ANY", Destination "ANY" and Protocol "ANY" is high permissiveness

Rules with high permissiveness can be a security risk because they allow too much access through the firewall. N/A indicates that the platform is not supported for permissiveness calculations.

Using the Risk Analysis API involves the following stages:

1. Create an Input ID based on required sources, destinations, and services.
2. Create a query with up to ten Input IDs to receive details of the risk in each Input ID

Create a USP Risk Analysis Task Input ID

To create a Task ID, create a mutation with the details of the sources, destination, and services in the change request.

Example Code

mutation {
  riskAnalysis {
    createUspRiskAnalysisTask(
    input: 
    {accessRequests: [
    {id: "14", 
      actionType: ALLOW, 
      sources: 
      	[{ip: "192.168.9.1", 
          netmask: "255.255.255.255", 
          ipType: IPV4},
          {ip: "192.168.9.2", 
            netmask: "255.255.255.255", 
            ipType: IPV4},], 
      destinations: 
      	[{ip: "10.100.0.0", 
          netmask: "255.255.255.0", 
          ipType: IPV4},
          {ip: "10.100.4.0", 
            netmask: "255.255.255.0", 
            ipType: IPV4}], 
      services: 
      	[{minProtocol: 6, 
          maxProtocol: 6},
          {minPort:1,maxPort:3}]}, 
    		]}) {
      taskId
      resultStatus {
        successful
        errorMessage
      }
    }
  }
}

Output

{
  "data": {
    "riskAnalysis": {
      "createUspRiskAnalysisTask": {
        "taskId": "Xvrw7IMzzvA8kSH9W99ecA==",
        "resultStatus": {
          "successful": true,
          "errorMessage": null
        }
      }
    }
  }
}

Generate Risk Analysis Query

Once you have one or more task IDs ("Xvrw7IMzzvA8kSH9W99ecA==" in the example above) you can use the ID to build a query to see the risk or violation severity.

Example Code

query{
  uspRiskAnalysisTask (filter: "id = Xvrw7IMzzvA8kSH9W99ecA=="){
    values {
      isCompleted
      violations {
        requirement{severity,}
        trafficViolationData {
          trafficUspRestriction{
            servicesExpressions,
            applicationNames,
            restrictionType,
            trafficUspRestrictionType}
        }
      }
    }
  }
}

Output

{
  "data": {
    "uspRiskAnalysisTask": {
      "single": {
        "isCompleted": true,
        "violations": [
          {
            "requirement": {
              "severity": "HIGH"
            },
            "trafficViolationData": {
              "trafficUspRestriction": {
                "servicesExpressions": null,
                "applicationNames": null,
                "restrictionType": "TRAFFIC",
                "trafficUspRestrictionType": "BLOCK_ALL"
              }
            }
          },
          {
            "requirement": {
              "severity": "HIGH"
            },
            "trafficViolationData": {
              "trafficUspRestriction": {
                "servicesExpressions": null,
                "applicationNames": null,
                "restrictionType": "TRAFFIC",
                "trafficUspRestrictionType": "BLOCK_ALL"
              }
            }
          }
        ]
      }
    }
  }
}