Illumio Core Protection

illumio core protection provides segmentation to secure on premises and cloud data center workloads illumio core secure reduces the impact of breaches this connector integrates illumio core with turbine prerequisites this connector can be authenticated in one of two ways using email and password for pce account using api authentication username and api key secret capabilities this connector provides the following capabilities get a workload by id get firewall policies get ransomware details for a workload get security policy versions get ven instance details get workloads settings get workloads asset setup to create api keys in the pce web console, follow the following instructions in the drop down user menu, select my api keys a list of configured api keys is displayed if no api keys are configured, the message "no api keys" is displayed to add a new api key, click add in the create api key pop up window, enter a name for the api key in the name field optionally, enter a description in the description field click save to save your api key or click cancel to close the pop up window without saving your changes when the api key created window appears, click the > button next to "show credentials" to display the credentials for your api key the following information is displayed key id the unique id of the api key authentication username the username that authenticates the api calls secret the password for the api key click download credentials to download the credentials as a text file make sure that you have saved the credential information before clicking done after you click done , the api keys page displays a summary of your new api key, including the following information name description key id authentication username created on configurations api key authentication authenticates using api key configuration parameters parameter description type required url a url to the target host string required auth username api authentication username string required api secret api key secret string required verify ssl verify ssl certificate boolean optional http proxy a proxy to route requests through string optional email and password authentication authenticates using email and password configuration parameters parameter description type required url a url to the target host string required email email address used to create your pce account string required password password for your pce account string required verify ssl verify ssl certificate boolean optional http proxy a proxy to route requests through string optional pce fqdn fully qualified domain name for pce string required one time password one time password string optional actions get a workload by id get a workload by id endpoint url /api/v2/orgs/{{org id}}/workloads/{{workload id}} method get input argument name type required description workload id string required unique identifier org id string required unique identifier output parameter type description status code number http status code of the response reason string response reason phrase href string output field href deleted boolean output field deleted delete type string type of the resource name string name of the resource description string output field description managed boolean output field managed hostname string name of the resource service principal name string name of the resource agent to pce certificate authentication id object unique identifier distinguished name string name of the resource public ip string output field public ip external data set object response data external data reference object response data interfaces object output field interfaces name string name of the resource link state object output field link state address string output field address cidr block object unique identifier default gateway address object output field default gateway address network object output field network href string output field href name object name of the resource network detection mode object output field network detection mode example \[ { "status code" 200, "response headers" { "date" "mon, 23 oct 2023 18 35 52 gmt", "content type" "application/json; charset=utf 8", "content length" "270", "connection" "keep alive", "access control max age" "604800", "vary" "accept encoding", "content encoding" "gzip", "x correlation id" "ebc917c8ac68fc9bfb2c05b7abf10577, 491270c0187293672c0ad339c6678cec", "strict transport security" "max age=31536000; includesubdomains, max age=31536000; includesubdomains", "x frame options" "deny, deny", "x rate limit limit" "60", "x rate limit remain" "59", "x rate limit reset" "1698086751362", "access control allow origin" " ", "access control allow methods" "get,post,put,delete,patch" }, "reason" "ok", "json body" { "href" "string", "deleted" true, "delete type" "string", "name" "string", "description" "string", "managed" true, "hostname" "string", "service principal name" "string", "agent to pce certificate authentication id" null, "distinguished name" "string", "public ip" "string", "external data set" null, "external data reference" null, "interfaces" {}, "service provider" "string" } } ] get firewall policies get firewall policies endpoint url /api/v2/orgs/{{org id}}/sec policy/{{pversion}}/firewall settings method get input argument name type required description pversion string required parameter for get firewall policies org id string required unique identifier output parameter type description status code number http status code of the response reason string response reason phrase static policy scopes array output field static policy scopes 0 object output field 0 exclusion boolean output field exclusion label object output field label href string output field href key string output field key value string value for the parameter label group object output field label group href string output field href key string output field key name string name of the resource ike authentication type string type of the resource firewall coexistence object output field firewall coexistence allow captive portal outbound boolean output field allow captive portal outbound containers inherit host policy scopes array output field containers inherit host policy scopes 0 object output field 0 exclusion boolean output field exclusion label object output field label href string output field href key string output field key value string value for the parameter label group object output field label group href string output field href example \[ { "status code" 200, "response headers" { "date" "mon, 23 oct 2023 18 35 52 gmt", "content type" "application/json; charset=utf 8", "content length" "270", "connection" "keep alive", "access control max age" "604800", "vary" "accept encoding", "content encoding" "gzip", "x correlation id" "ebc917c8ac68fc9bfb2c05b7abf10577, 491270c0187293672c0ad339c6678cec", "strict transport security" "max age=31536000; includesubdomains, max age=31536000; includesubdomains", "x frame options" "deny, deny", "x rate limit limit" "60", "x rate limit remain" "59", "x rate limit reset" "1698086751362", "access control allow origin" " ", "access control allow methods" "get,post,put,delete,patch" }, "reason" "ok", "json body" { "static policy scopes" \[], "ike authentication type" "string", "firewall coexistence" null, "allow captive portal outbound" true, "containers inherit host policy scopes" \[], "blocked connection reject scopes" \[], "loopback interfaces in policy scopes" \[], "created at" "2023 05 01t16 34 30z", "updated at" "2023 05 01t16 34 30z", "deleted at" "2023 05 01t16 34 30z", "created by" {}, "updated by" {}, "deleted by" {}, "update type" "string" } } ] get ransomware details for a workload get ransomware details for a workload endpoint url /api/v2/orgs/{{org id}}/workloads/{{workload id}}/risk details method get input argument name type required description workload id string required unique identifier org id string required unique identifier output parameter type description status code number http status code of the response reason string response reason phrase risk details object output field risk details example \[ { "status code" 200, "response headers" { "date" "mon, 23 oct 2023 18 35 52 gmt", "content type" "application/json; charset=utf 8", "content length" "270", "connection" "keep alive", "access control max age" "604800", "vary" "accept encoding", "content encoding" "gzip", "x correlation id" "ebc917c8ac68fc9bfb2c05b7abf10577, 491270c0187293672c0ad339c6678cec", "strict transport security" "max age=31536000; includesubdomains, max age=31536000; includesubdomains", "x frame options" "deny, deny", "x rate limit limit" "60", "x rate limit remain" "59", "x rate limit reset" "1698086751362", "access control allow origin" " ", "access control allow methods" "get,post,put,delete,patch" }, "reason" "ok", "json body" { "risk details" {} } } ] get security policy versions get security policy versions endpoint url /api/v2/orgs/{{org id}}/sec policy method get input argument name type required description org id string required unique identifier output parameter type description status code number http status code of the response reason string response reason phrase href string output field href version number output field version workloads affected object output field workloads affected commit message object response message object counts object output field object counts rule sets number output field rule sets ip lists number output field ip lists services number output field services virtual services number output field virtual services label groups number output field label groups virtual servers number output field virtual servers firewall settings number output field firewall settings secure connect gateways number output field secure connect gateways enforcement boundaries number output field enforcement boundaries created at string output field created at created by object output field created by href string output field href example \[ { "status code" 200, "response headers" { "date" "mon, 23 oct 2023 18 35 52 gmt", "content type" "application/json; charset=utf 8", "content length" "270", "connection" "keep alive", "access control max age" "604800", "vary" "accept encoding", "content encoding" "gzip", "x correlation id" "ebc917c8ac68fc9bfb2c05b7abf10577, 491270c0187293672c0ad339c6678cec", "strict transport security" "max age=31536000; includesubdomains, max age=31536000; includesubdomains", "x frame options" "deny, deny", "x rate limit limit" "60", "x rate limit remain" "59", "x rate limit reset" "1698086751362", "access control allow origin" " ", "access control allow methods" "get,post,put,delete,patch" }, "reason" "ok", "json body" { "href" "string", "version" 0, "workloads affected" null, "commit message" null, "object counts" {}, "created at" "string", "created by" {} } } ] get ven instance details get details on a ven instance endpoint url /api/v2/orgs/{{org id}}/vens/{{ven id}} method get input argument name type required description ven id string required unique identifier org id string required unique identifier output parameter type description status code number http status code of the response reason string response reason phrase href string output field href name object name of the resource description object output field description hostname string name of the resource uid object unique identifier os id object unique identifier os detail object output field os detail os platform object output field os platform version string output field version status string status value activation type string type of the resource active pce fqdn object output field active pce fqdn target pce fqdn object output field target pce fqdn labels array output field labels href string output field href key string output field key value string value for the parameter interfaces array output field interfaces name string name of the resource link state object output field link state address string output field address cidr block object unique identifier default gateway address object output field default gateway address example \[ { "status code" 200, "response headers" { "date" "mon, 23 oct 2023 18 35 52 gmt", "content type" "application/json; charset=utf 8", "content length" "270", "connection" "keep alive", "access control max age" "604800", "vary" "accept encoding", "content encoding" "gzip", "x correlation id" "ebc917c8ac68fc9bfb2c05b7abf10577, 491270c0187293672c0ad339c6678cec", "strict transport security" "max age=31536000; includesubdomains, max age=31536000; includesubdomains", "x frame options" "deny, deny", "x rate limit limit" "60", "x rate limit remain" "59", "x rate limit reset" "1698086751362", "access control allow origin" " ", "access control allow methods" "get,post,put,delete,patch" }, "reason" "ok", "json body" { "href" "string", "name" null, "description" null, "hostname" "string", "uid" null, "os id" null, "os detail" null, "os platform" null, "version" "string", "status" "string", "activation type" "string", "active pce fqdn" null, "target pce fqdn" null, "labels" \[], "interfaces" \[] } } ] get workloads get all workloads endpoint url /api/v2/orgs/{{org id}}/workloads method get input argument name type required description org id string required unique identifier agent active pce fqdn string optional parameter for get workloads container clusters string optional parameter for get workloads description string optional parameter for get workloads enforcement mode string optional parameter for get workloads external data reference string optional response data external data set string optional response data hostname string optional name of the resource include deleted boolean optional parameter for get workloads ip address string optional parameter for get workloads labels string optional parameter for get workloads last heartbeat on\[gte] string optional parameter for get workloads last heartbeat on\[lte] string optional parameter for get workloads log traffic boolean optional parameter for get workloads managed boolean optional parameter for get workloads max results number optional result of the operation mode string optional parameter for get workloads name string optional name of the resource online boolean optional parameter for get workloads os id string optional unique identifier policy health string optional parameter for get workloads security policy sync state string optional parameter for get workloads security policy update mode string optional parameter for get workloads soft deleted boolean optional parameter for get workloads ven string optional parameter for get workloads output parameter type description status code number http status code of the response reason string response reason phrase href string output field href deleted boolean output field deleted delete type string type of the resource name string name of the resource description string output field description managed boolean output field managed hostname string name of the resource service principal name string name of the resource agent to pce certificate authentication id object unique identifier distinguished name string name of the resource public ip string output field public ip external data set object response data external data reference object response data interfaces object output field interfaces name string name of the resource link state object output field link state address string output field address cidr block object unique identifier default gateway address object output field default gateway address network object output field network href string output field href name object name of the resource network detection mode object output field network detection mode example \[ { "status code" 200, "response headers" { "date" "mon, 23 oct 2023 18 35 52 gmt", "content type" "application/json; charset=utf 8", "content length" "270", "connection" "keep alive", "access control max age" "604800", "vary" "accept encoding", "content encoding" "gzip", "x correlation id" "ebc917c8ac68fc9bfb2c05b7abf10577, 491270c0187293672c0ad339c6678cec", "strict transport security" "max age=31536000; includesubdomains, max age=31536000; includesubdomains", "x frame options" "deny, deny", "x rate limit limit" "60", "x rate limit remain" "59", "x rate limit reset" "1698086751362", "access control allow origin" " ", "access control allow methods" "get,post,put,delete,patch" }, "reason" "ok", "json body" { "href" "string", "deleted" true, "delete type" "string", "name" "string", "description" "string", "managed" true, "hostname" "string", "service principal name" "string", "agent to pce certificate authentication id" null, "distinguished name" "string", "public ip" "string", "external data set" null, "external data reference" null, "interfaces" {}, "service provider" "string" } } ] get workloads settings get workloads settings endpoint url /api/v2/orgs/{{org id}}/settings/workloads method get input argument name type required description org id string required unique identifier output parameter type description status code number http status code of the response reason string response reason phrase workload disconnected timeout seconds array output field workload disconnected timeout seconds scope array output field scope href string output field href value number value for the parameter ven type string type of the resource workload goodbye timeout seconds array output field workload goodbye timeout seconds scope array output field scope href string output field href value number value for the parameter ven type string type of the resource workload disconnected notification seconds array output field workload disconnected notification seconds scope array output field scope href string output field href warning number output field warning ven type string type of the resource ven uninstall timeout hours array output field ven uninstall timeout hours scope array output field scope href string output field href value number value for the parameter example \[ { "status code" 200, "response headers" { "date" "mon, 23 oct 2023 18 35 52 gmt", "content type" "application/json; charset=utf 8", "content length" "270", "connection" "keep alive", "access control max age" "604800", "vary" "accept encoding", "content encoding" "gzip", "x correlation id" "ebc917c8ac68fc9bfb2c05b7abf10577, 491270c0187293672c0ad339c6678cec", "strict transport security" "max age=31536000; includesubdomains, max age=31536000; includesubdomains", "x frame options" "deny, deny", "x rate limit limit" "60", "x rate limit remain" "59", "x rate limit reset" "1698086751362", "access control allow origin" " ", "access control allow methods" "get,post,put,delete,patch" }, "reason" "ok", "json body" { "workload disconnected timeout seconds" \[], "workload goodbye timeout seconds" \[], "workload disconnected notification seconds" \[], "ven uninstall timeout hours" \[] } } ] response headers header description example access control allow headers http response header access control allow headers authorization, x verify credentials authorization, x auth service provider, x twitter client version, content type access control allow methods http response header access control allow methods get,post,put,delete,patch access control allow origin http response header access control allow origin access control max age http response header access control max age 604800 connection http response header connection keep alive content encoding http response header content encoding gzip content length the length of the response body in bytes 270 content type the media type of the resource application/json; charset=utf 8 date the date and time at which the message was originated mon, 23 oct 2023 18 35 52 gmt strict transport security http response header strict transport security max age=31536000; includesubdomains, max age=31536000; includesubdomains vary http response header vary accept encoding x correlation id a unique identifier for correlating requests ebc917c8ac68fc9bfb2c05b7abf10577, 491270c0187293672c0ad339c6678cec x frame options http response header x frame options deny, deny x rate limit limit http response header x rate limit limit 60 x rate limit remain http response header x rate limit remain 59 x rate limit reset http response header x rate limit reset 1698086751362 notes api documentation https //docs illumio com/core/23 3/api reference/index html