Dashboards
  • 5 minutes to read
  • Dark
    Light
  • PDF

Dashboards

  • Dark
    Light
  • PDF

Article summary

The senhasegura WebService A2A has methods of consulting the information copilated by the Dashboard module.

Caution

To use these methods the Dashboards ,resource must be selected in the application authorization.

Proxy session dashboard

GET /iso/dash/sessions/* 

This method will return the number of proxy sessions that have occurred and are still running. Next to the URI path, you must be informed which protocol you want. The other parameters must be provided as a URI query.

Protocols supported

  • jumpserver: Only proxy sessions that occurred through the senhasegura Terminal Proxy

  • rdpgate: Only proxy sessions that occurred through senhasegura RDP Proxy

  • ssh: Only SSH protocol proxy sessions regardless of which proxy technology was used

  • rdp: Only RDP protocol proxy sessions regardless of what proxy technology was used

  • rdpweb: Only RDP protocol proxy sessions that occurred through the senhasegura Web Proxy

  • sshweb: Only SSH protocol proxy sessions that occurred through the senhasegura Web Proxy

  • all: All sessions performed

Each protocol will return a dictionary containing different nodes representing the proxy technology used. As additional filters, the following parameters can be provided:

FieldTypeExampleReq.Obs.
ativoInteger1NoProvide 1 to indicate that only active sessions should be returned
data1String2020-01-30NoStart date of the query period. Format YYYY-MM-DD (ISO 8601)
data2String2020-03-30NoEnd date of the query period. Format YYYYY-MM-DD (ISO 8601)
hostnameStringmysrvNoHostname of the device to be queried. It must be the same as the hostname registered in the senhasegura .
userCredencialStringmycredusrNoUsername of the credential used to be queried.
usernameStringmyssusrNoUsername of the user passwords that performed the session.

See all sessions

GET /iso/dash/sessions/all 

Expected response

HTTP/1.1 200 OK 
{
    "response": {
        "status": 200,
        "mensagem": "Sessions",
        "erro": false,
        "message": "Sessions",
        "error": false
    },
    "sessions": {
        "enabled": {
            "Jump_Server": "1"
        },
        "historic": {
            "SQL": "1",
            "RDP_Web": "35",
            "RDP_Gate": "44",
            "SSH/Telnet": 76,
            "Jump_Server": 411,
            "HTTP_VNC": "70"
        }
    }
}

Response to query of sessions with invalid values

In this example no session will be returned because the data provided are invalid.

{
    "response": {
        "status": 200,
        "mensagem": "Sessions",
        "erro": false,
        "message": "Sessions",
        "error": false
    },
    "sessions": {
        "ativas": [],
        "historico": []
    }
}

Response to query SSH sessions

In this example, only SSH protocol sessions that have occurred, or have started within the period provided will be returned.

{
    "response": {
        "status": 200,
        "mensagem": "Sessions",
        "erro": false,
        "message": "Sessions",
        "error": false
    },
    "sessoes": {
        "historico": {
            "SSH/Telnet": "2",
            "Jump_Server": "1"
        },
        "ativas": {
            "Jump_Server": 1
        }
    }
}

Threat Dashboard

GET /iso/coge/risco/* 

This method will return proxy sessions and password custodies that are suspicious. Next to the URI path, you should be informed which type of operation you want. The other parameters must be provided as a URI query.

Queries Modes

  • all: Returns both the list of suspicious queries and suspicious accesses

  • queries: Returns only the list of suspicious queries

  • access: Returns only the list of suspicious accesses

As additional filters, the following parameters may be provided:

  • date1: Query start date period. Format YYYY-MM-DD (ISO 8601)

  • date2: Query end date period. Format YYYYY-MM-DD (ISO 8601)

  • hostname: Hostname of the device to be queried. It must be the same as the hostname registered in the senhasegura.

  • userCredential: Username of the credential used to be queried.

  • username: Username of the user senhasegura that you have performed the session

  • protocol: Set a protocol variable if you need to filter for a particular protocol.

  • rdp: RDP Proxy Sessions via senhasegura RDP Proxy and senhasegura Web Proxy.

  • rdpweb: RDP proxy sessions via senhasegura Web Proxy.

  • ssh: SSH Sessions from senhasegura Terminal Proxy or senhasegura Web Proxy.

  • sshweb: SSH Sessions from the senhasegura Web Proxy.

  • telnet: Telnet sessions from senhasegura Terminal Proxy or senhasegura Web Proxy.

  • vnchttp: Sessions to websites via senhasegura Web Proxy.

  • rdpgate: RDP Proxy Sessions via senhasegura RDP Proxy.

  • jumpserver: SSH Sessions from the senhasegura senhasegura Terminal Proxy.

  • sql: Database Sessions via senhasegura Web Proxy.

  • all: all proxy options.

Query all threats

GET /iso/coge/risco/all 

Expected response

HTTP/1.1 200 OK 
{
    "response": {
        "status": 200,
        "mensagem": "HigherRisk",
        "erro": false,
        "message": "HigherRisk",
        "error": false
    },
    "higher_risk": {
        "queries": [
            {
                "query_Cod": "2",
                "risk": "0",
                "query_date": "2021-03-05 10:00:07",
                "user_Cod": "87",
                "username": "Jose Pedro",
                "credential_cod": "1",
                "credential": "accounts",
                "additional_Info": "",
                "device": "Google (google.com)"
            },
            ...
        ],
        "access": [
            {
                "session_cod": "1",
                "host": "172.10.15.20",
                "port": "3389",
                "protocol": "rdp",
                "credential": "usrloclmtd",
                "risk": "0",
                "start_date": "2021-03-17 02:44:00",
                "end_date": "2021-03-17 02:44:34",
                "duration": "00:00:34",
                "user_Cod": "117",
                "username": "usrlmtd"
            },
            ...
        ]
    }
}

Expected response when the query is made with dates reversed

GET /iso/coge/risco/all?data1=2021-01-28&data2=2020-01-29 
{
    "response": {
        "status": 400,
        "mensagem": "Date1 greater than date2",
        "erro": false,
        "message": "Date1 greater than date2",
        "error": false
    }
}

Expected response when the query is made by providing credential and omitting hostname

GET /iso/coge/risco/all?userCredencial=CREDENTIALDC783 
{
    "response": {
        "status": 400,
        "mensagem": "hostname parameter is missing",
        "erro": false,
        "message": "hostname parameter is missing",
        "error": false
    }
}

Expected response when the query is made by providing hostname and omitting credential

GET /iso/coge/risco/all?hostname=HOSTNAMEIROHP 
{
    "response": {
        "status": 400,
        "mensagem": "userCredencial parameter is missing",
        "erro": false,
        "message": "userCredencial parameter is missing",
        "error": false
    }
}

Expected response when the query is made by providing an invalid protocol

GET /iso/coge/risco/all?protocolo=PROTOCOLOO4TZ5 
{
    "response": {
        "status": 400,
        "mensagem": "Invalid protocol",
        "erro": false,
        "message": "Invalid protocol",
        "error": false
    }
}

Query all suspicious credentials request

GET /iso/coge/risco/queries 

Expected response

HTTP/1.1 200 OK 
{
    "response": {
        "status": 200,
        "mensagem": "MaiorRisco",
        "erro": false,
        "message": "MaiorRisco",
        "error": false
    },
    "maior_risco": {
        "consultas": [
            {
                "Cod_Consulta": "1",
                "Risco": "0",
                "Data_Consulta": "2021-01-11 10:18:32",
                "Cod_Usuario": "102",
                "Nome_Usuario": "Peter Robinson Green",
                "Cod_Credencial": "5",
                "Credencial": "fakermainframeuser",
                "Info_Adicional": null,
                "Dispositivo": "fakeserver (10.20.10.15)"
            },

            ...
        ]
    }
}

Query all suspicious accesses

GET /iso/coge/risco/access 

Resposta esperada

HTTP/1.1 200 OK 
{
    "response": {
        "status": 200,
        "mensagem": "MaiorRisco",
        "erro": false,
        "message": "MaiorRisco",
        "error": false
    },
    "maior_risco": {
        "acessos": [
            {
                "Cod_Sessao": "1",
                "Host": "10.20.10.18",
                "Porta": "3389",
                "Protocolo": "rdp",
                "Credencial": "usrdomlmtd",
                "Risco": "0",
                "Data_Inicio": "2020-11-20 16:07:30",
                "Data_Fim": "2020-11-20 16:08:09",
                "Duracao": "00:00:39",
                "Cod_Usuario": "102",
                "Nome_Usuario": "Peter Robinson Greenr"
            },

            ...
        ]
    }
}

Credentials Dashboard

GET /iso/dash/credentials/* 

This method returns the status of the credentials managed by the senhasegura. To perform the query it is necessary to provide the desired status:

  • all: All states

  • expired: Expiry count only

  • using: Credential count only that are in use

Query all credentials

GET /iso/coge/credentials/all 

Expected response

HTTP/1.1 200 OK 
{
    "response": {
        "status": 200,
        "mensagem": "Credentials",
        "erro": false,
        "message": "Credentials",
        "error": false
    },
    "credentials": {
        "expired": "1",
        "using": "12"
    }
}

Query expired credentials

GET /iso/dash/credentials/expired 

Expected response

HTTP/1.1 200 OK 
{
    "response": {
        "status": 200,
        "mensagem": "Credenciais",
        "erro": false,
        "message": "Credenciais",
        "error": false
    },
    "credenciais": {
        "expiradas": "1"
    }
}

Query credentials in use

GET /iso/dash/credentials/using 
{
    "response": {
        "status": 400,
        "mensagem": "Invalid request",
        "erro": false,
        "message": "Invalid request",
        "error": false
    }
}

Expected response when an invalid state is provided

GET /iso/dash/credentials/expired 
{
    "response": {
        "status": 400,
        "mensagem": "Invalid request",
        "erro": false,
        "message": "Invalid request",
        "error": false
    }
}

Expected response when no status is provided

GET /iso/dash/credentials/ 
{
    "response": {
        "status": 404,
        "mensagem": "Resource/sub-resource not found",
        "erro": true,
        "cod_erro": 1,
        "message": "Resource/sub-resource not found",
        "error": true,
        "error_code": 1
    }
}

Was this article helpful?