IoT Embedded Configuration Service

The Configuration service is used to set up and receive multiple configurations for the Nano Agent on the IoT using API. By default, the service is restricted to localhost access only.

Authentication

Authentication is required for services that access sensitive data. It allows only authenticated user to use the configuration service. It is recommended to use the authentication service to limit access to configuration service to authenticated users only. You must provide a password on the initial setup of the service and then always use the same password when you open an API request.

Note - Keep the password in a secure location and remember it. The hash of the password for the service is stored locally on the device. There is no option to recover the password in case you forget it, which might require a factory-default reset, meaning all configurations and data on the device will be lost.

Setting up a password with API

API Call

POST http://<localhost address of the IoT device>:7777/set-password

Request Body (application/json) schema

Copy

{
    "password": <String - Enter the password>
}

Resetting the password with API

API Call

POST http://<localhost address of the IoT device>:7777/set-new-password

Request Body (application/json) schema

Copy

{
    "previous_password": <String - Enter the previous password>,
    "new_password": <String - Enter the new password>
}

Configuration Service

Set Allow List

This API call allows you to set the whitelist for different protection plugins on the IoT device. For more information, see Allow-List and Block-List Files.

Note - This action replaces the existing whitelist on the device.

API Call

POST http://<localhost address of the IoT device>:7777/set-allowedlists

Request Body (application/json) schema

Copy

{
  "password" : <String - Enter the password>,
   "Allowedlists Name": [
           "Pattern 1",
            "Pattern 2",
            .
            .
            .
    ]
}

Parameter	Type	Description
Password	String	The password you set using set-password API
Allowedlists Name	String	The protection plugin for which the allowed list is to be set. Possible values are: filemon pta antisi logs

Parameter

Type

Description

Password

String

The password you set using set-password API

Allowedlists Name

String

The protection plugin for which the allowed list is to be set. Possible values are:

filemon
pta
antisi
logs

Get Allow List

This API call allows you to get the whitelist for different protection plugins on the IoT device.

API Call

POST http://<localhost address of the IoT device>:7777/show-allowedlists

Request Body (application/json) schema

Copy

{
      "password" : <String - Enter the password>
    }

Response

Copy

{
       "filemon": ["line1", "line2", …],
       "pta": ["line1", "line2", …],
       "antisi": ["line1", "line2", …],
       "logs": ["line1", "line2", …]
  }

Set Block List

This API call allows you to set the blocklist for different protection plugins on the IoT device.

Note - This action replaces the existing blocklist on the device.

API Call

POST http://<localhost address>:7777/set-blocklists

Request Body (application/json) schema

Copy

{
       "password" : <String - Enter the password>,
       "Blocklist Name": [
           "Pattern 1",
            "Pattern 2",
            .
            .
            .
         ]
     }

Parameter	Type	Description
Password	String	The password you set using set-password API
Blocklist Name	String	The protection plugin for which the blocklist is to be set. Possible values are: filemon processes

Parameter

Type

Description

Password

String

The password you set using set-password API

Blocklist Name

String

The protection plugin for which the blocklist is to be set. Possible values are:

filemon
processes

Get Block List

This API call allows you to get the blocklist for different protection plugins on the IoT device.

API Call

POST http://<localhost address of the IoT device>:7777/show-blockedlists

Request Body (application/json) schema

Copy

{
      "password" : <String - Enter the password>
    }

Response:

Copy

{
       "filemon": ["line1", "line2", …],
       "processes": ["line1", "line2", …]
 }

Set Killswitch

This API call allows you to set the killswitch value on the IoT device. For more information, see Global Switch File (killswitch).

API Call

POST http://<localhost address of the IoT device>:7777/set-killswitch

Request Body (application/json) schema

Copy

{
"password" : <String - Enter the password>,
"killswitch": <0, 1, 2>
}

Parameter	Type	Description
Password	String	The password you set using set-password API
killswitch	Integer	Killswitch value to be set: 0 - Deactivate killswitch 1 - Activate killswitch 2 - Activate killswitch and disable Workload Protection

Parameter

Type

Description

Password

String

The password you set using set-password API

killswitch

Integer

Killswitch value to be set:

0 - Deactivate killswitch
1 - Activate killswitch
2 - Activate killswitch and disable Workload Protection

Get Killswtich

This API call allows you to get the killswitch value on the IoT device.

API Call

POST http://<localhost address of the IoT device>:7777/show-killswitch

Request Body (application/json) schema

Copy

{
      "password" : <String - Enter the password>
    }

Response

Copy

  {
       "killswitch": <Integer>
  }

Set wlp conf

This API call allows you to set the parameters in wlp.conf file on the IoT device.

API Call

POST http://<localhost address of the IoT device>:7777/set-wlp-conf

Request Body (application/json) schema

Copy

{
      "password" : <String - Enter the password>,
      "relro": <Boolean>,
      "prevention": <Boolean>,
      "graceful_return": <Boolean>
   }

Parameter	Type	Description
Password	String	The password you set using the set-password API
relro	Boolean	0 - Disable Import table protection 1 - Enable Import table protection
prevention	Boolean	0 - Disable prevent mode (Works in detect mode) 1 - Enable prevent mode
graceful_return	Boolean	0 - Disable graceful return (Returns an error message without terminating the process when an attack is detected) 1 - Enable graceful return (Terminates the process when an attack is detected)

Get wlp conf

This API call allows you to get the parameters in wlp.conf file on the IoT device.

API Call

POST http://<localhost address of the IoT device>:7777/show-wlp-conf

Request Body (application/json) schema

Copy

{
      "password" : <String - Enter the password>
    }

Response

Copy

{
"relro": <Boolean>,
"prevention": <Boolean>,
"graceful_return": <Boolean>
}

Delete Crash Files

This API call allows you to delete the crash files on the IoT device.

API Call

POST http://<localhost address of the IoT device>:7777/set-agent-recovery

Request Body (application/json) schema

Copy

{
      "password" : <String - Enter the password>
    }

Get Crash Files Status

This API call returns the number of crash files created on the IoT device in the last week.

API Call

POST http://<localhost address of the IoT device>:7777/show-dump-files-status

Request Body (application/json) schema

Copy

{
      "password" : <String - Enter the password>
    }

Response

Copy

{
   "dump_files_last_week": <Integer>
}

Get Security Status

This API call returns the security status of the IoT device.

API Call

POST http://<localhost address of the IoT device>:7777/show-security-status

Request Body (application/json) schema

Copy

{
      "password" : <String - Enter the password>
    }

Response

Copy

{
"security_status": <Integer>
}

Parameter

Type

Description

security_status

String

1 - Protection is on.
0 - Protection is off.

Note - Security status is determined based on the number of crash files created in a week and the value of killswitch.

Protection is on only when killswitch = 0 and the number of crash files is less than three.