Expanding the PureSec API – Secure Your Functions Programmatically

Much of the promise of serverless has to do with the little-to-no management overhead it offers. No servers to patch, no operating systems updates, we all know the concept. Making sure your serverless applications are secure should be no different. The PureSec API lets you control your runtime protection policies programmatically, and get information about your serverless security posture.

 

We’ve recently made some updates to the PureSec API which make it easier than ever to automate the protection of your serverless applications. Here are a few ways PureSec customers leverage the API:

 

  • Pulling information about security events and pipe it to the event management system of your choice.
  • Automating configuration – for example, enforce a baseline security policy on all new functions.
  • Making bulk changes or updates to a large number of functions.

 

Here are some examples of actions you can perform with the PureSec API:

 

SecurityAlertFeed

Get a list of all security events and alerts.

Request body example:

Screen Shot 2019-04-07 at 9.43.59

 

GetFunctionPolicy

Retrieve a specific function’s security policy.

Returned fields:

mode – the function operation mode: Alert or Block

behavioralEngine – ‘true’ if the PureSec Behavioral Engine protection module is activated, ‘false’ otherwise.

firewall – ‘true’ if the PureSec Application Firewall protection module is activated, ‘false’ otherwise.

 

Request body example:

 

Screen Shot 2019-04-07 at 9.45.15 

 

SetFunctionPolicy

Configures a specific function’s security policy.

functionId – identify the function you would like to set its policy, for AWS functions use the function’s arn. 

The input object is comprised of the following parameters:

mode – is used to set the function to ‘Alert’ or ‘Block’

  • Alert – on a security event the function will continue to run and an alert will be sent to the PureSec platform
  • Block – on a security event the function will exit/stop running and an alert will be sent to the PureSec platform

behavioralEngine – toggle the PureSec Behavioral Engine protection module

  • true – activate PureSec Behavioral Engine
  • false – deactivate PureSec Behavioral Engine

firewall – toggle the PureSec Application Firewall protection module

  • true – activate PureSec Application Firewall
  • false – deactivate PureSec Application Firewall

 

Request body example:

 

Screen Shot 2019-04-07 at 9.45.28 

 

 

 

 



*** This is a Security Bloggers Network syndicated blog from PureSec Blog authored by PureSec Team. Read the original post at: https://www.puresec.io/blog/expanding-the-puresec-api-secure-your-functions-programmatically