Use Insights to Create a Centralized CERT+ Dashboard
This API is used to fetch data from the existing Insights
reports and visualize it on a CERT+ centralized dashboard. This will allow tenants to
view all the data for an individual tenant in a single pane.
With this API, data from
the following widgets/reports can be consumed for the visualization on the
centralized
dashboard:
- CERT+ → Insights → Summary → CryptoScore widget (Including the score and horizontal bars with severity)
- CERT+ → Insights → Google 90-day → Google 90 Day Score (Including the score and horizontal bars with severity)
- CERT+ → Insights → Google 90-day → Non-Standard Certificates (Only numbers for each block, not drill down)
- CERT+ → Insights → Risk & Crypto → Non-Standard Certificates (Only numbers for each block, not drill down)
- CERT+ → Insights → Operation → CLM action trend (Data for Daily, Weekly, Monthly, Quarterly, Yearly)
Before you Begin
- Ensure that the user has the required permissions to access the Insights reports.
- Ensure that the user has the required permissions to execute this API.
Request Structure
| Endpoint: | /insights-report |
| Type: | GET |
| Action: | insights-report |
| Sample URL: |
To understand the elements of the sample URL, click here. |
| Headers | |
| Content-Type: | application/json |
| Name | Description |
|---|---|
| sessionId
|
(Mandatory if username and password are
not provided) Session ID received after login Type: String |
| username
|
(Mandatory if sessionId is not provided) AppViewX
login username Type: String |
| password
|
(Mandatory if sessionId is not provided) AppViewX
login password. Type: String |
| Content-Type
|
(Mandatory) Specifies the nature of the data in the
payload Type: String Constraint: Value of the parameter should be ‘application/json’ |
| gwsource
|
(Mandatory) Source from which the request is triggered.
(for example, external) Type: String |
| Payload
|
Contains all the parameters to be included in the
request body for the PUT request. Type: Payload |
Payload
| Name | Description |
|---|---|
| reportName | (Mandatory) Report types that have to be fetched for
the centralized dashboard Type: String Possible
values (one from the following):
|
| groupName | (Optional) Name of the certificate group for
filtering the report data to be fetched Type: String Deafult value: All certificate groups mapped to the logged in user |
| periodicity | (Mandatory only for the
OperationReport:clm-action-trend report type) Time
interval for filtering the report data to be fetched Type: String Possible values(one of the following):
|
Response Structure for the Crypto Score Summary Report
| Name | Description |
|---|---|
| reports | Object containing report details Type: reports |
| message | Success or failure description Type: String |
| appStatusCode | Application specific status code for the response
It is a non-null value for a failure response. Type: String |
| tags | Additional information for the failure response |
| Name | Description |
|---|---|
| name | Report name as specified in the payload |
| score | A numerical representation that indicates the overall compliance status or risk level |
| metrics | An object containing a detailed breakdown of the
individual parameters for each severity level that contributes to
the overall score Type: metrics |
| lastExecutedTime | Timestamp of when the report was last generated |
| Name | Description |
|---|---|
| severity | Risk level category assigned to classify the impact of the issues detected |
| count | Total no. of certificates that fall under the specified severity level |
| label | Display label assigned to the severity level |
| percent | Percentage of certificates that fall under the specified severity level |
Response Structure for the Google 90 Day Score Summary Report
| Name | Description |
|---|---|
| reports | Object containing the report details Type: reports |
| message | Success or failure description Type: String |
| appStatusCode | Application specific status code for the response
It is a non-null value for a failure response. Type: String |
| tags | Additional information for the failure response |
| Name | Description |
|---|---|
| name | Report name as specified in the payload |
| score | A numerical representation that indicates the overall compliance status or risk level |
| metrics | An object containing a detailed breakdown of the
individual parameters for each severity level that contributes to
the overall score Type: metrics |
| category | A qualitative label to represent the overall score range of the report |
| Name | Description |
|---|---|
| summary | An object containing the detailed breakdown of the
individual parameters for each severity level that contributes to
the overall score Type: summary |
| total | Total number of certificates evaluated in the report, across severity levels |
| non-standard | Number of certificates that are non-compliant to the cryptographic and policy guidelines |
| Name | Description |
|---|---|
| severity | Risk level category assigned to classify the impact of the issues detected |
| count | Total no. of certificates that fall under the specified severity level |
| label | Display label assigned to the severity level |
| percent | Percentage of certificates that fall under the specified severity level |
Response Structure for the Google 90 Day Non Standard Certificate Count Report
| Name | Description |
|---|---|
| reports | Object containing the report details Type: reports |
| message | Success or failure description Type: String |
| appStatusCode | Application specific status code for the response
It is a non-null value for a failure response. Type: String |
| tags | Additional information for the failure response |
| Name | Description |
|---|---|
| name | Report name as specified in the payload |
| count | Total number of non standard certificates evaluated in the report |
| executionTime | Timestamp of when the report was last generated |
| chartData | An object containing categorized counts of
non-standard certificates, grouped by compliance
issues Type: chartData |
| Name | Description |
|---|---|
| unknownCA | Total number of certificates issued by CAs that are not recognized or trusted |
| rootCAIssued | Total number of certificates issued by a root CA |
| sanMismatch | Total number of certificates with Subject Alternative Name (SAN) entries that do not match the domain or resource they’re deployed on |
| unAssociated | Total number of certificates that are not associated with an endpoint |
| selfSigned | Total number of certificates that are signed by the issuing CA |
| wildcard | Total number of certificates that use wildcard domains |
Response Structure for the Risk & Crypto Non Standard Certificate Count Report
| Name | Description |
|---|---|
| reports | Object containing the report details Type: reports |
| message | Success or failure description Type: String |
| appStatusCode | Application specific status code for the response
It is a non-null value for a failure response. Type: String |
| tags | Additional information for the failure response |
| Name | Description |
|---|---|
| name | Report name as specified in the payload |
| count | Total number of non standard certificates evaluated in the report |
| executionTime | Timestamp of when the report was last generated |
| chartData | An object containing categorized counts of
non-standard certificates, grouped by compliance
issues Type: chartData |
| Name | Description |
|---|---|
| unknownCA | Total number of certificates issued by CAs that are not recognized or trusted |
| rootCAIssued | Total number of certificates issued by a root CA |
| sanMismatch | Total number of certificates with Subject Alternative Name (SAN) entries that do not match the domain or resource they’re deployed on |
| unAssociated | Total number of certificates that are not associated with an endpoint |
| selfSigned | Total number of certificates that are signed by the issuing CA |
| wildcard | Total number of certificates that use wildcard domains |
Response Structure for the Operation CLM Action Trend Report
| Name | Description |
|---|---|
| reports | Object containing the report details Type: reports |
| message | Success or failure description Type: String |
| appStatusCode | Application specific status code for the response
It is a non-null value for a failure response. Type: String |
| tags | Additional information for the failure response |
| Name | Description |
|---|---|
| name | Report name as specified in the payload |
| periodicity | Time interval used for filtering the data evaluated by the report |
| dataList | Object containing timestamped data points and the
corresponding count of certificates on which the specified CLM
action was performed, collected over the defined
periodicity Type: dataList |
| Name | Description |
|---|---|
| values | Object containing timestamped data points and
certificate index number Type: values |
| action | CLM action used for grouping the data points over the given periodicity |
| Name | Description |
|---|---|
| x | Timestamp of the action performed |
| y | Number of certificates on which the CLM action was executed at the specified timestamp |
Status Codes
| HTTP Code | appStatusCode | Response Message |
|---|---|---|
| 401 Unauthorized | AVX_GW_003 | Authentication failed, reason: Invalid
credentials Remediation: Ensure that valid username and password or a valid sessionId is provided as header parameters. |
| 400 Bad Request | VALIDATION_ERROR_0004 | Mandatory field missing or invalid
value Remediation: Ensure that the missing mandatory field, as specified in the error response, is included in the payload and is assigned a valid value. |
| 403 Forbidden | AVX_GW_005 | User does not have access to the targeted
API. Remediation: Ensure that the user has all the requisite ACF permissions to assign certificates to the group. |
| 403 Forbidden | CERT-REPORT_1015 | User does not have access to the certificate
group. Remediation: Ensure that
|
| 417 Expectation Failed | CERT-FV-001 | Invalid query parameter Remediation: Ensure that the query does not contain an invalid parameter or an invalid value assigned to a valid parameter. |
| 417 Expectation Failed | CERT-FV-001 | Null/empty value assigned to a query
paramter Remediation: Ensure that no query parameters are assigned null/empty values. |
| 417 Expectation Failed | CERT-FV-001 | The periodicity parameter is included in the query
for a non-compatible report type. Remediation: The periodicity parameter is applicable only for the OperationReport:clm-action-trend report. |
Sample Request/Response for the Crypto Score Summary Report
Sample
Request
https://<IP/HostName/TenantName>:<GWPORT>/avxapi/insights-report?reportName=CryptoScore:summary&groupName=Default&gwsource=externalSample
Response
{
"response": {
"score": "10.0",
"metrics": [
{
"severity": "Critical",
"count": 0,
"label": "Critical",
"percent": 0.0
},
{
"severity": "High",
"count": 0,
"label": "High",
"percent": 0.0
},
{
"severity": "Medium",
"count": 0,
"label": "Medium",
"percent": 0.0
},
{
"severity": "Low",
"count": 0,
"label": "Low",
"percent": 0.0
},
{
"severity": "Good",
"count": 18,
"label": "Good",
"percent": 100.0
}
]
},
"message": null,
"appStatusCode": null,
"tags": {
"lastExecutedTime": 1751271654306
},
"headers": null
}
Sample Request/Response for the Google 90 Day Score Summary Report
Sample
Request
https://<IP/HostName/TenantName>:<GWPORT>/avxapi/insights-report?reportName=Google90DayScore:summary&groupName=Default&gwsource=externalSample
Response
{
"response": {
"score": "8.8",
"metrics": {
"summary": [
{
"severity": "Critical",
"count": 0,
"label": "2 years or above",
"percent": 0.0
},
{
"severity": "High",
"count": 0,
"label": "398 days - 2 years",
"percent": 0.0
},
{
"severity": "Medium",
"count": 17,
"label": "91 - 397 days",
"percent": 100.0
},
{
"severity": "Low",
"count": 0,
"label": "1 - 30 days",
"percent": 0.0
},
{
"severity": "Good",
"count": 0,
"label": "31 - 90 days",
"percent": 0.0
}
],
"total": 17,
"non-standard": 17
},
"category": "Excellent"
},
"message": null,
"appStatusCode": null,
"tags": {
"lastExecutedTime": 1751271575587
},
"headers": null
}
Sample Request/Response for the Google 90 Day Non Standard Certificate Count Summary Report
Sample
Request
https://<IP/HostName/TenantName>:<GWPORT>/avxapi/insights-report?reportName=Google90DayScore:non-standard-certificate-count&groupName=Default&gwsource=externalSample
Response
{
"response": {
"name": "non-standard-certificate-count",
"category": "all",
"executionTime": 1751271208521,
"chartData": {
"unknownCA": 0,
"rootCAIssued": 0,
"sanMismatch": 17,
"unAssociated": 17,
"selfSigned": 0,
"wildcard": 0
},
"status": "Completed",
"delta": false,
"_id": "non-standard-certificate-count-all"
},
"message": null,
"appStatusCode": null,
"tags": {
"lastExecutedTime": 1751271208521
},
"headers": null
}
Sample Request/Response for the Risk & Crypto Non Standard Certificate Count Summary Report
Sample
Request
https://<IP/HostName/TenantName>:<GWPORT>/avxapi/insights-report?reportName=CryptoRiskReport:non-standard-certificate-count&groupName=Default&gwsource=externalSample Response
{
"response": {
"name": "non-standard-certificate-count",
"category": null,
"executionTime": 1751271424910,
"chartData": {
"unknownCA": 0,
"rootCAIssued": 0,
"sanMismatch": 17,
"unAssociated": 18,
"selfSigned": 0,
"wildcard": 0
},
"status": "Completed",
"delta": false,
"_id": "non-standard-certificate-count"
},
"message": null,
"appStatusCode": null,
"tags": {
"lastExecutedTime": 1751271424910
},
"headers": null
}
Sample Request/Response for the Operation CLM Action Trend Report
Sample
Request
https://<IP/HostName/TenantName>:<GWPORT>/avxapi/insights-report?reportName=OperationReport:clm-action-trend&groupName=Default&gwsource=externalSample
Response
{
"response": {
"dataList": [
{
"values": [
{
"x": 1751155200000,
"y": 0
},
{
"x": 1751068800000,
"y": 0
},
{
"x": 1750982400000,
"y": 0
},
{
"x": 1750896000000,
"y": 0
},
{
"x": 1750809600000,
"y": 0
},
{
"x": 1750723200000,
"y": 0
},
{
"x": 1750636800000,
"y": 0
}
],
"key": "Revoked"
},
{
"values": [
{
"x": 1751155200000,
"y": 0
},
{
"x": 1751068800000,
"y": 0
},
{
"x": 1750982400000,
"y": 0
},
{
"x": 1750896000000,
"y": 0
},
{
"x": 1750809600000,
"y": 0
},
{
"x": 1750723200000,
"y": 0
},
{
"x": 1750636800000,
"y": 0
}
],
"key": "Renewed"
},
{
"values": [
{
"x": 1751155200000,
"y": 0
},
{
"x": 1751068800000,
"y": 0
},
{
"x": 1750982400000,
"y": 0
},
{
"x": 1750896000000,
"y": 0
},
{
"x": 1750809600000,
"y": 2
},
{
"x": 1750723200000,
"y": 0
},
{
"x": 1750636800000,
"y": 0
}
],
"key": "Enrolled"
},
{
"values": [
{
"x": 1751155200000,
"y": 0
},
{
"x": 1751068800000,
"y": 0
},
{
"x": 1750982400000,
"y": 0
},
{
"x": 1750896000000,
"y": 0
},
{
"x": 1750809600000,
"y": 1
},
{
"x": 1750723200000,
"y": 0
},
{
"x": 1750636800000,
"y": 0
}
],
"key": "Regenerated"
}
]
},
"message": "cert clm action trend retrieved successfully",
"appStatusCode": null,
"tags": null,
"headers": null
}
References
Understanding the sample URL
- IP/HostName/TenantName: Replace with the actual IP address, hostname,
or tenant name based on the specific configuration in AppViewX.
- IP: A unique identifier assigned to each device connected to
a computer network that uses the Internet Protocol for communication
The IP address will be included in the endpoint URL for an on-prem deployment.
- HostName: A human-readable label assigned to a device (host)
on a network
The hostname will be included in the endpoint URL for an on-prem deployment.
- TenantName: An identifier label for a tenant given to
indicate which tenant's data the API request will
access/modify
The tenant name will be included in the endpoint URL for a SaaS deployment.
- IP: A unique identifier assigned to each device connected to
a computer network that uses the Internet Protocol for communication
- GWPORT: AppViewX gateway port
A gateway port refers to a network port through which data is sent and received to communicate with a gateway in an on-prem deployment.
Example: 31443
- avxapi: Path parameter value (static) that is part of the endpoint's URL
- Endpoint: Endpoint of the API, for example: execute-hook
- gwsource: Source or origin of a gateway, for example: external.
