Security Services Platform Overview

VMware vDefend Security Services Platform is a high-performance, scalable platform that runs vDefend security features below :

1. Security Segmentation Report and Score
2. Security Intelligence
3. Security Monitoring with time-series (Metrics)
4. Network Detection and Response
5. Malware Prevention
6. Network Traffic Analysis.

The platform provides a simpler deployment workflows, faster deployment options and better operational experience.

Getting Started with vDefend Security Services Platform

This guide expects that Security Services Platform is already deployed. Refer to https://techdocs.broadcom.com/us/en/vmware-security-load-balancing/vdefend.html for deployment details.

This guide will help you get started using Security Services Platform APIs as well as the APIs for features deployed on the platform.

Security Services Platform APIs are defined using the OpenAPI standards. Clients interact with the API using RESTful web service calls over the HTTPS protocol. Unless otherwise noted, request and response bodies are encoded using JSON, and must conform to the JSON schema associated with each method. The content type of each request and reply is "application/json" unless otherwise specified.

Request Authentication

Basic authentication is used for all Security Services Platform APIs and for the features running on the platform.

To authenticate a request using HTTP Basic authentication, the caller's credentials are passed using the 'Authorization' header. The header content should consist of a base64-encoded string containing the username and password separated by a single colon (":") character, as specified in RFC 1945 section 11.1.

For example, to authenticate a request using the credentials of user admin with password admin, include the following header with the request:

The following cURL command will authenticate to the SSP Ingress using basic authentication and will issue a API request:

USERNAME is the user to authenticate as,
PASSWORD is the password to provide, and
SSP is the IP address or host name of the Security Services Platform (SSP)

For example:

Note: the -k argument instructs cURL to skip verifying the ssp's self-signed X.509 certificate. It is more secure to verify that the server's certificate is signed by a Certificate Authority (CA) that you trust. To do that, omit the -k argument and use the --cacert <ca-file> option, where <ca-file> is a PEM-formatted file containing the CA certificate to trust.

For example:

Additional cURL examples below use the -k flag, but you can always substitute the --rootca <ca-file> argument for additional security.

In the above examples, USERNAME may be:

1. A local user name. For example, "admin".
2. A remote user name, of the form "user@domain", for example, "joe@example.com". The domain must match a domain for a configured VIDM identity source or a configured LDAP identity source.

Request Failures

It is possible for any request to fail. Errors are reported using standard HTTP response codes. The below table defines the HTTP Status codes these APIs may return