Skip to content

[Sprint 5] Implement Policies API Module #76

Open
Open
[Sprint 5] Implement Policies API Module#76
Labels
api-moduleenhancementNew feature or requestmedium-prioritysprint-5
@talltechy

Description

@talltechy
talltechy
opened on Oct 7, 2025

Overview

Implement comprehensive Policies API module following v2.0 BaseAPI pattern for policy compliance assessment and management.

Scope

  • List and get policy assessments
  • Policy rules and groups management
  • Asset compliance results
  • Policy overrides management
  • Benchmark support (CIS, DISA STIG, etc.)
  • Helper methods for common workflows
  • Integration with InsightVMClient
  • Comprehensive docstrings with type hints
  • Error handling
  • Unit tests (when test framework ready)

API Endpoints

  • GET /api/3/policies - List all policies
  • GET /api/3/policies/{id} - Get policy details
  • GET /api/3/policies/{id}/groups - Get policy groups
  • GET /api/3/policies/{id}/groups/{groupId} - Get group details
  • GET /api/3/policies/{id}/groups/{groupId}/rules - Get rules under group
  • GET /api/3/policies/{id}/rules/{ruleId} - Get rule details
  • GET /api/3/policies/{id}/assets/{assetId} - Get asset compliance
  • GET /api/3/policy_overrides - List overrides
  • POST /api/3/policy_overrides - Create override
  • DELETE /api/3/policy_overrides/{id} - Delete override

Implementation Checklist

  • Create src/rapid7/api/policies.py
  • Implement PolicyAPI class extending BaseAPI
  • Add policies sub-client to InsightVMClient
  • Create documentation in docs/POLICIES_API.md
  • Update Memory Bank (activeContext.md, progress.md)
  • Create feature branch: feature/issue-{number}-policies-api

Key Features

  • Policy Types: CIS Benchmarks, DISA STIG, FDCC, USGCB, custom
  • Compliance Results: Pass/fail status per rule, overall compliance score
  • Rule Hierarchy: Organized into groups and subgroups
  • Asset Assessment: Check specific assets against policies
  • Overrides: Temporary rule exemptions with justification
  • Helper Methods: get_compliance_summary(), find_failed_rules(), create_override()

Common Policy Benchmarks

  • CIS Benchmarks (Windows, Linux, databases)
  • DISA STIG (Security Technical Implementation Guides)
  • PCI DSS compliance
  • HIPAA compliance
  • Custom organizational policies

Estimated Size

~500-600 lines of code

Definition of Done

  • PolicyAPI module implemented with all endpoints
  • Integrated with InsightVMClient as client.policies
  • Documented with usage examples
  • Memory Bank updated
  • PR created and ready for review

References

  • Context7 API Documentation: /riza/rapid7-insightvm-api-docs
  • BaseAPI Pattern: src/rapid7/api/base.py
  • Related Module: src/rapid7/api/assets.py

Metadata

Metadata

Assignees

No one assigned

    Labels

    api-moduleenhancementNew feature or requestmedium-prioritysprint-5

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions