High-risk tools in API-Central
17 of the 175 tools in API-Central are classified as high risk. This page profiles those tools specifically, with recommended policy actions and the attack patterns that target them.
Every operation listed below is an action PolicyLayer recommends controlling at the transport layer. Open any tool to see the full profile, risk score, and YAML policy snippet.
Tools at high risk
-
aos_s_pingExecutePing a destination from an AOS-S switch (async, polls ~60s).
-
aos_s_tracerouteExecuteRun a traceroute from an AOS-S switch (async, polls ~60s).
-
build_underlay_ssidExecutebuild_underlay_ssid
-
cable_testExecuteRun a cable/TDR test on CX or AOS-S switch ports (async, polls ~60s).
-
cx_pingExecutePing a destination from a CX switch and return the result (async, polls ~60s).
-
cx_showExecuteRun 'show' commands on a CX switch (all must start with 'show ', max 20, async polls ~60s).
-
cx_tracerouteExecuteRun a traceroute from a CX switch (async, polls ~60s).
-
disconnect_clientExecuteForce-disconnect a wireless client by MAC address. ap_serial auto-looked up if omitted.
-
gateway_showExecuteRun 'show' commands on an Aruba gateway via async troubleshooting API. Each must start with 'show '.
-
invoke_toolExecuteinvoke_tool
-
poe_bounceExecutePower-cycle PoE on switch/gateway ports (async, polls ~60s).
-
port_bounceExecuteLink-reset (bounce) switch/gateway ports (async, polls ~60s).
-
reboot_deviceExecuteReboot an AP, CX switch, AOS-S switch, or gateway. device_type auto-detected if omitted.
-
run_speed_testExecuteRun a speed test from an AP to measure uplink bandwidth.
-
set_firmware_complianceExecuteCreate or update a firmware compliance policy (triggers upgrade).
-
test_aaaExecuteTest AAA connectivity from an AP or CX switch (async, polls ~60s).
-
trigger_device_upgradeExecutetrigger_device_upgrade
Attacks that target this class
High-risk tools in any server share these documented attack patterns. Each links to the full case and the defensive policy.