Retrieve risky rules

The riskyRules_get request retrieves all the risky rules in a device's or group's policy.

The input will be the active session ID and the name of the device, group, or matrix. The output will be a list of all risky rules of all the policies that apply to each device, including the risk severity of each rule.

Resource Name: /fa/server/risks/riskyRules

Request Method: GET

Request URL Parameters:

Element	Type	Description
sessionMandatory	String	Session ID returned in login request.
entityMandatory	String	The display name of the device, group, or matrix.
entityTypeMandatory	String	One of the following: device (default) group matrix
responseTypeOptional	String	Format of response data.One of the following: json (default) csv

Note: The page and size elements are not supported for the riskyRules_get request.

Response:

Element	Type	Description
riskyRules	Array of RiskyRules (see RiskyRules )	The risky rules data, sorted by severity.
status	String	One of the following: true. Indicates the request succeeded. false. Indicates the request failed.
messageOnly returned when the request fails.	String	One of the following error messages: Device not found Not found "Unknown firewall '<firewall name>' http status 400 Unauthorized Unauthorized. You are not permitted to perform this operation http status 401 There is no report for the device Backend error: There is no completed report for the firewall <firewall name> http status 500 There is no rules for the firewall in DB Backend error: Failed to get rules for the firewall <firewall name> http status 500 There is no risky rules data Backend error: Failed to find risky rules data in report <report name> http status 500

Element

Type

Description

riskyRules

Array of RiskyRules (see RiskyRules )

The risky rules data, sorted by severity.

status

String

One of the following:

true. Indicates the request succeeded.
false. Indicates the request failed.

messageOnly returned when the request fails.

String

One of the following error messages:

Device not found

Not found "Unknown firewall '<firewall name>' http status 400

Unauthorized

Unauthorized. You are not permitted to perform this operation http status 401

There is no report for the device

Backend error: There is no completed report for the firewall <firewall name> http status 500

There is no rules for the firewall in DB

Backend error: Failed to get rules for the firewall <firewall name> http status 500

There is no risky rules data

Backend error: Failed to find risky rules data in report <report name> http status 500

Request examples

curl -k 'https://127.0.0.1/fa/server/risks/riskyRules?session=1d61d46c3093b0f31bb76054dfc3271b&entity=Dev-GW-R71Test1curl -k 'https://127.0.0.1/fa/server/risks/riskyRules?session=1d61d46c3093b0f31bb76054dfc3271b&entity=Dev-GW-R71Test1

Response example of RiskyRules in JSON Format

{
"riskyRules":[
{
"device":"Nachos",
"ruleId":"2B1EA29F-3ED3-4FAC-BA7C-FC27F1A6305F",
"ruleNum":"1",
"source":["n10_20_0_0"],
"destination":["Any"],
"service":["Any"],
"action":"accept",
"documentation":{"documentation":""},
"risks":[{"code":"R01","severity":"MEDIUM","title":"\"From somewhere to Any allow Any service\" rules"}],
"totalBySeverity":{"LOW":0,"HIGH":0,"MEDIUM":1,"SUSP_HIGH":0},"trafficCount":"0"},
…
],
"status":true
}

Example of RiskyRules in CSV Format

{ "riskyRules":"Device,Rule,Id,Source,Destination,Application,Service,Action,Comment,Traffic count,Documentation,High Risks,Suspected High Risks,Meduim Risks,Low Risks\n Nachos,1,2B1EA29F-3ED3-4FAC-BA7C-FC27F1A6305F,[n10_20_0_0],[Any],N\/A,[Any],accept,N\/A,0,,0,0,1,0\n Nachos,2,6A5BBC4B-D8AA-4533-A01F-89A08F3E310D,[n192_168_0_0],[Any],N\/A,[Any],accept,N\/A,0,,0,0,1,0\n", "status":true }

Retrieve risky rules

Sorry about that

Want to tell us more?

Great!