Rules Advanced Search - basic
Retrieve a list of rules according to the search query provided by user. This endpoint returns a basic response. For a full version of the search that returns more information on the rules, see Rules Advanced Search - full .
By default, search results are limited to 10,000 rules for basic search. To configure the limit, see ADV_SEARCH_MAX_RESULTS .
The query for this search must be written in the following format:
The format for a simple query is:
[column name][Basic Operator][value]
You can make complex queries by combining Basic queries separated by a Composite Operator:
[Basic Query][Composite Operator][Basic Query]
Tips:
-
Brackets are optional.
-
You can use wild cards (*) except for contained objects (object/ IP Address definition of object content).
-
< and > symbols are not supported. Use the wild card (*) (except for contained objects).
-
For internal quotation marks, use \" instead of ".
-
Wrap values or column names that have more than one word in \".
-
To search for empty fields, use [EMPTY] as Rule column value.
-
To search across all fields, use ALL_FIELDS as the Rule column name.
-
Entered search string must be an exact match.
You can use the following operators:
Basic Operators | Composite Operators | ||
== | Equal To | and | Logical AND |
!= | Not Equal To | or | Logical OR |
For example:
Source ==1.2.3.4 or \"Service object\" !=\"tcp udp\"
Equals to:
(Source equals to "1.2.3.4") or (Service object not equal to "tcp udp" )
Resource Name:
Request Method: POST
Request Parameters:
Element |
Type |
Description |
---|---|---|
ruleSearchQuery Mandatory |
String |
Search query. Use query format as shown above. |
treeName
Mandatory |
String |
Can refer to a device, group or ALL_FIREWALLS. To get the tree name, use GET /devices method from the device-setup-controller. |
exactMatch optional |
Boolean |
For results that only list objects that contain the exact IP address(es) or service(s) you are searching for, select true.
|
includeAny Optional |
Boolean |
In addition to the search query, also find rules that contain 'Any' in any of the fields queried.
|
includeContainment Optional |
Boolean |
Enhance the query to search additionally for objects that contain the searched object/IP address.
|
Response parameters
Element |
Type |
Description |
---|---|---|
totalFoundRulesCount |
number |
Total number of rules found across all devices. |
devicesFoundBySearch |
array |
array of results per device. |
deviceFoundRulesCount | number | Total number of rules found for the device. |
deviceInfo | object | object containing device info. |
treeName | string | Tree name of device. |
displayName | string | Display name of the device. |
brand | string | Brand name code. |
foundRules | array | Array of rules found. |
criteriaMatch | Array of objects | Array of objects that match query and rule |
field | string | The ruleColumn found. |
values | array of strings | Value of the ruleColumn found contents. |
ruleId | string | Rule ID. |
ruleNum | string | Rule number. |
ruleName | string | Name of the rule. |
Response:
Code |
Description |
---|---|
200 |
Successfully retrieved requested rules |
400 |
Request is invalid |
401 |
Unauthorized session |
403 | Access Forbidden |
404 | Not Found |
500 | Query rules operation has failed |
Request cURL examples
curl -X POST "https://localhost/afa/api/v1/rule/advancedsearch/basic/device1?includeAny=true&includeContainment=true"-H 'Cookie: PHPSESSID=<sessionId>' -H "accept: */*" -H "Content-Type: application/json" -d "{ \"searchQuery\": \"\\\"source address\\\" == 1.1.1.1 or service == tcp\"}"
Request examples
{
"searchQuery": "\"source address\" == 1.1.1.1 or service == tcp"
}