Rules Advanced Search - full
Retrieve a list of rules according to the search query provided by user. This endpoint returns a full response. For a basic version of the search that returns less information on the rules, see Rules Advanced Search - basic.
By default, search results are limited to 5,000 rules for full search. To configure the limit, see ADV_SEARCH_MAX_RESULTS .
The query for this search must be written in the following format:
Advanced search query formatResource Name:
Request Method: POST
Request Parameters:|
Element |
Type |
Description |
|---|---|---|
| ruleSearchQuery Mandatory |
String |
Search query. Use query format as shown above. |
| treeName
Mandatory |
String |
Can refer to a device, group or ALL_FIREWALLS. To get the tree name, use GET /devices method from the device-setup-controller. |
|
exactMatch optional |
Boolean |
For results that only list objects that contain the exact IP address(es) or service(s) you are searching for, select true.
|
|
includeAny Optional |
Boolean |
In addition to the search query, also find rules that contain 'Any' in any of the fields queried.
|
|
includeContainment Optional |
Boolean |
Enhance the query to search additionally for objects that contain the searched object/IP address.
|
Response parameters
Includes these basic parameters and more (see response example):
|
Element |
Type |
Description |
|---|---|---|
| totalFoundRulesCount |
number |
Total number of rules found across all devices. |
| devicesFoundBySearch |
array |
array of results per device. |
| deviceFoundRulesCount | number | Total number of rules found for the device. |
| deviceInfo | object | object containing device info. |
| treeName | string | Tree name of device. |
| displayName | string | Display name of the device. |
| brand | string | Brand name code. |
| foundRules | array | Array of rules found. |
| criteriaMatch | Array of objects | Array of objects that match query and rule |
| field | string | The ruleColumn found. |
| values | array of strings | Value of the ruleColumn found contents. |
| ruleId | string | Rule ID. |
| ruleNum | string | Rule number. |
The search also returns additional information about the rule specific to the device.
Response:
|
Code |
Description |
|---|---|
| 200 |
Successfully retrieved requested rules |
|
400 |
Request is invalid |
|
401 |
Unauthorized session |
| 403 | Access Forbidden |
| 404 | Not Found |
| 500 | Query rules operation has failed |
Request cURL examples
curl -X POST "https://localhost/afa/api/v1/rule/advancedsearch/full/device1?includeAny=true&includeContainment=true" -H 'Cookie: PHPSESSID=<sessionId>' -H "accept: */*" -H "Content-Type: application/json" -d "{ \"searchQuery\": \"\\\"source address\\\" == 1.1.1.1 or service == tcp\"}"
Request examples
{
"searchQuery": "\"source address\" == 1.1.1.1 or service == tcp"
}
