FireFlow REST web services
Base URL
The base URL for all REST requests is the following:
https://<algosec_server>/FireFlow/api
where <algosec_server> is the AFA/FireFlow server URL.
Note: Every request must be in JSON format. Each request must include the content-type header with the value application/json.
Header requirements in FireFlow
The header requirement for all REST requests is:
Header requirements:
Key | Value |
---|---|
Cookie | FireFlow_Session=[sessionId]. The sessionId is retrieved from the authentication request. |
Authentication is through a cookie session. For example:
curl -X POST --cookie "FireFlow_Session=c69bcc3e6832149642b32e" "https://192.168.11.23/FireFlow/api/change-requests/traffic" -H "accept: */*" -H "Content-Type: application/json" -d "{ \"template\": \"string\", \"fields\": [ { \"name\": \"custom field name\", \"values\": [ \"custom field value 1\", \"custom field value 2\" ] } ], \"traffic\": [ { \"source\": { \"items\": [ { \"address\": \"1.1.1.1\", \"fields\": [ { \"name\": \"custom field name\", \"values\": [ \"custom field value 1\", \"custom field value 2\" ] } ] } ] }, \"destination\": { \"items\": [ { \"address\": \"1.1.1.1\", \"fields\": [ { \"name\": \"custom field name\", \"values\": [ \"custom field value 1\", \"custom field value 2\" ] } ] } ] }, \"service\": { \"items\": [ { \"service\": \"tcp/80\", \"fields\": [ { \"name\": \"custom field name\", \"values\": [ \"custom field value 1\", \"custom field value 2\" ] } ] } ] }, \"application\": { \"items\": [ { \"name\": \"name to match\", \"fields\": [ { \"name\": \"custom field name\", \"values\": [ \"custom field value 1\", \"custom field value 2\" ] } ] } ] }, \"user\": { \"items\": [ { \"name\": \"name to match\", \"fields\": [ { \"name\": \"custom field name\", \"values\": [ \"custom field value 1\", \"custom field value 2\" ] } ] } ] }, \"action\": \"Allow/Drop\", \"natDetails\": { \"source\": [ \"string\" ], \"destination\": [ \"string\" ], \"port\": [ \"string\" ], \"type\": \"Static/Dynamic\" }, \"fields\": [ { \"name\": \"custom field name\", \"values\": [ \"custom field value 1\", \"custom field value 2\" ] } ] } ]}"
Python
import requests, json
from requests.auth import HTTPBasicAuth
import pprint
pp = pprint.PrettyPrinter(indent=4)
# This will suppress all warnings though, not just InsecureRequest
# (ie it will also suppress InsecurePlatform etc). In cases where we just want stuf
# Remove if signed certificate in use!
requests.packages.urllib3.disable_warnings()
# ASMS IP and Credential
asms_ip = '34.243.20.111'
asms_login = 'jason'
asms_pwd = 'cobra'
# Base URL we might use
base_url = "https://" + asms_ip + "/FireFlow/api"
session = ''
# Login
login_url = base_url + "/authentication/authenticate"
data = { 'username': asms_login, 'password':asms_pwd }
headers = {'Content-type': 'application/json'}
# Sign ASMS & setup session
login = requests.post(login_url, data=json.dumps(data), headers=headers, verify=False)
cookies = {'FireFlow_Session': login.json()['data']['sessionId'] }
# Create ticket
createTicket_url = base_url + "/change-requests/traffic"
# template, srcitems, dstitems, svcitems, applicationitems, useritems, action are mandatory
template = "115: Automatic Traffic Change Request"
srcitems = [
{ "address": "1.1.1.1" },
{ "address": "1.1.2.1" }
]
dstitems = [
{ "address": "1.1.1.2" }
]
svcitems = [
{ "service": "tcp/80" }
]
applicationitems = [
{ "name": "any" }
]
useritems = [
{ "name": "any" }
]
# Compose ticket request
ticket = {
"template": template,
"traffic": [
{
"source": { "items": srcitems } ,
"destination": { "items": dstitems } ,
"service": { "items": svcitems } ,
"application": { "items": applicationitems },
"user": { "items": useritems },
"action": "Allow"
}
]
}
jticket = json.dumps(ticket)
# pp.pprint (ticket)
r = requests.post(createTicket_url, data=jticket, cookies=cookies, headers=headers, verify = False)
pp.pprint (r.json())
Swagger
The FireFlow RESTful API includes Swagger support, enabling you to execute simplified API request calls and access full lists of request parameters.
To access Swagger API documentation:
- In the toolbar, click your username and click API Documentation.
-
From the dropdown at the top-right, click AlgoSec_FireFlow.
FireFlow REST API reference
FireFlow supports the following REST APIs:
Authentication |
|
Session |
|
Traffic Change request |
|
Object Change Request |
|
Work Order |
|
Active Change |
|
Advance Search |
|
Request Templates |
For more details, see FireFlow data types.