Get a list of covered rules

Get a list of covered rules for a specified device. If the device has child devices, covered rules for them will also be included in the response. Covered rules information is available for the latest report.​

This method is found in the AFA/Policy_Optimization spec in the swagger.

For information about covered rules, see Covered rules.

Note: This method can be used only for reports successfully analyzed in A32.50 and above.

Resource Name: /api/v1/rules/covered/{entityTreeName}

Request Method: GET

Request Parameters:

Element

Type

Description

entityTreeName
Mandatory

string

Tree name of the entity.

(To get the entity name for a device or group, see Device names in the ASMS APIs.

pageNumber
optional
Integer The page number to include in the response. Default value : 0 (Value 0 means first page).
pageSize
optional
Integer The number of results to include on each page in the response. Default value : 50.

Response Parameters:

Name

Type

Description

coveredRulesPerDevice

Array of nested entities

The covered rules – per device details

deviceTreeName

String

Device tree name

coveredRules Array of nested entities Covered and their covering rules data per device.
metadata array of  nested entities

Array of  the covered rules calculation metadata per device (of devices containing the covered rules in response)  .

coveredRule Rule Object  Covered rule data
coveredBy Array of Rule Objects  Covering rules information per covered rule
ruleName String Name of covered and covering rule
ruleId String Rule identifier
ruleNumber String

Rule number

sources

Array of strings

Source IP addresses  or network object names

destinations

Array of strings

Destination IP addresses  or network object names

services

Array of strings

Service names

applications

Array of strings

Application names

comment

String

Comment (if exist)

action String Rule action
isEnabled String

True if rule enabled , false otherwise

sectionHeader String

Section Header -  if support by brand

global String Global -  if support by brand
log String Log -  if support by brand
install String Install -  if support by brand
ruleData Json Object  Additional rule data (different data per device)
reportName String

Report name from which data was taken

deviceName String Device name
calculationTime String Time calculation done

pageSize

Integer

Pagination – page size

pageNumber

Integer

Pagination – page number

totalPages

Integer

Pagination – total pages

totalElements

Integer

Pagination – total elements number

totalNumberOfCoveredRules Number Total number of covered rules per device

Response:

Code

Description

200

Operation completed successfully

400

Validation error

401

Unauthorized

Request examples

curl -X GET "https://192.168.11.23/ms-policy-optimizations/api/v1/rules/covered/poppy1?pageNumber=0&pageSize=50" -H "accept: */*"

Response examples

{ "totalPages": 1, "totalElements": 1, "pageNumber": 0, "pageSize": 50, "coveredRulesPerDevice": [ { "deviceTreeName": "10_20_131_5", "coveredRules": [ { "ruleId": "0x62ff7c70", "ruleNumber": "External_access_in(30)", "ruleName": "External_access_in(14)", "sources": [ "172.17.11.29" ], "destinations": [ "172.17.1.29" ], "services": [ "tcp/8081" ], "applications": [], "action": "permit", "comment": "FireFlow #265", "isEnabled": "enabled", "sectionHeader": "", "global": "", "log": "informational", "install": "", "coveredBy": [ { "ruleId": "0xfd329ad8", "ruleNumber": "External_access_in(28)", "ruleName": "External_access_in(13)", "sources": [ "any" ], "destinations": [ "any" ], "services": [ "ip" ], "applications": [], "action": "deny", "comment": "", "isEnabled": "enabled", "sectionHeader": "", "global": "", "log": "enable", "install": "" } ] } ], "metadata": { "reportName": "afa-8210", "deviceName": "10_20_131_5", "calculationTime": "2023-01-10 02:46", "totalNumberOfCoveredRules": 1 } } ] }