Rules Advanced Search - basic

Retrieve a list of rules according to the search query provided by user. This endpoint returns a basic response. For a full version of the search that returns more information on the rules, see Rules Advanced Search - full .

By default, search results are limited to 10,000 rules for basic search. To configure the limit, see ADV_SEARCH_MAX_RESULTS.

The query for this search must be written in the following format:

Resource Name: /api/v1/rule/advancedsearch/basic/{treeName}

Request Method: POST

Request Parameters:

Element

Type

Description

ruleSearchQuery Mandatory

String

Search query. Use query format as shown above.

treeName
Mandatory

String

Can refer to a device, group or ALL_FIREWALLS.

To get the tree name, use GET /devices method from the Devices Setup Resource Group.

exactMatch

optional

Boolean

For results that only list objects that contain the exact IP address(es) or service(s) you are searching for, select true.

  • true: enabled

  • false (default): disabled

includeAny

Optional

Boolean

In addition to the search query, also find rules that contain 'Any' in any of the fields queried.

  • true: enabled

  • false (default): disabled

includeContainment

Optional

Boolean

Enhance the query to search additionally for objects that contain the searched object/IP address.

  • true (default): enabled

  • false: disabled

Response parameters

Element

Type

Description

totalFoundRulesCount

number

Total number of rules found across all devices.
devicesFoundBySearch

array

array of results per device.
deviceFoundRulesCount number Total number of rules found for the device.
deviceInfo object object containing device info.
treeName string Tree name of device.
displayName string Display name of the device.
brand string Brand name code.
foundRules array Array of rules found.
criteriaMatch Array of objects Array of objects that match query and rule
field string The ruleColumn found.
values array of strings Value of the ruleColumn found contents.
ruleId string Rule ID.
ruleNum string Rule number.
ruleName string Name of the rule.

Response:

Code

Description

200

Successfully retrieved requested rules

400

Request is invalid

401

Unauthorized session

403 Access Forbidden
404 Not Found
500 Query rules operation has failed

Request cURL examples

curl -X POST "https://localhost/afa/api/v1/rule/advancedsearch/basic/device1?includeAny=true&includeContainment=true"-H 'Cookie: PHPSESSID=<sessionId>' -H "accept: */*" -H "Content-Type: application/json" -d "{ \"searchQuery\": \"\\\"source address\\\" == 1.1.1.1 or service == tcp\"}"

Request examples

{

"searchQuery": "\"source address\" == 1.1.1.1 or service == tcp"

}