Get risky rules
The riskyRules_get request retrieves all the risky rules in a device's or group's policy.
The input will be the active session ID and the name of the device, group, or matrix. The output will be a list of all risky rules of all the policies that apply to each device, including the risk severity of each rule.
Important: Entities in different subscriptions can have the same name. When this endpoint is used for entities have the same name, it returns the list of risky rules of the FIRST entity in the tree.
Resource Name:
/api/v1/risks/riskyRules
Request Method: GET
Request URL Parameters:
Element |
Type |
Description |
---|---|---|
sessionMandatory |
String |
Session ID returned in login request. |
entityMandatory |
String |
The display name of the device, group, or matrix. |
entityTypeMandatory |
String |
One of the following:
|
responseTypeOptional |
String |
Format of response data.One of the following:
|
Note: The page and size elements are not supported for the riskyRules_get request.
Element |
Type |
Description |
---|---|---|
riskyRules |
Array of RiskyRules (see RiskyRules ) |
The risky rules data, sorted by severity. |
status |
String |
One of the following:
|
messageOnly returned when the request fails. |
String |
One of the following error messages:
Not found "Unknown firewall '<firewall name>' http status 400
Unauthorized. You are not permitted to perform this operation http status 401
Backend error: There is no completed report for the firewall <firewall name> http status 500
Backend error: Failed to get rules for the firewall <firewall name> http status 500
Backend error: Failed to find risky rules data in report <report name> http status 500 |
Request examples
curl -k 'https://127.0.0.1/fa/server/risks/riskyRules?session=1d61d46c3093b0f31bb76054dfc3271b&entity=Dev-GW-R71Test1'
Response example of RiskyRules in JSON Format
{
"riskyRules":[
{
"device":"Nachos",
"ruleId":"2B1EA29F-3ED3-4FAC-BA7C-FC27F1A6305F",
"ruleNum":"1",
"source":["n10_20_0_0"],
"destination":["Any"],
"service":["Any"],
"action":"accept",
"documentation":{"documentation":""},
"risks":[{"code":"R01","severity":"MEDIUM","title":"\"From somewhere to Any allow Any service\" rules"}],
"totalBySeverity":{"LOW":0,"HIGH":0,"MEDIUM":1,"SUSP_HIGH":0},"trafficCount":"0"},
…
],
"status":true
}
Example of RiskyRules in CSV Format
{ "riskyRules":"Device,Rule,Id,Source,Destination,Application,Service,Action,Comment,Traffic count,Documentation,High Risks,Suspected High Risks,Meduim Risks,Low Risks\n Nachos,1,2B1EA29F-3ED3-4FAC-BA7C-FC27F1A6305F,[n10_20_0_0],[Any],N\/A,[Any],accept,N\/A,0,,0,0,1,0\n Nachos,2,6A5BBC4B-D8AA-4533-A01F-89A08F3E310D,[n192_168_0_0],[Any],N\/A,[Any],accept,N\/A,0,,0,0,1,0\n", "status":true }