Get risky rules

The riskyRules_get request retrieves all the risky rules in a device's or group's policy.

The input will be the active session ID and the name of the device, group, or matrix. The output will be a list of all risky rules of all the policies that apply to each device, including the risk severity of each rule.

Important: Entities in different subscriptions can have the same name. When this endpoint is used for entities have the same name, it returns the list of risky rules of the FIRST entity in the tree.

Resource Name:

/api/v1/risks/riskyRules

Request Method: GET

Request URL Parameters:

Element	Type	Description
sessionMandatory	String	Session ID returned in login request.
entityMandatory	String	The display name of the device, group, or matrix.
entityTypeMandatory	String	One of the following: FIREWALL (default) GROUP MATRIX
responseTypeOptional	String	Format of response data.One of the following: json (default) CSV

Note: The page and size elements are not supported for the riskyRules_get request.

Response:

Element	Type	Description
riskyRules	Array of RiskyRules (see RiskyRules )	The risky rules data, sorted by severity.
status	String	One of the following: true. Indicates the request succeeded. false. Indicates the request failed.
messageOnly returned when the request fails.	String	One of the following error messages: Device not found Not found "Unknown firewall '<firewall name>' http status 400 Unauthorized Unauthorized. You are not permitted to perform this operation http status 401 There is no report for the device Backend error: There is no completed report for the firewall <firewall name> http status 500 There is no rules for the firewall in DB Backend error: Failed to get rules for the firewall <firewall name> http status 500 There is no risky rules data Backend error: Failed to find risky rules data in report <report name> http status 500

Element

Type

Description

riskyRules

Array of RiskyRules (see RiskyRules )

The risky rules data, sorted by severity.

status

String

One of the following:

true. Indicates the request succeeded.
false. Indicates the request failed.

messageOnly returned when the request fails.

String

One of the following error messages:

Device not found

Not found "Unknown firewall '<firewall name>' http status 400

Unauthorized

Unauthorized. You are not permitted to perform this operation http status 401

There is no report for the device

Backend error: There is no completed report for the firewall <firewall name> http status 500

There is no rules for the firewall in DB

Backend error: Failed to get rules for the firewall <firewall name> http status 500

There is no risky rules data

Backend error: Failed to find risky rules data in report <report name> http status 500

Request examples

curl -k 'https://127.0.0.1/fa/server/risks/riskyRules?session=1d61d46c3093b0f31bb76054dfc3271b&entity=Dev-GW-R71Test1'

Response example of RiskyRules in JSON Format

{
"riskyRules":[
{
"device":"Nachos",
"ruleId":"2B1EA29F-3ED3-4FAC-BA7C-FC27F1A6305F",
"ruleNum":"1",
"source":["n10_20_0_0"],
"destination":["Any"],
"service":["Any"],
"action":"accept",
"documentation":{"documentation":""},
"risks":[{"code":"R01","severity":"MEDIUM","title":"\"From somewhere to Any allow Any service\" rules"}],
"totalBySeverity":{"LOW":0,"HIGH":0,"MEDIUM":1,"SUSP_HIGH":0},"trafficCount":"0"},
…
],
"status":true
}

Example of RiskyRules in CSV Format

{ "riskyRules":"Device,Rule,Id,Source,Destination,Application,Service,Action,Comment,Traffic count,Documentation,High Risks,Suspected High Risks,Meduim Risks,Low Risks\n Nachos,1,2B1EA29F-3ED3-4FAC-BA7C-FC27F1A6305F,[n10_20_0_0],[Any],N\/A,[Any],accept,N\/A,0,,0,0,1,0\n Nachos,2,6A5BBC4B-D8AA-4533-A01F-89A08F3E310D,[n192_168_0_0],[Any],N\/A,[Any],accept,N\/A,0,,0,0,1,0\n", "status":true }