Get risky rules

The riskyRules_get request retrieves all the risky rules in a device's or group's policy.

The input will be the active session ID and the name of the device, group, or matrix. The output will be a list of all risky rules of all the policies that apply to each device, including the risk severity of each rule.

Important: Entities in different subscriptions can have the same name. When this endpoint is used for entities have the same name, it returns the list of risky rules of the FIRST entity in the tree.

Resource Name:

/api/v1/risks/riskyRules

Request Method: GET

Request URL Parameters:

Element

Type

Description

sessionMandatory

String

Session ID returned in login request.

entityMandatory

String

The display name of the device, group, or matrix.

entityTypeMandatory

String

One of the following:

  • FIREWALL (default)

  • GROUP
  • MATRIX
responseTypeOptional

String

Format of response data.One of the following:

  • json (default)
    CSV

Note: The page and size elements are not supported for the riskyRules_get request.

Response:

Element

Type

Description

riskyRules

Array of RiskyRules (see RiskyRules )

The risky rules data, sorted by severity.

status

String

One of the following:

  • true. Indicates the request succeeded.
  • false. Indicates the request failed.
messageOnly returned when the request fails.

String

One of the following error messages:

  • Device not found

Not found "Unknown firewall '<firewall name>' http status 400

  • Unauthorized

Unauthorized. You are not permitted to perform this operation http status 401

  • There is no report for the device

Backend error: There is no completed report for the firewall <firewall name> http status 500

  • There is no rules for the firewall in DB

Backend error: Failed to get rules for the firewall <firewall name> http status 500

  • There is no risky rules data

Backend error: Failed to find risky rules data in report <report name> http status 500

Request examples

curl -k 'https://127.0.0.1/fa/server/risks/riskyRules?session=1d61d46c3093b0f31bb76054dfc3271b&entity=Dev-GW-R71Test1'

Response example of RiskyRules in JSON Format

{
"riskyRules":[
{
"device":"Nachos",
"ruleId":"2B1EA29F-3ED3-4FAC-BA7C-FC27F1A6305F",
"ruleNum":"1",
"source":["n10_20_0_0"],
"destination":["Any"],
"service":["Any"],
"action":"accept",
"documentation":{"documentation":""},
"risks":[{"code":"R01","severity":"MEDIUM","title":"\"From somewhere to Any allow Any service\" rules"}],
"totalBySeverity":{"LOW":0,"HIGH":0,"MEDIUM":1,"SUSP_HIGH":0},"trafficCount":"0"},

],
"status":true
}

Example of RiskyRules in CSV Format

{ "riskyRules":"Device,Rule,Id,Source,Destination,Application,Service,Action,Comment,Traffic count,Documentation,High Risks,Suspected High Risks,Meduim Risks,Low Risks\n Nachos,1,2B1EA29F-3ED3-4FAC-BA7C-FC27F1A6305F,[n10_20_0_0],[Any],N\/A,[Any],accept,N\/A,0,,0,0,1,0\n Nachos,2,6A5BBC4B-D8AA-4533-A01F-89A08F3E310D,[n192_168_0_0],[Any],N\/A,[Any],accept,N\/A,0,,0,0,1,0\n", "status":true }