CSV import file format

This topic lists the headers and values supported for CSV files used to import or update device data in AFA.

Note: Header values are case sensitive. Using header values with different cases from those listed below will cause unexpected results in your file upload.

For more details, see Add/update multiple devices in bulk and the How to Import and Manage Devices in Bulk from a .CSV File AlgoPedia article.

Tip: You can also use a CSV file to assign additional device identifiers for primary/parent devices or device sub-systems, such as VSYS or VDOM. In such cases, you only need to include the name and additional_fw_ips values.

Basic device description headers

Header name	Description
brand	The device brand. For more details, see Supported device brand values. Required for all devices except for the following: Cisco IOS Cisco ASA/PIX/FWSM Juniper Netscreen Specify these brand types in the Bulk Add/Update Device dialog instead.
name	The device ID (tree name). Required for all device types. This is an internal name, usually the name displayed in the tree, without non-alphanumeric characters or spaces. If you're specifying a sub-system, this is the name of the sub-system.
display_name	The name as it appears in the device tree, including spaces and other special or numeric characters. Optional for all devices Default: If this column is missing or empty, the device is added using the device's host name.

Header name

Description

brand

The device brand. For more details, see Supported device brand values.

Required for all devices except for the following:

Cisco IOS
Cisco ASA/PIX/FWSM
Juniper Netscreen

Specify these brand types in the Bulk Add/Update Device dialog instead.

name

The device ID (tree name).

Required for all device types.

This is an internal name, usually the name displayed in the tree, without non-alphanumeric characters or spaces.

If you're specifying a sub-system, this is the name of the sub-system.

display_name

The name as it appears in the device tree, including spaces and other special or numeric characters.

Optional for all devices

Default: If this column is missing or empty, the device is added using the device's host name.

Supported device brand values

Enter the following values to indicate device brands:

Analysis and monitoring devices	f5bigip f5bigip_afm. F5 BIG-IP LTM and AFM f5bigip_full. F5 BIG-IP LTM Only fortigate. Fortinet Fortigate fwsm (Cisco FWSM) junos. Juniper SRX junosmxrouter. Juniper M/E Routers nexus. Cisco Nexus nsx. VMware NSX paloalto. Palo Alto Networks firewall
Monitoring-only devices	ace. Cisco ACE avaya. Avaya Routing Switch brocade. Brocade VDX junipersa. Juniper Secure Access (SSL VPN) junosrouter. Juniper Routers (non-M/E) netfilter. Linux netfilter iptables topsec. Topsec Firewall

Access information headers

Header name	Description
host_name	The device host name or IP address. Required for all device types.
user_name	The username used to access the device. Required for all device types.
passwd	The password used to access the device. Required for all device types unless CyberArk authentication is used. Note: For Cisco IOS or ASA devices enabled for CyberArk, the Password and Enable User Password must be the same.
enable_user_name	The enable username. Relevant and required only for Cisco ISO devices.
epasswd	The enable password. Relevant and required only for the following devices, unless CyberArk authentication is used on these devices: Cisco IOS Cisco ASA Symantec Blue Coat As of A32.20 AlgoSec will no longer support adding new Symantec Blue Coat devices. Existing deployed Blue Coat devices will still be functional. For more details, see CyberArk-related headers. Note: For Cisco IOS or ASA devices enabled for CyberArk, the Password and Enable User Password must be the same.

Cisco-related headers

Header name	Description
rules_view	Determines how rules are displayed in device reports, as one of the following: ASDM. (Default) Display rules in the Cisco Adaptive Security Device Manager (ASDM) graphical interface. CLI. Display rules in command line format. Relevant and required for Cisco ASA devices only.

Header name

Description

rules_view

Determines how rules are displayed in device reports, as one of the following:

ASDM. (Default) Display rules in the Cisco Adaptive Security Device Manager (ASDM) graphical interface.
CLI. Display rules in command line format.

Relevant and required for Cisco ASA devices only.

CyberArk-related headers

Header name	Description
use_cyberark	Determines whether to use CyberArk authentication: yes no Required for CyberArk devices.
cyberark_platform	Defines the CyberArk platform name. Required for CyberArk devices.
cyberark_safe	Defines the CyberArk safe. Required for CyberArk devices.
cyberark_folder	Defines the CyberArk folder. Required for CyberArk devices.
cyberark_object	Defines the CyberArk object. Required for CyberArk devices.
cyberark_enable_platform	Defines the CyberArk platform for the enable password. Optional, and relevant only for CyberArk devices.
cyberark_enable_safe	Defines the CyberArk safe for the enable password. Optional, and relevant only for CyberArk devices.
cyberark_enable_folder	Defines the CyberArk folder for the enable password. Optional, and relevant only for CyberArk devices.
cyberark_enable_object	Defines the CyberArk object for the enable password. Optional, and relevant only for CyberArk devices.

Advanced headers

Header name	Description
separate_vrfs	Determines whether to split the device into VRFs: yes (Default) no Relevant and requiredonly for the following devices: Juniper Netscreen Juniper SRX Cisco IOS Cisco Nexus
full_analysis	Determines whether to include risk analysis and policy optimization details in the device reports: yes (Default) no Relevant and required for Cisco IOS and Cisco Nexus devices only.

Header name

Description

separate_vrfs

Determines whether to split the device into VRFs:

yes (Default)
no

Relevant and requiredonly for the following devices:

Juniper Netscreen
Juniper SRX
Cisco IOS
Cisco Nexus

full_analysis

Determines whether to include risk analysis and policy optimization details in the device reports:

yes (Default)
no

Relevant and required for Cisco IOS and Cisco Nexus devices only.

Remote management headers

Header name	Description
con	Determines the connection type as one of the following: SSH SSH (3des). Cisco ASA only SSH (des). Cisco ASA only TELNET. For the following device types: Juniper Cisco Blue Coat As of A32.20 AlgoSec will no longer support adding new Symantec Blue Coat devices. Existing deployed Blue Coat devices will still be functional. Fortigate Palo Alto Linux Netfilter Required for all devices except the following: VMware NSX Cisco ACI These devices connect to AFA via REST.
number_of_allowed_encryption_keys	Determines the permitted number of different RSA keys that AFA can receive from the device's IP address, as follows: 1 2 unlimited (Default) Note: Relevant only when using SSH. This might be required in cases of cluster fail-over, device operating system upgrades, and so on.
ssh_port	Defines the port to use for an SSH connection. Relevant and required only when using SSH. Defaults: 22 for all other devices

Header name

Description

con

Determines the connection type as one of the following:

SSH
SSH (3des). Cisco ASA only
SSH (des). Cisco ASA only
TELNET. For the following device types:
- Juniper
- Cisco
- Blue Coat As of A32.20 AlgoSec will no longer support adding new Symantec Blue Coat devices. Existing deployed Blue Coat devices will still be functional.
- Fortigate
- Palo Alto
- Linux Netfilter

Required for all devices except the following:

VMware NSX
Cisco ACI

These devices connect to AFA via REST.

number_of_allowed_encryption_keys

Determines the permitted number of different RSA keys that AFA can receive from the device's IP address, as follows:

1
2
unlimited (Default)

Note: Relevant only when using SSH. This might be required in cases of cluster fail-over, device operating system upgrades, and so on.

ssh_port

Defines the port to use for an SSH connection.

Relevant and required only when using SSH.

Defaults:

22 for all other devices

Log and monitoring headers

Note: Assigning syslog identifiers for sub-systems must be done as a part of updating devices in bulk, not as a part of adding devices in bulk. The parent device must already be defined in AFA.

Header name	Description
collect_log	Determines whether AFA collects logs for the device: yes no (Default) Relevant and required for the following device types: Cisco ASA/FWSM F5 BIG-IP FortiGate, Juniper Netscreen Juniper SRX Palo Alto Note: For Cisco ASA and FWSM devices, set to no to enable logging with only hit-counter data.
log_collection_mode	Determines the method for collecting logs for the device: standard. Enable log collection. extensive. (Default) Enable log collection and the Intelligent Policy Tuner. Relevant when log collection is enabled.
collect_log_from	Determines whether AFA collects logs from the NSM or a syslog-ng server: nsm (Default) syslog Relevant and required for Juniper Netscreen when log collection is enabled. Note: If traffic logs and audit logs are not on the same server, specify the audit log server using additional headers listed below. In such cases, this value defines a value for the traffic log server.
log_host_name	Defines the host name or IP address of the server/device sending logs to AFA. Relevant and required when log collection is enabled.
log_user_name	Defines the username used to connect to the server/device sending logs to AFA. Relevant and required when log collection is enabled. Note: To collect logs from a remote syslog-ng server using a user other that root, you must configure the server separately. For details, see Configure log collection from an external Syslog server.
log_passwd	Defines a password for connecting to the server/device sending logs to AFA. Relevant and required when log collection is enabled.
collect_log_from_adt	Determines whether AFA collects audit logs from the NSM or a syslog-ng server: nsm syslog Relevant and required for Juniper Netscreen when log collection is enabled. Note: By default, the audit log server is the same as the traffic log server.
log_host_name_adt	Defines the host name or IP address of the server/device sending audit logs to AFA. Relevant and required for Juniper Netscreen when: Log collection is enabled The audit log server is different from the traffic log server
log_user_name_adt	Defines the username for connecting to the server/device sending audit logs to AFA. Relevant and required for Juniper Netscreen when: Log collection is enabled The audit log server is different from the traffic log server
log_passwd_adt	Defines the password for connecting to the server/device sending audit logs to AFA.
log_collection_frequency	Defines how often AFA collects logs for the device, in minutes. Relevant and required when Log collection is enabled. Except for Juniper Netscreen when also requires : The audit log server is different from the traffic log server
additional_fw_ips	Defines any additional IP addresses or host names that identify the device, with colon-separated values. Relevant and required when log collection is enabled.

Additional headers

Header name	Description
collector	Defines a server to manage the device's data: Central Manager (default) The name of any remote agent Relevant and required only when AFA is configured for geographic distribution.
baseline_profile	Defines the baseline compliance profile to use when generating reports for the device. Optional for all devices. Tip: To specify a custom baseline profile in the CSV file: Navigate to the /usr/share/fa/data/baseline_profiles/ directory and locate the .xml file corresponding to the custom profile you want to use. In the CSV, enter the file name without the .xml extension. Example: If the file is CustomProfile.xml, enter CustomProfile in the CSV.
root_psw	Defines a password to increase permissions on the device to root user permissions. Relevant and required only for Linux Netfilter IPTables Tip: Devices usually block the ability to access the device as user root. Enable root access to the device to improve AFA support.
monitoring	Determines whether to enable real-time alerts for configuration changes: yes. Default for real/live devices. no. Default for file devices. Optional for all devices. For more details, see Configure real-time monitoring.
set_user_permissions	Determines whether you can set user permissions for the device: yes (Default) no Optional for all devices.
firewall_users	Defines the users with access to the reports produced for the device. Separate multiple usernames with slashes (/). Relevant and required when setting user permissions is enabled for the device.

SNPM polling headers

Header name	Description
snmp_version	Determines the SNMP version: snmpv2c snmpv3 Relevant and required only for the following devices: Symantec Blue Coat As of A32.20 AlgoSec will no longer support adding new Symantec Blue Coat devices. Existing deployed Blue Coat devices will still be functional. Juniper Secure Access (SSL VPN) Linux netfilter iptables Topsec SECUI MF2 Avaya Routing Switch Brocade VDX
snmp_community	Defines the SNMP community string. Required and relevant only when using SNMPv2c.
snmp_username	Defines the SNMP Security Name (username). Required and relevant only when using SNMPv2c.
snmp_auth_password	Defines the authentication password. Required and relevant only when: Using SNMPv2c The authentication protocol is specified
snmp_auth_protocol	Determines the authentication protocol: md5 sha empty Required and relevant only when using SNMPv2c.
snmp_priv_password	Defines the authentication password. Required and relevant only when: Using SNMPv2c The privacy protocol is specified
snmp_priv_protocol	Determines the privacy protocol: des aes empty Required and relevant only when using SNMPv2c.

CSV import file format

Basic device description headers

Access information headers

Cisco-related headers

CyberArk-related headers

Advanced headers

Remote management headers

Log and monitoring headers

Additional headers

SNPM polling headers

Sorry about that

Great!