Rules Advanced Search - full

Retrieve a list of rules according to the search query provided by user. This endpoint returns a full response.

By default, search results are limited to 5,000 rules for full search. To configure the limit, see ADV_SEARCH_MAX_RESULTS.

The query for this search must be written in the following format:

Resource Name: /api/v1/rule/advancedsearch/full/{treeName}

Request Method: POST

Request Parameters:

Element

Type

Description

ruleSearchQuery Mandatory

String

Search query. Use query format as shown above.

treeName
Mandatory

String

Can refer to a device, group or ALL_FIREWALLS.

To get the tree name, use GET /devices method from the Devices Setup Resource Group.

exactMatch

optional

Boolean

For results that only list objects that contain the exact IP address(es) or service(s) you are searching for, select true.

  • true: enabled

  • false (default): disabled

includeAny

Optional

Boolean

In addition to the search query, also find rules that contain 'Any' in any of the fields queried.

  • true: enabled

  • false (default): disabled

includeContainment

Optional

Boolean

Enhance the query to search additionally for objects that contain the searched object/IP address.

  • true (default): enabled

  • false : disabled

Response parameters

Includes these basic parameters and more (see response example):

Element

Type

Description

totalFoundRulesCount

number

Total number of rules found across all devices.
devicesFoundBySearch

array

array of results per device.
deviceFoundRulesCount number Total number of rules found for the device.
deviceInfo object object containing device info.
treeName string Tree name of device.
displayName string Display name of the device.
brand string Brand name code.
foundRules array Array of rules found.
criteriaMatch Array of objects Array of objects that match query and rule
field string The ruleColumn found.
values array of strings Value of the ruleColumn found contents.
ruleId string Rule ID.
ruleNum string Rule number.

The search also returns additional information about the rule specific to the device.

Response:

Code

Description

200

Successfully retrieved requested rules

400

Request is invalid

401

Unauthorized session

403 Access Forbidden
404 Not Found
500 Query rules operation has failed

Request cURL examples

curl -X POST "https://localhost/afa/api/v1/rule/advancedsearch/full/device1?includeAny=true&includeContainment=true" -H 'Cookie: PHPSESSID=<sessionId>' -H "accept: */*" -H "Content-Type: application/json" -d "{ "searchQuery": "(\"Source Address\" == \"170.251.44.93\") or (\"Service\" != \"tcp\")" }

Request examples

{

"searchQuery": "(\"Source Address\" == \"170.251.44.93\") or (\"Service\" != \"tcp\")"

}