AFA search rule fields
The following are lists of possible search field values based on the devices searched.
Note:
Support for the Forcepoint brands (Sidewinder, StoneGate) and Hillstone was deprecated in ASMS version A30.00. As of A32.20, AlgoSec no longer supports adding new Symantec Blue Coat As of A32.20 AlgoSec will no longer support adding new Symantec Blue Coat devices. Existing deployed Blue Coat devices will still be functional. devices.
If you had defined these devices in an earlier version of ASMS, these devices are still available to you, with all the existing capabilities, but you cannot add new ones.
We recommend backing up device data before or after upgrading and then removing these devices from AFA. Make sure to download any report zip files for the device before deleting.
For more details, see
No device selected
If no device is selected, the search is run on all devices.
- [EMPTY] – all fields
- SOURCE
- DESTINATION
- SOURCE_DESTINATION (Source or Destination)
- SERVICE
- ACTION
- FROM (from zone)
- TO (to zone)
- USER
- APPLICATION
- NAME
- COMMENT
- LOG
- TIME
- ENABLE
- DOCUMENTATION
Symantec Blue Coat As of A32.20 AlgoSec will no longer support adding new Symantec Blue Coat devices. Existing deployed Blue Coat devices will still be functional. Devices
- [EMPTY] – all fields
- RULE (rule number)
- SOURCE
- DESTINATION
- SOURCE_DESTINATION (source or destination)
- SERVICE
- Service
- TIME
- ACTION
- TRACK
- COMMENTS
Check Point Devices
- [EMPTY] – all fields
- ACTION
- APPLICATIONS
- COMMENTS
- DESTINATION
- ENABLE
- INSTALL (installed on)
- NAME (rule name)
- RULENUM (rule number)
- SERVICES
- SERVICES_APPLICATIONS
- SOURCE
- SOURCE_DESTINATION (Source or Destination)
- TIME
- TRACK
- VPN
Cisco Firewalls
- [EMPTY] – all fields
- ENABLE
- SOURCE
- DESTINATION
- SOURCE_DESTINATION (source or destination)
- SERVICE
- ACTION
- LOG
- TIME
- COMMENTS
Cisco Routers
- [EMPTY] – all fields
- NAME (rule id)
- LINE (text in the configuration line)
Forcepoint (McAfee) Sidewinder Devices
- [EMPTY] – all fields
- NAME (rule name)
- ENABLE
- ACTION
- SERVICE
- FROM (source burb)
- SOURCE
- TO (destination burb)
- DESTINATION
- SOURCE_DESTINATION (source or destination)
- COMMENT (description)
- APPLICATION DEFENSE
- AUTHENTICATION
- DESCRIPTION
- PORTS
- IPS SIGNATURE GROUP
- IPS RESPONSE
- TRUSTEDSOURCE
- SOURCE NAT
- DESTINATION REDIRECT
Fortinet FortiGate and FortiManager Devices
- [EMPTY] – all fields
- RULE (rule ID)
- FROM
- TO
- SOURCE
- DESTINATION
- SOURCE_DESTINATION (source or destination)
- SERVICE
- ACTION
- COMMENT
- LOG
- SCHEDULE
Juniper Space and SRX Devices
- [EMPTY] – all fields
- RULE (rule name)
- FROM (from zone)
- TO (to zone)
- SOURCE
- DESTINATION
- SOURCE_DESTINATION (source or destination)
- SERVICE (Application)
- ACTION
- LOG
- TIME
Juniper NSM and NetScreen Devices
- [EMPTY] – all fields
- RULE (rule ID)
- NAME (rule name)
- FROM ZONE
- TO ZONE
- SOURCE
- DESTINATION
- SOURCE_DESTINATION (source or destination)
- SERVICE
- ACTION
- SOURCENAT (source NAT)
- DESTINATIONNAT (destination NAT)
- TIMECLAUSE
- ENABLE
- TRACK
Palo Alto Devices
- [EMPTY] – all fields
- NAME
- TAG
- FROM (from zone)
- SOURCE
- USER
- HIP PROFILE
- TO (to zone)
- DESTINATION
- SOURCE_DESTINATION (source or destination)
- APPLICATION
- SERVICE
- ACTION
- PROFILE
- OPTIONS
- COMMENT
NSX-T devices
-
[EMPTY] – all fields
-
NAME (rule name)
-
RULE_ID (rule ID)
-
DEFAULT
-
ENABLE
-
ACTION
-
SERVICE
-
APPLIED_TO
-
POLICY_APPLIED_TO
-
EFFECTIVE_APPLIED_TO
-
DIRECTION
-
APPLICATION (Context Profile)
-
SOURCE
-
DESTINATION
-
SOURCE_DESTINATION (source or destination)
-
COMMENT (Documentation)
-
LOG (Logging)
-
CATEGORY
-
POLICY (Policy Name)
-
POLICY_ID (Policy ID)