Retrieving Data for a Device or Group

The following methods retrieve device or group information.

Retrieving Risk Information for a Device

NOTE: We recommend using the Get Risk Profiles for Specified Report REST service for this method instead. REST services are more advanced and are the preferred choice over SOAP.

The risks_summary method retrieves risk statistics for a device. It does not support retrieving group or matrix risk statistics.

Request Type: RisksSummaryRequest

Element	Type	Description
SessionID Mandatory	String	SessionID obtained from the connect method.
DeviceID Mandatory	String	Tree name of the device.

Response Type: RisksSummaryResponse

Element	Type	Description
Date	String	The date and time the web service was activated. The format is YYYY-MM-DD HH:MM:SS.
High	String	High risk.
Suspected_high	String	Suspected high risk.
Medium	String	Medium risk.
Low	String	Low risk.
Security_Rating	String	Security rating.

Request example:

<RisksSummaryRequest>
    <SessionID>a78cc74a80b70efe253f44daad620fb7</SessionID>
    <DeviceID>p_10_132_30_1</DeviceID>
</RisksSummaryRequest>

Response example:

<RisksSummaryResponse>
    <Date>2013-05-20 15:42:44</Date>
    <High>0</High>
    <Suspected_high>0</Suspected_high>
    <Medium>3</Medium>
    <Low>1</Low>
    <Security_Rating>97</Security_Rating>
</RisksSummaryResponse>

Retrieving Statistics for a Device

NOTE: We recommend using the Get Report Statistics REST service for this method instead. REST services are more advanced and are the preferred choice over SOAP.

The get_device_statistics method retrieves statistics for a device.

For a list of possible statistics for a device, see StatsData Type (see StatsData type ).

Request Type: GetDeviceStatisticsRequest

Element	Type	Description
SessionID Mandatory	String	SessionID obtained from the connect method.
DeviceID Mandatory	String	Tree name of the device for which to retrieve statistics.

Response Type: GetDeviceStatisticsResponse

Element	Type	Description
Statistics	List of StatsData objects	List of statistical data. (see StatsData type ).

Request example:

<GetDeviceStatisticsRequest>
    <SessionID>a78cc74a80b70efe253f44daad620fb7</SessionID>
    <DeviceID>p_10_132_30_1</DeviceID>
</GetDeviceStatisticsRequest>

Response example:

<GetDeviceStatisticsResponse>
    <Statistics>
        <StatType>simple_count</StatType>
        <StatName>unused_rules</StatName>
        <StatValue/>
    </Statistics>
    <Statistics>
        <StatType>compliance_undef</StatType>
        <StatName>PCI</StatName>
        <StatValue>17</StatValue>
    </Statistics>
    <Statistics>
        <StatType>risk_level</StatType>
        <StatName>highest</StatName>
        <StatValue>1</StatValue>
    </Statistics>
</GetDeviceStatisticsResponse>

Retrieving NAT Values for a Device or Group

NOTE: We recommend using the Get NAT rules information REST service for this method instead. REST services are more advanced and are the preferred choice over SOAP. The REST API will return all the rules without filtering.

The get_nat_discovery method receives an IP address as an input and retrieves all the potential translations to and/or from it performed by the selected device or device group.

Request Type: GetNatDiscoveryRequest

Element	Type	Description
SessionID Mandatory	String	SessionID obtained from the connect method.
EntityName Optional	String	Tree name of the device or group for which to retrieve NAT values. Default is all the devices (ALL_FIREWALLS).
IPAddress Optional	String	IP address of device/group. Default is all definitions.
PreNat Optional	Integer	To retrieve addresses this IP is translated to 1; otherwise, 0. Default is 1.
PostNat Optional	Integer	To retrieve addresses that are translated to this IP address, 1; otherwise, 0. Default is 1.
Source Optional	Integer	To retrieve source address translations, 1; otherwise, 0. Default is 1.
Destination Optional	Integer	To retrieve destination address translation, 1; otherwise, 0. Default is 1.

Response Type: GetNatDiscoveryResponse

Element	Type	Description
SourceNat/ DestinationNat	List of NatResult objects	List of source and/or destination NatResult information. See NatResult Type (see NatResult type ).

Request example:

<GetNatDiscoveryRequest>
    <SessionID>d5b1c34a1696a06321523e588b82cdd0</SessionID>
    <EntityName>rose</EntityName>

    <!--1 or more repetitions:-->

    <IpAddress>16.47.59.14</IpAddress>

    <PreNat>1</PreNat>

    <PostNat>1</PostNat>

    <Source>1</Source>

    <Destination>1</Destination>
</GetNatDiscoveryRequest>

Response example:

<GetNatDiscoveryResponse>
    <SourceNat>

        <NatResult>

            <DeviceName>rose</DeviceName>
            <PreNat>10.1.20.3</PreNat>

            <PostNat>16.47.59.14</PostNat>

            <Type>Static</Type>
        </NatResult/>
    </SourceNat>
    <DestinationNat>

        <NatResult>

            <DeviceName>rose</DeviceName>
            <PreNat>16.47.59.14</PreNat>

            <PostNat>10.1.20.3</PostNat>

            <Type>Static</Type>
        </NatResult/>
    </DestinationNat>
</GetNatDiscoveryResponse>

Retrieving PDF of Report Page

NOTE: We recommend using the Export a report to PDF REST service for this method instead. REST services are more advanced and are the preferred choice over SOAP.

The get_report_pdf method retrieves a PDF copy of a report page for a device or group.

Request Type: GetReportPdfRequest

Element	Type	Description
SessionID Mandatory	String	SessionID obtained from the connect method.
EntityID Mandatory	String	Tree name of the device/group.
EntityType Mandatory	String	Entity type. One of the following: device group matrix
ReportPage Mandatory	String	Name of report page. See the list of report page names below. Note: Not all devices contain all these pages. To confirm which pages a device's report contains, open a sample report in the AFA Web Interface Note: Each report page must be requested individually.

Report Page Names
home policy policy.rules policy.hostgroups‎ changes risks risky-rules custom-report vpn baseline-compliance regulatory-compliance regulatory-compliance.pci regulatory-compliance.nist_800-53 regulatory-compliance.glba regulatory-compliance.iso27001 regulatory-compliance.nerc5 regulatory-compliance.basel regulatory-compliance.sox regulatory-compliance.nist_800-41 regulatory-compliance.dsd regulatory-compliance.hipaa regulatory-compliance.trm optimize-policy optimize-policy.unused-rules optimize-policy.covered-rules optimize-policy.special-case-rules optimize-policy.consolidate-rules optimize-policy.disabled-rules optimize-policy.time-inactive-rules optimize-policy.rules-without-logging optimize-policy.rules-with-empty-comments optimize-policy.rules-with-non-compliant-comments optimize-policy.rules-with-a-time-clause optimize-policy.unattached-objects optimize-policy.unattached-user-groups optimize-policy.unattached-users optimize-policy.unused-global-objects optimize-policy.unused-nat-rules optimize-policy.empty-objects optimize-policy.expired-users optimize-policy.expiring-rules optimize-policy.no-traffic-nat-rules optimize-policy.duplicate-objects optimize-policy.duplicate-services optimize-policy.unused-objects-within-rules optimize-policy.unattached-acls optimize-policy.unattached-global-objects optimize-policy.rule-ordering optimize-policy.least-used-rules optimize-policy.most-used-rules optimize-policy.all-rules-usage optimize-policy.all-rules-ips-usage optimize-policy.unrouted-rules optimize-policy.unrouted-objects-within-rules optimize-policy.policy-refinement

Report Page Names

home
policy
policy.rules
policy.hostgroups‎
changes
risks
risky-rules
custom-report
vpn
baseline-compliance
regulatory-compliance
regulatory-compliance.pci
regulatory-compliance.nist_800-53
regulatory-compliance.glba
regulatory-compliance.iso27001
regulatory-compliance.nerc5
regulatory-compliance.basel
regulatory-compliance.sox
regulatory-compliance.nist_800-41
regulatory-compliance.dsd
regulatory-compliance.hipaa
regulatory-compliance.trm
optimize-policy
optimize-policy.unused-rules
optimize-policy.covered-rules
optimize-policy.special-case-rules
optimize-policy.consolidate-rules
optimize-policy.disabled-rules
optimize-policy.time-inactive-rules
optimize-policy.rules-without-logging
optimize-policy.rules-with-empty-comments
optimize-policy.rules-with-non-compliant-comments
optimize-policy.rules-with-a-time-clause
optimize-policy.unattached-objects
optimize-policy.unattached-user-groups
optimize-policy.unattached-users
optimize-policy.unused-global-objects
optimize-policy.unused-nat-rules
optimize-policy.empty-objects
optimize-policy.expired-users
optimize-policy.expiring-rules
optimize-policy.no-traffic-nat-rules
optimize-policy.duplicate-objects
optimize-policy.duplicate-services
optimize-policy.unused-objects-within-rules
optimize-policy.unattached-acls
optimize-policy.unattached-global-objects
optimize-policy.rule-ordering
optimize-policy.least-used-rules
optimize-policy.most-used-rules
optimize-policy.all-rules-usage
optimize-policy.all-rules-ips-usage
optimize-policy.unrouted-rules
optimize-policy.unrouted-objects-within-rules
optimize-policy.policy-refinement

Response Type: GetReportPdfResponse

Element	Type	Description
RetVal	Integer	If the report was retrieved successfully, 1; otherwise, 0.
RetMessage	String	Detailed return message / error message if errors occur during operation.
EncodedReportPdf	String	64-base encoded pdf file.

Request example:

<afa:GetReportPdfRequest>

    <SessionID>a9108d658a2743cb890e9f6010ed2108</SessionID>

    <EntityID>10_20_104_1</EntityID>

    <EntityType>firewall</EntityType>

    <ReportPage>home</ReportPage>

</afa:GetReportPdfRequest>

Response example:

<ns1:GetReportPdfResponse>

    <RetVal>1</RetVal>

    <RetMessage>Success</RetMessage>

    <EncodedReportPdf>The base 64 encoded PDF content</EncodedReportPdf>

</ns1:GetReportPdfResponse>

Retrieving Data for a Device or Group

Retrieving Risk Information for a Device

Retrieving Statistics for a Device

Retrieving NAT Values for a Device or Group

Retrieving PDF of Report Page

Sorry about that

Great!