Get Snort 3 Intrusion Rule Groups - Security Cloud Control Firewall Manager API Documentation

{"type":"api","title":"Get Snort 3 Intrusion Rule Groups","meta":{"id":"/apps/pubhub/media/cdo-api-documentation/ee9bdf946673e45c4f256a22e0a754e29a9b2098/54f4ba30-7fe2-3433-bbd5-a4d458aee37e","info":{"title":"Cisco Cloud-delivered Firewall Management Center (cdFMC) API","version":"1.15.0","description":"Use the documentation to explore the endpoints the cdFMC has to offer","contact":{"name":"Cisco Firepower TAC","email":"ngfw-support@cisco.com"}},"tags":[{"name":"Analysis"},{"name":"Audit"},{"name":"Backup"},{"name":"Change Management"},{"name":"Chassis"},{"name":"Deployment"},{"name":"Device Clusters"},{"name":"Device Groups"},{"name":"Device HA Pairs"},{"name":"Devices"},{"name":"Health"},{"name":"Integration"},{"name":"Intelligence"},{"name":"License"},{"name":"Network Map"},{"name":"Object"},{"name":"Policy"},{"name":"Policy Assignments"},{"name":"Search"},{"name":"Status"},{"name":"System Configuration"},{"name":"System Information"},{"name":"Templates"},{"name":"Troubleshoot"},{"name":"Updates"},{"name":"Users"}],"openapi":"3.0.1","servers":[{"url":"https://api.us.security.cisco.com/firewall","description":"US"},{"url":"https://api.eu.security.cisco.com/firewall","description":"EU"},{"url":"https://api.apj.security.cisco.com/firewall","description":"APJ"},{"url":"https://api.au.security.cisco.com/firewall","description":"AUS"},{"url":"https://api.in.security.cisco.com/firewall","description":"IN"},{"url":"https://api.int.security.cisco.com/firewall","description":"Staging"},{"url":"https://scale.manage.security.cisco.com/api/rest","description":"Scale"},{"url":"https://ci.manage.security.cisco.com/api/rest","description":"CI"},{"url":"https://manage.stg.secure.cisco/api/rest","description":"Stgf9"}],"securitySchemes":{"bearerAuth":{"bearerFormat":"JWT","scheme":"bearer","type":"http"}}},"spec":{"deprecated":false,"description":"**Get the per-policy behaviour of the specified intrusion rule ID for the target intrusion policy ID.**","operationId":"getSnort3IntrusionRuleGroups","parameters":[{"description":"Identifier of the Snort3 rule group.","in":"path","name":"objectId","required":true,"schema":{"type":"string"}},{"description":"UUID of the ticket for tracking the configuration changes.","in":"header","name":"ticket-id","required":false,"schema":{"type":"string"}},{"description":"The container id under which this specific resource is contained.","in":"path","name":"containerUUID","required":true,"schema":{"type":"string"}},{"name":"domainUUID","description":"Domain UUID","in":"path","required":true,"schema":{"type":"string"},"$$ref":"#/components/parameters/domainUUID"}],"responses":{"200":{"content":{"application/json":{"examples":{"Example 1 : GET /fmc_config/v1/domain/domainUUID/policy/intrusionpolicies/uuid/intrusionrulegroups/Snort3IntrusionRuleGroups-UUID ( Success: Test GET method for Snort3IntrusionRuleGroups )":{"value":{"canonicalName":"Rule Categories::Server","childGroups":[{"canonicalName":"Rule Categories::Server::Other","defaultSecurityLevel":"LEVEL_2","description":"Rules for detecting attacks against miscellaneous servers","id":"3267bf7b-348d-535f-b42a-fe369b2a5f85","isSystemDefined":true,"metadata":{"container":{"id":"c4f4121b-d8e0-5086-9ae3-064062109492","name":"Rule Categories","type":"IntrusionRuleGroup"},"domain":{"id":"e276abec-e0f2-11e3-8169-6d9ed49b625f","type":"Domain"}},"name":"Other","parentGroup":{"id":"d9953ebd-1b43-5809-94b8-e34b33fa0d11","name":"Server","type":"IntrusionRuleGroup"},"totalRuleCount":2615,"type":"IntrusionRuleGroup"},{"canonicalName":"Rule Categories::Server::Apache","defaultSecurityLevel":"LEVEL_2","description":"Rules for detecting attacks against Apache servers","id":"f58ecfed-c8ec-5ffe-bf68-d33324e22289","isSystemDefined":true,"metadata":{"container":{"id":"c4f4121b-d8e0-5086-9ae3-064062109492","name":"Rule Categories","type":"IntrusionRuleGroup"},"domain":{"id":"e276abec-e0f2-11e3-8169-6d9ed49b625f","type":"Domain"}},"name":"Apache","parentGroup":{"id":"d9953ebd-1b43-5809-94b8-e34b33fa0d11","name":"Server","type":"IntrusionRuleGroup"},"totalRuleCount":168,"type":"IntrusionRuleGroup"},{"canonicalName":"Rule Categories::Server::Microsoft IIS","defaultSecurityLevel":"DISABLED","description":"Rules for detecting attacks against Microsoft Internet Information Systems servers","id":"a321ff02-5f53-58b6-bf32-7cc7144aa55a","isSystemDefined":true,"metadata":{"container":{"id":"c4f4121b-d8e0-5086-9ae3-064062109492","name":"Rule Categories","type":"IntrusionRuleGroup"},"domain":{"id":"e276abec-e0f2-11e3-8169-6d9ed49b625f","type":"Domain"}},"name":"Microsoft IIS","parentGroup":{"id":"d9953ebd-1b43-5809-94b8-e34b33fa0d11","name":"Server","type":"IntrusionRuleGroup"},"totalRuleCount":200,"type":"IntrusionRuleGroup"},{"canonicalName":"Rule Categories::Server::Oracle","defaultSecurityLevel":"LEVEL_2","description":"Rules for detecting attacks against Oracle servers","id":"686e6146-c2f7-5ba2-9715-ab15cce482ee","isSystemDefined":true,"metadata":{"container":{"id":"c4f4121b-d8e0-5086-9ae3-064062109492","name":"Rule Categories","type":"IntrusionRuleGroup"},"domain":{"id":"e276abec-e0f2-11e3-8169-6d9ed49b625f","type":"Domain"}},"name":"Oracle","parentGroup":{"id":"d9953ebd-1b43-5809-94b8-e34b33fa0d11","name":"Server","type":"IntrusionRuleGroup"},"totalRuleCount":491,"type":"IntrusionRuleGroup"},{"canonicalName":"Rule Categories::Server::Web Applications","defaultSecurityLevel":"LEVEL_2","description":"Rules for detecting attacks against miscellaneous Web applications","id":"7b914935-12af-5a9f-94b2-1a2effcc169e","isSystemDefined":true,"metadata":{"container":{"id":"c4f4121b-d8e0-5086-9ae3-064062109492","name":"Rule Categories","type":"IntrusionRuleGroup"},"domain":{"id":"e276abec-e0f2-11e3-8169-6d9ed49b625f","type":"Domain"}},"name":"Web Applications","parentGroup":{"id":"d9953ebd-1b43-5809-94b8-e34b33fa0d11","name":"Server","type":"IntrusionRuleGroup"},"totalRuleCount":6363,"type":"IntrusionRuleGroup"},{"canonicalName":"Rule Categories::Server::Samba","defaultSecurityLevel":"LEVEL_2","description":"Rules for detecting attacks against SAMBA servers","id":"0847ef51-cd96-5784-89d2-be4230f8067c","isSystemDefined":true,"metadata":{"container":{"id":"c4f4121b-d8e0-5086-9ae3-064062109492","name":"Rule Categories","type":"IntrusionRuleGroup"},"domain":{"id":"e276abec-e0f2-11e3-8169-6d9ed49b625f","type":"Domain"}},"name":"Samba","parentGroup":{"id":"d9953ebd-1b43-5809-94b8-e34b33fa0d11","name":"Server","type":"IntrusionRuleGroup"},"totalRuleCount":50,"type":"IntrusionRuleGroup"},{"canonicalName":"Rule Categories::Server::Mail","defaultSecurityLevel":"LEVEL_2","description":"Rules for detecting attacks against mail servers","id":"984464aa-da20-5635-9af5-dfe8f20e4e7a","isSystemDefined":true,"metadata":{"container":{"id":"c4f4121b-d8e0-5086-9ae3-064062109492","name":"Rule Categories","type":"IntrusionRuleGroup"},"domain":{"id":"e276abec-e0f2-11e3-8169-6d9ed49b625f","type":"Domain"}},"name":"Mail","parentGroup":{"id":"d9953ebd-1b43-5809-94b8-e34b33fa0d11","name":"Server","type":"IntrusionRuleGroup"},"totalRuleCount":204,"type":"IntrusionRuleGroup"},{"canonicalName":"Rule Categories::Server::MySQL","defaultSecurityLevel":"LEVEL_2","description":"Rules for detecting attacks against MySQL servers","id":"c92868e4-ac0e-5514-9051-7c6d60abbcbc","isSystemDefined":true,"metadata":{"container":{"id":"c4f4121b-d8e0-5086-9ae3-064062109492","name":"Rule Categories","type":"IntrusionRuleGroup"},"domain":{"id":"e276abec-e0f2-11e3-8169-6d9ed49b625f","type":"Domain"}},"name":"MySQL","parentGroup":{"id":"d9953ebd-1b43-5809-94b8-e34b33fa0d11","name":"Server","type":"IntrusionRuleGroup"},"totalRuleCount":81,"type":"IntrusionRuleGroup"},{"canonicalName":"Rule Categories::Server::SQL Server","defaultSecurityLevel":"LEVEL_2","description":"Rules for detecting attacks against Microsoft SQL servers","id":"73a78ee8-84eb-55e7-904b-eb5e31bf00a6","isSystemDefined":true,"metadata":{"container":{"id":"c4f4121b-d8e0-5086-9ae3-064062109492","name":"Rule Categories","type":"IntrusionRuleGroup"},"domain":{"id":"e276abec-e0f2-11e3-8169-6d9ed49b625f","type":"Domain"}},"name":"SQL Server","parentGroup":{"id":"d9953ebd-1b43-5809-94b8-e34b33fa0d11","name":"Server","type":"IntrusionRuleGroup"},"totalRuleCount":70,"type":"IntrusionRuleGroup"}],"description":"Rules for detecting exploits targeting network servers","id":"d9953ebd-1b43-5809-94b8-e34b33fa0d11","isSystemDefined":true,"links":{"self":"https://u32c01p10-vrouter.cisco.com:10514/api/fmc_config/v1/domain/e276abec-e0f2-11e3-8169-6d9ed49b625f/policy/intrusionpolicies/0050568A-49A6-0ed3-0000-077309413589/intrusionrulegroups/d9953ebd-1b43-5809-94b8-e34b33fa0d11"},"metadata":{"container":{"id":"c4f4121b-d8e0-5086-9ae3-064062109492","name":"Rule Categories","type":"IntrusionRuleGroup"},"domain":{"id":"e276abec-e0f2-11e3-8169-6d9ed49b625f","name":"Global","type":"Domain"},"ruleCount":{"alert":0,"block":0,"disabled":0,"drop":0,"overridden":0,"pass":0,"reject":0,"rewrite":0}},"name":"Server","parentGroup":{"id":"c4f4121b-d8e0-5086-9ae3-064062109492","name":"Rule Categories","type":"IntrusionRuleGroup"},"type":"IntrusionRuleGroup"}}},"schema":{"description":"Object representing the per-policy behaviour of a specified intrusion rulegroup for a target intrusion policy.","properties":{"canonicalName":{"description":"Fully Qualified name of Snort 3 intrusion rulegroup.","type":"string"},"childGroups":{"description":"List of rulegroups associated with the parent rulegroup.","items":{"properties":{"canonicalName":{"type":"string"},"childGroups":{"items":{"$ref":"#/components/schemas/ISnort3IntrusionRuleGroupsModel","type":"object"},"type":"array"},"defaultSecurityLevel":{"enum":["DISABLED","LEVEL_1","LEVEL_2","LEVEL_3","LEVEL_4","DEFAULT"],"type":"string"},"description":{"type":"string"},"id":{"type":"string"},"isSystemDefined":{"type":"boolean"},"links":{"type":"object","description":"This defines the self referencing links for the given resource.","properties":{"parent":{"description":"Full resource URL path to reference the parent (if any) for this resource.","type":"string"},"self":{"description":"Full resource URL path to reference this particular resource.","type":"string"}},"$$ref":"#/components/schemas/ILinks"},"metadata":{"type":"object","properties":{"domain":{"type":"object","properties":{"id":{"type":"string"},"links":{"type":"object","description":"This defines the self referencing links for the given resource.","properties":{"parent":{"description":"Full resource URL path to reference the parent (if any) for this resource.","type":"string"},"self":{"description":"Full resource URL path to reference this particular resource.","type":"string"}},"$$ref":"#/components/schemas/ILinks"},"name":{"type":"string"},"type":{"type":"string"}},"$$ref":"#/components/schemas/IDomain"},"isLocked":{"type":"boolean"},"lastUser":{"type":"object","properties":{"id":{"type":"string"},"links":{"type":"object","description":"This defines the self referencing links for the given resource.","properties":{"parent":{"description":"Full resource URL path to reference the parent (if any) for this resource.","type":"string"},"self":{"description":"Full resource URL path to reference this particular resource.","type":"string"}},"$$ref":"#/components/schemas/ILinks"},"name":{"type":"string"},"type":{"type":"string"}},"$$ref":"#/components/schemas/IMetadataUser"},"matches":{"items":{"type":"string"},"type":"array"},"readOnly":{"type":"object","properties":{"reason":{"enum":["RBAC","SYSTEM","DOMAIN"],"type":"string"},"state":{"type":"boolean"}},"$$ref":"#/components/schemas/IReadonly"},"timestamp":{"format":"int32","type":"integer"}},"$$ref":"#/components/schemas/IMetadata"},"name":{"type":"string"},"overrideSecurityLevel":{"enum":["DISABLED","LEVEL_1","LEVEL_2","LEVEL_3","LEVEL_4","DEFAULT"],"type":"string"},"parentGroup":{"type":"object","description":"Contains reference information.","properties":{"id":{"description":"Unique identifier representing resource.","type":"string"},"links":{"description":"Object containing links to this resource.","type":"object","properties":{"parent":{"description":"Full resource URL path to reference the parent (if any) for this resource.","type":"string"},"self":{"description":"Full resource URL path to reference this particular resource.","type":"string"}},"$$ref":"#/components/schemas/ILinks"},"name":{"description":"User chosen resource name.","type":"string"},"type":{"description":"Response object associated with resource.","type":"string"}},"$$ref":"#/components/schemas/IReference"},"totalRuleCount":{"format":"int32","type":"integer"},"type":{"type":"string"},"version":{"type":"string"}},"type":"object","$$ref":"#/components/schemas/ISnort3IntrusionRuleGroupsModel"},"type":"array"},"defaultSecurityLevel":{"description":"Default level in context of a policy. One of: DISABLED | LEVEL_1 | LEVEL_2 | LEVEL_3 | LEVEL_4.","enum":["DISABLED","LEVEL_1","LEVEL_2","LEVEL_3","LEVEL_4","DEFAULT"],"type":"string"},"description":{"description":"Description of the Snort 3 intrusion rulegroup.","type":"string"},"id":{"description":"Unique identifier of the Snort 3 intrusion rulegroup.","type":"string"},"isSystemDefined":{"description":"Read-only field indicating if the rulegroup is system-defined (i.e., Talos provided). If value is false, then rule is user-defined.","type":"boolean"},"links":{"description":"Object containing links to this resource.","type":"object","properties":{"parent":{"description":"Full resource URL path to reference the parent (if any) for this resource.","type":"string"},"self":{"description":"Full resource URL path to reference this particular resource.","type":"string"}},"$$ref":"#/components/schemas/ILinks"},"metadata":{"description":"Object representing metadata properties of Snort 3 intrusion rulegroup.","type":"object","properties":{"container":{"description":"Container reference of rule group.","type":"object","properties":{"id":{"description":"Unique identifier representing resource.","type":"string"},"links":{"description":"Object containing links to this resource.","type":"object","properties":{"parent":{"description":"Full resource URL path to reference the parent (if any) for this resource.","type":"string"},"self":{"description":"Full resource URL path to reference this particular resource.","type":"string"}},"$$ref":"#/components/schemas/ILinks"},"name":{"description":"User chosen resource name.","type":"string"},"type":{"description":"Response object associated with resource.","type":"string"}},"$$ref":"#/components/schemas/IReference"},"domain":{"type":"object","description":"The details about the domain.","properties":{"id":{"description":"Unique UUID of this domain","type":"string"},"links":{"description":"Links to the domain resource URLs.","type":"object","properties":{"parent":{"description":"Full resource URL path to reference the parent (if any) for this resource.","type":"string"},"self":{"description":"Full resource URL path to reference this particular resource.","type":"string"}},"$$ref":"#/components/schemas/ILinks"},"name":{"description":"Name of the domain.","type":"string"},"type":{"description":"Domain type definition (fixed).","type":"string"},"uuid":{"type":"string"}},"$$ref":"#/components/schemas/Domain"},"isLocked":{"type":"boolean"},"lastUser":{"type":"object","description":"This object defines details about the user.","properties":{"id":{"description":"The unique UUID of the user","type":"string"},"links":{"description":"Contains the self referencing links to this resource","type":"object","properties":{"parent":{"description":"Full resource URL path to reference the parent (if any) for this resource.","type":"string"},"self":{"description":"Full resource URL path to reference this particular resource.","type":"string"}},"$$ref":"#/components/schemas/ILinks"},"name":{"description":"Name of the user.","type":"string"},"type":{"description":"The user type (fixed).","type":"string"}},"$$ref":"#/components/schemas/MetadataUser"},"matches":{"items":{"type":"string"},"type":"array"},"mitreId":{"description":"Mitre Id of the rule group.","type":"string"},"readOnly":{"type":"object","description":"Defines the read only conditions if the referenced resource is read only.","properties":{"reason":{"description":"Reason the resource is read only - SYSTEM (if it is system defined), RBAC (if user RBAC permissions make it read only) or DOMAIN (if resource is read only in current domain).","enum":["RBAC","SYSTEM","DOMAIN"],"type":"string"},"state":{"description":"True if this resource us read only and false otherwise.","type":"boolean"}},"$$ref":"#/components/schemas/ReadOnly"},"ruleCount":{"description":"Rule count of each intrusion rule group.","type":"object","properties":{"alert":{"format":"int32","type":"integer"},"block":{"format":"int32","type":"integer"},"disabled":{"format":"int32","type":"integer"},"drop":{"format":"int32","type":"integer"},"overridden":{"format":"int32","type":"integer"},"pass":{"format":"int32","type":"integer"},"reject":{"format":"int32","type":"integer"},"rewrite":{"format":"int32","type":"integer"}},"$$ref":"#/components/schemas/ISnort3PolicyRuleCount"},"securityLevels":{"items":{"type":"object","description":"Object representing the security levels of Snort 3 intrusion rulegroup.","properties":{"description":{"description":"Description of the Snort 3 intrusion rulegroup.","type":"string"},"level":{"description":"Security levels of a Snort 3 intrusion rulegroup.","enum":["DISABLED","LEVEL_1","LEVEL_2","LEVEL_3","LEVEL_4","DEFAULT"],"type":"string"},"warning":{"description":"Warning for each level of Snort 3 intrusion rulegroup","type":"string"}},"$$ref":"#/components/schemas/ISnort3IntrusionRuleGroupSecLevels"},"type":"array"},"sortOrder":{"description":"Sort order of the rule group.","format":"int32","type":"integer"},"timestamp":{"format":"int32","type":"integer"}},"$$ref":"#/components/schemas/Snort3IntrusionRuleGroupMetadata"},"name":{"description":"Name of the Snort 3 intrusion rulegroup.","type":"string"},"overrideSecurityLevel":{"description":"Override level in context of a policy. Allowed only for custom intrusion policy. One of: DISABLED | LEVEL_1 | LEVEL_2 | LEVEL_3 | LEVEL_4.","enum":["DISABLED","LEVEL_1","LEVEL_2","LEVEL_3","LEVEL_4","DEFAULT"],"type":"string"},"parentGroup":{"description":"Object representing parent group of the current Snort 3 intrusion rulegroup.","type":"object","properties":{"id":{"description":"Unique identifier representing resource.","type":"string"},"links":{"description":"Object containing links to this resource.","type":"object","properties":{"parent":{"description":"Full resource URL path to reference the parent (if any) for this resource.","type":"string"},"self":{"description":"Full resource URL path to reference this particular resource.","type":"string"}},"$$ref":"#/components/schemas/ILinks"},"name":{"description":"User chosen resource name.","type":"string"},"type":{"description":"Response object associated with resource.","type":"string"}},"$$ref":"#/components/schemas/IReference"},"totalRuleCount":{"description":"Total rules count for the current Snort 3 intrusion rulegroup.","format":"int32","type":"integer"},"type":{"description":"Type of the response object. This value is always IntrusionRuleGroup.","type":"string"},"version":{"type":"string"}},"type":"object","$$ref":"#/components/schemas/Snort3IntrusionRuleGroups"}}},"description":"OK"},"default":{"content":{"application/json":{"schema":{"type":"object","properties":{"category":{"description":"Describes the category of the error thrown.","enum":["FRAMEWORK","OTHER","VALIDATION"],"type":"string"},"messages":{"description":"List of error messages which the response has.","items":{"type":"object","properties":{"bulkPayloadIndex":{"description":"More details about the error.","type":"string"},"code":{"description":"More details about the error.","type":"string"},"description":{"description":"More details about the error.","type":"string"},"details":{"description":"More details about the error.","type":"string"},"errorCode":{"description":"More details about the error.","type":"string"},"location":{"description":"More details about the error.","type":"string"},"severity":{"description":"Specifies the Highest level severity among all the error messages.","enum":["ERROR","WARN"],"type":"string"}},"$$ref":"#/components/schemas/ErrorMessagesContainer"},"type":"array"},"severity":{"description":"Specifies the Highest level severity among all the error messages.","enum":["ERROR","WARN"],"type":"string"}},"$$ref":"#/components/schemas/ErrorResponse"}}},"description":"Error"}},"tags":["Policy"],"__originalOperationId":"getSnort3IntrusionRuleGroups","method":"get","path":"/v1/cdfmc/api/fmc_config/v1/domain/{domainUUID}/policy/intrusionpolicies/{containerUUID}/intrusionrulegroups/{objectId}"}}