List Rules - Cloud Security API

{"type":"api","title":"List Rules","meta":{"id":"/apps/pubhub/media/cloud-security-apis-in-eft/67c4f058ec451812ff806264657c6fa63e72c844/1416204d-a3eb-3b4d-a1fc-4d01aedf1895","info":{"title":"Cisco Secure Access Policy Rules and Rule Settings APIs","version":"1.0.1","description":"Create and manage the access rules and rule settings in the Access policy.","contact":{"name":"Cloud Security Developer Community"}},"security":[{"oauthFlow":[]}],"tags":[{"name":"Access Rules","description":"The API endpoints that manage the access rules for the organization."},{"name":"Rule Settings and Defaults","description":"The API endpoints that manage the rule settings and defaults on the access rules."},{"name":"Secure Access"}],"x-parser-conf":{"overview":{"markdownPath":"secure-access/reference/policies/policy-rules-overview.md","uri":"secure-access-api-reference-policy-rules-overview"}},"openapi":"3.0.1","servers":[{"url":"https://api.sse.cisco.com/{basePath}","variables":{"basePath":{"default":"policies/v2"}}}],"securitySchemes":{"oauthFlow":{"type":"oauth2","description":"The client credential flow.","flows":{"clientCredentials":{"tokenUrl":"https://api.sse.cisco.com/auth/v2/token","scopes":{"policies.settings:write":"Write policies global rule settings","policies.settings:read":"Read policies global rule settings","policies.rules:read":"Read policies access rules","policies.rules:write":"Write policies access rules"}}}}}},"spec":{"tags":["Access Rules","Secure Access"],"summary":"List Rules","description":"List the rules in the policy for the organization.","operationId":"listRules","parameters":[{"name":"offset","in":"query","description":"The place to start reading in the collection. The default value is `0`.\nFor example, the offset of the first page in the collection is `0`.\nIf the limit is 10, the offset for next page is `10`.","required":false,"schema":{"type":"integer","default":0},"example":10,"$$ref":"#/components/parameters/offset"},{"name":"limit","in":"query","description":"Set the number of items on a page. The maximum items that are allowed on a page in the response are 1000.","required":false,"schema":{"type":"integer","default":10},"example":20,"$$ref":"#/components/parameters/limit"},{"name":"ruleName","in":"query","description":"Filter the rules using the name of the rule or a sequence of characters found in the rule name.","required":false,"schema":{"type":"string"},"example":"Allow all rule","$$ref":"#/components/parameters/ruleName"},{"name":"filters","in":"query","required":false,"schema":{"type":"object","description":"Filter the rules by the rule properties.\n**Note:** You can filter on either `ruleConditions` or the set of `sources` and `destinations` properties, but not both sets of properties.","properties":{"ruleName":{"type":"string","pattern":"^[a-zA-Z0-9-_\\s]+$","minLength":2,"maxLength":50,"description":"A rule name is a sequence of 2–50 alphanumeric, hyphen, underscore, and space characters.\nA rule name is unique across all access rules in the organization's Access policy.","example":"SSE_Rule-1","$$ref":"#/components/schemas/ruleName"},"ruleDescription":{"type":"string","maxLength":256,"description":"The meaningful information about the rule. The description can have no more than 256 characters.","example":"The rule for the London office.","$$ref":"#/components/schemas/ruleDescription"},"ruleIsEnabled":{"type":"boolean","description":"Specifies whether the rule is enabled.","example":true,"$$ref":"#/components/schemas/ruleIsEnabled"},"ruleIsDefault":{"type":"boolean","description":"Specifies whether the rule is the default rule.","example":true,"$$ref":"#/components/schemas/ruleIsDefault"},"ruleAction":{"type":"string","enum":["allow","block"],"description":"The type of action that is set on the rule.","example":"allow","$$ref":"#/components/schemas/ruleAction"},"attributeName":{"anyOf":[{"type":"string","description":"The name of the attributes for the source components.","enum":["umbrella.source.all","umbrella.source.networkObjectIds","umbrella.source.networkObjectGroupIds","umbrella.source.identity_type_ids","umbrella.source.ip_address","umbrella.source.identity_ids"],"example":"umbrella.source.ip_address","$$ref":"#/components/schemas/attributeNameSource"},{"type":"string","description":"The name of the attributes for the composite source components.","enum":["umbrella.source.ip_address"],"example":"umbrella.source.ip_address","$$ref":"#/components/schemas/attributeNameSourceComposite"},{"type":"string","description":"The name of the attribute for the source components.","enum":["umbrella.destination.all","umbrella.destination.networkObjectIds","umbrella.destination.networkObjectGroupIds","umbrella.destination.serviceObjectIds","umbrella.destination.serviceObjectGroupIds","umbrella.destination.application_ids","umbrella.destination.application_list_ids","umbrella.destination.private_application_ids","umbrella.destination.private_application_group_ids","umbrella.destination.category_ids","umbrella.destination.category_list_ids","umbrella.destination.destination_list_ids","umbrella.destination.logical_operator","umbrella.destination.geolocations","umbrella.destination.private_resource_ids"],"example":"umbrella.destination.private_application_ids","$$ref":"#/components/schemas/attributeNameDestination"},{"type":"string","description":"The name of the attribute for the source components.","enum":["umbrella.destination.ip_address","umbrella.destination.port","umbrella.destination.network_protocol"],"example":"umbrella.destination.ip_address","$$ref":"#/components/schemas/attributeNameDestinationComposite"}],"description":"The name of the attribute.","example":"umbrella.destination.private_application_ids","$$ref":"#/components/schemas/attributeName"},"attributeValue":{"oneOf":[{"type":"string"},{"type":"boolean"},{"type":"array","description":"The list of integers that represent the attribute values.","items":{"type":"integer","description":"An integer that represents the attribute value."},"example":[235,355],"$$ref":"#/components/schemas/attributeValueArrayIntegers"},{"type":"string","description":"To use these specific attribute values in a rule condition, you must:\n* set the `attributeOperator` to `AND`.\n* set the `attributeName` to `umbrella.destination.logical_operator`.","enum":["(umbrella.destination.networkObjectIds && umbrella.destination.serviceObjectIds)","(umbrella.destination.networkObjectGroupIds && umbrella.destination.serviceObjectGroupIds)","((umbrella.destination.networkObjectIds || umbrella.destination.networkObjectGroupIds) && (umbrella.destination.serviceObjectIds || umbrella.destination.serviceObjectGroupIds))","(umbrella.destination.networkObjectIds && umbrella.destination.serviceObjectGroupIds)","(umbrella.destination.networkObjectGroupIds && umbrella.destination.serviceObjectIds)","((umbrella.destination.networkObjectIds || umbrella.destination.networkObjectGroupIds) && umbrella.destination.serviceObjectIds)","((umbrella.destination.networkObjectIds || umbrella.destination.networkObjectGroupIds) && umbrella.destination.serviceObjectGroupIds)","((umbrella.destination.serviceObjectIds || umbrella.destination.serviceObjectGroupIds) && umbrella.destination.networkObjectIds)","(umbrella.destination.networkObjectGroupIds && (umbrella.destination.serviceObjectIds || umbrella.destination.serviceObjectGroupIds))"],"$$ref":"#/components/schemas/attributeValueNetworkServiceObjects"}],"description":"The value of the attribute.","example":123,"$$ref":"#/components/schemas/attributeValue"},"settingName":{"type":"string","description":"The name of the rule setting.","enum":["sse.decryption.logInternet","sse.decryption.logPrivate","sse.globalIPSEnabled","sse.ztaAuthnTimeoutEnabled","sse.tenantControlProfileId","sse.ztaAuthnTimeoutMinutes","sse.ztnaSessionTimeoutMinutes","umbrella.m365Compatibility","umbrella.posture.webProfileId","umbrella.posture.ipsProfileId","umbrella.posture.profileIdClientbased","umbrella.logLevel","umbrella.default.traffic"],"example":"umbrella.logLevel","$$ref":"#/components/schemas/settingName"},"settingValue":{"description":"The value of the rule setting.","oneOf":[{"type":"string"},{"type":"integer"},{"type":"boolean"}],"example":"LOG_NONE","$$ref":"#/components/schemas/settingValue"},"rulePriority":{"type":"string","description":"Filter on the priorities of the rules.\nProvide a comma-separated string of integers that corresponds to the priorities of your rules.","example":"1,2,3"}},"additionalProperties":{"oneOf":[{"type":"array","description":"The list of conditions that are set on the rule. Updates to \"ReadOnly\" attributes are ignored.","items":{"type":"object","description":"The attributes created on the rule. The conditions include the name of the attribute, the value of the attribute, and the operator\nthat is applied to the rule condition.","properties":{"attributeName":{"anyOf":[{"type":"string","description":"The name of the attributes for the source components.","enum":["umbrella.source.all","umbrella.source.networkObjectIds","umbrella.source.networkObjectGroupIds","umbrella.source.identity_type_ids","umbrella.source.ip_address","umbrella.source.identity_ids"],"example":"umbrella.source.ip_address","$$ref":"#/components/schemas/attributeNameSource"},{"type":"string","description":"The name of the attributes for the composite source components.","enum":["umbrella.source.ip_address"],"example":"umbrella.source.ip_address","$$ref":"#/components/schemas/attributeNameSourceComposite"},{"type":"string","description":"The name of the attribute for the source components.","enum":["umbrella.destination.all","umbrella.destination.networkObjectIds","umbrella.destination.networkObjectGroupIds","umbrella.destination.serviceObjectIds","umbrella.destination.serviceObjectGroupIds","umbrella.destination.application_ids","umbrella.destination.application_list_ids","umbrella.destination.private_application_ids","umbrella.destination.private_application_group_ids","umbrella.destination.category_ids","umbrella.destination.category_list_ids","umbrella.destination.destination_list_ids","umbrella.destination.logical_operator","umbrella.destination.geolocations","umbrella.destination.private_resource_ids"],"example":"umbrella.destination.private_application_ids","$$ref":"#/components/schemas/attributeNameDestination"},{"type":"string","description":"The name of the attribute for the source components.","enum":["umbrella.destination.ip_address","umbrella.destination.port","umbrella.destination.network_protocol"],"example":"umbrella.destination.ip_address","$$ref":"#/components/schemas/attributeNameDestinationComposite"}],"description":"The name of the attribute.","example":"umbrella.destination.private_application_ids","$$ref":"#/components/schemas/attributeName"},"attributeValue":{"oneOf":[{"type":"string"},{"type":"boolean"},{"type":"array","description":"The list of integers that represent the attribute values.","items":{"type":"integer","description":"An integer that represents the attribute value."},"example":[235,355],"$$ref":"#/components/schemas/attributeValueArrayIntegers"},{"type":"string","description":"To use these specific attribute values in a rule condition, you must:\n* set the `attributeOperator` to `AND`.\n* set the `attributeName` to `umbrella.destination.logical_operator`.","enum":["(umbrella.destination.networkObjectIds && umbrella.destination.serviceObjectIds)","(umbrella.destination.networkObjectGroupIds && umbrella.destination.serviceObjectGroupIds)","((umbrella.destination.networkObjectIds || umbrella.destination.networkObjectGroupIds) && (umbrella.destination.serviceObjectIds || umbrella.destination.serviceObjectGroupIds))","(umbrella.destination.networkObjectIds && umbrella.destination.serviceObjectGroupIds)","(umbrella.destination.networkObjectGroupIds && umbrella.destination.serviceObjectIds)","((umbrella.destination.networkObjectIds || umbrella.destination.networkObjectGroupIds) && umbrella.destination.serviceObjectIds)","((umbrella.destination.networkObjectIds || umbrella.destination.networkObjectGroupIds) && umbrella.destination.serviceObjectGroupIds)","((umbrella.destination.serviceObjectIds || umbrella.destination.serviceObjectGroupIds) && umbrella.destination.networkObjectIds)","(umbrella.destination.networkObjectGroupIds && (umbrella.destination.serviceObjectIds || umbrella.destination.serviceObjectGroupIds))"],"$$ref":"#/components/schemas/attributeValueNetworkServiceObjects"}],"description":"The value of the attribute.","example":123,"$$ref":"#/components/schemas/attributeValue"},"attributeOperator":{"type":"string","description":"The operator that can act on the attribute.","enum":["=","INTERSECT","AND","IN"],"example":"INTERSECT","$$ref":"#/components/schemas/attributeOperator"}}},"example":[{"attributeName":"umbrella.destination.private_application_ids","attributeValue":[12345,34],"attributeOperator":"INTERSECT"}],"$$ref":"#/components/schemas/ruleConditions"},{"type":"object","description":"The source and destination properties. Use these properties to filter your collection of rules.","properties":{"sources":{"type":"array","description":"The list of sources to filter your collection of rules.","items":{"type":"object","description":"Filter on the property and value of the source.","additionalProperties":{"oneOf":[{"type":"string"},{"type":"integer"}]},"example":{"umbrella.source.identity_ids":"*"},"$$ref":"#/components/schemas/RuleFilterSourcesExample"}},"destinations":{"type":"array","description":"The list of destinations to filter your collection of rules.","items":{"type":"object","description":"Filter on the property and value of the destination.","additionalProperties":{"oneOf":[{"type":"string"}]},"example":{"umbrella.destination.private_resource_ids":"*"},"$$ref":"#/components/schemas/RuleFilterDestinationsExample"}}},"example":{"sources":[{"umbrella.source.identity_type_id":3}],"destinations":[{"umbrella.destination.private_resource_ids":"*"}]},"$$ref":"#/components/schemas/RuleSourceDestFilters"}]},"example":{"destinations":[{"umbrella.destination.destination_list_ids":"*"}],"sources":[{"umbrella.source.identity_ids":"*"}],"rulePriority":"1,2,3","ruleAction":"allow"},"$$ref":"#/components/schemas/RuleFilters"},"description":"Filter the rules by one or more properties.\nFilter on: `ruleName`, `ruleDescription`, `ruleIsEnabled`, `ruleIsDefault`, `ruleAction`, `attributeName` and `attributeValue`, `settingName` and `settingValue`,\n`rulePriority`, `destinations`, `sources`, `ruleConditions`.\nSpecify the properties in the JSON format.\n**Note:** Filter on either `ruleConditions` or the `sources` and `destinations` properties, but not both sets of properties.\n\nExample:\n\n```\n{\n \"destinations\": [\n \"umbrella.destination.destination_list_ids\": \"*\"\n ],\n \"sources\": [\n \"umbrella.source.identity_ids\": \"*\"\n ],\n \"rulePriority\": \"1,2,3\"\n}\n```","example":{"destinations":[{"umbrella.destination.destination_list_ids":"*"}],"ruleAction":"block","rulePriority":"9,100","ruleName":"Rule 31 Created by Cisco Assistant","ruleIsEnabled":false,"ruleDescription":"Rule Created by Policy Assistant","ruleConditions":[{"umbrella.source.all":false},{"umbrella.destination.application_ids":"1008716,5000041"}]},"$$ref":"#/components/parameters/filters"}],"security":[{"oauthFlow":["policies.rules:read"]}],"responses":{"200":{"description":"OK","headers":{"Content-Type":{"schema":{"type":"string"},"description":"The MIME content type of the response body.","example":"application/json","$$ref":"#/components/headers/Content-Type"},"Date":{"schema":{"type":"string","pattern":"^[0-90-90-90-9-0-90-9-0-90-9T0-90-9:0-90-9:0-90-9Z]+$"},"description":"The timestamp of the response.","example":"2023-03-14T18:34:25Z","$$ref":"#/components/headers/Date"}},"content":{"application/json":{"schema":{"type":"object","description":"The rules in the organization's Access policy.","properties":{"count":{"type":"integer","description":"The number of rules in the Access policy.","example":100},"result":{"type":"array","description":"The list of rules in the policy.","items":{"type":"object","description":"The core properties of the rule.","required":["ruleId"],"properties":{"organizationId":{"type":"integer","description":"The ID of the organization.","readOnly":true,"example":987456,"$$ref":"#/components/schemas/organizationId"},"ruleId":{"type":"integer","description":"The ID of the rule.","readOnly":true,"example":183456,"$$ref":"#/components/schemas/ruleId"},"ruleName":{"type":"string","pattern":"^[a-zA-Z0-9-_\\s]+$","minLength":2,"maxLength":50,"description":"A rule name is a sequence of 2–50 alphanumeric, hyphen, underscore, and space characters.\nA rule name is unique across all access rules in the organization's Access policy.","example":"SSE_Rule-1","$$ref":"#/components/schemas/ruleName"},"ruleDescription":{"type":"string","maxLength":256,"description":"The meaningful information about the rule. The description can have no more than 256 characters.","example":"The rule for the London office.","$$ref":"#/components/schemas/ruleDescription"},"ruleAction":{"type":"string","enum":["allow","block"],"description":"The type of action that is set on the rule.","example":"allow","$$ref":"#/components/schemas/ruleAction"},"rulePriority":{"type":"integer","description":"The positive integer that represents the priority of the rule.\nThe priority is unique across all rules on the policy for the organization.","example":1,"$$ref":"#/components/schemas/rulePriority"},"ruleIsDefault":{"type":"boolean","description":"Specifies whether the rule is the default rule.","example":true,"$$ref":"#/components/schemas/ruleIsDefault"},"ruleIsEnabled":{"type":"boolean","description":"Specifies whether the rule is enabled.","example":true,"$$ref":"#/components/schemas/ruleIsEnabled"},"modifiedBy":{"type":"string","description":"A string that includes the organization ID and user ID for the account that modified the access rule.","example":"org/1234/user/123453","$$ref":"#/components/schemas/modifiedBy"},"modifiedAt":{"type":"string","description":"The date and time when the system updated the access rule.","format":"date-time","readOnly":true,"example":"2023-11-13T21:28:54+00:00","$$ref":"#/components/schemas/modifiedAtRule"},"createdAt":{"type":"string","description":"The date and time when the system created the access rule.","format":"date-time","readOnly":true,"example":"2021-12-13T16:07:07.222Z","$$ref":"#/components/schemas/createdAtRule"}}},"example":[{"organizationId":8094936,"ruleIsDefault":false,"modifiedAt":"2024-04-01T19:42:38","rulePriority":9,"ruleId":591710,"ruleIsEnabled":false,"ruleDescription":"Rule Created by Policy Assistant","ruleName":"Rule 31 Created by Cisco Assistant","modifiedBy":"service/chatgpt.policy-api/key/1","createdAt":"2024-03-28T18:17:36","ruleAction":"allow"}],"$$ref":"#/components/schemas/RulesResponse"}},"example":{"count":1,"result":[{"modifiedAt":"2024-04-01T19:42:38","ruleAccess":"internet","ruleIsDefault":false,"rulePriority":9,"ruleName":"Rule 31 Created by Cisco Assistant","ruleId":591710,"ruleIsEnabled":false,"ruleDescription":"Rule Created by Policy Assistant","modifiedBy":"service/chatgpt.policy-api/key/1","createdAt":"2024-03-28T18:17:36","ruleAction":"allow"}]},"$$ref":"#/components/schemas/Rules"},"example":{"count":1,"result":[{"modifiedAt":"2024-04-01T19:42:38","ruleAccess":"internet","ruleIsDefault":false,"rulePriority":9,"ruleName":"Rule 31 Created by Cisco Assistant","ruleId":591710,"ruleIsEnabled":false,"ruleDescription":"Rule Created by Policy Assistant","modifiedBy":"service/chatgpt.policy-api/key/1","createdAt":"2024-03-28T18:17:36","ruleAction":"allow"}]}}}},"400":{"description":"Bad Request","content":{"application/json":{"schema":{"type":"object","properties":{"error":{"type":"string","description":"Error message explaining the reason for failure.","example":"The organization ID is a numeric value."},"requestId":{"type":"string","description":"The ID of the request.","example":"7d318524-d5a4-4fd8-8b29-ad295b2f035b"}}}}},"headers":{"Content-Type":{"schema":{"type":"string"},"description":"The MIME content type of the response body.","example":"application/json","$$ref":"#/components/headers/Content-Type"},"Date":{"schema":{"type":"string","pattern":"^[0-90-90-90-9-0-90-9-0-90-9T0-90-9:0-90-9:0-90-9Z]+$"},"description":"The timestamp of the response.","example":"2023-03-14T18:34:25Z","$$ref":"#/components/headers/Date"}},"$$ref":"#/components/responses/400Error"},"401":{"description":"Unauthorized","content":{"application/json":{"schema":{"type":"object","properties":{"error":{"type":"string","description":"Error message explaining the reason for failure.","example":"Authorization token is invalid."},"requestId":{"type":"string","description":"The ID of the request.","example":"7d318524-d5a4-4fd8-8b29-ad295b2f035b"}}}}},"headers":{"Content-Type":{"schema":{"type":"string"},"description":"The MIME content type of the response body.","example":"application/json","$$ref":"#/components/headers/Content-Type"},"Date":{"schema":{"type":"string","pattern":"^[0-90-90-90-9-0-90-9-0-90-9T0-90-9:0-90-9:0-90-9Z]+$"},"description":"The timestamp of the response.","example":"2023-03-14T18:34:25Z","$$ref":"#/components/headers/Date"}},"$$ref":"#/components/responses/401Error"},"403":{"description":"Forbidden","content":{"application/json":{"schema":{"type":"object","properties":{"error":{"type":"string","description":"Error message explaining the reason for failure.","example":"Not Authorized"},"requestId":{"type":"string","description":"The ID of the request.","example":"7d318524-d5a4-4fd8-8b29-ad295b2f035b"}}}}},"headers":{"Content-Type":{"schema":{"type":"string"},"description":"The MIME content type of the response body.","example":"application/json","$$ref":"#/components/headers/Content-Type"},"Date":{"schema":{"type":"string","pattern":"^[0-90-90-90-9-0-90-9-0-90-9T0-90-9:0-90-9:0-90-9Z]+$"},"description":"The timestamp of the response.","example":"2023-03-14T18:34:25Z","$$ref":"#/components/headers/Date"}},"$$ref":"#/components/responses/403Error"},"404":{"description":"Not Found","content":{"application/json":{"schema":{"type":"object","properties":{"error":{"type":"string","description":"Error message explaining the reason for failure.","example":"Not Found"},"requestId":{"type":"string","description":"The ID of the request.","example":"7d318524-d5a4-4fd8-8b29-ad295b2f035b"}}}}},"headers":{"Content-Type":{"schema":{"type":"string"},"description":"The MIME content type of the response body.","example":"application/json","$$ref":"#/components/headers/Content-Type"},"Date":{"schema":{"type":"string","pattern":"^[0-90-90-90-9-0-90-9-0-90-9T0-90-9:0-90-9:0-90-9Z]+$"},"description":"The timestamp of the response.","example":"2023-03-14T18:34:25Z","$$ref":"#/components/headers/Date"}},"$$ref":"#/components/responses/404Error"},"500":{"description":"Internal Server Error","content":{"application/json":{"schema":{"type":"object","properties":{"error":{"type":"string","description":"Error message explaining the reason for failure.","example":"Internal Server Error"},"requestId":{"type":"string","description":"The ID of the request.","example":"7d318524-d5a4-4fd8-8b29-ad295b2f035b"}}}}},"headers":{"Content-Type":{"schema":{"type":"string"},"description":"The MIME content type of the response body.","example":"application/json","$$ref":"#/components/headers/Content-Type"},"Date":{"schema":{"type":"string","pattern":"^[0-90-90-90-9-0-90-9-0-90-9T0-90-9:0-90-9:0-90-9Z]+$"},"description":"The timestamp of the response.","example":"2023-03-14T18:34:25Z","$$ref":"#/components/headers/Date"}},"$$ref":"#/components/responses/500Error"}},"__originalOperationId":"listRules","method":"get","path":"/rules"}}