{"type":"model","meta":{"id":"/apps/pubhub/media/cloud-security-apis-in-eft/9d37d008417d562ab46d4b67547a68457ce288d2/1416204d-a3eb-3b4d-a1fc-4d01aedf1895","info":{"title":"Cisco Secure Access Policy Rules and Rule Settings APIs","version":"1.0.1","description":"Create and manage the access rules and rule settings in the Access policy.","contact":{"name":"Cloud Security Developer Community"}},"security":[{"oauthFlow":[]}],"tags":[{"name":"Access Rules","description":"The API endpoints that manage the access rules for the organization."},{"name":"Rule Settings and Defaults","description":"The API endpoints that manage the rule settings and defaults on the access rules."},{"name":"Secure Access"}],"x-parser-conf":{"overview":{"markdownPath":"secure-access/reference/policies/policy-rules-overview.md","uri":"secure-access-api-reference-policy-rules-overview"}},"openapi":"3.0.1","servers":[{"url":"https://api.sse.cisco.com/{basePath}","variables":{"basePath":{"default":"policies/v2"}}}],"securitySchemes":{"oauthFlow":{"type":"oauth2","description":"The client credential flow.","flows":{"clientCredentials":{"tokenUrl":"https://api.sse.cisco.com/auth/v2/token","scopes":{"policies.settings:write":"Write policies global rule settings","policies.settings:read":"Read policies global rule settings","policies.rules:read":"Read policies access rules","policies.rules:write":"Write policies access rules"}}}}}},"spec":{"type":"object","description":"The properties of the access rule that enables security for the traffic that is described on the rule.\nThe rule includes the actions, settings, and conditions configured on the rule and when these attributes\nwere created or modified.","properties":{"organizationId":{"type":"integer","description":"The ID of the organization.","readOnly":true,"example":987456,"$$ref":"#/components/schemas/organizationId"},"ruleId":{"type":"integer","description":"The ID of the rule.","readOnly":true,"example":183456,"$$ref":"#/components/schemas/ruleId"},"ruleName":{"type":"string","pattern":"^[a-zA-Z0-9-_\\s]+$","minLength":2,"maxLength":50,"description":"A rule name is a sequence of 2–50 alphanumeric, hyphen, underscore, and space characters.\nA rule name is unique across all access rules in the organization's Access policy.","example":"SSE_Rule-1","$$ref":"#/components/schemas/ruleName"},"ruleDescription":{"type":"string","maxLength":256,"description":"The meaningful information about the rule. The description can have no more than 256 characters.","example":"The rule for the London office.","$$ref":"#/components/schemas/ruleDescription"},"ruleAction":{"type":"string","enum":["allow","block"],"description":"The type of action that is set on the rule.","example":"allow","$$ref":"#/components/schemas/ruleAction"},"rulePriority":{"type":"integer","description":"The positive integer that represents the priority of the rule.\nThe priority is unique across all rules on the policy for the organization.","example":1,"$$ref":"#/components/schemas/rulePriority"},"ruleIsDefault":{"type":"boolean","description":"Specifies whether the rule is the default rule.","example":true,"$$ref":"#/components/schemas/ruleIsDefault"},"ruleIsEnabled":{"type":"boolean","description":"Specifies whether the rule is enabled.","example":true,"$$ref":"#/components/schemas/ruleIsEnabled"},"ruleConditions":{"type":"array","description":"The list of conditions that are set on the rule. Updates to \"ReadOnly\" attributes are ignored.","items":{"type":"object","description":"The attributes created on the rule. The conditions include the name of the attribute, the value of the attribute, and the operator\nthat is applied to the rule condition.","properties":{"attributeName":{"anyOf":[{"type":"string","description":"The name of the attributes for the source components.","enum":["umbrella.source.all","umbrella.source.networkObjectIds","umbrella.source.networkObjectGroupIds","umbrella.source.identity_type_ids","umbrella.source.ip_address","umbrella.source.identity_ids"],"example":"umbrella.source.ip_address","$$ref":"#/components/schemas/attributeNameSource"},{"type":"string","description":"The name of the attributes for the composite source components.","enum":["umbrella.source.ip_address"],"example":"umbrella.source.ip_address","$$ref":"#/components/schemas/attributeNameSourceComposite"},{"type":"string","description":"The name of the attribute for the source components.","enum":["umbrella.destination.all","umbrella.destination.networkObjectIds","umbrella.destination.networkObjectGroupIds","umbrella.destination.serviceObjectIds","umbrella.destination.serviceObjectGroupIds","umbrella.destination.application_ids","umbrella.destination.application_list_ids","umbrella.destination.private_application_ids","umbrella.destination.private_application_group_ids","umbrella.destination.category_ids","umbrella.destination.category_list_ids","umbrella.destination.destination_list_ids","umbrella.destination.logical_operator","umbrella.destination.geolocations","umbrella.destination.private_resource_ids"],"example":"umbrella.destination.private_application_ids","$$ref":"#/components/schemas/attributeNameDestination"},{"type":"string","description":"The name of the attribute for the source components.","enum":["umbrella.destination.ip_address","umbrella.destination.port","umbrella.destination.network_protocol"],"example":"umbrella.destination.ip_address","$$ref":"#/components/schemas/attributeNameDestinationComposite"}],"description":"The name of the attribute.","example":"umbrella.destination.private_application_ids","$$ref":"#/components/schemas/attributeName"},"attributeValue":{"oneOf":[{"type":"string"},{"type":"boolean"},{"type":"array","description":"The list of integers that represent the attribute values.","items":{"type":"integer","description":"An integer that represents the attribute value."},"example":[235,355],"$$ref":"#/components/schemas/attributeValueArrayIntegers"},{"type":"string","description":"To use these specific attribute values in a rule condition, you must:\n* set the `attributeOperator` to `AND`.\n* set the `attributeName` to `umbrella.destination.logical_operator`.","enum":["(umbrella.destination.networkObjectIds && umbrella.destination.serviceObjectIds)","(umbrella.destination.networkObjectGroupIds && umbrella.destination.serviceObjectGroupIds)","((umbrella.destination.networkObjectIds || umbrella.destination.networkObjectGroupIds) && (umbrella.destination.serviceObjectIds || umbrella.destination.serviceObjectGroupIds))","(umbrella.destination.networkObjectIds && umbrella.destination.serviceObjectGroupIds)","(umbrella.destination.networkObjectGroupIds && umbrella.destination.serviceObjectIds)","((umbrella.destination.networkObjectIds || umbrella.destination.networkObjectGroupIds) && umbrella.destination.serviceObjectIds)","((umbrella.destination.networkObjectIds || umbrella.destination.networkObjectGroupIds) && umbrella.destination.serviceObjectGroupIds)","((umbrella.destination.serviceObjectIds || umbrella.destination.serviceObjectGroupIds) && umbrella.destination.networkObjectIds)","(umbrella.destination.networkObjectGroupIds && (umbrella.destination.serviceObjectIds || umbrella.destination.serviceObjectGroupIds))"],"$$ref":"#/components/schemas/attributeValueNetworkServiceObjects"}],"description":"The value of the attribute.","example":123,"$$ref":"#/components/schemas/attributeValue"},"attributeOperator":{"type":"string","description":"The operator that can act on the attribute.","enum":["=","INTERSECT","AND","IN"],"example":"INTERSECT","$$ref":"#/components/schemas/attributeOperator"}}},"example":[{"attributeName":"umbrella.destination.private_application_ids","attributeValue":[12345,34],"attributeOperator":"INTERSECT"}],"$$ref":"#/components/schemas/ruleConditions"},"ruleSettings":{"type":"array","description":"The properties of the policy settings.","items":{"type":"object","properties":{"settingValue":{"description":"The value of the rule setting.","oneOf":[{"type":"string"},{"type":"integer"},{"type":"boolean"}],"example":"LOG_NONE","$$ref":"#/components/schemas/settingValue"},"settingName":{"type":"string","description":"The name of the rule setting.","enum":["sse.decryption.logInternet","sse.decryption.logPrivate","sse.globalIPSEnabled","sse.ztaAuthnTimeoutEnabled","sse.tenantControlProfileId","sse.ztaAuthnTimeoutMinutes","sse.ztnaSessionTimeoutMinutes","umbrella.m365Compatibility","umbrella.posture.webProfileId","umbrella.posture.ipsProfileId","umbrella.posture.profileIdClientbased","umbrella.logLevel","umbrella.default.traffic"],"example":"umbrella.logLevel","$$ref":"#/components/schemas/settingName"},"createdAt":{"type":"string","description":"The date and time when the system created the rule setting.","format":"date-time","readOnly":true,"example":"2021-12-13T16:07:07.222Z","$$ref":"#/components/schemas/createdAtRuleSetting"},"modifiedAt":{"type":"string","description":"The date and time when the system updated the rule setting.","format":"date-time","readOnly":true,"example":"2023-11-13T21:28:54+00:00","$$ref":"#/components/schemas/modifiedAtRuleSetting"}}},"example":[{"createdAt":"2024-03-26T18:54:45+00:00","settingName":"sse.decryption.logInternet","settingValue":false,"modifiedAt":"2024-03-26T18:54:45+00:00"},{"createdAt":"2024-03-26T18:54:45+00:00","settingName":"sse.decryption.logPrivate","settingValue":false,"modifiedAt":"2024-03-26T18:54:45+00:00"},{"createdAt":"2024-03-26T18:54:45+00:00","settingName":"sse.globalIPSEnabled","settingValue":true,"modifiedAt":"2024-03-26T18:54:45+00:00"},{"createdAt":"2024-02-05T09:13:56+00:00","settingName":"sse.tenantControlProfileId","settingValue":19383,"modifiedAt":"2024-02-05T09:13:56+00:00"}],"$$ref":"#/components/schemas/SettingResponse"},"modifiedBy":{"type":"string","description":"A string that includes the organization ID and user ID for the account that modified the access rule.","example":"org/1234/user/123453","$$ref":"#/components/schemas/modifiedBy"},"modifiedAt":{"type":"string","description":"The date and time when the system updated the access rule.","format":"date-time","readOnly":true,"example":"2023-11-13T21:28:54+00:00","$$ref":"#/components/schemas/modifiedAtRule"},"createdAt":{"type":"string","description":"The date and time when the system created the access rule.","format":"date-time","readOnly":true,"example":"2021-12-13T16:07:07.222Z","$$ref":"#/components/schemas/createdAtRule"}},"$$ref":"#/components/schemas/Rule","title":"Rule"}}