FileRule
Description
A file policy, like its parent access control policy, contains rules (file rules) that determine how the system handles files that match the conditions of each rule. You can configure separate file rules to take different actions for different file types, application protocols, or directions of transfer (Note: The field level constraints listed here might not cover all the constraints on the field. Additional constraints might exist.)
Supported Operations
Model Properties
| Property | Required | Type | Description | |||
|---|---|---|---|---|---|---|
| version | False | string | A unique string version assigned by the system when the object is created or modified. No assumption can be made on the format or content of this identifier. The identifier must be provided whenever attempting to modify/delete an existing object. As the version will change every time the object is modified, the value provided in this identifier must match exactly what is present in the system or the request will be rejected. | |||
| name | True | string | Name of the File Policy Rule. It must match pattern (^[a-zA-Z0-9_]$)|(^[a-zA-Z0-9_][ a-zA-Z0-9_.+-]*[a-zA-Z0-9_.+-]$). (Note: Additional constraints might exist) | |||
| rulePosition | False | integer | Transient field holding the index position for the rule | |||
| description | False | string | description of the rule Field level constraints: length must be between 0 and 128 (inclusive). (Note: Additional constraints might exist) |
|||
| fileTypeCategories | False | [object] | A list of fileTypeCategory objects.The system can detect various types of files. These file types are grouped into basic categories, including multimedia (swf, mp3), executables (exe, torrent), and PDFs. You can configure file rules that detect individual file types, or on entire categories of file types. To get list of all file types category use 'GET /object/filetypecategories' API Allowed types are: [FileTypeCategory] |
|||
| fileTypes | False | [object] | A list of fileType objects. The system can detect various types of files. You can configure file rules that detect individual file types and generate events for particular files. To get list of all file types use 'GET /object/filetypes' API Allowed types are: [FileType] |
|||
| applicationProtocols | True | string | The system can detect and inspect files transmitted via FTP, HTTP, SMTP, IMAP, POP3, and NetBIOS-ssn (SMB). Any, the default, detects files in HTTP, SMTP, IMAP, POP3, FTP, and NetBIOS-ssn (SMB) traffic. To improve performance, you can restrict file detection to only one of those application protocols on a per-file rule basis Field level constraints: cannot be null. (Note: Additional constraints might exist) |
|||
| malwareAnalysisOptions | False | [object] | An list of enum values that specifies the methods to use for file inspection and analysis, which determines whether a file contains malware. You can specify the following methods: SPERO, LOCAL_MALWARE_ANALYSIS | |||
| storeFiles | False | [object] | List of options from ALL,CLEAN,MALWARE,CUSTOM,UNKNOWN, based on malware analysis options | |||
| directionOfTransfer | True | string | An enum value that specifies the direction of file transfer for the files that should match this rule. Possible values are DOWNLOAD, UPLOAD and ANY. You can inspect incoming FTP, HTTP, IMAP, POP3, and NetBIOS-ssn (SMB) traffic for downloaded files, and outgoing FTP, HTTP, SMTP and NetBIOS-ssn (SMB) traffic for uploaded files. Field level constraints: cannot be null. (Note: Additional constraints might exist) |
|||
| ruleAction | True | string | An enum value that defines the action to apply to files that match this rule. Possible values are: DETECT_FILES, BLOCK_FILES, MALWARE_CLOUD_LOOKUP, MALWARE_BLOCK. Detect Files rules allow you to log the detection of specific file types to the database, while still allowing their transmission. Block Files rules allow you to block specific file types. You can configure options to reset the connection when a file transfer is blocked, and store captured files to the managed device. Malware Cloud Lookup rules allow you to obtain and log the disposition of files traversing your network, while still allowing their transmission. Block Malware rules allow you to calculate the SHA-256 hash value of specific file types, query the AMP cloud to determine if files traversing your network contain malware, then block files that represent threats. File Rule Actions: Evaluation Order: If more than one rule can apply to a particular situation, the evaluation order will be (1) Block Files, (2) Block Malware, (3)Malware Cloud Lookup, (4)Detect Files Field level constraints: cannot be null. (Note: Additional constraints might exist) |
|||
| reset | False | boolean | A Boolean value, TRUE or FALSE (the default). Cisco recommends that you enable Reset Connection for the Block Files and Block Malware actions to prevent blocked application sessions from remaining open until the TCP connection resets. If you do not reset connections, the client session will remain open until the TCP connection resets itself | |||
| isSystemDefined | False | boolean | A Boolean value, TRUE or FALSE (the default). The TRUE value indicates that the system created the object. FALSE indicates that the object is user-defined | |||
| id | False | string | A unique string identifier assigned by the system when the object is created. No assumption can be made on the format or content of this identifier. The identifier must be provided whenever attempting to modify/delete (or reference) an existing object. Field level constraints: must match pattern ^((?!;).)*$. (Note: Additional constraints might exist) |
|||
| type | True | string | A UTF8 string, all letters lower-case, that represents the class-type. This corresponds to the class name. | |||