getPolicyIntrusionRuleList
The getPolicyIntrusionRuleList operation handles configuration related to IntrusionRule model.
Description
This API accepts additional filter params in Snort 3.
If the same filter is specified twice, it will be treated as an OR. If different filters are used, they will be treated as an AND. For example if you wish to see all rules that have a defaultState of DROP or ALERT you would use "defaultState:DROP,ALERT". If you want to see all rules that have a defaultState of DROP and fts on "browser" you would use "defaultState:DROP;fts~browser".
In addition, this API supports a variety of non-standard filters.
currentState will match against the overrideState if one exists, else it will match against the defaultState.
overrideState can be used as a standard field filter, it can also be used to return all rules that have an override (overrideState!null) or all rules that do not have an override (overrideState:null).
excludeCount can be either TRUE or FALSE and will determine if the total count of rules determined by the filters be returned or not. (excludeCount:TRUE) speeds up the response time.
intrusionRuleGroup can be used to specify rule group name to search rules for.
lspversions and lspruleupdatetype can be used to filter rules by the LSP version they were ADDED/MODIFIED in.
fts searches in name, msg, ruleData and groupNames.
This API also supports additional sort fields - gid, sid, currentState, defaultState, overrideState.
Path Parameters
| Parameter | Required | Type | Description | |||
|---|---|---|---|---|---|---|
| parentId | True | string | ||||
Query Parameters
| Parameter | Required | Type | Description | |||
|---|---|---|---|---|---|---|
| offset | False | integer | An integer representing the index of the first requested object. Index starts from 0. If not specified, the returned objects will start from index 0 | |||
| limit | False | integer | An integer representing the maximum amount of objects to return. If not specified, the maximum amount is 10 | |||
| sort | False | string | The field used to sort the requested object list | |||
| filter | False | string | The criteria used to filter the models you are requesting. It should have the following format: {key}{operator}{value}[;{key}{operator}{value}]. Supported operators are: "!"(not equals), ":"(equals), "~"(similar). Supported keys are: "gid", "sid", "defaultstate", "overridestate", "currentstate", "intrusionrulegroup", "issystemdefined", "lspversions", "lspruleupdatetype", "fts". The "fts" filter cannot be used with other filters. | |||
Example
- name: Execute 'getPolicyIntrusionRuleList' operation
ftd_configuration:
operation: "getPolicyIntrusionRuleList"
path_params:
parentId: "{{ parent_id }}"
query_params:
offset: "{{ offset }}"
limit: "{{ limit }}"
sort: "{{ sort }}"
filter: "{{ filter }}"