upsertIntrusionRule
The upsertIntrusionRule operation handles configuration related to IntrusionRule model.
Description
This API call is not allowed on the standby unit in an HA pair.
This API is only supported for Snort 3. This will allow the user to update a custom intrusion rule.
Data Parameters
| Parameter | Required | Type | Description | |||
|---|---|---|---|---|---|---|
| version | False | string | A unique string version assigned by the system when the object is created or modified. No assumption can be made on the format or content of this identifier. The identifier must be provided whenever attempting to modify/delete an existing object. As the version will change every time the object is modified, the value provided in this identifier must match exactly what is present in the system or the request will be rejected. | |||
| name | False | string | A string that is the name of the Intrusion Rule | |||
| gid | False | integer | An integer representing the Generator Identifier. | |||
| sid | False | integer | An integer representing the Snort Identifier. | |||
| revision | False | integer | A string representing the revision as read from the Rule Update package or as specified by the user. | |||
| msg | False | string | A string representing the message to be displayed if this rule is triggered. | |||
| ruleData | False | string | A string containing the entire rule as originally read from the Rule Update package or as specified by the user. | |||
| isSystemDefined | False | boolean | A Boolean value, TRUE or FALSE (the default). The TRUE value indicates that the system created the object. FALSE indicates that the object is user-defined | |||
| defaultState | False | string | An enumerated field that can be null. It can be ALERT, DROP, or DISABLED. Must be null on create/update of intrusion rule. | |||
| overrideState | False | string | The rule state enumerated field that can be null. If not null then it will be any state other than defaultState. Must be null on create/update of intrusion rule. | |||
| groupNames | False | [string] | A comma separated value set of intrusion rule groups names that this rule belongs to. | |||
| id | False | string | A unique string identifier assigned by the system when the object is created. No assumption can be made on the format or content of this identifier. The identifier must be provided whenever attempting to modify/delete (or reference) an existing object. Field level constraints: must match pattern ^((?!;).)*$. (Note: Additional constraints might exist) |
|||
| type | True | string | A UTF8 string, all letters lower-case, that represents the class-type. This corresponds to the class name. | |||
Query Parameters
| Parameter | Required | Type | Description | |||
|---|---|---|---|---|---|---|
| filter | False | string | The criteria used to filter the models you are requesting. It should have the following format: {key}{operator}{value}[;{key}{operator}{value}]. Supported operators are: "!"(not equals), ":"(equals), "~"(similar). Supported keys are: "isSystemDefined", "sid", "gid", "fts", "intrusionrulegroup". The "fts" filter can not be used with other filters. Default filtering for Upsert operation is done by name. | |||
Example
- name: Execute 'upsertIntrusionRule' operation
ftd_configuration:
operation: "upsertIntrusionRule"
data:
version: "{{ version }}"
name: "{{ name }}"
gid: "{{ gid }}"
sid: "{{ sid }}"
revision: "{{ revision }}"
msg: "{{ msg }}"
ruleData: "{{ rule_data }}"
isSystemDefined: "{{ is_system_defined }}"
defaultState: "{{ default_state }}"
overrideState: "{{ override_state }}"
groupNames: "{{ group_names }}"
id: "{{ id }}"
type: "{{ type }}"
query_params:
filter: "{{ filter }}"