Description
The addIntrusionPolicy operation handles configuration related to IntrusionPolicy model.
This API call is not allowed on the standby unit in an HA pair.
This API is only supported for Snort 3. This will allow the creation of a custom Intrusion Policy in Snort 3 mode
HTTP request
POST /api/fdm/v6/policy/intrusionpoliciesData Parameters
| Parameter | Required | Type | Description | |||
|---|---|---|---|---|---|---|
| name | True | string | A mandatory Unicode alphanumeric string containing the name of the policy, from 1 to 65 characters. The string cannot include HTML tags. | |||
| description | False | string | A mandatory Unicode alphanumeric string containing the name of the group policy, from 1 to 65 characters. The string cannot include HTML tags. Field level constraints: must match pattern ^((?!;).)*$. (Note: Additional constraints might exist) |
|||
| basePolicy | False | object | In snort 3, a mandatory field for user created policy referring to a system defined policy; for system defined policies it will be null. In snort 2, this field is not used and is set to null. Allowed types are: [IntrusionPolicy] |
|||
| rules | False | object | A reference link is provided here to fetch the IntrusionRule(s) separately. | |||
| ruleGroups | False | object | A reference link is provided here to fetch the IntrusionRuleGroup(s) separately. | |||
| inspectionMode | False | string | A enum value (DETECTION or PREVENTION(default)) that controls IPS inspection mode. In DETECTION mode, rules set to DROP are configured to ALERT result in alerts only. In PREVENTION mode, they apply as configured. | |||
| isSystemDefined | False | boolean | A boolean value that indicates if the current policy is system defined or not | |||
| type | True | string | A UTF8 string, all letters lower-case, that represents the class-type. This corresponds to the class name. | |||
Example
curl -X POST \
--header "Accept: application/json" \
--header "Authorization: Bearer ${ACCESS_TOKEN}" \
--header "Content-Type: application/json" \
-d '{
"basePolicy": {
"id": "string",
"name": "string",
"type": "string",
"version": "string"
},
"description": "string",
"id": "string",
"inspectionMode": "DETECTION",
"isSystemDefined": true,
"name": "string",
"ruleGroups": {
"links": {
"self": "string"
}
},
"rules": {
"links": {
"self": "string"
}
},
"type": "intrusionpolicy",
"version": "string"
}' \
"https://${HOST}:${PORT}/api/fdm/v6/policy/intrusionpolicies"from bravado.requests_client import RequestsClient
from bravado.client import SwaggerClient
def get_client(host, token):
http_client = RequestsClient()
http_client.ssl_verify = False
http_client.set_api_key(
host,
"Bearer {}".format(token),
param_name="Authorization",
param_in="header"
)
return SwaggerClient.from_url(
"https://{}/apispec/ngfw.json".format(host),
http_client=http_client,
config={
"validate_responses": False,
"validate_swagger_spec": False
}
)
def add_intrusion_policy(client, body):
return client.IntrusionPolicy.addIntrusionPolicy(
body=body
).response().result
if __name__ == "__main__":
host = "ftd.example.com"
token = "access_token"
client = get_client(host, token)
body = {'basePolicy': {'id': 'string',
'name': 'string',
'type': 'string',
'version': 'string'},
'description': 'string',
'inspectionMode': 'DETECTION',
'isSystemDefined': True,
'name': 'string',
'ruleGroups': {'links': {'self': 'string'}},
'rules': {'links': {'self': 'string'}},
'type': 'intrusionpolicy'}
add_intrusion_policy(client, body)