Description
The createIntrusionRuleGroup operation handles configuration related to IntrusionRuleGroup model.
This API call is not allowed on the standby unit in an HA pair.
This API is only supported for Snort 3. This will allow the user to create a custom intrusion rule group.
HTTP request
POST /api/fdm/v6/object/intrusionrulegroupsData Parameters
| Parameter | Required | Type | Description | |||
|---|---|---|---|---|---|---|
| version | False | string | A unique string version assigned by the system when the object is created or modified. No assumption can be made on the format or content of this identifier. The identifier must be provided whenever attempting to modify/delete an existing object. As the version will change every time the object is modified, the value provided in this identifier must match exactly what is present in the system or the request will be rejected. | |||
| name | True | string | A string that is the name of the Intrusion Rule Group | |||
| description | False | string | A string that is the description of the Intrusion Rule Group Field level constraints: must match pattern ^((?!;).)*$, length must be between 0 and 32 (inclusive). (Note: Additional constraints might exist) |
|||
| isSystemDefined | False | boolean | Read-only field that declares whether this object is defined by Talos or the user | |||
| childGroups | False | [object] | A list of all children IntrusionRuleGroups under a Intrusion Rule Group. Only Talos groups can have child groups. Must be null on create/update of intrusion rule group. Allowed types are: [IntrusionRuleGroup] |
|||
| defaultSecurityLevel | False | string | Optional read-only field. When queried in the context of policy, this will show the configured security level. Must be null on create/update of intrusion rule group. | |||
| overrideSecurityLevel | False | string | Optional read-only field. When queried in context of a policy, this will show the User configured security level override. Must be null on create/update of intrusion rule group. | |||
| id | False | string | A unique string identifier assigned by the system when the object is created. No assumption can be made on the format or content of this identifier. The identifier must be provided whenever attempting to modify/delete (or reference) an existing object. Field level constraints: must match pattern ^((?!;).)*$. (Note: Additional constraints might exist) |
|||
| type | True | string | A UTF8 string, all letters lower-case, that represents the class-type. This corresponds to the class name. | |||
Example
curl -X POST \
--header "Accept: application/json" \
--header "Authorization: Bearer ${ACCESS_TOKEN}" \
--header "Content-Type: application/json" \
-d '{
"childGroups": [],
"defaultSecurityLevel": "DISABLED",
"description": "string",
"id": "string",
"isSystemDefined": true,
"name": "string",
"overrideSecurityLevel": "DISABLED",
"type": "intrusionrulegroup",
"version": "string"
}' \
"https://${HOST}:${PORT}/api/fdm/v6/object/intrusionrulegroups"from bravado.requests_client import RequestsClient
from bravado.client import SwaggerClient
def get_client(host, token):
http_client = RequestsClient()
http_client.ssl_verify = False
http_client.set_api_key(
host,
"Bearer {}".format(token),
param_name="Authorization",
param_in="header"
)
return SwaggerClient.from_url(
"https://{}/apispec/ngfw.json".format(host),
http_client=http_client,
config={
"validate_responses": False,
"validate_swagger_spec": False
}
)
def create_intrusion_rule_group(client, body):
return client.IntrusionPolicy.createIntrusionRuleGroup(
body=body
).response().result
if __name__ == "__main__":
host = "ftd.example.com"
token = "access_token"
client = get_client(host, token)
body = {'childGroups': [],
'defaultSecurityLevel': 'DISABLED',
'description': 'string',
'id': 'string',
'isSystemDefined': True,
'name': 'string',
'overrideSecurityLevel': 'DISABLED',
'type': 'intrusionrulegroup',
'version': 'string'}
create_intrusion_rule_group(client, body)