editPolicyIntrusionRule - Firepower Threat Defense API v6.2 (FTD v7.2)

Description

The editPolicyIntrusionRule operation handles configuration related to IntrusionRule model.
This API allows you to update the overrideState of the intrusion rule

HTTP request

PUT /api/fdm/v6/policy/intrusionpolicies/{parentId}/intrusionrules/{objId}

Data Parameters

Parameter	Required	Type	Description
version	False	string	A unique string version assigned by the system when the object is created or modified. No assumption can be made on the format or content of this identifier. The identifier must be provided whenever attempting to modify/delete an existing object. As the version will change every time the object is modified, the value provided in this identifier must match exactly what is present in the system or the request will be rejected.
name	False	string	A string that is the name of the Intrusion Rule
gid	False	integer	An integer representing the Generator Identifier.
sid	False	integer	An integer representing the Snort Identifier.
revision	False	integer	A string representing the revision as read from the Rule Update package or as specified by the user.
msg	False	string	A string representing the message to be displayed if this rule is triggered.
ruleData	False	string	A string containing the entire rule as originally read from the Rule Update package or as specified by the user.
isSystemDefined	False	boolean	A Boolean value, TRUE or FALSE (the default). The TRUE value indicates that the system created the object. FALSE indicates that the object is user-defined
defaultState	False	string	An enumerated field that can be null. It can be ALERT, DROP, or DISABLED. Must be null on create/update of intrusion rule.
overrideState	False	string	The rule state enumerated field that can be null. If not null then it will be any state other than defaultState. Must be null on create/update of intrusion rule.
groupNames	False	[string]	A comma separated value set of intrusion rule groups names that this rule belongs to.
id	False	string	A unique string identifier assigned by the system when the object is created. No assumption can be made on the format or content of this identifier. The identifier must be provided whenever attempting to modify/delete (or reference) an existing object. Field level constraints: must match pattern ^((?!;).)*$. (Note: Additional constraints might exist)
type	True	string	A UTF8 string, all letters lower-case, that represents the class-type. This corresponds to the class name.

Path Parameters

Parameter	Required	Type	Description
parentId	True	string
objId	True	string

Example

curl -X PUT \
    --header "Accept: application/json" \
    --header "Authorization: Bearer ${ACCESS_TOKEN}" \
    --header "Content-Type: application/json" \
    -d '{
        "defaultState": "DISABLED",
        "gid": 0,
        "groupNames": [],
        "id": "string",
        "isSystemDefined": true,
        "msg": "string",
        "name": "string",
        "overrideState": "DISABLED",
        "revision": 0,
        "ruleData": "string",
        "sid": 0,
        "type": "intrusionrule",
        "version": "string"
    }' \
    "https://${HOST}:${PORT}/api/fdm/v6/policy/intrusionpolicies/{parentId}/intrusionrules/{objId}"

from bravado.requests_client import RequestsClient
from bravado.client import SwaggerClient


def get_client(host, token):
    http_client = RequestsClient()
    http_client.ssl_verify = False
    http_client.set_api_key(
        host,
        "Bearer {}".format(token),
        param_name="Authorization",
        param_in="header"
    )
    return SwaggerClient.from_url(
        "https://{}/apispec/ngfw.json".format(host),
        http_client=http_client,
        config={
            "validate_responses": False,
            "validate_swagger_spec": False
        }
    )


def edit_policy_intrusion_rule(client, parent_id, obj_id, body):
    return client.IntrusionPolicy.editPolicyIntrusionRule(
        parentId=parent_id,
        objId=obj_id,
        body=body
    ).response().result


if __name__ == "__main__":
    host = "ftd.example.com"
    token = "access_token"
    client = get_client(host, token)

    parent_id = "string"
    obj_id = "string"
    body = {'defaultState': 'DISABLED',
 'gid': 0,
 'groupNames': [],
 'id': 'string',
 'isSystemDefined': True,
 'msg': 'string',
 'name': 'string',
 'overrideState': 'DISABLED',
 'revision': 0,
 'ruleData': 'string',
 'sid': 0,
 'type': 'intrusionrule',
 'version': 'string'}

    edit_policy_intrusion_rule(client, parent_id, obj_id, body)