getPolicyIntrusionRuleGroupList - Firepower Threat Defense API v6.2 (FTD v7.2)

Description

The getPolicyIntrusionRuleGroupList operation handles configuration related to IntrusionRuleGroup model.
This API is only supported for Snort 3.

If the same filter is specified twice, it will be treated as an OR. If different filters are used, they will be treated as an AND. For example if you wish to see all rule groups that have a defaultSecurityLevel of LEVEL1 or LEVEL2 you would use "defaultSecurityLevel:LEVEL1,LEVEL2". If you want to see all rule groups that have a defaultSecurityLevel of LEVEL1 and have a name like "browser" you would use "defaultSecurityLevel:LEVEL1;name~browser".

In addition, this API supports a variety of non-standard filters.

currentSecurityLevel will match against the overrideSecurityLevel if one exists, else it will match against the defaultSecurityLevel.

overrideSecurityLevel can be used as a standard field filter, it can also be used to return all groups that have an override (overrideSecurityLevel!null) or all groups that do not have an override (overrideSecurityLevel:null).

searchChildren can be either TRUE or FALSE and will determine if the filter criteria will be applied to the children of a parent group. This allows you to return a parent based on a matching child.

childGroups can be either null or not null. If childGroups is set to null then only child groups will be returned (childGroups:null). If childGroups is set to not null then only parent groups will be returned (childGroups!null).

This API also supports additional sort fields - name, currentSecurityLevel, defaultSecurityLevel, overrideSecurityLevel.

HTTP request

GET /api/fdm/v6/policy/intrusionpolicies/{parentId}/intrusionrulegroups

Path Parameters

Parameter	Required	Type	Description
parentId	True	string

Query Parameters

Parameter	Required	Type	Description
offset	False	integer	An integer representing the index of the first requested object. Index starts from 0. If not specified, the returned objects will start from index 0
limit	False	integer	An integer representing the maximum amount of objects to return. If not specified, the maximum amount is 10
sort	False	string	The field used to sort the requested object list
filter	False	string	The criteria used to filter the models you are requesting. It should have the following format: {key}{operator}{value}[;{key}{operator}{value}]. Supported operators are: "!"(not equals), ":"(equals), "~"(similar). Supported keys are: "childgroups", "currentsecuritylevel", "defaultsecuritylevel", "issystemdefined", "name", "overridesecuritylevel", "rulegroupid", "searchchildren", "fts". The "fts" filter cannot be used with other filters.

Example

curl -X GET \
    --header "Accept: application/json" \
    --header "Authorization: Bearer ${ACCESS_TOKEN}" \
    "https://${HOST}:${PORT}/api/fdm/v6/policy/intrusionpolicies/{parentId}/intrusionrulegroups"

from bravado.requests_client import RequestsClient
from bravado.client import SwaggerClient


def get_client(host, token):
    http_client = RequestsClient()
    http_client.ssl_verify = False
    http_client.set_api_key(
        host,
        "Bearer {}".format(token),
        param_name="Authorization",
        param_in="header"
    )
    return SwaggerClient.from_url(
        "https://{}/apispec/ngfw.json".format(host),
        http_client=http_client,
        config={
            "validate_responses": False,
            "validate_swagger_spec": False
        }
    )


def get_policy_intrusion_rule_group_list(client, parent_id):
    return client.IntrusionPolicy.getPolicyIntrusionRuleGroupList(
        parentId=parent_id
    ).response().result


if __name__ == "__main__":
    host = "ftd.example.com"
    token = "access_token"
    client = get_client(host, token)

    parent_id = "string"

    get_policy_intrusion_rule_group_list(client, parent_id)