Retrieves all the risky rules in a device’s or group’s policy. Note: Entities in different subscriptions can have the same name. When this used for entities that have the same name, the action returns the list of risky rules of the FIRST entity in the tree.
External DocumentationTo learn more, visit the AlgoSec Firewall Analyzer documentation.

Basic Parameters

ParameterDescription
EntityThe display name of the device, group, or matrix.

For example: Dev-GW-R71Test1.
Entity TypeThe type of the entity.

Advanced Parameters

ParameterDescription
Response TypeThe output format.

Example Output

{
	"riskyRules": [
		{
			"device": "Nachos",
			"ruleId": "2B1EA29F-3ED3-4FAC-BA7C-FC27F1A6305F",
			"ruleNum": "1",
			"source": [
				"n10_20_0_0"
			],
			"destination": [
				"Any"
			],
			"service": [
				"Any"
			],
			"action": "accept",
			"documentation": {
				"documentation": ""
			},
			"risks": [
				{
					"code": "R01",
					"severity": "MEDIUM",
					"title": "\"From somewhere to Any allow Any service\" rules"
				}
			],
			"totalBySeverity": {
				"LOW": 0,
				"HIGH": 0,
				"MEDIUM": 1,
				"SUSP_HIGH": 0
			},
			"trafficCount": "0"
		},
		"…"
	],
	"status": true
}

Workflow Library Example

Get Risky Rules with Algosec Firewall Analyzer and Send Results Via Email
Workflow LibraryPreview this Workflow on desktop