Get Risky Rules - Blink Documentation

Retrieves all the risky rules in a device’s or group’s policy. Note: Entities in different subscriptions can have the same name. When this used for entities that have the same name, the action returns the list of risky rules of the FIRST entity in the tree.

External DocumentationTo learn more, visit the AlgoSec Firewall Analyzer documentation.

Basic Parameters

Parameter	Description
Entity	The display name of the device, group, or matrix. For example: `Dev-GW-R71Test1`.
Entity Type	The type of the entity.

Advanced Parameters

Parameter	Description
Response Type	The output format.

Example Output

{
	"riskyRules": [
		{
			"device": "Nachos",
			"ruleId": "2B1EA29F-3ED3-4FAC-BA7C-FC27F1A6305F",
			"ruleNum": "1",
			"source": [
				"n10_20_0_0"
			],
			"destination": [
				"Any"
			],
			"service": [
				"Any"
			],
			"action": "accept",
			"documentation": {
				"documentation": ""
			},
			"risks": [
				{
					"code": "R01",
					"severity": "MEDIUM",
					"title": "\"From somewhere to Any allow Any service\" rules"
				}
			],
			"totalBySeverity": {
				"LOW": 0,
				"HIGH": 0,
				"MEDIUM": 1,
				"SUSP_HIGH": 0
			},
			"trafficCount": "0"
		},
		"…"
	],
	"status": true
}

Workflow Library Example

Get Risky Rules with Algosec Firewall Analyzer and Send Results Via Email

Preview this Workflow on desktop

Integrations

​Basic Parameters

​Advanced Parameters

​Example Output

​Workflow Library Example

Basic Parameters

Advanced Parameters

Example Output

Workflow Library Example