Get Risky Rules
Retrieves all the risky rules in a device's or group's policy.
Note: Entities in different subscriptions can have the same name. When this used for entities that have the same name, the action returns the list of risky rules of the FIRST entity in the tree.
External Documentation
To learn more, visit the AlgoSec Firewall Analyzer documentation.
Basic Parameters
| Parameter | Description |
|---|---|
| Entity | The display name of the device, group, or matrix. For example: Dev-GW-R71Test1. |
| Entity Type | The type of the entity. |
Advanced Parameters
| Parameter | Description |
|---|---|
| Response Type | The output format. |
Example Output
{
"riskyRules": [
{
"device": "Nachos",
"ruleId": "2B1EA29F-3ED3-4FAC-BA7C-FC27F1A6305F",
"ruleNum": "1",
"source": [
"n10_20_0_0"
],
"destination": [
"Any"
],
"service": [
"Any"
],
"action": "accept",
"documentation": {
"documentation": ""
},
"risks": [
{
"code": "R01",
"severity": "MEDIUM",
"title": "\"From somewhere to Any allow Any service\" rules"
}
],
"totalBySeverity": {
"LOW": 0,
"HIGH": 0,
"MEDIUM": 1,
"SUSP_HIGH": 0
},
"trafficCount": "0"
},
"…"
],
"status": true
}
Workflow Library Example
Get Risky Rules with Algosec Firewall Analyzer and Send Results Via Email
Preview this Workflow on desktop