Retrieves all the risky rules in a device’s or group’s policy.

Note: Entities in different subscriptions can have the same name. When this used for entities that have the same name, the action returns the list of risky rules of the FIRST entity in the tree.

External Documentation

To learn more, visit the AlgoSec Firewall Analyzer documentation.

Basic Parameters

ParameterDescription
EntityThe display name of the device, group, or matrix.For example: Dev-GW-R71Test1.
Entity TypeThe type of the entity.

Advanced Parameters

ParameterDescription
Response TypeThe output format.

Example Output

{
	"riskyRules": [
		{
			"device": "Nachos",
			"ruleId": "2B1EA29F-3ED3-4FAC-BA7C-FC27F1A6305F",
			"ruleNum": "1",
			"source": [
				"n10_20_0_0"
			],
			"destination": [
				"Any"
			],
			"service": [
				"Any"
			],
			"action": "accept",
			"documentation": {
				"documentation": ""
			},
			"risks": [
				{
					"code": "R01",
					"severity": "MEDIUM",
					"title": "\"From somewhere to Any allow Any service\" rules"
				}
			],
			"totalBySeverity": {
				"LOW": 0,
				"HIGH": 0,
				"MEDIUM": 1,
				"SUSP_HIGH": 0
			},
			"trafficCount": "0"
		},
		"…"
	],
	"status": true
}

Workflow Library Example

Get Risky Rules with Algosec Firewall Analyzer and Send Results Via Email

Preview this Workflow on desktop

Was this page helpful?