Skip to main content

Search Rules

Retrieves a list of rules according to the provided search query.

External Documentation

To learn more, visit the AlgoSec Firewall Analyzer documentation.

Basic Parameters

ParameterDescription
Device Tree NameTree name of the device. Can refer to a device, group or ALL_FIREWALLS. Can be obtained via List Devices action.
Rule Search QuerySearch query. The format for a simple query is: [Column Name][Basic Operator][Value].For example: Source ==1.2.3.4 which equals to Source equals to "1.2.3.4".For further information regarding Advanced Search Query format, please refer to AlgoSec Documentation.
Search TypeDefines the type of the search to perform and the amount information to retrieve.
  • Basic - Returns only basic information on the rules. By default, search results are limited to 10,000 rules for basic search.
  • Full - Returns more information on the rules. By default, search results are limited to 5,000 rules for full search.

Advanced Parameters

ParameterDescription
Exact MatchDetermines whether to list only the objects that contain the exact IP address(es) or service(s) you are searching for.
Include AnyIn addition to the search query, include rules that contain the value Any in any of the queried fields.
Include ContainmentEnhance the query to search additionally for objects that contain the searched object/IP address.

Example Output

{
"totalFoundRulesCount": 2,
"devicesFoundBySearch": [
{
"deviceFoundRulesCount": 2,
"deviceInfo": {
"treeName": "Anemone_Meraki",
"displayName": "Anemone1_Meraki",
"brand": "ciscomeraki"
},
"foundRules": [
{
"criteriaMatch": [
{
"field": "Src. Address",
"values": [
"Any"
]
}
],
"rule": {
"deviceId": 60400,
"deviceDisplayName": "Anemone1_Meraki",
"ruleId": "l3_inbound_rule_default",
"ruleNum": "17",
"source": [
{
"canonizedName": "Any",
"invalidNamedObject": true
}
],
"isNegateSource": false,
"destination": [
{
"canonizedName": "Any",
"invalidNamedObject": true
}
],
"urlCategories": [
{
"canonizedName": "",
"invalidNamedObject": true
}
],
"isNegateDestination": false,
"service": [
{
"canonizedName": "Any",
"invalidNamedObject": true
}
],
"isNegateService": false,
"action": "",
"comment": [
"Default rule"
],
"enable": "",
"log": "",
"link": "rule_l3_inbound_rule_default",
"documentation": {
"business criticality": "",
"business partner": "",
"documentation": "",
"business applications": ""
},
"additionalData": {
"group_policy_name": [
{
"value": ""
}
],
"src_port": [
{
"value": ""
}
],
"protocol": [
{
"value": ""
}
],
"group_rulenum": [
{
"value": ""
}
],
"dst_port": [
{
"value": ""
}
],
"policy": [
{
"value": "Deny"
}
]
},
"isValidUserSourceModel": true
}
},
{
"criteriaMatch": [
{
"field": "Src. Address",
"values": [
"GroupPolicy_Public_GP_Clients"
]
}
],
"rule": {
"deviceId": 40900,
"deviceDisplayName": "Anemone1_Meraki",
"ruleId": "Public_rule_1",
"ruleNum": "8",
"source": [
{
"canonizedName": "GroupPolicy_Public_GP_Clients",
"invalidNamedObject": true
}
],
"isNegateSource": false,
"destination": [
{
"canonizedName": "10.60.17.88/32",
"invalidNamedObject": true
}
],
"urlCategories": [
{
"canonizedName": "",
"invalidNamedObject": true
}
],
"isNegateDestination": false,
"service": [
{
"canonizedName": "tcp/*/*",
"invalidNamedObject": true
}
],
"isNegateService": false,
"action": "",
"comment": [
"test drop"
],
"enable": "",
"log": "",
"link": "rule_Public_rule_1",
"documentation": {
"business criticality": "",
"business partner": "",
"documentation": "",
"business applications": ""
},
"additionalData": {
"group_policy_name": [
{
"value": "Public_GP"
}
],
"src_port": [
{
"value": "Any"
}
],
"protocol": [
{
"value": "TCP"
}
],
"group_rulenum": [
{
"value": "1"
}
],
"dst_port": [
{
"value": "Any"
}
],
"policy": [
{
"value": "Deny"
}
]
},
"isValidUserSourceModel": true
}
},
{
"criteriaMatch": [
{
"field": "Src. Address",
"values": [
"Any"
]
}
],
"rule": {
"deviceId": 40900,
"deviceDisplayName": "Anemone1_Meraki",
"ruleId": "l3_outbound_rule_default",
"ruleNum": "16",
"source": [
{
"canonizedName": "Any",
"invalidNamedObject": true
}
],
"isNegateSource": false,
"destination": [
{
"canonizedName": "Any",
"invalidNamedObject": true
}
],
"urlCategories": [
{
"canonizedName": "",
"invalidNamedObject": true
}
],
"isNegateDestination": false,
"service": [
{
"canonizedName": "Any",
"invalidNamedObject": true
}
],
"isNegateService": false,
"action": "",
"comment": [
"Default rule"
],
"enable": "",
"log": "",
"link": "rule_l3_outbound_rule_default",
"documentation": {
"business criticality": "",
"business partner": "",
"documentation": "",
"business applications": ""
},
"additionalData": {
"group_policy_name": [
{
"value": ""
}
],
"src_port": [
{
"value": "Any"
}
],
"protocol": [
{
"value": "Any"
}
],
"group_rulenum": [
{
"value": ""
}
],
"dst_port": [
{
"value": "Any"
}
],
"policy": [
{
"value": "Allow"
}
]
},
"isValidUserSourceModel": true
}
},
]
}
]
}

Workflow Library Example

Search Rules with Algosec Firewall Analyzer and Send Results Via Email

Workflow LibraryPreview this Workflow on desktop