Skip to main content
Create a Firewall Control rule for a scope specified by ID (run “accounts”, “sites”, “groups”, or set “tenant” to “true”) and specific OS, to allow or block network traffic to matching endpoints. You can create one clean-up rule, with the Action of Allow or Block and with no other parameters defined explicitly. Make this the default rule at the end of your rule list. Traffic that does not match other rules first will match this rule. If you do not have a clean-up rule to match all traffic, the default Firewall Control behavior is to allow traffic that is not explicitly blocked. Firewall Control requires Control SKU.

Parameters

ParameterDescription
DataThe rule’s data. For more information visit: https://your-subdomain.sentinelone.net/api-doc/api-details?category=firewall-control&api=create-firewall-rule
FilterA scope specified by ID (run “accounts”, “sites”, “groups”, or set “tenant” to “true”) and specific OS, to allow or block network traffic to matching endpoints. For more information visit: https://your-subdomain.sentinelone.net/api-doc/api-details?category=firewall-control&api=create-firewall-rule

Example Output

{
	"data": {
		"action": "<string>",
		"application": {
			"type": "<string>",
			"values": []
		},
		"createdAt": "2024-01-28T10:08:17",
		"creator": "<string>",
		"creatorId": "<string>",
		"description": "<string>",
		"direction": "<string>",
		"editable": false,
		"id": "<string>",
		"localHost": {
			"type": "<string>",
			"values": []
		},
		"localPort": {
			"type": "<string>",
			"values": []
		},
		"location": {
			"type": "<string>",
			"values": []
		},
		"name": "<string>",
		"order": 935,
		"osType": "<string>",
		"osTypes": [
			"<string>"
		],
		"protocol": null,
		"remoteHost": {
			"type": "<string>",
			"values": []
		},
		"remoteHosts": [
			{
				"type": "<string>",
				"values": []
			}
		],
		"remotePort": {
			"type": "<string>",
			"values": []
		},
		"ruleCategory": "<string>",
		"scope": "<string>",
		"scopeId": "<string>",
		"status": "<string>",
		"tag": "<string>",
		"tagIds": [],
		"tagNames": [],
		"tags": [],
		"updatedAt": "2021-06-10T07:25:05"
	}
}

Workflow Library Example

Create Firewall Rule with Sentinelone and Send Results Via Email
Workflow LibraryPreview this Workflow on desktop
I