Skip to main content

Get Out-of-Band WAAS Policy

GET 
/api/v32.07/policies/firewall/app/out-of-band
x-prisma-cloud-target-env: {"permission":"policyWAAS"}

Discovers and detects the HTTP traffic for an existing WAAS out of band custom rule. A policy consists of ordered rules.

This endpoint maps to Defend > WAAS > Out of band in the Console UI.

cURL Request

Refer to the following example cURL command:

$ curl -k \
  -u <USER> \
  -H 'Content-Type: application/json' \
  -X GET \
  'https://<CONSOLE>/api/v<VERSION>/policies/firewall/app/out-of-band'

A successful response returns a list of rules in the policy.

Responses

Policy representation details

Schema
    _id string

    Unique internal ID.

    maxPort integer

    Specifies the upper limit (maxima) for a port number to use in an application firewall.

    minPort integer

    Specifies the lower limit (minima) for a port number to use in an application firewall.

    rules object[]

    Specifies the rules in a policy.

  • Array [
    • allowMalformedHttpHeaderNames boolean

    Indicates whether to allow non-compliant characters in the HTTP request header.

    applicationsSpec object[]

    Lists the OpenAPI specifications in a rule.

  • Array [
    • apiSpec object

    APISpec is an API specification

    description string

    Description of the app.

    effect waas.Effect (string)

    Possible values: [ban,prevent,alert,allow,disable,reCAPTCHA]

    Effect is the effect that will be used in the rule

    endpoints object[]

    The app's endpoints.

  • Array [
    • basePath string

    Base path for the endpoint.

    exposedPort integer

    Exposed port that the proxy is listening on.

    grpc boolean

    Indicates if the proxy supports gRPC (true) or not (false).

    host string

    URL address (name or IP) of the endpoint's API specification (e.g., petstore.swagger.io). The address can be prefixed with a wildcard (e.g., *.swagger.io).

    http2 boolean

    Indicates if the proxy supports HTTP/2 (true) or not (false).

    internalPort integer

    Internal port that the application is listening on.

    tls boolean

    Indicates if the connection is secured (true) or not (false).

  • ]
    • fallbackEffect waas.Effect (string)

    Possible values: [ban,prevent,alert,allow,disable,reCAPTCHA]

    Effect is the effect that will be used in the rule

    paths object[]

    Paths of the API's endpoints.

  • Array [
    • methods object[]

    Supported operations for the path (e.g., PUT, GET, etc.).

  • Array [
    • method string

    Type of HTTP request (e.g., PUT, GET, etc.).

    parameters object[]

    Parameters that are part of the HTTP request.

  • Array [
    • allowEmptyValue boolean

    Indicates if an empty value is allowed (true) or not (false).

    array boolean

    Indicates if multiple values of the specified type are allowed (true) or not (false).

    explode boolean

    Indicates if arrays should generate separate parameters for each array item or object property.

    location waas.ParamLocation (string)

    Possible values: [path,query,cookie,header,body,json,xml,formData,multipart]

    ParamLocation is the location of a parameter

    max double

    Maximum allowable value for a numeric parameter.

    min double

    Minimum allowable value for a numeric parameter.

    name string

    Name of the parameter.

    required boolean

    Indicates if the parameter is required (true) or not (false).

    style waas.ParamStyle (string)

    Possible values: [simple,spaceDelimited,tabDelimited,pipeDelimited,form,matrix,label]

    ParamStyle is a param format style, defined by OpenAPI specification It describes how the parameter value will be serialized depending on the type of the parameter value. Ref: https://swagger.io/docs/specification/serialization/ https://github.com/OAI/OpenAPI-Specification/blob/master/versions/3.0.0.md#style-examples

    type waas.ParamType (string)

    Possible values: [integer,number,string,boolean,array,object]

    ParamType is the type of a parameter, defined by OpenAPI specification Ref: https://github.com/OAI/OpenAPI-Specification/blob/master/versions/2.0.md#data-types

  • ]
  • ]
    • path string

    Relative path to an endpoint such as "/pet/{petId}".

  • ]
    • queryParamFallbackEffect waas.Effect (string)

    Possible values: [ban,prevent,alert,allow,disable,reCAPTCHA]

    Effect is the effect that will be used in the rule

    appID string

    Unique ID for the app.

    attackTools object

    ProtectionConfig represents a WAAS protection config

    effect waas.Effect (string)

    Possible values: [ban,prevent,alert,allow,disable,reCAPTCHA]

    Effect is the effect that will be used in the rule

    exceptionFields object[]

    Exceptions.

  • Array [
    • key string

    Field in HTTP request.

    keyPattern boolean

    Match and scrub by keys, relevant when location is not defined.

    location waas.ExceptionLocation (string)

    Possible values: [path,query,queryValues,cookie,UserAgentHeader,header,body,rawBody,XMLPath,JSONPath]

    ExceptionLocation indicates exception http field location

    response boolean

    Indicates that sensitive data should be checked in response, only relevant for pattern based sensitive data rule.

    valuePattern boolean

    Match and scrub by values, relevant when location is not defined.

  • ]
    • autoApplyPatchesSpec object

    AutoApplyPatchesSpec is the configuration for automation apply patches protection

    effect waas.Effect (string)

    Possible values: [ban,prevent,alert,allow,disable,reCAPTCHA]

    Effect is the effect that will be used in the rule

    banDurationMinutes integer

    Ban duration, in minutes.

    body object

    BodyConfig represents app configuration related to HTTP Body

    inspectionLimitExceededEffect waas.Effect (string)

    Possible values: [ban,prevent,alert,allow,disable,reCAPTCHA]

    Effect is the effect that will be used in the rule

    inspectionSizeBytes integer

    InspectionSizeBytes represents the max amount of data to inspect in request body.

    skip boolean

    Skip indicates that body inspection should be skipped.

    botProtectionSpec object

    BotProtectionSpec is the bot protections spec

    interstitialPage boolean

    Indicates if an interstitial page is served (true) or not (false).

    jsInjectionSpec object

    JSInjectionSpec is the js injection protection spec

    enabled boolean

    Indicates if JavaScript injection is enabled (true) or not (false).

    timeoutEffect waas.Effect (string)

    Possible values: [ban,prevent,alert,allow,disable,reCAPTCHA]

    Effect is the effect that will be used in the rule

    knownBotProtectionsSpec object

    KnownBotProtectionsSpec is the known bot protections spec

    archiving waas.Effect (string)

    Possible values: [ban,prevent,alert,allow,disable,reCAPTCHA]

    Effect is the effect that will be used in the rule

    businessAnalytics waas.Effect (string)

    Possible values: [ban,prevent,alert,allow,disable,reCAPTCHA]

    Effect is the effect that will be used in the rule

    careerSearch waas.Effect (string)

    Possible values: [ban,prevent,alert,allow,disable,reCAPTCHA]

    Effect is the effect that will be used in the rule

    contentFeedClients waas.Effect (string)

    Possible values: [ban,prevent,alert,allow,disable,reCAPTCHA]

    Effect is the effect that will be used in the rule

    educational waas.Effect (string)

    Possible values: [ban,prevent,alert,allow,disable,reCAPTCHA]

    Effect is the effect that will be used in the rule

    financial waas.Effect (string)

    Possible values: [ban,prevent,alert,allow,disable,reCAPTCHA]

    Effect is the effect that will be used in the rule

    mediaSearch waas.Effect (string)

    Possible values: [ban,prevent,alert,allow,disable,reCAPTCHA]

    Effect is the effect that will be used in the rule

    news waas.Effect (string)

    Possible values: [ban,prevent,alert,allow,disable,reCAPTCHA]

    Effect is the effect that will be used in the rule

    searchEngineCrawlers waas.Effect (string)

    Possible values: [ban,prevent,alert,allow,disable,reCAPTCHA]

    Effect is the effect that will be used in the rule

    reCAPTCHASpec object

    ReCAPTCHASpec is the reCAPTCHA spec

    allSessions boolean

    Indicates if the reCAPTCHA page is served at the start of every new session (true) or not (false).

    customPageSpec object

    CustomReCAPTCHAPageSpec is the custom reCAPTCHA page spec

    body string

    Custom HTML for the reCAPTCHA page.

    enabled boolean

    Indicates if the custom reCAPTCHA page is enabled.

    enabled boolean

    Indicates if reCAPTCHA integration is enabled (true) or not (false).

    secretKey object

    Secret Stores the plain and encrypted version of a value. The plain version is not stored in a database

    encrypted string

    Specifies an encrypted value of the secret.

    plain string

    Specifies the plain text value of the secret.

    siteKey string

    ReCAPTCHA site key to use when invoking the reCAPTCHA service.

    successExpirationHours integer

    Duration for which the indication of reCAPTCHA success is kept. Maximum value is 30 days * 24 = 720 hours.

    type waas.ReCAPTCHAType (string)

    Possible values: [checkbox,invisible]

    ReCAPTCHAType is the reCAPTCHA configured type

    sessionValidation waas.Effect (string)

    Possible values: [ban,prevent,alert,allow,disable,reCAPTCHA]

    Effect is the effect that will be used in the rule

    unknownBotProtectionSpec object

    UnknownBotProtectionSpec is the unknown bot protection spec

    apiLibraries waas.Effect (string)

    Possible values: [ban,prevent,alert,allow,disable,reCAPTCHA]

    Effect is the effect that will be used in the rule

    botImpersonation waas.Effect (string)

    Possible values: [ban,prevent,alert,allow,disable,reCAPTCHA]

    Effect is the effect that will be used in the rule

    browserImpersonation waas.Effect (string)

    Possible values: [ban,prevent,alert,allow,disable,reCAPTCHA]

    Effect is the effect that will be used in the rule

    generic waas.Effect (string)

    Possible values: [ban,prevent,alert,allow,disable,reCAPTCHA]

    Effect is the effect that will be used in the rule

    httpLibraries waas.Effect (string)

    Possible values: [ban,prevent,alert,allow,disable,reCAPTCHA]

    Effect is the effect that will be used in the rule

    requestAnomalies object

    RequestAnomalies is the request anomalies spec

    effect waas.Effect (string)

    Possible values: [ban,prevent,alert,allow,disable,reCAPTCHA]

    Effect is the effect that will be used in the rule

    threshold waas.RequestAnomalyThreshold (integer)

    Possible values: [3,6,9]

    RequestAnomalyThreshold is the score threshold for which request anomaly violation is triggered

    webAutomationTools waas.Effect (string)

    Possible values: [ban,prevent,alert,allow,disable,reCAPTCHA]

    Effect is the effect that will be used in the rule

    webScrapers waas.Effect (string)

    Possible values: [ban,prevent,alert,allow,disable,reCAPTCHA]

    Effect is the effect that will be used in the rule

    userDefinedBots object[]

    Effects to perform when user-defined bots are detected.

  • Array [
    • effect waas.Effect (string)

    Possible values: [ban,prevent,alert,allow,disable,reCAPTCHA]

    Effect is the effect that will be used in the rule

    headerName string

    Header name which defines the bot.

    headerValues string (string)[]

    Header values corresponding to the header name. Can contain wildcards.

    name string

    Name of the bot.

    subnets string (string)[]

    Subnets where the bot originates. Specify using network lists.

  • ]
    • certificate object

    Secret Stores the plain and encrypted version of a value. The plain version is not stored in a database

    encrypted string

    Specifies an encrypted value of the secret.

    plain string

    Specifies the plain text value of the secret.

    clickjackingEnabled boolean

    Indicates whether clickjacking protection is enabled (true) or not (false).

    cmdi object

    ProtectionConfig represents a WAAS protection config

    effect waas.Effect (string)

    Possible values: [ban,prevent,alert,allow,disable,reCAPTCHA]

    Effect is the effect that will be used in the rule

    exceptionFields object[]

    Exceptions.

  • Array [
    • key string

    Field in HTTP request.

    keyPattern boolean

    Match and scrub by keys, relevant when location is not defined.

    location waas.ExceptionLocation (string)

    Possible values: [path,query,queryValues,cookie,UserAgentHeader,header,body,rawBody,XMLPath,JSONPath]

    ExceptionLocation indicates exception http field location

    response boolean

    Indicates that sensitive data should be checked in response, only relevant for pattern based sensitive data rule.

    valuePattern boolean

    Match and scrub by values, relevant when location is not defined.

  • ]
    • codeInjection object

    ProtectionConfig represents a WAAS protection config

    effect waas.Effect (string)

    Possible values: [ban,prevent,alert,allow,disable,reCAPTCHA]

    Effect is the effect that will be used in the rule

    exceptionFields object[]

    Exceptions.

  • Array [
    • key string

    Field in HTTP request.

    keyPattern boolean

    Match and scrub by keys, relevant when location is not defined.

    location waas.ExceptionLocation (string)

    Possible values: [path,query,queryValues,cookie,UserAgentHeader,header,body,rawBody,XMLPath,JSONPath]

    ExceptionLocation indicates exception http field location

    response boolean

    Indicates that sensitive data should be checked in response, only relevant for pattern based sensitive data rule.

    valuePattern boolean

    Match and scrub by values, relevant when location is not defined.

  • ]
    • csrfEnabled boolean

    Indicates whether Cross-Site Request Forgery (CSRF) protection is enabled (true) or not (false).

    customBlockResponse object

    CustomBlockResponseConfig is a custom block message config for a policy

    body string

    Custom HTML for the block response.

    code integer

    Custom HTTP response code for the block response.

    enabled boolean

    Indicates if the custom block response is enabled (true) or not (false).

    customRules object[]

    List of custom runtime rules.

  • Array [
    • _id integer

    Custom rule ID.

    action customrules.Action (string)

    Possible values: [audit,incident]

    Action is the action to perform if the custom rule applies

    effect customrules.Effect (string)

    Possible values: [block,prevent,alert,allow,ban,disable]

    Effect is the effect that will be used for custom rule

  • ]
    • disableEventIDHeader boolean

    Indicates if event ID header should be attached to the response or not.

    dosConfig object

    DoSConfig is a dos policy specification

    alert object

    DoSRates specifies dos requests rates (thresholds)

    average integer

    Average request rate (requests / second).

    burst integer

    Burst request rate (requests / second).

    ban object

    DoSRates specifies dos requests rates (thresholds)

    average integer

    Average request rate (requests / second).

    burst integer

    Burst request rate (requests / second).

    enabled boolean

    Enabled indicates if dos protection is enabled.

    excludedNetworkLists string (string)[]

    Network IPs to exclude from DoS tracking.

    matchConditions object[]

    Conditions on which to match to track a request. The conditions are \"OR\"'d together during the check.

  • Array [
    • fileTypes string (string)[]

    File types for request matching.

    methods string (string)[]

    HTTP methods for request matching.

    responseCodeRanges object[]

    Response codes for the request's response matching.

  • Array [
    • end integer

    End of the range. Can be omitted if using a single status code.

    start integer

    Start of the range. Can also be used for a single, non-range value.

  • ]
  • ]
    • trackSession boolean

    Indicates if the custom session ID generated during bot protection flow is tracked (true) or not (false).

    headerSpecs object[]

    Configuration for inspecting HTTP headers.

  • Array [
    • allow boolean

    Indicates if the flow is to be allowed (true) or blocked (false).

    effect waas.Effect (string)

    Possible values: [ban,prevent,alert,allow,disable,reCAPTCHA]

    Effect is the effect that will be used in the rule

    name string

    Header name.

    required boolean

    Indicates if the header must be present (true) or not (false).

    values string (string)[]

    Wildcard expressions that represent the header value.

  • ]
    • intelGathering object

    IntelGatheringConfig is the configuration for intelligence gathering protections

    infoLeakageEffect waas.Effect (string)

    Possible values: [ban,prevent,alert,allow,disable,reCAPTCHA]

    Effect is the effect that will be used in the rule

    removeFingerprintsEnabled boolean

    Indicates if server fingerprints should be removed (true) or not (false).

    lfi object

    ProtectionConfig represents a WAAS protection config

    effect waas.Effect (string)

    Possible values: [ban,prevent,alert,allow,disable,reCAPTCHA]

    Effect is the effect that will be used in the rule

    exceptionFields object[]

    Exceptions.

  • Array [
    • key string

    Field in HTTP request.

    keyPattern boolean

    Match and scrub by keys, relevant when location is not defined.

    location waas.ExceptionLocation (string)

    Possible values: [path,query,queryValues,cookie,UserAgentHeader,header,body,rawBody,XMLPath,JSONPath]

    ExceptionLocation indicates exception http field location

    response boolean

    Indicates that sensitive data should be checked in response, only relevant for pattern based sensitive data rule.

    valuePattern boolean

    Match and scrub by values, relevant when location is not defined.

  • ]
    • malformedReq object

    ProtectionConfig represents a WAAS protection config

    effect waas.Effect (string)

    Possible values: [ban,prevent,alert,allow,disable,reCAPTCHA]

    Effect is the effect that will be used in the rule

    exceptionFields object[]

    Exceptions.

  • Array [
    • key string

    Field in HTTP request.

    keyPattern boolean

    Match and scrub by keys, relevant when location is not defined.

    location waas.ExceptionLocation (string)

    Possible values: [path,query,queryValues,cookie,UserAgentHeader,header,body,rawBody,XMLPath,JSONPath]

    ExceptionLocation indicates exception http field location

    response boolean

    Indicates that sensitive data should be checked in response, only relevant for pattern based sensitive data rule.

    valuePattern boolean

    Match and scrub by values, relevant when location is not defined.

  • ]
    • maliciousUpload object

    MaliciousUploadConfig is the configuration for file upload protection

    allowedExtensions string (string)[]

    Allowed file extensions.

    allowedFileTypes waas.FileType (string)[]

    Possible values: [pdf,officeLegacy,officeOoxml,odf,jpeg,png,gif,bmp,ico,avi,mp4,aac,mp3,wav,zip,gzip,rar,7zip]

    Allowed file types.

    effect waas.Effect (string)

    Possible values: [ban,prevent,alert,allow,disable,reCAPTCHA]

    Effect is the effect that will be used in the rule

    networkControls object

    NetworkControls contains the network controls config (e.g., access controls for IPs and countries)

    advancedProtectionEffect waas.Effect (string)

    Possible values: [ban,prevent,alert,allow,disable,reCAPTCHA]

    Effect is the effect that will be used in the rule

    countries object

    AccessControls contains the access controls config (e.g., denied/allowed sources)

    alert string (string)[]

    Alert are the denied sources for which we alert.

    allow string (string)[]

    Allow are the allowed sources for which we don't alert or prevent.

    allowMode boolean

    AllowMode indicates allowlist (true) or denylist (false) mode.

    enabled boolean

    Enabled indicates if access controls protection is enabled.

    fallbackEffect waas.Effect (string)

    Possible values: [ban,prevent,alert,allow,disable,reCAPTCHA]

    Effect is the effect that will be used in the rule

    prevent string (string)[]

    Prevent are the denied sources.

    exceptionSubnets string (string)[]

    Network lists for which requests completely bypass WAAS checks and protections.

    networkControlsExceptionSubnets object

    FeatureExceptions represents subnets that should bypass WAAS features

    subnets string (string)[]

    Subnets are network lists for which requests bypass WAAS features.

    subnets object

    AccessControls contains the access controls config (e.g., denied/allowed sources)

    alert string (string)[]

    Alert are the denied sources for which we alert.

    allow string (string)[]

    Allow are the allowed sources for which we don't alert or prevent.

    allowMode boolean

    AllowMode indicates allowlist (true) or denylist (false) mode.

    enabled boolean

    Enabled indicates if access controls protection is enabled.

    fallbackEffect waas.Effect (string)

    Possible values: [ban,prevent,alert,allow,disable,reCAPTCHA]

    Effect is the effect that will be used in the rule

    prevent string (string)[]

    Prevent are the denied sources.

    remoteHostForwarding object

    RemoteHostForwardingConfig defines a remote host to forward requests to

    enabled boolean

    Indicates if remote host forwarding is enabled (true) or not (false).

    target string

    Remote host to forward requests to.

    responseHeaderSpecs object[]

    Configuration for modifying HTTP response headers.

  • Array [
    • name string

    Header name (will be canonicalized when possible).

    override boolean

    Indicates whether to override existing values (true) or add to them (false).

    values string (string)[]

    New header values.

  • ]
    • sessionCookieBan boolean

    Indicates if bans in this app are made by session cookie ID (true) or false (not).

    sessionCookieEnabled boolean

    Indicates if session cookies are enabled (true) or not (false).

    sessionCookieSameSite waas.SameSite (string)

    Possible values: [Lax,Strict,None]

    SameSite allows a server to define a cookie attribute making it impossible for the browser to send this cookie along with cross-site requests. The main goal is to mitigate the risk of cross-origin information leakage, and provide some protection against cross-site request forgery attacks.

    See https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie/SameSite for details

    sessionCookieSecure boolean

    Indicates the Secure attribute of the session cookie.

    shellshock object

    ProtectionConfig represents a WAAS protection config

    effect waas.Effect (string)

    Possible values: [ban,prevent,alert,allow,disable,reCAPTCHA]

    Effect is the effect that will be used in the rule

    exceptionFields object[]

    Exceptions.

  • Array [
    • key string

    Field in HTTP request.

    keyPattern boolean

    Match and scrub by keys, relevant when location is not defined.

    location waas.ExceptionLocation (string)

    Possible values: [path,query,queryValues,cookie,UserAgentHeader,header,body,rawBody,XMLPath,JSONPath]

    ExceptionLocation indicates exception http field location

    response boolean

    Indicates that sensitive data should be checked in response, only relevant for pattern based sensitive data rule.

    valuePattern boolean

    Match and scrub by values, relevant when location is not defined.

  • ]
    • sqli object

    ProtectionConfig represents a WAAS protection config

    effect waas.Effect (string)

    Possible values: [ban,prevent,alert,allow,disable,reCAPTCHA]

    Effect is the effect that will be used in the rule

    exceptionFields object[]

    Exceptions.

  • Array [
    • key string

    Field in HTTP request.

    keyPattern boolean

    Match and scrub by keys, relevant when location is not defined.

    location waas.ExceptionLocation (string)

    Possible values: [path,query,queryValues,cookie,UserAgentHeader,header,body,rawBody,XMLPath,JSONPath]

    ExceptionLocation indicates exception http field location

    response boolean

    Indicates that sensitive data should be checked in response, only relevant for pattern based sensitive data rule.

    valuePattern boolean

    Match and scrub by values, relevant when location is not defined.

  • ]
    • tlsConfig object

    TLSConfig holds the user TLS configuration and the certificate data

    HSTSConfig object

    HSTSConfig is the HTTP Strict Transport Security configuration in order to enforce HSTS header see: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Strict-Transport-Security

    enabled boolean

    Enabled indicates if HSTS enforcement is enabled.

    includeSubdomains boolean

    IncludeSubdomains indicates if this rule applies to all of the site's subdomains as well.

    maxAgeSeconds integer

    maxAgeSeconds is the time (in seconds) that the browser should remember that a site is only be accessed using HTTPS.

    preload boolean

    Preload indicates if it should support preload.

    metadata object

    CertificateMeta is the certificate metadata

    issuerName string

    IssuerName is the certificate issuer common name.

    notAfter date-time

    NotAfter is the time the certificate is not valid (expiry time).

    subjectName string

    SubjectName is the certificate subject common name.

    minTLSVersion waas.MinTLSVersion (string)

    Possible values: [1.0,1.1,1.2,1.3]

    MinTLSVersion is the list of acceptable TLS versions

    xss object

    ProtectionConfig represents a WAAS protection config

    effect waas.Effect (string)

    Possible values: [ban,prevent,alert,allow,disable,reCAPTCHA]

    Effect is the effect that will be used in the rule

    exceptionFields object[]

    Exceptions.

  • Array [
    • key string

    Field in HTTP request.

    keyPattern boolean

    Match and scrub by keys, relevant when location is not defined.

    location waas.ExceptionLocation (string)

    Possible values: [path,query,queryValues,cookie,UserAgentHeader,header,body,rawBody,XMLPath,JSONPath]

    ExceptionLocation indicates exception http field location

    response boolean

    Indicates that sensitive data should be checked in response, only relevant for pattern based sensitive data rule.

    valuePattern boolean

    Match and scrub by values, relevant when location is not defined.

  • ]
  • ]
    • autoProtectPorts boolean

    Indicates whether to automatically detect and protect the HTTP ports.

    collections object[]

    Scopes the rule based on a list of collections.

  • Array [
    • accountIDs string (string)[]

    List of account IDs.

    appIDs string (string)[]

    List of application IDs.

    clusters string (string)[]

    List of Kubernetes cluster names.

    color common.Color (string)

    Color is a hexadecimal representation of color code value

    containers string (string)[]

    List of containers.

    description string

    Free-form text.

    functions string (string)[]

    List of functions.

    hosts string (string)[]

    List of hosts.

    images string (string)[]

    List of images.

    labels string (string)[]

    List of labels.

    modified date-time

    Datetime when the collection was last modified.

    name string

    Collection name. Must be unique.

    namespaces string (string)[]

    List of Kubernetes namespaces.

    owner string

    User who created or last modified the collection.

    prisma boolean

    Indicates whether this collection originates from Prisma Cloud.

    system boolean

    Indicates whether this collection was created by the system (i.e., a non user) (true) or a real user (false).

  • ]
    • disabled boolean

    Indicates whether the rule is currently disabled. Values: true (disabled) or false (enabled).

    modified date-time

    Specifies the date and time when the rule was last modified.

    name string

    Name of the rule.

    notes string

    Describes any noteworthy points for a rule. You can include any text.

    outOfBandScope waas.OutOfBandRuleScope (string)

    Possible values: [container,host,]

    OutOfBandRuleScope represents the Out-of-Band Rule Scope

    owner string

    User who created or last modified the rule.

    previousName string

    Previous name of the rule. Required for rule renaming.

    readTimeoutSeconds integer

    Specifies the timeout of the request reads in seconds. Default: 5 seconds.

    skipAPILearning boolean

    Indicates whether to skip the API discovery. Values: true (skipped) or false (Do not skip).

    trafficMirroring object

    TrafficMirroringConfig specifies the traffic mirroring configuration is fine in that case

    enabled boolean

    TODO #41884 - remove traffic mirroring enabled flag when no longer needed for BC Enabled indicates if traffic mirroring is enabled.

    sampling boolean

    Sampling indicates if this is a sampling VPC.

    vpcConfig object

    VPCConfig is the VPC configuration (there is a 1-to-1 relation with the rule, only one configuration per rule)

    autoScalingEnabled boolean

    AutoScalingEnabled indicates that the deployment is made with auto VPC observer instances scaling.

    autoScalingMaxInstances integer

    AutoScalingMaxInstances is the maximum deployed instances when auto scaling is enabled.

    configID string

    ConfigID is a unique ID for the configuration.

    consoleHostname string

    ConsoleHostname represents the hostname of the console to connect to.

    credentialID string

    CredentialID is the service provider authentication data.

    instanceNames string (string)[]

    InstanceNames are the names of the instances to mirror (can be wildcard).

    instanceType string

    InstanceType is the instance type to use for the defender instance.

    lbARN string

    LBARN is the ARN of the observed load balancer.

    lbName string

    LBName is the name of the observed load balancer.

    lbType string

    LBType is the type of the observed load balancer (currentlly only ALB is supported).

    ports int (integer)[]

    Ports are the ports to mirror.

    region string

    Region is the AWS region the mirrored VMs are located in.

    subnetID string

    SubnetID is the ID of the subnet the defender will be deployed in.

    tags string (string)[]

    Tags are the tags to filter for instances to mirror in Key:Value format or "*".

    vpcID string

    VPCID is the ID of the VPC to look for instances to mirror and to deploy the defender in.

    windows boolean

    Indicates whether the operating system of the app is Microsoft Windows. The default is Linux.

  • ]
Loading...