Skip to main content

Get CNNS Container and Host Policy

GET 

/api/v33.02/policies/firewall/network

x-prisma-cloud-target-env: {"permission":"policyCNNF"}

Retrieves a list of all CNNS container and host rules.

cURL Request

Refer to the following example cURL command:

$ curl -k \
-u <USER> \
-H 'Content-Type: application/json' \
-X GET \
"https://<CONSOLE>/api/v<VERSION>/policies/firewall/network"

Responses

Policy holds the data for firewall policies (host and container)

Schema
    _id string

    .

    containerEnabled boolean

    ContainerEnabled indicates whether container network firewall feature is enabled.

    containerRules object[]

    ContainerRules holds the container firewall rules.

  • Array [
  • disabled boolean

    Indicates whether the rule is currently disabled. Values: true (disabled) or false (enabled).

    dst cnnf.EntityID (integer)

    EntityID represents the ID of each network firewall entity. 20 bits are used. Max legal value: 2^20-1

    effect common.Effect (string)

    Possible values: [allow,alert,prevent,monitor,]

    Effect is the effect that is used in the CNNF rule

    id cnnf.RuleID (integer)

    RuleID represents the ID of each container network firewall policy rule

    modified date-time

    Specifies the date and time when the rule was last modified.

    name string

    Name of the rule.

    notes string

    Describes any noteworthy points for a rule. You can include any text.

    owner string

    User who created or last modified the rule.

    ports object[]

    Ports are the entity port range specifications.

  • Array [
  • deny boolean

    Deny indicates whether the connection is denied.

    end integer

    .

    start integer

    .

  • ]
  • previousName string

    Previous name of the rule. Required for rule renaming.

    src cnnf.EntityID (integer)

    EntityID represents the ID of each network firewall entity. 20 bits are used. Max legal value: 2^20-1

  • ]
  • hostEnabled boolean

    HostEnabled indicates whether host network firewall feature is enabled.

    hostRules object[]

    HostRules holds the host firewall rules.

  • Array [
  • disabled boolean

    Indicates whether the rule is currently disabled. Values: true (disabled) or false (enabled).

    dst cnnf.EntityID (integer)

    EntityID represents the ID of each network firewall entity. 20 bits are used. Max legal value: 2^20-1

    effect common.Effect (string)

    Possible values: [allow,alert,prevent,monitor,]

    Effect is the effect that is used in the CNNF rule

    id cnnf.RuleID (integer)

    RuleID represents the ID of each container network firewall policy rule

    modified date-time

    Specifies the date and time when the rule was last modified.

    name string

    Name of the rule.

    notes string

    Describes any noteworthy points for a rule. You can include any text.

    owner string

    User who created or last modified the rule.

    ports object[]

    Ports are the entity port range specifications.

  • Array [
  • deny boolean

    Deny indicates whether the connection is denied.

    end integer

    .

    start integer

    .

  • ]
  • previousName string

    Previous name of the rule. Required for rule renaming.

    src cnnf.EntityID (integer)

    EntityID represents the ID of each network firewall entity. 20 bits are used. Max legal value: 2^20-1

  • ]
  • modified date-time

    .

    networkEntities object[]

    NetworkEntities represents a list of network firewall entities

  • Array [
  • _id cnnf.EntityID (integer)

    EntityID represents the ID of each network firewall entity. 20 bits are used. Max legal value: 2^20-1

    allowAll object

    AllowAllConnections indicates if connections are allowed to/from any entity of the specified types e.g. if inbound contains the type subnet, the entity is allowed to receive connections from any subnet

    inbound cnnf.RuleEntityType (string)[]

    Possible values: [container,host,subnet,dns]

    Inbound indicates if connections are allowed from any entity of the specified types.

    outbound cnnf.RuleEntityType (string)[]

    Possible values: [container,host,subnet,dns]

    Outbound indicates if connections are allowed to any entity of the specified types.

    collections object[]

    Collections indicate the collection the entity is part of.

  • Array [
  • accountIDs string (string)[]

    List of account IDs.

    appIDs string (string)[]

    List of application IDs.

    clusters string (string)[]

    List of Kubernetes cluster names.

    color common.Color (string)

    Color is a hexadecimal representation of color code value

    containers string (string)[]

    List of containers.

    description string

    Free-form text.

    functions string (string)[]

    List of functions.

    hosts string (string)[]

    List of hosts.

    images string (string)[]

    List of images.

    labels string (string)[]

    List of labels.

    modified date-time

    Datetime when the collection was last modified.

    name string

    Collection name. Must be unique.

    namespaces string (string)[]

    List of Kubernetes namespaces.

    owner string

    User who created or last modified the collection.

    prisma boolean

    Indicates whether this collection originates from Prisma Cloud.

    system boolean

    Indicates whether this collection was created by the system (i.e., a non user) (true) or a real user (false).

  • ]
  • domains string (string)[]

    Domains is a list of domains.

    name string

    Name is the entity name.

    subnets object[]

    Subnets are the CIDR format network.

  • Array [
  • cidr string

    CIDR is the IP range of the defined entity.

    name string

    Name is the given name to represent the range.

  • ]
  • type cnnf.RuleEntityType (string)

    Possible values: [container,host,subnet,dns]

    RuleEntityType is the network firewall rule entity type

  • ]
  • owner string

    .

Loading...