Get Activated Policy Rule Recommendations
Fetch all activated policy rule recommendations or all the activated recommendations for one or more IoT device profiles.
Query Parameters
- customerid string required
The customer ID to which the API call is directed
- profile string
A profile filters policy rule recommendations by one or more source profile names. The following value is a string with profile names separated by commas; for example: profile=Palo Alto Networks Device,iPhone,Polycom IP Phone. All profiles must be IoT profiles. Without a profile filter, the request returns all active policy rule recommendations.
Example: Palo Alto Networks Device,iPhone,Polycom IP Phone - pagelength integer
Default value:
10000
The number of items in one response; that is, in one page. The default page length for policy rule recommendations is 1000 and the maximum is 1000. Setting a shorter length improves response times.
Example: 200 - offset integer
In addition to the pagelength parameter, offset gets items on subsequent pages. For example, if the page length of your first request is 100, you get the first 100 policy rule recommendations. To get the next 100, add offset=100 to your second request. This skips the first 100 recommendations and gets the next 100 starting from 101.
Example: 100
- 200
- 4XX
- 5XX
Successful Response
- application/json
- Schema
- Example (from schema)
- PolicyRecommendationResponse
Schema
- ver string required
The API version
- api string required
The API path
- total integer required
The total number of activated recommended policy rules for which information was returned
policies object[] required
An array of activated policy rule recommendations
Array [id stringUnique identifier composed of alphanumeric characters for the policy rule
policySetName stringName of the user-defined policy set to which the policy rule
geo stringPossible values: [
intranet
,internet
]Location of the destination in the policy rule: intranet (internal) or internet (external)
action stringDefault value:
allow
Action the firewall takes when applying the policy rule, which is always allow
lastActivityTime stringUTC timestamp for the last detected network activity corresponding to the elements in this policy rule
sourceProfiles arrayDefault value:
[]
Device profile assigned to devices initiating traffic to which the policy rule applies. Note: Although this is an array, there can only be a single source profile.
sourceIpList arrayDefault value:
[]
List of source IP addresses to which the policy rule applies. Note: This is included in anticipation of future functionality and is currently always empty.
sourceZones arrayDefault value:
[]
List of source zones to which the policy rule applies
apps arrayDefault value:
[]
Applications to which the policy rule applies, such as youtube-base
destinationZones arrayDefault value:
[]
List of destination zones to which the policy rule applies
destinationProfiles arrayDefault value:
[]
Device profile of the destination in the policy rule. A destination device profile is used when the source and destination are in the same intranet and IoT Security is monitoring them both and has assigned a profile to the destination.
destinationFqdnList arrayDefault value:
[]
List of destination FQDNs to which the policy rule applies. Note: When a destination is external, IoT Security displays its IP address in destinationFqdnList. When it’s internal, IoT Security displays it in destinationIpList.
destinationIpList arrayDefault value:
[]
List of destination IP addresses to which the policy rule applies. Note: When a destination is internal, IoT Security displays its IP address in destinationIpList. When it’s external, IoT Security displays it in destinationFqdnList.
destinationUrlCategories arrayDefault value:
[]
List of categories to which the policy rule applies, Some examples: games, entertainment, and health-and medicine
services arrayDefault value:
[]
List of non-standard service port numbers for an application o the user-defined values service-http and service-https. Note: Whe IoT Security identifies an application that's using non-standard UDP or TCP port numbers, it displays the application name in "apps" and the non-standard port numbers in "services". When an application is using standard ports, IoT Security displays th application name and leaves "services" empty. If a user manuall applied one of the predefined services servicehttp or service https to an application, then the predefined service name appear in "services".
tags arrayDefault value:
[IoTSecurityRecommended]
System-defined tag IoTSecurityRecommended and any user-defined tags applied to the policy rule
securityProfiles arrayDefault value:
[]
List of Security profiles for antivirus, vulnerability protection, anti-spyware, and so on in the policy rule
firewallList arrayList of firewalls that enforce the policy rule
deviceGroups array(Panorama) List of device groups containing firewalls that enforce the policy rule
]
{
"ver": "string",
"api": "string",
"total": 0,
"policies": [
{
"id": "string",
"policySetName": "string",
"geo": "intranet",
"action": "allow",
"lastActivityTime": "string",
"sourceProfiles": [
null
],
"sourceIpList": [
null
],
"sourceZones": [
null
],
"apps": [
null
],
"destinationZones": [
null
],
"destinationProfiles": [
null
],
"destinationFqdnList": [
null
],
"destinationIpList": [
null
],
"destinationUrlCategories": [
null
],
"services": [
null
],
"tags": [
null
],
"securityProfiles": [
null
],
"firewallList": [
null
],
"deviceGroups": [
null
]
}
]
}
{
"ver": "v4.0",
"api": "/policy/recommendation",
"total": 10,
"policies": [
{
"id": "0ca5fe320d6d631c40259be8861d764a",
"geo": "intranet",
"action": "allow",
"lastActivityTime": "2021-09-21T21:53:42.754Z",
"sourceProfiles": [
"APC(Schneider Electric) Smart PowerSupply"
],
"sourceIpList": [],
"sourceZones": [],
"apps": [
"dhcp"
],
"destinationZones": [],
"destinationProfiles": [
"Windows"
],
"destinationFqdnList": [],
"destinationIpList": [
"162.12.232.81",
"162.12.232.80"
],
"destinationUrlCategories": [],
"services": [
"udp/67",
"tcp/67",
"service-http",
"service-https"
],
"tags": [
"IoTSecurityRecommended",
"test-tag"
],
"securityProfiles": [
{
"type": "virus",
"name": "default"
},
{
"type": "vulnerability",
"name": "default"
},
{
"type": "spyware",
"name": "default"
},
{
"type": "url-filtering",
"name": "default"
},
{
"type": "file-blocking",
"name": "basic file blocking"
},
{
"type": "wildfire-analysis",
"name": "default"
}
]
},
{
"id": "1ca5fe320d6d631c40259be8861d764a",
"geo": "internet",
"action": "allow",
"lastActivityTime": "2021-08-27T01:14:18.818Z",
"sourceProfiles": [
"Polycom IP Phone"
],
"sourceIpList": [],
"sourceZones": [],
"apps": [
"rtp-base"
],
"destinationZones": [],
"destinationProfiles": [],
"destinationFqdnList": [
"162.12.232.81"
],
"destinationIpList": [],
"destinationUrlCategories": [],
"services": [
"udp/47390",
"udp/32576",
"udp/35204",
"service-http",
"service-https"
],
"tags": [
"IoTSecurityRecommended"
],
"securityProfiles": [
{
"type": "virus",
"name": "default"
},
{
"type": "vulnerability",
"name": "default"
},
{
"type": "spyware",
"name": "default"
},
{
"type": "url-filtering",
"name": "default"
},
{
"type": "file-blocking",
"name": "basic file blocking"
},
{
"type": "wildfire-analysis",
"name": "default"
}
]
}
]
}
Client Error Response
- application/json
- Schema
- Example (from schema)
- Bad Request
- Forbidden access
- Too many requests
Schema
- code string
STATUS_CODE
- msg string
GENERAL_MESSAGE
{
"code": "string",
"msg": "string"
}
{
"code": 400,
"msg": "Bad Request. This occurs when an HTTP request contains an invalid query string."
}
{
"code": 403,
"msg": "Forbidden access. Either the provided API key is invalid or it does not have the required RBAC permissions to run this API."
}
{
"code": 429,
"msg": "Too many requests. The number of requests for device details for a single device exceeded the rate limit of 180 queries per minute per tenant."
}
Server Error Response
- application/json
- Schema
- Example (from schema)
- PolicyRecommendationResponse
Schema
- code string
STATUS_CODE
- msg string
GENERAL_MESSAGE
{
"code": "string",
"msg": "string"
}
{
"code": 500,
"msg": "Internal server error. A unified status for API communication type errors."
}