Get Activated Policy Rule Recommendations
Fetch all activated policy rule recommendations or all the activated recommendations for one or more IoT device profiles.
Query Parameters
The customer ID to which the API call is directed
A profile filters policy rule recommendations by one or more source profile names. The following value is a string with profile names separated by commas; for example: profile=Palo Alto Networks Device,iPhone,Polycom IP Phone. All profiles must be IoT profiles. Without a profile filter, the request returns all active policy rule recommendations.
Default value: 10000
The number of items in one response; that is, in one page. The default page length for policy rule recommendations is 1000 and the maximum is 1000. Setting a shorter length improves response times.
In addition to the pagelength parameter, offset gets items on subsequent pages. For example, if the page length of your first request is 100, you get the first 100 policy rule recommendations. To get the next 100, add offset=100 to your second request. This skips the first 100 recommendations and gets the next 100 starting from 101.
- 200
- 4XX
- 5XX
Successful Response
Schema
- Array [
- ]
The API version
The API path
The total number of activated recommended policy rules for which information was returned
policies object[] required
An array of activated policy rule recommendations
Unique identifier composed of alphanumeric characters for the policy rule
Name of the user-defined policy set to which the policy rule
Possible values: [intranet, internet]
Location of the destination in the policy rule: intranet (internal) or internet (external)
Default value: allow
Action the firewall takes when applying the policy rule, which is always allow
UTC timestamp for the last detected network activity corresponding to the elements in this policy rule
Default value: []
Device profile assigned to devices initiating traffic to which the policy rule applies. Note: Although this is an array, there can only be a single source profile.
Default value: []
List of source IP addresses to which the policy rule applies. Note: This is included in anticipation of future functionality and is currently always empty.
Default value: []
List of source zones to which the policy rule applies
Default value: []
Applications to which the policy rule applies, such as youtube-base
Default value: []
List of destination zones to which the policy rule applies
Default value: []
Device profile of the destination in the policy rule. A destination device profile is used when the source and destination are in the same intranet and IoT Security is monitoring them both and has assigned a profile to the destination.
Default value: []
List of destination FQDNs to which the policy rule applies. Note: When a destination is external, IoT Security displays its IP address in destinationFqdnList. When it’s internal, IoT Security displays it in destinationIpList.
Default value: []
List of destination IP addresses to which the policy rule applies. Note: When a destination is internal, IoT Security displays its IP address in destinationIpList. When it’s external, IoT Security displays it in destinationFqdnList.
Default value: []
List of categories to which the policy rule applies, Some examples: games, entertainment, and health-and medicine
Default value: []
List of non-standard service port numbers for an application o the user-defined values service-http and service-https. Note: Whe IoT Security identifies an application that's using non-standard UDP or TCP port numbers, it displays the application name in "apps" and the non-standard port numbers in "services". When an application is using standard ports, IoT Security displays th application name and leaves "services" empty. If a user manuall applied one of the predefined services servicehttp or service https to an application, then the predefined service name appear in "services".
Default value: [IoTSecurityRecommended]
System-defined tag IoTSecurityRecommended and any user-defined tags applied to the policy rule
Default value: []
List of Security profiles for antivirus, vulnerability protection, anti-spyware, and so on in the policy rule
List of firewalls that enforce the policy rule
(Panorama) List of device groups containing firewalls that enforce the policy rule
{
"ver": "string",
"api": "string",
"total": 0,
"policies": [
{
"id": "string",
"policySetName": "string",
"geo": "intranet",
"action": "allow",
"lastActivityTime": "string",
"sourceProfiles": [
null
],
"sourceIpList": [
null
],
"sourceZones": [
null
],
"apps": [
null
],
"destinationZones": [
null
],
"destinationProfiles": [
null
],
"destinationFqdnList": [
null
],
"destinationIpList": [
null
],
"destinationUrlCategories": [
null
],
"services": [
null
],
"tags": [
null
],
"securityProfiles": [
null
],
"firewallList": [
null
],
"deviceGroups": [
null
]
}
]
}
{
"ver": "v4.0",
"api": "/policy/recommendation",
"total": 10,
"policies": [
{
"id": "0ca5fe320d6d631c40259be8861d764a",
"geo": "intranet",
"action": "allow",
"lastActivityTime": "2021-09-21T21:53:42.754Z",
"sourceProfiles": [
"APC(Schneider Electric) Smart PowerSupply"
],
"sourceIpList": [],
"sourceZones": [],
"apps": [
"dhcp"
],
"destinationZones": [],
"destinationProfiles": [
"Windows"
],
"destinationFqdnList": [],
"destinationIpList": [
"162.12.232.81",
"162.12.232.80"
],
"destinationUrlCategories": [],
"services": [
"udp/67",
"tcp/67",
"service-http",
"service-https"
],
"tags": [
"IoTSecurityRecommended",
"test-tag"
],
"securityProfiles": [
{
"type": "virus",
"name": "default"
},
{
"type": "vulnerability",
"name": "default"
},
{
"type": "spyware",
"name": "default"
},
{
"type": "url-filtering",
"name": "default"
},
{
"type": "file-blocking",
"name": "basic file blocking"
},
{
"type": "wildfire-analysis",
"name": "default"
}
]
},
{
"id": "1ca5fe320d6d631c40259be8861d764a",
"geo": "internet",
"action": "allow",
"lastActivityTime": "2021-08-27T01:14:18.818Z",
"sourceProfiles": [
"Polycom IP Phone"
],
"sourceIpList": [],
"sourceZones": [],
"apps": [
"rtp-base"
],
"destinationZones": [],
"destinationProfiles": [],
"destinationFqdnList": [
"162.12.232.81"
],
"destinationIpList": [],
"destinationUrlCategories": [],
"services": [
"udp/47390",
"udp/32576",
"udp/35204",
"service-http",
"service-https"
],
"tags": [
"IoTSecurityRecommended"
],
"securityProfiles": [
{
"type": "virus",
"name": "default"
},
{
"type": "vulnerability",
"name": "default"
},
{
"type": "spyware",
"name": "default"
},
{
"type": "url-filtering",
"name": "default"
},
{
"type": "file-blocking",
"name": "basic file blocking"
},
{
"type": "wildfire-analysis",
"name": "default"
}
]
}
]
}
Client Error Response
Schema
STATUS_CODE
GENERAL_MESSAGE
{
"code": "string",
"msg": "string"
}
{
"code": 400,
"msg": "Bad Request. This occurs when an HTTP request contains an invalid query string."
}
{
"code": 403,
"msg": "Forbidden access. Either the provided API key is invalid or it does not have the required RBAC permissions to run this API."
}
{
"code": 429,
"msg": "Too many requests. The number of requests for device details for a single device exceeded the rate limit of 180 queries per minute per tenant."
}
Server Error Response
Schema
STATUS_CODE
GENERAL_MESSAGE
{
"code": "string",
"msg": "string"
}
{
"code": 500,
"msg": "Internal server error. A unified status for API communication type errors."
}