Skip to main content

Get Activated Policy Rule Recommendations

GET 

/pub/v4.0/policy/recommendation

Fetch all activated policy rule recommendations or all the activated recommendations for one or more IoT device profiles.

Request

Query Parameters

    customerid stringrequired

    The customer ID to which the API call is directed

    profile string

    A profile filters policy rule recommendations by one or more source profile names. The following value is a string with profile names separated by commas; for example: profile=Palo Alto Networks Device,iPhone,Polycom IP Phone. All profiles must be IoT profiles. Without a profile filter, the request returns all active policy rule recommendations.

    Example: Palo Alto Networks Device,iPhone,Polycom IP Phone
    pagelength integer

    Default value: 10000

    The number of items in one response; that is, in one page. The default page length for policy rule recommendations is 1000 and the maximum is 1000. Setting a shorter length improves response times.

    Example: 200
    offset integer

    In addition to the pagelength parameter, offset gets items on subsequent pages. For example, if the page length of your first request is 100, you get the first 100 policy rule recommendations. To get the next 100, add offset=100 to your second request. This skips the first 100 recommendations and gets the next 100 starting from 101.

    Example: 100

Responses

Successful Response

Schema
    ver stringrequired

    The API version

    api stringrequired

    The API path

    total integerrequired

    The total number of activated recommended policy rules for which information was returned

    policies object[]required

    An array of activated policy rule recommendations

  • Array [
  • id string

    Unique identifier composed of alphanumeric characters for the policy rule

    policySetName string

    Name of the user-defined policy set to which the policy rule

    geo string

    Possible values: [intranet, internet]

    Location of the destination in the policy rule: intranet (internal) or internet (external)

    action string

    Default value: allow

    Action the firewall takes when applying the policy rule, which is always allow

    lastActivityTime string

    UTC timestamp for the last detected network activity corresponding to the elements in this policy rule

    sourceProfiles array

    Default value: ``

    Device profile assigned to devices initiating traffic to which the policy rule applies. Note: Although this is an array, there can only be a single source profile.

    sourceIpList array

    Default value: ``

    List of source IP addresses to which the policy rule applies. Note: This is included in anticipation of future functionality and is currently always empty.

    sourceZones array

    Default value: ``

    List of source zones to which the policy rule applies

    apps array

    Default value: ``

    Applications to which the policy rule applies, such as youtube-base

    destinationZones array

    Default value: ``

    List of destination zones to which the policy rule applies

    destinationProfiles array

    Default value: ``

    Device profile of the destination in the policy rule. A destination device profile is used when the source and destination are in the same intranet and IoT Security is monitoring them both and has assigned a profile to the destination.

    destinationFqdnList array

    Default value: ``

    List of destination FQDNs to which the policy rule applies. Note: When a destination is external, IoT Security displays its IP address in destinationFqdnList. When it’s internal, IoT Security displays it in destinationIpList.

    destinationIpList array

    Default value: ``

    List of destination IP addresses to which the policy rule applies. Note: When a destination is internal, IoT Security displays its IP address in destinationIpList. When it’s external, IoT Security displays it in destinationFqdnList.

    destinationUrlCategories array

    Default value: ``

    List of categories to which the policy rule applies, Some examples: games, entertainment, and health-and medicine

    services array

    Default value: ``

    List of non-standard service port numbers for an application o the user-defined values service-http and service-https. Note: Whe IoT Security identifies an application that's using non-standard UDP or TCP port numbers, it displays the application name in "apps" and the non-standard port numbers in "services". When an application is using standard ports, IoT Security displays th application name and leaves "services" empty. If a user manuall applied one of the predefined services servicehttp or service https to an application, then the predefined service name appear in "services".

    tags array

    Default value: IoTSecurityRecommended

    System-defined tag IoTSecurityRecommended and any user-defined tags applied to the policy rule

    securityProfiles array

    Default value: ``

    List of Security profiles for antivirus, vulnerability protection, anti-spyware, and so on in the policy rule

    firewallList array

    List of firewalls that enforce the policy rule

    deviceGroups array

    (Panorama) List of device groups containing firewalls that enforce the policy rule

  • ]
Loading...