03-14-2017 09:01 AM - edited 02-21-2020 06:02 AM
Greetings Cisco Community,
I am looking to automate the process of adding intrusion rules to a Firepower device (FMC version 6.2.0). I was hoping to be able to use the REST API for this purpose, but looking through the documentation, it's unclear to me whether this action is supported.
Is adding Snort rules via the REST API supported? I apologize if I've overlooked something obvious.
Thanks in advance,
J
Solved! Go to Solution.
03-14-2017 09:43 AM
J,
Today it is not possible to modify or Tune IPS policy with the REST API. To add and adjust Snort rules in Firepower Management Center you must use the UI.
All you can do with the API and identify and IPS policy and apply it to to rules.
Regards,
Neil
03-14-2017 09:43 AM
J,
Today it is not possible to modify or Tune IPS policy with the REST API. To add and adjust Snort rules in Firepower Management Center you must use the UI.
All you can do with the API and identify and IPS policy and apply it to to rules.
Regards,
Neil
03-14-2017 09:54 AM
Neil,
Thank you very much for your quick reply and the clarification!
-J
05-19-2017 05:25 AM
Hi Neil,
Following on from your response, would it possible to export the SNORT rules using the API?
05-19-2017 05:58 AM
nwilu0001,
It is not possible to export the SNORT signature contents for a specific IPS rule with the API. It is only possible to identify and apply the Rule as a whole (By name and system generated GUID) with the API. For visibility into the rule you would again have to use the UI.
Regards,
Neil
05-19-2017 07:26 AM
Thank you for replying so quickly Neil.
12-25-2019 03:34 AM
Hello,
any updates on the subject?
is there an option to upload Snort rules to the FMC using API?
is there a road map for the functionality?
09-02-2022 07:56 AM
I am curious how this has changed in version 7. I know that I can get the intrusion rules using the FMC API now. It appears that I can also modify rules. Is there the ability to install local rules in bulk using the FMC API now?
01-16-2024 07:21 AM
There is a newer API that allows to create custom snort 3 rules within FMC. You can find it under /object/intrusionrules in FMC API explorer.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide