Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
685
Views
0
Helpful
0
Replies

[FMC 7.0.0.1] Change Intrusion Rule status to Rest api

sjjeong6960
Level 1
Level 1

‎04-04-2022 02:24 AM

I have a question, so I'm posting it for the first time.

For your information, the version is as follows.

FMC 7.0.0.1
FTD 7.0.0.1

[1] Check the following UUID values through {FMC_IP}/api/api-explorer

The example in the Request body is as follows.

However, I don't know which part should be modified to change the status of "Disable" to "Block".

Please help me.

 

 
ObjectID : beb35509-d2d4-5c0a-8584-76a1e645b859 ( Snort 규칙 1:37062 )
ContainerUUID : 000C2951-E46C-0ed3-0000-077309440685
DomainUUID : e276abec-e0f2-11e3-8169-6d9ed49b625f
 

 

The example in the Request body is as follows.
However, I don't know which part should be modified to change the status of "Disable" to "Block".
Please help me.

 
{
"sid": 37062,
"gid": 1,
"revision": 2,
"msg": "\"APP-DETECT 12P DNS request attempt\"",
"ruleData": "alert udp $HOME_NET any -> any 53 ( msg:\"APP-DETECT 12P DNS request attempt\"; flow:to_server; byte_test:1,!&,0xF8,2; content:\"|03|b32|03|i2p|00|\",fast_pattern,nocase; metadata:policy max-detect-ips drop; service:dns; reference:url,geti2p.net; classtype:misc-activity; sid:37062; rev:2; )",
"isSystemDefined": "false | true",
"ruleAction": [
{
"defaultState": "BLOCK",
"overrideState": "ALERT",
"policy": {
"name": "Maximum Detection",
"id": "ccbf50d8-b908-5a56-b1a8-099773b904f2",
"type": "IntrusionPolicy",
"inlineDrop": 0
}
},
{
"defaultState": "DISABLE",
"overrideState": "BLOCK",
"policy": {
"name": "Balanced Security and Connectivity",
"id": "6c5fd197-7d58-51cc-b048-40f5a7442f4b",
"type": "IntrusionPolicy",
"inlineDrop": 0
}
},
{
"defaultState": "DISABLE",
"overrideState": "BLOCK",
"policy": {
"name": "Connectivity Over Security",
"id": "e90b3402-1dde-58b8-956e-0ba3e73b9c0a",
"type": "IntrusionPolicy",
"inlineDrop": 0
}
},
{
"defaultState": "DISABLE",
"overrideState": "DISABLE",
"policy": {
"name": "No Rules Active",
"id": "402cd584-98f0-544e-b628-0c4b40903189",
"type": "IntrusionPolicy",
"inlineDrop": 0
}
},
{
"defaultState": "DISABLE",
"overrideState": "BLOCK",
"policy": {
"name": "Security Over Connectivity",
"id": "eb508df4-58a2-59c3-a610-500d9a9e4423",
"type": "IntrusionPolicy",
"inlineDrop": 0
}
}
],
"name": "OA_IPS_Policy",
"description": "\"APP-DETECT 12P DNS request attempt\"",
"id": "e90b3402-1dde-58b8-956e-0ba3e73b9c0a"
}
0 Helpful
0 Replies 0
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card