| Parameter |
Choices/Defaults |
Comments |
|
config
list
/ elements=dictionary
|
|
Intrusion prevention rules config
|
|
action
string
|
|
Action to apply if the rule is triggered.
Applicable to custom rules with template type signature or start-end-patterns.
|
|
alert_enabled
boolean
|
|
Enable to raise an alert when the rule logs an event.
Searchable as Boolean.
|
|
always_include_packet_data
boolean
|
|
Enabled to include package data in the event logs.
Not available if event logging disabled is true.
Searchable as Boolean.
|
|
application_type_id
integer
|
|
ID of the application type for the IntrusionPreventionRule.
Searchable as Numeric.
|
|
can_be_assigned_alone
boolean
|
|
Intrusion prevention rule can be assigned by self.
Applicaple only with GET call
Not applicaple param with Create/Modify POST call
|
|
case_sensitive
boolean
|
|
Enable to make signatures and patterns case sensitive.
Applicable to custom rules with template type signature or start-end-patterns.
|
|
condition
string
|
|
Condition to determine if the rule is triggered.
Applicable to custom rules with template type start-end-patterns.
|
|
context_id
integer
|
|
ID of the context in which the rule is applied.
Searchable as Numeric.
|
|
custom_xml
string
|
|
The custom XML used to define the rule.
Applicable to custom rules with template type custom.
|
|
cve
list
/ elements=string
|
|
List of CVEs associated with the IntrusionPreventionRule.
Searchable as String.
|
|
cvss_score
string
|
|
A measure of the severity of the vulnerability according the National Vulnerability Database.
Searchable as String or as Numeric.
|
|
debug_mode_enabled
boolean
|
|
Enable to log additional packets preceeding and following the packet that the rule detected.
Not available if event logging disabled is true.
Searchable as Boolean.
|
|
depends_on_rule_ids
list
/ elements=integer
|
|
IDs of intrusion prevention rules the rule depends on, which will be automatically assigned if this rule is assigned.
|
|
description
string
|
|
Description of the IntrusionPreventionRule.
Searchable as String.
|
|
detect_only
boolean
|
|
In detect mode, the rule creates an event log and does not interfere with traffic.
|
|
end
string
|
|
End pattern of the rule. Applicable to custom rules with template type start-end-patterns.
|
|
event_logging_disabled
boolean
|
|
Enable to prevent event logs from being created when the rule is triggered.
Not available if detect only is true.
Searchable as Boolean.
|
|
generate_event_on_packet_drop
boolean
|
|
Generate an event every time a packet is dropped for the rule.
Not available if event logging disabled is true.
Searchable as Boolean.
|
|
id
integer
|
|
ID for the Intrusion prevention rule.
Applicaple only with GET call
Not applicaple param with Create/Modify POST call
|
|
identifier
string
|
|
Identifier for the Intrusion prevention rule.
Applicaple only with GET call
Not applicaple param with Create/Modify POST call
|
|
last_updated
integer
|
|
Timestamp of the last rule modification, in milliseconds since epoch.
Searchable as Date.
|
|
minimum_agent_version
string
|
|
Version of the Deep Security agent or appliance required to support the rule.
Searchable as String.
|
|
name
string
|
|
Name of the IntrusionPreventionRule.
Searchable as String.
|
|
original_issue
integer
|
|
Timestamp of the date the rule was released, in milliseconds since epoch.
Searchable as Date.
|
|
patterns
list
/ elements=string
|
|
Body patterns of the rule, which must be found between start and end patterns.
Applicable to custom rules with template type start-end-patterns.
|
|
priority
string
|
Choices:
- lowest
- low
- normal
- high
- highest
|
Priority level of the rule. Higher priority rules are applied before lower priority rules.
Searchable as Choice.
|
|
recommendations_mode
string
|
Choices:
- enabled
- ignored
- unknown
- disabled
|
Indicates whether recommendation scans consider the IntrusionPreventionRule.
Can be set to enabled or ignored. Custom rules cannot be recommended.
Searchable as Choice.
|
|
schedule_id
integer
|
|
ID of the schedule which defines times during which the rule is active.
Searchable as Numeric.
|
|
severity
string
|
Choices:
- low
- medium
- high
- critical
|
Severity level of the rule. Severity levels can be used as sorting criteria and affect event rankings.
Searchable as Choice.
|
|
signature
string
|
|
Signature of the rule. Applicable to custom rules with template type signature.
|
|
start
string
|
|
Start pattern of the rule. Applicable to custom rules with template type start-end-patterns.
|
|
template
string
|
Choices:
- signature
- start-end-patterns
- custom
|
Type of template for the IntrusionPreventionRule. Applicable only to custom rules.
|
|
type
string
|
Choices:
- custom
- smart
- vulnerability
- exploit
- hidden
- policy
- info
|
Type of IntrusionPreventionRule.
Searchable as Choice.
|
|
state
string
|
Choices:
present ← - absent
- gathered
|
The state the configuration should be left in
The state gathered will get the module API configuration from the device and transform it into structured data in the format as per the module argspec and the value is returned in the gathered key within the result.
|