Non-Corporate Public IP Addresses
The API sec_policy/rule_coverage supports non-domain interfaces.
Security Policy Rule Coverage
Security Principals Methods | HTTP | URI |
|---|---|---|
Get Security Principals |
|
|
Query Parameters for non-corporate public IP addresses
The property network accepts network_href to determine if the rule applies to a flow correctly.
Parameter | Description |
|---|---|
| Source entity. Specify labels,such as "href": "/orgs/14/labels/42" "href": "/orgs/14/labels/43" |
| Destination entity Specify an IP list, such as "href": "/orgs/14/sec_policy/active/ip_lists/14" |
| The network that the source and destination are on |
| Port and protocol, and optional process or Windows service names, of matching rules. |
Response Properties
In release 23.5, in sec_policy_rule_coverage_post_response, a new array of rule_edges was added, which provides a list with a placeholder for each requested source and destination pair.
The previous object rules is replaced with a reference to "$ref": "#/definitions/rule_href_mapping", and the previous array edges is replaced with a reference to "$ref": "#/definitions/rule_edges".
"rule_edges": {
"type": "array",
"description": "A list with a placeholder for each requested source and destination pair",
"items": {
"type": "array",
"description": "A list with with a placeholder for each requested service
(per source and destination pair)",
"items": {
"type": "array",
"description": "A list of indexes of matching rules
(for each service per source and destination pair)",
"items": {
"type": "string",
"pattern": "^[0-9]+$"
}
}
}Before the release 23.5, the response was as follows:
Parameter | Description |
|---|---|
| The rules returned in the API response are rules with network_type (such as "0": { "href": "/orgs/14/sec_policy/draft/rule_sets/21/sec_rules/220" }, "1": { "href": "/orgs/14/sec_policy/draft/rule_sets/21/sec_rules/223" }, "2": { "href": "/orgs/14/sec_policy/draft/rule_sets/21/sec_rules/237" } |
| [[["0", "1", "2"]]] |