search

rnwolfe / fmc-tools

A collection of tools for common tasks needed on the Cisco Firepower Management Center using a fork of the fireREST library.
39 stars 13 forks source link

application filter #2

Closed derekchung closed 5 years ago

derekchung commented 5 years ago

Adding application filter to the CSV output

rnwolfe commented 5 years ago

@derekchung This is a good add; however, the API doesn't appear to provide this data (at least as of FMC v6.2.3)

Here is the API response for an ACP Rule from FMC. This rule has an Application Filter applied, as well as an SGT and URL Category (which you can also see are not present in the response):

{
  "action": "ALLOW",
  "destinationNetworks": {
    "objects": [{
        "id": "0050568C-D66C-0ed3-0000-171798712676",
        "name": "some_dest",
        "type": "Host"
      },
      {
        "id": "0050568C-D66C-0ed3-0000-171798696020",
        "name": "172_Private",
        "type": "Network"
      }
    ]
  },
  "destinationPorts": {
    "objects": [{
      "id": "1834e5f0-38bb-11e2-86aa-62f0c593a59a",
      "name": "Bittorrent",
      "protocol": "TCP",
      "type": "ProtocolPortObject"
    }]
  },
  "destinationZones": {
    "objects": [{
      "id": "8b59a038-7ecf-11e8-8f7e-9ede74934a97",
      "name": "services",
      "type": "SecurityZone"
    }]
  },
  "enabled": true,
  "id": "0050568C-D66C-0ed3-0000-000268437823",
  "links": {
    "self": "https://10.12.100.34/api/fmc_config/v1/domain/e276abec-e0f2-11e3-8169-6d9ed49b625f/policy/accesspolicies/0050568C-D66C-0ed3-0000-171798708124/accessrules/0050568C-D66C-0ed3-0000-000268437823"
  },
  "logBegin": true,
  "logEnd": true,
  "logFiles": false,
  "metadata": {
    "accessPolicy": {
      "id": "0050568C-D66C-0ed3-0000-171798708124",
      "name": "api-test-policy",
      "type": "AccessPolicy"
    },
    "category": "--Undefined--",
    "domain": {
      "id": "e276abec-e0f2-11e3-8169-6d9ed49b625f",
      "name": "Global",
      "type": "Domain"
    },
    "ruleIndex": 1,
    "section": "Mandatory",
    "timestamp": 1531777573973
  },
  "name": "test rule 1",
  "sendEventsToFMC": true,
  "sourceNetworks": {
    "objects": [{
        "id": "0050568C-D66C-0ed3-0000-171798712658",
        "name": "some_source",
        "type": "Host"
      },
      {
        "id": "0050568C-D66C-0ed3-0000-171798696038",
        "name": "192_Private",
        "type": "Network"
      }
    ]
  },
  "sourcePorts": {
    "objects": [{
      "id": "1834e5f0-38bb-11e2-86aa-62f0c593a59a",
      "name": "Bittorrent",
      "protocol": "TCP",
      "type": "ProtocolPortObject"
    }]
  },
  "sourceZones": {
    "objects": [{
      "id": "2cdc52d0-7ecf-11e8-8f7e-9ede74934a97",
      "name": "inside",
      "type": "SecurityZone"
    }]
  },
  "syslogConfig": {
    "id": "573468de-7f05-11e8-971f-b0981aec49c1",
    "name": "api-syslog-server",
    "type": "SyslogAlert"
  },
  "type": "AccessRule",
  "variableSet": {
    "id": "76fa83ea-c972-11e2-8be8-8e45bb1343c0",
    "name": "Default-Set",
    "type": "VariableSet"
  },
  "vlanTags": {}
}

Here's a screen cap of the rule for reference: image