Description |
This article describes how to Retrieve Application and IPS signatures using API calls. |
Scope |
FortiManager-VM, FortiManager appliances. |
Solution |
Prerequisites:
Technical Tip: Using FortiManager API.
Request:
{ "id": "1", "method": "get", "params": [ {
"url": "pm/config/adom/root/_rule/list" } ], "session": "49eUkdSQlcuILrwX/7I1vQSfLAU6GWpekp4iyh0TdPcqJ21mGapKtNaPyk3a+iJkyF13dVRJGy0QuqVSiUD5tg==" }
Response:
{ "result": [ { "data": [ { "action": "block", "application": "SCADA", "cve": "", "cve_lf": "", "database": 4, "date": "20220502", "group": "SCADA", "location": "server,client", "log": "", "log-packet": "", "name": "10-Strike.LANState.Local.Buffer.Overflow.Exploit", "os": "Windows", "rate-count": "", "rate-duration": "", "rate-mode": "", "rate-track": "", "rev": "13518", "rule-id": 47306, "service": "TCP,HTTP,FTP,SMTP,POP3,IMAP,NNTP", "severity": "medium", "status": "enable", "vuln_type": "Buffer Errors" },..etc
Request:
{ "id": "1", "method": "get", "params": [ {
"url": "pm/config/adom/root/obj/_application/list" } ], "session": "49eUkdSQlcuILrwX/7I1vQSfLAU6GWpekp4iyh0TdPcqJ21mGapKtNaPyk3a+iJkyF13dVRJGy0QuqVSiUD5tg==" }
Response:
{ "result": [ { "data": [ { "behavior": "", "casi": "", "cat-id": "21", "category": "Email", "database": 1, "id": 16554, "language": "Chinese", "name": "126.Mail", "parameter": "", "popularity": "4", "protocol": "1.TCP,9.HTTP,26.SSL", "require_ssl_di": "No", "risk": "3", "shaping": "", "technology": "1.Browser-Based", "vendor": "9.Netease", "weight": "" }, { "behavior": "5.Excessive-Bandwidth", "casi": "", "cat-id": "5", "category": "Video/Audio", "database": 1, "id": 38614, "language": "Chinese", "name": "1kxun", "parameter": "", "popularity": "4", "protocol": "1.TCP,9.HTTP,26.SSL", "require_ssl_di": "No", "risk": "3", "shaping": "", "technology": "2.Client-Server", "vendor": "0.Other", "weight": "" },…etc
Note that the message output is truncated here for better visibility of the article.
Troubleshooting:
The following commands can be used on the FortiManager CLI to debug the API Calls:
diagnose debug service httpd 255 diagnose debug service main 255
Related articles:
|