FortiManager
FortiManager supports network operations use cases for centralized management, best practices compliance, and workflow automation to provide better protection against breaches.
mrafat
Staff
Staff
Article Id 305632
Description

This article describes how to Retrieve Application and IPS signatures using API calls.

Scope

FortiManager-VM, FortiManager appliances.

Solution

Prerequisites:

  • Get the session ID needed for the upcoming requests as per the below article:

Technical Tip: Using FortiManager API.

 

  1. Now that the Session ID is obtained, complete the request for retrieving the IPS Signature.
  2. Below is the Request and expected response, where:
  • The ADOM is: root.

 

Request:

 

{

    "id": "1",

    "method": "get",

    "params": [

        {

            

            "url": "pm/config/adom/root/_rule/list"

        }

    ],

    "session": "49eUkdSQlcuILrwX/7I1vQSfLAU6GWpekp4iyh0TdPcqJ21mGapKtNaPyk3a+iJkyF13dVRJGy0QuqVSiUD5tg=="

}

 

Response:

 

{

    "result": [

        {

            "data": [

                {

                    "action": "block",

                    "application": "SCADA",

                    "cve": "",

                    "cve_lf": "",

                    "database": 4,

                    "date": "20220502",

                    "group": "SCADA",

                    "location": "server,client",

                    "log": "",

                    "log-packet": "",

                    "name": "10-Strike.LANState.Local.Buffer.Overflow.Exploit",

                    "os": "Windows",

                    "rate-count": "",

                    "rate-duration": "",

                    "rate-mode": "",

                    "rate-track": "",

                    "rev": "13518",

                    "rule-id": 47306,

                    "service": "TCP,HTTP,FTP,SMTP,POP3,IMAP,NNTP",

                    "severity": "medium",

                    "status": "enable",

                    "vuln_type": "Buffer Errors"

                },..etc

 

  1. To retrieve the application Signatures from the below FortiManager is the API Request:

 

Request:

 

{

    "id": "1",

    "method": "get",

    "params": [

        {

            

            "url": "pm/config/adom/root/obj/_application/list"

        }

    ],

    "session": "49eUkdSQlcuILrwX/7I1vQSfLAU6GWpekp4iyh0TdPcqJ21mGapKtNaPyk3a+iJkyF13dVRJGy0QuqVSiUD5tg=="

}

 

Response:

 

{

    "result": [

        {

            "data": [

                {

                    "behavior": "",

                    "casi": "",

                    "cat-id": "21",

                    "category": "Email",

                    "database": 1,

                    "id": 16554,

                    "language": "Chinese",

                    "name": "126.Mail",

                    "parameter": "",

                    "popularity": "4",

                    "protocol": "1.TCP,9.HTTP,26.SSL",

                    "require_ssl_di": "No",

                    "risk": "3",

                    "shaping": "",

                    "technology": "1.Browser-Based",

                    "vendor": "9.Netease",

                    "weight": ""

                },

                {

                    "behavior": "5.Excessive-Bandwidth",

                    "casi": "",

                    "cat-id": "5",

                    "category": "Video/Audio",

                    "database": 1,

                    "id": 38614,

                    "language": "Chinese",

                    "name": "1kxun",

                    "parameter": "",

                    "popularity": "4",

                    "protocol": "1.TCP,9.HTTP,26.SSL",

                    "require_ssl_di": "No",

                    "risk": "3",

                    "shaping": "",

                    "technology": "2.Client-Server",

                    "vendor": "0.Other",

                    "weight": ""

                },…etc

 

Note that the message output is truncated here for better visibility of the article.

 

Troubleshooting:

 

The following commands can be used on the FortiManager CLI to debug the API Calls:

 

diagnose debug service httpd 255

diagnose debug service main 255

 

Related articles: