Description |
This article describes how to Retrieve Application and IPS signatures using API calls. |
Scope |
FortiManager-VM, FortiManager appliances. |
Solution |
Prerequisites:
Technical Tip: Using FortiManager API
Request:
{ "id": "1", "method": "get", "params": [ {
"url": "pm/config/adom/root/_rule/list" } ], "session": "49eUkdSQlcuILrwX/7I1vQSfLAU6GWpekp4iyh0TdPcqJ21mGapKtNaPyk3a+iJkyF13dVRJGy0QuqVSiUD5tg==" }
Response:
{ "result": [ { "data": [ { "action": "block", "application": "SCADA", "cve": "", "cve_lf": "", "database": 4, "date": "20220502", "group": "SCADA", "location": "server,client", "log": "", "log-packet": "", "name": "10-Strike.LANState.Local.Buffer.Overflow.Exploit", "os": "Windows", "rate-count": "", "rate-duration": "", "rate-mode": "", "rate-track": "", "rev": "13518", "rule-id": 47306, "service": "TCP,HTTP,FTP,SMTP,POP3,IMAP,NNTP", "severity": "medium", "status": "enable", "vuln_type": "Buffer Errors" },..etc
Request:
{ "id": "1", "method": "get", "params": [ {
"url": "pm/config/adom/root/obj/_application/list" } ], "session": "49eUkdSQlcuILrwX/7I1vQSfLAU6GWpekp4iyh0TdPcqJ21mGapKtNaPyk3a+iJkyF13dVRJGy0QuqVSiUD5tg==" }
Response:
{ "result": [ { "data": [ { "behavior": "", "casi": "", "cat-id": "21", "category": "Email", "database": 1, "id": 16554, "language": "Chinese", "name": "126.Mail", "parameter": "", "popularity": "4", "protocol": "1.TCP,9.HTTP,26.SSL", "require_ssl_di": "No", "risk": "3", "shaping": "", "technology": "1.Browser-Based", "vendor": "9.Netease", "weight": "" }, { "behavior": "5.Excessive-Bandwidth", "casi": "", "cat-id": "5", "category": "Video/Audio", "database": 1, "id": 38614, "language": "Chinese", "name": "1kxun", "parameter": "", "popularity": "4", "protocol": "1.TCP,9.HTTP,26.SSL", "require_ssl_di": "No", "risk": "3", "shaping": "", "technology": "2.Client-Server", "vendor": "0.Other", "weight": "" },…etc
Note that the message output is truncated here for better visibility of the article.
Troubleshooting: The below commands can be used on FortiMAnager CLI to debug the API Calls:
diagnose debug service httpd 255 diagnose debug service main 255
Related articles: Technical Tip: Deleting of an object using FortiManager API Technical Tip: Deleting of an object using FortiManager API calls Technical Tip: Getting Revision History for FortiGates and reverting them using FMG API Calls |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.