| Solution |
Prerequisites:
- Get the session ID needed for the upcoming requests as per the below article:
Technical Tip: Using FortiManager API
- Now that the Session ID is obtained, do the request for retrieving the IPS Signature.
- Below is the Request and expected response, where:
Request:
{
"id": "1",
"method": "get",
"params": [
{
"url": "pm/config/adom/root/_rule/list"
}
],
"session": "49eUkdSQlcuILrwX/7I1vQSfLAU6GWpekp4iyh0TdPcqJ21mGapKtNaPyk3a+iJkyF13dVRJGy0QuqVSiUD5tg=="
}
Response:
{
"result": [
{
"data": [
{
"action": "block",
"application": "SCADA",
"cve": "",
"cve_lf": "",
"database": 4,
"date": "20220502",
"group": "SCADA",
"location": "server,client",
"log": "",
"log-packet": "",
"name": "10-Strike.LANState.Local.Buffer.Overflow.Exploit",
"os": "Windows",
"rate-count": "",
"rate-duration": "",
"rate-mode": "",
"rate-track": "",
"rev": "13518",
"rule-id": 47306,
"service": "TCP,HTTP,FTP,SMTP,POP3,IMAP,NNTP",
"severity": "medium",
"status": "enable",
"vuln_type": "Buffer Errors"
},..etc
- To retrieve the application Signatures from the below FortiManager is the API Request:
Request:
{
"id": "1",
"method": "get",
"params": [
{
"url": "pm/config/adom/root/obj/_application/list"
}
],
"session": "49eUkdSQlcuILrwX/7I1vQSfLAU6GWpekp4iyh0TdPcqJ21mGapKtNaPyk3a+iJkyF13dVRJGy0QuqVSiUD5tg=="
}
Response:
{
"result": [
{
"data": [
{
"behavior": "",
"casi": "",
"cat-id": "21",
"category": "Email",
"database": 1,
"id": 16554,
"language": "Chinese",
"name": "126.Mail",
"parameter": "",
"popularity": "4",
"protocol": "1.TCP,9.HTTP,26.SSL",
"require_ssl_di": "No",
"risk": "3",
"shaping": "",
"technology": "1.Browser-Based",
"vendor": "9.Netease",
"weight": ""
},
{
"behavior": "5.Excessive-Bandwidth",
"casi": "",
"cat-id": "5",
"category": "Video/Audio",
"database": 1,
"id": 38614,
"language": "Chinese",
"name": "1kxun",
"parameter": "",
"popularity": "4",
"protocol": "1.TCP,9.HTTP,26.SSL",
"require_ssl_di": "No",
"risk": "3",
"shaping": "",
"technology": "2.Client-Server",
"vendor": "0.Other",
"weight": ""
},…etc
Note that the message output is truncated here for better visibility of the article.
Troubleshooting:
The below commands can be used on FortiMAnager CLI to debug the API Calls:
diagnose debug service httpd 255
diagnose debug service main 255
Related articles:
Technical Tip: Deleting of an object using FortiManager API
Technical Tip: Deleting of an object using FortiManager API calls
Technical Tip: Getting Revision History for FortiGates and reverting them using FMG API Calls
Technical Tip: Getting Revision History for FortiGates and reverting them using FortiManager API Cal...
Technical Tip: How to install preview and review the output of the configuration changes using API ...
Technical Tip: How to install preview and review the output of the configuration changes using API i...
|
