The Firewall Rule object represents a specific rule within a firewall policy or event. It contains information about a rule’s configuration, properties, and associated actions that define how network traffic is handled by the firewall.
- Extends:
rule
Attributes
Section titled “Attributes”name
- Type:
string_t - Requirement: recommended
The name of the rule that generated the event.
uid
- Type:
string_t - Requirement: recommended
The unique identifier of the rule that generated the event.
category
- Type:
string_t - Requirement: optional
The rule category.
condition
- Type:
string_t - Requirement: optional
The rule trigger condition for the rule. For example: SQL_INJECTION.
desc
- Type:
string_t - Requirement: optional
The description of the rule that generated the event.
duration
- Type:
long_t - Requirement: optional
The rule response time duration, usually used for challenge completion time.
match_details
- Type:
string_t - Requirement: optional
The data in a request that rule matched. For example: ’[“10”,“and”,“1”]’.
match_location
- Type:
string_t - Requirement: optional
The location of the matched data in the source which resulted in the triggered firewall rule. For example: HEADER.
rate_limit
- Type:
integer_t - Requirement: optional
The rate limit for a rate-based rule.
sensitivity
- Type:
string_t - Requirement: optional
The sensitivity of the firewall rule in the matched event. For example: HIGH.
type
- Type:
string_t - Requirement: optional
The rule type.
version
- Type:
string_t - Requirement: optional
The rule version. For example: 1.1.
Constraints
Section titled “Constraints”At least one of: name, uid
Used By
Section titled “Used By”account_changeadmin_group_queryairborne_broadcast_activityapi_activityapplication_errorapplication_lifecycleapplication_security_posture_findingauthenticationauthorize_sessionbase_eventcloud_resources_inventory_infocompliance_findingconfig_statedata_security_findingdatastore_activitydetection_findingdevice_config_state_changedhcp_activitydns_activitydrone_flights_activityemail_activityemail_file_activityemail_url_activityentity_managementevent_log_actvityevidence_infofile_activityfile_hostingfile_queryfile_remediation_activityfolder_queryftp_activitygroup_managementhttp_activityiam_analysis_findingincident_findinginventory_infojob_querykernel_activitykernel_extension_activitykernel_object_querymemory_activitymodule_activitymodule_querynetwork_activitynetwork_connection_querynetwork_file_activitynetwork_remediation_activitynetworks_queryntp_activityosint_inventory_infopatch_stateperipheral_device_queryprocess_activityprocess_queryprocess_remediation_activityrdp_activityremediation_activityscan_activityscheduled_job_activityscript_activitysecurity_findingservice_querysession_querysmb_activitysoftware_infossh_activitystartup_item_querytunnel_activityuser_accessuser_inventoryuser_queryvulnerability_findingweb_resource_access_activityweb_resources_activitywin/prefetch_querywin/registry_key_activitywin/registry_key_querywin/registry_value_activitywin/registry_value_querywin/windows_resource_activitywin/windows_service_activity