Add rule documentation for allowing rules
You can add rule documentation to the allowing (and partially allowing) device rules for a change request.
You can access these rules and add documentation to them with your own custom scrip. The initial plan results are returned in XML format, and the validation results are returned in JSON format.
Add rule documentation
Do the following:
-
If you want to add rule documentation to allowing rules found in the initial plan query, configure FireFlow to store the allowing rules from the initial plan query. See Enabling/Disabling Storing Allowing Rules From the Initial Plan Query (see Enabling/Disabling Storing Allowing Rules from the Initial Plan Query).
For each change request, after Initial Planning, the allowing rules found in the initial plan query will be stored in FireFlow.
Note: If you want to add rule documentation to allowing rules found in the validation query, no FireFlow configuration is required. FireFlow always stores the allowing rules found in the change validation query.
-
Write a scrip to access the desired FireFlow field (see below) to get the list of rules, iterate them, and use the rule documentation API to add the rule documentation.
For allowing rules from the... Access this FireFlow field... Inital plan query
Initial Plan Results
Validation query
Validation Results
Both fields can be obtained from the ticket object. Once obtained, the initial plan results can be easily parsed as XML (see the example output below). The change validation results are in less readable JSON format. Therefore, they have a function that assists parsing the result which is Ticket_Vendor::getAllowingRulesFromValidation.
Allowing rules output format
For rules on Cisco devices, the rule ID will be in the HexUID field in the hash. All other brand's rule IDs will be in the UID field.
In the initial plan results, all the hash keys are lower-case, and in the validation results they are upper-case. For example, in the initial plan results, "uid" will appear as "uid", and in the validation results, "uid" will appear as "UID".
For more details, see:
For additional assistance, contact AlgoSec Professional Services.
Initial plan allowing rules example
<firewall data_time="installed-2013-06-10-113342" dst_default_routed="0" name="10_20_110_1" src_default_routed="1" status="Partially Blocked">
<allowRules>
<rule hexuid="" num="51" rule_name="" uid="nantest2" url="orig_rules.html?row=rule_nantest2" />
<rule hexuid="" num="59" rule_name="" uid="yaara_tmp_2" url="orig_rules.html?row=rule_yaara_tmp_2" />
<rule hexuid="" num="36" rule_name="" uid="ssh_access" url="orig_rules.html?row=rule_ssh_access" />
</allowRules>
<report receiveddate="2013-05-24 09:46:44" reportname="afa-6136" />
</firewall>
Validation allowing rules example
$VAR1 = [
{
'URL' => 'orig_rules.html?row=rule_20',
'UID' => '{C39F56C5-F985-4AD1-A0BE-B5162603FAD7}',
'Comment' => 'FireFlow #230FireFlow #954',
'Destination' => [
'a_10.110.17.82',
'a_10.110.17.66'
],
'Service' => [
'ftp'
],
'Number' => '20',
'Action' => 'accept',
'Application' => [],
'HexUID' => undef,
'Class' => 'FireFlow::WorkOrder::WorkOrderTrafficRule',
'Source' => [
'a_10.10.17.5'
],
'Name' => undef,
'DisplayId' => '20'
},
{
'URL' => 'orig_rules.html?row=rule_6',
'UID' => '{A0A2DD57-D0E6-4BDA-8EC3-59927B078228}',
'Comment' => '',
'Destination' => [
'Any'
],
'Service' => [
'Kaos'
],
'Number' => '6',
'Action' => 'accept',
'Application' => [],
'HexUID' => undef,
'Class' => 'FireFlow::WorkOrder::WorkOrderTrafficRule',
'Source' => [
'Any'
],
'Name' => undef,
'DisplayId' => '6'
},
Yes 
No 
