On this page
Retrieving Rule Violations
The Rule Violation APIs allow you to retrieve data about cells in a USP that were not complainant with a specific rule. The API retrieves data based on each rule and each USP, and analyzes each source and destination zone to identify where there is a rule violation and the severity of the violation.
This API allows you to build queries to identify the following types of rule violation:
- Property Violations
- Flow Violations
- Traffic Violations
Rule violation API examples
Violations from a specific rule
The following query retrieves the names of USPs that violate Rule_1, the severity of the violation, and the display name of the violating device:
{
rules(filter: "name = 'Rule_1'") {
values {
name
violations {
usp {
name
}
ruleViolationSeverity
violationOrigin {
violatingDevice {
displayName
}
}
}
}
}
}
Output
{
"data": {
"rules": {
"values": [
{
"name": "Rule_1",
"violations": [
{
"usp": {
"name": "USP1"
},
"ruleViolationSeverity": "HIGH",
"violationOrigin": [
{
"violatingDevice": {
"displayName": "Panos_SA_249.210"
}
}
]
},
]
}
]
}
}
}
Rules that have not been used recently and have USP violations
The following example retrieves a list of rules that have not been used in the last month but violate a USP enforcement requirement. These rules may be candidates to decommission:
{
rules(filter: "timeLastHit before last month and violations.timeCreated exists") {
values {
name
timeLastHit}
}
}
Output
{
"data": {
"rules": {
"values": [
{
"name": "Rule 1",
"timeLastHit": "2018-12-16T00:00:00Z"
}
]
}
}
}
Was this helpful?
Thank you!
We’d love your feedback
We really appreciate your feedback
Send this page to a colleague