Firepower Management Center REST API Submit Snort Rules

Answered Question
Mar 14th, 2017
User Badges:

Greetings Cisco Community,


I am looking to automate the process of adding intrusion rules to a Firepower device (FMC version 6.2.0). I was hoping to be able to use the REST API for this purpose, but looking through the documentation, it's unclear to me whether this action is supported.

Is adding Snort rules via the REST API supported? I apologize if I've overlooked something obvious.


Thanks in advance,

J

Correct Answer by neipatel about 3 months 1 week ago

J,

Today it is not possible to modify or Tune IPS policy with the REST API. To add and adjust Snort rules in Firepower Management Center you must use the UI. 

All you can do with the API and identify and IPS policy and apply it to to rules.

Regards,

Neil

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
Correct Answer
neipatel Tue, 03/14/2017 - 09:43
User Badges:
  • Cisco Employee,

J,

Today it is not possible to modify or Tune IPS policy with the REST API. To add and adjust Snort rules in Firepower Management Center you must use the UI. 

All you can do with the API and identify and IPS policy and apply it to to rules.

Regards,

Neil

jfeild001 Tue, 03/14/2017 - 09:54
User Badges:

Neil,

Thank you very much for your quick reply and the clarification!

-J

nwilu0001 Fri, 05/19/2017 - 05:25
User Badges:

Hi Neil,


Following on from your response, would it possible to export the SNORT rules using the API?

neipatel Fri, 05/19/2017 - 05:58
User Badges:
  • Cisco Employee,

nwilu0001,

It is not possible to export the SNORT signature contents for a specific IPS rule with the API. It is only possible to identify and apply the Rule as a whole (By name and system generated GUID) with the API. For visibility into the rule you would again have to use the UI.


Regards,

Neil

Actions

This Discussion