Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
3869
Views
0
Helpful
8
Replies

Firepower Management Center REST API Submit Snort Rules

Go to solution
jfeild001
Level 1
Level 1

‎03-14-2017 09:01 AM - edited ‎02-21-2020 06:02 AM

Greetings Cisco Community,

I am looking to automate the process of adding intrusion rules to a Firepower device (FMC version 6.2.0). I was hoping to be able to use the REST API for this purpose, but looking through the documentation, it's unclear to me whether this action is supported.

Is adding Snort rules via the REST API supported? I apologize if I've overlooked something obvious.

Thanks in advance,

J

0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
neipatel
Cisco Employee
Cisco Employee

‎03-14-2017 09:43 AM

J,

Today it is not possible to modify or Tune IPS policy with the REST API. To add and adjust Snort rules in Firepower Management Center you must use the UI. 

All you can do with the API and identify and IPS policy and apply it to to rules.

Regards,

Neil

View solution in original post

0 Helpful
8 Replies 8

Go to solution
neipatel
Cisco Employee
Cisco Employee

‎03-14-2017 09:43 AM

J,

Today it is not possible to modify or Tune IPS policy with the REST API. To add and adjust Snort rules in Firepower Management Center you must use the UI. 

All you can do with the API and identify and IPS policy and apply it to to rules.

Regards,

Neil

0 Helpful

Go to solution
jfeild001
Level 1
Level 1
In response to neipatel

‎03-14-2017 09:54 AM

Neil,

Thank you very much for your quick reply and the clarification!

-J

0 Helpful

Go to solution
nwilu0001
Level 1
Level 1

‎05-19-2017 05:25 AM

Hi Neil,

Following on from your response, would it possible to export the SNORT rules using the API?

0 Helpful

Go to solution
neipatel
Cisco Employee
Cisco Employee
In response to nwilu0001

‎05-19-2017 05:58 AM

nwilu0001,

It is not possible to export the SNORT signature contents for a specific IPS rule with the API. It is only possible to identify and apply the Rule as a whole (By name and system generated GUID) with the API. For visibility into the rule you would again have to use the UI.

Regards,

Neil

0 Helpful

Go to solution
nwilu0001
Level 1
Level 1
In response to neipatel

‎05-19-2017 07:26 AM

Thank you for replying so quickly Neil.

0 Helpful

Go to solution
fredymaiz84543
Level 1
Level 1

‎12-25-2019 03:34 AM

Hello,

any updates on the subject?

is there an option to upload Snort rules to the FMC using API?

is there a road map for the functionality?

 

 

0 Helpful

Go to solution
kbliss
Level 1
Level 1

‎09-02-2022 07:56 AM

I am curious how this has changed in version 7. I know that I can get the intrusion rules using the FMC API now. It appears that I can also modify rules. Is there the ability to install local rules in bulk using the FMC API now? 

0 Helpful

Go to solution
osanniko
Cisco Employee
Cisco Employee
In response to kbliss

‎01-16-2024 07:21 AM

There is a newer API that allows to create custom snort 3 rules within FMC. You can find it under /object/intrusionrules in FMC API explorer.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card