Rule operations
This section describes the adapter request and responses for the Rule operations.
Tip
Use the <items>
XML element when you call an adapter from an out-of-the-box process in TrueSight Orchestration Development Studio. Use the adapter request XML when you create a custom process by using the Call Adapter activity in TrueSight Orchestration Development Studio.
Import Rules
Imports a set of rules to the server based on the specified parameters. The import process works in the same manner as running a Rule Import from the GUI. You can use any of the following options while importing a rule:
- Import an existing rule with a Rule Set Name
- Import a rule with a new Rule Set Name
- Import a rule by overwriting an existing rule
The following table describes the input elements for the <items>
XML for the operation.
Elements for the <items>
XML element
Element | Description | Required |
---|---|---|
| Specifies the name to be given to the import task | Optional |
| Contains the <element> tag that contains the parameters required or to be used while importing rules | Yes |
| Contains additional parameters to be used while importing rules | Yes |
| Specifies a comment or remark about the import task | Optional |
| Contains one or more application models that the rule grammar supports, in an XML format. | Optional |
| Contains one or more trails to which the rule applies | Optional |
<cve-i-ds> | Contains one or more Common Vulnerabilities and Exposures ID (CVE ID) values to indicate the vulnerabilities that the rule monitors. | Optional |
| Specifies the GUID for the device. If you want to import all devices, or if the option should be all, do not specify any value. Specify an empty | Optional |
| Specifies the domain related information. Specify an empty element if you want to set the default values for the domain.
Default <domain> configuration
| Optional |
| Specifies any dynamic fields assigned by the user, in a name-value format.
Example
| Yes |
| Specifies any excluded group name filters, in a name-value format. | Optional |
<excluded-spans> | Specifies the excluded spans, if any. | Optional |
<max-release> | Specifies the maximum release range of the operating system based on the version. If you do not select the range, then you must specify the
Example
| Conditional |
<min-release> | Specifies the minimum release range of the operating system based on the version. If you do not select the range, then you must specify the
Example
| Conditional; required if <os-image-name-patterns > is not specified |
<name> | Specifies the name of the new rule. | Yes |
<os-image-name-patterns> | Specifies the image name patterns based on the operating system. | Conditional; required if <max-release> and <min-release> are not specified |
<create-new-rule-set> | Specifies whether to create a new rule set. Valid values: true, false | Yes |
<rule-set-key> | Specifies whether to use an existing rule set key. If | Conditional |
<rule-set-name> | If <create-new-rule-set> is true, specify a new rule set name. | Conditional |
<subject> | Specifies the input details for defining rule grammar.
Example
| Conditional |
<substitution-validation> | Specifies whether to use substitutions parameters. Valid values: true, false (default) | Optional |
<trigger> | Specifies the trigger pattern and scope to be used. Trigger is used to get values from the command line to be used in evaluating the rule.
Example
| Optional |
<violation-severity> | Specifies the violation severity level. Valid values:
| Optional |
<overwrite-existing-flag> | Specifies whether to overwrite existing rule parameters or create a new rule with a given input. Valid values: true, false If true, provide an existing rule name. | Yes |
The following figure shows a sample <items>
XML element for the operation.
<items>
XML element for the operation
<items>
<item>
<parameters>
<import-task-name>task1</import-task-name>
<rules>
<element>
<!--Optional:-->
<annotation>a</annotation>
<applicable-models>
<!--Zero or more repetitions:-->
<element>foo</element>
<element>bar</element>
</applicable-models>
<applicable-trails>
<!--Zero or more repetitions:-->
<element>foo</element>
<element>bar</element>
</applicable-trails>
<cve-i-ds>
<!--Zero or more repetitions:-->
<element>foo</element>
<element>bar</element>
</cve-i-ds>
<!--Optional:-->
<device-type-guid>a</device-type-guid>
<!-- optional -->
<!-- you must provide empty domain element if you want to set the default domain value i.e. entire configuration -->
<domain>
<begin>
<key>a</key>
<regex>true</regex>
<string>a</string>
</begin>
<begin-inclusive>true</begin-inclusive>
<begins>
<element>
<key>a</key>
<regex>true</regex>
<string>a</string>
</element>
<element>
<key>b</key>
<regex>false</regex>
<string>b</string>
</element>
</begins>
<case-sensitive>true</case-sensitive>
<delete-empty-blocks>true</delete-empty-blocks>
<distinct-end-lines>true</distinct-end-lines>
<domain-sub-type>1</domain-sub-type>
<end>
<key>a</key>
<regex>true</regex>
<string>a</string>
</end>
<ends>
<element>
<key>a</key>
<regex>true</regex>
<string>a</string>
</element>
<element>
<key>b</key>
<regex>false</regex>
<string>b</string>
</element>
</ends>
<excess>a</excess>
<exclude-pattern>a</exclude-pattern>
<exclude-trigger>true</exclude-trigger>
<frequency>1</frequency>
<ignore-comments>true</ignore-comments>
<ignore-e-o-l>true</ignore-e-o-l>
<include-pattern>a</include-pattern>
<interior-exclude>a</interior-exclude>
<interior-include>a</interior-include>
<key>a</key>
</domain>
<!--Zero or more repetitions:-->
<!-- User assigned dynamic fields -->
<dynamic-fields>
<element>
<name>a</name>
<values>
<element>foo</element>
<element>bar</element>
</values>
</element>
</dynamic-fields>
<excluded-group-name-filters>
<element>
<name>a</name>
<value>a</value>
</element>
<element>
<name>b</name>
<value>b</value>
</element>
</excluded-group-name-filters>
<excluded-spans>
<element>foo</element>
<element>bar</element>
</excluded-spans>
<max-release>
<build>a</build>
<major>a</major>
<minor>a</minor>
</max-release>
<min-release>
<build>a</build>
<major>a</major>
<minor>a</minor>
</min-release>
<name>a</name>
<os-image-name-patterns>
<element>foo</element>
<element>bar</element>
</os-image-name-patterns>
<!-- Valid rule set key -->
<rule-set-key>a</rule-set-key>
<!-- provide new rule set name when create-new-rule-set set to true -->
<rule-set-name>a</rule-set-name>
<!-- input for subject related parameters -->
<subject>
<case-sensitive>true</case-sensitive>
<collection>
<element>foo</element>
<element>bar</element>
</collection>
<component-class-name>a</component-class-name>
<conjunction-flag>true</conjunction-flag>
<contiguous>true</contiguous>
<correction>a</correction>
<corrections>
<element>foo</element>
<element>bar</element>
</corrections>
<element>a</element>
<force-all-corrections>true</force-all-corrections>
<frequency>1</frequency>
<ignore-whitespace>true</ignore-whitespace>
<key>a</key>
<ordered>true</ordered>
<ordered-version-max>a</ordered-version-max>
<ordered-version-min>a</ordered-version-min>
<ordered-version-operator>1</ordered-version-operator>
<parsed-line-comparison-criteria>
<element>
<case-sensitive>true</case-sensitive>
<compare-to>
<element>foo</element>
<element>bar</element>
</compare-to>
<comparison-criteria-sub-type>1</comparison-criteria-sub-type>
<component-class-name>a</component-class-name>
<max>a</max>
<min>a</min>
<not>true</not>
<operator>1</operator>
</element>
<element>
<case-sensitive>false</case-sensitive>
<compare-to>
<element>foo</element>
<element>bar</element>
</compare-to>
<comparison-criteria-sub-type>2</comparison-criteria-sub-type>
<component-class-name>b</component-class-name>
<max>b</max>
<min>b</min>
<not>false</not>
<operator>2</operator>
</element>
</parsed-line-comparison-criteria>
<subject-sub-type>1</subject-sub-type>
</subject>
<substitution-validation>true</substitution-validation>
<trigger>
<case-sensitive>true</case-sensitive>
<key>a</key>
<pattern>a</pattern>
<scope>1</scope>
</trigger>
<violation-severity>1</violation-severity>
</element>
</rules>
<!-- flag whether to overwrite existing rule parameters or create new rule with given input, if set to true then valid existing rule name must be provided -->
<overwrite-existing-flag>true</overwrite-existing-flag>
<!-- Flag whether to create new rule set or use existing rule set while importing rule -->
<create-new-rule-set>true</create-new-rule-set>
</parameters>
</item>
</items>
The following table describes the input elements for the adapter request.
Input elements for the adapter request
Input | Description | Type | Required |
---|---|---|---|
adapter name | Specifies the name of the adapter to use to run the request. Default value: BCANActor | String | No |
items | Specifies the | XML | Yes |
connection parameters | Contains the additional connection parameters required for the adapter to connect to TrueSight Network Automation.
Example
Contains the following child elements:
| XML | No |
The following figure shows a sample adapter request for the operation.
Sample adapter request for the operation
<bmc-configuration-automation-networks-request>
<entity>rule</entity>
<request>
<operation-name>import-rules</operation-name>
<parameters>
<import-task-name>AO_TSNAUserTask1</import-task-name>
<rules>
<element>
<annotation>AO_TSNAUserAnnotate</annotation>
<applicable-trails>
<element>1D168B48-15CC-416E-AB4A-88E2E7104E2D</element>
<element>A54C1607-4E71-46A4-A30E-E373A0A44325</element>
<element>294DA341-E2E1-43CE-9E2E-54634CCC228D</element>
<element>02C89A1F-A5D2-44B0-AE1E-B714EB0E3FAF</element>
<element>4220A707-8D57-4F12-BD47-601A17DE32F3</element>
</applicable-trails>
<device-type-guid>BE2B2D21-1CAA-53C3-05C3-CBB0A5D151B8</device-type-guid>
<domain>
<begin-inclusive>false</begin-inclusive>
<case-sensitive>true</case-sensitive>
<delete-empty-blocks>false</delete-empty-blocks>
<distinct-end-lines>false</distinct-end-lines>
<domain-sub-type>0</domain-sub-type>
<excess />
<exclude-trigger>true</exclude-trigger>
<ignore-comments>true</ignore-comments>
<ignore-e-o-l>false</ignore-e-o-l>
</domain>
<dynamic-fields>
<element>
<name>Category</name>
<values>
<element>Security</element>
</values>
</element>
</dynamic-fields>
<max-release>
<build>*</build>
<major>*</major>
<minor>*</minor>
</max-release>
<min-release>
<build>*</build>
<major>*</major>
<minor>*</minor>
</min-release>
<name>AO_TSNAUserFromAdapter1</name>
<rule-set-key>1744721856-1722</rule-set-key>
<rule-set-name>AO_TSNAUser1</rule-set-name>
<subject>
<case-sensitive>false</case-sensitive>
<collection />
<component-class-name>com.bmc.bcan.engine.network.compliancy.Subject</component-class-name>
<conjunction-flag>true</conjunction-flag>
<contiguous>false</contiguous>
<corrections />
<element>AO_TSNAUser</element>
<force-all-corrections>false</force-all-corrections>
<frequency>2</frequency>
<ignore-whitespace>true</ignore-whitespace>
<key>1202709354-1722</key>
<ordered>false</ordered>
<ordered-version-operator>0</ordered-version-operator>
<parsed-line-comparison-criteria />
<subject-sub-type>4</subject-sub-type>
</subject>
<substitution-validation>true</substitution-validation>
<trigger>
<case-sensitive>false</case-sensitive>
<pattern>TestAO_TSNAUser1</pattern>
</trigger>
<violation-severity>5</violation-severity>
</element>
</rules>
<overwrite-existing-flag>false</overwrite-existing-flag>
<create-new-rule-set>false</create-new-rule-set>
</parameters>
</request>
</bmc-configuration-automation-networks-request>
The following figure shows a sample adapter request when the <create-new-rule-set>
is set to true, and the <overwrite-existing-flag>
is set to false.
Note
By default, the new rule set that you create using the Import Rules API is in a disabled state. You must enable the new rule manually in TrueSight Network Automation.
<bmc-configuration-automation-networks-request>
<entity>rule</entity>
<request>
<operation-name>import-rules</operation-name>
<parameters>
<import-task-name>AO_TSNAUserTask2NRStrue</import-task-name>
<rules>
<element>
<annotation>AO_TSNAUserAnnotateNRSTrue</annotation>
<applicable-trails>
<element>1D168B48-15CC-416E-AB4A-88E2E7104E2D</element>
<element>A54C1607-4E71-46A4-A30E-E373A0A44325</element>
<element>294DA341-E2E1-43CE-9E2E-54634CCC228D</element>
<element>02C89A1F-A5D2-44B0-AE1E-B714EB0E3FAF</element>
<element>4220A707-8D57-4F12-BD47-601A17DE32F3</element>
</applicable-trails>
<device-type-guid>BE2B2D21-1CAA-53C3-05C3-CBB0A5D151B8</device-type-guid>
<domain>
<begin-inclusive>false</begin-inclusive>
<case-sensitive>true</case-sensitive>
<delete-empty-blocks>false</delete-empty-blocks>
<distinct-end-lines>false</distinct-end-lines>
<domain-sub-type>0</domain-sub-type>
<excess />
<exclude-trigger>true</exclude-trigger>
<ignore-comments>true</ignore-comments>
<ignore-e-o-l>false</ignore-e-o-l>
</domain>
<dynamic-fields>
<element>
<name>Category</name>
<values>
<element>Security</element>
</values>
</element>
</dynamic-fields>
<max-release>
<build>*</build>
<major>*</major>
<minor>*</minor>
</max-release>
<min-release>
<build>*</build>
<major>*</major>
<minor>*</minor>
</min-release>
<name>AO_TSNAUserFromAdapter2NRTTrue</name>
<rule-set-name>AO_TSNAUser123NRSTrue1</rule-set-name>
<subject>
<case-sensitive>false</case-sensitive>
<collection />
<component-class-name>com.bmc.bcan.engine.network.compliancy.Subject</component-class-name>
<conjunction-flag>true</conjunction-flag>
<contiguous>false</contiguous>
<corrections />
<element>AO_TSNAUser</element>
<force-all-corrections>false</force-all-corrections>
<frequency>2</frequency>
<ignore-whitespace>true</ignore-whitespace>
<key>1202709354-1722</key>
<ordered>false</ordered>
<ordered-version-operator>0</ordered-version-operator>
<parsed-line-comparison-criteria />
<subject-sub-type>4</subject-sub-type>
</subject>
<substitution-validation>true</substitution-validation>
<trigger>
<case-sensitive>false</case-sensitive>
<pattern>TestAO_TSNAUser1</pattern>
</trigger>
<violation-severity>5</violation-severity>
</element>
</rules>
<overwrite-existing-flag>false</overwrite-existing-flag>
<create-new-rule-set>true</create-new-rule-set>
</parameters>
</request>
</bmc-configuration-automation-networks-request>
The following figure shows a sample adapter request when the <create-new-rule-set>
is set to false, and the <overwrite-existing-flag>
is set to true.
<bmc-configuration-automation-networks-request>
<entity>rule</entity>
<request>
<operation-name>import-rules</operation-name>
<parameters>
<import-task-name>AO_TSNAUserTask1</import-task-name>
<rules>
<element>
<annotation>AO_TSNAUserAnnotate</annotation>
<applicable-trails>
<element>1D168B48-15CC-416E-AB4A-88E2E7104E2D</element>
<element>A54C1607-4E71-46A4-A30E-E373A0A44325</element>
<element>294DA341-E2E1-43CE-9E2E-54634CCC228D</element>
<element>02C89A1F-A5D2-44B0-AE1E-B714EB0E3FAF</element>
<element>4220A707-8D57-4F12-BD47-601A17DE32F3</element>
</applicable-trails>
<device-type-guid>BE2B2D21-1CAA-53C3-05C3-CBB0A5D151B8</device-type-guid>
<domain>
<begin-inclusive>false</begin-inclusive>
<case-sensitive>true</case-sensitive>
<delete-empty-blocks>false</delete-empty-blocks>
<distinct-end-lines>false</distinct-end-lines>
<domain-sub-type>0</domain-sub-type>
<excess />
<exclude-trigger>true</exclude-trigger>
<ignore-comments>true</ignore-comments>
<ignore-e-o-l>false</ignore-e-o-l>
</domain>
<dynamic-fields>
<element>
<name>Category</name>
<values>
<element>Security</element>
</values>
</element>
</dynamic-fields>
<max-release>
<build>*</build>
<major>*</major>
<minor>*</minor>
</max-release>
<min-release>
<build>*</build>
<major>*</major>
<minor>*</minor>
</min-release>
<name>AO_TSNAUserFromAdapter1</name>
<rule-set-key>1744721856-1722</rule-set-key>
<rule-set-name>AO_TSNAUser1</rule-set-name>
<subject>
<case-sensitive>false</case-sensitive>
<collection />
<component-class-name>com.bmc.bcan.engine.network.compliancy.Subject</component-class-name>
<conjunction-flag>true</conjunction-flag>
<contiguous>false</contiguous>
<corrections />
<element>AO_TSNAUser</element>
<force-all-corrections>false</force-all-corrections>
<frequency>2</frequency>
<ignore-whitespace>true</ignore-whitespace>
<key>1202709354-1722</key>
<ordered>false</ordered>
<ordered-version-operator>0</ordered-version-operator>
<parsed-line-comparison-criteria />
<subject-sub-type>4</subject-sub-type>
</subject>
<substitution-validation>true</substitution-validation>
<trigger>
<case-sensitive>false</case-sensitive>
<pattern>TestAO_TSNAUser1</pattern>
</trigger>
<violation-severity>1</violation-severity>
</element>
</rules>
<overwrite-existing-flag>true</overwrite-existing-flag>
<create-new-rule-set>false</create-new-rule-set>
</parameters>
</request>
</bmc-configuration-automation-networks-request>
The following figure shows the adapter response for the request.
Adapter response for the request
<bmc-configuration-automation-networks-response>
<metadata>
<status>success</status>
</metadata>
<parameters>
<output>
<item-results>
<element>
<full-name>AO_TSNAUser1.AO_TSNAUserFromAdapter1</full-name>
<name>AO_TSNAUser1.AO_TSNAUserFromAdapter1</name>
<status>11</status>
</element>
</item-results>
<status>1</status>
<time-completed>1559547905997</time-completed>
</output>
</parameters>
</bmc-configuration-automation-networks-response>
The following table describes the output elements for the adapter request.
Output elements for the adapter request
Output | Description |
---|---|
output | Contains the following elements:
|
item-results | Contains the following elements that show the results of the operation.
|
status | Contains the overall status of the operation. If successful, shows the value as 1. If unsuccessful, appropriate error message is displayed. |
Get Rule
Returns a single rule based on the provided rule key. This method is typically used when the rule key is available from a previous call. For example, the rule key may be stored in a data file so this method is used to retrieve the rule Data Transfer Object (DTO) based on the stored rule key.
The following table describes the input elements for the <items>
XML for the operation.
Elements for the <items>
XML element
Element | Description | Required |
---|---|---|
<rule-key> | Specifies the rule for an existing rule. | Yes |
The following figure shows a sample <items>
XML element for the operation.
<items>
XML element for the operation
<items>
<item>
<parameters>
<rule-key>1744721856-175</rule-key>
</parameters>
</item>
</items>
The following table describes the input elements for the adapter request .
Input elements for the adapter request
Input | Description | Type | Required |
---|---|---|---|
adapter name | Specifies the name of the adapter to use to run the request. Default value: BCANActor | String | No |
items | Specifies the | XML | Yes |
connection parameters | Contains the additional connection parameters required for the adapter to connect to TrueSight Network Automation.
Example
Contains the following child elements:
| XML | No |
The following figure shows a sample adapter request for the operation.
Sample adapter request for the operation
<bmc-configuration-automation-networks-request>
<entity>rule</entity>
<request>
<operation-name>get-rule</operation-name>
<parameters>
<rule-key>1744721856-175</rule-key>
</parameters>
</request>
</bmc-configuration-automation-networks-request>
The following figure shows the adapter response for the request.
Adapter response for the request
<bmc-configuration-automation-networks-response>
<metadata>
<status>success</status>
</metadata>
<parameters>
<output>
<annotation></annotation>
<applicable-trails>
<element>1D168B48-15CC-416E-AB4A-88E2E7104E2D</element>
<element>02C89A1F-A5D2-44B0-AE1E-B714EB0E3FAF</element>
</applicable-trails>
<device-type-guid>BE2B2D21-1CAA-53C3-05C3-CBB0A5D151B8</device-type-guid>
<domain>
<begin>
<key>1222217842-73</key>
<regex>false</regex>
<string>interface ${device.External Primary}</string>
</begin>
<begin-inclusive>false</begin-inclusive>
<begins />
<case-sensitive>false</case-sensitive>
<delete-empty-blocks>false</delete-empty-blocks>
<distinct-end-lines>false</distinct-end-lines>
<domain-sub-type>1</domain-sub-type>
<end>
<key>1222217842-74</key>
<regex>true</regex>
<string>^\S+</string>
</end>
<ends />
<exclude-trigger>false</exclude-trigger>
<frequency>4</frequency>
<ignore-comments>true</ignore-comments>
<ignore-e-o-l>false</ignore-e-o-l>
<key>1783668442-175</key>
</domain>
<dynamic-fields>
<element>
<name>Category</name>
<values>
<element>Security</element>
</values>
</element>
</dynamic-fields>
<key>1744721856-175</key>
<max-release>
<build>*</build>
<major>*</major>
<minor>*</minor>
</max-release>
<min-release>
<build>*</build>
<major>*</major>
<minor>*</minor>
</min-release>
<name>Check OR</name>
<rule-set-key>888138471-7</rule-set-key>
<rule-set-name>CIS Level 2</rule-set-name>
<subject>
<case-sensitive>false</case-sensitive>
<collection />
<component-class-name>com.bmc.bcan.engine.network.compliancy.Subject</component-class-name>
<conjunction-flag>true</conjunction-flag>
<contiguous>false</contiguous>
<corrections />
<element>ip access-group (180|179) (out|in)</element>
<force-all-corrections>false</force-all-corrections>
<frequency>2</frequency>
<ignore-whitespace>false</ignore-whitespace>
<key>107121672-175</key>
<ordered>false</ordered>
<ordered-version-operator>0</ordered-version-operator>
<parsed-line-comparison-criteria />
<subject-sub-type>7</subject-sub-type>
</subject>
<substitution-validation>true</substitution-validation>
<violation-severity>5</violation-severity>
</output>
</parameters>
</bmc-configuration-automation-networks-response>
The following table describes the output elements for the request.
Output elements for the request
Output element | Description |
---|---|
adapter response | Contains the response in the <output> tag |
<output> | Contains the adapter response output, in XML. |
Get Rules
Returns a set of rules that match the provided filter.
The following table describes the input elements for the <items>
XML for the operation.
Elements for the <items>
XML element
Element | Description | Required |
---|---|---|
<rule-filter> | Contains the filters to find the rules that match the specified filters. | Yes |
<annotation> | Specifies a comment or remark about the rule. | No |
<dynamic-field-range> | Specifies the dynamic field range added with the rule component in TrueSight Network Automation.
Example
| No |
| Specifies any dynamic fields assigned by the user, in a name-value format. | No |
<activation-date> | Specifies the activation date for the rule.
Example
| No |
<applicable-security-context-type> | Specifies the applicable security context type for the rule. | No |
<contents-match> | Specifies the contents match property | No |
<cve-i-ds> | Specifies the common vulnerabilities and exceptions ID in the rule. | No |
<deactivation-date> | Specifies the deactivation date for the rule. | No |
<device-type-guid> | Specifies the device type GUID in the rule. | No |
| Specifies whether to exclude rules with all device types. | No |
| Specifies the filter for filtering the list which is matching with full name field. You can specify regex pattern as well to match the filter criteria. | No |
| Specifies the maximum release range of the operating system based on the version. | No |
<min-release> | Specifies the minimum release range of the operating system based on the version. | No |
The following figure shows a sample <items>
XML element for the operation.
<items>
XML element for the operation
<items>
<item>
<parameters>
<rule-filter>
<dynamic-field-range>
<!--Zero or more repetitions:-->
<element>
<dynamic-field-key-string>a</dynamic-field-key-string>
<range>
<key>a</key>
</range>
</element>
</dynamic-field-range>
<dynamic-fields>
<!--zero or more array elements follow-->
<element>
<name>a</name>
<value>a</value>
</element>
</dynamic-fields>
<activation-date>
<key>a</key>
<end-date>1559045452324</end-date>
<start-date>1559045452324</start-date>
<time-period-type-id>1</time-period-type-id>
</activation-date>
<applicable-security-context-type>1</applicable-security-context-type>
<contents-match>a</contents-match>
<correctables>
<!--zero or more array elements follow-->
<element>foo</element>
<element>bar</element>
</correctables>
<cve-i-ds>
<!--zero or more array elements follow-->
<element>foo</element>
<element>bar</element>
</cve-i-ds>
<deactivation-date>
<key>a</key>
<end-date>1559045452324</end-date>
<start-date>1559045452324</start-date>
<time-period-type-id>1</time-period-type-id>
</deactivation-date>
<device-type-guid>a</device-type-guid>
<exclude-rules-with-all-device-types>true</exclude-rules-with-all-device-types>
<full-name-match>a</full-name-match>
<max-release>
<build>a</build>
<major>a</major>
<minor>a</minor>
</max-release>
<min-release>
<build>a</build>
<major>a</major>
<minor>a</minor>
</min-release>
<name-match>a</name-match>
<rule-set-match>a</rule-set-match>
<severity>
<!--zero or more array elements follow-->
<element>foo</element>
<element>bar</element>
</severity>
<vendor-guid>a</vendor-guid>
</rule-filter>
</parameters>
</item>
</items>
The following table describes the input elements for the adapter request .
Input elements for the adapter request
Input | Description | Type | Required |
---|---|---|---|
adapter name | Specifies the name of the adapter to use to run the request. Default value: BCANActor | String | No |
items | Specifies the | XML | Yes |
connection parameters | Contains the additional connection parameters required for the adapter to connect to TrueSight Network Automation.
Example
Contains the following child elements:
| XML | No |
The following figure shows a sample adapter request using the <rule-set-match>
filter in the operation.
Sample adapter request for the operation
<bmc-configuration-automation-networks-request>
<entity>rule</entity>
<request>
<operation-name>get-rules</operation-name>
<parameters>
<rule-filter>
<rule-set-match>*AO_TSNAUser*</rule-set-match>
</rule-filter>
</parameters>
</request>
</bmc-configuration-automation-networks-request>
The following figure shows the adapter response for the request.
Adapter response for the request
<bmc-configuration-automation-networks-response>
<metadata>
<status>success</status>
</metadata>
<parameters>
<output>
<element>
<annotation>AO_TSNAUserAnnotate</annotation>
<applicable-trails>
<element>1D168B48-15CC-416E-AB4A-88E2E7104E2D</element>
<element>A54C1607-4E71-46A4-A30E-E373A0A44325</element>
<element>294DA341-E2E1-43CE-9E2E-54634CCC228D</element>
<element>02C89A1F-A5D2-44B0-AE1E-B714EB0E3FAF</element>
<element>4220A707-8D57-4F12-BD47-601A17DE32F3</element>
</applicable-trails>
<device-type-guid>BE2B2D21-1CAA-53C3-05C3-CBB0A5D151B8</device-type-guid>
<domain>
<begin-inclusive>false</begin-inclusive>
<begins />
<case-sensitive>true</case-sensitive>
<delete-empty-blocks>false</delete-empty-blocks>
<distinct-end-lines>false</distinct-end-lines>
<domain-sub-type>0</domain-sub-type>
<ends />
<excess></excess>
<exclude-trigger>true</exclude-trigger>
<ignore-comments>true</ignore-comments>
<ignore-e-o-l>false</ignore-e-o-l>
<key>1923716778-1729</key>
</domain>
<dynamic-fields>
<element>
<name>Category</name>
<values>
<element>Security</element>
</values>
</element>
</dynamic-fields>
<key>1744721856-1726</key>
<max-release>
<build>*</build>
<major>*</major>
<minor>*</minor>
</max-release>
<min-release>
<build>*</build>
<major>*</major>
<minor>*</minor>
</min-release>
<name>AO_TSNAUserFromAdapter1</name>
<rule-set-key>888138471-32</rule-set-key>
<rule-set-name>AO_TSNAUser1</rule-set-name>
<subject>
<case-sensitive>false</case-sensitive>
<collection />
<component-class-name>com.bmc.bcan.engine.network.compliancy.Subject</component-class-name>
<conjunction-flag>true</conjunction-flag>
<contiguous>false</contiguous>
<corrections />
<element>AO_TSNAUser</element>
<force-all-corrections>false</force-all-corrections>
<frequency>2</frequency>
<ignore-whitespace>true</ignore-whitespace>
<key>1202709354-1726</key>
<ordered>false</ordered>
<ordered-version-operator>0</ordered-version-operator>
<parsed-line-comparison-criteria />
<subject-sub-type>4</subject-sub-type>
</subject>
<substitution-validation>true</substitution-validation>
<trigger>
<case-sensitive>false</case-sensitive>
<key>546289367-114</key>
<pattern>TestAO_TSNAUser1</pattern>
<scope>0</scope>
</trigger>
<violation-severity>1</violation-severity>
</element>
<element>
<annotation>AO_TSNAUserAnnotateNRSTrue</annotation>
<applicable-trails>
<element>1D168B48-15CC-416E-AB4A-88E2E7104E2D</element>
<element>A54C1607-4E71-46A4-A30E-E373A0A44325</element>
<element>294DA341-E2E1-43CE-9E2E-54634CCC228D</element>
<element>02C89A1F-A5D2-44B0-AE1E-B714EB0E3FAF</element>
<element>4220A707-8D57-4F12-BD47-601A17DE32F3</element>
</applicable-trails>
<device-type-guid>BE2B2D21-1CAA-53C3-05C3-CBB0A5D151B8</device-type-guid>
<domain>
<begin-inclusive>false</begin-inclusive>
<begins />
<case-sensitive>true</case-sensitive>
<delete-empty-blocks>false</delete-empty-blocks>
<distinct-end-lines>false</distinct-end-lines>
<domain-sub-type>0</domain-sub-type>
<ends />
<exclude-trigger>true</exclude-trigger>
<ignore-comments>true</ignore-comments>
<ignore-e-o-l>false</ignore-e-o-l>
<key>1923716778-1725</key>
</domain>
<dynamic-fields>
<element>
<name>Category</name>
<values>
<element>Security</element>
</values>
</element>
</dynamic-fields>
<key>1744721856-1725</key>
<max-release>
<build>*</build>
<major>*</major>
<minor>*</minor>
</max-release>
<min-release>
<build>*</build>
<major>*</major>
<minor>*</minor>
</min-release>
<name>AO_TSNAUserFromAdapter2NRTTrue</name>
<rule-set-key>888138471-33</rule-set-key>
<rule-set-name>AO_TSNAUser123NRSTrue1</rule-set-name>
<subject>
<case-sensitive>false</case-sensitive>
<collection />
<component-class-name>com.bmc.bcan.engine.network.compliancy.Subject</component-class-name>
<conjunction-flag>true</conjunction-flag>
<contiguous>false</contiguous>
<corrections />
<element>AO_TSNAUser</element>
<force-all-corrections>false</force-all-corrections>
<frequency>2</frequency>
<ignore-whitespace>true</ignore-whitespace>
<key>1202709354-1725</key>
<ordered>false</ordered>
<ordered-version-operator>0</ordered-version-operator>
<parsed-line-comparison-criteria />
<subject-sub-type>4</subject-sub-type>
</subject>
<substitution-validation>true</substitution-validation>
<trigger>
<case-sensitive>false</case-sensitive>
<key>546289367-113</key>
<pattern>TestAO_TSNAUser1</pattern>
<scope>0</scope>
</trigger>
<violation-severity>5</violation-severity>
</element>
<element>
<annotation>AO_TSNAUserAnnotateNRSTrue</annotation>
<applicable-trails>
<element>1D168B48-15CC-416E-AB4A-88E2E7104E2D</element>
<element>A54C1607-4E71-46A4-A30E-E373A0A44325</element>
<element>294DA341-E2E1-43CE-9E2E-54634CCC228D</element>
<element>02C89A1F-A5D2-44B0-AE1E-B714EB0E3FAF</element>
<element>4220A707-8D57-4F12-BD47-601A17DE32F3</element>
</applicable-trails>
<device-type-guid>BE2B2D21-1CAA-53C3-05C3-CBB0A5D151B8</device-type-guid>
<domain>
<begin-inclusive>false</begin-inclusive>
<begins />
<case-sensitive>true</case-sensitive>
<delete-empty-blocks>false</delete-empty-blocks>
<distinct-end-lines>false</distinct-end-lines>
<domain-sub-type>0</domain-sub-type>
<ends />
<exclude-trigger>true</exclude-trigger>
<ignore-comments>false</ignore-comments>
<ignore-e-o-l>false</ignore-e-o-l>
<key>1923716778-1728</key>
</domain>
<dynamic-fields>
<element>
<name>Category</name>
<values>
<element>Security</element>
</values>
</element>
</dynamic-fields>
<key>1744721856-1727</key>
<max-release>
<build>*</build>
<major>*</major>
<minor>*</minor>
</max-release>
<min-release>
<build>*</build>
<major>*</major>
<minor>*</minor>
</min-release>
<name>AO_TSNAUserFromAdapter2NRTTrueNoDomain</name>
<rule-set-key>888138471-34</rule-set-key>
<rule-set-name>AO_TSNAUser123NRSTrue1NoDomain</rule-set-name>
<subject>
<case-sensitive>false</case-sensitive>
<collection />
<component-class-name>com.bmc.bcan.engine.network.compliancy.Subject</component-class-name>
<conjunction-flag>true</conjunction-flag>
<contiguous>false</contiguous>
<corrections />
<element>AO_TSNAUser</element>
<force-all-corrections>false</force-all-corrections>
<frequency>2</frequency>
<ignore-whitespace>true</ignore-whitespace>
<key>1202709354-1727</key>
<ordered>false</ordered>
<ordered-version-operator>0</ordered-version-operator>
<parsed-line-comparison-criteria />
<subject-sub-type>4</subject-sub-type>
</subject>
<substitution-validation>true</substitution-validation>
<trigger>
<case-sensitive>false</case-sensitive>
<key>546289367-115</key>
<pattern>TestAO_TSNAUser1</pattern>
<scope>0</scope>
</trigger>
<violation-severity>5</violation-severity>
</element>
</output>
</parameters>
</bmc-configuration-automation-networks-response>
<bmc-configuration-automation-networks-request>
<entity>rule</entity>
<request>
<operation-name>get-rules</operation-name>
<parameters>
<rule-filter>
<dynamic-fields>
<element>
<name>Category</name>
<value>Password</value>
</element>
</dynamic-fields>
<severity>
<element>3</element>
</severity>
</rule-filter>
</parameters>
</request>
</bmc-configuration-automation-networks-request>
Get Abbreviated Correctable Rules
Returns brief information about the correctable rules that match the provided filter.
The following table describes the input elements for the <items>
XML for the operation.
Elements for the <items>
XML element
Element | Description | Required |
---|---|---|
<rule-filter> | Contains the filters to find the rules that match the specified filters. | Yes |
<annotation> | Specifies a comment or remark about the rule. | No |
<dynamic-field-range> | Specifies the dynamic field range added with the rule component in TrueSight Network Automation.
Example
| No |
| Specifies any dynamic fields assigned by the user, in a name-value format. | No |
<activation-date> | Specifies the activation date for the rule.
Example
| No |
<applicable-security-context-type> | Specifies the applicable security context type for the rule. | No |
<contents-match> | Specifies the contents match property | No |
<correctables> | Specifies the set to hold the correctable options. The correctable option to be selected on the rule filter which you provide for 1 – Include Non-Correctable Rules 2 – Include Rules Correctable Via Deploy to Active 3 – Include Rules Correctable Via Deploy to Stored 4 – Include Rules Correctable Via Remediate Using this element only if want to use the option to get rules. | No |
<cve-i-ds> | Specifies the common vulnerabilities and exceptions ID in the rule. | No |
<deactivation-date> | Specifies the deactivation date for the rule. | No |
<device-type-guid> | Specifies the device type GUID in the rule. | No |
| Specifies whether to exclude rules with all device types. | No |
| Specifies the filter for filtering the list which is matching with full name field. You can specify regex pattern as well to match the filter criteria. | No |
| Specifies the maximum release range of the operating system based on the version. | No |
<min-release> | Specifies the minimum release range of the operating system based on the version. | No |
<severity> | Specifies the severity level, as an integer. | No |
<vendor-guid> | Specifies the device vendor GUID. | No |
<include-only-rules-with-cve-ids> | Specifies the filter the rule based on whether to include results with or without having CVE IDs. | Yes |
The following figure shows a sample <items>
XML element for the operation.
<items>
XML element for the operation
<items>
<item>
<parameters>
<rule-filter>
<dynamic-field-range>
<element>
<dynamic-field-key-string>a</dynamic-field-key-string>
<range>
<key>a</key>
</range>
</element>
</dynamic-field-range>
<dynamic-fields>
<element>
<name>a</name>
<value>a</value>
</element>
<element>
<name>b</name>
<value>b</value>
</element>
</dynamic-fields>
<activation-date>
<key>a</key>
<end-date>1558976186061</end-date>
<start-date>1558976186061</start-date>
<time-period-type-id>1</time-period-type-id>
</activation-date>
<applicable-security-context-type>1</applicable-security-context-type>
<contents-match>a</contents-match>
<correctables>
<element>foo</element>
<element>bar</element>
</correctables>
<cve-i-ds>
<element>foo</element>
<element>bar</element>
</cve-i-ds>
<deactivation-date>
<key>a</key>
<end-date>1558976186061</end-date>
<start-date>1558976186061</start-date>
<time-period-type-id>1</time-period-type-id>
</deactivation-date>
<device-type-guid>a</device-type-guid>
<exclude-rules-with-all-device-types>true</exclude-rules-with-all-device-types>
<full-name-match>a</full-name-match>
<max-release>
<build>a</build>
<major>a</major>
<minor>a</minor>
</max-release>
<min-release>
<build>a</build>
<major>a</major>
<minor>a</minor>
</min-release>
<name-match>a</name-match>
<rule-set-match>a</rule-set-match>
<severity>
<element>foo</element>
<element>bar</element>
</severity>
<vendor-guid>a</vendor-guid>
</rule-filter>
<include-only-rules-with-cve-ids>true</include-only-rules-with-cve-ids>
</parameters>
</item>
</items>
The following table describes the input elements for the adapter request .
Input elements for the adapter request
Input | Description | Type | Required |
---|---|---|---|
adapter name | Specifies the name of the adapter to use to run the request. Default value: BCANActor | String | No |
items | Specifies the | XML | Yes |
connection parameters | Contains the additional connection parameters required for the adapter to connect to TrueSight Network Automation.
Example
Contains the following child elements:
| XML | No |
The following figure shows a sample adapter request for the operation.
Sample adapter request for the operation
<bmc-configuration-automation-networks-request>
<entity>rule</entity>
<request>
<operation-name>get-abbreviated-correctable-rules</operation-name>
<parameters>
<rule-filter>
<rule-set-match>CIS Level 1</rule-set-match>
</rule-filter>
<include-only-rules-with-cve-ids>false</include-only-rules-with-cve-ids>
</parameters>
</request>
</bmc-configuration-automation-networks-request>
The following figure shows the adapter response for the request.
Adapter response for the request
<bmc-configuration-automation-networks-response>
<metadata>
<status>success</status>
</metadata>
<parameters>
<output>
<element>
<annotation>CIS Level 1:Management Plane Level 1:Local AAA Rules:IOS - Use local authentication</annotation>
<cve-i-ds />
<device-type-guid>BE2B2D21-1CAA-53C3-05C3-CBB0A5D151B8</device-type-guid>
<device-type-name>Cisco IOS Switch/Router</device-type-name>
<key>1744721856-139</key>
<max-release>*.*.*</max-release>
<min-release>*.*.*</min-release>
<name>IOS - Use local authentication</name>
<os-image-name-patterns />
<rule-set-name>CIS Level 1</rule-set-name>
</element>
<element>
<annotation>CIS Level 1:Management Plane Level 1:Access Rules:Access Allow Telnet:IOS - VTY exec-timeout</annotation>
<cve-i-ds />
<device-type-guid>BE2B2D21-1CAA-53C3-05C3-CBB0A5D151B8</device-type-guid>
<device-type-name>Cisco IOS Switch/Router</device-type-name>
<key>1744721856-141</key>
<max-release>*.*.*</max-release>
<min-release>*.*.*</min-release>
<name>IOS - VTY exec-timeout</name>
<os-image-name-patterns />
<rule-set-name>CIS Level 1</rule-set-name>
</element>
<element>
<annotation>CIS Level 1:Management Plane Level 1:Access Rules:IOS - line password quality</annotation>
<cve-i-ds />
<device-type-guid>BE2B2D21-1CAA-53C3-05C3-CBB0A5D151B8</device-type-guid>
<device-type-name>Cisco IOS Switch/Router</device-type-name>
<key>1744721856-142</key>
<max-release>*.*.*</max-release>
<min-release>*.*.*</min-release>
<name>IOS - vty line password quality</name>
<os-image-name-patterns />
<rule-set-name>CIS Level 1</rule-set-name>
</element>
<element>
<annotation>CIS Level 1:Management Plane Level 1:Access Rules:Access Allow Telnet:IOS - VTY transport telnet</annotation>
<cve-i-ds />
<device-type-guid>BE2B2D21-1CAA-53C3-05C3-CBB0A5D151B8</device-type-guid>
<device-type-name>Cisco IOS Switch/Router</device-type-name>
<key>1744721856-143</key>
<max-release>*.*.*</max-release>
<min-release>*.*.*</min-release>
<name>IOS - VTY transport telnet</name>
<os-image-name-patterns />
<rule-set-name>CIS Level 1</rule-set-name>
</element>
<element>
<annotation>CIS Level 1:Data Plane Level 1:Routing Rules:IOS 12 - no directed broadcast</annotation>
<cve-i-ds />
<device-type-guid>BE2B2D21-1CAA-53C3-05C3-CBB0A5D151B8</device-type-guid>
<device-type-name>Cisco IOS Switch/Router</device-type-name>
<key>1744721856-144</key>
<max-release>*.*.*</max-release>
<min-release>*.*.*</min-release>
<name>IOS 12 - no directed broadcast</name>
<os-image-name-patterns />
<rule-set-name>CIS Level 1</rule-set-name>
</element>
<element>
<annotation>CIS Level 1:Control Plane Level 1:Control Service Rules:IOS 12 - no tcp-small-servers</annotation>
<cve-i-ds />
<device-type-guid>BE2B2D21-1CAA-53C3-05C3-CBB0A5D151B8</device-type-guid>
<device-type-name>Cisco IOS Switch/Router</device-type-name>
<key>1744721856-145</key>
<max-release>*.*.*</max-release>
<min-release>*.*.*</min-release>
<name>IOS 12 - no tcp-small-servers</name>
<os-image-name-patterns />
<rule-set-name>CIS Level 1</rule-set-name>
</element>
<element>
<annotation>CIS Level 1:Control Plane Level 1:Control Service Rules:IOS 12 - no udp-small-servers</annotation>
<cve-i-ds />
<device-type-guid>BE2B2D21-1CAA-53C3-05C3-CBB0A5D151B8</device-type-guid>
<device-type-name>Cisco IOS Switch/Router</device-type-name>
<key>1744721856-146</key>
<max-release>*.*.*</max-release>
<min-release>*.*.*</min-release>
<name>IOS 12 - no udp-small-servers</name>
<os-image-name-patterns />
<rule-set-name>CIS Level 1</rule-set-name>
</element>
</output>
</parameters>
</bmc-configuration-automation-networks-response>
Comments
Log in or register to comment.