Network Policy Alert

Attention: Deprecated – This API may not be available for future releases.

The Network Policy Alert allows for auditing your firewall policies. The Network Policy Alert Rules should mirror your firewall policy rules. Any firewall messages matching the Deny Policy Action Rules will trigger the alert. Any firewall messages outside of the Accept Policy Action Rules also trigger the alert.

Request Parameters

alertFilter, policyAction

Example

Example of Network Policy Alert: 
<soapenv:Envelope xmlns:soapenv="http://schemas.xmlsoap.org/soap/envelope/" xmlns:aler="AlertService">
   <soapenv:Header/>
   <soapenv:Body>
      <aler:createAlert>
         <!--Optional:-->
         <aler:authToken>admin/admin123</aler:authToken>
         <!--Optional:-->
         <aler:alertTypeName>Network Policy Alert</aler:alertTypeName>
         <!--Optional:-->
         <aler:name>Alert6</aler:name>
         <!--Optional:-->
         <aler:desc>Network Policy Alert - user alert</aler:desc>
         <!--Optional:-->
         <aler:priorityName>low</aler:priorityName>
         <!--Optional:-->
         <aler:enabled>no</aler:enabled>
         <!--Optional:-->
         <aler:deviceNames>All Cisco ASA</aler:deviceNames>
         <!--Optional:-->
         <aler:usernames>admin</aler:usernames>
         <!--Optional:-->
         <aler:trapIds></aler:trapIds>
         <!--Optional:-->
         <aler:resetTime>900</aler:resetTime>
         <!--Optional:-->
         <aler:trackIndividualDevice>yes</aler:trackIndividualDevice>
         <!--Optional:-->
         <aler:alertRules>PolicyAction/deny//AlertFilter/False Acceptance</aler:alertRules>
         <!--Optional:-->
         <aler:snmpOId></aler:snmpOId>
      </aler:createAlert>
   </soapenv:Body>
</soapenv:Envelope>

The following table lists the Network Policy Alert-specific parameters. You must include the parameters as inputs for the alertRules parameter.

Network Policy Alert-specific parameters
Parameter Description Values Required Type
AlertFilter Alert filter used for the alert. Possible values:

None, False Acceptance, False Rejection

None — Report on both False Rejection and False Acceptance traffic.

False Acceptance — Report only the traffic that passed the firewall, but should have been rejected according to this policy.

False Rejection — Report only the traffic that the firewall denied, but should have been accepted according to this policy.

yes string
PolicyAction Type of policy rules.

At least one firewall rule for the selected Policy Action is required for the alert to trigger. Use the IP and Port parameters in this table to specify the details for the accept or deny policy action.

Possible values:

Accept, Deny

Accept - policy rules that define network traffic that the firewall should accept.

Deny — policy rules that define network traffic that the firewall should reject.

yes string