...
Initially we have included rules for SNMP Enterprises, MAC Addresses, SNMP OIDs and quite a few custom rules. The actual counts are:
| SNMP Enterprise | 54006 |
| Mac Address | 26432 |
| SNMP OID | 10897 |
| Custom | 422 |
| Total | 99757 |
|---|
All these rules were previously hard coded into the application codebase. As a result, we have deleted many thousands of lines of code! We have still more to introduce, but this is a start 
...
Operators in Inputs can have the following values.
| Name | Result |
|---|---|
| eq | Equals |
| ne | Does Not Equal |
| gt | Greater Than |
| ge | Greater Than or Equals |
| lt | Less Than |
| le | Less Than or Equals |
| st | Starts With |
| li | Like |
| nl | Not Like |
| in | In the (comma seperated) list |
| ni | Not in the (comma seperated) list |
Value Types in Outputs can have the following values.
| Name | Description |
|---|---|
| string | a String |
| integer | an Integer |
| timestamp | A timestamp. If the value is set, that timestamp value will be used. If the value is not set, the current timestamp will be used. |
When the rules run in discovery, any matching rules will appear in the discovery log. See below for an example.
Hit on snmp_enterprise_id 9 eq 9 for SNMP Enterprise Number for ciscoSystems. Hit on manufacturer eq for SNMP Enterprise Number for ciscoSystems. (Rule: 10)
Command: Rule match
Output: {"manufacturer":"Cisco Systems","snmp_enterprise_name":"ciscoSystems"}
and anohter
Hit on snmp_oid 1.3.6.1.4.1.9.1.620 eq 1.3.6.1.4.1.9.1.620 for SNMP OID match. (Rule: 135661)
Command: Rule match
Output: {"model":"Cisco 1841","type":"router"}
...
You can access the /rules collection using the normal Open-AudIT JSON based API. Just like any other collection. Please see the API documentation for further details.
API Routes
Request Method | ID | Action | Resulting Function | URL Example | Notes | Example Response |
|---|---|---|---|---|---|---|
| GET | n | collection | /rules | Returns a list of rules. | ||
| GET | y | read | /rules/{id} | Returns a rules details. | ||
| PATCH | y | update | /rules/{id} | Update an attribute of a rules entry. | ||
| POST | n | create | /rules | Insert a new rules entry. | ||
| DELETE | y | delete | /rules/{id} | Delete a rules entry. |
Web Application Routes
Only available under Open-AudIT Enterprise
Request Method | ID | Action | Resulting Function | URL Example | Notes |
|---|---|---|---|---|---|
| GET | n | create | create_form | /rules/create | Displays a standard web form for submission to POST /files. |