Orchestration v2 Attributes for SecRule

The following sample JSON shows the required attributes of the SecRule object type. A description of each of the required and optional attributes of this object type is provided in the table that follows the JSON sample.

   {
          "name": "/Compute-acme/joe/admin_ssh_to_sysadmin_rule",
          "application": "/oracle/public/ssh",
          "src_list": "seciplist:/Compute-acme/joe/admin_ips",
          "dst_list": "seclist:/Compute-acme/joe/sysadmin_seclist",
          "action": "PERMIT"
   }
Parameter Required or Optional Description

name

required

The three-part name of the object (/Compute-identity_domain/user/object).

Object names can contain only alphanumeric characters, hyphens, underscores, and periods. Object names are case-sensitive.

When you specify the object name, ensure that an object of the same type and with the same name doesn’t already exist. If such an object already exists, another object of the same type and with the same name won’t be created and the existing object won’t be updated.

src_list

required

The three-part name (/Compute-identity_domain/user/object_name) of the source security list or security IP list.

You must use the prefix seclist: or seciplist: to identify the list type.

dst_list

required

The three-part name (/Compute-identity_domain/user/object_name) of the destination security list or security IP list.

You must use the prefix seclist: or seciplist: to identify the list type.

Note: You can specify a security IP list as the destination in a secrule, provided src_list is a security list that has DENY as its outbound policy.

application

required

The three-part name of the security application: (/Compute-identity_domain/user/object_name) for user-defined security applications and /oracle/public/object_name for predefined security applications.

action

required

Set this parameter to PERMIT.

description

optional

A description of the security rule.

disabled

optional

Indicates whether the security rule is enabled (set to True) or disabled (False). The default setting is False.