Deep Security Automation API pagination

Question

When I try to retrieve a really large list (e.g. getting a list of all IPS rules), it seems pretty clear that the API is paginating since I always only get 5000 results (and I'm sure we have more than 5000 IPS rules. However there doesn't appear to be any obvious params to set for pagination.

curl -X GET https://<server>/api/intrusionpreventionrules -H "api-version: v1" -H "api-secret-key: <key>" | jq ".intrusionPreventionRules | length"

returns an even 5000

How do I get the rest of these?

Answer 1

Okay, I think the answer is that this is only possible via the /intrusionpreventionrules/search API (though to be fair, I haven't tried adding search criteria to the list API.

Here's some example code in python:

from __future__ import print_function
import sys, warnings
import deepsecurity
from deepsecurity.rest import ApiException

configuration = deepsecurity.Configuration()
deepsecurity.Configuration.verify_ssl = False

#set host and api_key

rules_api = deepsecurity.IntrusionPreventionRulesApi(deepsecurity.ApiClient(configuration))
search_filter = deepsecurity.SearchFilter()
search_filter.max_items = 5000
search_criteria = deepsecurity.SearchCriteria()
search_criteria.id_value = 0
search_criteria.id_test = "greater-than"
search_filter.search_criteria = [ search_criteria ]
rules = []
results = [ 1] 

while len(results) > 0:
    api_response = rules_api.search_intrusion_prevention_rules(search_filter=search_filter,api_version=api_version)
    results = api_response.intrusion_prevention_rules
    for x in results:
        print("{0} {1}".format(x.id, x.name))
    if len(results) > 0:
        search_criteria.id_value = results[-1].id