Hey guys. I'm looking to write a script to identify each firewall managed by and mds for the following information:
CMA Name, Firewall Name, Is IPS in Detect Mode true/false, Assigned IPS Profile, Profile Setting for log4J
CMA Name, Firewall Name are easy, done, no issues
I found how to grab the log4j setting:
mgmt_cli -r true show threat-protection name "Apache Log4j Remote Code Execution (CVE-2021-44228)" --domain x.x.x.x show-profiles true
and If IPS is enabled or not:
mgmt_cli -r true show simple-gateway name "fw name" --domain x.x.x.x | grep ips
The parts I need help with are finding;
1. for each GW object is IPS set to "Detect Only" or not
2. What is the assigned IPS profile for a specific GW.
If anyone has any clues they can drops that would be fantastic.