ESET Online Help

Search
Select the category
Select the topic

REST API Exclusions

POST – Creates a new exclusion

HTTP request:

POST api/v1/exclusions

JSON request body:

body

(string) - XML of a new exclusion

autoResolve

(bool) - whether to resolve a detection automatically or not

name

(string) - a name of an exclusion

ruleIds

(array) - an array of rule ids (uuids as strings); can be used simultaneously with ruleIds

ruleUuids

(array) - an array of rule ids (integers); can be used simultaneously with ruleUuids

note

(optional, string) - stores up to 2048 characters in the note section

JSON response body:

success

201 HTTP Code and HTTP Location. The header contains the URL for GET request with ID to newly created exclusion. Response body returns JSON with newly created exclusion object

failure

404 HTTP Code with body explaining the reason

Invalid exclusions are not stored in ESET Inspect Database.

GET – List exclusions

HTTP request:

GET api/v1/exclusions

URL query:

Similar as API for getting detections, supports: $top, $skip, $count, $orderBy

Request body: none

JSON response body: value and count (only if $count is present in the URL query. The value field contains an array of objects with the following fields:

id

uuid

name

enabled

note

GET – Gets a single exclusion

HTTP request:

GET api/v1/exclusions/{exclusionId}

URL query:

$idType

if $idType=uuid {id} in URL is interpreted as uuid of a rule

Request body: none

JSON response body: Apart from fields returned by the exclusions listing, the response will contain, among all else, the “exclusion” field with XML:

body (xml)

id

uuid

name

enabled

note

ruleIds (integers)

ruleUuids (uuids as strings)

PUT – Edits exclusion body

HTTP request:

PUT api/v1/exclusions/{exclusionId}

URL query:

$idType

if $idType=uuid {id} in URL is interpreted as uuid of a rule

JSON Request body: same as for POST new exclusion.

JSON response body: returns updated object from requests. Similar to a POST, returns GET response.

DELETE – Deletes an exclusion

HTTP request:

DELETE api/v1/exclusions/{exclusionId}

URL query:

$idType

if $idType=uuid {id} in URL is interpreted as uuid of a rule

Request body: none

Response body: none

GET – Get exclusions associated with a rule

HTTP request:

GET api/v1/exclusions/rule/{ruleId}

URL query:

$idType

if $idType=uuid {id} in URL is interpreted as uuid of a rule

Request body: none

JSON response body: Same as for GET – List exclusions. Returns array of exclusions associated with a rule.


example

Example

https://192.168.197.200/api/v1/executables/066F8964A44161825BE6F4E10B05CD66F3C115FC/block?$idType=sha1 which is eq with https://192.168.197.200/api/v1/executables/1605/block (so id = sha1 or ID of module in database)