REST API Rules

URL api/v1/rules support the following HTTP verbs:

POST - Creates a new rule

HTTP request:

Request header: Authorization token

Request body: XML of the new rule

Response: 201 HTTP Code and HTTP Location header contains URL to GET request with ID to newly created rule (for example, HTTP://<<SERVER_NAME>>/api/v1/rules/121 where 121 is rule Id of the new rule). Response body returns JSON with newly created rules object. This JSON is identical to the response to GET.

Invalid rules are not saved.

GET - Lists rules

HTTP request:

Request header: Authorization token

Request body: none

Similarly as API for getting detections supports $top, $skip, $count, $orderBy in the URL.

Request body: none

Response: JSON object fields: value and count (only if $count is present in the URL query. The value field contains an array of objects with the following fields:

GET - Gets a single rule

HTTP request:

URL query:

Request header: Authorization token

Request body: none

Response: Apart from fields returned by the rules listing, the response should contain a “rule” field with XML of the rule.

PUT - Edits rule body

HTTP request:

URL query:

Request header: Authorization token

Request body: new XML of the rule

Response: returns updated object from requests. Similar to the POST, it returns a GET response.

DELETE - Deletes a rule

HTTP request:

URL query:

Request header: Authorization token

Request body: none

Response body: none

PATCH - Updates specific rule

HTTP request:

URL query:

JSON request body:

Request header: Authorization token

Response body: none

Enables/disables the specific rule

If successful returns 204 code

All requests require an authorization token in the header.