ESET Online Help

Search
Select the category
Select the topic

REST API Rules

URL api/v1/rules support the following HTTP verbs:

POST - Creates a new rule

HTTP request:

POST api/v1/rules

Request header: Authorization token

Request body: XML of the new rule

Response: 201 HTTP Code and HTTP Location header contains URL to GET request with ID to newly created rule (for example, HTTP://<<SERVER_NAME>>/api/v1/rules/121 where 121 is rule Id of the new rule). Response body returns JSON with newly created rules object. This JSON is identical to the response to GET.

Invalid rules are not saved.

GET - Lists rules

HTTP request:

GET api/v1/rules

Request header: Authorization token

Request body: none

Similarly as API for getting detections supports $top, $skip, $count, $orderBy in the URL.

Request body: none

Response: JSON object fields: value and count (only if $count is present in the URL query. The value field contains an array of objects with the following fields:

id

name

enabled

severity

severityScore

GET - Gets a single rule

HTTP request:

GET api/v1/rules/{id}

URL query:

$idType

if $idType=uuid {id} in URL is interpreted as uuid of a rule

Request header: Authorization token

Request body: none

Response: Apart from fields returned by the rules listing, the response should contain a “rule” field with XML of the rule.

PUT - Edits rule body

HTTP request:

PUT api/v1/rules/{id}

URL query:

$idType

if $idType=uuid {id} in URL is interpreted as uuid of a rule

Request header: Authorization token

Request body: new XML of the rule

Response: returns updated object from requests. Similar to the POST, it returns a GET response.

DELETE - Deletes a rule

HTTP request:

DELETE api/v1/rules/{id}

URL query:

$idType

if $idType=uuid {id} in URL is interpreted as uuid of a rule

Request header: Authorization token

Request body: none

Response body: none

PATCH - Updates specific rule

HTTP request:

PATCH api/v1/rules/{ruleId}

URL query:

$idType

if $idType=uuid {id} in URL is interpreted as uuid of a rule

JSON request body:

enabled

(bool) value true (1) to enable, false (0) to disable

Request header: Authorization token

Response body: none

Enables/disables the specific rule

If successful returns 204 code

All requests require an authorization token in the header.