REST API Exclusions
POST—Creates a new exclusion
HTTP request:
POST api/v1/exclusions |
JSON request body:
body |
(string)—a new exclusion's XML |
autoResolve |
(bool)—whether to resolve a detection automatically or not |
name |
(string)—an exclusion's name. |
ruleIds |
(array)—an array of rule ids (uuids as strings); can be used simultaneously with ruleIds |
ruleUuids |
(array)—an array of rule ids (integers); can be used simultaneously with ruleUuids |
note |
(optional, string)—stores up to 2048 characters |
JSON response body:
success |
201 HTTP Code and HTTP Location. The header contains the URL for the GET request with an ID for the newly created exclusion. Response body returns JSON with a newly created exclusion object |
failure |
404 HTTP Code with body explanation |
Invalid exclusions are not stored in the ESET Inspect Database.
GET—List exclusions
HTTP request:
GET api/v1/exclusions |
URL query:
Similar to API for getting detections, supports: $top, $skip, $count, $orderBy
Request body: None
JSON response body: Value and count (if $count is present in the URL query). The value field contains an array of objects containing:
id uuid name enabled note |
GET—Gets a single exclusion
HTTP request:
GET api/v1/exclusions/{exclusionId} |
URL query:
$idType |
if $idType=uuid {id} in URL is interpreted as a rule's uuid |
Request body: None
JSON response body: With fields returned by the exclusions listing, the response contains the “exclusion” field with XML:
body (xml) id uuid name enabled note ruleIds (integers) ruleUuids (uuids as strings) |
PUT—Edits exclusion body
HTTP request:
PUT api/v1/exclusions/{exclusionId} |
URL query:
$idType |
if $idType=uuid {id} in URL is interpreted as a rule's uuid |
JSON request body: Same as for POST new exclusion.
JSON response body: Returns an updated object from requests. Similar to a POST, returns a GET response.
DELETE—Deletes an exclusion
HTTP request:
DELETE api/v1/exclusions/{exclusionId} |
URL query:
$idType |
if $idType=uuid {id} in URL is interpreted as a rule's uuid. |
Request body: none
Response body: none
GET—Get exclusions associated with a rule
HTTP request:
GET api/v1/exclusions/rule/{ruleId} |
URL query:
$idType |
if $idType=uuid {id} in URL is interpreted as a rule's uuid |
Request body: None
JSON response body: Same as for GET—List exclusions. Returns an array of exclusions associated with a rule.
Example:
https://192.168.197.200/api/v1/executables/066F8964A44161825BE6F4E10B05CD66F3C115FC/block?$idType=sha1 which is eq with https://192.168.197.200/api/v1/executables/1605/block (so id = sha1 or ID of module in database) |