ESET Online Help

Search
Select the category
Select the topic

REST API Exclusions

POST—Creates a new exclusion

HTTP request:

POST api/v1/exclusions

JSON request body:

body

(string)—a new exclusion's XML

autoResolve

(bool)—whether to resolve a detection automatically or not

name

(string)—an exclusion's name.

ruleIds

(array)—an array of rule ids (uuids as strings); can be used simultaneously with ruleIds

ruleUuids

(array)—an array of rule ids (integers); can be used simultaneously with ruleUuids

note

(optional, string)—stores up to 2048 characters

JSON response body:

success

201 HTTP Code and HTTP Location. The header contains the URL for the GET request with an ID for the newly created exclusion. Response body returns JSON with a newly created exclusion object

failure

404 HTTP Code with body explanation

Invalid exclusions are not stored in the ESET Inspect Database.

GET—List exclusions

HTTP request:

GET api/v1/exclusions

URL query:

Similar to API for getting detections, supports: $top, $skip, $count, $orderBy

Request body: None

JSON response body: Value and count (if $count is present in the URL query). The value field contains an array of objects containing:

id

uuid

name

enabled

note

GET—Gets a single exclusion

HTTP request:

GET api/v1/exclusions/{exclusionId}

URL query:

$idType

if $idType=uuid {id} in URL is interpreted as a rule's uuid

Request body: None

JSON response body: With fields returned by the exclusions listing, the response contains the “exclusion” field with XML:

body (xml)

id

uuid

name

enabled

note

ruleIds (integers)

ruleUuids (uuids as strings)

PUT—Edits exclusion body

HTTP request:

PUT api/v1/exclusions/{exclusionId}

URL query:

$idType

if $idType=uuid {id} in URL is interpreted as a rule's uuid

JSON request body: Same as for POST new exclusion.

JSON response body: Returns an updated object from requests. Similar to a POST, returns a GET response.

DELETE—Deletes an exclusion

HTTP request:

DELETE api/v1/exclusions/{exclusionId}

URL query:

$idType

if $idType=uuid {id} in URL is interpreted as a rule's uuid.

Request body: none

Response body: none

GET—Get exclusions associated with a rule

HTTP request:

GET api/v1/exclusions/rule/{ruleId}

URL query:

$idType

if $idType=uuid {id} in URL is interpreted as a rule's uuid

Request body: None

JSON response body: Same as for GET—List exclusions. Returns an array of exclusions associated with a rule.

Example:

example

https://192.168.197.200/api/v1/executables/066F8964A44161825BE6F4E10B05CD66F3C115FC/block?$idType=sha1 which is eq with https://192.168.197.200/api/v1/executables/1605/block (so id = sha1 or ID of module in database)