ESET Online Help

Search
Select the category
Select the topic

REST API Rules

URL api/v1/rules support the following HTTP verbs:

POST—Creates a new rule

HTTP request:

POST api/v1/rules

Request header: Authorization token

Request body: The new rule's XML

Response: 201 HTTP Code and HTTP Location header contains the URL to GET request with ID to newly created rule (for example, HTTP://<<SERVER_NAME>>/api/v1/rules/121 where 121 is the new rule's ID). Response body returns JSON with a newly created rules object. This JSON is identical to the response to GET.

Invalid rules are not saved.

GET—Lists rules

HTTP request:

GET api/v1/rules

Request header: Authorization token

Request body: None

Similar to API for getting detections GET supports $top, $skip, $count and $orderBy in the URL.

Request body: None

Response: JSON object fields: Value and count (only if $count is present in the query). The value field contains:

id

name

enabled

severity

severityScore

GET—Gets a single rule

HTTP request:

GET api/v1/rules/{id}

URL query:

$idType

if $idType=uuid {id} in URL is interpreted as a rule’s uuid

Request header: Authorization token

Request body: None

Response: In addition to the expected fields, the response should contain a “rule” field with the rule’s XML.

PUT—Edits rule body

HTTP request:

PUT api/v1/rules/{id}

URL query:

$idType

if $idType=uuid {id} in URL is interpreted as a rule’s uuid

Request header: Authorization token

Request body: The rule's new XML.

Response: Returns an updated object from requests. Similar to POST, returns a GET response.

DELETE—Deletes a rule

HTTP request:

DELETE api/v1/rules/{id}

URL query:

$idType

if $idType=uuid {id} in URL is interpreted as a rule’s uuid

Request header: Authorization token

Request body: None

Response body: None

PATCH—Updates specific rule

HTTP request:

PATCH api/v1/rules/{ruleId}

URL query:

$idType

if $idType=uuid {id} in URL is interpreted as rule's uuid.

JSON request body:

enabled

(bool) value true (1) to enable, false (0) to disable

Request header: Authorization token

Response body: None

Enables/disables a specific rule

If successful, returns a 204 code

All requests require an authorization token in the header.