Create a new rule
Relative path: /api/v2/rules
Request body
Display Schema instead of an Example or vice-versa
Type |
Required |
Example |
Schema |
|---|---|---|---|
application/xml |
Yes |
{
"definition": {
"ancestor": {
"distance": 0,
"unique": true
},
"parentprocess": {},
"process": {},
"operations": {
"operation": {
"type": "string"
}
}
},
"description": {
"name": "string",
"category": "string",
"explanation": "string",
"os": "Windows",
"mitreattackid": "string",
"maliciousCauses": "string",
"benignCauses": "string",
"recommendedActions": "string",
"actions": {
"action": {
"name": "TriggerDetection"
}
}
},
"targetIds": [
0
],
"targetUuids": [
"string"
]
} |
{
"$ref": "RuleCreateTargetsRequestSchema",
"definition": {
"ancestor": {
"distance": {
"type": "integer",
"minimum": 1,
"xml": {
"attribute": true
}
},
"unique": {
"type": "boolean",
"xml": {
"attribute": true
}
}
},
"parentprocess": {
"type": "object"
},
"process": {
"type": "object"
},
"operations": {
"operation": {
"type": {
"type": "string",
"xml": {
"attribute": true
}
}
}
}
},
"description": {
"name": {
"type": "string"
},
"category": {
"type": "string"
},
"explanation": {
"type": "string"
},
"os": {
"type": "string",
"enum": [
"Windows",
"OSX",
"ANY"
]
},
"mitreattackid": {
"type": "string"
},
"maliciousCauses": {
"type": "string"
},
"benignCauses": {
"type": "string"
},
"recommendedActions": {
"type": "string"
},
"actions": {
"action": {
"name": {
"type": "string",
"xml": {
"attribute": true
},
"enum": [
"TriggerDetection",
"MarkAsScript",
"MarkAsCompromised",
"HideCommandLine",
"BlockProcessExecutable",
"CleanAndBlockProcessExecutable",
"BlockParentProcessExecutable",
"CleanAndBlockParentProcessExecutable",
"IsolateFromNetwork",
"DropEvent"
]
}
}
}
},
"targetIds": [
{
"type": "integer"
}
],
"targetUuids": [
{
"type": "string"
}
]
} |
Responses
Display Schema+Headers instead of an Example or vice-versa
Code |
Description and Example |
Description, Schema and Headers |
|---|---|---|
200 |
OK
{
"body": "string",
"enabled": true,
"id": 0,
"name": "string",
"severity": 0,
"severityScore": 0,
"uuid": "string"
}
|
OK
{
"$ref": "RuleCreateResponseSchema",
"body": {
"type": "string",
"format": "xml"
},
"enabled": {
"type": "boolean"
},
"id": {
"type": "integer"
},
"name": {
"type": "string"
},
"severity": {
"type": "integer",
"enum": [
1,
2,
3
]
},
"severityScore": {
"type": "integer",
"maximum": 100
},
"uuid": {
"type": "string",
"format": "uuid"
}
}
{
"X-Security-Token": {
"$ref": "X-Security-Token",
"description": "Authentication token",
"schema": {
"$ref": "AuthenticateTokenResponse",
"type": "string",
"example": "eyJhbGciOi[..]ziJSUGusY5kAI"
}
}
}
|
401 |
Credentials or access token missing or invalid
{
"error": "string"
}
|
Credentials or access token missing or invalid
{
"$ref": "UnauthorizedError",
"error": {
"type": "string"
}
}
|