Select the tab
ESET Inspect On-Prem – Table of Contents

POST Create a new rule

Relative path: /api/v2/rules

Request body

Display Schema instead of an Example or vice-versa

Type

Required

Example

Schema

application/xml

Yes

{
  "definition": {
    "ancestor": {
      "distance": 0,
      "unique": true
    },
    "parentprocess": {},
    "process": {},
    "operations": {
      "operation": {
        "type": "string"
      }
    }
  },
  "description": {
    "name": "string",
    "category": "string",
    "explanation": "string",
    "os": "Windows",
    "mitreattackid": "string",
    "maliciousCauses": "string",
    "benignCauses": "string",
    "recommendedActions": "string",
    "actions": {
      "action": {
        "name": "TriggerDetection"
      }
    }
  },
  "targetIds": [
    0
  ],
  "targetUuids": [
    "string"
  ]
}
{
  "$ref": "RuleCreateTargetsRequestSchema",
  "definition": {
    "ancestor": {
      "distance": {
        "type": "integer",
        "minimum": 1,
        "xml": {
          "attribute": true
        }
      },
      "unique": {
        "type": "boolean",
        "xml": {
          "attribute": true
        }
      }
    },
    "parentprocess": {
      "type": "object"
    },
    "process": {
      "type": "object"
    },
    "operations": {
      "operation": {
        "type": {
          "type": "string",
          "xml": {
            "attribute": true
          }
        }
      }
    }
  },
  "description": {
    "name": {
      "type": "string"
    },
    "category": {
      "type": "string"
    },
    "explanation": {
      "type": "string"
    },
    "os": {
      "type": "string",
      "enum": [
        "Windows",
        "OSX",
        "ANY"
      ]
    },
    "mitreattackid": {
      "type": "string"
    },
    "maliciousCauses": {
      "type": "string"
    },
    "benignCauses": {
      "type": "string"
    },
    "recommendedActions": {
      "type": "string"
    },
    "actions": {
      "action": {
        "name": {
          "type": "string",
          "xml": {
            "attribute": true
          },
          "enum": [
            "TriggerDetection",
            "MarkAsScript",
            "MarkAsCompromised",
            "HideCommandLine",
            "BlockProcessExecutable",
            "CleanAndBlockProcessExecutable",
            "BlockParentProcessExecutable",
            "CleanAndBlockParentProcessExecutable",
            "IsolateFromNetwork",
            "DropEvent"
          ]
        }
      }
    }
  },
  "targetIds": [
    {
      "type": "integer"
    }
  ],
  "targetUuids": [
    {
      "type": "string"
    }
  ]
}


Responses

Display Schema+Headers instead of an Example or vice-versa

Code

Description and Example

Description, Schema and Headers

200

OK


Response example

{
  "body": "string",
  "enabled": true,
  "id": 0,
  "name": "string",
  "severity": 0,
  "severityScore": 0,
  "uuid": "string"
}

OK


Response schema

{
  "$ref": "RuleCreateResponseSchema",
  "body": {
    "type": "string",
    "format": "xml"
  },
  "enabled": {
    "type": "boolean"
  },
  "id": {
    "type": "integer"
  },
  "name": {
    "type": "string"
  },
  "severity": {
    "type": "integer",
    "enum": [
      1,
      2,
      3
    ]
  },
  "severityScore": {
    "type": "integer",
    "maximum": 100
  },
  "uuid": {
    "type": "string",
    "format": "uuid"
  }
}


Headers

{
  "X-Security-Token": {
    "$ref": "X-Security-Token",
    "description": "Authentication token",
    "schema": {
      "$ref": "AuthenticateTokenResponse",
      "type": "string",
      "example": "eyJhbGciOi[..]ziJSUGusY5kAI"
    }
  }
}

401

Credentials or access token missing or invalid


Response example

{
  "error": "string"
}

Credentials or access token missing or invalid


Response schema

{
  "$ref": "UnauthorizedError",
  "error": {
    "type": "string"
  }
}