ESET Online Help

Search
Select the category
Select the topic

REST API Exclusions

POST – Creates a new exclusion

HTTP request:

POST api/v1/exclusions

JSON request body:

body

(string) - a new exclusion's XML

autoResolve

(bool) - whether to resolve a detection automatically or not

name

(string) - an exclusion's name.

ruleIds

(array) - an array of rule ids (uuids as strings); can be used simultaneously with ruleIds

ruleUuids

(array) - an array of rule ids (integers); can be used simultaneously with ruleUuids

note

(optional, string) - up to 2048 characters stored in the note section

JSON response body:

success

201 HTTP Code and HTTP Location. The header contains the URL for GET request with ID for the newly created exclusion. Response body returns JSON with the newly created exclusion object

failure

404 HTTP Code with body explanation

Invalid exclusions are not stored in the ESET Inspect Database.

GET – List exclusions

HTTP request:

GET api/v1/exclusions

URL query:

Similar to API for getting detections, supports: $top, $skip, $count, $orderBy

Request body: none

JSON response body: Value and count (only if $count is present in the URL query). The value field contains an array of objects with the following fields:

id

uuid

name

enabled

note

GET – Gets a single exclusion

HTTP request:

GET api/v1/exclusions/{exclusionId}

URL query:

$idType

if $idType=uuid {id} in URL is interpreted as a rule's uuid

Request body: none

JSON response body: Apart from fields returned by the exclusions listing, the response will contain the “exclusion” field with XML:

body (xml)

id

uuid

name

enabled

note

ruleIds (integers)

ruleUuids (uuids as strings)

PUT – Edits exclusion body

HTTP request:

PUT api/v1/exclusions/{exclusionId}

URL query:

$idType

if $idType=uuid {id} in URL is interpreted as uuid of a rule

JSON Request body: same as for POST new exclusion.

JSON response body: returns updated object from requests. Similar to a POST, returns GET response.

DELETE – Deletes an exclusion

HTTP request:

DELETE api/v1/exclusions/{exclusionId}

URL query:

$idType

if $idType=uuid {id} in URL is interpreted as a rule's uuid.

Request body: none

Response body: none

GET – Get exclusions associated with a rule

HTTP request:

GET api/v1/exclusions/rule/{ruleId}

URL query:

$idType

if $idType=uuid {id} in URL is interpreted as a rule's uuid

Request body: none

JSON response body: Same as for GET – List exclusions. Returns an array of exclusions associated with a rule.

Example:

example

https://192.168.197.200/api/v1/executables/066F8964A44161825BE6F4E10B05CD66F3C115FC/block?$idType=sha1 which is eq with https://192.168.197.200/api/v1/executables/1605/block (so id = sha1 or ID of module in database)