ESET Online Help

Search
Select the category
Select the topic

POST Create EDR rule exclusion

Relative path: /v2/edr-rule-exclusions

Create [EDR rule exclusion].

Request body

Display Schema instead of an Example or vice-versa

Type

Required

Example

Schema

application/json

No

{
  "exclusion": {
    "displayName": "string",
    "enabled": true,
    "note": "string",
    "ruleUuids": [
      "string"
    ],
    "scopes": [
      {
        "deviceUuid": "string",
        "deviceGroupUuid": "string"
      }
    ],
    "xmlDefinition": "string",
    "uuid": "string",
    "authorUuid": "string",
    "editorUuid": "string"
  }
}
{
  "$ref": "v2CreateEdrRuleExclusionRequest",
  "exclusion": {
    "$ref": "v2EdrRuleExclusion",
    "description": "[EDR rule exclusion] patches one or more [EDR rule]s so that they do not perform their action when spotting a suspicious activity. Exclusions are defined in the same way as rules, except their actions are ignored.",
    "displayName": {
      "type": "string",
      "description": "Human readable name of [EDR rule exclusion]. The value is derived from the description/name value in xml_definition.",
      "readOnly": true
    },
    "enabled": {
      "type": "boolean",
      "description": "If true, the exclusion will be applied."
    },
    "note": {
      "type": "string",
      "description": "User's note. Max 2048 characters long."
    },
    "ruleUuids": [
      {
        "type": "string"
      }
    ],
    "scopes": [
      {
        "$ref": "v2EdrRuleScope",
        "description": "Scope for which the rule (exclusion) is applicable.",
        "deviceUuid": {
          "type": "string",
          "description": "Reference to the device for which the rule is applicable. type: device_management.v1.Device"
        },
        "deviceGroupUuid": {
          "type": "string",
          "description": "Reference to the device_group for which the rule is applicable. type: device_management.v1.DeviceGroup"
        }
      }
    ],
    "xmlDefinition": {
      "type": "string",
      "description": "XML definition of the [EDR rule exclusion]. Specification of the format is the same as for automation rule, but actions are ignored. XML definition must be valid according to this specification for [EDR rule exclusion] to be valid."
    },
    "uuid": {
      "type": "string",
      "description": "Unique identifier of the entity. Must be collision free - two identifiers created anywhere in the world must not collide within entity parent scope. Unless a member of aggregate, the entity scope is always global. Although most of the times compliant with RFC 4122: A Universally Unique IDentifier (UUID) URN Namespace, do not rely on it being a RFC UUID. Treat it as an opaque identifier. RFC UUID can be recognized by being formatted according to template xxxxxxxx-xxxx-Mxxx-Nxxx-xxxxxxxxxxxx, as explained on wikipedia. UUID is used for referencing an entity, even across domains. Example: '123e4567-e89b-12d3-a456-426614174000'"
    },
    "authorUuid": {
      "type": "string",
      "description": "Principal responsible for the first revision of the entity. It might be identification of user.",
      "readOnly": true
    },
    "editorUuid": {
      "type": "string",
      "description": "Principal responsible for the revision of the entity. It might be identification of user. Every revision might heave different editor. For non-revisioned entities editor denotes author of the last revision. For just-created entities author and editor are the same.",
      "readOnly": true
    }
  }
}


Responses

Display Schema instead of an Example or vice-versa

Code

Description

Example

Schema

200

Successful response.

{
  "exclusion": {
    "displayName": "string",
    "enabled": true,
    "note": "string",
    "ruleUuids": [
      "string"
    ],
    "scopes": [
      {
        "deviceUuid": "string",
        "deviceGroupUuid": "string"
      }
    ],
    "xmlDefinition": "string",
    "uuid": "string",
    "authorUuid": "string",
    "editorUuid": "string"
  }
}
{
  "$ref": "v2CreateEdrRuleExclusionResponse",
  "exclusion": {
    "$ref": "v2EdrRuleExclusion",
    "description": "[EDR rule exclusion] patches one or more [EDR rule]s so that they do not perform their action when spotting a suspicious activity. Exclusions are defined in the same way as rules, except their actions are ignored.",
    "displayName": {
      "type": "string",
      "description": "Human readable name of [EDR rule exclusion]. The value is derived from the description/name value in xml_definition.",
      "readOnly": true
    },
    "enabled": {
      "type": "boolean",
      "description": "If true, the exclusion will be applied."
    },
    "note": {
      "type": "string",
      "description": "User's note. Max 2048 characters long."
    },
    "ruleUuids": [
      {
        "type": "string"
      }
    ],
    "scopes": [
      {
        "$ref": "v2EdrRuleScope",
        "description": "Scope for which the rule (exclusion) is applicable.",
        "deviceUuid": {
          "type": "string",
          "description": "Reference to the device for which the rule is applicable. type: device_management.v1.Device"
        },
        "deviceGroupUuid": {
          "type": "string",
          "description": "Reference to the device_group for which the rule is applicable. type: device_management.v1.DeviceGroup"
        }
      }
    ],
    "xmlDefinition": {
      "type": "string",
      "description": "XML definition of the [EDR rule exclusion]. Specification of the format is the same as for automation rule, but actions are ignored. XML definition must be valid according to this specification for [EDR rule exclusion] to be valid."
    },
    "uuid": {
      "type": "string",
      "description": "Unique identifier of the entity. Must be collision free - two identifiers created anywhere in the world must not collide within entity parent scope. Unless a member of aggregate, the entity scope is always global. Although most of the times compliant with RFC 4122: A Universally Unique IDentifier (UUID) URN Namespace, do not rely on it being a RFC UUID. Treat it as an opaque identifier. RFC UUID can be recognized by being formatted according to template xxxxxxxx-xxxx-Mxxx-Nxxx-xxxxxxxxxxxx, as explained on wikipedia. UUID is used for referencing an entity, even across domains. Example: '123e4567-e89b-12d3-a456-426614174000'"
    },
    "authorUuid": {
      "type": "string",
      "description": "Principal responsible for the first revision of the entity. It might be identification of user.",
      "readOnly": true
    },
    "editorUuid": {
      "type": "string",
      "description": "Principal responsible for the revision of the entity. It might be identification of user. Every revision might heave different editor. For non-revisioned entities editor denotes author of the last revision. For just-created entities author and editor are the same.",
      "readOnly": true
    }
  }
}

202

Response took too long; request cached. Response can be retrieved later using the response-id header.

null
[]

400

One of the errors: 1. Bad or missing authorization. 2. Validation error. Invalid argument provided.

null
[]

401

Token has expired or is invalid.

null
[]

403

Access denied. Check permissions.

null
[]

404

Requested resource not found.

null
[]

429

Rate limit reached. Try again later.

null
[]

500

Internal server failure. Try again later.

null
[]

502

Internal server failure. Try again later.

null
[]

503

Environment under maintenance. Try again later.

null
[]

504

Action took too long; timeout reached

null
[]