Update EDR rule exclusion definition
Relative path: /v2/edr-rule-exclusions/{exclusionUuid}:updateDefinition
Update the definition of an [EDR rule exclusion].
Base URL for Europe, Germany, United States, Canada and Japan regions:
|
https://eu.incident-management.eset.systems |
|
https://de.incident-management.eset.systems |
|
https://us.incident-management.eset.systems |
|
https://ca.incident-management.eset.systems |
|
https://jpn.incident-management.eset.systems |
Request body
Display Schema instead of an Example or vice-versa
Type |
Required |
Example |
Schema |
|---|---|---|---|
application/json |
Yes |
{
"xmlDefinition": "string"
} |
{
"$ref": "EdrRuleExclusionsUpdateEdrRuleExclusionDefinitionBody",
"xmlDefinition": {
"type": "string",
"description": "New XML definition of [EDR rule exclusion]. Specification of the format is the same as for EDR rule, but actions are ignored. XML definition must be valid according to this specification for [EDR rule exclusion] to be valid."
}
} |
Parameters in path
Name |
Type |
Required |
Description |
|---|---|---|---|
exclusionUuid |
string |
Yes |
Reference to the [EDR rule exclusion] whose definition is to be updated. type: EdrRuleExclusion |
Responses
Display Schema+Headers instead of an Example or vice-versa
Code |
Description and Example |
Description, Schema and Headers |
|---|---|---|
200 |
Successful response.
{
"exclusion": {
"displayName": "string",
"enabled": true,
"note": "string",
"ruleUuids": [
"string"
],
"scopes": [
{
"deviceUuid": "string",
"deviceGroupUuid": "string"
}
],
"xmlDefinition": "string",
"uuid": "string",
"authorUuid": "string",
"editorUuid": "string"
}
}
|
Successful response.
{
"$ref": "v2UpdateEdrRuleExclusionDefinitionResponse",
"exclusion": {
"$ref": "v2EdrRuleExclusion",
"description": "[EDR rule exclusion] patches one or more [EDR rule]s so that they do not perform their action when spotting a suspicious activity. Exclusions are defined in the same way as rules, except their actions are ignored.",
"displayName": {
"type": "string",
"description": "Human-readable name of the [EDR rule exclusion]. The value is derived from the description/name value in xml_definition.",
"readOnly": true
},
"enabled": {
"type": "boolean",
"description": "If true, the exclusion will be applied."
},
"note": {
"type": "string",
"description": "User's note. Max 2048 characters long."
},
"ruleUuids": [
{
"type": "string"
}
],
"scopes": [
{
"$ref": "v2EdrRuleScope",
"description": "Scope for which the rule (exclusion) is applicable.",
"deviceUuid": {
"type": "string",
"description": "Reference to the device for which the rule is applicable. type: device_management.v1.Device"
},
"deviceGroupUuid": {
"type": "string",
"description": "Reference to the device_group for which the rule is applicable. type: device_management.v1.DeviceGroup"
}
}
],
"xmlDefinition": {
"type": "string",
"description": "XML definition of the [EDR rule exclusion]. Specification of the format is the same as for automation rule, but actions are ignored. XML definition must be valid according to this specification for the [EDR rule exclusion] to be valid."
},
"uuid": {
"type": "string",
"description": "Unique identifier of the entity. Must be collision-free - two identifiers created anywhere in the world must not collide within entity parent scope. Unless a member of aggregate, the entity scope is always global. Although most of the times compliant with RFC 4122: A Universally Unique IDentifier (UUID) URN Namespace, do not rely on it being a RFC UUID. Treat it as an opaque identifier. RFC UUID can be recognized by being formatted according to the template xxxxxxxx-xxxx-Mxxx-Nxxx-xxxxxxxxxxxx, as explained on Wikipedia. UUID is used for referencing an entity, even across domains. Example: '123e4567-e89b-12d3-a456-426614174000'"
},
"authorUuid": {
"type": "string",
"description": "Principal responsible for the first revision of the entity. It might be the identification of the user.",
"readOnly": true
},
"editorUuid": {
"type": "string",
"description": "Principal responsible for the revision of the entity. It might be the identification of the user. Every revision might have a different editor. For non-revisioned entities, the editor denotes the author of the last revision. For just-created entities, author and editor are the same.",
"readOnly": true
}
}
}
{
"request-id": {
"description": "Unique ID of the request. Include in support requests.",
"style": "simple",
"explode": false,
"schema": {
"type": "string",
"format": "uuid"
}
}
}
|
202 |
Response took too long; request cached. Response can be retrieved later using the response-id header. |
Response took too long; request cached. Response can be retrieved later using the response-id header.
[]
{
"response-id": {
"description": "Unique ID of a pending request. Used to retrieve cached result.",
"style": "simple",
"explode": false,
"schema": {
"type": "string",
"format": "uuid"
}
},
"request-id": {
"description": "Unique ID of the request. Include in support requests.",
"style": "simple",
"explode": false,
"schema": {
"type": "string",
"format": "uuid"
}
}
}
|
400 |
One of the errors: 1. Bad or missing authorization. 2. Validation error. Invalid argument provided. |
One of the errors: 1. Bad or missing authorization. 2. Validation error. Invalid argument provided.
[]
{
"request-id": {
"description": "Unique ID of the request. Include in support requests.",
"style": "simple",
"explode": false,
"schema": {
"type": "string",
"format": "uuid"
}
}
}
|
401 |
Token has expired or is invalid. |
Token has expired or is invalid.
[]
{
"request-id": {
"description": "Unique ID of the request. Include in support requests.",
"style": "simple",
"explode": false,
"schema": {
"type": "string",
"format": "uuid"
}
}
}
|
403 |
Access denied. Check permissions. |
Access denied. Check permissions.
[]
{
"request-id": {
"description": "Unique ID of the request. Include in support requests.",
"style": "simple",
"explode": false,
"schema": {
"type": "string",
"format": "uuid"
}
}
}
|
404 |
Requested resource not found. |
Requested resource not found.
[]
{
"request-id": {
"description": "Unique ID of the request. Include in support requests.",
"style": "simple",
"explode": false,
"schema": {
"type": "string",
"format": "uuid"
}
}
}
|
429 |
Rate limit reached. Try again later. |
Rate limit reached. Try again later.
[]
{
"request-id": {
"description": "Unique ID of the request. Include in support requests.",
"style": "simple",
"explode": false,
"schema": {
"type": "string",
"format": "uuid"
}
}
}
|
500 |
Internal server failure. Try again later. |
Internal server failure. Try again later.
[]
{
"request-id": {
"description": "Unique ID of the request. Include in support requests.",
"style": "simple",
"explode": false,
"schema": {
"type": "string",
"format": "uuid"
}
}
}
|
502 |
Internal server failure. Try again later. |
Internal server failure. Try again later.
[]
{
"request-id": {
"description": "Unique ID of the request. Include in support requests.",
"style": "simple",
"explode": false,
"schema": {
"type": "string",
"format": "uuid"
}
}
}
|
503 |
Environment under maintenance. Try again later. |
Environment under maintenance. Try again later.
[]
{
"request-id": {
"description": "Unique ID of the request. Include in support requests.",
"style": "simple",
"explode": false,
"schema": {
"type": "string",
"format": "uuid"
}
}
}
|
504 |
Action took too long; timeout reached |
Action took too long; timeout reached
[]
{
"request-id": {
"description": "Unique ID of the request. Include in support requests.",
"style": "simple",
"explode": false,
"schema": {
"type": "string",
"format": "uuid"
}
}
}
|