ESET Online Help

Search
Select the category
Select the topic

GET List EDR rule exclusions by criteria

Relative path: /v2/edr-rule-exclusions

List [EDR rule exclusion]s matching criteria.

Query parameters

Name

Type

Description

includeTotalSize

boolean

If true, the total_size attribute is filled in the response.

EI migration: This field replaces mechanism of $count presence-checking in query string described at https://help.eset.com/ei_navigate/1.10/en-US/rest_api_exclusions.html?rest_api_rules.html

pageSize

integer

Limit for pagination purposes.

If unspecified or 0, default value is 50. The maximum value is 1000; values above 1000 will be coerced to 1000.

Info: For more information, refer to Paginating Requests in APIs

or https://cloud.google.com/apis/design/design_patterns#list_pagination

pageToken

string

Page token of current page.

If not given or "", the first page is returned.

Info: For more information, refer to Paginating Requests in APIs

or https://cloud.google.com/apis/design/design_patterns#list_pagination

Responses

Display Schema instead of an Example or vice-versa

Code

Description

Example

Schema

200

Successful response.

 
{
  "exclusions": [
    {
      "displayName": "string",
      "enabled": true,
      "note": "string",
      "ruleUuids": [
        "string"
      ],
      "scopes": [
        {
          "deviceUuid": "string",
          "deviceGroupUuid": "string"
        }
      ],
      "xmlDefinition": "string",
      "uuid": "string",
      "authorUuid": "string",
      "editorUuid": "string"
    }
  ],
  "nextPageToken": "string",
  "totalSize": 0
}
 
{
  "$ref": "v2ListEdrRuleExclusionsResponse",
  "exclusions": [
    {
      "$ref": "v2EdrRuleExclusion",
      "description": "[EDR rule exclusion] patches one or more [EDR rule]s so that they do not perform their action when spotting a suspicious activity. Exclusions are defined in the same way as rules, except their actions are ignored.",
      "displayName": {
        "type": "string",
        "description": "Human readable name of [EDR rule exclusion]. The value is derived from the description/name value in xml_definition.",
        "readOnly": true
      },
      "enabled": {
        "type": "boolean",
        "description": "If true, the exclusion will be applied."
      },
      "note": {
        "type": "string",
        "description": "User's note. Max 2048 characters long."
      },
      "ruleUuids": [
        {
          "type": "string"
        }
      ],
      "scopes": [
        {
          "$ref": "v2EdrRuleScope",
          "description": "Scope for which the rule (exclusion) is applicable.",
          "deviceUuid": {
            "type": "string",
            "description": "Reference to the device for which the rule is applicable. type: device_management.v1.Device"
          },
          "deviceGroupUuid": {
            "type": "string",
            "description": "Reference to the device_group for which the rule is applicable. type: device_management.v1.DeviceGroup"
          }
        }
      ],
      "xmlDefinition": {
        "type": "string",
        "description": "XML definition of the [EDR rule exclusion]. Specification of the format is the same as for automation rule, but actions are ignored. XML definition must be valid according to this specification for [EDR rule exclusion] to be valid."
      },
      "uuid": {
        "type": "string",
        "description": "Unique identifier of the entity. Must be collision free - two identifiers created anywhere in the world must not collide within entity parent scope. Unless a member of aggregate, the entity scope is always global. Although most of the times compliant with RFC 4122: A Universally Unique IDentifier (UUID) URN Namespace, do not rely on it being a RFC UUID. Treat it as an opaque identifier. RFC UUID can be recognized by being formatted according to template xxxxxxxx-xxxx-Mxxx-Nxxx-xxxxxxxxxxxx, as explained on wikipedia. UUID is used for referencing an entity, even across domains. Example: '123e4567-e89b-12d3-a456-426614174000'"
      },
      "authorUuid": {
        "type": "string",
        "description": "Principal responsible for the first revision of the entity. It might be identification of user.",
        "readOnly": true
      },
      "editorUuid": {
        "type": "string",
        "description": "Principal responsible for the revision of the entity. It might be identification of user. Every revision might heave different editor. For non-revisioned entities editor denotes author of the last revision. For just-created entities author and editor are the same.",
        "readOnly": true
      }
    }
  ],
  "nextPageToken": {
    "type": "string",
    "description": "Page token of next page. Empty or '' for the last page. Info: For more information, refer to Paginating Requests in APIs or https://cloud.google.com/apis/design/design_patterns#list_pagination"
  },
  "totalSize": {
    "type": "integer",
    "description": "The total count of items in the list irrespective of pagination. Info: One of the standard fields Page_size might differ for every call (it is an input parameter) so the calculation of how many pages there is in total is caller's responsibility.",
    "format": "int64"
  }
}

202

Response took too long; request cached. Response can be retrieved later using the response-id header.

 
null
 
[]

400

One of the errors: 1. Bad or missing authorization. 2. Validation error. Invalid argument provided.

 
null
 
[]

401

Token has expired or is invalid.

 
null
 
[]

403

Access denied. Check permissions.

 
null
 
[]

404

Requested resource not found.

 
null
 
[]

429

Rate limit reached. Try again later.

 
null
 
[]

500

Internal server failure. Try again later.

 
null
 
[]

502

Internal server failure. Try again later.

 
null
 
[]

503

Environment under maintenance. Try again later.

 
null
 
[]

504

Action took too long; timeout reached

 
null
 
[]