List EDR rule exclusions
Relative path: /v2/edr-rule-exclusions
List [EDR rule exclusion]s matching criteria.
Base URL for Europe, Germany, United States, Canada and Japan regions:
|
https://eu.incident-management.eset.systems |
|
https://de.incident-management.eset.systems |
|
https://us.incident-management.eset.systems |
|
https://ca.incident-management.eset.systems |
|
https://jpn.incident-management.eset.systems |
Query parameters
Name |
Type |
Description |
|---|---|---|
includeTotalSize |
boolean |
If true, the |
pageSize |
integer |
Limit for pagination purposes. If unspecified or 0, the default value is 50. The maximum value is 1000; values above 1000 will be coerced to 1000.
|
pageToken |
string |
Page token of the current page. If not given or "", the first page is returned.
|
Responses
Display Schema+Headers instead of an Example or vice-versa
Code |
Description and Example |
Description, Schema and Headers |
|---|---|---|
200 |
Successful response.
{
"exclusions": [
{
"displayName": "string",
"enabled": true,
"note": "string",
"ruleUuids": [
"string"
],
"scopes": [
{
"deviceUuid": "string",
"deviceGroupUuid": "string"
}
],
"xmlDefinition": "string",
"uuid": "string",
"authorUuid": "string",
"editorUuid": "string"
}
],
"nextPageToken": "string",
"totalSize": 0
}
|
Successful response.
{
"$ref": "v2ListEdrRuleExclusionsResponse",
"exclusions": [
{
"$ref": "v2EdrRuleExclusion",
"description": "[EDR rule exclusion] patches one or more [EDR rule]s so that they do not perform their action when spotting a suspicious activity. Exclusions are defined in the same way as rules, except their actions are ignored.",
"displayName": {
"type": "string",
"description": "Human-readable name of the [EDR rule exclusion]. The value is derived from the description/name value in xml_definition.",
"readOnly": true
},
"enabled": {
"type": "boolean",
"description": "If true, the exclusion will be applied."
},
"note": {
"type": "string",
"description": "User's note. Max 2048 characters long."
},
"ruleUuids": [
{
"type": "string"
}
],
"scopes": [
{
"$ref": "v2EdrRuleScope",
"description": "Scope for which the rule (exclusion) is applicable.",
"deviceUuid": {
"type": "string",
"description": "Reference to the device for which the rule is applicable. type: device_management.v1.Device"
},
"deviceGroupUuid": {
"type": "string",
"description": "Reference to the device_group for which the rule is applicable. type: device_management.v1.DeviceGroup"
}
}
],
"xmlDefinition": {
"type": "string",
"description": "XML definition of the [EDR rule exclusion]. Specification of the format is the same as for automation rule, but actions are ignored. XML definition must be valid according to this specification for the [EDR rule exclusion] to be valid."
},
"uuid": {
"type": "string",
"description": "Unique identifier of the entity. Must be collision-free - two identifiers created anywhere in the world must not collide within entity parent scope. Unless a member of aggregate, the entity scope is always global. Although most of the times compliant with RFC 4122: A Universally Unique IDentifier (UUID) URN Namespace, do not rely on it being a RFC UUID. Treat it as an opaque identifier. RFC UUID can be recognized by being formatted according to the template xxxxxxxx-xxxx-Mxxx-Nxxx-xxxxxxxxxxxx, as explained on Wikipedia. UUID is used for referencing an entity, even across domains. Example: '123e4567-e89b-12d3-a456-426614174000'"
},
"authorUuid": {
"type": "string",
"description": "Principal responsible for the first revision of the entity. It might be the identification of the user.",
"readOnly": true
},
"editorUuid": {
"type": "string",
"description": "Principal responsible for the revision of the entity. It might be the identification of the user. Every revision might have a different editor. For non-revisioned entities, the editor denotes the author of the last revision. For just-created entities, author and editor are the same.",
"readOnly": true
}
}
],
"nextPageToken": {
"type": "string",
"description": "Page token of the next page. Empty or '' for the last page. Info: For more information, refer to Paginating Requests in APIs or Design Patterns: Pagination"
},
"totalSize": {
"type": "integer",
"description": "The total count of items in the list irrespective of pagination. Info: One of the standard fields Page_size might differ for every call (it is an input parameter) so the calculation of how many pages there is in total is caller's responsibility.",
"format": "int64"
}
}
{
"request-id": {
"description": "Unique ID of the request. Include in support requests.",
"style": "simple",
"explode": false,
"schema": {
"type": "string",
"format": "uuid"
}
}
}
|
202 |
Response took too long; request cached. Response can be retrieved later using the response-id header. |
Response took too long; request cached. Response can be retrieved later using the response-id header.
[]
{
"response-id": {
"description": "Unique ID of a pending request. Used to retrieve cached result.",
"style": "simple",
"explode": false,
"schema": {
"type": "string",
"format": "uuid"
}
},
"request-id": {
"description": "Unique ID of the request. Include in support requests.",
"style": "simple",
"explode": false,
"schema": {
"type": "string",
"format": "uuid"
}
}
}
|
400 |
One of the errors: 1. Bad or missing authorization. 2. Validation error. Invalid argument provided. |
One of the errors: 1. Bad or missing authorization. 2. Validation error. Invalid argument provided.
[]
{
"request-id": {
"description": "Unique ID of the request. Include in support requests.",
"style": "simple",
"explode": false,
"schema": {
"type": "string",
"format": "uuid"
}
}
}
|
401 |
Token has expired or is invalid. |
Token has expired or is invalid.
[]
{
"request-id": {
"description": "Unique ID of the request. Include in support requests.",
"style": "simple",
"explode": false,
"schema": {
"type": "string",
"format": "uuid"
}
}
}
|
403 |
Access denied. Check permissions. |
Access denied. Check permissions.
[]
{
"request-id": {
"description": "Unique ID of the request. Include in support requests.",
"style": "simple",
"explode": false,
"schema": {
"type": "string",
"format": "uuid"
}
}
}
|
404 |
Requested resource not found. |
Requested resource not found.
[]
{
"request-id": {
"description": "Unique ID of the request. Include in support requests.",
"style": "simple",
"explode": false,
"schema": {
"type": "string",
"format": "uuid"
}
}
}
|
429 |
Rate limit reached. Try again later. |
Rate limit reached. Try again later.
[]
{
"request-id": {
"description": "Unique ID of the request. Include in support requests.",
"style": "simple",
"explode": false,
"schema": {
"type": "string",
"format": "uuid"
}
}
}
|
500 |
Internal server failure. Try again later. |
Internal server failure. Try again later.
[]
{
"request-id": {
"description": "Unique ID of the request. Include in support requests.",
"style": "simple",
"explode": false,
"schema": {
"type": "string",
"format": "uuid"
}
}
}
|
502 |
Internal server failure. Try again later. |
Internal server failure. Try again later.
[]
{
"request-id": {
"description": "Unique ID of the request. Include in support requests.",
"style": "simple",
"explode": false,
"schema": {
"type": "string",
"format": "uuid"
}
}
}
|
503 |
Environment under maintenance. Try again later. |
Environment under maintenance. Try again later.
[]
{
"request-id": {
"description": "Unique ID of the request. Include in support requests.",
"style": "simple",
"explode": false,
"schema": {
"type": "string",
"format": "uuid"
}
}
}
|
504 |
Action took too long; timeout reached |
Action took too long; timeout reached
[]
{
"request-id": {
"description": "Unique ID of the request. Include in support requests.",
"style": "simple",
"explode": false,
"schema": {
"type": "string",
"format": "uuid"
}
}
}
|