Create [EDR rule exclusion].
Relative path: /v2/edr-rule-exclusions
Request body
Display Schema instead of an Example or vice-versa
Type |
Required |
Example |
Schema |
---|---|---|---|
application/json |
No |
{ "exclusion": { "displayName": "string", "enabled": true, "note": "string", "ruleUuids": [ "string" ], "scopes": [ { "deviceUuid": "string", "deviceGroupUuid": "string" } ], "xmlDefinition": "string", "uuid": "string", "authorUuid": "string", "editorUuid": "string" } } |
{ "$ref": "v2CreateEdrRuleExclusionRequest", "exclusion": { "$ref": "v2EdrRuleExclusion", "description": "[EDR rule exclusion] patches one or more [EDR rule]s so that they do not perform their action when spotting a suspicious activity. Exclusions are defined in the same way as rules, except their actions are ignored.", "displayName": { "type": "string", "description": "Human readable name of [EDR rule exclusion]. The value is derived from the description/name value in xml_definition.", "readOnly": true }, "enabled": { "type": "boolean", "description": "If true, the exclusion will be applied." }, "note": { "type": "string", "description": "User's note. Max 2048 characters long." }, "ruleUuids": [ { "type": "string" } ], "scopes": [ { "$ref": "v2EdrRuleScope", "description": "Scope for which the rule (exclusion) is applicable.", "deviceUuid": { "type": "string", "description": "Reference to the device for which the rule is applicable. type: device_management.v1.Device" }, "deviceGroupUuid": { "type": "string", "description": "Reference to the device_group for which the rule is applicable. type: device_management.v1.DeviceGroup" } } ], "xmlDefinition": { "type": "string", "description": "XML definition of the [EDR rule exclusion]. Specification of the format is the same as for automation rule, but actions are ignored. XML definition must be valid according to this specification for [EDR rule exclusion] to be valid." }, "uuid": { "type": "string", "description": "Unique identifier of the entity. Must be collision free - two identifiers created anywhere in the world must not collide within entity parent scope. Unless a member of aggregate, the entity scope is always global. Although most of the times compliant with RFC 4122: A Universally Unique IDentifier (UUID) URN Namespace, do not rely on it being a RFC UUID. Treat it as an opaque identifier. RFC UUID can be recognized by being formatted according to template xxxxxxxx-xxxx-Mxxx-Nxxx-xxxxxxxxxxxx, as explained on wikipedia. UUID is used for referencing an entity, even across domains. Example: '123e4567-e89b-12d3-a456-426614174000'" }, "authorUuid": { "type": "string", "description": "Principal responsible for the first revision of the entity. It might be identification of user.", "readOnly": true }, "editorUuid": { "type": "string", "description": "Principal responsible for the revision of the entity. It might be identification of user. Every revision might heave different editor. For non-revisioned entities editor denotes author of the last revision. For just-created entities author and editor are the same.", "readOnly": true } } } |
Responses
Display Schema instead of an Example or vice-versa
Code |
Description |
Example |
Schema |
---|---|---|---|
200 |
A successful response. |
{ "exclusion": { "displayName": "string", "enabled": true, "note": "string", "ruleUuids": [ "string" ], "scopes": [ { "deviceUuid": "string", "deviceGroupUuid": "string" } ], "xmlDefinition": "string", "uuid": "string", "authorUuid": "string", "editorUuid": "string" } } |
{ "$ref": "v2CreateEdrRuleExclusionResponse", "exclusion": { "$ref": "v2EdrRuleExclusion", "description": "[EDR rule exclusion] patches one or more [EDR rule]s so that they do not perform their action when spotting a suspicious activity. Exclusions are defined in the same way as rules, except their actions are ignored.", "displayName": { "type": "string", "description": "Human readable name of [EDR rule exclusion]. The value is derived from the description/name value in xml_definition.", "readOnly": true }, "enabled": { "type": "boolean", "description": "If true, the exclusion will be applied." }, "note": { "type": "string", "description": "User's note. Max 2048 characters long." }, "ruleUuids": [ { "type": "string" } ], "scopes": [ { "$ref": "v2EdrRuleScope", "description": "Scope for which the rule (exclusion) is applicable.", "deviceUuid": { "type": "string", "description": "Reference to the device for which the rule is applicable. type: device_management.v1.Device" }, "deviceGroupUuid": { "type": "string", "description": "Reference to the device_group for which the rule is applicable. type: device_management.v1.DeviceGroup" } } ], "xmlDefinition": { "type": "string", "description": "XML definition of the [EDR rule exclusion]. Specification of the format is the same as for automation rule, but actions are ignored. XML definition must be valid according to this specification for [EDR rule exclusion] to be valid." }, "uuid": { "type": "string", "description": "Unique identifier of the entity. Must be collision free - two identifiers created anywhere in the world must not collide within entity parent scope. Unless a member of aggregate, the entity scope is always global. Although most of the times compliant with RFC 4122: A Universally Unique IDentifier (UUID) URN Namespace, do not rely on it being a RFC UUID. Treat it as an opaque identifier. RFC UUID can be recognized by being formatted according to template xxxxxxxx-xxxx-Mxxx-Nxxx-xxxxxxxxxxxx, as explained on wikipedia. UUID is used for referencing an entity, even across domains. Example: '123e4567-e89b-12d3-a456-426614174000'" }, "authorUuid": { "type": "string", "description": "Principal responsible for the first revision of the entity. It might be identification of user.", "readOnly": true }, "editorUuid": { "type": "string", "description": "Principal responsible for the revision of the entity. It might be identification of user. Every revision might heave different editor. For non-revisioned entities editor denotes author of the last revision. For just-created entities author and editor are the same.", "readOnly": true } } } |
default |
An unexpected error response. |
{ "code": 0, "message": "string", "details": [ { "@type": "string" } ] } |
{ "$ref": "rpcStatus", "code": { "type": "integer", "format": "int32" }, "message": { "type": "string" }, "details": [ { "$ref": "protobufAny", "@type": { "type": "string" } } ] } |
202 |
Response took too long and the request was cached. |
null |
[] |