Create [EDR rule exclusion].
Relative path: /v2/edr-rule-exclusions
Request body
Display Schema instead of an Example or vice-versa
Type |
Required |
Example |
Schema |
|---|---|---|---|
application/json |
No |
{
"exclusion": {
"displayName": "string",
"enabled": true,
"note": "string",
"ruleUuids": [
"string"
],
"scopes": [
{
"deviceUuid": "string",
"deviceGroupUuid": "string"
}
],
"xmlDefinition": "string",
"uuid": "string",
"authorUuid": "string",
"editorUuid": "string"
}
} |
{
"$ref": "v2CreateEdrRuleExclusionRequest",
"exclusion": {
"$ref": "v2EdrRuleExclusion",
"description": "[EDR rule exclusion] patches one or more [EDR rule]s so that they do not perform their action when spotting a suspicious activity. Exclusions are defined in the same way as rules, except their actions are ignored.",
"displayName": {
"type": "string",
"description": "Human readable name of [EDR rule exclusion]. The value is derived from the description/name value in xml_definition.",
"readOnly": true
},
"enabled": {
"type": "boolean",
"description": "If true, the exclusion will be applied."
},
"note": {
"type": "string",
"description": "User's note. Max 2048 characters long."
},
"ruleUuids": [
{
"type": "string"
}
],
"scopes": [
{
"$ref": "v2EdrRuleScope",
"description": "Scope for which the rule (exclusion) is applicable.",
"deviceUuid": {
"type": "string",
"description": "Reference to the device for which the rule is applicable. type: device_management.v1.Device"
},
"deviceGroupUuid": {
"type": "string",
"description": "Reference to the device_group for which the rule is applicable. type: device_management.v1.DeviceGroup"
}
}
],
"xmlDefinition": {
"type": "string",
"description": "XML definition of the [EDR rule exclusion]. Specification of the format is the same as for automation rule, but actions are ignored. XML definition must be valid according to this specification for [EDR rule exclusion] to be valid."
},
"uuid": {
"type": "string",
"description": "Unique identifier of the entity. Must be collision free - two identifiers created anywhere in the world must not collide within entity parent scope. Unless a member of aggregate, the entity scope is always global. Although most of the times compliant with RFC 4122: A Universally Unique IDentifier (UUID) URN Namespace, do not rely on it being a RFC UUID. Treat it as an opaque identifier. RFC UUID can be recognized by being formatted according to template xxxxxxxx-xxxx-Mxxx-Nxxx-xxxxxxxxxxxx, as explained on wikipedia. UUID is used for referencing an entity, even across domains. Example: '123e4567-e89b-12d3-a456-426614174000'"
},
"authorUuid": {
"type": "string",
"description": "Principal responsible for the first revision of the entity. It might be identification of user.",
"readOnly": true
},
"editorUuid": {
"type": "string",
"description": "Principal responsible for the revision of the entity. It might be identification of user. Every revision might heave different editor. For non-revisioned entities editor denotes author of the last revision. For just-created entities author and editor are the same.",
"readOnly": true
}
}
} |
Responses
Display Schema instead of an Example or vice-versa
Code |
Description |
Example |
Schema |
|---|---|---|---|
200 |
A successful response. |
{
"exclusion": {
"displayName": "string",
"enabled": true,
"note": "string",
"ruleUuids": [
"string"
],
"scopes": [
{
"deviceUuid": "string",
"deviceGroupUuid": "string"
}
],
"xmlDefinition": "string",
"uuid": "string",
"authorUuid": "string",
"editorUuid": "string"
}
} |
{
"$ref": "v2CreateEdrRuleExclusionResponse",
"exclusion": {
"$ref": "v2EdrRuleExclusion",
"description": "[EDR rule exclusion] patches one or more [EDR rule]s so that they do not perform their action when spotting a suspicious activity. Exclusions are defined in the same way as rules, except their actions are ignored.",
"displayName": {
"type": "string",
"description": "Human readable name of [EDR rule exclusion]. The value is derived from the description/name value in xml_definition.",
"readOnly": true
},
"enabled": {
"type": "boolean",
"description": "If true, the exclusion will be applied."
},
"note": {
"type": "string",
"description": "User's note. Max 2048 characters long."
},
"ruleUuids": [
{
"type": "string"
}
],
"scopes": [
{
"$ref": "v2EdrRuleScope",
"description": "Scope for which the rule (exclusion) is applicable.",
"deviceUuid": {
"type": "string",
"description": "Reference to the device for which the rule is applicable. type: device_management.v1.Device"
},
"deviceGroupUuid": {
"type": "string",
"description": "Reference to the device_group for which the rule is applicable. type: device_management.v1.DeviceGroup"
}
}
],
"xmlDefinition": {
"type": "string",
"description": "XML definition of the [EDR rule exclusion]. Specification of the format is the same as for automation rule, but actions are ignored. XML definition must be valid according to this specification for [EDR rule exclusion] to be valid."
},
"uuid": {
"type": "string",
"description": "Unique identifier of the entity. Must be collision free - two identifiers created anywhere in the world must not collide within entity parent scope. Unless a member of aggregate, the entity scope is always global. Although most of the times compliant with RFC 4122: A Universally Unique IDentifier (UUID) URN Namespace, do not rely on it being a RFC UUID. Treat it as an opaque identifier. RFC UUID can be recognized by being formatted according to template xxxxxxxx-xxxx-Mxxx-Nxxx-xxxxxxxxxxxx, as explained on wikipedia. UUID is used for referencing an entity, even across domains. Example: '123e4567-e89b-12d3-a456-426614174000'"
},
"authorUuid": {
"type": "string",
"description": "Principal responsible for the first revision of the entity. It might be identification of user.",
"readOnly": true
},
"editorUuid": {
"type": "string",
"description": "Principal responsible for the revision of the entity. It might be identification of user. Every revision might heave different editor. For non-revisioned entities editor denotes author of the last revision. For just-created entities author and editor are the same.",
"readOnly": true
}
}
} |
default |
An unexpected error response. |
{
"code": 0,
"message": "string",
"details": [
{
"@type": "string"
}
]
} |
{
"$ref": "rpcStatus",
"code": {
"type": "integer",
"format": "int32"
},
"message": {
"type": "string"
},
"details": [
{
"$ref": "protobufAny",
"@type": {
"type": "string"
}
}
]
} |
202 |
Response took too long and the request was cached. |
null |
[] |