Add Custom Detection Rules
Using the custom rules API, create custom detection rules you apply to create Malops for behaviors specific to your environment.
Note
Custom detection rules created via API should be created only after adequate research regarding precision and coverage has been completed. Creating a custom detection rule that is not specific enough can have detrimental impact on retention and overall performance of the environment.
Tasks
All APIs assume a URL prefix of https://<your server>/rest.
Note
Click on any URI path to view more detailed information on a specific API request.
Task |
Endpoint |
Method |
Returns |
---|---|---|---|
Retrieve a list of all active custom detection rules |
GET |
JSON list of all active custom detection rules with rule details |
|
Retrieve a list of all disabled custom detection rules |
GET |
JSON list of all disabled custom detection rules with rule details |
|
Retrieve a list of all available root causes |
GET |
JSON list of all available root cause Element |
|
Retrieve a list of all available Malop detection types |
GET |
JSON list of all available Malop detection types for generated Malops |
|
Retrieve a list of all available Malop activity types |
GET |
JSON list of all available Malop activity types for generated Malops |
|
Create a custom rule |
POST |
JSON response with rule ID and rule details |
|
Update a custom rule |
POST |
JSON response with rule ID and rule details |
|
Get the modification history |
GET |
JSON response with rule ID and rule details |