Retrieve an Update History for a Custom Rule
Endpoint URL: https://<your server>/rest/v2/customRules/history/:rule ID
Endpoint URI: v2/customRules/rootCauses/:rule ID
Action: GET
Returns details on modifications made to a custom rule.
Note
Ensure that you have logged into the Cybereason platform. For details, see Log in with the API.
Request Headers
You must add an Content-Type:application/json header with the request.
Note
If you are using cURL, add the authorization cookie details or the path to the file with cookie details with every request.
Request Body
None
Request Parameters
URL/URI parameters: none
Request Body Parameters: none
Response Status Codes
This request can return the following status codes:
200: Success OK
Response Success Schema
The response includes details on what was updated in the rule. Note the following fields:
username: The Cybereason user name of the user performing a modification.
jsonRef: The field in the rule that was updated.
originalValue: The original value for the field.
newValue: The modified value for the field.
Response Failure Schema
None
Important Response Fields
Important information is found in these fields:
id parameter: The unique identifier used by the Cybereason platform for the custom rule. In this response the ID indicates the rule that was updated.
history object: An object containing details on all changes to the rule made by all users.
changes object: An object containing details on the specific changes.
jsonRef parameter: The name of the field that was updated.
originalValue and newValue parameters: The previously and newly modified values for the field.
Example: Get a modification list for a custom rule
Request
curl --request GET \
--url https://12.34.56.78/rest/v2/customRules/history/1582038865368 \
--header 'Content-Type:application/json' \
Response
{
"id":1582038865368,
"history": [
{
"username":"[email protected]",
"date":1582039092057,
"changes": [
{
"jsonRef":"autoRemediationActions.quarantineFile",
"originalValue":null,
"newValue":"false"
},
{
"jsonRef":"description",
"originalValue":"Test Rule ",
"newValue":"Test Rule #1"
},
{
"jsonRef":"autoRemediationActions.killProcess",
"originalValue":null,
"newValue":"false"
},
{
"jsonRef":"autoRemediationActions.isolateMachine",
"originalValue":null,
"newValue":"false"
}
]
}
]
}
Request
Use this request body:
Response
{
"id":1582038865368,
"history": [
{
"username":"[email protected]",
"date":1582039092057,
"changes": [
{
"jsonRef":"autoRemediationActions.quarantineFile",
"originalValue":null,
"newValue":"false"
},
{
"jsonRef":"description",
"originalValue":"Test Rule ",
"newValue":"Test Rule #1"
},
{
"jsonRef":"autoRemediationActions.killProcess",
"originalValue":null,
"newValue":"false"
},
{
"jsonRef":"autoRemediationActions.isolateMachine",
"originalValue":null,
"newValue":"false"
}
]
}
]
}
Request
Depending on your browser settings, this linked file may open in a separate tab instead of downloading directly to your machine. If this happens, use the Save As option in your browser to save the file locally.
import requests
import json
# Login information
username = "[email protected]"
password = "mypassword"
server = "yourserver.com"
port = "443"
data = {
"username": username,
"password": password
}
headers = {"Content-Type": "application/json"}
base_url = "https://" + server + ":" + port
login_url = base_url + "/login.html"
session = requests.session()
login_response = session.post(login_url, data=data, verify=True)
print (login_response.status_code)
print (session.cookies.items())
# Request URL
rule_id = 1582038865368
endpoint_url = "/rest/v2/customRules/history/"
api_url = base_url + endpoint_url + str(rule_id)
api_headers = {'Content-Type':'application/json'}
api_response = session.request("GET", api_url, headers=api_headers)
your_response = json.loads(api_response.content)
print(json.dumps(your_response, indent=4, sort_keys=True))
Response
{
"id":1582038865368,
"history": [
{
"username":"[email protected]",
"date":1582039092057,
"changes": [
{
"jsonRef":"autoRemediationActions.quarantineFile",
"originalValue":null,
"newValue":"false"
},
{
"jsonRef":"description",
"originalValue":"Test Rule ",
"newValue":"Test Rule #1"
},
{
"jsonRef":"autoRemediationActions.killProcess",
"originalValue":null,
"newValue":"false"
},
{
"jsonRef":"autoRemediationActions.isolateMachine",
"originalValue":null,
"newValue":"false"
}
]
}
]
}