Retrieve Isolation Exeption Rules
Endpoint URL: https://<your server>/rest/settings/isolation-rule
Endpoint URI: settings/isolation-rule
Action: GET
Retrieves a list of all rules for isolating specific machines.
Note
Ensure that you have logged into the Cybereason platform. For details, see Log in with the API.
Request Headers
You must add an Content-Type:application/json header with the request.
Note
If you are using cURL, add the authorization cookie details or the path to the file with cookie details with every request.
Request Body
None
Request Parameters
URL/URI parameters: none
Request Body Parameters: none
Response Status Codes
This request can return the following status codes:
200: Success OK
Response Success Schema
The response returns an array of isolation rules, including the following fields
Field |
Type |
Description |
---|---|---|
ruleID |
String |
A unique identifier for the rule. |
ipAddressString |
String |
The IP address of the machine to which the rule applies. |
port |
Integer |
Optional if the ipAddressString parameter exists. The port by which Cybereason communicates with an isolated machine, according to the rule. |
blocking |
Boolean |
States whether communication with the given IP or port is allowed. Set to true if communication is blocked. |
direction |
String |
The direction of the allowed communication. Values include ALL, INCOMING, or OUTGOING. |
lastUpdated |
Float |
The epoch timestamp for the last update time for the rule. |
Response Failure Schema
None
Important Response Fields
All fields returned in this request are important as they provide the full details for each isolation rule if you need to update or delete them at a later point.
Example: Return all the isolation rules on the server
Request
curl --request GET \
--url https://12.34.56.78/rest/settings/isolation-rule \
--header 'Content-Type:application/json' \
Response
[
{
"ruleId": "5ad47838e4b0e623bab9b9b0",
"ipAddress": "AQEBAQ==",
"ipAddressString": "1.1.1.1",
"domain": null,
"port": 443,
"direction": "INCOMING",
"lastUpdated": 1523873848045,
"blocking": false
},
{
"ruleId": "5ad4784ee4b0e623bab9b9b1",
"ipAddress": "AQEBAQ==",
"ipAddressString": "1.1.1.1",
"domain": null,
"port": 443,
"direction": "ALL",
"lastUpdated": 1523873870504,
"blocking": true
},
{
"ruleId": "5ad47885e4b0e623bab9b9b2",
"ipAddress": "AQEBAQ==",
"ipAddressString": "1.1.1.1",
"domain": null,
"port": 443,
"direction": "ALL",
"lastUpdated": 1523873925530,
"blocking": true
}
]
Request
Response
[
{
"ruleId": "5ad47838e4b0e623bab9b9b0",
"ipAddress": "AQEBAQ==",
"ipAddressString": "1.1.1.1",
"domain": null,
"port": 443,
"direction": "INCOMING",
"lastUpdated": 1523873848045,
"blocking": false
},
{
"ruleId": "5ad4784ee4b0e623bab9b9b1",
"ipAddress": "AQEBAQ==",
"ipAddressString": "1.1.1.1",
"domain": null,
"port": 443,
"direction": "ALL",
"lastUpdated": 1523873870504,
"blocking": true
},
{
"ruleId": "5ad47885e4b0e623bab9b9b2",
"ipAddress": "AQEBAQ==",
"ipAddressString": "1.1.1.1",
"domain": null,
"port": 443,
"direction": "ALL",
"lastUpdated": 1523873925530,
"blocking": true
}
]
Request
Depending on your browser settings, this linked file may open in a separate tab instead of downloading directly to your machine. If this happens, use the Save As option in your browser to save the file locally.
import requests
import json
# Login information
username = "[email protected]"
password = "mypassword"
server = "yourserver.com"
port = "443"
data = {
"username": username,
"password": password
}
headers = {"Content-Type": "application/json"}
base_url = "https://" + server + ":" + port
login_url = base_url + "/login.html"
session = requests.session()
login_response = session.post(login_url, data=data, verify=True)
print (login_response.status_code)
print (session.cookies.items())
# These are the variables that represent different fields in the request.
endpoint_url = "/rest/settings/isolation-rule"
api_url = base_url + endpoint_url
api_headers = {'Content-Type':'application/json'}
api_response = session.request("GET", api_url, headers=api_headers)
your_response = json.loads(api_response.content)
print(json.dumps(your_response, indent=4, sort_keys=True))
Response
[
{
"ruleId": "5ad47838e4b0e623bab9b9b0",
"ipAddress": "AQEBAQ==",
"ipAddressString": "1.1.1.1",
"domain": null,
"port": 443,
"direction": "INCOMING",
"lastUpdated": 1523873848045,
"blocking": false
},
{
"ruleId": "5ad4784ee4b0e623bab9b9b1",
"ipAddress": "AQEBAQ==",
"ipAddressString": "1.1.1.1",
"domain": null,
"port": 443,
"direction": "ALL",
"lastUpdated": 1523873870504,
"blocking": true
},
{
"ruleId": "5ad47885e4b0e623bab9b9b2",
"ipAddress": "AQEBAQ==",
"ipAddressString": "1.1.1.1",
"domain": null,
"port": 443,
"direction": "ALL",
"lastUpdated": 1523873925530,
"blocking": true
}
]