Exclude a Behavior from Triggering Malops
Endpoint URL: https://<your server>/rest/detection/exclude
Endpoint URI: detection/exclude
Action: POST
Instruct the Cybereason platform not to trigger additional Malops for the behavior in a specific existing Malop.
This request is supported for versions 20.1.43 and later.
Note
Ensure that you have logged into the Cybereason platform. For details, see Log in with the API.
Request Headers
Add a Content-Type:application/json header.
Note
If you are using cURL, add the authorization cookie details or the path to the file containing the cookie details as part of every request.
Request Body
Input: JSON
["<malop id>"]
Request Parameters
URL/URI parameters: none
Request Body Parameters: Add a string containing the Malop ID.
Response Status Codes
This request can return the following status codes:
200: Success OK or an error message saying why
Response Success Schema
None
Response Failure Schema
None
Example: Exclude a Malop’s behavior
Request
curl --request GET \
--url https://12.34.56.78/rest/detection/add-label \
--header 'Content-Type:application/json' \
--data '["11.461213833426626418"]'
Response
None
Request
Download example Python script
Depending on your browser settings, this linked file may open in a separate tab instead of downloading directly to your machine. If this happens, use the Save As option in your browser to save the file locally.
import requests
import json
# Login information
username = "[email protected]"
password = "mypassword"
server = "yourserver.com"
port = "443"
data = {
"username": username,
"password": password
}
headers = {"Content-Type": "application/json"}
base_url = "https://" + server + ":" + port
login_url = base_url + "/login.html"
session = requests.session()
login_response = session.post(login_url, data=data, verify=True)
print (login_response.status_code)
print (session.cookies.items())
# Request URL
endpoint_url = "/rest/detection/exclude"
api_url = base_url + endpoint_url
api_headers = {'Content-Type':'application/json'}
# These are the parameters for the request.
malop_id = "11.461213833426626418"
query = json.dumps([malop_id])
api_response = session.request("POST", api_url, data=query, headers=api_headers)
your_response = json.loads(api_response.content)
print(json.dumps(your_response, indent=4, sort_keys=True))
Response
None