> ## Documentation Index
> Fetch the complete documentation index at: https://docs.blinkops.com/llms.txt
> Use this file to discover all available pages before exploring further.

# List Rules

Retrieves all rules in an organization's inventory.

## Example Output

```json theme={"dark"}
[
	{
		"avl_author": "securityteam@anvilogic.com",
		"avl_community_efficacy": 75,
		"avl_community_rating": 4,
		"avl_custom_labels": [
			"text"
		],
		"avl_data_category": [
			"Powershell logs",
			"Process command-line parameters"
		],
		"avl_deployed": false,
		"avl_details": "Identify hosts using PowerShell commands containing s...",
		"avl_entities_of_interest": [
			"text"
		],
		"avl_exploits": [
			"text"
		],
		"avl_kill_chain_phase": [
			"Actions on Objectives"
		],
		"avl_last_deployed_hash": "text",
		"avl_mitre_ext_ids": [
			"T1059.001",
			"T1007"
		],
		"avl_mitre_tactic": [
			"Execution",
			"Discovery"
		],
		"avl_mitre_technique": [
			"System Service Discovery",
			"Command and Scripting Interpreter"
		],
		"avl_references": [
			"https://github.com/rasta-mouse/Sherlock/blob/master/Sherlock.ps1"
		],
		"avl_rule_confidence": "High",
		"avl_rule_creation_time": "text",
		"avl_rule_domain": [
			"Endpoint"
		],
		"avl_rule_id": "AVL_R1000",
		"avl_rule_link": "https://secure.anvilogic.com/rules?id=AVL_R1000",
		"avl_rule_mode": "Warn",
		"avl_rule_modified_time": "text",
		"avl_rule_name": "avl:ti:avl_r1000:sherlock_ps1_vulnerability_scanner",
		"avl_rule_severity": "Medium",
		"avl_rule_sub_domain": [
			"text"
		],
		"avl_running": false,
		"avl_scenario_info": [
			"text"
		],
		"avl_security_controls": [
			"text"
		],
		"avl_source": "avl:ti:avl_uc1000:sherlock_ps1_vulnerability_scanner",
		"avl_sourcetype": "avl:eoi:endpoint:windows",
		"avl_techniques_fqn": [
			"execution:command and scripting interpreter:powershell",
			"discovery"
		],
		"avl_threat_groups": [
			"text"
		],
		"avl_title": "Sherlock.ps1 Vulnerability Scanner (Powershell)",
		"avl_triage_steps": [
			"Verify that the activity is not expected",
			"Review the authentication..."
		],
		"avl_use_case_category": "Reconnaissance",
		"avl_use_case_description": "The Sherlock PowerShell script queries a...",
		"avl_use_case_id": "AVL_UC1000",
		"avl_use_case_impact": "Low",
		"avl_use_case_name": "avl:ti:avl_uc1000:sherlock_ps1_vulnerability_scanner",
		"avl_use_case_sub_category": "Signature",
		"avl_use_case_title": "Sherlock.ps1 Vulnerability Scanner",
		"avl_use_case_type": "Threat Identifier",
		"avl_victim_platform": [
			"Windows"
		],
		"avl_victim_product": [
			"Windows"
		],
		"avl_vulnerabilities": [
			"text"
		]
	}
]
```

## Workflow Library Example

[List Rules with Anvilogic and Send Results Via Email](https://library.blinkops.com/workflows/list-rules-with-anvilogic-and-send-results-via-email)

<div className="iframe-wrapper">
  <div className="iframe-media">
    <img src="https://mintcdn.com/blinkops-2/ojHYuDeYX5FWuN8a/img/Icons/play-box.svg?fit=max&auto=format&n=ojHYuDeYX5FWuN8a&q=85&s=b8af968e71438a9499c3223c9bd29fb2" alt="Workflow Library" width="16" height="16" data-path="img/Icons/play-box.svg" />

    Preview this Workflow on desktop
  </div>

  <iframe className="iframe" src="https://library.blinkops.com/workflows/list-rules-with-anvilogic-and-send-results-via-email/canvas" />
</div>