Skip to main content

Documentation Index

Fetch the complete documentation index at: https://docs.blinkops.com/llms.txt

Use this file to discover all available pages before exploring further.

Create a rule within a rule group.
External DocumentationTo learn more, visit the CrowdStrike documentation.

Parameters

ParameterDescription
CommentA comment to add to the new rule.
DescriptionThe description of the new rule.
Disposition IDThe ID of the disposition.
Field ValuesA list of JSON objects that represents the field values for the new rule.

Note: At lease one field value is required.

For Example:

[
  {
    “final_value”: “string”,
    “label”: “string”,
    “name”: “string”,
    “type”: “string”,
    “value”: “string”,
    “values”: [ 
      {
        “label”: “string”,
        “value”: “string”
      }
    ]
  }
]
NameThe name of the new rule.
Pattern SeverityThe severity of the new rule.
Rule Group IDThe ID of the rule group to associate the rule with.
Rule Type IDThe rule type ID for the new rule.

Example Output

{
	"meta": {
		"query_time": 0.012345678,
		"writes": {
			"resources_affected": 1
		},
		"powered_by": "mock-engine",
		"trace_id": "aabbccdd-eeff-0011-2233-445566778899"
	},
	"resources": [
		{
			"instance_id": "mock-123",
			"customer_id": "mock-customer-abc",
			"ruletype_id": "9",
			"ruletype_name": "File Modification",
			"comment": "Mock Data Entry",
			"enabled": true,
			"deleted": false,
			"magic_cookie": 7,
			"rulegroup_id": "mock-group-xyz",
			"version_ids": [
				"v1.0"
			],
			"instance_version": 2,
			"name": "MockRule",
			"description": "This is a mock rule for testing.",
			"pattern_id": "50001",
			"pattern_severity": "medium",
			"action_label": "Log Only",
			"disposition_id": 10,
			"field_values": [
				{
					"name": "FilePath",
					"value": "/tmp/test.txt",
					"label": "File Path",
					"type": "excludable",
					"values": [
						{
							"label": "include",
							"value": "/tmp/test.txt"
						}
					],
					"final_value": "/tmp/test.txt"
				},
				{
					"name": "OperationType",
					"value": "Write",
					"label": "Operation Type",
					"type": "inclusion",
					"values": [
						{
							"label": "include",
							"value": "Write"
						}
					],
					"final_value": "Write"
				},
				{
					"name": "FileSize",
					"value": "> 1000",
					"label": "File Size",
					"type": "numerical",
					"values": [
						{
							"label": "greater than",
							"value": "1000"
						}
					],
					"final_value": "> 1000"
				}
			],
			"created_by": "mock-user-1",
			"created_on": "2025-05-18T13:00:00.000000Z",
			"modified_by": "mock-user-2",
			"modified_on": "2025-05-18T13:15:00.000000Z",
			"committed_on": "2025-05-18T13:30:00.000000Z"
		}
	]
}

Workflow Library Example

Create Rule Within Rule Group with Crowdstrike and Send Results Via Email
Workflow LibraryPreview this Workflow on desktop