Skip to main content
Create a rule within a rule group.
External DocumentationTo learn more, visit the CrowdStrike documentation.

Parameters

ParameterDescription
CommentA comment to add to the new rule.
DescriptionThe description of the new rule.
Disposition IDThe ID of the disposition.
Field ValuesA list of JSON objects that represents the field values for the new rule.

Note: At lease one field value is required.

For Example:

[
  {
    “final_value”: “string”,
    “label”: “string”,
    “name”: “string”,
    “type”: “string”,
    “value”: “string”,
    “values”: [ 
      {
        “label”: “string”,
        “value”: “string”
      }
    ]
  }
]
NameThe name of the new rule.
Pattern SeverityThe severity of the new rule.
Rule Group IDThe ID of the rule group to associate the rule with.
Rule Type IDThe rule type ID for the new rule.

Example Output

{
	"meta": {
		"query_time": 0.012345678,
		"writes": {
			"resources_affected": 1
		},
		"powered_by": "mock-engine",
		"trace_id": "aabbccdd-eeff-0011-2233-445566778899"
	},
	"resources": [
		{
			"instance_id": "mock-123",
			"customer_id": "mock-customer-abc",
			"ruletype_id": "9",
			"ruletype_name": "File Modification",
			"comment": "Mock Data Entry",
			"enabled": true,
			"deleted": false,
			"magic_cookie": 7,
			"rulegroup_id": "mock-group-xyz",
			"version_ids": [
				"v1.0"
			],
			"instance_version": 2,
			"name": "MockRule",
			"description": "This is a mock rule for testing.",
			"pattern_id": "50001",
			"pattern_severity": "medium",
			"action_label": "Log Only",
			"disposition_id": 10,
			"field_values": [
				{
					"name": "FilePath",
					"value": "/tmp/test.txt",
					"label": "File Path",
					"type": "excludable",
					"values": [
						{
							"label": "include",
							"value": "/tmp/test.txt"
						}
					],
					"final_value": "/tmp/test.txt"
				},
				{
					"name": "OperationType",
					"value": "Write",
					"label": "Operation Type",
					"type": "inclusion",
					"values": [
						{
							"label": "include",
							"value": "Write"
						}
					],
					"final_value": "Write"
				},
				{
					"name": "FileSize",
					"value": "> 1000",
					"label": "File Size",
					"type": "numerical",
					"values": [
						{
							"label": "greater than",
							"value": "1000"
						}
					],
					"final_value": "> 1000"
				}
			],
			"created_by": "mock-user-1",
			"created_on": "2025-05-18T13:00:00.000000Z",
			"modified_by": "mock-user-2",
			"modified_on": "2025-05-18T13:15:00.000000Z",
			"committed_on": "2025-05-18T13:30:00.000000Z"
		}
	]
}

Workflow Library Example

Create Rule Within Rule Group with Crowdstrike and Send Results Via Email
Workflow LibraryPreview this Workflow on desktop
I