> ## Documentation Index
> Fetch the complete documentation index at: https://docs.blinkops.com/llms.txt
> Use this file to discover all available pages before exploring further.

# Create Rule Within Rule Group

Create a rule within a rule group.

<Note>
  External Documentation

  To learn more, visit the [CrowdStrike documentation](https://falcon.us-2.crowdstrike.com/documentation/page/ed1b4a95/detection-and-prevention-policy-apis#e4a891c0).
</Note>

## Parameters

<div className="integrations-table">
  | Parameter        | Description                                                                                                                                                                                                                                                                                                                                                                                                                                                                                               |
  | ---------------- | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
  | Comment          | A comment to add to the new rule.                                                                                                                                                                                                                                                                                                                                                                                                                                                                         |
  | Description      | The description of the new rule.                                                                                                                                                                                                                                                                                                                                                                                                                                                                          |
  | Disposition ID   | The ID of the disposition.                                                                                                                                                                                                                                                                                                                                                                                                                                                                                |
  | Field Values     | A list of JSON objects that represents the field values for the new rule.<br /><br />**Note:** At lease one field value is required.<br /><br />For Example:<br /><br /><pre><code>\[<br />  \{<br />    "final\_value": "string",<br />    "label": "string",<br />    "name": "string",<br />    "type": "string",<br />    "value": "string",<br />    "values": \[ <br />      \{<br />        "label": "string",<br />        "value": "string"<br />      }<br />    ]<br />  }<br />]</code></pre> |
  | Name             | The name of the new rule.                                                                                                                                                                                                                                                                                                                                                                                                                                                                                 |
  | Pattern Severity | The `severity` of the new rule.                                                                                                                                                                                                                                                                                                                                                                                                                                                                           |
  | Rule Group ID    | The ID of the `rule group` to associate the rule with.                                                                                                                                                                                                                                                                                                                                                                                                                                                    |
  | Rule Type ID     | The rule type ID for the new rule.                                                                                                                                                                                                                                                                                                                                                                                                                                                                        |
</div>

## Example Output

```json theme={"dark"}
{
	"meta": {
		"query_time": 0.012345678,
		"writes": {
			"resources_affected": 1
		},
		"powered_by": "mock-engine",
		"trace_id": "aabbccdd-eeff-0011-2233-445566778899"
	},
	"resources": [
		{
			"instance_id": "mock-123",
			"customer_id": "mock-customer-abc",
			"ruletype_id": "9",
			"ruletype_name": "File Modification",
			"comment": "Mock Data Entry",
			"enabled": true,
			"deleted": false,
			"magic_cookie": 7,
			"rulegroup_id": "mock-group-xyz",
			"version_ids": [
				"v1.0"
			],
			"instance_version": 2,
			"name": "MockRule",
			"description": "This is a mock rule for testing.",
			"pattern_id": "50001",
			"pattern_severity": "medium",
			"action_label": "Log Only",
			"disposition_id": 10,
			"field_values": [
				{
					"name": "FilePath",
					"value": "/tmp/test.txt",
					"label": "File Path",
					"type": "excludable",
					"values": [
						{
							"label": "include",
							"value": "/tmp/test.txt"
						}
					],
					"final_value": "/tmp/test.txt"
				},
				{
					"name": "OperationType",
					"value": "Write",
					"label": "Operation Type",
					"type": "inclusion",
					"values": [
						{
							"label": "include",
							"value": "Write"
						}
					],
					"final_value": "Write"
				},
				{
					"name": "FileSize",
					"value": "> 1000",
					"label": "File Size",
					"type": "numerical",
					"values": [
						{
							"label": "greater than",
							"value": "1000"
						}
					],
					"final_value": "> 1000"
				}
			],
			"created_by": "mock-user-1",
			"created_on": "2025-05-18T13:00:00.000000Z",
			"modified_by": "mock-user-2",
			"modified_on": "2025-05-18T13:15:00.000000Z",
			"committed_on": "2025-05-18T13:30:00.000000Z"
		}
	]
}
```

## Workflow Library Example

[Create Rule Within Rule Group with Crowdstrike and Send Results Via Email](https://library.blinkops.com/workflows/create-rule-within-rule-group-with-crowdstrike-and-send-results-via-email)

<div className="iframe-wrapper">
  <div className="iframe-media">
    <img src="https://mintcdn.com/blinkops-2/ojHYuDeYX5FWuN8a/img/Icons/play-box.svg?fit=max&auto=format&n=ojHYuDeYX5FWuN8a&q=85&s=b8af968e71438a9499c3223c9bd29fb2" alt="Workflow Library" width="16" height="16" data-path="img/Icons/play-box.svg" />

    Preview this Workflow on desktop
  </div>

  <iframe className="iframe" src="https://library.blinkops.com/workflows/create-rule-within-rule-group-with-crowdstrike-and-send-results-via-email/canvas" />
</div>
