| Parameter | Description |
| ---------- | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
| Rules List | List of rules represented by json objects to create.
For example, here's a list of one rule:
\[
\{
"kind": "it:rule:detection",
"predicate": \{
"id": "b73fc7b3-af84-48b6-bb2f-f3afd115a453",
"definition": \{},
"patterns": \[
\{}
],
"predicates": \[
\{}
],
"lists": \[
\{}
]
},
"actions": \[
\[
\{
"kind": "it:rule:action:kind:incident",
"parameters": \{
"probability": 0.15,
"impact": 0.1,
"score": 0.015,
"urgency": 0.2,
"severity": "incident:severity:100:low"
}
},
\{
"kind": "it:rule:action:kind:notification",
"parameters": \{
"target": \{
"id": "someUUID"
}
}
}
],
\[
\{
"kind": "it:rule:action:kind:incident",
"parameters": \{
"probability": 0.15,
"impact": 0.1,
"score": 0.015,
"urgency": 0.2,
"severity": "incident:severity:100:low"
}
},
\{
"kind": "it:rule:action:kind:notification",
"parameters": \{
"target": \{
"id": "someUUID"
}
}
}
],
\[
\{
"kind": "it:rule:action:kind:incident",
"parameters": \{
"probability": 0.15,
"impact": 0.1,
"score": 0.015,
"urgency": 0.2,
"severity": "incident:severity:100:low"
}
},
\{
"kind": "it:rule:action:kind:notification",
"parameters": \{
"target": \{
"id": "someUUID"
}
}
}
],
\[
\{
"kind": "it:rule:action:kind:incident",
"parameters": \{
"probability": 0.15,
"impact": 0.1,
"score": 0.015,
"urgency": 0.2,
"severity": "incident:severity:100:low"
}
},
\{
"kind": "it:rule:action:kind:notification",
"parameters": \{
"target": \{
"id": "someUUID"
}
}
}
],
\[
\{
"kind": "it:rule:action:kind:incident",
"parameters": \{
"probability": 0.15,
"impact": 0.1,
"score": 0.015,
"urgency": 0.2,
"severity": "incident:severity:100:low"
}
},
\{
"kind": "it:rule:action:kind:notification",
"parameters": \{
"target": \{
"id": "someUUID"
}
}
}
],
\[
\{
"kind": "it:rule:action:kind:incident",
"parameters": \{
"probability": 0.15,
"impact": 0.1,
"score": 0.015,
"urgency": 0.2,
"severity": "incident:severity:100:low"
}
},
\{
"kind": "it:rule:action:kind:notification",
"parameters": \{
"target": \{
"id": "someUUID"
}
}
}
],
\[
\{
"kind": "it:rule:action:kind:incident",
"parameters": \{
"probability": 0.15,
"impact": 0.1,
"score": 0.015,
"urgency": 0.2,
"severity": "incident:severity:100:low"
}
},
\{
"kind": "it:rule:action:kind:notification",
"parameters": \{
"target": \{
"id": "someUUID"
}
}
}
],
\[
\{
"kind": "it:rule:action:kind:incident",
"parameters": \{
"probability": 0.15,
"impact": 0.1,
"score": 0.015,
"urgency": 0.2,
"severity": "incident:severity:100:low"
}
},
\{
"kind": "it:rule:action:kind:notification",
"parameters": \{
"target": \{
"id": "someUUID"
}
}
}
],
\[
\{
"kind": "it:rule:action:kind:incident",
"parameters": \{
"probability": 0.15,
"impact": 0.1,
"score": 0.015,
"urgency": 0.2,
"severity": "incident:severity:100:low"
}
},
\{
"kind": "it:rule:action:kind:notification",
"parameters": \{
"target": \{
"id": "someUUID"
}
}
}
],
\[
\{
"kind": "it:rule:action:kind:incident",
"parameters": \{
"probability": 0.15,
"impact": 0.1,
"score": 0.015,
"urgency": 0.2,
"severity": "incident:severity:100:low"
}
},
\{
"kind": "it:rule:action:kind:notification",
"parameters": \{
"target": \{
"id": "someUUID"
}
}
}
]
],
"target": \{
"defaults": \[
\{
"kind": "endpoint:agent",
"overlay": true
}
],
"realms": \[
\{
"id": "b73fc7b3-af84-48b6-bb2f-f3afd115a453",
"overlay": true
}
]
},
"options": \{
"filter": \{
"simple": \{
"include": \[
\{
"activity.clumps.primary.item.designations": \[
"it:activity:clump:item:first",
"it:activity:clump:item:intermediate",
"it:activity:clump:item:last"
]
}
]
}
}
},
"details": \{
"name": "USA Part Codes",
"description": "Two-letter codes of all USA parts including states, territories and the DC"
},
"alias": "USA\_PART\_CODES",
"iver": 319,
"sver": "1.2.3",
"createdAt": "2018-04-12T16:36:51.700Z",
"createdBy": \{
"principal": \{
"id": "b73fc7b3-af84-48b6-bb2f-f3afd115a453"
}
},
"updatedAt": "2018-04-12T16:36:51.700Z",
"updatedBy": \{
"principal": \{
"id": "b73fc7b3-af84-48b6-bb2f-f3afd115a453"
}
},
"tenant": 123456789,
"extent": "tenant",
"status": "active",
"tags": \[
"rules",
"windows",
"agent"
],
"id": "b73fc7b3-af84-48b6-bb2f-f3afd115a453"
}
]
|
| Parameter | Description |
| -------------- | --------------------------------------------- |
| Consistency | Return when data is ready for read or query. |
| Correlation ID | ID to correlate multiple requests. |
| Timeout | Time to wait before consistency=query throws. |
| Transaction ID | ID for a transaction. |
## Example Output
```json theme={"dark"}
{
"_status": {
"status": 0,
"code": "string"
},
"_meta": {
"stats": {
"offset": 0,
"limit": 0,
"total": 0
},
"origin": {}
},
"data": [
"string"
]
}
```
## Workflow Library Example
[Create Rules with Proofpoint Itm and Send Results Via Email](https://library.blinkops.com/workflows/create-rules-with-proofpoint-itm-and-send-results-via-email)
Preview this Workflow on desktop