Get Rule
Gets a single rule by its unique ID.
Basic Parameters
| Parameter | Description |
|---|---|
| Includes | Whitelist of response properties to include as an array of strings. |
| Rule ID | Rule's unique ID (uuid). |
Advanced Parameters
| Parameter | Description |
|---|---|
| Correlation ID | ID to correlate multiple requests. |
| Transaction ID | ID for a transaction. |
Example Output
{
"_status": {
"status": 0,
"code": "string"
},
"_meta": {
"stats": {
"offset": 0,
"limit": 0,
"total": 0
},
"origin": {}
},
"kind": "it:rule:detection",
"predicate": {
"id": "b73fc7b3-af84-48b6-bb2f-f3afd115a453",
"definition": {},
"patterns": [
{}
],
"predicates": [
{}
],
"lists": [
{}
]
},
"actions": [
[
{
"kind": "it:rule:action:kind:incident",
"parameters": {
"probability": 0.15,
"impact": 0.1,
"score": 0.015,
"urgency": 0.2,
"severity": "incident:severity:100:low"
}
},
{
"kind": "it:rule:action:kind:notification",
"parameters": {
"target": {
"id": "someUUID"
}
}
}
],
[
{
"kind": "it:rule:action:kind:incident",
"parameters": {
"probability": 0.15,
"impact": 0.1,
"score": 0.015,
"urgency": 0.2,
"severity": "incident:severity:100:low"
}
},
{
"kind": "it:rule:action:kind:notification",
"parameters": {
"target": {
"id": "someUUID"
}
}
}
],
[
{
"kind": "it:rule:action:kind:incident",
"parameters": {
"probability": 0.15,
"impact": 0.1,
"score": 0.015,
"urgency": 0.2,
"severity": "incident:severity:100:low"
}
},
{
"kind": "it:rule:action:kind:notification",
"parameters": {
"target": {
"id": "someUUID"
}
}
}
],
[
{
"kind": "it:rule:action:kind:incident",
"parameters": {
"probability": 0.15,
"impact": 0.1,
"score": 0.015,
"urgency": 0.2,
"severity": "incident:severity:100:low"
}
},
{
"kind": "it:rule:action:kind:notification",
"parameters": {
"target": {
"id": "someUUID"
}
}
}
],
[
{
"kind": "it:rule:action:kind:incident",
"parameters": {
"probability": 0.15,
"impact": 0.1,
"score": 0.015,
"urgency": 0.2,
"severity": "incident:severity:100:low"
}
},
{
"kind": "it:rule:action:kind:notification",
"parameters": {
"target": {
"id": "someUUID"
}
}
}
],
[
{
"kind": "it:rule:action:kind:incident",
"parameters": {
"probability": 0.15,
"impact": 0.1,
"score": 0.015,
"urgency": 0.2,
"severity": "incident:severity:100:low"
}
},
{
"kind": "it:rule:action:kind:notification",
"parameters": {
"target": {
"id": "someUUID"
}
}
}
],
[
{
"kind": "it:rule:action:kind:incident",
"parameters": {
"probability": 0.15,
"impact": 0.1,
"score": 0.015,
"urgency": 0.2,
"severity": "incident:severity:100:low"
}
},
{
"kind": "it:rule:action:kind:notification",
"parameters": {
"target": {
"id": "someUUID"
}
}
}
],
[
{
"kind": "it:rule:action:kind:incident",
"parameters": {
"probability": 0.15,
"impact": 0.1,
"score": 0.015,
"urgency": 0.2,
"severity": "incident:severity:100:low"
}
},
{
"kind": "it:rule:action:kind:notification",
"parameters": {
"target": {
"id": "someUUID"
}
}
}
],
[
{
"kind": "it:rule:action:kind:incident",
"parameters": {
"probability": 0.15,
"impact": 0.1,
"score": 0.015,
"urgency": 0.2,
"severity": "incident:severity:100:low"
}
},
{
"kind": "it:rule:action:kind:notification",
"parameters": {
"target": {
"id": "someUUID"
}
}
}
],
[
{
"kind": "it:rule:action:kind:incident",
"parameters": {
"probability": 0.15,
"impact": 0.1,
"score": 0.015,
"urgency": 0.2,
"severity": "incident:severity:100:low"
}
},
{
"kind": "it:rule:action:kind:notification",
"parameters": {
"target": {
"id": "someUUID"
}
}
}
]
],
"target": {
"defaults": [
{
"kind": "endpoint:agent",
"overlay": true
}
],
"realms": [
{
"id": "b73fc7b3-af84-48b6-bb2f-f3afd115a453",
"overlay": true
}
]
},
"options": {
"filter": {
"simple": {
"include": [
{
"activity.clumps.primary.item.designations": [
"it:activity:clump:item:first",
"it:activity:clump:item:intermediate",
"it:activity:clump:item:last"
]
}
]
}
}
},
"details": {
"name": "USA Part Codes",
"description": "Two-letter codes of all USA parts including states, territories and the DC"
},
"alias": "USA_PART_CODES",
"iver": 319,
"sver": "1.2.3",
"createdAt": "2018-04-12T16:36:51.700Z",
"createdBy": {
"principal": {
"id": "b73fc7b3-af84-48b6-bb2f-f3afd115a453"
}
},
"updatedAt": "2018-04-12T16:36:51.700Z",
"updatedBy": {
"principal": {
"id": "b73fc7b3-af84-48b6-bb2f-f3afd115a453"
}
},
"tenant": 123456789,
"extent": "tenant",
"status": "active",
"tags": [
"rules",
"windows",
"agent"
],
"id": "b73fc7b3-af84-48b6-bb2f-f3afd115a453"
}
Workflow Library Example
Get Rule with Proofpoint Itm and Send Results Via Email
Preview this Workflow on desktop