List Rules - Blink Documentation

Gets all rules configured for the system.

Basic Parameters

Parameter	Description
Cursor	Specify the pagination cursor for the next page of rules.
Includes	Whitelist of response properties to include as an array of strings.
Limit	Max number of records to return.

Advanced Parameters

Parameter	Description
Alias	Filter by the alias of the rule.
Correlation ID	ID to correlate multiple requests.
Transaction ID	ID for a transaction.

Example Output

{
	"_status": {
		"status": 0,
		"code": "string"
	},
	"_meta": {
		"stats": {
			"offset": 0,
			"limit": 0,
			"total": 0
		},
		"origin": {}
	},
	"data": [
		{
			"kind": "it:rule:detection",
			"predicate": {
				"id": "b73fc7b3-af84-48b6-bb2f-f3afd115a453",
				"definition": {},
				"patterns": [
					{}
				],
				"predicates": [
					{}
				],
				"lists": [
					{}
				]
			},
			"actions": [
				[
					{
						"kind": "it:rule:action:kind:incident",
						"parameters": {
							"probability": 0.15,
							"impact": 0.1,
							"score": 0.015,
							"urgency": 0.2,
							"severity": "incident:severity:100:low"
						}
					},
					{
						"kind": "it:rule:action:kind:notification",
						"parameters": {
							"target": {
								"id": "someUUID"
							}
						}
					}
				],
				[
					{
						"kind": "it:rule:action:kind:incident",
						"parameters": {
							"probability": 0.15,
							"impact": 0.1,
							"score": 0.015,
							"urgency": 0.2,
							"severity": "incident:severity:100:low"
						}
					},
					{
						"kind": "it:rule:action:kind:notification",
						"parameters": {
							"target": {
								"id": "someUUID"
							}
						}
					}
				],
				[
					{
						"kind": "it:rule:action:kind:incident",
						"parameters": {
							"probability": 0.15,
							"impact": 0.1,
							"score": 0.015,
							"urgency": 0.2,
							"severity": "incident:severity:100:low"
						}
					},
					{
						"kind": "it:rule:action:kind:notification",
						"parameters": {
							"target": {
								"id": "someUUID"
							}
						}
					}
				],
				[
					{
						"kind": "it:rule:action:kind:incident",
						"parameters": {
							"probability": 0.15,
							"impact": 0.1,
							"score": 0.015,
							"urgency": 0.2,
							"severity": "incident:severity:100:low"
						}
					},
					{
						"kind": "it:rule:action:kind:notification",
						"parameters": {
							"target": {
								"id": "someUUID"
							}
						}
					}
				],
				[
					{
						"kind": "it:rule:action:kind:incident",
						"parameters": {
							"probability": 0.15,
							"impact": 0.1,
							"score": 0.015,
							"urgency": 0.2,
							"severity": "incident:severity:100:low"
						}
					},
					{
						"kind": "it:rule:action:kind:notification",
						"parameters": {
							"target": {
								"id": "someUUID"
							}
						}
					}
				],
				[
					{
						"kind": "it:rule:action:kind:incident",
						"parameters": {
							"probability": 0.15,
							"impact": 0.1,
							"score": 0.015,
							"urgency": 0.2,
							"severity": "incident:severity:100:low"
						}
					},
					{
						"kind": "it:rule:action:kind:notification",
						"parameters": {
							"target": {
								"id": "someUUID"
							}
						}
					}
				],
				[
					{
						"kind": "it:rule:action:kind:incident",
						"parameters": {
							"probability": 0.15,
							"impact": 0.1,
							"score": 0.015,
							"urgency": 0.2,
							"severity": "incident:severity:100:low"
						}
					},
					{
						"kind": "it:rule:action:kind:notification",
						"parameters": {
							"target": {
								"id": "someUUID"
							}
						}
					}
				],
				[
					{
						"kind": "it:rule:action:kind:incident",
						"parameters": {
							"probability": 0.15,
							"impact": 0.1,
							"score": 0.015,
							"urgency": 0.2,
							"severity": "incident:severity:100:low"
						}
					},
					{
						"kind": "it:rule:action:kind:notification",
						"parameters": {
							"target": {
								"id": "someUUID"
							}
						}
					}
				],
				[
					{
						"kind": "it:rule:action:kind:incident",
						"parameters": {
							"probability": 0.15,
							"impact": 0.1,
							"score": 0.015,
							"urgency": 0.2,
							"severity": "incident:severity:100:low"
						}
					},
					{
						"kind": "it:rule:action:kind:notification",
						"parameters": {
							"target": {
								"id": "someUUID"
							}
						}
					}
				],
				[
					{
						"kind": "it:rule:action:kind:incident",
						"parameters": {
							"probability": 0.15,
							"impact": 0.1,
							"score": 0.015,
							"urgency": 0.2,
							"severity": "incident:severity:100:low"
						}
					},
					{
						"kind": "it:rule:action:kind:notification",
						"parameters": {
							"target": {
								"id": "someUUID"
							}
						}
					}
				]
			],
			"target": {
				"defaults": [
					{
						"kind": "endpoint:agent",
						"overlay": true
					}
				],
				"realms": [
					{
						"id": "b73fc7b3-af84-48b6-bb2f-f3afd115a453",
						"overlay": true
					}
				]
			},
			"options": {
				"filter": {
					"simple": {
						"include": [
							{
								"activity.clumps.primary.item.designations": [
									"it:activity:clump:item:first",
									"it:activity:clump:item:intermediate",
									"it:activity:clump:item:last"
								]
							}
						]
					}
				}
			},
			"details": {
				"name": "USA Part Codes",
				"description": "Two-letter codes of all USA parts including states, territories and the DC"
			},
			"alias": "USA_PART_CODES",
			"iver": 319,
			"sver": "1.2.3",
			"createdAt": "2018-04-12T16:36:51.700Z",
			"createdBy": {
				"principal": {
					"id": "b73fc7b3-af84-48b6-bb2f-f3afd115a453"
				}
			},
			"updatedAt": "2018-04-12T16:36:51.700Z",
			"updatedBy": {
				"principal": {
					"id": "b73fc7b3-af84-48b6-bb2f-f3afd115a453"
				}
			},
			"tenant": 123456789,
			"extent": "tenant",
			"status": "active",
			"tags": [
				"rules",
				"windows",
				"agent"
			],
			"id": "b73fc7b3-af84-48b6-bb2f-f3afd115a453"
		}
	]
}

Workflow Library Example

List Rules with Proofpoint Itm and Send Results Via Email

Preview this Workflow on desktop

Integrations

​Basic Parameters

​Advanced Parameters

​Example Output

​Workflow Library Example

Basic Parameters

Advanced Parameters

Example Output

Workflow Library Example