# 단순 룰

## 개요

다음 API 작업을 사용하여 상호작용하세요 [룰](https://docs.panther.com/ko/detections/rules) 으로 생성된 [CLI 워크플로우의 간단한 디텍션](https://docs.panther.com/ko/detections/rules/writing-simple-detections) 또는 Panther 콘솔의 [간단한 디텍션 빌더](https://docs.panther.com/ko/detections/rules/simple-detection-builder).

{% hint style="info" %}
간단한 룰 API 엔터티는 다음인 룰에만 적용됩니다 [간단한 디텍션](https://docs.panther.com/ko/detections#simple-detections)에 생성된 룰과 상호작용하려면 [Python](https://docs.panther.com/ko/detections/rules/python)를 참조하세요 [룰](https://docs.panther.com/ko/panther/api/rest/rules).
{% endhint %}

API를 호출하려면, [Panther REST API 사용 방법](https://docs.panther.com/ko/panther/api/rest/..#how-to-use-the-panther-rest-api) 지침을 참조하세요—포함하여 [이 문서 페이지에서 직접 호출하는 방법에 대한 지침](https://docs.panther.com/ko/panther/api/rest/..#step-3-invoke-the-panther-rest-api).

## 필수 권한

* 에 대해 `GET` 작업의 경우, API 토큰에는 `룰 보기` 권한이 있어야 합니다.
* 에 대해 `POST`, `PUT`및 `DELETE` 작업의 경우, API 토큰에는 `룰 관리` 권한이 있어야 합니다.

## 작업

{% hint style="info" %}
아래 API 엔드포인트는 간단한 디텍션 전용입니다. 다른 디텍션 유형과 상호작용하려면 해당 페이지를 참조하세요: [Python 기반 룰](https://docs.panther.com/panther-developer-workflows/api/rest/rules), [예약된 룰](https://docs.panther.com/panther-developer-workflows/api/rest/scheduled-rules)및 [클라우드 정책](https://docs.panther.com/panther-developer-workflows/api/rest/policies).
{% endhint %}

## POST /simple-rules

> create simple rule

```json
{"openapi":"3.0.3","info":{"title":"Panther REST API","version":"1.0"},"tags":[{"name":"simple rule","description":"The simple rule api handles all operations for simple rules"}],"servers":[{"url":"https://{api_host}","variables":{"api_host":{"default":"your-api-host"}}}],"security":[{"ApiKeyAuth":[]}],"components":{"securitySchemes":{"ApiKeyAuth":{"type":"apiKey","name":"X-API-Key","in":"header"}},"schemas":{"SimpleRuleAPI.ModifyRule":{"type":"object","properties":{"alertContext":{"type":"string","description":"The alert context represented in YAML"},"alertTitle":{"type":"string","description":"The alert title represented in YAML"},"createAlert":{"type":"boolean","description":"Determines whether the rule should create alerts when it triggers"},"dedupPeriodMinutes":{"type":"integer","description":"The amount of time in minutes for grouping alerts","default":60,"format":"int64","minimum":1},"description":{"type":"string","description":"The description of the rule"},"detection":{"type":"string","description":"The yaml representation of the rule"},"displayName":{"type":"string","description":"The display name of the rule"},"dynamicSeverities":{"type":"string","description":"The dynamic severity represented in YAML"},"enabled":{"type":"boolean","description":"Determines whether or not the rule is active"},"groupBy":{"type":"string","description":"The key on an event to group by represented in YAML"},"id":{"type":"string","description":"The id of the rule"},"inlineFilters":{"type":"string","description":"The filter for the rule represented in YAML"},"logTypes":{"type":"array","items":{"type":"string"},"description":"log types"},"managed":{"type":"boolean","description":"Determines if the simple rule is managed by panther"},"outputIDs":{"type":"array","items":{"type":"string"},"description":"Destination IDs that override default alert routing based on severity"},"pythonBody":{"type":"string","description":"The python body of the rule"},"reference":{"type":"string","description":"A URL or note for additional reference material"},"reports":{"type":"object","description":"reports","additionalProperties":{"items":{"type":"string"},"type":"array"}},"runbook":{"type":"string","description":"How to handle the generated alert"},"severity":{"type":"string","enum":["INFO","LOW","MEDIUM","HIGH","CRITICAL"]},"summaryAttributes":{"type":"array","items":{"type":"string"},"description":"A list of fields in the event to create top 5 summaries for"},"tags":{"type":"array","items":{"type":"string"},"description":"The tags for the simple rule"},"tests":{"type":"array","items":{"$ref":"#/components/schemas/SimpleRuleAPI.UnitTest"},"description":"Unit tests for the Rule. Best practice is to include a positive and negative case"},"threshold":{"type":"integer","description":"the number of events that must match before an alert is triggered","default":1,"format":"int64","minimum":1}},"required":["id","detection","severity"]},"SimpleRuleAPI.UnitTest":{"type":"object","properties":{"expectedResult":{"type":"boolean","description":"The expected result"},"mocks":{"type":"array","items":{"$ref":"#/components/schemas/SimpleRuleAPI.UnitTestMock"},"description":"mocks"},"name":{"type":"string","description":"name"},"resource":{"type":"string","description":"resource"}},"required":["name","resource","expectedResult"]},"SimpleRuleAPI.UnitTestMock":{"type":"object","additionalProperties":{"type":"string"}},"SimpleRuleAPI.SimpleRule":{"type":"object","properties":{"alertContext":{"type":"string","description":"The alert context represented in YAML"},"alertTitle":{"type":"string","description":"The alert title represented in YAML"},"createAlert":{"type":"boolean","description":"Determines whether the rule should create alerts when it triggers"},"createdAt":{"type":"string"},"createdBy":{"type":"object","properties":{"id":{"type":"string","enum":["user","api-token","system"]},"type":{"type":"string"}},"description":"The actor who created the rule"},"createdByExternal":{"type":"string","description":"The text of the user-provided CreatedBy field when uploaded via CI/CD"},"dedupPeriodMinutes":{"type":"integer","description":"The amount of time in minutes for grouping alerts","default":60,"format":"int64","minimum":1},"description":{"type":"string","description":"The description of the rule"},"detection":{"type":"string","description":"The yaml representation of the rule"},"displayName":{"type":"string","description":"The display name of the rule"},"dynamicSeverities":{"type":"string","description":"The dynamic severity represented in YAML"},"enabled":{"type":"boolean","description":"Determines whether or not the rule is active"},"groupBy":{"type":"string","description":"The key on an event to group by represented in YAML"},"id":{"type":"string","description":"The id of the rule"},"inlineFilters":{"type":"string","description":"The filter for the rule represented in YAML"},"lastModified":{"type":"string"},"logTypes":{"type":"array","items":{"type":"string"},"description":"log types"},"managed":{"type":"boolean","description":"Determines if the simple rule is managed by panther"},"outputIDs":{"type":"array","items":{"type":"string"},"description":"Destination IDs that override default alert routing based on severity"},"pythonBody":{"type":"string","description":"The python body of the rule"},"reference":{"type":"string","description":"A URL or note for additional reference material"},"reports":{"type":"object","description":"reports","additionalProperties":{"items":{"type":"string"},"type":"array"}},"runbook":{"type":"string","description":"How to handle the generated alert"},"severity":{"type":"string","enum":["INFO","LOW","MEDIUM","HIGH","CRITICAL"]},"summaryAttributes":{"type":"array","items":{"type":"string"},"description":"A list of fields in the event to create top 5 summaries for"},"tags":{"type":"array","items":{"type":"string"},"description":"The tags for the simple rule"},"tests":{"type":"array","items":{"$ref":"#/components/schemas/SimpleRuleAPI.UnitTest"},"description":"Unit tests for the Rule. Best practice is to include a positive and negative case"},"threshold":{"type":"integer","description":"the number of events that must match before an alert is triggered","default":1,"format":"int64","minimum":1}}},"SimpleRuleAPI.BadRequestWithTestResultsErr":{"type":"object","properties":{"message":{"type":"string"},"testResults":{"type":"array","items":{"$ref":"#/components/schemas/SimpleRuleAPI.TestDetectionRecord"}}},"required":["message"]},"SimpleRuleAPI.TestDetectionRecord":{"type":"object","properties":{"error":{"$ref":"#/components/schemas/SimpleRuleAPI.TestErr"},"errored":{"type":"boolean"},"functions":{"$ref":"#/components/schemas/SimpleRuleAPI.TestDetectionRecordFunctions"},"name":{"type":"string"},"passed":{"type":"boolean"},"triggerAlert":{"type":"boolean"}}},"SimpleRuleAPI.TestErr":{"type":"object","properties":{"code":{"type":"string"},"message":{"type":"string"}}},"SimpleRuleAPI.TestDetectionRecordFunctions":{"type":"object","properties":{"alertContext":{"$ref":"#/components/schemas/SimpleRuleAPI.TestDetectionSubRecord"},"dedup":{"$ref":"#/components/schemas/SimpleRuleAPI.TestDetectionSubRecord"},"description":{"$ref":"#/components/schemas/SimpleRuleAPI.TestDetectionSubRecord"},"destinations":{"$ref":"#/components/schemas/SimpleRuleAPI.TestDetectionSubRecord"},"detection":{"$ref":"#/components/schemas/SimpleRuleAPI.TestDetectionSubRecord"},"reference":{"$ref":"#/components/schemas/SimpleRuleAPI.TestDetectionSubRecord"},"runbook":{"$ref":"#/components/schemas/SimpleRuleAPI.TestDetectionSubRecord"},"severity":{"$ref":"#/components/schemas/SimpleRuleAPI.TestDetectionSubRecord"},"title":{"$ref":"#/components/schemas/SimpleRuleAPI.TestDetectionSubRecord"}}},"SimpleRuleAPI.TestDetectionSubRecord":{"type":"object","properties":{"error":{"$ref":"#/components/schemas/SimpleRuleAPI.TestErr"},"output":{"type":"string"}}},"SimpleRuleAPI.ExistsError":{"type":"object","properties":{"message":{"type":"string"}},"required":["message"]}}},"paths":{"/simple-rules":{"post":{"tags":["simple rule"],"summary":"create simple rule","operationId":"simple rule#create","parameters":[{"name":"run-tests-first","in":"query","description":"set this field to false to exclude running tests prior to saving","allowEmptyValue":true,"schema":{"type":"boolean","description":"set this field to false to exclude running tests prior to saving","default":true}},{"name":"run-tests-only","in":"query","description":"set this field to true if you want to run tests without saving","allowEmptyValue":true,"schema":{"type":"boolean","description":"set this field to true if you want to run tests without saving","default":false}}],"requestBody":{"required":true,"content":{"application/json":{"schema":{"$ref":"#/components/schemas/SimpleRuleAPI.ModifyRule"}}}},"responses":{"200":{"description":"OK response.","content":{"application/json":{"schema":{"$ref":"#/components/schemas/SimpleRuleAPI.SimpleRule"}}}},"204":{"description":"No Content response."},"400":{"description":"bad_request: Bad Request response.","content":{"application/json":{"schema":{"$ref":"#/components/schemas/SimpleRuleAPI.BadRequestWithTestResultsErr"}}}},"409":{"description":"exists: Conflict response.","content":{"application/json":{"schema":{"$ref":"#/components/schemas/SimpleRuleAPI.ExistsError"}}}}}}}}}
```

## GET /simple-rules/{id}

> get a simple rule

```json
{"openapi":"3.0.3","info":{"title":"Panther REST API","version":"1.0"},"tags":[{"name":"simple rule","description":"The simple rule api handles all operations for simple rules"}],"servers":[{"url":"https://{api_host}","variables":{"api_host":{"default":"your-api-host"}}}],"security":[{"ApiKeyAuth":[]}],"components":{"securitySchemes":{"ApiKeyAuth":{"type":"apiKey","name":"X-API-Key","in":"header"}},"schemas":{"SimpleRuleAPI.SimpleRule":{"type":"object","properties":{"alertContext":{"type":"string","description":"The alert context represented in YAML"},"alertTitle":{"type":"string","description":"The alert title represented in YAML"},"createAlert":{"type":"boolean","description":"Determines whether the rule should create alerts when it triggers"},"createdAt":{"type":"string"},"createdBy":{"type":"object","properties":{"id":{"type":"string","enum":["user","api-token","system"]},"type":{"type":"string"}},"description":"The actor who created the rule"},"createdByExternal":{"type":"string","description":"The text of the user-provided CreatedBy field when uploaded via CI/CD"},"dedupPeriodMinutes":{"type":"integer","description":"The amount of time in minutes for grouping alerts","default":60,"format":"int64","minimum":1},"description":{"type":"string","description":"The description of the rule"},"detection":{"type":"string","description":"The yaml representation of the rule"},"displayName":{"type":"string","description":"The display name of the rule"},"dynamicSeverities":{"type":"string","description":"The dynamic severity represented in YAML"},"enabled":{"type":"boolean","description":"Determines whether or not the rule is active"},"groupBy":{"type":"string","description":"The key on an event to group by represented in YAML"},"id":{"type":"string","description":"The id of the rule"},"inlineFilters":{"type":"string","description":"The filter for the rule represented in YAML"},"lastModified":{"type":"string"},"logTypes":{"type":"array","items":{"type":"string"},"description":"log types"},"managed":{"type":"boolean","description":"Determines if the simple rule is managed by panther"},"outputIDs":{"type":"array","items":{"type":"string"},"description":"Destination IDs that override default alert routing based on severity"},"pythonBody":{"type":"string","description":"The python body of the rule"},"reference":{"type":"string","description":"A URL or note for additional reference material"},"reports":{"type":"object","description":"reports","additionalProperties":{"items":{"type":"string"},"type":"array"}},"runbook":{"type":"string","description":"How to handle the generated alert"},"severity":{"type":"string","enum":["INFO","LOW","MEDIUM","HIGH","CRITICAL"]},"summaryAttributes":{"type":"array","items":{"type":"string"},"description":"A list of fields in the event to create top 5 summaries for"},"tags":{"type":"array","items":{"type":"string"},"description":"The tags for the simple rule"},"tests":{"type":"array","items":{"$ref":"#/components/schemas/SimpleRuleAPI.UnitTest"},"description":"Unit tests for the Rule. Best practice is to include a positive and negative case"},"threshold":{"type":"integer","description":"the number of events that must match before an alert is triggered","default":1,"format":"int64","minimum":1}}},"SimpleRuleAPI.UnitTest":{"type":"object","properties":{"expectedResult":{"type":"boolean","description":"The expected result"},"mocks":{"type":"array","items":{"$ref":"#/components/schemas/SimpleRuleAPI.UnitTestMock"},"description":"mocks"},"name":{"type":"string","description":"name"},"resource":{"type":"string","description":"resource"}},"required":["name","resource","expectedResult"]},"SimpleRuleAPI.UnitTestMock":{"type":"object","additionalProperties":{"type":"string"}},"SimpleRuleAPI.NotFoundError":{"type":"object","properties":{"message":{"type":"string"}},"required":["message"]}}},"paths":{"/simple-rules/{id}":{"get":{"tags":["simple rule"],"summary":"get a simple rule","operationId":"simple rule#get","parameters":[{"name":"include-python","in":"query","description":"determines if associated python for the generated rule is returned","allowEmptyValue":true,"schema":{"type":"boolean","description":"determines if associated python for the generated rule is returned","default":false}},{"name":"id","in":"path","description":"ID of the rule to fetch","required":true,"schema":{"type":"string","description":"ID of the rule to fetch"}}],"responses":{"200":{"description":"OK response.","content":{"application/json":{"schema":{"$ref":"#/components/schemas/SimpleRuleAPI.SimpleRule"}}}},"404":{"description":"not_found: Not Found response.","content":{"application/json":{"schema":{"$ref":"#/components/schemas/SimpleRuleAPI.NotFoundError"}}}}}}}}}
```

## put simple rule

> put creates or updates a rule

```json
{"openapi":"3.0.3","info":{"title":"Panther REST API","version":"1.0"},"tags":[{"name":"simple rule","description":"The simple rule api handles all operations for simple rules"}],"servers":[{"url":"https://{api_host}","variables":{"api_host":{"default":"your-api-host"}}}],"security":[{"ApiKeyAuth":[]}],"components":{"securitySchemes":{"ApiKeyAuth":{"type":"apiKey","name":"X-API-Key","in":"header"}},"schemas":{"SimpleRuleAPI.ModifyRule":{"type":"object","properties":{"alertContext":{"type":"string","description":"The alert context represented in YAML"},"alertTitle":{"type":"string","description":"The alert title represented in YAML"},"createAlert":{"type":"boolean","description":"Determines whether the rule should create alerts when it triggers"},"dedupPeriodMinutes":{"type":"integer","description":"The amount of time in minutes for grouping alerts","default":60,"format":"int64","minimum":1},"description":{"type":"string","description":"The description of the rule"},"detection":{"type":"string","description":"The yaml representation of the rule"},"displayName":{"type":"string","description":"The display name of the rule"},"dynamicSeverities":{"type":"string","description":"The dynamic severity represented in YAML"},"enabled":{"type":"boolean","description":"Determines whether or not the rule is active"},"groupBy":{"type":"string","description":"The key on an event to group by represented in YAML"},"id":{"type":"string","description":"The id of the rule"},"inlineFilters":{"type":"string","description":"The filter for the rule represented in YAML"},"logTypes":{"type":"array","items":{"type":"string"},"description":"log types"},"managed":{"type":"boolean","description":"Determines if the simple rule is managed by panther"},"outputIDs":{"type":"array","items":{"type":"string"},"description":"Destination IDs that override default alert routing based on severity"},"pythonBody":{"type":"string","description":"The python body of the rule"},"reference":{"type":"string","description":"A URL or note for additional reference material"},"reports":{"type":"object","description":"reports","additionalProperties":{"items":{"type":"string"},"type":"array"}},"runbook":{"type":"string","description":"How to handle the generated alert"},"severity":{"type":"string","enum":["INFO","LOW","MEDIUM","HIGH","CRITICAL"]},"summaryAttributes":{"type":"array","items":{"type":"string"},"description":"A list of fields in the event to create top 5 summaries for"},"tags":{"type":"array","items":{"type":"string"},"description":"The tags for the simple rule"},"tests":{"type":"array","items":{"$ref":"#/components/schemas/SimpleRuleAPI.UnitTest"},"description":"Unit tests for the Rule. Best practice is to include a positive and negative case"},"threshold":{"type":"integer","description":"the number of events that must match before an alert is triggered","default":1,"format":"int64","minimum":1}},"required":["id","detection","severity"]},"SimpleRuleAPI.UnitTest":{"type":"object","properties":{"expectedResult":{"type":"boolean","description":"The expected result"},"mocks":{"type":"array","items":{"$ref":"#/components/schemas/SimpleRuleAPI.UnitTestMock"},"description":"mocks"},"name":{"type":"string","description":"name"},"resource":{"type":"string","description":"resource"}},"required":["name","resource","expectedResult"]},"SimpleRuleAPI.UnitTestMock":{"type":"object","additionalProperties":{"type":"string"}},"SimpleRuleAPI.SimpleRule":{"type":"object","properties":{"alertContext":{"type":"string","description":"The alert context represented in YAML"},"alertTitle":{"type":"string","description":"The alert title represented in YAML"},"createAlert":{"type":"boolean","description":"Determines whether the rule should create alerts when it triggers"},"createdAt":{"type":"string"},"createdBy":{"type":"object","properties":{"id":{"type":"string","enum":["user","api-token","system"]},"type":{"type":"string"}},"description":"The actor who created the rule"},"createdByExternal":{"type":"string","description":"The text of the user-provided CreatedBy field when uploaded via CI/CD"},"dedupPeriodMinutes":{"type":"integer","description":"The amount of time in minutes for grouping alerts","default":60,"format":"int64","minimum":1},"description":{"type":"string","description":"The description of the rule"},"detection":{"type":"string","description":"The yaml representation of the rule"},"displayName":{"type":"string","description":"The display name of the rule"},"dynamicSeverities":{"type":"string","description":"The dynamic severity represented in YAML"},"enabled":{"type":"boolean","description":"Determines whether or not the rule is active"},"groupBy":{"type":"string","description":"The key on an event to group by represented in YAML"},"id":{"type":"string","description":"The id of the rule"},"inlineFilters":{"type":"string","description":"The filter for the rule represented in YAML"},"lastModified":{"type":"string"},"logTypes":{"type":"array","items":{"type":"string"},"description":"log types"},"managed":{"type":"boolean","description":"Determines if the simple rule is managed by panther"},"outputIDs":{"type":"array","items":{"type":"string"},"description":"Destination IDs that override default alert routing based on severity"},"pythonBody":{"type":"string","description":"The python body of the rule"},"reference":{"type":"string","description":"A URL or note for additional reference material"},"reports":{"type":"object","description":"reports","additionalProperties":{"items":{"type":"string"},"type":"array"}},"runbook":{"type":"string","description":"How to handle the generated alert"},"severity":{"type":"string","enum":["INFO","LOW","MEDIUM","HIGH","CRITICAL"]},"summaryAttributes":{"type":"array","items":{"type":"string"},"description":"A list of fields in the event to create top 5 summaries for"},"tags":{"type":"array","items":{"type":"string"},"description":"The tags for the simple rule"},"tests":{"type":"array","items":{"$ref":"#/components/schemas/SimpleRuleAPI.UnitTest"},"description":"Unit tests for the Rule. Best practice is to include a positive and negative case"},"threshold":{"type":"integer","description":"the number of events that must match before an alert is triggered","default":1,"format":"int64","minimum":1}}},"SimpleRuleAPI.BadRequestWithTestResultsErr":{"type":"object","properties":{"message":{"type":"string"},"testResults":{"type":"array","items":{"$ref":"#/components/schemas/SimpleRuleAPI.TestDetectionRecord"}}},"required":["message"]},"SimpleRuleAPI.TestDetectionRecord":{"type":"object","properties":{"error":{"$ref":"#/components/schemas/SimpleRuleAPI.TestErr"},"errored":{"type":"boolean"},"functions":{"$ref":"#/components/schemas/SimpleRuleAPI.TestDetectionRecordFunctions"},"name":{"type":"string"},"passed":{"type":"boolean"},"triggerAlert":{"type":"boolean"}}},"SimpleRuleAPI.TestErr":{"type":"object","properties":{"code":{"type":"string"},"message":{"type":"string"}}},"SimpleRuleAPI.TestDetectionRecordFunctions":{"type":"object","properties":{"alertContext":{"$ref":"#/components/schemas/SimpleRuleAPI.TestDetectionSubRecord"},"dedup":{"$ref":"#/components/schemas/SimpleRuleAPI.TestDetectionSubRecord"},"description":{"$ref":"#/components/schemas/SimpleRuleAPI.TestDetectionSubRecord"},"destinations":{"$ref":"#/components/schemas/SimpleRuleAPI.TestDetectionSubRecord"},"detection":{"$ref":"#/components/schemas/SimpleRuleAPI.TestDetectionSubRecord"},"reference":{"$ref":"#/components/schemas/SimpleRuleAPI.TestDetectionSubRecord"},"runbook":{"$ref":"#/components/schemas/SimpleRuleAPI.TestDetectionSubRecord"},"severity":{"$ref":"#/components/schemas/SimpleRuleAPI.TestDetectionSubRecord"},"title":{"$ref":"#/components/schemas/SimpleRuleAPI.TestDetectionSubRecord"}}},"SimpleRuleAPI.TestDetectionSubRecord":{"type":"object","properties":{"error":{"$ref":"#/components/schemas/SimpleRuleAPI.TestErr"},"output":{"type":"string"}}}}},"paths":{"/simple-rules/{id}":{"put":{"tags":["simple rule"],"summary":"put simple rule","description":"put creates or updates a rule","operationId":"simple rule#put","parameters":[{"name":"run-tests-first","in":"query","description":"set this field to false to exclude running tests prior to saving","allowEmptyValue":true,"schema":{"type":"boolean","description":"set this field to false to exclude running tests prior to saving","default":true}},{"name":"run-tests-only","in":"query","description":"set this field to true if you want to run tests without saving","allowEmptyValue":true,"schema":{"type":"boolean","description":"set this field to true if you want to run tests without saving","default":false}},{"name":"id","in":"path","description":"the id of the rule","required":true,"schema":{"type":"string","description":"the id of the rule"}}],"requestBody":{"required":true,"content":{"application/json":{"schema":{"$ref":"#/components/schemas/SimpleRuleAPI.ModifyRule"}}}},"responses":{"200":{"description":"200 returned if the item already existed","content":{"application/json":{"schema":{"$ref":"#/components/schemas/SimpleRuleAPI.SimpleRule"}}}},"201":{"description":"201 returned if the item was created","content":{"application/json":{"schema":{"$ref":"#/components/schemas/SimpleRuleAPI.SimpleRule"}}}},"204":{"description":"No Content response."},"400":{"description":"bad_request: Bad Request response.","content":{"application/json":{"schema":{"$ref":"#/components/schemas/SimpleRuleAPI.BadRequestWithTestResultsErr"}}}}}}}}}
```

## DELETE /simple-rules/{id}

> delete simple rule

```json
{"openapi":"3.0.3","info":{"title":"Panther REST API","version":"1.0"},"tags":[{"name":"simple rule","description":"The simple rule api handles all operations for simple rules"}],"servers":[{"url":"https://{api_host}","variables":{"api_host":{"default":"your-api-host"}}}],"security":[{"ApiKeyAuth":[]}],"components":{"securitySchemes":{"ApiKeyAuth":{"type":"apiKey","name":"X-API-Key","in":"header"}},"schemas":{"SimpleRuleAPI.BadRequestWithTestResultsErr":{"type":"object","properties":{"message":{"type":"string"},"testResults":{"type":"array","items":{"$ref":"#/components/schemas/SimpleRuleAPI.TestDetectionRecord"}}},"required":["message"]},"SimpleRuleAPI.TestDetectionRecord":{"type":"object","properties":{"error":{"$ref":"#/components/schemas/SimpleRuleAPI.TestErr"},"errored":{"type":"boolean"},"functions":{"$ref":"#/components/schemas/SimpleRuleAPI.TestDetectionRecordFunctions"},"name":{"type":"string"},"passed":{"type":"boolean"},"triggerAlert":{"type":"boolean"}}},"SimpleRuleAPI.TestErr":{"type":"object","properties":{"code":{"type":"string"},"message":{"type":"string"}}},"SimpleRuleAPI.TestDetectionRecordFunctions":{"type":"object","properties":{"alertContext":{"$ref":"#/components/schemas/SimpleRuleAPI.TestDetectionSubRecord"},"dedup":{"$ref":"#/components/schemas/SimpleRuleAPI.TestDetectionSubRecord"},"description":{"$ref":"#/components/schemas/SimpleRuleAPI.TestDetectionSubRecord"},"destinations":{"$ref":"#/components/schemas/SimpleRuleAPI.TestDetectionSubRecord"},"detection":{"$ref":"#/components/schemas/SimpleRuleAPI.TestDetectionSubRecord"},"reference":{"$ref":"#/components/schemas/SimpleRuleAPI.TestDetectionSubRecord"},"runbook":{"$ref":"#/components/schemas/SimpleRuleAPI.TestDetectionSubRecord"},"severity":{"$ref":"#/components/schemas/SimpleRuleAPI.TestDetectionSubRecord"},"title":{"$ref":"#/components/schemas/SimpleRuleAPI.TestDetectionSubRecord"}}},"SimpleRuleAPI.TestDetectionSubRecord":{"type":"object","properties":{"error":{"$ref":"#/components/schemas/SimpleRuleAPI.TestErr"},"output":{"type":"string"}}},"SimpleRuleAPI.NotFoundError":{"type":"object","properties":{"message":{"type":"string"}},"required":["message"]}}},"paths":{"/simple-rules/{id}":{"delete":{"tags":["simple rule"],"summary":"delete simple rule","operationId":"simple rule#delete","parameters":[{"name":"id","in":"path","description":"ID of the simple rule to delete","required":true,"schema":{"type":"string","description":"ID of the simple rule to delete"}}],"responses":{"204":{"description":"No Content response."},"400":{"description":"bad_request: Bad Request response.","content":{"application/json":{"schema":{"$ref":"#/components/schemas/SimpleRuleAPI.BadRequestWithTestResultsErr"}}}},"404":{"description":"not_found: Not Found response.","content":{"application/json":{"schema":{"$ref":"#/components/schemas/SimpleRuleAPI.NotFoundError"}}}}}}}}}
```

## GET /simple-rules

> list simple rules

```json
{"openapi":"3.0.3","info":{"title":"Panther REST API","version":"1.0"},"tags":[{"name":"simple rule","description":"The simple rule api handles all operations for simple rules"}],"servers":[{"url":"https://{api_host}","variables":{"api_host":{"default":"your-api-host"}}}],"security":[{"ApiKeyAuth":[]}],"components":{"securitySchemes":{"ApiKeyAuth":{"type":"apiKey","name":"X-API-Key","in":"header"}},"schemas":{"SimpleRuleAPI.ListResp":{"type":"object","properties":{"next":{"type":"string","description":"pagination token for the next page of results"},"results":{"type":"array","items":{"$ref":"#/components/schemas/SimpleRuleAPI.SimpleRule"}}}},"SimpleRuleAPI.SimpleRule":{"type":"object","properties":{"alertContext":{"type":"string","description":"The alert context represented in YAML"},"alertTitle":{"type":"string","description":"The alert title represented in YAML"},"createAlert":{"type":"boolean","description":"Determines whether the rule should create alerts when it triggers"},"createdAt":{"type":"string"},"createdBy":{"type":"object","properties":{"id":{"type":"string","enum":["user","api-token","system"]},"type":{"type":"string"}},"description":"The actor who created the rule"},"createdByExternal":{"type":"string","description":"The text of the user-provided CreatedBy field when uploaded via CI/CD"},"dedupPeriodMinutes":{"type":"integer","description":"The amount of time in minutes for grouping alerts","default":60,"format":"int64","minimum":1},"description":{"type":"string","description":"The description of the rule"},"detection":{"type":"string","description":"The yaml representation of the rule"},"displayName":{"type":"string","description":"The display name of the rule"},"dynamicSeverities":{"type":"string","description":"The dynamic severity represented in YAML"},"enabled":{"type":"boolean","description":"Determines whether or not the rule is active"},"groupBy":{"type":"string","description":"The key on an event to group by represented in YAML"},"id":{"type":"string","description":"The id of the rule"},"inlineFilters":{"type":"string","description":"The filter for the rule represented in YAML"},"lastModified":{"type":"string"},"logTypes":{"type":"array","items":{"type":"string"},"description":"log types"},"managed":{"type":"boolean","description":"Determines if the simple rule is managed by panther"},"outputIDs":{"type":"array","items":{"type":"string"},"description":"Destination IDs that override default alert routing based on severity"},"pythonBody":{"type":"string","description":"The python body of the rule"},"reference":{"type":"string","description":"A URL or note for additional reference material"},"reports":{"type":"object","description":"reports","additionalProperties":{"items":{"type":"string"},"type":"array"}},"runbook":{"type":"string","description":"How to handle the generated alert"},"severity":{"type":"string","enum":["INFO","LOW","MEDIUM","HIGH","CRITICAL"]},"summaryAttributes":{"type":"array","items":{"type":"string"},"description":"A list of fields in the event to create top 5 summaries for"},"tags":{"type":"array","items":{"type":"string"},"description":"The tags for the simple rule"},"tests":{"type":"array","items":{"$ref":"#/components/schemas/SimpleRuleAPI.UnitTest"},"description":"Unit tests for the Rule. Best practice is to include a positive and negative case"},"threshold":{"type":"integer","description":"the number of events that must match before an alert is triggered","default":1,"format":"int64","minimum":1}}},"SimpleRuleAPI.UnitTest":{"type":"object","properties":{"expectedResult":{"type":"boolean","description":"The expected result"},"mocks":{"type":"array","items":{"$ref":"#/components/schemas/SimpleRuleAPI.UnitTestMock"},"description":"mocks"},"name":{"type":"string","description":"name"},"resource":{"type":"string","description":"resource"}},"required":["name","resource","expectedResult"]},"SimpleRuleAPI.UnitTestMock":{"type":"object","additionalProperties":{"type":"string"}}}},"paths":{"/simple-rules":{"get":{"tags":["simple rule"],"summary":"list simple rules","operationId":"simple rule#list","parameters":[{"name":"cursor","in":"query","description":"the pagination token","allowEmptyValue":true,"schema":{"type":"string","description":"the pagination token"}},{"name":"limit","in":"query","description":"the maximum results to return","allowEmptyValue":true,"schema":{"type":"integer","description":"the maximum results to return","default":100,"format":"int64"}},{"name":"include-python","in":"query","description":"determines if associated python for the generated rule is returned","allowEmptyValue":true,"schema":{"type":"boolean","description":"determines if associated python for the generated rule is returned","default":false}},{"name":"name-contains","in":"query","description":"Substring search by name (case-insensitive)","allowEmptyValue":true,"schema":{"type":"string","description":"Substring search by name (case-insensitive)"}},{"name":"state","in":"query","description":"Only include rules in the given state","allowEmptyValue":true,"schema":{"type":"string","description":"Only include rules in the given state","enum":["enabled","disabled"]}},{"name":"log-type","in":"query","description":"Only include rules which apply to one of the given log types","allowEmptyValue":true,"schema":{"type":"array","items":{"type":"string"},"description":"Only include rules which apply to one of the given log types"}},{"name":"severity","in":"query","description":"Only include rules with one of the given severities","allowEmptyValue":true,"schema":{"type":"array","items":{"type":"string","enum":["INFO","LOW","MEDIUM","HIGH","CRITICAL"]},"description":"Only include rules with one of the given severities"}},{"name":"tag","in":"query","description":"Only include rules with one of the given tags (case-insensitive)","allowEmptyValue":true,"schema":{"type":"array","items":{"type":"string"},"description":"Only include rules with one of the given tags (case-insensitive)"}},{"name":"created-by","in":"query","description":"Only include rules whose creator matches this user ID or actor ID","allowEmptyValue":true,"schema":{"type":"string","description":"Only include rules whose creator matches this user ID or actor ID"}},{"name":"last-modified-by","in":"query","description":"Only include rules last modified by this user ID or actor ID","allowEmptyValue":true,"schema":{"type":"string","description":"Only include rules last modified by this user ID or actor ID"}}],"responses":{"200":{"description":"OK response.","content":{"application/json":{"schema":{"$ref":"#/components/schemas/SimpleRuleAPI.ListResp"}}}}}}}}}
```