search
Knowledge BaseRelease NotesRequest Demo

단순 규칙

단순/YAML 규칙에 대한 REST API 작업

hashtag
개요

circle-info

설정은 /simple-rules REST API 작업은 Panther 버전 1.98부터 오픈 베타로 제공되며 모든 고객이 이용할 수 있습니다. 버그 보고 및 기능 요청은 Panther 지원팀에 공유해 주시기 바랍니다.

이 API 작업을 사용하여 상호작용하세요 규칙 다음으로 생성됨 CLI 워크플로우의 간단한 탐지 또는 Panther 콘솔의 간단한 탐지 빌더.

circle-info

간단한 규칙 API 엔터티는 다음인 규칙에만 적용됩니다 간단한 탐지(Simple Detections). 에서 생성된 규칙과 상호 작용하려면 Python, 를 참조하세요 규칙.

API를 호출하려면 다음을 참조하세요 Panther REST API 사용 방법 지침—포함하여 이 문서 페이지에서 직접 호출하는 방법에 대한 안내.

hashtag
필수 권한

  • 다음을 위해 GET 작업을 수행하려면 API 토큰에 다음 권한이 있어야 합니다 규칙 보기 권한이 있어야 합니다.

  • 다음을 위해 한 후 Panther에서 볼 수 있기까지 몇 분 기다려야 할 수 있습니다., PUTDELETE 작업을 수행하려면 API 토큰에 다음 권한이 있어야 합니다 규칙 관리 권한이 있어야 합니다.

hashtag
작업

circle-info

아래의 API 엔드포인트는 간단한 탐지만을 위한 것입니다. 다른 탐지 유형과 상호 작용하려면 해당 페이지를 참조하세요: Python 기반 규칙arrow-up-right, 예약 규칙을 실행할 때 정의된 간격을 설정하는 데 사용됩니다.arrow-up-right클라우드 정책arrow-up-right.

hashtag
create simple rule

post
Authorizations
X-API-KeystringRequired
Query parameters
run-tests-firstbooleanOptional

set this field to false to exclude running tests prior to saving

Default: true
run-tests-onlybooleanOptional

set this field to true if you want to run tests without saving

Default: false
Body
alertContextstringOptional

The alert context represented in YAML

alertTitlestringOptional

The alert title represented in YAML

dedupPeriodMinutesinteger · int64 · min: 1Optional

The amount of time in minutes for grouping alerts

Default: 60
descriptionstringOptional

The description of the rule

detectionstringRequired

The yaml representation of the rule

displayNamestringOptional

The display name of the rule

dynamicSeveritiesstringOptional

The dynamic severity represented in YAML

enabledbooleanOptional

Determines whether or not the rule is active

groupBystringOptional

The key on an event to group by represented in YAML

idstringRequired

The id of the rule

inlineFiltersstringOptional

The filter for the rule represented in YAML

logTypesstring[]Optional

log types

managedbooleanOptional

Determines if the simple rule is managed by panther

outputIDsstring[]Optional

Destination IDs that override default alert routing based on severity

pythonBodystringOptional

The python body of the rule

runbookstringOptional

How to handle the generated alert

severitystring · enumRequiredPossible values:
summaryAttributesstring[]Optional

A list of fields in the event to create top 5 summaries for

tagsstring[]Optional

The tags for the simple rule

thresholdinteger · int64 · min: 1Optional

the number of events that must match before an alert is triggered

Default: 1
Responses
chevron-right
204

No Content response.

No content
post
/simple-rules

hashtag
get a simple rule

get
Authorizations
X-API-KeystringRequired
Path parameters
idstringRequired

ID of the rule to fetch

Query parameters
include-pythonbooleanOptional

determines if associated python for the generated rule is returned

Default: false
Responses
get
/simple-rules/{id}

hashtag
put simple rule

put

put creates or updates a rule

Authorizations
X-API-KeystringRequired
Path parameters
idstringRequired

the id of the rule

Query parameters
run-tests-firstbooleanOptional

set this field to false to exclude running tests prior to saving

Default: true
run-tests-onlybooleanOptional

set this field to true if you want to run tests without saving

Default: false
Body
alertContextstringOptional

The alert context represented in YAML

alertTitlestringOptional

The alert title represented in YAML

dedupPeriodMinutesinteger · int64 · min: 1Optional

The amount of time in minutes for grouping alerts

Default: 60
descriptionstringOptional

The description of the rule

detectionstringRequired

The yaml representation of the rule

displayNamestringOptional

The display name of the rule

dynamicSeveritiesstringOptional

The dynamic severity represented in YAML

enabledbooleanOptional

Determines whether or not the rule is active

groupBystringOptional

The key on an event to group by represented in YAML

idstringRequired

The id of the rule

inlineFiltersstringOptional

The filter for the rule represented in YAML

logTypesstring[]Optional

log types

managedbooleanOptional

Determines if the simple rule is managed by panther

outputIDsstring[]Optional

Destination IDs that override default alert routing based on severity

pythonBodystringOptional

The python body of the rule

runbookstringOptional

How to handle the generated alert

severitystring · enumRequiredPossible values:
summaryAttributesstring[]Optional

A list of fields in the event to create top 5 summaries for

tagsstring[]Optional

The tags for the simple rule

thresholdinteger · int64 · min: 1Optional

the number of events that must match before an alert is triggered

Default: 1
Responses
chevron-right
204

No Content response.

No content
put
/simple-rules/{id}

hashtag
delete simple rule

delete
Authorizations
X-API-KeystringRequired
Path parameters
idstringRequired

ID of the simple rule to delete

Responses
chevron-right
204

No Content response.

No content
delete
/simple-rules/{id}
No content

hashtag
list simple rules

get
Authorizations
X-API-KeystringRequired
Query parameters
cursorstringOptional

the pagination token

limitinteger · int64Optional

the maximum results to return

Default: 100
include-pythonbooleanOptional

determines if associated python for the generated rule is returned

Default: false
name-containsstringOptional

Substring search by name (case-insensitive)

statestring · enumOptional

Only include rules in the given state

Possible values:
log-typestring[]Optional

Only include rules which apply to one of the given log types

tagstring[]Optional

Only include rules with one of the given tags (case-insensitive)

created-bystringOptional

Only include rules whose creator matches this user ID or actor ID

last-modified-bystringOptional

Only include rules last modified by this user ID or actor ID

Responses
get
/simple-rules
200

OK response.

Previous예약된 규칙Next정책

Last updated

Was this helpful?