Describe an log inspection rule
Describe an log inspection rule including computer-level overrides.
ComputerLogInspectionRuleDetailsApi.describeLogInspectionRuleOnComputer([param1, param2, ...])
ComputerLogInspectionRuleDetailsApi.describe_log_inspection_rule_on_computer([param1, param2, ...])
ComputerLogInspectionRuleDetailsApi.describeLogInspectionRuleOnComputer([param1, param2, ...])
path Parameters
successful operation
Not authorized to view the computer.
The computer or log inspection rule does not exist.
- Java
- Python
- JavaScript
import com.trendmicro.deepsecurity.ApiClient; import com.trendmicro.deepsecurity.Configuration; import com.trendmicro.deepsecurity.auth.ApiKeyAuth; import com.trendmicro.deepsecurity.auth.ApiKeyAuth; import com.trendmicro.deepsecurity.ApiException; import com.trendmicro.deepsecurity.api.ComputerLogInspectionRuleDetailsApi; import com.trendmicro.deepsecurity.model.LogInspectionRule; public class DescribeLogInspectionRuleOnComputerExample { public static void main(String[] args) { // Setup ApiClient defaultClient = Configuration.getDefaultApiClient(); defaultClient.setBasePath("YOUR HOST"); // Authentication ApiKeyAuth Legacy API Key = (ApiKeyAuth) defaultClient.getAuthentication("Legacy API Key"); Legacy API Key.setApiKey("YOUR API KEY"); try { defaultClient.trustAllCertificates(false); } catch (Exception e) { System.err.println("An exception occurred when calling ApiClient.trustAllCertificates"); e.printStackTrace(); } ApiKeyAuth Trend Micro Cloud One API Key = (ApiKeyAuth) defaultClient.getAuthentication("Trend Micro Cloud One API Key"); Trend Micro Cloud One API Key.setApiKey("YOUR API KEY"); try { defaultClient.trustAllCertificates(false); } catch (Exception e) { System.err.println("An exception occurred when calling ApiClient.trustAllCertificates"); e.printStackTrace(); } // Initialization // Set Any Required Values ComputerLogInspectionRuleDetailsApi instance = new ComputerLogInspectionRuleDetailsApi(); Integer computerID = 1; Integer logInspectionRuleID = 1; Boolean overrides = false; String apiVersion = "YOUR VERSION"; try { // Please replace the parameter values with yours LogInspectionRule result = instance.describeLogInspectionRuleOnComputer(computerID, logInspectionRuleID, overrides, apiVersion); System.out.println(result); } catch (ApiException e) { System.err.println("An exception occurred when calling ComputerLogInspectionRuleDetailsApi.describeLogInspectionRuleOnComputer"); e.printStackTrace(); } } }
- 200
{- "name": "string",
- "description": "string",
- "minimumAgentVersion": "string",
- "minimumManagerVersion": "string",
- "type": "string",
- "originalIssue": 0,
- "lastUpdated": 0,
- "identifier": "string",
- "template": "basic-rule",
- "ruleID": 0,
- "level": 0,
- "groups": [
- "string"
], - "ruleDescription": "string",
- "pattern": "string",
- "patternType": "string",
- "dependency": "none",
- "dependencyRuleID": 0,
- "dependencyGroup": "string",
- "frequency": 0,
- "timeFrame": 0,
- "ruleXML": "string",
- "logFiles": {
- "logFiles": [
- {
- "location": "string",
- "format": "syslog"
}
]
}, - "alertEnabled": true,
- "alertMinimumSeverity": 0,
- "recommendationsMode": "enabled",
- "sortOrder": 0,
- "canBeAssignedAlone": true,
- "dependsOnRuleIDs": [
- 0
], - "ID": 0
}
Modify an log inspection rule
Modify an log inspection rule assigned to a computer. Any unset elements will be left unchanged.
ComputerLogInspectionRuleDetailsApi.modifyLogInspectionRuleOnComputer([param1, param2, ...])
ComputerLogInspectionRuleDetailsApi.modify_log_inspection_rule_on_computer([param1, param2, ...])
ComputerLogInspectionRuleDetailsApi.modifyLogInspectionRuleOnComputer([param1, param2, ...])
path Parameters
header Parameters
Request Body schema: application/json
The settings of the log inspection rule to modify.
alertEnabled | boolean Controls whether to raise an alert when a LogInspectionRule logs an event. Use true to raise an alert. Searchable as Boolean. |
alertMinimumSeverity | integer <int32> Severity level that will trigger an alert. Ignored unless |
dependency | string Indicates if a dependant rule or dependency group is set or not. If set, the LogInspectionRule will only log an event if the dependency is triggered. Available for user-defined rules. |
dependencyGroup | string If dependency is configured, the dependancy groups that this rule is dependant on. |
dependencyRuleID | integer <int32> If dependency is configured, the ID of the rule that this rule is dependant on. Ignored if the rule is from Trend Micro, which uses |
description | string Description of the LogInspectionRule that appears in search results, and on the General tab in the Deep Security Manager user interface. Searchable as String. |
frequency | integer <int32> Number of times the dependant rule has to match within a specific time frame before the rule is triggered. |
groups | Array of strings Groups that the LogInspectionRule is assigned to, separated by commas. Useful when dependency is used as it's possible to create a LogInspectionRule that fires when another LogInspectionRule belonging to a specific group fires. |
identifier | string Indentifier of the LogInspectionRule used in the Deep Security Manager user interface. Searchable as String. |
lastUpdated | integer <int64> Update timestamp of the LogInspectionRule, measured in milliseconds since epoch. Searchable as Date. |
level | integer <int32> Log level of the LogInspectionRule indicates severity of attack. Level 0 is the least severe and will not log an event. Level 15 is the most severe. |
object (LogFiles) | |
minimumAgentVersion | string Minimum Deep Security Agent version required by the LogInspectionRule. Searchable as String. |
minimumManagerVersion | string Minimumn Deep Security Manager version required by the LogInspectionRule. Searchable as String. |
name | string Name of the LogInspectionRule. Searchable as String. |
originalIssue | integer <int64> Creation timestamp of the LogInspectionRule, measured in milliseconds since epoch. Searchable as Date. |
pattern | string Regular expression pattern the LogInspectionRule will look for in the logs. The rule will be triggered on a match. Open Source HIDS SEcurity (OSSEC) regular expression syntax is supported, see http://www.ossec.net/docs/syntax/regex.html. |
patternType | string Pattern the LogInspectionRule will look for in the logs. The string matching pattern is faster than the regex pattern. |
recommendationsMode | string Indicates whether recommendation scans consider the LogInspectionRule. Can be set to enabled or ignored. Custom rules cannot be recommended. Searchable as Choice. |
ruleDescription | string Description of the LogInspectionRule that appears on events and the Content tab in the Deep Security Manager user interface. Alternatively, you can configure this by inserting a description in 'ruleXML'. |
ruleID | integer <int32> ID of the LogInspectionRule sent to the Deep Security Agent. The values 100000 - 109999 are reserved for user-definded rules. |
ruleXML | string LogInspectionRule in an XML format. For information on the XML format, see http://ossec-docs.readthedocs.io/en/latest/syntax/head_rules.html |
sortOrder | integer <int32> Order in which LogInspectionRules are sent to the Deep Security Agent. Log inspeciton rules are sent in ascending order. Valid values are between 10000 and 20000. |
template | string Template used to create this rule. |
timeFrame | integer <int32> Time period for the frequency of LogInspectionRule triggers that will generate an event, in seconds. |
type | string Type of the LogInspectionRule. The value 'Defined' is used for LogInspectionRules provided by Trend Micro. Searchable as String. |
successful operation
Not authorized to modify the computer or the requested modification is not permitted.
The computer or log inspection rule does not exist.
- Payload
- Java
- Python
- JavaScript
{- "name": "string",
- "description": "string",
- "minimumAgentVersion": "string",
- "minimumManagerVersion": "string",
- "type": "string",
- "originalIssue": 0,
- "lastUpdated": 0,
- "identifier": "string",
- "template": "basic-rule",
- "ruleID": 0,
- "level": 0,
- "groups": [
- "string"
], - "ruleDescription": "string",
- "pattern": "string",
- "patternType": "string",
- "dependency": "none",
- "dependencyRuleID": 0,
- "dependencyGroup": "string",
- "frequency": 0,
- "timeFrame": 0,
- "ruleXML": "string",
- "logFiles": {
- "logFiles": [
- {
- "location": "string",
- "format": "syslog"
}
]
}, - "alertEnabled": true,
- "alertMinimumSeverity": 0,
- "recommendationsMode": "enabled",
- "sortOrder": 0
}
- 200
{- "name": "string",
- "description": "string",
- "minimumAgentVersion": "string",
- "minimumManagerVersion": "string",
- "type": "string",
- "originalIssue": 0,
- "lastUpdated": 0,
- "identifier": "string",
- "template": "basic-rule",
- "ruleID": 0,
- "level": 0,
- "groups": [
- "string"
], - "ruleDescription": "string",
- "pattern": "string",
- "patternType": "string",
- "dependency": "none",
- "dependencyRuleID": 0,
- "dependencyGroup": "string",
- "frequency": 0,
- "timeFrame": 0,
- "ruleXML": "string",
- "logFiles": {
- "logFiles": [
- {
- "location": "string",
- "format": "syslog"
}
]
}, - "alertEnabled": true,
- "alertMinimumSeverity": 0,
- "recommendationsMode": "enabled",
- "sortOrder": 0,
- "canBeAssignedAlone": true,
- "dependsOnRuleIDs": [
- 0
], - "ID": 0
}
Reset log inspection rule overrides
Remove all overrides for an log inspection rule from a computer.
ComputerLogInspectionRuleDetailsApi.resetLogInspectionRuleOnComputer([param1, param2, ...])
ComputerLogInspectionRuleDetailsApi.reset_log_inspection_rule_on_computer([param1, param2, ...])
ComputerLogInspectionRuleDetailsApi.resetLogInspectionRuleOnComputer([param1, param2, ...])
path Parameters
successful operation
Not authorized to modify the computer.
The computer does not exist.
- Java
- Python
- JavaScript
import com.trendmicro.deepsecurity.ApiClient; import com.trendmicro.deepsecurity.Configuration; import com.trendmicro.deepsecurity.auth.ApiKeyAuth; import com.trendmicro.deepsecurity.auth.ApiKeyAuth; import com.trendmicro.deepsecurity.ApiException; import com.trendmicro.deepsecurity.api.ComputerLogInspectionRuleDetailsApi; import com.trendmicro.deepsecurity.model.LogInspectionRule; public class ResetLogInspectionRuleOnComputerExample { public static void main(String[] args) { // Setup ApiClient defaultClient = Configuration.getDefaultApiClient(); defaultClient.setBasePath("YOUR HOST"); // Authentication ApiKeyAuth Legacy API Key = (ApiKeyAuth) defaultClient.getAuthentication("Legacy API Key"); Legacy API Key.setApiKey("YOUR API KEY"); try { defaultClient.trustAllCertificates(false); } catch (Exception e) { System.err.println("An exception occurred when calling ApiClient.trustAllCertificates"); e.printStackTrace(); } ApiKeyAuth Trend Micro Cloud One API Key = (ApiKeyAuth) defaultClient.getAuthentication("Trend Micro Cloud One API Key"); Trend Micro Cloud One API Key.setApiKey("YOUR API KEY"); try { defaultClient.trustAllCertificates(false); } catch (Exception e) { System.err.println("An exception occurred when calling ApiClient.trustAllCertificates"); e.printStackTrace(); } // Initialization // Set Any Required Values ComputerLogInspectionRuleDetailsApi instance = new ComputerLogInspectionRuleDetailsApi(); Integer computerID = 1; Integer logInspectionRuleID = 1; Boolean overrides = false; String apiVersion = "YOUR VERSION"; try { // Please replace the parameter values with yours LogInspectionRule result = instance.resetLogInspectionRuleOnComputer(computerID, logInspectionRuleID, overrides, apiVersion); System.out.println(result); } catch (ApiException e) { System.err.println("An exception occurred when calling ComputerLogInspectionRuleDetailsApi.resetLogInspectionRuleOnComputer"); e.printStackTrace(); } } }
- 200
{- "name": "string",
- "description": "string",
- "minimumAgentVersion": "string",
- "minimumManagerVersion": "string",
- "type": "string",
- "originalIssue": 0,
- "lastUpdated": 0,
- "identifier": "string",
- "template": "basic-rule",
- "ruleID": 0,
- "level": 0,
- "groups": [
- "string"
], - "ruleDescription": "string",
- "pattern": "string",
- "patternType": "string",
- "dependency": "none",
- "dependencyRuleID": 0,
- "dependencyGroup": "string",
- "frequency": 0,
- "timeFrame": 0,
- "ruleXML": "string",
- "logFiles": {
- "logFiles": [
- {
- "location": "string",
- "format": "syslog"
}
]
}, - "alertEnabled": true,
- "alertMinimumSeverity": 0,
- "recommendationsMode": "enabled",
- "sortOrder": 0,
- "canBeAssignedAlone": true,
- "dependsOnRuleIDs": [
- 0
], - "ID": 0
}
List log inspection rules
Lists all log inspection rules assigned to a computer.
ComputerLogInspectionRuleDetailsApi.listLogInspectionRulesOnComputer([param1, param2, ...])
ComputerLogInspectionRuleDetailsApi.list_log_inspection_rules_on_computer([param1, param2, ...])
ComputerLogInspectionRuleDetailsApi.listLogInspectionRulesOnComputer([param1, param2, ...])
successful operation
Not authorized to view the computer.
The computer does not exist.
- Java
- Python
- JavaScript
import com.trendmicro.deepsecurity.ApiClient; import com.trendmicro.deepsecurity.Configuration; import com.trendmicro.deepsecurity.auth.ApiKeyAuth; import com.trendmicro.deepsecurity.auth.ApiKeyAuth; import com.trendmicro.deepsecurity.ApiException; import com.trendmicro.deepsecurity.api.ComputerLogInspectionRuleDetailsApi; import com.trendmicro.deepsecurity.model.LogInspectionRules; public class ListLogInspectionRulesOnComputerExample { public static void main(String[] args) { // Setup ApiClient defaultClient = Configuration.getDefaultApiClient(); defaultClient.setBasePath("YOUR HOST"); // Authentication ApiKeyAuth Legacy API Key = (ApiKeyAuth) defaultClient.getAuthentication("Legacy API Key"); Legacy API Key.setApiKey("YOUR API KEY"); try { defaultClient.trustAllCertificates(false); } catch (Exception e) { System.err.println("An exception occurred when calling ApiClient.trustAllCertificates"); e.printStackTrace(); } ApiKeyAuth Trend Micro Cloud One API Key = (ApiKeyAuth) defaultClient.getAuthentication("Trend Micro Cloud One API Key"); Trend Micro Cloud One API Key.setApiKey("YOUR API KEY"); try { defaultClient.trustAllCertificates(false); } catch (Exception e) { System.err.println("An exception occurred when calling ApiClient.trustAllCertificates"); e.printStackTrace(); } // Initialization // Set Any Required Values ComputerLogInspectionRuleDetailsApi instance = new ComputerLogInspectionRuleDetailsApi(); Integer computerID = 1; Boolean overrides = false; String apiVersion = "YOUR VERSION"; try { // Please replace the parameter values with yours LogInspectionRules result = instance.listLogInspectionRulesOnComputer(computerID, overrides, apiVersion); System.out.println(result); } catch (ApiException e) { System.err.println("An exception occurred when calling ComputerLogInspectionRuleDetailsApi.listLogInspectionRulesOnComputer"); e.printStackTrace(); } } }
- 200
{- "logInspectionRules": [
- {
- "name": "string",
- "description": "string",
- "minimumAgentVersion": "string",
- "minimumManagerVersion": "string",
- "type": "string",
- "originalIssue": 0,
- "lastUpdated": 0,
- "identifier": "string",
- "template": "basic-rule",
- "ruleID": 0,
- "level": 0,
- "groups": [
- "string"
], - "ruleDescription": "string",
- "pattern": "string",
- "patternType": "string",
- "dependency": "none",
- "dependencyRuleID": 0,
- "dependencyGroup": "string",
- "frequency": 0,
- "timeFrame": 0,
- "ruleXML": "string",
- "logFiles": {
- "logFiles": [
- {
- "location": "string",
- "format": "syslog"
}
]
}, - "alertEnabled": true,
- "alertMinimumSeverity": 0,
- "recommendationsMode": "enabled",
- "sortOrder": 0,
- "canBeAssignedAlone": true,
- "dependsOnRuleIDs": [
- 0
], - "ID": 0
}
]
}