List log inspection rules
Lists all log inspection rules assigned to a policy.
PolicyLogInspectionRuleDetailsApi.listLogInspectionRulesOnPolicy([param1, param2, ...])
PolicyLogInspectionRuleDetailsApi.list_log_inspection_rules_on_policy([param1, param2, ...])
PolicyLogInspectionRuleDetailsApi.listLogInspectionRulesOnPolicy([param1, param2, ...])
successful operation
Not authorized to view the policy.
The policy does not exist.
- Java
- Python
- JavaScript
import com.trendmicro.deepsecurity.ApiClient; import com.trendmicro.deepsecurity.Configuration; import com.trendmicro.deepsecurity.auth.ApiKeyAuth; import com.trendmicro.deepsecurity.auth.ApiKeyAuth; import com.trendmicro.deepsecurity.ApiException; import com.trendmicro.deepsecurity.api.PolicyLogInspectionRuleDetailsApi; import com.trendmicro.deepsecurity.model.LogInspectionRules; public class ListLogInspectionRulesOnPolicyExample { public static void main(String[] args) { // Setup ApiClient defaultClient = Configuration.getDefaultApiClient(); defaultClient.setBasePath("YOUR HOST"); // Authentication ApiKeyAuth Legacy API Key = (ApiKeyAuth) defaultClient.getAuthentication("Legacy API Key"); Legacy API Key.setApiKey("YOUR API KEY"); try { defaultClient.trustAllCertificates(false); } catch (Exception e) { System.err.println("An exception occurred when calling ApiClient.trustAllCertificates"); e.printStackTrace(); } ApiKeyAuth Trend Micro Cloud One API Key = (ApiKeyAuth) defaultClient.getAuthentication("Trend Micro Cloud One API Key"); Trend Micro Cloud One API Key.setApiKey("YOUR API KEY"); try { defaultClient.trustAllCertificates(false); } catch (Exception e) { System.err.println("An exception occurred when calling ApiClient.trustAllCertificates"); e.printStackTrace(); } // Initialization // Set Any Required Values PolicyLogInspectionRuleDetailsApi instance = new PolicyLogInspectionRuleDetailsApi(); Integer policyID = 1; Boolean overrides = false; String apiVersion = "YOUR VERSION"; try { // Please replace the parameter values with yours LogInspectionRules result = instance.listLogInspectionRulesOnPolicy(policyID, overrides, apiVersion); System.out.println(result); } catch (ApiException e) { System.err.println("An exception occurred when calling PolicyLogInspectionRuleDetailsApi.listLogInspectionRulesOnPolicy"); e.printStackTrace(); } } }
- 200
{- "logInspectionRules": [
- {
- "name": "string",
- "description": "string",
- "minimumAgentVersion": "string",
- "minimumManagerVersion": "string",
- "type": "string",
- "originalIssue": 0,
- "lastUpdated": 0,
- "identifier": "string",
- "template": "basic-rule",
- "ruleID": 0,
- "level": 0,
- "groups": [
- "string"
], - "ruleDescription": "string",
- "pattern": "string",
- "patternType": "string",
- "dependency": "none",
- "dependencyRuleID": 0,
- "dependencyGroup": "string",
- "frequency": 0,
- "timeFrame": 0,
- "ruleXML": "string",
- "logFiles": {
- "logFiles": [
- {
- "location": "string",
- "format": "syslog"
}
]
}, - "alertEnabled": true,
- "alertMinimumSeverity": 0,
- "recommendationsMode": "enabled",
- "sortOrder": 0,
- "canBeAssignedAlone": true,
- "dependsOnRuleIDs": [
- 0
], - "ID": 0
}
]
}Describe an log inspection rule
Describe an log inspection rule including policy-level overrides.
PolicyLogInspectionRuleDetailsApi.describeLogInspectionRuleOnPolicy([param1, param2, ...])
PolicyLogInspectionRuleDetailsApi.describe_log_inspection_rule_on_policy([param1, param2, ...])
PolicyLogInspectionRuleDetailsApi.describeLogInspectionRuleOnPolicy([param1, param2, ...])
path Parameters
successful operation
Not authorized to view the policy.
The policy or log inspection rule does not exist.
- Java
- Python
- JavaScript
import com.trendmicro.deepsecurity.ApiClient; import com.trendmicro.deepsecurity.Configuration; import com.trendmicro.deepsecurity.auth.ApiKeyAuth; import com.trendmicro.deepsecurity.auth.ApiKeyAuth; import com.trendmicro.deepsecurity.ApiException; import com.trendmicro.deepsecurity.api.PolicyLogInspectionRuleDetailsApi; import com.trendmicro.deepsecurity.model.LogInspectionRule; public class DescribeLogInspectionRuleOnPolicyExample { public static void main(String[] args) { // Setup ApiClient defaultClient = Configuration.getDefaultApiClient(); defaultClient.setBasePath("YOUR HOST"); // Authentication ApiKeyAuth Legacy API Key = (ApiKeyAuth) defaultClient.getAuthentication("Legacy API Key"); Legacy API Key.setApiKey("YOUR API KEY"); try { defaultClient.trustAllCertificates(false); } catch (Exception e) { System.err.println("An exception occurred when calling ApiClient.trustAllCertificates"); e.printStackTrace(); } ApiKeyAuth Trend Micro Cloud One API Key = (ApiKeyAuth) defaultClient.getAuthentication("Trend Micro Cloud One API Key"); Trend Micro Cloud One API Key.setApiKey("YOUR API KEY"); try { defaultClient.trustAllCertificates(false); } catch (Exception e) { System.err.println("An exception occurred when calling ApiClient.trustAllCertificates"); e.printStackTrace(); } // Initialization // Set Any Required Values PolicyLogInspectionRuleDetailsApi instance = new PolicyLogInspectionRuleDetailsApi(); Integer policyID = 1; Integer logInspectionRuleID = 1; Boolean overrides = false; String apiVersion = "YOUR VERSION"; try { // Please replace the parameter values with yours LogInspectionRule result = instance.describeLogInspectionRuleOnPolicy(policyID, logInspectionRuleID, overrides, apiVersion); System.out.println(result); } catch (ApiException e) { System.err.println("An exception occurred when calling PolicyLogInspectionRuleDetailsApi.describeLogInspectionRuleOnPolicy"); e.printStackTrace(); } } }
- 200
{- "name": "string",
- "description": "string",
- "minimumAgentVersion": "string",
- "minimumManagerVersion": "string",
- "type": "string",
- "originalIssue": 0,
- "lastUpdated": 0,
- "identifier": "string",
- "template": "basic-rule",
- "ruleID": 0,
- "level": 0,
- "groups": [
- "string"
], - "ruleDescription": "string",
- "pattern": "string",
- "patternType": "string",
- "dependency": "none",
- "dependencyRuleID": 0,
- "dependencyGroup": "string",
- "frequency": 0,
- "timeFrame": 0,
- "ruleXML": "string",
- "logFiles": {
- "logFiles": [
- {
- "location": "string",
- "format": "syslog"
}
]
}, - "alertEnabled": true,
- "alertMinimumSeverity": 0,
- "recommendationsMode": "enabled",
- "sortOrder": 0,
- "canBeAssignedAlone": true,
- "dependsOnRuleIDs": [
- 0
], - "ID": 0
}Modify an log inspection rule
Modify an log inspection rule assigned to a policy. Any unset elements will be left unchanged.
PolicyLogInspectionRuleDetailsApi.modifyLogInspectionRuleOnPolicy([param1, param2, ...])
PolicyLogInspectionRuleDetailsApi.modify_log_inspection_rule_on_policy([param1, param2, ...])
PolicyLogInspectionRuleDetailsApi.modifyLogInspectionRuleOnPolicy([param1, param2, ...])
path Parameters
header Parameters
Request Body schema: application/json
The settings of the log inspection rule to modify.
| alertEnabled | boolean Controls whether to raise an alert when a LogInspectionRule logs an event. Use true to raise an alert. Searchable as Boolean. |
| alertMinimumSeverity | integer <int32> Severity level that will trigger an alert. Ignored unless |
| dependency | string Indicates if a dependant rule or dependency group is set or not. If set, the LogInspectionRule will only log an event if the dependency is triggered. Available for user-defined rules. |
| dependencyGroup | string If dependency is configured, the dependancy groups that this rule is dependant on. |
| dependencyRuleID | integer <int32> If dependency is configured, the ID of the rule that this rule is dependant on. Ignored if the rule is from Trend Micro, which uses |
| description | string Description of the LogInspectionRule that appears in search results, and on the General tab in the Deep Security Manager user interface. Searchable as String. |
| frequency | integer <int32> Number of times the dependant rule has to match within a specific time frame before the rule is triggered. |
| groups | Array of strings Groups that the LogInspectionRule is assigned to, separated by commas. Useful when dependency is used as it's possible to create a LogInspectionRule that fires when another LogInspectionRule belonging to a specific group fires. |
| identifier | string Indentifier of the LogInspectionRule used in the Deep Security Manager user interface. Searchable as String. |
| lastUpdated | integer <int64> Update timestamp of the LogInspectionRule, measured in milliseconds since epoch. Searchable as Date. |
| level | integer <int32> Log level of the LogInspectionRule indicates severity of attack. Level 0 is the least severe and will not log an event. Level 15 is the most severe. |
object (LogFiles) | |
| minimumAgentVersion | string Minimum Deep Security Agent version required by the LogInspectionRule. Searchable as String. |
| minimumManagerVersion | string Minimumn Deep Security Manager version required by the LogInspectionRule. Searchable as String. |
| name | string Name of the LogInspectionRule. Searchable as String. |
| originalIssue | integer <int64> Creation timestamp of the LogInspectionRule, measured in milliseconds since epoch. Searchable as Date. |
| pattern | string Regular expression pattern the LogInspectionRule will look for in the logs. The rule will be triggered on a match. Open Source HIDS SEcurity (OSSEC) regular expression syntax is supported, see http://www.ossec.net/docs/syntax/regex.html. |
| patternType | string Pattern the LogInspectionRule will look for in the logs. The string matching pattern is faster than the regex pattern. |
| recommendationsMode | string Indicates whether recommendation scans consider the LogInspectionRule. Can be set to enabled or ignored. Custom rules cannot be recommended. Searchable as Choice. |
| ruleDescription | string Description of the LogInspectionRule that appears on events and the Content tab in the Deep Security Manager user interface. Alternatively, you can configure this by inserting a description in 'ruleXML'. |
| ruleID | integer <int32> ID of the LogInspectionRule sent to the Deep Security Agent. The values 100000 - 109999 are reserved for user-definded rules. |
| ruleXML | string LogInspectionRule in an XML format. For information on the XML format, see http://ossec-docs.readthedocs.io/en/latest/syntax/head_rules.html |
| sortOrder | integer <int32> Order in which LogInspectionRules are sent to the Deep Security Agent. Log inspeciton rules are sent in ascending order. Valid values are between 10000 and 20000. |
| template | string Template used to create this rule. |
| timeFrame | integer <int32> Time period for the frequency of LogInspectionRule triggers that will generate an event, in seconds. |
| type | string Type of the LogInspectionRule. The value 'Defined' is used for LogInspectionRules provided by Trend Micro. Searchable as String. |
successful operation
Not authorized to modify the policy or the requested modification is not permitted.
The policy or log inspection rule does not exist.
- Payload
- Java
- Python
- JavaScript
{- "name": "string",
- "description": "string",
- "minimumAgentVersion": "string",
- "minimumManagerVersion": "string",
- "type": "string",
- "originalIssue": 0,
- "lastUpdated": 0,
- "identifier": "string",
- "template": "basic-rule",
- "ruleID": 0,
- "level": 0,
- "groups": [
- "string"
], - "ruleDescription": "string",
- "pattern": "string",
- "patternType": "string",
- "dependency": "none",
- "dependencyRuleID": 0,
- "dependencyGroup": "string",
- "frequency": 0,
- "timeFrame": 0,
- "ruleXML": "string",
- "logFiles": {
- "logFiles": [
- {
- "location": "string",
- "format": "syslog"
}
]
}, - "alertEnabled": true,
- "alertMinimumSeverity": 0,
- "recommendationsMode": "enabled",
- "sortOrder": 0
}- 200
{- "name": "string",
- "description": "string",
- "minimumAgentVersion": "string",
- "minimumManagerVersion": "string",
- "type": "string",
- "originalIssue": 0,
- "lastUpdated": 0,
- "identifier": "string",
- "template": "basic-rule",
- "ruleID": 0,
- "level": 0,
- "groups": [
- "string"
], - "ruleDescription": "string",
- "pattern": "string",
- "patternType": "string",
- "dependency": "none",
- "dependencyRuleID": 0,
- "dependencyGroup": "string",
- "frequency": 0,
- "timeFrame": 0,
- "ruleXML": "string",
- "logFiles": {
- "logFiles": [
- {
- "location": "string",
- "format": "syslog"
}
]
}, - "alertEnabled": true,
- "alertMinimumSeverity": 0,
- "recommendationsMode": "enabled",
- "sortOrder": 0,
- "canBeAssignedAlone": true,
- "dependsOnRuleIDs": [
- 0
], - "ID": 0
}Reset log inspection rule overrides
Remove all overrides for an log inspection rule from a policy.
PolicyLogInspectionRuleDetailsApi.resetLogInspectionRuleOnPolicy([param1, param2, ...])
PolicyLogInspectionRuleDetailsApi.reset_log_inspection_rule_on_policy([param1, param2, ...])
PolicyLogInspectionRuleDetailsApi.resetLogInspectionRuleOnPolicy([param1, param2, ...])
path Parameters
successful operation
Not authorized to modify the policy.
The policy does not exist.
- Java
- Python
- JavaScript
import com.trendmicro.deepsecurity.ApiClient; import com.trendmicro.deepsecurity.Configuration; import com.trendmicro.deepsecurity.auth.ApiKeyAuth; import com.trendmicro.deepsecurity.auth.ApiKeyAuth; import com.trendmicro.deepsecurity.ApiException; import com.trendmicro.deepsecurity.api.PolicyLogInspectionRuleDetailsApi; import com.trendmicro.deepsecurity.model.LogInspectionRule; public class ResetLogInspectionRuleOnPolicyExample { public static void main(String[] args) { // Setup ApiClient defaultClient = Configuration.getDefaultApiClient(); defaultClient.setBasePath("YOUR HOST"); // Authentication ApiKeyAuth Legacy API Key = (ApiKeyAuth) defaultClient.getAuthentication("Legacy API Key"); Legacy API Key.setApiKey("YOUR API KEY"); try { defaultClient.trustAllCertificates(false); } catch (Exception e) { System.err.println("An exception occurred when calling ApiClient.trustAllCertificates"); e.printStackTrace(); } ApiKeyAuth Trend Micro Cloud One API Key = (ApiKeyAuth) defaultClient.getAuthentication("Trend Micro Cloud One API Key"); Trend Micro Cloud One API Key.setApiKey("YOUR API KEY"); try { defaultClient.trustAllCertificates(false); } catch (Exception e) { System.err.println("An exception occurred when calling ApiClient.trustAllCertificates"); e.printStackTrace(); } // Initialization // Set Any Required Values PolicyLogInspectionRuleDetailsApi instance = new PolicyLogInspectionRuleDetailsApi(); Integer policyID = 1; Integer logInspectionRuleID = 1; Boolean overrides = false; String apiVersion = "YOUR VERSION"; try { // Please replace the parameter values with yours LogInspectionRule result = instance.resetLogInspectionRuleOnPolicy(policyID, logInspectionRuleID, overrides, apiVersion); System.out.println(result); } catch (ApiException e) { System.err.println("An exception occurred when calling PolicyLogInspectionRuleDetailsApi.resetLogInspectionRuleOnPolicy"); e.printStackTrace(); } } }
- 200
{- "name": "string",
- "description": "string",
- "minimumAgentVersion": "string",
- "minimumManagerVersion": "string",
- "type": "string",
- "originalIssue": 0,
- "lastUpdated": 0,
- "identifier": "string",
- "template": "basic-rule",
- "ruleID": 0,
- "level": 0,
- "groups": [
- "string"
], - "ruleDescription": "string",
- "pattern": "string",
- "patternType": "string",
- "dependency": "none",
- "dependencyRuleID": 0,
- "dependencyGroup": "string",
- "frequency": 0,
- "timeFrame": 0,
- "ruleXML": "string",
- "logFiles": {
- "logFiles": [
- {
- "location": "string",
- "format": "syslog"
}
]
}, - "alertEnabled": true,
- "alertMinimumSeverity": 0,
- "recommendationsMode": "enabled",
- "sortOrder": 0,
- "canBeAssignedAlone": true,
- "dependsOnRuleIDs": [
- 0
], - "ID": 0
}