Computer Integrity Monitoring Rule Details

List integrity monitoring rules

get/computers/{computerID}/integritymonitoring/rules

Lists all integrity monitoring rules assigned to a computer.

Related SDK Methods:
Java

ComputerIntegrityMonitoringRuleDetailsApi.listIntegrityMonitoringRulesOnComputer([param1, param2, ...])

Python

ComputerIntegrityMonitoringRuleDetailsApi.list_integrity_monitoring_rules_on_computer([param1, param2, ...])

JavaScript

ComputerIntegrityMonitoringRuleDetailsApi.listIntegrityMonitoringRulesOnComputer([param1, param2, ...])

SecurityTrend_Micro_Cloud_One_API_Key or Legacy_API_Key
Request
path Parameters
computerID
required
integer <int32> \d+

The ID number of the computer.

Example: 1
query Parameters
overrides
boolean

Show only rules assigned to the current computer.

header Parameters
api-version
required
string

The version of the api being called.

Example: YOUR VERSION
Responses
200

successful operation

403

Not authorized to view the computer.

404

The computer does not exist.

Request samples
import com.trendmicro.deepsecurity.ApiClient;
import com.trendmicro.deepsecurity.Configuration;
import com.trendmicro.deepsecurity.auth.ApiKeyAuth;
import com.trendmicro.deepsecurity.auth.ApiKeyAuth;
import com.trendmicro.deepsecurity.ApiException;
import com.trendmicro.deepsecurity.api.ComputerIntegrityMonitoringRuleDetailsApi;
import com.trendmicro.deepsecurity.model.IntegrityMonitoringRules;


public class ListIntegrityMonitoringRulesOnComputerExample {
	
	public static void main(String[] args) {
		// Setup
		ApiClient defaultClient = Configuration.getDefaultApiClient();
		defaultClient.setBasePath("YOUR HOST");

		// Authentication
		ApiKeyAuth Legacy API Key = (ApiKeyAuth) defaultClient.getAuthentication("Legacy API Key");
		Legacy API Key.setApiKey("YOUR API KEY");
		try {
			defaultClient.trustAllCertificates(false);
		} catch (Exception e) {
			System.err.println("An exception occurred when calling ApiClient.trustAllCertificates");
			e.printStackTrace();
		}
		ApiKeyAuth Trend Micro Cloud One API Key = (ApiKeyAuth) defaultClient.getAuthentication("Trend Micro Cloud One API Key");
		Trend Micro Cloud One API Key.setApiKey("YOUR API KEY");
		try {
			defaultClient.trustAllCertificates(false);
		} catch (Exception e) {
			System.err.println("An exception occurred when calling ApiClient.trustAllCertificates");
			e.printStackTrace();
		}
		
		// Initialization
		// Set Any Required Values
		ComputerIntegrityMonitoringRuleDetailsApi instance = new ComputerIntegrityMonitoringRuleDetailsApi();
		Integer computerID = 1;
		Boolean overrides = false;
		String apiVersion = "YOUR VERSION";
		try {
			// Please replace the parameter values with yours
			IntegrityMonitoringRules result = instance.listIntegrityMonitoringRulesOnComputer(computerID, overrides, apiVersion);
			System.out.println(result);
		} catch (ApiException e) {
			System.err.println("An exception occurred when calling ComputerIntegrityMonitoringRuleDetailsApi.listIntegrityMonitoringRulesOnComputer");
			e.printStackTrace();
		}
	}
}

Response samples
application/json
{
  • "integrityMonitoringRules": [
    ]
}

Describe an integrity monitoring rule

get/computers/{computerID}/integritymonitoring/rules/{integrityMonitoringRuleID}

Describe an integrity monitoring rule including computer-level overrides.

Related SDK Methods:
Java

ComputerIntegrityMonitoringRuleDetailsApi.describeIntegrityMonitoringRuleOnComputer([param1, param2, ...])

Python

ComputerIntegrityMonitoringRuleDetailsApi.describe_integrity_monitoring_rule_on_computer([param1, param2, ...])

JavaScript

ComputerIntegrityMonitoringRuleDetailsApi.describeIntegrityMonitoringRuleOnComputer([param1, param2, ...])

SecurityTrend_Micro_Cloud_One_API_Key or Legacy_API_Key
Request
path Parameters
computerID
required
integer <int32> \d+

The ID number of the computer.

Example: 1
integrityMonitoringRuleID
required
integer <int32> \d+

The ID number of the integrity monitoring rule.

Example: 1
query Parameters
overrides
boolean

Show only overrides defined for the current computer.

header Parameters
api-version
required
string

The version of the api being called.

Example: YOUR VERSION
Responses
200

successful operation

403

Not authorized to view the computer.

404

The computer or integrity monitoring rule does not exist.

Request samples
import com.trendmicro.deepsecurity.ApiClient;
import com.trendmicro.deepsecurity.Configuration;
import com.trendmicro.deepsecurity.auth.ApiKeyAuth;
import com.trendmicro.deepsecurity.auth.ApiKeyAuth;
import com.trendmicro.deepsecurity.ApiException;
import com.trendmicro.deepsecurity.api.ComputerIntegrityMonitoringRuleDetailsApi;
import com.trendmicro.deepsecurity.model.IntegrityMonitoringRule;


public class DescribeIntegrityMonitoringRuleOnComputerExample {
	
	public static void main(String[] args) {
		// Setup
		ApiClient defaultClient = Configuration.getDefaultApiClient();
		defaultClient.setBasePath("YOUR HOST");

		// Authentication
		ApiKeyAuth Legacy API Key = (ApiKeyAuth) defaultClient.getAuthentication("Legacy API Key");
		Legacy API Key.setApiKey("YOUR API KEY");
		try {
			defaultClient.trustAllCertificates(false);
		} catch (Exception e) {
			System.err.println("An exception occurred when calling ApiClient.trustAllCertificates");
			e.printStackTrace();
		}
		ApiKeyAuth Trend Micro Cloud One API Key = (ApiKeyAuth) defaultClient.getAuthentication("Trend Micro Cloud One API Key");
		Trend Micro Cloud One API Key.setApiKey("YOUR API KEY");
		try {
			defaultClient.trustAllCertificates(false);
		} catch (Exception e) {
			System.err.println("An exception occurred when calling ApiClient.trustAllCertificates");
			e.printStackTrace();
		}
		
		// Initialization
		// Set Any Required Values
		ComputerIntegrityMonitoringRuleDetailsApi instance = new ComputerIntegrityMonitoringRuleDetailsApi();
		Integer computerID = 1;
		Integer integrityMonitoringRuleID = 1;
		Boolean overrides = false;
		String apiVersion = "YOUR VERSION";
		try {
			// Please replace the parameter values with yours
			IntegrityMonitoringRule result = instance.describeIntegrityMonitoringRuleOnComputer(computerID, integrityMonitoringRuleID, overrides, apiVersion);
			System.out.println(result);
		} catch (ApiException e) {
			System.err.println("An exception occurred when calling ComputerIntegrityMonitoringRuleDetailsApi.describeIntegrityMonitoringRuleOnComputer");
			e.printStackTrace();
		}
	}
}

Response samples
application/json
{
  • "name": "string",
  • "description": "string",
  • "minimumAgentVersion": "string",
  • "minimumManagerVersion": "string",
  • "severity": "low",
  • "type": "string",
  • "originalIssue": 0,
  • "lastUpdated": 0,
  • "identifier": "string",
  • "template": "registry",
  • "registryKeyRoot": "string",
  • "registryKeyValue": "string",
  • "registryIncludeSubKeys": true,
  • "registryIncludedValues": [
    ],
  • "registryIncludeDefaultValue": true,
  • "registryExcludedValues": [
    ],
  • "registryAttributes": [
    ],
  • "fileBaseDirectory": "string",
  • "fileIncludeSubDirectories": true,
  • "fileIncludedValues": [
    ],
  • "fileExcludedValues": [
    ],
  • "fileAttributes": [
    ],
  • "customXML": "string",
  • "alertEnabled": true,
  • "realTimeMonitoringEnabled": true,
  • "recommendationsMode": "enabled",
  • "ID": 0
}

Modify an integrity monitoring rule

post/computers/{computerID}/integritymonitoring/rules/{integrityMonitoringRuleID}

Modify an integrity monitoring rule assigned to a computer. Any unset elements will be left unchanged.

Related SDK Methods:
Java

ComputerIntegrityMonitoringRuleDetailsApi.modifyIntegrityMonitoringRuleOnComputer([param1, param2, ...])

Python

ComputerIntegrityMonitoringRuleDetailsApi.modify_integrity_monitoring_rule_on_computer([param1, param2, ...])

JavaScript

ComputerIntegrityMonitoringRuleDetailsApi.modifyIntegrityMonitoringRuleOnComputer([param1, param2, ...])

SecurityTrend_Micro_Cloud_One_API_Key or Legacy_API_Key
Request
path Parameters
computerID
required
integer <int32> \d+

The ID number of the computer.

Example: 1
integrityMonitoringRuleID
required
integer <int32> \d+

The ID number of the integrity monitoring rule to modify.

Example: 1
query Parameters
overrides
boolean

Show only overrides defined for the current computer.

header Parameters
api-version
required
string

The version of the api being called.

Example: YOUR VERSION
Request Body schema: application/json

The settings of the integrity monitoring rule to modify.

alertEnabled
boolean

Controls whether an alert should be made if an event related to the IntegrityMonitoringRule is logged. Defaults to false. Searchable as Boolean.

customXML
string

Custom XML rules to be used by the IntegrityMonitoringRule. Custom XML rules must be encoded in the Base64 format. Ignored if the IntegrityMonitoringRule does not follow the custom template.

description
string

Description of the IntegrityMonitoringRule. Searchable as String.

fileAttributes
Array of strings

File attributes to be monitored by the IntegrityMonitoringRule. JSON array or delimited by \n. Defaults to STANDARD which will monitor changes in file creation date, last modified date, permissions, owner, group, size, content, flags (Windows) and SymLinkPath (Linux). Ignored if the IntegrityMonitoringRule does not monitor a file directory.

fileBaseDirectory
string

Base of the file directory to be monitored by the IntegrityMonitoringRule. Ignored if the IntegrityMonitoringRule does not monitor a file directory.

fileExcludedValues
Array of strings

File name values to be ignored by the IntegrityMonitoringRule. JSON array or delimited by \n. ? matches a single character, while * matches zero or more characters. Ignored if the IntegrityMonitoringRule does not monitor a file directory.

fileIncludedValues
Array of strings

File name values to be monitored by the IntegrityMonitoringRule. JSON array or delimited by \n. ? matches a single character, while * matches zero or more characters. Leaving this field blank when monitoring file directories will cause the IntegrityMonitoringRule to monitor all files in a directory. This can use significant system resources if the base directory contains numerous or large files. Ignored if the IntegrityMonitoringRule does not monitor a file directory.

fileIncludeSubDirectories
boolean

Controls whether the IntegrityMonitoringRule should also monitor sub-directories of the base file directory that is associated with it. Defaults to false. Ignored if the IntegrityMonitoringRule does not monitor a file directory.

name
string

Name of the IntegrityMonitoringRule. Searchable as String.

realTimeMonitoringEnabled
boolean

Controls whether the IntegrityMonitoringRule is monitored in real time or during every scan. Defaults to true which indicates that it is monitored in real time. A value of false indicates that it will only be checked during scans. Searchable as Boolean.

recommendationsMode
string

Indicates whether recommendation scans consider the IntegrityMonitoringRule. Can be set to enabled or ignored. Custom rules cannot be recommended. Searchable as Choice.

Enum: "enabled" "ignored" "unknown" "disabled"
registryAttributes
Array of strings

Registry key attributes to be monitored by the IntegrityMonitoringRule. JSON array or delimited by \n. Defaults to STANDARD which will monitor changes in registry size, content and type. Ignored if the IntegrityMonitoringRule does not monitor a registry key.

registryExcludedValues
Array of strings

Registry key values to be ignored by the IntegrityMonitoringRule. JSON array or delimited by \n. ? matches a single character, while * matches zero or more characters. Ignored if the IntegrityMonitoringRule does not monitor a registry key.

registryIncludeDefaultValue
boolean

Controls whether the rule should monitor default registry key values. Defaults to true. Ignored if the IntegrityMonitoringRule does not monitor a registry key.

registryIncludedValues
Array of strings

Registry key values to be monitored by the IntegrityMonitoringRule. JSON array or delimited by \n. ? matches a single character, while * matches zero or more characters. Ignored if the IntegrityMonitoringRule does not monitor a registry key.

registryIncludeSubKeys
boolean

Controls whether the IntegrityMonitoringRule should also include subkeys of the registry key it monitors. Defaults to false. Ignored if the IntegrityMonitoringRule does not monitor a registry key.

registryKeyRoot
string

Registry hive which is monitored by the IntegrityMonitoringRule. Empty if the IntegrityMonitoringRule does not monitor a registry key.

registryKeyValue
string

Registry key which is monitored by the IntegrityMonitoringRule. Empty if the IntegrityMonitoringRule does not monitor a registry key. Ignored if the IntegrityMonitoringRule does not monitor a registry key.

severity
string

Severity level of the event is multiplied by the computer's asset value to determine ranking. Ranking can be used to sort events with more business impact. Searchable as Choice.

Enum: "low" "medium" "high" "critical"
template
string

Template which the IntegrityMonitoringRule follows.

Enum: "registry" "file" "custom"
Responses
200

successful operation

403

Not authorized to modify the computer or the requested modification is not permitted.

404

The computer or integrity monitoring rule does not exist.

Request samples
application/json
{
  • "name": "string",
  • "description": "string",
  • "severity": "low",
  • "template": "registry",
  • "registryKeyRoot": "string",
  • "registryKeyValue": "string",
  • "registryIncludeSubKeys": true,
  • "registryIncludedValues": [
    ],
  • "registryIncludeDefaultValue": true,
  • "registryExcludedValues": [
    ],
  • "registryAttributes": [
    ],
  • "fileBaseDirectory": "string",
  • "fileIncludeSubDirectories": true,
  • "fileIncludedValues": [
    ],
  • "fileExcludedValues": [
    ],
  • "fileAttributes": [
    ],
  • "customXML": "string",
  • "alertEnabled": true,
  • "realTimeMonitoringEnabled": true,
  • "recommendationsMode": "enabled"
}
Response samples
application/json
{
  • "name": "string",
  • "description": "string",
  • "minimumAgentVersion": "string",
  • "minimumManagerVersion": "string",
  • "severity": "low",
  • "type": "string",
  • "originalIssue": 0,
  • "lastUpdated": 0,
  • "identifier": "string",
  • "template": "registry",
  • "registryKeyRoot": "string",
  • "registryKeyValue": "string",
  • "registryIncludeSubKeys": true,
  • "registryIncludedValues": [
    ],
  • "registryIncludeDefaultValue": true,
  • "registryExcludedValues": [
    ],
  • "registryAttributes": [
    ],
  • "fileBaseDirectory": "string",
  • "fileIncludeSubDirectories": true,
  • "fileIncludedValues": [
    ],
  • "fileExcludedValues": [
    ],
  • "fileAttributes": [
    ],
  • "customXML": "string",
  • "alertEnabled": true,
  • "realTimeMonitoringEnabled": true,
  • "recommendationsMode": "enabled",
  • "ID": 0
}

Reset integrity monitoring rule overrides

delete/computers/{computerID}/integritymonitoring/rules/{integrityMonitoringRuleID}

Remove all overrides for an integrity monitoring rule from a computer.

Related SDK Methods:
Java

ComputerIntegrityMonitoringRuleDetailsApi.resetIntegrityMonitoringRuleOnComputer([param1, param2, ...])

Python

ComputerIntegrityMonitoringRuleDetailsApi.reset_integrity_monitoring_rule_on_computer([param1, param2, ...])

JavaScript

ComputerIntegrityMonitoringRuleDetailsApi.resetIntegrityMonitoringRuleOnComputer([param1, param2, ...])

SecurityTrend_Micro_Cloud_One_API_Key or Legacy_API_Key
Request
path Parameters
computerID
required
integer <int32> \d+

The ID number of the computer.

Example: 1
integrityMonitoringRuleID
required
integer <int32> \d+

The ID number of the integrity monitoring rule to reset.

Example: 1
query Parameters
overrides
boolean

Show only overrides defined for the current computer.

header Parameters
api-version
required
string

The version of the api being called.

Example: YOUR VERSION
Responses
200

successful operation

403

Not authorized to modify the computer.

404

The computer does not exist.

Request samples
import com.trendmicro.deepsecurity.ApiClient;
import com.trendmicro.deepsecurity.Configuration;
import com.trendmicro.deepsecurity.auth.ApiKeyAuth;
import com.trendmicro.deepsecurity.auth.ApiKeyAuth;
import com.trendmicro.deepsecurity.ApiException;
import com.trendmicro.deepsecurity.api.ComputerIntegrityMonitoringRuleDetailsApi;
import com.trendmicro.deepsecurity.model.IntegrityMonitoringRule;


public class ResetIntegrityMonitoringRuleOnComputerExample {
	
	public static void main(String[] args) {
		// Setup
		ApiClient defaultClient = Configuration.getDefaultApiClient();
		defaultClient.setBasePath("YOUR HOST");

		// Authentication
		ApiKeyAuth Legacy API Key = (ApiKeyAuth) defaultClient.getAuthentication("Legacy API Key");
		Legacy API Key.setApiKey("YOUR API KEY");
		try {
			defaultClient.trustAllCertificates(false);
		} catch (Exception e) {
			System.err.println("An exception occurred when calling ApiClient.trustAllCertificates");
			e.printStackTrace();
		}
		ApiKeyAuth Trend Micro Cloud One API Key = (ApiKeyAuth) defaultClient.getAuthentication("Trend Micro Cloud One API Key");
		Trend Micro Cloud One API Key.setApiKey("YOUR API KEY");
		try {
			defaultClient.trustAllCertificates(false);
		} catch (Exception e) {
			System.err.println("An exception occurred when calling ApiClient.trustAllCertificates");
			e.printStackTrace();
		}
		
		// Initialization
		// Set Any Required Values
		ComputerIntegrityMonitoringRuleDetailsApi instance = new ComputerIntegrityMonitoringRuleDetailsApi();
		Integer computerID = 1;
		Integer integrityMonitoringRuleID = 1;
		Boolean overrides = false;
		String apiVersion = "YOUR VERSION";
		try {
			// Please replace the parameter values with yours
			IntegrityMonitoringRule result = instance.resetIntegrityMonitoringRuleOnComputer(computerID, integrityMonitoringRuleID, overrides, apiVersion);
			System.out.println(result);
		} catch (ApiException e) {
			System.err.println("An exception occurred when calling ComputerIntegrityMonitoringRuleDetailsApi.resetIntegrityMonitoringRuleOnComputer");
			e.printStackTrace();
		}
	}
}

Response samples
application/json
{
  • "name": "string",
  • "description": "string",
  • "minimumAgentVersion": "string",
  • "minimumManagerVersion": "string",
  • "severity": "low",
  • "type": "string",
  • "originalIssue": 0,
  • "lastUpdated": 0,
  • "identifier": "string",
  • "template": "registry",
  • "registryKeyRoot": "string",
  • "registryKeyValue": "string",
  • "registryIncludeSubKeys": true,
  • "registryIncludedValues": [
    ],
  • "registryIncludeDefaultValue": true,
  • "registryExcludedValues": [
    ],
  • "registryAttributes": [
    ],
  • "fileBaseDirectory": "string",
  • "fileIncludeSubDirectories": true,
  • "fileIncludedValues": [
    ],
  • "fileExcludedValues": [
    ],
  • "fileAttributes": [
    ],
  • "customXML": "string",
  • "alertEnabled": true,
  • "realTimeMonitoringEnabled": true,
  • "recommendationsMode": "enabled",
  • "ID": 0
}