Integrity Monitoring Rules

Describe an Integrity Monitoring Rule

get/integritymonitoringrules/{integrityMonitoringRuleID}

Describe an integrity monitoring rule by ID.

Related SDK Methods:
Java

IntegrityMonitoringRulesApi.describeIntegrityMonitoringRule([param1, param2, ...])

Python

IntegrityMonitoringRulesApi.describe_integrity_monitoring_rule([param1, param2, ...])

JavaScript

IntegrityMonitoringRulesApi.describeIntegrityMonitoringRule([param1, param2, ...])

SecurityTrend_Micro_Cloud_One_API_Key or Legacy_API_Key
Request
path Parameters
integrityMonitoringRuleID
required
integer <int32> \d+

The ID number of the integrity monitoring rule to describe.

Example: 1
header Parameters
api-version
required
string

The version of the api being called.

Example: YOUR VERSION
Responses
200

successful operation

403

Not authorized to view integrity monitorings.

404

The integrity monitoring rule does not exist.

Request samples
import com.trendmicro.deepsecurity.ApiClient;
import com.trendmicro.deepsecurity.Configuration;
import com.trendmicro.deepsecurity.auth.ApiKeyAuth;
import com.trendmicro.deepsecurity.auth.ApiKeyAuth;
import com.trendmicro.deepsecurity.ApiException;
import com.trendmicro.deepsecurity.api.IntegrityMonitoringRulesApi;
import com.trendmicro.deepsecurity.model.IntegrityMonitoringRule;


public class DescribeIntegrityMonitoringRuleExample {
	
	public static void main(String[] args) {
		// Setup
		ApiClient defaultClient = Configuration.getDefaultApiClient();
		defaultClient.setBasePath("YOUR HOST");

		// Authentication
		ApiKeyAuth Legacy API Key = (ApiKeyAuth) defaultClient.getAuthentication("Legacy API Key");
		Legacy API Key.setApiKey("YOUR API KEY");
		try {
			defaultClient.trustAllCertificates(false);
		} catch (Exception e) {
			System.err.println("An exception occurred when calling ApiClient.trustAllCertificates");
			e.printStackTrace();
		}
		ApiKeyAuth Trend Micro Cloud One API Key = (ApiKeyAuth) defaultClient.getAuthentication("Trend Micro Cloud One API Key");
		Trend Micro Cloud One API Key.setApiKey("YOUR API KEY");
		try {
			defaultClient.trustAllCertificates(false);
		} catch (Exception e) {
			System.err.println("An exception occurred when calling ApiClient.trustAllCertificates");
			e.printStackTrace();
		}
		
		// Initialization
		// Set Any Required Values
		IntegrityMonitoringRulesApi instance = new IntegrityMonitoringRulesApi();
		Integer integrityMonitoringRuleID = 1;
		String apiVersion = "YOUR VERSION";
		try {
			// Please replace the parameter values with yours
			IntegrityMonitoringRule result = instance.describeIntegrityMonitoringRule(integrityMonitoringRuleID, apiVersion);
			System.out.println(result);
		} catch (ApiException e) {
			System.err.println("An exception occurred when calling IntegrityMonitoringRulesApi.describeIntegrityMonitoringRule");
			e.printStackTrace();
		}
	}
}

Response samples
application/json
{
  • "name": "string",
  • "description": "string",
  • "minimumAgentVersion": "string",
  • "minimumManagerVersion": "string",
  • "severity": "low",
  • "type": "string",
  • "originalIssue": 0,
  • "lastUpdated": 0,
  • "identifier": "string",
  • "template": "registry",
  • "registryKeyRoot": "string",
  • "registryKeyValue": "string",
  • "registryIncludeSubKeys": true,
  • "registryIncludedValues": [
    ],
  • "registryIncludeDefaultValue": true,
  • "registryExcludedValues": [
    ],
  • "registryAttributes": [
    ],
  • "fileBaseDirectory": "string",
  • "fileIncludeSubDirectories": true,
  • "fileIncludedValues": [
    ],
  • "fileExcludedValues": [
    ],
  • "fileAttributes": [
    ],
  • "customXML": "string",
  • "alertEnabled": true,
  • "realTimeMonitoringEnabled": true,
  • "recommendationsMode": "enabled",
  • "ID": 0
}

Modify an Integrity Monitoring Rule

post/integritymonitoringrules/{integrityMonitoringRuleID}

Modify an integrity monitoring rule by ID. Any unset elements will be left unchanged.

Related SDK Methods:
Java

IntegrityMonitoringRulesApi.modifyIntegrityMonitoringRule([param1, param2, ...])

Python

IntegrityMonitoringRulesApi.modify_integrity_monitoring_rule([param1, param2, ...])

JavaScript

IntegrityMonitoringRulesApi.modifyIntegrityMonitoringRule([param1, param2, ...])

SecurityTrend_Micro_Cloud_One_API_Key or Legacy_API_Key
Request
path Parameters
integrityMonitoringRuleID
required
integer <int32> \d+

The ID number of the integrity monitoring rule to modify.

Example: 1
header Parameters
api-version
required
string

The version of the api being called.

Example: YOUR VERSION
Request Body schema: application/json

The settings of the integrity monitoring rule to modify.

alertEnabled
boolean

Controls whether an alert should be made if an event related to the IntegrityMonitoringRule is logged. Defaults to false. Searchable as Boolean.

customXML
string

Custom XML rules to be used by the IntegrityMonitoringRule. Custom XML rules must be encoded in the Base64 format. Ignored if the IntegrityMonitoringRule does not follow the custom template.

description
string

Description of the IntegrityMonitoringRule. Searchable as String.

fileAttributes
Array of strings

File attributes to be monitored by the IntegrityMonitoringRule. JSON array or delimited by \n. Defaults to STANDARD which will monitor changes in file creation date, last modified date, permissions, owner, group, size, content, flags (Windows) and SymLinkPath (Linux). Ignored if the IntegrityMonitoringRule does not monitor a file directory.

fileBaseDirectory
string

Base of the file directory to be monitored by the IntegrityMonitoringRule. Ignored if the IntegrityMonitoringRule does not monitor a file directory.

fileExcludedValues
Array of strings

File name values to be ignored by the IntegrityMonitoringRule. JSON array or delimited by \n. ? matches a single character, while * matches zero or more characters. Ignored if the IntegrityMonitoringRule does not monitor a file directory.

fileIncludedValues
Array of strings

File name values to be monitored by the IntegrityMonitoringRule. JSON array or delimited by \n. ? matches a single character, while * matches zero or more characters. Leaving this field blank when monitoring file directories will cause the IntegrityMonitoringRule to monitor all files in a directory. This can use significant system resources if the base directory contains numerous or large files. Ignored if the IntegrityMonitoringRule does not monitor a file directory.

fileIncludeSubDirectories
boolean

Controls whether the IntegrityMonitoringRule should also monitor sub-directories of the base file directory that is associated with it. Defaults to false. Ignored if the IntegrityMonitoringRule does not monitor a file directory.

name
string

Name of the IntegrityMonitoringRule. Searchable as String.

realTimeMonitoringEnabled
boolean

Controls whether the IntegrityMonitoringRule is monitored in real time or during every scan. Defaults to true which indicates that it is monitored in real time. A value of false indicates that it will only be checked during scans. Searchable as Boolean.

recommendationsMode
string

Indicates whether recommendation scans consider the IntegrityMonitoringRule. Can be set to enabled or ignored. Custom rules cannot be recommended. Searchable as Choice.

Enum: "enabled" "ignored" "unknown" "disabled"
registryAttributes
Array of strings

Registry key attributes to be monitored by the IntegrityMonitoringRule. JSON array or delimited by \n. Defaults to STANDARD which will monitor changes in registry size, content and type. Ignored if the IntegrityMonitoringRule does not monitor a registry key.

registryExcludedValues
Array of strings

Registry key values to be ignored by the IntegrityMonitoringRule. JSON array or delimited by \n. ? matches a single character, while * matches zero or more characters. Ignored if the IntegrityMonitoringRule does not monitor a registry key.

registryIncludeDefaultValue
boolean

Controls whether the rule should monitor default registry key values. Defaults to true. Ignored if the IntegrityMonitoringRule does not monitor a registry key.

registryIncludedValues
Array of strings

Registry key values to be monitored by the IntegrityMonitoringRule. JSON array or delimited by \n. ? matches a single character, while * matches zero or more characters. Ignored if the IntegrityMonitoringRule does not monitor a registry key.

registryIncludeSubKeys
boolean

Controls whether the IntegrityMonitoringRule should also include subkeys of the registry key it monitors. Defaults to false. Ignored if the IntegrityMonitoringRule does not monitor a registry key.

registryKeyRoot
string

Registry hive which is monitored by the IntegrityMonitoringRule. Empty if the IntegrityMonitoringRule does not monitor a registry key.

registryKeyValue
string

Registry key which is monitored by the IntegrityMonitoringRule. Empty if the IntegrityMonitoringRule does not monitor a registry key. Ignored if the IntegrityMonitoringRule does not monitor a registry key.

severity
string

Severity level of the event is multiplied by the computer's asset value to determine ranking. Ranking can be used to sort events with more business impact. Searchable as Choice.

Enum: "low" "medium" "high" "critical"
template
string

Template which the IntegrityMonitoringRule follows.

Enum: "registry" "file" "custom"
Responses
200

successful operation

403

Not authorized to modify integrity monitoring rule or the requested modification is not permitted.

404

The integrity monitoring rule does not exist.

Request samples
application/json
{
  • "name": "string",
  • "description": "string",
  • "severity": "low",
  • "template": "registry",
  • "registryKeyRoot": "string",
  • "registryKeyValue": "string",
  • "registryIncludeSubKeys": true,
  • "registryIncludedValues": [
    ],
  • "registryIncludeDefaultValue": true,
  • "registryExcludedValues": [
    ],
  • "registryAttributes": [
    ],
  • "fileBaseDirectory": "string",
  • "fileIncludeSubDirectories": true,
  • "fileIncludedValues": [
    ],
  • "fileExcludedValues": [
    ],
  • "fileAttributes": [
    ],
  • "customXML": "string",
  • "alertEnabled": true,
  • "realTimeMonitoringEnabled": true,
  • "recommendationsMode": "enabled"
}
Response samples
application/json
{
  • "name": "string",
  • "description": "string",
  • "minimumAgentVersion": "string",
  • "minimumManagerVersion": "string",
  • "severity": "low",
  • "type": "string",
  • "originalIssue": 0,
  • "lastUpdated": 0,
  • "identifier": "string",
  • "template": "registry",
  • "registryKeyRoot": "string",
  • "registryKeyValue": "string",
  • "registryIncludeSubKeys": true,
  • "registryIncludedValues": [
    ],
  • "registryIncludeDefaultValue": true,
  • "registryExcludedValues": [
    ],
  • "registryAttributes": [
    ],
  • "fileBaseDirectory": "string",
  • "fileIncludeSubDirectories": true,
  • "fileIncludedValues": [
    ],
  • "fileExcludedValues": [
    ],
  • "fileAttributes": [
    ],
  • "customXML": "string",
  • "alertEnabled": true,
  • "realTimeMonitoringEnabled": true,
  • "recommendationsMode": "enabled",
  • "ID": 0
}

Delete an Integrity Monitoring Rule

delete/integritymonitoringrules/{integrityMonitoringRuleID}

Delete an integrity monitoring rule by ID.

Related SDK Methods:
Java

IntegrityMonitoringRulesApi.deleteIntegrityMonitoringRule([param1, param2, ...])

Python

IntegrityMonitoringRulesApi.delete_integrity_monitoring_rule([param1, param2, ...])

JavaScript

IntegrityMonitoringRulesApi.deleteIntegrityMonitoringRule([param1, param2, ...])

SecurityTrend_Micro_Cloud_One_API_Key or Legacy_API_Key
Request
path Parameters
integrityMonitoringRuleID
required
integer <int32> \d+

The ID number of the integrity monitoring rule to delete.

Example: 1
header Parameters
api-version
required
string

The version of the api being called.

Example: YOUR VERSION
Responses
200

Request is successful.

403

Not authorized to delete integrity monitoring rules.

Request samples
import com.trendmicro.deepsecurity.ApiClient;
import com.trendmicro.deepsecurity.Configuration;
import com.trendmicro.deepsecurity.auth.ApiKeyAuth;
import com.trendmicro.deepsecurity.auth.ApiKeyAuth;
import com.trendmicro.deepsecurity.ApiException;
import com.trendmicro.deepsecurity.api.IntegrityMonitoringRulesApi;


public class DeleteIntegrityMonitoringRuleExample {
	
	public static void main(String[] args) {
		// Setup
		ApiClient defaultClient = Configuration.getDefaultApiClient();
		defaultClient.setBasePath("YOUR HOST");

		// Authentication
		ApiKeyAuth Legacy API Key = (ApiKeyAuth) defaultClient.getAuthentication("Legacy API Key");
		Legacy API Key.setApiKey("YOUR API KEY");
		try {
			defaultClient.trustAllCertificates(false);
		} catch (Exception e) {
			System.err.println("An exception occurred when calling ApiClient.trustAllCertificates");
			e.printStackTrace();
		}
		ApiKeyAuth Trend Micro Cloud One API Key = (ApiKeyAuth) defaultClient.getAuthentication("Trend Micro Cloud One API Key");
		Trend Micro Cloud One API Key.setApiKey("YOUR API KEY");
		try {
			defaultClient.trustAllCertificates(false);
		} catch (Exception e) {
			System.err.println("An exception occurred when calling ApiClient.trustAllCertificates");
			e.printStackTrace();
		}
		
		// Initialization
		// Set Any Required Values
		IntegrityMonitoringRulesApi instance = new IntegrityMonitoringRulesApi();
		Integer integrityMonitoringRuleID = 1;
		String apiVersion = "YOUR VERSION";
		try {
			// Please replace the parameter values with yours
			instance.deleteIntegrityMonitoringRule(integrityMonitoringRuleID, apiVersion);
		} catch (ApiException e) {
			System.err.println("An exception occurred when calling IntegrityMonitoringRulesApi.deleteIntegrityMonitoringRule");
			e.printStackTrace();
		}
	}
}

List Integrity Monitoring Rules

get/integritymonitoringrules

Lists all integrity monitoring rules.

Related SDK Methods:
Java

IntegrityMonitoringRulesApi.listIntegrityMonitoringRules([param1, param2, ...])

Python

IntegrityMonitoringRulesApi.list_integrity_monitoring_rules([param1, param2, ...])

JavaScript

IntegrityMonitoringRulesApi.listIntegrityMonitoringRules([param1, param2, ...])

SecurityTrend_Micro_Cloud_One_API_Key or Legacy_API_Key
Request
header Parameters
api-version
required
string

The version of the api being called.

Example: YOUR VERSION
Responses
200

successful operation

403

Not authorized to view integrity monitorings.

Request samples
import com.trendmicro.deepsecurity.ApiClient;
import com.trendmicro.deepsecurity.Configuration;
import com.trendmicro.deepsecurity.auth.ApiKeyAuth;
import com.trendmicro.deepsecurity.auth.ApiKeyAuth;
import com.trendmicro.deepsecurity.ApiException;
import com.trendmicro.deepsecurity.api.IntegrityMonitoringRulesApi;
import com.trendmicro.deepsecurity.model.IntegrityMonitoringRules;


public class ListIntegrityMonitoringRulesExample {
	
	public static void main(String[] args) {
		// Setup
		ApiClient defaultClient = Configuration.getDefaultApiClient();
		defaultClient.setBasePath("YOUR HOST");

		// Authentication
		ApiKeyAuth Legacy API Key = (ApiKeyAuth) defaultClient.getAuthentication("Legacy API Key");
		Legacy API Key.setApiKey("YOUR API KEY");
		try {
			defaultClient.trustAllCertificates(false);
		} catch (Exception e) {
			System.err.println("An exception occurred when calling ApiClient.trustAllCertificates");
			e.printStackTrace();
		}
		ApiKeyAuth Trend Micro Cloud One API Key = (ApiKeyAuth) defaultClient.getAuthentication("Trend Micro Cloud One API Key");
		Trend Micro Cloud One API Key.setApiKey("YOUR API KEY");
		try {
			defaultClient.trustAllCertificates(false);
		} catch (Exception e) {
			System.err.println("An exception occurred when calling ApiClient.trustAllCertificates");
			e.printStackTrace();
		}
		
		// Initialization
		// Set Any Required Values
		IntegrityMonitoringRulesApi instance = new IntegrityMonitoringRulesApi();
		String apiVersion = "YOUR VERSION";
		try {
			// Please replace the parameter values with yours
			IntegrityMonitoringRules result = instance.listIntegrityMonitoringRules(apiVersion);
			System.out.println(result);
		} catch (ApiException e) {
			System.err.println("An exception occurred when calling IntegrityMonitoringRulesApi.listIntegrityMonitoringRules");
			e.printStackTrace();
		}
	}
}

Response samples
application/json
{
  • "integrityMonitoringRules": [
    ]
}

Create an Integrity Monitoring Rule

post/integritymonitoringrules

Create a new integrity monitoring rule.

Related SDK Methods:
Java

IntegrityMonitoringRulesApi.createIntegrityMonitoringRule([param1, param2, ...])

Python

IntegrityMonitoringRulesApi.create_integrity_monitoring_rule([param1, param2, ...])

JavaScript

IntegrityMonitoringRulesApi.createIntegrityMonitoringRule([param1, param2, ...])

SecurityTrend_Micro_Cloud_One_API_Key or Legacy_API_Key
Request
header Parameters
api-version
required
string

The version of the api being called.

Example: YOUR VERSION
Request Body schema: application/json

The settings of the new integrity monitoring rule.

alertEnabled
boolean

Controls whether an alert should be made if an event related to the IntegrityMonitoringRule is logged. Defaults to false. Searchable as Boolean.

customXML
string

Custom XML rules to be used by the IntegrityMonitoringRule. Custom XML rules must be encoded in the Base64 format. Ignored if the IntegrityMonitoringRule does not follow the custom template.

description
string

Description of the IntegrityMonitoringRule. Searchable as String.

fileAttributes
Array of strings

File attributes to be monitored by the IntegrityMonitoringRule. JSON array or delimited by \n. Defaults to STANDARD which will monitor changes in file creation date, last modified date, permissions, owner, group, size, content, flags (Windows) and SymLinkPath (Linux). Ignored if the IntegrityMonitoringRule does not monitor a file directory.

fileBaseDirectory
string

Base of the file directory to be monitored by the IntegrityMonitoringRule. Ignored if the IntegrityMonitoringRule does not monitor a file directory.

fileExcludedValues
Array of strings

File name values to be ignored by the IntegrityMonitoringRule. JSON array or delimited by \n. ? matches a single character, while * matches zero or more characters. Ignored if the IntegrityMonitoringRule does not monitor a file directory.

fileIncludedValues
Array of strings

File name values to be monitored by the IntegrityMonitoringRule. JSON array or delimited by \n. ? matches a single character, while * matches zero or more characters. Leaving this field blank when monitoring file directories will cause the IntegrityMonitoringRule to monitor all files in a directory. This can use significant system resources if the base directory contains numerous or large files. Ignored if the IntegrityMonitoringRule does not monitor a file directory.

fileIncludeSubDirectories
boolean

Controls whether the IntegrityMonitoringRule should also monitor sub-directories of the base file directory that is associated with it. Defaults to false. Ignored if the IntegrityMonitoringRule does not monitor a file directory.

name
string

Name of the IntegrityMonitoringRule. Searchable as String.

realTimeMonitoringEnabled
boolean

Controls whether the IntegrityMonitoringRule is monitored in real time or during every scan. Defaults to true which indicates that it is monitored in real time. A value of false indicates that it will only be checked during scans. Searchable as Boolean.

recommendationsMode
string

Indicates whether recommendation scans consider the IntegrityMonitoringRule. Can be set to enabled or ignored. Custom rules cannot be recommended. Searchable as Choice.

Enum: "enabled" "ignored" "unknown" "disabled"
registryAttributes
Array of strings

Registry key attributes to be monitored by the IntegrityMonitoringRule. JSON array or delimited by \n. Defaults to STANDARD which will monitor changes in registry size, content and type. Ignored if the IntegrityMonitoringRule does not monitor a registry key.

registryExcludedValues
Array of strings

Registry key values to be ignored by the IntegrityMonitoringRule. JSON array or delimited by \n. ? matches a single character, while * matches zero or more characters. Ignored if the IntegrityMonitoringRule does not monitor a registry key.

registryIncludeDefaultValue
boolean

Controls whether the rule should monitor default registry key values. Defaults to true. Ignored if the IntegrityMonitoringRule does not monitor a registry key.

registryIncludedValues
Array of strings

Registry key values to be monitored by the IntegrityMonitoringRule. JSON array or delimited by \n. ? matches a single character, while * matches zero or more characters. Ignored if the IntegrityMonitoringRule does not monitor a registry key.

registryIncludeSubKeys
boolean

Controls whether the IntegrityMonitoringRule should also include subkeys of the registry key it monitors. Defaults to false. Ignored if the IntegrityMonitoringRule does not monitor a registry key.

registryKeyRoot
string

Registry hive which is monitored by the IntegrityMonitoringRule. Empty if the IntegrityMonitoringRule does not monitor a registry key.

registryKeyValue
string

Registry key which is monitored by the IntegrityMonitoringRule. Empty if the IntegrityMonitoringRule does not monitor a registry key. Ignored if the IntegrityMonitoringRule does not monitor a registry key.

severity
string

Severity level of the event is multiplied by the computer's asset value to determine ranking. Ranking can be used to sort events with more business impact. Searchable as Choice.

Enum: "low" "medium" "high" "critical"
template
string

Template which the IntegrityMonitoringRule follows.

Enum: "registry" "file" "custom"
Responses
200

successful operation

403

Not authorized to view integrity monitorings.

Request samples
application/json
{
  • "name": "string",
  • "description": "string",
  • "severity": "low",
  • "template": "registry",
  • "registryKeyRoot": "string",
  • "registryKeyValue": "string",
  • "registryIncludeSubKeys": true,
  • "registryIncludedValues": [
    ],
  • "registryIncludeDefaultValue": true,
  • "registryExcludedValues": [
    ],
  • "registryAttributes": [
    ],
  • "fileBaseDirectory": "string",
  • "fileIncludeSubDirectories": true,
  • "fileIncludedValues": [
    ],
  • "fileExcludedValues": [
    ],
  • "fileAttributes": [
    ],
  • "customXML": "string",
  • "alertEnabled": true,
  • "realTimeMonitoringEnabled": true,
  • "recommendationsMode": "enabled"
}
Response samples
application/json
{
  • "name": "string",
  • "description": "string",
  • "minimumAgentVersion": "string",
  • "minimumManagerVersion": "string",
  • "severity": "low",
  • "type": "string",
  • "originalIssue": 0,
  • "lastUpdated": 0,
  • "identifier": "string",
  • "template": "registry",
  • "registryKeyRoot": "string",
  • "registryKeyValue": "string",
  • "registryIncludeSubKeys": true,
  • "registryIncludedValues": [
    ],
  • "registryIncludeDefaultValue": true,
  • "registryExcludedValues": [
    ],
  • "registryAttributes": [
    ],
  • "fileBaseDirectory": "string",
  • "fileIncludeSubDirectories": true,
  • "fileIncludedValues": [
    ],
  • "fileExcludedValues": [
    ],
  • "fileAttributes": [
    ],
  • "customXML": "string",
  • "alertEnabled": true,
  • "realTimeMonitoringEnabled": true,
  • "recommendationsMode": "enabled",
  • "ID": 0
}

Search Integrity Monitoring Rules

post/integritymonitoringrules/search

Search for integrity monitoring rules using optional filters.

Related SDK Methods:
Java

IntegrityMonitoringRulesApi.searchIntegrityMonitoringRules([param1, param2, ...])

Python

IntegrityMonitoringRulesApi.search_integrity_monitoring_rules([param1, param2, ...])

JavaScript

IntegrityMonitoringRulesApi.searchIntegrityMonitoringRules([param1, param2, ...])

SecurityTrend_Micro_Cloud_One_API_Key or Legacy_API_Key
Request
header Parameters
api-version
required
string

The version of the api being called.

Example: YOUR VERSION
Request Body schema: application/json

A collection of options used to filter the search results.

maxItems
integer <int32>

Limits the number of objects returned. Default 5000.

Array of objects (searchCriteria)

Array of search critiera used to filter objects. Searching with multiple criteria returns results that satisfy all of the criteria. Searching with no criteria returns all objects.

sortByObjectID
boolean

If true, forces the response objects to be sorted by ID, overriding the default sort order. Default "false".

Responses
200

successful operation

403

Not authorized to view integrity monitorings.

Request samples
application/json
{
  • "maxItems": 0,
  • "searchCriteria": [
    ],
  • "sortByObjectID": true
}
Response samples
application/json
{
  • "integrityMonitoringRules": [
    ]
}