Policy Integrity Monitoring Rule Details

List integrity monitoring rules

get/policies/{policyID}/integritymonitoring/rules

Lists all integrity monitoring rules assigned to a policy.

Related SDK Methods:

Java

PolicyIntegrityMonitoringRuleDetailsApi.listIntegrityMonitoringRulesOnPolicy([param1, param2, ...])

Python

PolicyIntegrityMonitoringRuleDetailsApi.list_integrity_monitoring_rules_on_policy([param1, param2, ...])

JavaScript

PolicyIntegrityMonitoringRuleDetailsApi.listIntegrityMonitoringRulesOnPolicy([param1, param2, ...])

SecurityTrend_Micro_Cloud_One_API_Key or Legacy_API_Key

Request

path Parameters

policyID

required

integer <int32> \d+

The ID number of the policy.

Example: 1

query Parameters

overrides

boolean

Show only rules assigned to the current policy.

header Parameters

api-version

required

string

The version of the api being called.

Example: YOUR VERSION

Responses

200

successful operation

403

Not authorized to view the policy.

404

The policy does not exist.

Request samples

Java
Python
JavaScript

import com.trendmicro.deepsecurity.ApiClient;
import com.trendmicro.deepsecurity.Configuration;
import com.trendmicro.deepsecurity.auth.ApiKeyAuth;
import com.trendmicro.deepsecurity.auth.ApiKeyAuth;
import com.trendmicro.deepsecurity.ApiException;
import com.trendmicro.deepsecurity.api.PolicyIntegrityMonitoringRuleDetailsApi;
import com.trendmicro.deepsecurity.model.IntegrityMonitoringRules;


public class ListIntegrityMonitoringRulesOnPolicyExample {
	
	public static void main(String[] args) {
		// Setup
		ApiClient defaultClient = Configuration.getDefaultApiClient();
		defaultClient.setBasePath("YOUR HOST");

		// Authentication
		ApiKeyAuth Legacy API Key = (ApiKeyAuth) defaultClient.getAuthentication("Legacy API Key");
		Legacy API Key.setApiKey("YOUR API KEY");
		try {
			defaultClient.trustAllCertificates(false);
		} catch (Exception e) {
			System.err.println("An exception occurred when calling ApiClient.trustAllCertificates");
			e.printStackTrace();
		}
		ApiKeyAuth Trend Micro Cloud One API Key = (ApiKeyAuth) defaultClient.getAuthentication("Trend Micro Cloud One API Key");
		Trend Micro Cloud One API Key.setApiKey("YOUR API KEY");
		try {
			defaultClient.trustAllCertificates(false);
		} catch (Exception e) {
			System.err.println("An exception occurred when calling ApiClient.trustAllCertificates");
			e.printStackTrace();
		}
		
		// Initialization
		// Set Any Required Values
		PolicyIntegrityMonitoringRuleDetailsApi instance = new PolicyIntegrityMonitoringRuleDetailsApi();
		Integer policyID = 1;
		Boolean overrides = false;
		String apiVersion = "YOUR VERSION";
		try {
			// Please replace the parameter values with yours
			IntegrityMonitoringRules result = instance.listIntegrityMonitoringRulesOnPolicy(policyID, overrides, apiVersion);
			System.out.println(result);
		} catch (ApiException e) {
			System.err.println("An exception occurred when calling PolicyIntegrityMonitoringRuleDetailsApi.listIntegrityMonitoringRulesOnPolicy");
			e.printStackTrace();
		}
	}
}

Response samples

application/json

{"integrityMonitoringRules": [{"name": "string",
"description": "string",
"minimumAgentVersion": "string",
"minimumManagerVersion": "string",
"severity": "low",
"type": "string",
"originalIssue": 0,
"lastUpdated": 0,
"identifier": "string",
"template": "registry",
"registryKeyRoot": "string",
"registryKeyValue": "string",
"registryIncludeSubKeys": true,
"registryIncludedValues": ["string"
],
"registryIncludeDefaultValue": true,
"registryExcludedValues": ["string"
],
"registryAttributes": ["string"
],
"fileBaseDirectory": "string",
"fileIncludeSubDirectories": true,
"fileIncludedValues": ["string"
],
"fileExcludedValues": ["string"
],
"fileAttributes": ["string"
],
"customXML": "string",
"alertEnabled": true,
"realTimeMonitoringEnabled": true,
"recommendationsMode": "enabled",
"ID": 0
}
]
}

Describe an integrity monitoring rule

get/policies/{policyID}/integritymonitoring/rules/{integrityMonitoringRuleID}

Describe an integrity monitoring rule including policy-level overrides.

Related SDK Methods:

Java

PolicyIntegrityMonitoringRuleDetailsApi.describeIntegrityMonitoringRuleOnPolicy([param1, param2, ...])

Python

PolicyIntegrityMonitoringRuleDetailsApi.describe_integrity_monitoring_rule_on_policy([param1, param2, ...])

JavaScript

PolicyIntegrityMonitoringRuleDetailsApi.describeIntegrityMonitoringRuleOnPolicy([param1, param2, ...])

SecurityTrend_Micro_Cloud_One_API_Key or Legacy_API_Key

Request

path Parameters

integrityMonitoringRuleID required	integer <int32> \d+ The ID number of the integrity monitoring rule. Example: 1
policyID required	integer <int32> \d+ The ID number of the policy. Example: 1

query Parameters

overrides

boolean

Show only overrides defined for the current policy.

header Parameters

api-version

required

string

The version of the api being called.

Example: YOUR VERSION

Responses

200

successful operation

403

Not authorized to view the policy.

404

The policy or integrity monitoring rule does not exist.

Request samples

Java
Python
JavaScript

import com.trendmicro.deepsecurity.ApiClient;
import com.trendmicro.deepsecurity.Configuration;
import com.trendmicro.deepsecurity.auth.ApiKeyAuth;
import com.trendmicro.deepsecurity.auth.ApiKeyAuth;
import com.trendmicro.deepsecurity.ApiException;
import com.trendmicro.deepsecurity.api.PolicyIntegrityMonitoringRuleDetailsApi;
import com.trendmicro.deepsecurity.model.IntegrityMonitoringRule;


public class DescribeIntegrityMonitoringRuleOnPolicyExample {
	
	public static void main(String[] args) {
		// Setup
		ApiClient defaultClient = Configuration.getDefaultApiClient();
		defaultClient.setBasePath("YOUR HOST");

		// Authentication
		ApiKeyAuth Legacy API Key = (ApiKeyAuth) defaultClient.getAuthentication("Legacy API Key");
		Legacy API Key.setApiKey("YOUR API KEY");
		try {
			defaultClient.trustAllCertificates(false);
		} catch (Exception e) {
			System.err.println("An exception occurred when calling ApiClient.trustAllCertificates");
			e.printStackTrace();
		}
		ApiKeyAuth Trend Micro Cloud One API Key = (ApiKeyAuth) defaultClient.getAuthentication("Trend Micro Cloud One API Key");
		Trend Micro Cloud One API Key.setApiKey("YOUR API KEY");
		try {
			defaultClient.trustAllCertificates(false);
		} catch (Exception e) {
			System.err.println("An exception occurred when calling ApiClient.trustAllCertificates");
			e.printStackTrace();
		}
		
		// Initialization
		// Set Any Required Values
		PolicyIntegrityMonitoringRuleDetailsApi instance = new PolicyIntegrityMonitoringRuleDetailsApi();
		Integer policyID = 1;
		Integer integrityMonitoringRuleID = 1;
		Boolean overrides = false;
		String apiVersion = "YOUR VERSION";
		try {
			// Please replace the parameter values with yours
			IntegrityMonitoringRule result = instance.describeIntegrityMonitoringRuleOnPolicy(policyID, integrityMonitoringRuleID, overrides, apiVersion);
			System.out.println(result);
		} catch (ApiException e) {
			System.err.println("An exception occurred when calling PolicyIntegrityMonitoringRuleDetailsApi.describeIntegrityMonitoringRuleOnPolicy");
			e.printStackTrace();
		}
	}
}

Response samples

application/json

{"name": "string",
"description": "string",
"minimumAgentVersion": "string",
"minimumManagerVersion": "string",
"severity": "low",
"type": "string",
"originalIssue": 0,
"lastUpdated": 0,
"identifier": "string",
"template": "registry",
"registryKeyRoot": "string",
"registryKeyValue": "string",
"registryIncludeSubKeys": true,
"registryIncludedValues": ["string"
],
"registryIncludeDefaultValue": true,
"registryExcludedValues": ["string"
],
"registryAttributes": ["string"
],
"fileBaseDirectory": "string",
"fileIncludeSubDirectories": true,
"fileIncludedValues": ["string"
],
"fileExcludedValues": ["string"
],
"fileAttributes": ["string"
],
"customXML": "string",
"alertEnabled": true,
"realTimeMonitoringEnabled": true,
"recommendationsMode": "enabled",
"ID": 0
}

Modify an integrity monitoring rule

post/policies/{policyID}/integritymonitoring/rules/{integrityMonitoringRuleID}

Modify an integrity monitoring rule assigned to a policy. Any unset elements will be left unchanged.

Related SDK Methods:

Java

PolicyIntegrityMonitoringRuleDetailsApi.modifyIntegrityMonitoringRuleOnPolicy([param1, param2, ...])

Python

PolicyIntegrityMonitoringRuleDetailsApi.modify_integrity_monitoring_rule_on_policy([param1, param2, ...])

JavaScript

PolicyIntegrityMonitoringRuleDetailsApi.modifyIntegrityMonitoringRuleOnPolicy([param1, param2, ...])

SecurityTrend_Micro_Cloud_One_API_Key or Legacy_API_Key

Request

path Parameters

integrityMonitoringRuleID required	integer <int32> \d+ The ID number of the integrity monitoring rule to modify. Example: 1
policyID required	integer <int32> \d+ The ID number of the policy. Example: 1

query Parameters

overrides

boolean

Show only overrides defined for the current policy.

header Parameters

api-version

required

string

The version of the api being called.

Example: YOUR VERSION

Request Body schema: application/json

The settings of the integrity monitoring rule to modify.

alertEnabled	boolean Controls whether an alert should be made if an event related to the IntegrityMonitoringRule is logged. Defaults to `false`. Searchable as Boolean.
customXML	string Custom XML rules to be used by the IntegrityMonitoringRule. Custom XML rules must be encoded in the Base64 format. Ignored if the IntegrityMonitoringRule does not follow the `custom` template.
description	string Description of the IntegrityMonitoringRule. Searchable as String.
fileAttributes	Array of strings File attributes to be monitored by the IntegrityMonitoringRule. JSON array or delimited by `\n`. Defaults to `STANDARD` which will monitor changes in file creation date, last modified date, permissions, owner, group, size, content, flags (Windows) and SymLinkPath (Linux). Ignored if the IntegrityMonitoringRule does not monitor a file directory.
fileBaseDirectory	string Base of the file directory to be monitored by the IntegrityMonitoringRule. Ignored if the IntegrityMonitoringRule does not monitor a file directory.
fileExcludedValues	Array of strings File name values to be ignored by the IntegrityMonitoringRule. JSON array or delimited by `\n`. `?` matches a single character, while `*` matches zero or more characters. Ignored if the IntegrityMonitoringRule does not monitor a file directory.
fileIncludedValues	Array of strings File name values to be monitored by the IntegrityMonitoringRule. JSON array or delimited by `\n`. `?` matches a single character, while `*` matches zero or more characters. Leaving this field blank when monitoring file directories will cause the IntegrityMonitoringRule to monitor all files in a directory. This can use significant system resources if the base directory contains numerous or large files. Ignored if the IntegrityMonitoringRule does not monitor a file directory.
fileIncludeSubDirectories	boolean Controls whether the IntegrityMonitoringRule should also monitor sub-directories of the base file directory that is associated with it. Defaults to `false`. Ignored if the IntegrityMonitoringRule does not monitor a file directory.
name	string Name of the IntegrityMonitoringRule. Searchable as String.
realTimeMonitoringEnabled	boolean Controls whether the IntegrityMonitoringRule is monitored in real time or during every scan. Defaults to `true` which indicates that it is monitored in real time. A value of `false` indicates that it will only be checked during scans. Searchable as Boolean.
recommendationsMode	string Indicates whether recommendation scans consider the IntegrityMonitoringRule. Can be set to enabled or ignored. Custom rules cannot be recommended. Searchable as Choice. Enum: "enabled" "ignored" "unknown" "disabled"
registryAttributes	Array of strings Registry key attributes to be monitored by the IntegrityMonitoringRule. JSON array or delimited by `\n`. Defaults to `STANDARD` which will monitor changes in registry size, content and type. Ignored if the IntegrityMonitoringRule does not monitor a registry key.
registryExcludedValues	Array of strings Registry key values to be ignored by the IntegrityMonitoringRule. JSON array or delimited by `\n`. `?` matches a single character, while `*` matches zero or more characters. Ignored if the IntegrityMonitoringRule does not monitor a registry key.
registryIncludeDefaultValue	boolean Controls whether the rule should monitor default registry key values. Defaults to `true`. Ignored if the IntegrityMonitoringRule does not monitor a registry key.
registryIncludedValues	Array of strings Registry key values to be monitored by the IntegrityMonitoringRule. JSON array or delimited by `\n`. `?` matches a single character, while `*` matches zero or more characters. Ignored if the IntegrityMonitoringRule does not monitor a registry key.
registryIncludeSubKeys	boolean Controls whether the IntegrityMonitoringRule should also include subkeys of the registry key it monitors. Defaults to `false`. Ignored if the IntegrityMonitoringRule does not monitor a registry key.
registryKeyRoot	string Registry hive which is monitored by the IntegrityMonitoringRule. Empty if the IntegrityMonitoringRule does not monitor a registry key.
registryKeyValue	string Registry key which is monitored by the IntegrityMonitoringRule. Empty if the IntegrityMonitoringRule does not monitor a registry key. Ignored if the IntegrityMonitoringRule does not monitor a registry key.
severity	string Severity level of the event is multiplied by the computer's asset value to determine ranking. Ranking can be used to sort events with more business impact. Searchable as Choice. Enum: "low" "medium" "high" "critical"
template	string Template which the IntegrityMonitoringRule follows. Enum: "registry" "file" "custom"

Responses

200

successful operation

403

Not authorized to modify the policy or the requested modification is not permitted.

404

The policy or integrity monitoring rule does not exist.

Request samples

Payload
Java
Python
JavaScript

application/json

{"name": "string",
"description": "string",
"severity": "low",
"template": "registry",
"registryKeyRoot": "string",
"registryKeyValue": "string",
"registryIncludeSubKeys": true,
"registryIncludedValues": ["string"
],
"registryIncludeDefaultValue": true,
"registryExcludedValues": ["string"
],
"registryAttributes": ["string"
],
"fileBaseDirectory": "string",
"fileIncludeSubDirectories": true,
"fileIncludedValues": ["string"
],
"fileExcludedValues": ["string"
],
"fileAttributes": ["string"
],
"customXML": "string",
"alertEnabled": true,
"realTimeMonitoringEnabled": true,
"recommendationsMode": "enabled"
}

Response samples

application/json

{"name": "string",
"description": "string",
"minimumAgentVersion": "string",
"minimumManagerVersion": "string",
"severity": "low",
"type": "string",
"originalIssue": 0,
"lastUpdated": 0,
"identifier": "string",
"template": "registry",
"registryKeyRoot": "string",
"registryKeyValue": "string",
"registryIncludeSubKeys": true,
"registryIncludedValues": ["string"
],
"registryIncludeDefaultValue": true,
"registryExcludedValues": ["string"
],
"registryAttributes": ["string"
],
"fileBaseDirectory": "string",
"fileIncludeSubDirectories": true,
"fileIncludedValues": ["string"
],
"fileExcludedValues": ["string"
],
"fileAttributes": ["string"
],
"customXML": "string",
"alertEnabled": true,
"realTimeMonitoringEnabled": true,
"recommendationsMode": "enabled",
"ID": 0
}

Reset integrity monitoring rule overrides

delete/policies/{policyID}/integritymonitoring/rules/{integrityMonitoringRuleID}

Remove all overrides for an integrity monitoring rule from a policy.

Related SDK Methods:

Java

PolicyIntegrityMonitoringRuleDetailsApi.resetIntegrityMonitoringRuleOnPolicy([param1, param2, ...])

Python

PolicyIntegrityMonitoringRuleDetailsApi.reset_integrity_monitoring_rule_on_policy([param1, param2, ...])

JavaScript

PolicyIntegrityMonitoringRuleDetailsApi.resetIntegrityMonitoringRuleOnPolicy([param1, param2, ...])

SecurityTrend_Micro_Cloud_One_API_Key or Legacy_API_Key

Request

path Parameters

integrityMonitoringRuleID required	integer <int32> \d+ The ID number of the integrity monitoring rule to reset. Example: 1
policyID required	integer <int32> \d+ The ID number of the policy. Example: 1

query Parameters

overrides

boolean

Show only overrides defined for the current policy.

header Parameters

api-version

required

string

The version of the api being called.

Example: YOUR VERSION

Responses

200

successful operation

403

Not authorized to modify the policy.

404

The policy does not exist.

Request samples

Java
Python
JavaScript

import com.trendmicro.deepsecurity.ApiClient;
import com.trendmicro.deepsecurity.Configuration;
import com.trendmicro.deepsecurity.auth.ApiKeyAuth;
import com.trendmicro.deepsecurity.auth.ApiKeyAuth;
import com.trendmicro.deepsecurity.ApiException;
import com.trendmicro.deepsecurity.api.PolicyIntegrityMonitoringRuleDetailsApi;
import com.trendmicro.deepsecurity.model.IntegrityMonitoringRule;


public class ResetIntegrityMonitoringRuleOnPolicyExample {
	
	public static void main(String[] args) {
		// Setup
		ApiClient defaultClient = Configuration.getDefaultApiClient();
		defaultClient.setBasePath("YOUR HOST");

		// Authentication
		ApiKeyAuth Legacy API Key = (ApiKeyAuth) defaultClient.getAuthentication("Legacy API Key");
		Legacy API Key.setApiKey("YOUR API KEY");
		try {
			defaultClient.trustAllCertificates(false);
		} catch (Exception e) {
			System.err.println("An exception occurred when calling ApiClient.trustAllCertificates");
			e.printStackTrace();
		}
		ApiKeyAuth Trend Micro Cloud One API Key = (ApiKeyAuth) defaultClient.getAuthentication("Trend Micro Cloud One API Key");
		Trend Micro Cloud One API Key.setApiKey("YOUR API KEY");
		try {
			defaultClient.trustAllCertificates(false);
		} catch (Exception e) {
			System.err.println("An exception occurred when calling ApiClient.trustAllCertificates");
			e.printStackTrace();
		}
		
		// Initialization
		// Set Any Required Values
		PolicyIntegrityMonitoringRuleDetailsApi instance = new PolicyIntegrityMonitoringRuleDetailsApi();
		Integer policyID = 1;
		Integer integrityMonitoringRuleID = 1;
		Boolean overrides = false;
		String apiVersion = "YOUR VERSION";
		try {
			// Please replace the parameter values with yours
			IntegrityMonitoringRule result = instance.resetIntegrityMonitoringRuleOnPolicy(policyID, integrityMonitoringRuleID, overrides, apiVersion);
			System.out.println(result);
		} catch (ApiException e) {
			System.err.println("An exception occurred when calling PolicyIntegrityMonitoringRuleDetailsApi.resetIntegrityMonitoringRuleOnPolicy");
			e.printStackTrace();
		}
	}
}

Response samples

application/json

{"name": "string",
"description": "string",
"minimumAgentVersion": "string",
"minimumManagerVersion": "string",
"severity": "low",
"type": "string",
"originalIssue": 0,
"lastUpdated": 0,
"identifier": "string",
"template": "registry",
"registryKeyRoot": "string",
"registryKeyValue": "string",
"registryIncludeSubKeys": true,
"registryIncludedValues": ["string"
],
"registryIncludeDefaultValue": true,
"registryExcludedValues": ["string"
],
"registryAttributes": ["string"
],
"fileBaseDirectory": "string",
"fileIncludeSubDirectories": true,
"fileIncludedValues": ["string"
],
"fileExcludedValues": ["string"
],
"fileAttributes": ["string"
],
"customXML": "string",
"alertEnabled": true,
"realTimeMonitoringEnabled": true,
"recommendationsMode": "enabled",
"ID": 0
}

➔ Next to Policy Intrusion Prevention Rule Assignments & Recommendations