Policy Intrusion Prevention Rule Details

List intrusion prevention rules

get/policies/{policyID}/intrusionprevention/rules

Lists all intrusion prevention rules assigned to a policy.

Related SDK Methods:
Java

PolicyIntrusionPreventionRuleDetailsApi.listIntrusionPreventionRulesOnPolicy([param1, param2, ...])

Python

PolicyIntrusionPreventionRuleDetailsApi.list_intrusion_prevention_rules_on_policy([param1, param2, ...])

JavaScript

PolicyIntrusionPreventionRuleDetailsApi.listIntrusionPreventionRulesOnPolicy([param1, param2, ...])

SecurityTrend_Micro_Cloud_One_API_Key or Legacy_API_Key
Request
path Parameters
policyID
required
integer <int32> \d+

The ID number of the policy.

Example: 1
query Parameters
overrides
boolean

Show only rules assigned to the current policy.

header Parameters
api-version
required
string

The version of the api being called.

Example: YOUR VERSION
Responses
200

successful operation

403

Not authorized to view the policy.

404

The policy does not exist.

Request samples
import com.trendmicro.deepsecurity.ApiClient;
import com.trendmicro.deepsecurity.Configuration;
import com.trendmicro.deepsecurity.auth.ApiKeyAuth;
import com.trendmicro.deepsecurity.auth.ApiKeyAuth;
import com.trendmicro.deepsecurity.ApiException;
import com.trendmicro.deepsecurity.api.PolicyIntrusionPreventionRuleDetailsApi;
import com.trendmicro.deepsecurity.model.IntrusionPreventionRules;


public class ListIntrusionPreventionRulesOnPolicyExample {
	
	public static void main(String[] args) {
		// Setup
		ApiClient defaultClient = Configuration.getDefaultApiClient();
		defaultClient.setBasePath("YOUR HOST");

		// Authentication
		ApiKeyAuth Legacy API Key = (ApiKeyAuth) defaultClient.getAuthentication("Legacy API Key");
		Legacy API Key.setApiKey("YOUR API KEY");
		try {
			defaultClient.trustAllCertificates(false);
		} catch (Exception e) {
			System.err.println("An exception occurred when calling ApiClient.trustAllCertificates");
			e.printStackTrace();
		}
		ApiKeyAuth Trend Micro Cloud One API Key = (ApiKeyAuth) defaultClient.getAuthentication("Trend Micro Cloud One API Key");
		Trend Micro Cloud One API Key.setApiKey("YOUR API KEY");
		try {
			defaultClient.trustAllCertificates(false);
		} catch (Exception e) {
			System.err.println("An exception occurred when calling ApiClient.trustAllCertificates");
			e.printStackTrace();
		}
		
		// Initialization
		// Set Any Required Values
		PolicyIntrusionPreventionRuleDetailsApi instance = new PolicyIntrusionPreventionRuleDetailsApi();
		Integer policyID = 1;
		Boolean overrides = false;
		String apiVersion = "YOUR VERSION";
		try {
			// Please replace the parameter values with yours
			IntrusionPreventionRules result = instance.listIntrusionPreventionRulesOnPolicy(policyID, overrides, apiVersion);
			System.out.println(result);
		} catch (ApiException e) {
			System.err.println("An exception occurred when calling PolicyIntrusionPreventionRuleDetailsApi.listIntrusionPreventionRulesOnPolicy");
			e.printStackTrace();
		}
	}
}

Response samples
application/json
{
  • "intrusionPreventionRules": [
    ]
}

Describe an intrusion prevention rule

get/policies/{policyID}/intrusionprevention/rules/{intrusionPreventionRuleID}

Describe an intrusion prevention rule including policy-level overrides.

Related SDK Methods:
Java

PolicyIntrusionPreventionRuleDetailsApi.describeIntrusionPreventionRuleOnPolicy([param1, param2, ...])

Python

PolicyIntrusionPreventionRuleDetailsApi.describe_intrusion_prevention_rule_on_policy([param1, param2, ...])

JavaScript

PolicyIntrusionPreventionRuleDetailsApi.describeIntrusionPreventionRuleOnPolicy([param1, param2, ...])

SecurityTrend_Micro_Cloud_One_API_Key or Legacy_API_Key
Request
path Parameters
intrusionPreventionRuleID
required
integer <int32> \d+

The ID number of the intrusion prevention rule.

Example: 1
policyID
required
integer <int32> \d+

The ID number of the policy.

Example: 1
query Parameters
overrides
boolean

Show only overrides defined for the current policy.

header Parameters
api-version
required
string

The version of the api being called.

Example: YOUR VERSION
Responses
200

successful operation

403

Not authorized to view the policy.

404

The policy or intrusion prevention rule does not exist.

Request samples
import com.trendmicro.deepsecurity.ApiClient;
import com.trendmicro.deepsecurity.Configuration;
import com.trendmicro.deepsecurity.auth.ApiKeyAuth;
import com.trendmicro.deepsecurity.auth.ApiKeyAuth;
import com.trendmicro.deepsecurity.ApiException;
import com.trendmicro.deepsecurity.api.PolicyIntrusionPreventionRuleDetailsApi;
import com.trendmicro.deepsecurity.model.IntrusionPreventionRule;


public class DescribeIntrusionPreventionRuleOnPolicyExample {
	
	public static void main(String[] args) {
		// Setup
		ApiClient defaultClient = Configuration.getDefaultApiClient();
		defaultClient.setBasePath("YOUR HOST");

		// Authentication
		ApiKeyAuth Legacy API Key = (ApiKeyAuth) defaultClient.getAuthentication("Legacy API Key");
		Legacy API Key.setApiKey("YOUR API KEY");
		try {
			defaultClient.trustAllCertificates(false);
		} catch (Exception e) {
			System.err.println("An exception occurred when calling ApiClient.trustAllCertificates");
			e.printStackTrace();
		}
		ApiKeyAuth Trend Micro Cloud One API Key = (ApiKeyAuth) defaultClient.getAuthentication("Trend Micro Cloud One API Key");
		Trend Micro Cloud One API Key.setApiKey("YOUR API KEY");
		try {
			defaultClient.trustAllCertificates(false);
		} catch (Exception e) {
			System.err.println("An exception occurred when calling ApiClient.trustAllCertificates");
			e.printStackTrace();
		}
		
		// Initialization
		// Set Any Required Values
		PolicyIntrusionPreventionRuleDetailsApi instance = new PolicyIntrusionPreventionRuleDetailsApi();
		Integer policyID = 1;
		Integer intrusionPreventionRuleID = 1;
		Boolean overrides = false;
		String apiVersion = "YOUR VERSION";
		try {
			// Please replace the parameter values with yours
			IntrusionPreventionRule result = instance.describeIntrusionPreventionRuleOnPolicy(policyID, intrusionPreventionRuleID, overrides, apiVersion);
			System.out.println(result);
		} catch (ApiException e) {
			System.err.println("An exception occurred when calling PolicyIntrusionPreventionRuleDetailsApi.describeIntrusionPreventionRuleOnPolicy");
			e.printStackTrace();
		}
	}
}

Response samples
application/json
{
  • "name": "string",
  • "description": "string",
  • "minimumAgentVersion": "string",
  • "applicationTypeID": 0,
  • "priority": "lowest",
  • "ruleAvailability": "endpoint-and-workload",
  • "severity": "low",
  • "detectOnly": true,
  • "eventLoggingDisabled": true,
  • "generateEventOnPacketDrop": true,
  • "alwaysIncludePacketData": true,
  • "debugModeEnabled": true,
  • "type": "custom",
  • "originalIssue": 0,
  • "lastUpdated": 0,
  • "identifier": "string",
  • "template": "signature",
  • "signature": "string",
  • "start": "string",
  • "patterns": [
    ],
  • "end": "string",
  • "caseSensitive": true,
  • "condition": "all",
  • "action": "drop",
  • "customXML": "string",
  • "alertEnabled": true,
  • "scheduleID": 0,
  • "contextID": 0,
  • "recommendationsMode": "enabled",
  • "canBeAssignedAlone": true,
  • "dependsOnRuleIDs": [
    ],
  • "ID": 0,
  • "CVSSScore": "string",
  • "CVE": [
    ]
}

Modify an intrusion prevention rule

post/policies/{policyID}/intrusionprevention/rules/{intrusionPreventionRuleID}

Modify an intrusion prevention rule assigned to a policy. Any unset elements will be left unchanged.

Related SDK Methods:
Java

PolicyIntrusionPreventionRuleDetailsApi.modifyIntrusionPreventionRuleOnPolicy([param1, param2, ...])

Python

PolicyIntrusionPreventionRuleDetailsApi.modify_intrusion_prevention_rule_on_policy([param1, param2, ...])

JavaScript

PolicyIntrusionPreventionRuleDetailsApi.modifyIntrusionPreventionRuleOnPolicy([param1, param2, ...])

SecurityTrend_Micro_Cloud_One_API_Key or Legacy_API_Key
Request
path Parameters
intrusionPreventionRuleID
required
integer <int32> \d+

The ID number of the intrusion prevention rule to modify.

Example: 1
policyID
required
integer <int32> \d+

The ID number of the policy.

Example: 1
query Parameters
overrides
boolean

Show only overrides defined for the current policy.

header Parameters
api-version
required
string

The version of the api being called.

Example: YOUR VERSION
Request Body schema: application/json

The settings of the intrusion prevention rule to modify.

action
string

Action to apply if the rule is triggered. Applicable to custom rules with template type signature or start-end-patterns.

Enum: "drop" "log-only"
alertEnabled
boolean

Enable to raise an alert when the rule logs an event. Searchable as Boolean.

alwaysIncludePacketData
boolean

Enabled to include package data in the event logs. Not available if eventLoggingDisabled is true. Searchable as Boolean.

applicationTypeID
integer <int32>

ID of the application type for the IntrusionPreventionRule. Searchable as Numeric.

caseSensitive
boolean

Enable to make signatures and patterns case sensitive. Applicable to custom rules with template type signature or start-end-patterns.

condition
string

Condition to determine if the rule is triggered. Applicable to custom rules with template type start-end-patterns.

Enum: "all" "any" "none"
contextID
integer <int32>

ID of the context in which the rule is applied. Set to 0 to remove any assignment. Searchable as Numeric.

customXML
string

The custom XML used to define the rule. Applicable to custom rules with template type custom.

CVE
Array of strings

List of CVEs associated with the IntrusionPreventionRule. Searchable as String.

CVSSScore
string

A measure of the severity of the vulnerability according the National Vulnerability Database. Searchable as String or as Numeric.

debugModeEnabled
boolean

Enable to log additional packets preceeding and following the packet that the rule detected. Not available if eventLoggingDisabled is true. Searchable as Boolean.

dependsOnRuleIDs
Array of integers <int32>

IDs of intrusion prevention rules the rule depends on, which will be automatically assigned if this rule is assigned.

description
string

Description of the IntrusionPreventionRule. Searchable as String.

detectOnly
boolean

In detect mode, the rule creates an event log and does not interfere with traffic.

end
string

End pattern of the rule. Applicable to custom rules with template type start-end-patterns.

eventLoggingDisabled
boolean

Enable to prevent event logs from being created when the rule is triggered. Not available if detectOnly is true. Searchable as Boolean.

generateEventOnPacketDrop
boolean

Generate an event every time a packet is dropped for the rule. Not available if eventLoggingDisabled is true. Searchable as Boolean.

lastUpdated
integer <int64>

Timestamp of the last rule modification, in milliseconds since epoch. Searchable as Date.

minimumAgentVersion
string

Version of the Deep Security agent or appliance required to support the rule. Searchable as String.

name
string

Name of the IntrusionPreventionRule. Searchable as String.

originalIssue
integer <int64>

Timestamp of the date the rule was released, in milliseconds since epoch. Searchable as Date.

patterns
Array of strings

Body patterns of the rule, which must be found between start and end patterns. Applicable to custom rules with template type start-end-patterns.

priority
string

Priority level of the rule. Higher priority rules are applied before lower priority rules. Searchable as Choice.

Enum: "lowest" "low" "normal" "high" "highest"
recommendationsMode
string

Indicates whether recommendation scans consider the IntrusionPreventionRule. Can be set to enabled or ignored. Custom rules cannot be recommended. Searchable as Choice.

Enum: "enabled" "ignored" "unknown" "disabled"
scheduleID
integer <int32>

ID of the schedule which defines times during which the rule is active. Set to 0 to remove any assignment. Searchable as Numeric.

severity
string

Severity level of the rule. Severity levels can be used as sorting criteria and affect event rankings. Searchable as Choice.

Enum: "low" "medium" "high" "critical"
signature
string

Signature of the rule. Applicable to custom rules with template type signature.

start
string

Start pattern of the rule. Applicable to custom rules with template type start-end-patterns.

template
string

Type of template for the IntrusionPreventionRule. Applicable only to custom rules.

Enum: "signature" "start-end-patterns" "custom"
type
string

Type of IntrusionPreventionRule. Searchable as Choice.

Enum: "custom" "smart" "vulnerability" "exploit" "hidden" "policy" "info"
Responses
200

successful operation

403

Not authorized to modify the policy or the requested modification is not permitted.

404

The policy or intrusion prevention rule does not exist.

Request samples
application/json
{
  • "name": "string",
  • "description": "string",
  • "minimumAgentVersion": "string",
  • "applicationTypeID": 0,
  • "priority": "lowest",
  • "severity": "low",
  • "detectOnly": true,
  • "eventLoggingDisabled": true,
  • "generateEventOnPacketDrop": true,
  • "alwaysIncludePacketData": true,
  • "debugModeEnabled": true,
  • "type": "custom",
  • "originalIssue": 0,
  • "lastUpdated": 0,
  • "template": "signature",
  • "signature": "string",
  • "start": "string",
  • "patterns": [
    ],
  • "end": "string",
  • "caseSensitive": true,
  • "condition": "all",
  • "action": "drop",
  • "customXML": "string",
  • "alertEnabled": true,
  • "scheduleID": 0,
  • "contextID": 0,
  • "recommendationsMode": "enabled",
  • "dependsOnRuleIDs": [
    ],
  • "CVSSScore": "string",
  • "CVE": [
    ]
}
Response samples
application/json
{
  • "name": "string",
  • "description": "string",
  • "minimumAgentVersion": "string",
  • "applicationTypeID": 0,
  • "priority": "lowest",
  • "ruleAvailability": "endpoint-and-workload",
  • "severity": "low",
  • "detectOnly": true,
  • "eventLoggingDisabled": true,
  • "generateEventOnPacketDrop": true,
  • "alwaysIncludePacketData": true,
  • "debugModeEnabled": true,
  • "type": "custom",
  • "originalIssue": 0,
  • "lastUpdated": 0,
  • "identifier": "string",
  • "template": "signature",
  • "signature": "string",
  • "start": "string",
  • "patterns": [
    ],
  • "end": "string",
  • "caseSensitive": true,
  • "condition": "all",
  • "action": "drop",
  • "customXML": "string",
  • "alertEnabled": true,
  • "scheduleID": 0,
  • "contextID": 0,
  • "recommendationsMode": "enabled",
  • "canBeAssignedAlone": true,
  • "dependsOnRuleIDs": [
    ],
  • "ID": 0,
  • "CVSSScore": "string",
  • "CVE": [
    ]
}

Reset intrusion prevention rule overrides

delete/policies/{policyID}/intrusionprevention/rules/{intrusionPreventionRuleID}

Remove all overrides for an intrusion prevention rule from a policy.

Related SDK Methods:
Java

PolicyIntrusionPreventionRuleDetailsApi.resetIntrusionPreventionRuleOnPolicy([param1, param2, ...])

Python

PolicyIntrusionPreventionRuleDetailsApi.reset_intrusion_prevention_rule_on_policy([param1, param2, ...])

JavaScript

PolicyIntrusionPreventionRuleDetailsApi.resetIntrusionPreventionRuleOnPolicy([param1, param2, ...])

SecurityTrend_Micro_Cloud_One_API_Key or Legacy_API_Key
Request
path Parameters
intrusionPreventionRuleID
required
integer <int32> \d+

The ID number of the intrusion prevention rule to reset.

Example: 1
policyID
required
integer <int32> \d+

The ID number of the policy.

Example: 1
query Parameters
overrides
boolean

Show only overrides defined for the current policy.

header Parameters
api-version
required
string

The version of the api being called.

Example: YOUR VERSION
Responses
200

successful operation

403

Not authorized to modify the policy.

404

The policy does not exist.

Request samples
import com.trendmicro.deepsecurity.ApiClient;
import com.trendmicro.deepsecurity.Configuration;
import com.trendmicro.deepsecurity.auth.ApiKeyAuth;
import com.trendmicro.deepsecurity.auth.ApiKeyAuth;
import com.trendmicro.deepsecurity.ApiException;
import com.trendmicro.deepsecurity.api.PolicyIntrusionPreventionRuleDetailsApi;
import com.trendmicro.deepsecurity.model.IntrusionPreventionRule;


public class ResetIntrusionPreventionRuleOnPolicyExample {
	
	public static void main(String[] args) {
		// Setup
		ApiClient defaultClient = Configuration.getDefaultApiClient();
		defaultClient.setBasePath("YOUR HOST");

		// Authentication
		ApiKeyAuth Legacy API Key = (ApiKeyAuth) defaultClient.getAuthentication("Legacy API Key");
		Legacy API Key.setApiKey("YOUR API KEY");
		try {
			defaultClient.trustAllCertificates(false);
		} catch (Exception e) {
			System.err.println("An exception occurred when calling ApiClient.trustAllCertificates");
			e.printStackTrace();
		}
		ApiKeyAuth Trend Micro Cloud One API Key = (ApiKeyAuth) defaultClient.getAuthentication("Trend Micro Cloud One API Key");
		Trend Micro Cloud One API Key.setApiKey("YOUR API KEY");
		try {
			defaultClient.trustAllCertificates(false);
		} catch (Exception e) {
			System.err.println("An exception occurred when calling ApiClient.trustAllCertificates");
			e.printStackTrace();
		}
		
		// Initialization
		// Set Any Required Values
		PolicyIntrusionPreventionRuleDetailsApi instance = new PolicyIntrusionPreventionRuleDetailsApi();
		Integer policyID = 1;
		Integer intrusionPreventionRuleID = 1;
		Boolean overrides = false;
		String apiVersion = "YOUR VERSION";
		try {
			// Please replace the parameter values with yours
			IntrusionPreventionRule result = instance.resetIntrusionPreventionRuleOnPolicy(policyID, intrusionPreventionRuleID, overrides, apiVersion);
			System.out.println(result);
		} catch (ApiException e) {
			System.err.println("An exception occurred when calling PolicyIntrusionPreventionRuleDetailsApi.resetIntrusionPreventionRuleOnPolicy");
			e.printStackTrace();
		}
	}
}

Response samples
application/json
{
  • "name": "string",
  • "description": "string",
  • "minimumAgentVersion": "string",
  • "applicationTypeID": 0,
  • "priority": "lowest",
  • "ruleAvailability": "endpoint-and-workload",
  • "severity": "low",
  • "detectOnly": true,
  • "eventLoggingDisabled": true,
  • "generateEventOnPacketDrop": true,
  • "alwaysIncludePacketData": true,
  • "debugModeEnabled": true,
  • "type": "custom",
  • "originalIssue": 0,
  • "lastUpdated": 0,
  • "identifier": "string",
  • "template": "signature",
  • "signature": "string",
  • "start": "string",
  • "patterns": [
    ],
  • "end": "string",
  • "caseSensitive": true,
  • "condition": "all",
  • "action": "drop",
  • "customXML": "string",
  • "alertEnabled": true,
  • "scheduleID": 0,
  • "contextID": 0,
  • "recommendationsMode": "enabled",
  • "canBeAssignedAlone": true,
  • "dependsOnRuleIDs": [
    ],
  • "ID": 0,
  • "CVSSScore": "string",
  • "CVE": [
    ]
}