Skip Navigation

Create detection exception

Create a new detection exception by sending the native JSON structure of a detection exception.
Service endpoint
/exceptions/v2
Optional query string parameters
Example
https://protectapi.cylance.com/exceptions/v2
Method
HTTP/1.1 POST
Request headers
  • Accept: application/json
  • Authorization: Bearer
    JWT Token returned by Auth API
    with the opticsexception:create scope encoded

Request

{ "Name": "My Exception", "Description": "My Exception Description", "ObjectType": "ExceptionRule", "OperatingSystems": [ { "Name": "Windows" } ], "Plugin": { "Name": "OpticsDetector" }, "Product": { "Name": "CylanceOPTICS" }, "SchemaVersion": 1, "States": [ { "Name": "UnsignedProc", "Scope": "Global", "Function": "Function", "FieldOperators": { "Function": { "Type": "EqualsAny", "Operands": [ { "Source": "LiteralSet", "Data": iexplore.exe" } ], "OperandType": "string", "Options": { "IgnoreCase": true } } }, "Actions": [ { "Type": "AOI", "ItemName": "InstigatingProcess", "Position": "PostActivation" } ] } ], "Tags": [ "CylanceOPTICS, Exception" ] }

Response

Please see the Response status codes for more information.

Request and Response JSON schema

Field Name
Description
Description
This is the description for the detection exception.
Id
This is the unique identifier for the detection exception.
Part of the response, after the detection exception is created.
Name
This is the name of the detection exception.
ObjectType
This is the type of object defined in this rule.
  • DetectionRule
  • ResponseRule
OperatingSystems
This is the list of operating systems to which the detection exception applies.
Plugin
This is the name of the product feature to which the detection exception applies.
Product
This is the name of the
Cylance
product to which the detection exception applies.
SchemaVersion
This is the version of the schema.
States
This is the list of all available states. If no paths are specified, the states are transitioned in the order they are specified.
Tags
This is the list of tags associated with the detection exception.
Version
This is the version number for the detection exception.
It is part of the response, after the detection exception is created.
The "id" and "version" fields are automatically populated when the request is submitted.