Create detection exception
Create a new detection exception by sending the native JSON structure of a detection exception.
Service endpoint | /exceptions/v2 |
Optional query string parameters | — |
Example | https://protectapi.cylance.com/exceptions/v2 |
Method | HTTP/1.1 POST |
Request headers |
|
Request
{ "Name": "My Exception", "Description": "My Exception Description", "ObjectType": "ExceptionRule", "OperatingSystems": [ { "Name": "Windows" } ], "Plugin": { "Name": "OpticsDetector" }, "Product": { "Name": "CylanceOPTICS" }, "SchemaVersion": 1, "States": [ { "Name": "UnsignedProc", "Scope": "Global", "Function": "Function", "FieldOperators": { "Function": { "Type": "EqualsAny", "Operands": [ { "Source": "LiteralSet", "Data": iexplore.exe" } ], "OperandType": "string", "Options": { "IgnoreCase": true } } }, "Actions": [ { "Type": "AOI", "ItemName": "InstigatingProcess", "Position": "PostActivation" } ] } ], "Tags": [ "CylanceOPTICS, Exception" ] }
Response
Please see the Response status codes for more information.
Request and Response JSON schema
Field Name | Description |
---|---|
Description | This is the description for the detection exception. |
Id | This is the unique identifier for the detection exception. Part of the response, after the detection exception is created. |
Name | This is the name of the detection exception. |
ObjectType | This is the type of object defined in this rule.
|
OperatingSystems | This is the list of operating systems to which the detection exception applies. |
Plugin | This is the name of the product feature to which the detection exception applies. |
Product | This is the name of the Cylance product to which the detection exception applies. |
SchemaVersion | This is the version of the schema. |
States | This is the list of all available states. If no paths are specified, the states are transitioned in the order they are specified. |
Tags | This is the list of tags associated with the detection exception. |
Version | This is the version number for the detection exception. It is part of the response, after the detection exception is created. |
The "id" and "version" fields are automatically populated when the request is submitted.