Validate detection rule
Allows a user to validate a detection rule's JSON by sending the native JSON structure of a detection rule to a validation service.
Service endpoint | /rules/v2/validate |
Optional query string parameters | — |
Example | https://protectapi.cylance.com/rules/v2/validate |
Method | HTTP/1.1 POST |
Request headers |
|
Request
{ "Name": "Name of Detection Rule", "Description": "Description of Detection Rule", "Severity": "Medium", "ObjectType": "DetectionRule", "OperatingSystems": [ { "Name": "Windows", } ], "Plugin": { "Name": "OpticsDetector" }, "Product": { "Name": "CylanceOPTICS" }, "SchemaVersion": 1, "States": [ { "Name": "MaliciousApp", "Scope": "Global", "Function": "Function", "FieldOperators": { "Function": { "Type": "EqualsAny", "Operands": [ { "Source": "LiteralSet", "Data": "badapp.exe" } ], "OperandType": "string", "Options": { "IgnoreCase": true } } }, "Actions": [ { "Type": "AOI", "ItemName": "InstigatingProcess", "Position": "PostActivation" } ], "Filters": [ { "Type": "Event", "Data": { "Category": "Process", "SubCategory": "", "Type": "*" } } ] } ], "Tags": [ "CylanceOPTICS" ] }
Response
Please see the Response status codes for more information.
Request JSON schema
Field Name | Description |
---|---|
Description | This is the description for the detection rule. |
Name | This is the name of the detection rule. |
ObjectType | This is the type of object defined in this rule.
|
OperatingSystems | This is the affected operating systems.
|
Plugin | This is the CylanceOPTICS plugin associated with the detection rule. |
Product | This is the name of the product associated with the detection rule. |
SchemaVersion | This is the version of the schema. |
Severity | This is the severity assigned to the detection rule. Possible values are:
|
States | This is the list of all available states. If no paths are specified, the states are transitioned in the order they are specified. |
Tags | This is a list of tags associated with the Detection Rule. |
Response JSON schema
Field Name | Description |
---|---|
errors | This is a list of error messages that will prevent the Detection Rule from validating and operating correctly. |
valid | This returns "true" if the Detection Rule passes validation. It returns "false" if the Detection Rule does not pass validation. |
warnings | This is a list of warning message strings that may impact the performance or validity of the Detection Rule. |