Skip Navigation
  1. BlackBerry Docs
  2. Cylance Endpoint Security
  3. Cylance User API guide
  4. Detection rule sets API
  5. Get detection rule set list

Get detection rule set list

Retrieve a list of detection rule sets available in a tenant.
Service endpoint
/rulesets/v2?page=m&page_size=n
Optional query string parameters
  • page: This is the page number to request.
  • page_size: This is the number of device records to retrieve per page.
You can also append any of the following to filter the results:
  • description: This is the case-insensitive query parameter to filter or sort by the description field.
  • last_modified: This is the case-insensitive query parameter to filter or sort by the Last Modified field, for example, the date/time format: 2019-04-10T21:39:54Z. Partial information will return matching results, for example, if 2019-04-10, 21:39:54, or 2019-04-10T21 is used, 2019-04-10T21:39:54Z will return, along with any other matching results.
  • modified_by.id: This is the case-insensitive query parameter to filter or sort by a user's unique ID.
  • modified_by.login: This is the case-insensitive query parameter to filter or sort by a user's email address.
  • device_count: This filters or sort the list by the number of applied devices.
  • sort: This sorts by field (adding '-' in front of the value denotes descending order).
Example
return the first page with 100 devices: https://protectapi.cylance.com/rulesets/v2?page=1&page_size=100
Method
HTTP/1.1 GET
Request headers
  • Accept: application/json
  • Content-Type: application/json
  • Authorization: Bearer
    JWT Token returned by Auth API
     with the user:create scope encoded.

Request

None

Response

Please see the Response status codes for more information.

Response JSON schema

Field Name
Description
page_size
This is the number of items on the page.
total_pages
This is the total number of pages of this size.
total_number_of_items
This is the total number of detection rules in the tenant.
page_number
This is the current page number of results.
page_items
This is a list of exception objects that are available in the tenant that will contain the following fields.
name
This is the name of the detection rule.
description
This is the description of the detection rule.
id
This is the unique ID of the detection rule.
last_modified
This is the timestamp (in UTC) of the last time that the detection rule was modified.
modified_by
This is an object detailing the last user to modify the detection rule. It includes the following fields:
  • id: This is the unique ID of the user who modified the detection rule.
  • login: This is the email address of the user who modified the detection rule.
policies
This is a list of policy IDs that a detection rule set is applied to.
device_count
This is the number of devices that have the detection rule applied.
category
This is the category of rule grouping that the detection rule belongs to. Possible values include:
  • Custom: These are custom rules that users have uploaded to a tenant.
  • Cylance
     rules: These are the rules from
    Cylance
    .
  • Cylance
     experimental: These are the rules from
    Cylance
     that are deemed to be experimental.