Skip Navigation

Detection rule API

The
BlackBerry Optics
Detection Rules API allows users to create or update rules to help monitor an organization for security threats or anomalous behavior. The flexibility of detection rules allows users to monitor for broad behavior characteristics (for example, files being created with certain naming patterns) or search for a targeted series of events (for example, a process with a certain file signature thumbprint that then creates files and initiates network connections).
The
BlackBerry Optics
Detection Rules API includes:
  • Getting the content of a detection rule.
  • Getting a list of detection rules for a tenant.
  • Getting a list of detection rules as a .csv file.
  • Validating a detection rule.
  • Creating a detection rule.
  • Updating a detection rule.
  • Deactivating (or soft deleting) a detection rule.
  • Getting a natural language representation of a detection rule.
  • Getting a count of how many detection rules exist in a tenant.