Create detection exception

Create a new detection exception by sending the native JSON structure of a detection exception.

Service endpoint

/exceptions/v2

Optional query string parameters

Example

https://protectapi.cylance.com/exceptions/v2

Method

HTTP/1.1 POST

Request headers
  • Accept: application/json
  • Authorization: Bearer JWT Token returned by Auth API with the opticsexception:create scope encoded

Request

JSON 
{
    "Name": "My Exception",
    "Description": "My Exception Description",
    "ObjectType": "ExceptionRule",
    "OperatingSystems": [
        {
            "Name": "Windows"
        }
    ],
    "Plugin": {
        "Name": "OpticsDetector"
    },
    "Product": {
        "Name": "CylanceOPTICS"
    },
    "SchemaVersion": 1,
    "States": [
        {
            "Name": "UnsignedProc",
            "Scope": "Global",
            "Function": "Function",
            "FieldOperators": {
                "Function": {
                    "Type": "EqualsAny",
                    "Operands": [
                        {
                            "Source": "LiteralSet",
                            "Data": iexplore.exe"
                        }
                    ],
                    "OperandType": "string",
                    "Options": {
                        "IgnoreCase": true
                    }
                }
            },
            "Actions": [
                {
                    "Type": "AOI",
                    "ItemName": "InstigatingProcess",
                    "Position": "PostActivation"
                }
            ]
        }
    ],
    "Tags": [
        "CylanceOPTICS, Exception"
    ]
}

Response

Please see the Response status codes for more information.

Request and Response JSON schema

Field Name Description

Description

This is the description for the detection exception.

Id

This is the unique identifier for the detection exception.

Part of the response, after the detection exception is created.

Name

This is the name of the detection exception.

ObjectType

This is the type of object defined in this rule.

  • DetectionRule
  • ResponseRule

OperatingSystems

This is the list of operating systems to which the detection exception applies.

Plugin

This is the name of the product feature to which the detection exception applies.

Product

This is the name of the Endpoint Defense product to which the detection exception applies.

SchemaVersion

This is the version of the schema.

States

This is the list of all available states. If no paths are specified, the states are transitioned in the order they are specified.

Tags

This is the list of tags associated with the detection exception.

Version

This is the version number for the detection exception.

It is part of the response, after the detection exception is created.

The "id" and "version" fields are automatically populated when the request is submitted.