Update detection exception

Update a detection exception by sending a new JSON structure.

Service endpoint

/exceptions/v2/{exception_id}

Optional query string parameters

Example

https://protectapi.cylance.com/exceptions/v2/24eff732-4d39-47df-b246-f7dbb8a8fd87

Method

HTTP/1.1 PUT

Request headers
  • Accept: application/json
  • Authorization: Bearer JWT Token returned by Auth API with the opticsexception:update scope encoded

Request

JSON 
{
    "Name": "My Exception",
    "Description": "My Exception Description",
    "ObjectType": "ExceptionRule",
    "OperatingSystems": [
        {
            "Name": "Windows"
        }
    ],
    "Plugin": {
        "Name": "OpticsDetector"
    },
    "Product": {
        "Name": "Optics"
    },
    "SchemaVersion": 1,
    "States": [
        {
            "Name": "UnsignedProc",
            "Scope": "Global",
            "Function": "Function",
            "FieldOperators": {
                "Function": {
                    "Type": "EqualsAny",
                    "Operands": [
                        {
                            "Source": "LiteralSet",
                            "Data": iexplore.exe"
                        }
                    ],
                    "OperandType": "string",
                    "Options": {
                        "IgnoreCase": true
                    }
                }
            },
            "Actions": [
                {
                    "Type": "AOI",
                    "ItemName": "InstigatingProcess",
                    "Position": "PostActivation"
                }
            ]
        }
    ],
    "Tags": [
        "Optics, Exception"
    ]
}

Response

Please see the Response status codes for more information.

Request or response JSON schema

Field Name Description

Description

This is the description for the detection exception.

Id

This is the unique identifier for the detection exception.

Part of the response, after the detection exception is updated.

Name

This is the name of the detection exception.

ObjectType

This is the type of object defined in this rule.

  • DetectionRule
  • ResponseRule

OperatingSystems

This is the list of operating systems to which the detection exception applies.

Plugin

This is the name of the product feature to which the detection exception applies.

Product

This is the name of the Endpoint Defense product to which the detection exception applies.

SchemaVersion

This is the version of the schema.

States

This is the list of all available states. If no paths are specified, the states are transitioned in the order they are specified.

Tags

This is the list of tags associated with the detection exception.

Version

This is the version number for the detection exception.

Part of the response, after the detection exception is updated.

The "id" and "version" fields are automatically populated when the request is submitted.