Get detection rule set list

Retrieve a list of detection rule sets available in a tenant.

Service endpoint

/rulesets/v2?page=m&page_size=n

Optional query string parameters
  • page: This is the page number to request.
  • page_size: This is the number of device records to retrieve per page.
You can also append any of the following to filter the results:
  • description: This is the case-insensitive query parameter to filter or sort by the description field.
  • last_modified: This is the case-insensitive query parameter to filter or sort by the Last Modified field, for example, the date/time format: 2019-04-10T21:39:54Z. Partial information will return matching results, for example, if 2019-04-10, 21:39:54, or 2019-04-10T21 is used, 2019-04-10T21:39:54Z will return, along with any other matching results.
  • modified_by.id: This is the case-insensitive query parameter to filter or sort by a user's unique ID.
  • modified_by.login: This is the case-insensitive query parameter to filter or sort by a user's email address.
  • device_count: This filters or sort the list by the number of applied devices.
  • sort: This sorts by field (adding '-' in front of the value denotes descending order).

Example

return the first page with 100 devices: https://protectapi.cylance.com/rulesets/v2?page=1&page_size=100

Method

HTTP/1.1 GET

Request headers
  • Accept: application/json
  • Content-Type: application/json
  • Authorization: Bearer JWT Token returned by Auth API with the user:create scope encoded.

Request

None

Response

Please see the Response status codes for more information.

Response JSON schema

Field Name Description

page_size

This is the number of items on the page.

total_pages

This is the total number of pages of this size.

total_number_of_items

This is the total number of detection rules in the tenant.

page_number

This is the current page number of results.

page_items

This is a list of exception objects that are available in the tenant that will contain the following fields.

name

This is the name of the detection rule.

description

This is the description of the detection rule.

id

This is the unique ID of the detection rule.

last_modified

This is the timestamp (in UTC) of the last time that the detection rule was modified.

modified_by

This is an object detailing the last user to modify the detection rule. It includes the following fields:

  • id: This is the unique ID of the user who modified the detection rule.
  • login: This is the email address of the user who modified the detection rule.

policies

This is a list of policy IDs that a detection rule set is applied to.

device_count

This is the number of devices that have the detection rule applied.

category

This is the category of rule grouping that the detection rule belongs to. Possible values include:

  • Custom: These are custom rules that users have uploaded to a tenant.
  • Endpoint Defense rules: These are the rules from Endpoint Defense.
  • Endpoint Defense experimental: These are the rules from Endpoint Defense that are deemed to be experimental.