post
/public_api/v1/disable_injection_prevention_rules/add
Creates a new Disable Injection and Prevention rule to allow specific processes to bypass injection prevention.
This endpoint allows you to:
- Define a new rule with a unique name and description
- Specify the target platform (Windows, Linux, or macOS)
- Set the process name and path to be protected
- Configure expiration time
- Apply the rule globally or to specific profiles
Request headers
Authorization
String
required
{api_key}
{api_key}
Example:
UCoWpG4rkNzgCp2dsh8m02iVpZsskwKHz7N1tErPcUV3Wmf59Gc9kytmgOv0pDWoem3PBlORyRIPiir4OcYdWUOWAM3JyTgoCxQf4nQoTlKmFRKz9Bj5vIjluw66p9WP
x-xdr-auth-id
String
required
{api_key_id}
{api_key_id}
Example:
241
CLIENT REQUEST
curl -X 'POST'
-H
'Accept: application/json'
-H
'Content-Type: application/json'
-H
'Authorization: UCoWpG4rkNzgCp2dsh8m02iVpZsskwKHz7N1tErPcUV3Wmf59Gc9kytmgOv0pDWoem3PBlORyRIPiir4OcYdWUOWAM3JyTgoCxQf4nQoTlKmFRKz9Bj5vIjluw66p9WP'
-H
'x-xdr-auth-id: 241'
'https://api-yourfqdn/public_api/v1/disable_injection_prevention_rules/add'
-d
''
import http.client
conn = http.client.HTTPSConnection("api-yourfqdn")
payload = "{\"request_data\":{\"rule_name\":\"Global Windows Exception\",\"description\":\"Allow injection for trusted Windows application across all endpoints\",\"platform\":\"windows\",\"process_name\":\"trustedapp.exe\",\"path\":\"C:\\\\Program Files\\\\TrustedApp\\\\trustedapp.exe\",\"hours_to_expiration\":24,\"profile_ids\":[96],\"scope\":\"global\"}}"
headers = {
'Authorization': "UCoWpG4rkNzgCp2dsh8m02iVpZsskwKHz7N1tErPcUV3Wmf59Gc9kytmgOv0pDWoem3PBlORyRIPiir4OcYdWUOWAM3JyTgoCxQf4nQoTlKmFRKz9Bj5vIjluw66p9WP",
'x-xdr-auth-id': "241",
'content-type': "application/json"
}
conn.request("POST", "/public_api/v1/disable_injection_prevention_rules/add", payload, headers)
res = conn.getresponse()
data = res.read()
print(data.decode("utf-8"))require 'uri'
require 'net/http'
require 'openssl'
url = URI("https://api-yourfqdn/public_api/v1/disable_injection_prevention_rules/add")
http = Net::HTTP.new(url.host, url.port)
http.use_ssl = true
http.verify_mode = OpenSSL::SSL::VERIFY_NONE
request = Net::HTTP::Post.new(url)
request["Authorization"] = 'UCoWpG4rkNzgCp2dsh8m02iVpZsskwKHz7N1tErPcUV3Wmf59Gc9kytmgOv0pDWoem3PBlORyRIPiir4OcYdWUOWAM3JyTgoCxQf4nQoTlKmFRKz9Bj5vIjluw66p9WP'
request["x-xdr-auth-id"] = '241'
request["content-type"] = 'application/json'
request.body = "{\"request_data\":{\"rule_name\":\"Global Windows Exception\",\"description\":\"Allow injection for trusted Windows application across all endpoints\",\"platform\":\"windows\",\"process_name\":\"trustedapp.exe\",\"path\":\"C:\\\\Program Files\\\\TrustedApp\\\\trustedapp.exe\",\"hours_to_expiration\":24,\"profile_ids\":[96],\"scope\":\"global\"}}"
response = http.request(request)
puts response.read_bodyconst data = JSON.stringify({
"request_data": {
"rule_name": "Global Windows Exception",
"description": "Allow injection for trusted Windows application across all endpoints",
"platform": "windows",
"process_name": "trustedapp.exe",
"path": "C:\\Program Files\\TrustedApp\\trustedapp.exe",
"hours_to_expiration": 24,
"profile_ids": [
96
],
"scope": "global"
}
});
const xhr = new XMLHttpRequest();
xhr.withCredentials = true;
xhr.addEventListener("readystatechange", function () {
if (this.readyState === this.DONE) {
console.log(this.responseText);
}
});
xhr.open("POST", "https://api-yourfqdn/public_api/v1/disable_injection_prevention_rules/add");
xhr.setRequestHeader("Authorization", "UCoWpG4rkNzgCp2dsh8m02iVpZsskwKHz7N1tErPcUV3Wmf59Gc9kytmgOv0pDWoem3PBlORyRIPiir4OcYdWUOWAM3JyTgoCxQf4nQoTlKmFRKz9Bj5vIjluw66p9WP");
xhr.setRequestHeader("x-xdr-auth-id", "241");
xhr.setRequestHeader("content-type", "application/json");
xhr.send(data);HttpResponse<String> response = Unirest.post("https://api-yourfqdn/public_api/v1/disable_injection_prevention_rules/add")
.header("Authorization", "UCoWpG4rkNzgCp2dsh8m02iVpZsskwKHz7N1tErPcUV3Wmf59Gc9kytmgOv0pDWoem3PBlORyRIPiir4OcYdWUOWAM3JyTgoCxQf4nQoTlKmFRKz9Bj5vIjluw66p9WP")
.header("x-xdr-auth-id", "241")
.header("content-type", "application/json")
.body("{\"request_data\":{\"rule_name\":\"Global Windows Exception\",\"description\":\"Allow injection for trusted Windows application across all endpoints\",\"platform\":\"windows\",\"process_name\":\"trustedapp.exe\",\"path\":\"C:\\\\Program Files\\\\TrustedApp\\\\trustedapp.exe\",\"hours_to_expiration\":24,\"profile_ids\":[96],\"scope\":\"global\"}}")
.asString();import Foundation
let headers = [
"Authorization": "UCoWpG4rkNzgCp2dsh8m02iVpZsskwKHz7N1tErPcUV3Wmf59Gc9kytmgOv0pDWoem3PBlORyRIPiir4OcYdWUOWAM3JyTgoCxQf4nQoTlKmFRKz9Bj5vIjluw66p9WP",
"x-xdr-auth-id": "241",
"content-type": "application/json"
]
let parameters = ["request_data": [
"rule_name": "Global Windows Exception",
"description": "Allow injection for trusted Windows application across all endpoints",
"platform": "windows",
"process_name": "trustedapp.exe",
"path": "C:\Program Files\TrustedApp\trustedapp.exe",
"hours_to_expiration": 24,
"profile_ids": [96],
"scope": "global"
]] as [String : Any]
let postData = JSONSerialization.data(withJSONObject: parameters, options: [])
let request = NSMutableURLRequest(url: NSURL(string: "https://api-yourfqdn/public_api/v1/disable_injection_prevention_rules/add")! as URL,
cachePolicy: .useProtocolCachePolicy,
timeoutInterval: 10.0)
request.httpMethod = "POST"
request.allHTTPHeaderFields = headers
request.httpBody = postData as Data
let session = URLSession.shared
let dataTask = session.dataTask(with: request as URLRequest, completionHandler: { (data, response, error) -> Void in
if (error != nil) {
print(error)
} else {
let httpResponse = response as? HTTPURLResponse
print(httpResponse)
}
})
dataTask.resume()<?php
$curl = curl_init();
curl_setopt_array($curl, [
CURLOPT_URL => "https://api-yourfqdn/public_api/v1/disable_injection_prevention_rules/add",
CURLOPT_RETURNTRANSFER => true,
CURLOPT_ENCODING => "",
CURLOPT_MAXREDIRS => 10,
CURLOPT_TIMEOUT => 30,
CURLOPT_HTTP_VERSION => CURL_HTTP_VERSION_1_1,
CURLOPT_CUSTOMREQUEST => "POST",
CURLOPT_POSTFIELDS => "{\"request_data\":{\"rule_name\":\"Global Windows Exception\",\"description\":\"Allow injection for trusted Windows application across all endpoints\",\"platform\":\"windows\",\"process_name\":\"trustedapp.exe\",\"path\":\"C:\\\\Program Files\\\\TrustedApp\\\\trustedapp.exe\",\"hours_to_expiration\":24,\"profile_ids\":[96],\"scope\":\"global\"}}",
CURLOPT_HTTPHEADER => [
"Authorization: UCoWpG4rkNzgCp2dsh8m02iVpZsskwKHz7N1tErPcUV3Wmf59Gc9kytmgOv0pDWoem3PBlORyRIPiir4OcYdWUOWAM3JyTgoCxQf4nQoTlKmFRKz9Bj5vIjluw66p9WP",
"content-type: application/json",
"x-xdr-auth-id: 241"
],
]);
$response = curl_exec($curl);
$err = curl_error($curl);
curl_close($curl);
if ($err) {
echo "cURL Error #:" . $err;
} else {
echo $response;
}CURL *hnd = curl_easy_init();
curl_easy_setopt(hnd, CURLOPT_CUSTOMREQUEST, "POST");
curl_easy_setopt(hnd, CURLOPT_URL, "https://api-yourfqdn/public_api/v1/disable_injection_prevention_rules/add");
struct curl_slist *headers = NULL;
headers = curl_slist_append(headers, "Authorization: UCoWpG4rkNzgCp2dsh8m02iVpZsskwKHz7N1tErPcUV3Wmf59Gc9kytmgOv0pDWoem3PBlORyRIPiir4OcYdWUOWAM3JyTgoCxQf4nQoTlKmFRKz9Bj5vIjluw66p9WP");
headers = curl_slist_append(headers, "x-xdr-auth-id: 241");
headers = curl_slist_append(headers, "content-type: application/json");
curl_easy_setopt(hnd, CURLOPT_HTTPHEADER, headers);
curl_easy_setopt(hnd, CURLOPT_POSTFIELDS, "{\"request_data\":{\"rule_name\":\"Global Windows Exception\",\"description\":\"Allow injection for trusted Windows application across all endpoints\",\"platform\":\"windows\",\"process_name\":\"trustedapp.exe\",\"path\":\"C:\\\\Program Files\\\\TrustedApp\\\\trustedapp.exe\",\"hours_to_expiration\":24,\"profile_ids\":[96],\"scope\":\"global\"}}");
CURLcode ret = curl_easy_perform(hnd);var client = new RestClient("https://api-yourfqdn/public_api/v1/disable_injection_prevention_rules/add");
var request = new RestRequest(Method.POST);
request.AddHeader("Authorization", "UCoWpG4rkNzgCp2dsh8m02iVpZsskwKHz7N1tErPcUV3Wmf59Gc9kytmgOv0pDWoem3PBlORyRIPiir4OcYdWUOWAM3JyTgoCxQf4nQoTlKmFRKz9Bj5vIjluw66p9WP");
request.AddHeader("x-xdr-auth-id", "241");
request.AddHeader("content-type", "application/json");
request.AddParameter("application/json", "{\"request_data\":{\"rule_name\":\"Global Windows Exception\",\"description\":\"Allow injection for trusted Windows application across all endpoints\",\"platform\":\"windows\",\"process_name\":\"trustedapp.exe\",\"path\":\"C:\\\\Program Files\\\\TrustedApp\\\\trustedapp.exe\",\"hours_to_expiration\":24,\"profile_ids\":[96],\"scope\":\"global\"}}", ParameterType.RequestBody);
IRestResponse response = client.Execute(request);Body parameters
required
request_dataobjectrequired
rule_namestring
descriptionstring
platformstring (Enum)
process_namestring
pathstring
hours_to_expirationinteger (Enum)
profile_idsarray[integer]
scopestring (Enum)
application/json
request_dataobjectrequiredRequest schema for creating a new Disable Injection and Prevention rule. All required fields must be provided to successfully create a rule.
Request schema for creating a new Disable Injection and Prevention rule. All required fields must be provided to successfully create a rule.
rule_namestringUnique name for the new rule. Must be between 1-100 characters and should be descriptive of the rule's purpose.
Unique name for the new rule. Must be between 1-100 characters and should be descriptive of the rule's purpose.
Example:
"Global Windows Exception"descriptionstringDescription explaining the purpose and context of this rule. Maximum 500 characters.
Description explaining the purpose and context of this rule. Maximum 500 characters.
Example:
"Allow injection for trusted Windows application across all endpoints"platformstring (Enum)Target operating system to which the rule applies.
Target operating system to which the rule applies.
Allowed values:"windows""linux""macos"
process_namestringName of the process executable to protect. Must match the exact process name (1-100 characters).
Name of the process executable to protect. Must match the exact process name (1-100 characters).
Example:
"trustedapp.exe"pathstringFull file system path to the process executable. Must be a valid path for the specified platform (1-1000 characters).
Full file system path to the process executable. Must be a valid path for the specified platform (1-1000 characters).
Example:
"C:\\Program Files\\TrustedApp\\trustedapp.exe"hours_to_expirationinteger (Enum)Number of hours until the rule expires. After expiration, the rule will no longer be applied. For example, 24 hours.
Number of hours until the rule expires. After expiration, the rule will no longer be applied. For example, 24 hours.
Allowed values:2448
profile_idsarray[integer]Array of profile IDs to which this rule should apply.
Required when scope is profile. Must be null or omitted when scope is global.
Array of profile IDs to which this rule should apply.
Required when scope is profile. Must be null or omitted when scope is global.
scopestring (Enum)Defines the application scope of the rule.
global: Rule applies to all endpoints all matching endpoints (by platform and agent version >= 7.9)profile: Rule applies only to endpoints in the specified profile_ids
Defines the application scope of the rule.
global: Rule applies to all endpoints all matching endpoints (by platform and agent version >= 7.9)profile: Rule applies only to endpoints in the specifiedprofile_ids
Allowed values:"global""profile"
REQUEST
{
"request_data": {
"rule_name": "Global Windows Exception",
"description": "Allow injection for trusted Windows application across all endpoints",
"platform": "windows",
"process_name": "trustedapp.exe",
"path": "C:\\Program Files\\TrustedApp\\trustedapp.exe",
"hours_to_expiration": 24,
"profile_ids": [
96
],
"scope": "profile"
}
}{
"request_data": {
"rule_name": "Global Windows Exception",
"description": "Allow injection for trusted Windows application across all endpoints",
"platform": "windows",
"process_name": "trustedapp.exe",
"path": "C:\\Program Files\\TrustedApp\\trustedapp.exe",
"hours_to_expiration": 24,
"profile_ids": [],
"scope": "global"
}
}{
"request_data": {
"rule_name": "Development Server Exception",
"description": "Temporary exception for development servers",
"platform": "linux",
"process_name": "node",
"path": "/usr/bin/node",
"hours_to_expiration": 24,
"scope": "profile",
"profile_ids": [
201,
202
]
}
}{
"request_data": {
"rule_name": "macOS Design Tool",
"description": "Exception for design application on macOS",
"platform": "macos",
"process_name": "DesignApp",
"path": "/Applications/DesignApp.app/Contents/MacOS/DesignApp",
"hours_to_expiration": 48,
"scope": "global",
"profile_ids": null
}
}Responses
OK
Body
application/json
replystringReturns the Disable Injection and Prevention Rule ID.
Returns the Disable Injection and Prevention Rule ID.
Example:
"e35dcf2150b74d19ba354fbe871f978d"RESPONSE
{
"reply": "e35dcf2150b74d19ba354fbe871f978d"
}Bad Request
Body
application/json
replyobject
err_codeintegerNumeric error code returned by the API.
Numeric error code returned by the API.
err_msgstringHuman-readable summary of the error.
Human-readable summary of the error.
err_extrastringDetailed description of the error, including the cause and how to resolve it when applicable.
Detailed description of the error, including the cause and how to resolve it when applicable.
RESPONSE
{
"reply": {
"err_code": 400,
"err_msg": "Got an invalid input while processing XDR public API",
"err_extra": "hours_to_expiration: Value error, Invalid value '12'. Allowed values: {24, 48}"
}
}{
"reply": {
"err_code": 400,
"err_msg": "Got an invalid input while processing XDR public API",
"err_extra": "The following profile ID(s) have a wrong type: [96]. The allowed types are: ['Exceptions']"
}
}{
"reply": {
"err_code": 400,
"err_msg": "Got an invalid input while processing XDR public API",
"err_extra": "Value error, profile_ids are required when scope is 'profile'"
}
}{
"reply": {
"err_code": 400,
"err_msg": "Got an invalid input while processing XDR public API",
"err_extra": "Value error, profile_ids can only be set when scope is 'profile'"
}
}