Add Prevention Profile

Cortex XDR REST API
post /public_api/v1/profiles/prevention/add

Create a new prevention profile with specified configuration.

Request headers
Authorization String required

{api_key}
Example: authorization_example
x-xdr-auth-id String required

{api_key_id}
Example: xXdrAuthId_example
CLIENT REQUEST
curl -X 'POST'
-H 'Accept: application/json'
-H 'Content-Type: application/json'
-H 'Authorization: authorization_example' -H 'x-xdr-auth-id: xXdrAuthId_example'
'https://api-yourfqdn/public_api/v1/profiles/prevention/add'
-d ''
import http.client conn = http.client.HTTPSConnection("api-yourfqdn") payload = "{\"name\":\"Windows_Malware_Prevention\",\"profile_type\":\"malware\",\"platform\":\"windows\",\"description\":\"Standard prevention profile for Windows endpoints\",\"modules\":{\"wildfire\":{\"status\":\"enabled\"},\"behavioral_threat_protection\":{\"status\":\"enabled\"}}}" headers = { 'Authorization': "SOME_STRING_VALUE", 'x-xdr-auth-id': "SOME_STRING_VALUE", 'content-type': "application/json" } conn.request("POST", "/public_api/v1/profiles/prevention/add", payload, headers) res = conn.getresponse() data = res.read() print(data.decode("utf-8"))
require 'uri' require 'net/http' require 'openssl' url = URI("https://api-yourfqdn/public_api/v1/profiles/prevention/add") http = Net::HTTP.new(url.host, url.port) http.use_ssl = true http.verify_mode = OpenSSL::SSL::VERIFY_NONE request = Net::HTTP::Post.new(url) request["Authorization"] = 'SOME_STRING_VALUE' request["x-xdr-auth-id"] = 'SOME_STRING_VALUE' request["content-type"] = 'application/json' request.body = "{\"name\":\"Windows_Malware_Prevention\",\"profile_type\":\"malware\",\"platform\":\"windows\",\"description\":\"Standard prevention profile for Windows endpoints\",\"modules\":{\"wildfire\":{\"status\":\"enabled\"},\"behavioral_threat_protection\":{\"status\":\"enabled\"}}}" response = http.request(request) puts response.read_body
const data = JSON.stringify({ "name": "Windows_Malware_Prevention", "profile_type": "malware", "platform": "windows", "description": "Standard prevention profile for Windows endpoints", "modules": { "wildfire": { "status": "enabled" }, "behavioral_threat_protection": { "status": "enabled" } } }); const xhr = new XMLHttpRequest(); xhr.withCredentials = true; xhr.addEventListener("readystatechange", function () { if (this.readyState === this.DONE) { console.log(this.responseText); } }); xhr.open("POST", "https://api-yourfqdn/public_api/v1/profiles/prevention/add"); xhr.setRequestHeader("Authorization", "SOME_STRING_VALUE"); xhr.setRequestHeader("x-xdr-auth-id", "SOME_STRING_VALUE"); xhr.setRequestHeader("content-type", "application/json"); xhr.send(data);
HttpResponse<String> response = Unirest.post("https://api-yourfqdn/public_api/v1/profiles/prevention/add") .header("Authorization", "SOME_STRING_VALUE") .header("x-xdr-auth-id", "SOME_STRING_VALUE") .header("content-type", "application/json") .body("{\"name\":\"Windows_Malware_Prevention\",\"profile_type\":\"malware\",\"platform\":\"windows\",\"description\":\"Standard prevention profile for Windows endpoints\",\"modules\":{\"wildfire\":{\"status\":\"enabled\"},\"behavioral_threat_protection\":{\"status\":\"enabled\"}}}") .asString();
import Foundation let headers = [ "Authorization": "SOME_STRING_VALUE", "x-xdr-auth-id": "SOME_STRING_VALUE", "content-type": "application/json" ] let parameters = [ "name": "Windows_Malware_Prevention", "profile_type": "malware", "platform": "windows", "description": "Standard prevention profile for Windows endpoints", "modules": [ "wildfire": ["status": "enabled"], "behavioral_threat_protection": ["status": "enabled"] ] ] as [String : Any] let postData = JSONSerialization.data(withJSONObject: parameters, options: []) let request = NSMutableURLRequest(url: NSURL(string: "https://api-yourfqdn/public_api/v1/profiles/prevention/add")! as URL, cachePolicy: .useProtocolCachePolicy, timeoutInterval: 10.0) request.httpMethod = "POST" request.allHTTPHeaderFields = headers request.httpBody = postData as Data let session = URLSession.shared let dataTask = session.dataTask(with: request as URLRequest, completionHandler: { (data, response, error) -> Void in if (error != nil) { print(error) } else { let httpResponse = response as? HTTPURLResponse print(httpResponse) } }) dataTask.resume()
<?php $curl = curl_init(); curl_setopt_array($curl, [ CURLOPT_URL => "https://api-yourfqdn/public_api/v1/profiles/prevention/add", CURLOPT_RETURNTRANSFER => true, CURLOPT_ENCODING => "", CURLOPT_MAXREDIRS => 10, CURLOPT_TIMEOUT => 30, CURLOPT_HTTP_VERSION => CURL_HTTP_VERSION_1_1, CURLOPT_CUSTOMREQUEST => "POST", CURLOPT_POSTFIELDS => "{\"name\":\"Windows_Malware_Prevention\",\"profile_type\":\"malware\",\"platform\":\"windows\",\"description\":\"Standard prevention profile for Windows endpoints\",\"modules\":{\"wildfire\":{\"status\":\"enabled\"},\"behavioral_threat_protection\":{\"status\":\"enabled\"}}}", CURLOPT_HTTPHEADER => [ "Authorization: SOME_STRING_VALUE", "content-type: application/json", "x-xdr-auth-id: SOME_STRING_VALUE" ], ]); $response = curl_exec($curl); $err = curl_error($curl); curl_close($curl); if ($err) { echo "cURL Error #:" . $err; } else { echo $response; }
CURL *hnd = curl_easy_init(); curl_easy_setopt(hnd, CURLOPT_CUSTOMREQUEST, "POST"); curl_easy_setopt(hnd, CURLOPT_URL, "https://api-yourfqdn/public_api/v1/profiles/prevention/add"); struct curl_slist *headers = NULL; headers = curl_slist_append(headers, "Authorization: SOME_STRING_VALUE"); headers = curl_slist_append(headers, "x-xdr-auth-id: SOME_STRING_VALUE"); headers = curl_slist_append(headers, "content-type: application/json"); curl_easy_setopt(hnd, CURLOPT_HTTPHEADER, headers); curl_easy_setopt(hnd, CURLOPT_POSTFIELDS, "{\"name\":\"Windows_Malware_Prevention\",\"profile_type\":\"malware\",\"platform\":\"windows\",\"description\":\"Standard prevention profile for Windows endpoints\",\"modules\":{\"wildfire\":{\"status\":\"enabled\"},\"behavioral_threat_protection\":{\"status\":\"enabled\"}}}"); CURLcode ret = curl_easy_perform(hnd);
var client = new RestClient("https://api-yourfqdn/public_api/v1/profiles/prevention/add"); var request = new RestRequest(Method.POST); request.AddHeader("Authorization", "SOME_STRING_VALUE"); request.AddHeader("x-xdr-auth-id", "SOME_STRING_VALUE"); request.AddHeader("content-type", "application/json"); request.AddParameter("application/json", "{\"name\":\"Windows_Malware_Prevention\",\"profile_type\":\"malware\",\"platform\":\"windows\",\"description\":\"Standard prevention profile for Windows endpoints\",\"modules\":{\"wildfire\":{\"status\":\"enabled\"},\"behavioral_threat_protection\":{\"status\":\"enabled\"}}}", ParameterType.RequestBody); IRestResponse response = client.Execute(request);
Body parameters
required
application/json
namestringrequired

Name of the profile.

profile_typestringrequired

Type of the prevention profile.

platformstringrequired

Platform (OS) for the profile.

descriptionstring

Optional description of the profile.

modulesobjectrequired

Configuration modules for the profile.

Additional propertiesobject
REQUEST
{ "name": "Windows_Malware_Prevention", "profile_type": "malware", "platform": "windows", "description": "Standard prevention profile for Windows endpoints", "modules": { "wildfire": { "status": "enabled" }, "behavioral_threat_protection": { "status": "enabled" } } }
Responses

Successful response

Body
application/json
replyinteger

The ID of the newly created profile.

RESPONSE
{ "reply": 12345 }

Bad Request. Invalid Input.

Unauthorized access. User does not have the required license type to run this API.

Forbidden access. The provided API Key does not have the required RBAC permissions to run this API.

Internal Server Error.