post
/public_api/v1/disable_prevention/fetch
Returns a list of Disable Prevention rules based on filters, sorting, and pagination.
Request headers
Authorization
String
required
{api_key}
{api_key}
Example:
UCoWpG4rkNzgCp2dsh8m02iVpZsskwKHz7N1tErPcUV3Wmf59Gc9kytmgOv0pDWoem3PBlORyRIPiir4OcYdWUOWAM3JyTgoCxQf4nQoTlKmFRKz9Bj5vIjluw66p9WP
x-xdr-auth-id
String
required
{api_key_id}
{api_key_id}
Example:
241
CLIENT REQUEST
curl -X 'POST'
-H
'Accept: application/json'
-H
'Content-Type: application/json'
-H
'Authorization: UCoWpG4rkNzgCp2dsh8m02iVpZsskwKHz7N1tErPcUV3Wmf59Gc9kytmgOv0pDWoem3PBlORyRIPiir4OcYdWUOWAM3JyTgoCxQf4nQoTlKmFRKz9Bj5vIjluw66p9WP '
-H
'x-xdr-auth-id: 241'
'https://api-yourfqdn/public_api/v1/disable_prevention/fetch'
-d
''
import http.client
conn = http.client.HTTPSConnection("api-yourfqdn")
payload = "{\"request_data\":{\"search_from\":0,\"search_to\":100,\"sort\":{\"field\":\"rule_id\",\"keyword\":\"asc\"},\"filters\":[{\"field\":\"status\",\"operator\":\"eq\",\"value\":{}}]}}"
headers = {
'Authorization': "UCoWpG4rkNzgCp2dsh8m02iVpZsskwKHz7N1tErPcUV3Wmf59Gc9kytmgOv0pDWoem3PBlORyRIPiir4OcYdWUOWAM3JyTgoCxQf4nQoTlKmFRKz9Bj5vIjluw66p9WP ",
'x-xdr-auth-id': "241",
'content-type': "application/json"
}
conn.request("POST", "/public_api/v1/disable_prevention/fetch", payload, headers)
res = conn.getresponse()
data = res.read()
print(data.decode("utf-8"))require 'uri'
require 'net/http'
require 'openssl'
url = URI("https://api-yourfqdn/public_api/v1/disable_prevention/fetch")
http = Net::HTTP.new(url.host, url.port)
http.use_ssl = true
http.verify_mode = OpenSSL::SSL::VERIFY_NONE
request = Net::HTTP::Post.new(url)
request["Authorization"] = 'UCoWpG4rkNzgCp2dsh8m02iVpZsskwKHz7N1tErPcUV3Wmf59Gc9kytmgOv0pDWoem3PBlORyRIPiir4OcYdWUOWAM3JyTgoCxQf4nQoTlKmFRKz9Bj5vIjluw66p9WP '
request["x-xdr-auth-id"] = '241'
request["content-type"] = 'application/json'
request.body = "{\"request_data\":{\"search_from\":0,\"search_to\":100,\"sort\":{\"field\":\"rule_id\",\"keyword\":\"asc\"},\"filters\":[{\"field\":\"status\",\"operator\":\"eq\",\"value\":{}}]}}"
response = http.request(request)
puts response.read_bodyconst data = JSON.stringify({
"request_data": {
"search_from": 0,
"search_to": 100,
"sort": {
"field": "rule_id",
"keyword": "asc"
},
"filters": [
{
"field": "status",
"operator": "eq",
"value": {}
}
]
}
});
const xhr = new XMLHttpRequest();
xhr.withCredentials = true;
xhr.addEventListener("readystatechange", function () {
if (this.readyState === this.DONE) {
console.log(this.responseText);
}
});
xhr.open("POST", "https://api-yourfqdn/public_api/v1/disable_prevention/fetch");
xhr.setRequestHeader("Authorization", "UCoWpG4rkNzgCp2dsh8m02iVpZsskwKHz7N1tErPcUV3Wmf59Gc9kytmgOv0pDWoem3PBlORyRIPiir4OcYdWUOWAM3JyTgoCxQf4nQoTlKmFRKz9Bj5vIjluw66p9WP ");
xhr.setRequestHeader("x-xdr-auth-id", "241");
xhr.setRequestHeader("content-type", "application/json");
xhr.send(data);HttpResponse<String> response = Unirest.post("https://api-yourfqdn/public_api/v1/disable_prevention/fetch")
.header("Authorization", "UCoWpG4rkNzgCp2dsh8m02iVpZsskwKHz7N1tErPcUV3Wmf59Gc9kytmgOv0pDWoem3PBlORyRIPiir4OcYdWUOWAM3JyTgoCxQf4nQoTlKmFRKz9Bj5vIjluw66p9WP ")
.header("x-xdr-auth-id", "241")
.header("content-type", "application/json")
.body("{\"request_data\":{\"search_from\":0,\"search_to\":100,\"sort\":{\"field\":\"rule_id\",\"keyword\":\"asc\"},\"filters\":[{\"field\":\"status\",\"operator\":\"eq\",\"value\":{}}]}}")
.asString();import Foundation
let headers = [
"Authorization": "UCoWpG4rkNzgCp2dsh8m02iVpZsskwKHz7N1tErPcUV3Wmf59Gc9kytmgOv0pDWoem3PBlORyRIPiir4OcYdWUOWAM3JyTgoCxQf4nQoTlKmFRKz9Bj5vIjluw66p9WP ",
"x-xdr-auth-id": "241",
"content-type": "application/json"
]
let parameters = ["request_data": [
"search_from": 0,
"search_to": 100,
"sort": [
"field": "rule_id",
"keyword": "asc"
],
"filters": [
[
"field": "status",
"operator": "eq",
"value": []
]
]
]] as [String : Any]
let postData = JSONSerialization.data(withJSONObject: parameters, options: [])
let request = NSMutableURLRequest(url: NSURL(string: "https://api-yourfqdn/public_api/v1/disable_prevention/fetch")! as URL,
cachePolicy: .useProtocolCachePolicy,
timeoutInterval: 10.0)
request.httpMethod = "POST"
request.allHTTPHeaderFields = headers
request.httpBody = postData as Data
let session = URLSession.shared
let dataTask = session.dataTask(with: request as URLRequest, completionHandler: { (data, response, error) -> Void in
if (error != nil) {
print(error)
} else {
let httpResponse = response as? HTTPURLResponse
print(httpResponse)
}
})
dataTask.resume()<?php
$curl = curl_init();
curl_setopt_array($curl, [
CURLOPT_URL => "https://api-yourfqdn/public_api/v1/disable_prevention/fetch",
CURLOPT_RETURNTRANSFER => true,
CURLOPT_ENCODING => "",
CURLOPT_MAXREDIRS => 10,
CURLOPT_TIMEOUT => 30,
CURLOPT_HTTP_VERSION => CURL_HTTP_VERSION_1_1,
CURLOPT_CUSTOMREQUEST => "POST",
CURLOPT_POSTFIELDS => "{\"request_data\":{\"search_from\":0,\"search_to\":100,\"sort\":{\"field\":\"rule_id\",\"keyword\":\"asc\"},\"filters\":[{\"field\":\"status\",\"operator\":\"eq\",\"value\":{}}]}}",
CURLOPT_HTTPHEADER => [
"Authorization: UCoWpG4rkNzgCp2dsh8m02iVpZsskwKHz7N1tErPcUV3Wmf59Gc9kytmgOv0pDWoem3PBlORyRIPiir4OcYdWUOWAM3JyTgoCxQf4nQoTlKmFRKz9Bj5vIjluw66p9WP ",
"content-type: application/json",
"x-xdr-auth-id: 241"
],
]);
$response = curl_exec($curl);
$err = curl_error($curl);
curl_close($curl);
if ($err) {
echo "cURL Error #:" . $err;
} else {
echo $response;
}CURL *hnd = curl_easy_init();
curl_easy_setopt(hnd, CURLOPT_CUSTOMREQUEST, "POST");
curl_easy_setopt(hnd, CURLOPT_URL, "https://api-yourfqdn/public_api/v1/disable_prevention/fetch");
struct curl_slist *headers = NULL;
headers = curl_slist_append(headers, "Authorization: UCoWpG4rkNzgCp2dsh8m02iVpZsskwKHz7N1tErPcUV3Wmf59Gc9kytmgOv0pDWoem3PBlORyRIPiir4OcYdWUOWAM3JyTgoCxQf4nQoTlKmFRKz9Bj5vIjluw66p9WP ");
headers = curl_slist_append(headers, "x-xdr-auth-id: 241");
headers = curl_slist_append(headers, "content-type: application/json");
curl_easy_setopt(hnd, CURLOPT_HTTPHEADER, headers);
curl_easy_setopt(hnd, CURLOPT_POSTFIELDS, "{\"request_data\":{\"search_from\":0,\"search_to\":100,\"sort\":{\"field\":\"rule_id\",\"keyword\":\"asc\"},\"filters\":[{\"field\":\"status\",\"operator\":\"eq\",\"value\":{}}]}}");
CURLcode ret = curl_easy_perform(hnd);var client = new RestClient("https://api-yourfqdn/public_api/v1/disable_prevention/fetch");
var request = new RestRequest(Method.POST);
request.AddHeader("Authorization", "UCoWpG4rkNzgCp2dsh8m02iVpZsskwKHz7N1tErPcUV3Wmf59Gc9kytmgOv0pDWoem3PBlORyRIPiir4OcYdWUOWAM3JyTgoCxQf4nQoTlKmFRKz9Bj5vIjluw66p9WP ");
request.AddHeader("x-xdr-auth-id", "241");
request.AddHeader("content-type", "application/json");
request.AddParameter("application/json", "{\"request_data\":{\"search_from\":0,\"search_to\":100,\"sort\":{\"field\":\"rule_id\",\"keyword\":\"asc\"},\"filters\":[{\"field\":\"status\",\"operator\":\"eq\",\"value\":{}}]}}", ParameterType.RequestBody);
IRestResponse response = client.Execute(request);Body parameters
required
request_dataobject
search_frominteger
search_tointeger
sortobjectrequired
fieldstring
keywordstring (Enum)
filtersarray
application/json
request_dataobject
search_fromintegerZero-based index of the first Disable Prevention rule to return. Used for pagination.
Zero-based index of the first Disable Prevention rule to return. Used for pagination.
search_tointegerIndex number of Disable Prevention rules to return starting from search_from.
Index number of Disable Prevention rules to return starting from search_from.
Default:
100sortobjectrequired
fieldstringRule attribute to apply the filter on. For example: rule_id, status, modification_time, platform).
Rule attribute to apply the filter on. For example: rule_id, status, modification_time, platform).
Example:
"rule_id"keywordstring (Enum)Determines the sort order.
Determines the sort order.
Allowed values:"asc""desc"
filtersarray
[fieldstring
operatorstring
valueobject
]
fieldstringRule attribute to apply the filter on. For example: rule_id, status, modification_time, platform).
Rule attribute to apply the filter on. For example: rule_id, status, modification_time, platform).
Example:
"status"operatorstringComparison operator used for filtering. For example, (eq, neq, gte, lte, contains or not_contains)
Comparison operator used for filtering. For example, (eq, neq, gte, lte, contains or not_contains)
Default:
"eq"valueobjectThe value to compare against the specified field. The expected data type and format depend on the field being filtered and the operator used.
Examples:
- If the
field is status, the value can be enabled or disabled.
- If the
field is modification_time, the value should be a Unix timestamp in milliseconds (for example, 1762870187000).
- If the
field is platform, the value can be a string such as windows, macos, or linux
The value to compare against the specified field. The expected data type and format depend on the field being filtered and the operator used.
Examples:
- If the
fieldisstatus, thevaluecan beenabledordisabled. - If the
fieldismodification_time, thevalueshould be a Unix timestamp in milliseconds (for example,1762870187000). - If the
fieldisplatform, thevaluecan be a string such aswindows,macos, orlinux
REQUEST
{
"request_data": {
"search_from": 0,
"search_to": 100,
"sort": {
"field": "rule_id",
"keyword": "asc"
},
"filters": [
{
"field": "rule_id",
"operator": "eq",
"value": "1bce99ee792e4f0682d7c9bde0aaf44e"
}
]
}
}{
"request_data": {
"search_from": 0,
"search_to": 3,
"sort": {
"field": "modification_time",
"keyword": "desc"
},
"filters": [
{
"field": "status",
"operator": "eq",
"value": "enabled"
},
{
"field": "modification_time",
"operator": "gte",
"value": 1762870187000
}
]
}
}Responses
OK
Body
application/json
replyobject
dataarray
[rule_idstring
rule_namestring
descriptionstring
platformstring
conditionsobject
hashstring
pathstring
signerstring
commandstring
sign_thumbprintstring
module_idsarray[integer]
profile_idsarray[integer]
scopestring
statusstring
created_bystring
user_emailstring
modification_timeintegerint64
associated_targetsarray[string]
]
rule_idstringThe unique identifier of the Disable Prevention rule.
The unique identifier of the Disable Prevention rule.
Example:
"1bce99ee792e4f0682d7c9bde0aaf44e"rule_namestringName of the Disable Prevention rule.
Name of the Disable Prevention rule.
Example:
"My Mac DPR"descriptionstringDescription explaining the purpose and behavior of the rule.
Description explaining the purpose and behavior of the rule.
Example:
"Data prevention rules for my mac"platformstringIndicates the operating system to which the rule applies. For example, windows, linux, or macos
Indicates the operating system to which the rule applies. For example, windows, linux, or macos
Example:
"macos"conditionsobjectA combination of parameters configured during rule creation.
A combination of parameters configured during rule creation.
hashstringSHA256 hash
SHA256 hash
Example:
"3b7d28f7a6c1e9b0f4a5c2d9e8f1a0b6c7d4e5f8091a2b3c4d5e6f7a8b9c0d1"pathstringPath to the required files or folders
Path to the required files or folders
Example:
"/*"signerstringTrusted signer
Trusted signer
Example:
"company.inc"commandstringCommand line argument
Command line argument
Example:
"hi"sign_thumbprintstringCertificate thumbprint
Certificate thumbprint
Example:
"Certificate thumbprint"module_idsarray[integer]A list of module ids associated with the rule.
A list of module ids associated with the rule.
profile_idsarray[integer]A list of profile ids to which the rule is applied.
A list of profile ids to which the rule is applied.
scopestringSpecifies the scope of the rule, such as global (All endpoints) or profile (Exception profiles).
Specifies the scope of the rule, such as global (All endpoints) or profile (Exception profiles).
Example:
"profile"statusstringCurrent state of the rule (for example, enabled or disabled).
Current state of the rule (for example, enabled or disabled).
Example:
"enabled"created_bystringName of the user who created the rule.
Name of the user who created the rule.
Example:
"John Doe"user_emailstringEmail address of the user associated with the creation or last modification of the rule.
Email address of the user associated with the creation or last modification of the rule.
Example:
"john.doe@example.com"modification_timeintegerint64Timestamp when the rule was last modified.
Timestamp when the rule was last modified.
Example:
1764475578200associated_targetsarray[string]
filter_countintegerThe number of rules returned in the current response after applying filters.
The number of rules returned in the current response after applying filters.
total_countintegerThe total number of rules available that match the filter criteria, regardless of pagination.
The total number of rules available that match the filter criteria, regardless of pagination.
RESPONSE
{
"reply": {
"data": [
{
"rule_id": "1bce99ee792e4f0682d7c9bde0aaf44e",
"rule_name": "DPR",
"description": "Prevention rules using API",
"platform": "linux",
"conditions": {
"hash": "3b7d28f7a6c1e9b0f4a5c2d9e8f1a0b6c7d4e5f8091a2b3c4d5e6f7a8b9c0d1 ",
"path": "/*",
"signer": "trusted company.inc",
"command": "command line argument",
"sign_thumbprint": "certificate thumbprint"
},
"module_ids": [
56
],
"profile_ids": [
96
],
"scope": "profile",
"status": "enabled",
"created_by": "Jane Doe",
"user_email": "jane.doe@example.com",
"modification_time": 1764475578200,
"associated_targets": [
"endpoint != AFDSFDS"
]
}
],
"filter_count": 1,
"total_count": 4
}
}