Get Legacy Exceptions Modules

Cortex XSIAM Platform APIs
post /public_api/v1/legacy_exceptions/get_modules

Get a list of supported legacy exception modules available in the tenant. Each module entry includes its module_id, supported platforms, and the conditions_definition schema that must be used when creating or editing a legacy exception rule for that module.

Note: No request body required. Send an empty body.

Request headers
Authorization String required

{api_key}
Example: UCoWpG4rkNzgCp2dsh8m02iVpZsskwKHz7N1tErPcUV3Wmf59Gc9kytmgOv0pDWoem3PBlORyRIPiir4OcYdWUOWAM3JyTgoCxQf4nQoTlKmFRKz9Bj5vIjluw66p9WP
x-xdr-auth-id String required

{api_key_id}
Example: 241
CLIENT REQUEST
curl -X 'POST'
-H 'Accept: application/json'
-H 'Content-Type: application/json'
-H 'Authorization: UCoWpG4rkNzgCp2dsh8m02iVpZsskwKHz7N1tErPcUV3Wmf59Gc9kytmgOv0pDWoem3PBlORyRIPiir4OcYdWUOWAM3JyTgoCxQf4nQoTlKmFRKz9Bj5vIjluw66p9WP ' -H 'x-xdr-auth-id: 241'
'https://api-yourfqdn/public_api/v1/legacy_exceptions/get_modules'
-d ''
import http.client conn = http.client.HTTPSConnection("api-yourfqdn") payload = "{}" headers = { 'Authorization': "UCoWpG4rkNzgCp2dsh8m02iVpZsskwKHz7N1tErPcUV3Wmf59Gc9kytmgOv0pDWoem3PBlORyRIPiir4OcYdWUOWAM3JyTgoCxQf4nQoTlKmFRKz9Bj5vIjluw66p9WP ", 'x-xdr-auth-id': "241", 'content-type': "application/json" } conn.request("POST", "/public_api/v1/legacy_exceptions/get_modules", payload, headers) res = conn.getresponse() data = res.read() print(data.decode("utf-8"))
require 'uri' require 'net/http' require 'openssl' url = URI("https://api-yourfqdn/public_api/v1/legacy_exceptions/get_modules") http = Net::HTTP.new(url.host, url.port) http.use_ssl = true http.verify_mode = OpenSSL::SSL::VERIFY_NONE request = Net::HTTP::Post.new(url) request["Authorization"] = 'UCoWpG4rkNzgCp2dsh8m02iVpZsskwKHz7N1tErPcUV3Wmf59Gc9kytmgOv0pDWoem3PBlORyRIPiir4OcYdWUOWAM3JyTgoCxQf4nQoTlKmFRKz9Bj5vIjluw66p9WP ' request["x-xdr-auth-id"] = '241' request["content-type"] = 'application/json' request.body = "{}" response = http.request(request) puts response.read_body
const data = JSON.stringify({}); const xhr = new XMLHttpRequest(); xhr.withCredentials = true; xhr.addEventListener("readystatechange", function () { if (this.readyState === this.DONE) { console.log(this.responseText); } }); xhr.open("POST", "https://api-yourfqdn/public_api/v1/legacy_exceptions/get_modules"); xhr.setRequestHeader("Authorization", "UCoWpG4rkNzgCp2dsh8m02iVpZsskwKHz7N1tErPcUV3Wmf59Gc9kytmgOv0pDWoem3PBlORyRIPiir4OcYdWUOWAM3JyTgoCxQf4nQoTlKmFRKz9Bj5vIjluw66p9WP "); xhr.setRequestHeader("x-xdr-auth-id", "241"); xhr.setRequestHeader("content-type", "application/json"); xhr.send(data);
HttpResponse<String> response = Unirest.post("https://api-yourfqdn/public_api/v1/legacy_exceptions/get_modules") .header("Authorization", "UCoWpG4rkNzgCp2dsh8m02iVpZsskwKHz7N1tErPcUV3Wmf59Gc9kytmgOv0pDWoem3PBlORyRIPiir4OcYdWUOWAM3JyTgoCxQf4nQoTlKmFRKz9Bj5vIjluw66p9WP ") .header("x-xdr-auth-id", "241") .header("content-type", "application/json") .body("{}") .asString();
import Foundation let headers = [ "Authorization": "UCoWpG4rkNzgCp2dsh8m02iVpZsskwKHz7N1tErPcUV3Wmf59Gc9kytmgOv0pDWoem3PBlORyRIPiir4OcYdWUOWAM3JyTgoCxQf4nQoTlKmFRKz9Bj5vIjluw66p9WP ", "x-xdr-auth-id": "241", "content-type": "application/json" ] let parameters = [] as [String : Any] let postData = JSONSerialization.data(withJSONObject: parameters, options: []) let request = NSMutableURLRequest(url: NSURL(string: "https://api-yourfqdn/public_api/v1/legacy_exceptions/get_modules")! as URL, cachePolicy: .useProtocolCachePolicy, timeoutInterval: 10.0) request.httpMethod = "POST" request.allHTTPHeaderFields = headers request.httpBody = postData as Data let session = URLSession.shared let dataTask = session.dataTask(with: request as URLRequest, completionHandler: { (data, response, error) -> Void in if (error != nil) { print(error) } else { let httpResponse = response as? HTTPURLResponse print(httpResponse) } }) dataTask.resume()
<?php $curl = curl_init(); curl_setopt_array($curl, [ CURLOPT_URL => "https://api-yourfqdn/public_api/v1/legacy_exceptions/get_modules", CURLOPT_RETURNTRANSFER => true, CURLOPT_ENCODING => "", CURLOPT_MAXREDIRS => 10, CURLOPT_TIMEOUT => 30, CURLOPT_HTTP_VERSION => CURL_HTTP_VERSION_1_1, CURLOPT_CUSTOMREQUEST => "POST", CURLOPT_POSTFIELDS => "{}", CURLOPT_HTTPHEADER => [ "Authorization: UCoWpG4rkNzgCp2dsh8m02iVpZsskwKHz7N1tErPcUV3Wmf59Gc9kytmgOv0pDWoem3PBlORyRIPiir4OcYdWUOWAM3JyTgoCxQf4nQoTlKmFRKz9Bj5vIjluw66p9WP ", "content-type: application/json", "x-xdr-auth-id: 241" ], ]); $response = curl_exec($curl); $err = curl_error($curl); curl_close($curl); if ($err) { echo "cURL Error #:" . $err; } else { echo $response; }
CURL *hnd = curl_easy_init(); curl_easy_setopt(hnd, CURLOPT_CUSTOMREQUEST, "POST"); curl_easy_setopt(hnd, CURLOPT_URL, "https://api-yourfqdn/public_api/v1/legacy_exceptions/get_modules"); struct curl_slist *headers = NULL; headers = curl_slist_append(headers, "Authorization: UCoWpG4rkNzgCp2dsh8m02iVpZsskwKHz7N1tErPcUV3Wmf59Gc9kytmgOv0pDWoem3PBlORyRIPiir4OcYdWUOWAM3JyTgoCxQf4nQoTlKmFRKz9Bj5vIjluw66p9WP "); headers = curl_slist_append(headers, "x-xdr-auth-id: 241"); headers = curl_slist_append(headers, "content-type: application/json"); curl_easy_setopt(hnd, CURLOPT_HTTPHEADER, headers); curl_easy_setopt(hnd, CURLOPT_POSTFIELDS, "{}"); CURLcode ret = curl_easy_perform(hnd);
var client = new RestClient("https://api-yourfqdn/public_api/v1/legacy_exceptions/get_modules"); var request = new RestRequest(Method.POST); request.AddHeader("Authorization", "UCoWpG4rkNzgCp2dsh8m02iVpZsskwKHz7N1tErPcUV3Wmf59Gc9kytmgOv0pDWoem3PBlORyRIPiir4OcYdWUOWAM3JyTgoCxQf4nQoTlKmFRKz9Bj5vIjluw66p9WP "); request.AddHeader("x-xdr-auth-id", "241"); request.AddHeader("content-type", "application/json"); request.AddParameter("application/json", "{}", ParameterType.RequestBody); IRestResponse response = client.Execute(request);
Body parameters
Object
application/json
REQUEST
{}
Responses

OK

Body
application/json
replyarray
[
module_idinteger

Unique numeric identifier for the module. Use as the module field in add/edit requests.

Example:1
pretty_namestring

Full display name including profile type category

Example:"Malware > Respond to Malicious Causality Chains"
titlestring

Short title of the module.

Example:"Respond to Malicious Causality Chains"
labelstring

Label describing what the exception allow-lists (for example, "Files / Folders in Allow List").

Example:"Allow List of Remote Ipv4/ipv6 Ip Address, Range or Cidr"
profile_typestring

Category of the protection profile this module belongs to.

Example:"Malware"
platformsarray[string]

List of platforms this module supports. Only use these platforms in add/edit requests for this module.

conditions_definitionobject

Schema definition for the conditions object required when creating or editing a legacy exception rule for this module. Each key is a condition field name, and its value describes the expected schema and a human-readable description.

remoteIpsWhitelistobject
schemaobject
typestring
itemsobject
typestring
minItemsinteger
descriptionstring

Human-readable description of the condition field.

]
RESPONSE
{ "reply": [ { "module_id": 1, "pretty_name": "Malware > Respond to Malicious Causality Chains", "title": "Respond to Malicious Causality Chains", "label": "Allow List of Remote Ipv4/ipv6 Ip Address, Range or Cidr", "profile_type": "Malware", "platforms": [ "Windows", "macOS" ], "conditions_definition": { "remoteIpsWhitelist": { "schema": { "type": "array", "items": { "type": "string" }, "minItems": 1 }, "description": "List of valid Ipv4/ipv6 Ip Address, Ranges or Cidrs" } } } ] }

Bad Request. Invalid Input.

Unauthorized access. User does not have the required license type to run this API.

Forbidden access. The provided API Key does not have the required RBAC permissions to run this API.

Internal Server Error.