Create Asset Tag Rules

Cortex Xpanse REST API

post /public_api/v1/assets/create_asset_tag_rules/

Create tag rules that apply tags automatically to assets that match your rule criteria, including any new assets that are attributed to your organization. Tag rules can be defined for IPv4 addresses and IPv4 ranges. These fields can be the same to denote a single IP address. If the list of IP addresses exceeds 100, Expander will create multiple tag rules, each with at most 100 IP addresses per rule.
Required License: Cortex Xpanse Expander

Request headers
authorization
String
required
api-key
Example: {{api_key}}
x-xdr-auth-id
String
required
api-key-id
Example: {{api_key_id}}
Body parameters
required
request_dataObjectrequired

A dictionary containing the API request fields.

ip_rangesArray

List of dictionaries containing "from_ip" and "to_ip" to define an IP range. These fields can be the same to denote a single IP address.
For example,
"from_ip": "1.1.1.1", "to_ip": "1.1.1.3".'

from_ipString
to_ipString
rule_nameString

Name of the tag rule. Will use tag_name if left empty.

descriptionString

(Optional) Description of the tag rule.

tag_nameString

Name of the tag to be used to tag assets. If a rules-based tag with the same name already exists, it will use that tag. If not, a new rules-based tag will be created.

REQUEST BODY
{ "request_data": { "rule_name": "rule_name", "ip_ranges": [ { "to_ip": "to_ip", "from_ip": "from_ip" }, { "to_ip": "to_ip", "from_ip": "from_ip" } ], "tag_name": "tag_name", "description": "description" } }
CURL
curl -X 'POST'
-H 'Accept: application/json'
-H 'Content-Type: application/json'
-H 'authorization: {{api_key}}' -H 'x-xdr-auth-id: {{api_key_id}}'
'https://api-}/public_api/v1/assets/create_asset_tag_rules/'
-d '{ "request_data" : { "rule_name" : "rule_name", "ip_ranges" : [ { "to_ip" : "to_ip", "from_ip" : "from_ip" }, { "to_ip" : "to_ip", "from_ip" : "from_ip" } ], "tag_name" : "tag_name", "description" : "description" } }'
Responses

OK

Body
replyString
RESPONSE
{ "reply": "reply_example" }

Bad Request. Got an invalid JSON.

Body
replyObject

The query results upon error.

RESPONSE
{ "reply": {} }

Unauthorized access. An issue occurred during authentication. This can indicate an incorrect key, id, or other invalid authentication parameters.

Body
replyObject

The query results upon error.

RESPONSE
{ "reply": {} }

Unauthorized access. User does not have the required license type to run this API.

Body
replyObject

The query results upon error.

RESPONSE
{ "reply": {} }

Forbidden access. The provided API Key does not have the required RBAC permissions to run this API.

Body
replyObject

The query results upon error.

RESPONSE
{ "reply": {} }

Unprocessable Entity

Body
codeInteger

Error code

statusString

Error name

messageString

Error message

errorsObject

Errors

RESPONSE
{ "code": 0, "status": "status_example", "message": "message_example", "errors": {} }

Internal server error. A unified status for API communication type errors.

Body
replyObject

The query results upon error.

RESPONSE
{ "reply": {} }