Search Log Inspection Rules
Search for log inspection rules using optional filters.
LogInspectionRulesApi.searchLogInspectionRules([param1, param2, ...])
LogInspectionRulesApi.search_log_inspection_rules([param1, param2, ...])
LogInspectionRulesApi.searchLogInspectionRules([param1, param2, ...])
header Parameters
Request Body schema: application/json
A collection of options used to filter the search results.
successful operation
Not authorized to view log inspection rules.
- Payload
- Java
- Python
- JavaScript
{- "maxItems": 0,
- "searchCriteria": [
- {
- "fieldName": "string",
- "booleanTest": true,
- "numericTest": "less-than",
- "numericValue": 0,
- "numericValueList": [
- 0
], - "stringTest": "equal",
- "stringValue": "string",
- "stringWildcards": true,
- "choiceTest": "equal",
- "choiceValue": "string",
- "firstDateValue": 0,
- "firstDateInclusive": true,
- "lastDateValue": 0,
- "lastDateInclusive": true,
- "nullTest": true,
- "versionTest": "less-than",
- "versionValue": "string",
- "idValue": 0,
- "idValueList": [
- 0
], - "idTest": "less-than"
}
], - "sortByObjectID": true
}
- 200
{- "logInspectionRules": [
- {
- "name": "string",
- "description": "string",
- "minimumAgentVersion": "string",
- "minimumManagerVersion": "string",
- "type": "string",
- "originalIssue": 0,
- "lastUpdated": 0,
- "identifier": "string",
- "template": "basic-rule",
- "ruleID": 0,
- "level": 0,
- "groups": [
- "string"
], - "ruleDescription": "string",
- "pattern": "string",
- "patternType": "string",
- "dependency": "none",
- "dependencyRuleID": 0,
- "dependencyGroup": "string",
- "frequency": 0,
- "timeFrame": 0,
- "ruleXML": "string",
- "logFiles": {
- "logFiles": [
- {
- "location": "string",
- "format": "syslog"
}
]
}, - "alertEnabled": true,
- "alertMinimumSeverity": 0,
- "recommendationsMode": "enabled",
- "sortOrder": 0,
- "canBeAssignedAlone": true,
- "dependsOnRuleIDs": [
- 0
], - "ID": 0
}
]
}
List Log Inspection Rules
Lists all log inspection rules.
LogInspectionRulesApi.listLogInspectionRules([param1, param2, ...])
LogInspectionRulesApi.list_log_inspection_rules([param1, param2, ...])
LogInspectionRulesApi.listLogInspectionRules([param1, param2, ...])
successful operation
Not authorized to view log inspection rules.
- Java
- Python
- JavaScript
import com.trendmicro.deepsecurity.ApiClient; import com.trendmicro.deepsecurity.Configuration; import com.trendmicro.deepsecurity.auth.ApiKeyAuth; import com.trendmicro.deepsecurity.auth.ApiKeyAuth; import com.trendmicro.deepsecurity.ApiException; import com.trendmicro.deepsecurity.api.LogInspectionRulesApi; import com.trendmicro.deepsecurity.model.LogInspectionRules; public class ListLogInspectionRulesExample { public static void main(String[] args) { // Setup ApiClient defaultClient = Configuration.getDefaultApiClient(); defaultClient.setBasePath("YOUR HOST"); // Authentication ApiKeyAuth Legacy API Key = (ApiKeyAuth) defaultClient.getAuthentication("Legacy API Key"); Legacy API Key.setApiKey("YOUR API KEY"); try { defaultClient.trustAllCertificates(false); } catch (Exception e) { System.err.println("An exception occurred when calling ApiClient.trustAllCertificates"); e.printStackTrace(); } ApiKeyAuth Trend Micro Cloud One API Key = (ApiKeyAuth) defaultClient.getAuthentication("Trend Micro Cloud One API Key"); Trend Micro Cloud One API Key.setApiKey("YOUR API KEY"); try { defaultClient.trustAllCertificates(false); } catch (Exception e) { System.err.println("An exception occurred when calling ApiClient.trustAllCertificates"); e.printStackTrace(); } // Initialization // Set Any Required Values LogInspectionRulesApi instance = new LogInspectionRulesApi(); String apiVersion = "YOUR VERSION"; try { // Please replace the parameter values with yours LogInspectionRules result = instance.listLogInspectionRules(apiVersion); System.out.println(result); } catch (ApiException e) { System.err.println("An exception occurred when calling LogInspectionRulesApi.listLogInspectionRules"); e.printStackTrace(); } } }
- 200
{- "logInspectionRules": [
- {
- "name": "string",
- "description": "string",
- "minimumAgentVersion": "string",
- "minimumManagerVersion": "string",
- "type": "string",
- "originalIssue": 0,
- "lastUpdated": 0,
- "identifier": "string",
- "template": "basic-rule",
- "ruleID": 0,
- "level": 0,
- "groups": [
- "string"
], - "ruleDescription": "string",
- "pattern": "string",
- "patternType": "string",
- "dependency": "none",
- "dependencyRuleID": 0,
- "dependencyGroup": "string",
- "frequency": 0,
- "timeFrame": 0,
- "ruleXML": "string",
- "logFiles": {
- "logFiles": [
- {
- "location": "string",
- "format": "syslog"
}
]
}, - "alertEnabled": true,
- "alertMinimumSeverity": 0,
- "recommendationsMode": "enabled",
- "sortOrder": 0,
- "canBeAssignedAlone": true,
- "dependsOnRuleIDs": [
- 0
], - "ID": 0
}
]
}
Create a Log Inspection Rule
Create a new log inspection rule.
LogInspectionRulesApi.createLogInspectionRule([param1, param2, ...])
LogInspectionRulesApi.create_log_inspection_rule([param1, param2, ...])
LogInspectionRulesApi.createLogInspectionRule([param1, param2, ...])
header Parameters
Request Body schema: application/json
The settings of the new log inspection rule.
alertEnabled | boolean Controls whether to raise an alert when a LogInspectionRule logs an event. Use true to raise an alert. Searchable as Boolean. |
alertMinimumSeverity | integer <int32> Severity level that will trigger an alert. Ignored unless |
dependency | string Indicates if a dependant rule or dependency group is set or not. If set, the LogInspectionRule will only log an event if the dependency is triggered. Available for user-defined rules. |
dependencyGroup | string If dependency is configured, the dependancy groups that this rule is dependant on. |
dependencyRuleID | integer <int32> If dependency is configured, the ID of the rule that this rule is dependant on. Ignored if the rule is from Trend Micro, which uses |
description | string Description of the LogInspectionRule that appears in search results, and on the General tab in the Deep Security Manager user interface. Searchable as String. |
frequency | integer <int32> Number of times the dependant rule has to match within a specific time frame before the rule is triggered. |
groups | Array of strings Groups that the LogInspectionRule is assigned to, separated by commas. Useful when dependency is used as it's possible to create a LogInspectionRule that fires when another LogInspectionRule belonging to a specific group fires. |
identifier | string Indentifier of the LogInspectionRule used in the Deep Security Manager user interface. Searchable as String. |
lastUpdated | integer <int64> Update timestamp of the LogInspectionRule, measured in milliseconds since epoch. Searchable as Date. |
level | integer <int32> Log level of the LogInspectionRule indicates severity of attack. Level 0 is the least severe and will not log an event. Level 15 is the most severe. |
object (LogFiles) | |
minimumAgentVersion | string Minimum Deep Security Agent version required by the LogInspectionRule. Searchable as String. |
minimumManagerVersion | string Minimumn Deep Security Manager version required by the LogInspectionRule. Searchable as String. |
name | string Name of the LogInspectionRule. Searchable as String. |
originalIssue | integer <int64> Creation timestamp of the LogInspectionRule, measured in milliseconds since epoch. Searchable as Date. |
pattern | string Regular expression pattern the LogInspectionRule will look for in the logs. The rule will be triggered on a match. Open Source HIDS SEcurity (OSSEC) regular expression syntax is supported, see http://www.ossec.net/docs/syntax/regex.html. |
patternType | string Pattern the LogInspectionRule will look for in the logs. The string matching pattern is faster than the regex pattern. |
recommendationsMode | string Indicates whether recommendation scans consider the LogInspectionRule. Can be set to enabled or ignored. Custom rules cannot be recommended. Searchable as Choice. |
ruleDescription | string Description of the LogInspectionRule that appears on events and the Content tab in the Deep Security Manager user interface. Alternatively, you can configure this by inserting a description in 'ruleXML'. |
ruleID | integer <int32> ID of the LogInspectionRule sent to the Deep Security Agent. The values 100000 - 109999 are reserved for user-definded rules. |
ruleXML | string LogInspectionRule in an XML format. For information on the XML format, see http://ossec-docs.readthedocs.io/en/latest/syntax/head_rules.html |
sortOrder | integer <int32> Order in which LogInspectionRules are sent to the Deep Security Agent. Log inspeciton rules are sent in ascending order. Valid values are between 10000 and 20000. |
template | string Template used to create this rule. |
timeFrame | integer <int32> Time period for the frequency of LogInspectionRule triggers that will generate an event, in seconds. |
type | string Type of the LogInspectionRule. The value 'Defined' is used for LogInspectionRules provided by Trend Micro. Searchable as String. |
successful operation
Not authorized to create log inspection rules.
- Payload
- Java
- Python
- JavaScript
{- "name": "string",
- "description": "string",
- "minimumAgentVersion": "string",
- "minimumManagerVersion": "string",
- "type": "string",
- "originalIssue": 0,
- "lastUpdated": 0,
- "identifier": "string",
- "template": "basic-rule",
- "ruleID": 0,
- "level": 0,
- "groups": [
- "string"
], - "ruleDescription": "string",
- "pattern": "string",
- "patternType": "string",
- "dependency": "none",
- "dependencyRuleID": 0,
- "dependencyGroup": "string",
- "frequency": 0,
- "timeFrame": 0,
- "ruleXML": "string",
- "logFiles": {
- "logFiles": [
- {
- "location": "string",
- "format": "syslog"
}
]
}, - "alertEnabled": true,
- "alertMinimumSeverity": 0,
- "recommendationsMode": "enabled",
- "sortOrder": 0
}
- 200
{- "name": "string",
- "description": "string",
- "minimumAgentVersion": "string",
- "minimumManagerVersion": "string",
- "type": "string",
- "originalIssue": 0,
- "lastUpdated": 0,
- "identifier": "string",
- "template": "basic-rule",
- "ruleID": 0,
- "level": 0,
- "groups": [
- "string"
], - "ruleDescription": "string",
- "pattern": "string",
- "patternType": "string",
- "dependency": "none",
- "dependencyRuleID": 0,
- "dependencyGroup": "string",
- "frequency": 0,
- "timeFrame": 0,
- "ruleXML": "string",
- "logFiles": {
- "logFiles": [
- {
- "location": "string",
- "format": "syslog"
}
]
}, - "alertEnabled": true,
- "alertMinimumSeverity": 0,
- "recommendationsMode": "enabled",
- "sortOrder": 0,
- "canBeAssignedAlone": true,
- "dependsOnRuleIDs": [
- 0
], - "ID": 0
}
Describe a Log Inspection Rule
Describe a log inspection rule by ID.
LogInspectionRulesApi.describeLogInspectionRule([param1, param2, ...])
LogInspectionRulesApi.describe_log_inspection_rule([param1, param2, ...])
LogInspectionRulesApi.describeLogInspectionRule([param1, param2, ...])
successful operation
Not authorized to view log inspection rules.
The log inspection rule does not exist.
- Java
- Python
- JavaScript
import com.trendmicro.deepsecurity.ApiClient; import com.trendmicro.deepsecurity.Configuration; import com.trendmicro.deepsecurity.auth.ApiKeyAuth; import com.trendmicro.deepsecurity.auth.ApiKeyAuth; import com.trendmicro.deepsecurity.ApiException; import com.trendmicro.deepsecurity.api.LogInspectionRulesApi; import com.trendmicro.deepsecurity.model.LogInspectionRule; public class DescribeLogInspectionRuleExample { public static void main(String[] args) { // Setup ApiClient defaultClient = Configuration.getDefaultApiClient(); defaultClient.setBasePath("YOUR HOST"); // Authentication ApiKeyAuth Legacy API Key = (ApiKeyAuth) defaultClient.getAuthentication("Legacy API Key"); Legacy API Key.setApiKey("YOUR API KEY"); try { defaultClient.trustAllCertificates(false); } catch (Exception e) { System.err.println("An exception occurred when calling ApiClient.trustAllCertificates"); e.printStackTrace(); } ApiKeyAuth Trend Micro Cloud One API Key = (ApiKeyAuth) defaultClient.getAuthentication("Trend Micro Cloud One API Key"); Trend Micro Cloud One API Key.setApiKey("YOUR API KEY"); try { defaultClient.trustAllCertificates(false); } catch (Exception e) { System.err.println("An exception occurred when calling ApiClient.trustAllCertificates"); e.printStackTrace(); } // Initialization // Set Any Required Values LogInspectionRulesApi instance = new LogInspectionRulesApi(); Integer logInspectionRuleID = 1; String apiVersion = "YOUR VERSION"; try { // Please replace the parameter values with yours LogInspectionRule result = instance.describeLogInspectionRule(logInspectionRuleID, apiVersion); System.out.println(result); } catch (ApiException e) { System.err.println("An exception occurred when calling LogInspectionRulesApi.describeLogInspectionRule"); e.printStackTrace(); } } }
- 200
{- "name": "string",
- "description": "string",
- "minimumAgentVersion": "string",
- "minimumManagerVersion": "string",
- "type": "string",
- "originalIssue": 0,
- "lastUpdated": 0,
- "identifier": "string",
- "template": "basic-rule",
- "ruleID": 0,
- "level": 0,
- "groups": [
- "string"
], - "ruleDescription": "string",
- "pattern": "string",
- "patternType": "string",
- "dependency": "none",
- "dependencyRuleID": 0,
- "dependencyGroup": "string",
- "frequency": 0,
- "timeFrame": 0,
- "ruleXML": "string",
- "logFiles": {
- "logFiles": [
- {
- "location": "string",
- "format": "syslog"
}
]
}, - "alertEnabled": true,
- "alertMinimumSeverity": 0,
- "recommendationsMode": "enabled",
- "sortOrder": 0,
- "canBeAssignedAlone": true,
- "dependsOnRuleIDs": [
- 0
], - "ID": 0
}
Modify a Log Inspection Rule
Modify a log inspection rule by ID. Any unset elements will be left unchanged.
LogInspectionRulesApi.modifyLogInspectionRule([param1, param2, ...])
LogInspectionRulesApi.modify_log_inspection_rule([param1, param2, ...])
LogInspectionRulesApi.modifyLogInspectionRule([param1, param2, ...])
path Parameters
header Parameters
Request Body schema: application/json
The settings of the log inspection rule to modify.
alertEnabled | boolean Controls whether to raise an alert when a LogInspectionRule logs an event. Use true to raise an alert. Searchable as Boolean. |
alertMinimumSeverity | integer <int32> Severity level that will trigger an alert. Ignored unless |
dependency | string Indicates if a dependant rule or dependency group is set or not. If set, the LogInspectionRule will only log an event if the dependency is triggered. Available for user-defined rules. |
dependencyGroup | string If dependency is configured, the dependancy groups that this rule is dependant on. |
dependencyRuleID | integer <int32> If dependency is configured, the ID of the rule that this rule is dependant on. Ignored if the rule is from Trend Micro, which uses |
description | string Description of the LogInspectionRule that appears in search results, and on the General tab in the Deep Security Manager user interface. Searchable as String. |
frequency | integer <int32> Number of times the dependant rule has to match within a specific time frame before the rule is triggered. |
groups | Array of strings Groups that the LogInspectionRule is assigned to, separated by commas. Useful when dependency is used as it's possible to create a LogInspectionRule that fires when another LogInspectionRule belonging to a specific group fires. |
identifier | string Indentifier of the LogInspectionRule used in the Deep Security Manager user interface. Searchable as String. |
lastUpdated | integer <int64> Update timestamp of the LogInspectionRule, measured in milliseconds since epoch. Searchable as Date. |
level | integer <int32> Log level of the LogInspectionRule indicates severity of attack. Level 0 is the least severe and will not log an event. Level 15 is the most severe. |
object (LogFiles) | |
minimumAgentVersion | string Minimum Deep Security Agent version required by the LogInspectionRule. Searchable as String. |
minimumManagerVersion | string Minimumn Deep Security Manager version required by the LogInspectionRule. Searchable as String. |
name | string Name of the LogInspectionRule. Searchable as String. |
originalIssue | integer <int64> Creation timestamp of the LogInspectionRule, measured in milliseconds since epoch. Searchable as Date. |
pattern | string Regular expression pattern the LogInspectionRule will look for in the logs. The rule will be triggered on a match. Open Source HIDS SEcurity (OSSEC) regular expression syntax is supported, see http://www.ossec.net/docs/syntax/regex.html. |
patternType | string Pattern the LogInspectionRule will look for in the logs. The string matching pattern is faster than the regex pattern. |
recommendationsMode | string Indicates whether recommendation scans consider the LogInspectionRule. Can be set to enabled or ignored. Custom rules cannot be recommended. Searchable as Choice. |
ruleDescription | string Description of the LogInspectionRule that appears on events and the Content tab in the Deep Security Manager user interface. Alternatively, you can configure this by inserting a description in 'ruleXML'. |
ruleID | integer <int32> ID of the LogInspectionRule sent to the Deep Security Agent. The values 100000 - 109999 are reserved for user-definded rules. |
ruleXML | string LogInspectionRule in an XML format. For information on the XML format, see http://ossec-docs.readthedocs.io/en/latest/syntax/head_rules.html |
sortOrder | integer <int32> Order in which LogInspectionRules are sent to the Deep Security Agent. Log inspeciton rules are sent in ascending order. Valid values are between 10000 and 20000. |
template | string Template used to create this rule. |
timeFrame | integer <int32> Time period for the frequency of LogInspectionRule triggers that will generate an event, in seconds. |
type | string Type of the LogInspectionRule. The value 'Defined' is used for LogInspectionRules provided by Trend Micro. Searchable as String. |
successful operation
Not authorized to modify log inspection rules or the requested modification is not permitted.
The log inspection rule does not exist.
- Payload
- Java
- Python
- JavaScript
{- "name": "string",
- "description": "string",
- "minimumAgentVersion": "string",
- "minimumManagerVersion": "string",
- "type": "string",
- "originalIssue": 0,
- "lastUpdated": 0,
- "identifier": "string",
- "template": "basic-rule",
- "ruleID": 0,
- "level": 0,
- "groups": [
- "string"
], - "ruleDescription": "string",
- "pattern": "string",
- "patternType": "string",
- "dependency": "none",
- "dependencyRuleID": 0,
- "dependencyGroup": "string",
- "frequency": 0,
- "timeFrame": 0,
- "ruleXML": "string",
- "logFiles": {
- "logFiles": [
- {
- "location": "string",
- "format": "syslog"
}
]
}, - "alertEnabled": true,
- "alertMinimumSeverity": 0,
- "recommendationsMode": "enabled",
- "sortOrder": 0
}
- 200
{- "name": "string",
- "description": "string",
- "minimumAgentVersion": "string",
- "minimumManagerVersion": "string",
- "type": "string",
- "originalIssue": 0,
- "lastUpdated": 0,
- "identifier": "string",
- "template": "basic-rule",
- "ruleID": 0,
- "level": 0,
- "groups": [
- "string"
], - "ruleDescription": "string",
- "pattern": "string",
- "patternType": "string",
- "dependency": "none",
- "dependencyRuleID": 0,
- "dependencyGroup": "string",
- "frequency": 0,
- "timeFrame": 0,
- "ruleXML": "string",
- "logFiles": {
- "logFiles": [
- {
- "location": "string",
- "format": "syslog"
}
]
}, - "alertEnabled": true,
- "alertMinimumSeverity": 0,
- "recommendationsMode": "enabled",
- "sortOrder": 0,
- "canBeAssignedAlone": true,
- "dependsOnRuleIDs": [
- 0
], - "ID": 0
}
Delete a Log Inspection Rule
Delete a log inspection rule by ID.
LogInspectionRulesApi.deleteLogInspectionRule([param1, param2, ...])
LogInspectionRulesApi.delete_log_inspection_rule([param1, param2, ...])
LogInspectionRulesApi.deleteLogInspectionRule([param1, param2, ...])
Request is successful.
Not authorized to delete log inspection rules.
- Java
- Python
- JavaScript
import com.trendmicro.deepsecurity.ApiClient; import com.trendmicro.deepsecurity.Configuration; import com.trendmicro.deepsecurity.auth.ApiKeyAuth; import com.trendmicro.deepsecurity.auth.ApiKeyAuth; import com.trendmicro.deepsecurity.ApiException; import com.trendmicro.deepsecurity.api.LogInspectionRulesApi; public class DeleteLogInspectionRuleExample { public static void main(String[] args) { // Setup ApiClient defaultClient = Configuration.getDefaultApiClient(); defaultClient.setBasePath("YOUR HOST"); // Authentication ApiKeyAuth Legacy API Key = (ApiKeyAuth) defaultClient.getAuthentication("Legacy API Key"); Legacy API Key.setApiKey("YOUR API KEY"); try { defaultClient.trustAllCertificates(false); } catch (Exception e) { System.err.println("An exception occurred when calling ApiClient.trustAllCertificates"); e.printStackTrace(); } ApiKeyAuth Trend Micro Cloud One API Key = (ApiKeyAuth) defaultClient.getAuthentication("Trend Micro Cloud One API Key"); Trend Micro Cloud One API Key.setApiKey("YOUR API KEY"); try { defaultClient.trustAllCertificates(false); } catch (Exception e) { System.err.println("An exception occurred when calling ApiClient.trustAllCertificates"); e.printStackTrace(); } // Initialization // Set Any Required Values LogInspectionRulesApi instance = new LogInspectionRulesApi(); Integer logInspectionRuleID = 1; String apiVersion = "YOUR VERSION"; try { // Please replace the parameter values with yours instance.deleteLogInspectionRule(logInspectionRuleID, apiVersion); } catch (ApiException e) { System.err.println("An exception occurred when calling LogInspectionRulesApi.deleteLogInspectionRule"); e.printStackTrace(); } } }