Skip to main content

Update Custom Malware Feed

PUT 

/api/v32.07/feeds/custom/malware

x-prisma-cloud-target-env: {"permission":"systemOperations"}

Creates a custom list of malware MD5 signatures of malicious executables.

Note: Any previously installed lists are overwritten.

cURL Request

Refer to the following cURL command that installs a custom list of malware MD5 signatures of malicious executables:

$ curl -k \
-u <USER> \
-H 'Content-Type: application/json' \
-X PUT \
-d '
{
"name": "malware-sigs",
"feed": [
{
"name": "dimaaa",
"md5": "d4ba1008e7d57458fdd65deca2ba801b"
},
{
"name": "emacs",
"md5": "5ce9d1116755f827f5d1e06246dd30b9"
}
]
}' \
"https://<CONSOLE>/api/v<VERSION>/feeds/custom/malware"

Note: No response will be returned upon successful execution.

To confirm the malware list has been added / overwritten to the ban list, invoke the GET /api/vVERSION/feeds/custom/malware endpoint.

Request

Body

    _id string

    ID is the custom feed id.

    digest string

    Digest is an internal digest of the feed.

    feed object[]

    Feed is the list of custom malware signatures.

  • Array [
  • allowed boolean

    Allowed indicates if this signature is on the allowed list.

    md5 string

    .

    modified int64

    Modified is the time the malware was added to the DB.

    name string

    .

  • ]
  • modified date-time

    Modified is the last time the custom feed was modified.

Responses

OK

Loading...