Skip to main content

Get Custom Rules

GET 

/api/v32.06/custom-rules

x-prisma-cloud-target-env: {"permission":"policyCustomRules"}

Retrieves a list of all custom rules.

This endpoint maps to the policy table in Defend > Custom rules in the Console UI.

cURL Request

Refer to the following example cURL command that retrieves all rules in the policy.

$ curl -k \
-u <USER> \
-H 'Content-Type: application/json' \
-X GET \
'https://<CONSOLE>/api/v<VERSION>/custom-rules'

A successful response returns a list of custom rules in the policy.

Responses

Schema
  • Array [
  • _id integer

    Rule ID. Must be unique.

    attackTechniques mitre.Technique (string)[]

    Possible values: [exploitationForPrivilegeEscalation,exploitPublicFacingApplication,applicationExploitRCE,networkServiceScanning,endpointDenialOfService,exfiltrationGeneral,systemNetworkConfigurationDiscovery,unsecuredCredentials,credentialDumping,systemInformationDiscovery,systemNetworkConnectionDiscovery,systemUserDiscovery,accountDiscovery,cloudInstanceMetadataAPI,accessKubeletMainAPI,queryKubeletReadonlyAPI,accessKubernetesAPIServer,softwareDeploymentTools,ingressToolTransfer,lateralToolTransfer,commandAndControlGeneral,resourceHijacking,manInTheMiddle,nativeBinaryExecution,foreignBinaryExecution,createAccount,accountManipulation,abuseElevationControlMechanisms,supplyChainCompromise,obfuscatedFiles,hijackExecutionFlow,impairDefences,scheduledTaskJob,exploitationOfRemoteServices,eventTriggeredExecution,accountAccessRemoval,privilegedContainer,writableVolumes,execIntoContainer,softwareDiscovery,createContainer,kubernetesSecrets,fileAndDirectoryDiscovery,masquerading,webShell,compileAfterDelivery]

    List of attack techniques.

    description string

    Description of the rule.

    message string

    Macro that is printed as part of the audit/incident message.

    minVersion string

    Minimum version required to support the rule.

    modified int64

    Datetime when the rule was created or last modified.

    name string

    Name of the rule.

    owner string

    User who created or modified the rule.

    script string

    Custom script.

    type customrules.Type (string)

    Possible values: [processes,filesystem,network-outgoing,kubernetes-audit,waas-request,waas-response]

    Type is the type of the custom rule

    vulnIDs string (string)[]

    VulnIDs is the list of vulnerability IDs

  • ]
Loading...