Skip to main content

Get Custom Rules

x-prisma-cloud-target-env: {"permission":"policyCustomRules","saas":true,"self-hosted":true}
x-public: true

Retrieves a list of all custom rules.

This endpoint maps to the policy table in Defend > Custom rules in the Console UI.

cURL Request

Refer to the following example cURL command that retrieves all rules in the policy.

$ curl -k \
-u <USER> \
-H 'Content-Type: application/json' \
-X GET \
'https://<CONSOLE>/api/v<VERSION>/custom-rules'

A successful response returns a list of custom rules in the policy.

Responses


Schema
  • Array [
  • _id integer

    Rule ID. Must be unique.

  • attackTechniques mitre.Technique[]

    Possible values: [exploitationForPrivilegeEscalation,exploitPublicFacingApplication,applicationExploitRCE,networkServiceScanning,endpointDenialOfService,exfiltrationGeneral,systemNetworkConfigurationDiscovery,unsecuredCredentials,credentialDumping,systemInformationDiscovery,systemNetworkConnectionDiscovery,systemUserDiscovery,accountDiscovery,cloudInstanceMetadataAPI,accessKubeletMainAPI,queryKubeletReadonlyAPI,accessKubernetesAPIServer,softwareDeploymentTools,ingressToolTransfer,lateralToolTransfer,commandAndControlGeneral,resourceHijacking,manInTheMiddle,nativeBinaryExecution,foreignBinaryExecution,createAccount,accountManipulation,abuseElevationControlMechanisms,supplyChainCompromise,obfuscatedFiles,hijackExecutionFlow,impairDefences,scheduledTaskJob,exploitationOfRemoteServices,eventTriggeredExecution,accountAccessRemoval,privilegedContainer,writableVolumes,execIntoContainer,softwareDiscovery,createContainer,kubernetesSecrets,fileAndDirectoryDiscovery,masquerading,webShell,compileAfterDelivery]

    List of attack techniques.

  • description string

    Description of the rule.

  • message string

    Macro that is printed as part of the audit/incident message.

  • minVersion string

    Minimum version required to support the rule.

  • modified int64

    Datetime when the rule was created or last modified.

  • name string

    Name of the rule.

  • owner string

    User who created or modified the rule.

  • script string

    Custom script.

  • type customrules.Type

    Possible values: [processes,filesystem,network-outgoing,kubernetes-audit,waas-request,waas-response]

    Type is the type of the custom rule

  • vulnIDs string[]

    VulnIDs is the list of vulnerability IDs

  • ]
Loading...